From e9091cbb8c2da4a5fb7d78df2d3672677f20ffb6 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 2 Nov 2022 10:32:56 +0100
Subject: [PATCH 001/170] [Rspamd] Update to 3.4 (fix of 3.3 Bug)

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 05d5d83b..828b81ad 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -76,7 +76,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.90
+      image: mailcow/rspamd:1.91
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow

From a9871d05b2349390e7ca98d477aaa95220d80c93 Mon Sep 17 00:00:00 2001
From: Vermium Sifell <vermium@zyner.org>
Date: Wed, 2 Nov 2022 23:42:37 +0100
Subject: [PATCH 002/170] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fixed=20invalid=20?=
 =?UTF-8?q?regexs=20for=20banning?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 data/Dockerfiles/netfilter/server.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/Dockerfiles/netfilter/server.py b/data/Dockerfiles/netfilter/server.py
index 382a3f78..1ccc150e 100644
--- a/data/Dockerfiles/netfilter/server.py
+++ b/data/Dockerfiles/netfilter/server.py
@@ -97,9 +97,9 @@ def refreshF2bregex():
     f2bregex[3] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed: (?!.*Connection lost to authentication server).+'
     f2bregex[4] = 'warning: non-SMTP command from .*\[([0-9a-f\.:]+)]:.+'
     f2bregex[5] = 'NOQUEUE: reject: RCPT from \[([0-9a-f\.:]+)].+Protocol error.+'
-    f2bregex[6] = '-login: Disconnected \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
-    f2bregex[7] = '-login: Aborted login \(auth failed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
-    f2bregex[8] = '-login: Aborted login \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
+    f2bregex[6] = '-login: Disconnected.+ \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
+    f2bregex[7] = '-login: Aborted login.+ \(auth failed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
+    f2bregex[8] = '-login: Aborted login.+ \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
     f2bregex[9] = 'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
     f2bregex[10] = '([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+'
     r.set('F2B_REGEX', json.dumps(f2bregex, ensure_ascii=False))

From abfad4e0257c8865f1364843254992dee70468cf Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Thu, 3 Nov 2022 19:58:06 +0100
Subject: [PATCH 003/170] Add new action Check PRs if on staging

---
 .../assets/check_prs_if_on_staging.png        | Bin 0 -> 72671 bytes
 .github/workflows/check_prs_if_on_staging.yml |  33 ++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 .github/workflows/assets/check_prs_if_on_staging.png
 create mode 100644 .github/workflows/check_prs_if_on_staging.yml

