Bump golang.org/x/crypto in /utils/keepassxc-cr-recovery

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.31.0 to 0.35.0.
- [Commits](https://github.com/golang/crypto/compare/v0.31.0...v0.35.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.35.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

.clang-format

@@ -81,7 +81,7 @@ SpacesInContainerLiterals: true
 SpacesInCStyleCastParentheses: false
 SpacesInParentheses: false
 SpacesInSquareBrackets: false
-Standard:        Cpp11
+Standard:        c++17
 TabWidth:        4
 UseTab:          Never
 ...

.github/CONTRIBUTING.md

@@ -38,7 +38,7 @@ We will accept contributions of good code that we can use from anyone.
  - “contributions”: This means just about anything you wish to contribute to the project, as long as it is good code we can use. The easier you make it for us to accept your contribution, the happier we are, but if it’s good enough, we will do a reasonable amount of work to use it.
  - “of good code”: This means that we will accept contributions that work well and efficiently, that fit in with the goals of the project, that match the project’s coding style, and that do not impose an undue maintenance workload on us going forward. This does not mean just program code, either, but documentation and artistic works as appropriate to the project.
  - “that we can use”: This means that your contribution must be given freely and irrevocably, that you must have the right to contribute it for our unrestricted use, and that your contribution is made under a license that is compatible with the license the project has chosen and that permits us to include, distribute, and modify your work without restriction.
- - “from anyone”: This means exactly that. We don’t care about anything but your code. We don’t care about your race, religion, national origin, biological gender, perceived gender, sexual orientation, lifestyle, political viewpoint, or anything extraneous like that. We will neither reject your contribution nor grant it preferential treatment on any basis except the code itself. We do, however, reserve the right to tell you to go away if you behave too obnoxiously toward us.
+ - “from anyone”: This means exactly that. We don’t care about anything but your code. We don’t care about your race, religion, national origin, biological gender, perceived gender, sexual orientation, lifestyle, political viewpoint, or anything extraneous like that. We will neither reject your contribution nor grant it preferential treatment on any basis except the code itself. We do, however, reserve the right to limit your access to our community if you violate our [Code of Conduct](../CODE-OF-CONDUCT.md).
 
 #### If Your Contribution Is Rejected
 

.github/ISSUE_TEMPLATE/bug-report.md

@@ -1,39 +0,0 @@
----
-name: Bug Report
-about: provide information about a problem
-title: 
-labels: bug
-assignees: ''
-
----
-## Overview
-[TIP]:  # ( DO NOT include screenshots of your actual database! )
-[NOTE]: # ( Give a BRIEF summary about your problem )
-
-
-## Steps to Reproduce
-[NOTE]: # ( Provide a simple set of steps to reproduce this bug. )
-1. 
-2. 
-3. 
-
-## Expected Behavior
-[NOTE]: # ( Tell us what you expected to happen )
-
-
-## Actual Behavior
-[NOTE]: # ( Tell us what actually happens )
-
-
-## Context
-[NOTE]: # ( Give us any additional information you may have. )
-
-
-[NOTE]: # ( Paste debug info from Help → About here )
-KeePassXC - VERSION
-Revision: REVISION
-
-[NOTE]: # ( Pick choices based on your environment )
-Operating System: Windows/Linux/macOS
-Desktop Env: Gnome/KDE/XFCE/Mate/Cinnamon
-Windowing System: X11/Wayland

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,83 @@
+name: Bug Report
+description: Provide information about a problem you are experiencing.
+type: Bug
+
+body:
+  - type: checkboxes
+    attributes:
+      label: Have you searched for an existing issue?
+      description: |
+        Use the issue search box to see if one already exists for the bug you encountered.
+        Also take a moment to review our pinned issues.
+      options:
+      - label: Yes, I tried searching and reviewed the pinned issues
+        required: true
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Brief Summary
+      description: |
+        Provide an overview of the problem, include any information that may help us triage this issue.
+        Provide screenshots if possible, but do NOT show sensitive data (use View -> Allow Screen Capture).
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to Reproduce
+      description: Provide a simple set of steps to reproduce this bug.
+      placeholder: |
+        1. 
+        2. 
+        3. 
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected_vs_actual
+    attributes:
+      label: Expected Versus Actual Behavior
+      description: Tell us what you expected to happen and what actually happened.
+
+  - type: textarea
+    id: debug_info
+    attributes:
+      label: KeePassXC Debug Information
+      placeholder: "Paste the output of: Help -> About -> Debug Info"
+      render: Text
+
+  - type: dropdown
+    id: os
+    attributes:
+      label: Operating System
+      description: Select your operating system.
+      options:
+        - Windows
+        - Linux
+        - macOS
+        - Other (BSD, Haiku, etc)
+
+  - type: dropdown
+    id: desktop_env
+    attributes:
+      label: Linux Desktop Environment
+      description: If on Linux, please select your desktop environment.
+      options:
+        - Gnome
+        - KDE
+        - XFCE
+        - Mate / Cinnamon
+        - Sway
+        - i3
+        - Other
+
+  - type: dropdown
+    id: window_system
+    attributes:
+      label: Linux Windowing System
+      description: If on Linux, please select your windowing system.
+      options:
+        - X11
+        - Wayland

.github/ISSUE_TEMPLATE/feature-request.md

@@ -1,19 +0,0 @@
----
-name: Feature Request
-about: tell us about a new feature you want
-title: 
-labels: new feature
-assignees: ''
-
----
-## Summary
-[TIP]:  # ( DO NOT include screenshots of your actual database! )
-[NOTE]: # ( Provide a brief overview of what the new feature is all about )
-
-
-## Examples
-[NOTE]: # ( Show us a picture or mock-up of your proposal )
-
-
-## Context
-[NOTE]: # ( Why does this feature matter to you? What unique circumstances do you have? )

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,34 @@
+name: Feature Request
+description: Tell us about a new feature you want.
+type: Feature
+
+body:
+  - type: checkboxes
+    attributes:
+      label: Have you searched for an existing feature request?
+      description: Use the issue search box to see if one already exists for the feature you want.
+      options:
+      - label: Yes, I tried searching
+        required: true
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Brief Summary
+      description: |
+        Provide an overview of the feature you are interested in adding.
+        Provide screenshots if possible, but do NOT show sensitive data (use View -> Allow Screen Capture).
+    validations:
+      required: true
+
+  - type: textarea
+    id: example
+    attributes:
+      label: Example
+      description: Provide an example of how this feature would be used.
+
+  - type: textarea
+    id: context
+    attributes:
+      label: Context
+      description: Why does this feature matter to you? What unique circumstances do you have?

.github/ISSUE_TEMPLATE/prerelease_bug_report.yml

@@ -0,0 +1,85 @@
+name: Pre-Release Bug Report
+description: Report an issue with pre-release code (e.g. snapshot builds).
+type: Bug
+labels: PRE-RELEASE BUG
+assignees: droidmonkey
+
+body:
+  - type: checkboxes
+    attributes:
+      label: Have you searched for an existing issue?
+      description: |
+        Use the issue search box to see if one already exists for the bug you encountered.
+        Also take a moment to review our pinned issues.
+      options:
+      - label: Yes, I tried searching and reviewed the pinned issues
+        required: true
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Brief Summary
+      description: |
+        Provide an overview of the problem, include any information that may help us triage this issue.
+        Provide screenshots if possible, but do NOT show sensitive data (use View -> Allow Screen Capture).
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to Reproduce
+      description: Provide a simple set of steps to reproduce this bug.
+      placeholder: |
+        1. 
+        2. 
+        3. 
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected_vs_actual
+    attributes:
+      label: Expected Versus Actual Behavior
+      description: Tell us what you expected to happen and what actually happened.
+
+  - type: textarea
+    id: debug_info
+    attributes:
+      label: KeePassXC Debug Information
+      placeholder: "Paste the output of: Help -> About -> Debug Info"
+      render: Text
+
+  - type: dropdown
+    id: os
+    attributes:
+      label: Operating System
+      description: Select your operating system.
+      options:
+        - Windows
+        - Linux
+        - macOS
+        - Other (BSD, Haiku, etc)
+
+  - type: dropdown
+    id: desktop_env
+    attributes:
+      label: Linux Desktop Environment
+      description: If on Linux, please select your desktop environment.
+      options:
+        - Gnome
+        - KDE
+        - XFCE
+        - Mate / Cinnamon
+        - Sway
+        - i3
+        - Other
+
+  - type: dropdown
+    id: window_system
+    attributes:
+      label: Linux Windowing System
+      description: If on Linux, please select your windowing system.
+      options:
+        - X11
+        - Wayland

.github/ISSUE_TEMPLATE/release-preview-bug-report.md

@@ -1,39 +0,0 @@
----
-name: Release Preview Bug report
-about: report a bug with a release preview (e.g., 2.6.0-beta1)
-title: 
-labels: PRE-RELEASE BUG
-assignees: droidmonkey
-
----
-## Overview
-[TIP]:  # ( DO NOT include screenshots of your actual database! )
-[NOTE]: # ( Give a BRIEF summary about your problem )
-
-
-## Steps to Reproduce
-[NOTE]: # ( Provide a simple set of steps to reproduce this bug. )
-1. 
-2. 
-3. 
-
-## Expected Behavior
-[NOTE]: # ( Tell us what you expected to happen )
-
-
-## Actual Behavior
-[NOTE]: # ( Tell us what actually happens )
-
-
-## Context
-[NOTE]: # ( Give us any additional information you may have. )
-
-
-[NOTE]: # ( Paste debug info from Help → About here )
-KeePassXC - VERSION
-Revision: REVISION
-
-[NOTE]: # ( Pick choices based on your environment )
-Operating System: Windows/Linux/macOS
-Desktop Env: Gnome/KDE/XFCE/Mate/Cinnamon
-Windowing System: X11/Wayland

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,15 +1,15 @@
 [NOTE]: # ( Describe your changes in detail, why is this change required? )
 [NOTE]: # ( Explain large or complex code modifications. )
-[NOTE]: # ( If it fixes an open issue, please add "Fixes #XXX" )
+[NOTE]: # ( If it fixes an open issue, please add "Fixes #XXX". )
 
 
 ## Screenshots
-[TIP]:  # ( Do not include screenshots of your actual database! )
-
+[NOTE]: # ( Do not include screenshots of your actual database! )
+[TIP]:  # ( Use View -> Allow Screen Capture )
 
 ## Testing strategy
 [NOTE]: # ( Please describe in detail how you tested your changes. )
-[TIP]:  # ( We expect new code to be covered by unit tests and documented with doc blocks! )
+[TIP]:  # ( We expect new code to be covered by unit tests and include helpful comments. )
 
 
 ## Type of change

.github/workflows/codeql.yml

@@ -0,0 +1,70 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ 'develop', 'release/2.7.x' ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ 'develop' ]
+  schedule:
+    - cron: '5 16 * * 3'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'cpp' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Use only 'java' to analyze code written in Java, Kotlin or both
+        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - if: matrix.language == 'cpp'
+      name: Install dependencies
+      run: |
+        sudo apt update
+        sudo apt install build-essential cmake g++
+        sudo apt install qtbase5-dev qtbase5-private-dev qttools5-dev qttools5-dev-tools libqt5svg5-dev libargon2-dev libkeyutils-dev libminizip-dev libbotan-2-dev libqrencode-dev zlib1g-dev asciidoctor libreadline-dev libpcsclite-dev libusb-1.0-0-dev libxi-dev libxtst-dev  libqt5x11extras5-dev
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        queries: security-and-quality
+
+    - if: matrix.language == 'cpp'
+      name: Build C++
+      run: |
+        mkdir build && cd build
+        cmake -DWITH_XC_ALL=ON -DWITH_TESTS=OFF ..
+        make -j $(nproc)
+
+    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - if: matrix.language != 'cpp'
+      name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

.gitignore

@@ -24,5 +24,10 @@ desktop.ini
 # MSVC Files
 CMakeSettings.json
 CMakePresets.json
+CMakeUserPresets.json
 .vs/
-out/
+out/
+
+# vcpkg
+vcpkg_installed*/
+

.tx/config

@@ -1,17 +1,19 @@
 [main]
-host = https://app.transifex.com
+host = https://www.transifex.com
 
 [o:keepassxc:p:keepassxc:r:share-translations-keepassxc-en-ts--develop]
-file_filter   = share/translations/keepassxc_<lang>.ts
-source_file   = share/translations/keepassxc_en.ts
-type          = QT
-minimum_perc  = 0
-resource_name = keepassxc_en.ts (develop)
+file_filter            = share/translations/keepassxc_<lang>.ts
+source_file            = share/translations/keepassxc_en.ts
+source_lang            = en
+type                   = QT
+replace_edited_strings = false
+keep_translations      = false
 
 [o:keepassxc:p:keepassxc:r:share-translations-keepassxc-en-ts--master]
-file_filter   = share/translations/keepassxc_<lang>.ts
-source_file   = share/translations/keepassxc_en.ts
-type          = QT
-minimum_perc  = 0
-resource_name = keepassxc_en.ts (2.7.x stable)
+file_filter            = share/translations/keepassxc_<lang>.ts
+source_file            = share/translations/keepassxc_en.ts
+source_lang            = en
+type                   = QT
+replace_edited_strings = false
+keep_translations      = false
 

CHANGELOG.md

@@ -1,5 +1,167 @@
 # Changelog
 
+## 2.8.0 (Pending)
+* Placeholder for future release notes
+
+## 2.7.10 (2025-03-02)
+
+### Changes
+* Allow adjusting application font size [#11567]
+* Add Proton Pass importer [#11197]
+* Support KeePass2 TOTP settings [#11229]
+* Add New/Preview Entry Attachments dialog and functionality [#11637, #11699, #11650]
+* Add database name, color, and icon options for unlock view [#10819, #11725]
+* Show entry background color as column [#6798]
+* Use icons for password strength [#9844]
+* Add "Group Full Path" column in entry view [#10278]
+* Passphrase "MIXED case" Type [#11255]
+* Allow deleting extension plugin data from Browser Statistics [#11218]
+* Add --minimized option to keepassxc [#11693]
+* Implement T-CONV and T-REPLACE-RX entry placeholders [#11453]
+* Option to disable opening browser when URL field double-clicked [#11332]
+* Overhaul action states and add icons to toolbar [#11047]
+* Show character count in password generator dialog [#10940]
+* Add ability to expire entries from context menu [#8731]
+* Add copy field shortcuts to Auto-Type select dialog [#11518]
+* Passkeys: Add support for selecting group on creation [#11260]
+* Browser: Refactor Access Control Dialog [#9607]
+* Browser: Add support for URL wildcards and exact URL [#9835, #11752]
+* Browser: Allow groups to restrict by browser integration key [#9852]
+* CLI: Add `-d` dry-run shortcut to merge command [#11192]
+* CLI: HTML export [#11590]
+* macOS: Add option to disable database lock when switching user [#9707]
+* SSH Agent: Implement feature to clear all identities [#10649]
+
+### Fixes
+* Major enhancements to documentation [#11745, #10875]
+* Various UI and style fixes [#11535, #11672, #11511, #11445, #11426, #11273, #11455, #11321, #11594, #11539, #11351, #11354, #10748, #11602, #11303, #11291, #10091, #9417]
+* Various improvements to tags [#11676, #11652, #11625]
+* Reset splitter sizes on database unlock [#11014]
+* Remember sort order in Auto-type popup dialog [#9508]
+* Fix database password clearing when modifying key file / hardware key [#11001]
+* Fix issues with reloading and handling of externally modified db file [#10612]
+* Support passkeys with Bitwarden import [#11401]
+* Fix various quirks with CSV import [#11787]
+* Show Auto-Type select dialog even if window title is empty [#11603]
+* Refactor hardware key code to avoid deadlock [#11703, #10872]
+* Show a clear error if hardware key is found slots are not configured [#11609]
+* Fix signal/slot disconnect when opening import wizard [#11039]
+* Fix setting window title as modified [#11542]
+* Fix assert hit when viewing entry history [#11413]
+* Fix multiple crashes on Linux [#11513]
+* Fix backup file path time substitution [#10834]
+* Prevent long-running threads from deadlocking the program with only 1 CPU [#11155]
+* Hide the menubar when menus lose focus (if toggled off) [#11355, #11605]
+* CLI: Restore the original codepage on windows [#11470]
+* Passkeys: Various fixes [#10934, #10951]
+* Browser: Fix cancel with database unlock dialog [#11435]
+* Browser: Resolve references in Access Confirm dialog [#11055]
+* SSH Agent: Add timeout to streams to prevent deadlock [#11290]
+* macOS: Replace legacy code for screen recording permissions [#11428]
+* macOS: Implement Secure Input Mode [#11623]
+* macOS: Fix showing ambigious name in settings [#11373]
+* macOS: Fix copy-to-clipboard shortcut in entry preview widget [#10966]
+* Linux: Prevent multiple lock requests [#11306]
+* Snap: Prevent need for snap helper script to configure browser extension [#10924]
+* Windows: Detect outdated VC Redist with MSI installer [#11469]
+* Windows: Additional exclusion fields for clipboard [#11521]
+
+## 2.7.9 (2024-06-19)
+
+### Changes
+* Passkeys: Ability to easily remove a passkey from an entry [#10777]
+* Snap: Use new desktop portal for native messaging integration [#10906]
+
+### Fixes
+* Improve entry placeholder/reference feature [#10846]
+* Improve CSV importing when title field isn't specified [#10843]
+* Improve encrypted Bitwarden importing [#10800]
+* Improve database settings UX [#10821]
+* Improve handling of clipboard actions from entry preview [#10810]
+* Improve group/entry view resize behavior and set sensible defaults [#10641]
+* Passkeys: Fix incorrect username fill [#10874]
+* Passkeys: Return additional data to the extension [#10857]
+* Fix password clear timer inconsistency on unlock view [#10708]
+* Fix portability check [#10760]
+* Fix page overflow on HTML exports [#10735]
+* Fix broken builds when using system provided zxcvbn [#10717]
+* Fix copy password button when text is selected [#10853]
+* Fix tab ordering on application settings pages [#10907]
+* SSH Agent: Fix broken decrypt button [#10638]
+* Windows: Fix ALT Auto-Type modifier [#10795]
+* Windows: Fix wrong DACL memory size allocation [#10712]
+* macOS: Fix monospace font sizing [#10739]
+* Flatpak: Fix configuration settings off-by-one error [#10688]
+* BSD: Fix compiling with libusb implementation [#10736]
+
+## 2.7.8 (2024-05-05)
+
+### Changes
+- Add hotkey for showing search help [#10591]
+- Add hotkey for group switching (Ctrl+Shift+PgUp/PgDown) [#10625]
+- Add per-database auto-save delay setting [#9100]
+- Add setting to hide menubar [#10341]
+- Improve Bitwarden 1PUX import and support organization collections [#10499]
+- Show advanced settings checkbox only for settings that have them [#6513]
+- Remove obsolete setting for requiring repeated password entry [#9722]
+- Passkeys: Allow registering Passkeys to existing entries [#10408]
+- Passkeys: Show warning about data being unencrypted before Passkey export [#10411]
+- Passkeys: Support NFC and USB transports [#10402]
+- Passkeys: Pass extension JSON data to browser [#10615]
+- SSH Agent: Do not use entries from recycle bin [#10518]
+- Linux: Change hotkey sequence used for {CLEARFIELD} Auto-Type [#10008]
+- Windows: Improve DACL memory access protection [#10618]
+
+### Fixes
+- Fix crash when deleting history items [#10451]
+- Fix crash on screen lock or computer sleep [#10458]
+- Fix search field not being focused after unlock [#10459]
+- Fix loss of window focus when Auto-Type needs to unlock a database [#10555]
+- Fix inconsistent TOTP visibility on unlock [#10009]
+- Fix CSV import skipping over single-name groups [#10575]
+- Fix key file folder being remembered even if disabled in settings [#10636]
+- Fix issues with entry editing and database locking [#10667]
+- Fix key file text when provided on command line [#10642]
+- Fix issues with hardware key auto detection [#10663]
+- Do not override monospace font size [#10282]
+- Perform group sort only when group view is in focus [#10202]
+- Do not show decimals for attachment sizes in Bytes [#10595]
+- Prevent merging of global custom data when merging databases [#10452]
+- Fix minor translation issues [#10635]
+- Passkeys: Fix StrongBox incompatibility [#10420]
+- Passkeys: Set RP ID to effective domain if unset instead of returning an error [#10384]
+- Passkeys: Various UI fixes and improvements [#10427, #10608, #10609]
+- AppImage: Fix URL opening [#10624]
+- Flatpak: Fix application autostart [#10563]
+- Linux/macOS: Fix button sizes on modal alert popups [#10500]
+- Linux: Fix clipboard clear on Wayland [#10500]
+- Windows: Preserve file-hidden attribute [#10343]
+
+## 2.7.7 (2024-03-09)
+
+### Changes
+- Support USB Hotplug for Hardware Key interface [#10092]
+- Support 1PUX and Bitwarden import [#9815]
+- Browser: Add support for PassKeys [#8825, #9987, #10318]
+- Build System: Move to vcpkg manifest mode [#10088]
+
+### Fixes
+- Fix multiple TOTP issues [#9874]
+- Fix focus loss on save when the editor is not visible anymore [#10075]
+- Fix visual when removing entry from history [#9947]
+- Fix first entry is not selected when a search is performed [#9868]
+- Prevent scrollbars on entry drag/drop [#9747]
+- Prevent duplicate characters in "Also choose from" field of password generator  [#9803]
+- Security: Prevent byte-by-byte and attachment inference side channel attacks [#10266]
+- Browser: Fix raising Update Entry messagebox [#9853]
+- Browser: Fix bugs when returning credentials [#9136]
+- Browser: Fix crash on database open from browser [#9939]
+- Browser: Fix support for referenced URL fields [#8788]
+- MacOS: Fix crash when changing highlight/accent color [#10348]
+- MacOS: Fix TouchID appearing even though lid is closed [#10092]
+- Windows: Fix terminating KeePassXC processes with MSI installer [#9822]
+- FdoSecrets: Fix database merge crash when enabled [#10136]
+
 ## 2.7.6 (2023-08-15)
 
 ### Changes
@@ -79,7 +241,7 @@
 - Browser: Revert code causing connection problems [#8665]
 - Browser: Fix socket file symbolic link on Linux [#8656]
 - Flatpak: Fix launching browser proxy service [#8680]
-- SSH Agent: Fix paegent support on Windows [#8619]
+- SSH Agent: Fix pageant support on Windows [#8619]
 
 ## 2.7.3 (2022-10-23)
 
@@ -962,7 +1124,7 @@
 - Compare window title to entry URLs #556
 - Implemented inline error messages #162
 - Ignore group expansion and other minor changes when making database "dirty" #464
-- Updated license and copyright information on souce files #632
+- Updated license and copyright information on source files #632
 - Added contributors list to about dialog #629
 
 ## 2.1.4 (2017-04-09)

CMakeLists.txt

@@ -14,7 +14,7 @@
 #  You should have received a copy of the GNU General Public License
 #  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-cmake_minimum_required(VERSION 3.3.0)
+cmake_minimum_required(VERSION 3.10.0)
 
 project(KeePassXC)
 set(APP_ID "org.keepassxc.${PROJECT_NAME}")
@@ -53,6 +53,7 @@ set(WITH_XC_ALL OFF CACHE BOOL "Build in all available plugins")
 option(WITH_XC_AUTOTYPE "Include Auto-Type." ON)
 option(WITH_XC_NETWORKING "Include networking code (e.g. for downloading website icons)." OFF)
 option(WITH_XC_BROWSER "Include browser integration with keepassxc-browser." OFF)
+option(WITH_XC_BROWSER_PASSKEYS "Passkeys support for browser integration." OFF)
 option(WITH_XC_YUBIKEY "Include YubiKey support." OFF)
 option(WITH_XC_SSHAGENT "Include SSH agent support." OFF)
 option(WITH_XC_KEESHARE "Sharing integration with KeeShare" OFF)
@@ -98,6 +99,7 @@ if(WITH_XC_ALL)
     set(WITH_XC_AUTOTYPE ON)
     set(WITH_XC_NETWORKING ON)
     set(WITH_XC_BROWSER ON)
+    set(WITH_XC_BROWSER_PASSKEYS ON)
     set(WITH_XC_YUBIKEY ON)
     set(WITH_XC_SSHAGENT ON)
     set(WITH_XC_KEESHARE ON)
@@ -118,8 +120,8 @@ if(UNIX AND NOT APPLE AND NOT WITH_XC_X11)
 endif()
 
 set(KEEPASSXC_VERSION_MAJOR "2")
-set(KEEPASSXC_VERSION_MINOR "7")
-set(KEEPASSXC_VERSION_PATCH "6")
+set(KEEPASSXC_VERSION_MINOR "8")
+set(KEEPASSXC_VERSION_PATCH "0")
 set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION_MAJOR}.${KEEPASSXC_VERSION_MINOR}.${KEEPASSXC_VERSION_PATCH}")
 set(OVERRIDE_VERSION "" CACHE STRING "Override the KeePassXC Version for Snapshot builds")
 
@@ -308,7 +310,7 @@ if(CMAKE_BUILD_TYPE_LOWER STREQUAL "debug")
     check_add_gcc_compiler_flag("-Wshadow-compatible-local")
     check_add_gcc_compiler_flag("-Wshadow-local")
     add_gcc_compiler_flags("-Werror")
-    # This is needed since compiling aginst Botan3 requires compiling against C++20
+    # This is needed since compiling against Botan3 requires compiling against C++20
     if(WITH_XC_BOTAN3)
         add_gcc_compiler_cxxflags("-Wno-error=deprecated-enum-enum-conversion -Wno-error=deprecated")
     endif()
@@ -393,7 +395,7 @@ if (MSVC)
     if(MSVC_TOOLSET_VERSION LESS 141)
         message(FATAL_ERROR "Only Microsoft Visual Studio 17 and newer are supported!")
     endif()
-    add_compile_options(/permissive- /utf-8)
+    add_compile_options(/permissive- /utf-8 /MP)
     if(IS_DEBUG_BUILD)
         add_compile_options(/Zf)
         if(MSVC_TOOLSET_VERSION GREATER 141)
@@ -465,7 +467,7 @@ if(WITH_COVERAGE)
     append_coverage_compiler_flags()
 
     set(COVERAGE_EXCLUDES
-            "'^(.+/)?(thirdparty|zxcvbn)/.*'"
+            "'^(.+/)?thirdparty/.*'"
             "'^(.+/)?main\\.cpp$$'"
             "'^(.+/)?cli/keepassxc-cli\\.cpp$$'"
             "'^(.+/)?proxy/keepassxc-proxy\\.cpp$$'")
@@ -510,8 +512,8 @@ else()
     find_package(Qt5 COMPONENTS ${QT_COMPONENTS} REQUIRED)
 endif()
 
-if(Qt5Core_VERSION VERSION_LESS "5.2.0")
-    message(FATAL_ERROR "Qt version 5.2.0 or higher is required")
+if(Qt5Core_VERSION VERSION_LESS "5.12.0")
+    message(FATAL_ERROR "Qt version 5.12.0 or higher is required")
 endif()
 
 get_filename_component(Qt5_PREFIX ${Qt5_DIR}/../../.. REALPATH)
@@ -559,9 +561,18 @@ if(ZLIB_VERSION_STRING VERSION_LESS "1.2.0")
 endif()
 include_directories(SYSTEM ${ZLIB_INCLUDE_DIR})
 