diff --git a/.github/workflows/assets/check_prs_if_on_staging.png b/.github/workflows/assets/check_prs_if_on_staging.png
new file mode 100644
index 0000000000000000000000000000000000000000..2e0fc7ff8793b23f3da9e37615d57f8b7825c430
GIT binary patch
literal 72671
zcmeFZcU05M*Dmfkwj-j5iWDgdiu6us0S;1vRB0kDi1aQc^l}sdr9})q^xiu{fDi@g
zozSZS0Z9ZTl#oEeFShslo_F0pe(U~o?;m&85|$yE&&;0Ld!GF~d-D3B4(JjM3(cuh
zr!GBESJ6Lp>MY>YsXvncI!Arw^<BCr)L&=pm9&*kovMLeJhnPZ{r`n$>Ly;NPF;Tg
z{ofx>ldmtFI(1U}Kt;*W5B!yUA?5l$l0fEQw26FfHGPgLBACI3(I#0NKu>S@_w|qQ
zsy<3L&e||DU15Hxaz$$1dOnv)YFR@<=);%W+$Tq`xd~q5ckTsj9qH`#!q$UM_R9*&
znn?x=Mhg@23-Vb@5TuZOb7@OiSyV)b*~Gp(>;I}bvhLrMyvF&vm73aBu6&al(YW*b
zmD~X_FSf{~=Z`q)e>dBtRGjqj<@&3yU;S!4bpz(zpMA3v)m47CRNFP#%c#>8D!)78
z>=O{5@;GF3xO???M|yUth`5gJzxm^Tcl1iEe*nT7a^Cdy?|xJgO#a7^N-xj)V1<yR
z%kh6GtJyL%XgSS{h;hx3WbqG1T;J0EkB4CDxCiIH<Y;V+BcTaC*i@r&F_ZqHBnITU
zyK|Nxg`E~{eXE}%{n)Ap1SbIxFZyq8TJ}6wRW4voyXRgWZ(W3XLy#2SN<CM2?dQnj
zRXa=EkmuU}Nz@(}E45XvQtC~dir2mB3NuXkIU!NYy(Ll_JIOn%^%j5gXCnS|2lubf
za!fkT@tE3jHI#q3{>40yjrh?Sp5OOt)>bTa>uhpDvaBr^hTR<}ZJP%cLR8p;iN^S@
z^Y&klLhvQ6I|st6qo)IHw(`Lq&~{b?PP^Nyjkginxl0t+_Gxufn8cm8rA<H2ANbKU
zqNspYiw?wOg${|~`NLAUAe+o;QU_`C_FPz8C!MYha%w4_Yi&r{T{luU$t5FAESVL2
z^UBMl1zIk%!)UaLi@~+cF3sL<=hmQl0u@J=cc<Lu@68?DBvcgx1<a(}6C4>K@qhYd
z@z(YPRo;4+82cww^~cI3urd^QZq&QtsB;YcA9IX)sV%Qg(Ey9H33TjE31@Kjvj-V3
zLb@ft#I#Zdln_o&ctgrBCiOj^QbeyEX@O<y)n#-2SrRoO|A5(c*;>DsD8gO=xW5gH
zbG?3{j~32sAYujk`WQF~36x50-ng9V-?j^&8zl98oJiCM`)l3kyZ}FoT<<AGf^1gC
z%JSU_m-UO6zyjJWw8^hEx8LB&Evxv&PEkS~B;iB!b^<=CLM(6~e5`poz0u_ShKyZJ
zd9gI7S+Z_?k|^O~u}z`C5=xaj;UCAJd-Q=m;|rx4K6r`kP$YF1i~t@a{_>BG>lfe(
z%a7~y%vN)J*+BN03S92wWh4JjJxU1w{d0&1Ga)Kl<PG6fMh??m2OY9GKxgL_+(Y~A
zoTVtoO1$KgW&_Ay@X;48ax{^$VqU#xd>^Ls*ajN+XBW@Sn`&-+3$M*xt}cfw>T_4d
zTmxtp_T)y%*-~D``32-X-B4(}?~^E;sGz!tZgflGTKMc88xV&C*%A$_*1zRFJ}0Pf
z=jQssdGt@;d)r<8!0O5Lz>DXPo~8tK*Ib<JsWEtT>iGVm{7&|~NTqnDF)urx@g@<G
zF0meZGLF{w`6ESG2vlw}9rK|&)se9WW5&OV->RHDFO(>VvkM5?yzjgLw964#^ik<+
zToAAhsGoG_pci&2H5dWii3(S?@geGMijL^PJI6@5n)$jlM+Xjr-0n#hb2l`MMFx|1
z8T-^2yphYiKO9HzEfav3mKJUzGNM5XLrDX)-9kHM^><^AkJ}2yP7g7bb!+SP_tGsT
z22N?kKY9`nL<`>$aj|<mDq-RY`Wl~lSKOzMR3`kYS@7wnr!#&>YN;}XRsOPw+iuf)
zj??(O5;nn^;I?wbCMC6O#|w~z3%Iy^zmNBRdTrN#GtTkHnmA|6HwJbIa{Fk(w!Fd|
z!?e57o&z^K?10qGSQs~8E<Xqv&3MXOgMTx?vDPYBBhp?dE2vOVZ2~k%y2lK-SP!Y0
z*){b05gK#HMO^fmm;iN8vJ;sKKY9$%)9RvbH(mzq-nrPVAScna68C0<2L8v3Rc&23
zbT{s6(?@yv1CQ}UOfs9FUS{AnT3tGXkc@h}&MwDvA`xn!VYT}<44+F(?_&5S*Iz7&
z<s)$Pn`JRIW|2Nw`)_^N^eow3)-5ntjgVJNTwkO>R{zu|1wl7=+SC&?%W|grO!u4F
zpgESU*jQuCqI{XHA#a;y%raQaZ9@q`2q)xL4pdcjWU<FL7}LfE8c`0_deb-0+w{9d
zQvGYHttHoeE;#vXF_2G=FTHUy+4<_R%maCscd!e%RvlHsgYemW9o21K11Yw6TiD$5
zUrtn_>3bzT<Xb|zw6yLCk#wZ+#u!>2lX|ZhdjqgiA+=7b(D=3X2JO;oe?2K;H-X*f
zxnJr&{k7&>)A2m*t7&`u*UYlz%r*|wX>%E6H^rPvo$a8I^VGQx7Jhwuk8P=rWu*h=
z8Q2=F!a$dJmOyICr9^J`Jy+eyvnksMT-_<YXmT4{dK_pIwe*lBxjQ};>%CR6TL9Yy
zaOhu#XRP<m%1!os%7>;1Bz@4_if^b3c;UFiKx-yA*T<+SEE4;}kv!3F&V}PA5$nBi
zrVv}#43g&qvf3EZ>YB7W_nn((j2=dl%nw&@3=_-00lXJ0YJ(QfSkFRy`*O_eL4!Es
zX{)*^200AHSQnm^Gu$)hPBuRf5=$1ps8Z3W>6WN`^tGqAx|g2W;cf)49xJYi(%Eyf
zJr5Vyt)+V@E}|kJHsO!3#PHhfd{Hv_USn#b38^L5a_i;bHK?NCa9J_2w+LU?eYsED
zSQ`LF*LQk)VJ`T~Uj+{Lpv}6Q*t>5$ng;q~uaOZUlvO2!RhnrdHR58!@ZW^LKJ&vS
zUW+d#ZsDN)re3KaaD&C=*77a)Awr#n7?Zr^j-SbXf_0nk(wozB#(gn0T?gs)PvBqu
z2AJg)<E^DG#RRizLuCleINhvmasLNqky64bw&fi)Q+@k$90^&nx$7mym-}Akqb`3C
z(^}hFypv~fyXHwd_e_nS%eZSu{#C%mS?vU(9Gw$E_uxp-te;r-u79%PBC;xN>ov&v
z2dKd01zd`@aU7iGJUMU|)yeX5>&mm|vqI}W+)dw3T8CZsw2ByXtAqAMa|GX_TlC4;
z+b(ds$+?omkysQ;boT$YHY&PnjNpg%T>z=rO|QP9t-solz!RrEZBJf`GtgJK>l5H~
zRaF^OPK#%QZv(mD#_n(6L9?Olt(Fn(g<Ippn8}Sp?_E2C%d?-iV2n1Zjnn=K)$N5*
zX~Wy8^novJb|h=J1)bSDdO>b~7|*eD-3+x0SJ|7@v~ACn;wqY3=@zL^3u#<wK=G8#
z8;|*dGfrSq1@qQyrFqK9z^9Sp##_zY4SBJ1!|{@zdbIZCllzO_MK=#Z-&@t0oafz8
zFy~H6>|e7mvt9d?tylLrEy*W2lf*Df*V|Qq&R4z)3dB2Te-Ask$3{g;)(G<a?vwew
z+}!mt$(S#QR-M!G0X`0o&u}Qd8tGUoHe3CMLyamXw;c@)V|virptZWKJc@I0gyAKd
z?ZnD%^;@mgGNzM?y9l6v;MdXA)9(J@MFl-x>-wyHOxuZ2H!eU4U;%ia(m3_!%)xwQ
z*9T>eU>;pVfj4egABI~?$EmEMMHvCxMl*o9R^5;K2pketyLokm;Km=y>5lT(svIeb
zP0}6?zT+$CUGD6f`gQ*x92gYc-~z%>d=;kL<ha~XL60j(PP^KPy4ZdAn_pDx^>RwE
z1Q*StQCS`ExsDuLwSlvb#;yZkNhQ_9*Yom<6oTHt<CCX%&L|)uXVUN0R}&|L#TK|E
z4ybqyF~D-2MSHM*%1zLHARf8kmbhY9zUQ@P15F(6Gh4Gp>ia{+>q`<jQu<edRqR!E
zXn7kCUQ0ipPL7`HeV4)|-qJg+&EV<pyY5Okya2aYU%bt59;%9P-DhPUFBpgX!6j^9
z6OW@X9QpLM)-XPZwsWAU#PH|r{%1`>^4@!(`_HdWs>=oxUIoMs$DHE=gKy921PKW*
zB2^SgHFJlqRCla!jQhKYor^ziy457^7|S*ze_E@h_<kmk+*&>sGHHnu&Pq1prW-B1
z6koO-0$L3A$covJ_}eY$@U*|@l=()%;FN36)e@j%ga!jZH<X7^k;%6(9(+0Lt%0ta
zXl_wQYaT~0tnnr&V)5|X0~xCY)YJ|C!_5^j-4=N#<Z~{-k|MEKfK~BtjiW@z;ZQa9
zwobN()`E}g@3RN4oyjlEIr`X9oqG0k#Yd5FW&jry^Px#S)<E(S{NBMQbVEi|1F?dO
zkpp#>-IeLlbkJs{^EY5$LQ8{`ymedCQVrG*NC>E1`BLOLd|#1~soC`4F(|6dD@zMH
z-=@ArdEdG)EITe;^(Cv%nD;%Gcr+FGAj@pu>;kf0WJN8SntC@q6iP3QYXWj&<{tHo
z_<RszHGDX)DtjsI4!W<;7DoxIeLDGs_sp(8w(&8bY^t9>=LfXMNHR!e$*r3+@pml8
zWCq{7-X);SXC=<9RmyZ&b`PW0?K(uv-GVV#dBK2(57MiNy>+!(M>1;-2eaJJFQW!*
z9*!YCJ`X|q*gx>AdZ}&;-Q*VA85sVeyx*b#NQX7?Cch3#jzJ5#A<}(v{dGXd6+lM+
zjk<D=?50$$al_vrK*i%LDRL#_DXXA!yWRVd<c;m=n44F*uA(xl+t<SQS3Y)0e-KL}
z1VoiD>1HP2*c!XV*V}YskJ3Z*9+`klWs@*O3)s`G)0Y<S>cR;-jf?b9F7XMY&Z$8y
z>~+Gp5c{~PtmQkCcbf~hxHLxgKGMv_CLzqAJtV~GV0Loqac9Jjql||jQHB1y4Ty7L
zy4!(YlUeV3CA(h$R{E-!o)a;s$%mOC#N^Rd%vCnY9T<8Cn?8D}4QVDYhZg0^B}-nF
zpP<h=C|T7zju-?t_5`~t@=6H-g@#$%^s=@)?=|)u=W(dTwZ;Tcu5=VG$H05lw8O2$
zFP<}fZKZL&JH1BC?bPno*TJ;#HV%+6pC-FhGXJ2JxKE38J}cl}?`9QK<9QREK$KT`
zf2XcmTw6@bfZkV(Mk^ij_}S;VI!l+AFNcDj72W_OQi1UH<(Y;9{3=SW-X=`|k*9A*
zIE|i<5>B>FG`rvQ*UzL5^YTSuEvYq4M7<E(XrCb{K2&zM0Sg!xHhr0?I9@%op;i)f
zBo%K^7ii%T31nY4+-u}Os5bAjT=5F<;rtw~{cI;2oM*F)KaUBwL<%Qf+^qJ)Hmr1Q
zEFug0+K+U5=XBlTpJ$xwSq6o0q5M3HVsJ$ZjY}BMO}rR$Df^uJ^f<fq1dO9^x2m-y
zG^?=fvSpx2rr(agiEW6n-FScjbhpn!OsU0E%C$LA?$hSgESj_umH*g`se6qB8npD;
zj35}5k@;6gA+N(U>uu`sB4n%+Ik@`nA}!p5a98+4hh5B~ZLK4kmDgiI!C~h%Z;Lbu
zfYPUfr!A+}9zSua(aU&>!jP<<r5W_bWR$2H{s5_crr1E?34&!Qx;;y_Dk((imTwGg
zhm?KBT}`L)1XBo$y2UdR!hm|zlIDxW^DG)?67eq~x8YM9$!vtV96`S3*jY}xHea>H
zlT{;xtJc?*?rV0_h7m%|nsKOr*``w?8^f4EW6L*e(O>hVCp=G%H|}A08(L@grZVOD
zc0s8Gj)waOri^r?RVn;f-mE<c(z0DWV{pz*=5`S)sJV1|A?O4_!|Xs|Z&(Zve6vth
zynj?PAFS-s<9(9J``@7Bab-7MW>Rf7;}ffCiL-vJ3)BOd%?lCoPLmYo@5$woGz-c+
zC(RH{vfyAL$dJngYT7eajue8aam6(n=(M>0v5na;^Gurd!k^1aXFZ9N8Db5{UBJox
z3-DM{|A6b!YTu$mny$5!dMDQLf)2>IXqf|}8ur7X@b8OBu?6LBr)SK{DqA62{&=#9
z{fEDp3ppgPFH|l$Pfb;|#wGO&Cf<5%)P5QM+R#W~;O_6SFH1k-LvPnss*uCeTix}l
z^WNckT)0VbYI0qjbZ{`^=_s)vC=m9^-;2uy0K0Hheqw!)^A(P1g)%~2O@g9<4hr2z
ziVK`<d0SyK#?Fd)$e}xJ8cO00JMy(QFL3weRna!RTLoj?{${5>hYy|>^Sza}2BU$$
zZo5}cWep4vCS7<5?;qG9eH3X0i(w5<?Ln?jz5&dN6<@rXgV}4ZPG#z_d-^*^tCIHl
zz#`+*N2^h!2($Mc{Kg^WrQjkPmmcGLcWYVI)7OUW?qBe%R-Q7UXS%+gU8}m7Euur_
z`~~>FFv=J#T7=v`6ddc2x%8#!@PUlu(8<7oXq+R`w$tFCv%Ih94oxC@^}u+5sOYD)
zc9&soJU*43@v??reqQ6l_QGbqKwCU0mhbx+EO!GMjuybans~Vb`>_tCF*GUtIEgnc
zPLre1_T$^9K~~(km8Bse6|(v*;OFD~4m8Pf>=A<>nE=<Uf2G97T{Y}d^1M}MMfq6@
zTvdu*4=Y)i6a^Ys0xHUbKPt?M7gTR}$i5S_u&Og$TX46?IXXQfbrHGteAYVX=}_LC
zzu;*GRr7)d8VkET1!MLYbbPh1M&JTiRMNh^@Lk9w@;J>~`&DAg4Zp6zM`%J1?9nX+
zi1}L6Q=2*yf-2|6Q4#o!Q6BK%!*WjTr#4HqxXGY^GVwR(vf~EMFrLw0l0i_g7jxY%
zw#&I3B-CgcA2!eW_m`OE2ccOV*PD?u@5M~~8lYtvjF(^tOr#A(WNNfnFRH;-p3m9N
z`}9u|fCo0Nmx9JJgRI&f<`o9TujPrL<ZuH1CttljNeDYpL?xXyT_IMto;7%({#!O~
z@J4#l`m+bo|Bf49R<AHPL~l#p^Pw9UspO^)U`q(2YvUP45=xj8wX%Zl_<~nL22`j<
z>SM2YF@4W7=%_)=^P5d-&Bg=bMu)Sxhk%6@ngOjqEC9CJhYc{v>7OgMH3@#m?nf36
zo-NV+ns;F(e6S~oqm7?Vh21${%d}eC2Y66P?0k<!EGDpd#Ays<RF}M##S$+16E=-8
z?++5=rxfs|mu8(q%@%79gomfVeAf<I9k<Q0g7_2zwdPK442*HuzyD++=6e)|hc(8!
z=B5XIL{^>oZd(xlWwXi`Pxf4u{2~W`kScwRNxj6u5pQLyB{35e>b~8<IlWq&D1q5P
z^&8q>mf57Dn|r<_M%v8v@s3^9hBEQ*ZmaKj`~HZdGy-UlRp~9_h>YakcDtdKeue_L
z&PN_WX`Ou*(kNWPpHX)4w4}?QmIhb86P!8=NADje#*WvP+79hgxuw>34@!SAtxSd4
z9_2Id8EOdy(A+#*ARkb^Nv{i{6wjwOJ)Y^_r{u4|S7@pbAK2e4x2A15J#IZ)3G;b&
zW>MawYG8hKcUkGkEk1Tw2Kw!c0+3g((AP&^tv;Ow&eE{WD#G;)ShOgAyRj>HGsCv;
z;94BlD`XJ2@IuRdQa*m+O@>-ebsL*SV<XHhPbl7v7wC3uFe;~ULTs@CsUpk+XP#}0
z7dH3@)<|rM{YXeAgME7%xaRw9`M<~-BpI?M#g^UZ`=(%#?-(yr@q=RfP7^(Tw<rc`
zHfs#rP_Uddu7p`Ru>4?O3d-HX?jvf!&qJ=Sl}Qf4s{UlZ&79CIMug9L75^i%-fAkA
zZO116r1Vya&Q0T`@RIg?2<dQlHt36o0JeB&Lefd2Lw5ffcmw$AT}CrbkLGNdOMa4(
zpjRa-E@-(yTmKhT{ZZuZ&F($)03DD^(SOAlA5F(5x&hP0#5OL$vVb8fZWbb%%^%Pe
zg0HPp#;k|f{XbzW;Z{2_t^13@tIs#L(5Yx<K%)MJSErB6xAwpToKe+2hS7FAjdx6A
z@Y<KsFB!JuV_~y6&q~zrDx-TVA7RTxFmJh1O1UyzJ8Y+Udt!3M8Re}qL>DSpRRTdc
zzT3Vs<MPSHl_QAC^Bh?psp|%xj2xiO)Ae0iS&sZ%y1Fh0xEQFFlv?J~pM(VEFMkpp
z)SJ<(F-scG5?Y8_$xv|P!*U{p&2E=9F5Q*mn;=Ub(e)O_I@`{EW7mJRwW3cYP7Phs
zxb8mrX=$Rd;fSFkjn{YDqTbGx%%kOdhZYXGzShOkrI#|emnVYLtZ2Rz`_D}FL#*VU
zf`z$YU30EXfD7cvZBw$iyWC)DDRC%F->THC>bd9#zPVys!~Q66*jxT8uB<z=+$ADE
zwS=cB`cc+~1x=ej!ttwG-9l))VbSw$MVh)Aj{v{-(T52WuBWneJI8twhhR-2Z!ERb
z8b?<W-o_SrnH9<MJDH3+KddD~R<EJv?lAn)2WYRYJl<M<$MxfgYC9d#a~D>mO3Msj
z83KKFwq+0ZH`@&GJZ>Fe4KMj~je2m6=$<?RSpmi~TkP0QKvw5GW+5KASy^6j?AkEo
zn15|K8Zi<6r1rIG;jJQBdmOIko>JojvES~;-BmN+=?eNz0UMHISiD}(LkLzxY?-1)
z>&{@~Qr`}UJ(=HrI1H-%f!6UM&(x%AF~|1@OW9|!F_7B}<Jt{x>#>EG2=#e|2=4M|
zxiaU*wV&x{Ikz8BVM}Z{Fuj*$Y!<pzoy)6N`AdO$n!@Svbv4*CF~rDG`FOi4zjV~3
zS?1lSk#EM+=^uhk>A9%1#`p%D)JBb%T@e0tPcQ79LD9g4gTv3=9Q#bOIbOPlhc;du
z;lvLJ$=ny#vWK!Xb+_u2b`Jd;_AXu$l&-RKFqXa7cmB6Y4eq!!e?(@}8qpv9DX+%_
z_@VgVAI&VobHmm+D7R|evwE_XMBb`;Z*bPSWzZ`O?vM#f{c(62`Gnl{Qa7~;_wrDv
z4RyB1n<n=CUhC;)R4c^&Gq9(ZqEtS5+PUf9k2~p%#4MiAdgaki3sf{JD8t;SuGp$D
z=OuqW{wXVznKo?R5kCHUSNwsK^4UI3;qVUvIg3bDopccn_0_#1RQwi_^kIDv#Kv-C
zgBoi8A&&buJZ+N`bHPS^#_|mGc{%r7-Q^kR=?p5*6S)cKJ){mKAE&Xdf*AUj@|1w0
zCK7Fj3)?X?#06i@-L((@+?akv&uKsOg{~}a(U9@x{o$;BY9E9&kX1<Nq=}!!%a6g=
z?TU)2-9E@TH{*4ko4(+G^qFNieq6PUnp(*VNwAxHCsKU3BKz;vRQs6jDYZ(ld2wI|
zw^#*ujcTo}^12}Q@Ki)u_%*$?f2(A8s4N-i+294iHbuR;RU3XkSholea{L*@EaoC%
zp6QaK!(|CBdOmMd7e@`4bdCx%1{P<JFHrXwgUH-?X@8!`Yjyj7iF195Rc!~&>^Jwh
zB%LQ-j0zgA#l!gu?K&9H8NZ=GPM(NwR$ykx{&vn#p2&VQ@f(j8XO!K)yAgJtav$T$
zqhzF6Wrb|1b{g!KZeZ`LIv~b!inARbQFr_Kfpg*dRaOV!fyh_2VgHg5c|xyCx^pds
z>{hTd!P@ZtwE={r6UyiF<Px-pM!?d!a8Fz0pJbi^W9RgHmKnj9!EtYbtl7W2RQj&d
z4s|p%zh#%7vLsKaO5CI&NcY9#^=JqKL~>-$Z(w^)3sbC(;~8jxVEaeY8us%<K6{0K
zA=eGZM-G+TzUj<F4G3sxd-*WcNIb6p7Bz{t6Y?bOhXGsemn3w7gYf7SkZWmKZ5}2D
z#P<3Eht!>|JdyL`<twr@=++cEX#1U93GrXyj$6`U@_tlAJuIoN`9W{(qJDEpR{fH~
z-?Q62R<roBsT?pgzyiBpGW8m)_*3nWwGi`9W513WU}oB1#*RP8&uwo)d1d=wlkrwZ
z;o|TM&tz8oc|PWe8@*rEOHoOv_%+s)3$d~dV|kWCAT3n=R0+5$V8J2y%Fko8BmQV>
zDlFG!kye?b-mk`kqw4t<tmkltWU+Me$(Y)qi9sD8WI+0R#!n>5P$T~LBzS#FjB1d%
zHz2F4dXv8+QFBAe<k@bN(|u$}J@{u3Z$F5Iumo%`ik#xKlxbf}&7v4CK1MAb53+tz
zxKP5M4=>8|{W5<|s4Uq7f?esBD9IDqmT!zGuhcW3hJCBe0DXfNT`K-O3#5U)s?GYf
zH_)nV6~#KkYBg2OdbsBx_a8K`o@~iK#n38LgwjZVm4unLu9L#X+>{@yvqR%u%*PAl
zt!vyCG|5w%{pZ3-<Y12Q3+!R9co=_6vurE`7we!<?pHw*iKZM*$n5=Jl4a=!WzfcL
zJ)MlG*qA?#@0M5lqdZKHFG&eK@5hy7m#~ZYQ(YP(_e)@o&}K{RDSlnD-_9lVW5@BZ
z*;z;$)4j$Ih)YY5uA5F9F71}YZp!(7z})35-THlS05U_^vrH8okUy2Bf~PZhqX6}B
zXo5=4XwgW!ok?m4Arh+iXL9nZ;^yBQD5dl${KfI|+3;6Ano7|_V@<9cye^9BURFs=
z`NA+$K>ffBpWIYI^1OMsib{e-CBo-9`&CR$_cMn*-uh~UTSf>W3VHMif0f?I_jhcM
zmhEIw1-AQX$kNM5^0?TlNnc0SMw+Tog=tBfXmgWfu%{K<HF`ZC7MXx_YHzC#SXqK;
z1YOu=^Owkl82-=y>P@rXWZ}tsF0BgTdiK}F0euBmzKiS;F7f?(=(n4=lvl564H`3p
z_ulY?9-h7&s}OzzFyR~QWW8oo_wSCB!|Vj}$v&*#^hNhR8Tti+M<$a^-5r7pjX^Re
z%l$Twm*SqV=xsRzp2eBV`L@=dLBHT(Yf-60dS_q%$I;55h$F8laj<qjVZ+=!8GKy1
zVs!J}gU%1udXJnMbNpYw;z3RDJMbwUe+y&3R^ac&dNcShL6_3^rLh+yX(RhJRSXw?
zg<DZtRpr^we(N0z+X|eaq&Z*w_R{eKZq^Jogax_W&36dyJ|3Wq6R#Mu<heO<e#!M>
zLD@mz6vEem<Hh!y)b%j`l3Bj5q85EVk5*ShMx7TkYMr-fHs}h8Q#wN6U=<(NCR2@1
zd(SY-^bwh$>o+bXlsNMjm<MLfGz4*G-iyV5cF@*r%>xLt$SbW0n--ju-(Oocg4>MQ
z8gGmbV*!$`AC@ObtwTpw>GeVaw}^~;DaDpe=R4Ins9Xdx5a&zA_gCeEJ2;!lRa7Q2
zerwWizB+#C&syMII$5#Ae|6XC%W69UL*ZB-ey38$mPP6E!A6sSB~jTmis<EX7&7Yw
zOsP5{>7lj>p(l|+`}^lT2?ns8W215>9S~IEX`O8N;BBeJyHb`596HfuN9HC7f*teo
zLJVBTV0AV&u{Lix+oc~y=G@q1?>U2b_q517bCuK=8$H)_=|xq6O_xqdlWUu|fD`vw
z)y`*`-hG3Rjk8tOm;-s=jZuAaIcFhF+N8vOow&;)*u&U{ic>MDaH;v?^Qtl)f1U?@
zpDSDn=NtUx^U5<Bsvla3f1}C(w0HXhI-VuJib~@9yYx-Tav{lNp)ziHyd%Hkyd@>@
zxXJ$s9Jsq4+BbEw)106vV|>oJ@sdJ7T|y}7Jdw0**)Kk9Z#i#>yHqi(RjOm<^|8;o
z*2C@Ub4|rQi1Pkl@J?&nc3Z{=xLn>^9^HfJ{KmjrB^AP~4fiEhFQgh0U)C$3_5T4!
zQ!;BkY0{G}ILM%_bN0%Dber29KPy$~d30&*i{}=~a8c!DBRWB|Ms!$ivB4M&$R?ja
zC6(`yEUHo<lIA*`oKL4|fmFd;d805yWd3e$o3a60iDRcGgG7ZRUFczJ2%KaRuDf3+
z+m24#diNFWjyXc5Cm5ZdM|1ZViig5Zj!9=zIUs=(2GptON-@~+U3PoRZ|{;ccr-B#
zvaz1=b6g0F6PSajoQ#;ZIfun;+6-8ZxYZAsw^;fZvh2FewcbCM{1{sFXN*q^GyBsH
zJ7<}b+SppRs-32mgUw`HbS#hI2qaBlK1f}$vwr!L-i!xTSqDr@<LhR|1!rB)+id;4
z>oH4}tFV;WU8W^H>4%l`9$G#E%<fu^du9Ug?Z<*)<x55n%Yb~*U8bM_2&@FY6^{cI
zFHsXp1RV1&7_@K8ztmt-c<^pbynU?Ignz)+xZfVRMG^CYo7zS11YB$$N>G)f>lbQB
z$3li!IJL_$)iDd7nzFiR0C%};XG`VRWG6G7*X>drE2AHG?Fy&by9&Ef%osIK*tr@u
zZ8B?H+@a=j?H-|<I~9%$)D#Iz<l<UlE^)7$u=ONXIL$QnynG62sc|bOTkp=wcw(IF
zNBEO2Uvo>^Cp8=Nw<vLY$NEZG<UTYOr~nDaPpnalYf$=+EXDiGLuYFTW*rog5pL^U
zLZPePm|!{EgHLS-cw_dY{aFedF;1)D(mTOqN82?Lb&R9qZDTU{fS9Q{WRDDrR2qK$
zT?@DDNaqZyyvnya#d7zJgS>Q3HbW_Gxb_ON@0~-rPYZ%<CuB4?7XW>Dv_jKO@lu}@
z%;09reP{KL>()O>;(~?9dv$=s70272D1~TK_eaxTrTp?Kb+Be_Z3D$J{|v%i&Rn4J
z$hZQVg+(H(YWEqc*qsb6UD|}Zx5c*?3hsDbrH?;I>ZNy}7AQm*3bE!d7gGJornyK)
zxhM_9_IV@SZBAhL7-NawIhy*%G0omG`D6#GNKJtzw&{9HLWB5+kw-6r_A)&BNS3H0
zBye{({NR{wE7_j1mvL+aKOmnFm+<gmLO-on8v8?(EN}P8UKV~GRkpFz3*vA^L$Acn
zFA2LMbM`mvKEBASrI0+vN;<;DJT`BW2^I`++oxGuV~&TO^5u`|YjArNp1XK|&m0BU
zlJctY!V08$+6I(S(ZvVZeBXx+c&BWwbR8=s-#q{u<zr8BAk3A?4-G-Y)B@+<D!?$!
z6`+D#&myhO@`WkdR9sct-=VBr-cG~Ts+z&g;*U)udgmA7ZppedxU{XXQ?=>xoxmL}
z6EH$at@xi&vIfFq;y$9<z`4ZIkdM*4NbsmoX3h5&OO^B7Y+1gS_$I+F45Q&nq*h9a
zWpxLyg5^@Hw^GVmTcg{CXyjsHf5fX}uX=s73q=Is=n;^e>%2z81%jH5{eXUevxW4w
z^H9~FbCnggo^60or5zE3DH-hl@P_uo;U%h~gHWc{`y_$mx-CP=4vrN%>#kC!Yp!y9
z{oFT~dYxSB{27`1E8U!>tcw!dEu6}4ZtiH@bA97FOR5ID*L_zok+YPsj+8|rUa*!6
zAEbU<ZIbO;<eJFfiFvOd%uEw?UR_E&p)|NSXx)i9M_7|e??4g-<^l~T2fjFJ8TVIh
z%}v#?QN{DgMD*U2+4PF6iGc}k-BIdrQ8z|89%3YG3;Q~<Cfqn_-=b-wgg}OTt#+JO
zoY`c*30T>*tikb*20Xj3RHi+XW%IF+U^AJ=$<>$n=D}>}y+pzB!V<2tswj)~7-znB
z2)FI#UePMYkM+~U*zQM-$^EbT?&X&q9Ct}<=UrW>Qhp6~X9+%9;OZCN<_}+U?V>bU
z6s8_QXD@qAkj5$VxFhe8@6Le^v|vG(Lq1V~LZex;8ws{|bGcR9%zg4W4idqBe$m)$
z{a_nFz|~3rsO_O1qv-b+h2L^iME_N?-K?@B8h0|{0{MH_uhfX&b2R(x#r{utdiwYe
zzpMGw_oKe-<Q3ee0M*Ka)=VU{J#>r}PYfue&A{4CdPo3?)&&1ydliQ|(b+=kYA*>W
z5_h5a7V+~K?CH}s-?+|W5>dwn3bM8;2J$Wxva>&N;;xuqw+(`{FkF8`QDPs@bNu^x
z`x-a1D_e%dvl15%m9ifC*KsK;`AdpogMUd#yTm0DeWkgIE6@`Rvq5pw`6-}M=KfKG
z!i7Tlt>)C(;OK^RAm2@6w~<0Ps5f@ulXSDlY<4F>1>B$AndnI_*tHp?iUOb`i-jsy
z0cfRfs!LRW#dne8z+1jjt=-<`6HCiMu?twnBH*3g=iW9;THk3y+)13Im^9Wwlq;no
z^?94r1n{ZX3$~HH{mLqSFLs7!73-&<RiW-VUT~T1vTiF}@gp3-+COH>`MA|5NxZnk
zb(2kKB~sgZK~*vHtf1!JyOHG3eF?57yd)B2>t+`o3py%UGFqM0<6fvB?%R5Oe5Rd+
zqnn<4G{|w!g|x6W`dny~f&p8;o(kLbxn93_t1zzCaA%a{uJyzq9vx-FSMIN(?)|Z_
zd2q+i$3^_l4DsWcQSr20$;Y`<a5Y!D-QhZqo3k8}q!4!s^iB5M{2ziv>&-Ey!fGOu
zc~w)Jlh$43x+1y*K?guSK-r1fWQDVtG{Q0~+=?nNEbB4iN`TKELZdyg3G_GhUTU3(
zBoqTef=Tt`t`Gl8hQ4}5`x}ER*B0fPiE#i<IEUr8)7!K&k8r5f@wwUIdyB9WB1$1?
zA<kfSJ!B6=r1VGbWyNv<I6PQ$5XNB276-n|`QSL@tQ^Av{p8-2)xQ+Cs!hZma}O<X
z;(R#XRIE8xx3$~NmDwf&E_J@3*kXC~*7c%k{L1?vVp@tB=Bf`Fd}F4IIM2|?Hd~e1
zMk;8-QRabhocjSWw)&%9L_=J0`Q(`Y*j1A@;y*4ku9;Uk_M6Rb3%Pw7`%(nkPI5h3
zC~9bF>L|o{2#P{EtXwz(1D_w}38RRt*qsSyFY&BvOHzRQv;Edv9G^rp`mbM7EWCZN
zKMmYke{3(>zYRvQG<?;w5_byjR)`E3=xL^NYyk=1^Rv(!Udhb#lb3b}De+%L79tsm
zRly&#AU4@gImq_&TM8@>uU%V~!0vEDtwh?*)BnaU2VF`^*}S=%CV#-O9&*JSE|-nj
zGfm!da3*g-T6PJCIp{0fJF)LeLZ;r8G?>R7na)=Y=TeTvT&Tzy=sM>+S*2bHy`%ep
z&V}en-UvDTe4bfu>uQs^ii*we1dQn|((ldP{pynCr@02Bp~8d>kWKDivL;&;Y5}Ty
zXrZEU460SAzutep+EGm>%!8#hWT}T*1w#E4jX0%a?MkXeh?Y+|Tu@%lJNd@oz!B&y
z)26RD@C!ZXRa$NhlW|8JVC9vzaj|G}hb(zs`t9C70~sx*J}DrF5)qRcx0-=PEJPwt
zjV{N`ru|hxt%;cs<c?((F>&_Tz-DXfy9g<2*}J!?-v&vfH7;sTPSQ{spodptG_N;t
z4j5SE-H!^BYc06~|40uXdUNes=pIHYOIbc-oZfBp>2?`aKvzf`Jap5??XxJ(J)fql
zR^W>1?f|)z+U|IKEc7CZvjMo4-3ebXTJ@obqI+Pvp*g*gC>2rT7&MpZ9iS|9x}FJi
z4h!NoZS;Ss&59ml15j6kKo3`Xhd6DjQw3ob2IkJiE`1<fU;@Nqc#=cXD&h6r`1u>O
zaB9Zd8gN$I_RA~11Ktfj*<2>(q@5KEYH;1O);o3Fb^44DBR&1h?*ux6N}_ytww_EA
zSrR_@hiCtKXmsdKwxaxPgT19udU#x(kmb=s%JD*AEw7lMX^NFWg;c%5!qrG^uIo&<
z-^ak<mFNz;;Rm?YN06P^;!`UOfN0y1rx2U9+a{8swLT{bV}#mpF&%Awy(LIV+r2T`
z==kmFdCqH`jND>6wo9K6<Fv@v_ZH6EM9a~r>J?RT#P6H&f88E1h_{|&s~x3(K3==^
zSl;4<y^AzRVp)>JGABt?N{hJ=^=3Rf)OmUMCRZG%=wStBH8fO$J7B<clbC+HGv_GC
zB=i|vYaCqETt$=kO%6byDj=T>kEoSh>THMrXgR_uMZ&1cNS>1KFE(~e8Ja#~nbQuA
zTtAE5|I%Og;GNT4KaHYbkz2e4#(7{n(4{c6=ySbh<Xll$_bD7&DYUhCTfOz6Ed1yX
zid(O;zE4e!t96nhwWxx603*|19|-TSZ~ZfHvs^y14SEMmr^Dl*3KCgCi5BVN;;*sh
zFkb`8KV_v&*|-cJ1h!cl1kyFJxOcq#6&nptV$VG2mfdZ(AiK#&5U0;^af8@8OZ?>H
zObPHsSO}>Wc$*7=h&u&&hEllry%?UDqw~PB`rA2q0M>d*f%UF|(IY$aaEqJR>xZ(J
zSUNDbIddKUD@=~Q@e!FP(j)vvsxrgS42rw;iq+bg#9c)U?!?cck0UE*32^vjP@h6P
z5ey|)4X?frn{4HCp=h>I(BieL>=4x5+RcF}d{$_nE}(=b;7L{MabsxDI%<&%wzst2
z7exTSJ*~?`pc8i~-H(_oGFz^89LkIQ=jnzBM0sGMW>Y=;&*#R|<JTeaIlI2o#_UTi
zW^0x%XQtcP(QL-5#>QqS6SbDg@(PX|{}GS;G|EE!?6F7O--c=0i(g5Xb-3QDg-5^L
z@!Z^;oGAD0``Vw>-&H)tAPkg*y;$6}%?O#;)JPRC&Y*3c+>!NlO>)FO1xyC#c_+~K
z(_x3r+I%9em(A^!CCOC*Ia-8V{^%$y%wAAQMUJ-eHP6P~G*)3(JZMYHeI8#HgELMM
zx+#1uFV0Y+(#PF0ClD%-8D2HwdI~2V<&g+E!V&{lyI!xww``S7IUkL*UqEuwOWG09
ztN<AG;OtLzIN?j$GTt7WI;phK%&!VDJKq2F@<oz;j5t?X2+0p~ZESddA!X7Lvvs%z
z3|@$Gz{-@*eKnXya{#Of98(M{VQyaM>(du;VgYQ@Q_O7(3^Eye4_zuW1IeGe^>EYl
zGFIt;Cd(|<3aJQcDI#7uco>6~bl(3`429iOO_S<=F2=m(>s0Eo9iK;4<GGqxRaCD3
zz7=BSFjB6n&v-@u170`uXh?d(Y^9YZ;Eg}$*32D3&`x5|K8oTva1u&s4BEkHuBpB#
zC&n0zS`rUW6Ojr_ikRV0V#7Q+L4NoXh+3YB0#rp&pd1*eW$2YucGKzcpG?!$0v(Hi
zjp780m_ogGN=p2U*;D!xBc2gzieqDc<)*#>=e1WqP*G7DFIjrr6$8Ju6nuhYzjbod
zvaJGe*V)XypA6>nT#KRjVdW$zHr5+(4DZ+PadHm)MuiX7yuBe#2%0z7;)as!L%sA*
zWK#WKC@s~b`iJN$-^1rU8IfQ{7lmCfUAmUZqB~PqP0miqP9&fEKplstmqox1xSQ{h
z5V%2)E_tWe-)+f@F^HCvvlKk;3(j0>fwmIY%mQM@yQeH~KCkn2XBA$UeJ9ygW?<pC
zz=|SoG6qOsHr7>CKK$mn1gMnpi$8=jF~e@7%9uKozp^6V?h=Y<puc+t#zu{w-zmMf
zda^#@<%^E#g;|H=etm%0xr0CS_*+VB)v5|gG0V++SKZkxB?4Zs3mAQh0S)G@sX~>g
zcv%<ug0sY^F-I#?O#3?mO64BR;as<dGUpgDD}rqnWLMUYwxO&Uj<N1-L^VZ?x<?u3
zS|47a*L(Xr+!x+JH@|<y2$gLx57%T6n9xh@9a^!Rh}3S#93gS#VoS1B?U~-yrkdLA
znU<OgRcZ>)G{;eCK0?Wrk{9{1WBS3uYsr=&wrhQd${Br>k1*Zdbi{7HRURjM!2^{9
z&fj!yg^h_j({4}pB%P_diXjp+79TMaP+xeLBW`x!0HUR$LR31dvyV)X#Enns8W@8-
z7u#GTbuwz(TAo%>>S$7xBcTat4Y-ZnGHNkQHy3B_lixD{K%yYu`5UZ}uM_gyb#Ko5
zEZ5)ly}nhHq$kK9aA}6qc(Neb{PB0@Hgwz(%jZ2=vZP+5W6~J%=yn~Izw=Y%<kZOg
zO^D}s3<F}|LQcWO`!6OL>El&1LR?f3F3o=p-3m_i+#LV%m72|XdQq8MYSY928bpc^
zwnrs1$?YMPM0ff@qEr7G-}!4xZX^wy4aZ*)zW(z@3-zbluh2Vi22%f&O6`7UWKZyM
z2eK15j9%LBx4rz$sl!+#oNrU<(v4BwjLeEqI{V6Q9arK6?qL-ODYQ=-$Ej3h{geq_
zy;2wbzwAO8=l_X2ZvU&xc>nLU|7U^!qZTj{$4WVI|MqSbm6?Ho)Pujpe=1eqf7)IX
zx1T*d_@8$qXb+@2(n<WRq5b|2J%FfJq5KFnUjA+~AOC-LVjx>Du)$*yaFDooI^uVX
z!kn29GerMg!A0vT2T2A8NA~=4I}acCT`tX;(oUfLF`ny%FLIxfwX^e;rAmw+-m%Xx
zga3*)Jok!|a?&E4ZkBpvAH>IezYF?V_xD{;-*H?mI4=O{Ab;ho)tXjdc4~V*<&%{2
z%#AjgpPDIEZTNEnV7T)4CKof`0R$&`<=ls$JaEy!K9hTS;?armY2@wy`pne{>2_(s
z1z9qy>ieJqu&}OXkzuL~n%$wWy7&b40X_UvqJG80QQSq}r3dH3V{jYm;BxfXDCriy
z|A)Q8RfBtl0=RDds2k(t>{Bg;WS_hGvbp+lR47pg=~l1s>R9ZDsjaMjR)0`$bp%ms
zFo6-;8i}dmo6qfNegN(7t3r>t7BRRg>Y`uzW4R0-|0?Bp^@=A;#DyDb1)~;0{V>1}
zX!B#~h%c?g{b}I|d_PTm<2zdW(faPu!h1CpT)?*kEB!!1h@)-K&OFXKc5?DS(>k4)
zH%aoz;s6gAUokN2$(XLTVg0jbeFm#Kiy1EbvL>OA;jUjmvpHde5nqS*c=ogSh&ssg
z)Ir{51PH&G)TAg^N|OSapY;Yg&KoWORA?eu6Tz^;=CwiAh{4idtM%4=y7fU^I_3W2
zlsxa0OyR_)M{KzwC8Cw`f!T{>kB^?ROp=?@P8PZp<KJb}%3q{#oGP$wyHuqY$?IvQ
zc;u@Z-b3JM=EVXO(XG@<CoV$oaQW0eR)INc?e@>f=9VXETh+}SYI}Yvpu<=orGkXq
z+ej~5%%oX{;FsQBfM2?o{<a?)dVAgXJ-Uph!)`+4=b}7NaA^}X1F0=7R(=)r-&_&L
z&kk?F_Unq&p^K;UyGKkst%(NsWix26`7oD6?8AV30n$NCq_*Y^?0ZW5qsj0Ewyyza
z0`W1eeuS$VOPXW_m9B+qWw$i>_mY+e>fA0qZJU;!Gg$3sX$4l>9b&m-KyC6NRLtKs
zTtc*H;}85nGUf#y)f=-iyBFC8tJyWy=;$Fws>7Xi`d80W?$*^G4F`R4W|piQ2$?^v
z*r!E4K=po^xyVVdo-Svx8>&B_#w(B$J{Zq{pYOI`MJ%B6^~PI6M5xTkkESPG%k45G
zEg+n!aJzBuG`iOCTQ$P)-27e79R|jK9Fsneg<u%Po=%F9CH7yi)Ae-H9rJW>GoklS
z`5!CV^faZ8Rgaz>+lxYb5_e8+BU_l!@Zl4EJ9ari`2bof&GMy2Eox#k=kAg1Y7MG?
z+WE$V=gr8aYhqi^w^!S9;<|082c&;)&m`*A2!=?-eU8%^pC6K4GAORKe-@oo%jmpo
zW4WmonS^3%&{CUD=eCwo6c&aT^`UkrcWWVPgyJJ=g*Ay6r`y-Ze6;$xQ6U;QG%Ko|
zzaUBI6)(zl_gZWmt(NrsQUG18fKE8ebGc^(nfMHDb3xd4i_yeJ1!COsva)q>s~7eX
zVmry^h3GHK?8D?iF4S8eAq8>M0x+-xshC=;iJ)8E)E!?x8OAiM^I>QpHtP_&KIbf;
zaM@lSQ2QdZ|0as`T42&0eruPGVh%p)X<C8{%k%7lWY)BmYOTEXyd?(v&yJCOjug7+
z;gM`02e-GkLFL~NIzqtXyqJ{hH+60fQ|{X>5bGs;=O?YmP%+zHeX{+3T;{6Iv_$)|
zX3IU<wGu&yndOu8I5#IV8=dG2ksfi=LC2HD-PPrO=I|ty=^z}E4pVf**h6$OVcCn{
zI10U8q!6MydEh%gWjqb!+HS44>?-Z%Wx1otK{i~RVn0eu-iqIlPx}Hze#?Pk$Wq&H
zJ=VzBxS4yy!N)Z~u$z3S9CO>2iHtwVTBbESY-c*79<sB@>`#0yDc0H$l`DujmLV{K
zI^5R7sVwP_cC|N?TIU}jB+IAkn6;}*##+dPd;=iHJ@(edH-{Y?D_|b8t_u+Y@qIAM
zo;n6}y<->eSEzdpDtfmoGL)-|txfO5pG5IpU6_jNZ{IncUq5AN;&;L;v#*7ql~~tS
z{YKp*L&A)y0cZ`8!O7}=pN*CcI<fs8g4hDE0LbT}c2?b90I8{_NUES^dZJyoK|oi%
z-+HQW<3Fx`;hqbN)mU&^Bm0epIl=gEOm|#lw>Y?7R}(4Ga+p86fz(t!X~B5<IML7?
z+q5|rxY~fu>a&=VjvE<w4^*ARGCsiGiq0BY?8$u0-#O`RaSeg}QiP}MHfs8A5<Glc
zIT(}$8C^oO7f(JZA=)8wKergYYJXvM2~JYOu3V0<+wvqfo%BU;W^;!PZahzJ`*D-j
zzkN|^^YIMs24dUTy)UlBsja|sDi9Ta^hlO{<*kPQ!QO6dA4&c!^;(FyV-SX!Y`9aI
z$w=315m9Q;RfW<v^=UDsF?+!UkngZV&<393sG0GmB#V_DD>;5`UTCj2k^FU@v|oT5
zt9Q=rw4ufrgu-49zR^|n<uGzuVBZH)S?IlqPqB0JOLExO!N;I(V>rl8cH9DA-+HoR
zEk>BX?1?t8>~TJ-dX>6fE_#G1K%?H6341Q+{EC8lwL&gxwDCkjD9?6Qae^q85aNYN
z3JetzZas=`rBK#MO6HHI1(4M1Z^x@I%TdKe-Ypn^e<@FuwHyA^vY+_-cxM6&_JO^c
z+%Bb8X10ey`vw9P-m)tfep&K0L2WQODv;<m0*OG^W{+`9xblRr4fvLJcSb^QH#uVP
zV*Vy}yS`iDuEqZLbnD+Nbf(;bX-;TaAkRu%=shkWxHHhcA2H_fSy{id@I!Zj*01>g
zeN%wA+D_1B1r`IX8V4`6uUk%R7O_9JSxQQ(_RnBFJQb-;Chk?wSWYTz(*yRqe-&|3
zlf65E9ffO2>liW&WE)WASWE02#&n){hw<M7b8|(~zLI@fSC4iuIT>K~#~(1yhAR4|
zCsnpJ?s6fVb5=x^6U?W_B{Fz788ed}bW<GDFNYk1Qo;VFq%_7ePVy&>Vw<-irH6{P
zvy<lwvbMPZi6vuhz3v$O-RlSZTjVfWRyp&mM<RQA%&uSt3)C!WvZx@#f0gH78-6mW
zxsGET#gA7{#oY%s54;@w;^5fz$ap&Fq-1}z=!H}hc#HJuqQ8?t=+V3Sm)h3;i?RX1
z<KZvL4Mr;r#`g_It#y*6bXCt675@T{di5?B;0tyfNh{E;1b)zE(GZSWl>?+t*KsBF
zqH7u|9^?k+Tc~$LRyHZKpA=Bpa><jvte!c=BLtABiOW^$JC*9Yr|f_9QQmX#3PhH4
zY9n-CXQqY{)kD^g_ny8Z_6vf&WB?4yHny0T3Vrk<iTm#yDj;@hN4vs9x`vbYyBFhq
zmm{=SBsPm0W8XAiGS$dC*R@IMC}cjf6sYg^bx!{XSzz9@WkNmDr>p(3D|DC~$hG|N
zfVf;G&%EaM!+~^t3~OH4v8#X;bKsX1%brI#>;~1R@KIgA_Va3jB$Ze<807F%29qb4
zSG;$i3JLaG3wQDc)MdOeEBLnxn=!3qd{`}!VxVV*K6D!t=48A?t+nOr-wN(%<s&iT
zx8&S=KF1nkpG!Ek-JyPgz;9gFei5#5Z9~ktXr3?z!cTU0aa0l%k5#}yTl6N1_HQI=
z*G_+~{*J=>BC!fty&e348;xf#!0jbdc$~9>Ea{53Lyt><p)LgjGnaH!myr5N9HD6Q
zw&B&p^{pfXmTzrxg~yQwuF=BmL=Ji?P;_vN^4s7wk<{ya9GKZ0_NXsoI72L%S`!b!
z+s;U$pg48iU#Rgu6)CLU`VThMY_by9y+iXG>LfHU0btbcpeXr;X}`lKeulbpRJ644
zl}psiBFtyZBtrpp!2BDB=CXGF3+!roTJ4@g>~7Mn8ZC$-ScYI>LeyKCrd7D2Ih!kK
zk-yH9T9ytwJoWO5(Jye*8~z*C=6?P7um1iUc!r6z+f}tG=Nk|dL?{^k{eTIa8ZN9y
z_!smLl0VX*@?3{%fB#zH1Wm)0hZUzK-`t{pRZS&G;rglF!~i4~lDDt4n*0-*Yxcj5
z(;v&Z86^H+2>))WNAcuy7WIdGd*3q+wfEFa;~sP}UnJ#6>L5~b0vj#2H9L&>ug6?8
zocn8qS|tWsbKRRRTE#hTOm3`4{VO>!d}vsH^1=ATIIO7Px1$N^2`Woo`jyu(Oge60
z+hvJrNTJLS9jl+_-^ixsH12<5HGO_%Dz7}BJ26{jgy^W0{BP%X|CJ;fWn8`#{b^HW
zBK3zYer*sc4TD>(e%)%i0%SI+qEFW`%=qE3+`s?cm!A8g(34ulkMA(C@7<sl?FIm!
z!gwP7M<-4BAzZ}ebT3uP=8|{WaM{^)E^77Ve`Tq9Ojrhq0^mRI1nKDuDiaUb1CLv0
z<FiYSvw16wPp#8gSohI5%w4hhk+g_aDAnE2m&nhkPoL1%NZL;t(<bMW5B?Yn0bNEX
zSt2j*2aMzNt8|e%d!*N|t|IoL5VdZ*ZY9!wF{S^Q5}a;kyDF>f<fyA5&byjX1G~1#
z!nyC4{!~@9F|WOb2Im8Xqg)dF|MR>8y`o0}d;P>$8_D0fHlwPW6?B}OjRzKi8+xug
zrLkf@W0<kP_YX_|bXq8L&3+d?%k5xB|Nl|<mQhu%-QTD*k|Ny-3XASVHwZ`zNOwqg
zNSB1<rdt->z33FAn?<KegMhTKi1$YK-p})Y&pG3~AI}-X!3RIw>%Ol!uNlAjn{(oA
z;g}_6Of&#Yo{cj*6%ci%E-js<PTx!=+EEG-sCF}6f_mb%7JCtl{Kp0=SaMWg#`w>C
z@Vd2Ze}czf@)y{~fHcZ3(bHPD*e<An5YHGCuX-rHlpG!&q)Lpos9VMwm6pslE}**y
zwnaS31|Dk8MZg*?5u1TMagjsv=Qd?cPe$yW*%H7@$?K`!pV8rYsuqcq<sqvY<(1|&
zJXV&cKf#se91^x%0w_iPusxpmsxc9?K82!a9_wy+5lV#30tU*EI%Io*$WmAJ!*9X9
zPU#a~B3a9ROk?O)FdL@BX6cKkdR`cVwXwUsAY+G5RWG+e9buN}{rmI32yipU6I)Mz
zz=N^S5@Sm|XCcoaNwc@)uSHmlnMwWgL^L-unmoF~S<Kkw7c{(XlVk+5#d{@o!40H%
zy%KRz&bW&WK+R#zu73Y>B$B5m>yJp(9NFXp6~_?*sL%qc-L`e#?-acNNm(>jxq=$H
z8eV*DGCyL_`~-}t<C@%O2bVR5i>G7OEkE<sp5e@!lV~2L902j=*vU&t%>zxKn`ivn
z-S0`q3G4T|`sK+mOc$_v`xGRG6YVD4D=q%SRP+Dg{C+g%@-}yww^f-R!b%4{vk<NS
zvBv|Md)55-pVL%@zFmZG>htV(S*8s<^yRvd6Lj}0{@*`2b(&!o^c}BHZR+Cy02s8_
z^4o4XPeY660u0DE=?Dfvmym}SZLrw~CpwIYkiU`_wHLh<`qjiBZp@sKGoLDFnFc7+
z*i6*#^Tbg5FYYg_DlgOj*qpQ6L54jVbjd@`CsUavXrL2hC7u|gPcvsApn}l_tp>(5
zRM}!@?5W!mV7SDs!KO6r<_jHgi;@=YEDcJ@{#CwoIe__pVjX>IRF0Kvvl9CASS_eq
z3oKc~kubq&P7ci~BmLV5qmJsx!Vmbq7MSdOF8O)U2B~1HU!AyCD0`SAbROuqB(Yn1
zyXtmGxfs?XXts4_WKi0G;jNHTn?=aqY<QOLQS@UG=x+<Qx~or!)TEBnC$CI?$|tPH
zH~}e6mR;!B&cC4(ites~clkPI%&?KN&Dpoh4At)f6tPF+39qgkfm*?;Y6fxir)Q_c
z6;u9imrRaJ6*+fn%Ut)~*}$2#+H|t#JPn70{yAUuEJCZJ=)Lb^qR35rf29DOM@mgc
z^`P)gL;`ZI$1G|M;!CaRe~hg$1KAW#zaaIY-zDA^Y^@`~|9(rE^V`mkfrGtwZmlk>
zK6$g`I@!B~zF#cdFft_V+vM##T0}F6G%uTLosUL25fz7dvkC|5$(hV$dc_x#>EY5-
zOTvFWcDCzPY8Dzi@2$4d@oHRdZO2kBqcJdcnfNYQ>$@PuV5`oIB3%Q6vGB4IY|K6T
zMV3^t=p7f4y!Wo2MSTKVSdyJ(?6Q9t9A~A@vm6-ZjQ?<RW@cWVlMfQh=}`;}NA3Ad
zKEsTNP76(D%77f`kN)vx)i1osu20@I4qV><N)du*B%Bl-b<C|7wyZ>?TQ64f;@F(p
zC9ir!#WedzA?=$TZFi>J?|1r5AHi?e?w=d_-Ucq;PMZn&6PC5WChcYzY-6-M6~JSP
zG>*G6&GyAq#&z$@6`Fp~Sm|?16KxLq#htn1zNmlr%*7Kf&#Rv%LKPA3Lq_qKj)uGZ
zHnGvVU9~^}^ueV64f+!@SIlQxculGb%Zy7X#remyl*UZQrSnc#(k}rW@APB*nyW%^
z3QxoJm?XcFNK`_wB~~^Q11NM8gMf?+n?(~WzSQ=w^t5NmLtCZPq3Q^4LKFyjXU6y3
z-3W@P=qN>govf|*k0LE?qyfCJj=R{of}6o+POVnEpOYB{H!#tGIsbc|Po5(1?}ZN}
z_?8lOH7CaeJ$}<V+tn&R5gPL0KKcDs7qf**S}y{IwR-VBcg`&~OI~1(-wK-`W3*?Z
zox$^9`SN}>gjcP;n*_I)^VJJFW1Y5n<x4g~hn2o?^99%S9&hnEt6Im?=M0*cqVLt+
zmpfDovB5DnwqUnN_a%fh!3m$t3m3EKmd*>IJ`Vz%L?#c41WNfnau~}k(eRew+u>*X
z9)#13u|v5vy<0*nW_yL+8`pSymoZcRhZfCtYpT8rLqJ)(q`l%Qs+!wj7Q<y>=0v-y
zwR2>-FnPhGZ8fNp%Y1UIr&gY&$SbQZR2JWcpV^d`@34qtPWLuGj?-?2%7xNqyxyg5
zgnLe!dHpJ7q^=<ad|we+;2#^e=w3QKw_WM$y|IWF1GkBFP%NAGmwh`<O?ovZ>zh%*
znlS93G29_d2UO9c-AoUtGv>zPm^1~04QgCd9qY>H=CX8Fu{m?f>JR^t%Bj@Si8Y`p
z8@;VE@h>Rvut;pagPNz+Px`RBtc*qL-<8D8b*Ne39@?<^ZyIY?9jwJ24X7^}Ejg#X
zwWxGBXeLrTV9KJc>VMz9QjxcHb~U5Pl3%^TbM36NB)EEK?%N*Rdy^g}wf|X8QAU*o
zj}Yu(x4`I4^{Yha><gFkk53qBT%S|H$A!VpUz=KP`J3+pX>0fPCi@P`a0b80WW((5
zODH<_-J2zZXQk%`OOaxSZx`Eeg|C}_X!~bjsWh?)fG$Pbl($N=vxtPAv2}V%9QuEg
z^xU57O!DwMPAqS~qVn9!8sA9iyi+jnH%U=YIn}Ryd(r+gu<iEPVKar=pOHSsfybVj
zUD00Xq|g^myJXh;O>NP)e$B1O>>kmsL%wlnl2;_@61ubspYe8f?HMWF_Wwm_x0rz|
z&9c;2(MlPMuc+uUwl8DL47(^>$}+aA>M(T6YSnb#_h+5i-Hj1Vv8HZX4;OK`qV#CF
zV<x#wD{VJCnl3u3zGq%85x%(d&b?>mgYcyi!B&&BGlq_#PXK-$z!_k&y&xBQbH5<B
zQV3Wd(?&vbvVU)A<@C(({<OmjpyDnIw5b*Vwd6NIcQvV6UBg40Q3s}@mzViG5EXDR
zYeFWp2q$XIF`=XXdJrJCGis8T@(n8#cms<_VYJkNQQiIYyak`vVPpe#_CpcRirqrd
z+R&vxe~B-jhjIpU#@LPG-RVBDncwt*hVpNsQB<|3`mCX-l7L&23SFge{(VQ8Nu9zE
zn7#nEVPzO06ODUThlag@h%)PR5lhl}(jv4zMV{;S_<PuBrKaXUWpJ3;jNZB4O2Kxj
zC#Ozt&(i}x@B03QW~DyMSly|2wR(-`#p>#Zi6vR}@bu@f>q`FrLwd61%>Sq8$?f)p
zrQ3hl$%gty|36_TzY#~3u9s4u_xU=&+PwFDatfY1Y(Cjhw6Rn9@*0Ye@NRHEa@r@)
z{0GbBAd)vQWrHnI5tkzQB`tJ`Egb}VH#Svd*b3)Za2eKXR#`dv&bi>ac3W#*3LXz{
zc0M@QB#(p1h4dO`$F~w2(zJ(-CXbH$Fm~Q-j+?<YP4h2zu$?!uVmE&}^BgIp`4xa;
zTgG=3o!7jNhB|EOv-=Md=+}ItDya+Yv+3tXvMfgM-M(zO)$VT}4aH@=8-8|hnWMSN
z5ZigGrj6%$hr1c5*asbOP6OLlpue<cG^iQz{ZdH9fcqo*+NI<oFiTJm-t~z#Mig_=
z_d@WVxp*yhfM`2A<Q9G)iirclX<&foMa`d8j(BZ!noBLLbIQSw@@qrltoGcqXw|(|
z>~~vsW2YR#PaB*`jYsdpeSu-M6z|t=V+H*hfxFyG3SKv!AHn%I)XSZ*o0qb$)J8*9
zU~Av!4u~Zri7;wL?CmWLP38g;DZ_tahkWO6&j@)npz6<I!lR@DGeUdl%G<6>7M@#d
z_wli7ou~>hA$ZG8tpAN_jA*H!zpT>jx~}Kp3h_qXQIy*3{q@SxW?D8IblcytQ|Pql
zXrpQodUQX2pS<SNVQ7&GI}5m;k>kHBx=$3n*H^q(61ld_@cUr7ap!0CyNhN&d~|Xa
z&k8AJh)4!n+nvU>#kYGItH6bbjgw(&en&ZmZoQxHD^|s~6RsHHnV()mA#A>Ax42%J
zQL@sg<vo^H>$Hh#*W#JDJdYidhna`1<D<M$kENr>FlQ*BJp03d(HFWlb363;WXCII
zu&{WpUb*szo$}ne^$VXq)XEy0*rBZ?Siw7TLdqZTUPpilb9bag8(eXa!xglUPP(&?
zGC~WcpGQzMJi2b-+*U=H^TPT03z&cT%7JU!_ngm`a>jbaf;slsD>{2_%o&xZzM{Ry
z{HEHfymhC)4r2asmFW7U>J!mN(Y`-)YgRIwyGn`87|vb$(JHnK+EANoJ^!xNhR5B7
zYk!mX56_bxD7(sF+f|5?v>||Umpb#it|_Gz-U=B39Ae*XN#|dmi=t>bE-NOt(m<FO
zLaZ{eRPnlR69<tA`Op#vD{xC``SPTNE0=E2HZ~J*2PjT2`NNb4$#It{()@;D?>6E_
z_qHE9&%_jMEExKL9DIH@XI^h4{>ZMfH+<o3a9iJYccQk~(I)k(q^snxRXb!<x^Eo+
zVpv&(KX0Xfu&s0dDh^xML;A4D@73wAZ=_(&WqR^0EqGEx=g0z6>zo1J`L^>|rDSba
zJFdb4b1Ux{_>Q?4Ufwc&{O+6Af}>Ggl*f%WN#}(~vs2W0D|YW^Ft5)`u1ir?J67NR
zyQ99WH+&mTX~lkX+pPxI2lw}8UkVn-fyRPZQl1slPpMZwJX`F!@5+*GzGKgkpO$Po
zt<G)u`4ZLN(JQq+RdRWA%5M8s_@C@RYO-*~26?@J*p1Bl0b9}vY(~;z6%*&kfS6ZW
zTP|sG{S9E17~l!}LAk$V_lGBq3q=+(jP33LjctaVzRC^4xk}2}&*epaW%&SY`Gdd^
zmfeg^djC6BKaVYlp07~=mfr@X?Igv2NTw*tvNUY8)1QT{vqcK^D3w{W6Q1V2COQ!8
z#f=S8nRorbBaF=79V=*?jFtTHv~i#XV8E7nl9g9gFI-q_6FyFwH6_1JDan({l3`)|
zTEjRu$bReUOen6g%wdv^p$yvD39U$`yymvMb3WjYnBM0|mXjXeRI7+&u1_9INFF#D
zeV8G7n)s`DZWF`F2`S~3XqHc-?b4A*#Y!(FSU=Y0qvs8}DSUoum~xb${$|UixL>ns
zbks-5XKfzciY>O;KcL^0RgL>5HFSQ?^t374G^>}n)BDzXx>hD+wD_D7PO-;9yDyUe
zKzIG>CM_K6-E!$Q@7sD>PtuK^(SB|CqJ8TiuIJJ|h2gd;CHhj7SvO@Y<rtqW?oR$F
z9_>iWbOh#~h}B-MKxEgh93$jfG(zs2U@PpW@K#9`=9BK<nfZR*FU|B$Wc$<Q#uwp8
z8kob?ASr*x6%A?ox;g*V4PLX;svaq?b=>k*pSSb2&%P7gKohw`!isVS8!*XGmQ}OS
z&hN8dCKJwJ9kme4@MwS3cP~FS@`fK%IaYoLr9x!&70f-F6iL`FKk^P+#};T?-zvC|
zaB16@FVku^T?TUOo6pVeM~h+}!i%f5n+-yBJ8h;<zgCy9QV~>)VjGen98Y=B+-n$f
zIk(z~R4rw7;&x8^-E@DB9sD9lodBLaDtsSXb-3o1ckNr${ts1twsWm|x4r`8qVghd
zIrsrMTet>;5|5A!p5I=l*MBp8i6UKX8$x3OmKZjenP{l`8^O?u7baYZzpB0>_B{05
zKC?SnHoSjXv^wi2a{TFL{QkV=hkNFf$Yq}B(50bB{=F?l%~kk1`e^&fiO2n4yasjK
zmrU~|J25};d2Mmx7B>6M`db#J>Lfj^CP&)*)dME|Jo*M?1JXd|sznt`QM6$FoIX9A
z{WF(!*(qRr)uHu*F_lwEw^?sXFQ<3e++-A)@CW<2$F#{q7Iw|klk)9bn%1Yvam}qB
zL(><1J}+U7@>jDOoO)RphB}NW95S|jn99!_rBjP|1-GKV<2W#Wp#!+^N7W@%YkK|{
zuDU;bXC_l7W!TBq6s_A0*53&}fq%o>a_w9HMhl*){l#YjYraXt$-p~q^geT@TkKqh
z)t^^iKGDN%MWU$rD3Jlf_7Gx{xmaUV3$y9O&8B6-xsk%L?|7Bb@VY_NUHz>BS;2~k
z8qwOZ*$Z17GG1xa5;(3QjV_gnxJ#m5Bb?rOBSzOO=#GzTbB~;80Ob3LpVQ&9#uVVi
z(6fzChgw(T=3*TZBd-ma^X$D;{4U}M!S!qO%1MEXZAe9HEXukFE~l6$v!=RcUne5#
zt>%UfHAPagDGg}zLak4u4QZI(vP~SV^V)_!zpCbcRk`HS$V@`z{bj3i054;K0_-vL
zbNxtG(<PnNXr4RSwCHTcb){GsD2uL2{)3^JSr)V_`)xWQ<am!)<hZO=c7)X}>T{#_
z_UHu}s1@e?$EUyWK7J;@XROxSD^-+xZ*T~U9gxCvtzEuNA_cGADfm~C_<QOnTb=G1
z!=f@#*SX){cEl~+Ja#{Zyf=oSE50)0Sl=kz2a0JfQv%Hz`i?IdyMX-OgcPbpndT|`
zb~L+ur8D-d-8Lsm4fcB4L%;OsBX^I<h9DSd?HmaC7^Sx0!Ph~nCW_*FiLmgUbdbPp
z?;20Lv%dT8lN6y`<H~b#N<3MX{g@fp`O&AcweqTC{k%`ca_bm+J;3l-7T%~tfPp0Z
z$(@ozyM?f9M}@hfzkKG?_$S`imshoSU%_d`?MiNjgpA)jY!CJ6d%A%5s>dQu!1<g?
z+hvB`s??y&>qhR>EdS~@tLBoYA>$fn9CLbqGUZ)@?My=o;hB!o3Qg<KT<Y5SoWi~R
zpj8S^qjF$0!fa9S-FxrGVeV645|E%iC~Nfgk$>X`Fx7AVm@<bH;OW@^>Ded|^*}RQ
zH9Fuw^ZlZQTeDX6-os3ouepZ~!!{fv!~2Nu*(C)q#q<3c1HYD2odQ{IVRZcNe$2o(
znfj$z>Xgye*dZj3@>%<A7T%SsR0{8rO#f|8TBDdw)maSz`zkG#l;WjfoPip&qj2o-
z)1#CW1CP*AkIe#a`zQs&%jwSHo<=KC<rQX`>0W;kAno-2Mt`z1=n-AbZ_&PdyI8fE
z6??D03jd1aX|nc)R!eDx0k`8ct?lv~lQSF|Y4$a9<s`tRqjh$`k|%rr3O2}PYYm_A
zl9~UJOS9?xZhqRn)jH+Je8-zm5AMsr)2hS*LXW}j$v%-MF4>>vhOdWob9)Legv|YV
zwz}EOze^Ajti{}TY=u(x`O}J@c<p*`r%ZWNU)0SV?0M{SjP!$xJ@3|b^7sg=`c<F1
z_AE_l8YcIf{X(6?gWw#_y#wM_mVe{csIvS{V3r@pw>PRq>Aa<LDyXw1)La!O%Va-~
z<3nk*z~VXVbC9_ttN(J^EbrWczm2gG;;3O}AZ;X%-xJ+`7x(v)DBS7HqXkpS=yzP?
z++4L@nyH!TK-qi#U_UQ$GPZ=g%ovh!)Of$>Q7+-IGfun@QB+hVCKd1x^W8jdZ#BQ`
z?Q<r&NIh&~Y-w4%9_3sFW>DXvj|RukUYs4pOmD@yAm>imo><IzIFiM2@5#3QUz-v{
zZHdl4vF)Fg*=r7EiXWIw)W^&<+tewj5&x_{BrnK|((+UBUp=Yk%GX*cG^}6t+`O81
zGsYwV^Pn8i4gHAT(wLlaUv8o~`Bif{Lx3HnXRfC&?W@1=K8?gJKi8?=8;-H!ZFbD;
z6Jn2~m8}|8R=%V;zDCQd#2vfLQ#En897d$HL-?_nV>o-OI_-yhtihNRT(ict(<`Op
zZrFn*uH)Kn%Zt4#yxm3l%*(O1n-0T9y?*GD`s0GZ(9ca7vs+u4`Aq%io0ZktovLWN
zyzsXR(Cz9wz9o;NM3nXM*dIt7m%Ghkvqv6bqqKas4deuQ=iQ<MUqUeR9rtwO?hSIf
z3;7Qs!tP68Mf`{O-f+a-)+5|kz})*tlAB@$?(NR+-x~8HJq7(TDLHS9Po2)-o<fCv
zx7W<p?TT%#M44OpTgQuU6Z!vDk@P`e*o<jz!O5ofJ9)0tZn1MRqCt2itpHl6+XFmm
zw16nxtru!wTKHdS4gt0mT2B^rTqN4<9zUP{F_$v@f8d12q}O)Av8&9R+4pNFbNAN@
zI6{`AW!+ny8~dWdwDO0lm%21dV?HeRSB;lu2@$zy7emAT@GzgdePK?yd*90P_eU@J
ze|~Vf|69NQN85v{OnOf7D~&3j`*z0+4ITnCNv>ab&1SdmLM)0CHtN&YonK_;)lbd#
z8%mY_i3(KR8i^=AmK4KA#;Y_m_XJl(t3=0fAe|y`TVZzrY9@0~kU0_o>M4R(MOr|E
zFVEk+z$u7!WIpS&{GiS3yNfKR(#Aed!n0?mQp<I6hgaX3uJ-(IVX61`Hx5_dhf_u(
zk+n}ri*h?pj?qrMeLMVzvhPo9n&AxIpFYPf)3f;jl!aSr(IM*2yJwuj&}v{R!$TF|
z1xD%r)>IJ+lvEDdxO98Ax>EU4TT#2`ii^(;8*Ye%_4@L*nk#%neXxco{)xubvwB+*
zuQyJuZH}@gzt!sddfydn&qSmXVGw*SCBq21LT=x3m0arh2l0LV|JLH+`U69|9mc09
zdR%gxXeWW2aT}^4>wYMR)u^puqwXBYZO_ZjRy+svnsC0~;1kv=J$MqEE;AZQ70ikD
zPt8X|^SCmgqve%i$x^l4i0`y_i2&s-n%$>9Y_eVjWzq;E4eZ`7pCAL5mj5_fcAmXy
z4Ai#w$)c^&xJl!8TiCb7BM;RCxlw!t_YaEo9TQ$Ja`(2kbUlVrKf;{yp?oGwSBZFe
z^a=^UAQkc=BJ;G+QNho$sgct*;#F}H$g3VxpZ}?CsZ+jeLG;SHUey#>dz)7%<f=3P
z@D?EGZ<AEeM`U*Di|`jO{wW&iMq23`eTkIG(y8n&z)0RJ9x>ZKuG#}^owDUEP~qd=
zJXyFdfr89(za~RFf*Arr<Q<abQuI+of4vKS^|HOdX}2r0&;ZHHE|Ju@U-^vUPX(~l
z{zeaha%G$|SIL*upp_~!nG+BZ21dXYM*E$s#J?iiRjDoKjq)^8*+;A3r72x~>#+Qs
zYfJA))ItDJPZ?w7tgI@5u+cVz`npc~wy$@pI65K&$vIxf{hVyVCa*N%^^R1m%<rmh
z?q1(G;l#QsF&4&ct~k-(zlK#2>?;1BUxO&su&zwwzG~l7sv!Opq$DNV%DO$g7rnF@
zYQBG_25Fa|i*O|P6t`YD6!fyp{HlfJ&0;g!%|x~x8Tbeky?7SiS8!|k-S}d+immLS
z)dkdw9G$tt@uyU$o`u|u=#?afSI!9enQ}DYB})uF_#4+uWR3Q2FkW_5-IuH&hIRmz
z${nD}uJ@)hPRZ9H)~|IPsX*Y|bMt!1d}*~67`u|(>Z;4c-HN-{@I%CCDa3A7Lk@wZ
z)w52|d3U53_e#o4_DmdSCG1a;bS7kuaAGDTV1jU>3^~FmEi~8AEnrr<<v(W3^^FYO
z3Dh-M2UqA#0!Wl!(i|v(*XF&|UvWC17TNRmBseQrmjUKXozE~ZewBO)5Xesj;_*l2
zoBP}KKZch^zSk5p{O*Ku#u!MWRhYA*NeOX_WBrdS#gA`>sEB+E2?}?Xug&2Mk6tvL
zuGD=bs`3<X6T@R!>Qv>>$zF{ncaLV3aDr)uaDx23A%gI_3i9v^f}2u&sL~XI9sKWl
zu6cxjPR(Yy{gj_zjK8Ohch=td2}m*bhX+6~WC(lRInBU~2^4=8&&fXHCJd^|__m}P
zzEzS!UZef$E$5u+gs)h%ynZ7XA6_gF?tyalFiY^x!NawaF_=b+E@xgd3*r`!^Pg9T
z{hu_=)GDu_hHy4p*j@FlLldft*~qh94eUzPIyr8h?Z%S6q?pWQ#Zwg<yZo!#qzEH(
z$9+h6=jb)S1mAK)0d^3zA$s-YpeHkc&NSXxQih=X`>g;|pX(sl58vu-*(czhV*iRw
zS1++#?6jaPfkB@5g`ZiVqH&2q#KfftLaQa|H(AdvU*M^BL;&A42Gqrm5-XiSK?O({
zo*UQ|J?j6;8z5_NTHRZg=vRqZWNOOaheg4uc?aLz7d5I?2;_cexPJ7JG!UUT>?im0
z+{~~$+pwOP%pKu~6Viuc1K~bc+0^tsj2-RkPvJCL0+9DIs}lkWDF2!bfa7ktH+^<$
zGcy^S52xlAzdiX;cTOvQF8lTRYxqlYZq=WU$eyUKO89R*Kco5{9awiQ?#~P8LPlmY
zqCgOh*1Sqn-meL-|M^I*J;|G?Q|r(EJHO7C`L|_z1h7Xy0ir^SLCA_SkVj5=ICycG
zURB{<Y=K8SlO%j)xM!C%c&Z|UB}@=nP*4bVh+qV6MgRXehT0PUjpetk21A;1qCR8I
zZ_4Z?e+6>r*iJC-PUyE7va5LElDw8uFPQd@^HO&1kl}FL5<R=51<rV&`TzN;oJ!LC
zeg<||&p#Z^w%sn1y=k>axTz*#5wHf^&+5dYXL(;Fy*+4=g?)FIlG1qHPF!;N;(RrK
zHIIb14DF8yRqnTB?nB2HfB#4UMu-3gYQ@}tzk2T8kHr>j;rm!SPNM1Jl6ymgGjR?b
z*J*WiKFhf)9}?p5@X~lMhc`#6W0%Z*qc<UU9WQ8x(Dp`{&m4Z0cl<tPMwR@$uM;hb
z|1G&v`)+}iWjTF*rxVZm0;Su&pOPlf9Y{&Bn(&OODhTuh&m8HTYEuN5p}agIx^tvN
zldI<e4E-DT?|*krIDtp-`Ar}VB}&+=9pk?k12CV=EpB9YYtP$Vy;=&G@_hdjr&wEN
zdS-fs8pl)`4IxtCX+%*rzA9MlNcAue%o3Gxg>p;zS}Jik)bd{G{@a@K8O9EJgi(oD
zTuhMUKA7;|`w8?AuAvC8=!Fac$?Nkh>zPTmNBMU-!CPt%1M+-3ycUIadW@m-Bu19G
zhWSV#$TYdOxvOPumAPY0X`&Nr1yWMYrNI{-iF0W>t@Y#R+Wsi6$kNs75LubeIc^yk
ze_QCD^a-e^jbvo$G@X3X7wa@*Bhm<o*)LPeQ*_l5jTRrF7mE6jXRl!IbwUbNE18Bg
zdULFo@<VJ(mc%*)`tNtQ7~il~Xv?S1SwX0M7pkj62)G%NPsw@0PP1q40`s@(w<4>|
z^?;UwL`)z(77H1jZ?f{)ro%B$)Xk&@g@-$*wIE&t3nv2Zll>1fT>!aIH2n_|5-#4&
zgabqmW5uo<4ty0^fTrRK8nkD@0==PQ0^2k4nRtEtm_bAW&T^b^#U$b-q+senlr&)t
zc+QdX_5DYziPanG5)BzYEXS5BrbSWfLd#3QJmg$ZEvS=~&KC<O6TW0al(D_jYgIP2
zy9*6rR1iQaq@Gkw0ETHehj>+$=5-fpF1w;|4k?b|0v(FYKT1xmdv62{uFe<U$>+7~
zt=;|d(;lbnd=v6VJ4z=ms$M;CXlxK;Vs<AL=ICmYcY`Ghzej{M=Z7Gm44ciz;iD<A
zv0Jx%uD1Ft4r8FRXJoh5aZFU8C&70?!TPws3bq_`n9y3SRK>sRLAkmsuiF@C-j+)d
zIEUiyMCa#Rq=b4=2wMv9FeLBm8FJrEH1nL@w~~`HKTsH@n!7ME44m+RIE|-<nh`kS
zIKWGGPKu!IXo{g-4w4@JN@66~1@S@cdx9>4t-Am+Q8gXp5$Oj!rrWNZ8tbGN$dV>R
zk~y5DlQNFq|02bWO1C%eQ$z_>#EkhX4UyKw4Z+mx*BjxLHiI4sh6$=3O1YIl7l#Ug
zIJg6>Q%`SYJSHC4<@F+0?<-aY$o{*^tLB#%k|=npl^+4~ox`)gbL6q($Bz_J^|vyT
z6G5rfkpMtBj0Ztx;7QkCso0KP3P}+Wv;KABao^FC24#8db&RH6F-dq?*c}<!?FGI)
zN~<z*93gu429*Qi<l>qCb|qhlw@R%lhud;meR_8dWGSF+d>TU57ZO%krL7B>QAsG?
zAtgpnH2`{#K*S`*b?gH6oVHtm7I<U0_<&eJfP>zC@EJ;$uAP}d-I{;f5Nymv+)@O9
z<<pb?C@-Iy1&`oqnU3v;5!6=!w&d|U#k--o=1+`Klz<Hfuho~;9Y>^$mZ4qMyP?5G
zZV17qU?ywA#oaCOVzH~<h3$bT9XIIZcwx;kC(!Tn`%Y*ZhA0Z!3&bvdnT)DUpyZ;Z
zpnd_!Of{DYQik~<7rsg1arT-p!gZlo?$OTOZs@FC>O{w1+kX@cCs8~HLSlFd?ZV>_
zgq~yf51a9QFZ>>!Bre@QI*kN$N+lB@7QMXc+6|R_c7@hs7QaYTpU84fHl(?oiFqFw
z^h<bUxeBj-Uk>Sj?djzKNQEvE(EIM$9B*n;Q8%K@LWL&R<g*<v5~WkXxLB7}KVGNn
zvA96uP@5E?HZz>IrIKMheX80qv;^4m!><pDRf`>w;s@z}O$_MQ2Vh~&JAlflh3{B=
zMvI^GltJz>a47=v%sCyQSd8agq#rY0%Lb~+X#!_9u#1{kXvnt{$4kJnPO6eRw7Z3}
z1sE7H>)4{mn0RsS>133Z!w)9rPe>nUB!GdbioVV>kJwovqxF3i7#rB)SB-RZ)EB(S
z7&YzY4EFa(fkBOqd31WE2gChlhu!8Ju*zoRW)a0+#Y^aWpx#XvWJ*>rMo6QU<4Yu#
zNli0_+1qa$ken3mEVpWaKq)@SL<pKP$0uM87K=^8v0MqoKEU;SXi2Q5<91jOctk)3
z%bzcK(XO-Tn9mJhgXP(#g&7=gZs#J?KOs`E1V6stQACj$hCD@6LO~mOZv<#YlL9J^
z*XIxCe9bn20xLIdX3D${%-G~*=vKW7qK?H1!~{G^>^&A`ewstkx<|>BN&RPzsvV6I
zThV)c)w{$!benigMgr@FZW-5AE(W4e)eG}n_TND=$2{^`7e{b2K2g4W)R68Mmi}Sy
zki8D`bI!%3(vs&i#XKZym^46B8Yl!WVJO1>rGRflgBory{MPFLq{0MJvK|6L7Caf(
za+A1JQq85G&@(iY;b#%dF-D}wF&RV@EVtp0GcckuFk(^-j0U7kXv`}=$FXZB0{T=j
z_{rX&G4LWsNq?fK!1oJ1R;u4u64D0O&{6jU@Zd$T%;p95u-Qn+ZNAI+bLVf+G|u8+
zaF#KQI#h9p3vgGjr`1im3#oWX!NFEr*%wC_?EIpjUtuN&6rdNO`GLwi9Sq`CTu-0|
zA3@BXfFI)}XaTIPej#Kh^|7V)n~+&M0mv<l@&mba7MX;q=TUG0H6ObLImt^{$;*fP
z`Dz*Kxg+EAS7SzjYM(jq139>;NN`=SW5O5AjEr6Q-wF=GM)!#=sSTnculSUWV-b)n
zXlgh(SAf2fyv=ld0Qw*0DxgfSL~9k??5ou^AHFkvqw1Mbo^CGeAhXN0{&u1IsF+IF
z{a}fSSBdfk%Lu%Iyiw17)mJL}ZOwf^d6Rw66~*FhWy{L@wqO~v;Xafp&6QR2Qs#Mg
zE%)764F;x4GCa@naH^C+x5l^WGRfAL?dBb4R_p09d10ej`<shAX!*-}4JhkgR<M@W
z_u7p^*X@1I3yn6HkzRN0&bJ>{uMZCTDmV<+feGw>tqRoB94A6}9Q(V~wpyGs@7s}x
z2I&qsG^-4%lyx~7#yC@BU0{k^*Q)!1wNwJHFH81m_gj6Az|G~2q+s64WE(K~utA4u
z0hXHTq7FFsg|@hw9N3!CYredwn@+@<3;Z1qD>?ka;jEfplmt2WdnP7Ez+(t{8s>zJ
z9C}4v(}er8T&dDt!ig1?od@HU77zr0OPg|pI*q$Q7tulw^kyx5qeLvkzCrL}SUu#m
zL?DgX`$anBJhOS7K8eXGHu%oy2I9N#O}if?>Ebn<V2F9ftUYlY2^PG}iE~07NN7%g
z(p8C@GN`P1mIy0N0oTj%gF=`}x5XOgg5%HBWp2VR0@Ap4GUh!&lT)QlkyzS3VvH9R
zNydxNczN)^MKIj#ZbxJhZY{IRr$Kq;DOO3EyW$XV(UcTszL_Kmh1Vy%l}xtmq)sAC
zIcLv4RZ0_-@*bPIn`+FC@Io@Xwv!pzRy}1)P(<?>jxwm+wBnNJ8_%TCe_fv~&z2w!
zAL(};%bV=6*fdBJE^mce!em~tz>-^?%M^Y<BsO`R2gMHD?b5vU>U0_1SrYCReP2}x
zF%s@qPJimmOT?m}ThU-Y;4z#%oTGXtOMKweDtjLS&o>!9pPD)Mx$q)mdT9rB<1o&$
zo%Neb8O6$IwKsg;1HYIo^kzfSTT3E0gMur1Q|ndtTk}2qt=>`AG<zgO9j&VBxOTpJ
z`<5!9Uh_QCKqU7CUk}~&m}2MCuu+SRlnV!E(aig%aS9nn$w^iO0<=>+uY(T$IVU|!
z_>;Idc9j8#9}qQ3RPyC{|FA?K3<)vRf8+TdLqcmx_f3qHhys)lC|L+38KDIQ*dg+w
z648L=NJo!JCnDh`{1d4KA9E72Q=tY>!5**BmwihuQQ|c;ta?@g8`Yh*dv=bQE=zmB
zks13q&s>GwvgI2IX(6yyg>)rZ0TD(Z4CPm<ne|_LVOpPk{-nt-CQ)jOnrZG(gpRzD
zlv%iHfr+qHa{w{`rQ-Cw<yfdc;j~(`sAXRERv7X~8CK-gqeW`*h(dnLl&fWuQkH_1
z)^1?G>ZD@N8>_eMs{g}lqNmVh0hJ|AcXV#@dr+G5=rzVd3;ZuX?xJ(A76T2|*6Fz9
z{kZ`R{OD(8ojCm`BvDs+pVSQ5mdu<tWC!s$y^ES{w*=h#OsmXgn>rja*s@0Z*_)K5
zdHrPeKY-A;ceiK92m2Jy4K(CK6l0qnBN@0A-nI(jZHunfp<+0(g3eUAp{q}WoM70t
zT)EbTI{FAJk5MYwA+jm<Ah5+#okDiVc?OQ<{ea}3psBx4q3by(zGKr_kfeF35d=$8
z9tm*5^G;mvzeYU-$J|+t(?C#C(goT5U|L8_^3>%qR^&o29}vR5F3KqTxs8=>&#py>
z^hy!Ae^C9yQ*b2xaJMgD_V!3)#CD&6Y{_CndMrfK{4z+vGe-rto84BC8-1f5gO%;%
zW@jpd_c%lKJ>^$5V|DIBmA*?GwU}@@s}hedu%4|^uKG*o(*|QEv$8t@);JXJdN}hZ
z8sS#A6rz~9Jf(A1Qa){qWye<AMSpc~O38vtH@IF^Pw*XI<KV9WtK(N2ZlQ{TQ+?W@
zeEWiQvwJ}AjL%r{ZU;+R(_r;(?rp1p_Lx8P9XSxt3b9*y1sdajUWx}9YLqcS1arCw
zQ3-aYuzz#g2~eSaFq8vY&j<2+HQm>pR3$#}^%TZ3QIG=Qe2vN#LYcHs&5@NT*xS2`
zcTsx^QNk240e=^jPDH_R8*t2?5>TzBVZm$r6j-r{#FMMcD}x8aC1JS@dd@{f!5EA|
z4{RA-o%@lbj}|**$5a)E3BO1f^X(seIj7G?+hPe@|IqOCV4HFg+Pvp_WOAy0Hq_23
zKU&t`*5eF2yNgkq#2w6)pSD^@G8>pTzGhfp31v>u#Z4YQquTQDt?X19n^WdGV(X#T
zSsS#1Nv>BCa>}+=Ikk9YR+lJAYZm?0xJ$dPNzJKz`RTblbgt#(1fYSWEc@`Cc<BJN
z{ho1NCH_vctOjOY#pJ?87u#6_nT^Ej)1raYxUEZLf!+OHfskcioen`;FE+{LbKixx
zc7obPxgK$>?KA$QU<SS4p_I!nL7s{x{%=#-9I)>k-4?V!LHbrOp^g7O=hLW4RNh&T
zD&Sjr+rJ(tBm&83K;_s4V~IZXD!l`w=|LJ2vt1Q(gf7gOI;%i*lEG?8J@`N+0V4nY
ze%CHl4hiXDSBY`byb2tYeudx~&f;WL0#<yvi)mL9u6E?840daQhpg#%ij4%v1tB~t
z?TwB)1t5^MPZdD?&l0`Q^Pwn%9tm~$nNgPl5l))DF)*q&m)mAz%X$4f*IusBl1Jk3
zOkPVLw%xUd(pZPSeI2VsU8`PY4Qo)|_tg(Ps>B1@0zGZ$N^9D+^KG)ReyYz;zw_;#
z{UE1pq>ewg*&^4pn4=z_HV<7cHvDTR+*Z3ocB@~|L{0aT#@2e$Q3LBWO!Zo?PQLTk
zM5S-5*=*3#$Q(?AHQmtOU}C5E$9zK{dh2zIlR<TnM6v-7_+sa+Z#zX|J^2M0G1$4S
zavtD1V9l<-uQ)Q`+z{BlHeg$C;k13zv<TfN;?*m)628U?g|%rJ<5SlI7hvN?#<NoV
zTXZQERwjB>22tDSM`!6aCJ1h^hUT>N(!}ivYJ{$_SRgCPnB~sn-ahmLUp9P<73j9R
zc-1&Bv=WHW<Afe6AwY!w0ZVx}{HfIfqaM3aU*7kE({0eJX;;Zf4mIF%AY!EWnVBxD
z16f#*G3;^wFvLi91m&4TC_@@-G+VSNRAKV&ShdlQ_JDeS^y~VfW7ipG-|&0D7O4pU
z^VU?azu;zgzK;vF#*pS2!eKY-Ls~DyUquVARR!L5d|(c^uFZLGwN(DXL`V7jfs>L0
z|KrC@`(O3&pjq$KiMx3E-w96;Ays?six&NwU~?M2*M;)x1839V4ig8Em<1w6vN#0b
z-ve8qb}=&9AO2?8^XbuH_I=Sqkjxbw%(6F7Ynd*oy6wqR!NAb%>Q}@<8+m3l0qr75
zGx#SN(+pAc5okH3&P{ApQOWy(NNXVk<mumT13~0p0C2F6%+u>3{Di&<MAVBn$u<9Q
z@o5vKx7Ri>nHSZ7_|pU!9e?rNNx&bxf`b#Kf`EduOacNSRdJE8+27`_H8n3m+ZLKs
zX*#1_sJ05^fU$_pL%WKt0uf-CIEltVcpSL-el4DH#k2%Y)n}OfLuP>44)~R-^!p7-
zz-4FzQy}<fNE$j;CdMjnc&P+%exf;s2<;qghO6QnOxmEff@fe$9q1)J8wg~932l2k
z9UC-<zf5E-0auLS0>(p>KW10D&OuY)r64YQyM#_a-}B^Sx*vgHl69liv_Dd}s@i8&
zwQV4Yl%lTxxL#lgfD=YQW(&M$^)9k$AvsRGvA8OGO2NJB=`+WC1z?6E(Ua$}zz4u2
zkjr+lD36%TDZ!Y_0b=>885?jZuar=Zn55EvN<^pstm}in%chN<4#fW|;yFlJ6CV<!
z8{s&u4!wN#_v?yC^(&&3vq2TRKU`!{Sp3mVhyrRvgvMu_G<1vv<6v<$6a~?U+a5p>
zzbFFf=Er=m=|Xa>3=H63OuEv8jQ|b^C#giDhMjnXwYU^EivKx|lMpyVspD_eR@C*o
zH({VnR)Ri|=;x+gWZI&jOUm5pg9;5|zpY}Thja;#i4@dOfc|RK_WEwbjDW6aXq|4+
z!}+0w3qYdcIME4+xgMh_h^i!FX_nvsoYCITUm?56F->V+Uq2Yb;-%()-;-A(5J%`4
zl5~%)#v)W}cCKm<HhS9?2*f`2G|!X@gC5RI{Dtk_!+9CzJW9URc`tVQ6tSl;#3`Y)
ztKN;gdz^A+3uDI~WbzUzq=BFpRWb77E`A>)*mxf6p_dbQnHo+i0^)ThrNCnnK7~*e
znL%|DaoFQm3Y`(_JskLh9ZgnpGQS}S)E*%19vDF;c&QdQy}Jc0&ts_Hf4zbVB-vk`
zoD#7B1uO}84#Nyj9Q+O6JfQ@ecD{pM;i?X~FNU$;g1pQ{33%|uV<m}5_*jfOIUv5#
zpeEJDHI|ucjGb^nqnAk14Nty2yrN$`8+3fg?-xb}5j6Tu$iIS&Fm98|H7!8t9dN8y
zMDHC^|EjgCX$!<AmT6JnwfM~XU~l0nPsv$t!=oQ^&R|&z0MG**@?X0seM4qne~~C?
z#lpzYUg0ui+pp%M_$()W1^_CYq`?3@F4AWvG{0}jw6}(0=qN>z?|`$5G!sEHCvJ$W
z{9m5yPNF!^4{vD^599@)Yj{_4z*_99t@65W+kaWRJb<I+5EVU4gqZY*3z2vSjCD)`
zFd;PSP2j&TuRec<Cf)C9#nf9NTx>-J)763QmUK@};ZpG60dWAR&#^0t?WU>ZtL3hY
z!o2#!of&WqM&SCCDw~GwSgnvONLJ|6;+aQdl`k9$cY>jYDzNdrr9<i);{JW!Mju8I
zLq{14d}V>0Nu7?Mp*yhK1T0yV<0T1~CxBM%PWUN&05JdTi(fu(Dk=kFAmN0_5!S{5
z;;`Iy|Ba09Ux;Cf^w5<c3Ahr@pNr0CLIV;jEanNy`wdc2u;PElgRzltu0*uwyaz5*
zil5Z?LPVsZASA%h0Wc(hr&{V5wVffM_LT-9nU|tkIaFR2t-GEo1dGG4`-dPZ;aKE=
zJ>Nw1n4j)^2WTxe6j#Dn0&fUGy4*;G<SeHeBWF{NOo#po?Lg2e$5%D%!gEO47Y!>;
zo=!QE1lSRj$rk<=MR8N{3Ak(pfYm*^PB2lR?A$fqic2hysIO$<3J1U{R=vOBK!wKm
z>8^m?P+IfSH_@4V240_QI6)*_z<M!B1em;9Bq?)nc*FxPp~Pn)@ENe9#(?pHA@-Ql
zu(MkrQ7{BI<*KT_Da!DuP&3@iD9Xs|mo^GlKm&q_ua;>T1fYc82gEeMm`m;VcT5gG
z2b<))Cw>y~5rJC)!K+OLGDk|Hv)26hK>l&gEf?agHpG_GdgP_^+)CJHS=AlrxQ}<u
zkEx&9Q?D{p7*|9|4@I%Q)0AuoSn(C^!&;K8DJG-x<pc=@s?PH<G_NqX-EgC|+Y&3|
z+e52!`C~pafuwxYR|?2sgX~hhireFIvhM(w^cSfzM<@-Q2@rzDq{{vTA|6$>K;Tvb
z7%UF(wJFD4#i@3V3Q~(aEXf+!WGDcb6j?W(oG}6$CFf?0?^`s5^y6TJ4zhQJ|2BkT
zHJs>#n6CxTfl`SzRz_N`?-LAs3<aE;Neq<c02LCfM<~MzlEZ`~I=r7I8U}<dsUtBD
z>VA%+XoS!la7`_qXPjw~a*13?ZEVObm8fkYd*A$AkM+Vjm}sW=@nHj6UIyaHc*>3*
z>LfKcVhAjxitH5JEQ@dnt%&#!R80D{&utkk?*~<Xi}iWp`(5Nb0Hb*w%J7sY?ydMY
z5GfG}`z@#;C!AE7(~0Y<dY8ar9{S-4ud!?t*m6KNjq@NP{99gs&(#!Km}C)VI&?yr
z_kML<z7fx@<x2h3^)z%b<GI(eLLdSc9`K~@8cs@;Y4!JC9#oYCd=4ZFq&NpiDyb?`
z&SI)V0lB(jpc9k;3Dd%y&DUf)G98eE1i=YEV&cVEx1Dj!0^R>@$JozPDXA1zn*CYQ
zZ!n5A|NHhIpsEQ;1~1lprQp6P1?kbf_b9GkD64KH5Lliam3^YmZ6|)wLrLEg`iToG
zWU`dmR%gO5(ew{$8<pVK#Ybvb*5nwa5H{UyVTFtlZyfY(D%J$Z+CCyjXY8V9XcO{g
zrPs$fr6?o;qaBAd{cjSk<~XU={NV3A&yMNM$J+MK;pWMB$XuQ+o^-$sL5oUx0Nv;a
zcnE<J1w$xU8OBbi<kTvUUO$acu2C_<MDJ~Xq+&V34b_vA+#leDMmtk4iVFAMG>iFH
zf|x57-Q$V<F5<5kWXKs+47?a_gyK|=R%z&!QgL56U&Gd9FAZ+Lo=OP4frWM_QG*~?
zkba<E!HPe5*G3=IZAu3*mrG)@C4-(r#P|777yXRI;A$}s!$`^>Gcx9)r<Kne?WW*S
z&iHc?@&|`03R(-~JP4ij))8eG!buKhF%DA%CR{Jn=I7bYL#1PrIC}aSh(+&y<xxqt
zUi@I<lL{@;hrO*W6<;ssTM?o(YQjQ99eMBg7Z(15Jz@+UHOpZ~f<O{z2oj%4I*p?A
z3R0_xjl8wIN(h}bHnP;+B!=S3i2K`r&E|id-12OKxD%droU;XtP2Cy|&Zb8s=aASK
zA-y%8natQTk=(grz#%9HG<h_vxVWUtF)jS!ogf|oB^LsVeCZo(z^zgC1YDFc|BY^&
zm1DS1pJDb6J<IJb%)m$+%hm<#8RQu$n1pSe0So~=!j`g(CL%@sV_LeW<X}Pq_PCeB
zZ>7;j36z?DRUO^SyKDSNNVXHeh=?y~g2)Yb6=jHe+GCTZye!H<LjmpzyTNr}o*BtQ
z^+MB})i(Ei+&dNMaR8!<7rzNvgsTWdB^7tV279F0FCnx+_fFDZ<i>e*?cUVtNQR#R
zIp~e*X=lg%>aS;cA~2{Orl{JB|LlHyLrh#cmI*g~0?K^(gpivM@MRNsZ7+jze@j&Z
z$S)yol*EglO2ptA$$$G5PK&28$%A6YQ?bR6-I8ftriAr(Kp^=D2$-MgT;sj4Wh9Nw
zU^nT*XSQ$HpO!QbI<CE%D+fymZGPwNywYRc;nh-sVC_Y`QbfwO@7NXsZg3FYRI!|V
z|N6J^)Mz6hXnHmL%rR2|<w3foUySScpR=dVXMUq&f{>&<iU^n?)scDpIUo&v-Y=2!
zY?}ZkVn`c<yV)#}<ww=L*nCZqNAu#BEgpv3MEHN!(@`N#bZntvSUl!4rNBw{v+^(e
zF8-NAZQ>+9!kEkT?>w|m;d3CTHb@6GFu1T6E9E0JA_UQ#(Wom5DP;J=gXjT~%4yE4
z-}H`(6Gtbm-QL|7-J@hws<BT0R-G}~5~N{#=?wY>*eLNUC0>V8wEEO-B}@uBHIxT9
zOYb@m$-MTrAbT+ZW9~IWiuHU_MZLt?!cy{cOgu3m05<?(*nCVPcxT)>vG_7*9(QkH
zXJ*b|PPA?Z&13q+|B3X}2raLM0=8H0nKfnzqo@kI{Ig8JgZf*vL4J40zv-<e75Ib7
z1)H{fV<$xg3K_3~u0ow&2`5eskP(o9nF|4<oPl5y<&^@PNOvJ3@E<kCFq05TLLLp*
zX&F?d<_R{|jrVs_p*9YoKmxU@1($Jk`Fvc%_|<5a7%QnH00D+e!4&*EdI5g#2?iA_
zC|#Y0U=!4CG=By>nYb;Q!Pn$2bN>jfhI+Pc5O5?>xQu&`Vyi_lJynmVZ!p;0a%iA>
z8v!&)hM?4!UDav%z_Px{+2F?&`%M!U08yf`HuF!M`;8+Dxb5UXp7(-~C+TgCN-7o-
zM(QV(wkUdFlSkll*yy$@ARG=n3LcgN!Sm`W_fI8itbRADp|MoBw19G1)%YYlv+WaI
z5nB4{n1&veP!a$D%@oYH!04k~y@&UYpkM_>0q?(Byw}x4ii?#AB-9MPxpyOiBIWNQ
zX%0^N8rOWv{FUUcZJOd|S{rXJaYc8ON7bhA#o~t82u7Y7%_}_ZvDo>${2L2^*ZFLA
zU3QNF1ArEl><5i#uLwy13o`>5b}*s^g?Q&XwLqXAAr5;=31)f7TT*vF1Q%}B&nfTu
z$64GYMvC64wtQM64prEg1zH`}r2&v*O$8pNMyJe+ix0pX>`I}JAIu>1j25T{HJIY=
z&Uy#<iPGen6<<C%HwaoaZ7YUz*rI-oA!7vvnIRF()fx`Jfb<XA|C@t@^d|i;OhubC
z3kD|B_fDVuYWpT%q||4sg*3X}EA%T^#_sxSjJjWrQL>n`vD(sFu-NbM2L+5vJ%!|p
z<FyZC7=Se7m_y&u=Y#qeskSZY#tfCFC^oQC;SiU7i$Cro00|Iliz+I4I_qKQ_4o;x
zkc4~1Xd3#pxY-y+bjvnbDzN#zH^m?n4}Vu(<%K9875$#8%K<j`mI(W^Ekp_)LK4~@
zRG=oqXV91Mdfs-jFqn!~!1bWu-qX2b7atELXH|0A`=gh#>JiJ1a6ij-kA;HK05gG5
zse$be32_#94j^u?%;g8`WF*)x0Y@{J*zlF`uj)Qp*nKiInSQ=E*y(pExXw`?xOF<!
z)*S9R4ean1)KTKhVc&eP7cYpxcy`p6K_;ejIp(i58p0HzhUWZ#SI^8^zWyY^XH(ns
z@}U5%{Y;KnT10WvZb6biyFs6ttr#BuWKUtdjT1hqqC@XX%FQK*vcp8oeW2&2D8FpS
z{cBtLWKjlj{fE=O00a(Ab#VY?0kEr>412$xLX0OB@~vOmzTxA&ly5I8z68k8>&fi4
z0-_L27m$G&8UZvn=dWY~kbniEPVzFcDIH=1Z|DVODMp_+hTpx?46ucEH(Ty3GAnnS
zMdZfj)@z+36KRBaE=Tfu#Xa#TbXbngBOi#s>yR@!aM0vCp|^Zg1Qc8-EXt)MV9CF|
zTYv&F7dRcEwq9O66D#=2htGiK)r6}=Ag4CFSxY?z>O=aAO2E+$<P!0fU5|STg8;J<
zT!;@;+i7HMQ294=r7`0oFxLIXj$zpm3TZ({fMRWaf5(>9#qm@{6C9gqk5fpG++$oB
zj+1E>n+X&S5M&g4mFLxqqDu41G9AvOq>NRLSp1aal?lL;Va^yx7|L=IHNyzfb<+??
zs?Egykcg!>YS2XrI@IvZmetY1bJPgh%atmBy13Dd<9EqYucFuwkEkqH-}lAN9bMd^
zbp`=nzI}m<`1{M1&;Sp+=$C;W5t9~>{8EEMRqek`P}Sci$PydLtZCW>YM=L|4+wtf
z)g}eVV$zg$u`}#T!baV%{f)m!MPLJ_H30}=x>A3G$N-oDKp@D91x@*CKl6ArniRNK
z{d7eMkyh76orXdHEyIf2MMW}U9S~dopvtL#6Q<}Um2_RV?vqDPgAwfIaO^S-l-vs;
z)rp7%H54i@>T)KwB@-wDk_8zo+s$#IqrT$sH^_?)3<(q7o+@ivMLA_$Llf_k-%oE-
zxwHYBHm?%+CvJ|5tM)lX$=x1yU@}>$6ayK_gUDGCLx-iHw><wuHvh`}Y-cC@FXL(|
zE{WK53>=_v^Uucu4kD=AjKpZ!)p`?{BP4kWs!ZKgw|&UQ&Qvq_46X?Yfe0K-NCD0=
znvkL}cG)xMI`8E6&34X-nRbnejipL*K45d+Ok1cM)r~%8bCaU?!ule#X`<On$tPsN
zL_*HRa=il}?}>u}2%POV9~60FPZd9fgB1MM!bree2qF0d5X;Rc<UJ~FnCKy29$|1k
z60UOC;i3O9>oy|>7uU1w41%+oV|e{9y8bh&=_lGAhowvC5Tt{ELICLyn$n9(0zrz1
zD1>IffOHk<y(2|B5;`g<NTdnUdodJ|rc^<ifHdj<LBIFj-;3vY;Tv7cmHEufnSJ)&
z=Nuk7buvvK?_=4Ml7z<7qJFcXcDA*K?7g)&r<`n-C&7A|gmp#qV1e_~8$s#-(xzUX
zj&@;?Fc-*Odl&Jav<x1Fe~&0V6ED$YeDJ0ecQ%?SplR^kNVzis1TcFwv=p@jM)8CC
zY8e}s92f6U>1Zf%Vam_4G_NzZ6n}{g1a><w`Q1j11B-ND{hB|1oKqZI*#Ldk;hdy>
zUf(!4MWq*+dvCm<a{+i&LdK4rHsii!T{J~-hr2a+nO?V--C;&uxp_{j=n`(!R>MH-
zB9w$gl~-zr;7S%a5+#V|lA>A@d`bB9O5;$$_U8Pdybo#g*)-8?t@&Z0qdS+mJDRvY
zS7CVlDEYD9A7x(fYl+dF{+-ayRvf6>)JyT;`A`!8xRs9t{s;0Q03o+yslGDCG@krQ
z{eMxPgl4Fyesdw%e^anByz3Su<78F<lDgRn>_IxZDwYKIARw@VJXH%Z&#@xoo?T>q
z^yR1_-l6UlU*SWq!PBromu{`ETZgk}7!M>PoDxBRy`XIEa6fy4!AjGdV8l;Vd4;rK
zHcv@rXhJ?hanDm739f=PAb}_Bc2VPb+EfqU(H^tmdLLexq2;J}oBqa+HvYlOrflOn
z_hp+&eU5cwqt4S2C#uU>r|%_G9*6z+4E*HcgWQzJ19H>o`Y#p*%}6mgsvyWA@o0_D
z8Lv|TZdz#y9&w|_(*R4<|A2bSaBAI47&GTO1UYru^%YZj2VuZ5<XmJEP_nC(R`7-M
zgKe&66Lh}7foj}lWQM;Gj{D0$!tBgycb1DzL)hk%q6B5{A{(S0x!qh6cil>g>Kb|r
zygD3BgjD-8>PH(X_#bupnjM5qVq`k*`aF?V5nde)b{XQv?Bx^Cgjr%4)n*Ic?W!i6
z(4N*A7?;hqzyI-O`!nxBe8NvRP%3i!-t9)tN2y;~&R@nRzgT+g^XCu0q@PNB7uTyJ
z_09j=;i(WxvTjYnT)ysWG?QaP8O}$T;;bbOa7|n?WM+~PmA_R;+>WRkF_l6as;NnF
zu5qdjX^1=mmwpzKVK=EsB+b2EZQlf7AFJ#cUYP+Gz`&4Ad0hTj34pDu-iz|gb8*Y!
zUJ`MFV6|<!x8*-k;E_;PmI|)u_$7bqGdWj)c-BT3;NRlcAxv-sLUB84+eMA{Rd<>s
zt(LOX2=b<79fA~FM6Gf7Nd4z$vT(;F1(WIOg>kZjMf#_!l1B<;F5X%x2Z~}lU(A<x
zQOygr9tZbCc7H|fA4VX4p?<JHFret#oEp$v_~W;VT_a@?yG5L5O`Cz|AQeGI4HP|)
zsst4l$R>k8JuROW>8S`bQnRNmXv2t@4A^}EMiuPY#*=Czsem-v)V#3zbZe(Uf+X8@
zrp*JL!^E#Wy<dlg>(#)f>N}#-^#%gK7h$Vli+<77*aQeFiA1tl+pB<$H2T5{A37Jp
z%>sQcML{ORx%J+{1^BpL1%OXjcEY4FAyq;6w90W%k^4}O%~C5iKCfdbTLZ8xM+$9y
z4B}rrC^8?s4`GD&QN8(&_qOew(zkK#5N<%JQgyN|=7KjSf9>%XHAJub;2C6|fME^`
zAZxk`XHCz`1OUqbjZQre?05kNLxYMYJAjVW8KvewBl^soTepex3d!0Ltrnx^HD0AB
zEOrD#F`U=VyhW^`<nZHO?}&w{4)9FJ>+qyVG#4^aN7S4P)opMtqlScb+XRG17#WXV
zS(ZW^?5@IS8fCx)5b%102F6lBw3kBo(t_9~P}M!YFiU|zZb2W=JC6l_?`n>txh&y?
z%d|H;Z$V&jy??2H0x8TV?^ncX^7H3NMcj#k=E(*HSo;r(4i5@%I_9fQ)@sX*Opd*E
z4xWD(Pay&pubUt}sMQGagx!zcEKFdV&w`Z<WZV~|s0OiTU8_ncy__}62jfx!@&kGW
zK-jN5@ZLZlpiM7VKg+t(&!4?&GFg_L+l(qs_aE0YFp^}s2FQPsxl6+=YoWDu+3KaM
zOUI{UkgeBG1Cp6KyyjdxSU!H6O1oRazxY+YEY_1vWUi<`5{^%SmzpZlHmJA9EQ=!v
z$KIIld$+dAH{2VVy)uVCq-=HcB?R0f$mAZGh&BsE3b6$TqP%ig7yO&k$+c>RbIMG?
zgqK1(v#&1+yOC6mr?10KIBkf{F37nzm|nc)Z<_khXruUR@v9@t`<+H$NKLje=g9*`
zw4q7@)71<4#BbnYoKl=8Tw3gp@n>u*eOp|{xN^!n!XZh1DMiNt_%9o5aL0l=e;rc6
z#T((X1&MCo^QSKY21Yu|OsD5<nZ0HoA{2Q!ts1~LVvRx;&NGmnW!btt>$AO(x|z7$
zAOYU+07RPA)lh}uy&jN*F@qb<{Kg5$;|!eQL4mxI6HS1JicJCRRvNiIUB+DKbvGGN
zEpQ9=`IE{hTU2*KtRhul<^|_Mq$!{?bvdd(H4H*=i+T{RwWXj+U244JwVY$&kJYCo
z@_u_g$Ei#HFXecT{R(A1dwsrk8hCO?QzeSp$Hc|?KI+R__==JH%I+xv*AY4JvC6kW
zyy58Pvh0;WKb?4TvXYCa>r?^EznrIscRzTaWxC^D1e^y8iDT9OeF##{i$i1-U1i`F
z4J(=`ha$<e5aQtSCwPtGFEN1iOUC~!TZ+!8KcpQz9o&A_trZPG?8(9t?{4Um0{5w2
zL$S9n-Abp!*+^*t*dwv|%fr#8M&JMs7m5r;=Dxn5J*sKopAevK3_)FT3#V~}ZIcD(
zT34#|tWlXgn9-Q%2CP)$@s*EFmOlf3rGU<Me0(}la-Yqp9+~F*U5IBA+<3s8ed{E)
zudm&Mg4^ql{1J$8FiWxkb+hZavtT|9NOkbrEv7t}`Zm=GQ5b%GUgCe!62)oOG+GG<
zK1mlQ3gC_^-foEnS#P>t>8u6=lf9i#JHwD}?W_Pb$RYtz!y#{sJCJM?Vqw@>j;Pja
zsD5K8xKG^25&X2ft&G8%w4>X-rCbUtfe0lE?Xj5w0$XHKSMlpIHfHF~zV`J!D&QpO
zs<1gqVw0L}<{p%n@}sgJcf?1hUNvmj&l0lkh)wzxG)vlLckjm$!;sA?)Z^fgS<0(b
z)qZ9(rL>&$xL_^BFlPUY8(ocRy4hAnkLStr9-GzSC0Dgqo_Fgy_BPGZ-MIxc1kKTz
z=_>nDY~$}TpsAo)92v{?({gE>Ot|A}Fy&w=l4{FWb3Y1Q@fvrYnLhHaGA`9lRZ{#S
zl#v9JME>(Bqxw5hh?yTaaMslLI8B_-^JXZALPkq*DvepC{X4%43_JU<&IkM{Ni7S4
z**_nDv>N%cu`VceXGWMARv2<o7^6L~D=P=3b|dq;M#;89Tw2A7$sqebjSJY&C^&hC
zXvmTIva!j&GtNt7VF*%kWRb~tRO>dQ*<|p{;JZu2MZ_9_36#tBn|W|xk?E^fQ+8A}
z$EW5u>?`)}w*CoZfvOc`#c$r_yHuDM6!mua8%Rw|7qdZuxw6qT4Z<lEq|U(9m0qT>
z<H|N!Q7<#>`^eNao;usLX4~;m??mxdo0Q$`lcm90Q+62#-k6)>NjZsjPec3cu61<c
zK3&VdeyCfkX27y^%_*6B&6s%cONw>3dkw++7kS^uE;8!}-Ni&%(NDK+Gk7(;*oMA1
zy6~tpJ+vpFlcLk4jJ;mG{+j!1O3e)V=81hUl37bP{b7Tg6F*nzeX%)l?$qtQ=Zrrf
zp?wI|9KfTN-tt#x3nhL@73t5bj+Qe1`IJ~~rHKU}n;2C25a9Jl)k9c;#wBO}YSRMz
z-bv@u&t;MKga;RRZbAOe0{-#eEZ`aN`l$nDw*UEsgr8?m-vcKY>jGrki}C$e3bV(G
z_^gEg+lFzxP()x}zTdBo3LrIx04e18(nzfgaYzr&nP3DA=HPMH6`>~U)l9eNF*-wV
zOaQ5yAH>^Cx(6Bz^_|a<6TAQV^vBX6z%fxV`(RjS)P>)txc$I!Y^Lkx#-@%-Z!|?{
z8#Z{(mR`b&oCt7x@@4{WZZ;QgHLJ0&7_Fq1DV*@xGt@jPcjvZmQ=eNzv*2Zm*vz)0
z+*%8x(jRM1?K-D_;%pHQuT^{&<TST>@lEnt!pvZ|<TugfO{ThJJ$}3Px(h*1TkYgJ
z7}5(`Y`2r53hoViYwm}kr4cZ`%l^4W*HIUvsI=;3R5#Chv+R-qBwn&|DQAt7WqdIg
zcbwYHsNlua)+P*h-as8j!#$?S4ki=)55$m*kDYR#;><qqJtz}3H6=fF;-i3;Cj>N`
zMP_b_rB`Ox<XEPP5LRw<-si!5YjRA2{9kC{w=o6&4y%ysi=WYvH0cGEBLk=sYT;<y
zS;lMl1_NTKRV&gjfay&9M~J6IW;hl&9*P}Uy!@nBgDS#NaQVJFc>tc*FRKsF;B|D=
z7$gi-M3@x<O8+8wVe`O8TsIuZTYRYEp3FwI`B-23+f->;y*sCbTBwE8J#Bp{z5Q4Y
z__w&B1wOVV>Wp7s!HmtsC!*vMr91R&k{%`axb!&K=^q~+2S64<Q`{3w3bG22hi^gC
z<Bv(6%e-rf*>oy|MG9!(t>9ThPMA|j2lF(lM3*=+q=vL!z+!Sm8e(?ZrEz%E9Agn3
za6*k@&DA%!-Mc{qoUFs*7~vNbzXnxOI$s%TV>Pqy4K~$1Uw)^bom@);nVCWYI@3f7
zWv&}9{atHlSNbei5P6AGYQ2j~^$4rfe@*z5*z%u)KLH(1lY&+QDl)6gwVy7)K7OD;
z219`_fvhrtL&cdWUFSiFjsR#Uf)>!5634^_h6V<ru8LlPhGHj6%B9U61pT&iam<%p
zyW6V9YsK4u(?OC!l4TlaAK)T|0K!2CNny$)b;jkvwb?sT`8qB(>9?ewgzAi5iGQ2-
z_W2CUZbI_7@*UG*z72+q7%xPbK2hAAO47LXxeu*MR-h2(HGjjp#%A28W_&)o2D*!^
z?e(@sQ(qIcJ8akXor!YJp_M_olriR-2Ikp*(C)ixf-(mQh2qV)>l>s*Qdu{Z-2aX^
zh3eg)v-y8Voc`Hktigr9poWg#nx}mNcjVa$oJE5sF2C+>AB2N`lM}&2Yf1|L9QV_(
zG-1w5BqBF9K2k-3B+;rp(QFi3q~QXr6o7*Q6n&xK8VOY-FsIi6=Ml1qo=-45J(;&f
z`#|wWvyWK_&$9B*az4%?^GWA9D^7tSqV`s7N)s@&%-Ozop2W}Vjba6m&yWc&%S!OO
zuhvx@gtWNAdL%q}d0FAc7c+T-YO4mUZCgx^Z8tPK7+#1SxFXVoS@4hhRSZM7F^;`V
z6<A8{vj{n99k^>IaPu+fiNR6%^HN{Now%N|8()}O?AURs^MS<1)u^j(E?V-?{r5cJ
z=Ms*OUEYaI5xn-u91R~~c&JF%IwYNw^0qr$<Fl66{n7l|6WMV_?wZ-w%~HN#ZsfkX
zZn9WnElo!2QI_VpNYhu&VU^Hol9$Mdjyha;Dv}^YaiLzBZ-v@14&--&VgFq5Kzs<u
zvxYLmKr({3YflZ8;sr9#b$!57;g&|a0lCU~CJ6wW0C4+Q%>g$}dbkMoHO_tG?Z=%4
z#GB=$sG%a2FDFFf#5$d?NlC0LF+mzOqrl&F*L}J-<gC}hO7WZIICe>tV(WfvUptr1
z_-$0flVW$ar0MWJ1AfpxuE)0IfSb^j(l!0*-rAegAls<JKa>_xE+Km}3qq@N0-!g{
zw{iO_Y3wb~Dm9H9##w`tXXb`>o2v$EsEJ>N$(S(Xy(4lwlIhL%KIJ%aP>=6<s~vif
z(z+zEfg6+Ss}_H9EhWDE5zon$L}3r2+tLmu-10CFc9~E=K?ZOoO*02XDS!Dt7}^yV
zhY6f{qi#gp=Q%h~Ur|9|rn=Do2|!&o_#JXS8%2C9OcozOr;VVC9~yj7{Dduz0Y1bm
zkM7hoV>?qF(nJbcEYqlgr<qeW%d!`NGfa7Tz}&SHKLezoQ<^LZ7YJ?C7%h26uh8&^
z8{({dLn5WX@Y4zA44p%rgPaQ~!oZvW7>2VzH)b_}b3%r!YCrUTiXZ0ML1?9+IY#9M
z7m#RkRH!7KgY!0W<kN&b=I76*RelyZkbf$*DN7kBLAQaL`_8ZPp+SYcsUfbDB+?XJ
zo_jZ8lIU~c+THsoRPP1M(?rI4<>^{Fj{h|<!Gwh36X4~}b=%Y7QOODZ1nWyh!;eSt
zxaUikg`Lexo-ZA-1tX~d!1D(fQ3S{=n}FNR^$Ay#9HOF5?(z>9qNLEHf}}Yi&G7N@
zEODg?hGNO07D6!}{KDnzbCUBeRaL87f58L=*_f(6L7dIneC?pX1vd!p;)B83!kSGW
zC{wra7*7~6d48a^v1(5O6o3CnV?_ZnuJ;LdeEBNoG=z|?ab8E^=Dk`ygWD{dY|>7F
z-h0P;2aCz4C%=>cuWP8(g1l!j4Mf|`VKB0D=<~y`BL03X2AnXf5G}2$f0yE29UzEB
z3BLu}%Ebs?`V{~Bis8cg@~2e+kP?0|m>=RZUucM!Hu4Te3Id(XAK+tK4dC1{niU|P
z1LCWL7v%*wvj?Q?;AKx|CjiM{POSF0%K2|a9Ua1(q(Rn|{=8CHwz@L<@aId7z*1r?
znpCzF%kza3qQeR?<yBRq38!)U2maw|J*$+Zd98%nSSm-2^J^M28i#mspv;|?Ms|+1
z(m6i0!tI~i&NO~oqemxn(S+Ri9qzi<&My%#qcZtqUyH}W&yloW{;Od4U}dSxbojxz
zxZBZgmBr72q@rv=O0AMIXrX}cwAR3`(0`V?fSM69v-Kta|8+8fCpIw1Mlr{f4H}uI
z2Lpnw3U>B6K=dgQjn5<SQn)8<`bMKhcsgk~r#Mr<%pkA~)sseL#6+5P_dR?hd0P8L
zn_a&~-gP@wX81eSxpO<JT-wZi9`WqwHc4=g=3jCLs7^uZC<&P9zJH)8BPzTir~0q2
zrdaxJLJ0R~xotBmoJTV2I4%A7FG+$jvod~NP*lL(3{~vr+CNt-?!`^xCEBGL$A!FG
zc!fIKz=bSWR|QOn6aKIQPwFx(>;msCT%|8nL#w|7@YF>hI(F82w13{4;!#i>VxRKf
zit$adD^;X<l7lm<CNW8c7&0+!^5KuWs34JJ#G;QZ-+Ba$JX8FCf}{ikC-+d1j2Kj6
z&LJqTkOPt$(MsO$`Q1!#<W`1wXzewkvvhgvKd?9+mfq?-stI!BGoR>5+_VumrG8zP
z_P<~Kp{}m{Lp|%)C+vPCeXc-4P|gsshV6SRk|G{S11ZEsOD`}r?O%F`_RmD&h*7H$
zqDV*9$fxX3;vrJ99;2K^P)S3<W%g(@$8nZ&jfH;v^B_rBJ$+ki_l4N(`W)Ln&<&m;
z{u~Df_nT0*yQ;0xI$ZU4-Z+sQU)Ke5LM?pl@8?}?LKVGN*_=0&dhqM2{b+Hxj(uno
zS6Q=BYI<roOU|0kS$qJ7kQ|p13P&z!tU$*<Z+v(J?oTSMyv+eoP$3B<?LJs9Nqeuq
z<*2*E8c1u304|ZNZ!EJPP@cRb7}7{NXUpd~iGa#;$UVHwvdwYvQT<Nk{?~H2y8MsX
zC~;rGIq|fT<DkldWAA>6rITy+3aoHom<wt=qY(uS$@m0j1!3+h*Hou0{#WW*zD8cZ
zCohRT2q88i2I!1b3r+&@WQYD4Bqi%~SNpt91?2yn9WE-zcQA}a1l3yHOc3uo2+p>L
ze4uBn`JA<NVOkRzX|JZybcvzGv#EDOs{QNVbW{?yb{&=6my>qBF+bbMHtyt9^v)kH
zxu<{1joit~`nk?^lNdx$Aq3K>H7a*a<vwuCT*4!Aq`n4J`m(_j{|RE_&EN~2XM+Rj
zSRFWcUD3R{9MoF6e&bp=3>#^5`puO;(cxptiWuU*Z)%~|p?_k!KYEBJv{!R{+=T&#
z{cg6*A``D$giHais_am{0&%wMW+^zX^`RkNGFqQmh%{`y*jU8gC)ud5N(MEa6|4yl
zwd#*zC(6Uze~ybR^Z`l4c)4Dyz5}<%Ef|VyKsghmI)D4;nmVAOrE{uNNTDo4MY8@2
zTXgk>Fw8eCoX0P^@spPXU$UHInX3c5pZyoyTtBZIee3dRFt@3@02+tu(}`U)C(qF{
zyq#0w6x6Qh(G9w(w13_iezh<zv;CMR<XlLJ1PCsQc8d0gh^sJpJBZm!l>Ix4yH(T~
ze<yPQvkz8)Q3hLyB!;|D%K<hvFX9KFN1D*}QJLbhrOU_w!^7u^wa_!uVWEnIl*6!!
z-3kkIxv1#PdfU-&5x*kyV#Bd)uVwq1h4GdA8$%byRrI)Y><gQt<Htl>bfTM|030Zv
z1#GuL*=4Va`Cpr*ct$*J5#+m>?4`fyhA&L0DT`=E(5mxxlZBLSt8Vtq(|XeW8cnH3
zjcO8nB=O3#>ML-_xY!BKr-Nyng`bcu*G;N4GCQ3r<mF6ME@l2_odXh}WED~%AzKcN
zm1}hWX+h2TrMKm(f3<|}X8h+$Ms>CVLxL`%7`rn4GWlF&YIrs<>M=0g0I2E@Rpy$9
zyhFRg+iyBwyH$W7wicwfeCw*0A<>Lfd8PcNbWlXJ{7iC17JG$dd+i-hSB;NO&DlWT
z2kXkm516HNVrxy8;h6k-wCtA?m%E^W+@*z0b&?jV$_U!5h{h*NEYV5mrhp+D;5j-9
z?YrQp_>)MT>t4Yw*<yw=g8}{WHO=~z;yvij_rULNlVJWl^ww)hXqGvu6+##J&|id*
z)0x5zyLu)YoBrCF<uL0|#K#<I9L5RaRkWKnV_s_)<_X5eqnrKKQRg#>L=YjbfCq74
zH%t@d-b;$Vf|fkxtZwq)f#awChjHQ;2n+&thhtbwY?|5&OBkkBi%hQod4*H*+iLMr
zFfh?Xm)W=WXrel!DYSZ@3^KuA(9Z&1Iqd{WB&-Y?R$Rb53XD{=tyg_EbW7#U^E;y@
zAK(@fugL(~Y(g6b3`iMEn1m8h=&4K^7;XZ~*m9BqGym{$cz6OZ032od{>uN=QO0%-
zq9+EkoPi}1KYl_oX(0X-cF9fze^gF5xOv`@LLbA^NKl@qTuY>nbu?l&)4cKcCl)88
zXYsSQqx05}Nd}QC|E)AcvjnI#m^;n%`_j02Uly?U!Mkak|Al}`(efsoJ!r`r+Ks#E
z6NF|GlEkGhL7Cv+##x<vjet0alTR~!rtbxWvRw*5EcV^qr^}Q?4@K<~!EV;sORjdN
zx&Oqb`D$-tGqNm=dhP5%{RS(n#UCVV63w7w!q{?@6orDEYZKvYxaHrRq3hnO!63m?
zV<8tha@!K~u{C6us*bKLWcQ9f3~%tI6ETSZ5Kf+-tl)gx*)=8CL26A<FscnmG7;Vf
zt4*zc_)6R8!6ShGJbyN|uqB<I89t{jDTR=?I$##Z3V^B!JH-z!&6~i`Eb+~`*F6%F
zkvtNS6TZ~;Xfhg-gdR}7ayc?%6L@sOMQ(*QDK}R*dIq5-GxC>UdZ5%c0$|(UR4s*6
zkQ>T5m=KcNktiFth?u7U;tiKX;%q5NOXDyYE`i`mq&enP0(UGVhF=#5w&F0pe9bwO
zQ*o#4Rkga!=x^C-Bg)5}H>=eB&gueuE>gn~g~Zo%x_iHtl*)-abA^$ui9h|<wIJy%
z5CgK66F@c>L$CwIz*kymMUIpMiF1=As8a#No1X59Da_If;yet3jx8&mPVXdyUV#fO
zh47r;9)!y^(X+vou!WbMYnxzf<Y(qd@jD!FgWfKw@&HKNm28x}t{S#ZqX|%mTosgN
zcKQRLX;X_T0Ui^un})%tYz3c8k_KAe{Vwc!^mX=SQDhD(EgHf3A?@?P<+({ok#CUW
zh}g7E%%P?!s?1$|j}nM_?2h$M16Jg(VEnrNH9k-a>1!P?<N`snsrXeAE2>x1YR(Qj
zjDTbL>?t#Du3&&;Xu#Y)1Tgcgf-L}vL*5!4ZoJ3`ttIB{t~ypQ0T%&9kWFplbvEv^
zC4i^l<~>Ytb$%jVc<qYg_~RD|wBHKwhIICzhss(D9Ky%uuda7NRkAzODp?<ve3=&y
zK4mJa|G}@{HaQ(z!O7RO-9bX&vCJ|4_9fxOTI2Ag;P#@RkbI@B?1OxS;P#}wKcDS#
zuO$f(^L{JT+GHx(72M5Hk=WQTToY8FsHaV={9f1S!Fd7SF#oTA!t+-^jDfu93TJ@_
zk@goCN8rnIOw%|yCFX!UQ~H61toO+_C|2lr{769KP=XnH=Dq7Rar6L^I2ApA%gCkN
zOZBSJf0K!BvgP{M_tgxycrwOSRzJ{{9E72dgFMT3b6#G7sm@@SDIiut;W2Ko+5KQX
zbT|r>(p&?-f1FW$Me4#hIRoZdN62mw*gOPGz*K-AUTaKw+Y$>6_?p5}{nDyc*#e69
zwrBh$w7h)n+mlChhRQlA(QX|j2pEEz{F5r)=kiL<4|2T60@>Rs37pSm{eL1Vl<f^U
zs72Udk~^l*)9KyLiy;c@c`~kp12#o!z`HwwV;BL+h~x$tqs(z&lhpY&5@Tl}Z;B$a
z(Dv6azUX);s@o`@jW;#U(nK?91uoN&3Dd!R0s4_6iS!hJ5=oyY>-jT&Zr6RA^Apa4
z<g4u!yeJ<*`8oY~ht&-Iq9Fp0(8hZAoR=0JSCg(OTcR+3tjBhb2W^4rJX^-6u#{+5
zic*B|HaUrf<@ia02f<YUS1KazTpvobCi1lTAO7n!WxmM^#w&%h$Qg7-f6=1=?z#3*
z&?SINIxh*IVimRf?2INb1G;y#pn#JZU%d1kV-CeNx(5YIKR^QX{7X^EM|B&or0I)k
zv=`M2N&Z$0oMDuto9EizL32h!HL|E6-n`DC?Hg@$84xo83xZ-~;E42h0s3*Ct2xJ_
zlB`ol;Sl!)$NNLGt{w6`ktL_K+&wka=e&;7pdS&jUz0A(Sg2j&Vu8LlBL%pm^lWQF
zKjmW%kuNlQegsv%t!vy#7skiUGyIc7&PtPUOB9f_>qe9A!jga-qg28MK3_7i3U5V5
z!TW%q{Q}UKt(s>QZUa(mLYjJOBqmb1D)}$$D5Omb+vV?FThYIB8`Q#aQzsbHwDvqX
zvv9J^`;BVy3faK0Z2^I4ez0aD*uv#5E+%P;5M<TQL)?!zs!}EW@(B{hDOOB&M8NL1
z`Bv@f=L$hK!AiYE!sN^N{W;ZlLL6H6>AXsLsYIL<m*P8^g@gXCstv4ao1*;_!T!*A
z9Jjc2<F5WDSQP{mT%XMy0=;|QI^N}qjpY^b5Ju|VeFOuATB9;EU}>!IduCdrO;T)2
z=QCkeUf_Na^V|Lgp6Q#1jm$}#YNaxVjm~U{ZG$X5#|jEi@Y6$J9u7K3G!zv{R*>bz
z$YA@SHv|cFbESve7K8bRP>{*7&~Ho<NtgrB$8Pr46!T3}ZAF^T^BHc9F2{#b-Ouw@
z&@6hql~g}b`Q9`At~X`&<s>!>#e0}UP*%&ZV34`PT!BO}qNclp)lV(A-`pDiv`AI^
z=-jwhB*k0M0P2|k^WRGp>{;OG=ol2RIS7?~x1}H>VOscFlr~)t<{<0{1$$)FZ1)U=
z$u7uctm21uV3VcJ(7R|v&N8^Pr1v&FE&Q+;de{ET!!$)sg_dDBr-T_fnxg*+@N#ef
zH`>2?fY3gF6y8;hs5dn5P9zHFrWzp53T3RIG5ckTIR?v;)82+_9i9u`6+C~uPZ=hC
z(d057TSHslzpe9mSpW88if*GjK7k4Te79?v4=D01JaDB&Po}+)7skbZKmTinbk^zE
z76}1Eql!xlL_>26$$*>fd`1^p|3*vU?0RP(ZEf<)T#^S=1s_x-K)p>dDe+Vh7j1GE
zK{>jB*r&SUh28z0jTuum&4~@*%n{~PWClT>*sAca)jhBk%@mU2KuspX^7xMwPBobr
z`olaok2^A8zw@{@FJ}kJVzy^sRV6zv2n2v`U_hiIiFHm3NEU3cUoUWy1hzfujHhHF
zZ{0<<>9iY`RsWr;E1)09e`Wl0*0s~Xy^dltx`Z_w*Va%Qx}oA~xEY@A1Pm~2XlYR$
zM`6da>fc$=SjM_Ar5M!wv%>2~SuVZ@T58I!nke(nAfD*>G=kK#d6QMmo6a}{(|=V7
z=OPV=aHAo4rVv!HTSTlEjM&c9&H3)n$#)zYD<Wce8h6ZH4#KAy%C#`b$)+nFu&d+&
z+(WujdtG$pw>{{@&zklyLu;i<2^`VBUji!c&jzeW!tg5dlK&%ng5Peh1}cX^+Mz#b
z6kQ!*UC0DndY+@b*vV+ngMd@2{6Z-+r*szZf>5x^9%I6Qvvi!IQUXU8SUK4164L(q
z`AD83IvSw@z1(s}=79R3t<$ORS?4AazLLG97<*m3W?XOf>)GR{>)*YMSI<Kocw?d0
zb#vZ-s2r4mh{1#}QU~#Ufkoj^SH!L$Nz8_D5*Wj8VwNI-H%Sz!`5alPTM;n5=w?m#
z>pC6Oh}Pcud2#8}w9_9MX{UZ-i#Fd6d&2cMmS4Jk?mBw#GI8<rN9HrY7Lp<-bLrv4
zWK|c?y?N(TuQ$)b3AOlKN4kMjkKAK}ioK^wiYAH!<x3kR<MN(mm$sFJN6bNg>LA<5
zgGUTr@vi5G1c%Q->neY^pU<0eNr}_q;cPH+zshNC+>gEBMnuu6;M}`yP=ffv3@2+t
zd^PX{W?6Z=@yRm#JkvCXy~z-Qni3?nl&__bCTN~h!qT(l$(Ud^9vLDKyhgkD*z;At
zTQ!1+$klhq*ZW>e;VlOm87y%m!T{!_m75AzXWM`s#i$Or7-D=9V$Np-?%oxN&44S1
znh{*gw)n@lV~t1aMh>RLPS%kad-N8BCZk8S>0yT6M~Ne@+xxp6&E>jk9nF%rfArc(
zvN#84l7#gtL&ZQfVLv~px08`~0L7omk;%tm&Z9E4>Z}q<ndQtmhR(y==;xV?tv$XI
zr^U5uOs!5~J^qre+$%m09{kx;oInjj+2Jp4J;b3a)Fp+~*xtaLwQ`@sJJkYOzF&uO
zrudJ1_!{15Pw>@rBH#zgha+R}>aY@$LS}8R)YenRoK9r;79(D$>^&TvRF1qq;aM9%
zv?1SJr9>8c_lhE|p1<$|cvOu)|2(I>c{`v7M8vSQ2GX+F$Q*;A4u+v>dQkkU<ZRHm
zI@^jgpwQ#!=o4cV>1cdDwpKen;Jn}JbW_HKn#(Dh`QoCK?kFCelu4q4)HwUNr6xRZ
zp>vMUIbOpYJaDGq`>w!dV^n!v)NhlVx*j&<5j;t?KRq)fD6h@)h<hVEay!mJ=Ej!Q
zoa<iG$G)NIC~vG9iyX1H;uM{W-dD<ChqDAWf4zk|ch%|l8Ygkb8@jbqru^=-J}a?m
z?z7)-Myp0tq01^82Z74?085y5lN1?QuNbS04+RY*^<H4LeG5Thc!yKe@Xn@G`=tPB
zEoHXMezbDUB%cU)P5%V{{oNe{`yAY<-}aj5K6ASd$z6#1R`7f$ekWlkZ|7y;<Y&GX
zfza@^Jm+SHH)Le*<5#bDFuWrPX-fM;Bu)11zQ}mLzmk*8+j`8YCnSzbvE6H6jx1yb
z`=X@UG_?05H4V}+Ruxd5HOs&Jd(x-Pex{>GY~QURw9giIzLFlg;{b(x4XzYoj4>7;
z-xIw4LOP?(ysW)U2xeJ1=01AW-;^zG&X$@wy)uZgtp}{kkyR+H#Z)1gS!x1%)w!}u
zFiL1LVqwPa4zKI|MFqXsfK3-YaC#K=F0o$N+)%Sf$@;j_xY}F8vFSCz2b$_!UJ+bT
z(3u`COKYd$gTA{8Z55afQ;2=c9qG@Z+4TOduX1VT+f7F$%!JY=>t62hw=Namo9>xl
zt8|MbaHZtheM>EN+0HzsEAmt;x}l8LMWKDx(Zplq2E%U*u9#Deza*700UzV##lKg$
z$*iRi7k;BX7}>P>zGsJwHpNE_3Nvp9;vr`>%!)BOjg;>PD=RGQJ+WQ1fa`cHoIm?Y
zp@TqrSVjngt1qi?M<cxg1x?0HE(*EH)10wm9#^+Yzb7hn-u5=vY<+C&mwxAXwFn@W
z^@|1EQFvl#ivS~+jL?xIXb2#-zc15R#TC+CWD+YF;{hE%B|2nvAe4^)dXPsYvs9Hq
zX3OLAKs7)t_w2vvaO}}6+fHuJ*~-ymh-j2!?anrb`fFgNAko?86#ch37tveQ9etH$
zY{zer(J7AI#R_n2Y($1tcbUCq@3tCFQ^U9Dy<xR)CeVhJd~}9-1mo;!w<s6YRg*HC
zy;O4Fq77etNR)@I2j=%A>y13?u6~7<)?^6MFs6f8@@sY=)X<LvKzz9As~l2hPpH+*
z*?ixg(yk2QB7t4~^iv)iG9wkjGf>$JNeym)NV)8h@5t^LS!N&1P!Y!?Vwk3#W2gE5
z_s8SV(m>FLGX?i;i9u2%C7i}-<t=wza_2MaaBOd=vq@$bzsvW~WXbSeo1_-Mu2-;s
zm?2HBM?&(${jKLblQ`H2(PZz;yWjV(r<8`2oEq`ys`R51ty-O-#b&7ONE-^cwgD}Q
zkP*(sGWW;D74pMz=wK&zQ@Gk1d0526MOE5t9UVJk!g|GUU(zwC_ahgt!{F$ZtdBHb
zJO?~=I9TBK9zcBSqJQZ0KnsnF*-%$9*tD)uXtfmNtzFl&{t~sjM0x9Pw8e}@w=g6k
zc;GSD_#5=7qtm8K<XOps=FLl<fR2E6DfKRPaT)tIQq0KfV>9^I^a^2fY;aw0Gt30`
z@4k4r|K};k9ltT!+AGEuqxm<EHg$MklW4uA^;M11k?dDzctq@!e+kMh7c^4E5|b6w
z{z>z&Lc2p-MDf>=>IjMT4_4@?06FgvZd0DS*YmcuL}PWef*6+FTKTnaT5)Yi`uVo^
zX$Hd@Q2Lb6k!Kg#-`vOR>p%Y+crD!whT6f)2TA)h#|YQDIST!_=yct6w{iOUQp>p-
zN_vS2><U*VUv%ayrp{Yk0gBYq2-_;3oj2{^#YSEZ?z`P^(l^HAvugMx?bd7WD!XMJ
zg2lmWIqhpN{kHeTyPW)n-r4E<v{!8YR{s5Qdkg-a%dqaD+Z}WwF(J@k@;!?6AqvG2
zKFc)?V~c8;Wz_V0^*p9slKz+6_-9!~ZL@(*i`<`IDfxd4%U5ev%)P8Sks<GhIxf&D
z7>Jh^a@S*mM~Sn(x3U$E$zaMeg-b_zmBIv^I7$~uF(qCD%GcChXO3N22wVd<K1T}p
z*BC>Q@$_&>%gQu4ECiCe8cGZz^edO4#&ZfRBIfNMKY>E|_V3P|@{T%l^Gv;xnC4~0
z%xo4>YtEE1p-MLRWrvgf2g<jP#P5B&F}0oA@jzv7+@ifFX}s`I`Oi#SRrHXpBk0vu
z_v|<GJ0C+|r;kM9ap<r<zk|;W4SQT^ZB+$}6B;Q6qvoUe)fMVMqJXx_XU3?O_qPNL
zw&yr!bvx#|{M5AO!0hs`t+R89X93H@?>P%7b%I;q#z>{!$!8J#TE}NRddS$v{91Tg
zrEM@W?|de^XZx1M7&&VAp%&U@0&`7JeeO%-?joh(-_wZ|$Fg&Z9-<ntE$A%?rQ2KT
zg>)o#8ItHNbxNzk82-X{(din^g{+KlGVM+zcv~F_N(y_SGpRRX3*+_W!*CG~(_3ch
zFl=-3AxP^XwA&2>L+?Ywm+9X&zbkD@6;$4^nn`n$oBg|VbFr^^Jyv7rErru>y3f`P
zE3G5r@*a*NG}U^n!^+6XDi~mcPh%goUOL(Ro$8+J;<<71c3^Wbf?JRV5@3+|hc&|Y
z^XZ)l4|3dE);A9l!Wy-d+h}xn2D%u*tlcfS&6UY-Ad$gFR&N5mP!%)c#wT+>eD?>X
z(Fo$9Bnv0k%P36)S7A=^2~^#xx`Ck#x<bj>wGms9^cd?Th&_-{?{9)6m#3GdvC6gG
zSENmw$FT3`yTQ^M3l$KHT0N{Blo|KxU<xmgA${crhQ52E>qk4QOxY*c-I+K);b#kU
zDsqSQbjKaDi;sObTE=Rq=wNRJt4;^>PmDL+YK{tZCT|@bX;sxr9gY^A)c)Cjbh681
z^Vw&{v8{n-|545N&z}xxc6PqIEmAB`yg2pk_~={l$6`ymV1aR~y6%UIe)s+3_A2I_
zO){0^?$rmrCoC&d72+S)7Vl?secO8&)iZzg-|WlR`d!=iQArp-75yr!B3<=`MR#q2
z{ic&f3uyFW_EN$D0<q;srEXQ{#92+d%sp}oZ|_pGzBhM#FK@1Z>6#uplr(XlH-WH@
z#5r;ttxd8*QiOiODTF%$)oow@5ob+U+?FsYJU=(j$`04b#lWQ@;9gxhyH}c+I$}JJ
ze(`^>O(5r@LV-PB;oMaUBtLaVb5y#Z4EC2EFl0NXqQ;-cO}-FA6oC&uS*CE&DY70d
zk2#2K?-I<?7$AlBp%ul=+6iT2>-CR)C7yj*`3^nuj(qIUz22~KSzP?&I8?5o;(X@R
z4t`ynFK==^%5ULIn{Axe>f_;ttr3gkm;>e0jlAq$r|MIUs1=oyh^c!=y?z}FbSFQz
zq9&xiCLYEUgi^YWPbb$JZdu%ZrLc2NY<=&8MfP#Cc>T4*&_^dDvki}Y2KR=`Z;5?e
zd-3kG)04)Q$ex!QS^A%S|2$POKDsMb#Xs-EGkL`I`N6e4!Ig%OY)o*iUM29y<Dk>A
z7a+{#5-6w!W0fTfdCvgremYsK!@D8>yJ|vfZXQ?ucJsuOAUPDlEl#5XiLJ~jyD=d}
z35k8NA^FvLFL9sibaB_#f8+t<$Nkj(CMlC~xuUqJ40I-^M$5u=XuqAd+9L@_oLk;b
z>iL-4F}qWgxBs4UQlc&IjID2Ahf*al3;j`B-{i5$kvIhyHgdn&?kI%<$pEKO(i@+7
zA9Z|~BY@T8lxy>?8$b_@>bCF>J(h{_{;fcYw3_28+{(43rpY))G~(wLpazDWj;Ve<
zA4M*!rl0!uiJ!a)Ji43vqv7})oh{GF9}8%MwXfKEWzu8kPa8!R_k(r!(|F*1`;L#n
zKS-zaH1zExrQe;>8OYwaH+8q;W=pG1O>bS|poFBMSXIkH5YI{Hs-WKj%lq4(eu=j2
zyxb*GS(r?&`JP%<QxliFn0TB>J*OiF5#j7+GzfplpnWaUzk|W?Sx|eo+T8uQV=mlW
zF>}aUa;=sdy{vG1B>@An_90rY5@g=9DX$ecLu|^u?y@_rND<53#Kk8{X6^rTdi~E%
zZ(=U%Sg5aG6sFDre<~pOZf+zmJZ;wsp08v#-cJ|CJJb>2dOk8$IWny>sCfWa)&+J$
zhaeLeK4y0pJ#_NT(`hnO-q~aZ;C8g(YQapZy;8ci@;+yvK=~%^(9;2_(9k}4&&f<-
z2Z+*@o1=9tkOTqj&8z!!Du+F*_Mg2ycgr$(evs;KipKf5?zUIeRaD2;@ek2uJo-3y
zZAVGQhaLV!V8`bv;j!`>Ma8<`E>&iBS{xW(>ANj6@5%)Kv1_q&P-PeQWO(j<%i-1P
z@N~D}zCNF)&#$Ga@WL>cU@hlE%CAEw8Ee$yh^K@55y4JMX$@;)>>?Cvab`Lj?*}Bm
zM3SVa%{VhMQ6SCsZjc#NP(IHv`L$@5<?KVjzSWPUP5n0by@{>8OHu|Kt4ZW&2i-P`
zXn&)9_{bG~)%-o5-FVa(eQfIdk$WL^#v%t)!UrlzwP;Qu8=F$;qd6ee9%5$JdZ`5z
zz4ES^f(|cMr%su7zSjtq_>b8plnL#I&XftAy(g-M1DD|6|K9ykv(aEyg@R8o$zaNK
zLoFl&6P#x+c)k1Nr**dQ_xSzBu<x12{XD*S+6+d;AAUciYGS?lYlHjz_745bkIdB<
zD_(9j^LeGmRp?%n^~*DCDICw=lDjJLaXlzKF5>XhulT83M~;Z69R){wi4BWvTFyxw
z72eQe*@mOo1M6kF<IqR_+|O0G=cin2C^LThk#@@EuXBB`l0W$|w<3W3G+ks7?=wYr
zs=4{-(E8W!Dc{kghDD)8<1OiIY#5gAUb1?NK=E7~J+ze%Wy6s}{S<nljbl}it)05$
z)VV!is(_gqUM>3)5c|r6vzj_GTvvVNYK`zkr{%2l^6ulc(v?e|Tjiyet(VaFXlC+W
z&lG)DIobbTAOF3b*?%9uWK~rG8iL>;N47+y!DG_`g9>AsZFwL`Evpyg&39c|^0-8f
z!*8rk#Yp#jgwu#yC3JoNaASAYWfFRZXb46!5iyTb`=gR2;f!$JtNr%<kF*-rnBNHz
zY&BYgk^5ENP0!75f3o~}Z~buXU~&DVbV}4$%rC?6Ex$@)>el*cOEy#`CEVVr$NTAX
zZ};QmM?UJCZigo?#z`sT4#W0ZdV=eu4Nv+DHG6ry`lB)*8{dqUv4Cv<{(5rL(~VhS
ztxRZsZ(i|T-ErU8mhbNeD`op-8IOc~1yc4c5H?|bkB(#gOeRmM9z8QYmd+?Sh4N^y
zu*223L~n6H<s)}+op4sN21-<TCR3?~IBhz4TuR6;vX9n`>u0Ki7W$2vq>B*7M^JF4
z>^;6rsN3g$DSzpy<?qS6ku;f5QR_dO@8fu2VS{A~jAZyU1A^gY_IK=S4P7Cd&RyN<
z_M&zg@>Zd=RE!tH9`Xsyn5G3<6^e>t*g0iEw>^%K9%W9UFjf%rO~zFoTEES(t1J^L
z0TF`IB{8p1o?S58zcBX(wywqfK0exIvbj*RPvMM+;Cz}gcg%C^(~xVa&2iC_szO2;
z<+5dbq?PHVNNiB1i1Ri_#O&N8=9;1lLFP&C75pPm%d@Q7VI&f1MgxhQ&|Hy!Bg`%)
z>2R>zxRkfH{DK><wVHB%?8up|B`!$=Gs+o3Jl+fYDZ~vf`@glEp<X+Ubc_NiS$Da-
zSvxM(zCy*pX%1(fAB^A$>2Z2S2HJmhmnmFvN-mGLDmboyFVxy^-^+l?#N@gBro;%R
zx3(+&1w<V}*!1F8AWgJQRLLUj#BX0t+<{vR%aYM#yyQbsw@6-L)T&gAy)z2Mi<Qb_
z*st1M7?+b}D)S<^e2L6837VaS4=C!rjSbxYW3=jD4R0Y{EGrYbHD|Z^7|zsi9TORs
z&vRPF)}FaJ?F-BA3(kExTkcBm&EVt`?=e1uuN=)yu2&$*8Z=R<@W?bcZ8|(MSrTT}
zK5LqmOPOIGuvG%H;%~co_`tE(V@Q-AJN`Di|9<A3=E6?F93c#24{gy5z;$OF*2F~@
z)c5_-o$~F=@jFR7SyB#wLrdmUr#954jzlxS%4k~4AMruC<N`(tj9H}}W$b9jRb;>K
z(JH=GG#GY3nNMCYYv>x5G@PHiRZcSFRkJQ16P0P*T<Cq}+D_im@67e~9w&fPJ?dKQ
zSX~R%_Fm+r!bu{%1Q}wGg5wVo^X6=8{_TuBLNCI~wqa`ks09mi3&H#XbIxNAt`qPs
zWvieJo}&YCmx=w~F`Lp>q)xP6>$u}Id6iu}JGc;c1N+li@$871Hy3ir%3_5-(EfID
z0(s<bvFrQEo6?I;tt*aECHk9di~9#%UV1y5ZW9qS8DEh_(JatrMU)Z8tLVqjLjm;x
z7beU-vl`wZow)^^kMZ2GMc!Nq6PYLrS-T@>J{cV0L#A||o5g7q5t9+rTzG!gmgQ-G
zRg0~PiculBLZshrUxGMAz<y_G%D_u87QKP7DL-Dj+Et{|P^!<@oIhFDoC~*iu14ti
z=_H~WFCEH8ro0T=c)%%Y?Oc6{Q}R%C80uk@k6~;16ywe+P*gS**HY+m?7n*t;$p~2
zlcKL~NVo)dm!}aoZ67Rql{5~g4BhkDXo-3P1Ed%%_u;4eZlp+!UyGU{eJh1??Nku7
zD6BYUx?L&KhbiZ0H6=KZN1M(Ae-to&U;fA!4{VM^SS3dh&s7o*K=-^)4xHaQzJ#tB
z{e0gP8j9r5>4gLE&p-9y72555?K>h^qZY37@gSjk7*iq_`oBwSa#r{d-gzTH>WjjZ
zf;FPIm+QH()i`3bWR*>8l9NfEi~`v-AT>fWHg@E98FS&(lP{0wiuHa~B6;4t(e9k{
zDD<oTgLhN;F4BMZvSh`X{eB6;g|oSk=WH(vMrKWe`&Qs0)GW{@GZccOE9U>%tNpo|
z+)X!v@|(>~RGxJO6WNu2d&SYG`N@I0rDKE|Q5UV&kd2KjyR$|iZn+zAdcF4Q;>Vfy
zaiM);=*~3qZ(q+rfAFDxD%l6R<ZOO}DBe$gbH-u9=Qk$RJe9j^(z3*}*3oY%(w}$H
zax$n50Uw)NP@zE>l0&=4l!>%2Xkp5hfZvaoJRQ4uvX<Wj@c*$dr)=BK(AY{5x*{VK
zS&%gTvMsc4C0Qu?0<`felpsJKss!=jH^5BFn7uQR5u;((0fCC0he=j3R>`ID{l1F}
zN3YkP6*wi+{_jmHp1VwW&S`;8(p}YM_D~+Az8A%V6Z7wfA?o0Uh4v`3!#@V|K45pZ
zATh{aQOjA+r)&>t_Z0d0<j&i(tmF)&1Y6A~$(wlQJQ-`F$%s+Bf52NIi2ZfvG>W0(
z%g*KK6d&#2J`&xNDGx&LsS<U<?q|cXszh4r`QhC;tdf(M9F|+Jh3bV+_gUZ*DyY-~
z=5#qD)Dbb1pq-29$Pp*fYP*c{aMYR`#Fe`fPTp)v8syDYGlhv{@UY3njMy^@{9-=p
z_|giyMXOeI?dFGL8D#^{EuVQEgllD^+R*bwZ#nbbfwHm7)CxnmL-qjmdlV2K!5C=)
znZmmo9X+nb3Ke&HL!DbMLHUbXC0!v<>4y}IaJSzLA0(_2q%a3Cn}n5ntde)=uUK<c
zN1jhRy$WK4OIdUXuPg1Liycjd)jO^*q)U?6zj!g{%qfDR9neGq#!TpgC_8*8Ni8t<
zHdW*Urt^7RTA#R~3@PCw^~^Cy(5*}DunhI<nWBJ$J7-lciaB?*`UYMvv8>sS=|DS|
zHSOd0!IbHV<M2;k9d-`6!_yNx#OPI}i`az{RNBp!1$uW2{{8Z|6m6dp^I0j_J4*kb
zpl8Jx89xLPMrfPvY&*gN0hT8@Va@|o<_S@wa;Y}8prCmpdDHgh^9m`)Pb%8_>YX}-
zu_kEOk~t3eR)n$Mf0{|Vhz6<Fy9>~M0Y+^ll?@`L3vVeMbw$`S$YTnEcCG8z_p6Hs
zTqYy=UPP(S6%KgCSdk&6op%4w-qO;6Bz^nCYCp#<@?8;OX*ylfZ1-R?nks`&!O1Mg
zHC&*ZQ|{j_xh^oGl{@;_ittC2m`kL`<nK$wKk$39iGFdMImZ>W&nyo-qmAWlD$}H~
z>|Z~Y_}fz;4;NX*K7zlzt``zydxbLARY@&4Q<quHx|dOIua+yL?2cBK5cZOT$&3s4
zqJs>>5QuALL0VuKs%yhl+b7Q(U%<k7hwKA&efuMb7GHhAt=ZegA;a4T8CG>vls$0P
zwai+t$+g;%c{_k-Efz8ukdiTqwJs$ool}*!%L3HXd44+%mHVEXpwso-;oClmc|_2!
zhxu;?EjN@Xf0u)>o%Q#Uu*N1^XRU-9RM6-kq-+V3Zw%^IH8y|4CU#P@U!+)AOfY)@
zx~OR|B2DxwrN;a)*p`P*R2uV~ubtVfe^=MAJYqv{IkSo&VrB0Rx1Luh5WqN$8r>|-
zx_Y}y!F_KsX6*Zn&-<X2^)t%fe|4js!cJ%JsWaC_Jw^yEdLyz-nkUxlT)+MsjfpSa
zbSN?Q9`-ejb$Q%eK`2oo3g`MSSQyk53mt8)8Mn0x*f}X;*!yayy=aZ%7-D$Rd9ebY
z9u8@5zK;s+Gjg|(u6fNB+At@^llUV9si-}Y^EaqPw#*Or)40-KrcMRs5_V+gwn24t
zlVrujju>@%@~juSdeus&Wgk_77??Dnzqn`=(qo$8{k6~$HQFnPdxc?)YLW_N5$I@!
zDUfS-Dzt|6wQ%s{C*6t?_-wpaJ8$GUaQU_!%RS+@-C`F~vcyIiW~*}>>2rU6v3|g9
zYufc$)@OPWe-rOmy7~v2yLp9h5;W%@o6W9`P!D*m7VpA=`9}UGuduV@qR!mJD@epd
zT>2-wZw~mAf!8j%F4Rfritr3pnR`&FuEN>EzssajliZN+sxoL<aQ}-W^5ix99Wkw|
ziQF>a;psU+E2&`2ROX(Hb&%>#lOlP-5E)$5i(2JUT5fk)FD}lv^(aq7W$4&@4ml4)
z!&+1`IZ5W`=~;Oe8MTpWOp-nwXR71~BV6GemNDcVx6;r<tDC-Wmq->1jdL9z+Q!94
zwO7!uDvh6BR)jxfm2`v_nnPKu0!AF6;@H8_-SInC!`n40@>kuvQ-og}@IO!=h0;rP
z5vp$xRmA*TfQzwQbck-kBMs`w-O?Ou8?JxrxFo}kWhU!J?=o~C@*+~0x7MfM3!9mF
zJ~OCZ)fkYvK!I$b4c*EGkld+)L%W-|&Y6u$;|D#x<QM}*FMOX=h74(`8@6;25$pDn
z{|7x-Yc2@g9(7lEvA<h=?P2~NqiOfq^nSY`sO7~=FF5kNCrJcrQ9Y#HQ{nk2OP!`1
zd5Z@0$+R13v8WnA;6yh5c)lh^GtoR%5l>`Ru%AEyZk$u9OK9Kp0O99m2*}htv^4X#
zuj=MsXsl;%&9CrKRrx&p$$BU3@BJzc3Oa80O$j0=2LRlpaJnpQqACrQW>=+6RMBTZ
z!Y`0xnHHE=h`T6H7x_ZyXyX0pN3PIrBYIJ5>`7LJ4q0^SC6G>>7c2{F0esM`Hw{0q
zhsL>`;ULBP3)C4`(H0^QOHt3lAKD2=oJ=JBx^J{5ST;Idsacy*?eeTWQ~t!oD&+&s
zXZN+4BsY6^BUSZwt0MQDi7^zLyPyap>Z&103m|qNqcVv31akbxv|H?iYu}N9dqmz=
z(D}8V&S`xflg*=lrkqKi=alSfk^#J8><ds4mLlx%OF`bU(!Sa5=JZvEFatwygFft*
z-T3LtO5S67zbyL0zBrTFjnP(Bh1OOBLrd?>M1Tv1H>GZm&UYP{8Jr_g8k)VHkZo<%
z_|*Ob=8#y%<m%fGmOP<{FJm2p0U%X-t(GG>COdM<e&V4>@QSgUH4ka8NeosMryl%t
zU(D~@8^>J7(mpP@uF(J2)_aFFnRVU6V*!*Z5_(fQf*=ARfPi!hK@b&1iUFlasG&-e
z-a!SWgdT|4Fcj%UYE=4w5}E-*l}-={^*h0N-gkcQ_sn&Te`?OT&)Ivgwb$CmjeKiT
zzfbZ(c`q(4X2~(P$eN3z;;a=OQW+oGTd#KS@O-(#tY3tt-9GZ7Y0_vK8vATeRP14S
zZqA&lH5cgRe}g!Gxg>x{>Iq1>VAfU=@+ju(gjj@u6*m+^vQ<9<A2+mQiEO@-_BJ}5
ziX$E?Z#RkEs7{%i*8llJZB>$J;n!a=5;HKb-}|n)s|=RFMNt-`%}BWuUCtD4qiZvN
zV&jpIH1I(nK*r05T@Wh<F&d?I;4M{VnREeB^ej;`p{?pR`;lfC*V6J7{Xl~TGA0=(
z3A5Z7kGcwc2B7`gi&Lf@UEV&<`dn!8*6hAe_`KncPU~T{9sJV1Dtq#Q`)TOn31v~{
zw4%|!KvM%E|CN=O3)<b(eGSbFPWLnPL=i(oJJ%hYf!x)R7Lapq5iar3fi&?c5)Obg
zyiI{xeLm;}Pv#Og@)th1_~~ziH|!8gil(kxZEKVeeU^7hmIJ0)#upVNynYkXI3ii^
z2PS|tRRCgx_7bd@pb`?mEx=+}iwr%|r_TyLVR6b~?Q4?zo96>_x*n{p?(K=$2u*J*
z7B8`*dp{p^LR-S&_tgUx+OnkRTHv5?)5azqwdG|(4_}_IQ3GX(gt<4*efGl=mG%{B
z>J$RU7peV-6F|TwYFm0EH`O;a)01yX!|^$nk|^?`(vp(^4c<v&fUfxwqtsn2OdX`D
zOJEkCZB+VEYM0)gM}hlK*8LO?_l3I-U$?r`^6dd-{dMVru%Ltg1lxC-&b99!13yLO
zZu<2!za7s10>b$dKCLVN&tkb$L-u|N*lB(i0b!6Y8wug|GseZyROrtunz74w)-dm_
z#^0p*{53=@ydC0!4!s?mR9>SihgJ9yJnG*NafF(9o4`pw42%UBCp3p{i&KuLqrOeS
z&0Ey+Z_GVE<FsyjG4>>yPXWZ&oiZBu@bl(Gw4L9C7~UXTkXI@EC<$sY1^^Vpt75$d
zM>cKjjpk{4uCuS(<ofiI<UqCeM)9r*!M}^Ve_zRdzmxcIke8VHNQsy+_3_2<=w|)B
zjS0?_@lvz>_LPI`8|lNuyR}^>giRweS79D4U%F+B$7-qRtB_lq2SvANx_q}8v;|Wg
zj9lrB?H6<#FNS;jm04ooJc^6>&nF;KCOu9Gcbuf+kDSAE;75wl%flC}%g3M1k)F+A
zr~zi$tQX3neVF&S;v=se!uw;j4HX&<UwW#PPUv69TSk)}>B`{eGrEHU)m4YZ8b&xc
zq2atr{I^GvF9Trqo&li8yTup37gk1}?R$+tLE@g7j6WTW5VN7)Oh;S<&ewx<tdzL(
zdD-;pMJo{_b;?%&H7`w`y|>ZGaz`ooQP6MGpiH&(abhZwrBwze&ledFp->7~G7|5^
zm$NF8bZnM$_I~lBK=kBNpa~b7)^C#lOS?z?ve(#&w2_@E_6bqxcb?VS(rzr0_QWrq
z<-`jcB}gTxMV-uWvl43g&sY7F=OhpzL;@-#IUbgmZ>bdt?cFBQ&pUjOHeGl&rvek(
z`N&xYbVM||wL$XXHt-d`YsT7J7esW*jr?wTcJ)1w6}eLHY9CJdM8uajt{@lw=d<1+
ztlRWydXa?%GXwU?2iNbNJy;biT}bPme316*)%}u%((LojcYfAMT0wO-1to-ZG-5dS
z*2s7+R~a+4A;bPS;YF6iPYV8eUT(#3elCo0p~0h3fe!-`hW!RCXm~##m_bdrBKKl-
zzB;foVEhSV6RGiSrKG(e%!|Co*Jdy<7*+Z8|14IlSH%;vYV_tX>ONIgasIo}=ajNH
zP53uvJ7adKB;$_t+h_Y`!r-BRO;DP2V%BXHm=Wq(7DWxPYuj>4nYE=a3(xUDF^I4X
zo;ugXNVejP2)Jj48fo2g&~GW=-fDwKm02Qad(y)n^(W8Xm0pwSB+n?{WcK`Z>(!{Q
zo$n51t*+ajqe$OLoLN6sol<2Z0i)yREvq}?E$xsEvnM{mi$oX@%`n&%=ae5VI2C)W
zey6dZ#z&h+jDc{@k5wO3T<Og|9(NGD&Ut$*f6r+6ylam_mtLJ?k`{J(t&dM`xUzS)
zax4|)-vf1Fruio0!7Dlh{dAI=C`(N?Ha3KelQaHqw6Dno1|Sew0s9mw3N$mqP!;ED
zRu_2*v2tJ_jCGccsj26ZweeXkVFA#ZOHtRF0HKH|(10?4>zv8^vybVYj1Mu1BiNbH
zzhHyig6$gq-#-mza$2Pa{4Vl7pVy<m?AC2<tvg^kUz~}X(=T}DzgxRsj-t#~>Riz<
zFx1^Qw5$KZ$)NV@zH{sE#>+oKLTK8%Ikg*oXYK-3oPy1@9pTG611jor)<YpVk`fZ0
zWRkTkeX`Bn3i!Mdp$8{v>|#%NFJz+;sFosA>m&}grQ7m5tY<6d9Fl&BGkmUT`qJ_c
zIEHSY<z^;xiwDKb^gl5jZbK4`3ieE{MJL<j>%c>s9>q1&>cL4-AH<M1brv*%GHTQ|
zPyQ3b+?faEHCdQPjB)9J%<DZQMI^+FB1y+{FY2->CN+sg;FWu0e+0r#zROt0QL<Du
zp4Cl0YIvIR#<TKl5c1OUH^&kdbC0X1Lh9X9YHV2=cF*mqeUd>lpdm>^0ketfH(S~!
zGSfLNAbg=o?|xQMKuW7w2xO^#6aC<rD-Jg`6AgkKO1ih4F1@&5kM$|3Q~i#dEf1S6
z91+=S2@%7WIA>E&$z!oFINN$mVH(J(Vb7nhI#$h9ZYoK;z8V%31f;zT8=kM=78ugi
zX)SQcuf}iCIeE{=Z`FV>c|!R^DKmX)fP|%&G9!Wj(O;x(h0{Mnjk^+}t*5v=1fSF5
z;lXE<%)7@g0(%ANVHlh-RU|3_mB)#7b3JN%4@K~w>mJQgTRKS$PicM9R+@!Y+gQEP
z*xv6xntbEErN^&d3pSh8siYfIc1xbi6R_9AM)M^tIA4(3EOpu@Tpk<lt&*XqZ@hDX
zr^udbI>Qki8vZ<6xNWUV3D4scl*4T`BzOciy<o#0iY<;Wl$0>|v3o^#;K<K_o+r#V
z^*fouI?oAg8$Y+K=#({2RB;C5VUkZPDe*&vH4>Pq`3qiPm_@C6eOFvt;)*pA*p)2!
zL|>0Zz`+n#PWn_Q=6jC`3LuaxL-cZCppMZGfw#cpUddem-C!V~T)S!?W4rbQ#s_N0
zXapOH#5YUhz?1Rx-VZ+Lvd?nnV1>ri8=o|lK!LOy3Hwv*uS*-M@oLIjKI*878up|!
z)#pE{UuQtOs~`NGQh)1sTO-k5J=x!8+qC}Xi0A6_^-TXv+OfOOvw7Q|k~^X=+pyZV
zrETc{m7uzFw>3vH1T0wO6WPWZ67xba=9Y)rUz@t~8SfL)<s&=KaYbl8x2kY5tTc2$
zn6$J30;Ro0PG9o&IY;cLR5}*@_BRXo<}Z@4o8^r@RSY5X#x2MUw+wIB{^WM%W23=+
z3~9$ftp{$x_+>&n%L`QA&hk@$X2J|EZncM9upI)+-(HKhk8%IAd@gvuxgjB+GiT0q
zZR(yj!M_JiOdX{(ve*Ufr*%IP+?%v|q_I}Z`ABeU1s{9Bu?7?c@2n1{C)_E6%K@_*
zwn}OfuO?>J8rFzwWR`&Sq(N2U-u*$xz*Q^u6slUIbf$i#e4FTUptStXg+vuMOw3H&
z>-I(Lkq`Fk4rF%rH1_4=-}0`c`j?<~9+}#LL5ym!6%U_|g4Zk1?<(idBY!OaNcO(b
zv>G|d+eKVWSljGaqjcL1E>_qL!j)E+%iiq&oL&wb3w?B)_o=pSp!4jpnHOw{ZIV54
z@{5U=T}P_$=k(yk(YUKeO7t{idX~#qma=~+-{V)DVL?M!=RAj}tL7gHNjuYBBpJms
z#NR_OAmk@VvycnJeBCa3GpU&5bL?_`mK~vyp_6<Y;vQo|^HJ$qTDFPupHKzotT_;U
zyB#$hEE(nHI0s%1XgIs<=7%6Ui7SS|%@1T_646@o$G{|&6)oGEdF2P?V4|?<M5;r(
zc%EeX$%XL?TtMp6jf-ZJ1(gIPZ`d-eZoG3@dVjAFAE?i&GDY<EStca6cQg>U-!&MA
z8B#WPG*-qJ>@0s*Z>t3D+64{rK#2!_LCK@82a(ivZ3V|!6X%28L_h0Q)x@9)Z_WX~
z@#~hB#|@d#WFLQZU*F*Z(}zLc6*Z`y=#^pb27S4?ykXP%vV5H6%*v#<<F(p_`&nB$
z`xYgoCJm0{X_qG++)bw|-Gnp*TSCZRAhRQilNsf=6)Y9KI~=ls&#GJP4hi7OXDz!?
zTsbRub51E9ANA@oqcdB6=-F=&g%%sTE!R!_7<>-0eWX{tyrSEpqO7uN4VSjkISWcC
z72o_vD&QiguK0M_NZeZD)DRSlOMa7H=uj#Ix()n@9!9tR_e?S9+m#~~FwMRk3FTLu
z$87R)`MD~>f4uunlkiIWLBB$g?1L{NT=Ev6i$c-yNNx5%t@@W<I~Ta6>v{70hSi^W
zny|-PG$^GF(mypRVavOmzq^-Lny_K`pq(1QZ|b|N4H8Y5mUa}UfYI@5DE_k=E)3{t
z;zm%z*y}*3-!T93n;@A<i##6aYjVFo7(^$UVrNx7JPMl-+5X^Xd8@V$6(v5Clq;#`
zs(;Wn1A($ZCB?$Cwvv}+Laa9iyC+sTpLstvYae#0mh{uzCo5$rCk2eKWKp_TpkMA2
z&33;zItOWUHwjf53u&<AgPp$X!OR=t?1upgf+a#<{mJ9_EWg?=R_LNnRLIzsRR?-k
zE1Y^6Q}3@F-@lu&CkEtXoU!5X;GH}@e8?iwg8+fZJEbtlQjy%7{;w#`AUT#SA!t_S
z<x>}SjPm(HF$M9*Y<cO^CjC!hutzleUhzOT-?>U2IHDDiX5-yqP4)KnGFJ3vcxKH0
z6857oQjgB?L|U#eb9%kMR{GnFF9O&`dv2h77CiOp%1>QNsK!Rf0?YnncWHLOZ{C>f
zQSj22FX!vpcWeKVBizQfyFBS2m1=AgUS|wf@1-1g-XtXN>`YaR8XuU?>i6P7(c#w(
z3$WP8^0RssKyj>(z{G1=)y-SP%EHrM)M~#HS~gm%Fp^wLSpCfsG-&`-eK#wt_C5uf
z9B*BCB-<P?x%2S{zFYL+ejUYki3N3VPd&l%yp`{EUntSVbN)l?@@``GZuYlRKN{m%
zDdYnqR{`$WE`&+$4w@<6v~!fMEb(Y#@c>^1kk<fyid9l)701z{M}GtLbvf~er2a5#
zYmAfVj&E-GNuS#t<W0vM`Y;4+lH^%4;%RP682OG<mP}B-_U3Pk-PTJ!7j7DYt<?;6
zmrh6r54v#vv)4~k=Z0n7zO3IKzqvn9{uMXK$+$N!P4mGq@}hIsZ&ptw<VG8uF|A&h
zIjw%w<Iyh6fbDquUA#P!KEucN$0_KPMGA}mY-el3l<?H_Xp(pBX4iy^)wij&#o5yr
zM4x{144PrlFvGWN?9PhECMLEwOj%@F2<pDZQ7mrk1W$N(=#RSiwK}e2W{-WXNNZP>
zZ+J3L<6da|SUZq3aeeJ7v=tL*r68!CBD)$qys>9!_%l~h<l%P8!N=vGAYVVqTEoFs
zB3(+w3zsV&)e{06=!m!4F0kOEb}2y;u*5jsnUC<?-`sI+@1~cI4Vf~-mKKb{04388
zfjl>dFgf05NZ0!$@U&bshJE;&SCk{-s3kjjcaLYq8WEa^U!)&ktN2>H1hBUCX@Dm)
zFL|$WlE)gklwZfUz>C9i%2!A70c>e1*!>7^w&gP;GLu_7TX2%p+(r*>e~mUj2LOSM
zu7h|cw6Pl-VEAWSr(I!`lJ{qkfyB}*lOVT5e@b`K{$O8h_H~clme(5SJ(h!g4amWH
z!P_bG{#&H%Z$E$66N^X%=2n3>WRhfApY#nAUqYZ$#I>T%#DHHPV|S8vdK2?lgz;N%
z`cwx^mIE9%iu^|8cfMIDxV~NV*;JGLCO!yBtR7v~RAN6Xw-Xukc^K|BS1`4ByZt~~
z@c!%hPn0pbSfXE(Nqr5YHG9G-z5U(nqh0(ad8h$^-$ZkZ-&O5={%I-!+Zds4p8>aG
zW~u{eOhMHQPw!;Hs9H&}i8J{8&N{2X>ewlU>;8<+rj=Qh@B{)*5&-yCeD7K7)AWFb
zNp%{L@ZodqFuwNkPoT|EtKoHUG2=}@^U2s4eG!@A6>hfm7!fHAgUfFG4%a$Z6I~mq
z!i%`cpFmq*2O2JT0RnXncI4grDa@?N3vd5##LoP7>#O!Jy<`4<^fueTy$Dv9WD!7l
zIVdkvFS66=H<E;jzbVhn0~P$8x<(=nimL}#peNgSOAiLNQ@4o$>zF~}-@mJOhd#15
z?2x(x0=Zkx@tuv^rD$+uC}H(xK7eL$tRBe}wHaLZ(a3e7>iG!_mg^K$62kEcq8P3t
zYu3%@WSU&nY?}~rmfvrfvq;=2(QzC>ew>g71=XKS&01wEoO%y$QVj){d;k}B?uwzq
zM5Qk+aMNhAmUdErE_XcKpu{SobHDOlxB+nlQ7U!%??=~dT}(w7UrD~=fVMh=X1z({
z$-7e`K&G-)MUmJsX;{A3swz8$?%JF8q`bZnpvQVKd^g^Zg7vJ<y5@P;z_zIJTu{90
z;F|?~>Q;o-5JQg{hEx#AmV@t>JdH~RruNsDytDf`m){0ydqe{b*Xtl63&&Zx8nR*S
zsKlBZ%7qf^T`TNYQR|mfMAY5yva8?Sb+j_2Ek1K;Yi(wq%e6lBbmluAat4D<@3tNo
z6jHU*7@aBtPRSK;O85o}C1Y@sYo15S0_tuyV+)0{BH+dGxT;tn78ihqv(XMD*d*M1
zdyCp#Vi8D4&5wDGN>v2P<X6Rj^HV0Ko<VxyJI_6Q;S>hnrkD|i2j-8`wck}kp!`Pw
zI&XD;zX)=SW*^7#uWx!{I{{p{qkIxU{?xDzoxv=uc`MI7aa!6L`zTfKWT74*Q*rj7
zevY+b%=5eJz+|F+8o@lP;Tf!YA!b2brrLXB#=AxppCRB<HTz=WoBz$EU$@jxR)b6^
z<~avy?&~rQ?iWu#b*bBYl(hZT|GnfovnV1>Xqn3@b8ESTnF%fHGk$~pY_ZR4krC%O
z*~^6FsRQ4y*S{rVo0rR;Y?Q_l12$c12V$5kz{aV&7Ns7|%)aI!v!GQWci!y4QsI@N
zx5k5xG8%jqZ}f%7F=4o?Zn&q$Caw>M3bO#|aQ{BjNpv3blchjW2;*GpaJ{RVgP-~E
zNp$h@P#itFi6PYq5SX4Nhum3cr0}$}ml#gzM1(<^70iZwR8-esn;T=#4G>8RIsU90
zD(D-CX}7Q?O_uk$^0Pli*Tt&=FXdf;!E1m3&X7j@!ONsAV~<b%Yg|bu6T%vIte)ty
z{#4&o^d{ks)q@ai%QB)ISyAV8`l(!4oRI;9e0A*B<Z|J5u(!0Y1*&h4rKE;Po)}>o
z)D|S)DA7MqvdYe^*)CZS*sK<+@ea($uUzO?q=={z_jNQ@v>#pR_(>MHv|;UkQQS&o
zogu|Cy>2u5hP2B^vzSEe{ei{b6P%n4n-NO;FW7m9CcAem#`xseRg@HG%?aVoHY#QN
z#`XpbOW<Ys2cMOfnyz>VVX&zx$Y}*6&-jy#Ao=ZnguMQa+9^E)_wW@htgI+9roCv5
zG?wm04MkM8X1b9Lm@)WdB6Gmhw@xlD+57zs`r{=xxTU=>Id_z0dUu|Jwr88NCLvXj
z0(2YDjdOVLUJIi*GNz?6TC<Of6{@SQxs3f2oa_m=u8Su!q<t~>0_Ze1#nQ4?c*Ugw
zdq5iXHh1U#nPn#KTeRIP=yTI+{Do9$tW2Ha&VEXRg5R&^kKbhK7d#r7H08gFuO-&~
zR*iX<8ZasBGg7eCfXZ&K+r$21i0*KoX0#Nn`~9KyW9?YDESMbhHJiNiS=m}zMO<-~
zFEz&5`_j-WO9d>Ax7BghBpBY3D;n5-VuBUp(nBWx<}l!g&KD}*Ak^yl6hBL-cywaG
zQwm|SA-m{D7ij>7)&N?zbM?u9*uOwMpIl8?u6tY~Fm}oHO`9L&Owx4l-$32tmfpiT
zR2rLPcmv)}O$m8(L^{Y)*WjW9VLeYkw~^FD{BdWB@SrSC5k<&Ywm^dy%3xLLN9%g{
zSi~OyZs#$4GWDhRaZ9h(xdqk~^Q^kLtj%9>88_;;8Gk02WeXwqdrV4r=W)LGH`G{0
z{Rz86k)!5eEekIDw24(`_bvAa%=SMfyXd7f{7#cSnDEPXXr+CjF|)ba#bT0!x*6RS
zY||6Ks6YI7Y+KpbQtTP)7u%JX%VmOka8_1Dn%2)ept5pvVBk0nMd!>c-M8Xmp!nR6
za1D6Pgg&~V`FV)Q4^lr!UBJRN0;{y;LnYrV_y_FQ#<A*sTirbY-Y>_pf*nD$8d!&j
z>cX3u&=a*%lFrq}eL0{MK*lIHiM4(vwf+2QIJE_KA{SArZ`}`pz2S+mG&f}Uvkf06
zw_Y|xOFlQ*H_YF)&_9TMq8_yA_i$$o7D+UnKONDzSZiY<_S0(bn`umH>f!<ne_zV)
zxwqYh`ONZgk+ukKx?PF5c2^1t0`m^nPYQzG!|+@$#g(x-aoqm?lipO0kv&!&gKX4@
zG2dG)Y-e<ONC<1>W&8^a5acOiTmvfDpya(PJ3qBqlZ-&4xOQQptx=Ig#hZt6jL=BT
zlo3QKGKVWo0*ajWI<C`slUoW*VaDL9Owxpq^uSRf^>91EjW9yvQKz}ExHy@>*48d#
zNB{=P>xdqO3${G4T%HiiTZSy+Rvc7P?-|#bpaJ9h!kIUl^$LCiYD;MWRof+L!?LR3
z4VWLIjOd1Ed+jp^<ONOD*QK!^16|b-8=*anYb1l+jpbcuR<>B#rB!X=XD*kN+7GS<
zY4`0&Y;)RZ#OyzdgbW-E%le;9@>X{9IYl7{Fv9dfDOhkilQS}BSRk@om_FX2aa0gA
z`AK}<kjM?cCNaE_=Gh)#jR5)TSlOskdSTir=!evq<@?#Z^x#M^2L+IwPT?$yen-NA
z(XsQ9sX$8QS1K8D*oC6I!79=%a>80H_bw2qenogmYZ4U9CT!z=;J91h^yv}&G8PbM
z>s5L*M3JdF@S>lepCTy?*zmxEK<ZZ)mFx(UIn=7r)tWul@=Dh+af|ZDO$7)Oex-}P
z)f4N6UccE*ZM!SCUMvjAR(pGys8jOh-~K+)Jnb|nUq6E{O{v}J9OV7E`;ol2M3>7w
ziGS|1k*N0iM9d(a#+Sxk^6PzKPwn2u+HiOH=9K1X%>$_s+9!kUF+|^inxHy*MvL^B
zy*nO7T+v-Om{e}G<qW4YJLyAsObDEYEh1fRoNc*Fg_360#&HFa@ZwI~J-W_)AiwBg
z3iq!)AK6ep1sy9_PM2$xL#+g^j0bKSwTQ?O<G`Sua%J@(yQF_*`M4AtxPWr=73DB~
zXlCjhxp{gJ#U%Ccw5oGD_*=UQacQWDN0{@-n2kyY{cmUAKhr<!dQ8H4BX>C3+QsFg
zZN>#luQX+(b>+f~8%89N2*4IPowmUSv%SB&F66Ebo4fe_Y6_st{rNfAM4~g+xF+Wd
zKRugy>u2G9uExGS$i{@vJjjL>B2T&Uqy^tQ<zl~03^Z)FBOdH8gq~KdBf9*ay8%*7
z+3O&yeSgEo#%c9UVHK-5otf9CGUc7tRmnL{Q5<n^YFILS2E|}YBNre#aJk!rmO@FG
zv=iv^b63staYA*0Nje^_tG<6@rzv7*6kMtfR?x{gF%a{wy<kjA0@mpmn@8aCY_z~N
z5%NOL^z?uS?u$+-N;(acw%DBEI9nIg>%(RD;^y2iwjP9*uXhBW^ujbUT)BU?Tt8F=
zy@EhR#l8#br?`l|o}HB=208~xTf92hrF3&@B&|^DcU9KlbL%_7;u=+3d$NJ6v8|5k
z2~71Xd}BGNwksY9zbZ1x;va&_9$ac(^*$<=Ya<h-^`IR0RnuX<oE`ekm6I2`cjXFx
z<f7s{pCDMAlEZ?u972AYA<R%WP=1^Js1`Pn+R->w#QyJ`AvA+CZL$ZQ{(`fOF9Kyi
z&+<=`2R0LuIyZr<lD~+IP@!r&5DQLA{c+TIah)DbnJgnB)T8<T62{8LrGs(vvQe*`
zW_2fQ$MdfrXZv^&DF9xoD@Zmg(+z{S3pdQYn!X-3>0)uyfBlQ9Qjqv2eLMPX_SLO?
zq9&)stssY<#7jGP@{D^7qtlkT5e9`nK5PC-q^#>|NHHT`zy`~dP<nyhm&$`e+>XEh
zAWD_RQs)1rw}7U(*EtLi`PxMISZ%oy{UjcOL{Q%j=Egx&ET;6E6es>SI^q)&RoO~i
zYRU#a0~fcb`G(whiSB&@giC=bDqTnnxn%qq*~bcPovm~TzZCOSKF3HIG8!oBhgSU)
z2HrMJKW%vD@Zd|CTR(*Bq7&DJfb~3A)opQera!8b5u7AdW^<n&eeuoyOQpJks8|4H
zjN9~Lo}r$3M^CrgsgtwUuI?D_n;Qn_GG#OHc?hJP%B(04{&Ai=-l~z`n=uUvYrEzQ
zNf$*HNj~N=3F}NQlsuh>O;vk5H2WlJ%*m0CMC%&l<J#bNnDW8^d#!Z3i1l9|6e2S7
zDbfvP_e`=0i_@}wjXDdyPad{dT*96QFqD;=2F<onOPG|p(GTfvO+JH<BoXr2sa{eT
zAh{5$;~L4TylQ&&&w&MyhH2CH!D{?u>uJjK_1>(5-HD~i(Y(Zia`DM-5`=Smh4Ohk
z`?{^x3{JUMg;C39+7-`7{aPPiaE2iPC88sA`ZzpP`0qSvHKd9$>KLLgXFl=8M^z`Q
z$cfAk3W2W*8%nv!ZXQvoVL;&lw2<*(j)&~^pMcGR$5$<WHyE3A<qp-FIt95HFr&q#
z$RumeQ-_d`WK9B#d9RGTnVNBQ)Ku1Q*jV0>OST5+X{M9@c82$7h$G#pIc*4}wRJ65
z)d++7KLUbigo)7Kn1-or1;MK+vsdKY&sF?P-wXO4ptekr{UW|$7b~IXmdl&X!snr$
zb~3XYtF@`b6L0#NpM2)w&=}#I@u`yInkHqsLM*h0i^~A+@NPQ4-sSkC!vn|g-Np$T
zODWfG5#sh#(Wm6DZsU6g1eBDgB?_)lJ5S`X@s-MxevBlb5lGes-NsA?L_fr`rwqQ~
z=AjgI5|pdQR6*IVCD7Us4f=FEqp~Fx{8cvLAfxr*qUHKHxS`~e4h>Z0YmNhG{DI{G
z8e?6^wbXUu(OB5KTp%m@M0=ePttB>~vAZBBWo=VjyBg0YiU$~{-38IjNjXvLKiqKA
z2EtLjO8KkT_mQ=SC7OPeD50SDg&!pj7Mc3EQtnH1x)2bci|->k%G`9!l9M=~WaS46
z+k3{}78@6la-B8Mx&UTi#cBQD6w9KIhZC+xB1`~b7-NlHGzUQZX^z9K<soFyjF@f*
z)ERQ$k&u5vnXcO9p^K_Jo*vjdTO&J9=3zhQNP<qw1^a&%qXH|A2~Ro?@<c&DkF+B4
zT1NH6uT0?2`qirIA^j@RU!>j33ueS@ya$Kh`?;UsZJRP9TONA(73TBjE&r#pBNydV
zHsQfbju4*gJ4>m3`%R=bdS|~}RCr7u2W%-<VoO$Vb9$Z6!RbE`%^l{7uP9|m$i<A%
zRl3lB55(@d<N`@R)K!3qUA4!D4(X6T7^E4@zu0I?6Lr2x{d5HYE-T$2D1eEHm>vC%
z4Z4xyrbDHYEMq!tn}Me6E;cmj?Jd}#y8~5x*!ZFu`^?)&eQA}L6+mgXl3|$C*tdCA
zxA2Hme{1&ZjjodJ!179EO63kYaDs+1Kj)Z!fmY%|*p`1!OqVQM9%{_UV<#!c&0#7*
zY4P<@{u_!)N0mWkzmAi%A9h!uwPynB*%ZYLryWJwDRF7*SFyMf`yYUC@sQSVo;djM
z-^H=(Nb)%&!(1untT#Q6s^*U(I+C*$H8k*8W;BTC-SO6K3d=)fT3Ld7Vme?<LK*Xy
zpZiZ$?{ERfwLG|Ez0Sf1Mc80X6W1^6h#n9|X==yNCkzWCK7YM)<uHP5gGmD!G`bky
zFT`5^FL0}ry}9hbvZ&{+Yb*ywv|W*x!bk<nyOcE-&u>Z}OxtJFH>(zaw1=OPUqdyV
zGc&5I3$Ev(Izcv|;w1&1P|Kyeed=!;<!;d@l5!DAO@erXP*Sf@Z~2rxpOG~I2*;Yh
z0EJ<m_=->bi5P~B*kc<tc58_kZBQ#mG<_QX-)vwv(=q6*S|iGsWU_K}>aN{c%R30N
z%8?Wkf`_&(nb_IgU3>(A+O2_(O4x$vb<=f3#O(Fcy1ii6TA*;|ZWe1Z5YCR;K%YTc
z_b9*~QctbC4m{%$oJstC{aX0z!*k2Xf_9RSi1+@k=*Rheg!Qk#c$=^4Xx<tuFwN-7
zT2Ef?P$#Dy+$#9``1uz~)@E|9$;cDOS9M#hQw>3j1HZiO(x+mrcCA-sIsvtDF8gze
z6{H`}#NafWaVok?S-7{VglTVI+J4wC9E=Mnq{XxFztil8Xk)M^tg(&bh24@{gL-BD
ze3@-W&#NJ)QEKi^`4ih7HNyFOA3ELN+e`D}tS-IVf>pbQjGO)IgqM~IudX4zEIy9<
z*zxem2b_}7U!5r6hsLW|mlq3Tc@?kE(3^zA6VUpiacSyGae%lR?p2{#SY!z!g|jBT
z2U`M!-kN=5pj-wUqd?Qp6C2F-T6yeY`*i(E|Dm9Gt{EGDv=4Ui`KvRMf;UncVks3?
zTUsxrYB&LHwi8IMD6zXlrYq?iSeRs6-1l}E+MV&yn~AvM@sm5cD~;A7$g6C$uE`C%
zM|w(X(}2o7j>*DZZTtvcqk^1P+yS;>+VaFUOs8#=nBZ{TT2&U%Y-Mk6&Z)nc8s_9z
zA~o4sjf_xR9<nx-y{=5Ke+B2LtM6TvTewZ{kJJ{0^2%y2{oZ8I>{$mf8X_NXyJKB9
z65h+MlqklC)+S-u*CckCE+6WJj)KeIwAvJPH3GE9sboB`U$QPj*GAL1E;1#gfg8mX
zip}BlS#&K?cpY_>19Vw{u(}B6y9|7<IY7Vhk`lIEVlwbB#oX)B#<R!(i&eue)4J^$
zhPCIv2kQ2jS{p<k{#={IPY=7FYuNuz(b;9h<4&xbFXy53L{tvq%A!z(Ig9b96XX_C
zF1yx-;YIY|a`y<6MvzdDT#1>CNWpl0v>0*&-wA49{{(#r^R~AxkxQ~>Rd7kSq_)3X
zcd$ox)II}c7SMhHO^CCC`LX{)iW((&iisfl;$O^xLUDr>cLF^M^c7lSZ$iZIotUu7
zxd=H7GkT3khlrZD3%^7kbj;}Cg12zad@IINdxHzsv`T-}7ER)U0s#Xb5Ry=Bf|{~R
zJTT349z$$(4@1YZ!;6Cy0~DiS-?PLw?Z<c4b`^`CCBAQ0%4l!6F_q+ymNPKWot=%(
zo7tt!R1)f;IONA?-*766@3lAgwK_9T7_%vkNzE4q9`nHPlOfm~puP$Wy7?3Ow@=wU
z6GHyow72zY)!p`B(fGe_Cul5YpI$(XMRt6SvpVze|92b)ZN1G5$MP>IhwmvIYZ9aF
zBH*fcBRa*L1w>om;P3~6Q#3hr?`&co@h=GXuyGII3mff6pQ+I@^L%uV^W(3eCT-{$
zdwP%&>TvDiim2x3ThdR0xv5fFvry70Xwp=7uT3vGFtm$b4HUl6GK;VFm#&uy9&Oym
z+Vs+=m1hBwIl*-JA)&VV#R1yc=Hj2VTqopTQN9&W<I!LY<%iNNc(b$_u;?0S^<E6;
zWl4$q7mQ&}m3s?Q{;_~CxjTOG$8k5Z3S-*m*z~sk<sk**cx!W2sY&B?-lsyC*bp!k
zNlkA)VnOain9Ve(qk+B7`b(LU%wsTKG(McI@a!y&?Vs=tQonZh0h3B(Sq}NfP>+{r
zuAFo)LD<f!&+YEx#PpD(Mqd*H!r=|~`@%Z;M!O!?F6OV=qw+w2-dR%gBuMw}7mwFh
zP?-#%I+Zf1I^y=`-xtwdIgDK@GIehhZCM!yUI(6ufMXcZN40F9He*wT!TE6Si1C5!
zoi;Lm2$2TDz6g8%`-7yh6Zj5+nLEQL&=ip}D{BH(Ja$Tvh88aDZyd>1Am=)vKwDS&
z@KB5A3I<`x26YL9b{%0-N%>19^213dlhZskwDC2<gpVGK&<Gv)cuPHy_47q+Kd4=>
z4u?}*syn}aQQdyKSg>jj@ZSv<X0(w1`9aC-;Xw%_=BW|rsP{*Av;xu#b!_71zo^UR
z=NCPk!lt)xzt1?X`z`m3<;HWLv}_T2&3=WE!a4A?4XIEv15i=+JkEUbfZ_mSf4;~`
zO&G6SzwA~_Z3$Lq(|)iK_mh4+o~jH=L1_fJ5RlK4Nj=VFJuq44ILO!mnqY;uVE58b
z*Htop75RfZFCZ<wnwqeMSv8S4<jYZAk{l|p&+|Ls&nQ^R@OVd-YRqk++z68^HjXT4
zzVPkiz$YyR8UYhx@%ljJs+~NX4?I)6r&9inis_U4hCE$s7fSILEH{FE2IoG%<b$?S
zj_Sh!Er6|c?2ET42Yi!Mk#RD^J=R2PD-rrw8TurXoSk#MPc};Mm{SR9YHc4t(FEk0
zD65|Fd`TL^S6Dq+8QzV5ezpSAtafG<;$ir}!}(25mD3yhJ-S>u`rg!mjJ+#(%jT2m
zLLjsn_CVNl;H*0BTwa9t6Cm?vcYLaW$pE6A+1NQLqSM*=viZ4x#juzyAB&JP=54Md
zY-eJs2fqz+vbKD>?K;K9%8>y1>Q>5#9(7A<#zrNgo%yuym}4Y3ON0c%>rX(~Eg&MV
zwKh%jJQp7&>Ib*I=O*0|mquDs)wKajvC0_=txeH?o6ojBYR<Ahto4E;;E9{&0<m2u
z7iV{G=8{ML?s+1PadXhOu`Jx==SLNtc^uOV+6Sj%#*epi1@@OUfs2tE<KN2|&!T)@
z0V#H_;%c+4lF}KOe*<<d+1D>l!TJ_Hp^n;$ZYkppLJ)mX%;-E>XMtC>g$@QBP|-Z!
z=kZPE&ERru3mM%)8pUOt9<>9Lc~aEGV7B92bU^2XF63s1%2{upCVq$pI7)Wfbppa5
zZeW7pd?^!D0!S@@AOZ=}2lW8>pPe1)N$64(P?>S!{a|;RCpJ*w=Tbe!rt7<aqVDze
zvs59P{?~Li8D){P^U&G)wsXz4<|BLp&>9k`6~cF(l$ff&E;Y{K`&Q*ty=*xJbs#KE
z)3y}+3!2k~PG(%V#e7@0o%#*pQr8;VaFv5$aORB2OoU0u_n{`S@D^I#FI7EzDfV@K
zgEk>H90_g@)^PXqI!XM{xo~s!UhZS!hJSuPm6QX&{}G`URPRT+XC!BL!2*=d&+b+*
zl{p*R?~r<6oWJ(;@b@JYAIE&xfs=TQNADyoc^6WXBm9u)VM4$BZ?`yf)y)ec8CjC|
zh&~Q9N^uTxz5}*g&>fQP0jLyVKfc8xA=5l}S}<P*g0-ywn5KQGKltVee5WAkX#^a+
z1kPI*)h@1TGk*N>we^s{b=hPNWzc{C6MEbw0Cl2}Ctoz8p3tk@D8rBq8C2+;Pk%6h
z3@rsJl!rga?v?xD8iFluEp&*)f9}a~2pul?ePt@5Gm1JF%eV>-yodiMkjfRWrl(bE
z_UVBsN>Q(R0dc^LZi+`+b}&{V<m1rP9nSmC(<DZt!x@gR>V1-I&#UsEAN&~$xX&X_
zDFDky0LQPQ9~kZie*aUc@kvPz!yN2oS)t+He+aG-obUGtU~0~mN}<o{GwJaaV$Mti
z+1c%yN4Bv&?@n(jP~Yp}O)+YZV_p$R_pkR$rw+e$uF#rKnm8w?Pv~fkfJX;nny}Bi
z=M<2y?5&2kxKPy8aPI%6hFq>HN!^i=Cu1YB2;fL2DCCiB*%g$X1vY@74;(uDkcF!d
zZ+KM%`-;Tck(fxPm;^LO5vP;Bl%D~;g7Xp=9nkH`Jsbke%I8!E45zDThED6}tNmQ-
zO>)fe+C!EghZ#K`8w%y1evj!FpAWxB3x;eWqGD<oy!4LU$>b7GH_xKfr7RxpJghxP
zcgKu4RWH!~I`y^Jo@>Vo^*x}sx|N3$>NjD_uL%B7x9Y=5K484xQ(xR$U%t9Jl^1mt
zwD;Wq-!!4!=!WuQ5OYmGU|vXu*$;sljo<?0O0dU2fPS8g6L*HLUJG*r0d`Ra_B=k%
zyqVqyLisDanKr!5$#o#M9FwFb6YjdOAjd2%1_l+P%n2T$*kHN72vF9^j$MOA{|aGy
zb9a5h^-}uN!!UIuva=6d6@L?i$z*rt^&{PLlCziO_%hp7dVGP+c+s+K-_4%ySYv%2
zsgM=KT2{qYy*yif0c8&OyXud-fe!pOog7dU4^$D^=KB9G2G!|lSK?R{?^Yfb?9M1_
zjU_mgnkKnA98~O)e^g3>Liu_2GvIeX5I}<tVdCS~2b!gB<Pf$&iEoPUee{D_wt9PX
zL3KUyJ8yCJVdC}Rwl01<d_JO2O>Cmc77%xFX?j|J7?6uhPsV?I{t9V4dF$L01dQpQ
z)dllI_q-jQp~#qB3hLyTvKo7)R2v3$pFt%BFzCN@=F=kDWKS)Ks|50lf>=Dsy14vf
za-~n~M4BGI0!?Jz;H~+~^Sr{6hjy1W%CH_d;4>b9)B!lQ8uTyUj6AKp^>0kwvfvJ7
zYBMNNHPj!8t61iOD0RoIiL@e2JX$-OvnuEG-XoTWYR7b-^zKYjKaI!8Ta7qPH@D%Y
z-}z2j8<qV{tEKosP_=s`(iP`Z3rBE3dt#xShHsA>X5H*%Xq+2AF8%s2zO~b%>vt(0
z=&>rWD5bVsvPIa{?$R>LIs4jEi@cXCuh{_Na02AWFA5oeTRGh+)j;&Ou+Ox~4};73
z5;`0RkV_F^8?o^lrSXZvoS<&Zz4#I&`nM-x*WMWY5keHzZ**L-!?cEXjjm$js3z2E
z@plB=Jrx6bw6!E6NedC3H*sP{%_CE!v-)qZvwr4$OIw4ag}XKc1He0mQtwv}19afD
z_`Nr-N5$5tyg%S`Ac)ebWk+WX<j}X7A0KjNC`V>5UF6GT0CNpQ`QvX$*#-3!kEa9v
zZhe(TuJ5i+KhoSczHzwM))!&2GT*_q@9#pL3iQwQQ9PnA$^IY45SZDJv=@-u?;j|C
zu{@?NHfUFjkk@D=h)Xe|^FU8|qmny9deZ{!e8z?|q-UBA1c^n7m3s@9XY*21za*wP
z&3gNV&l?QS;P9=i3Aq|S!r=fct$|MLWU504tAZ{lCJl48dt&Q+$Mf59VpfNhWDh^|
zW05$%eL|h+d|YjY<?_r+haP43#~uxH_U2|ZJ0S^?ZR^HKHY|-fk{l2PCML9~Uy;(Q
zh|a)&qFd4JYo3MF$pmyPkze0{qOd4d7nt<37;Lak4a3};KtYjJHqnHYIL3zWyznqu
z%(*%^&f<g?FHO~p!v#p3a=#L%GftJQOL^Bh>>S-7^f$?^<EwGyV3e4mt{D*RIv{=e
z^EtiIp-D2$Xn(b_T;el}lw}nCN#MCYzQ!loecMS;+sc`s&@}UNu!p>V*&{FwAgtGy
zHx(J<^`-0td-lBn4t{QILfw5p{6L0cRFGnAosQR=n{2&D`f>N1fsLP9biH+adGpXX
zIo;R{EZ=s04@Mw0bui}`HBLRaO~ZYck&YX;@>CFm*2GVe)c+@lpM1}raDq%;yHkd#
zv|A-Th!(P@16u!{fHTzfJX2E-cV*lwmN7UDrNHhY2`xF`Vko@gP@JO~^%`rr4omv@
zcNN2CH}f(%$A3XtLZYC*{3|N?lIf=a#sCVUltn{>MXP&HxYyT~PbHFBw?czC{z%>`
zesBI4P}?;p80%99@9kj3@L=NDb`b!0YcSfFoI%h_VS^5nY}pi;0zYtvPWxzs`bGcG
zRrzIBaO==b>AR9qKi#2Fw5TNET3(fav2Ca`^Bx;nHqF$5A?ek9qg9YG^*BkPCTyxY
zGUnWnF`;zJ4X49ee600r@oeDH@#;P(ZAPJF(<&KXeL)4ew$Hf-o|{Rl2Q54>fdjBQ
z!lBr^j{T55wvQ3D$FBW6`N?lzUH7ulwKt;AXT-?Poxp%@vx4%GIxxR*G}8{NJM$g7
zzS9Su2vV4?Bmxqql{OE1*QOr=2Nx3^y*vb2QpzU>LU>uwv>oJ||8+?Z@-sr&l)Hai
zFw+}$deDOGYw7%KC@JH-Ev|n8ou}eZ)s+~9<}0H=1`wTuX-N}*YaM;7W<nIdgh7Jt
zCfkXD%yPL0iSV<08a(qwg^~)$l1kiF*@^OxL2KWi8J&^c5aIh$leca&2Nv;cM#$Ij
z#f+G5!mpTgabYCSuDQTUHw{}3xpTeTFR)<ItLHAKy;apV20K<L40bA_{(j%d^bp~m
z7mR@eSS~*Bi9oID&r5@>h{Y%N?BmAkKlQkg0EPQcl(2Z0{LAQ%j4AFJiacQ}n2_F9
z!~kGZY+62Z#*W%9+d~Kc5f2*^zzf~qhN=Abr37U#$cJ~Hc}$-cr!r#G&Y=T;&ZXGO
zXKdmT34gL$&bXR{d(jdyk!h4-e$T((L@31nYUIspPDz(I*#$Mav(ei>KfFPd(qyvf
z<&nGGE)VnM$jS5sy2r<-1GDW|k4>3AJV7H?0Zh6P$}SZR5K$Z81+o>T`55$gM!c0v
zTMv%gEu+tkl>6Tn#+Zn9KOfoQQG*y$xPYXWefUDi`IWeSLV85d3uM2z8b&4f<+l?p
zZt`)4lFLKMr}P@%8|x}cl^Z8Z-5XDsuneDg5Upi>JSO?gtk<z|mA(y{1-CchB)dd6
zAe~IGO!b@(tPrd78Lr>DdRJR3m|v;2PDc55bw#C6&1<(}H(xK7VcqifC!-dUpPsA}
znD2En{Xj)ritO(e|4xp*Gyv&V{!UKxRev0xu1k={OpA)2Lk?~E*6GcJKc5{bwJnQ}
zYUA8IIS+s+icuV(BWf-#eMlmHN?Ymb^mm?i-?TFzK$gs@8!=WjdVvSJ11w=v08CWh
zk^Fw>s28|oYJsw~X{z)s4+AbdXYqs#%P%5#M!<f=Y>Ui2W<lpMYR&<Scjx>$=jqxp
zJw(yNR@E4P4*GCDh_KQ7INgfKrr!mN?gWxC#tnt9_`#|OVt%U-s5j)kzBe|JR(L$o
z(jJj?0pol2UdvH7=(|eak7t~-nkpR#jZG)HKS(^4DEJXBFf1@%)fm`y0%QBz+$PIA
zqwrn;TeTqcgSX>j!oua5NY+{ZGQjj?+MBxt;lL!vjP*iE@EGtJ=V?@_B<MQKApPH0
zkre_vfn?hDVAT*Gmk4M)qqJ{KQP({`+<dG3Plm33BHpPO(mZv_aBLw&u9OK6*S|I*
zy(Qj$(;UQDv+`decOF|CaVaUQ18e|)P@2cvT6Gf?#_RVaAW#WuF&@4PPG!zaLo$(U
z3N-O4szskv9@7tr-~O_mIffe)0O57G)-~k2xZB$8un-|+HNeOjw;x{UZES&K5;F3l
zIlMZev@~@jKS{3>79VJc!@Ajjpswu6z@;9i&tz{?B!nJYx`#(}8UpD;aF^+I{o&r&
zwvx*`A#hMh&K61<x&u>L#``$*Ua<VMi&HgOL49dgdB_NS+eBX#TYre$$?$Kts3}Ek
zOrk*RPYbQlNBIl)ba)5Mj-N{fD6fxMi&Ysah+n0i^d@OIw~{Wg2Fl>aSI&3)6vlP>
ztq_`XOrl>|E-@rKJOmM~MFK9sDtkY^4cHj$<*wX$#*=8neh97s1tKjkBQ>}6FqAxF
zlXtp*0%)OP0Ba<gd*+<87mXnzk|9zMmV6V>sYW+hJHtSqo+tabJhIbqg|fJXnb~Ld
zSmJuxWpQ11UNFAx)TVY#u`y~^RZ$nv;B?@*vKbp2(zI8zt+GC^7Wk}giTJq4|M{%n
zj{}ERA#i9lv52s1?>|-FGne#i%B+UglzmqmETHIEiS5K+{415qC=9qG!rV&fGdxF-
z3}E;z#}Rt|Yi~&50y`Yyw)8v7t;gZUG@V<8zM$Wfv-QK;PK8hIRrn88`gn`rwgwAu
zo_h)<0sBRkfy>$S*XC)ZbRv+TVR_}r6T&2@QsJ7pxNHC_NdgI+f`^qMd%c$x-+!2t
zaKS6*z(k?~NE3LfqREz92@Ot)(lD`ZkR9gqs3oT|H(BLp2Pr$7*L?#O6`j^}iI|!r
zsgj4iU~JN(Lz&Fwni))Ej*MH(`)#0Qb0=qYsm&N@fL-9mr3`yNC2X2)WwtHAJoEd>
z!+D5O-v9Pb-{NIV|CH+O6jNV$kH%2-@?^*t2cs`W*D?*(`Nq{!Aa8Thfb=&4&O)Qy
z-Q@v$h~)fWrvPTD#e1uQbdQO5dTGoyVH6z{l>8wK9tB3tn)CxL*j)k$bS<kl@G+5z
zy{EvrTdxlA{U1^?@XVXTF<njonC;>ucfr3Ls)D@ZR=PNfKBcVdID6|_rt5CT_@&pW
zsgfP!8^8Vgb>QI9EwJQ=7+A{i;gWMb<FrV(FvW`?b;zxcrfUN*1<poR@wZfN&KSe!
zcLDx2#Xt$j%BJMkY->oJ9^Nt3qmJthEbDcfz>t!R3Jr8W4yQ!^hu$5hdl5tJ`F^Lj
z!Q#`ml&C+e>zt4WouRBdeGJF>Z-2c_R$-o%`}r;CXJOV2l~61WaN>oM_Ids##`*1w
z29errUOn5oxpL=vQa2m{k`0XqqK*)ogknnJSIsCe5XyhYxQO)<hg>-?l!m6+iw7z!
zaLgmaXLgGU&d29BTK}i9wiTRj4WyOVJb`T~Cow;kP{~besN}9SyKX#bbd6tjo#3s|
z&Aow&7F5uE+@CxHOP2u7^m%vHzVT<p+-2&3!hfvr$_>bCdl5<62~J&wbN-XHpXCbM
zFCkDrsdIXfCeERt##~STFCQlJg6;Omi5~lCbU<)lYz9ztZ5wYHUHfoM4a==&3hNgA
zfr{f*&?S%bb13Sr291rOthBSFR+Vo_dcL0>xhh%E4|$vMCRV0;Ht)auQPMUg<4rj@
Z(%Hdo!NzYE`xp4{s;;3<k=BEd{||{4b`<~s