+# Find Minizip
+find_package(Minizip REQUIRED)
+
 if(WITH_XC_YUBIKEY)
     find_package(PCSC REQUIRED)
     include_directories(SYSTEM ${PCSC_INCLUDE_DIRS})
+
+    if(UNIX AND NOT APPLE)
+        find_library(LIBUSB_LIBRARIES NAMES usb-1.0 REQUIRED)
+        find_path(LIBUSB_INCLUDE_DIR NAMES libusb.h PATH_SUFFIXES "libusb-1.0" "libusb" REQUIRED)
+        include_directories(SYSTEM ${LIBUSB_INCLUDE_DIR})
+    endif()
 endif()
 
 if(UNIX)
@@ -596,6 +607,12 @@ endif()
 
 include_directories(SYSTEM ${ZLIB_INCLUDE_DIR})
 
+find_library(ZXCVBN_LIBRARIES zxcvbn)
+if(NOT ZXCVBN_LIBRARIES)
+    add_subdirectory(src/thirdparty/zxcvbn)
+    set(ZXCVBN_LIBRARIES zxcvbn)
+endif(NOT ZXCVBN_LIBRARIES)
+
 add_subdirectory(src)
 add_subdirectory(share)
 if(WITH_TESTS)

COPYING

@@ -1,5 +1,5 @@
 KeePassXC - http://www.keepassxc.org/
-Copyright (C) 2016-2020 KeePassXC Team <team@keepassxc.org>
+Copyright (C) 2016-2023 KeePassXC Team <team@keepassxc.org>
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -137,22 +137,27 @@ Files: share/icons/badges/2_Expired.svg
        share/icons/database/C46_Help.svg
        share/icons/database/C53_Apply.svg
        share/icons/database/C61_Services.svg
+       share/icons/application/scalable/actions/proton.svg
 Copyright: 2022 KeePassXC Team <team@keepassxc.org>
 License: MIT
 
 Files: share/icons/application/scalable/actions/application-exit.svg
+       share/icons/application/scalable/actions/arrow-collapse-down.svg
        share/icons/application/scalable/actions/attributes-copy.svg
        share/icons/application/scalable/actions/auto-type.svg
+       share/icons/application/scalable/actions/bitwarden.svg
        share/icons/application/scalable/actions/bugreport.svg
        share/icons/application/scalable/actions/chevron-double-down.svg
        share/icons/application/scalable/actions/chevron-double-right.svg
        share/icons/application/scalable/actions/clipboard-text.svg
        share/icons/application/scalable/actions/configure.svg
+       share/icons/application/scalable/actions/csv.svg
        share/icons/application/scalable/actions/database-change-key.svg
        share/icons/application/scalable/actions/database-lock.svg
        share/icons/application/scalable/actions/database-lock-all.svg
        share/icons/application/scalable/actions/database-merge.svg
        share/icons/application/scalable/actions/database-search.svg
+       share/icons/application/scalable/actions/database-settings.svg
        share/icons/application/scalable/actions/dialog-close.svg
        share/icons/application/scalable/actions/dialog-ok.svg
        share/icons/application/scalable/actions/document-close.svg
@@ -173,6 +178,7 @@ Files: share/icons/application/scalable/actions/application-exit.svg
        share/icons/application/scalable/actions/entry-delete.svg
        share/icons/application/scalable/actions/entry-restore.svg
        share/icons/application/scalable/actions/entry-edit.svg
+       share/icons/application/scalable/actions/entry-expire.svg
        share/icons/application/scalable/actions/entry-new.svg
        share/icons/application/scalable/actions/favicon-download.svg
        share/icons/application/scalable/actions/fingerprint.svg
@@ -192,13 +198,16 @@ Files: share/icons/application/scalable/actions/application-exit.svg
        share/icons/application/scalable/actions/move-up.svg
        share/icons/application/scalable/actions/object-locked.svg
        share/icons/application/scalable/actions/object-unlocked.svg
+       share/icons/application/scalable/actions/onepassword.svg
        share/icons/application/scalable/actions/paperclip.svg
        share/icons/application/scalable/actions/password-copy.svg
+       share/icons/application/scalable/actions/passkey.svg
        share/icons/application/scalable/actions/password-generator.svg
        share/icons/application/scalable/actions/password-show-off.svg
        share/icons/application/scalable/actions/password-show-on.svg
        share/icons/application/scalable/actions/qrcode.svg
        share/icons/application/scalable/actions/refresh.svg
+       share/icons/application/scalable/actions/remote-sync.svg
        share/icons/application/scalable/actions/reports.svg
        share/icons/application/scalable/actions/reports-exclude.svg
        share/icons/application/scalable/actions/sort-alphabetical-ascending.svg
@@ -220,6 +229,7 @@ Files: share/icons/application/scalable/actions/application-exit.svg
        share/icons/application/scalable/actions/username-copy.svg
        share/icons/application/scalable/actions/view-history.svg
        share/icons/application/scalable/actions/web.svg
+       share/icons/application/scalable/actions/yubikey-refresh.svg
        share/icons/application/scalable/apps/internet-web-browser.svg
        share/icons/application/scalable/apps/keepassxc.svg
        share/icons/application/scalable/apps/keepassxc-dark.svg
@@ -234,9 +244,12 @@ Files: share/icons/application/scalable/actions/application-exit.svg
        share/icons/application/scalable/status/dialog-information.svg
        share/icons/application/scalable/status/dialog-warning.svg
        share/icons/application/scalable/status/security-high.svg
-Copyright: 2019 Austin Andrews <http://templarian.com/>
-License: SIL OPEN FONT LICENSE Version 1.1
-Comment: Taken from Material Design icon set (https://github.com/templarian/MaterialDesign/)
+       share/icons/application/scalable/actions/lock-open-alert.svg
+       share/icons/application/scalable/actions/lock-open.svg
+       share/icons/application/scalable/actions/lock.svg
+Copyright: 2023 Pictogrammers <https://pictogrammers.com/docs/general/about/>
+License: Apache-2.0
+Comment: Some icons are modified to fit KeePassXC design (https://pictogrammers.com/library/mdi/)
 
 Files: src/streams/qtiocompressor.*
        src/streams/QtIOCompressor
@@ -244,7 +257,7 @@ Files: src/streams/qtiocompressor.*
 Copyright: 2009-2012, Nokia Corporation and/or its subsidiary(-ies)
 License: LGPL-2.1 or GPL-3
 
-Files: src/zxcvbn/zxcvbn.*
+Files: src/thirdparty/zxcvbn/zxcvbn.*
 Copyright: 2015-2017, Tony Evans
 License: MIT
 

INSTALL.md

@@ -6,34 +6,21 @@ For more information, see also the [_Building KeePassXC_](https://github.com/kee
 
 The [QuickStart Guide](https://keepassxc.org/docs/KeePassXC_GettingStarted.html) gets you started using KeePassXC on your Windows, macOS, or Linux computer using pre-compiled binaries from the [downloads page](https://keepassxc.org/download).
 
-Build Dependencies
-==================
-
-The following tools must exist within your PATH:
-
-* make
-* cmake (>= 3.3.0)
-* g++ (>= 4.7) or clang++ (>= 6.0)
-* asciidoctor (>= 2.0)
-
-The following libraries are required:
-
-* Qt 5 (>= 5.9.5): qtbase5, qtbase5-private, libqt5svg5, qttools5, qt5-image-formats-plugins
-* botan (>= 2.12)
-* libargon2
-* zlib
-* minizip
-* readline (for completion in cli)
-* qtx11extras, libxi, and libxtst (for auto-type on X11)
-* qrencode
-* libusb-1.0, pcsc-lite (for Yubikey support on Linux)
-
-Prepare the Building Environment
+Toolchain and Build Dependencies
 ================================
 
-* [Building Environment on Linux](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Linux)
-* [Building Environment on Windows](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Windows)
-* [Building Environment on MacOS](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-macOS)
+The following build tools must exist within your PATH:
+
+* cmake (>= 3.10.0)
+* make (>= 4.2) or ninja (>= 1.10)
+* g++ (>= 4.9) or clang++ (>= 6.0)
+* asciidoctor (>= 2.0)
+
+* Besides a working C++ toolchain, KeePassXC also has a number of direct build and runtime dependencies. For detailed information about how to install them, please refer to the GitHub wiki:
+
+* [Set up Build Environment on Linux](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Linux)
+* [Set up Build Environment on Windows](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Windows)
+* [Set up Build Environment on macOS](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-macOS)
 
 Build Steps
 ===========
@@ -63,7 +50,7 @@ To compile from source, open a **Terminal (Linux/MacOS)**, the **MSVC Tools Comm
    git checkout latest
    ```
 
-2. Navigate to the directory where you have downloaded KeePassXC and type these commands:
+2. Navigate to the directory where you have downloaded KeePassXC and run:
 
    ```
    mkdir build
@@ -71,40 +58,37 @@ To compile from source, open a **Terminal (Linux/MacOS)**, the **MSVC Tools Comm
    cmake -DWITH_XC_ALL=ON ..
    make
    ```
+      
+If you have `vcpkg` installed, add `-DCMAKE_TOOLCHAIN_FILE=${VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake` to the `cmake` command to automatically download and install all required build and runtime dependencies locally to your build directory before compiling KeePassXC. Using `vcpkg` is the preferred way to install dependencies on macOS and required on Windows if using the MSVC toolchain.
 
-Note: These steps place the compiled KeePassXC binary inside the `./build/src/` directory.
+For more detailed build instructions for each platform, please refer to the [GitHub wiki](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC).
+
+Note: These steps place the compiled KeePassXC binary inside the `./build/src/` directory (`src/KeePassXC.app/Contents/MacOS` on macOS).
 
 ## MacOS Build Notes
 
-If you installed Qt5 via Homebrew, you should be able to compile KeePassXC without any changes. If CMake fails to find your Qt installation, you can specify it manually by adding the following parameter:
+If you installed Qt@5 via Homebrew and CMake fails to find your Qt installation, you can specify it manually by adding the following parameter:
 
-`-DCMAKE_PREFIX_PATH=$(brew --prefix qt5)/lib/cmake`
-
-(or whatever your Qt installation path is)
+`-DCMAKE_PREFIX_PATH=$(brew --prefix qt@5)/lib/cmake`
 
 When building with ASAN support on macOS, you need to use `export ASAN_OPTIONS=detect_leaks=0` before running the tests (LSAN is no supported on macOS).
 
 ## Windows Build Notes
 
-For detailed build steps see the [Windows Build Instructions](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC#windows).
-
-If you are using MSVC, you may have to specify your Vcpkg toolchain by adding the following CMake parameter: `-DCMAKE_TOOLCHAIN_FILE=C:\vcpkg\scripts\buildsystems\vcpkg.cmake`
-
 If you are using MSYS2, you have to add ```-G "MSYS Makefiles"``` at the beginning of the cmake command.
 
 CMake Configuration Options
 ==========================
 
-## Common Parameters
+## Recommended CMake Build Parameters
 
 ```
--DCMAKE_INSTALL_PREFIX=$(brew --prefix)
 -DCMAKE_VERBOSE_MAKEFILE=ON
 -DCMAKE_BUILD_TYPE=<RelWithDebInfo/Debug/Release>
 -DWITH_GUI_TESTS=ON
 ```
 
-## KeePassXC Parameters
+## Additional CMake Parameters
 
 KeePassXC comes with a variety of build options that can turn on/off features. Most notably, we allow you to build the application with all TCP/IP networking code disabled. Please note that we still require and link against Qt5's network library in order to use local named pipes on all operating systems. Each of these build options are supplied at the time of calling cmake:
 
@@ -112,6 +96,7 @@ KeePassXC comes with a variety of build options that can turn on/off features. M
 -DWITH_XC_AUTOTYPE=[ON|OFF] Enable/Disable Auto-Type (default: ON)
 -DWITH_XC_YUBIKEY=[ON|OFF] Enable/Disable YubiKey HMAC-SHA1 authentication support (default: OFF)
 -DWITH_XC_BROWSER=[ON|OFF] Enable/Disable KeePassXC-Browser extension support (default: OFF)
+-DWITH_XC_BROWSER_PASSKEYS=[ON|OFF] Enable/Disable Passkeys support for browser integration (default: OFF)
 -DWITH_XC_NETWORKING=[ON|OFF] Enable/Disable Networking support (e.g., favicon downloading) (default: OFF)
 -DWITH_XC_SSHAGENT=[ON|OFF] Enable/Disable SSHAgent support (default: OFF)
 -DWITH_XC_FDOSECRETS=[ON|OFF] (Linux Only) Enable/Disable Freedesktop.org Secrets Service support (default:OFF)

README.md

@@ -1,4 +1,5 @@
-# <img src="https://keepassxc.org/images/keepassxc-logo.svg" width="40" height="40"/> KeePassXC
+# <img src="https://keepassxc.org/assets/img/keepassxc.svg" width="40" height="40"/> KeePassXC
+[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/6326/badge)](https://bestpractices.coreinfrastructure.org/projects/6326)
 [![TeamCity Build Status](https://ci.keepassxc.org/app/rest/builds/buildType:\(project:KeepassXC\)/statusIcon)](https://ci.keepassxc.org/?guest=1)
 [![codecov](https://codecov.io/gh/keepassxreboot/keepassxc/branch/develop/graph/badge.svg)](https://codecov.io/gh/keepassxreboot/keepassxc)
 [![GitHub release](https://img.shields.io/github/release/keepassxreboot/keepassxc)](https://github.com/keepassxreboot/keepassxc/releases/)
@@ -21,12 +22,13 @@ KeePassXC has numerous features for novice and power users alike. Our goal is to
 * Password generator
 * Auto-Type passwords into applications
 * Browser integration with Google Chrome, Mozilla Firefox, Microsoft Edge, Chromium, Vivaldi, Brave, and Tor-Browser
+* Support for passkeys using the browser integration
 * Entry icon download
-* Import databases from CSV, 1Password, and KeePass1 formats
+* Import databases from CSV, 1Password, Bitwarden, Proton Pass, and KeePass1 formats
 
 ### Advanced
 * Database reports (password health, HIBP, and statistics)
-* Database export to CSV and HTML formats
+* Database export to CSV, XML, and HTML formats
 * TOTP storage and generation
 * Field references between entries
 * File attachments and custom attributes

SECURITY.md

@@ -0,0 +1,46 @@
+### Reporting Security Issues
+
+The KeePassXC team takes security vulnerabilities very seriously and appreciates your responsible disclosure efforts. We will make every effort to acknowledge your contributions and handle them promptly.
+
+To report a security issue, please use one of the following methods:
+
+- **GitHub Security Advisory:** Use the ["Report a Vulnerability"](https://github.com/keepassxreboot/keepassxc/security/advisories/new) tab on our GitHub repository.
+- **Private Matrix Message:** Contact any of the following KeePassXC team members privately (also encrypted):
+  - [@droidmonkey_kpxc](https://matrix.to/#/@droidmonkey_kpxc:matrix.org)
+  - [@varjolintu](https://matrix.to/#/@varjolintu:matrix.org)
+  - [@phoerious](https://matrix.to/#/@phoerious:matrix.org)
+- **Send an Email:** Send your report to team@keepassxc.org. We recommend encrypting the email if possible.
+
+Please **DO NOT** use public channels (e.g., GitHub issues, Matrix chat channels) for initial reporting of bona fide security vulnerabilities.
+
+Once you report a security issue, our team will respond with the next steps. After our initial reply, we will keep you informed of the progress towards a fix and full announcement. We may ask for additional information or guidance during this process. If we disagree that your report constitutes a genuine security vulnerability, we will inform you and close the report. Your report may be turned into an issue for further tracking.
+
+If you discover vulnerabilities in third-party modules used by KeePassXC, please report them to the maintainers of the respective modules. If the vulnerability impacts KeePassXC directly, we encourage you to notify us using the above methods. We will validate if the vulnerability is exploitable from KeePassXC code; please note that not all vulnerabilities are actually exploitable and do not constitute an immediate concern for the KeePassXC application.
+
+### Example Security Vulnerabilities
+
+When reporting, please ensure the issue falls under what can be considered a genuine security vulnerability for KeePassXC. Some examples include:
+
+- Unauthorized access to sensitive user data (e.g., passwords).
+- Remote code execution or escalation of privileges.
+- Bypassing authentication or encryption mechanisms.
+- Broken or improperly implemented encryption methods. 
+
+### Counter Examples
+
+The following issues are **not** considered security vulnerabilities:
+
+- Bugs caused by locally modifying the application (e.g., injecting DLLs, altering code).
+- Crashes or misbehavior resulting from normal use (report this as a normal issue).
+- Vulnerabilities found in third-party modules (should be reported to the module’s maintainers).
+  
+### CVE Reporting Policy
+
+Please **DO NOT** submit a report to a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA) before confirming the security vulnerability with the KeePassXC team. If we do not respond to your report within 30 days, this restriction no longer applies.
+
+
+### Other Communication
+
+For other inquiries (e.g., developer questions, user questions), please use the public channels on Matrix:
+- **User's Channel:** [#keepassxc:mozilla.org](https://matrix.to/#/#keepassxc:mozilla.org)
+- **Developer's Channel:** [#keepassxc-dev:mozilla.org](https://matrix.to/#/#keepassxc-dev:mozilla.org)

cmake/CLangFormat.cmake

@@ -16,9 +16,8 @@
 set(EXCLUDED_DIRS
         # third-party directories
         src/thirdparty
-        src/zxcvbn
         # objective-c directories
-        src/touchid
+        src/quickunlock/touchid
         src/autotype/mac
         src/gui/osutils/macutils)
 

cmake/FindBotan.cmake

@@ -13,7 +13,7 @@ include(FindPackageHandleStandardArgs)
 
 set(BOTAN_VERSIONS botan-3 botan-2)
 set(BOTAN_NAMES botan-3 botan-2 botan)
-set(BOTAN_NAMES_DEBUG botand-3 botand-2 botand botan)
+set(BOTAN_NAMES_DEBUG botand-3 botand-2 botand botan botan-3)
 
 find_path(
     BOTAN_INCLUDE_DIR

cmake/FindPCSC.cmake

@@ -21,16 +21,38 @@ endif()
 
 if(NOT PCSC_FOUND)
    # Search for PC/SC headers on Mac and Windows
+
+   # Additional search paths for Windows if not running in Visual Studio environment
+   if (WIN32) 
+      # Resolve the ambiguity of using two names for one architechture
+      if(CMAKE_SYSTEM_PROCESSOR STREQUAL "AMD64" OR CMAKE_SYSTEM_PROCESSOR STREQUAL "x64")
+         set(ARCH_DIR "x64")
+      else()
+         set(ARCH_DIR "${CMAKE_SYSTEM_PROCESSOR}")
+      endif()
+
+      # Locate Windows SDK Paths
+      if (CMAKE_WINDOWS_KITS_10_DIR)
+         set(WINSDKROOTC_INCLUDE "${CMAKE_WINDOWS_KITS_10_DIR}/Include/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um")
+         set(WINSDKROOTC_LIB     "${CMAKE_WINDOWS_KITS_10_DIR}/LIB/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um/${ARCH_DIR}")
+      else()
+         set(WINSDKROOTC_INCLUDE "$ENV{ProgramFiles\(x86\)}/Windows Kits/10/Include/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um")
+         set(WINSDKROOTC_LIB     "$ENV{ProgramFiles\(x86\)}/Windows Kits/10/LIB/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um/${ARCH_DIR}")
+      endif()
+   endif()
+
    find_path(PCSC_INCLUDE_DIRS winscard.h
       HINTS
-      ${CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES}
-      /usr/include/PCSC
+         ${CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES}
+         /usr/include/PCSC
+         ${WINSDKROOTC_INCLUDE}
       PATH_SUFFIXES PCSC)
 
    # MAC library is PCSC, Windows library is WinSCard
    find_library(PCSC_LIBRARIES NAMES pcsclite libpcsclite WinSCard PCSC
       HINTS   
-      ${CMAKE_C_IMPLICIT_LINK_DIRECTORIES})
+         ${CMAKE_C_IMPLICIT_LINK_DIRECTORIES}
+         ${WINSDKROOTC_LIB})
 endif()
 
 include(FindPackageHandleStandardArgs)

cmake/FindQREncode.cmake

@@ -15,12 +15,12 @@
 
 find_path(QRENCODE_INCLUDE_DIR NAMES qrencode.h)
 
-if (VCPKG_INSTALLED_DIR)
-    find_library(QRENCODE_LIBRARY_RELEASE qrencode)
-    find_library(QRENCODE_LIBRARY_DEBUG qrencoded)
-    set(QRENCODE_LIBRARY optimized ${QRENCODE_LIBRARY_RELEASE} debug ${QRENCODE_LIBRARY_DEBUG})
+if(WIN32 AND MSVC)
+	find_library(QRENCODE_LIBRARY_RELEASE qrencode)
+	find_library(QRENCODE_LIBRARY_DEBUG qrencoded)
+	set(QRENCODE_LIBRARY optimized ${QRENCODE_LIBRARY_RELEASE} debug ${QRENCODE_LIBRARY_DEBUG})
 else()
-    find_library(QRENCODE_LIBRARY qrencode)
+	find_library(QRENCODE_LIBRARY qrencode)
 endif()
 
 mark_as_advanced(QRENCODE_LIBRARY QRENCODE_INCLUDE_DIR)

cmake/KPXCMacDeployHelpers.cmake

@@ -1,5 +1,5 @@
 # Running macdeployqt on a POST_BUILD copied binaries is pointless when using CPack because
-# the copied binaries will be overriden by the corresponding install(TARGETS) commands.
+# the copied binaries will be overridden by the corresponding install(TARGETS) commands.
 # That's why we run macdeployqt using install(CODE) on the already installed binaries.
 # The precondition is that all install(TARGETS) calls have to be called before this function is
 # called.

codecov.yaml

@@ -1,8 +1,27 @@
+codecov:
+  require_ci_to_pass: false
 coverage:
   range: 60..80
   round: nearest
   precision: 2
+  status:
+    project:
+      default:
+        target: auto
+        threshold: 0.5%
+        paths:
+          - "src"
+    patch:
+      default:
+        target: 50%
+        threshold: 0%
+        informational: true
+        paths:
+          - "src"
 fixes:
   - "*/src/::"
+ignore:
+  - "src/gui/styles/**"
+  - "src/thirdparty/**"
 comment:
   require_changes: true

docs/GettingStarted.adoc

@@ -26,8 +26,8 @@ include::topics/DownloadInstall.adoc[tags=*;!advanced]
 
 include::topics/UserInterface.adoc[tags=*;!advanced]
 
-include::topics/PasswordGenerator.adoc[tags=*;!advanced]
-
 include::topics/DatabaseOperations.adoc[tags=*;!advanced]
 
-include::topics/BrowserPlugin.adoc[tags=*;!advanced]
+include::topics/PasswordGenerator.adoc[tags=*;!advanced]
+
+include::topics/BrowserIntegration.adoc[tags=*;!advanced]

docs/UserGuide.adoc

@@ -6,6 +6,7 @@ KeePassXC Team <team@keepassxc.org>
 :imagesdir: images
 :stylesheet: styles/dark.css
 :toc: left
+:sectanchors:
 ifdef::backend-pdf[]
 :title-page:
 :title-logo-image: {imagesdir}/kpxc_logo.png
@@ -23,16 +24,18 @@ include::topics/UserInterface.adoc[tags=*]
 
 include::topics/DatabaseOperations.adoc[tags=*]
 
-include::topics/ImportExport.adoc[tags=*]
-
 include::topics/PasswordGenerator.adoc[tags=*]
 
-include::topics/BrowserPlugin.adoc[tags=*]
-
-include::topics/AutoType.adoc[tags=*]
+include::topics/ImportExport.adoc[tags=*]
 
 include::topics/KeeShare.adoc[tags=*]
 
+include::topics/BrowserIntegration.adoc[tags=*]
+
+include::topics/Passkeys.adoc[tags=*]
+
+include::topics/AutoType.adoc[tags=*]
+
 include::topics/SSHAgent.adoc[tags=*]
 
 include::topics/Reference.adoc[tags=*]

docs/man/keepassxc.1.adoc

@@ -28,26 +28,38 @@ keepassxc - a modern open-source password manager
 *keepassxc* [_options_] [_filename(s)_]
 
 == DESCRIPTION
-*KeePassXC* is a free/open-source password manager or safe which helps you to manage your passwords in a secure way.
-The complete database is always encrypted with the industry-standard AES (alias Rijndael) encryption algorithm using a 256 bit key.
+*KeePassXC* is a free/open-source password manager or safe which helps you to manage your passwords securely.
+The complete database is always encrypted with the industry-standard AES (also known as Rijndael) encryption algorithm using a 256-bit key.
 KeePassXC uses a database format that is compatible with KeePass Password Safe.
-Your wallet works offline and requires no Internet connection.
+Your database works offline and requires no internet connection.
 
 == OPTIONS
 *-h*, *--help*::
   Displays this help.
 
+*--help-all*::
+  Displays help including Qt specific options.
+
 *-v*, *--version*::
   Displays version information.
 
 *--config* <__config__>::
   Path to a custom config file.
 
+*--localconfig* <__localconfig__>::
+  Path to a custom local config file.
+
+*--lock*::
+  Locks all open databases.
+
 *--keyfile* <__keyfile__>::
   Key file of the database.
 
 *--pw-stdin*::
-  Read password of the database from stdin.
+  Reads password of the database from stdin.
+
+*--minimized*::
+  Starts KeePassXC minimized to the system tray.
 