literal 0
HcmV?d00001

diff --git a/.github/workflows/check_prs_if_on_staging.yml b/.github/workflows/check_prs_if_on_staging.yml
new file mode 100644
index 00000000..cb49ffbc
--- /dev/null
+++ b/.github/workflows/check_prs_if_on_staging.yml
@@ -0,0 +1,33 @@
+name: Check PRs if on staging
+on:
+    pull_request_target:
+      types: [opened, edited]
+permissions: {}
+
+jobs:
+  is_not_staging:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.base.ref != 'staging' #check if the target branch is not staging
+    steps:
+      - name: Send message
+        uses: thollander/actions-comment-pull-request@main
+        with:
+          GITHUB_TOKEN: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
+          message: |
+                   Thanks for contributing!
+
+                   I noticed that you didn't select `staging` as your base branch. Please change the base branch to `staging`.
+                   See the attached picture on how to change the base branch to `staging`:
+
+                   ![check_prs_if_on_staging.png](https://raw.githubusercontent.com/mailcow/mailcow-dockerized/master/.github/workflows/assets/check_prs_if_on_staging.png)
+
+      - name: Fail #we want to see failed checks in the PR
+        if: ${{ success() }} #set exit code to 1 even if commenting somehow failed
+        run: exit 1
+
+  is_staging:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.base.ref == 'staging' #check if the target branch is staging
+    steps:
+      - name: Success
+        run: exit 0

From aeb433cc39a3c64369084c5f0f375f201f2ae008 Mon Sep 17 00:00:00 2001
From: Joris Drenth <github@jorisdrenth.nl>
Date: Sun, 6 Nov 2022 00:25:38 +0100
Subject: [PATCH 004/170] Add undocumented /api/v1/get/mailbox/all/domain.tld
 endpoint to documentation

---
 data/web/api/openapi.yaml | 54 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/data/web/api/openapi.yaml b/data/web/api/openapi.yaml
index 8fb6245c..c23380f1 100644
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@@ -5501,6 +5501,60 @@ paths:
                   attr:
                     spam_score: "8,15"
       summary: Edit mailbox spam filter score
+  "/api/v1/get/mailbox/all/{domain}":
+    get:
+      parameters:
+        - description: name of domain
+          in: path
+          name: domain
+          required: false
+          schema:
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - active: "1"
+                      attributes:
+                        force_pw_update: "0"
+                        mailbox_format: "maildir:"
+                        quarantine_notification: never
+                        sogo_access: "1"
+                        tls_enforce_in: "0"
+                        tls_enforce_out: "0"
+                      domain: domain3.tld
+                      is_relayed: 0
+                      local_part: info
+                      max_new_quota: 10737418240
+                      messages: 0
+                      name: Full name
+                      percent_class: success
+                      percent_in_use: 0
+                      quota: 3221225472
+                      quota_used: 0
+                      rl: false
+                      spam_aliases: 0
+                      username: info@domain3.tld
+                      tags: ["tag1", "tag2"]
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: You can list all mailboxes existing in system for a specific domain.
+      operationId: Get mailboxes of a domain
+      summary: Get mailboxes of a domain
 
 tags:
   - name: Domains

From 4dd1b97e386a6f464396c41f56e0f4b3077adade Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Sun, 6 Nov 2022 15:52:30 +0100
Subject: [PATCH 005/170] [PHP] Update to 8.1

---
 data/Dockerfiles/phpfpm/Dockerfile | 2 +-
 docker-compose.yml                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 74035c02..5360840a 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.0-fpm-alpine3.16
+FROM php:8.1-fpm-alpine3.16
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ENV APCU_PECL 5.1.21
diff --git a/docker-compose.yml b/docker-compose.yml
index 05d5d83b..02f92c3f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -106,7 +106,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.79
+      image: mailcow/phpfpm:1.80
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow

From df17e6b75e3ba3d6993932eff52e972406e60815 Mon Sep 17 00:00:00 2001
From: Nathaniel Mom <nathanielmom@gmail.com>
Date: Sun, 6 Nov 2022 23:12:14 +1000
Subject: [PATCH 006/170] change 'return 1' to 'exit 1'

---
 helper-scripts/update_compose.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helper-scripts/update_compose.sh b/helper-scripts/update_compose.sh
index c58eabea..16769edc 100755
--- a/helper-scripts/update_compose.sh
+++ b/helper-scripts/update_compose.sh
@@ -50,7 +50,7 @@ echo -e "\e[32mTrying to determine GLIBC version...\e[0m"
             exit 0
         else
             echo -e "\e[33mWARNING: $COMPOSE_PATH is not writable, but new version $LATEST_COMPOSE is available (installed: $COMPOSE_VERSION)\e[0m"
-            return 1
+            exit 1
         fi
         fi
     else

From bc937ed2db47516fb68a4619fb14a14fbbad5368 Mon Sep 17 00:00:00 2001
From: Michael Cramer <michael@bigmichi1.de>
Date: Tue, 8 Nov 2022 09:45:25 +0100
Subject: [PATCH 007/170] [PHP] Polish dockerfile

includes also #4839 because of --with-avif for gd configure command (is not available in 8.0)

contains the following adjustments:
- upgrade APCu to 5.1.22
- use PECL package for mailparse instead of git clone (3.1.4 is the latest one available and sice then no changes on master branch)
- split PECL commands into separate ones (according to https://hub.docker.com/_/php this is the recommended way)
- add missing configure options for gd extension to include webp, xpm and avif
- specify composer version to be installed
- cleanup more dev dependencies
---
 data/Dockerfiles/phpfpm/Dockerfile | 34 +++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 10 deletions(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 5360840a..38c68f70 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,12 +1,12 @@
 FROM php:8.1-fpm-alpine3.16
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
-ENV APCU_PECL 5.1.21
+ENV APCU_PECL 5.1.22
 ENV IMAGICK_PECL 3.7.0
-# Mailparse is pulled from master branch
-#ENV MAILPARSE_PECL 3.0.2
+ENV MAILPARSE_PECL 3.1.4
 ENV MEMCACHED_PECL 3.2.0
 ENV REDIS_PECL 5.3.7
+ENV COMPOSER 2.4.4
 
 RUN apk add -U --no-cache autoconf \
   aspell-dev \
@@ -18,6 +18,7 @@ RUN apk add -U --no-cache autoconf \
   freetype-dev \
   g++ \
   git \
+  gettext \
   gettext-dev \
   gmp-dev \
   gnupg \
@@ -27,8 +28,11 @@ RUN apk add -U --no-cache autoconf \
   imagemagick-dev \
   imap-dev \
   jq \
+  libavif \
+  libavif-dev \
   libjpeg-turbo \
   libjpeg-turbo-dev \
+  libmemcached \
   libmemcached-dev \
   libpng \
   libpng-dev \
@@ -38,7 +42,9 @@ RUN apk add -U --no-cache autoconf \
   libtool \
   libwebp-dev \
   libxml2-dev \
+  libxpm \
   libxpm-dev \
+  libzip \
   libzip-dev \
   make \
   mysql-client \
@@ -49,22 +55,24 @@ RUN apk add -U --no-cache autoconf \
   samba-client \
   zlib-dev \
   tzdata \
-  && git clone https://github.com/php/pecl-mail-mailparse \
-  && cd pecl-mail-mailparse \
-  && pecl install package.xml \
-  && cd .. \
-  && rm -r pecl-mail-mailparse \
-  && pecl install redis-${REDIS_PECL} memcached-${MEMCACHED_PECL} APCu-${APCU_PECL} imagick-${IMAGICK_PECL} \
+  && pecl install mailparse-${MAILPARSE_PECL} \
+  && pecl install redis-${REDIS_PECL} \
+  && pecl install memcached-${MEMCACHED_PECL} \
+  && pecl install APCu-${APCU_PECL} \
+  && pecl install imagick-${IMAGICK_PECL} \
   && docker-php-ext-enable apcu imagick memcached mailparse redis \
   && pecl clear-cache \
   && docker-php-ext-configure intl \
   && docker-php-ext-configure exif \
   && docker-php-ext-configure gd --with-freetype=/usr/include/ \  
     --with-jpeg=/usr/include/ \
+    --with-webp \
+    --with-xpm \
+    --with-avif \
   && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets zip bcmath gmp \
   && docker-php-ext-configure imap --with-imap --with-imap-ssl \
   && docker-php-ext-install -j 4 imap \
-  && curl --silent --show-error https://getcomposer.org/installer | php \
+  && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER} \
   && mv composer.phar /usr/local/bin/composer \
   && chmod +x /usr/local/bin/composer \
   && apk del --purge autoconf \
@@ -72,15 +80,21 @@ RUN apk add -U --no-cache autoconf \
     cyrus-sasl-dev \
     freetype-dev \
     g++ \
+    gettext-dev \
     icu-dev \
     imagemagick-dev \
     imap-dev \
+    libavif-dev \
     libjpeg-turbo-dev \
+    libmemcached-dev \
     libpng-dev \
     libressl-dev \
     libwebp-dev \
     libxml2-dev \
+    libxpm-dev \
+    libzip-dev \
     make \
+    openldap-dev \
     pcre-dev \
     zlib-dev
 

From a6a7ab45f859a6b54652a4580dc63cb6561d7972 Mon Sep 17 00:00:00 2001
From: thomas <thomas.lauer@dthree.de>
Date: Sun, 13 Nov 2022 07:34:18 +0100
Subject: [PATCH 008/170] switch update.sh/check_online_status() from ping to
 curl to make it proxy ready

---
 update.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/update.sh b/update.sh
index 707b22f5..69ada6b0 100755
--- a/update.sh
+++ b/update.sh
@@ -3,9 +3,9 @@
 ############## Begin Function Section ##############
 
 check_online_status() {
-  CHECK_ONLINE_IPS=(1.1.1.1 9.9.9.9 8.8.8.8)
-  for ip in "${CHECK_ONLINE_IPS[@]}"; do
-    if timeout 3 ping -c 1 ${ip} > /dev/null; then
+  CHECK_ONLINE_DOMAINS=('https://github.com')
+  for domain in "${CHECK_ONLINE_DOMAINS[@]}"; do
+    if timeout 3 curl --head --silent --output /dev/null ${domain}; then
       return 0
     fi
   done

From b79a1530fb59ad35d00e05544e81429257b546b7 Mon Sep 17 00:00:00 2001
From: Link Steve <56674878+yhdsl@users.noreply.github.com>
Date: Mon, 14 Nov 2022 21:18:37 +0800
Subject: [PATCH 009/170] Update Simplified Chinese Translation

---
 data/web/lang/lang.zh-cn.json | 990 +++++++++++++++++++---------------
 1 file changed, 568 insertions(+), 422 deletions(-)

diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index bbe5c7c3..2b5685ee 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -2,100 +2,106 @@
     "acl": {
         "alias_domains": "添加域名别名",
         "app_passwds": "管理应用密码",
-        "bcc_maps": "BCC映射",
-        "delimiter_action": "邮件地址标签处理",
-        "eas_reset": "重置Exchange ActiveSync设备",
-        "extend_sender_acl": "允许用外部地址扩展访问控制表",
+        "bcc_maps": "BCC 映射",
+        "delimiter_action": "邮箱地址标签处理",
+        "domain_desc": "更改域名描述",
+        "domain_relayhost": "更改域名的中继主机",
+        "eas_reset": "重置 Exchange ActiveSync (EAS) 设备",
+        "extend_sender_acl": "允许通过外部地址扩展发件人的 ACL 设置",
         "filters": "过滤器",
-        "login_as": "以邮箱用户登录",
-        "prohibited": "禁止访问",
+        "login_as": "作为邮箱用户登录",
+        "mailbox_relayhost": "更改邮箱的中继主机",
+        "prohibited": "被 ACL 禁止访问",
         "protocol_access": "更改访问协议",
         "pushover": "Pushover",
         "quarantine": "隔离操作",
         "quarantine_attachments": "隔离附件",
+        "quarantine_category": "更改隔离通知类型",
         "quarantine_notification": "更改隔离通知",
         "ratelimit": "频率限制",
         "recipient_maps": "收件人映射",
-        "smtp_ip_access": "更改SMTP允许主机",
-        "sogo_access": "允许管理SOGo访问",
-        "sogo_profile_reset": "重置SOGo个人资料",
+        "smtp_ip_access": "更改 SMTP 允许主机",
+        "sogo_access": "允许管理 SOGo 访问权限",
+        "sogo_profile_reset": "重置 SOGo 个人资料",
         "spam_alias": "临时别名",
         "spam_policy": "黑名单/白名单",
         "spam_score": "垃圾邮件分数",
         "syncjobs": "同步任务",
-        "tls_policy": "TLS策略",
-        "unlimited_quota": "无限邮箱容量配额",
-        "domain_desc": "更改域名描述"
+        "tls_policy": "TLS 策略",
+        "unlimited_quota": "无限邮箱容量配额"
     },
     "add": {
-        "activate_filter_warn": "当\"启用\"被勾选，所有其他过滤器都会被禁用",
+        "activate_filter_warn": "当 \"启用\" 选项被勾选后，所有其他过滤器都会被禁用",
         "active": "启用",
         "add": "添加",
         "add_domain_only": "只添加域名",
         "add_domain_restart": "添加域名并重启",
         "alias_address": "地址别名",
-        "alias_address_info": "<small>完整邮件地址，或 @example.com 以捕获此域名下所有邮件地址的信息 (英文逗号分隔多个地址)。 <b>只允许此mailcow实例下的域名</b>。</small>",
+        "alias_address_info": "<small>使用完整的邮箱地址，或使用 @example.com 匹配此域名下所有的邮箱地址 (存在多个地址时使用英文逗号分隔)。 <b>只允许此 Mailcow 实例下的域名</b></small>",
         "alias_domain": "域名别名",
-        "alias_domain_info": "<small>只允许合法的域名 (英文逗号分隔多个地址)</small>",
+        "alias_domain_info": "<small>只允许合法的域名 (存在多个地址时使用英文逗号分隔)</small>",
         "app_name": "应用名称",
         "app_password": "添加应用密码",
-        "automap": "尝试自动映射文件夹 (如：\"已发送\", \"Sent\" => \"Sent\")",
+        "app_passwd_protocols": "应用密码允许的协议",
+        "automap": "将尝试自动映射文件夹 (例如将 \"已发送消息\" 和 \"已发送\" 均映射到 \"已发送\" 文件夹)",
         "backup_mx_options": "中继选项",
-        "comment_info": "私密评论对用户不可见，公开评论会给用户展示为鼠标悬停显示的提示",
+        "bcc_dest_format": "BCC 的目标地址必须是一个有效的电子邮箱地址。<br>如果你需要向多个地址发送副本，请创建一个别名并在此使用。",
+        "comment_info": "私密评论对用户不可见，公开评论将会在鼠标悬停时作为用户提示显示",
         "custom_params": "自定义参数",
-        "custom_params_hint": "正确的写法： --param=xy ，错误的写法： --param xy",
-        "delete1": "完成后将源邮件删除",
-        "delete2": "删除目的邮箱中存在但源邮箱中不存在的邮件",
-        "delete2duplicates": "删除目的邮箱中的重复邮件",
+        "custom_params_hint": "正确的格式： --param=xy ，错误的格式： --param xy",
+        "delete1": "在完成后删除源邮件",
+        "delete2": "删除在目标邮箱中存在但在源邮箱中不存在的邮件",
+        "delete2duplicates": "删除目标邮箱中的重复邮件",
         "description": "描述",
-        "destination": "目的邮箱",
-        "disable_login": "不允许登录 (仍然会接收邮件)",
+        "destination": "目标邮箱",
+        "disable_login": "不允许登录 (但仍然会接收邮件)",
         "domain": "域名",
-        "domain_matches_hostname": "域名 %s 与主机名匹配",
+        "domain_matches_hostname": "域名 %s 与主机名称匹配",
         "domain_quota_m": "域名总配额 (MiB)",
         "enc_method": "加密方法",
-        "exclude": "拒绝对象 (regex)",
-        "full_name": "全名",
+        "exclude": "拒绝对象 (Regex)",
+        "full_name": "全称",
         "gal": "全球地址簿",
-        "gal_info": "<b>全球地址簿</b>包含了域名下的所有对象，并且此行为不能被用户更改。如果关闭，用户的 空闲/繁忙 信息将不能在SOGo中显示。 <b>重启SOGo以应用更改。</b>",
+        "gal_info": "<b>全球地址簿</b>包含了域名下的所有对象，并且此行为不能被用户更改。如果关闭，用户的 \"空闲/繁忙\" 的状态将无法在 SOGo 中显示。 <b>重启 SOGo 服务以应用更改。</b>",
         "generate": "生成",
-        "goto_ham": "学习为 <span class=\"text-success\"><b>非垃圾邮件</b></span>",
+        "goto_ham": "学习为<span class=\"text-success\"><b>非垃圾邮件</b></span>",
         "goto_null": "静默丢弃邮件",
-        "goto_spam": "学习为 <span class=\"text-danger\"><b>垃圾邮件</b></span>",
+        "goto_spam": "学习为<span class=\"text-danger\"><b>垃圾邮件</b></span>",
         "hostname": "主机名",
         "inactive": "禁用",
         "kind": "类型",
         "mailbox_quota_def": "默认邮箱配额",
         "mailbox_quota_m": "每个邮箱的最大配额 (MiB)",
-        "mailbox_username": "用户名<br><small>(邮件地址的左侧部分)</small>",
-        "max_aliases": "最大允许地址别名数",
-        "max_mailboxes": "最大允许邮箱数",
+        "mailbox_username": "用户名 (邮箱地址左侧的部分)",
+        "max_aliases": "最大允许的地址别名数",
+        "max_mailboxes": "最大允许的邮箱数",
         "mins_interval": "轮询间隔 (分钟)",
         "multiple_bookings": "登记限制",
         "nexthop": "下一跳",
         "password": "密码",
-        "password_repeat": "确认密码<br><small>(重复输入)</small>",
+        "password_repeat": "确认密码 (重复)",
         "port": "端口",
-        "post_domain_add": "在添加新域名后SOGo的容器\"sogo-mailcow\"需要重新启动。<br><br>此外请检查并修改域名的DNS配置。一旦DNS配置生效, 重启\"acme-mailcow\"容器以自动地为你的新域名生成证书 (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;)。<br>重新启动容器是可选的，生成证书的操作会每24小时重试一次。",
+        "post_domain_add": "在添加新域名后，SOGo 服务的容器 \"sogo-mailcow\" 需要重新启动。<br><br>此外请检查并修改该域名的 DNS 配置。当 DNS 配置生效后，请重启 \"acme-mailcow\" 容器以便自动地为你的新域名生成证书 (包括 autoconfig.&lt;domain&gt; 和 autodiscover.&lt;domain&gt; 两个域名)。<br>重启该容器是可选的，因为生成证书的操作会每隔24小时重试一次。",
         "private_comment": "私密评论",
         "public_comment": "公开评论",
         "quota_mb": "配额 (MiB)",
         "relay_all": "中继所有收件人",
-        "relay_all_info": "↪ 如果<b>不</b>选择中继所有收件人，你将需要为每个应该中继的邮件添加一个 (\"盲\") 邮箱。",
+        "relay_all_info": "↪ 如果<b>不</b>选择中继所有收件人，你将需要为每个需要中继的邮件添加一个(\"虚拟\")邮箱。",
         "relay_domain": "中继这个域名",
-        "relay_transport_info": "<div class=\"label label-info\"></div> 你可以为此域名定义传输规则以自定义发件目标主机，否则遵照MX记录发送邮件。",
-        "relay_unknown_only": "只为不存在的邮箱地址中继。已存在的邮箱地址则在本地递送。",
-        "relayhost_wrapped_tls_info": "请 <b>不要</b> 使用\"嵌套TLS\"的端口 (大多为端口465).<br>\r\n使用其他\"非嵌套\"的端口发起STARTTLS. 你可以在\"TLS策略规则\"中添加强制使用TLS的策略。",
+        "relay_transport_info": "<div class=\"label label-info\">注意</div> 你可以为此域名自定义传输规则来指定发件目标主机，否则将按照 MX 记录发送邮件。",
+        "relay_unknown_only": "只为不存在的邮箱地址中继。已存在的邮箱地址将在本地发送。",
+        "relayhost_wrapped_tls_info": "请<b>不要</b>使用\"嵌套 TLS \"的端口 (大多数为端口 465)。<br>\r\n使用其他\"非嵌套\"的端口发起 STARTTLS。你可以在\"TLS 策略规则\"中添加强制使用 TLS 的策略。",
         "select": "请选择...",
         "select_domain": "请先选择一个域名",
         "sieve_desc": "简短描述",
         "sieve_type": "过滤器类型",
-        "skipcrossduplicates": "跳过其他文件夹中已存在的邮件(保留先存在的邮件)",
+        "skipcrossduplicates": "跳过其他文件夹中已存在的邮件 (保留已经存在的邮件)",
         "subscribeall": "订阅所有文件夹",
         "syncjob": "添加同步任务",
-        "syncjob_hint": "注意密码需要以明文存储！",
+        "syncjob_hint": "注意密码将以明文存储！",
+        "tags": "标签",
         "target_address": "目标地址",
-        "target_address_info": "<small>完整的邮箱地址 (英文逗号分隔多个地址)。</small>",
+        "target_address_info": "<small>完整的邮箱地址 (存在多个地址时使用英文逗号分隔)</small>",
         "target_domain": "目标域名",
         "timeout1": "远程主机连接超时时间",
         "timeout2": "本地主机连接超时时间",
@@ -104,12 +110,12 @@
         "validation_success": "验证成功"
     },
     "admin": {
-        "access": "访问",
+        "access": "权限管理",
         "action": "操作",
-        "activate_api": "启用API",
+        "activate_api": "启用 API",
         "activate_send": "启用发送按钮",
         "active": "启用",
-        "active_rspamd_settings_map": "启用的设置规则",
+        "active_rspamd_settings_map": "启用的规则",
         "add": "添加",
         "add_admin": "添加管理员",
         "add_domain_admin": "添加域名管理员",
@@ -124,36 +130,41 @@
         "admin": "管理员",
         "admin_details": "编辑管理员详情",
         "admin_domains": "分配域名",
+        "admins": "管理员",
+        "admins_ldap": "LDAP 管理员",
         "advanced_settings": "高级设置",
-        "api_allow_from": "允许来自这些IP/CIDR网络的API访问",
-        "api_info": "API功能仍在完善中。你可以在<a href=\"/api\">/api</a>找到API文档",
-        "api_key": "API密钥",
-        "api_skip_ip_check": "跳过API的IP检查",
+        "api_allow_from": "允许来自这些 IP/CIDR 网络的 API 访问",
+        "api_info": "API 功能仍在完善中。你可以在<a href=\"/api\">这里</a>找到 API 文档",
+        "api_key": "API 密钥",
+        "api_read_only": "只读权限",
+        "api_read_write": "可写权限",
+        "api_skip_ip_check": "跳过 API 的 IP 检查",
         "app_links": "应用链接",
         "app_name": "应用名称",
-        "apps_name": "\"mailcow Apps\" 名称",
-        "arrival_time": "到达时间(服务器)",
+        "apps_name": "Mailcow 应用的名称",
+        "arrival_time": "到达时间 (服务器时间)",
         "authed_user": "已认证用户",
         "ays": "确定继续操作?",
-        "ban_list_info": "下为封禁掉的IP列表: <b>网络 (剩余封禁时间) - [操作]</b>。<br />取消封禁的IP将会在几秒之内从封禁列表中移除<br />红色标签表示因黑名单而导致的永久封禁",
-        "change_logo": "更改logo",
+        "ban_list_info": "以下为被封禁的 IP 列表: <b>网络 (剩余封禁时间) - [操作]</b>。<br />被取消封禁的 IP 将会在几秒之内从封禁列表中移除<br />红色标签表示因黑名单而导致的永久封禁",
+        "change_logo": "更改 Logo",
         "configuration": "配置",
-        "credentials_transport_warning": "<b>警告</b>: 添加新的传输规则会为所有\"下一跳\"列匹配的规则更新认证凭证。",
-        "customer_id": "客户ID",
-        "customize": "自定义",
+        "convert_html_to_text": "将 HTML 转换为纯文本内容",
+        "credentials_transport_warning": "<b>警告</b>: 添加新的传输规则将会为所有的\"下一跳\"列匹配的规则更新认证凭证。",
+        "customer_id": "客户 ID",
+        "customize": "页面自定义",
         "delete_queue": "删除所有",
         "destination": "目标地址",
-        "dkim_add_key": "添加ARC/DKIM密钥",
+        "dkim_add_key": "添加 ARC/DKIM 密钥",
         "dkim_domains_selector": "选择器",
-        "dkim_domains_wo_keys": "选择没有密钥的域名",
+        "dkim_domains_wo_keys": "选择缺失密钥的域名",
         "dkim_from": "从",
         "dkim_from_title": "源域名 - 数据来源",
-        "dkim_key_length": "DKIM密钥长度 (bits)",
+        "dkim_key_length": "DKIM 密钥长度 (Bits)",
         "dkim_key_missing": "密钥缺失",
-        "dkim_key_unused": "密钥未被使用",
+        "dkim_key_unused": "密钥闲置",
         "dkim_key_valid": "密钥合法",
-        "dkim_keys": "ARC/DKIM密钥",
-        "dkim_overwrite_key": "覆盖已存在的DKIM密钥",
+        "dkim_keys": "ARC/DKIM 密钥",
+        "dkim_overwrite_key": "覆盖已存在的 DKIM 密钥",
         "dkim_private_key": "私钥",
         "dkim_to": "到",
         "dkim_to_title": "目标域名 - 数据将会被覆盖",
@@ -162,48 +173,51 @@
         "domain_admins": "域名管理员",
         "domain_s": "域名",
         "duplicate": "复制",
-        "duplicate_dkim": "复制DKIM记录",
+        "duplicate_dkim": "复制 DKIM 记录",
         "edit": "编辑",
         "empty": "结果为空",
         "excludes": "除了",
         "f2b_ban_time": "封禁时间 (秒)",
         "f2b_blacklist": "网络/主机黑名单",
         "f2b_filter": "正则表达式过滤器",
-        "f2b_list_info": "黑名单的优先级总是高于白名单。 <b>列表更新将会在几秒之后应用。</b>",
+        "f2b_list_info": "黑名单的优先级总是高于白名单。 <b>列表更新将会在几秒之后完成。</b>",
         "f2b_max_attempts": "最多尝试次数",
-        "f2b_netban_ipv4": "应用封禁的IPv4子网大小 (8-32)",
-        "f2b_netban_ipv6": "应用封禁的IPv6子网大小 (8-128)",
-        "f2b_parameters": "Fail2ban参数",
-        "f2b_regex_info": "会过滤这些应用的日志: SOGo、Postfix、Dovecot、PHP-FPM。",
+        "f2b_netban_ipv4": "应用封禁的 IPv4 子网大小 (8-32)",
+        "f2b_netban_ipv6": "应用封禁的 IPv6 子网大小 (8-128)",
+        "f2b_parameters": "Fail2ban 参数",
+        "f2b_regex_info": "将会过滤这些应用的日志: SOGo，Postfix，Dovecot 和 PHP-FPM。",
         "f2b_retry_window": "最多尝试次数重试窗口 (秒)",
         "f2b_whitelist": "网络/主机白名单",
         "filter_table": "筛选表格",
         "flush_queue": "清空队列",
         "forwarding_hosts": "转发主机",
-        "forwarding_hosts_add_hint": "你可以指定 IPv4/IPv6 地址、CIDR 表示的网络、主机名 (解析为IP地址)，或者邮箱域名 (查询SPF记录或MX记录并解析为IP地址)。",
-        "forwarding_hosts_hint": "来自此处所列的主机的入站信息会被无条件接收。并且这些主机不会经过DNSBL检查或者被加入灰名单。 来自它们的垃圾邮件不会被拒绝，但可选的可以被移入垃圾文件夹。当你设置了转发规则将邮件转发到此mailcow服务器，通常你可以将来源主机加入此列表。",
+        "forwarding_hosts_add_hint": "你可以指定 IPv4/IPv6 地址、CIDR 表示的网络、主机名 (解析为 IP 地址)，或者邮箱域名 (查询 SPF 记录或 MX 记录并解析为 IP 地址)。",
+        "forwarding_hosts_hint": "来自此处所列的主机的入站信息将会被无条件接收。并且这些主机将不会经过 DNSBL 检查或者被加入灰名单。来自它们的垃圾邮件将不会被拒绝，但可以选择将其移入垃圾文件夹。当你设置了转发规则将邮件转发到此 Mailcow 服务器，你通常可以将来源主机加入此列表。",
         "from": "来自",
         "generate": "生成",
-        "guid": "GUID - 唯一实例ID",
+        "guid": "GUID - 唯一的安装实例 ID",
         "guid_and_license": "GUID和许可证",
-        "hash_remove_info": "移除一个频率限制特征 (如果还存在的话) 会完全移除它的计数器。<br>\r\n 每个特征将以不同颜色表示。",
-        "help_text": "覆盖登录面板下的帮助文字 (允许使用HTML)",
+        "hash_remove_info": "移除一个频率限制特征 (如果还存在的话) 将会完全移除它的计数器。<br>\r\n 每个特征将以不同颜色表示。",
+        "help_text": "覆盖登录面板下的帮助文字 (允许使用 HTML)",
         "host": "主机",
+        "html": "HTML",
         "import": "导入",
         "import_private_key": "导入私钥",
         "in_use_by": "使用者",
         "inactive": "禁用",
         "include_exclude": "包括/排除",
-        "include_exclude_info": "没有选择时默认包括所有邮箱",
+        "include_exclude_info": "默认 - 没有选择时默认包括所有邮箱",
         "includes": "包括这些收件人",
+        "is_mx_based": "基于 MX 记录",
         "last_applied": "最后应用的条目",
-        "license_info": "你不需要获取证书以使用此项目，但是获取证书可以帮助此项目进一步发展。<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">在这里注册你的GUID</a> 或者 <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">为你的mailcow安装购买支持服务。</a>",
+        "license_info": "你不需要获取证书便可以使用此项目，但是获取证书可以帮助此项目进一步发展。<br>在这里<a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">注册</a>你的 GUID或者为你的 Mailcow 安装<a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">购买</a>支持服务。",
         "link": "链接",
         "loading": "请等待...",
-        "logo_info": "你的图片会在顶部导航栏被缩放为40px高，在起始页被缩放为最大250px高度。强烈推荐使用能较好缩放的图片。",
-        "lookup_mx": "匹配MX记录 (如匹配.outlook.com MX记录以通过这一跳来路由所有指向*.outlook.com的邮件)",
-        "main_name": "\"mailcow UI\" 名称",
-        "merged_vars_hint": "灰色行来自 <code>vars.(local.)inc.php</code> 并且不能被更改。",
+        "login_time": "登录时间",
+        "logo_info": "你的图片将会在顶部导航栏被缩放为 40px 高，在起始页被缩放为最大 250px 高。强烈推荐使用能较好适应缩放的图片。",
+        "lookup_mx": "应当为一个正则表达式，用于匹配 MX 记录 (例如 <code>.*google\\.com</code> 将转发所有拥有以 google.com 结尾的 MX 记录的邮件)",
+        "main_name": "Mailcow UI 的名称",
+        "merged_vars_hint": "灰色行来自 <code>vars.(local.)inc.php</code> 文件并且无法修改。",
         "message": "消息",
         "message_size": "消息大小",
         "nexthop": "下一跳",
@@ -211,58 +225,69 @@
         "no_active_bans": "没有启用的封禁",
         "no_new_rows": "已经到底了",
         "no_record": "没有记录",
-        "oauth2_client_id": "客户端ID",
-        "oauth2_client_secret": "客户端secret",
-        "oauth2_info": "此OAuth2实现支持\"Authorization Code\"和生成refresh token。<br>\r\n并且服务器会自动在refresh token被使用后重新生成refresh token。<br><br>\r\n→ 默认的scope是 <i>profile</i>。只有邮箱用户可以使用OAuth2来认证。如果scope参数被省略则会回退到 <i>profile</i>。<br>\r\n→ 客户端必须在认证请求中发送 <i>state</i> 参数。<br><br>\r\nOAuth2 API路径: <br>\r\n<ul>\r\n  <li>Authorization endpoint: <code>/oauth/authorize</code></li>\r\n  <li>Token endpoint: <code>/oauth/token</code></li>\r\n  <li>Resource page:  <code>/oauth/profile</code></li>\r\n</ul>\r\n重新生成客户端secret不会使已存在的authorization code过期，但是会在它们刷新token时失败。<br><br>\r\n撤销客户端token会立即终止所有活动会话。 所有的客户端都需要重新认证。",
-        "oauth2_redirect_uri": "重定向URI",
-        "oauth2_renew_secret": "生成新的客户端secret",
-        "oauth2_revoke_tokens": "撤销所有客户端token",
+        "oauth2_apps": "OAuth2 应用",
+        "oauth2_add_client": "添加 OAuth2 客户端",
+        "oauth2_client_id": "客户端 ID",
+        "oauth2_client_secret": "客户端 secret",
+        "oauth2_info": "此 OAuth2 服务支持 \"Authorization Code\" 和生成 refresh token。<br>\r\n并且服务器会自动在 refresh token 被使用后重新生成新的 refresh token。<br><br>\r\n→ 默认的 scope 是 <i>profile</i>。只有邮箱用户可以使用 OAuth2 进行认证。如果 scope 参数被省略则会回退到 <i>profile</i>。<br>\r\n→ 客户端必须在认证请求中发送 <i>state</i> 参数。<br><br>\r\nOAuth2 API 路径: <br>\r\n<ul>\r\n  <li>Authorization endpoint: <code>/oauth/authorize</code></li>\r\n  <li>Token endpoint: <code>/oauth/token</code></li>\r\n  <li>Resource page:  <code>/oauth/profile</code></li>\r\n</ul>\r\n重新生成客户端 secret 不会使已存在的 authorization code 过期，但是会在使用它们刷新 token 时失败。<br><br>\r\n撤销客户端的 token 会立即终止所有的活动会话。 并且所有的客户端都需要重新认证。",
+        "oauth2_redirect_uri": "重定向 URI",
+        "oauth2_renew_secret": "生成新的客户端 secret",
+        "oauth2_revoke_tokens": "撤销所有的客户端 token",
+        "optional": "可选",
         "password": "密码",
+        "password_length": "密码长度",
+        "password_policy": "密码规则",
+        "password_policy_chars": "必须包含至少一个英文字母",
+        "password_policy_length": "密码最小长度为 %d",
+        "password_policy_lowerupper": "必须包含小写和大写的英文字母",
+        "password_policy_numbers": "必须包含至少一个数字",
+        "password_policy_special_chars": "必须包含特殊字符",
         "password_repeat": "确认密码 (重复)",
         "priority": "优先级",
         "private_key": "私钥",
         "quarantine": "隔离",
-        "quarantine_bcc": "发送所有通知邮件的副本(BCC)到这个收件人:<br><small>留空以关闭。 <b>发送的邮件未被签名也未被检查。 故只应在内部递送。</b></small>",
-        "quarantine_exclude_domains": "不启用隔离的域名和域名别名",
-        "quarantine_max_age": "最长保留日数<br><small>必须大于或等于1日</small>",
-        "quarantine_max_size": "最大文件大小，单位MiB (超出限制的元素会被丢弃):<br><small>0 <b>不</b> 表示不限大小。</small>",
-        "quarantine_max_score": "如果垃圾分数大于此值则不通知:<br><small>默认为 9999.0</small>",
-        "quarantine_notification_html": "通知邮件模板:<br><small>留空以恢复默认模板。</small>",
+        "quarantine_bcc": "发送所有通知邮件的副本 (BCC) 到这个收件人:<br><small>留空以禁用该操作。 <b>发送的邮件未被签名也未被检查。 因此只应在内部传递。</b></small>",
+        "quarantine_exclude_domains": "未启用隔离的域名和域名别名",
+        "quarantine_max_age": "最长保留天数<br><small>必须大于或等于1天</small>",
+        "quarantine_max_score": "如果垃圾邮件的分数大于此值则不通知:<br><small>默认为 9999.0</small>",
+        "quarantine_max_size": "文件的最大大小，单位 MiB (超出限制的部分会被丢弃):<br><small>0 表示<b>无限制</b>。</small>",
+        "quarantine_notification_html": "通知邮件模板:<br><small>留空则恢复默认模板。</small>",
         "quarantine_notification_sender": "通知邮件发件人",
         "quarantine_notification_subject": "通知邮件主题",
-        "quarantine_redirect": "<b>转发所有通知</b>到这个收件人:<br><small>留空以关闭。 <b>发送的邮件未被签名也未被检查。 故只应在内部递送。</b></small>",
-        "quarantine_release_format": "被释放的项目的格式",
+        "quarantine_redirect": "<b>转发所有的通知</b>到这个收件人:<br><small>留空以禁用该操作。 <b>发送的邮件未被签名也未被检查。 故只应在内部传递。</b></small>",
+        "quarantine_release_format": "被移除的项目的格式",
         "quarantine_release_format_att": "附件",
-        "quarantine_release_format_raw": "未修改原件",
+        "quarantine_release_format_raw": "原件 (未修改)",
         "quarantine_retention_size": "每个邮箱保留隔离项目数:<br><small>0 表示 <b>禁用</b>。</small>",
-        "queue_ays": "请确认你真的想要删除当前队列中的所有项目。",
-        "queue_deliver_mail": "递送",
+        "queue_ays": "你真的确定想要删除当前队列中的所有项目吗？",
+        "queue_deliver_mail": "传递",
         "queue_hold_mail": "暂停",
-        "queue_manager": "队列管理器",
+        "queue_manager": "队列管理",
+        "queue_show_message": "显示消息",
         "queue_unban": "队列取消封禁",
         "queue_unhold_mail": "继续",
-        "queue_show_message": "显示消息",
-        "quota_notification_html": "通知邮件模板:<br><small>留空以恢复默认模板。</small>",
+        "quota_notification_html": "通知邮件模板:<br><small>留空则恢复默认模板。</small>",
         "quota_notification_sender": "通知邮件发件人",
         "quota_notification_subject": "通知邮件主题",
         "quota_notifications": "配額通知",
-        "quota_notifications_info": "配額通知会在用户配额超过80%和95%时各发送一次。",
-        "quota_notifications_vars": "{{percent}} 表示当前用户配额<br>{{username}} 未邮箱名称",
+        "quota_notifications_info": "配額通知会在用户配额超过 80% 和 95% 时各发送一次。",
+        "quota_notifications_vars": "{{percent}} 表示当前用户配额<br>{{username}} 为邮箱名称",
         "r_active": "启用的限制规则",
         "r_inactive": "禁用的限制规则",
-        "r_info": "启用的限制规则列表中灰色的/关闭的元素不能被mailcow识别为合法的限制规则，且不可移动。未知的限制规则将会按照原来的顺序被设置。<br>你可以在 <code>inc/vars.local.inc.php</code> 中添加新元素以勾选它们。",
+        "r_info": "启用的限制规则列表中灰色的和关闭的部分无法被 Mailcow 识别为合法的限制规则，并且不可移动。未知的限制规则将会按照原来的顺序被设置。<br>你可以在 <code>inc/vars.local.inc.php</code> 中添加新内容以勾选它们。",
         "rate_name": "频率名称",
         "recipients": "收件人",
         "refresh": "刷新",
-        "regen_api_key": "重新生成API密钥",
+        "regen_api_key": "重新生成 API 密钥",
         "regex_maps": "正则表达式规则",
         "relay_from": "\"来自:\" 地址",
+        "relay_rcpt": "\"到达:\" 地址",
         "relay_run": "运行测试",
         "relayhosts": "中继传输",
-        "relayhosts_hint": "定义的中继传输可以在域名配置弹出框中被选择。<br>\r\n 中继传输服务总是使用 \"smtp:\" 并且会在可能时使用STARTTLS。不支持SMTPS。用户的出站TLS策略会影响此行为。<br>\r\n 对选中的域名和域名别名生效。",
+        "relayhosts_hint": "自定义的中继传输可以在域名配置的弹出框中被选择。<br>\r\n 中继传输服务总是使用 \"smtp:\" 并且会在可能时使用 TLS，并且不支持 Wrapped TLS (SMTPS)。用户的出站 TLS 策略将会影响此行为。<br>\r\n 对选中的域名和域名别名生效。",
         "remove": "删除",
         "remove_row": "删除行",
-        "reset_default": "重置回默认值",
+        "reset_default": "重置为默认值",
         "reset_limit": "移除特征",
         "routing": "路由",
         "rsetting_add_rule": "添加规则",
@@ -271,221 +296,237 @@
         "rsetting_no_selection": "请选择一个规则",
         "rsetting_none": "没有可用的规则",
         "rsettings_insert_preset": "插入示例预设 \"%s\"",
-        "rsettings_preset_1": "为已认证用户关闭除DKIM和ratelimit规则外的所有规则",
-        "rsettings_preset_2": "管理员(postmaster)想要垃圾邮件",
-        "rsettings_preset_3": "只允许指定的发件人 (如只允许内部邮箱发送)",
-        "rspamd_com_settings": "自动生成设置名称，请看下方的示例预设。查看<a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd docs</a>以了解更多细节。",
+        "rsettings_preset_1": "为已认证用户关闭除 DKIM 和频率限制规则外的所有规则",
+        "rsettings_preset_2": "允许管理员接收垃圾邮件",
+        "rsettings_preset_3": "只允许指定的发件人发信 (例如只允许内部邮箱发送)",
+        "rsettings_preset_4": "禁用域名的 Rspamd 服务",
+        "rspamd_com_settings": "设置名称将会自动生成，请看参考下方的示例预设。查看<a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd 文档</a>以了解更多的细节。",
         "rspamd_global_filters": "全局过滤规则",
         "rspamd_global_filters_agree": "我会小心谨慎的!",
         "rspamd_global_filters_info": "全局过滤规则包含了不同类型的全局黑名单和白名单。",
-        "rspamd_global_filters_regex": "它们的名字解释了它们的用途。所有内容必须包含 \"/pattern/options\" 格式的合法表达式(如 <code>/.+@domain\\.tld/i</code>)。<br>\r\n 对正则表达式只执行了基本的检查，Rspamd功能仍可能因正则表达式表达式语法问题导致错误。<br>\r\n  Rspamd会在规则更改后读取其内容。 如果你遇到了问题，<a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">重启Rspamd</a> 以强制重载规则。<br>黑名单中项目会被隔离系统排除。",
-        "rspamd_settings_map": "Rspamd设置规则",
-        "sal_level": "Moo等级",
+        "rspamd_global_filters_regex": "它们的名字解释了它们的用途。所有内容必须包含 \"/pattern/options\" 格式的合法表达式 (例如 <code>/.+@domain\\.tld/i</code>)。<br>\r\n 因为仅对正则表达式执行了基本的检查，Rspamd 的功能仍可能因正则表达式语法问题出现错误。<br>\r\n  Rspamd 会在规则更改后读取其内容。 如果你遇到了问题，<a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">重启 Rspamd</a> 以强制重载规则。<br>黑名单中的项目会被系统排除。",
+        "rspamd_settings_map": "Rspamd 设置",
+        "sal_level": "Moo 等级",
         "save": "保存更改",
         "search_domain_da": "搜索域名",
         "send": "发送",
         "sender": "发件人",
-        "service_id": "服务ID",
+        "service": "服务",
+        "service_id": "服务 ID",
         "source": "来源",
         "spamfilter": "垃圾邮件过滤器",
         "subject": "主题",
+        "success": "成功",
         "sys_mails": "系统邮件",
         "text": "文本",
         "time": "时间",
         "title": "标题",
-        "title_name": "\"mailcow UI\" 网站标题",
+        "title_name": "Mailcow UI 的网站标题",
         "to_top": "返回顶部",
-        "transport_dest_format": "格式: example.org, .example.org, *, box@example.org (英文逗号分隔多个值)",
+        "transport_dest_format": "正则表达式格式: example.org, .example.org, *, box@example.org (存在多个地址时使用英文逗号分隔)",
         "transport_maps": "传输规则",
-        "transports_hint": "→ 传输规则条目<b>优先于</b>中继传输</b>。<br>\r\n→ 用户的出站TLS策略设置会被忽略，只会执行域名的TLS策略规则。<br>\r\n→ 传输服务总是使用 \"smtp:\" 并且会在可能时使用STARTTLS。不支持SMTPS。\r\n→ 匹配 \"/localhost$/\" 的地址会通过 \"local:\" 传输，但是 \"*\" 不会匹配这些本地地址。<br>\r\n→ 为了确定下一跳 \"[host]:25\" 的认证凭证， Postfix <b>总会</b> 先查询 \"host\" 而不是 \"[host]:25\"。此行为使不能同时使用 \"host\" 和 \"[host]:25\"。",
-        "ui_footer": "页脚 (允许使用HTML)",
+        "transport_test_rcpt_info": "&#8226; 使用 null@hosted.mailcow.de 测试中继到国外目标的状况。",
+        "transports_hint": "&#8226; 传输规则条目会<b>覆盖</b>发件人的传输规则条目</b>.<br>\r\n&#8226; 建议使用基于 MX 记录的传输规则条目。<br>\r\n&#8226; 用户的出站 TLS 策略将会被忽略，并且只接受域名的 TLS 策略。<br>\r\n&#8226; 传输服务总是使用 \"smtp:\" 并且会在可能时使用 TLS，并且不支持 Wrapped TLS (SMTPS)。<br>\r\n&#8226; 匹配 \"/localhost$/\" 的地址将会通过 \"local:\" 传输，但是 \"*\" 不会匹配这些本地地址。<br>\r\n&#8226; 为了确定下一跳 \"[host]:25\" 的认证凭证，Postfix <b>总会</b> 先查询 \"host\" 而不是 \"[host]:25\"。此行为使得 \"host\" 和 \"[host]:25\" 不能同时被使用。",
+        "ui_footer": "页脚 (允许使用 HTML)",
         "ui_header_announcement": "公告",
         "ui_header_announcement_active": "启用公告",
-        "ui_header_announcement_content": "文本 (允许使用HTML)",
-        "ui_header_announcement_help": "公告会在UI登录屏幕和用户登录后页面显示。",
+        "ui_header_announcement_content": "文本 (允许使用 HTML)",
+        "ui_header_announcement_help": "公告会在登录页面以及用户登录后的页面显示。",
         "ui_header_announcement_select": "选择公告类型",
         "ui_header_announcement_type": "类型",
-        "ui_header_announcement_type_info": "信息",
-        "ui_header_announcement_type_warning": "重要",
-        "ui_header_announcement_type_danger": "非常重要",
-        "ui_texts": "UI标签和文本",
+        "ui_header_announcement_type_danger": "重要",
+        "ui_header_announcement_type_info": "通知",
+        "ui_header_announcement_type_warning": "注意",
+        "ui_texts": "UI 标签和文本",
         "unban_pending": "等待解除封禁",
         "unchanged_if_empty": "如果不更改则留空",
         "upload": "上传",
         "username": "用户名",
-        "validate_license_now": "通过证书服务器验证GUID",
+        "validate_license_now": "通过证书服务器验证 GUID",
         "verify": "验证",
         "yes": "&#10003;"
     },
     "danger": {
-        "access_denied": "访问拒绝或表单数据非法",
-        "alias_domain_invalid": "域名别名 %s 非法",
+        "access_denied": "访问被拒绝或者表单数据无效",
+        "alias_domain_invalid": "域名别名 %s 无效",
         "alias_empty": "域名地址不能为空",
         "alias_goto_identical": "别名不能与目标地址相同",
-        "alias_invalid": "别名地址 %s 非法",
-        "aliasd_targetd_identical": "域名别名不能与目标域名不能与目标域名相同: %s",
+        "alias_invalid": "别名地址 %s 无效",
+        "aliasd_targetd_identical": "域名别名不能与目标域名 %s 相同",
         "aliases_in_use": "最大别名数必须大于等于 %d",
         "app_name_empty": "应用名称不能为空",
-        "app_passwd_id_invalid": "应用密码 ID %s 非法",
-        "bcc_empty": "BCC目标地址不能为空",
-        "bcc_exists": "%s类型的BCC映射%s已存在",
-        "bcc_must_be_email": "BCC目标地址 %s 不是合法的邮箱地址",
+        "app_passwd_id_invalid": "应用密码 ID %s 无效",
+        "bcc_empty": "BCC 目标地址不能为空",
+        "bcc_exists": "%s 类型的 BCC 映射 %s 已存在",
+        "bcc_must_be_email": "BCC 目标地址 %s 不是有效的邮箱地址",
         "comment_too_long": "评论太长，最多允许160个字符",
         "defquota_empty": "每个邮箱的默认配额必须不为0。",
-        "description_invalid": "%s 的资源描述非法",
-        "dkim_domain_or_sel_exists": "\"%s\"的DKIM密钥已存在，因此不会覆盖此密钥",
-        "dkim_domain_or_sel_invalid": "DKIM域名或选择器非法: %s",
-        "domain_cannot_match_hostname": "域名与主机名不匹配",
+        "description_invalid": "%s 的资源描述无效",
+        "dkim_domain_or_sel_exists": "\"%s\"的 DKIM 密钥已存在，因此不会被覆盖",
+        "dkim_domain_or_sel_invalid": "DKIM 域名或选择器无效: %s",
+        "domain_cannot_match_hostname": "域名与主机名称不匹配",
         "domain_exists": "域名 %s 已存在",
-        "domain_invalid": "域名地址为空或非法",
+        "domain_invalid": "域名地址为空或无效",
         "domain_not_empty": "不能删除非空域名 %s",
-        "domain_not_found": "不能找到域名 %s",
+        "domain_not_found": "无法找到域名 %s",
         "domain_quota_m_in_use": "域名配额必须大于等于 %s MiB",
-        "extra_acl_invalid": "外部发件人地址 \"%s\" 非法",
-        "extra_acl_invalid_domain": "外部发件人地址 \"%s\" 包含了非法的域名",
-        "file_open_error": "不能打开文件以写入",
+        "extra_acl_invalid": "外部发件人地址 \"%s\" 无效",
+        "extra_acl_invalid_domain": "外部发件人地址 \"%s\" 包含了无效的域名",
+        "fido2_verification_failed": "FIDO2 验证失败: %s",
+        "file_open_error": "无法打开文件以写入内容",
         "filter_type": "过滤器类型错误",
         "from_invalid": "发件人地址不能为空",
-        "global_filter_write_error": "不能写入过滤器文件: %s",
-        "global_map_invalid": "全局规则 ID %s 非法",
-        "global_map_write_error": "全局规则 ID %s: %s",
-        "goto_empty": "一个别名地址必须包含至少一个合法的目标地址",
-        "goto_invalid": "目标地址 %s 不合法",
-        "ham_learn_error": "学习非垃圾消息错误: %s",
-        "imagick_exception": "错误: 读取图片时Imagick发生了异常",
-        "img_invalid": "不能验证图片文件",
-        "img_tmp_missing": "不能验证图片文件: 找不到临时文件",
-        "invalid_bcc_map_type": "BCC映射类型非法",
-        "invalid_destination": "目的地址 \"%s\" 非法",
-        "invalid_filter_type": "过滤器类型非法",
-        "invalid_host": "非法主机: %s",
-        "invalid_mime_type": "mime类型非法",
-        "invalid_nexthop": "下一跳格式非法",
+        "global_filter_write_error": "无法写入过滤器文件: %s",
+        "global_map_invalid": "全局规则 ID %s 无效",
+        "global_map_write_error": "无法写入全局规则 ID %s: %s",
+        "goto_empty": "别名地址必须包含至少一个合法的目标地址",
+        "goto_invalid": "目标地址 %s 无效",
+        "ham_learn_error": "学习非垃圾邮件错误: %s",
+        "imagick_exception": "错误: 读取图片时发生了 Imagick 异常",
+        "img_invalid": "无法验证图片文件",
+        "img_tmp_missing": "无法验证图片文件: 找不到临时文件",
+        "invalid_bcc_map_type": "BCC 映射类型无效",
+        "invalid_destination": "目标地址 \"%s\" 无效",
+        "invalid_filter_type": "过滤器类型无效",
+        "invalid_host": "无效主机: %s",
+        "invalid_mime_type": "MIME 类型无效",
+        "invalid_nexthop": "下一跳格式无效",
         "invalid_nexthop_authenticated": "存在使用不同凭证的下一跳，请先更改这些下一跳的凭证。",
-        "invalid_recipient_map_new": "新收件人地址非法: %s",
-        "invalid_recipient_map_old": "原收件人地址非法: %s",
-        "ip_list_empty": "IP允许列表不能为空",
+        "invalid_recipient_map_new": "新收件人地址无效: %s",
+        "invalid_recipient_map_old": "原收件人地址无效: %s",
+        "ip_list_empty": "IP 允许列表不能为空",
         "is_alias": "%s 已经被作为别名地址使用",
         "is_alias_or_mailbox": "%s 已经被作为别名地址、邮箱地址或域名别名扩展出的别名地址使用。",
         "is_spam_alias": "%s 已经被作为临时别名地址使用 (垃圾邮件别名地址)",
-        "last_key": "最后一个密钥不能被删除，你应该先禁用两步验证。",
+        "last_key": "无法删除最后一个密钥，你应该先禁用两步验证。",
         "login_failed": "登录失败",
         "mailbox_defquota_exceeds_mailbox_maxquota": "默认配额超出配额限制",
-        "mailbox_invalid": "邮箱名称不合法",
+        "mailbox_invalid": "邮箱名称无效",
         "mailbox_quota_exceeded": "配额超出域名配额限制 (最大 %d MiB)",
         "mailbox_quota_exceeds_domain_quota": "最大配额超出域名配额限制",
         "mailbox_quota_left_exceeded": "空间不足 (剩余空间: %d MiB)",
         "mailboxes_in_use": "最大邮箱数必须大于等于 %d",
-        "malformed_username": "畸形用户名",
+        "malformed_username": "异常的用户名",
         "map_content_empty": "规则内容不能为空",
         "max_alias_exceeded": "超出最大别名数",
         "max_mailbox_exceeded": "超出最大邮箱数 (%d / %d)",
         "max_quota_in_use": "邮箱数必须大于等于 %d MiB",
-        "maxquota_empty": "每个邮箱最大配额必须不为0",
-        "mysql_error": "MySQL错误: %s",
-        "network_host_invalid": "网络或主机非法: %s",
+        "maxquota_empty": "每个邮箱的最大配额必须不为0",
+        "mysql_error": "MySQL 错误: %s",
+        "network_host_invalid": "网络或主机无效: %s",
         "next_hop_interferes": "%s 与下一跳 %s 冲突",
         "next_hop_interferes_any": "一个已存在的下一跳与 %s 冲突",
-        "no_user_defined": "未定义用户",
+        "nginx_reload_failed": "重启 Nginx 失败: %s",
+        "no_user_defined": "用户未定义",
         "object_exists": "对象 %s 已存在",
-        "object_is_not_numeric": "不是数字值: %s",
+        "object_is_not_numeric": "%s 不是一个数字",
         "password_complexity": "密码不符合规则",
         "password_empty": "密码必须不为空",
         "password_mismatch": "确认密码不匹配",
         "policy_list_from_exists": "指定的名称已存在记录",
-        "policy_list_from_invalid": "记录格式非法",
+        "policy_list_from_invalid": "记录格式无效",
         "private_key_error": "私钥错误: %s",
-        "pushover_credentials_missing": "Pushover token或密钥缺失",
-        "pushover_key": "Pushover密钥格式错误",
-        "pushover_token": "Pushover token格式错误",
-        "quota_not_0_not_numeric": "配额必须为数值且 >= 0",
+        "pushover_credentials_missing": "Pushover token 或密钥缺失",
+        "pushover_key": "Pushover 密钥格式错误",
+        "pushover_token": "Pushover token 格式错误",
+        "quota_not_0_not_numeric": "配额必须为数字且 >= 0",
         "recipient_map_entry_exists": "收件人映射条目 \"%s\" 已存在",
         "redis_error": "Redis 错误: %s",
         "relayhost_invalid": "中继主机条目 %s 已存在",
         "release_send_failed": "消息不能被释放: %s",
-        "reset_f2b_regex": "暂时不能重置正则表达式过滤器，请重试或多等待几秒并重载网页。",
-        "resource_invalid": "资源名称 %s 非法",
-        "rl_timeframe": "频率限制时间数不正确",
-        "rspamd_ui_pw_length": "Rspamd UI密码需要为至少6字符长",
+        "reset_f2b_regex": "暂时不能重置正则表达式过滤器，请重试或在几秒后重载网页。",
+        "resource_invalid": "资源名称 %s 无效",
+        "rl_timeframe": "频率限制时间设置错误",
+        "rspamd_ui_pw_length": "Rspamd UI 密码至少为为6个字符",
         "script_empty": "脚本不能为空",
-        "sender_acl_invalid": "发件人ACL值 %s 非法",
-        "set_acl_failed": "设置ACL失败",
-        "settings_map_invalid": "设置规则非法，ID %s",
-        "sieve_error": "sieve解析器错误: %s",
-        "spam_learn_error": "垃圾邮件学习错误: %s",
+        "sender_acl_invalid": "发件人的 ACL 值 %s 无效",
+        "set_acl_failed": "设置 ACL 失败",
+        "settings_map_invalid": "设置规则 ID %s 无效",
+        "sieve_error": "Sieve 解析器错误: %s",
+        "spam_learn_error": "学习垃圾邮件错误: %s",
         "subject_empty": "主题必须不为空",
-        "target_domain_invalid": "目标域名 %s 非法",
+        "target_domain_invalid": "目标域名 %s 无效",
         "targetd_not_found": "未找到目标域名 %s",
         "targetd_relay_domain": "目标域名 %s 是中继域名",
         "temp_error": "临时错误",
         "text_empty": "文本必须不为空",
-        "tls_policy_map_dest_invalid": "策略目标非法",
-        "tls_policy_map_entry_exists": "TLS策略规则条目 \"%s\" 已存在",
-        "tls_policy_map_parameter_invalid": "策略参数非法",
-        "totp_verification_failed": "TOTP认证失败",
+        "tfa_token_invalid": "TFA token 无效",
+        "tls_policy_map_dest_invalid": "策略目标无效",
+        "tls_policy_map_entry_exists": "TLS 策略规则条目 \"%s\" 已存在",
+        "tls_policy_map_parameter_invalid": "策略参数无效",
+        "totp_verification_failed": "TOTP 认证失败",
         "transport_dest_exists": "传输目标 \"%s\" 已存在",
-        "webauthn_verification_failed": "WebAuthn认证失败: %s",
+        "webauthn_verification_failed": "WebAuthn 认证失败: %s",
         "unknown": "发生未知错误",
-        "unknown_tfa_method": "未知TFA方法",
-        "unlimited_quota_acl": "ACL设置禁止了无限配额",
-        "username_invalid": "不能使用用户名 %s",
+        "unknown_tfa_method": "未知的 TFA 方法",
+        "unlimited_quota_acl": "ACL 设置禁止了无限配额",
+        "username_invalid": "用户名 %s 无法使用",
         "validity_missing": "请设置有效期",
         "value_missing": "请填入所有值",
-        "yotp_verification_failed": "Yubico OTP认证失败: %s"
+        "yotp_verification_failed": "Yubico OTP 认证失败: %s"
     },
     "debug": {
         "chart_this_server": "图表 (此服务器)",
         "containers_info": "容器信息",
         "disk_usage": "磁盘使用",
+        "docs": "文档",
         "external_logs": "外部日志",
         "history_all_servers": "历史 (所有服务器)",
         "in_memory_logs": "内存日志",
-        "jvm_memory_solr": "JVM内存使用",
-        "log_info": "<p>mailcow <b>内存日志</b> 收集于Redis列表中并且每分钟自动缩减到 LOG_LINES (%d) 以减少错误(Rowhammer)。\r\n  <br>内存日志不是为了持久化，所有使用内存日志的应用同时也会写入日志到Docker守护程序的默认日志驱动中。\r\n  <br>内存日志应该用于debug容器中的不明显问题。</p>\r\n  <p><b>外部日志</b> 通过相应应用提供的API收集。</p>\r\n  <p><b>静态日志</b> 大多为不写入日志到Dockerd但仍然需要被持久化的活动日志(API日志外的)。</p>",
-        "logs": "日志",
-        "restart_container": "重启",
-        "solr_dead": "Solr在启动中、已关闭或已停止运行",
-        "docs": "文档",
+        "jvm_memory_solr": "JVM 内存使用",
         "last_modified": "最后修改",
+        "log_info": "<p>Mailcow 的<b>内存日志</b>储存于 Redis 列表中，并且每分钟自动降低到 LOG_LINES (%d) 以减少错误。\r\n  <br>内存日志不是为了持久化储存的，所有使用内存日志的应用同时也会写入日志到 Docker 的守护进程的默认日志驱动中。\r\n  <br>内存日志应该用于分析 (Debug) 容器中不明显的问题。</p>\r\n  <p><b>外部日志</b>通过相应应用提供的 API 收集。</p>\r\n  <p><b>静态日志</b>大多数为不写入日志到 Docker ，但仍然需要被持久化的活动日志 (API 日志外的)。</p>",
+        "login_time": "时间",
+        "logs": "日志",
+        "online_users": "在线用户",
+        "restart_container": "重启",
+        "service": "服务",
         "size": "大小",
+        "solr_dead": "Solr 在启动中、已关闭或已停止",
+        "solr_status": "Solr 状态",
         "started_at": "开始于",
-        "solr_status": "Solr状态",
-        "uptime": "运行时间",
         "started_on": "启动于",
         "static_logs": "静态日志",
-        "system_containers": "系统和容器"
+        "success": "成功",
+        "system_containers": "系统和容器",
+        "uptime": "运行时间",
+        "username": "用户名"
     },
     "diagnostics": {
-        "cname_from_a": "虽然此值记录为 A/AAAA 类型，但只要此记录指向了正确的资源则该行为是被支持的",
-        "dns_records": "DNS记录",
-        "dns_records_24hours": "请注意DNS记录的更改可能需要24小时才可以使此页面的当前状态显示正确。此页为你提供了一个可以简单查看如何配置DNS记录和检查你的DNS记录是否正确的方式。",
+        "cname_from_a": "虽然此记录为 A/AAAA 类型，但只要此记录指向了正确的资源便可以被支持",
+        "dns_records": "DNS 记录",
+        "dns_records_24hours": "请注意 DNS 记录的更改可能需要24小时才可以使此页面的当前状态显示正确。此页面为你提供了一个可以便捷查询如何配置 DNS 记录以及检查你的 DNS 记录是否正确的方式。",
         "dns_records_data": "正确数据",
+        "dns_records_docs": "请同时也参考这个<a target=\"_blank\" href=\"https://mailcow.github.io/mailcow-dockerized-docs/prerequisite/prerequisite-dns/\">文档</a>.",
         "dns_records_name": "名称",
         "dns_records_status": "当前状态",
         "dns_records_type": "类型",
         "optional": "此记录是可选的。"
     },
     "edit": {
+        "acl": "ACL (许可)",
         "active": "启用",
+        "admin": "编辑管理员",
         "advanced_settings": "高级设置",
         "alias": "编辑别名",
-        "allow_from_smtp": "只允许这些IP使用<b>SMTP</b>",
-        "allow_from_smtp_info": "留空以允许所有发送者<br>IPv4/IPv6地址或网络",
+        "allow_from_smtp": "只允许这些 IP 使用 <b>SMTP</b>",
+        "allow_from_smtp_info": "留空以允许所有发送者。<br>IPv4/IPv6地址或网络",
         "allowed_protocols": "允许的协议",
         "app_name": "应用名称",
         "app_passwd": "应用密码",
-        "automap": "尝试自动映射文件夹 (如：\"已发送\", \"Sent\" => \"Sent\")",
+        "app_passwd_protocols": "应用密码允许的协议",
+        "automap": "将尝试自动映射文件夹 (例如将 \"已发送消息\" 和 \"已发送\" 均映射到 \"已发送\" 文件夹)",
         "backup_mx_options": "中继选项",
-        "bcc_dest_format": "BCC目标地址必须为合法的邮件地址",
-        "client_id": "客户端ID",
-        "client_secret": "客户端secret",
-        "comment_info": "私密评论对用户不可见，公开评论会给用户展示为鼠标悬停显示的提示",
-        "delete1": "完成后将源邮件删除",
-        "delete2": "删除目的邮箱中存在但源邮箱中不存在的邮件",
-        "delete2duplicates": "删除目的邮箱中的重复邮件",
+        "bcc_dest_format": "BCC 的目标必须是一个有效的电子邮箱地址。<br>如果你需要向多个地址发送副本，请创建一个别名并在此使用。",
+        "client_id": "客户端 ID",
+        "client_secret": "客户端 secret",
+        "comment_info": "私密评论对用户不可见，公开评论将会在鼠标悬停时作为用户提示显示",
+        "delete1": "在完成后删除源邮件",
+        "delete2": "删除在目标邮箱中存在但在源邮箱中不存在的邮件",
+        "delete2duplicates": "删除目标邮箱中的重复邮件",
         "delete_ays": "请确认删除。",
         "description": "描述",
-        "disable_login": "不允许登录 (仍然会接收邮件)",
+        "disable_login": "不允许登录 (但仍然会接收邮件)",
         "domain": "编辑域名",
         "domain_admin": "编辑域名管理员",
         "domain_quota": "域名配额",
@@ -493,70 +534,80 @@
         "dont_check_sender_acl": "为域名 %s (+ 域名别名) 关闭发件人检查",
         "edit_alias_domain": "编辑域名别名",
         "encryption": "加密",
-        "exclude": "排除对象 (正则表达式)",
+        "exclude": "排除对象 (Regex)",
         "extended_sender_acl": "外部发件人地址",
-        "extended_sender_acl_info": "如果可以的话请导入DKIM域名密钥。<br>\r\n  别忘记将此服务器添加到相应的SPF TXT中。<br>\r\n 当域名或域名别名被添加时，若其与此外部发件人地址交叠，则外部发件人地址会被移除。<br>\r\n  填入 @domain.tld 以允许作为 *@domain.tld 发送邮件。",
+        "extended_sender_acl_info": "当可用时请导入域名的 DKIM 密钥。<br>\r\n  请注意将此服务器添加到相应的 SPF TXT 记录中。<br>\r\n 当域名或域名别名被添加时，若其与此外部发件人地址交叠，则外部发件人地址将会被移除。<br>\r\n  填入 @domain.tld 以允许作为 *@domain.tld 发送邮件。",
         "force_pw_update": "在下一次登录时强制要求更新密码",
         "force_pw_update_info": "此用户只能登录到 %s。",
         "full_name": "全名",
         "gal": "全球地址簿",
-        "gal_info": "<b>全球地址簿</b>包含了域名下的所有对象，并且此行为不能被用户更改。如果关闭，用户的 空闲/繁忙 信息将不能在SOGo中显示。<b>重启SOGo以应用更改。</b>",
+        "gal_info": "<b>全球地址簿</b>包含了域名下的所有对象，并且此行为不能被用户更改。如果关闭，用户的 \"空闲/繁忙\" 的信息将不能在 SOGo 中显示。 <b>重启 SOGo 服务以应用更改。</b>",
         "generate": "生成",
         "grant_types": "授权类型",
         "hostname": "主机名",
         "inactive": "禁用",
         "kind": "类型",
+        "lookup_mx": "应当为一个正则表达式，用于匹配 MX 记录 (例如 <code>.*google\\.com</code> 将转发所有拥有以 google.com 结尾的 MX 记录的邮件)",
         "mailbox": "编辑邮箱",
-        "mailbox_quota_def": "默认邮箱配额",
-        "max_aliases": "最大允许地址别名数",
-        "max_mailboxes": "最大允许邮箱数",
+        "mailbox_quota_def": "邮箱默认配额",
+        "mailbox_relayhost_info": "只适用于邮箱和邮箱别名，不会覆盖域名的中继主机。",
+        "max_aliases": "最大允许的地址别名数",
+        "max_mailboxes": "最大允许的邮箱数",
         "max_quota": "每个邮箱的最大配额 (MiB)",
-        "maxage": "从远程拉取消息的最大消息年龄限制<br><small>(0表示忽略)</small>",
-        "maxbytespersecond": "最大速率 (Bytes/s) <br><small>(0表示不限)</small>",
-        "mbox_rl_info": "此频率限制应用于SASL登录名，它会匹配邮件的\"来自\"地址。邮箱的频率限制设置会覆盖域名的频率限制值设置。",
+        "maxage": "从远程拉取消息的最大时间间隔限制<br><small>(0表示忽略)</small>",
+        "maxbytespersecond": "最大速率 (Bytes/s) <br><small>(0表示无限制)</small>",
+        "mbox_rl_info": "此频率限制应用于 SASL 登录名，它会匹配邮件的 \"from\" 地址。邮箱的频率限制设置会覆盖域名的频率限制值设置。",
         "mins_interval": "轮询间隔 (分钟)",
         "multiple_bookings": "登记限制",
+        "none_inherit": "无/继承",
         "nexthop": "下一跳",
         "password": "密码",
-        "password_repeat": "确认密码 (重复输入)",
+        "password_repeat": "确认密码 (重复)",
         "previous": "上一页",
         "private_comment": "私密评论",
         "public_comment": "公开评论",
-        "pushover_evaluate_x_prio": "加速高优先级邮件 [<code>X-Priority: 1</code>]",
+        "pushover": "Pushover",
+        "pushover_evaluate_x_prio": "优先响应高优先级邮件 [<code>X-Priority: 1</code>]",
         "pushover_info": "推送通知设置会应用到所有递送到 <b>%s</b> (包括其别名) 的非垃圾邮件。",
         "pushover_only_x_prio": "只为高优先级邮件开启 [<code>X-Priority: 1</code>]",
-        "pushover_sender_array": "只为以下发件人邮箱地址开启 <small>(英文逗号分隔)</small>",
+        "pushover_sender_array": "只为以下发件人邮箱地址开启 <small>(存在多个地址时使用英文逗号分隔)</small>",
         "pushover_sender_regex": "也可以使用正则表达式过滤发件人",
         "pushover_text": "通知文本",
         "pushover_title": "通知标题",
-        "pushover_vars": "如果没有定义发件人过滤器则会为所有邮件开启通知推送。<br>正则表达式过滤器可以和普通过滤器分别被定义，并且会依序应用，而不是覆盖另一个。<br>在文本和标题中可用的变量 (请注意数据保护条例)",
+        "pushover_vars": "如果没有定义发件人过滤器则会为所有的邮件开启通知推送。<br>正则表达式过滤器可以和普通过滤器一同使用，并且会按顺序被使用，而不是被覆盖。<br>在文本和标题中可用的变量 (请注意数据保护)",
         "pushover_verify": "校验凭证",
         "quota_mb": "配额 (MiB)",
+        "quota_warning_bcc": "BCC 配额警告",
+        "quota_warning_bcc_info": "警告将作为单独的副本发送至以下的收件人。主题将以放置在括号内的用户名做为后缀结尾，例如，<code>Quota warning (user@example.com)</code>。",
+        "ratelimit": "频率限制",
         "redirect_uri": "重定向/回调 URL",
         "relay_all": "中继所有收件人",
-        "relay_all_info": "↪ 如果<b>不</b>选择中继所有，你将需要为每个应该中继的邮件添加一个 (\"盲\") 邮箱。",
+        "relay_all_info": "↪ 如果<b>不</b>选择中继所有收件人，你将需要为每个应该中继的邮件添加一个(\"虚拟\")邮箱。",
         "relay_domain": "中继这个域名",
-        "relay_transport_info": "<div class=\"label label-info\"></div> 你可以为此域名定义传输规则以自定义发件目标主机，否则遵照MX记录发送邮件。",
-        "relay_unknown_only": "只为不存在的邮箱地址中继。已存在的邮箱地址则在本地递送。",
+        "relay_transport_info": "<div class=\"label label-info\">注意</div> 你可以为此域名自定义传输规则来指定发件目标主机，否则将遵照 MX 记录发送邮件。",
+        "relay_unknown_only": "只为不存在的邮箱地址中继。已存在的邮箱地址将在本地发送。",
         "relayhost": "中继传输",
         "remove": "删除",
-        "resource": "日历资源",
+        "resource": "资源",
         "save": "保存更改",
         "scope": "范围",
         "sender_acl": "允许发送为",
         "sender_acl_disabled": "<span class=\"label label-danger\">发件人检查已关闭</span>",
-        "sender_acl_info": "如果允许邮箱用户A作为邮箱用户B发送邮件，发件人的地址不会在SOGo中\"来自\"区域自动地作为下拉可选项显示。<br>\r\n 邮箱用户B需要添加授权以允许邮箱用户A选择B的地址作为发件人；授权方法为，在SOGo中点击左上方邮箱地址右边的菜单按钮(三个点)并授权。",
+        "sender_acl_info": "如果允许邮箱用户 A 作为邮箱用户 B 发送邮件，发件人的地址不会在 SOGo 中的 \"from\" 区域中作为下拉项显示。<br>\r\n 邮箱用户 B 需要添加授权以允许邮箱用户 A 选择 B 的地址作为发件人；授权方法为，在 SOGo 中点击左上方邮箱地址右边的菜单按钮 (三个点) 并授权。",
         "sieve_desc": "简短描述",
         "sieve_type": "过滤器类型",
-        "skipcrossduplicates": "跳过其他文件夹中已存在的邮件(保留先存在的邮件)",
-        "sogo_visible": "SOGo别名显示",
-        "sogo_visible_info": "此设置只影响SOGo上的可显示对象(指向本地邮箱的共享或非共享别名地址)。如果设为隐藏，别名地址不会作为下拉可选发件人项显示。",
+        "skipcrossduplicates": "跳过其他文件夹中已存在的邮件(保留已经存在的邮件)",
+        "sogo_access": "允许直接登录 SOGo",
+        "sogo_access_info": "在邮箱的用户界面内的单点登录仍然有效。这一设置既不影响对所有其他服务的访问，也不删除或改变用户现有的 SOGo 的配置文件。",
+        "sogo_visible": "SOGo 显示的别名",
+        "sogo_visible_info": "此设置只影响 SOGo 上可显示的对象 (指向本地邮箱的共享或非共享别名地址)。如果设置为隐藏，则别名地址不会作为可选发件人的下拉项显示。",
         "spam_alias": "添加或更改临时别名地址",
+        "spam_filter": "垃圾邮件过滤器",
         "spam_policy": "将项目添加到白/黑名单或从其中移除",
         "spam_score": "自定义垃圾邮件分数",
-        "subfolder2": "同步到目标邮箱子文件夹<br><small>(留空表示不使用子文件夹)</small>",
+        "subfolder2": "同步到目标邮箱的子文件夹<br><small>(留空表示不使用子文件夹)</small>",
         "syncjob": "编辑同步任务",
-        "target_address": "目标地址 <small>(英文逗号分隔多个地址)</small>",
+        "target_address": "目标地址 <small>(存在多个地址时使用英文逗号分隔)</small>",
         "target_domain": "目标域名",
         "timeout1": "远程主机连接超时时间",
         "timeout2": "本地主机连接超时时间",
@@ -565,18 +616,35 @@
         "username": "用户名",
         "validate_save": "验证并保存"
     },
+    "fido2": {
+        "confirm": "确认",
+        "fido2_auth": "使用FIDO2登录",
+        "fido2_success": "已注册的设备",
+        "fido2_validation_failed": "验证失败",
+        "fn": "别名",
+        "known_ids": "已注册的 ID",
+        "none": "禁用",
+        "register_status": "注册状态",
+        "rename": "重命名",
+        "set_fido2": "重新注册 FIDO2 设备",
+        "set_fido2_touchid": "在 Apple M1 上使用 Touch ID 注册",
+        "set_fn": "设置别名",
+        "start_fido2_validation": "开始 FIDO2 验证"
+    },
     "footer": {
         "cancel": "取消",
         "confirm_delete": "确认删除",
         "delete_now": "立即删除",
-        "delete_these_items": "请确认对以下对象id的更改",
+        "delete_these_items": "请确认对以下对象 ID 的更改",
+        "hibp_check": "使用 haveibeenpwned.com 网站检查密码",
         "hibp_nok": "匹配到密码！存在潜在的使用危险！",
-        "hibp_ok": "未匹配到密码。",
+        "hibp_ok": "未匹配到密码",
         "loading": "请等待...",
+        "nothing_selected": "未选择",
         "restart_container": "重启容器",
-        "restart_container_info": "<b>重要:</b> 可能需要一些时间以完整地重启容器，请等待重启完成。",
+        "restart_container_info": "<b>重要:</b> 完整的重启容器可能需要花费一些时间，请耐心等待重启完成。",
         "restart_now": "立即重启",
-        "restarting_container": "容器重启中，这可能需要一些时间"
+        "restarting_container": "容器重启中，这可能需要花费一些时间"
     },
     "header": {
         "administration": "配置和管理",
@@ -585,19 +653,21 @@
         "mailboxes": "邮箱设置",
         "mailcow_settings": "配置",
         "quarantine": "隔离",
-        "restart_netfilter": "重启netfilter",
-        "restart_sogo": "重启SOGo",
+        "restart_netfilter": "重启 netfilter",
+        "restart_sogo": "重启 SOGo",
         "user_settings": "用户设置"
     },
     "info": {
-        "awaiting_tfa_confirmation": "等待TFA确认",
+        "awaiting_tfa_confirmation": "等待 TFA 确认",
         "no_action": "没有可适用的操作",
-        "session_expires": "你的会话会在15秒后过期"
+        "session_expires": "你的会话将会在15秒之后过期"
     },
     "login": {
-        "delayed": "请在%s秒后重新登录。",
+        "delayed": "请在 %s 秒后重新登录。",
+        "fido2_webauthn": "使用 FIDO2/WebAuthn 登录",
         "login": "登录",
-        "mobileconfig_info": "请用邮箱用户登录以下载Apple连接描述文件。",
+        "mobileconfig_info": "请使用邮箱用户登录以下载 Apple 连接描述文件。",
+        "other_logins": "Key 登录",
         "password": "密码",
         "username": "用户名"
     },
@@ -607,7 +677,8 @@
         "active": "启用",
         "add": "添加",
         "add_alias": "添加别名",
-        "add_bcc_entry": "添加BCC映射",
+        "add_alias_expand": "在域名别名上拓展别名",
+        "add_bcc_entry": "添加 BCC 映射",
         "add_domain": "添加域名",
         "add_domain_alias": "添加域名别名",
         "add_domain_record_first": "请先添加一个域名",
@@ -615,35 +686,37 @@
         "add_mailbox": "添加邮箱",
         "add_recipient_map_entry": "添加收件人映射",
         "add_resource": "添加资源",
-        "add_tls_policy_map": "添加TLS策略规则",
+        "add_tls_policy_map": "添加 TLS 策略规则",
         "address_rewriting": "地址重写",
         "alias": "别名",
-        "alias_domain_alias_hint": "邮箱别名<b>不会</b>自动应用到域名别名。邮箱别名地址 <code>my-alias@domain</code> <b>不会</b> 应用到 <code>my-alias@alias-domain</code> (假设 \"alias-domain\" 是 \"domain\" 的域名别名)。<br>若需要将邮件转发到外部邮箱，请使用sieve过滤器 (查看标签页 \"过滤器\" 或者使用 SOGo -> 转发器) 。",
-        "alias_domain_backupmx": "域名别名在中继域名下不启用",
+        "alias_domain_alias_hint": "邮箱别名<b>不会</b>自动应用到域名别名。邮箱别名地址 <code>my-alias@domain</code> <b>不会</b> 应用到 <code>my-alias@alias-domain</code> (假设 \"alias-domain\" 是 \"domain\" 的域名别名)。<br>若需要将邮件转发到外部邮箱，请使用 sieve 过滤器 (查看标签页 \"过滤器\" 或者使用 SOGo -> 转发器) 。",
+        "alias_domain_backupmx": "域名别名在中继域名下不会启用",
         "aliases": "别名",
-        "allow_from_smtp": "只允许这些IP使用<b>SMTP</b>",
-        "allow_from_smtp_info": "留空以允许所有发送者<br>IPv4/IPv6地址或网络",
-        "allowed_protocols": "允许的协议",
+        "all_domains": "全部域名",
+        "allow_from_smtp": "只允许这些 IP 使用 <b>SMTP</b>",
+        "allow_from_smtp_info": "留空以允许所有发送者，<br>IPv4/IPv6地址或网络",
+        "allowed_protocols": "允许用户直接访问的协议 (不会影响应用的密码协议)",
         "backup_mx": "中继域名",
         "bcc": "BCC",
-        "bcc_destination": "BCC目标地址",
-        "bcc_destinations": "BCC目标地址",
-        "bcc_info": "BCC映射用于静默地将邮件转发到另一个邮箱地址。当目标地址为本地地址时则会添加一个收件人映射条目，同发件人映射。<br/>\r\n 递送失败时不会通知本地目标地址。",
+        "bcc_destination": "BCC 目标地址",
+        "bcc_destinations": "BCC 目标地址",
+        "bcc_info": "BCC 映射用于静默地将邮件转发到另一个邮箱地址。当目标地址为本地地址时则会添加一个收件人映射条目，与发件人映射相同。<br/>\r\n 递送失败时不会通知本地目标地址。",
         "bcc_local_dest": "本地目标地址",
-        "bcc_map": "BCC映射",
-        "bcc_map_type": "BCC类型",
-        "bcc_maps": "BCC映射",
+        "bcc_map": "BCC 映射",
+        "bcc_map_type": "BCC 类型",
+        "bcc_maps": "BCC 映射",
         "bcc_rcpt_map": "收件人映射",
         "bcc_sender_map": "发件人映射",
         "bcc_to_rcpt": "切换到收件人映射",
         "bcc_to_sender": "切换到发件人映射",
-        "bcc_type": "BCC类型",
+        "bcc_type": "BCC 类型",
         "booking_null": "永远显示为空闲",
-        "booking_0_short": "永远空闲",
+        "booking_0_short": "空闲限制",
         "booking_custom": "严格限制登记数",
         "booking_custom_short": "严格限制",
-        "booking_ltnull": "不限制登记数，但会在被登记后显示为繁忙",
+        "booking_ltnull": "不会限制登记数，但会在被登记后显示为繁忙",
         "booking_lt0_short": "宽松限制",
+        "catch_all": "接收所有",
         "daily": "每天",
         "deactivate": "禁用",
         "description": "描述",
@@ -660,21 +733,24 @@
         "excludes": "除了",
         "filter_table": "筛选表格",
         "filters": "过滤器",
-        "fname": "全名",
+        "fname": "全称",
+        "goto_ham": "学习为<b>非垃圾邮件</b>",
+        "goto_spam": "学习为<b>垃圾邮件</b>",
         "hourly": "每小时",
         "in_use": "使用数 (%)",
         "inactive": "禁用",
         "insert_preset": "插入示例预设 \"%s\"",
         "kind": "类型",
-        "last_mail_login": "最后的邮箱登录",
-        "last_run": "最后运行",
+        "last_mail_login": "最后一次邮箱登录",
+        "last_pw_change": "最后一次密码修改",
+        "last_run": "最后一次运行",
         "last_run_reset": "下一次运行",
         "mailbox": "邮箱",
+        "mailbox_defaults": "默认设置",
+        "mailbox_defaults_info": "调整新邮箱的默认设置",
         "mailbox_defquota": "默认邮箱大小",
         "mailbox_quota": "最大邮箱大小",
         "mailboxes": "邮箱",
-        "mailbox_defaults": "默认设置",
-        "mailbox_defaults_info": "配置新邮箱的默认设置",
         "mins_interval": "间隔 (分钟)",
         "msg_num": "消息 #",
         "multiple_bookings": "登记限制",
@@ -682,69 +758,85 @@
         "no": "&#10005;",
         "no_record": "没有找到对象 %s 的记录",
         "no_record_single": "没有记录",
+        "open_logs": "打开日志",
         "owner": "所有者",
         "private_comment": "私密评论",
         "public_comment": "公开评论",
+        "q_add_header": "当移动到垃圾邮件文件夹时",
+        "q_all": " 当移动到垃圾邮件文件夹并被拒绝接收时",
+        "q_reject": "拒绝接收时",
+        "quarantine_category": "隔离通知类型",
         "quarantine_notification": "隔离通知",
         "quick_actions": "操作",
+        "recipient": "收件人",
         "recipient_map": "收件人映射",
-        "recipient_map_info": "收件人映射用于在邮件被递送前替换收件人地址。",
+        "recipient_map_info": "收件人映射用于在邮件被发送前替换收件人的地址。",
         "recipient_map_new": "新收件人",
-        "recipient_map_new_info": "新收件人必须为合法的邮件地址",
+        "recipient_map_new_info": "新收件人必须为合法的邮箱地址",
         "recipient_map_old": "原收件人",
-        "recipient_map_old_info": "原收件人必须为合法的邮件地址",
+        "recipient_map_old_info": "原收件人必须为合法的邮箱地址",
         "recipient_maps": "收件人映射",
         "remove": "删除",
-        "resources": "日历资源",
+        "resources": "资源",
         "running": "运行中",
-        "set_postfilter": "标记为postfilter",
-        "set_prefilter": "标记为prefilter",
-        "sieve_info": "你可以为每个用户存储多个过滤器，但只能同时启用一个prefilter和一个postfilter。<br>\r\n过滤器将按列表中的顺序依次执行，下一个脚本不会因为上一个脚本失败或\"keep;\"而停止运行。更改全局sieve脚本会重启Dovecot。<br><br>全局sieve prefilter → prefilter → 用户脚本 → postfilter → 全局sieve postfilter",
-        "sieve_preset_1": "丢弃含有潜在危险文件格式的邮箱",
+       "sender": "发件人",
+        "set_postfilter": "标记为 postfilter",
+        "set_prefilter": "标记为 prefilter",
+        "sieve_info": "你可以为每个用户存储多个过滤器，但只能同时启用一个 prefilter 和一个 postfilter 。<br>\r\n过滤器将按列表中的顺序依次执行，下一个脚本不会因为上一个脚本运行失败或保留运行而停止运行。更改全局 sieve 脚本会重启 Dovecot。<br><br>全局 sieve prefilter &#8226; prefilter &#8226; 用户脚本 &#8226; postfilter &#8226; 全局 sieve postfilter",
+        "sieve_preset_1": "丢弃包含有潜在危险文件格式的邮箱",
         "sieve_preset_2": "标记来至指定发件人的邮件为已读",
-        "sieve_preset_3": "静默删除，并停止继续运行sieve脚本",
-        "sieve_preset_4": "移动到收件箱，并停止继续运行sieve脚本",
+        "sieve_preset_3": "静默删除，并停止继续运行 sieve 脚本",
+        "sieve_preset_4": "移动到收件箱，并停止继续运行 sieve 脚本",
         "sieve_preset_5": "自动回复 (休假)",
-        "sieve_preset_6": "拒绝邮件并反馈",
-        "sieve_preset_7": "重定向邮件并保留/删除",
+        "sieve_preset_6": "拒绝接收邮件并通知",
+        "sieve_preset_7": "重定向邮件并保留或删除",
         "sieve_preset_8": "删除发件人发送给自己别名地址的邮件",
-        "sieve_preset_header": "请看下方的示例预设。 查看 <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipedia</a> 以了解更多细节。",
-        "sogo_visible": "SOGo别名显示",
-        "sogo_visible_n": "在SOGo中隐藏别名",
-        "sogo_visible_y": "在SOGo中显示别名",
+        "sieve_preset_header": "请看下方的示例预设。 查看 <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Sieve Wikipedia 页面 (英文)</a>以了解更多细节。",
+        "sogo_visible": "SOGo 别名显示",
+        "sogo_visible_n": "在 SOGo 中隐藏别名",
+        "sogo_visible_y": "在 SOGo 中显示别名",
         "spam_aliases": "临时别名",
         "stats": "统计",
         "status": "状态",
         "sync_jobs": "同步任务",
+        "syncjob_check_log": "检查日志",
+        "syncjob_last_run_result": "最后一次运行结果",
+        "syncjob_EX_OK": "成功",
+        "syncjob_EXIT_CONNECTION_FAILURE": "连接问题",
+        "syncjob_EXIT_TLS_FAILURE": "加密连接问题",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "身份认证问题",
+        "syncjob_EXIT_OVERQUOTA": "目标邮箱配额已满",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "无法连接到远程服务器",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "用户名或密码错误",
         "table_size": "表格尺寸",
         "table_size_show_n": "显示 %s 个项目",
         "target_address": "目标地址",
         "target_domain": "目标域名",
-        "tls_enforce_in": "强制入站TLS",
-        "tls_enforce_out": "强制出站TLS",
+        "tls_enforce_in": "强制入站使用 TLS",
+        "tls_enforce_out": "强制出站使用 TLS",
         "tls_map_dest": "目标",
         "tls_map_dest_info": "示例: example.org, .example.org, [mail.example.org]:25",
         "tls_map_parameters": "参数",
-        "tls_map_parameters_info": "留空或填入参数，比如: protocols=!SSLv2 ciphers=medium exclude=3DES",
+        "tls_map_parameters_info": "留空或填入相关参数，例如: protocols=!SSLv2 ciphers=medium exclude=3DES",
         "tls_map_policy": "策略",
-        "tls_policy_maps": "TLS策略规则",
-        "tls_policy_maps_info": "此策略规则覆盖用户的出站TLS策略设置。<br>\r\n  查看 <a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\">\"smtp_tls_policy_maps\"文档</a> 以了解更多细节。",
-        "tls_policy_maps_enforced_tls": "这些策略同时会影响邮箱用户的出站TLS连接行为。如果在下方没有任何策略，则用户会应用 <code>smtp_tls_mandatory_protocols</code> 和 <code>smtp_tls_mandatory_ciphers</code> 指定的默认值",
-        "tls_policy_maps_long": "出站TLS策略规则重写",
-        "toggle_all": "选择/取消所有",
+        "tls_policy_maps": "TLS 策略规则",
+        "tls_policy_maps_enforced_tls": "这些策略会同时影响邮箱用户的出站 TLS 连接行为。如果在下方没有任何策略，则用户会使用 <code>smtp_tls_mandatory_protocols</code> 和 <code>smtp_tls_mandatory_ciphers</code> 指定的默认值。",
+        "tls_policy_maps_info": "此策略规则会覆盖用户的出站 TLS 策略设置。<br>\r\n  查看 <a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\">\"smtp_tls_policy_maps\" 文档</a>以了解更多细节。",
+        "tls_policy_maps_long": "重写出站 TLS 策略规则",
+        "toggle_all": "选择所有/取消所有",
         "username": "用户名",
         "waiting": "等待中",
         "weekly": "每周",
         "yes": "&#10003;"
     },
     "oauth2": {
-        "access_denied": "请作为邮箱所有者登录以使用OAuth2授权",
+        "access_denied": "请作为邮箱所有者登录以使用 OAuth2 授权",
         "authorize_app": "授权应用",
         "deny": "拒绝",
         "permit": "授权应用",
         "profile": "个人资料",
-        "profile_desc": "查看个人信息: 用户名，全面，创建时间，修改时间，启用状态",
-        "scope_ask_permission": "一个应用请求了以下权限"
+        "profile_desc": "查看个人信息: 用户名，全称，创建时间，修改时间，状态",
+        "scope_ask_permission": "应用请求了以下权限"
     },
     "quarantine": {
         "action": "操作",
@@ -752,61 +844,70 @@
         "check_hash": "搜索文件特征 @ VT",
         "confirm": "确认",
         "confirm_delete": "确认删除此元素。",
-        "danger": "危险性",
-        "deliver_inbox": "递送到收件箱",
-        "disabled_by_config": "当前系统设置关闭了隔离功能，请设置 \"每个邮箱保留隔离项目数\" 和 \"最大文件大小\" 以开启隔离。",
+        "danger": "危险等级",
+        "deliver_inbox": "发送到收件箱",
+        "disabled_by_config": "当前系统设置关闭了隔离功能，请通过设置 \"每个邮箱保留的隔离项目数\" 以及 \"最大文件大小\" 以开启隔离。",
         "download_eml": "下载 (.eml)",
         "empty": "结果为空",
-        "high_danger": "高危险",
+        "high_danger": "高危险等级",
         "info": "信息",
         "junk_folder": "垃圾箱",
-        "learn_spam_delete": "学习为垃圾并删除",
-        "low_danger": "低危险",
-        "medium_danger": "中危险",
-        "neutral_danger": "中性",
-        "notified": "已通知",
-        "qhandler_success": "成功向系统发送请求，现在你可以关闭窗口了。",
+        "learn_spam_delete": "学习为垃圾邮件并删除",
+        "low_danger": "低危险等级",
+        "medium_danger": "中危险等级",
+        "neutral_danger": "无危险等级",
+        "notified": "已发送通知",
+        "qhandler_success": "已成功向系统发送请求，现在你可以关闭这个窗口了。",
         "qid": "Rspamd QID",
-        "qinfo": "隔离系统会将被拒绝的邮件以及作为拷贝发送到垃圾箱的邮件保存到数据库中 (发件人<em>不</em>会知道)。\r\n  <br>\"学习为垃圾并删除\" 会根据贝叶斯定理将消息作为垃圾学习并计算其模糊特征以拒绝未来收到相似消息。\r\n  <br>请注意，取决于你的系统资源，学习多个消息可能会花费较长时间。<br>黑名单中项目会被隔离系统排除。",
+        "qinfo": "隔离系统会把已被拒绝接收的邮件以及作为拷贝发送到垃圾箱的邮件保存到数据库中 (发件人<em>不</em>会知道)。\r\n  <br>\"学习为垃圾并删除\" 会根据贝叶斯定理将消息作为垃圾学习并计算其模糊特征以拒绝未来收到相似消息。\r\n  <br>请注意，这取决于你的系统资源，学习多个消息可能会花费较长时间。<br>黑名单中项目会被隔离系统排除。",
         "qitem": "隔离项目",
         "quarantine": "隔离",
         "quick_actions": "操作",
-        "rcpt": "收件人",
-        "received": "已接收",
-        "rejected": "已拒绝",
-        "recipients": "收件人",
-        "refresh": "刷新",
-        "release": "释放",
-        "release_body": "我们已在此消息中将你的消息附为eml文件",
-        "release_subject": "存在潜在危险的隔离文件 %s",
-        "remove": "删除",
-        "rspamd_result": "Rspamd结果",
-        "sender": "发件人 (SMTP)",
-        "sender_header": "发件人 (\"From\" 头)",
-        "type": "类型",
-        "quick_release_link": "打开快速释放链接",
         "quick_delete_link": "打开快速删除链接",
         "quick_info_link": "打开详情链接",
+        "quick_release_link": "打开快速移除链接",
+        "rcpt": "收件人",
+        "received": "已接收",
+        "recipients": "收件人",
+        "refresh": "刷新",
+        "rejected": "已拒绝",
+        "release": "移除",
+        "release_body": "我们已在此消息中将你的消息作为 eml 附件文件",
+        "release_subject": "存在潜在危险的隔离文件 %s",
+        "remove": "删除",
+        "rewrite_subject": "重写主题",
+        "rspamd_result": "Rspamd 结果",
+        "sender": "发件人 (SMTP)",
+        "sender_header": "发件人 (\"From\" 头)",
+        "settings_info": "被隔离的元素的最大数目: %s<br>电子邮件的最大大小: %s MiB",
         "show_item": "显示项目",
-        "spam": "垃圾",
+        "spam": "垃邮件圾",
         "spam_score": "分数",
         "subj": "主题",
         "table_size": "表格尺寸",
         "table_size_show_n": "显示 %s 个项目",
-        "text_from_html_content": "内容 (已转换 html)",
+        "text_from_html_content": "内容 (已转换为 html)",
         "text_plain_content": "内容 (text/plain)",
-        "toggle_all": "选择/取消所有"
+        "toggle_all": "选择所有/取消所有",
+        "type": "类型"
+    },
+    "ratelimit": {
+      "disabled": "禁用",
+      "second": "msgs / 秒",
+      "minute": "msgs / 分钟",
+      "hour": "msgs / 小说",
+      "day": "msgs / 天"
     },
     "start": {
         "help": "显示/隐藏 帮助面板",
-        "imap_smtp_server_auth_info": "请使用你的完整邮箱地址并使用PLAIN(明文)认证方法。<br>\r\n你的登录数据会被服务端强制加密。",
-        "mailcow_apps_detail": "使用mailcow应用访问你的邮件、日历、联系人和更多。",
-        "mailcow_panel_detail": "<b>域名管理员</b> 可以创建、修改或删除邮箱胡别名，更改分配给其的域名并读取更多域名相关信息。<br>\r\n<b>邮箱用户</b> 可以创建临时别名 (垃圾邮件别名)，更改他们的密码和垃圾过滤器设置。"
+        "imap_smtp_server_auth_info": "请使用你的完整邮箱地址并使用 PLAIN (明文) 认证方法。<br>\r\n你的登录数据会被服务端强制加密。",
+        "mailcow_apps_detail": "使用 Mailcow 应用访问你的邮件、日历、联系人以及更多内容。",
+        "mailcow_panel_detail": "<b>域名管理员</b>可以创建、修改或删除邮箱的别名，更改分配给用户的域名并读取更多域名相关信息。<br>\r\n<b>邮箱用户</b>可以创建临时别名 (垃圾邮件别名)，更改密码以及设置垃圾邮件过滤器。"
     },
     "success": {
-        "acl_saved": "已保存对象 %s 的ACL",
+        "acl_saved": "已保存对象 %s 的 ACL 设置",
         "admin_added": "已添加管理员 %s",
-        "admin_api_modified": "已保存API更改",
+        "admin_api_modified": "已保存 API 的更改",
         "admin_modified": "已保存管理员更改",
         "admin_removed": "已删除管理员 %s",
         "alias_added": "已添加别名地址 %s (%d)",
@@ -817,95 +918,102 @@
         "aliasd_modified": "已保存域名别名 %s 更改",
         "app_links": "已保存应用链接更改",
         "app_passwd_added": "已添加新的应用密码",
-        "app_passwd_removed": "已删除应用密码，ID %s",
-        "bcc_deleted": "已删除BCC映射条目: %s",
-        "bcc_edited": "已编辑BCC映射条目 %s",
-        "bcc_saved": "已保存BCC映射条目",
+        "app_passwd_removed": "已删除应用密码 ID %s",
+        "bcc_deleted": "已删除 BCC 映射条目: %s",
+        "bcc_edited": "已编辑 BCC 映射条目 %s",
+        "bcc_saved": "已保存 BCC 映射条目",
         "db_init_complete": "数据库初始化完成",
-        "delete_filter": "已删除过滤器，ID %s",
+        "delete_filter": "已删除过滤器 ID %s",
         "delete_filters": "已删除过滤器: %s",
-        "deleted_syncjob": "已删除同步任务，ID %s",
+        "deleted_syncjob": "已删除同步任务 ID %s",
         "deleted_syncjobs": "已删除同步任务: %s",
-        "dkim_added": "已保存DKIM密钥 %s",
-        "dkim_duplicated": "已复制域名 %s 的DKIM密钥到 %s",
-        "dkim_removed": "已删除DKIM密钥 %s",
+        "dkim_added": "已保存 DKIM 密钥 %s",
+        "domain_add_dkim_available": "DKIM 密钥已经存在",
+        "dkim_duplicated": "已复制域名 %s 的 DKIM 密钥到 %s",
+        "dkim_removed": "已删除 DKIM 密钥 %s",
         "domain_added": "已添加域名 %s",
         "domain_admin_added": "已添加域名管理员 %s",
         "domain_admin_modified": "已保存域名管理员 %s 更改",
         "domain_admin_removed": "已删除域名管理员 %s",
-        "domain_modified": "已保存域名 %s 更改",
+        "domain_modified": "已保存域名 %s 的更改",
         "domain_removed": "已删除域名 %s",
-        "dovecot_restart_success": "Dovecot重启成功",
-        "eas_reset": "已重置用户 %s 的ActiveSync设备",
-        "f2b_modified": "已保存Fail2ban参数更改",
+        "dovecot_restart_success": "Dovecot 重新启动成功",
+        "eas_reset": "已重置用户 %s 的 ActiveSync 设备",
+        "f2b_modified": "已保存 Fail2ban 参数的更改",
         "forwarding_host_added": "已添加转发主机 %s",
         "forwarding_host_removed": "已删除转发主机 %s",
         "global_filter_written": "成功将过滤器写入到文件",
         "hash_deleted": "已删除特征",
         "item_deleted": "成功删除项目 %s",
-        "item_released": "已释放项目 %s",
+        "item_released": "已移除项目 %s",
         "items_deleted": "成功删除项目 %s",
-        "items_released": "已释放选中的项目",
-        "learned_ham": "成功学习ID %s为非垃圾",
+        "items_released": "已移除选中的项目",
+        "learned_ham": "成功学习 ID %s 为非垃圾邮件",
         "license_modified": "已保存许可证更改",
         "logged_in_as": "登录为 %s",
         "mailbox_added": "已添加邮箱 %s",
-        "mailbox_modified": "已保存邮箱 %s 更改",
+        "mailbox_modified": "已保存邮箱 %s 的更改",
         "mailbox_removed": "已删除邮箱 %s",
+        "nginx_reloaded": "Nginx 已重新启动",
         "object_modified": "已保存对象 %s 更改",
-        "pushover_settings_edited": "成功设置Pushover设置，请校验凭证",
-        "qlearn_spam": "消息 ID %s 已被学习为垃圾并被删除",
+        "password_policy_saved": "已成功保存密码规则",
+        "pushover_settings_edited": "已成功设置 Pushover，请重新校验凭证",
+        "qlearn_spam": "消息 ID %s 已被学习为垃圾邮件并被删除",
         "queue_command_success": "成功执行配额命令",
-        "recipient_map_entry_deleted": "已删除接收人映射，ID %s",
+        "recipient_map_entry_deleted": "已删除接收人映射 ID %s",
         "recipient_map_entry_saved": "已保存接收人映射条目 \"%s\"",
         "relayhost_added": "已添加中继主机 %s",
         "relayhost_removed": "已删除中继主机 %s",
-        "reset_main_logo": "重置为默认logo",
+        "reset_main_logo": "重置为默认 Logo",
         "resource_added": "已添加资源 %s",
-        "resource_modified": "已保存资源 %s 更改",
+        "resource_modified": "已保存资源 %s 的更改",
         "resource_removed": "已删除资源 %s",
         "rl_saved": "已保存 %s",
-        "rspamd_ui_pw_set": "成功设置Rspamd UI密码",
+        "rspamd_ui_pw_set": "成功设置 Rspamd UI 的密码",
         "saved_settings": "已保存设置",
         "settings_map_added": "已添加设置规则",
-        "settings_map_removed": "已删除设置规则，ID %s",
-        "sogo_profile_reset": "已重置用户 %s 的SOGo个人资料",
-        "tls_policy_map_entry_deleted": "已删除TLS策略规则，ID %s",
-        "tls_policy_map_entry_saved": "已保存TLS策略规则 \"%s\"",
-        "ui_texts": "已保存UI文本更改",
-        "upload_success": "成功上传文件",
-        "verified_totp_login": "TOTP登录验证成功",
-        "verified_webauthn_login": "WebAuthn登录验证成功",
-        "verified_yotp_login": "Yubico OTP登录验证成功"
+        "settings_map_removed": "已删除设置规则 ID %s",
+        "sogo_profile_reset": "已重置用户 %s 的 SOGo 个人资料",
+        "tls_policy_map_entry_deleted": "已删除 TLS 策略规则 ID %s",
+        "tls_policy_map_entry_saved": "已保存 TLS 策略规则 \"%s\"",
+        "ui_texts": "已保存 UI 文本更改",
+        "upload_success": "文件上传成功",
+        "verified_fido2_login": "FIDO2 登录验证成功",
+        "verified_totp_login": "TOTP 登录验证成功",
+        "verified_webauthn_login": "WebAuthn 登录验证成功",
+        "verified_yotp_login": "Yubico OTP 登录验证成功"
     },
     "tfa": {
-        "api_register": "%s 使用 Yubico Cloud API，请 <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">在此</a> 为你的密钥获取API密钥",
+        "api_register": "%s 使用了 Yubico Cloud API，请<a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">在此</a>为你的密钥获取 API 密钥",
         "confirm": "确认",
-        "confirm_totp_token": "请输入生成的token以确认更改",
+        "confirm_totp_token": "请输入生成的验证码以确认更改",
         "delete_tfa": "关闭两步验证",
         "disable_tfa": "在下一次成功登录前关闭两步验证",
-        "enter_qr_code": "如果你的设备不能扫描QR码，输入此TOTP码",
-        "error_code": "错误码",
+        "enter_qr_code": "如果你的设备无法扫描 QR 码，请输入此 TOTP 码",
+        "error_code": "故障代码",
         "init_webauthn": "初始化中，请等待...",
-        "key_id": "你的YubiKey的标识",
-        "key_id_totp": "你的密钥的标识",
+        "key_id": "你的设备的标识符",
+        "key_id_totp": "你的密钥的名称",
         "none": "禁用",
-        "reload_retry": "- (如果一直出现错误，重启浏览器)",
-        "scan_qr_code": "请用你认证应用扫描或手动输入此码。",
+        "reload_retry": "- (如果一直出现错误，请尝试重启浏览器)",
+        "scan_qr_code": "请用你的认证应用扫描或手动输入 TOTP 码。",
         "select": "请选择",
-        "set_tfa": "设置两步验证方法",
+        "set_tfa": "启用两步验证方法",
         "start_webauthn_validation": "开始认证",
-        "tfa": "两步验证(2FA)",
-        "totp": "TOTP认证 (Google Authenticator、Authy等)",
-        "webauthn": "WebAuthn认证",
-        "waiting_usb_auth": "<i>等待USB设备...</i><br><br>现在请触碰你的WebAuthn USB设备上的按钮。",
-        "waiting_usb_register": "<i>等待USB设备...</i><br><br>请在上方输入你的密码并请触碰你的WebAuthn USB设备上的按钮以确认注册WebAuthn设备。",
-        "yubi_otp": "Yubico OTP认证"
+        "tfa": "两步验证 (2FA)",
+        "tfa_token_invalid": "TFA token 无效",
+        "totp": "TOTP 认证 (Google Authenticator、Authy 等)",
+        "u2f_deprecated": "似乎你的密钥是使用废弃的 U2F 方法获得的。我们将为停用你的两步验证并删除该密钥。",
+        "u2f_deprecated_important": "请在管理面板上使用新的 WebAuthn 方法获得你的密钥。",
+        "webauthn": "WebAuthn 认证",
+        "waiting_usb_auth": "<i>等待 USB 设备中...</i><br><br>现在请触碰你的 WebAuthn USB 设备上的按钮。",
+        "waiting_usb_register": "<i>等待 USB 设备中...</i><br><br>请在上方输入你的密码并请触碰你的 WebAuthn USB 设备上的按钮以确认注册该 WebAuthn 设备。",
+        "yubi_otp": "Yubico OTP 认证"
     },
     "user": {
         "action": "操作",
         "active": "启用",
-        "active_sieve": "启用的过滤器",
+        "active_sieve": "已启用的过滤器",
         "advanced_settings": "高级设置",
         "alias": "别名",
         "alias_create_random": "生成随机别名",
@@ -916,85 +1024,110 @@
         "alias_time_left": "剩余时间",
         "alias_valid_until": "有效至",
         "aliases_also_send_as": "同时允许发送为",
-        "aliases_send_as_all": "关闭发件人可访性检查的域名(别名)",
-        "app_hint": "应用密码是你登录 <b>IMAP 和 SMTP</b> 时的可选替代密码，用户名保持不变。<br>应用密码不作用于SOGo (包括 ActiveSync) ",
+        "aliases_send_as_all": "已关闭发件人可访性检查的域名和域名别名",
+        "app_hint": "应用密码是你登录 <b>IMAP 和 SMTP</b> 时的可选替代密码，用户名仍然保持不变。<br>应用密码不适用于 SOGo (包括 ActiveSync) ",
+        "allowed_protocols": "允许使用的协议",
         "app_name": "应用名称",
         "app_passwds": "应用密码",
-        "apple_connection_profile": "Apple连接描述文件",
-        "apple_connection_profile_complete": "此连接描述文件包括提供给Apple设备的IMAP和SMTP配置参数并包括CalDAV (日历) 和 CardDAV (联系人) 访问路径。",
-        "apple_connection_profile_mailonly": "此连接描述文件包括提供给Apple设备的IMAP和SMTP配置参数。",
+        "apple_connection_profile": "Apple 连接描述文件",
+        "apple_connection_profile_complete": "此连接描述文件包括提供给 Apple 设备的 IMAP 和 SMTP 配置参数，并会包括 CalDAV (日历) 和 CardDAV (联系人) 的访问路径。",
+        "apple_connection_profile_mailonly": "此连接描述文件包括提供给 Apple 设备的 IMAP 和 SMTP 配置参数。",
+        "apple_connection_profile_with_app_password": "一个新的应用程序密码将会被生成并添加到该配置文件中，因此在设备设置时不需要输入密码。请不要随意分享该文件，因为它包含你的邮箱的完全访问权限。",
         "change_password": "更改密码",
-        "client_configuration": "显示邮箱客户端和智能手机配置指南",
+        "change_password_hint_app_passwords": "你的账户有 {{number_of_app_passwords}} 个应用密码，这些密码将不会被更改。如果需要管理这些密码，请访问应用密码标签。",
+        "clear_recent_successful_connections": "清除成功匹配的连接",
+        "client_configuration": "显示邮箱客户端和智能手机的配置指南",
         "create_app_passwd": "添加应用密码",
         "create_syncjob": "添加同步任务",
+        "created_on": "添加于",
         "daily": "每日",
         "day": "日",
         "delete_ays": "请确认删除。",
         "direct_aliases": "直接别名",
-        "direct_aliases_desc": "垃圾邮件过滤和TLS策略会作用于直接别名。",
-        "eas_reset": "重置ActiveSync设备缓存",
-        "eas_reset_help": "在许多情况下，重置设备缓存可以帮助恢复错误的ActiveSync资料。<br><b>注意:</b> 所有元素会被重新下载！",
+        "direct_aliases_desc": "垃圾邮件过滤和 TLS 策略会作用于直接别名。",
+        "direct_protocol_access": "该邮箱用户可以<b>直接</b>从<b>外部</b>访问以下的协议和应用程序。该选项由你的管理员进行设置。并可以创建应用密码，以授予对个别协议和应用的访问权限。<br>\"登录到 Webmail\" 按钮提供到 SOGo 的单点登录方式，并且始终可用。",
+        "eas_reset": "重置 ActiveSync 设备缓存",
+        "eas_reset_help": "在许多情况下，重置设备缓存可以帮助恢复错误的 ActiveSync 资料。<br><b>注意:</b> 所有元素将会被重新下载！",
         "eas_reset_now": "立即重置",
         "edit": "编辑",
         "email": "邮件",
         "email_and_dav": "邮件、日历和联系人",
+        "empty": "结果为空",
         "encryption": "加密",
         "excludes": "排除",
         "expire_in": "过期于",
-        "force_pw_update": "你<b>必须</b>设置一个新密码以继续使用群件相关服务。",
+        "fido2_webauthn": "FIDO2/WebAuthn",
+        "force_pw_update": "你<b>必须</b>设置一个新密码才能继续使用群组的相关服务。",
+        "from": "从",
         "generate": "生成",
         "hour": "小时",
         "hourly": "每小时",
         "hours": "小时",
         "in_use": "已使用",
         "interval": "间隔",
-        "is_catch_all": "收取域名下所有邮件",
-        "last_mail_login": "最后邮箱登录",
-        "last_run": "最后运行",
+        "is_catch_all": "接收该域名下的所有邮件",
+        "last_mail_login": "最后一次邮箱登录",
+        "last_pw_change": "最后一次密码修改",
+        "last_run": "最后一次运行",
+        "last_ui_login": "最后一次 UI 登录信息",
         "loading": "加载中...",
+        "login_history": "登录历史",
+        "mailbox": "Mailbox",
         "mailbox_details": "邮箱详情",
+        "mailbox_general": "通用设置",
+        "mailbox_settings": "邮箱设置",
         "messages": "消息",
+        "month": "月",
+        "months": "月",
         "never": "从不",
         "new_password": "新密码",
         "new_password_repeat": "确认密码 (重复)",
-        "no_active_filter": "没有启用的过滤器",
-        "no_last_login": "没有最后UI登录信息",
+        "no_active_filter": "没有已启用的过滤器",
+        "no_last_login": "没有最后一次 UI 登录信息",
         "no_record": "没有记录",
+        "open_logs": "打开日志",
+        "open_webmail_sso": "登录到 Webmail",
         "password": "密码",
         "password_now": "当前密码 (确认更改)",
-        "password_repeat": "密码 (重复)",
-        "pushover_evaluate_x_prio": "加速高优先级邮件 [<code>X-Priority: 1</code>]",
+        "password_repeat": "确认密码 (重复)",
+        "pushover_evaluate_x_prio": "优先响应高优先级邮件 [<code>X-Priority: 1</code>]",
         "pushover_info": "推送通知设置会应用到所有递送到 <b>%s</b> (包括其别名) 的非垃圾邮件。",
         "pushover_only_x_prio": "只为高优先级邮件开启 [<code>X-Priority: 1</code>]",
-        "pushover_sender_array": "只为以下发件人邮箱地址开启 <small>(英文逗号分隔)</small>",
+        "pushover_sender_array": "只为以下发件人邮箱地址开启 <small>(存在多个地址时使用英文逗号分隔)</small>",
         "pushover_sender_regex": "也可以使用正则表达式过滤发件人",
         "pushover_text": "通知文本",
         "pushover_title": "通知标题",
-        "pushover_vars": "如果没有定义发件人过滤器则会为所有邮件开启通知推送。<br>正则表达式过滤器可以和普通过滤器分别被定义，并且会依序应用，而不是覆盖另一个。<br>在文本和标题中可用的变量 (请注意数据保护条例)",
+        "pushover_vars": "如果没有定义发件人过滤器则会为所有的邮件开启通知推送。<br>正则表达式过滤器可以和普通过滤器一同使用，并且会按顺序被使用，而不是被覆盖。<br>在文本和标题中可用的变量 (请注意数据保护)",
         "pushover_verify": "验证凭证",
+        "q_add_header": "垃圾邮件文件夹",
+        "q_all": "全部类别",
+        "q_reject": "拒绝接收",
+        "quarantine_category": "隔离通知类别",
+        "quarantine_category_info": "隔离通知类别\"拒绝接收\"包括所有被拒绝的邮件，而\"垃圾邮件文件夹\"将通知用户被放入垃圾邮件文件夹的邮件。",
         "quarantine_notification": "隔离通知",
-        "quarantine_notification_info": "一旦某通知已被发送，其会被标记为\"已通知\"且不会被再次发送。",
+        "quarantine_notification_info": "一但通知被发送，其会被标记为\"已通知\"且不会被再次发送。",
+        "recent_successful_connections": "成功匹配的连接",
         "remove": "删除",
         "running": "运行中",
         "save": "保存更改",
         "save_changes": "保存更改",
         "sender_acl_disabled": "<span class=\"label label-danger\">发件人检查已关闭</span>",
         "shared_aliases": "共享别名地址",
-        "shared_aliases_desc": "用户设置如垃圾过滤器和加密策略等不会应用到共享别名地址。共享别名地址只能应用域名级别的垃圾过滤器且只能被管理员修改。",
-        "show_sieve_filters": "显示启用的用户sieve过滤器",
-        "sogo_profile_reset": "重置SOGo个人资料",
-        "sogo_profile_reset_help": "此操作会不可恢复地删除用户SOGo个人资料并<b>删除所有联系人和日历数据</b>。",
+        "shared_aliases_desc": "用户设置的垃圾邮件过滤器和加密策略等不会应用到共享别名地址。共享别名地址只能应用域名级别的垃圾邮件过滤器，并且只能被管理员修改。",
+        "show_sieve_filters": "显示用户启用的 sieve 过滤器",
+        "sogo_profile_reset": "重置 SOGo 个人资料",
+        "sogo_profile_reset_help": "此操作会不可恢复地删除用户的 SOGo 个人资料并<b>删除所有联系人和日历数据</b>。",
         "sogo_profile_reset_now": "立即重置个人资料",
         "spam_aliases": "临时邮箱别名",
         "spam_score_reset": "重置为服务器默认值",
-        "spamfilter": "垃圾过滤器",
-        "spamfilter_behavior": "评分",
+        "spamfilter": "垃圾邮件过滤器",
+        "spamfilter_behavior": "分数",
         "spamfilter_bl": "黑名单",
-        "spamfilter_bl_desc": "黑名单中地址<b>总是会</b>被标记为垃圾邮件。被拒绝的邮件<b>不会</b>进入隔离。此处可以使用通配符\"*\"。此过滤器也会应用到直接别名(只指向一个目标邮箱)，但不会应用到\"捕获所有\"别名和邮箱地址本身。",
+        "spamfilter_bl_desc": "黑名单中地址<b>总是会</b>被标记为垃圾邮件。被拒绝的邮件<b>不会</b>进入隔离区。此处可以使用通配符 \"*\"。此过滤器也会应用到直接别名 (只指向一个目标邮箱)，但不会应用到\"接收所有\"别名和邮箱地址本身。",
         "spamfilter_default_score": "默认值",
-        "spamfilter_green": "绿色: 此消息不是垃圾",
-        "spamfilter_hint": "第一个值表示\"低垃圾分数\"，第二个值表示\"高垃圾分数\"。",
-        "spamfilter_red": "红色: 此消息是垃圾并且会被服务器拒绝",
+        "spamfilter_green": "绿色: 此消息不是垃圾邮件",
+        "spamfilter_hint": "第一个值表示\"低垃圾邮件分数\"，第二个值表示\"高垃圾邮件分数\"。",
+        "spamfilter_red": "红色: 此消息是垃圾邮件并且会被服务器拒收",
         "spamfilter_table_action": "操作",
         "spamfilter_table_add": "添加项目",
         "spamfilter_table_domain_policy": "n/a (域名策略)",
@@ -1002,40 +1135,53 @@
         "spamfilter_table_remove": "删除",
         "spamfilter_table_rule": "规则",
         "spamfilter_wl": "白名单",
-        "spamfilter_wl_desc": "白名单中地址<b>永远不会</b>被标记为垃圾邮件。此处可以使用通配符\"*\"。此过滤器也会应用到直接别名(只指向一个目标邮箱)，但不会应用到\"捕获所有\"别名和邮箱地址本身。",
-        "spamfilter_yellow": "黄色: 此为垃圾消息，会被标记为垃圾并且移入垃圾文件夹",
+        "spamfilter_wl_desc": "白名单中地址<b>永远不会</b>被标记为垃圾邮件。此处可以使用通配符 \"*\"。此过滤器也会应用到直接别名 (只指向一个目标邮箱)，但不会应用到\"接收所有\"别名和邮箱地址本身。",
+        "spamfilter_yellow": "黄色: 此为垃圾邮件，会被标记为垃圾邮件并且移入垃圾邮件文件夹",
         "status": "状态",
         "sync_jobs": "同步任务",
-        "tag_handling": "处理有标签的邮件",
-        "tag_help_example": "有标签的邮箱地址示例: me<b>+Facebook</b>@example.org",
-        "tag_help_explain": "置于子文件夹: 在INBOX(收件箱)下创建一个以标签名命名的子文件夹 (\"INBOX/Facebook\")。<br>\r\n置于主题: 标签名会被前置到邮件主题, 如: \"[Facebook] 我的新闻\"。",
+        "syncjob_check_log": "检查日志",
+        "syncjob_last_run_result": "最后一次运行结果",
+        "syncjob_EX_OK": "成功",
+        "syncjob_EXIT_CONNECTION_FAILURE": "连接问题",
+        "syncjob_EXIT_TLS_FAILURE": "加密连接问题",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "身份认证问题",
+        "syncjob_EXIT_OVERQUOTA": "目标邮箱配额已满",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "无法连接到远程服务器",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "用户名或密码错误",
+        "tag_handling": "处理带有标签的邮件",
+        "tag_help_example": "带有标签的邮箱地址示例: me<b>+Facebook</b>@example.org",
+        "tag_help_explain": "置于子文件夹: 在 INBOX (收件箱) 下创建一个以标签名命名的子文件夹 (\"INBOX/Facebook\")。<br>\r\n置于主题: 标签名会被前置到邮件主题, 例如: \"[Facebook] My News\"。",
         "tag_in_none": "不处理",
         "tag_in_subfolder": "置于子文件夹",
         "tag_in_subject": "置于主题",
         "text": "文本",
         "title": "标题",
-        "tls_enforce_in": "强制入站TLS",
-        "tls_enforce_out": "强制出站TLS",
+        "tls_enforce_in": "强制入站使用 TLS",
+        "tls_enforce_out": "强制出站使用 TLS",
         "tls_policy": "加密策略",
-        "tls_policy_warning": "<strong>警告:</strong> 如果你决定强制加密邮箱传输，你有可能丢失邮件。<br>不支持加密的邮件系统将不能与此服务器交换邮件。<br>此选项会应用到你的主邮件地址(登录名)、域名别名对应的地址和<b>只指向此一个邮箱</b>(非共享)的别名地址。",
+        "tls_policy_warning": "<strong>警告:</strong> 如果你决定强制使用加密邮箱传输，你有可能丢失邮件。<br>不支持加密的邮件系统将无法与此服务器交换邮件。<br>此选项会应用到你的主邮箱地址 (登录名)、域名别名对应的地址和<b>只指向此一个邮箱</b> (非共享) 的别名地址。",
         "user_settings": "用户设置",
         "username": "用户名",
         "verify": "验证",
         "waiting": "等待中",
         "week": "周",
         "weekly": "每周",
-        "weeks": "周"
+        "weeks": "周",
+        "with_app_password": "包含应用密码",
+        "year": "年",
+        "years": "年"
     },
     "warning": {
-        "cannot_delete_self": "不能删除已登录用户",
-        "domain_added_sogo_failed": "域名已添加但是重启Dovecot失败，请检查日志。",
-        "dovecot_restart_failed": "Dovecot重启失败，请检查日志",
+        "cannot_delete_self": "不能删除已登录的用户",
+        "domain_added_sogo_failed": "域名已添加但是重启 Dovecot 失败，请检查相关日志。",
+        "dovecot_restart_failed": "Dovecot 重启失败，请检查相关日志",
         "fuzzy_learn_error": "模糊特征学习失败: %s",
         "hash_not_found": "找不到特征或已被删除",
-        "ip_invalid": "跳过的非法IP: %s",
-        "no_active_admin": "不能禁用最后一个启用的管理员",
-        "quota_exceeded_scope": "域名配额超出: 此域名下现在只能创建无限容量的邮箱。",
-        "session_token": "表单字段非法: 字段不匹配",
-        "session_ua": "表单字段非法: User-Agent校验错误"
+        "ip_invalid": "跳过的无效 IP: %s",
+        "is_not_primary_alias": "跳过的非主要别名 %s",
+        "no_active_admin": "不能禁用最后一个被启用的管理员",
+        "quota_exceeded_scope": "域名配额超标: 此域名下现在只能创建无限容量的邮箱。",
+        "session_token": "表单字段无效: Token 不匹配",
+        "session_ua": "表单字段无效: User-Agent 校验错误"
     }
 }

From c46a1c1e2f76543968ff259e6dd5eaf80ada89dd Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Mon, 14 Nov 2022 22:51:19 +0100
Subject: [PATCH 010/170] [GH-Actions][actionpr] Update to v0.5.3

---
 .github/workflows/pr_to_nightly.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr_to_nightly.yml b/.github/workflows/pr_to_nightly.yml
index fd9e4946..54dbda34 100644
--- a/.github/workflows/pr_to_nightly.yml
+++ b/.github/workflows/pr_to_nightly.yml
@@ -12,7 +12,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Run the Action
-        uses: devops-infra/action-pull-request@v0.5.1
+        uses: devops-infra/action-pull-request@v0.5.3
         with:
           github_token: ${{ secrets.PRTONIGHTLY_ACTION_PAT }}
           title: Automatic PR to nightly from ${{ github.event.repository.updated_at}}

From 6875baf64ca249c4fd08ca6b9faff92184cfac76 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Tue, 15 Nov 2022 19:43:03 +0100
Subject: [PATCH 011/170] Update issue template

---
 .github/ISSUE_TEMPLATE/Bug_report.yml | 166 ++++++++++++++++++--------
 1 file changed, 114 insertions(+), 52 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.yml b/.github/ISSUE_TEMPLATE/Bug_report.yml
index 6134a9ad..2fe7082c 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/Bug_report.yml
@@ -7,8 +7,8 @@ body:
       label: Contribution guidelines
       description: Please read the contribution guidelines before proceeding.
       options:
-        - label: I've read the [contribution guidelines](https://github.com/mailcow/mailcow-dockerized/blob/master/CONTRIBUTING.md) and wholeheartedly agree
-          required: true
+      - label: I've read the [contribution guidelines](https://github.com/mailcow/mailcow-dockerized/blob/master/CONTRIBUTING.md) and wholeheartedly agree
+        required: true
   - type: checkboxes
     attributes:
       label: I've found a bug and checked that ...
@@ -26,70 +26,132 @@ body:
     attributes:
       label: Description
       description: Please provide a brief description of the bug in 1-2 sentences. If applicable, add screenshots to help explain your problem. Very useful for bugs in mailcow UI.
+      render: text
     validations:
       required: true
   - type: textarea
     attributes:
-      label: Logs
-      description: Please take a look at the [official documentation](https://mailcow.github.io/mailcow-dockerized-docs/debug-logs/) and post the last few lines of logs, when the error occurs. For example, docker container logs of affected containers. This will be automatically formatted into code, so no need for backticks.
-      render: bash
+      label: "Logs:"
+      description: "Please take a look at the [official documentation](https://docs.mailcow.email/troubleshooting/debug-logs/) and post the last few lines of logs, when the error occurs. For example, docker container logs of affected containers. This will be automatically formatted into code, so no need for backticks."
+      render: text
     validations:
       required: true
   - type: textarea
     attributes:
-      label: Steps to reproduce
-      description: Please describe the steps to reproduce the bug. Screenshots can be added, if helpful.
+      label: "Steps to reproduce:"
+      description: "Please describe the steps to reproduce the bug. Screenshots can be added, if helpful."
+      render: text
       placeholder: |-
         1. ...
         2. ...
         3. ...
     validations:
       required: true
-  - type: textarea
+  - type: markdown
     attributes:
-      label: System information
-      description: In this stage we would kindly ask you to attach general system information about your setup.
-      value: |-
-             | Question | Answer |
-             | --- | --- |
-             | My operating system | I_DO_REPLY_HERE |
-             | Is Apparmor, SELinux or similar active? | I_DO_REPLY_HERE |
-             | Virtualization technology (KVM, VMware, Xen, etc - **LXC and OpenVZ are not supported** | I_DO_REPLY_HERE |
-             | Server/VM specifications (Memory, CPU Cores) | I_DO_REPLY_HERE |
-             | Docker version (`docker version`) | I_DO_REPLY_HERE |
-             | docker-compose version (`docker-compose version`) | I_DO_REPLY_HERE |
-             | mailcow version (```git describe --tags `git rev-list --tags --max-count=1` ```) | I_DO_REPLY_HERE |
-             | Reverse proxy (custom solution) | I_DO_REPLY_HERE |
-
-             Output of `git diff origin/master`, any other changes to the code? If so, **please post them**:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             All third-party firewalls and custom iptables rules are unsupported. **Please check the Docker docs about how to use Docker with your own ruleset**. Nevertheless, iptabels output can help us to help you:
-             iptables -L -vn:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             ip6tables -L -vn:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             iptables -L -vn -t nat:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             ip6tables -L -vn -t nat:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             DNS problems? Please run `docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254` (set the IP accordingly, if you changed the internal mailcow network) and post the output:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
+      value: |
+        ## System information
+        ### In this stage we would kindly ask you to attach general system information about your setup.
+  - type: dropdown
+    attributes:
+      label: "Which branch are you using?"
+      description: "#### `git rev-parse --abbrev-ref HEAD`"
+      multiple: false
+      options:
+        - master
+        - nightly
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Operating System:"
+      placeholder: "e.g. Ubuntu 22.04 LTS"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Server/VM specifications:"
+      placeholder: "Memory, CPU Cores"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Is Apparmor, SELinux or similar active?"
+      placeholder: "yes/no"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Virtualization technology:"
+      placeholder: "KVM, VMware, Xen, etc - **LXC and OpenVZ are not supported**"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Docker version:"
+      description: "#### `docker version`"
+      placeholder: "20.10.21"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "docker-compose version or docker compose version:"
+      description: "#### `docker-compose version` or `docker compose version`"
+      placeholder: "v2.12.2"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "mailcow version:"
+      description: "#### ```git describe --tags `git rev-list --tags --max-count=1` ```"
+      placeholder: "2022-08"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Reverse proxy:"
+      placeholder: "e.g. Nginx/Traefik"
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of git diff:"
+      description: "#### Output of `git diff origin/master`, any other changes to the code? If so, **please post them**:"
+      render: text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of iptables -L -vn:"
+      description: "#### Output of `iptables -L -vn`"
+      render: text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of ip6tables -L -vn:"
+      description: "#### Output of `ip6tables -L -vn`"
+      render: text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of iptables -L -vn -t nat:"
+      description: "#### Output of `iptables -L -vn -t nat`"
+      render: text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of ip6tables -L -vn -t nat:"
+      description: "#### Output of `ip6tables -L -vn -t nat`"
+      render: text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "DNS check:"
+      description: "#### Output of `docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254` (set the IP accordingly, if you changed the internal mailcow network)"
+      render: text
     validations:
       required: true

From 05181f188856d0ad6ae4220c7c6a59453c76a7ea Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Tue, 15 Nov 2022 19:44:07 +0100
Subject: [PATCH 012/170] Update issue template

---
 .github/ISSUE_TEMPLATE/Bug_report.yml | 166 ++++++++++++++++++--------
 1 file changed, 114 insertions(+), 52 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.yml b/.github/ISSUE_TEMPLATE/Bug_report.yml
index 6134a9ad..2fe7082c 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/Bug_report.yml
@@ -7,8 +7,8 @@ body:
       label: Contribution guidelines
       description: Please read the contribution guidelines before proceeding.
       options:
-        - label: I've read the [contribution guidelines](https://github.com/mailcow/mailcow-dockerized/blob/master/CONTRIBUTING.md) and wholeheartedly agree
-          required: true
+      - label: I've read the [contribution guidelines](https://github.com/mailcow/mailcow-dockerized/blob/master/CONTRIBUTING.md) and wholeheartedly agree
+        required: true
   - type: checkboxes
     attributes:
       label: I've found a bug and checked that ...
@@ -26,70 +26,132 @@ body:
     attributes:
       label: Description
       description: Please provide a brief description of the bug in 1-2 sentences. If applicable, add screenshots to help explain your problem. Very useful for bugs in mailcow UI.
+      render: text
     validations:
       required: true
   - type: textarea
     attributes:
-      label: Logs
-      description: Please take a look at the [official documentation](https://mailcow.github.io/mailcow-dockerized-docs/debug-logs/) and post the last few lines of logs, when the error occurs. For example, docker container logs of affected containers. This will be automatically formatted into code, so no need for backticks.
-      render: bash
+      label: "Logs:"
+      description: "Please take a look at the [official documentation](https://docs.mailcow.email/troubleshooting/debug-logs/) and post the last few lines of logs, when the error occurs. For example, docker container logs of affected containers. This will be automatically formatted into code, so no need for backticks."
+      render: text
     validations:
       required: true
   - type: textarea
     attributes:
-      label: Steps to reproduce
-      description: Please describe the steps to reproduce the bug. Screenshots can be added, if helpful.
+      label: "Steps to reproduce:"
+      description: "Please describe the steps to reproduce the bug. Screenshots can be added, if helpful."
+      render: text
       placeholder: |-
         1. ...
         2. ...
         3. ...
     validations:
       required: true
-  - type: textarea
+  - type: markdown
     attributes:
-      label: System information
-      description: In this stage we would kindly ask you to attach general system information about your setup.
-      value: |-
-             | Question | Answer |
-             | --- | --- |
-             | My operating system | I_DO_REPLY_HERE |
-             | Is Apparmor, SELinux or similar active? | I_DO_REPLY_HERE |
-             | Virtualization technology (KVM, VMware, Xen, etc - **LXC and OpenVZ are not supported** | I_DO_REPLY_HERE |
-             | Server/VM specifications (Memory, CPU Cores) | I_DO_REPLY_HERE |
-             | Docker version (`docker version`) | I_DO_REPLY_HERE |
-             | docker-compose version (`docker-compose version`) | I_DO_REPLY_HERE |
-             | mailcow version (```git describe --tags `git rev-list --tags --max-count=1` ```) | I_DO_REPLY_HERE |
-             | Reverse proxy (custom solution) | I_DO_REPLY_HERE |
-
-             Output of `git diff origin/master`, any other changes to the code? If so, **please post them**:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             All third-party firewalls and custom iptables rules are unsupported. **Please check the Docker docs about how to use Docker with your own ruleset**. Nevertheless, iptabels output can help us to help you:
-             iptables -L -vn:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             ip6tables -L -vn:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             iptables -L -vn -t nat:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             ip6tables -L -vn -t nat:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             DNS problems? Please run `docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254` (set the IP accordingly, if you changed the internal mailcow network) and post the output:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
+      value: |
+        ## System information
+        ### In this stage we would kindly ask you to attach general system information about your setup.
+  - type: dropdown
+    attributes:
+      label: "Which branch are you using?"
+      description: "#### `git rev-parse --abbrev-ref HEAD`"
+      multiple: false
+      options:
+        - master
+        - nightly
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Operating System:"
+      placeholder: "e.g. Ubuntu 22.04 LTS"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Server/VM specifications:"
+      placeholder: "Memory, CPU Cores"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Is Apparmor, SELinux or similar active?"
+      placeholder: "yes/no"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Virtualization technology:"
+      placeholder: "KVM, VMware, Xen, etc - **LXC and OpenVZ are not supported**"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Docker version:"
+      description: "#### `docker version`"
+      placeholder: "20.10.21"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "docker-compose version or docker compose version:"
+      description: "#### `docker-compose version` or `docker compose version`"
+      placeholder: "v2.12.2"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "mailcow version:"
+      description: "#### ```git describe --tags `git rev-list --tags --max-count=1` ```"
+      placeholder: "2022-08"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Reverse proxy:"
+      placeholder: "e.g. Nginx/Traefik"
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of git diff:"
+      description: "#### Output of `git diff origin/master`, any other changes to the code? If so, **please post them**:"
+      render: text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of iptables -L -vn:"
+      description: "#### Output of `iptables -L -vn`"
+      render: text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of ip6tables -L -vn:"
+      description: "#### Output of `ip6tables -L -vn`"
+      render: text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of iptables -L -vn -t nat:"
+      description: "#### Output of `iptables -L -vn -t nat`"
+      render: text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of ip6tables -L -vn -t nat:"
+      description: "#### Output of `ip6tables -L -vn -t nat`"
+      render: text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "DNS check:"
+      description: "#### Output of `docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254` (set the IP accordingly, if you changed the internal mailcow network)"
+      render: text
     validations:
       required: true

From a4eb6d5f1b66be037df2fa5e08911a111fe45869 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 16 Nov 2022 18:15:45 +0100
Subject: [PATCH 013/170] Update Release Tweet action

---
 .github/workflows/tweet-trigger-publish-release.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/tweet-trigger-publish-release.yml b/.github/workflows/tweet-trigger-publish-release.yml
index 82f1dc3a..6f1b448a 100644
--- a/.github/workflows/tweet-trigger-publish-release.yml
+++ b/.github/workflows/tweet-trigger-publish-release.yml
@@ -4,9 +4,11 @@ on:
     types: [published]
 
 jobs:
-  build:
+  tweet:
     runs-on: ubuntu-latest
     steps:
+      - name: "Get Release Tag"
+        run: curl https://api.github.com/repos/mailcow/mailcow-dockerized/releases/latest | jq '.tag_name' | sed 's/"//g' >> $RELEASE_TAG
       - name: Tweet-trigger-publish-release
         uses: mugi111/tweet-trigger-release@v1.1
         with:
@@ -14,4 +16,4 @@ jobs:
           consumer_secret: ${{ secrets.CONSUMER_SECRET }}
           access_token_key: ${{ secrets.ACCESS_TOKEN_KEY }}
           access_token_secret: ${{ secrets.ACCESS_TOKEN_SECRET }}
-          tweet_body: 'A new mailcow-dockerized Release has been Released on GitHub! Checkout our GitHub Page for the latest Release: github.com/mailcow/mailcow-dockerized/releases/latest'
+          tweet_body: '$RELEASE_TAG is here! Checkout the GitHub Page for changelog regarding the $RELEASE_TAG Release: github.com/mailcow/mailcow-dockerized/releases/tag/$RELEASE_TAG'

From 3236a10cf5ca658530ae24ea7b6f8a4486f4e1af Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 16 Nov 2022 18:19:12 +0100
Subject: [PATCH 014/170] Updated tweet action (again)

---
 .github/workflows/tweet-trigger-publish-release.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/tweet-trigger-publish-release.yml b/.github/workflows/tweet-trigger-publish-release.yml
index 6f1b448a..c5d247e9 100644
--- a/.github/workflows/tweet-trigger-publish-release.yml
+++ b/.github/workflows/tweet-trigger-publish-release.yml
@@ -7,6 +7,8 @@ jobs:
   tweet:
     runs-on: ubuntu-latest
     steps:
+      - name: "Install jq"
+        run: apt update && apt install jq --no-install-recommends -y
       - name: "Get Release Tag"
         run: curl https://api.github.com/repos/mailcow/mailcow-dockerized/releases/latest | jq '.tag_name' | sed 's/"//g' >> $RELEASE_TAG
       - name: Tweet-trigger-publish-release

From 17f3cc3ad8502beaeb271398d6886590d133e185 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 16 Nov 2022 18:34:22 +0100
Subject: [PATCH 015/170] Optimized/Fixed Tweet action

---
 .github/workflows/tweet-trigger-publish-release.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/tweet-trigger-publish-release.yml b/.github/workflows/tweet-trigger-publish-release.yml
index c5d247e9..accfe1af 100644
--- a/.github/workflows/tweet-trigger-publish-release.yml
+++ b/.github/workflows/tweet-trigger-publish-release.yml
@@ -7,10 +7,10 @@ jobs:
   tweet:
     runs-on: ubuntu-latest
     steps:
-      - name: "Install jq"
-        run: apt update && apt install jq --no-install-recommends -y
       - name: "Get Release Tag"
-        run: curl https://api.github.com/repos/mailcow/mailcow-dockerized/releases/latest | jq '.tag_name' | sed 's/"//g' >> $RELEASE_TAG
+        run:  |
+          RELEASE_TAG=$(curl https://api.github.com/repos/mailcow/mailcow-dockerized/releases/latest | jq -r '.tag_name')
+          echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_ENV
       - name: Tweet-trigger-publish-release
         uses: mugi111/tweet-trigger-release@v1.1
         with:
@@ -19,3 +19,5 @@ jobs:
           access_token_key: ${{ secrets.ACCESS_TOKEN_KEY }}
           access_token_secret: ${{ secrets.ACCESS_TOKEN_SECRET }}
           tweet_body: '$RELEASE_TAG is here! Checkout the GitHub Page for changelog regarding the $RELEASE_TAG Release: github.com/mailcow/mailcow-dockerized/releases/tag/$RELEASE_TAG'
+        env:
+        RELEASE_TAG: ${{ env.RELEASE_TAG }}

From a46db9e0df91b45cc44311f617421f780dbe321c Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 16 Nov 2022 18:39:37 +0100
Subject: [PATCH 016/170] Fixed typo in tweet action

---
 .github/workflows/tweet-trigger-publish-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tweet-trigger-publish-release.yml b/.github/workflows/tweet-trigger-publish-release.yml
index accfe1af..10e19bdd 100644
--- a/.github/workflows/tweet-trigger-publish-release.yml
+++ b/.github/workflows/tweet-trigger-publish-release.yml
@@ -20,4 +20,4 @@ jobs:
           access_token_secret: ${{ secrets.ACCESS_TOKEN_SECRET }}
           tweet_body: '$RELEASE_TAG is here! Checkout the GitHub Page for changelog regarding the $RELEASE_TAG Release: github.com/mailcow/mailcow-dockerized/releases/tag/$RELEASE_TAG'
         env:
-        RELEASE_TAG: ${{ env.RELEASE_TAG }}
+          RELEASE_TAG: ${{ env.RELEASE_TAG }}

From 046e6589841830a668552e8be9508293c8f2c9cd Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 16 Nov 2022 18:42:20 +0100
Subject: [PATCH 017/170] Use @MAGICCC Version of action

---
 .github/workflows/tweet-trigger-publish-release.yml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/.github/workflows/tweet-trigger-publish-release.yml b/.github/workflows/tweet-trigger-publish-release.yml
index 10e19bdd..daebfe53 100644
--- a/.github/workflows/tweet-trigger-publish-release.yml
+++ b/.github/workflows/tweet-trigger-publish-release.yml
@@ -10,7 +10,6 @@ jobs:
       - name: "Get Release Tag"
         run:  |
           RELEASE_TAG=$(curl https://api.github.com/repos/mailcow/mailcow-dockerized/releases/latest | jq -r '.tag_name')
-          echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_ENV
       - name: Tweet-trigger-publish-release
         uses: mugi111/tweet-trigger-release@v1.1
         with:
@@ -18,6 +17,4 @@ jobs:
           consumer_secret: ${{ secrets.CONSUMER_SECRET }}
           access_token_key: ${{ secrets.ACCESS_TOKEN_KEY }}
           access_token_secret: ${{ secrets.ACCESS_TOKEN_SECRET }}
-          tweet_body: '$RELEASE_TAG is here! Checkout the GitHub Page for changelog regarding the $RELEASE_TAG Release: github.com/mailcow/mailcow-dockerized/releases/tag/$RELEASE_TAG'
-        env:
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
+          tweet_body: '$RELEASE_TAG is here! Checkout the GitHub Page for changelog regarding the $RELEASE_TAG Release: github.com/mailcow/mailcow-dockerized/releases/tag/$RELEASE_TAG'
\ No newline at end of file

From 1e672ae349e326c2c058060fada166230c32042a Mon Sep 17 00:00:00 2001
From: Niklas Meyer <62480600+DerLinkman@users.noreply.github.com>
Date: Thu, 17 Nov 2022 20:49:13 +0100
Subject: [PATCH 018/170] Update FUNDING.yml

---
 .github/FUNDING.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
index befe7db7..11402129 100644
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1 +1 @@
-custom: https://mailcow.github.io/mailcow-dockerized-docs/#help-mailcow
+custom: ["https://www.servercow.de/mailcow?lang=en#sal"]

From e82f3b39755d6bc20ebd0fe5c316028bf7b8f1ea Mon Sep 17 00:00:00 2001
From: bluewalk <noreply@bluewalk.net>
Date: Thu, 17 Nov 2022 14:30:06 +0100
Subject: [PATCH 019/170] Added SENDER_ADDRESS and SENDER_NAME as variables for
 messages

---
 data/conf/rspamd/local.d/metadata_exporter.conf |  3 +--
 data/conf/rspamd/meta_exporter/pushover.php     | 11 +++++++++--
 data/web/templates/edit/mailbox.twig            |  2 +-
 data/web/templates/user/Pushover.twig           |  2 +-
 4 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/data/conf/rspamd/local.d/metadata_exporter.conf b/data/conf/rspamd/local.d/metadata_exporter.conf
index 47373d99..daaa79b4 100644
--- a/data/conf/rspamd/local.d/metadata_exporter.conf
+++ b/data/conf/rspamd/local.d/metadata_exporter.conf
@@ -16,8 +16,7 @@ rules {
     backend = "http";
     url = "http://nginx:9081/pushover.php";
     selector = "mailcow_rcpt";
-    # Only return msgid, do not parse the full message
-    formatter = "msgid";
+    formatter = "json";
     meta_headers = true;
   }
 }
diff --git a/data/conf/rspamd/meta_exporter/pushover.php b/data/conf/rspamd/meta_exporter/pushover.php
index a5e83343..974a282d 100644
--- a/data/conf/rspamd/meta_exporter/pushover.php
+++ b/data/conf/rspamd/meta_exporter/pushover.php
@@ -65,6 +65,13 @@ if (is_array($symbols_array)) {
   }
 }
 
+$json = json_decode(file_get_contents('php://input'));
+
+$sender_address = $json->header_from ;
+if (preg_match('/[a-zA-Z0-9.!#$%&’*+\/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)/i', $sender, $matches))
+	$sender_address = $matches[0];
+$sender_name =  trim(str_replace('<' . $email . '>', '', $from));
+
 $rcpt_final_mailboxes = array();
 
 // Loop through all rcpts
@@ -229,9 +236,9 @@ foreach ($rcpt_final_mailboxes as $rcpt_final) {
     $post_fields = array(
       "token" => $api_data['token'],
       "user" => $api_data['key'],
-      "title" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}'), array($subject, $sender), $title)),
+      "title" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}'), array($subject, $sender, $sender_name, $sender_address), $title)),
       "priority" => $priority,
-      "message" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}'), array($subject, $sender), $text))
+      "message" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}'), array($subject, $sender, $sender_name, $sender_address), $text))
     );
     if ($attributes['evaluate_x_prio'] == "1" && $priority == 1) {
       $post_fields['expire'] = 600;
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index e1c3e883..d4154292 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -275,7 +275,7 @@
         </div>
         <div class="col-sm-10">
           <p class="help-block">{{ lang.user.pushover_info|format(mailbox)|raw }}</p>
-          <p class="help-block">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code></p>
+          <p class="help-block">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code></p>
           <div class="form-group">
             <div class="row">
               <div class="col-sm-6">
diff --git a/data/web/templates/user/Pushover.twig b/data/web/templates/user/Pushover.twig
index 096655cb..8a6755a8 100644
--- a/data/web/templates/user/Pushover.twig
+++ b/data/web/templates/user/Pushover.twig
@@ -9,7 +9,7 @@
       </div>
       <div class="col-sm-10">
         <p class="help-block">{{ lang.user.pushover_info|format(mailcow_cc_username)|raw }}</p>
-        <p class="help-block">{{ lang.user.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code></p>
+        <p class="help-block">{{ lang.user.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</p>
         <div class="form-group">
           <div class="row">
             <div class="col-sm-6">

From 65c74c75c74c1a626b8d8c60921a6dcb689e8f4a Mon Sep 17 00:00:00 2001
From: bluewalk <noreply@bluewalk.net>
Date: Thu, 17 Nov 2022 14:30:06 +0100
Subject: [PATCH 020/170] Added SENDER_ADDRESS and SENDER_NAME as variables for
 messages

---
 data/conf/rspamd/meta_exporter/pushover.php | 11 ++++---
 data/web/api/openapi.yaml                   |  5 ++++
 data/web/inc/functions.pushover.inc.php     |  4 ++-
 data/web/inc/init_db.inc.php                |  1 +
 data/web/lang/lang.en-gb.json               |  2 ++
 data/web/lang/lang.nl-nl.json               |  2 ++
 data/web/templates/edit/mailbox.twig        | 30 +++++++++++++++++++
 data/web/templates/user/Pushover.twig       | 32 ++++++++++++++++++++-
 8 files changed, 81 insertions(+), 6 deletions(-)

diff --git a/data/conf/rspamd/meta_exporter/pushover.php b/data/conf/rspamd/meta_exporter/pushover.php
index 974a282d..8db4d3d8 100644
--- a/data/conf/rspamd/meta_exporter/pushover.php
+++ b/data/conf/rspamd/meta_exporter/pushover.php
@@ -67,10 +67,12 @@ if (is_array($symbols_array)) {
 
 $json = json_decode(file_get_contents('php://input'));
 
-$sender_address = $json->header_from ;
-if (preg_match('/[a-zA-Z0-9.!#$%&’*+\/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)/i', $sender, $matches))
+$sender_address = $json->header_from[0];
+$sender_name = '-';
+if (preg_match('/[a-zA-Z0-9.!#$%&’*+\/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)/i', $sender_address, $matches)) {
 	$sender_address = $matches[0];
-$sender_name =  trim(str_replace('<' . $email . '>', '', $from));
+  $sender_name =  trim(str_replace('<' . $sender_address . '>', '', $json->header_from[0]));
+}
 
 $rcpt_final_mailboxes = array();
 
@@ -238,7 +240,8 @@ foreach ($rcpt_final_mailboxes as $rcpt_final) {
       "user" => $api_data['key'],
       "title" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}'), array($subject, $sender, $sender_name, $sender_address), $title)),
       "priority" => $priority,
-      "message" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}'), array($subject, $sender, $sender_name, $sender_address), $text))
+      "message" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}'), array($subject, $sender, $sender_name, $sender_address), $text)),
+      "sound" => $attributes['sound'] ?? "pushover"
     );
     if ($attributes['evaluate_x_prio'] == "1" && $priority == 1) {
       $post_fields['expire'] = 600;
diff --git a/data/web/api/openapi.yaml b/data/web/api/openapi.yaml
index c23380f1..6310aa58 100644
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@@ -3349,6 +3349,7 @@ paths:
                           evaluate_x_prio: "0"
                           key: 21e8918e1jksdjcpis712
                           only_x_prio: "0"
+                          sound: "pushover"
                           senders: ""
                           senders_regex: ""
                           text: ""
@@ -3392,6 +3393,7 @@ paths:
                   evaluate_x_prio: "0"
                   key: 21e8918e1jksdjcpis712
                   only_x_prio: "0"
+                  sound: "pushover"
                   senders: ""
                   senders_regex: ""
                   text: ""
@@ -3413,6 +3415,9 @@ paths:
                     only_x_prio:
                       description: Only send push for prio mails
                       type: number
+                    sound:
+                      description: Set notification sound
+                      type: string
                     senders:
                       description: Only send push for emails from these senders
                       type: string
diff --git a/data/web/inc/functions.pushover.inc.php b/data/web/inc/functions.pushover.inc.php
index 74e8bb1c..5393c0d5 100644
--- a/data/web/inc/functions.pushover.inc.php
+++ b/data/web/inc/functions.pushover.inc.php
@@ -51,6 +51,7 @@ function pushover($_action, $_data = null) {
           $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
           $evaluate_x_prio = (isset($_data['evaluate_x_prio'])) ? intval($_data['evaluate_x_prio']) : $is_now['evaluate_x_prio'];
           $only_x_prio = (isset($_data['only_x_prio'])) ? intval($_data['only_x_prio']) : $is_now['only_x_prio'];
+          $sound = (isset($_data['sound'])) ? $_data['sound'] : $is_now['sound'];
         }
         else {
           $_SESSION['return'][] = array(
@@ -101,7 +102,8 @@ function pushover($_action, $_data = null) {
         $po_attributes = json_encode(
           array(
             'evaluate_x_prio' => strval(intval($evaluate_x_prio)),
-            'only_x_prio' => strval(intval($only_x_prio))
+            'only_x_prio' => strval(intval($only_x_prio)),
+            'sound' => strval($sound)
           )
         );
         $stmt = $pdo->prepare("REPLACE INTO `pushover` (`username`, `key`, `attributes`, `senders_regex`, `senders`, `token`, `title`, `text`, `active`)
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index b47bd5c2..48db1a62 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -1264,6 +1264,7 @@ function init_db_schema() {
     $pdo->query("UPDATE `pushover` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
     $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.evaluate_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.evaluate_x_prio') IS NULL;");
     $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.only_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.only_x_prio') IS NULL;");
+    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.sound', \"0\") WHERE JSON_VALUE(`attributes`, '$.sound') IS NULL;");
     // mailbox
     $pdo->query("UPDATE `mailbox` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
     $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.passwd_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.passwd_update') IS NULL;");
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 0a384071..260997de 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -574,6 +574,7 @@
         "pushover_sender_regex": "Consider the following sender regex",
         "pushover_text": "Notification text",
         "pushover_title": "Notification title",
+        "pushover_sound": "Sound",
         "pushover_vars": "When no sender filter is defined, all mails will be considered.<br>Regex filters as well as exact sender checks can be defined individually and will be considered sequentially. They do not depend on each other.<br>Useable variables for text and title (please take note of data protection policies)",
         "pushover_verify": "Verify credentials",
         "quota_mb": "Quota (MiB)",
@@ -1097,6 +1098,7 @@
         "pushover_sender_regex": "Match senders by the following regex",
         "pushover_text": "Notification text",
         "pushover_title": "Notification title",
+        "pushover_sound": "Sound",
         "pushover_vars": "When no sender filter is defined, all mails will be considered.<br>Regex filters as well as exact sender checks can be defined individually and will be considered sequentially. They do not depend on each other.<br>Useable variables for text and title (please take note of data protection policies)",
         "pushover_verify": "Verify credentials",
         "q_add_header": "Junk folder",
diff --git a/data/web/lang/lang.nl-nl.json b/data/web/lang/lang.nl-nl.json
index ecfee43d..af8e9834 100644
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -536,6 +536,7 @@
         "pushover_sender_regex": "Uitsluitend een afzender met de volgende regex",
         "pushover_text": "Meldingstekst ({SUBJECT} zal worden vervangen door het onderwerp)",
         "pushover_title": "Meldingstitel",
+        "pushover_sound": "Geluid",
         "pushover_vars": "Wanneer er geen afzenders zijn uitgesloten zullen alle mails doorkomen.<br>Regex-filters en afzendercontroles kunnen individueel worden ingesteld en zullen in volgorde worden verwerkt. Ze zijn niet afhankelijk van elkaar.<br>Bruikbare variabelen voor tekst en titel (neem het gegevensbeschermingsbeleid in acht)",
         "pushover_verify": "Verifieer aanmeldingsgegevens",
         "quota_mb": "Quota (MiB)",
@@ -1002,6 +1003,7 @@
         "pushover_sender_regex": "Uitsluitend een afzender met de volgende regex",
         "pushover_text": "Meldingstekst ({SUBJECT} zal worden vervangen door het onderwerp)",
         "pushover_title": "Meldingstitel",
+        "pushover_sound": "Geluid",
         "pushover_vars": "Wanneer er geen afzenders zijn uitgesloten zullen alle mails doorkomen.<br>Regex-filters en afzendercontroles kunnen individueel worden ingesteld en zullen in volgorde worden verwerkt. Ze zijn niet afhankelijk van elkaar.<br>Bruikbare variabelen voor tekst en titel (let op het gegevensbeschermingsbeleid)",
         "pushover_verify": "Verifieer aanmeldingsgegevens",
         "q_add_header": "Spamfolder",
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index d4154292..f0154584 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -308,6 +308,36 @@
                   <input type="text" class="form-control" name="senders" value="{{ pushover_data.senders }}" placeholder="sender1@example.com, sender2@example.com">
                 </div>
               </div>
+              <div class="col-sm-12">
+                <div class="form-group">
+                  <label for="sound">{{ lang.edit.pushover_sound }}</label><br>
+                  <select name="sound" class="form-control">
+                    <option value="pushover"{% if pushover_data.attributes.sound == 'pushover' %} selected{% endif %}>Pushover (default)</option>
+                    <option value="bike"{% if pushover_data.attributes.sound == 'bike' %} selected{% endif %}>Bike</option>
+                    <option value="bugle"{% if pushover_data.attributes.sound == 'bugle' %} selected{% endif %}>Bugle</option>
+                    <option value="cashregister"{% if pushover_data.attributes.sound == 'cashregister' %} selected{% endif %}>Cash Register</option>
+                    <option value="classical"{% if pushover_data.attributes.sound == 'classical' %} selected{% endif %}>Classical</option>
+                    <option value="cosmic"{% if pushover_data.attributes.sound == 'cosmic' %} selected{% endif %}>Cosmic</option>
+                    <option value="falling"{% if pushover_data.attributes.sound == 'falling' %} selected{% endif %}>Falling</option>
+                    <option value="gamelan"{% if pushover_data.attributes.sound == 'gamelan' %} selected{% endif %}>Gamelan</option>
+                    <option value="incoming"{% if pushover_data.attributes.sound == 'incoming' %} selected{% endif %}>Incoming</option>
+                    <option value="intermission"{% if pushover_data.attributes.sound == 'intermission' %} selected{% endif %}>Intermission</option>
+                    <option value="magic"{% if pushover_data.attributes.sound == 'magic' %} selected{% endif %}>Magic</option>
+                    <option value="mechanical"{% if pushover_data.attributes.sound == 'mechanical' %} selected{% endif %}>Mechanical</option>
+                    <option value="pianobar"{% if pushover_data.attributes.sound == 'pianobar' %} selected{% endif %}>Piano Bar</option>
+                    <option value="siren"{% if pushover_data.attributes.sound == 'siren' %} selected{% endif %}>Siren</option>
+                    <option value="spacealarm"{% if pushover_data.attributes.sound == 'spacealarm' %} selected{% endif %}>Space Alarm</option>
+                    <option value="tugboat"{% if pushover_data.attributes.sound == 'tugboat' %} selected{% endif %}>Tug Boat</option>
+                    <option value="alien"{% if pushover_data.attributes.sound == 'alien' %} selected{% endif %}>Alien Alarm (long)</option>
+                    <option value="climb"{% if pushover_data.attributes.sound == 'climb' %} selected{% endif %}>Climb (long)</option>
+                    <option value="persistent"{% if pushover_data.attributes.sound == 'persistent' %} selected{% endif %}>Persistent (long)</option>
+                    <option value="echo"{% if pushover_data.attributes.sound == 'echo' %} selected{% endif %}>Pushover Echo (long)</option>
+                    <option value="updown"{% if pushover_data.attributes.sound == 'updown' %} selected{% endif %}>Up Down (long)</option>
+                    <option value="vibrate"{% if pushover_data.attributes.sound == 'vibrate' %} selected{% endif %}>Vibrate Only</option>
+                    <option value="none"{% if pushover_data.attributes.sound == 'none' %} selected{% endif %}> None (silent) </option>
+                  </select>
+                </div>
+              </div>
               <div class="col-sm-12">
                 <div class="checkbox">
                   <label><input type="checkbox" value="1" name="active"{% if pushover_data.active == '1' %} checked{% endif %}> {{ lang.edit.active }}</label>
diff --git a/data/web/templates/user/Pushover.twig b/data/web/templates/user/Pushover.twig
index 8a6755a8..a1867a8b 100644
--- a/data/web/templates/user/Pushover.twig
+++ b/data/web/templates/user/Pushover.twig
@@ -9,7 +9,7 @@
       </div>
       <div class="col-sm-10">
         <p class="help-block">{{ lang.user.pushover_info|format(mailcow_cc_username)|raw }}</p>
-        <p class="help-block">{{ lang.user.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</p>
+        <p class="help-block">{{ lang.user.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code></p>
         <div class="form-group">
           <div class="row">
             <div class="col-sm-6">
@@ -42,6 +42,36 @@
                 <input type="text" class="form-control" name="senders" value="{{ pushover_data.senders }}" placeholder="sender1@example.com, sender2@example.com">
               </div>
             </div>
+            <div class="col-sm-12">
+              <div class="form-group">
+                <label for="sound">{{ lang.edit.pushover_sound }}</label><br>
+                <select name="sound" class="form-control">
+                  <option value="pushover"{% if pushover_data.attributes.sound == 'pushover' %} selected{% endif %}>Pushover (default)</option>
+                  <option value="bike"{% if pushover_data.attributes.sound == 'bike' %} selected{% endif %}>Bike</option>
+                  <option value="bugle"{% if pushover_data.attributes.sound == 'bugle' %} selected{% endif %}>Bugle</option>
+                  <option value="cashregister"{% if pushover_data.attributes.sound == 'cashregister' %} selected{% endif %}>Cash Register</option>
+                  <option value="classical"{% if pushover_data.attributes.sound == 'classical' %} selected{% endif %}>Classical</option>
+                  <option value="cosmic"{% if pushover_data.attributes.sound == 'cosmic' %} selected{% endif %}>Cosmic</option>
+                  <option value="falling"{% if pushover_data.attributes.sound == 'falling' %} selected{% endif %}>Falling</option>
+                  <option value="gamelan"{% if pushover_data.attributes.sound == 'gamelan' %} selected{% endif %}>Gamelan</option>
+                  <option value="incoming"{% if pushover_data.attributes.sound == 'incoming' %} selected{% endif %}>Incoming</option>
+                  <option value="intermission"{% if pushover_data.attributes.sound == 'intermission' %} selected{% endif %}>Intermission</option>
+                  <option value="magic"{% if pushover_data.attributes.sound == 'magic' %} selected{% endif %}>Magic</option>
+                  <option value="mechanical"{% if pushover_data.attributes.sound == 'mechanical' %} selected{% endif %}>Mechanical</option>
+                  <option value="pianobar"{% if pushover_data.attributes.sound == 'pianobar' %} selected{% endif %}>Piano Bar</option>
+                  <option value="siren"{% if pushover_data.attributes.sound == 'siren' %} selected{% endif %}>Siren</option>
+                  <option value="spacealarm"{% if pushover_data.attributes.sound == 'spacealarm' %} selected{% endif %}>Space Alarm</option>
+                  <option value="tugboat"{% if pushover_data.attributes.sound == 'tugboat' %} selected{% endif %}>Tug Boat</option>
+                  <option value="alien"{% if pushover_data.attributes.sound == 'alien' %} selected{% endif %}>Alien Alarm (long)</option>
+                  <option value="climb"{% if pushover_data.attributes.sound == 'climb' %} selected{% endif %}>Climb (long)</option>
+                  <option value="persistent"{% if pushover_data.attributes.sound == 'persistent' %} selected{% endif %}>Persistent (long)</option>
+                  <option value="echo"{% if pushover_data.attributes.sound == 'echo' %} selected{% endif %}>Pushover Echo (long)</option>
+                  <option value="updown"{% if pushover_data.attributes.sound == 'updown' %} selected{% endif %}>Up Down (long)</option>
+                  <option value="vibrate"{% if pushover_data.attributes.sound == 'vibrate' %} selected{% endif %}>Vibrate Only</option>
+                  <option value="none"{% if pushover_data.attributes.sound == 'none' %} selected{% endif %}> None (silent) </option>
+                </select>
+              </div>
+            </div>
             <div class="col-sm-12">
               <div class="checkbox">
                 <label><input type="checkbox" value="1" name="active"{% if pushover_data.active == '1' %} checked{% endif %}> {{ lang.user.active }}</label>

From 57a5a9baeb5758d441fbd6c80a00c9d3c94af153 Mon Sep 17 00:00:00 2001
From: bluewalk <noreply@bluewalk.net>
Date: Thu, 17 Nov 2022 21:14:44 +0100
Subject: [PATCH 021/170] Updated DB version and make sure default sound is
 "pushover" when null

---
 data/web/inc/init_db.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 48db1a62..9abd4485 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "25072022_2300";
+    $db_version = "17112022_2115";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -1264,7 +1264,7 @@ function init_db_schema() {
     $pdo->query("UPDATE `pushover` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
     $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.evaluate_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.evaluate_x_prio') IS NULL;");
     $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.only_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.only_x_prio') IS NULL;");
-    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.sound', \"0\") WHERE JSON_VALUE(`attributes`, '$.sound') IS NULL;");
+    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.sound', \"pushover\") WHERE JSON_VALUE(`attributes`, '$.sound') IS NULL;");
     // mailbox
     $pdo->query("UPDATE `mailbox` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
     $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.passwd_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.passwd_update') IS NULL;");

From fd14c51f850beb893624808b468233f874526b84 Mon Sep 17 00:00:00 2001
From: bluewalk <noreply@bluewalk.net>
Date: Fri, 18 Nov 2022 17:28:10 +0100
Subject: [PATCH 022/170] Removed regex as we have the address from the header

---
 data/conf/rspamd/meta_exporter/pushover.php | 26 +++++++++------------
 1 file changed, 11 insertions(+), 15 deletions(-)

diff --git a/data/conf/rspamd/meta_exporter/pushover.php b/data/conf/rspamd/meta_exporter/pushover.php
index 8db4d3d8..ffc826a7 100644
--- a/data/conf/rspamd/meta_exporter/pushover.php
+++ b/data/conf/rspamd/meta_exporter/pushover.php
@@ -48,12 +48,12 @@ if (!function_exists('getallheaders'))  {
 
 $headers = getallheaders();
 
-$qid      = $headers['X-Rspamd-Qid'];
-$rcpts    = $headers['X-Rspamd-Rcpt'];
-$sender   = $headers['X-Rspamd-From'];
-$ip       = $headers['X-Rspamd-Ip'];
-$subject  = $headers['X-Rspamd-Subject'];
-$priority = 0;
+$qid            = $headers['X-Rspamd-Qid'];
+$rcpts          = $headers['X-Rspamd-Rcpt'];
+$sender_address = $headers['X-Rspamd-From'];
+$ip             = $headers['X-Rspamd-Ip'];
+$subject        = $headers['X-Rspamd-Subject'];
+$priority       = 0;
 
 $symbols_array = json_decode($headers['X-Rspamd-Symbols'], true);
 if (is_array($symbols_array)) {
@@ -67,12 +67,8 @@ if (is_array($symbols_array)) {
 
 $json = json_decode(file_get_contents('php://input'));
 
-$sender_address = $json->header_from[0];
-$sender_name = '-';
-if (preg_match('/[a-zA-Z0-9.!#$%&’*+\/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)/i', $sender_address, $matches)) {
-	$sender_address = $matches[0];
-  $sender_name =  trim(str_replace('<' . $sender_address . '>', '', $json->header_from[0]));
-}
+$sender = $json->header_from[0];
+$sender_name =  trim(str_replace('<' . $sender_address . '>', '', $sender));
 
 $rcpt_final_mailboxes = array();
 
@@ -217,18 +213,18 @@ foreach ($rcpt_final_mailboxes as $rcpt_final) {
     }
     else {
       if (!empty($senders)) {
-        if (in_array($sender, $senders)) {
+        if (in_array($sender_address, $senders)) {
           $sender_validated = true;
         }
       }
       if (!empty($senders_regex) && $sender_validated !== true) {
-        if (preg_match($senders_regex, $sender)) {
+        if (preg_match($senders_regex, $sender_address)) {
           $sender_validated = true;
         }
       }
     }
     if ($sender_validated === false) {
-      error_log("NOTIFY: pushover pipe: skipping unwanted sender " . $sender);
+      error_log("NOTIFY: pushover pipe: skipping unwanted sender " . $sender_address);
       continue;
     }
     if ($attributes['only_x_prio'] == "1" && $priority == 0) {

From d8e314db1a34ef29996f7575b66df894351685e3 Mon Sep 17 00:00:00 2001
From: bluewalk <noreply@bluewalk.net>
Date: Sat, 19 Nov 2022 15:32:48 +0100
Subject: [PATCH 023/170] Fixed issue with subdomain senders + added TO
 variable and allow new lines in text using \n

---
 data/conf/rspamd/meta_exporter/pushover.php | 33 ++++++++++++---------
 data/web/templates/edit/mailbox.twig        |  2 +-
 data/web/templates/user/Pushover.twig       |  2 +-
 3 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/data/conf/rspamd/meta_exporter/pushover.php b/data/conf/rspamd/meta_exporter/pushover.php
index ffc826a7..2f2206ea 100644
--- a/data/conf/rspamd/meta_exporter/pushover.php
+++ b/data/conf/rspamd/meta_exporter/pushover.php
@@ -47,13 +47,15 @@ if (!function_exists('getallheaders'))  {
 }
 
 $headers = getallheaders();
+$json_body = json_decode(file_get_contents('php://input'));
 
-$qid            = $headers['X-Rspamd-Qid'];
-$rcpts          = $headers['X-Rspamd-Rcpt'];
-$sender_address = $headers['X-Rspamd-From'];
-$ip             = $headers['X-Rspamd-Ip'];
-$subject        = $headers['X-Rspamd-Subject'];
-$priority       = 0;
+$qid      = $headers['X-Rspamd-Qid'];
+$rcpts    = $headers['X-Rspamd-Rcpt'];
+$sender   = $headers['X-Rspamd-From'];
+$ip       = $headers['X-Rspamd-Ip'];
+$subject  = $headers['X-Rspamd-Subject'];
+$priority = 0;
+$to       = $json_body->header_to[0];
 
 $symbols_array = json_decode($headers['X-Rspamd-Symbols'], true);
 if (is_array($symbols_array)) {
@@ -65,10 +67,13 @@ if (is_array($symbols_array)) {
   }
 }
 
-$json = json_decode(file_get_contents('php://input'));
+$sender_address = $json_body->header_from[0];
+$sender_name = '-';
 
-$sender = $json->header_from[0];
-$sender_name =  trim(str_replace('<' . $sender_address . '>', '', $sender));
+if (preg_match('/(?<name>.*?)<(?<address>.*?)>/i', $sender_address, $matches)) {
+	$sender_address = $matches['address'];
+  $sender_name =  trim(trim($matches['name']), '"\' ');
+}
 
 $rcpt_final_mailboxes = array();
 
@@ -213,18 +218,18 @@ foreach ($rcpt_final_mailboxes as $rcpt_final) {
     }
     else {
       if (!empty($senders)) {
-        if (in_array($sender_address, $senders)) {
+        if (in_array($sender, $senders)) {
           $sender_validated = true;
         }
       }
       if (!empty($senders_regex) && $sender_validated !== true) {
-        if (preg_match($senders_regex, $sender_address)) {
+        if (preg_match($senders_regex, $sender)) {
           $sender_validated = true;
         }
       }
     }
     if ($sender_validated === false) {
-      error_log("NOTIFY: pushover pipe: skipping unwanted sender " . $sender_address);
+      error_log("NOTIFY: pushover pipe: skipping unwanted sender " . $sender);
       continue;
     }
     if ($attributes['only_x_prio'] == "1" && $priority == 0) {
@@ -234,9 +239,9 @@ foreach ($rcpt_final_mailboxes as $rcpt_final) {
     $post_fields = array(
       "token" => $api_data['token'],
       "user" => $api_data['key'],
-      "title" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}'), array($subject, $sender, $sender_name, $sender_address), $title)),
+      "title" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO}'), array($subject, $sender, $sender_name, $sender_address, $to), $title)),
       "priority" => $priority,
-      "message" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}'), array($subject, $sender, $sender_name, $sender_address), $text)),
+      "message" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO}', '\n'), array($subject, $sender, $sender_name, $sender_address, $to, PHP_EOL), $text)),
       "sound" => $attributes['sound'] ?? "pushover"
     );
     if ($attributes['evaluate_x_prio'] == "1" && $priority == 1) {
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index f0154584..f2e80c96 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -275,7 +275,7 @@
         </div>
         <div class="col-sm-10">
           <p class="help-block">{{ lang.user.pushover_info|format(mailbox)|raw }}</p>
-          <p class="help-block">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code></p>
+          <p class="help-block">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code>, <code>{TO}</code></p>
           <div class="form-group">
             <div class="row">
               <div class="col-sm-6">
diff --git a/data/web/templates/user/Pushover.twig b/data/web/templates/user/Pushover.twig
index a1867a8b..ea1d2c16 100644
--- a/data/web/templates/user/Pushover.twig
+++ b/data/web/templates/user/Pushover.twig
@@ -9,7 +9,7 @@
       </div>
       <div class="col-sm-10">
         <p class="help-block">{{ lang.user.pushover_info|format(mailcow_cc_username)|raw }}</p>
-        <p class="help-block">{{ lang.user.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code></p>
+        <p class="help-block">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code>, <code>{TO}</code></p>
         <div class="form-group">
           <div class="row">
             <div class="col-sm-6">

From 360bb6f30603f9bf3104e3fdc575159cc7729805 Mon Sep 17 00:00:00 2001
From: bluewalk <noreply@bluewalk.net>
Date: Sun, 20 Nov 2022 10:42:44 +0100
Subject: [PATCH 024/170] Split name and address for TO-variables

---
 data/conf/rspamd/meta_exporter/pushover.php | 21 ++++++++++++++++-----
 data/web/templates/edit/mailbox.twig        |  2 +-
 data/web/templates/user/Pushover.twig       |  2 +-
 3 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/data/conf/rspamd/meta_exporter/pushover.php b/data/conf/rspamd/meta_exporter/pushover.php
index 2f2206ea..4c8092d1 100644
--- a/data/conf/rspamd/meta_exporter/pushover.php
+++ b/data/conf/rspamd/meta_exporter/pushover.php
@@ -55,7 +55,6 @@ $sender   = $headers['X-Rspamd-From'];
 $ip       = $headers['X-Rspamd-Ip'];
 $subject  = $headers['X-Rspamd-Subject'];
 $priority = 0;
-$to       = $json_body->header_to[0];
 
 $symbols_array = json_decode($headers['X-Rspamd-Symbols'], true);
 if (is_array($symbols_array)) {
@@ -69,10 +68,16 @@ if (is_array($symbols_array)) {
 
 $sender_address = $json_body->header_from[0];
 $sender_name = '-';
-
 if (preg_match('/(?<name>.*?)<(?<address>.*?)>/i', $sender_address, $matches)) {
 	$sender_address = $matches['address'];
-  $sender_name =  trim(trim($matches['name']), '"\' ');
+  $sender_name =  trim($matches['name'], '"\' ');
+}
+
+$to_address = $json_body->header_to[0];
+$to_name = '-';
+if (preg_match('/(?<name>.*?)<(?<address>.*?)>/i', $to_address, $matches)) {
+	$to_address = $matches['address'];
+  $to_name =  trim($matches['name'], '"\' ');
 }
 
 $rcpt_final_mailboxes = array();
@@ -239,9 +244,15 @@ foreach ($rcpt_final_mailboxes as $rcpt_final) {
     $post_fields = array(
       "token" => $api_data['token'],
       "user" => $api_data['key'],
-      "title" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO}'), array($subject, $sender, $sender_name, $sender_address, $to), $title)),
+      "title" => sprintf("%s", str_replace(
+        array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO_NAME}', '{TO_ADDRESS}'), 
+        array($subject, $sender, $sender_name, $sender_address, $to_name, $to_address), $title)
+      ),
       "priority" => $priority,
-      "message" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO}', '\n'), array($subject, $sender, $sender_name, $sender_address, $to, PHP_EOL), $text)),
+      "message" => sprintf("%s", str_replace(
+        array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO_NAME}', '{TO_ADDRESS}', '\n'),
+        array($subject, $sender, $sender_name, $sender_address, $to_name, $to_address, PHP_EOL), $text)
+      ),
       "sound" => $attributes['sound'] ?? "pushover"
     );
     if ($attributes['evaluate_x_prio'] == "1" && $priority == 1) {
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index f2e80c96..9eb7c951 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -275,7 +275,7 @@
         </div>
         <div class="col-sm-10">
           <p class="help-block">{{ lang.user.pushover_info|format(mailbox)|raw }}</p>
-          <p class="help-block">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code>, <code>{TO}</code></p>
+          <p class="help-block">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code>, <code>{TO_NAME}</code>, <code>{TO_ADDRESS}</code></p>
           <div class="form-group">
             <div class="row">
               <div class="col-sm-6">
diff --git a/data/web/templates/user/Pushover.twig b/data/web/templates/user/Pushover.twig
index ea1d2c16..5bd6b1a4 100644
--- a/data/web/templates/user/Pushover.twig
+++ b/data/web/templates/user/Pushover.twig
@@ -9,7 +9,7 @@
       </div>
       <div class="col-sm-10">
         <p class="help-block">{{ lang.user.pushover_info|format(mailcow_cc_username)|raw }}</p>
-        <p class="help-block">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code>, <code>{TO}</code></p>
+        <p class="help-block">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code>, <code>{TO_NAME}</code>, <code>{TO_ADDRESS}</code></p>
         <div class="form-group">
           <div class="row">
             <div class="col-sm-6">