 *--debug-info*::
   Displays debugging information.

docs/styles/dark.css

@@ -180,7 +180,7 @@ body.toc2.toc-right{padding-left:0;padding-right:20em}}
 .sect1{padding-bottom:1.25em}}
 .sect1:last-child{padding-bottom:0}
 .sect1+.sect1{border-top:1px solid #efefed}
-#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:1.5ex;margin-left:-1.5ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400}
+#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:2.0ex;margin-left:-1.8ex;margin-top:0.08ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400}
 #content h1>a.anchor::before,h2>a.anchor::before,h3>a.anchor::before,#toctitle>a.anchor::before,.sidebarblock>.content>.title>a.anchor::before,h4>a.anchor::before,h5>a.anchor::before,h6>a.anchor::before{content:"\00A7";font-size:.85em;display:block;padding-top:.1em}
 #content h1:hover>a.anchor,#content h1>a.anchor:hover,h2:hover>a.anchor,h2>a.anchor:hover,h3:hover>a.anchor,#toctitle:hover>a.anchor,.sidebarblock>.content>.title:hover>a.anchor,h3>a.anchor:hover,#toctitle>a.anchor:hover,.sidebarblock>.content>.title>a.anchor:hover,h4:hover>a.anchor,h4>a.anchor:hover,h5:hover>a.anchor,h5>a.anchor:hover,h6:hover>a.anchor,h6>a.anchor:hover{visibility:visible}
 #content h1>a.link,h2>a.link,h3>a.link,#toctitle>a.link,.sidebarblock>.content>.title>a.link,h4>a.link,h5>a.link,h6>a.link{color:#ba3925;text-decoration:none}

docs/topics/AutoType.adoc

@@ -37,7 +37,7 @@ TIP: You can use an asterisk (`\*`) to match any value (e.g., when a window titl
 .Auto-Type entry sequences
 image::autotype_entry_sequences.png[]
 
-2. _(Optional)_ Define a custom Auto-Type sequence for each window title match by selecting the _Use specific sequence for this association_ checkbox. Sequence action codes and field placeholders are detailed in the following table. Beyond the most important ones detailed below, there are additional action codes and placeholders available: xref:UserGuide.adoc#_auto_type_actions[Auto-Type Actions Reference] and xref:UserGuide.adoc#_entry_placeholders[Entry Placeholders Reference]. Action codes and placeholders are not case sensitive.
+2. _(Optional)_ Define a custom Auto-Type sequence for each window title match by selecting the _Use specific sequence for this association_ checkbox. Sequence action codes and field placeholders are detailed in the following table. Beyond the most important ones detailed below, there are additional action codes and placeholders available: <<Auto-Type Actions, Auto-Type Actions Reference>> and <<Entry Placeholders, Entry Placeholders Reference>>. Action codes and placeholders are not case sensitive.
 +
 [grid=rows, frame=none, width=90%]
 |===

docs/topics/BrowserIntegration.adoc

@@ -1,158 +1,201 @@
-= KeePassXC – Browser Plugin
-include::.sharedheader[]
-:imagesdir: ../images
-
-// tag::content[]
-== Setup Browser Integration
-The KeePassXC-Browser extension is installed within your web browser so that you can automatically pull usernames and passwords from KeePassXC and populate them directly into website fields. It is a very useful and secure extension that enhances your productivity while using KeePassXC. With this extension, you do not need to manually copy the data from your KeePassXC database and paste it into the website fields.
-
-The KeePassXC-Browser extension is available on the following web browsers:
-
-* Google Chrome, Vivaldi, and Brave
-* Mozilla Firefox and Tor-Browser
-* Microsoft Edge
-* Chromium
-
-=== Install the Browser Extension
-You can download the KeePassXC-Browser extension from your web browser. To download the KeePassXC-Browser extension, perform the following steps:
-
-1. Click the link corresponding to your browser:
-  * https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk[Chrome, Chromium, Vivaldi, and Brave]
-  * https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser[Mozilla Firefox and Tor-Browser]
-  * https://microsoftedge.microsoft.com/addons/detail/keepassxcbrowser/pdffhmdngciaglkoonimfcmckehcpafo[Microsoft Edge]
-
-2. Click the button to install/add the extension to the browser. Accept any confirmation dialogs.
-
-TIP: For the most up-to-date troubleshooting advice on all platforms, please read our https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide[Troubleshooting Guide].
-
-// tag::advanced[]
-NOTE: When Microsoft Edge is installed as a managed application, system administrators are required to deploy a custom native messaging configuration. Instructions for this are found in the advanced section below.
-// end::advanced[]
-
-=== Configure KeePassXC-Browser
-To start using KeePassXC-Browser, you must configure it so that it can communicate with the KeePassXC application on your desktop.
-
-To configure KeePassXC-Browser, perform the following steps:
-
-1. Open the KeePassXC application on your desktop and navigate to Tools > Settings.
-
-2. Click the Browser Integration option on the left-hand side *(1)*. The following screen appears:
-+
-.Browser Settings
-image::browser_settings.png[]
-
-3. Click the _Enable browser integration_ checkbox *(2)*. Then select the browsers for which you have downloaded the KeePassXC-Browser extension *(3)* and click *OK*.
-
-4. Ensure your database is unlocked, then open (or restart) your browser.
-
-5. Click the KeePassXC-Browser extension icon *(A)* in your browser (see figure below). A pop-up window appears.
-+
-.Connect Extension to KeePassXC
-image::browser_extension_connect.png[,80%]
-
-6. Click the _Connect_ button *(B)* in the pop-up window to complete integrating the KeePassXC-Browser extension with your KeePassXC desktop application.
-
-7. You are now prompted to enter a unique name to identify the connection between this browser and your database. Enter a unique name in the field (e.g., firefox-laptop) and click the _Save and allow access_ button.
-+
-.Extension Association Dialog
-image::browser_extension_association.png[,80%]
-
-WARNING: If you reuse a connection name in a database, the previous browser connection will be overwritten and prevent access.
-
-=== Using the Browser Extension
-The KeePassXC-Browser extension lets you automatically populate the entries from your KeePassXC database into the fields on websites you visit. To do so, perform the following steps:
-
-1. Open your KeePassXC desktop application and unlock your database.
-
-2. Open your web browser. The KeePassXC-Browser extension icon in your browser window will change based on its connection state. The figure below shows the different states.
-+
-*(A)* KeePassXC is not running or is disconnected +
-*(B)* Connected to KeePassXC, but database is locked +
-*\(C)* Connected to KeePassXC and ready to use
-+
-.Extension Icon States
-image::browser_extension_icons.png[,70%]
-
-3. If the KeePassXC desktop application is not connected with the KeePassXC-Browser extension, click the extension icon in your web browser and click _Reload_ from the pop-up window as shown in the following screen.
-+
-.Reload Extension Connection
-image::browser_extension_reload.png[,80%]
-
-4. Open the URL for which you want to use with your database. If you have previously created an entry in your database then the KeePassXC-Browser Confirm Access dialog may appear:
-+
-.Confirm Access Dialog
-image::browser_confirm_access_dialog.png[,80%]
-
-5. Ensure the credentials you want to use are checked, then click *(A)* Remember _(optional)_, then click _Allow Selected_ *(B)*.
-
-6. In your website, the KeePassXC icon will appear in the username field of the login form *(A)*. Click the icon to populate the field with your stored credentials. If you have more than one credential for this website, a dropdown will appear to choose the one to use.
-+
-.Fill Credentials
-image::browser_fill_credentials.png[,80%]
-
-// tag::advanced[]
-=== Browser statistics
-You can see a cross-section of all browser-related settings applied to entries within a database through the Browser Statistics report. To access these, use the _Database_ -> _Database reports..._ menu option then click on _Browser Statistics_ on the left-hand menu. From here you can see all entries with URLs applied to them, explicitly allowed and denied URLs, and any entries with custom browser settings.
-
-.Browser statistics
-image::browser_statistics.png[]
-
-=== Advanced Usage
-You can configure unique browser integration behavior for each entry. This allows you to add multiple URLs to an entry, hide an entry from the browser integration, and more. To access these settings, open an entry for editing then click on _Browser Integration_ option in the left-hand menu *(1)*.
-
-After opening the settings you can add any number of additional URLs by clicking the _Add_ button *(2)* and typing the URL in the list to the left *(3)*.
-
-.Entry browser settings
-image::browser_entry_settings.png[]
-
-To set options for all entries within a group, edit the group and go to the browser integration section *(1)*. Here you can explicitly disable access to all entries under a group hierarchy to the browser extension. You can set other useful options for groups of entries as well.
-
-.Group browser settings
-image::browser_group_settings.png[]
-
-Database-wide operations are available in the database settings. To access these use the _Database_ -> _Database settings..._ menu option. Click on _Browser Integration_ on the left-hand menu. From here you can disconnect all browsers, convert legacy KeePass-HTTP settings, reset all entry-level settings, and refresh the database root group ID (useful when making copies of your database file).
-
-.Database browser settings
-image::browser_database_settings.png[]
-
-Finally, advanced application-wide settings are available in the Browser Integration tab of the application settings.
-
-WARNING: We do not recommend changing any of these settings as they may break the browser integration plugin.
-
-.Advanced browser settings
-image::browser_advanced_settings.png[]
-
-=== Advanced Setup
-==== Managed Microsoft Edge on Windows
-1. Deploy *org.keepassxc.keepassxc_browser_edge.json* to, for example, `C:\ProgramData\KeepassXC` on all managed platforms.
-+
-----
-{
-    "allowed_origins": [
-        "chrome-extension://pdffhmdngciaglkoonimfcmckehcpafo/"
-    ],
-    "description": "KeePassXC integration with native messaging support",
-    "name": "org.keepassxc.keepassxc_browser",
-    "path": "C:\\Program Files\\KeePassXC\\keepassxc-proxy.exe",
-    "type": "stdio"
-}
-----
-
-2. Configure GPO options (registry result):
-+
-----
-Windows Registry Editor Version 5.00
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\org.keepassxc.keepassxc_browser]
-@="C:\ProgramData\KeepassXC\org.keepassxc.keepassxc_browser_edge.json"
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
-"NativeMessagingUserLevelHosts"=dword:00000000
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist]
-"1"="pdffhmdngciaglkoonimfcmckehcpafo"
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NativeMessagingAllowlist]
-"1"="org.keepassxc.keepassxc_browser"
-----
-// end::advanced[]
-// end::content[]
+= KeePassXC – Browser Plugin
+include::.sharedheader[]
+:imagesdir: ../images
+
+// tag::content[]
+== Browser Integration
+The KeePassXC-Browser extension is installed within your web browser so that you can automatically pull usernames and passwords from KeePassXC and populate them directly into website fields. It is a very useful and secure extension that enhances your productivity while using KeePassXC. With this extension, you do not need to manually copy the data from your KeePassXC database and paste it into the website fields.
+
+The KeePassXC-Browser extension is available on the following web browsers:
+
+* Google Chrome, Vivaldi, and Brave
+* Mozilla Firefox and Tor-Browser
+* Microsoft Edge
+* Chromium
+
+NOTE: On Linux, Flatpak and Snap based browsers are generally not supported. Ubuntu's Firefox Snap is currently the only known exception. 
+
+=== Install the Browser Extension
+You can download the KeePassXC-Browser extension from your web browser. To download the KeePassXC-Browser extension, perform the following steps:
+
+1. Click the link corresponding to your browser:
+  * https://chromewebstore.google.com/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk[Chrome, Chromium, Vivaldi, and Brave]
+  * https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser[Mozilla Firefox and Tor-Browser]
+  * https://microsoftedge.microsoft.com/addons/detail/keepassxcbrowser/pdffhmdngciaglkoonimfcmckehcpafo[Microsoft Edge]
+
+2. Click the button to install/add the extension to the browser. Accept any confirmation dialogs.
+
+TIP: For the most up-to-date troubleshooting advice on all platforms, please read our https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide[Troubleshooting Guide].
+
+// tag::advanced[]
+NOTE: When Microsoft Edge is installed as a managed application, system administrators are required to deploy a custom native messaging configuration. Instructions for this are found in the advanced section below.
+// end::advanced[]
+
+=== Configure KeePassXC-Browser
+To start using KeePassXC-Browser, you must configure it so that it can communicate with the KeePassXC application on your desktop.
+
+To configure KeePassXC-Browser, perform the following steps:
+
+1. Open the KeePassXC application on your desktop and navigate to Tools > Settings.
+
+2. Click the Browser Integration option on the left-hand side *(1)*. The following screen appears:
++
+.Browser Settings
+image::browser_settings.png[]
+
+3. Click the _Enable browser integration_ checkbox *(2)*. Then select the browsers for which you have downloaded the KeePassXC-Browser extension *(3)* and click *OK*.
+
+4. Ensure your database is unlocked, then open (or restart) your browser.
+
+5. Click the KeePassXC-Browser extension icon *(A)* in your browser (see figure below). A pop-up window appears.
++
+.Connect Extension to KeePassXC
+image::browser_extension_connect.png[,80%]
+
+6. Click the _Connect_ button *(B)* in the pop-up window to complete integrating the KeePassXC-Browser extension with your KeePassXC desktop application.
+
+7. You are now prompted to enter a unique name to identify the connection between this browser and your database. Enter a unique name in the field (e.g., firefox-laptop) and click the _Save and allow access_ button.
++
+.Extension Association Dialog
+image::browser_extension_association.png[,80%]
+
+WARNING: If you reuse a connection name in a database, the previous browser connection will be overwritten and prevent access.
+
+=== Using the Browser Extension
+The KeePassXC-Browser extension lets you automatically populate the entries from your KeePassXC database into the fields on websites you visit. To do so, perform the following steps:
+
+1. Open your KeePassXC desktop application and unlock your database.
+
+2. Open your web browser. The KeePassXC-Browser extension icon in your browser window will change based on its connection state. The figure below shows the different states.
++
+*(A)* KeePassXC is not running or is disconnected. +
+*(B)* KeePassXC is running, but KeePassXC Browser Extension is not connected to the current database. +
+*\(C)* Connected to KeePassXC, but database is locked. +
+*(D)* Connected to KeePassXC and ready to use. If the icon is shown with a number, it indicates the number of credentials found for the current site.
++
+.Extension Icon States
+image::browser_extension_icons.png[,70%]
+
+3. If the KeePassXC desktop application is not connected with the KeePassXC-Browser extension, click the extension icon in your web browser and click _Reload_ from the pop-up window as shown in the following screen.
++
+.Reload Extension Connection
+image::browser_extension_reload.png[,80%]
+
+4. Open the URL for which you want to use with your database. If you have previously created an entry in your database then the KeePassXC-Browser Confirm Access dialog may appear:
++
+.Confirm Access Dialog
+image::browser_confirm_access_dialog.png[,80%]
+
+5. Ensure the credentials you want to use are checked, then click *(A)* Remember _(optional)_, then click _Allow Selected_ *(B)*.
+
+6. In your website, the KeePassXC icon will appear in the username field of the login form *(A)*. Click the icon to populate the field with your stored credentials. If you have more than one credential for this website, a dropdown will appear to choose the one to use.
++
+.Fill Credentials
+image::browser_fill_credentials.png[,80%]
+
+=== Generate Passwords
+The KeePassXC-Browser Extension also lets you generate passwords directly in your browser. 
+This feature can be used for websites with existing credentials as well as for new websites. 
+You can then choose to update/add the credentials to your KeePassXC database directly from the Browser.
+
+1. Ensure your database is unlocked and configured to use the Browser extension as shown above.
+
+2. Right click on a password field and from the KeePassXC sub-menu choose _Show Password Generator_. The standard KeePassXC password generator will appear.
+
+3. Configure the password generation options and click _Apply Password_ when done. The generated password will be filled into the previously selected field.
+
+4. When you have successfully submitted the password on the website, a popup will appear asking you to either update an existing entry or add a new one.
+
+// tag::advanced[]
+=== Browser statistics
+You can see a cross-section of all browser-related settings applied to entries within a database through the Browser Statistics report. To access these, use the _Database_ -> _Database reports..._ menu option then click on _Browser Statistics_ on the left-hand menu. From here you can see all entries with URLs applied to them, explicitly allowed and denied URLs, and any entries with custom browser settings.
+
+.Browser statistics
+image::browser_statistics.png[]
+
+=== Advanced Usage
+You can configure unique browser integration behavior for each entry. This allows you to add multiple URLs to an entry, hide an entry from the browser integration, and more. To access these settings, open an entry for editing then click on _Browser Integration_ option in the left-hand menu *(1)*.
+
+After opening the settings you can add any number of additional URLs by clicking the _Add_ button *(2)* and typing the URL in the list to the left *(3)*.
+
+Additional URLs also supports wildcards (with KeePassXC 2.7.10 and later). You can use URLs like:
+----
+https://*.example.com
+https://example.com/*/path
+https://sub.*.example.com/path/*
+----
+
+.Entry browser settings
+image::browser_entry_settings.png[]
+
+To set options for all entries within a group, edit the group and go to the browser integration section *(1)*. Here you can explicitly disable access to all entries under a group hierarchy to the browser extension. You can set other useful options for groups of entries as well.
+
+.Group browser settings
+image::browser_group_settings.png[]
+
+Database-wide operations are available in the database settings. To access these use the _Database_ -> _Database settings..._ menu option. Click on _Browser Integration_ on the left-hand menu. From here you can disconnect all browsers, convert legacy KeePass-HTTP settings, reset all entry-level settings, and refresh the database root group ID (useful when making copies of your database file).
+
+.Database browser settings
+image::browser_database_settings.png[]
+
+Finally, advanced application-wide settings are available in the Browser Integration tab of the application settings.
+
+WARNING: We do not recommend changing any of these settings as they may break the browser integration plugin.
+
+.Advanced browser settings
+image::browser_advanced_settings.png[]
+
+=== Advanced Setup
+==== Custom Browser option
+It is possible to enable support for a custom browser (e.g. LibreWolf, WaterFox, Arc, beta and nightly browsers, etc.) using this feature.
+This feature is only available for Linux and macOS.
+
+.Custom browser configuration
+image::browser_custom_browser_configuration.png[]
+
+The native messaging script file needed for the custom browser depends on the browser type. For Firefox based browsers like Librefox the _Browser type_ must be _Firefox_. For Arc, Opera, etc. the type must be set to _Chromium_.
+
+_Config location_ must have the exact path for the browser's _native-messaging-hosts_ folder. If you are unsure, refer to our https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide#1-after-enabling-browser-integration-and-support-for-your-browser[Troubleshooting Guide] for listing of the most common paths, and a few ways for finding a path when it's not known.
+
+When a Custom Browser has been successfully set, KeePassXC will automatically write the needed native messaging script file to the folder.
+
+If you wish to support multiple custom browsers, you can copy the native messaging script files manually to the _native-messaging-hosts_ folder from other browsers.
+
+==== Managed Microsoft Edge on Windows
+1. Deploy *org.keepassxc.keepassxc_browser_edge.json* to, for example, `C:\ProgramData\KeePassXC\` on all managed platforms.
++
+----
+{
+    "allowed_origins": [
+        "chrome-extension://pdffhmdngciaglkoonimfcmckehcpafo/"
+    ],
+    "description": "KeePassXC integration with native messaging support",
+    "name": "org.keepassxc.keepassxc_browser",
+    "path": "C:\\Program Files\\KeePassXC\\keepassxc-proxy.exe",
+    "type": "stdio"
+}
+----
+
+2. Configure GPO options (see https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#native-messaging[Microsoft Edge Native Messaging Policies] for more information.):
++
+----
+Windows Registry Editor Version 5.00
+[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\org.keepassxc.keepassxc_browser]
+@="C:\ProgramData\KeepassXC\org.keepassxc.keepassxc_browser_edge.json"
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
+"NativeMessagingUserLevelHosts"=dword:00000000
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist]
+"1"="pdffhmdngciaglkoonimfcmckehcpafo"
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NativeMessagingAllowlist]
+"1"="org.keepassxc.keepassxc_browser"
+----
+
+==== Managed Microsoft Edge on macOS
+1. Deploy *org.keepassxc.keepassxc_browser_edge.json* to `/Library/Microsoft/Edge/NativeMessagingHosts`.
+
+2. You may need to configure Edge to allowlist the extension and native messaging host. See https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#native-messaging[Microsoft Edge Native Messaging Policies] for more information.
+// end::advanced[]
+// end::content[]

docs/topics/DatabaseOperations.adoc

@@ -36,6 +36,13 @@ NOTE: Keep this password for your database safe. Either memorize it or note it d
 
 5. Click Done. You will be prompted to select a location to save your database file. The database file is saved on to your computer with the default `.kdbx` extension. You can store your database wherever you wish, it is fully encrypted at all times preventing unauthorized access.
 
+=== Storing Your Database
+The database file that you create might contain highly sensitive data and must be stored in a very secure way. You must make sure that the database is always protected with a strong and long password. The database file that is protected with a strong and long password is secure and encrypted while stored on your computer or cloud storage service.
+
+Make sure that you or someone else does not accidentally delete the database file. Deletion of the database file will result in the total loss of all your information (including all your passwords!) and a lot of inconvenience to manually retrieve your logins for various web applications. Do not share the credentials to access your database file with anyone unless you absolutely trust them (spouse, child, etc.).
+
+TIP: You can safely store your database file in the cloud (OneDrive, Dropbox, Google Drive, Nextcloud, Syncthing, etc.). The database file is always fully encrypted; unencrypted data is never written to disk and is never accessible to your cloud storage provider. We recommend using a storage service that keeps automatic backups (version history) of your database file in the event of corruption or accidental deletion.
+
 === Opening an Existing Database
 To open an existing database, perform the following steps:
 
@@ -51,9 +58,11 @@ image::unlock_database.png[]
 
 3. Enter the password for your database.
 
-4. _(Optional)_ Browse for the Key File if you have chosen it as an additional authentication factor while creating the database. Refer to the KeePassXC User Guide for more information on setting a Key File as an additional authentication factor.
+4. _(Optional)_ Click *I have a key file (A)* if you have one as an additional authentication factor for your database.
 
-5. Click *OK*. The database opens and the following screen is displayed:
+5. _(Optional)_ Plug in your configured YubiKey or OnlyKey to use it as an additional authentication factor. If you don't see it listed, press the refresh button *(B)*.
+
+6. Click *OK*. The database opens and the following screen is displayed:
 +
 .Unlocked database
 image::database_view.png[]
@@ -72,24 +81,13 @@ When your database is locked, you will see the following unlock dialog. Simply p
 image::quick_unlock.png[]
 
 // tag::advanced[]
-=== Expired Entries
-By default, KeePassXC will show entries that are expired or will be expiring within 3 days after unlocking the database. This feature allows you to change your passwords before they expire and be aware of passwords that are no longer valid. You can disable or change this feature in the Application Settings.
+NOTE: By default, KeePassXC will show entries that are expired or will be expiring within 3 days after unlocking the database. This feature allows you to change your passwords before they expire and be aware of passwords that are no longer valid. You can disable or change this feature in the Application Settings.
 
-=== Advanced Save Options
-There are three ways that KeePassXC can handle database files. This behavior is set in the Application Settings under _File Operations_.
-
-1. _(Default)_ *Safe saves* create a temporary database file alongside the existing one and atomically move it into place when all writing is complete. This prevents database corruption in the case of application crashes, loss of power, or other interruptions.
-
-2. *Temporary file saves* create a database in the temporary files folder. This database is then moved into place overtop of the existing file. Although rare, interruptions in this move process could leave your database in an unknown state. This option is useful for overcoming poorly behaved cloud sync tools.
-
-3. *Direct-write saves* write directly to the existing database file. This is an unsafe operation since any interruption can leave your entire database inaccessible. We only recommend using this option when interfacing with Linux GVFS services (e.g. Google Cloud on Gnome) and other types of storage services that host a virtual drive system.
-
-In addition to these save options, KeePassXC can create a backup of your existing database file just prior to saving. This backup will be saved at the path specified in the *Backup destination* field. This path can be absolute or relative. The latter will be resolved according to the databases path. It is possible to specify a custom naming scheme with placeholders. See xref:UserGuide.adoc#_backup_path_placeholders[Backup Path Placeholders] for available placeholders and examples.
-
-image::save_options.png[]
 // end::advanced[]
+=== Entry Handling
+Entries in KeePassXC are the fundamental units where all your sensitive information is stored. Each entry can contain various fields such as usernames, passwords, URLs, attachments, and notes. You can create, edit, clone, and delete entries as needed. Additionally, KeePassXC supports advanced features like TOTP for two-factor authentication, custom attributes, and entry history to track changes over time. Proper management of entries ensures that your data is organized, secure, and easily accessible when needed.
 
-=== Adding an Entry
+==== Adding an Entry
 All the details such as usernames, passwords, URLs, attachments, notes, and so on are stored in database entries. You can create as many entries as you want in the database.
 
 To add an entry, perform the following step:
@@ -112,7 +110,7 @@ image::edit_entry.png[]
 
 5. Click *OK* to add the entry to your database.
 
-=== Editing an Entry
+==== Editing an Entry
 To edit the details in an entry, perform the following steps:
 
 1. Select the entry you want to edit.
@@ -123,7 +121,7 @@ To edit the details in an entry, perform the following steps:
 
 4. Click *OK*.
 
-=== Adding TOTP to an Entry
+==== Adding TOTP to an Entry
 Timed One-Time Passwords (TOTP) are a popular choice for two-factor authentication methods. These codes are typically six digits long and change every 30 seconds. They are derived from a shared secret value and the current time. Once set up, KeePassXC can calculate TOTP codes like any authenticator app, such as Google Authenticator. The codes can be used with copy/paste, browser extension, and Auto-Type.
 
 TIP: Your computer time must be synchronized with an internet time source to generate valid TOTP codes, https://www.nist.gov/pml/time-and-frequency-division/time-distribution/internet-time-service-its[read more here].
@@ -145,7 +143,17 @@ After an entry is configured with TOTP, you will see a clock icon in that entry'
 .TOTP Usage
 image::totp_usage_examples.png[]
 
-=== Deleting an Entry
+==== Entry Icons
+You can select an icon to be displayed with each entry for easy identification. KeePassXC comes with a set of default icons that you can use or you can use your own custom icons. If you defined a URL with an entry, you can also download the favorite icon for that particular website.
+
+NOTE: To delete a custom icon, go to <<Database Maintenance>> where you can purge unused icons and delete one or more icons at a time.
+
+.Entry icon selection
+image::edit_entry_icons.png[]
+
+TIP: Each KeePass application has different default icons. If you use a mobile app or KeePass2, be aware that the default icons may not be exactly correspond to the KeePassXC icons.
+
+==== Deleting an Entry
 To delete an entry, perform the following steps:
 
 1. Select the entry you want to delete and press the `Delete` button on your keyboard.
@@ -157,7 +165,7 @@ NOTE: You can disable the recycle bin within the Database Settings. If the recyc
 3. To permanently delete the entry, navigate to the Recycle Bin, select the entry you want to delete and press the `Delete` button on your keyboard.
 
 // tag::advanced[]
-=== Clone an Entry
+==== Clone an Entry
 Creating a clone of an entry provides you a ready-to-use template for creating new entries with similar details of a master entry.
 