From 118cb1017a63281fb4dbef4e0959388cc9aacae6 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Tue, 22 Nov 2022 18:37:15 +0100
Subject: [PATCH 025/170] Add new action Build mailcow backup image

---
 .github/workflows/rebuild_backup_image.yml | 34 ++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 .github/workflows/rebuild_backup_image.yml

diff --git a/.github/workflows/rebuild_backup_image.yml b/.github/workflows/rebuild_backup_image.yml
new file mode 100644
index 00000000..120d68d9
--- /dev/null
+++ b/.github/workflows/rebuild_backup_image.yml
@@ -0,0 +1,34 @@
+name: Build mailcow backup image
+
+on:
+  schedule:
+    # At 00:00 on Sunday
+    - cron: "0 0 * * 0"
+  workflow_dispatch: # Allow to run workflow manually
+
+jobs:
+  docker_image_build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.BACKUPIMAGEBUILD_ACTION_DOCKERHUB_USERNAME }}
+          password: ${{ secrets.BACKUPIMAGEBUILD_ACTION_DOCKERHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: data/Dockerfiles/backup/Dockerfile
+          push: true
+          tags: mailcow/backup:latest

From ff7102468ee0db49d866301aecc03690f69f1191 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Tue, 22 Nov 2022 18:38:38 +0100
Subject: [PATCH 026/170] [Helper] Backup and restore: Use latest tag for image

---
 helper-scripts/backup_and_restore.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/helper-scripts/backup_and_restore.sh b/helper-scripts/backup_and_restore.sh
index 1853f501..ee9f0202 100755
--- a/helper-scripts/backup_and_restore.sh
+++ b/helper-scripts/backup_and_restore.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-DEBIAN_DOCKER_IMAGE="mailcow/backup:1.0"
+DEBIAN_DOCKER_IMAGE="mailcow/backup:latest"
 
 if [[ ! -z ${MAILCOW_BACKUP_LOCATION} ]]; then
   BACKUP_LOCATION="${MAILCOW_BACKUP_LOCATION}"
@@ -58,7 +58,7 @@ if ! [[ "${THREADS}" =~ ^[1-9]+$ ]] ; then
   echo "Thread input is not a number!"
   exit 1
 elif [[ "${THREADS}" =~ ^[1-9]+$ ]] ; then
-  echo "Using ${THREADS} Thread(s) for this run." 
+  echo "Using ${THREADS} Thread(s) for this run."
   echo "Notice: You can set the Thread count with the THREADS Variable before you run this script."
 fi
 
@@ -181,7 +181,7 @@ function restore() {
 
   elif [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
     COMPOSE_COMMAND="docker-compose"
-  
+
   else
     echo -e "\e[31mCan not read DOCKER_COMPOSE_VERSION variable from mailcow.conf! Is your mailcow up to date? Exiting...\e[0m"
     exit 1
@@ -380,4 +380,4 @@ elif [[ ${1} == "restore" ]]; then
   done
   echo "Restoring ${FILE_SELECTION[${input_sel}]} from ${RESTORE_POINT}..."
   restore "${RESTORE_POINT}" ${FILE_SELECTION[${input_sel}]}
-fi
\ No newline at end of file
+fi

From f2f5e212f5c725c56b4703e5a45b85efe99a540d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20S?= <github@benpro.fr>
Date: Wed, 23 Nov 2022 22:10:57 +0900
Subject: [PATCH 027/170] Fixy comment typo

---
 .../HAPROXY/docker-compose.override.yml                         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helper-scripts/docker-compose.override.yml.d/HAPROXY/docker-compose.override.yml b/helper-scripts/docker-compose.override.yml.d/HAPROXY/docker-compose.override.yml
index 21d391b8..5009f4c9 100644
--- a/helper-scripts/docker-compose.override.yml.d/HAPROXY/docker-compose.override.yml
+++ b/helper-scripts/docker-compose.override.yml.d/HAPROXY/docker-compose.override.yml
@@ -1,6 +1,6 @@
 ##
 ## Set haproxy_trusted_networks in Dovecots extra.conf!
-#ä
+##
 
 version: '2.1'
 services:

From 524aba09644640dd41b54dee4946c5d9ef590a43 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 25 Nov 2022 19:52:37 +0100
Subject: [PATCH 028/170] [Web] Updated lang.sk-sk.json (#4873)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Lukáš Matula <lukas@gbely.net>

Co-authored-by: Lukáš Matula <lukas@gbely.net>
---
 data/web/lang/lang.sk-sk.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index 8bb1689e..1b702df8 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -106,7 +106,7 @@
         "username": "Používateľské meno",
         "validate": "Overiť",
         "validation_success": "Úspešne overené",
-        "app_passwd_protocols": "Povolené protokoly"
+        "app_passwd_protocols": "Povolené protokoly k heslu aplikácie"
     },
     "admin": {
         "access": "Prístup",

From 73370de1f97cb363e5e32a7b625ba01185cc1183 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 30 Nov 2022 11:08:38 +0100
Subject: [PATCH 029/170] Update SOGo to 5.8.0 nightly

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 05d5d83b..607a1b55 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -168,7 +168,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.111
+      image: mailcow/sogo:1.12
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From 86b67a9a7b33943161fff0821ee94cbe8641ff01 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 30 Nov 2022 17:13:39 +0100
Subject: [PATCH 030/170] Updated mailcow/sogo to 1.112

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 607a1b55..5dec4e3e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -168,7 +168,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.12
+      image: mailcow/sogo:1.112
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From 0b00f15811c328dee74e3b9121282a19846de68b Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 30 Nov 2022 17:37:33 +0100
Subject: [PATCH 031/170] Added additional Check for Docker Hub

---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index 69ada6b0..3eca2ea6 100755
--- a/update.sh
+++ b/update.sh
@@ -3,7 +3,7 @@
 ############## Begin Function Section ##############
 
 check_online_status() {
-  CHECK_ONLINE_DOMAINS=('https://github.com')
+  CHECK_ONLINE_DOMAINS=('https://github.com' 'https://hub.docker.com')
   for domain in "${CHECK_ONLINE_DOMAINS[@]}"; do
     if timeout 3 curl --head --silent --output /dev/null ${domain}; then
       return 0

From 77f04d10c791ed4320ea915eefb43a9fc0c407db Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Thu, 1 Dec 2022 23:02:03 +0100
Subject: [PATCH 032/170] Update Base Images to Alpine 3.17

---
 data/Dockerfiles/acme/Dockerfile      |  2 +-
 data/Dockerfiles/dockerapi/Dockerfile |  2 +-
 data/Dockerfiles/netfilter/Dockerfile |  2 +-
 data/Dockerfiles/olefy/Dockerfile     |  2 +-
 data/Dockerfiles/phpfpm/Dockerfile    |  2 +-
 data/Dockerfiles/unbound/Dockerfile   |  2 +-
 data/Dockerfiles/watchdog/Dockerfile  |  2 +-
 docker-compose.yml                    | 14 +++++++-------
 8 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/data/Dockerfiles/acme/Dockerfile b/data/Dockerfiles/acme/Dockerfile
index f5b7b56c..571c3d08 100644
--- a/data/Dockerfiles/acme/Dockerfile
+++ b/data/Dockerfiles/acme/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
diff --git a/data/Dockerfiles/dockerapi/Dockerfile b/data/Dockerfiles/dockerapi/Dockerfile
index 41d4a78f..e7907531 100644
--- a/data/Dockerfiles/dockerapi/Dockerfile
+++ b/data/Dockerfiles/dockerapi/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
diff --git a/data/Dockerfiles/netfilter/Dockerfile b/data/Dockerfiles/netfilter/Dockerfile
index 621da149..bc707391 100644
--- a/data/Dockerfiles/netfilter/Dockerfile
+++ b/data/Dockerfiles/netfilter/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ENV XTABLES_LIBDIR /usr/lib/xtables
diff --git a/data/Dockerfiles/olefy/Dockerfile b/data/Dockerfiles/olefy/Dockerfile
index 889f84b4..10d63d02 100644
--- a/data/Dockerfiles/olefy/Dockerfile
+++ b/data/Dockerfiles/olefy/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 WORKDIR /app
diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 38c68f70..93acb33f 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.1-fpm-alpine3.16
+FROM php:8.1-fpm-alpine3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ENV APCU_PECL 5.1.22
diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile
index 0b1cefe9..d9756d04 100644
--- a/data/Dockerfiles/unbound/Dockerfile
+++ b/data/Dockerfiles/unbound/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
diff --git a/data/Dockerfiles/watchdog/Dockerfile b/data/Dockerfiles/watchdog/Dockerfile
index 637c4680..654dea08 100644
--- a/data/Dockerfiles/watchdog/Dockerfile
+++ b/data/Dockerfiles/watchdog/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 LABEL maintainer "André Peters <andre.peters@servercow.de>"
 
 # Installation
diff --git a/docker-compose.yml b/docker-compose.yml
index 621eb610..7f7c2428 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,7 +2,7 @@ version: '2.1'
 services:
 
     unbound-mailcow:
-      image: mailcow/unbound:1.16
+      image: mailcow/unbound:1.17
       environment:
         - TZ=${TZ}
       volumes:
@@ -106,7 +106,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.80
+      image: mailcow/phpfpm:1.81
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -388,7 +388,7 @@ services:
     acme-mailcow:
       depends_on:
         - nginx-mailcow
-      image: mailcow/acme:1.82
+      image: mailcow/acme:1.83
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -424,7 +424,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.49
+      image: mailcow/netfilter:1.50
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -447,7 +447,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: mailcow/watchdog:1.96
+      image: mailcow/watchdog:1.97
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:
@@ -509,7 +509,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:1.42
+      image: mailcow/dockerapi:1.43
       security_opt:
         - label=disable
       restart: always
@@ -543,7 +543,7 @@ services:
             - solr
 
     olefy-mailcow:
-      image: mailcow/olefy:1.10
+      image: mailcow/olefy:1.11
       restart: always
       environment:
         - TZ=${TZ}

From 8614d63ace74804d8ab7a82ef82c29941c6963ef Mon Sep 17 00:00:00 2001
From: Schwindelhub <1729218+schwindelbub@users.noreply.github.com>
Date: Sat, 3 Dec 2022 21:21:00 +0100
Subject: [PATCH 033/170] Update lang.de-de.json

Corrected "Leerzeichen in Komposita".
---
 data/web/lang/lang.de-de.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 7167290f..e1a6e12f 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -265,8 +265,8 @@
         "quota_notification_html": "Benachrichtigungs-E-Mail Inhalt:<br><small>Leer lassen, um Standard-Template wiederherzustellen.</small>",
         "quota_notification_sender": "Benachrichtigungs-E-Mail Absender",
         "quota_notification_subject": "Benachrichtigungs-E-Mail Betreff",
-        "quota_notifications": "Quota Benachrichtigungen",
-        "quota_notifications_info": "Quota Benachrichtigungen werden an Mailboxen versendet, die 80 respektive 95 Prozent der zur Verfügung stehenden Quota überschreiten.",
+        "quota_notifications": "Quota-Benachrichtigungen",
+        "quota_notifications_info": "Quota-Benachrichtigungen werden an Mailboxen versendet, die 80 respektive 95 Prozent der zur Verfügung stehenden Quota überschreiten.",
         "quota_notifications_vars": "{{percent}} entspricht der aktuellen Quota in Prozent<br>{{username}} entspricht dem Mailbox-Namen",
         "r_active": "Aktive Restriktionen",
         "r_inactive": "Inaktive Restriktionen",

From 299a342a62b8c9c57efe2799095c850a181ec743 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Thu, 8 Dec 2022 15:57:24 +0100
Subject: [PATCH 034/170] [Nextcloud] Update to 25 + purge fix (DB)

---
 helper-scripts/nextcloud.sh | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index 94bc997a..16311fc2 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+NEXTCLOUD_VER="25"
 
 for bin in curl dirmngr; do
   if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
@@ -40,7 +41,7 @@ if [[ ${NC_PURGE} == "y" ]]; then
   fi
 
   docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
-    "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'nc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)"
+    "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'oc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)"
   docker exec -it $(docker ps -f name=redis-mailcow -q) /bin/sh -c ' cat <<EOF | redis-cli
 SELECT 10
 FLUSHDB
@@ -76,7 +77,7 @@ elif [[ ${NC_UPDATE} == "y" ]]; then
     echo "Cannot upgrade to new major version, please update manually."
     exit 1
   else
-    curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/latest-22.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
+    curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/latest-$NEXTCLOUD_VER.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
       && tar -xjf nextcloud.tar.bz2 -C ./data/web/ \
       && rm nextcloud.tar.bz2 \
       && mkdir -p ./data/web/nextcloud/data \
@@ -97,7 +98,7 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
 
   ADMIN_NC_PASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
 
-  curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/latest-22.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
+  curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/latest-$NEXTCLOUD_VER.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
     && tar -xjf nextcloud.tar.bz2 -C ./data/web/ \
     && rm nextcloud.tar.bz2 \
     && mkdir -p ./data/web/nextcloud/data \

From 827cb008377164e8e86b9c9d6dda10743c4e14c8 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Thu, 8 Dec 2022 16:09:20 +0100
Subject: [PATCH 035/170] [DockerAPI] Tagged as 2.0 (rewrite)

---
 data/Dockerfiles/dockerapi/Dockerfile | 2 +-
 docker-compose.yml                    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/dockerapi/Dockerfile b/data/Dockerfiles/dockerapi/Dockerfile
index f021b73e..97c3808c 100644
--- a/data/Dockerfiles/dockerapi/Dockerfile
+++ b/data/Dockerfiles/dockerapi/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
diff --git a/docker-compose.yml b/docker-compose.yml
index eb744f96..4f370796 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -510,7 +510,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:1.44
+      image: mailcow/dockerapi:2.0
       security_opt:
         - label=disable
       restart: always

From 6704377402138576e25b5daa062f7d5ba203987e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 9 Dec 2022 16:10:10 +0100
Subject: [PATCH 036/170] [Web] escape more html data

---
 data/web/js/build/014-mailcow.js | 2 +-
 data/web/js/site/mailbox.js      | 9 ++++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/data/web/js/build/014-mailcow.js b/data/web/js/build/014-mailcow.js
index 13bc2911..66da6076 100644
--- a/data/web/js/build/014-mailcow.js
+++ b/data/web/js/build/014-mailcow.js
@@ -1,7 +1,7 @@
 $(document).ready(function() {
   // mailcow alert box generator
   window.mailcow_alert_box = function(message, type) {
-    msg = $('<span/>').text(message).text();
+    msg = $('<span/>').text(escapeHtml(message)).text();
     if (type == 'danger' || type == 'info') {
       auto_hide = 0;
       $('#' + localStorage.getItem("add_modal")).modal('show');
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 8c98e922..ac481cea 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -441,6 +441,8 @@ jQuery(function($){
         url: "/api/v1/get/domain/all",
         dataSrc: function(json){
           $.each(json, function(i, item) {
+            item.domain_name = escapeHtml(item.domain_name);
+
             item.aliases = item.aliases_in_domain + " / " + item.max_num_aliases_for_domain;
             item.mailboxes = item.mboxes_in_domain + " / " + item.max_num_mboxes_for_domain;
             item.quota = item.quota_used_in_domain + "/" + item.max_quota_for_domain + "/" + item.bytes_total;
@@ -625,7 +627,6 @@ jQuery(function($){
         type: "GET",
         url: "/api/v1/get/domain/template/all",
         dataSrc: function(json){
-          console.log(json);
           $.each(json, function (i, item) {
             item.chkbox = '<input type="checkbox" data-id="domain_template" name="multi_select" value="' + encodeURIComponent(item.id) + '" />';
 
@@ -1582,7 +1583,6 @@ jQuery(function($){
         type: "GET",
         url: "/api/v1/get/tls-policy-map/all",
         dataSrc: function(json){
-          console.log(json);
           if (role !== "admin") return null;
           
           $.each(json, function (i, item) {
@@ -1817,6 +1817,8 @@ jQuery(function($){
         url: "/api/v1/get/alias-domain/all",
         dataSrc: function(json){
           $.each(json, function (i, item) {
+            item.alias_domain = escapeHtml(item.alias_domain);
+
             item.action = '<div class="btn-group">' +
               '<a href="/edit/aliasdomain/' + encodeURIComponent(item.alias_domain) + '" class="btn btn-sm btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
               '<a href="#" data-action="delete_selected" data-id="single-alias-domain" data-api-url="delete/alias-domain" data-item="' + encodeURIComponent(item.alias_domain) + '" class="btn btn-sm btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
@@ -1904,7 +1906,7 @@ jQuery(function($){
             } else {
               item.exclude  = '<code>' + escapeHtml(item.exclude) + '</code>';
             }
-            item.server_w_port = escapeHtml(item.user1) + '@' + item.host1 + ':' + item.port1;
+            item.server_w_port = escapeHtml(item.user1) + '@' + escapeHtml(item.host1) + ':' + escapeHtml(item.port1);
             item.action = '<div class="btn-group">' +
               '<a href="/edit/syncjob/' + item.id + '" class="btn btn-sm btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
               '<a href="#" data-action="delete_selected" data-id="single-syncjob" data-api-url="delete/syncjob" data-item="' + item.id + '" class="btn btn-sm btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
@@ -2042,6 +2044,7 @@ jQuery(function($){
             } else {
               item.active = '<span id="inactive-script" class="badge fs-6 bg-warning">' + lang.inactive + '</span>';
             }
+            item.script_desc = escapeHtml(item.script_desc);
             item.script_data = '<pre class="text-break" style="margin:0px">' + escapeHtml(item.script_data) + '</pre>'
             item.filter_type = '<div class="badge fs-6 bg-secondary">' + item.filter_type.charAt(0).toUpperCase() + item.filter_type.slice(1).toLowerCase() + '</div>'
             item.action = '<div class="btn-group">' +

From f4731eecdb029be7393177bc76c6e649e40320b2 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 12 Dec 2022 10:49:00 +0100
Subject: [PATCH 037/170] Cleanup + Language Fixes

---
 data/web/inc/functions.mailbox.inc.php        | 27 ++++++++---------
 data/web/js/site/mailbox.js                   | 30 ++++++++++++++-----
 data/web/lang/lang.de-de.json                 |  9 ++++++
 data/web/lang/lang.en-gb.json                 |  1 +
 data/web/templates/mailbox.twig               |  3 --
 .../mailbox/tab-mailbox-defaults.twig         | 13 --------
 6 files changed, 45 insertions(+), 38 deletions(-)
 delete mode 100644 data/web/templates/mailbox/tab-mailbox-defaults.twig

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 55c8d6bc..d67fa3e3 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1420,11 +1420,11 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           // check attributes
           $attr = array();
           $attr['tags']                       = (isset($_data['tags'])) ? $_data['tags'] : array();
-          $attr['max_num_aliases_for_domain'] = (isset($_data['max_num_aliases_for_domain'])) ? intval($_data['max_num_aliases_for_domain']) : 0;
-          $attr['max_num_mboxes_for_domain']  = (isset($_data['max_num_mboxes_for_domain'])) ? intval($_data['max_num_mboxes_for_domain']) : 0;
-          $attr['def_quota_for_mbox']         = (isset($_data['def_quota_for_mbox'])) ? intval($_data['def_quota_for_mbox']) * 1048576 : 0;
-          $attr['max_quota_for_mbox']         = (isset($_data['max_quota_for_mbox'])) ? intval($_data['max_quota_for_mbox']) * 1048576 : 0;
-          $attr['max_quota_for_domain']       = (isset($_data['max_quota_for_domain'])) ? intval($_data['max_quota_for_domain']) * 1048576 : 0;
+          $attr['max_num_aliases_for_domain'] = (!empty($_data['max_num_aliases_for_domain'])) ? intval($_data['max_num_aliases_for_domain']) : 400;
+          $attr['max_num_mboxes_for_domain']  = (!empty($_data['max_num_mboxes_for_domain'])) ? intval($_data['max_num_mboxes_for_domain']) : 10;
+          $attr['def_quota_for_mbox']         = (!empty($_data['def_quota_for_mbox'])) ? intval($_data['def_quota_for_mbox']) * 1048576 : 3072 * 1048576;
+          $attr['max_quota_for_mbox']         = (!empty($_data['max_quota_for_mbox'])) ? intval($_data['max_quota_for_mbox']) * 1048576 : 10240 * 1048576;
+          $attr['max_quota_for_domain']       = (!empty($_data['max_quota_for_domain'])) ? intval($_data['max_quota_for_domain']) * 1048576 : 10240 * 1048576;
           $attr['rl_frame']                   = (!empty($_data['rl_frame'])) ? $_data['rl_frame'] : "s";
           $attr['rl_value']                   = (!empty($_data['rl_value'])) ? $_data['rl_value'] : "";
           $attr['active']                     = isset($_data['active']) ? intval($_data['active']) : 1;
@@ -1435,7 +1435,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $attr['dkim_selector']              = (isset($_data['dkim_selector'])) ? $_data['dkim_selector'] : "dkim";
           $attr['key_size']                   = isset($_data['key_size']) ? intval($_data['key_size']) : 2048;
 
-
           // save template
           $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
             VALUES (:type, :template, :attributes)");
@@ -4756,15 +4755,15 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               ":id" => $id,
               ":type" => "domain",
               ":template" => "Default"
-            )); 
-          }
+            ));
 
-          $_SESSION['return'][] = array(
-            'type' => 'success',
-            'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-            'msg' => 'template_removed'
-          );
-          return true;
+            $_SESSION['return'][] = array(
+              'type' => 'success',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+              'msg' => array('template_removed', htmlspecialchars($id))
+            );
+            return true;
+          }
         break;
         case 'alias':
           if (!is_array($_data['id'])) {
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 8c98e922..c36a9e7d 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -645,10 +645,18 @@ jQuery(function($){
             }
             item.attributes.rl_value = escapeHtml(item.attributes.rl_value);
 
-            item.action = '<div class="btn-group">' +
+            
+            if (item.template.toLowerCase() == "default"){
+              item.action = '<div class="btn-group">' +
+              '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+              '</div>';
+            }
+            else{
+              item.action = '<div class="btn-group">' +
               '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
               '<a href="#" data-action="delete_selected" data-id="single-template" data-api-url="delete/domain/template" data-item="' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
               '</div>';
+            }
 
             if (Array.isArray(item.attributes.tags)){
               var tags = '';
@@ -688,7 +696,7 @@ jQuery(function($){
             defaultContent: ''
           },
           {
-            title: "Template",
+            title: lang.template,
             data: 'template',
             responsivePriority: 3,
             defaultContent: ''
@@ -1115,11 +1123,17 @@ jQuery(function($){
             }
 
             
-
-            item.action = '<div class="btn-group">' +
-              '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-              '<a href="#" data-action="delete_selected" data-id="single-template" data-api-url="delete/mailbox/template" data-item="' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-              '</div>';
+            if (item.template.toLowerCase() == "default"){
+                item.action = '<div class="btn-group">' +
+                  '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+                  '</div>';
+            }
+            else {
+                  item.action = '<div class="btn-group">' +
+                  '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+                  '<a href="#" data-action="delete_selected" data-id="single-template" data-api-url="delete/mailbox/template" data-item="' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+                  '</div>';              
+            }
 
             if (Array.isArray(item.attributes.tags)){
               var tags = '';
@@ -1159,7 +1173,7 @@ jQuery(function($){
           defaultContent: ''
         },
         {
-          title: "Template",
+          title: lang.template,
           data: 'template',
           responsivePriority: 3,
           defaultContent: ''
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 46e31c90..0a37321f 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -714,6 +714,7 @@
         "add_filter": "Filter erstellen",
         "add_mailbox": "Mailbox hinzufügen",
         "add_recipient_map_entry": "Empfängerumschreibung hinzufügen",
+        "add_template": "Vorlage hinzufügen",
         "add_resource": "Ressource hinzufügen",
         "add_tls_policy_map": "TLS-Richtlinieneintrag hinzufügen",
         "address_rewriting": "Adressumschreibung",
@@ -755,6 +756,7 @@
         "domain": "Domain",
         "domain_admins": "Domain-Administratoren",
         "domain_aliases": "Domain-Aliasse",
+        "domain_templates": "Domainweite Vorlagen",
         "domain_quota": "Gesamtspeicher",
         "domain_quota_total": "Domain-Speicherplatz gesamt",
         "domains": "Domains",
@@ -781,6 +783,7 @@
         "mailbox_defaults": "Standardeinstellungen",
         "mailbox_defaults_info": "Steuert die Standardeinstellungen für neue Mailboxen.",
         "mailbox_defquota": "Standard-Quota",
+        "mailbox_templates": "Mailboxweite Vorlagen",
         "mailbox_quota": "Max. Größe einer Mailbox",
         "mailboxes": "Mailboxen",
         "max_aliases": "Max. mögliche Aliasse",
@@ -810,6 +813,7 @@
         "recipient_map_old_info": "Der originale Empfänger muss eine E-Mail-Adresse oder ein Domainname sein.",
         "recipient_maps": "Empfängerumschreibungen",
         "relay_all": "Alle Empfänger-Adressen relayen",
+        "relay_unknown": "Unbekannte Mailboxen relayen",
         "remove": "Entfernen",
         "resources": "Ressourcen",
         "running": "In Ausführung",
@@ -836,6 +840,8 @@
         "table_size_show_n": "Zeige %s Einträge",
         "target_address": "Ziel-Adresse",
         "target_domain": "Ziel-Domain",
+        "templates": "Vorlagen",
+        "template": "Vorlage",
         "tls_enforce_in": "TLS eingehend erzwingen",
         "tls_enforce_out": "TLS ausgehend erzwingen",
         "tls_map_dest": "Ziel",
@@ -1018,6 +1024,9 @@
         "saved_settings": "Regel wurde gespeichert",
         "settings_map_added": "Regel wurde gespeichert",
         "settings_map_removed": "Regeln wurden entfernt: %s",
+        "template_added": "Template %s hinzugefügt",
+        "template_modified": "Änderungen am Template %s wurden gespeichert",
+        "template_removed": "Template ID %s wurde gelöscht",
         "sogo_profile_reset": "ActiveSync-Gerät des Benutzers %s wurde zurückgesetzt",
         "tls_policy_map_entry_deleted": "TLS-Richtlinie mit der ID %s wurde gelöscht",
         "tls_policy_map_entry_saved": "TLS-Richtlinieneintrag \"%s\" wurde gespeichert",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index edc696d8..90b208fc 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -1038,6 +1038,7 @@
         "sogo_profile_reset": "SOGo profile for user %s was reset",
         "template_added": "Added template %s",
         "template_modified": "Changes to template %s have been saved",
+        "template_removed": "Template ID %s has been deleted",
         "tls_policy_map_entry_deleted": "TLS policy map ID %s has been deleted",
         "tls_policy_map_entry_saved": "TLS policy map entry \"%s\" has been saved",
         "ui_texts": "Saved changes to UI texts",
diff --git a/data/web/templates/mailbox.twig b/data/web/templates/mailbox.twig
index fa89b001..cdb6a428 100644
--- a/data/web/templates/mailbox.twig
+++ b/data/web/templates/mailbox.twig
@@ -10,8 +10,6 @@
       <li><button class="dropdown-item {% if mailcow_cc_role != 'admin' %} d-none{% endif %}" aria-selected="false" aria-controls="tab-templates-domains" role="tab" data-bs-toggle="tab" data-bs-target="#tab-templates-domains">{{ lang.mailbox.templates }}</button></li>
     </ul>
     </li>
-    {# <li class="nav-item" role="presentation"><button class="nav-link active" aria-selected="false" aria-controls="tab-domains" role="tab" data-bs-toggle="tab" data-bs-target="#tab-domains">{{ lang.mailbox.domains }}</button></li> #}
-    {# <li class="nav-item" role="presentation"><button class="nav-link" aria-selected="false" aria-controls="tab-mailboxes" role="tab" data-bs-toggle="tab" data-bs-target="#tab-mailboxes">{{ lang.mailbox.mailboxes }}</button></li> #}
     <li class="nav-item dropdown" role="presentation">
     <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.mailboxes }}</a>
     <ul class="dropdown-menu">
@@ -37,7 +35,6 @@
     <div class="col-md-12">
       <div class="tab-content" style="padding-top:20px">
         {% include 'mailbox/tab-domains.twig' %}
-        {# {% include 'mailbox/tab-mailbox-defaults.twig' %} #}
         {% include 'mailbox/tab-templates-domains.twig' %}
         {% include 'mailbox/tab-mailboxes.twig' %}
         {% include 'mailbox/tab-templates-mbox.twig' %}
diff --git a/data/web/templates/mailbox/tab-mailbox-defaults.twig b/data/web/templates/mailbox/tab-mailbox-defaults.twig
deleted file mode 100644
index 20f1b229..00000000
--- a/data/web/templates/mailbox/tab-mailbox-defaults.twig
+++ /dev/null
@@ -1,13 +0,0 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-mailbox-defaults" role="tabpanel" aria-labelledby="tab-mailbox-defaults">
-  <div class="card mb-4">
-    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-mailbox-defaults" data-bs-toggle="collapse" aria-controls="collapse-tab-mailbox-defaults">
-        {{ lang.mailbox.mailbox_defaults }} <span class="badge bg-info table-lines"></span>
-      </button>
-      <span class="d-none d-md-block">{{ lang.mailbox.mailbox_defaults }} <span class="badge bg-info table-lines"></span></span>
-    </div>
-    <div id="collapse-tab-mailbox-defaults" class="card-body collapse text-muted" data-bs-parent="#mail-content">
-      {{ lang.mailbox.mailbox_defaults_info }}
-    </div>
-  </div>
-</div>

From faf8da13656e636564606fd3b920f2fbba0ae393 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 12 Dec 2022 10:51:31 +0100
Subject: [PATCH 038/170] [RSPAMD] Implemented new Password change Script

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 4f370796..68a37529 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -76,7 +76,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.91
+      image: mailcow/rspamd:1.92
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow

From 802d304579168bd5c66e057b237608d0067786e5 Mon Sep 17 00:00:00 2001
From: Kristian Feldsam <feldsam@gmail.com>
Date: Mon, 12 Dec 2022 11:41:30 +0100
Subject: [PATCH 039/170] Revert "[Dovecot] Disable imapsync job, when auth
 details are wrong. Fixes #4276 (#4540)" Closes #4711

This reverts commit d4e829465b1333484f66ed30cd70f40f371a3aeb.

Signed-off-by: Kristian Feldsam <feldsam@gmail.com>

# Conflicts:
#	docker-compose.yml
---
 data/Dockerfiles/dovecot/imapsync_runner.pl | 14 ++++----------
 docker-compose.yml                          |  2 +-
 2 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/data/Dockerfiles/dovecot/imapsync_runner.pl b/data/Dockerfiles/dovecot/imapsync_runner.pl
index d3aed97b..5b297abd 100644
--- a/data/Dockerfiles/dovecot/imapsync_runner.pl
+++ b/data/Dockerfiles/dovecot/imapsync_runner.pl
@@ -51,8 +51,8 @@ sub sig_handler {
   die "sig_handler received signal, preparing to exit...\n";
 };
 
-open my $file, '<', "/etc/sogo/sieve.creds";
-my $creds = <$file>;
+open my $file, '<', "/etc/sogo/sieve.creds"; 
+my $creds = <$file>; 
 close $file;
 my ($master_user, $master_pass) = split /:/, $creds;
 my $sth = $dbh->prepare("SELECT id,
@@ -166,17 +166,11 @@ while ($row = $sth->fetchrow_arrayref()) {
       $success = 1;
     }
 
-    $keep_job_active = 1;
-    if (defined $exit_status && $exit_status eq "EXIT_AUTHENTICATION_FAILURE_USER1") {
-      $keep_job_active = 0;
-    }
-
-    $update = $dbh->prepare("UPDATE imapsync SET returned_text = ?, success = ?, exit_status = ?, active = ? WHERE id = ?");
+    $update = $dbh->prepare("UPDATE imapsync SET returned_text = ?, success = ?, exit_status = ? WHERE id = ?");
     $update->bind_param( 1, ${stdout} );
     $update->bind_param( 2, ${success} );
     $update->bind_param( 3, ${exit_status} );
-    $update->bind_param( 4, ${keep_job_active} );
-    $update->bind_param( 5, ${id} );
+    $update->bind_param( 4, ${id} );
     $update->execute();
   } catch {
     $update = $dbh->prepare("UPDATE imapsync SET returned_text = 'Could not start or finish imapsync', success = 0 WHERE id = ?");
diff --git a/docker-compose.yml b/docker-compose.yml
index 621eb610..130e97b8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -215,7 +215,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.20
+      image: mailcow/dovecot:1.21
       depends_on:
         - mysql-mailcow
       dns:

From a71cc759f6f7efc29d1fc2d01cbb674f96747540 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 12 Dec 2022 11:58:40 +0100
Subject: [PATCH 040/170] Renamed some Lang Classes + Added some new Strings

---
 data/web/lang/lang.de-de.json | 23 ++++++++++++++---------
 data/web/lang/lang.en-gb.json | 24 +++++++++++++++---------
 data/web/templates/admin.twig |  2 +-
 data/web/templates/queue.twig | 19 +++++++++++++------
 4 files changed, 43 insertions(+), 25 deletions(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 0a37321f..96ea99fd 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -228,6 +228,7 @@
         "oauth2_renew_secret": "Neues Client Secret generieren",
         "oauth2_revoke_tokens": "Alle Client Tokens entfernen",
         "optional": "Optional",
+        "options": "Einstellungen",
         "password": "Passwort",
         "password_length": "Passwortlänge",
         "password_policy": "Passwortrichtlinie",
@@ -938,16 +939,20 @@
         "type": "Typ"
     },
     "queue": {
-        "delete_queue": "Queue löschen",
-        "flush_queue": "Queue flushen",
-        "queue_ays": "Soll die derzeitige Queue wirklich komplett bereinigt werden?",
-        "queue_command_success": "Queue-Aufgabe erfolgreich ausgeführt",
-        "queue_deliver_mail": "Ausliefern",
-        "queue_hold_mail": "Zurückhalten",
+        "delete": "Queue löschen",
+        "flush": "Queue flushen",
+        "info" : "In der Mailqueue befinden sich alle E-Mails, welche auf eine Zustellung warten. Sollte eine E-Mail eine längere Zeit innerhalb der Mailqueue stecken wird diese automatisch vom System gelöscht.<br>Die Fehlermeldung der jeweiligen Mail gibt aufschluss darüber, warum diese nicht zugestellt werden konnte",
+        "legend": "Funktionen der Mailqueue Aktionen:",
+        "ays": "Soll die derzeitige Queue wirklich komplett bereinigt werden?",
+        "deliver_mail": "Ausliefern",
+        "deliver_mail_legend": "Versucht eine erneute Zustellung der ausgwählten Mails.",
+        "hold_mail": "Zurückhalten",
+        "hold_mail_legend": "Hält die ausgewählten Mails zurück. (Verhindert weitere Zustellversuche)",
         "queue_manager": "Queue Manager",
-        "queue_show_message": "Nachricht anzeigen",
-        "queue_unban": "queue unban",
-        "queue_unhold_mail": "Freigeben"
+        "show_message": "Nachricht anzeigen",
+        "unban": "queue unban",
+        "unhold_mail": "Freigeben",
+        "unhold_mail_legend": "Gibt ausgewählte Mails zur Auslieferung frei. (Erfordert vorheriges Zurückhalten)"
     },
     "start": {
         "help": "Hilfe ein-/ausblenden",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 90b208fc..ce6e2cf8 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -232,6 +232,7 @@
         "oauth2_renew_secret": "Generate new client secret",
         "oauth2_revoke_tokens": "Revoke all client tokens",
         "optional": "optional",
+        "options": "Options",
         "password": "Password",
         "password_length": "Password length",
         "password_policy": "Password policy",
@@ -943,16 +944,20 @@
         "type": "Type"
     },
     "queue": {
-        "delete_queue": "Delete all",
-        "flush_queue": "Flush queue",
-        "queue_ays": "Please confirm you want to delete all items from the current queue.",
-        "queue_command_success": "Queue command completed successfully",
-        "queue_deliver_mail": "Deliver",
-        "queue_hold_mail": "Hold",
+        "delete": "Delete all",
+        "flush": "Flush queue",
+        "info" : "The mail queue contains all e-mails that are waiting for delivery. If an email is stuck in the mail queue for a long time, it is automatically deleted by the system.<br>The error message of the respective mail gives information about why the mail could not be delivered.",
+        "legend": "Mail queue actions functions:",
+        "ays": "Please confirm you want to delete all items from the current queue.",
+        "deliver_mail": "Deliver",
+        "deliver_mail_legend": "Attempts to redeliver selected mails.",
+        "hold_mail": "Hold",
+        "hold_mail_legend": "Holds the selected mails. (Prevents further delivery attempts)",
         "queue_manager": "Queue Manager",
-        "queue_show_message": "Show message",
-        "queue_unban": "queue unban",
-        "queue_unhold_mail": "Unhold"
+        "show_message": "Show message",
+        "unban": "queue unban",
+        "unhold_mail": "Unhold",
+        "unhold_mail_legend": "Releases selected mails for delivery. (Requires prior hold)"
     },
     "ratelimit": {
       "disabled": "Disabled",
@@ -1022,6 +1027,7 @@
         "password_policy_saved": "Password policy was saved successfully",
         "pushover_settings_edited": "Pushover settings successfully set, please verify credentials.",
         "qlearn_spam": "Message ID %s was learned as spam and deleted",
+        "queue_command_success": "Queue command completed successfully",
         "recipient_map_entry_deleted": "Recipient map ID %s has been deleted",
         "recipient_map_entry_saved": "Recipient map entry \"%s\" has been saved",
         "relayhost_added": "Map entry %s has been added",
diff --git a/data/web/templates/admin.twig b/data/web/templates/admin.twig
index f3408928..863f87e9 100644
--- a/data/web/templates/admin.twig
+++ b/data/web/templates/admin.twig
@@ -14,7 +14,7 @@
     </li>
 
     <li class="nav-item dropdown">
-      <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" href="#" role="button" aria-expanded="false">{{ lang.admin.configuration }}</a>
+      <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" href="#" role="button" aria-expanded="false">{{ lang.admin.options }}</a>
       <ul class="dropdown-menu">
         <li><button class="dropdown-item" data-bs-target="#tab-config-dkim" aria-selected="false" aria-controls="tab-config-dkim" role="tab" data-bs-toggle="tab">{{ lang.admin.dkim_keys }}</button></li>
         <li><button class="dropdown-item" data-bs-target="#tab-config-fwdhosts" aria-selected="false" aria-controls="tab-config-fwdhosts" role="tab" data-bs-toggle="tab">{{ lang.admin.forwarding_hosts }}</button></li>
diff --git a/data/web/templates/queue.twig b/data/web/templates/queue.twig
index 22c36a27..1a5d4ff9 100644
--- a/data/web/templates/queue.twig
+++ b/data/web/templates/queue.twig
@@ -9,15 +9,22 @@
       </div>
     </div>
     <div class="card-body">
+      <p class="text-muted">{{ lang.queue.info|raw }}</p>
+      <p class="text-muted"><b>{{ lang.queue.legend|raw }}</b></p>
+      <ul class="text-muted">
+      <li>{{ lang.queue.deliver_mail }} | {{ lang.queue.deliver_mail_legend }}</li>
+      <li>{{ lang.queue.unhold_mail }} | {{ lang.queue.unhold_mail_legend }}</li>
+      <li>{{ lang.queue.hold_mail }} | {{ lang.queue.hold_mail_legend }}</li>
+      </ul>
       <table id="queuetable" class="table table-striped dt-responsive w-100"></table>
       <div class="mass-actions-admin">
         <div class="btn-group">
           <a class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary" id="toggle_multi_select_all" data-id="mailqitems" href="#"><i class="bi bi-check-all"></i> {{ lang.mailbox.toggle_all }}</a>
           <a class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.quick_actions }}</a>
-          <ul class="dropdown-menu top33">
-            <li><a class="dropdown-item" data-bs-toggle="tooltip" title="postqueue -i" data-action="edit_selected" data-id="mailqitems" data-api-url='edit/mailq' data-api-attr='{"action":"deliver"}' href="#">{{ lang.queue.queue_deliver_mail }}</a></li>
-            <li><a class="dropdown-item" data-bs-toggle="tooltip" title="postsuper -H" data-action="edit_selected" data-id="mailqitems" data-api-url='edit/mailq' data-api-attr='{"action":"unhold"}' href="#">{{ lang.queue.queue_unhold_mail }}</a></li>
-            <li><a class="dropdown-item" data-bs-toggle="tooltip" title="postsuper -h" data-action="edit_selected" data-id="mailqitems" data-api-url='edit/mailq' data-api-attr='{"action":"hold"}' href="#">{{ lang.queue.queue_hold_mail }}</a></li>
+          <ul class="dropdown-menu">
+            <li><a class="dropdown-item" data-bs-toggle="tooltip" title="postqueue -i" data-action="edit_selected" data-id="mailqitems" data-api-url='edit/mailq' data-api-attr='{"action":"deliver"}' href="#">{{ lang.queue.deliver_mail }}</a></li>
+            <li><a class="dropdown-item" data-bs-toggle="tooltip" title="postsuper -H" data-action="edit_selected" data-id="mailqitems" data-api-url='edit/mailq' data-api-attr='{"action":"unhold"}' href="#">{{ lang.queue.unhold_mail }}</a></li>
+            <li><a class="dropdown-item" data-bs-toggle="tooltip" title="postsuper -h" data-action="edit_selected" data-id="mailqitems" data-api-url='edit/mailq' data-api-attr='{"action":"hold"}' href="#">{{ lang.queue.hold_mail }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-bs-toggle="tooltip" title="postsuper -d" data-action="delete_selected" data-id="mailqitems" data-api-url='delete/mailq' href="#">{{ lang.mailbox.remove }}</a></li>
           </ul>
@@ -27,7 +34,7 @@
              data-api-url='edit/mailq'
              data-api-attr='{"action":"flush"}'
              data-bs-toggle="tooltip" title="postqueue -f"
-             href="#"><i class="bi bi-check-all"></i> {{ lang.queue.flush_queue }}</a>
+             href="#"><i class="bi bi-check-all"></i> {{ lang.queue.flush }}</a>
           <a class="btn btn-sm d-block d-sm-inline btn-danger"
              id="super_delete"
              data-action="edit_selected"
@@ -35,7 +42,7 @@
              data-api-url='edit/mailq'
              data-api-attr='{"action":"super_delete"}'
              data-bs-toggle="tooltip" title="postsuper -d ALL"
-             href="#"><i class="bi bi-trash"></i> {{ lang.queue.delete_queue }}</a>
+             href="#"><i class="bi bi-trash"></i> {{ lang.queue.delete }}</a>
         </div>
       </div>
     </div>

From a763dda068a1b0f99e288ebd0c8a2b7697192ceb Mon Sep 17 00:00:00 2001
From: Niklas Meyer <62480600+DerLinkman@users.noreply.github.com>
Date: Mon, 12 Dec 2022 16:09:13 +0100
Subject: [PATCH 041/170] Update tweet-trigger-publish-release.yml

---
 .github/workflows/tweet-trigger-publish-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tweet-trigger-publish-release.yml b/.github/workflows/tweet-trigger-publish-release.yml
index daebfe53..0f0d4516 100644
--- a/.github/workflows/tweet-trigger-publish-release.yml
+++ b/.github/workflows/tweet-trigger-publish-release.yml
@@ -17,4 +17,4 @@ jobs:
           consumer_secret: ${{ secrets.CONSUMER_SECRET }}
           access_token_key: ${{ secrets.ACCESS_TOKEN_KEY }}
           access_token_secret: ${{ secrets.ACCESS_TOKEN_SECRET }}
-          tweet_body: '$RELEASE_TAG is here! Checkout the GitHub Page for changelog regarding the $RELEASE_TAG Release: github.com/mailcow/mailcow-dockerized/releases/tag/$RELEASE_TAG'
\ No newline at end of file
+          tweet_body: 'A new mailcow update has just been released! Checkout the GitHub Page for changelog and more informations: github.com/mailcow/mailcow-dockerized/releases/tag/latest'

From 13175b4e6c777116929fd9b602ca7a6b79f45b4b Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 12 Dec 2022 16:29:33 +0100
Subject: [PATCH 042/170] Updated README.md

---
 README.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 313fa13b..b40a767c 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,5 @@
 # mailcow: dockerized - 🐮 + 🐋 = 💕
 
-## We stand with 🇺🇦
-
 [![Mailcow Integration Tests](https://github.com/mailcow/mailcow-dockerized/actions/workflows/integration_tests.yml/badge.svg?branch=master)](https://github.com/mailcow/mailcow-dockerized/actions/workflows/integration_tests.yml)
 [![Translation status](https://translate.mailcow.email/widgets/mailcow-dockerized/-/translation/svg-badge.svg)](https://translate.mailcow.email/engage/mailcow-dockerized/)
 [![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/mailcow_email.svg?style=social&label=Follow%20%40mailcow_email)](https://twitter.com/mailcow_email)
@@ -36,3 +34,9 @@ Telegram desktop clients are available for [multiple platforms](https://desktop.
 
 **Important**: mailcow makes use of various open-source software. Please assure you agree with their license before using mailcow.
 Any part of mailcow itself is released under **GNU General Public License, Version 3**.
+
+mailcow is a registered word mark of The Infrastructure Company GmbH, Parkstr. 42, 47877 Willich, Germany.
+
+The project is managed and maintained by The Infrastructure Company GmbH.
+
+Originated from @andryyy (André)
\ No newline at end of file

From 83bd66db98e4bab629f29d6d74365e7a5eeaba6a Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Tue, 13 Dec 2022 11:52:04 +0100
Subject: [PATCH 043/170] [Update.sh] Increased Timeout for online status check

---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index 3eca2ea6..34d17354 100755
--- a/update.sh
+++ b/update.sh
@@ -5,7 +5,7 @@
 check_online_status() {
   CHECK_ONLINE_DOMAINS=('https://github.com' 'https://hub.docker.com')
   for domain in "${CHECK_ONLINE_DOMAINS[@]}"; do
-    if timeout 3 curl --head --silent --output /dev/null ${domain}; then
+    if timeout 6 curl --head --silent --output /dev/null ${domain}; then
       return 0
     fi
   done

From 3a13c9302265e9d2119294c147dbcc47e85f1012 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Tue, 13 Dec 2022 12:38:15 +0100
Subject: [PATCH 044/170] [SOGo] Updated to newer SOGo 5.8.0 (CalDav Issue fix)

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 130e97b8..a0f275c5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -168,7 +168,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.112
+      image: mailcow/sogo:1.113
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From 87214fef70fca6a05fd45302eb7f24bdcaf07ed3 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <62480600+DerLinkman@users.noreply.github.com>
Date: Tue, 13 Dec 2022 15:16:47 +0100
Subject: [PATCH 045/170] Update tweet-trigger-publish-release.yml

---
 .github/workflows/tweet-trigger-publish-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tweet-trigger-publish-release.yml b/.github/workflows/tweet-trigger-publish-release.yml
index 0f0d4516..86cf628d 100644
--- a/.github/workflows/tweet-trigger-publish-release.yml
+++ b/.github/workflows/tweet-trigger-publish-release.yml
@@ -17,4 +17,4 @@ jobs:
           consumer_secret: ${{ secrets.CONSUMER_SECRET }}
           access_token_key: ${{ secrets.ACCESS_TOKEN_KEY }}
           access_token_secret: ${{ secrets.ACCESS_TOKEN_SECRET }}
-          tweet_body: 'A new mailcow update has just been released! Checkout the GitHub Page for changelog and more informations: github.com/mailcow/mailcow-dockerized/releases/tag/latest'
+          tweet_body: 'A new mailcow update has just been released! Checkout the GitHub Page for changelog and more informations: https://github.com/mailcow/mailcow-dockerized/releases/latest'

From 118984dfff395cafc3aaeea3bf6593520466ab78 Mon Sep 17 00:00:00 2001
From: mhupfauer <mhupfauer@users.noreply.github.com>
Date: Tue, 13 Dec 2022 22:38:45 +0100
Subject: [PATCH 046/170] Update bulk_header.map

AWeber is a massive Mail as a Service provider which is used by many legitimate corporations and should not be handled negatively by default.
---
 data/conf/rspamd/custom/bulk_header.map | 1 -
 1 file changed, 1 deletion(-)

diff --git a/data/conf/rspamd/custom/bulk_header.map b/data/conf/rspamd/custom/bulk_header.map
index 39aa7fea..69a20af8 100644
--- a/data/conf/rspamd/custom/bulk_header.map
+++ b/data/conf/rspamd/custom/bulk_header.map
@@ -3,7 +3,6 @@
 /.*episerver.*/i
 /.*supergewinne.*/i
 /List-Unsubscribe.*nbps\.eu/i
-/X-Mailer: AWeber.*/i
 /.*regiofinder.*/i
 /.*EmailSocket.*/i
 /List-Unsubscribe:.*respread.*/i

From 5160eff29446ba94329116a6ed3787400b03e461 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 14 Dec 2022 08:13:56 +0100
Subject: [PATCH 047/170] add datatables date sort plugin & rename js files

---
 .../{003-slider.min.js => 002-slider.min.js}  |  0
 ...trap-select.js => 003-bootstrap-select.js} |  0
 data/web/js/build/004-moment.min.js           |  7 ++
 .../{011-datatables.js => 005-datatables.js}  |  0
 data/web/js/build/006-datetime-moment.js      | 70 +++++++++++++++++++
 ...ations.min.js => 007-notifications.min.js} |  0
 ...-formcache.min.js => 008-formcache.min.js} |  0
 .../js/build/{008-chart.js => 009-chart.js}   |  0
 ...ls.js => 010-chartjs-plugin-datalabels.js} |  0
 ...rea.min.js => 011-numberedtextarea.min.js} |  0
 .../{010-sha1.min.js => 012-sha1.min.js}      |  0
 data/web/js/build/{012-api.js => 013-api.js}  |  0
 ...kdown-it.min.js => 014-markdown-it.min.js} |  0
 .../build/{014-mailcow.js => 015-mailcow.js}  |  3 +-
 14 files changed, 79 insertions(+), 1 deletion(-)
 rename data/web/js/build/{003-slider.min.js => 002-slider.min.js} (100%)
 rename data/web/js/build/{004-bootstrap-select.js => 003-bootstrap-select.js} (100%)
 create mode 100644 data/web/js/build/004-moment.min.js
 rename data/web/js/build/{011-datatables.js => 005-datatables.js} (100%)
 create mode 100644 data/web/js/build/006-datetime-moment.js
 rename data/web/js/build/{006-notifications.min.js => 007-notifications.min.js} (100%)
 rename data/web/js/build/{007-formcache.min.js => 008-formcache.min.js} (100%)
 rename data/web/js/build/{008-chart.js => 009-chart.js} (100%)
 rename data/web/js/build/{008-chartjs-plugin-datalabels.js => 010-chartjs-plugin-datalabels.js} (100%)
 rename data/web/js/build/{009-numberedtextarea.min.js => 011-numberedtextarea.min.js} (100%)
 rename data/web/js/build/{010-sha1.min.js => 012-sha1.min.js} (100%)
 rename data/web/js/build/{012-api.js => 013-api.js} (100%)
 rename data/web/js/build/{013-markdown-it.min.js => 014-markdown-it.min.js} (100%)
 rename data/web/js/build/{014-mailcow.js => 015-mailcow.js} (96%)