 To create a clone of an existing entry, perform the following steps:
@@ -180,12 +188,73 @@ image::clone_entry_dialog.png[,50%]
 .References in a cloned entry
 image::clone_entry_references.png[]
 
-4. You can create your own references using the xref:UserGuide.adoc#_entry_cross_reference[Entry Reference Syntax]
+4. You can create your own references using the <<Entry Cross-Reference, Entry Reference Syntax>>
 
-== Searching the Database
-KeePassXC provides an enhanced and granular search features the enables you to search for specific entries in the databases using the different modifiers, wild card characters, and logical operators.
+==== Entry URL Handling
+KeePassXC can handle URLs in various ways. Standard URLs will be opened in your default browser. URLs that start with schemas handled by your Operating System will launch the associated application, for example `ftp://` or `ssh://`. You can also use the following URL schemas to perform specific actions:
 
-=== Modifiers and Fields
+|===
+|Schema    | Example   | Description
+
+|cmd://
+|`cmd://ssh {USERNAME}@example.com -p 2222`
+|Launches the specified command line executable with the specified arguments. The executable must be present on your PATH or an absolute path must be specified.
+
+|kdbx://
+|`kdbx://~/dbs/passwords.kdbx`
+|Opens the specified database file. Set the entry's username to the keyfile path (if required) and password to the database password. The database will open in a new tab.
+
+|===
+
+=== Advanced Entry Handling
+KeePassXC offers several advanced options for managing your database entries. Additional Attributes allow you to store extra information required by some applications and websites. Attachments enable you to attach files to entries, stored as encrypted binaries, which can be previewed directly in the application (text and images). Icons can be selected or downloaded for easy identification of entries. The Properties section lets you view basic properties such as creation, modification, and last accessed times, and retrieve an entry's UUID for references. KeePassXC also maintains a history of changes to entries, allowing you to view, restore, or delete previous versions of an entry.
+
+==== Additional Attributes
+A lot of applications and web sites now require providing additional information when you create accounts. The additional information is used to block hackers if any suspicious activity is detected. In addition, the additional information you provide can be used to reset passwords if you forget them. You can also store arbitrary information here that can be copied to the clipboard or Auto-Typed using the `{S:<ATTR_NAME>}` action code.
+
+To protect an attribute from being displayed by default, activate the _Protect_ checkbox *(A)*. To show the contents of the attribute while keeping it protected, press the _Reveal_ button *(B)*.
+
+.Additional attributes example
+image::edit_entry_attributes.png[]
+
+==== Attachments
+You can attach files to any entry in your database by pressing the _Add_ button *(A)*. These files are added to the database and stored as encrypted binaries. You can open, save, or delete attachments from this interface *(B)*.
+
+NOTE: When you try to open the attached file, KeePassXC extracts the attachment to a temporary file and opens it using the default application associated with the file type. After finishing viewing or editing the file, you can choose between importing or discarding the changes that you made to the temporary file. KeePassXC securely deletes the temporary file by overwriting it.
+
+.Attachments interface
+image::edit_entry_attachments.png[]
+
+==== Foreground and Background Color
+You can change the foreground *(A)* and/or background *(B)* color that this entry will use in the entry lists. Click the corresponding box to open the color picker dialog.
+
+.Color picker dialog
+image::edit_entry_colors.png[]
+
+==== Properties
+KeePassXC lets you view the basic properties such as date and time of creation, modification, and when last accessed. This is also where you can retrieve an entry's UUID for use in references.
+
+.Entry properties view
+image::edit_entry_properties.png[]
+
+==== History
+KeePassXC maintains a history of changes you make to your entries. Each time you change an entry, KeePassXC automatically creates a backup copy of the current, non-modified entry before saving the new values. You can view the changes you made previously, restore, and delete the history of changes you made. The age of the history item, the changes that were made, and the entry's size are shown in the table view.
+
+ * Show: Display this history item for review, a read-only copy of the entry will be shown.
+ * Restore: Reinstate the selected history item as the active entry details.
+ * Delete: Delete the selected history item.
+ * Delete All: Delete the entire history for this entry.
+
+.Entry history view
+image::edit_entry_history.png[]
+
+NOTE: Restoring an old history item will store the current entry settings as a new history item.
+
+// end::advanced[]
+=== Search
+KeePassXC provides a robust search that enables you to find specific entries in the databases using different modifiers, wild card characters, and logical operators. By default, search considers the following fields when matching your query: Title, Username, URL, Tags, and Notes. To include other fields and/or narrow your search to specific fields, you can use the search syntax described below.
+
+==== Modifiers and Fields
 [grid=rows, frame=none, width=70%]
 |===
 |Modifier   |Description
@@ -201,14 +270,15 @@ The following fields can be searched along with their abbreviated name in parent
 * Title (t)
 * Username (u)
 * Password (p, pw)
-* URL
+* URL (url)
 * Notes (n)
 * Attribute names and values (attr)
 * Attachment (attach)
 * Group (g)
+* Tags (tag)
 * Entry State (is:expired, is:weak)
 
-=== Wild Card Characters and Logical Operators
+==== Wild Card Characters and Logical Operators
 [grid=rows, frame=none, width=70%]
 |===
 |Wild Card Character    |Description
@@ -218,7 +288,7 @@ The following fields can be searched along with their abbreviated name in parent
 |\|	                    |Logical OR
 |===
 
-=== Sample Search Queries
+==== Sample Search Queries
 The following tables lists a few samples search queries for your reference:
 
 |===
@@ -236,63 +306,39 @@ The following tables lists a few samples search queries for your reference:
 |`+attr:mystring123`
 |Searches all additional attributes for any name OR value equal to mystring123.
 
+|`+tag:personal`
+| Search exactly for the 'personal' tag and do not include tags such as 'my personal'.
+
 |`is:expired is:weak`
 |Searches for all expired entries with weak passwords.
 |===
 
-== Advanced Entry Options
-=== Additional Attributes
-A lot of applications and web sites now require providing additional information when you create accounts. The additional information is used to block hackers if any suspicious activity is detected. In addition, the additional information you provide can be used to reset passwords if you forget them. You can also store arbitrary information here that can be copied to the clipboard or Auto-Typed using the `{S:<ATTR_NAME>}` action code.
+// tag::advanced[]
+=== Merging Databases
+KeePassXC allows you to merge entries from one database into another through the _Database_ -> _Merge From Database_ menu item. When merging, entries from the specified database will be imported into your currently open database. The merge process compares entries based on their unique identifiers (UUIDs) and modified timestamp. When an entry UUID matches, no matter which group it is in, the most recently modified version will be made the current and the previous version will be placed into the entry's history. Any new entries and/or groups will be added to the open database. This feature is useful for consolidating multiple databases or synchronizing databases from conflict files in a cloud storage system.
 
-To protect an attribute from being displayed by default, activate the _Protect_ checkbox *(A)*. To show the contents of the attribute while keeping it protected, press the _Reveal_ button *(B)*.
+NOTE: When you delete entries, a record of that deletion (the entry UUID) is stored to prevent that entry from reappearing from a merge operation. An existing entry that has the same UUID as a deleted item will be removed from the database without prompt.
 
-.Additional attributes example
-image::edit_entry_attributes.png[]
+=== Advanced Save Options
+There are three ways that KeePassXC can handle database files. This behavior is set in the Application Settings under _File Operations_.
 
-=== Attachments
-You can attach files to any entry in your database by pressing the _Add_ button *(A)*. These files are added to the database and stored as encrypted binaries. You can open, save, or delete attachments from this interface *(B)*.
+1. _(Default)_ *Safe saves* create a temporary database file alongside the existing one and atomically move it into place when all writing is complete. This prevents database corruption in the case of application crashes, loss of power, or other interruptions.
 
-NOTE: When you try to open the attached file, KeePassXC extracts the attachment to a temporary file and opens it using the default application associated with the file type. After finishing viewing or editing the file, you can choose between importing or discarding the changes that you made to the temporary file. KeePassXC securely deletes the temporary file by overwriting it.
+2. *Temporary file saves* create a database in the temporary files folder. This database is then moved into place overtop of the existing file. Although rare, interruptions in this move process could leave your database in an unknown state. This option is useful for overcoming poorly behaved cloud sync tools.
 
-.Attachments interface
-image::edit_entry_attachments.png[]
+3. *Direct-write saves* write directly to the existing database file. This is an unsafe operation since any interruption can leave your entire database inaccessible. We only recommend using this option when interfacing with Linux GVFS services (e.g. Google Cloud on Gnome) and other types of storage services that host a virtual drive system.
 
-=== Foreground and Background Color
-You can change the foreground *(A)* and/or background *(B)* color that this entry will use in the entry lists. Click the corresponding box to open the color picker dialog.
+=== Database Backup Options
+In addition to these save options, KeePassXC can create a backup of your existing database file just prior to saving. This backup will be saved at the path specified in the *Backup destination* field. This path can be absolute or relative. The latter will be resolved according to the databases path. It is possible to specify a custom naming scheme with placeholders. See <<Backup Path Placeholders, Backup Path Placeholders>> for available placeholders and examples.
 
-.Color picker dialog
-image::edit_entry_colors.png[]
+image::save_options.png[]
 
-=== Icons
-You can select an icon to be displayed with each entry for easy identification. KeePassXC comes with a set of default icons that you can use or you can use your own custom icons. If you defined a URL with an entry, you can also download the favorite icon for that particular website.
+Alternatively, backups can be created on-demand using the _Database_ -> _Save Database Backup..._ menu feature.
 
-NOTE: To delete a custom icon, go to xref:UserGuide.adoc#_database_maintenance[Database Maintenance] where you can purge unused icons and delete one or more icons at a time.
+.Saving a database backup
+image::save_database_backup.png[,40%]
 
-.Entry icon selection
-image::edit_entry_icons.png[]
-
-TIP: Each KeePass application has different default icons. If you use a mobile app or KeePass2, be aware that the default icons may not be exactly correspond to the KeePassXC icons.
-
-=== Properties
-KeePassXC lets you view the basic properties such as date and time of creation, modification, and when last accessed. This is also where you can retrieve an entry's UUID for use in references.
-
-.Entry properties view
-image::edit_entry_properties.png[]
-
-=== History
-KeePassXC maintains a history of changes you make to your entries. Each time you change an entry, KeePassXC automatically creates a backup copy of the current, non-modified entry before saving the new values. You can view the changes you made previously, restore, and delete the history of changes you made. The age of the history item, the changes that were made, and the entry's size are shown in the table view.
-
- * Show: Display this history item for review, a read-only copy of the entry will be shown.
- * Restore: Reinstate the selected history item as the active entry details.
- * Delete: Delete the selected history item.
- * Delete All: Delete the entire history for this entry.
-
-.Entry history view
-image::edit_entry_history.png[]
-
-NOTE: Restoring an old history item will store the current entry settings as a new history item.
-
-== Automatic Database Opening
+=== Automatic Database Opening
 You can setup one or more databases to open automatically when you unlock a single database. This is done by *(1)* defining a special group named `AutoOpen` with *(2)* entries that contain the file path and credentials for each database that should be opened. There is no limit to the number of databases that can be opened.
 
 TIP: Case matters with auto open, the group name must be exactly `AutoOpen` and it must be a child of the root group.
@@ -329,10 +375,12 @@ image::database_settings.png[]
  * *Database name:* This is the default identifier for your database and is shown in the tab bar and title bar (when active). You can change this name as desired.
  * *Database description:* Provide some meaningful description for your database.
  * *Default username:* Provide a default username for all new entries that you create in this database.
+ * *Public Databse Metadata:* Here you can set a public (unencrypted) name, icon, and color for your database. This is used on the database unlock screen to help distinguish multiple databases from each other.
  * *Max history items:* This is the maximum number of history items that are stored for each entry. When you set this to 0, no history will be saved. Set this value to a low value to prevent the database from getting too large (we recommend no more than 10).
  * *Max. history size:* When the history of an entry gets above this size, it is truncated. For example, this happens when entries have large attachments. Set this value small to prevent the database from getting too large (we recommend 6 MiB).
  * *Use recycle bin:* Select this check-box if you want deleted entries to move to the recycle bin instead of being permanently removed. The recycle bin will be created if it does not already exist after your first deletion. To delete entries permanently, you must empty the recycle bin manually.
  * *Enable compression:* KeePassXC databases can be compressed before being encrypted. Compression reduces the size of the database and does not have any appreciable affect on speed. It is recommended to always save databases with compression.
+ * *Autosave delay:* Customize the automatic database save operation by delaying it for a set time since the last change. By default, this option is disabled for fast saving, but can be useful for large databases to avoid delays after each change.
 
 3. Click the Security button in the left-hand menu bar to change your database credentials and change encryption settings.
 +
@@ -364,42 +412,27 @@ The following key derivation functions are supported:
 
  * Argon2 (KDBX 4 – recommended): KDBX 4, the Argon2 key derivation function can be used for transforming the composite master key (as protection against dictionary attacks). The main advantage of Argon2 over AES-KDF is that it provides a better resistance against GPU/ASIC attacks (due to being a memory-hard function). The number of iterations scales linearly with the required time. By increasing the memory parameter, GPU/ASIC attacks become harder and the required time increases. The parallelism parameter can be used to specify how many threads should be used. We recommend using Argon2id to prevent against timing-based attacks. Argon2d offers maximum compatibility with other KeePass-based apps, the default settings provide sufficient protection against any known attacks.
 
-== Database Maintenance
+=== Database Maintenance
 KeePassXC offers some maintenance features that can be applied to clean up your database. Navigate to _Database_ -> _Database settings_ then click on _Maintenance_ on the left hand panel. The following screen appears. On this screen you can delete multiple icons at once and purge any unused icons in your database.
 
 image::database_maintenance.png[]
 
-=== Creating a YubiKey backup
-It is advisable to have a backup replica YubiKey In case your main YubiKey gets damaged, lost, or stolen. The same HMAC key will need to be written to both keys. To do this you can either use the YubiKey Personalization Tool GUI or the ykpersonalize CLI tool. The steps for the CLI tool are shown:
+== Remote database support
+KeePassXC provides support for syncing database files that reside in a remote location. If you can download/upload the database file via a commandline tool (e.g. rsync, ssh, scp etc.) KeePassXC offers easy to use functionality to sync the remote database.
 
-1. Create a 20 byte HMAC key:
-+
-```
-dd status=none if=/dev/random bs=20 count=1 | xxd -p -c 40
-```
+=== Sync with remote database
+Open the remote sync settings via _Database > Database Settings… > Remote_ to create commands to sync a local database or a temporary local copy of a remote database.
 
-2. Write the HMAC key to slot 2 _(Set through the first switch. Out of the box the YubiKey OTP resides in slot 1)_:
-+
-```
-ykpersonalize -2 -a -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible -oallow-update
-```
+Define a name for your sync command and specify a download *(A)* as well as an upload command *(B)*. The command and/or input need a `{TEMP_DATABASE}` placeholder specified where the remote database is temporarily stored. Do not forget to save the command settings with the save button *\(C)*. Remote settings are added as menu entries below the _Remote Sync…_ menu for quick access.
 
-You will be asked to enter the HMAC key you created earlier, copy/paste they key output in the first step. Repeat step 2 for your second YubiKey using the same HMAC key from before. We recommend storing your HMAC key in a safe place (e.g., printed on paper) in case you need to recreate another key.
+WARNING: If your download or upload command require a password prompt, the command will most likely not succeed. In case of an SSH connection (e.g. sftp), it is recommended to use <<KeePassXC – SSH Agent integration,SSH agent>> so that no password prompt is needed.
+
+.Remote sync settings
+image::sync_remote_settings.png[]
+
+Select the remote sync command from the _Database > Remote Sync…_ menu to start the syncing process and a progress bar will show up in the lower right corner.
+
+WARNING: In case the remote database is changed by another user/process after the downloading command finishes and before uploading again, those changes will be overwritten. Syncing is not an atomic operation.
 
-== Command Line Tool
-KeePassXC comes with the command line tool *keepassxc-cli* to access, view, and manipulate your database directly from a terminal window. The tool is documented through a separate man page, which can be shown using `man keepassxc-cli`, or through the on-demand help using `keepassxc-cli [command] -h`. An online version of the man page is https://github.com/keepassxreboot/keepassxc/blob/master/docs/man/keepassxc-cli.1.adoc[available on GitHub].
 // end::advanced[]
-
-== Storing a Database File
-The database file that you create might contain highly sensitive data and must be stored in a very secure way. You must make sure that the database is always protected with a strong and long password. The database file that is protected with a strong and long password is secure and encrypted while stored on your computer or cloud storage service.
-
-Make sure that you or someone else does not accidentally delete the database file. Deletion of the database file will result in the total loss of all your information (including all your passwords!) and a lot of inconvenience to manually retrieve your logins for various web applications. Do not share the credentials to access your database file with anyone unless you absolutely trust them (spouse, child, etc.).
-
-TIP: You can safely store your database file in the cloud (OneDrive, Dropbox, Google Drive, Nextcloud, Syncthing, etc.). The database file is always fully encrypted; unencrypted data is never written to disk and is never accessible to your cloud storage provider. We recommend using a storage service that keeps automatic backups (version history) of your database file in the event of corruption or accidental deletion.
-
-== Backing up a Database File
-It is a good practice to create copies of your database file and store the copies of your database on a different computer, smart phone, or cloud storage space such a Google Drive or Microsoft OneDrive. Backups can be created automatically by selecting the _Backup database file before saving_ option in the application settings. Additionally, you can create a backup on-demand using the _Database_ -> _Save Database Backup..._ menu feature.
-
-.Saving a database backup
-image::save_database_backup.png[,40%]
 // end::content[]

docs/topics/DownloadInstall.adoc

@@ -38,7 +38,7 @@ To install KeePassXC on Microsoft Windows, perform the following steps:
 .Install wizard
 image::install_wizard_1.png[,80%]
 
-2. Click Next and follow the simple instructions on the KeepPassXC Setup Wizard to complete the installation. You will have the option to choose your install location, add a desktop shortcut, and launch on startup.
+2. Click Next and follow the simple instructions on the KeePassXC Setup Wizard to complete the installation. You will have the option to choose your install location, add a desktop shortcut, and launch on startup.
 +
 .Install wizard (cont)
 image::install_wizard_2.png[,80%]
@@ -59,7 +59,7 @@ image::linux_store.png[]
 
 The Snap and Flatpak options are sandboxed applications (more secure). The Native option is installed with the operating system files. Read more about the limitations of these options here: https://keepassxc.org/docs/#faq-appsnap-yubikey[KeePassXC Snap FAQ]
 
-NOTE: KeePassXC stores a configuration file in `~/.cache` to remember window position, recent files, and other local settings. If you mount this folder to a tmpdisk you will lose settings after reboot.
+NOTE: KeePassXC stores a configuration file in `~/.local/state` to remember window position, recent files, and other local settings. If you mount this folder to a tmpdisk you will lose settings after reboot.
 
 === macOS
 To install the KeePassXC app on macOS, double click on the downloaded DMG file and use the click and drag option as shown:

docs/topics/ImportExport.adoc

@@ -3,60 +3,102 @@ include::.sharedheader[]
 :imagesdir: ../images
 
 // tag::content[]
-== Importing External Databases
+== Importing Databases
 KeePassXC allows you to import external databases from the following options:
 
-* Comma-Separated Values (CSV) file
-* 1Password OPVault
-* KeePass 1 Database
+* Comma Separated Values (.csv)
+* 1Password Export (.1pux)
+* 1Password Vault (.opvault)
+* Bitwarden (.json)
+* Proton Pass (.json)
+* KeePass 1 Database (.kdb)
+* Remote database (.kdbx)
+
+To import any of these files, start KeePassXC and either click the `Import File` button on the welcome screen or use the menu Database > Import... to launch the Import Wizard.
+
+.Import Wizard
+image::import_wizard.png[]
+
+For each of the import options, you will be prompted to select the file to import and then provide credentials to unlock the file, if necessary. You can then choose to import the file into a new database or into an existing database that is already unlocked in KeePassXC.
 
 === Importing CSV File
-If you have been saving your URLs, usernames, passwords, and so on in a CSV file, you can migrate all that information from the CSV file to KeePassXC and start using KeePassXC to maintain your data.
+WARNING: A CSV file is unencrypted and you should securely delete this file after successfully importing it into KeePassXC.
 
-To open the CSV file, perform the following steps:
+1. Follow the steps above and click `Continue`. The CSV import wizard will appear.
 
-1. Open KeePassXC.
-
-2. Click Import from CSV button on the welcome screen or use the menu Database > Import > CSV File.
-
-3. Navigate to the location of the your CSV file on your computer and open the file. The new database wizard will appear. Follow the steps of creating a new database in Chapter 1.
-
-4. After saving your new database file, the CSV import wizard will appear. On this dialog you can choose the various options for properly importing the data. You may need to select the _First line has field names_ checkbox before starting. Analyze the output in the preview at the bottom to determine the correct import settings.
+2. On this dialog you can choose the various options for properly importing the data. Analyze the output in the preview at the bottom to determine the correct import settings. You may need to re-map the column associations to match the data in your CSV file.
 +
 .CSV Import Wizard
 image::csv_import.png[]
 
-Your CSV file gets imported to KeePassXC and the data is converted to the KeePassXC format for further usage and maintenance. The new database file is saved on to your computer with the default `.kdbx` extension.
+3. Click `Done` to complete the import. If you chose to create a new database, the New Database dialog will appear. Otherwise your entries will be nested under the group you chose for the existing database.
+
+=== Importing from Other Applications
+KeePassXC allows you to import databases from various applications including 1Password (1PUX and OPVault), Bitwarden, and Proton Pass. Each import option involves selecting the file, providing necessary credentials (if required), and choosing to import into a new or existing database. Note that CSV, 1Password Export, Bitwarden, and Proton Pass files are unencrypted and should be securely deleted after import.
+
+==== 1Password Export
+WARNING: A 1Password Export file is unencrypted and you should securely delete this file after successfully importing it into KeePassXC.
+
+1. Open the Import Wizard as shown above. Select the 1Password Export option.
+
+2. Click `Continue` to unlock and preview the import. Click `Done` to complete the import.
+
+==== 1Password OPVault
+NOTE: You must have 1Password version 7 or 8 to export your data to an OPVault. If you are using a newer version of 1Password, you should use the 1Password Export (1PUX) format instead.
 
-=== Importing 1Password OPVault
 Save your 1Password Vault locally to create an OPVault directory. Please see 1Password instructions on how to do this. Once an OPVault is created, perform the following steps:
 
-1. Open KeePassXC.
+1. Open the Import Wizard as shown above. Select the 1Password Vault option.
 
-2. Use the menu Database > Import > 1Password Vault. Select the OPVault to import.
+2. Enter the password for your vault and click `Continue` to unlock and preview the import. Click `Done` to complete the import.
 
-3. Enter the password for your OPVault to unlock and import.
+==== Bitwarden
+WARNING: A Bitwarden Export file may be unencrypted and you should securely delete this file after successfully importing it into KeePassXC.
+
+1. Open the Import Wizard as shown above. Select the Bitwarden option.
+
+2. Optionally provide a password to decrypt the Bitwarden export file. You should only need to do this if you have chosen the encrypted json export option within Bitwarden.
+
+3. Click `Continue` to unlock and preview the import. Click `Done` to complete the import.
+
+==== Proton Pass
+WARNING: A Proton Pass Export file is unencrypted and you should securely delete this file after successfully importing it into KeePassXC.
+
+1. Open the Import Wizard as shown above. Select the Proton Pass option.
+
+2. Click `Continue` to preview the import. Click `Done` to complete the import.
 
 === Importing KeePass 1 Database
-KeePass 1 database is an older format of the database created using legacy version of KeePass. KeePassXC lets your import this older format of the database and you can seamlessly start using this database in your new KeePassXC application.
+KeePass 1 database is an older format of the database created using a legacy version of KeePass. KeePassXC lets your import this older format of the database and you can seamlessly start using this database in your new KeePassXC application.
 
 To import a KeePass 1 database file in KeePassXC, perform the following steps:
 
-1. Open KeePassXC.
+1. Open the Import Wizard as shown above. Select the KeePass1 Database option.
 
-2. Click Import from KeePass 1 button on the welcome screen or use the menu Database > Import > KeePass 1 Database.
+2. Enter the password for your database and optionally provide a key file if it was configured for your KeePass1 database.
 
-3. Navigate to the location of the your legacy KeePass 1 database file (`.kdb`) on your computer and open the file. You are prompted for the password and the Key file for your `.kdb` file.
+3. Click `Continue` to unlock and preview the import. Click `Done` to complete the import.
 
-4. Enter the password for your old `.kdb` file and click *OK*. You are prompted for provide a name for the new database format that KeePassXC recognizes.
+=== Importing Remote Database
+Database files that are stored in a remote location can be imported or opened with KeePassXC if you provide a command to download the file from the remote location.
 
-5. Provide a name for the new database format, select a folder on your computer to save the file, and click Save.
+To import (or temporarily open) a remote database file in KeePassXC, perform the following steps:
 
-6. The data from the `.kdb` file gets imported and converted to the new format, which is compatible with KeePassXC. You can now start using the new database file (`.kdbx`) in KeePassXC.
+1. Open the Import Wizard as shown above. Select the Remote Database option.
+
+2. Enter a command to download the remote database. If necessary, enter input that needs to be passed to the command. The command and/or input need a `{TEMP_DATABASE}` placeholder specified where the remote database is temporarily stored.
+
+3. Enter the password for your database and optionally provide a key file.
+
+4. Click `Continue` to unlock and preview the import. Click `Done` to complete the import.
+
+Opening without importing a remote database is possible by selecting Temporary Database in the Import Into section of the wizard.
 
 == Exporting Databases
 KeePassXC supports multiple ways to export your database for transfer to another program or to print out and archive.
 
+WARNING: These exports do not contain all the information in your database due to various limitations in the export format. For example, the CSV export does not support attachments, advanced attributes, Auto-Type settings, or custom icons. The XML export does not support attachments. The HTML export is mainly for printing and does not support attachments and some custom data fields.
+
 WARNING: Exporting your database will result in all of your passwords and sensitive information being stored in an unencrypted format. We do not recommend saving your exported database for long periods of time as that can cause a compromise of sensitive information.
 
 .Database export menu

docs/topics/KeeShare.adoc

@@ -16,7 +16,7 @@ To use sharing, you need to enable it for the application.
 .KeeShare Application Settings
 image::keeshare_application_settings.png[]
 
-=== Sharing Credentials
+=== Setup a Shared Group
 If you checked _Allow export_ in the Sharing settings you can now share a group of passwords. Sharing is always defined on a particular group. If you enable sharing on a group, every entry under this group, and its children, are shared. If you enable sharing on the root node, **every password** inside your database gets shared!
 
 NOTE: KeeShare does not synchronize group structure after the initial share is created. At this time, KeeShare operates at the entry level; shared entries moved outside of a shared group are still synchronized.

docs/topics/KeyboardShortcuts.adoc

@@ -15,14 +15,15 @@ NOTE: On macOS please substitute `Ctrl` with `Cmd` (aka `⌘`).
 |Save Database As             | Ctrl + Shift + S
 |New Database                 | Ctrl + Shift + N
 |Close Database               | Ctrl + W ; Ctrl + F4
-|Lock All Databases           | Ctrl + L
+|Lock Current Database        | Ctrl + L
+|Lock All Databases           | Ctrl + Shift + L
 |Database Settings            | Ctrl + Shift + ,
 |Database Reports             | Ctrl + Shift + R
 |Quit                         | Ctrl + Q
 |New Entry                    | Ctrl + N
 |Edit Entry                   | Enter ; Ctrl + E
 |Delete Entry                 | Delete
-|Clone Entry                  | Ctrl + K
+|Clone Entry                  | Ctrl + D
 |Copy Username                | Ctrl + B
 |Copy Password                | Ctrl + C
 |Copy URL                     | Ctrl + U
@@ -33,6 +34,10 @@ NOTE: On macOS please substitute `Ctrl` with `Cmd` (aka `⌘`).
 |Trigger AutoType             | Ctrl + Shift + V
 |Add key to SSH Agent         | Ctrl + H
 |Remove key from SSH Agent    | Ctrl + Shift + H
+|Move entry up (if unsorted)   | Ctrl + Alt + Up
+|Move entry down (if unsorted) | Ctrl + Alt + Down
+|Sort Groups A-Z              | Ctrl + Down
+|Sort Groups Z-A              | Ctrl + Up
 |Minimize Window              | Ctrl + M
 |Hide Window                  | Ctrl + Shift + M
 |Select Next Database Tab     | Ctrl + Tab ; Ctrl + PageDn

docs/topics/Passkeys.adoc

@@ -0,0 +1,104 @@
+= KeePassXC – Passkeys
+include::.sharedheader[]
+:imagesdir: ../images
+
+// tag::content[]
+== Passkeys
+
+Passkeys are a secure way for replacing passwords that is supported by all major browser vendors and an increasing number of websites. For more information on what passkeys are and how they work, please go to the FIDO Alliance's documentation: https://fidoalliance.org/passkeys/
+
+=== Browser Passkey Support
+
+KeePassXC supports passkeys directly through the Browser Integration service. Passkeys are only supported with the use of the KeePassXC Browser Extension and a properly connected database. To enable passkey support on the extension, you must check the _Enable Passkeys_ option in the extension settings page.
+
+.Enable Passkey Support in the KeePassXC Browser Extension
+image::passkeys_enable_from_extension.png[,75%]
+
+Optionally, you can disable falling back to the built-in passkey support from your browser and operating system. If left enabled, the extension will show the default passkey dialogs if KeePassXC cannot handle the request or the request is canceled.
+
+=== Create a New Passkey
+
+Creating a new passkey and authenticating with it is a simple process. This workflow will be demonstrated using GitHub as an example site. Please note that GitHub allows two use cases for passkeys, one for 2FA only and the other for replacement of username and password entirely. We will be configuring the latter use case in this example.
+
+After navigating to GitHub's _Settings_ -> _Password and authentication_, there is a separate section shown for passkeys.
+
+.GitHub's Passkey Registration
+image::passkeys_github_1.png[]
+
+After clicking the _Add a passkey_ button, the user is redirected to another page showing the actual configuration option.
+
+.Configure Passwordless Authentication
+image::passkeys_github_2.png[,50%]
+
+Clicking the _Add passkey_ button now shows the following popup dialog for the user, asking confirmation for creating a new passkey.
+
+.Passkey Registration Confirmation Dialog
+image::passkeys_register_dialog.png[,30%]
+
+After the passkey has been registered, a new entry is created to the database under _KeePassXC-Browser Passwords_ with _(passkey)_  added to the entry title. The entry holds additional attributes that are used for authenticating the passkey.
+
+After registration, GitHub will ask a name for the passkey. This is only relevant for the server.
+
+.GitHub's Passkey Nickname
+image::passkeys_github_3.png[,50%]
+
+Now the passkey should be shown on the GitHub's passkey section.
+
+.Registered Passkeys on GitHub
+image::passkeys_github_4.png[]
+
+=== Login With a Passkey
+
+The passkey created in the previous section can now be used to login to GitHub. Instead of logging in with normal credentials, choose _Sign in with a passkey_ at the bottom of GitHub's login page.
+
+.GitHub's login page with a Passkey option
+image::passkeys_github_5.png[,50%]
+
+After clicking the button, KeePassXC-Browser detects the passkeys authentication and KeePassXC shows the following dialog for confirmation.
+
+.Passkey authentication confirmation dialog
+image::passkeys_authentication_dialog.png[,50%]
+
+After confirmation user is now authenticated and logged into GitHub.
+
+// tag::advanced[]
+=== Advanced Usage
+
+==== Multiple Passkeys for a Site
+
+Multiple passkeys can be created for a single site. When registering a new passkey with a different username, KeePassXC shows an option to register a new passkey or update the previous one. Updating a passkey will override the existing entry, so this option should be only used when actually needed.
+
+.Passkey authentication confirmation dialog
+image::passkeys_update_dialog.png[,50%]
+
+==== Exporting Passkeys
+
+All passkeys in a database can be viewed and accessed from the _Database_ -> _Passkeys..._ menu item. The page shows both _Import_ and _Export_ buttons for passkeys.
+
+.Passkeys Overview
+image::passkeys_all_passkeys.png[]
+
+After selecting one or more entries, the following dialog is shown. One or multiple passkeys can be selected for export from the previously selected list of entries.
+
+.Passkeys Export Dialog
+image::passkeys_export_dialog.png[,65%]
+
+Exported passkeys are stored in JSON format using the `.passkey` file extension. The file includes all relevant information for importing a passkey to another database or saving a backup. 
+
+WARNING: The exported passkey file is unencrypted and should be securely stored.
+
+==== Importing Passkeys
+
+An exported passkey can be imported directly to a database or to an entry. To import directly, use the _Database_ -> _Import Passkey_ menu item.
+When right-clicking an entry, a separate menu item for _Import Passkey_ is shown. This is useful if user wants to import a previously created passkey to an existing entry.
+
+.Import Passkey to an Entry
+image::passkeys_import_passkey_to_entry.png[,50%]
+
+After selecting a passkey file to import, a separate dialog is shown where you can select which database, group, and entry to target. By default, the group is set to _Imported Passkeys_. The default action is to create a new entry that contains the imported passkey.
+
+.Passkey import dialog
+image::passkeys_import_dialog.png[,65%]
+
+// end::advanced[]
+// end::content[]

docs/topics/PasswordGenerator.adoc

@@ -21,7 +21,6 @@ image::password_generator.png[]
 4. Select the character-sets that you want to include in your password.
 5. Use the regenerate button (Ctrl + R) to make a new password using the chosen options.
 6. Use the clipboard button (Ctrl + C) to copy the generated password to the clipboard.
-// tag::advanced[]
 7. Click the Advanced button to specify additional conditions for your desired password.
 +
 .Advanced Password Generator Options
@@ -42,5 +41,4 @@ Word Count slider.
 5. _(Optional)_ You can also load your own custom word lists. Click the plus sign button to the right of the wordlist selection dialog to choose a custom word list. You can download alternative lists from the https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases[EFF's Website] or from https://github.com/redacted/XKCD-password-generator#additional-languages[GitHub].
 6. Click the Regenerate button (Ctrl + R) to generate a new random passphrase.
 7. Click the Clipboard button (Ctrl + C) to copy the passphrase to the clipboard.
-// end::advanced[]
 // end::content[]

docs/topics/Reference.adoc

@@ -18,6 +18,8 @@ This section contains full details on advanced features available in KeePassXC.
 |{NOTES}         |Notes
 |{TOTP}          |Current TOTP value (if configured)
 |{S:<ATTRIBUTE_NAME>}   |Value for the given attribute (case sensitive)
+|{T-CONV:/<PLACEHOLDER>/<METHOD>/} |Text conversion for resolved placeholder (eg, {USERNAME}) using the following methods: UPPER, LOWER, BASE64, HEX, URI, URI-DEC
+|{T-REPLACE-RX:/<PLACEHOLDER>/<REGEX>/<REPLACE>/} |Use a regular expression to find and replace data from a resolved placeholder (eg, {USERNAME}). Refer to match groups using $1, $2, etc.
 |{URL:RMVSCM}	        |URL without scheme (e.g., https)
 |{URL:WITHOUTSCHEME}	|URL without scheme
 |{URL:SCM}	     |URL Scheme
@@ -124,5 +126,21 @@ Use regular expressions to find and replace data from a resolved placeholder. Re
 `C:\Backups\MyDatabase\01-05-2022.kdbx`
 |===
 
+=== Creating a YubiKey backup
+It is advisable to have a backup replica YubiKey In case your main YubiKey gets damaged, lost, or stolen. The same HMAC key will need to be written to both keys. To do this you can either use the YubiKey Personalization Tool GUI or the ykpersonalize CLI tool. The steps for the CLI tool are shown:
+
+1. Create a 20 byte HMAC key:
++
+```
+dd status=none if=/dev/random bs=20 count=1 | xxd -p -c 40
+```
+
+2. Write the HMAC key to slot 2 _(Set through the first switch. Out of the box the YubiKey OTP resides in slot 1)_:
++
+```
+ykpersonalize -2 -a -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible -oallow-update
+```
+
+You will be asked to enter the HMAC key you created earlier, copy/paste they key output in the first step. Repeat step 2 for your second YubiKey using the same HMAC key from before. We recommend storing your HMAC key in a safe place (e.g., printed on paper) in case you need to recreate another key.
 
 // end::content[]

docs/topics/SSHAgent.adoc

@@ -3,12 +3,12 @@ include::.sharedheader[]
 :imagesdir: ../images
 
 // tag::content[]
-== SSH Agent integration
+== SSH Agent Integration
 SSH (Secure Shell) is a widely used remote secure shell protocol and is considered an industry standard for secure remote access to UNIX-like systems including Linux, BSDs, macOS and more recently even Windows received native support. SSH supports multiple types of authentication and the most widely used ones are either interactive keyboard input with a password or a public-key cryptography pair of keys.
 
 KeePassXC SSH Agent integration is built to manage SSH keys in a secure manner by either storing them completely within your KeePassXC database or by having only the decryption key of a key file that is stored elsewhere. SSH Agent integration _does not_ provide an agent itself but works as a client for any agent implementation that is OpenSSH compatible.
 
-=== OpenSSH agent on Linux
+=== OpenSSH Agent on Linux
 If you are using a modern desktop Linux distribution it is very likely the OpenSSH agent is already configured and running when you have logged in to a graphical desktop session.
 This should be true for distributions like Debian, Ubuntu (including Kubuntu, Xubuntu and Lubuntu), Linux Mint, Fedora, ElementaryOS and Manjaro.
 
@@ -32,10 +32,10 @@ WARNING: _GNOME Keyring_ prior to release 3.27.92 had its own custom implementat
 It does not support any constraints you may want to configure for an added key.
 If you are running a modern distribution the custom agent has been removed and replaced with the stock OpenSSH agent which is feature complete.
 
-=== OpenSSH agent on macOS
+=== OpenSSH Agent on macOS
 Apple has made OpenSSH an integrated part of macOS with automatic agent startup when it is first used. No further configuration is needed.
 
-=== OpenSSH agent and Pageant on Windows
+=== OpenSSH Agent and Pageant on Windows
 The SSH Agent integration on Windows supports both _PuTTY Pageant_ and _OpenSSH for Windows 10_.
 Since Pageant is currently still the most widely used implementation and is easily installable on any version of Windows, it is the default on KeePassXC.
 However, Microsoft includes a native OpenSSH client implementation with Windows 10 since autumn 2018 that can be used instead. If you would like to self-manage your OpenSSH version you can use the builds offered via their official https://github.com/powershell/Win32-OpenSSH[GitHub repository].
@@ -61,7 +61,7 @@ Alternatively, you can use a _Windows PowerShell_ running as _Administrator_ to
 
 KeePassXC and other compatible tools can now use the Windows OpenSSH agent. To use it with KeePassXC, update the settings explained in <<Setting up SSH Agent integration>>.
 
-=== Setting up SSH Agent integration
+=== Setup SSH Agent Integration
 By default the SSH Agent integration plugin is disabled.
 To enable integration, follow the steps below to access the settings:
 
@@ -78,10 +78,10 @@ On Windows, you have the option to select _Pageant_ and/or _OpenSSH for Windows_
 
 If the value of _SSH_AUTH_SOCK_ is empty it means the agent is not properly configured and KeePassXC will be unable to connect to it unless you provide a static override path to the socket.
 
-=== Generating a key to use with KeePassXC
+=== Generating an SSH Key
 KeePassXC only supports keys in the _OpenSSH_ format. On Windows, _PuTTYgen_ saves keys in its own format by default and you will need to convert them to OpenSSH format before being used. In this guide we are going to generate a standard RSA key in the default size.
 
-==== Generating a key on Linux or macOS with _ssh-keygen_
+==== Generating a key on Linux or macOS
 Open a terminal window and type the following command to generate a key:
 
     $ ssh-keygen -o -f keepassxc -C johndoe@example
@@ -116,13 +116,13 @@ With KeePassXC you only need the first file listed.
 ==== Generating a key on Windows
 On Windows you can generate key pairs with _PuTTYgen_ and with _ssh-keygen_, depending on whether you installed PuTTY and your Windows version.
 
-===== Using _PuTTYgen_
+===== Using PuTTYgen
 Please read the manual on how to use _PuTTYgen_ for details on generate a key: https://the.earth.li/~sgtatham/putty/0.74/htmldoc/Chapter8.html#pubkey-puttygen. Once generated, you must save the key in the new OpenSSH format, see image below.
 
 .Generating a key with _PuTTYgen_
 image::sshagent_puttygen.png[,70%]
 
-===== Using _ssh-keygen_
+===== Using ssh-keygen
 Open _Command Prompt_ or _Windows PowerShell_ and type the following command to generate a key:
 
     PS C:\Users\user> ssh-keygen.exe -o -f keepassxc -C johndoe@example
@@ -159,7 +159,7 @@ Now we can see two files were generated:
 
 With KeePassXC you only need the first file listed.
 
-=== Configuring an entry to use SSH Agent
+=== Adding SSH Key to an Entry
 The last step is to setup an entry to contain the SSH Agent settings and key file you generated.
 
 1. Create a new entry, or open an existing entry in edit mode.

docs/topics/UserInterface.adoc

@@ -12,11 +12,11 @@ image::main_interface.png[]
 
 *(A) Groups* – Organize your entries into discrete groups to bring order to all of your sensitive information. Groups can be nested under each other to create a hierarchy. Settings from parent groups get applied to their children. You can hide this panel on the View menu.
 
-*(B) Tags* – Dynamic groups of entries that can be quickly displayed with one click. Any number of custom tags can be added when editing an entry. This panel also includes useful pre-defined searches, such as finding expired and weak passwords.
+*(B) Searches and Tags* – Dynamic groups of entries that can be quickly displayed with one click. Any number of custom tags can be added when editing an entry. This panel also includes useful pre-defined and custom saved searches, such as finding expired and weak passwords.
 
-*\(C) Entries* – Entries contain all the information you want to store for a website or application you are storing in KeePassXC. This view shows all the entries in the selected group. Each column can be resized, reordered, and shown or hidden based on your preference. Right-click the header row to see all available options.
+*\(C) Entries* – Entries contain all the information for a website or application you are storing in KeePassXC. This view shows all the entries in the selected group. Each column can be resized, reordered, and shown or hidden based on your preference. Right-click the header row to see all available options.
 
-*(D) Preview* – Shows a preview of the selected group or entry. You can temporarily hide this preview using the close button on the right hand side or completely disabled in the application settings.
+*(D) Preview* – Shows a preview of the selected group or entry. You can interact with most information stored in an entry from here without opening the entry for editing. You can temporarily hide this preview using the down-arrow button on the right hand side or completely disable it from the View menu.
 
 TIP: You can enable double-click copying of entry username and password in the Application Security Settings. This is turned off by default starting with version 2.7.0.
 
@@ -29,13 +29,17 @@ image::toolbar.png[]
 *(A) Database* – Open Database, Save Database, Lock Database +
 *(B) Entries* – Create Entry, Edit Entry, Delete Selected Entries +
 *\(C) Entry Data* – Copy Username, Copy Password, Copy URL, Perform Auto-Type +
-*(D) Tools* – Password Generator, Application Settings +
+*(D) Tools* – Database Settings, Reports, Password Generator, Application Settings +
 *(E) Search*
 
-=== Application Settings
-Users can configure KeePassXC to their personal tastes with a wide variety of general and security settings that apply to the whole application. These settings are accessible from _Tools_ -> _Settings_ or the cog wheel icon from the toolbar. Settings include: startup options, file management, entry management, user interface, language, security timeouts, and convenience.
+=== Screenshot Security
+By default, KeePassXC prevents recordings and screenshots of the application window on Windows and macOS. This prevents inadvertent spillage of information during meetings and disallows other applications to capture the window contents. If you would like to enable screen capture temporarily, navigate to _View_ menu and select _Allow Screen Capture_. Alternatively, you can start the application with the `--allow-screencapture` command line flag.
 
-==== Setting the Theme
+
+=== View Options
+You can customize the appearance of KeePassXC to your liking. The following options are available in the _View_ menu:
+
+==== Themes
 KeePassXC ships with light and dark themes specifically designed to meet accessibility standards. In most cases, the appropriate theme for your system will be determined automatically, but you can always set a specific theme by using the _View_ menu. When a new theme is selected you will be prompted to restart KeePassXC to apply the theme immediately.
 
 .Setting the theme
@@ -47,8 +51,8 @@ For users with smaller screens or those who desire seeing more entries at once,
 .Compact mode comparison
 image::compact_mode_comparison.png[]
 
-=== Screenshot Security
-By default, KeePassXC prevents recordings and screenshots of the application window on Windows and macOS. This prevents inadvertent spillage of information during meetings and disallows other applications to capture the window contents. If you would like to enable screen capture, you must start the application with the `--allow-screencapture` command line flag.
+=== Application Settings
+Users can configure KeePassXC to their personal tastes with a wide variety of general and security settings that apply to the whole application. These settings are accessible from _Tools_ -> _Settings_ or the cog wheel icon from the toolbar. Settings include: startup options, file management, entry management, user interface, language, security controls, and integration settings (Auto-Type, Browser, etc).
 
 === Keyboard Shortcuts
 include::KeyboardShortcuts.adoc[tag=content, leveloffset=+1]
@@ -77,6 +81,7 @@ Arguments:
   filename(s)                  filenames of the password databases to open (*.kdbx)
 ----
 
+=== Environment Variables
 Additionally, the following environment variables may be useful when running the application:
 
 [grid=rows, frame=none, width=75%]
@@ -86,10 +91,22 @@ Additionally, the following environment variables may be useful when running the
 |KPXC_CONFIG                    | Override default path to roaming configuration file
 |KPXC_CONFIG_LOCAL              | Override default path to local configuration file
 |KPXC_INITIAL_DIR               | Override initial location picking for databases
-|SSH_AUTH_SOCKET                | Path of the unix file socket that the agent uses for communication with other processes (SSH Agent)
+|SSH_AUTH_SOCK                  | Path of the unix file socket that the agent uses for communication with other processes (SSH Agent)
 |QT_SCALE_FACTOR [numeric]      | Defines a global scale factor for the whole application, including point-sized fonts.
 |QT_SCREEN_SCALE_FACTORS [list] | Specifies scale factors for each screen. See https://doc.qt.io/qt-5/highdpi.html#high-dpi-support-in-qt
 |QT_SCALE_FACTOR_ROUNDING_POLICY | Control device pixel ratio rounding to the nearest integer. See https://doc.qt.io/qt-5/highdpi.html#high-dpi-support-in-qt
 |===
+
+=== Installer Options
+The following options can be set when running the Windows Installer MSI in an unattended installation:
+
+* *LAUNCHAPPONEXIT* – Launch KeePassXC after install (default ON)
+* *AUTOSTARTPROGRAM* – KeePassXC will auto-start on login (default ON)
+* *INSTALLDESKTOPSHORTCUT* – A desktop icon will be installed (default OFF)
+
+Example: `msiexec.exe /q /i KeePassXC-Y.Y.Y-WinZZ.msi AUTOSTARTPROGRAM=0`
+
+== Command Line Tool
+KeePassXC comes with the command line tool *keepassxc-cli* to access, view, and manipulate your database directly from a terminal window. The tool is documented through a separate man page, which can be shown using `man keepassxc-cli`, or through the on-demand help using `keepassxc-cli [command] -h`. An online version of the man page is https://github.com/keepassxreboot/keepassxc/blob/latest/docs/man/keepassxc-cli.1.adoc[available on GitHub].
 // end::advanced[]
 // end::content[]

docs/topics/Welcome.adoc

@@ -26,12 +26,13 @@ KeePassXC has numerous features for novice and power users alike. This guide wil
  ** Password generator
  ** Auto-Type passwords into applications
  ** Browser integration with Google Chrome, Mozilla Firefox, Microsoft Edge, Chromium, Vivaldi, Brave, and Tor-Browser
+ ** Support for passkeys using the browser integration
  ** Entry icon download
- ** Import databases from CSV, 1Password, and KeePass1 formats
+ ** Import databases from CSV, 1Password, Bitwarden, Proton Pass, and KeePass1 formats
 
 * Advanced Features
  ** Database reports (password health, HIBP, and statistics)
- ** Database export to CSV and HTML formats
+ ** Database export to CSV, XML, and HTML formats
  ** TOTP storage and generation
  ** Field references between entries
  ** File attachments and custom attributes

release-tool.ps1

@@ -19,7 +19,7 @@ The following are descriptions of certain parameters:
   -Compiler        Compiler to use (example: g++, clang, msbuild)
   -MakeOptions     Options to pass to the make program
   -SignBuild       Perform platform specific App Signing before packaging
-  -SignKey         Specify the App Signing Key/Identity
+  -SignCert        Specify the App Signing Certificate
   -TimeStamp       Explicitly set the timestamp server to use for appsign
   -SourceBranch    Source branch to merge from (default: 'release/$Version')
   -TargetBranch    Target branch to merge to (default: master)
@@ -65,7 +65,7 @@ param(
     [string] $MakeOptions,
     [Parameter(ParameterSetName = "build")]
     [Parameter(ParameterSetName = "sign")]
-    [string] $SignKey,
+    [X509Certificate] $SignCert,
     [Parameter(ParameterSetName = "build")]
     [Parameter(ParameterSetName = "sign")]
     [string] $Timestamp = "http://timestamp.sectigo.com",
@@ -103,10 +103,7 @@ function Test-RequiredPrograms {
         Get-Command tx | Out-Null
         Get-Command lupdate | Out-Null
     }
-    if ($Sign -or $SignBuild) {
-        if ($SignKey.Length) {
-            Get-Command signtool | Out-Null
-        }
+    if ($Sign) {
         Get-Command gpg | Out-Null
     }
 }
@@ -141,7 +138,8 @@ function Test-WorkingTreeClean {
 
 function Invoke-VSToolchain([String] $Toolchain, [String] $Path, [String] $Arch) {
     # Find Visual Studio installations
-    $vs = Get-CimInstance MSFT_VSInstance
+    $vs = Get-CimInstance MSFT_VSInstance -Namespace root/cimv2/vs
+  
     if ($vs.count -eq 0) {
         $err = "No Visual Studio installations found, download one from https://visualstudio.com/downloads."
         $err = "$err`nIf Visual Studio is installed, you may need to repair the install then restart."
@@ -197,20 +195,43 @@ function Invoke-Cmd([string] $command, [string[]] $options = @(), [switch] $mask
     Write-Host #insert newline after command output
 }
 
-function Invoke-SignFiles([string[]] $files, [string] $key, [string] $time) {
-    if (!(Test-Path -Path "$key" -PathType leaf)) {
-        throw "Appsign key file was not found! ($key)"
+function Find-SignCert() {
+    $certs = Get-ChildItem Cert:\CurrentUser\My -codesign
+    if ($certs.Count -eq 0) {
+        throw "No code signing certificate found in User certificate store"
+    } elseif ($certs.Count -gt 1) {
+        # Ask the user which to use
+        $i = 0
+        foreach ($_ in $certs) {
+            $i = $i + 1
+            $i.ToString() + ") $($_.Thumbprint) - $($_.NotAfter)" | Write-Host
+        }
+        $i = Read-Host -Prompt "Which certificate do you want to use?"
+        $i = [Convert]::ToInt32($i, 10) - 1
+        if ($i -lt 0 -or $i -ge $certs.count) {
+            throw "Invalid selection made"
+        }
+        return $certs[$i]
+    } else {
+        Write-Host "Found signing certificate: $($certs[0].Subject) ($($certs[0].Thumbprint))" -ForegroundColor Cyan
+        Write-Host
+        return $certs[0]
     }
+}
+
+function Invoke-SignFiles([string[]] $files, [X509Certificate] $cert, [string] $time) {
     if ($files.Length -eq 0) {
         return
     }
 
-    Write-Host "Signing files using $key" -ForegroundColor Cyan
-    $KeyPassword = Read-Host "Key password: " -MaskInput
-
+    Write-Host "Signing files using $($cert.Subject) ($($cert.Thumbprint))" -ForegroundColor Cyan
+    
     foreach ($_ in $files) {
-        Write-Host "Signing file '$_' using Microsoft signtool..."
-        Invoke-Cmd "signtool" "sign -f `"$key`" -p `"$KeyPassword`" -d `"KeePassXC`" -td sha256 -fd sha256 -tr `"$time`" `"$_`"" -maskargs
+        $sig = Get-AuthenticodeSignature -FilePath "$_" -ErrorAction SilentlyContinue
+        if ($sig.Status -ne "Valid") {
+            Write-Host "Signing file '$_'"
+            $tmp = Set-AuthenticodeSignature -Certificate $cert -FilePath "$_" -TimestampServer "$Timestamp" -HashAlgorithm "SHA256"
+        }
     }
 }
 
@@ -330,6 +351,10 @@ if ($Merge) {
     # Find Visual Studio and establish build environment
     Invoke-VSToolchain $VSToolChain $SourceDir -Arch "amd64"
 
+    if ($SignBuild -and !$SignCert) {
+        $SignCert = Find-SignCert
+    }
+
     Test-RequiredPrograms
 
     if ($Snapshot) {
@@ -381,8 +406,14 @@ if ($Merge) {
     Invoke-Cmd "cmake" "--build . --config Release -- $MakeOptions"
     
     if ($SignBuild) {
-        $files = Get-ChildItem "$BuildDir\src" -Include "*keepassxc*.exe", "*keepassxc*.dll" -Recurse -File | ForEach-Object { $_.FullName }
-        Invoke-SignFiles $files $SignKey $Timestamp
+        $VcpkgDir = $BuildDir + "\vcpkg_installed\"
+        if (Test-Path $VcpkgDir) {
+            $files = Get-ChildItem $VcpkgDir -Filter "*.dll" -Recurse -File | 
+                Where-Object {$_.FullName -notlike "$VcpkgDir*debug\*" -and $_.FullName -notlike "$VcpkgDir*tools\*"} | 
+                ForEach-Object {$_.FullName}
+        }
+        $files += Get-ChildItem "$BuildDir\src" -Include "*keepassxc*.exe", "*keepassxc*.dll" -Recurse -File | ForEach-Object { $_.FullName }
+        Invoke-SignFiles $files $SignCert $Timestamp
     }
 
     Write-Host "Create deployment packages..." -ForegroundColor Cyan
@@ -395,7 +426,7 @@ if ($Merge) {
 
         # Sign MSI files using AppSign key
         $files = Get-ChildItem $OutDir -Include "*.msi" -Name
-        Invoke-SignFiles $files $SignKey $Timestamp
+        Invoke-SignFiles $files $SignCert $Timestamp
 
         # Sign all output files using the GPG key then hash them
         $files = Get-ChildItem $OutDir -Include "*.msi", "*.zip" -Name
@@ -406,13 +437,12 @@ if ($Merge) {
     Invoke-Command {git checkout $OrigBranch}
     Set-Location "$OrigDir"
 } elseif ($Sign) {
-    if (Test-Path $SignKey) {
-        # Need to include path to signtool program
-        Invoke-VSToolchain $VSToolChain $SourceDir -Arch "amd64"
-    }
-
     Test-RequiredPrograms
 
+    if (!$SignCert) {
+        $SignCert = Find-SignCert
+    }
+
     # Resolve wildcard paths
     $ResolvedFiles = @()
     foreach ($_ in $SignFiles) {
@@ -420,179 +450,216 @@ if ($Merge) {
     }
 
     $AppSignFiles = $ResolvedFiles.Where({ $_ -match "\.(msi|exe|dll)$" })
-    Invoke-SignFiles $AppSignFiles $SignKey $Timestamp
+    Invoke-SignFiles $AppSignFiles $SignCert $Timestamp
 
     $GpgSignFiles = $ResolvedFiles.Where({ $_ -match "\.(msi|zip|gz|xz|dmg|appimage)$" })
     Invoke-GpgSignFiles $GpgSignFiles $GpgKey
 }
 
 # SIG # Begin signature block
-# MIIfXAYJKoZIhvcNAQcCoIIfTTCCH0kCAQExDzANBglghkgBZQMEAgEFADB5Bgor
+# MIImVAYJKoZIhvcNAQcCoIImRTCCJkECAQExDzANBglghkgBZQMEAgEFADB5Bgor
 # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
-# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCC3+AltPeIvGycP
-# LJr+5kqYiFnGPXyfdXgAkgrw+aI/AqCCGSAwggU6MIIEIqADAgECAhBYotctjMD9
-# icz/IeDU7cdKMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAkdCMRswGQYDVQQI
-# ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoT
-# D1NlY3RpZ28gTGltaXRlZDEkMCIGA1UEAxMbU2VjdGlnbyBSU0EgQ29kZSBTaWdu
-# aW5nIENBMB4XDTIxMDMxNTAwMDAwMFoXDTI0MDMxNDIzNTk1OVowgaExCzAJBgNV
-# BAYTAlVTMQ4wDAYDVQQRDAUyMjMxNTERMA8GA1UECAwIVmlyZ2luaWExEjAQBgNV
-# BAcMCUZyYW5jb25pYTEbMBkGA1UECQwSNjY1MyBBdWRyZXkgS2F5IEN0MR4wHAYD
-# VQQKDBVEcm9pZE1vbmtleSBBcHBzLCBMTEMxHjAcBgNVBAMMFURyb2lkTW9ua2V5
-# IEFwcHMsIExMQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAH0v/7
-# XOVxc5Auhi92tgBZL0Hm6L7sT1xcKfrBwHg12ZpFs0zeR1ZzyduM44d45y3aNXNW
-# 7+klHVJqAj5XVHUF/OB/O5bnljKIeupdAZ8v3GGokBZK91BGKe+WRn5ZjdDGc6HN
-# xCT4FMth1TCrTg7eMy/u+cfp+4ur8dcSyAM5tkLsTIoS1VtZWjiepjS1RO+Ile9E
-# j+wUM3wO9Qt5/BlYi8XsbXU0V4oi3bj6EMLO9UEq0SfsM2YUY7UIkAHtLPiMV7BX
-# gw/WC+IwB8ZtIGpq/JEME4bt51pJVvVmrjzbKgc0Cz6akhArZIa9QooAkrbAINvO
-# Cm+7mx/PBK2lzSECAwEAAaOCAZAwggGMMB8GA1UdIwQYMBaAFA7hOqhTOjHVir7B
-# u61nGgOFrTQOMB0GA1UdDgQWBBTu7ZZnt+omJoze71KXMDAYGGhYfTAOBgNVHQ8B
-# Af8EBAMCB4AwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAzARBglg
-# hkgBhvhCAQEEBAMCBBAwSgYDVR0gBEMwQTA1BgwrBgEEAbIxAQIBAwIwJTAjBggr
-# BgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQQBMEMGA1Ud
-# HwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1JTQUNv
-# ZGVTaWduaW5nQ0EuY3JsMHMGCCsGAQUFBwEBBGcwZTA+BggrBgEFBQcwAoYyaHR0
-# cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBQ29kZVNpZ25pbmdDQS5jcnQw
-# IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMA0GCSqGSIb3DQEB
-# CwUAA4IBAQAPbD9O3krI9tfYz6FZXCCqkqbjaeTpo3Ye9Kn4paWsHa37OIv7UhFf
-# CrtLRXunZ7Vkry5cvMGNQNUaMFy6CHmEYb3kwZWW3EImuv9uTUd7rYvszBXF8flv
-# kysT+8L9wdxLEQHUBnBnFgqMM99HzVuINVyH75d4qa9TF9PhcajsxwmpPgr9NwvC
-# KNJv8BaxdH6vYFcQCqCygbfuST99s8qKaknTuHF39E1hWkTfcT3fMJDVONzW0/cN
-# ourxylLqMZRjk007NGCnaYZwYfKW/pD/F/jmo28eKoVVy129j2h/RAWODl5gOvis
-# sNr6aSz1/Ul3xoNYpyx8IGeWiFMoh99tMIIF9TCCA92gAwIBAgIQHaJIMG+bJhjQ
-# guCWfTPTajANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
-# Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg
-# VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlm
-# aWNhdGlvbiBBdXRob3JpdHkwHhcNMTgxMTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5
-# WjB8MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAw
-# DgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxJDAiBgNV
-# BAMTG1NlY3RpZ28gUlNBIENvZGUgU2lnbmluZyBDQTCCASIwDQYJKoZIhvcNAQEB
-# BQADggEPADCCAQoCggEBAIYijTKFehifSfCWL2MIHi3cfJ8Uz+MmtiVmKUCGVEZ0
-# MWLFEO2yhyemmcuVMMBW9aR1xqkOUGKlUZEQauBLYq798PgYrKf/7i4zIPoMGYmo
-# bHutAMNhodxpZW0fbieW15dRhqb0J+V8aouVHltg1X7XFpKcAC9o95ftanK+ODtj
-# 3o+/bkxBXRIgCFnoOc2P0tbPBrRXBbZOoT5Xax+YvMRi1hsLjcdmG0qfnYHEckC1
-# 4l/vC0X/o84Xpi1VsLewvFRqnbyNVlPG8Lp5UEks9wO5/i9lNfIi6iwHr0bZ+UYc
-# 3Ix8cSjz/qfGFN1VkW6KEQ3fBiSVfQ+noXw62oY1YdMCAwEAAaOCAWQwggFgMB8G
-# A1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBQO4TqoUzox
-# 1Yq+wbutZxoDha00DjAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIB
-# ADAdBgNVHSUEFjAUBggrBgEFBQcDAwYIKwYBBQUHAwgwEQYDVR0gBAowCDAGBgRV
-# HSAAMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9V
-# U0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2BggrBgEFBQcB
-# AQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VS
-# VHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Au
-# dXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEATWNQ7Uc0SmGk295qKoyb
-# 8QAAHh1iezrXMsL2s+Bjs/thAIiaG20QBwRPvrjqiXgi6w9G7PNGXkBGiRL0C3da
-# nCpBOvzW9Ovn9xWVM8Ohgyi33i/klPeFM4MtSkBIv5rCT0qxjyT0s4E307dksKYj
-# alloUkJf/wTr4XRleQj1qZPea3FAmZa6ePG5yOLDCBaxq2NayBWAbXReSnV+pbjD
-# bLXP30p5h1zHQE1jNfYw08+1Cg4LBH+gS667o6XQhACTPlNdNKUANWlsvp8gJRAN
-# GftQkGG+OY96jk32nw4e/gdREmaDJhlIlc5KycF/8zoFm/lv34h/wCOe0h5DekUx
-# wZxNqfBZslkZ6GqNKQQCd3xLS81wvjqyVVp4Pry7bwMQJXcVNIr5NsxDkuS6T/Fi
-# kyglVyn7URnHoSVAaoRXxrKdsbwcCtp8Z359LukoTBh+xHsxQXGaSynsCz1XUNLK
-# 3f2eBVHlRHjdAd6xdZgNVCT98E7j4viDvXK6yz067vBeF5Jobchh+abxKgoLpbn0
-# nu6YMgWFnuv5gynTxix9vTp3Los3QqBqgu07SqqUEKThDfgXxbZaeTMYkuO1dfih
-# 6Y4KJR7kHvGfWocj/5+kUZ77OYARzdu1xKeogG/lU9Tg46LC0lsa+jImLWpXcBw8
-# pFguo/NbSwfcMlnzh6cabVgwggbsMIIE1KADAgECAhAwD2+s3WaYdHypRjaneC25
-# MA0GCSqGSIb3DQEBDAUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEpl
-# cnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJV
-# U1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9u
-# IEF1dGhvcml0eTAeFw0xOTA1MDIwMDAwMDBaFw0zODAxMTgyMzU5NTlaMH0xCzAJ
-# BgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcT
-# B1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDElMCMGA1UEAxMcU2Vj
-# dGlnbyBSU0EgVGltZSBTdGFtcGluZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-# ADCCAgoCggIBAMgbAa/ZLH6ImX0BmD8gkL2cgCFUk7nPoD5T77NawHbWGgSlzkeD
-# tevEzEk0y/NFZbn5p2QWJgn71TJSeS7JY8ITm7aGPwEFkmZvIavVcRB5h/RGKs3E
-# Wsnb111JTXJWD9zJ41OYOioe/M5YSdO/8zm7uaQjQqzQFcN/nqJc1zjxFrJw06PE
-# 37PFcqwuCnf8DZRSt/wflXMkPQEovA8NT7ORAY5unSd1VdEXOzQhe5cBlK9/gM/R
-# EQpXhMl/VuC9RpyCvpSdv7QgsGB+uE31DT/b0OqFjIpWcdEtlEzIjDzTFKKcvSb/
-# 01Mgx2Bpm1gKVPQF5/0xrPnIhRfHuCkZpCkvRuPd25Ffnz82Pg4wZytGtzWvlr7a
-# TGDMqLufDRTUGMQwmHSCIc9iVrUhcxIe/arKCFiHd6QV6xlV/9A5VC0m7kUaOm/N
-# 14Tw1/AoxU9kgwLU++Le8bwCKPRt2ieKBtKWh97oaw7wW33pdmmTIBxKlyx3GSuT
-# lZicl57rjsF4VsZEJd8GEpoGLZ8DXv2DolNnyrH6jaFkyYiSWcuoRsDJ8qb/fVfb
-# Enb6ikEk1Bv8cqUUotStQxykSYtBORQDHin6G6UirqXDTYLQjdprt9v3GEBXc/Bx
-# o/tKfUU2wfeNgvq5yQ1TgH36tjlYMu9vGFCJ10+dM70atZ2h3pVBeqeDAgMBAAGj
-# ggFaMIIBVjAfBgNVHSMEGDAWgBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4E
-# FgQUGqH4YRkgD8NBd0UojtE1XwYSBFUwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB
-# /wQIMAYBAf8CAQAwEwYDVR0lBAwwCgYIKwYBBQUHAwgwEQYDVR0gBAowCDAGBgRV
-# HSAAMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9V
-# U0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2BggrBgEFBQcB
-# AQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VS
-# VHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Au
-# dXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAbVSBpTNdFuG1U4GRdd8D
-# ejILLSWEEbKw2yp9KgX1vDsn9FqguUlZkClsYcu1UNviffmfAO9Aw63T4uRW+VhB
-# z/FC5RB9/7B0H4/GXAn5M17qoBwmWFzztBEP1dXD4rzVWHi/SHbhRGdtj7BDEA+N
-# 5Pk4Yr8TAcWFo0zFzLJTMJWk1vSWVgi4zVx/AZa+clJqO0I3fBZ4OZOTlJux3LJt
-# QW1nzclvkD1/RXLBGyPWwlWEZuSzxWYG9vPWS16toytCiiGS/qhvWiVwYoFzY16g
-# u9jc10rTPa+DBjgSHSSHLeT8AtY+dwS8BDa153fLnC6NIxi5o8JHHfBd1qFzVwVo
-# mqfJN2Udvuq82EKDQwWli6YJ/9GhlKZOqj0J9QVst9JkWtgqIsJLnfE5XkzeSD2b
-# NJaaCV+O/fexUpHOP4n2HKG1qXUfcb9bQ11lPVCBbqvw0NP8srMftpmWJvQ8eYtc
-# ZMzN7iea5aDADHKHwW5NWtMe6vBE5jJvHOsXTpTDeGUgOw9Bqh/poUGd/rG4oGUq
-# NODeqPk85sEwu8CgYyz8XBYAqNDEf+oRnR4GxqZtMl20OAkrSQeq/eww2vGnL8+3
-# /frQo4TZJ577AWZ3uVYQ4SBuxq6x+ba6yDVdM3aO8XwgDCp3rrWiAoa6Ke60WgCx
-# jKvj+QrJVF3UuWp0nr1Irpgwggb1MIIE3aADAgECAhA5TCXhfKBtJ6hl4jvZHSLU
-# MA0GCSqGSIb3DQEBDAUAMH0xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVy
-# IE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28g
-# TGltaXRlZDElMCMGA1UEAxMcU2VjdGlnbyBSU0EgVGltZSBTdGFtcGluZyBDQTAe
-# Fw0yMzA1MDMwMDAwMDBaFw0zNDA4MDIyMzU5NTlaMGoxCzAJBgNVBAYTAkdCMRMw
-# EQYDVQQIEwpNYW5jaGVzdGVyMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxLDAq
-# BgNVBAMMI1NlY3RpZ28gUlNBIFRpbWUgU3RhbXBpbmcgU2lnbmVyICM0MIICIjAN
-# BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApJMoUkvPJ4d2pCkcmTjA5w7U0Rzs
-# aMsBZOSKzXewcWWCvJ/8i7u7lZj7JRGOWogJZhEUWLK6Ilvm9jLxXS3AeqIO4OBW
-# ZO2h5YEgciBkQWzHwwj6831d7yGawn7XLMO6EZge/NMgCEKzX79/iFgyqzCz2Ix6
-# lkoZE1ys/Oer6RwWLrCwOJVKz4VQq2cDJaG7OOkPb6lampEoEzW5H/M94STIa7GZ
-# 6A3vu03lPYxUA5HQ/C3PVTM4egkcB9Ei4GOGp7790oNzEhSbmkwJRr00vOFLUHty
-# 4Fv9GbsfPGoZe267LUQqvjxMzKyKBJPGV4agczYrgZf6G5t+iIfYUnmJ/m53N9e7
-# UJ/6GCVPE/JefKmxIFopq6NCh3fg9EwCSN1YpVOmo6DtGZZlFSnF7TMwJeaWg4Ga
-# 9mBmkFgHgM1Cdaz7tJHQxd0BQGq2qBDu9o16t551r9OlSxihDJ9XsF4lR5F0zXUS
-# 0Zxv5F4Nm+x1Ju7+0/WSL1KF6NpEUSqizADKh2ZDoxsA76K1lp1irScL8htKycOU
-# QjeIIISoh67DuiNye/hU7/hrJ7CF9adDhdgrOXTbWncC0aT69c2cPcwfrlHQe2zY
-# HS0RQlNxdMLlNaotUhLZJc/w09CRQxLXMn2YbON3Qcj/HyRU726txj5Ve/Fchzpk
-# 8WBLBU/vuS/sCRMCAwEAAaOCAYIwggF+MB8GA1UdIwQYMBaAFBqh+GEZIA/DQXdF
-# KI7RNV8GEgRVMB0GA1UdDgQWBBQDDzHIkSqTvWPz0V1NpDQP0pUBGDAOBgNVHQ8B
-# Af8EBAMCBsAwDAYDVR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDBK
-# BgNVHSAEQzBBMDUGDCsGAQQBsjEBAgEDCDAlMCMGCCsGAQUFBwIBFhdodHRwczov
-# L3NlY3RpZ28uY29tL0NQUzAIBgZngQwBBAIwRAYDVR0fBD0wOzA5oDegNYYzaHR0
-# cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBVGltZVN0YW1waW5nQ0EuY3Js
-# MHQGCCsGAQUFBwEBBGgwZjA/BggrBgEFBQcwAoYzaHR0cDovL2NydC5zZWN0aWdv
-# LmNvbS9TZWN0aWdvUlNBVGltZVN0YW1waW5nQ0EuY3J0MCMGCCsGAQUFBzABhhdo
-# dHRwOi8vb2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0BAQwFAAOCAgEATJtlWPrg
-# ec/vFcMybd4zket3WOLrvctKPHXefpRtwyLHBJXfZWlhEwz2DJ71iSBewYfHAyTK
-# x6XwJt/4+DFlDeDrbVFXpoyEUghGHCrC3vLaikXzvvf2LsR+7fjtaL96VkjpYeWa
-# OXe8vrqRZIh1/12FFjQn0inL/+0t2v++kwzsbaINzMPxbr0hkRojAFKtl9RieCqE
-# eajXPawhj3DDJHk6l/ENo6NbU9irALpY+zWAT18ocWwZXsKDcpCu4MbY8pn76rSS
-# ZXwHfDVEHa1YGGti+95sxAqpbNMhRnDcL411TCPCQdB6ljvDS93NkiZ0dlw3oJok
-# nk5fTtOPD+UTT1lEZUtDZM9I+GdnuU2/zA2xOjDQoT1IrXpl5Ozf4AHwsypKOazB
-# pPmpfTXQMkCgsRkqGCGyyH0FcRpLJzaq4Jgcg3Xnx35LhEPNQ/uQl3YqEqxAwXBb
-# mQpA+oBtlGF7yG65yGdnJFxQjQEg3gf3AdT4LhHNnYPl+MolHEQ9J+WwhkcqCxuE
-# dn17aE+Nt/cTtO2gLe5zD9kQup2ZLHzXdR+PEMSU5n4k5ZVKiIwn1oVmHfmuZHaR
-# 6Ej+yFUK7SnDH944psAU+zI9+KmDYjbIw74Ahxyr+kpCHIkD3PVcfHDZXXhO7p9e
-# IOYJanwrCKNI9RX8BE/fzSEceuX1jhrUuUAxggWSMIIFjgIBATCBkDB8MQswCQYD
-# VQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdT
-# YWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxJDAiBgNVBAMTG1NlY3Rp
-# Z28gUlNBIENvZGUgU2lnbmluZyBDQQIQWKLXLYzA/YnM/yHg1O3HSjANBglghkgB
-# ZQMEAgEFAKCBhDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3DQEJ
-# AzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMC8G
-# CSqGSIb3DQEJBDEiBCBp7GODztdZALJXKtlDO7iMqjlod5DXJQUaVMMwaRVDkzAN
-# BgkqhkiG9w0BAQEFAASCAQB8i7HZnhNcD6S7hrG+nk6bDcg8LyL+C3QOnmxIQKA3
-# +TQB02qB83WI+ErrH7GQHgi+7kB4K8NYs1dK/yYIp6pwgXUnYqQlsQCYzMRk9Shn
-# gvJWO04dV3V17NHfAXHT/+gHKTOOUJf58/Yabo87/vu4K5gE2g3TOrMHm0G9x1k8
-# PXgW6mzMD6xEz0tuvXdGZ8BSZ5VlDYV5ITchn8Eni29RTSIBIbZHbMWI5Gcsbzqd
-# ZLKHmVOoT2Las0VWNzq96+1X1HjFGhPqAIm19ByZyGI3OO9fgP6lfGuHyE2eyYUp
-# MKQ6qr8nfPzmp3bF0JLSGV3pEViDOqRgkkQmOXHfHlqsoYIDSzCCA0cGCSqGSIb3
-# DQEJBjGCAzgwggM0AgEBMIGRMH0xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVh
-# dGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3Rp
-# Z28gTGltaXRlZDElMCMGA1UEAxMcU2VjdGlnbyBSU0EgVGltZSBTdGFtcGluZyBD
-# QQIQOUwl4XygbSeoZeI72R0i1DANBglghkgBZQMEAgIFAKB5MBgGCSqGSIb3DQEJ
-# AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIzMDgxNTAzMDcyMlowPwYJ
-# KoZIhvcNAQkEMTIEMDyZLb3/c3iiuzTHkbucrdYjiOpKcwtj+r0u6p2ypdNrYVlH
-# k9k7PaDY1LfCeRwkPTANBgkqhkiG9w0BAQEFAASCAgAKipaEem0CK2ALaiJYcBkB
-# AUYGZl6MpMKScYGmiqopzfp3sLp6EiM9lWtU0skS/d81DDlT/Hm55NNEoNEjB1R8
-# 3OygPagYohu/UoNLPUCZjLMsHGfsW2KXxr0OODpjLU9YkiucaQNHTjhO0zpm18A4
-# btEgi8pooELnNx2uX/ZB+HwnYUsCMGE7WnYshDXGmE8puiCUTddf9R5uqbRrCVJS
-# G6jf+YhNvUeJSVgwnJoWqfHMKoHo7CdYgGR91RUIVdsbMO/2QosBTm1HzvWfB82C
-# 0s43uZNPP05a6ITmzjytk5OYEA+xwYFM6qo8TjeLGrgAeHyk7BUYdk5hUS2lQ+Th
-# SU0AivCqsAQvMcwKd69fhMGN0hrQu+ydKhQe6pmm8J5/DRoV/pNYVcecgYMXowrI
-# EXK8l0ihsk/pEpoONcpNEacQ5U/miylp7f37WlGU7bY3EWc8BOENYMRUA+hKMXka
-# kPQ1RID0BU4OyjuI76+klf9xBngSu1xR/2aw9/+TlzWGNRpjKRLQkIFJ8iaFX91B
-# KfJ4+B6HELBEn2wjLvL+fLLn3ajp2fdeRf1CWWzOHQox15KHzEK7o6zZ43IzWOeO
-# blzPpVotmoJ8ncBZXGtLDmS64Z04J58KvpfV2g02/EIHZhry2E3sG3jWAv0WY2z7
-# fgsXlQSQR8WnONsJJQ95CA==
+# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCRMgDV7DQ6PzRo
+# 3ULpsxL1VU2JvIFnZPXlxq/hkfU2Y6CCH2owggYUMIID/KADAgECAhB6I67aU2mW
+# D5HIPlz0x+M/MA0GCSqGSIb3DQEBDAUAMFcxCzAJBgNVBAYTAkdCMRgwFgYDVQQK
+# Ew9TZWN0aWdvIExpbWl0ZWQxLjAsBgNVBAMTJVNlY3RpZ28gUHVibGljIFRpbWUg
+# U3RhbXBpbmcgUm9vdCBSNDYwHhcNMjEwMzIyMDAwMDAwWhcNMzYwMzIxMjM1OTU5
+# WjBVMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSwwKgYD
+# VQQDEyNTZWN0aWdvIFB1YmxpYyBUaW1lIFN0YW1waW5nIENBIFIzNjCCAaIwDQYJ
+# KoZIhvcNAQEBBQADggGPADCCAYoCggGBAM2Y2ENBq26CK+z2M34mNOSJjNPvIhKA
+# VD7vJq+MDoGD46IiM+b83+3ecLvBhStSVjeYXIjfa3ajoW3cS3ElcJzkyZlBnwDE
+# JuHlzpbN4kMH2qRBVrjrGJgSlzzUqcGQBaCxpectRGhhnOSwcjPMI3G0hedv2eNm
+# GiUbD12OeORN0ADzdpsQ4dDi6M4YhoGE9cbY11XxM2AVZn0GiOUC9+XE0wI7CQKf
+# OUfigLDn7i/WeyxZ43XLj5GVo7LDBExSLnh+va8WxTlA+uBvq1KO8RSHUQLgzb1g
+# bL9Ihgzxmkdp2ZWNuLc+XyEmJNbD2OIIq/fWlwBp6KNL19zpHsODLIsgZ+WZ1AzC
+# s1HEK6VWrxmnKyJJg2Lv23DlEdZlQSGdF+z+Gyn9/CRezKe7WNyxRf4e4bwUtrYE
+# 2F5Q+05yDD68clwnweckKtxRaF0VzN/w76kOLIaFVhf5sMM/caEZLtOYqYadtn03
+# 4ykSFaZuIBU9uCSrKRKTPJhWvXk4CllgrwIDAQABo4IBXDCCAVgwHwYDVR0jBBgw
+# FoAU9ndq3T/9ARP/FqFsggIv0Ao9FCUwHQYDVR0OBBYEFF9Y7UwxeqJhQo1SgLqz
+# YZcZojKbMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMBMGA1Ud
+# JQQMMAoGCCsGAQUFBwMIMBEGA1UdIAQKMAgwBgYEVR0gADBMBgNVHR8ERTBDMEGg
+# P6A9hjtodHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWNUaW1lU3Rh
+# bXBpbmdSb290UjQ2LmNybDB8BggrBgEFBQcBAQRwMG4wRwYIKwYBBQUHMAKGO2h0
+# dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY1RpbWVTdGFtcGluZ1Jv
+# b3RSNDYucDdjMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAN
+# BgkqhkiG9w0BAQwFAAOCAgEAEtd7IK0ONVgMnoEdJVj9TC1ndK/HYiYh9lVUacah
+# RoZ2W2hfiEOyQExnHk1jkvpIJzAMxmEc6ZvIyHI5UkPCbXKspioYMdbOnBWQUn73
+# 3qMooBfIghpR/klUqNxx6/fDXqY0hSU1OSkkSivt51UlmJElUICZYBodzD3M/SFj
+# eCP59anwxs6hwj1mfvzG+b1coYGnqsSz2wSKr+nDO+Db8qNcTbJZRAiSazr7KyUJ
+# Go1c+MScGfG5QHV+bps8BX5Oyv9Ct36Y4Il6ajTqV2ifikkVtB3RNBUgwu/mSiSU
+# ice/Jp/q8BMk/gN8+0rNIE+QqU63JoVMCMPY2752LmESsRVVoypJVt8/N3qQ1c6F
+# ibbcRabo3azZkcIdWGVSAdoLgAIxEKBeNh9AQO1gQrnh1TA8ldXuJzPSuALOz1Uj
+# b0PCyNVkWk7hkhVHfcvBfI8NtgWQupiaAeNHe0pWSGH2opXZYKYG4Lbukg7HpNi/
+# KqJhue2Keak6qH9A8CeEOB7Eob0Zf+fU+CCQaL0cJqlmnx9HCDxF+3BLbUufrV64
+# EbTI40zqegPZdA+sXCmbcZy6okx/SjwsusWRItFA3DE8MORZeFb6BmzBtqKJ7l93
+# 9bbKBy2jvxcJI98Va95Q5JnlKor3m0E7xpMeYRriWklUPsetMSf2NvUQa/E5vVye
+# fQIwggYaMIIEAqADAgECAhBiHW0MUgGeO5B5FSCJIRwKMA0GCSqGSIb3DQEBDAUA
+# MFYxCzAJBgNVBAYTAkdCMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxLTArBgNV
+# BAMTJFNlY3RpZ28gUHVibGljIENvZGUgU2lnbmluZyBSb290IFI0NjAeFw0yMTAz
+# MjIwMDAwMDBaFw0zNjAzMjEyMzU5NTlaMFQxCzAJBgNVBAYTAkdCMRgwFgYDVQQK
+# Ew9TZWN0aWdvIExpbWl0ZWQxKzApBgNVBAMTIlNlY3RpZ28gUHVibGljIENvZGUg
+# U2lnbmluZyBDQSBSMzYwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCb
+# K51T+jU/jmAGQ2rAz/V/9shTUxjIztNsfvxYB5UXeWUzCxEeAEZGbEN4QMgCsJLZ
+# UKhWThj/yPqy0iSZhXkZ6Pg2A2NVDgFigOMYzB2OKhdqfWGVoYW3haT29PSTahYk
+# wmMv0b/83nbeECbiMXhSOtbam+/36F09fy1tsB8je/RV0mIk8XL/tfCK6cPuYHE2
+# 15wzrK0h1SWHTxPbPuYkRdkP05ZwmRmTnAO5/arnY83jeNzhP06ShdnRqtZlV59+
+# 8yv+KIhE5ILMqgOZYAENHNX9SJDm+qxp4VqpB3MV/h53yl41aHU5pledi9lCBbH9
+# JeIkNFICiVHNkRmq4TpxtwfvjsUedyz8rNyfQJy/aOs5b4s+ac7IH60B+Ja7TVM+
+# EKv1WuTGwcLmoU3FpOFMbmPj8pz44MPZ1f9+YEQIQty/NQd/2yGgW+ufflcZ/ZE9
+# o1M7a5Jnqf2i2/uMSWymR8r2oQBMdlyh2n5HirY4jKnFH/9gRvd+QOfdRrJZb1sC
+# AwEAAaOCAWQwggFgMB8GA1UdIwQYMBaAFDLrkpr/NZZILyhAQnAgNpFcF4XmMB0G
+# A1UdDgQWBBQPKssghyi47G9IritUpimqF6TNDDAOBgNVHQ8BAf8EBAMCAYYwEgYD
+# VR0TAQH/BAgwBgEB/wIBADATBgNVHSUEDDAKBggrBgEFBQcDAzAbBgNVHSAEFDAS
+# MAYGBFUdIAAwCAYGZ4EMAQQBMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwu
+# c2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nUm9vdFI0Ni5jcmww
+# ewYIKwYBBQUHAQEEbzBtMEYGCCsGAQUFBzAChjpodHRwOi8vY3J0LnNlY3RpZ28u
+# Y29tL1NlY3RpZ29QdWJsaWNDb2RlU2lnbmluZ1Jvb3RSNDYucDdjMCMGCCsGAQUF
+# BzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0BAQwFAAOCAgEA
+# Bv+C4XdjNm57oRUgmxP/BP6YdURhw1aVcdGRP4Wh60BAscjW4HL9hcpkOTz5jUug
+# 2oeunbYAowbFC2AKK+cMcXIBD0ZdOaWTsyNyBBsMLHqafvIhrCymlaS98+QpoBCy
+# KppP0OcxYEdU0hpsaqBBIZOtBajjcw5+w/KeFvPYfLF/ldYpmlG+vd0xqlqd099i
+# ChnyIMvY5HexjO2AmtsbpVn0OhNcWbWDRF/3sBp6fWXhz7DcML4iTAWS+MVXeNLj
+# 1lJziVKEoroGs9Mlizg0bUMbOalOhOfCipnx8CaLZeVme5yELg09Jlo8BMe80jO3
+# 7PU8ejfkP9/uPak7VLwELKxAMcJszkyeiaerlphwoKx1uHRzNyE6bxuSKcutisqm
+# KL5OTunAvtONEoteSiabkPVSZ2z76mKnzAfZxCl/3dq3dUNw4rg3sTCggkHSRqTq
+# lLMS7gjrhTqBmzu1L90Y1KWN/Y5JKdGvspbOrTfOXyXvmPL6E52z1NZJ6ctuMFBQ
+# ZH3pwWvqURR8AgQdULUvrxjUYbHHj95Ejza63zdrEcxWLDX6xWls/GDnVNueKjWU
+# H3fTv1Y8Wdho698YADR7TNx8X8z2Bev6SivBBOHY+uqiirZtg0y9ShQoPzmCcn63
+# Syatatvx157YK9hlcPmVoa1oDE5/L9Uo2bC5a4CH2RwwggZJMIIEsaADAgECAhAG
+# Qz/MzOQzqJLMF7dGpYxlMA0GCSqGSIb3DQEBDAUAMFQxCzAJBgNVBAYTAkdCMRgw
+# FgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxKzApBgNVBAMTIlNlY3RpZ28gUHVibGlj
+# IENvZGUgU2lnbmluZyBDQSBSMzYwHhcNMjQwMjIzMDAwMDAwWhcNMjcwMjIyMjM1
+# OTU5WjBgMQswCQYDVQQGEwJVUzERMA8GA1UECAwIVmlyZ2luaWExHjAcBgNVBAoM
+# FURyb2lkTW9ua2V5IEFwcHMsIExMQzEeMBwGA1UEAwwVRHJvaWRNb25rZXkgQXBw
+# cywgTExDMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuJtEjRyetghx
+# 6Abi1cpMT88uT6nIcTe3AyUvdSkjCtUM8Gat0YJfqTxokb9dBzJa7j8YWOUU1Yc4
+# EDXoYYtVRE+1UkdPAcXNMf2hNXGI45iZVwhBPQZBU4QfKltzYqrjAZgDvxeYd68q
+# ImjzUfrCY3uZHwEIuCewmNMPpEgbdjuSXDyBAKKBtaO2iqyaJpqcC39QnDKlXMic
+# DPqqH5fI7wK7Lg9f4BwOsaO4P68I3pOv7L/6E5GR9+hTj6txhxFz/yCbDxN1PUvD
+# sGaXjMmVeP2M95fkwOFwut5yBESDIwAGEWUFsTJ32hSmE74+xG6rVqtueayV7U9c
+# GURznSk9ZlTUqQOW9Z4K+pu29gTZ9zVWlONIsQR7QXfGKZWF+Xik6rTujSRTTsK7
+# QNMYzBI6b9v0nD2pEWuGZDXIO5o5N2HzXEFlwxCFY483yWSObHNBp9PFtiDueqv+
+# 8vrN+lsirZlDFCxI6hW+F8oYp3XxHdSqxsMRTqbO6dUjH2Tyd0G5fbyT8Rid7DbP
+# 6p/apzIrdFOM0kdcKLmppYBp7BInTdjbWJYhtuORIUZQbUOSM71vYCUHj7xkckiY
+# YmkUf0XH8xx8jqgVWseBW63gCEowhCEYxaWt0QGyXJ6UrlV4WTUCWzxm45I5OQoo
+# fymUvdutKgr9bR3nJ5yS/c+E3KnqJhkCAwEAAaOCAYkwggGFMB8GA1UdIwQYMBaA
+# FA8qyyCHKLjsb0iuK1SmKaoXpM0MMB0GA1UdDgQWBBQta729krTac3CUndU0S0Dd
+# DscjHTAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggr
+# BgEFBQcDAzBKBgNVHSAEQzBBMDUGDCsGAQQBsjEBAgEDAjAlMCMGCCsGAQUFBwIB
+# FhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBBAEwSQYDVR0fBEIwQDA+
+# oDygOoY4aHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljQ29kZVNp
+# Z25pbmdDQVIzNi5jcmwweQYIKwYBBQUHAQEEbTBrMEQGCCsGAQUFBzAChjhodHRw
+# Oi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWNDb2RlU2lnbmluZ0NBUjM2
+# LmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wDQYJKoZI
+# hvcNAQEMBQADggGBAJSy5YPCbh9ZsuDCKgDuzOWZzNza4/FrA+kT7EitDezYN3S/
+# P0EVc0tPbgYAKfNqY+ihAMyjZHdgybfBWhGzUTDo+HEipcnZ2pgwPadsw23jJ8MN
+# 1tdms9iKDakIQ2MVsB7cGFRU8QjLovkPdZkyLcjuYbkiZRoNoKlhmrOOf6n1oCwX
+# VJ9ONJijc+Lr3+4EIqZ39ET2+uI9Wg9Bfd9XrDZfYFEcRJjNzRpCtHb26aIzV/Xi
+# MWasHRPaII34SzD0BmaPbsLeGW1UGvW3tQcgVNdT/uajegmShVb+c5J5ktRSJ0cq
+# yxmTAYaeMuA6IxG1f6kui1SAFQs2lzlGyEgxgiNGo7cHHN2KidhrBL3U2bGr9Tkd
+# p3gmV+Gj3esCdQzJE4aqmUZvIvHpkrair4qbLFZRNozAZJn2SIeQa5u2U0ZmvcAr
+# 1C7S3JVLP3t9LKE0mlFkV9pbIU97ND3iH3tO0Zb3SvCK/XjO1PZVb8EXsi67wbfM
+# SWAwi2CETDonb7+gBjCCBl0wggTFoAMCAQICEDpSaiyEzlXmHWX8zBLY6YkwDQYJ
+# KoZIhvcNAQEMBQAwVTELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGlt
+# aXRlZDEsMCoGA1UEAxMjU2VjdGlnbyBQdWJsaWMgVGltZSBTdGFtcGluZyBDQSBS
+# MzYwHhcNMjQwMTE1MDAwMDAwWhcNMzUwNDE0MjM1OTU5WjBuMQswCQYDVQQGEwJH
+# QjETMBEGA1UECBMKTWFuY2hlc3RlcjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVk
+# MTAwLgYDVQQDEydTZWN0aWdvIFB1YmxpYyBUaW1lIFN0YW1waW5nIFNpZ25lciBS
+# MzUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCN0Wf0wUibvf04STpN
+# YYGbw9jcRaVhBDaNBp7jmJaA9dQZW5ighrXGNMYjK7Dey5RIHMqLIbT9z9if753m
+# YbojJrKWO4ZP0N5dBT2TwZZaPb8E+hqaDZ8Vy2c+x1NiEwbEzTrPX4W3QFq/zJvD
+# DbWKL99qLL42GJQzX3n5wWo60KklfFn+Wb22mOZWYSqkCVGl8aYuE12SqIS4MVO4
+# PUaxXeO+4+48YpQlNqbc/ndTgszRQLF4MjxDPjRDD1M9qvpLTZcTGVzxfViyIToR
+# NxPP6DUiZDU6oXARrGwyP9aglPXwYbkqI2dLuf9fiIzBugCDciOly8TPDgBkJmjA
+# fILNiGcVEzg+40xUdhxNcaC+6r0juPiR7bzXHh7v/3RnlZuT3ZGstxLfmE7fRMAF
+# wbHdDz5gtHLqjSTXDiNF58IxPtvmZPG2rlc+Yq+2B8+5pY+QZn+1vEifI0MDtiA6
+# BxxQuOnj4PnqDaK7NEKwtD1pzoA3jJFuoJiwbatwhDkg1PIjYnMDbDW+wAc9FtRN
+# 6pUsO405jaBgigoFZCw9hWjLNqgFVTo7lMb5rVjJ9aSBVVL2dcqzyFW2LdWk5Xdp
+# 65oeeOALod7YIIMv1pbqC15R7QCYLxcK1bCl4/HpBbdE5mjy9JR70BHuYx27n4XN
+# OZbwrXcG3wZf9gEUk7stbPAoBQIDAQABo4IBjjCCAYowHwYDVR0jBBgwFoAUX1jt
+# TDF6omFCjVKAurNhlxmiMpswHQYDVR0OBBYEFGjvpDJJabZSOB3qQzks9BRqngyF
+# MA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsG
+# AQUFBwMIMEoGA1UdIARDMEEwNQYMKwYBBAGyMQECAQMIMCUwIwYIKwYBBQUHAgEW
+# F2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAEEAjBKBgNVHR8EQzBBMD+g
+# PaA7hjlodHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWNUaW1lU3Rh
+# bXBpbmdDQVIzNi5jcmwwegYIKwYBBQUHAQEEbjBsMEUGCCsGAQUFBzAChjlodHRw
+# Oi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWNUaW1lU3RhbXBpbmdDQVIz
+# Ni5jcnQwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMA0GCSqG
+# SIb3DQEBDAUAA4IBgQCw3C7J+k82TIov9slP1e8YTx+fDsa//hJ62Y6SMr2E89rv
+# 82y/n8we5W6z5pfBEWozlW7nWp+sdPCdUTFw/YQcqvshH6b9Rvs9qZp5Z+V7nHwP
+# TH8yzKwgKzTTG1I1XEXLAK9fHnmXpaDeVeI8K6Lw3iznWZdLQe3zl+Rejdq5l2jU
+# 7iUfMkthfhFmi+VVYPkR/BXpV7Ub1QyyWebqkjSHJHRmv3lBYbQyk08/S7TlIeOr
+# 9iQ+UN57fJg4QI0yqdn6PyiehS1nSgLwKRs46T8A6hXiSn/pCXaASnds0LsM5OVo
+# KYfbgOOlWCvKfwUySWoSgrhncihSBXxH2pAuDV2vr8GOCEaePZc0Dy6O1rYnKjGm
+# qm/IRNkJghSMizr1iIOPN+23futBXAhmx8Ji/4NTmyH9K0UvXHiuA2Pa3wZxxR9r
+# 9XeIUVb2V8glZay+2ULlc445CzCvVSZV01ZB6bgvCuUuBx079gCcepjnZDCcEuIC
+# 5Se4F6yFaZ8RvmiJ4hgwggaCMIIEaqADAgECAhA2wrC9fBs656Oz3TbLyXVoMA0G
+# CSqGSIb3DQEBDAUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNl
+# eTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1Qg
+# TmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1
+# dGhvcml0eTAeFw0yMTAzMjIwMDAwMDBaFw0zODAxMTgyMzU5NTlaMFcxCzAJBgNV
+# BAYTAkdCMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxLjAsBgNVBAMTJVNlY3Rp
+# Z28gUHVibGljIFRpbWUgU3RhbXBpbmcgUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB
+# AQUAA4ICDwAwggIKAoICAQCIndi5RWedHd3ouSaBmlRUwHxJBZvMWhUP2ZQQRLRB
+# QIF3FJmp1OR2LMgIU14g0JIlL6VXWKmdbmKGRDILRxEtZdQnOh2qmcxGzjqemIk8
+# et8sE6J+N+Gl1cnZocew8eCAawKLu4TRrCoqCAT8uRjDeypoGJrruH/drCio28aq
+# IVEn45NZiZQI7YYBex48eL78lQ0BrHeSmqy1uXe9xN04aG0pKG9ki+PC6VEfzutu
+# 6Q3IcZZfm00r9YAEp/4aeiLhyaKxLuhKKaAdQjRaf/h6U13jQEV1JnUTCm511n5a
+# vv4N+jSVwd+Wb8UMOs4netapq5Q/yGyiQOgjsP/JRUj0MAT9YrcmXcLgsrAimfWY
+# 3MzKm1HCxcquinTqbs1Q0d2VMMQyi9cAgMYC9jKc+3mW62/yVl4jnDcw6ULJsBkO
+# krcPLUwqj7poS0T2+2JMzPP+jZ1h90/QpZnBkhdtixMiWDVgh60KmLmzXiqJc6lG
+# wqoUqpq/1HVHm+Pc2B6+wCy/GwCcjw5rmzajLbmqGygEgaj/OLoanEWP6Y52Hfle
+# f3XLvYnhEY4kSirMQhtberRvaI+5YsD3XVxHGBjlIli5u+NrLedIxsE88WzKXqZj
+# j9Zi5ybJL2WjeXuOTbswB7XjkZbErg7ebeAQUQiS/uRGZ58NHs57ZPUfECcgJC+v
+# 2wIDAQABo4IBFjCCARIwHwYDVR0jBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZssw
+# HQYDVR0OBBYEFPZ3at0//QET/xahbIICL9AKPRQlMA4GA1UdDwEB/wQEAwIBhjAP
+# BgNVHRMBAf8EBTADAQH/MBMGA1UdJQQMMAoGCCsGAQUFBwMIMBEGA1UdIAQKMAgw
+# BgYEVR0gADBQBgNVHR8ESTBHMEWgQ6BBhj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5j
+# b20vVVNFUlRydXN0UlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwNQYIKwYB
+# BQUHAQEEKTAnMCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29t
+# MA0GCSqGSIb3DQEBDAUAA4ICAQAOvmVB7WhEuOWhxdQRh+S3OyWM637ayBeR7djx
+# Q8SihTnLf2sABFoB0DFR6JfWS0snf6WDG2gtCGflwVvcYXZJJlFfym1Doi+4PfDP
+# 8s0cqlDmdfyGOwMtGGzJ4iImyaz3IBae91g50QyrVbrUoT0mUGQHbRcF57olpfHh
+# QEStz5i6hJvVLFV/ueQ21SM99zG4W2tB1ExGL98idX8ChsTwbD/zIExAopoe3l6J
+# rzJtPxj8V9rocAnLP2C8Q5wXVVZcbw4x4ztXLsGzqZIiRh5i111TW7HV1AtsQa6v
+# Xy633vCAbAOIaKcLAo/IU7sClyZUk62XD0VUnHD+YvVNvIGezjM6CRpcWed/ODip
+# tK+evDKPU2K6synimYBaNH49v9Ih24+eYXNtI38byt5kIvh+8aW88WThRpv8lUJK
+# aPn37+YHYafob9Rg7LyTrSYpyZoBmwRWSE4W6iPjB7wJjJpH29308ZkpKKdpkiS9
+# WNsf/eeUtvRrtIEiSJHN899L1P4l6zKVsdrUu1FX1T/ubSrsxrYJD+3f3aKg6yxd
+# bugot06YwGXXiy5UUGZvOu3lXlxA+fC13dQ5OlL2gIb5lmF6Ii8+CQOYDwXM+yd9
+# dbmocQsHjcRPsccUd5E9FiswEqORvz8g3s+jR3SFCgXhN4wz7NgAnOgpCdUo4uDy
+# llU9PzGCBkAwggY8AgEBMGgwVDELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3Rp
+# Z28gTGltaXRlZDErMCkGA1UEAxMiU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5n
+# IENBIFIzNgIQBkM/zMzkM6iSzBe3RqWMZTANBglghkgBZQMEAgEFAKCBhDAYBgor
+# BgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEE
+# MBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCCw
+# CjBOFSrHIl5SZxVeFP1D+IfXa4B5pNieNHIkm0/SqTANBgkqhkiG9w0BAQEFAASC
+# AgAgFK2xkUz0aie9HSo0e4qyDk83CNX9G/GR7+DObTay5l7OYVZIdB2kOZIS8UbH
+# 4gMSsjplIVObVyf1DjGGCctq4bFDABL7wpwqm7P3tEjs2d/HK2Yxoe1c8YFTYMJJ
+# Vc6Q9l/nZA7ZC/SCH1NyEgK+w3vQ6SARudN8/ZgFVa1P3DdwOADmLD774v3bOUKq
+# XKDOySeYD7bkCekPv6yx6DnrWBBsYIKFRv2Yv4duThki4CC1FMgEVTmdBDJIP3R8
+# 1BgXjPvVxYX3aQ9emC3KluyNr/BEPZiVdwBjXCE60n7g/Y8qNgqY0ZaImSpl9MFx
+# VkrxE7iNfBcBE8xVCghyDahs1BxyEeEdQk+QlLD1Cv3KGODlyWjgncDAX7fnkC6l
+# M7KUttjXGi9uQG3g2dUCX+744wPhRg+DBfch2Em70I0kYsPY6ETyrQogZdi6QzKO
+# Hlf/hUW0o9HCc6BrTSL4y8G0mlKVCgUpMOjlrip88bvW05ZUX20arGKxGg1uxFIA
+# r7wvQyFn+RvNc0kqWt/xgwp3HAc80ABPCYumLqGwucBWisiMt4P2s+fkLpYJdC/n
+# pS/3fRoepfGmv8J1WAIjGiO7e12aDrTQqNP+2RUzkNpy2eRQDL+3VUFQOQqEfkVL
+# Y6wpN6nB7olNULhPUlwZChf49v/h+XUxhgHozWN576qoyqGCAyIwggMeBgkqhkiG
+# 9w0BCQYxggMPMIIDCwIBATBpMFUxCzAJBgNVBAYTAkdCMRgwFgYDVQQKEw9TZWN0
+# aWdvIExpbWl0ZWQxLDAqBgNVBAMTI1NlY3RpZ28gUHVibGljIFRpbWUgU3RhbXBp
+# bmcgQ0EgUjM2AhA6UmoshM5V5h1l/MwS2OmJMA0GCWCGSAFlAwQCAgUAoHkwGAYJ
+# KoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjQwOTE0MDMy
+# MTU1WjA/BgkqhkiG9w0BCQQxMgQwwrUMFcAva5866cdprEw/weWm4EfoAA4SCloN
+# B50191F7ps9XQIxGfsz+g0vQxzxfMA0GCSqGSIb3DQEBAQUABIICAC3qVFmWQWkL
+# kn/AYJPZ3B7Yvwq0P7SqcHO9w5FiV5wsznH6xfvkTzXssQLhKaZdqypnHCTNth8D
+# 7mgr6zZYh5CgQQ3SSG2q0xVzs3wanJmZ4g6I7bVeGMLv47tFnCed9G3aP5cywDBn
+# vMOiwZnQR1WwM8T6qE4sAb4lKXUYDbIVB1DMRAF3j2rQMAN9e9jF6Ok+ZyQqpBSl
+# ve2vBR0TgFXeyidwiz6O2I1FWc1OzwMchbJTANbQqWRKuiQ6gm0Bj/S8dalBb77I
+# jxS0Tn7kRH1Sr50ZfWRSxj7H7afsQOKbDHxhWFhctvQfbrmbNj+gHcm9j/rSPpU7
+# zj5OvgKyYQnjiLjCnGBTmSML2ZwvXhPv2XkFQ2yL2nYWTRqLjARdcP62kSrkQxEa
+# DLAZ7mcndE+HZVMllBGVI9/H5hkE7jINBU4gNvyqQQqF3xTatJMldyrXCQ6R9wfN
+# LsdyFB177vZXLrS1EymCzq1COpbrw3oa/LXP+1hZFhoaOYy00LUnCU5Zjd8UFWIh
+# FDj3Z7O/Xz3P8BR4t7PGqUu3x8UbxcsGDH0w0e3pvPmxXiBZlspjNieg073YNKxU
+# Yuj0b3cX/cpYH0M0Ne/tXuHwbZthwwll3vytT7Aa+oglejolDQjRc8Gv5KW0dUK3
+# LmVw9eforeFUrTExSEc/0jf29BmZz9do
 # SIG # End signature block

share/CMakeLists.txt

@@ -58,7 +58,12 @@ if(UNIX AND NOT APPLE AND NOT HAIKU)
                 EXCLUDE PATTERN "actions" EXCLUDE PATTERN "categories" EXCLUDE)
     endif(KEEPASSXC_DIST_FLATPAK)
     configure_file(linux/${APP_ID}.desktop.in ${CMAKE_CURRENT_BINARY_DIR}/linux/${APP_ID}.desktop @ONLY)
+    configure_file(linux/${APP_ID}.policy.in ${CMAKE_CURRENT_BINARY_DIR}/linux/${APP_ID}.policy @ONLY)
+
     install(FILES ${CMAKE_CURRENT_BINARY_DIR}/linux/${APP_ID}.desktop DESTINATION ${CMAKE_INSTALL_DATADIR}/applications)
+    if("${CMAKE_SYSTEM}" MATCHES "Linux")
+      install(FILES ${CMAKE_CURRENT_BINARY_DIR}/linux/${APP_ID}.policy DESTINATION ${CMAKE_INSTALL_DATADIR}/polkit-1/actions)
+    endif()
     install(FILES linux/${APP_ID}.appdata.xml DESTINATION ${CMAKE_INSTALL_DATADIR}/metainfo)
 endif(UNIX AND NOT APPLE AND NOT HAIKU)
 

share/demo.key

@@ -1 +0,0 @@
-secret

share/demo_readme.md

@@ -0,0 +1,3 @@
+This is a demo database to showcase some of the features of KeePassXC
+
+The password to unlock demo.kdbx is: secret

share/icons/application/scalable/actions/arrow-collapse-down.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19.92,12.08L12,20L4.08,12.08L5.5,10.67L11,16.17V2H13V16.17L18.5,10.66L19.92,12.08M12,20H2V22H22V20H12Z" /></svg>

share/icons/application/scalable/actions/bitwarden.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21,11C21,16.55 17.16,21.74 12,23C6.84,21.74 3,16.55 3,11V5L12,1L21,5V11M12,21C15.75,20 19,15.54 19,11.22V6.3L12,3.18V21Z" /></svg>

share/icons/application/scalable/actions/csv.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M14 2H6C4.9 2 4 2.9 4 4V20C4 21.1 4.9 22 6 22H18C19.1 22 20 21.1 20 20V8L14 2M18 20H6V4H13V9H18V20M10 19L12 15H9V10H15V15L13 19H10" /></svg>

share/icons/application/scalable/actions/database-settings.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 14C9.58 14 7.3 13.4 6 12.45V9.64C7.47 10.47 9.61 11 12 11S16.53 10.47 18 9.64V12.08C18.33 12.03 18.66 12 19 12C19.34 12 19.67 12.03 20 12.08V7C20 4.79 16.42 3 12 3S4 4.79 4 7V17C4 19.21 7.59 21 12 21C12.1 21 12.2 21 12.29 21C12.11 20.36 12 19.69 12 19C8.13 19 6 17.5 6 17V14.77C7.61 15.55 9.72 16 12 16C12.24 16 12.47 16 12.7 15.97C13.1 15.14 13.65 14.41 14.32 13.81C13.58 13.93 12.8 14 12 14M12 5C15.87 5 18 6.5 18 7S15.87 9 12 9 6 7.5 6 7 8.13 5 12 5M22.7 19.6V18.6L23.8 17.8C23.9 17.7 24 17.6 23.9 17.5L22.9 15.8C22.9 15.7 22.7 15.7 22.6 15.7L21.4 16.2C21.1 16 20.8 15.8 20.5 15.7L20.3 14.4C20.3 14.3 20.2 14.2 20.1 14.2H18.1C17.9 14.2 17.8 14.3 17.8 14.4L17.6 15.7C17.3 15.9 17.1 16 16.8 16.2L15.6 15.7C15.5 15.7 15.4 15.7 15.3 15.8L14.3 17.5C14.3 17.6 14.3 17.7 14.4 17.8L15.5 18.6V19.6L14.4 20.4C14.3 20.5 14.2 20.6 14.3 20.7L15.3 22.4C15.4 22.5 15.5 22.5 15.6 22.5L16.8 22C17 22.2 17.3 22.4 17.6 22.5L17.8 23.8C17.9 23.9 18 24 18.1 24H20.1C20.2 24 20.3 23.9 20.3 23.8L20.5 22.5C20.8 22.3 21 22.2 21.3 22L22.5 22.4C22.6 22.4 22.7 22.4 22.8 22.3L23.8 20.6C23.9 20.5 23.9 20.4 23.8 20.4L22.7 19.6M19 20.5C18.2 20.5 17.5 19.8 17.5 19S18.2 17.5 19 17.5 20.5 18.2 20.5 19 19.8 20.5 19 20.5Z" /></svg>

share/icons/application/scalable/actions/entry-delete.svg

@@ -1 +1 @@
-<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" id="mdi-close-circle-outline" width="24" height="24" viewBox="0 0 24 24"><path d="M12,20C7.59,20 4,16.41 4,12C4,7.59 7.59,4 12,4C16.41,4 20,7.59 20,12C20,16.41 16.41,20 12,20M12,2C6.47,2 2,6.47 2,12C2,17.53 6.47,22 12,22C17.53,22 22,17.53 22,12C22,6.47 17.53,2 12,2M14.59,8L12,10.59L9.41,8L8,9.41L10.59,12L8,14.59L9.41,16L12,13.41L14.59,16L16,14.59L13.41,12L16,9.41L14.59,8Z" /></svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12,2A10,10 0 0,1 22,12A10,10 0 0,1 12,22A10,10 0 0,1 2,12A10,10 0 0,1 12,2M12,4A8,8 0 0,0 4,12A8,8 0 0,0 12,20A8,8 0 0,0 20,12A8,8 0 0,0 12,4M16,10V17A1,1 0 0,1 15,18H9A1,1 0 0,1 8,17V10H16M13.5,6L14.5,7H17V9H7V7H9.5L10.5,6H13.5Z" /></svg>

share/icons/application/scalable/actions/entry-expire.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9 8H11V14H9V8M13 1H7V3H13V1M17.03 7.39C18.26 8.93 19 10.88 19 13C19 17.97 15 22 10 22C5.03 22 1 17.97 1 13S5.03 4 10 4C12.12 4 14.07 4.74 15.62 6L17.04 4.56C17.55 5 18 5.46 18.45 5.97L17.03 7.39M17 13C17 9.13 13.87 6 10 6S3 9.13 3 13 6.13 20 10 20 17 16.87 17 13M21 7V13H23V7H21M21 17H23V15H21V17Z" /></svg>

share/icons/application/scalable/actions/lock-open-alert.svg

@@ -0,0 +1 @@
+<svg viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2"><path d="M22.326 14.864h-2.652v-12h2.652v12m0 5h-2.652v-3h2.652v3Z" style="fill-rule:nonzero" transform="matrix(1.13122 0 0 1 -1.2557 2.1364)"/><path d="M18 8c1.097 0 2 .903 2 2v10c0 1.097-.903 2-2 2H6c-1.11 0-2-.9-2-2V10c0-1.097.903-2 2-2h9V6c0-1.646-1.354-3-3-3S9 4.354 9 6H7c0-2.743 2.257-5 5-5s5 2.257 5 5v2h1m-6 9c1.097 0 2-.903 2-2s-.903-2-2-2-2 .903-2 2 .903 2 2 2Z" style="fill-rule:nonzero" transform="translate(-1)"/></svg>

share/icons/application/scalable/actions/lock-open.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M18,8A2,2 0 0,1 20,10V20A2,2 0 0,1 18,22H6C4.89,22 4,21.1 4,20V10A2,2 0 0,1 6,8H15V6A3,3 0 0,0 12,3A3,3 0 0,0 9,6H7A5,5 0 0,1 12,1A5,5 0 0,1 17,6V8H18M12,17A2,2 0 0,0 14,15A2,2 0 0,0 12,13A2,2 0 0,0 10,15A2,2 0 0,0 12,17Z" /></svg>

share/icons/application/scalable/actions/lock.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12,17A2,2 0 0,0 14,15C14,13.89 13.1,13 12,13A2,2 0 0,0 10,15A2,2 0 0,0 12,17M18,8A2,2 0 0,1 20,10V20A2,2 0 0,1 18,22H6A2,2 0 0,1 4,20V10C4,8.89 4.9,8 6,8H7V6A5,5 0 0,1 12,1A5,5 0 0,1 17,6V8H18M12,3A3,3 0 0,0 9,6V8H15V6A3,3 0 0,0 12,3Z" /></svg>

share/icons/application/scalable/actions/onepassword.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12,1C5.92,1 1,5.92 1,12C1,18.08 5.92,23 12,23C18.08,23 23,18.08 23,12C23,5.92 18.08,1 12,1M12,20A8,8 0 0,1 4,12A8,8 0 0,1 12,4A8,8 0 0,1 20,12A8,8 0 0,1 12,20M13,13.5C13,14.13 13.4,14.7 14,14.91V18H10V11.91C10.78,11.64 11.19,10.8 10.93,10C10.78,9.58 10.44,9.24 10,9.09V6H14V12.09C13.4,12.3 13,12.87 13,13.5Z" /></svg>

share/icons/application/scalable/actions/passkey.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21,11C21,16.55 17.16,21.74 12,23C6.84,21.74 3,16.55 3,11V5L12,1L21,5V11M12,21C15.75,20 19,15.54 19,11.22V6.3L12,3.18L5,6.3V11.22C5,15.54 8.25,20 12,21M12,6A3,3 0 0,1 15,9C15,10.31 14.17,11.42 13,11.83V14H15V16H13V18H11V11.83C9.83,11.42 9,10.31 9,9A3,3 0 0,1 12,6M12,8A1,1 0 0,0 11,9A1,1 0 0,0 12,10A1,1 0 0,0 13,9A1,1 0 0,0 12,8Z" /></svg>

share/icons/application/scalable/actions/proton.svg

@@ -0,0 +1 @@
+<svg viewBox="0 0 128 128" xmlns="http://www.w3.org/2000/svg" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2"><path d="M22.5 101.382V88.3094c0-9.1756 7.4383-16.6154 16.6154-16.6154l11.528.1398c12.5786 0 21.5115-2.3424 26.7973-7.0258 5.2858-4.6835 7.9851-8.4576 7.9851-16.9566 0-6.1551-1.6287-11.224-4.7734-15.5733-3.0775-4.4165-7.1586-7.3271-12.2445-8.7317-3.2789-.8707-9.334-1.3047-18.1656-1.3047l-9.1856-.1284v28.1362H22.5V4.75l26.1364.1284c9.768 0 17.2292.4682 22.3808 1.4046 7.2271 1.2048 13.2823 3.513 18.167 6.926 4.8847 3.3445 8.7988 8.0622 11.7422 14.1516 3.0119 6.088 4.5735 12.5958 4.5735 19.89 0 12.5115-4.0382 20.301-12.0005 28.9998-7.9623 8.6303-22.9161 12.4345-43.7268 12.4345 0 0-7.5968.1384-8.716.1384-8.4061 0-15.6061 5.2016-18.5566 12.5586ZM22.5 124.2501c0-13.2305 8.192-24.0806 18.5567-24.9993v24.902L22.5 124.25Z"/></svg>

share/icons/application/scalable/actions/remote-sync.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13.03 18C13.08 18.7 13.24 19.38 13.5 20H6.5C5 20 3.69 19.5 2.61 18.43C1.54 17.38 1 16.09 1 14.58C1 13.28 1.39 12.12 2.17 11.1S4 9.43 5.25 9.15C5.67 7.62 6.5 6.38 7.75 5.43S10.42 4 12 4C13.95 4 15.6 4.68 16.96 6.04C18.32 7.4 19 9.05 19 11C19.04 11 19.07 11 19.1 11C18.36 11.07 17.65 11.23 17 11.5V11C17 9.62 16.5 8.44 15.54 7.46C14.56 6.5 13.38 6 12 6S9.44 6.5 8.46 7.46C7.5 8.44 7 9.62 7 11H6.5C5.53 11 4.71 11.34 4.03 12.03C3.34 12.71 3 13.53 3 14.5S3.34 16.29 4.03 17C4.71 17.66 5.53 18 6.5 18H13.03M19 13.5V12L16.75 14.25L19 16.5V15C20.38 15 21.5 16.12 21.5 17.5C21.5 17.9 21.41 18.28 21.24 18.62L22.33 19.71C22.75 19.08 23 18.32 23 17.5C23 15.29 21.21 13.5 19 13.5M19 20C17.62 20 16.5 18.88 16.5 17.5C16.5 17.1 16.59 16.72 16.76 16.38L15.67 15.29C15.25 15.92 15 16.68 15 17.5C15 19.71 16.79 21.5 19 21.5V23L21.25 20.75L19 18.5V20Z" /></svg>

share/icons/application/scalable/actions/reports.svg

@@ -1 +1 @@
-<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" id="mdi-lightbulb-on-outline" width="24" height="24" viewBox="0 0 24 24"><path d="M20,11H23V13H20V11M1,11H4V13H1V11M13,1V4H11V1H13M4.92,3.5L7.05,5.64L5.63,7.05L3.5,4.93L4.92,3.5M16.95,5.63L19.07,3.5L20.5,4.93L18.37,7.05L16.95,5.63M12,6A6,6 0 0,1 18,12C18,14.22 16.79,16.16 15,17.2V19A1,1 0 0,1 14,20H10A1,1 0 0,1 9,19V17.2C7.21,16.16 6,14.22 6,12A6,6 0 0,1 12,6M14,21V22A1,1 0 0,1 13,23H11A1,1 0 0,1 10,22V21H14M11,18H13V15.87C14.73,15.43 16,13.86 16,12A4,4 0 0,0 12,8A4,4 0 0,0 8,12C8,13.86 9.27,15.43 11,15.87V18Z" /></svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 16V4H8V16M22 16C22 17.1 21.1 18 20 18H8C6.9 18 6 17.1 6 16V4C6 2.9 6.9 2 8 2H20C21.1 2 22 2.9 22 4M16 20V22H4C2.9 22 2 21.1 2 20V7H4V20M16 11H18V14H16M13 6H15V14H13M10 8H12V14H10Z" /></svg>

share/icons/application/scalable/actions/yubikey-refresh.svg

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="100%" height="100%" viewBox="0 0 24 24" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
+    <g transform="matrix(0.722673,-0.722673,0.722673,0.722673,-9.84661,10.66)">
+        <path d="M6.086,22.736C3.148,21.904 1,19.206 1,16C1,14.07 1.78,12.32 3.05,11.05L9.77,4.33L11.288,5.868L15.078,2.078C15.258,1.898 15.508,1.788 15.788,1.788C16.068,1.788 16.318,1.898 16.498,2.078L21.919,7.502L21.919,7.512C22.059,7.682 22.139,7.902 22.139,8.142C22.139,8.442 22.009,8.712 21.799,8.902L18.069,12.642L19.67,14.23L18.255,15.645L9.77,7.16L4.46,12.46C3.56,13.37 3,14.62 3,16C3,18.186 4.405,20.046 6.361,20.725C6.182,21.382 6.09,22.059 6.086,22.736ZM7.133,18.873C5.897,18.502 5,17.358 5,16C5,14.34 6.34,13 8,13C9.505,13 10.747,14.102 10.966,15.545C10.021,15.925 9.136,16.499 8.371,17.264C7.879,17.756 7.466,18.298 7.133,18.873ZM20.35,8.046L15.859,3.553L12.431,7.001L16.901,11.484L20.35,8.046ZM8,15C7.45,15 7,15.45 7,16C7,16.55 7.45,17 8,17C8.55,17 9,16.55 9,16C9,15.45 8.55,15 8,15Z"/>
+    </g>
+    <g transform="matrix(0.832215,6.28971e-17,-6.28971e-17,0.832215,6.96368,6.76821)">
+        <path d="M17.65,6.35C16.2,4.9 14.21,4 12,4C7.611,4 4,7.611 4,12C4,16.389 7.611,20 12,20C15.73,20 18.84,17.45 19.73,14L17.65,14C16.83,16.33 14.61,18 12,18C8.708,18 6,15.292 6,12C6,8.708 8.708,6 12,6C13.66,6 15.14,6.69 16.22,7.78L13,11L20,11L20,4L17.65,6.35Z" style="fill-rule:nonzero;"/>
+    </g>
+</svg>

share/icons/icons.qrc

@@ -6,18 +6,22 @@
         <file>application/256x256/apps/keepassxc.png</file>
 
         <file>application/scalable/actions/application-exit.svg</file>
+        <file>application/scalable/actions/arrow-collapse-down.svg</file>
         <file>application/scalable/actions/attributes-copy.svg</file>
         <file>application/scalable/actions/auto-type.svg</file>
+        <file>application/scalable/actions/bitwarden.svg</file>
         <file>application/scalable/actions/bugreport.svg</file>
         <file>application/scalable/actions/chevron-double-down.svg</file>
         <file>application/scalable/actions/chevron-double-right.svg</file>
         <file>application/scalable/actions/clipboard-text.svg</file>
         <file>application/scalable/actions/configure.svg</file>
+        <file>application/scalable/actions/csv.svg</file>
         <file>application/scalable/actions/database-change-key.svg</file>
         <file>application/scalable/actions/database-lock.svg</file>
         <file>application/scalable/actions/database-lock-all.svg</file>
         <file>application/scalable/actions/database-merge.svg</file>
         <file>application/scalable/actions/database-search.svg</file>
+        <file>application/scalable/actions/database-settings.svg</file>
         <file>application/scalable/actions/dialog-close.svg</file>
         <file>application/scalable/actions/dialog-ok.svg</file>
         <file>application/scalable/actions/document-close.svg</file>
@@ -36,6 +40,7 @@
         <file>application/scalable/actions/edit-clear-locationbar-rtl.svg</file>
         <file>application/scalable/actions/entry-clone.svg</file>
         <file>application/scalable/actions/entry-delete.svg</file>
+        <file>application/scalable/actions/entry-expire.svg</file>
         <file>application/scalable/actions/entry-restore.svg</file>
         <file>application/scalable/actions/entry-edit.svg</file>
         <file>application/scalable/actions/entry-new.svg</file>
@@ -53,18 +58,25 @@
         <file>application/scalable/actions/hibp.svg</file>
         <file>application/scalable/actions/lock-question.svg</file>
         <file>application/scalable/actions/keyboard-shortcuts.svg</file>
+        <file>application/scalable/actions/lock.svg</file>
+        <file>application/scalable/actions/lock-open.svg</file>
+        <file>application/scalable/actions/lock-open-alert.svg</file>
         <file>application/scalable/actions/message-close.svg</file>
         <file>application/scalable/actions/move-down.svg</file>
         <file>application/scalable/actions/move-up.svg</file>
         <file>application/scalable/actions/object-locked.svg</file>
         <file>application/scalable/actions/object-unlocked.svg</file>
+        <file>application/scalable/actions/onepassword.svg</file>
         <file>application/scalable/actions/paperclip.svg</file>
+        <file>application/scalable/actions/passkey.svg</file>
         <file>application/scalable/actions/password-copy.svg</file>
         <file>application/scalable/actions/password-generator.svg</file>
         <file>application/scalable/actions/password-show-off.svg</file>
         <file>application/scalable/actions/password-show-on.svg</file>
+        <file>application/scalable/actions/proton.svg</file>
         <file>application/scalable/actions/qrcode.svg</file>
         <file>application/scalable/actions/refresh.svg</file>
+        <file>application/scalable/actions/remote-sync.svg</file>
         <file>application/scalable/actions/reports.svg</file>
         <file>application/scalable/actions/reports-exclude.svg</file>
         <file>application/scalable/actions/sort-alphabetical-ascending.svg</file>
@@ -86,6 +98,7 @@
         <file>application/scalable/actions/username-copy.svg</file>
         <file>application/scalable/actions/view-history.svg</file>
         <file>application/scalable/actions/web.svg</file>
+        <file>application/scalable/actions/yubikey-refresh.svg</file>
         <file>application/scalable/apps/freedesktop.svg</file>
         <file>application/scalable/apps/internet-web-browser.svg</file>
         <file>application/scalable/apps/keepassxc.svg</file>

share/linux/org.keepassxc.KeePassXC.appdata.xml

@@ -52,6 +52,172 @@
     </screenshots>
 
     <releases>
+        <release version="2.8.0" date="2025-01-01">
+            <description>
+                <ul>
+                    <li>Placeholder for future release notes</li>
+                </ul>
+            </description>
+        </release>
+        <release version="2.7.10" date="2025-03-02">
+            <description>
+                <ul>
+                    <li>Allow adjusting application font size [#11567]</li>
+                    <li>Add Proton Pass importer [#11197]</li>
+                    <li>Support KeePass2 TOTP settings [#11229]</li>
+                    <li>Add New/Preview Entry Attachments dialog and functionality [#11637, #11699, #11650]</li>
+                    <li>Add database name, color, and icon options for unlock view [#10819, #11725]</li>
+                    <li>Show entry background color as column [#6798]</li>
+                    <li>Use icons for password strength [#9844]</li>
+                    <li>Add "Group Full Path" column in entry view [#10278]</li>
+                    <li>Passphrase "MIXED case" Type [#11255]</li>
+                    <li>Allow deleting extension plugin data from Browser Statistics [#11218]</li>
+                    <li>Add --minimized option to keepassxc [#11693]</li>
+                    <li>Implement T-CONV and T-REPLACE-RX entry placeholders [#11453]</li>
+                    <li>Option to disable opening browser when URL field double-clicked [#11332]</li>
+                    <li>Overhaul action states and add icons to toolbar [#11047]</li>
+                    <li>Show character count in password generator dialog [#10940]</li>
+                    <li>Add ability to expire entries from context menu [#8731]</li>
+                    <li>Add copy field shortcuts to Auto-Type select dialog [#11518]</li>
+                    <li>Passkeys: Add support for selecting group on creation [#11260]</li>
+                    <li>Browser: Refactor Access Control Dialog [#9607]</li>
+                    <li>Browser: Add support for URL wildcards and exact URL [#9835, #11752]</li>
+                    <li>Browser: Allow groups to restrict by browser integration key [#9852]</li>
+                    <li>CLI: Add `-d` dry-run shortcut to merge command [#11192]</li>
+                    <li>CLI: HTML export [#11590]</li>
+                    <li>macOS: Add option to disable database lock when switching user [#9707]</li>
+                    <li>SSH Agent: Implement feature to clear all identities [#10649]</li>
+                    <li>Major enhancements to documentation [#11745, #10875]</li>
+                    <li>Various UI and style fixes [#11535, #11672, #11511, #11445, #11426, #11273, #11455, #11321, #11594, #11539, #11351, #11354, #10748, #11602, #11303, #11291, #10091, #9417]</li>
+                    <li>Various improvements to tags [#11676, #11652, #11625]</li>
+                    <li>Reset splitter sizes on database unlock [#11014]</li>
+                    <li>Remember sort order in Auto-type popup dialog [#9508]</li>
+                    <li>Fix database password clearing when modifying key file / hardware key [#11001]</li>
+                    <li>Fix issues with reloading and handling of externally modified db file [#10612]</li>
+                    <li>Support passkeys with Bitwarden import [#11401]</li>
+                    <li>Fix various quirks with CSV import [#11787]</li>
+                    <li>Show Auto-Type select dialog even if window title is empty [#11603]</li>
+                    <li>Refactor hardware key code to avoid deadlock [#11703, #10872]</li>
+                    <li>Show a clear error if hardware key is found slots are not configured [#11609]</li>
+                    <li>Fix signal/slot disconnect when opening import wizard [#11039]</li>
+                    <li>Fix setting window title as modified [#11542]</li>
+                    <li>Fix assert hit when viewing entry history [#11413]</li>
+                    <li>Fix multiple crashes on Linux [#11513]</li>
+                    <li>Fix backup file path time substitution [#10834]</li>
+                    <li>Prevent long-running threads from deadlocking the program with only 1 CPU [#11155]</li>
+                    <li>Hide the menubar when menus lose focus (if toggled off) [#11355, #11605]</li>
+                    <li>CLI: Restore the original codepage on windows [#11470]</li>
+                    <li>Passkeys: Various fixes [#10934, #10951]</li>
+                    <li>Browser: Fix cancel with database unlock dialog [#11435]</li>
+                    <li>Browser: Resolve references in Access Confirm dialog [#11055]</li>
+                    <li>SSH Agent: Add timeout to streams to prevent deadlock [#11290]</li>
+                    <li>macOS: Replace legacy code for screen recording permissions [#11428]</li>
+                    <li>macOS: Implement Secure Input Mode [#11623]</li>
+                    <li>macOS: Fix showing ambigious name in settings [#11373]</li>
+                    <li>macOS: Fix copy-to-clipboard shortcut in entry preview widget [#10966]</li>
+                    <li>Linux: Prevent multiple lock requests [#11306]</li>
+                    <li>Snap: Prevent need for snap helper script to configure browser extension [#10924]</li>
+                    <li>Windows: Detect outdated VC Redist with MSI installer [#11469]</li>
+                    <li>Windows: Additional exclusion fields for clipboard [#11521]</li>
+                </ul>
+            </description>
+        </release>
+        <release version="2.7.9" date="2024-06-19">
+            <description>
+                <ul>
+                    <li>Passkeys: Ability to easily remove a passkey from an entry [#10777]</li>
+                    <li>Snap: Use new desktop portal for native messaging integration [#10906]</li>
+                    <li>Improve entry placeholder/reference feature [#10846]</li>
+                    <li>Improve CSV importing when title field isn't specified [#10843]</li>
+                    <li>Improve encrypted Bitwarden importing [#10800]</li>
+                    <li>Improve database settings UX [#10821]</li>
+                    <li>Improve handling of clipboard actions from entry preview [#10810]</li>
+                    <li>Improve group/entry view resize behavior and set sensible defaults [#10641]</li>
+                    <li>Passkeys: Fix incorrect username fill [#10874]</li>
+                    <li>Passkeys: Return additional data to the extension [#10857]</li>
+                    <li>Fix password clear timer inconsistency on unlock view [#10708]</li>
+                    <li>Fix portability check [#10760]</li>
+                    <li>Fix page overflow on HTML exports [#10735]</li>
+                    <li>Fix broken builds when using system provided zxcvbn [#10717]</li>
+                    <li>Fix copy password button when text is selected [#10853]</li>
+                    <li>Fix tab ordering on application settings pages [#10907]</li>
+                    <li>SSH Agent: Fix broken decrypt button [#10638]</li>
+                    <li>Windows: Fix ALT Auto-Type modifier [#10795]</li>
+                    <li>Windows: Fix wrong DACL memory size allocation [#10712]</li>
+                    <li>macOS: Fix monospace font sizing [#10739]</li>
+                    <li>Flatpak: Fix configuration settings off-by-one error [#10688]</li>
+                    <li>BSD: Fix compiling with libusb implementation [#10736]</li>
+                </ul>
+            </description>
+        </release>
+        <release version="2.7.8" date="2024-05-05">
+            <description>
+                <ul>
+                    <li>Add hotkey for showing search help [#10591]</li>
+                    <li>Add hotkey for group switching (Ctrl+Shift+PgUp/PgDown) [#10625]</li>
+                    <li>Add per-database auto-save delay setting [#9100]</li>
+                    <li>Add setting to hide menubar [#10341]</li>
+                    <li>Improve Bitwarden 1PUX import and support organization collections [#10499]</li>
+                    <li>Show advanced settings checkbox only for settings that have them [#6513]</li>
+                    <li>Remove obsolete setting for requiring repeated password entry [#9722]</li>
+                    <li>Passkeys: Allow registering Passkeys to existing entries [#10408]</li>
+                    <li>Passkeys: Show warning about data being unencrypted before Passkey export [#10411]</li>
+                    <li>Passkeys: Support NFC and USB transports [#10402]</li>
+                    <li>Passkeys: Pass extension JSON data to browser [#10615]</li>
+                    <li>SSH Agent: Do not use entries from recycle bin [#10518]</li>
+                    <li>Linux: Change hotkey sequence used for {CLEARFIELD} Auto-Type [#10008]</li>
+                    <li>Windows: Improve DACL memory access protection [#10618]</li>
+                    <li>Fix crash when deleting history items [#10451]</li>
+                    <li>Fix crash on screen lock or computer sleep [#10458]</li>
+                    <li>Fix search field not being focused after unlock [#10459]</li>
+                    <li>Fix loss of window focus when Auto-Type needs to unlock a database [#10555]</li>
+                    <li>Fix inconsistent TOTP visibility on unlock [#10009]</li>
+                    <li>Fix CSV import skipping over single-name groups [#10575]</li>
+                    <li>Fix key file folder being remembered even if disabled in settings [#10636]</li>
+                    <li>Fix issues with entry editing and database locking [#10667]</li>
+                    <li>Fix key file text when provided on command line [#10642]</li>
+                    <li>Fix issues with hardware key auto detection [#10663]</li>
+                    <li>Do not override monospace font size [#10282]</li>
+                    <li>Perform group sort only when group view is in focus [#10202]</li>
+                    <li>Do not show decimals for attachment sizes in Bytes [#10595]</li>
+                    <li>Prevent merging of global custom data when merging databases [#10452]</li>
+                    <li>Fix minor translation issues [#10635]</li>
+                    <li>Passkeys: Fix StrongBox incompatibility [#10420]</li>
+                    <li>Passkeys: Set RP ID to effective domain if unset instead of returning an error [#10384]</li>
+                    <li>Passkeys: Various UI fixes and improvements [#10427, #10608, #10609]</li>
+                    <li>AppImage: Fix URL opening [#10624]</li>
+                    <li>Flatpak: Fix application autostart [#10563]</li>
+                    <li>Linux/macOS: Fix button sizes on modal alert popups [#10500]</li>
+                    <li>Linux: Fix clipboard clear on Wayland [#10500]</li>
+                    <li>Windows: Preserve file-hidden attribute [#10343]</li>
+                </ul>
+            </description>
+        </release>
+        <release version="2.7.7" date="2024-03-09">
+            <description>
+                <ul>                    
+                    <li>Support USB Hotplug for Hardware Key interface [#10092]</li>
+                    <li>Support 1PUX and Bitwarden import [#9815]</li>
+                    <li>Browser: Add support for PassKeys [#8825, #9987, #10318]</li>
+                    <li>Build System: Move to vcpkg manifest mode [#10088]</li>
+                    <li>Fix multiple TOTP issues [#9874]</li>
+                    <li>Fix focus loss on save when the editor is not visible anymore [#10075]</li>
+                    <li>Fix visual when removing entry from history [#9947]</li>
+                    <li>Fix first entry is not selected when a search is performed [#9868]</li>
+                    <li>Prevent scrollbars on entry drag/drop [#9747]</li>
+                    <li>Prevent duplicate characters in "Also choose from" field of password generator  [#9803]</li>
+                    <li>Security: Prevent byte-by-byte and attachment inference side channel attacks [#10266]</li>
+                    <li>Browser: Fix raising Update Entry messagebox [#9853]</li>
+                    <li>Browser: Fix bugs when returning credentials [#9136]</li>
+                    <li>Browser: Fix crash on database open from browser [#9939]</li>
+                    <li>Browser: Fix support for referenced URL fields [#8788]</li>
+                    <li>MacOS: Fix crash when changing highlight/accent color [#10348]</li>
+                    <li>MacOS: Fix TouchID appearing even though lid is closed [#10092]</li>
+                    <li>Windows: Fix terminating KeePassXC processes with MSI installer [#9822]</li>
+                    <li>FdoSecrets: Fix database merge crash when enabled [#10136]</li>
+                </ul>
+            </description>
+        </release>
         <release version="2.7.6" date="2023-08-15">
             <description>
                 <ul>
@@ -126,7 +292,7 @@
                     <li>Browser: Revert code causing connection problems [#8665]</li>
                     <li>Browser: Fix socket file symbolic link on Linux [#8656]</li>
                     <li>Flatpak: Fix launching browser proxy service [#8680]</li>
-                    <li>SSH Agent: Fix paegent support on Windows [#8619]</li>
+                    <li>SSH Agent: Fix pageant support on Windows [#8619]</li>
                 </ul>
             </description>
         </release>
@@ -996,7 +1162,7 @@
                     <li>Compare window title to entry URLs [#556]</li>
                     <li>Implemented inline error messages [#162]</li>
                     <li>Ignore group expansion and other minor changes when making database "dirty" [#464]</li>
-                    <li>Updated license and copyright information on souce files [#632]</li>
+                    <li>Updated license and copyright information on source files [#632]</li>
                     <li>Added contributors list to about dialog [#629]</li>
                 </ul>
             </description>

share/linux/org.keepassxc.KeePassXC.desktop.in

@@ -47,3 +47,5 @@ Categories=Utility;Security;Qt;
 MimeType=application/x-keepass2;
 SingleMainWindow=true
 X-GNOME-SingleWindow=true
+Keywords=security;privacy;password-manager;yubikey;password;keepass;
+Keywords[de]=sicherheit;privatsphäre;passwort-manager;yubikey;passwort;keepass;

share/linux/org.keepassxc.KeePassXC.policy.in

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+<policyconfig>
+  <vendor>KeePassXC Developers</vendor>
+  <vendor_url></vendor_url>
+  <icon_name>@APP_ICON_NAME@</icon_name>
+  
+  <action id="org.keepassxc.KeePassXC.unlockDatabase">
+    <description>Quick Unlock for a KeePassXC Database</description>
+    <message>Authentication is required to unlock a KeePassXC Database</message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>auth_self</allow_active>
+    </defaults>
+  </action>
+</policyconfig>