diff --git a/data/web/js/build/003-slider.min.js b/data/web/js/build/002-slider.min.js
similarity index 100%
rename from data/web/js/build/003-slider.min.js
rename to data/web/js/build/002-slider.min.js
diff --git a/data/web/js/build/004-bootstrap-select.js b/data/web/js/build/003-bootstrap-select.js
similarity index 100%
rename from data/web/js/build/004-bootstrap-select.js
rename to data/web/js/build/003-bootstrap-select.js
diff --git a/data/web/js/build/004-moment.min.js b/data/web/js/build/004-moment.min.js
new file mode 100644
index 00000000..9fb34ee0
--- /dev/null
+++ b/data/web/js/build/004-moment.min.js
@@ -0,0 +1,7 @@
+//! moment.js
+//! version : 2.8.4
+//! authors : Tim Wood, Iskren Chernev, Moment.js contributors
+//! license : MIT
+//! momentjs.com
+(function(a){function b(a,b,c){switch(arguments.length){case 2:return null!=a?a:b;case 3:return null!=a?a:null!=b?b:c;default:throw new Error("Implement me")}}function c(a,b){return zb.call(a,b)}function d(){return{empty:!1,unusedTokens:[],unusedInput:[],overflow:-2,charsLeftOver:0,nullInput:!1,invalidMonth:null,invalidFormat:!1,userInvalidated:!1,iso:!1}}function e(a){tb.suppressDeprecationWarnings===!1&&"undefined"!=typeof console&&console.warn&&console.warn("Deprecation warning: "+a)}function f(a,b){var c=!0;return m(function(){return c&&(e(a),c=!1),b.apply(this,arguments)},b)}function g(a,b){qc[a]||(e(b),qc[a]=!0)}function h(a,b){return function(c){return p(a.call(this,c),b)}}function i(a,b){return function(c){return this.localeData().ordinal(a.call(this,c),b)}}function j(){}function k(a,b){b!==!1&&F(a),n(this,a),this._d=new Date(+a._d)}function l(a){var b=y(a),c=b.year||0,d=b.quarter||0,e=b.month||0,f=b.week||0,g=b.day||0,h=b.hour||0,i=b.minute||0,j=b.second||0,k=b.millisecond||0;this._milliseconds=+k+1e3*j+6e4*i+36e5*h,this._days=+g+7*f,this._months=+e+3*d+12*c,this._data={},this._locale=tb.localeData(),this._bubble()}function m(a,b){for(var d in b)c(b,d)&&(a[d]=b[d]);return c(b,"toString")&&(a.toString=b.toString),c(b,"valueOf")&&(a.valueOf=b.valueOf),a}function n(a,b){var c,d,e;if("undefined"!=typeof b._isAMomentObject&&(a._isAMomentObject=b._isAMomentObject),"undefined"!=typeof b._i&&(a._i=b._i),"undefined"!=typeof b._f&&(a._f=b._f),"undefined"!=typeof b._l&&(a._l=b._l),"undefined"!=typeof b._strict&&(a._strict=b._strict),"undefined"!=typeof b._tzm&&(a._tzm=b._tzm),"undefined"!=typeof b._isUTC&&(a._isUTC=b._isUTC),"undefined"!=typeof b._offset&&(a._offset=b._offset),"undefined"!=typeof b._pf&&(a._pf=b._pf),"undefined"!=typeof b._locale&&(a._locale=b._locale),Ib.length>0)for(c in Ib)d=Ib[c],e=b[d],"undefined"!=typeof e&&(a[d]=e);return a}function o(a){return 0>a?Math.ceil(a):Math.floor(a)}function p(a,b,c){for(var d=""+Math.abs(a),e=a>=0;d.length<b;)d="0"+d;return(e?c?"+":"":"-")+d}function q(a,b){var c={milliseconds:0,months:0};return c.months=b.month()-a.month()+12*(b.year()-a.year()),a.clone().add(c.months,"M").isAfter(b)&&--c.months,c.milliseconds=+b-+a.clone().add(c.months,"M"),c}function r(a,b){var c;return b=K(b,a),a.isBefore(b)?c=q(a,b):(c=q(b,a),c.milliseconds=-c.milliseconds,c.months=-c.months),c}function s(a,b){return function(c,d){var e,f;return null===d||isNaN(+d)||(g(b,"moment()."+b+"(period, number) is deprecated. Please use moment()."+b+"(number, period)."),f=c,c=d,d=f),c="string"==typeof c?+c:c,e=tb.duration(c,d),t(this,e,a),this}}function t(a,b,c,d){var e=b._milliseconds,f=b._days,g=b._months;d=null==d?!0:d,e&&a._d.setTime(+a._d+e*c),f&&nb(a,"Date",mb(a,"Date")+f*c),g&&lb(a,mb(a,"Month")+g*c),d&&tb.updateOffset(a,f||g)}function u(a){return"[object Array]"===Object.prototype.toString.call(a)}function v(a){return"[object Date]"===Object.prototype.toString.call(a)||a instanceof Date}function w(a,b,c){var d,e=Math.min(a.length,b.length),f=Math.abs(a.length-b.length),g=0;for(d=0;e>d;d++)(c&&a[d]!==b[d]||!c&&A(a[d])!==A(b[d]))&&g++;return g+f}function x(a){if(a){var b=a.toLowerCase().replace(/(.)s$/,"$1");a=jc[a]||kc[b]||b}return a}function y(a){var b,d,e={};for(d in a)c(a,d)&&(b=x(d),b&&(e[b]=a[d]));return e}function z(b){var c,d;if(0===b.indexOf("week"))c=7,d="day";else{if(0!==b.indexOf("month"))return;c=12,d="month"}tb[b]=function(e,f){var g,h,i=tb._locale[b],j=[];if("number"==typeof e&&(f=e,e=a),h=function(a){var b=tb().utc().set(d,a);return i.call(tb._locale,b,e||"")},null!=f)return h(f);for(g=0;c>g;g++)j.push(h(g));return j}}function A(a){var b=+a,c=0;return 0!==b&&isFinite(b)&&(c=b>=0?Math.floor(b):Math.ceil(b)),c}function B(a,b){return new Date(Date.UTC(a,b+1,0)).getUTCDate()}function C(a,b,c){return hb(tb([a,11,31+b-c]),b,c).week}function D(a){return E(a)?366:365}function E(a){return a%4===0&&a%100!==0||a%400===0}function F(a){var b;a._a&&-2===a._pf.overflow&&(b=a._a[Bb]<0||a._a[Bb]>11?Bb:a._a[Cb]<1||a._a[Cb]>B(a._a[Ab],a._a[Bb])?Cb:a._a[Db]<0||a._a[Db]>24||24===a._a[Db]&&(0!==a._a[Eb]||0!==a._a[Fb]||0!==a._a[Gb])?Db:a._a[Eb]<0||a._a[Eb]>59?Eb:a._a[Fb]<0||a._a[Fb]>59?Fb:a._a[Gb]<0||a._a[Gb]>999?Gb:-1,a._pf._overflowDayOfYear&&(Ab>b||b>Cb)&&(b=Cb),a._pf.overflow=b)}function G(b){return null==b._isValid&&(b._isValid=!isNaN(b._d.getTime())&&b._pf.overflow<0&&!b._pf.empty&&!b._pf.invalidMonth&&!b._pf.nullInput&&!b._pf.invalidFormat&&!b._pf.userInvalidated,b._strict&&(b._isValid=b._isValid&&0===b._pf.charsLeftOver&&0===b._pf.unusedTokens.length&&b._pf.bigHour===a)),b._isValid}function H(a){return a?a.toLowerCase().replace("_","-"):a}function I(a){for(var b,c,d,e,f=0;f<a.length;){for(e=H(a[f]).split("-"),b=e.length,c=H(a[f+1]),c=c?c.split("-"):null;b>0;){if(d=J(e.slice(0,b).join("-")))return d;if(c&&c.length>=b&&w(e,c,!0)>=b-1)break;b--}f++}return null}function J(a){var b=null;if(!Hb[a]&&Jb)try{b=tb.locale(),require("./locale/"+a),tb.locale(b)}catch(c){}return Hb[a]}function K(a,b){var c,d;return b._isUTC?(c=b.clone(),d=(tb.isMoment(a)||v(a)?+a:+tb(a))-+c,c._d.setTime(+c._d+d),tb.updateOffset(c,!1),c):tb(a).local()}function L(a){return a.match(/\[[\s\S]/)?a.replace(/^\[|\]$/g,""):a.replace(/\\/g,"")}function M(a){var b,c,d=a.match(Nb);for(b=0,c=d.length;c>b;b++)d[b]=pc[d[b]]?pc[d[b]]:L(d[b]);return function(e){var f="";for(b=0;c>b;b++)f+=d[b]instanceof Function?d[b].call(e,a):d[b];return f}}function N(a,b){return a.isValid()?(b=O(b,a.localeData()),lc[b]||(lc[b]=M(b)),lc[b](a)):a.localeData().invalidDate()}function O(a,b){function c(a){return b.longDateFormat(a)||a}var d=5;for(Ob.lastIndex=0;d>=0&&Ob.test(a);)a=a.replace(Ob,c),Ob.lastIndex=0,d-=1;return a}function P(a,b){var c,d=b._strict;switch(a){case"Q":return Zb;case"DDDD":return _b;case"YYYY":case"GGGG":case"gggg":return d?ac:Rb;case"Y":case"G":case"g":return cc;case"YYYYYY":case"YYYYY":case"GGGGG":case"ggggg":return d?bc:Sb;case"S":if(d)return Zb;case"SS":if(d)return $b;case"SSS":if(d)return _b;case"DDD":return Qb;case"MMM":case"MMMM":case"dd":case"ddd":case"dddd":return Ub;case"a":case"A":return b._locale._meridiemParse;case"x":return Xb;case"X":return Yb;case"Z":case"ZZ":return Vb;case"T":return Wb;case"SSSS":return Tb;case"MM":case"DD":case"YY":case"GG":case"gg":case"HH":case"hh":case"mm":case"ss":case"ww":case"WW":return d?$b:Pb;case"M":case"D":case"d":case"H":case"h":case"m":case"s":case"w":case"W":case"e":case"E":return Pb;case"Do":return d?b._locale._ordinalParse:b._locale._ordinalParseLenient;default:return c=new RegExp(Y(X(a.replace("\\","")),"i"))}}function Q(a){a=a||"";var b=a.match(Vb)||[],c=b[b.length-1]||[],d=(c+"").match(hc)||["-",0,0],e=+(60*d[1])+A(d[2]);return"+"===d[0]?-e:e}function R(a,b,c){var d,e=c._a;switch(a){case"Q":null!=b&&(e[Bb]=3*(A(b)-1));break;case"M":case"MM":null!=b&&(e[Bb]=A(b)-1);break;case"MMM":case"MMMM":d=c._locale.monthsParse(b,a,c._strict),null!=d?e[Bb]=d:c._pf.invalidMonth=b;break;case"D":case"DD":null!=b&&(e[Cb]=A(b));break;case"Do":null!=b&&(e[Cb]=A(parseInt(b.match(/\d{1,2}/)[0],10)));break;case"DDD":case"DDDD":null!=b&&(c._dayOfYear=A(b));break;case"YY":e[Ab]=tb.parseTwoDigitYear(b);break;case"YYYY":case"YYYYY":case"YYYYYY":e[Ab]=A(b);break;case"a":case"A":c._isPm=c._locale.isPM(b);break;case"h":case"hh":c._pf.bigHour=!0;case"H":case"HH":e[Db]=A(b);break;case"m":case"mm":e[Eb]=A(b);break;case"s":case"ss":e[Fb]=A(b);break;case"S":case"SS":case"SSS":case"SSSS":e[Gb]=A(1e3*("0."+b));break;case"x":c._d=new Date(A(b));break;case"X":c._d=new Date(1e3*parseFloat(b));break;case"Z":case"ZZ":c._useUTC=!0,c._tzm=Q(b);break;case"dd":case"ddd":case"dddd":d=c._locale.weekdaysParse(b),null!=d?(c._w=c._w||{},c._w.d=d):c._pf.invalidWeekday=b;break;case"w":case"ww":case"W":case"WW":case"d":case"e":case"E":a=a.substr(0,1);case"gggg":case"GGGG":case"GGGGG":a=a.substr(0,2),b&&(c._w=c._w||{},c._w[a]=A(b));break;case"gg":case"GG":c._w=c._w||{},c._w[a]=tb.parseTwoDigitYear(b)}}function S(a){var c,d,e,f,g,h,i;c=a._w,null!=c.GG||null!=c.W||null!=c.E?(g=1,h=4,d=b(c.GG,a._a[Ab],hb(tb(),1,4).year),e=b(c.W,1),f=b(c.E,1)):(g=a._locale._week.dow,h=a._locale._week.doy,d=b(c.gg,a._a[Ab],hb(tb(),g,h).year),e=b(c.w,1),null!=c.d?(f=c.d,g>f&&++e):f=null!=c.e?c.e+g:g),i=ib(d,e,f,h,g),a._a[Ab]=i.year,a._dayOfYear=i.dayOfYear}function T(a){var c,d,e,f,g=[];if(!a._d){for(e=V(a),a._w&&null==a._a[Cb]&&null==a._a[Bb]&&S(a),a._dayOfYear&&(f=b(a._a[Ab],e[Ab]),a._dayOfYear>D(f)&&(a._pf._overflowDayOfYear=!0),d=db(f,0,a._dayOfYear),a._a[Bb]=d.getUTCMonth(),a._a[Cb]=d.getUTCDate()),c=0;3>c&&null==a._a[c];++c)a._a[c]=g[c]=e[c];for(;7>c;c++)a._a[c]=g[c]=null==a._a[c]?2===c?1:0:a._a[c];24===a._a[Db]&&0===a._a[Eb]&&0===a._a[Fb]&&0===a._a[Gb]&&(a._nextDay=!0,a._a[Db]=0),a._d=(a._useUTC?db:cb).apply(null,g),null!=a._tzm&&a._d.setUTCMinutes(a._d.getUTCMinutes()+a._tzm),a._nextDay&&(a._a[Db]=24)}}function U(a){var b;a._d||(b=y(a._i),a._a=[b.year,b.month,b.day||b.date,b.hour,b.minute,b.second,b.millisecond],T(a))}function V(a){var b=new Date;return a._useUTC?[b.getUTCFullYear(),b.getUTCMonth(),b.getUTCDate()]:[b.getFullYear(),b.getMonth(),b.getDate()]}function W(b){if(b._f===tb.ISO_8601)return void $(b);b._a=[],b._pf.empty=!0;var c,d,e,f,g,h=""+b._i,i=h.length,j=0;for(e=O(b._f,b._locale).match(Nb)||[],c=0;c<e.length;c++)f=e[c],d=(h.match(P(f,b))||[])[0],d&&(g=h.substr(0,h.indexOf(d)),g.length>0&&b._pf.unusedInput.push(g),h=h.slice(h.indexOf(d)+d.length),j+=d.length),pc[f]?(d?b._pf.empty=!1:b._pf.unusedTokens.push(f),R(f,d,b)):b._strict&&!d&&b._pf.unusedTokens.push(f);b._pf.charsLeftOver=i-j,h.length>0&&b._pf.unusedInput.push(h),b._pf.bigHour===!0&&b._a[Db]<=12&&(b._pf.bigHour=a),b._isPm&&b._a[Db]<12&&(b._a[Db]+=12),b._isPm===!1&&12===b._a[Db]&&(b._a[Db]=0),T(b),F(b)}function X(a){return a.replace(/\\(\[)|\\(\])|\[([^\]\[]*)\]|\\(.)/g,function(a,b,c,d,e){return b||c||d||e})}function Y(a){return a.replace(/[-\/\\^$*+?.()|[\]{}]/g,"\\$&")}function Z(a){var b,c,e,f,g;if(0===a._f.length)return a._pf.invalidFormat=!0,void(a._d=new Date(0/0));for(f=0;f<a._f.length;f++)g=0,b=n({},a),null!=a._useUTC&&(b._useUTC=a._useUTC),b._pf=d(),b._f=a._f[f],W(b),G(b)&&(g+=b._pf.charsLeftOver,g+=10*b._pf.unusedTokens.length,b._pf.score=g,(null==e||e>g)&&(e=g,c=b));m(a,c||b)}function $(a){var b,c,d=a._i,e=dc.exec(d);if(e){for(a._pf.iso=!0,b=0,c=fc.length;c>b;b++)if(fc[b][1].exec(d)){a._f=fc[b][0]+(e[6]||" ");break}for(b=0,c=gc.length;c>b;b++)if(gc[b][1].exec(d)){a._f+=gc[b][0];break}d.match(Vb)&&(a._f+="Z"),W(a)}else a._isValid=!1}function _(a){$(a),a._isValid===!1&&(delete a._isValid,tb.createFromInputFallback(a))}function ab(a,b){var c,d=[];for(c=0;c<a.length;++c)d.push(b(a[c],c));return d}function bb(b){var c,d=b._i;d===a?b._d=new Date:v(d)?b._d=new Date(+d):null!==(c=Kb.exec(d))?b._d=new Date(+c[1]):"string"==typeof d?_(b):u(d)?(b._a=ab(d.slice(0),function(a){return parseInt(a,10)}),T(b)):"object"==typeof d?U(b):"number"==typeof d?b._d=new Date(d):tb.createFromInputFallback(b)}function cb(a,b,c,d,e,f,g){var h=new Date(a,b,c,d,e,f,g);return 1970>a&&h.setFullYear(a),h}function db(a){var b=new Date(Date.UTC.apply(null,arguments));return 1970>a&&b.setUTCFullYear(a),b}function eb(a,b){if("string"==typeof a)if(isNaN(a)){if(a=b.weekdaysParse(a),"number"!=typeof a)return null}else a=parseInt(a,10);return a}function fb(a,b,c,d,e){return e.relativeTime(b||1,!!c,a,d)}function gb(a,b,c){var d=tb.duration(a).abs(),e=yb(d.as("s")),f=yb(d.as("m")),g=yb(d.as("h")),h=yb(d.as("d")),i=yb(d.as("M")),j=yb(d.as("y")),k=e<mc.s&&["s",e]||1===f&&["m"]||f<mc.m&&["mm",f]||1===g&&["h"]||g<mc.h&&["hh",g]||1===h&&["d"]||h<mc.d&&["dd",h]||1===i&&["M"]||i<mc.M&&["MM",i]||1===j&&["y"]||["yy",j];return k[2]=b,k[3]=+a>0,k[4]=c,fb.apply({},k)}function hb(a,b,c){var d,e=c-b,f=c-a.day();return f>e&&(f-=7),e-7>f&&(f+=7),d=tb(a).add(f,"d"),{week:Math.ceil(d.dayOfYear()/7),year:d.year()}}function ib(a,b,c,d,e){var f,g,h=db(a,0,1).getUTCDay();return h=0===h?7:h,c=null!=c?c:e,f=e-h+(h>d?7:0)-(e>h?7:0),g=7*(b-1)+(c-e)+f+1,{year:g>0?a:a-1,dayOfYear:g>0?g:D(a-1)+g}}function jb(b){var c,d=b._i,e=b._f;return b._locale=b._locale||tb.localeData(b._l),null===d||e===a&&""===d?tb.invalid({nullInput:!0}):("string"==typeof d&&(b._i=d=b._locale.preparse(d)),tb.isMoment(d)?new k(d,!0):(e?u(e)?Z(b):W(b):bb(b),c=new k(b),c._nextDay&&(c.add(1,"d"),c._nextDay=a),c))}function kb(a,b){var c,d;if(1===b.length&&u(b[0])&&(b=b[0]),!b.length)return tb();for(c=b[0],d=1;d<b.length;++d)b[d][a](c)&&(c=b[d]);return c}function lb(a,b){var c;return"string"==typeof b&&(b=a.localeData().monthsParse(b),"number"!=typeof b)?a:(c=Math.min(a.date(),B(a.year(),b)),a._d["set"+(a._isUTC?"UTC":"")+"Month"](b,c),a)}function mb(a,b){return a._d["get"+(a._isUTC?"UTC":"")+b]()}function nb(a,b,c){return"Month"===b?lb(a,c):a._d["set"+(a._isUTC?"UTC":"")+b](c)}function ob(a,b){return function(c){return null!=c?(nb(this,a,c),tb.updateOffset(this,b),this):mb(this,a)}}function pb(a){return 400*a/146097}function qb(a){return 146097*a/400}function rb(a){tb.duration.fn[a]=function(){return this._data[a]}}function sb(a){"undefined"==typeof ender&&(ub=xb.moment,xb.moment=a?f("Accessing Moment through the global scope is deprecated, and will be removed in an upcoming release.",tb):tb)}for(var tb,ub,vb,wb="2.8.4",xb="undefined"!=typeof global?global:this,yb=Math.round,zb=Object.prototype.hasOwnProperty,Ab=0,Bb=1,Cb=2,Db=3,Eb=4,Fb=5,Gb=6,Hb={},Ib=[],Jb="undefined"!=typeof module&&module&&module.exports,Kb=/^\/?Date\((\-?\d+)/i,Lb=/(\-)?(?:(\d*)\.)?(\d+)\:(\d+)(?:\:(\d+)\.?(\d{3})?)?/,Mb=/^(-)?P(?:(?:([0-9,.]*)Y)?(?:([0-9,.]*)M)?(?:([0-9,.]*)D)?(?:T(?:([0-9,.]*)H)?(?:([0-9,.]*)M)?(?:([0-9,.]*)S)?)?|([0-9,.]*)W)$/,Nb=/(\[[^\[]*\])|(\\)?(Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Q|YYYYYY|YYYYY|YYYY|YY|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|mm?|ss?|S{1,4}|x|X|zz?|ZZ?|.)/g,Ob=/(\[[^\[]*\])|(\\)?(LTS|LT|LL?L?L?|l{1,4})/g,Pb=/\d\d?/,Qb=/\d{1,3}/,Rb=/\d{1,4}/,Sb=/[+\-]?\d{1,6}/,Tb=/\d+/,Ub=/[0-9]*['a-z\u00A0-\u05FF\u0700-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]+|[\u0600-\u06FF\/]+(\s*?[\u0600-\u06FF]+){1,2}/i,Vb=/Z|[\+\-]\d\d:?\d\d/gi,Wb=/T/i,Xb=/[\+\-]?\d+/,Yb=/[\+\-]?\d+(\.\d{1,3})?/,Zb=/\d/,$b=/\d\d/,_b=/\d{3}/,ac=/\d{4}/,bc=/[+-]?\d{6}/,cc=/[+-]?\d+/,dc=/^\s*(?:[+-]\d{6}|\d{4})-(?:(\d\d-\d\d)|(W\d\d$)|(W\d\d-\d)|(\d\d\d))((T| )(\d\d(:\d\d(:\d\d(\.\d+)?)?)?)?([\+\-]\d\d(?::?\d\d)?|\s*Z)?)?$/,ec="YYYY-MM-DDTHH:mm:ssZ",fc=[["YYYYYY-MM-DD",/[+-]\d{6}-\d{2}-\d{2}/],["YYYY-MM-DD",/\d{4}-\d{2}-\d{2}/],["GGGG-[W]WW-E",/\d{4}-W\d{2}-\d/],["GGGG-[W]WW",/\d{4}-W\d{2}/],["YYYY-DDD",/\d{4}-\d{3}/]],gc=[["HH:mm:ss.SSSS",/(T| )\d\d:\d\d:\d\d\.\d+/],["HH:mm:ss",/(T| )\d\d:\d\d:\d\d/],["HH:mm",/(T| )\d\d:\d\d/],["HH",/(T| )\d\d/]],hc=/([\+\-]|\d\d)/gi,ic=("Date|Hours|Minutes|Seconds|Milliseconds".split("|"),{Milliseconds:1,Seconds:1e3,Minutes:6e4,Hours:36e5,Days:864e5,Months:2592e6,Years:31536e6}),jc={ms:"millisecond",s:"second",m:"minute",h:"hour",d:"day",D:"date",w:"week",W:"isoWeek",M:"month",Q:"quarter",y:"year",DDD:"dayOfYear",e:"weekday",E:"isoWeekday",gg:"weekYear",GG:"isoWeekYear"},kc={dayofyear:"dayOfYear",isoweekday:"isoWeekday",isoweek:"isoWeek",weekyear:"weekYear",isoweekyear:"isoWeekYear"},lc={},mc={s:45,m:45,h:22,d:26,M:11},nc="DDD w W M D d".split(" "),oc="M D H h m s w W".split(" "),pc={M:function(){return this.month()+1},MMM:function(a){return this.localeData().monthsShort(this,a)},MMMM:function(a){return this.localeData().months(this,a)},D:function(){return this.date()},DDD:function(){return this.dayOfYear()},d:function(){return this.day()},dd:function(a){return this.localeData().weekdaysMin(this,a)},ddd:function(a){return this.localeData().weekdaysShort(this,a)},dddd:function(a){return this.localeData().weekdays(this,a)},w:function(){return this.week()},W:function(){return this.isoWeek()},YY:function(){return p(this.year()%100,2)},YYYY:function(){return p(this.year(),4)},YYYYY:function(){return p(this.year(),5)},YYYYYY:function(){var a=this.year(),b=a>=0?"+":"-";return b+p(Math.abs(a),6)},gg:function(){return p(this.weekYear()%100,2)},gggg:function(){return p(this.weekYear(),4)},ggggg:function(){return p(this.weekYear(),5)},GG:function(){return p(this.isoWeekYear()%100,2)},GGGG:function(){return p(this.isoWeekYear(),4)},GGGGG:function(){return p(this.isoWeekYear(),5)},e:function(){return this.weekday()},E:function(){return this.isoWeekday()},a:function(){return this.localeData().meridiem(this.hours(),this.minutes(),!0)},A:function(){return this.localeData().meridiem(this.hours(),this.minutes(),!1)},H:function(){return this.hours()},h:function(){return this.hours()%12||12},m:function(){return this.minutes()},s:function(){return this.seconds()},S:function(){return A(this.milliseconds()/100)},SS:function(){return p(A(this.milliseconds()/10),2)},SSS:function(){return p(this.milliseconds(),3)},SSSS:function(){return p(this.milliseconds(),3)},Z:function(){var a=-this.zone(),b="+";return 0>a&&(a=-a,b="-"),b+p(A(a/60),2)+":"+p(A(a)%60,2)},ZZ:function(){var a=-this.zone(),b="+";return 0>a&&(a=-a,b="-"),b+p(A(a/60),2)+p(A(a)%60,2)},z:function(){return this.zoneAbbr()},zz:function(){return this.zoneName()},x:function(){return this.valueOf()},X:function(){return this.unix()},Q:function(){return this.quarter()}},qc={},rc=["months","monthsShort","weekdays","weekdaysShort","weekdaysMin"];nc.length;)vb=nc.pop(),pc[vb+"o"]=i(pc[vb],vb);for(;oc.length;)vb=oc.pop(),pc[vb+vb]=h(pc[vb],2);pc.DDDD=h(pc.DDD,3),m(j.prototype,{set:function(a){var b,c;for(c in a)b=a[c],"function"==typeof b?this[c]=b:this["_"+c]=b;this._ordinalParseLenient=new RegExp(this._ordinalParse.source+"|"+/\d{1,2}/.source)},_months:"January_February_March_April_May_June_July_August_September_October_November_December".split("_"),months:function(a){return this._months[a.month()]},_monthsShort:"Jan_Feb_Mar_Apr_May_Jun_Jul_Aug_Sep_Oct_Nov_Dec".split("_"),monthsShort:function(a){return this._monthsShort[a.month()]},monthsParse:function(a,b,c){var d,e,f;for(this._monthsParse||(this._monthsParse=[],this._longMonthsParse=[],this._shortMonthsParse=[]),d=0;12>d;d++){if(e=tb.utc([2e3,d]),c&&!this._longMonthsParse[d]&&(this._longMonthsParse[d]=new RegExp("^"+this.months(e,"").replace(".","")+"$","i"),this._shortMonthsParse[d]=new RegExp("^"+this.monthsShort(e,"").replace(".","")+"$","i")),c||this._monthsParse[d]||(f="^"+this.months(e,"")+"|^"+this.monthsShort(e,""),this._monthsParse[d]=new RegExp(f.replace(".",""),"i")),c&&"MMMM"===b&&this._longMonthsParse[d].test(a))return d;if(c&&"MMM"===b&&this._shortMonthsParse[d].test(a))return d;if(!c&&this._monthsParse[d].test(a))return d}},_weekdays:"Sunday_Monday_Tuesday_Wednesday_Thursday_Friday_Saturday".split("_"),weekdays:function(a){return this._weekdays[a.day()]},_weekdaysShort:"Sun_Mon_Tue_Wed_Thu_Fri_Sat".split("_"),weekdaysShort:function(a){return this._weekdaysShort[a.day()]},_weekdaysMin:"Su_Mo_Tu_We_Th_Fr_Sa".split("_"),weekdaysMin:function(a){return this._weekdaysMin[a.day()]},weekdaysParse:function(a){var b,c,d;for(this._weekdaysParse||(this._weekdaysParse=[]),b=0;7>b;b++)if(this._weekdaysParse[b]||(c=tb([2e3,1]).day(b),d="^"+this.weekdays(c,"")+"|^"+this.weekdaysShort(c,"")+"|^"+this.weekdaysMin(c,""),this._weekdaysParse[b]=new RegExp(d.replace(".",""),"i")),this._weekdaysParse[b].test(a))return b},_longDateFormat:{LTS:"h:mm:ss A",LT:"h:mm A",L:"MM/DD/YYYY",LL:"MMMM D, YYYY",LLL:"MMMM D, YYYY LT",LLLL:"dddd, MMMM D, YYYY LT"},longDateFormat:function(a){var b=this._longDateFormat[a];return!b&&this._longDateFormat[a.toUpperCase()]&&(b=this._longDateFormat[a.toUpperCase()].replace(/MMMM|MM|DD|dddd/g,function(a){return a.slice(1)}),this._longDateFormat[a]=b),b},isPM:function(a){return"p"===(a+"").toLowerCase().charAt(0)},_meridiemParse:/[ap]\.?m?\.?/i,meridiem:function(a,b,c){return a>11?c?"pm":"PM":c?"am":"AM"},_calendar:{sameDay:"[Today at] LT",nextDay:"[Tomorrow at] LT",nextWeek:"dddd [at] LT",lastDay:"[Yesterday at] LT",lastWeek:"[Last] dddd [at] LT",sameElse:"L"},calendar:function(a,b,c){var d=this._calendar[a];return"function"==typeof d?d.apply(b,[c]):d},_relativeTime:{future:"in %s",past:"%s ago",s:"a few seconds",m:"a minute",mm:"%d minutes",h:"an hour",hh:"%d hours",d:"a day",dd:"%d days",M:"a month",MM:"%d months",y:"a year",yy:"%d years"},relativeTime:function(a,b,c,d){var e=this._relativeTime[c];return"function"==typeof e?e(a,b,c,d):e.replace(/%d/i,a)},pastFuture:function(a,b){var c=this._relativeTime[a>0?"future":"past"];return"function"==typeof c?c(b):c.replace(/%s/i,b)},ordinal:function(a){return this._ordinal.replace("%d",a)},_ordinal:"%d",_ordinalParse:/\d{1,2}/,preparse:function(a){return a},postformat:function(a){return a},week:function(a){return hb(a,this._week.dow,this._week.doy).week},_week:{dow:0,doy:6},_invalidDate:"Invalid date",invalidDate:function(){return this._invalidDate}}),tb=function(b,c,e,f){var g;return"boolean"==typeof e&&(f=e,e=a),g={},g._isAMomentObject=!0,g._i=b,g._f=c,g._l=e,g._strict=f,g._isUTC=!1,g._pf=d(),jb(g)},tb.suppressDeprecationWarnings=!1,tb.createFromInputFallback=f("moment construction falls back to js Date. This is discouraged and will be removed in upcoming major release. Please refer to https://github.com/moment/moment/issues/1407 for more info.",function(a){a._d=new Date(a._i+(a._useUTC?" UTC":""))}),tb.min=function(){var a=[].slice.call(arguments,0);return kb("isBefore",a)},tb.max=function(){var a=[].slice.call(arguments,0);return kb("isAfter",a)},tb.utc=function(b,c,e,f){var g;return"boolean"==typeof e&&(f=e,e=a),g={},g._isAMomentObject=!0,g._useUTC=!0,g._isUTC=!0,g._l=e,g._i=b,g._f=c,g._strict=f,g._pf=d(),jb(g).utc()},tb.unix=function(a){return tb(1e3*a)},tb.duration=function(a,b){var d,e,f,g,h=a,i=null;return tb.isDuration(a)?h={ms:a._milliseconds,d:a._days,M:a._months}:"number"==typeof a?(h={},b?h[b]=a:h.milliseconds=a):(i=Lb.exec(a))?(d="-"===i[1]?-1:1,h={y:0,d:A(i[Cb])*d,h:A(i[Db])*d,m:A(i[Eb])*d,s:A(i[Fb])*d,ms:A(i[Gb])*d}):(i=Mb.exec(a))?(d="-"===i[1]?-1:1,f=function(a){var b=a&&parseFloat(a.replace(",","."));return(isNaN(b)?0:b)*d},h={y:f(i[2]),M:f(i[3]),d:f(i[4]),h:f(i[5]),m:f(i[6]),s:f(i[7]),w:f(i[8])}):"object"==typeof h&&("from"in h||"to"in h)&&(g=r(tb(h.from),tb(h.to)),h={},h.ms=g.milliseconds,h.M=g.months),e=new l(h),tb.isDuration(a)&&c(a,"_locale")&&(e._locale=a._locale),e},tb.version=wb,tb.defaultFormat=ec,tb.ISO_8601=function(){},tb.momentProperties=Ib,tb.updateOffset=function(){},tb.relativeTimeThreshold=function(b,c){return mc[b]===a?!1:c===a?mc[b]:(mc[b]=c,!0)},tb.lang=f("moment.lang is deprecated. Use moment.locale instead.",function(a,b){return tb.locale(a,b)}),tb.locale=function(a,b){var c;return a&&(c="undefined"!=typeof b?tb.defineLocale(a,b):tb.localeData(a),c&&(tb.duration._locale=tb._locale=c)),tb._locale._abbr},tb.defineLocale=function(a,b){return null!==b?(b.abbr=a,Hb[a]||(Hb[a]=new j),Hb[a].set(b),tb.locale(a),Hb[a]):(delete Hb[a],null)},tb.langData=f("moment.langData is deprecated. Use moment.localeData instead.",function(a){return tb.localeData(a)}),tb.localeData=function(a){var b;if(a&&a._locale&&a._locale._abbr&&(a=a._locale._abbr),!a)return tb._locale;if(!u(a)){if(b=J(a))return b;a=[a]}return I(a)},tb.isMoment=function(a){return a instanceof k||null!=a&&c(a,"_isAMomentObject")},tb.isDuration=function(a){return a instanceof l};for(vb=rc.length-1;vb>=0;--vb)z(rc[vb]);tb.normalizeUnits=function(a){return x(a)},tb.invalid=function(a){var b=tb.utc(0/0);return null!=a?m(b._pf,a):b._pf.userInvalidated=!0,b},tb.parseZone=function(){return tb.apply(null,arguments).parseZone()},tb.parseTwoDigitYear=function(a){return A(a)+(A(a)>68?1900:2e3)},m(tb.fn=k.prototype,{clone:function(){return tb(this)},valueOf:function(){return+this._d+6e4*(this._offset||0)},unix:function(){return Math.floor(+this/1e3)},toString:function(){return this.clone().locale("en").format("ddd MMM DD YYYY HH:mm:ss [GMT]ZZ")},toDate:function(){return this._offset?new Date(+this):this._d},toISOString:function(){var a=tb(this).utc();return 0<a.year()&&a.year()<=9999?"function"==typeof Date.prototype.toISOString?this.toDate().toISOString():N(a,"YYYY-MM-DD[T]HH:mm:ss.SSS[Z]"):N(a,"YYYYYY-MM-DD[T]HH:mm:ss.SSS[Z]")},toArray:function(){var a=this;return[a.year(),a.month(),a.date(),a.hours(),a.minutes(),a.seconds(),a.milliseconds()]},isValid:function(){return G(this)},isDSTShifted:function(){return this._a?this.isValid()&&w(this._a,(this._isUTC?tb.utc(this._a):tb(this._a)).toArray())>0:!1},parsingFlags:function(){return m({},this._pf)},invalidAt:function(){return this._pf.overflow},utc:function(a){return this.zone(0,a)},local:function(a){return this._isUTC&&(this.zone(0,a),this._isUTC=!1,a&&this.add(this._dateTzOffset(),"m")),this},format:function(a){var b=N(this,a||tb.defaultFormat);return this.localeData().postformat(b)},add:s(1,"add"),subtract:s(-1,"subtract"),diff:function(a,b,c){var d,e,f,g=K(a,this),h=6e4*(this.zone()-g.zone());return b=x(b),"year"===b||"month"===b?(d=432e5*(this.daysInMonth()+g.daysInMonth()),e=12*(this.year()-g.year())+(this.month()-g.month()),f=this-tb(this).startOf("month")-(g-tb(g).startOf("month")),f-=6e4*(this.zone()-tb(this).startOf("month").zone()-(g.zone()-tb(g).startOf("month").zone())),e+=f/d,"year"===b&&(e/=12)):(d=this-g,e="second"===b?d/1e3:"minute"===b?d/6e4:"hour"===b?d/36e5:"day"===b?(d-h)/864e5:"week"===b?(d-h)/6048e5:d),c?e:o(e)},from:function(a,b){return tb.duration({to:this,from:a}).locale(this.locale()).humanize(!b)},fromNow:function(a){return this.from(tb(),a)},calendar:function(a){var b=a||tb(),c=K(b,this).startOf("day"),d=this.diff(c,"days",!0),e=-6>d?"sameElse":-1>d?"lastWeek":0>d?"lastDay":1>d?"sameDay":2>d?"nextDay":7>d?"nextWeek":"sameElse";return this.format(this.localeData().calendar(e,this,tb(b)))},isLeapYear:function(){return E(this.year())},isDST:function(){return this.zone()<this.clone().month(0).zone()||this.zone()<this.clone().month(5).zone()},day:function(a){var b=this._isUTC?this._d.getUTCDay():this._d.getDay();return null!=a?(a=eb(a,this.localeData()),this.add(a-b,"d")):b},month:ob("Month",!0),startOf:function(a){switch(a=x(a)){case"year":this.month(0);case"quarter":case"month":this.date(1);case"week":case"isoWeek":case"day":this.hours(0);case"hour":this.minutes(0);case"minute":this.seconds(0);case"second":this.milliseconds(0)}return"week"===a?this.weekday(0):"isoWeek"===a&&this.isoWeekday(1),"quarter"===a&&this.month(3*Math.floor(this.month()/3)),this},endOf:function(b){return b=x(b),b===a||"millisecond"===b?this:this.startOf(b).add(1,"isoWeek"===b?"week":b).subtract(1,"ms")},isAfter:function(a,b){var c;return b=x("undefined"!=typeof b?b:"millisecond"),"millisecond"===b?(a=tb.isMoment(a)?a:tb(a),+this>+a):(c=tb.isMoment(a)?+a:+tb(a),c<+this.clone().startOf(b))},isBefore:function(a,b){var c;return b=x("undefined"!=typeof b?b:"millisecond"),"millisecond"===b?(a=tb.isMoment(a)?a:tb(a),+a>+this):(c=tb.isMoment(a)?+a:+tb(a),+this.clone().endOf(b)<c)},isSame:function(a,b){var c;return b=x(b||"millisecond"),"millisecond"===b?(a=tb.isMoment(a)?a:tb(a),+this===+a):(c=+tb(a),+this.clone().startOf(b)<=c&&c<=+this.clone().endOf(b))},min:f("moment().min is deprecated, use moment.min instead. https://github.com/moment/moment/issues/1548",function(a){return a=tb.apply(null,arguments),this>a?this:a}),max:f("moment().max is deprecated, use moment.max instead. https://github.com/moment/moment/issues/1548",function(a){return a=tb.apply(null,arguments),a>this?this:a}),zone:function(a,b){var c,d=this._offset||0;return null==a?this._isUTC?d:this._dateTzOffset():("string"==typeof a&&(a=Q(a)),Math.abs(a)<16&&(a=60*a),!this._isUTC&&b&&(c=this._dateTzOffset()),this._offset=a,this._isUTC=!0,null!=c&&this.subtract(c,"m"),d!==a&&(!b||this._changeInProgress?t(this,tb.duration(d-a,"m"),1,!1):this._changeInProgress||(this._changeInProgress=!0,tb.updateOffset(this,!0),this._changeInProgress=null)),this)},zoneAbbr:function(){return this._isUTC?"UTC":""},zoneName:function(){return this._isUTC?"Coordinated Universal Time":""},parseZone:function(){return this._tzm?this.zone(this._tzm):"string"==typeof this._i&&this.zone(this._i),this},hasAlignedHourOffset:function(a){return a=a?tb(a).zone():0,(this.zone()-a)%60===0},daysInMonth:function(){return B(this.year(),this.month())},dayOfYear:function(a){var b=yb((tb(this).startOf("day")-tb(this).startOf("year"))/864e5)+1;return null==a?b:this.add(a-b,"d")},quarter:function(a){return null==a?Math.ceil((this.month()+1)/3):this.month(3*(a-1)+this.month()%3)},weekYear:function(a){var b=hb(this,this.localeData()._week.dow,this.localeData()._week.doy).year;return null==a?b:this.add(a-b,"y")},isoWeekYear:function(a){var b=hb(this,1,4).year;return null==a?b:this.add(a-b,"y")},week:function(a){var b=this.localeData().week(this);return null==a?b:this.add(7*(a-b),"d")},isoWeek:function(a){var b=hb(this,1,4).week;return null==a?b:this.add(7*(a-b),"d")},weekday:function(a){var b=(this.day()+7-this.localeData()._week.dow)%7;return null==a?b:this.add(a-b,"d")},isoWeekday:function(a){return null==a?this.day()||7:this.day(this.day()%7?a:a-7)},isoWeeksInYear:function(){return C(this.year(),1,4)},weeksInYear:function(){var a=this.localeData()._week;return C(this.year(),a.dow,a.doy)},get:function(a){return a=x(a),this[a]()},set:function(a,b){return a=x(a),"function"==typeof this[a]&&this[a](b),this},locale:function(b){var c;return b===a?this._locale._abbr:(c=tb.localeData(b),null!=c&&(this._locale=c),this)},lang:f("moment().lang() is deprecated. Instead, use moment().localeData() to get the language configuration. Use moment().locale() to change languages.",function(b){return b===a?this.localeData():this.locale(b)}),localeData:function(){return this._locale},_dateTzOffset:function(){return 15*Math.round(this._d.getTimezoneOffset()/15)}}),tb.fn.millisecond=tb.fn.milliseconds=ob("Milliseconds",!1),tb.fn.second=tb.fn.seconds=ob("Seconds",!1),tb.fn.minute=tb.fn.minutes=ob("Minutes",!1),tb.fn.hour=tb.fn.hours=ob("Hours",!0),tb.fn.date=ob("Date",!0),tb.fn.dates=f("dates accessor is deprecated. Use date instead.",ob("Date",!0)),tb.fn.year=ob("FullYear",!0),tb.fn.years=f("years accessor is deprecated. Use year instead.",ob("FullYear",!0)),tb.fn.days=tb.fn.day,tb.fn.months=tb.fn.month,tb.fn.weeks=tb.fn.week,tb.fn.isoWeeks=tb.fn.isoWeek,tb.fn.quarters=tb.fn.quarter,tb.fn.toJSON=tb.fn.toISOString,m(tb.duration.fn=l.prototype,{_bubble:function(){var a,b,c,d=this._milliseconds,e=this._days,f=this._months,g=this._data,h=0;g.milliseconds=d%1e3,a=o(d/1e3),g.seconds=a%60,b=o(a/60),g.minutes=b%60,c=o(b/60),g.hours=c%24,e+=o(c/24),h=o(pb(e)),e-=o(qb(h)),f+=o(e/30),e%=30,h+=o(f/12),f%=12,g.days=e,g.months=f,g.years=h},abs:function(){return this._milliseconds=Math.abs(this._milliseconds),this._days=Math.abs(this._days),this._months=Math.abs(this._months),this._data.milliseconds=Math.abs(this._data.milliseconds),this._data.seconds=Math.abs(this._data.seconds),this._data.minutes=Math.abs(this._data.minutes),this._data.hours=Math.abs(this._data.hours),this._data.months=Math.abs(this._data.months),this._data.years=Math.abs(this._data.years),this},weeks:function(){return o(this.days()/7)},valueOf:function(){return this._milliseconds+864e5*this._days+this._months%12*2592e6+31536e6*A(this._months/12)},humanize:function(a){var b=gb(this,!a,this.localeData());return a&&(b=this.localeData().pastFuture(+this,b)),this.localeData().postformat(b)},add:function(a,b){var c=tb.duration(a,b);return this._milliseconds+=c._milliseconds,this._days+=c._days,this._months+=c._months,this._bubble(),this},subtract:function(a,b){var c=tb.duration(a,b);return this._milliseconds-=c._milliseconds,this._days-=c._days,this._months-=c._months,this._bubble(),this},get:function(a){return a=x(a),this[a.toLowerCase()+"s"]()},as:function(a){var b,c;if(a=x(a),"month"===a||"year"===a)return b=this._days+this._milliseconds/864e5,c=this._months+12*pb(b),"month"===a?c:c/12;switch(b=this._days+Math.round(qb(this._months/12)),a){case"week":return b/7+this._milliseconds/6048e5;case"day":return b+this._milliseconds/864e5;case"hour":return 24*b+this._milliseconds/36e5;case"minute":return 24*b*60+this._milliseconds/6e4;case"second":return 24*b*60*60+this._milliseconds/1e3;
+case"millisecond":return Math.floor(24*b*60*60*1e3)+this._milliseconds;default:throw new Error("Unknown unit "+a)}},lang:tb.fn.lang,locale:tb.fn.locale,toIsoString:f("toIsoString() is deprecated. Please use toISOString() instead (notice the capitals)",function(){return this.toISOString()}),toISOString:function(){var a=Math.abs(this.years()),b=Math.abs(this.months()),c=Math.abs(this.days()),d=Math.abs(this.hours()),e=Math.abs(this.minutes()),f=Math.abs(this.seconds()+this.milliseconds()/1e3);return this.asSeconds()?(this.asSeconds()<0?"-":"")+"P"+(a?a+"Y":"")+(b?b+"M":"")+(c?c+"D":"")+(d||e||f?"T":"")+(d?d+"H":"")+(e?e+"M":"")+(f?f+"S":""):"P0D"},localeData:function(){return this._locale}}),tb.duration.fn.toString=tb.duration.fn.toISOString;for(vb in ic)c(ic,vb)&&rb(vb.toLowerCase());tb.duration.fn.asMilliseconds=function(){return this.as("ms")},tb.duration.fn.asSeconds=function(){return this.as("s")},tb.duration.fn.asMinutes=function(){return this.as("m")},tb.duration.fn.asHours=function(){return this.as("h")},tb.duration.fn.asDays=function(){return this.as("d")},tb.duration.fn.asWeeks=function(){return this.as("weeks")},tb.duration.fn.asMonths=function(){return this.as("M")},tb.duration.fn.asYears=function(){return this.as("y")},tb.locale("en",{ordinalParse:/\d{1,2}(th|st|nd|rd)/,ordinal:function(a){var b=a%10,c=1===A(a%100/10)?"th":1===b?"st":2===b?"nd":3===b?"rd":"th";return a+c}}),Jb?module.exports=tb:"function"==typeof define&&define.amd?(define("moment",function(a,b,c){return c.config&&c.config()&&c.config().noGlobal===!0&&(xb.moment=ub),tb}),sb(!0)):sb()}).call(this);
\ No newline at end of file
diff --git a/data/web/js/build/011-datatables.js b/data/web/js/build/005-datatables.js
similarity index 100%
rename from data/web/js/build/011-datatables.js
rename to data/web/js/build/005-datatables.js
diff --git a/data/web/js/build/006-datetime-moment.js b/data/web/js/build/006-datetime-moment.js
new file mode 100644
index 00000000..52b537c0
--- /dev/null
+++ b/data/web/js/build/006-datetime-moment.js
@@ -0,0 +1,70 @@
+/**
+ * This plug-in for DataTables represents the ultimate option in extensibility
+ * for sorting date / time strings correctly. It uses
+ * [Moment.js](http://momentjs.com) to create automatic type detection and
+ * sorting plug-ins for DataTables based on a given format. This way, DataTables
+ * will automatically detect your temporal information and sort it correctly.
+ *
+ * For usage instructions, please see the DataTables blog
+ * post that [introduces it](//datatables.net/blog/2014-12-18).
+ *
+ * @name Ultimate Date / Time sorting
+ * @summary Sort date and time in any format using Moment.js
+ * @author [Allan Jardine](//datatables.net)
+ * @depends DataTables 1.10+, Moment.js 1.7+
+ *
+ * @example
+ *    $.fn.dataTable.moment( 'HH:mm MMM D, YY' );
+ *    $.fn.dataTable.moment( 'dddd, MMMM Do, YYYY' );
+ *
+ *    $('#example').DataTable();
+ */
+
+(function (factory) {
+	if (typeof define === "function" && define.amd) {
+		define(["jquery", "moment", "datatables.net"], factory);
+	} else {
+		factory(jQuery, moment);
+	}
+}(function ($, moment) {
+
+function strip (d) {
+	if ( typeof d === 'string' ) {
+		// Strip HTML tags and newline characters if possible
+		d = d.replace(/(<.*?>)|(\r?\n|\r)/g, '');
+
+		// Strip out surrounding white space
+		d = d.trim();
+	}
+
+	return d;
+}
+
+$.fn.dataTable.moment = function ( format, locale, reverseEmpties ) {
+	var types = $.fn.dataTable.ext.type;
+
+	// Add type detection
+	types.detect.unshift( function ( d ) {
+		d = strip(d);
+
+		// Null and empty values are acceptable
+		if ( d === '' || d === null ) {
+			return 'moment-'+format;
+		}
+
+		return moment( d, format, locale, true ).isValid() ?
+			'moment-'+format :
+			null;
+	} );
+
+	// Add sorting method - use an integer for the sorting
+	types.order[ 'moment-'+format+'-pre' ] = function ( d ) {
+		d = strip(d);
+		
+		return !moment(d, format, locale, true).isValid() ?
+			(reverseEmpties ? -Infinity : Infinity) :
+			parseInt( moment( d, format, locale, true ).format( 'x' ), 10 );
+	};
+};
+
+}));
diff --git a/data/web/js/build/006-notifications.min.js b/data/web/js/build/007-notifications.min.js
similarity index 100%
rename from data/web/js/build/006-notifications.min.js
rename to data/web/js/build/007-notifications.min.js
diff --git a/data/web/js/build/007-formcache.min.js b/data/web/js/build/008-formcache.min.js
similarity index 100%
rename from data/web/js/build/007-formcache.min.js
rename to data/web/js/build/008-formcache.min.js
diff --git a/data/web/js/build/008-chart.js b/data/web/js/build/009-chart.js
similarity index 100%
rename from data/web/js/build/008-chart.js
rename to data/web/js/build/009-chart.js
diff --git a/data/web/js/build/008-chartjs-plugin-datalabels.js b/data/web/js/build/010-chartjs-plugin-datalabels.js
similarity index 100%
rename from data/web/js/build/008-chartjs-plugin-datalabels.js
rename to data/web/js/build/010-chartjs-plugin-datalabels.js
diff --git a/data/web/js/build/009-numberedtextarea.min.js b/data/web/js/build/011-numberedtextarea.min.js
similarity index 100%
rename from data/web/js/build/009-numberedtextarea.min.js
rename to data/web/js/build/011-numberedtextarea.min.js
diff --git a/data/web/js/build/010-sha1.min.js b/data/web/js/build/012-sha1.min.js
similarity index 100%
rename from data/web/js/build/010-sha1.min.js
rename to data/web/js/build/012-sha1.min.js
diff --git a/data/web/js/build/012-api.js b/data/web/js/build/013-api.js
similarity index 100%
rename from data/web/js/build/012-api.js
rename to data/web/js/build/013-api.js
diff --git a/data/web/js/build/013-markdown-it.min.js b/data/web/js/build/014-markdown-it.min.js
similarity index 100%
rename from data/web/js/build/013-markdown-it.min.js
rename to data/web/js/build/014-markdown-it.min.js
diff --git a/data/web/js/build/014-mailcow.js b/data/web/js/build/015-mailcow.js
similarity index 96%
rename from data/web/js/build/014-mailcow.js
rename to data/web/js/build/015-mailcow.js
index 66da6076..351b794c 100644
--- a/data/web/js/build/014-mailcow.js
+++ b/data/web/js/build/015-mailcow.js
@@ -274,10 +274,11 @@ $(document).ready(function() {
     });
   })
 
-  // Jquery Datatables, enable responsive plugin
+  // Jquery Datatables, enable responsive plugin and date sort plugin
   $.extend($.fn.dataTable.defaults, {
     responsive: true
   });
+  $.fn.dataTable.moment('dd:mm:YYYY');
 
   // tag boxes
   $('.tag-box .tag-add').click(function(){

From f1bb23ba2a9b15f5c61e91b2d299eda130a3eae8 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 16 Dec 2022 09:40:20 +0100
Subject: [PATCH 048/170] fix darkmode toggle

---
 data/web/js/build/015-mailcow.js | 4 ++--
 data/web/js/site/index.js        | 4 ++--
 data/web/templates/base.twig     | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/data/web/js/build/015-mailcow.js b/data/web/js/build/015-mailcow.js
index 351b794c..2d7f9d82 100644
--- a/data/web/js/build/015-mailcow.js
+++ b/data/web/js/build/015-mailcow.js
@@ -304,13 +304,13 @@ $(document).ready(function() {
       $('#dark-mode-toggle').prop('checked', false);
       if ($('#rspamd_logo').length) $('#rspamd_logo').attr('src', '/img/rspamd_logo_dark.png');
       if ($('#rspamd_logo_sm').length) $('#rspamd_logo_sm').attr('src', '/img/rspamd_logo_dark.png');
-      localStorage.setItem('darkmode', 'false');
+      localStorage.setItem('theme', 'light');
     }else{
       $('head').append('<link id="dark-mode-theme" rel="stylesheet" type="text/css" href="/css/themes/mailcow-darkmode.css">');
       $('#dark-mode-toggle').prop('checked', true);
       if ($('#rspamd_logo').length) $('#rspamd_logo').attr('src', '/img/rspamd_logo_light.png');
       if ($('#rspamd_logo_sm').length) $('#rspamd_logo_sm').attr('src', '/img/rspamd_logo_light.png');
-      localStorage.setItem('darkmode', 'true');
+      localStorage.setItem('theme', 'dark');
     }
   }
 });
diff --git a/data/web/js/site/index.js b/data/web/js/site/index.js
index cbbb1a44..4c812a37 100644
--- a/data/web/js/site/index.js
+++ b/data/web/js/site/index.js
@@ -1,5 +1,5 @@
 $(document).ready(function() {
-  var darkmode = localStorage.getItem("darkmode");
+  var theme = localStorage.getItem("theme");
   localStorage.clear();
-  localStorage.setItem("darkmode", darkmode);
+  localStorage.setItem("theme", theme);
 });
diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index 83860ad0..743a2b2d 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -11,8 +11,8 @@
   <link rel="stylesheet" href="{{ css_path }}">
   <script>
     // check if darkmode is preferred by OS or set by localStorage
-    if (window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches ||
-        JSON.parse(localStorage.getItem("darkmode")) === true) {
+    if (window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches && localStorage.getItem("theme") !== "light" ||
+        localStorage.getItem("theme") === "dark") {
       var head  = document.getElementsByTagName('head')[0];
       var link  = document.createElement('link');
       link.id   = 'dark-mode-theme';

From ea1eb48596a9437cd116e7050b2b37cb1a566e64 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 16 Dec 2022 09:48:33 +0100
Subject: [PATCH 049/170] show version modal only on master

---
 data/web/js/site/debug.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index b57f1dbc..8c409022 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -48,7 +48,8 @@ $(document).ready(function() {
     check_update(mailcow_info.version_tag, mailcow_info.project_url);
   }
   $("#maiclow_version").click(function(){
-    if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin")
+    if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin" ||
+       mailcow_info.branch !== "master")
       return;
 
     showVersionModal("Version " + mailcow_info.version_tag, mailcow_info.version_tag);
@@ -992,7 +993,6 @@ jQuery(function($){
       return;
     }
 
-    // BUG TODO: loading 100 results in loading 10 - loading 1000 results in loading 100
     if (table = $('#' + log_table).DataTable()) {
       var heading = $('#' + log_table).closest('.card').find('.card-header');
       var load_rows = (table.page.len() + 1) + '-' + (table.page.len() + new_nrows)

From bfd53293633a386909aba5603f3a2227d30480e0 Mon Sep 17 00:00:00 2001
From: knuth <knuth@ethergeist.de>
Date: Fri, 16 Dec 2022 13:57:01 +0100
Subject: [PATCH 050/170] docker comes with compose

---
 .github/workflows/image_builds.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/image_builds.yml b/.github/workflows/image_builds.yml
index fe660754..65678dff 100644
--- a/.github/workflows/image_builds.yml
+++ b/.github/workflows/image_builds.yml
@@ -33,13 +33,11 @@ jobs:
         run: |
           curl -sSL https://get.docker.com/ | CHANNEL=stable sudo sh
           sudo service docker start
-          sudo curl -L https://github.com/docker/compose/releases/download/v$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
-          sudo chmod +x /usr/local/bin/docker-compose
       - name: Prepair Image Builds
         run: |
           cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
       - name: Build Docker Images
         run: |
-          docker-compose build ${image}
+          docker compose build ${image}
         env:
           image: ${{ matrix.images }}

From a8d50955ee26ebe97d6b9d6229c635026bfbca47 Mon Sep 17 00:00:00 2001
From: knuth <knuth@ethergeist.de>
Date: Fri, 16 Dec 2022 13:57:13 +0100
Subject: [PATCH 051/170] Use built in compose

---
 data/web/_status.502.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/web/_status.502.html b/data/web/_status.502.html
index efbc0e8b..35a66ba9 100644
--- a/data/web/_status.502.html
+++ b/data/web/_status.502.html
@@ -13,12 +13,12 @@
     Please check the logs or contact support if the error persists.</p>
     <h2>Quick debugging</h2>
     <p>Check Nginx and PHP logs:</p>
-    <pre>docker-compose logs --tail=200 php-fpm-mailcow nginx-mailcow</pre>
+    <pre>docker compose logs --tail=200 php-fpm-mailcow nginx-mailcow</pre>
     <p>Make sure your SQL credentials in mailcow.conf (a link to .env) do fit your initialized SQL volume. If you see an access denied, you might have the wrong mailcow.conf:</p>
-    <pre>source mailcow.conf ; docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}</pre>
+    <pre>source mailcow.conf ; docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}</pre>
     <p>In case of a previous failed installation, create a backup of your existing data, followed by removing all volumes and starting over (<b>NEVER</b> do this with a production system, it will remove <b>ALL</b> data):</p>
     <pre>BACKUP_LOCATION=/tmp/ ./helper-scripts/backup_and_restore.sh backup all</pre>
-    <pre>docker-compose down --volumes ; docker-compose up -d</pre>
+    <pre>docker compose down --volumes ; docker compose up -d</pre>
     <p>Make sure your timezone is correct. Use "America/New_York" for example, do not use spaces. Check <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones">here</a> for a list.</p>
     <br>Click to learn more about <a style="color:red;text-decoration:none;" href="https://mailcow.github.io/mailcow-dockerized-docs/#get-support" target="_blank">getting support.</a>
   </body>

From 7875185e1f30bcb93ed44aec8f4093df49950eb4 Mon Sep 17 00:00:00 2001
From: knuth <knuth@ethergeist.de>
Date: Fri, 16 Dec 2022 13:57:37 +0100
Subject: [PATCH 052/170] fix unicode char

---
 helper-scripts/update_compose.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/helper-scripts/update_compose.sh b/helper-scripts/update_compose.sh
index 16769edc..cae773c2 100755
--- a/helper-scripts/update_compose.sh
+++ b/helper-scripts/update_compose.sh
@@ -61,10 +61,10 @@ echo -e "\e[32mTrying to determine GLIBC version...\e[0m"
 elif [ "${DOCKER_COMPOSE_VERSION}" == "native" ]; then
     echo -e "\e[31mYou are using the native Docker Compose Plugin. This Script is for the standalone Docker Compose Version only.\e[0m"
     sleep 2
-    echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m"
+    echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
     exit 1
 
 else
     echo -e "\e[31mCan not read DOCKER_COMPOSE_VERSION variable from mailcow.conf! Is your mailcow up to date? Exiting...\e[0m"
     exit 1
-fi
\ No newline at end of file
+fi

From d98fd74968277843713d70b0f95ddd252e059d45 Mon Sep 17 00:00:00 2001
From: knuth <knuth@ethergeist.de>
Date: Fri, 16 Dec 2022 13:58:15 +0100
Subject: [PATCH 053/170] use GitHub for newest docker-compose release

---
 helper-scripts/update_compose.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/helper-scripts/update_compose.sh b/helper-scripts/update_compose.sh
index cae773c2..b6640798 100755
--- a/helper-scripts/update_compose.sh
+++ b/helper-scripts/update_compose.sh
@@ -38,13 +38,16 @@ echo -e "\e[32mTrying to determine GLIBC version...\e[0m"
         echo -e "\e[33mExiting...\e[0m"
         exit 1
         #prevent breaking a working docker-compose installed with pip
-    elif [[ $(curl -sL -w "%{http_code}" https://www.servercow.de/docker-compose/latest.php?vers=${DC_DL_SUFFIX} -o /dev/null) == "200" ]]; then
-        LATEST_COMPOSE=$(curl -#L https://www.servercow.de/docker-compose/latest.php)
+    elif [[ $(curl -sL -w "%{http_code}" https://github.com/docker/compose/releases/latest -o /dev/null) == "200" ]]; then
+        LATEST_COMPOSE=$(curl -Ls -w %{url_effective} -o /dev/null https://github.com/docker/compose/releases/latest) # redirect to latest release
+        LATEST_COMPOSE=${LATEST_COMPOSE##*/} #get the latest version from the redirect, inlcuding the "v" prefix
+        if [ $DC_DL_SUFFIX]; then
+          LATEST_COMPOSE=1.27.4 # force 1.27.4 for legacy systems, tag is not prefixed by "v"
         COMPOSE_VERSION=$(docker-compose version --short)
         if [[ "$LATEST_COMPOSE" != "$COMPOSE_VERSION" ]]; then
         COMPOSE_PATH=$(command -v docker-compose)
         if [[ -w ${COMPOSE_PATH} ]]; then
-            curl -#L https://github.com/docker/compose/releases/download/v${LATEST_COMPOSE}/docker-compose-$(uname -s)-$(uname -m) > $COMPOSE_PATH
+            curl -#L https://github.com/docker/compose/releases/download/${LATEST_COMPOSE}/docker-compose-$(uname -s)-$(uname -m) > $COMPOSE_PATH
             chmod +x $COMPOSE_PATH
             echo -e "\e[32mYour Docker Compose (standalone) has been updated to: $LATEST_COMPOSE\e[0m"
             exit 0

From 99bcfb8c4bd0371cbc7444d4320c51548c8d8005 Mon Sep 17 00:00:00 2001
From: knuth <knuth@ethergeist.de>
Date: Fri, 16 Dec 2022 14:09:39 +0100
Subject: [PATCH 054/170] fix incorrect render value

---
 .github/ISSUE_TEMPLATE/Bug_report.yml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.yml b/.github/ISSUE_TEMPLATE/Bug_report.yml
index 2fe7082c..3cfbbe0d 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/Bug_report.yml
@@ -26,21 +26,21 @@ body:
     attributes:
       label: Description
       description: Please provide a brief description of the bug in 1-2 sentences. If applicable, add screenshots to help explain your problem. Very useful for bugs in mailcow UI.
-      render: text
+      render: plain text
     validations:
       required: true
   - type: textarea
     attributes:
       label: "Logs:"
       description: "Please take a look at the [official documentation](https://docs.mailcow.email/troubleshooting/debug-logs/) and post the last few lines of logs, when the error occurs. For example, docker container logs of affected containers. This will be automatically formatted into code, so no need for backticks."
-      render: text
+      render: plain text
     validations:
       required: true
   - type: textarea
     attributes:
       label: "Steps to reproduce:"
       description: "Please describe the steps to reproduce the bug. Screenshots can be added, if helpful."
-      render: text
+      render: plain text
       placeholder: |-
         1. ...
         2. ...
@@ -117,41 +117,41 @@ body:
     attributes:
       label: "Logs of git diff:"
       description: "#### Output of `git diff origin/master`, any other changes to the code? If so, **please post them**:"
-      render: text
+      render: plain text
     validations:
       required: true
   - type: textarea
     attributes:
       label: "Logs of iptables -L -vn:"
       description: "#### Output of `iptables -L -vn`"
-      render: text
+      render: plain text
     validations:
       required: true
   - type: textarea
     attributes:
       label: "Logs of ip6tables -L -vn:"
       description: "#### Output of `ip6tables -L -vn`"
-      render: text
+      render: plain text
     validations:
       required: true
   - type: textarea
     attributes:
       label: "Logs of iptables -L -vn -t nat:"
       description: "#### Output of `iptables -L -vn -t nat`"
-      render: text
+      render: plain text
     validations:
       required: true
   - type: textarea
     attributes:
       label: "Logs of ip6tables -L -vn -t nat:"
       description: "#### Output of `ip6tables -L -vn -t nat`"
-      render: text
+      render: plain text
     validations:
       required: true
   - type: textarea
     attributes:
       label: "DNS check:"
       description: "#### Output of `docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254` (set the IP accordingly, if you changed the internal mailcow network)"
-      render: text
+      render: plain text
     validations:
       required: true

From 65585e286d6e7b3ce65cc854a5ed291ddfcd35e8 Mon Sep 17 00:00:00 2001
From: knuth <knuth@ethergeist.de>
Date: Fri, 16 Dec 2022 14:16:46 +0100
Subject: [PATCH 055/170] use GitHub redirect for newest version

---
 helper-scripts/update_compose.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/helper-scripts/update_compose.sh b/helper-scripts/update_compose.sh
index b6640798..1dadbe33 100755
--- a/helper-scripts/update_compose.sh
+++ b/helper-scripts/update_compose.sh
@@ -4,7 +4,8 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 source ${SCRIPT_DIR}/../mailcow.conf
 
 if [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
-LATEST_COMPOSE=$(curl -#L https://www.servercow.de/docker-compose/latest.php)
+LATEST_COMPOSE=$(curl -Ls -w %{url_effective} -o /dev/null https://github.com/docker/compose/releases/latest) # redirect to latest release
+LATEST_COMPOSE=${LATEST_COMPOSE##*/v} #get the latest version from the redirect, excluding the "v" prefix
 COMPOSE_VERSION=$(docker-compose version --short)
 if [[ "$LATEST_COMPOSE" != "$COMPOSE_VERSION" ]]; then
   echo -e "\e[33mA new docker-compose Version is available: $LATEST_COMPOSE\e[0m"

From e5cf35aff89c7c9bce2a94fdff780c3b2cba708d Mon Sep 17 00:00:00 2001
From: knuth <knuth@ethergeist.de>
Date: Fri, 16 Dec 2022 14:17:17 +0100
Subject: [PATCH 056/170] fix unicode char

---
 helper-scripts/update_compose.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helper-scripts/update_compose.sh b/helper-scripts/update_compose.sh
index 1dadbe33..01be926f 100755
--- a/helper-scripts/update_compose.sh
+++ b/helper-scripts/update_compose.sh
@@ -34,7 +34,7 @@ echo -e "\e[32mTrying to determine GLIBC version...\e[0m"
     sleep 1
     if [[ $(command -v pip 2>&1) && $(pip list --local 2>&1 | grep -v DEPRECATION | grep -c docker-compose) == 1 || $(command -v pip3 2>&1) && $(pip3 list --local 2>&1 | grep -v DEPRECATION | grep -c docker-compose) == 1 ]]; then
         echo -e "\e[33mFound a docker-compose Version installed with pip!\e[0m"
-        echo -e "\e[31mPlease uninstall the pip Version of docker-compose since it doesn´t support Versions higher than 1.29.2.\e[0m"
+        echo -e "\e[31mPlease uninstall the pip Version of docker-compose since it doesn't support Versions higher than 1.29.2.\e[0m"
         sleep 2
         echo -e "\e[33mExiting...\e[0m"
         exit 1

From bb7c7bcff61fbd9d809d18740f4b51c04fae4483 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Sun, 18 Dec 2022 22:40:21 +0100
Subject: [PATCH 057/170] Install renovate

---
 .github/renovate.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 .github/renovate.json

diff --git a/.github/renovate.json b/.github/renovate.json
new file mode 100644
index 00000000..37962b2a
--- /dev/null
+++ b/.github/renovate.json
@@ -0,0 +1,13 @@
+{
+  "enabled": true,
+  "timezone": "Europe/Berlin",
+  "dependencyDashboard": false,
+  "dependencyDashboardTitle": "Renovate Dashboard",
+  "commitBody": "Signed-off-by: milkmaker <milkmaker@mailcow.de>",
+  "rebaseWhen": "auto",
+  "assignees": [
+    "@magiccc"
+  ],
+  "baseBranches": ["staging"],
+  "enabledManagers": ["github-actions"]
+}

From f1e1232849dc8671d188079d8aa6cc54756bf221 Mon Sep 17 00:00:00 2001
From: Der-Jan <de@r-jan.de>
Date: Wed, 21 Dec 2022 10:39:14 +0100
Subject: [PATCH 058/170] Add Message-ID to pushover

---
 data/conf/rspamd/meta_exporter/pushover.php | 9 +++++----
 data/web/templates/edit/mailbox.twig        | 2 +-
 data/web/templates/user/Pushover.twig       | 2 +-
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/data/conf/rspamd/meta_exporter/pushover.php b/data/conf/rspamd/meta_exporter/pushover.php
index 4c8092d1..10265d15 100644
--- a/data/conf/rspamd/meta_exporter/pushover.php
+++ b/data/conf/rspamd/meta_exporter/pushover.php
@@ -54,6 +54,7 @@ $rcpts    = $headers['X-Rspamd-Rcpt'];
 $sender   = $headers['X-Rspamd-From'];
 $ip       = $headers['X-Rspamd-Ip'];
 $subject  = $headers['X-Rspamd-Subject'];
+$messageid= $json_body->message_id;
 $priority = 0;
 
 $symbols_array = json_decode($headers['X-Rspamd-Symbols'], true);
@@ -245,13 +246,13 @@ foreach ($rcpt_final_mailboxes as $rcpt_final) {
       "token" => $api_data['token'],
       "user" => $api_data['key'],
       "title" => sprintf("%s", str_replace(
-        array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO_NAME}', '{TO_ADDRESS}'), 
-        array($subject, $sender, $sender_name, $sender_address, $to_name, $to_address), $title)
+        array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO_NAME}', '{TO_ADDRESS}', '{MSG_ID}'),
+        array($subject, $sender, $sender_name, $sender_address, $to_name, $to_address, $messageid), $title)
       ),
       "priority" => $priority,
       "message" => sprintf("%s", str_replace(
-        array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO_NAME}', '{TO_ADDRESS}', '\n'),
-        array($subject, $sender, $sender_name, $sender_address, $to_name, $to_address, PHP_EOL), $text)
+        array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO_NAME}', '{TO_ADDRESS}', '{MSG_ID}', '\n'),
+        array($subject, $sender, $sender_name, $sender_address, $to_name, $to_address, $messageid, PHP_EOL), $text)
       ),
       "sound" => $attributes['sound'] ?? "pushover"
     );
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index 9eb7c951..7f5bc26e 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -275,7 +275,7 @@
         </div>
         <div class="col-sm-10">
           <p class="help-block">{{ lang.user.pushover_info|format(mailbox)|raw }}</p>
-          <p class="help-block">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code>, <code>{TO_NAME}</code>, <code>{TO_ADDRESS}</code></p>
+          <p class="help-block">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code>, <code>{TO_NAME}</code>, <code>{TO_ADDRESS}, <code>{MSG_ID}</code></p>
           <div class="form-group">
             <div class="row">
               <div class="col-sm-6">
diff --git a/data/web/templates/user/Pushover.twig b/data/web/templates/user/Pushover.twig
index 5bd6b1a4..8a0a07d4 100644
--- a/data/web/templates/user/Pushover.twig
+++ b/data/web/templates/user/Pushover.twig
@@ -9,7 +9,7 @@
       </div>
       <div class="col-sm-10">
         <p class="help-block">{{ lang.user.pushover_info|format(mailcow_cc_username)|raw }}</p>
-        <p class="help-block">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code>, <code>{TO_NAME}</code>, <code>{TO_ADDRESS}</code></p>
+        <p class="help-block">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code>, <code>{TO_NAME}</code>, <code>{TO_ADDRESS}</code>, <code>{MSG_ID}</code></p>
         <div class="form-group">
           <div class="row">
             <div class="col-sm-6">

From aa7888c37d0f098d6c213f0e9ce8bddb0c296831 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Fri, 23 Dec 2022 14:47:27 +0100
Subject: [PATCH 059/170] Updated DB Schemata + reverted escape HTML of alert
 boxes

---
 data/web/inc/init_db.inc.php     | 2 +-
 data/web/js/build/015-mailcow.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 263cb653..e781f944 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "17112022_2115";
+    $db_version = "23122022_1445";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
diff --git a/data/web/js/build/015-mailcow.js b/data/web/js/build/015-mailcow.js
index 2d7f9d82..1532ee54 100644
--- a/data/web/js/build/015-mailcow.js
+++ b/data/web/js/build/015-mailcow.js
@@ -1,7 +1,7 @@
 $(document).ready(function() {
   // mailcow alert box generator
   window.mailcow_alert_box = function(message, type) {
-    msg = $('<span/>').text(escapeHtml(message)).text();
+    msg = $('<span/>').text(message).text();
     if (type == 'danger' || type == 'info') {
       auto_hide = 0;
       $('#' + localStorage.getItem("add_modal")).modal('show');

From 948d23f56d252af8a4777a72775bcd07fdfdb86d Mon Sep 17 00:00:00 2001
From: moo <moo@cow.moo>
Date: Fri, 23 Dec 2022 16:28:52 +0100
Subject: [PATCH 060/170] [Clamd] Update to 1.0

---
 data/Dockerfiles/clamd/Dockerfile | 2 +-
 docker-compose.yml                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile
index efbc6a4d..91716b84 100644
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -1,4 +1,4 @@
-FROM clamav/clamav:0.105.1_base
+FROM clamav/clamav:1.0_base
 
 LABEL maintainer "André Peters <andre.peters@servercow.de>"
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 6f184cd3..730561fa 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -58,7 +58,7 @@ services:
             - redis
 
     clamd-mailcow:
-      image: mailcow/clamd:1.54
+      image: mailcow/clamd:1.60
       restart: always
       depends_on:
         - unbound-mailcow

From c4827e908c189b282341d0470218d5e9e4d24e66 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:22 +0000
Subject: [PATCH 061/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.ca-es.json | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/data/web/lang/lang.ca-es.json b/data/web/lang/lang.ca-es.json
index c2032da6..81b0c422 100644
--- a/data/web/lang/lang.ca-es.json
+++ b/data/web/lang/lang.ca-es.json
@@ -393,16 +393,11 @@
         "toggle_all": "Marcar tots"
     },
     "queue": {
-        "delete_queue": "Delete all",
         "flush_queue": "Flush queue",
-        "queue_ays": "Please confirm you want to delete all items from the current queue.",
         "queue_command_success": "Queue command completed successfully",
-        "queue_deliver_mail": "Deliver",
         "queue_hold_mail": "Hold",
         "queue_manager": "Queue Manager",
-        "queue_show_message": "Show message",
-        "queue_unban": "queue unban",
-        "queue_unhold_mail": "Unhold"
+        "queue_unban": "queue unban"
     },
     "start": {
         "help": "Mostrar/Ocultar panell d'ajuda",

From 116859e0ba30501eed10847985cf8913bcb671e5 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:22 +0000
Subject: [PATCH 062/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.cs-cz.json | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index f9c4fca5..9b944e51 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -889,15 +889,10 @@
         "type": "Typ"
     },
     "queue": {
-        "delete_queue": "Smazat vše",
         "flush_queue": "Vyprázdnit frontu (opětovně doručit)",
-        "queue_ays": "Potvrďte prosím, že chcete odstranit všechny položky z aktuální fronty.",
         "queue_deliver_mail": "Doručit",
-        "queue_hold_mail": "Zadržet",
         "queue_manager": "Správce fronty",
-        "queue_show_message": "Zobrazit zprávu",
-        "queue_unban": "odblokovat",
-        "queue_unhold_mail": "Propustit"
+        "queue_unban": "odblokovat"
     },
     "ratelimit": {
         "disabled": "Vypnuto",

From 78621a1f5072c4cf7a31490a5b05cd96426070e4 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 063/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.da-dk.json | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json
index 8b5ef0d5..3d8fe85e 100644
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -640,7 +640,7 @@
         "deactivate": "Deaktiver",
         "description": "Beskrivelse",
         "disable_login": "Tillad ikke login (indgående mail accepteres stadig)",
-        "disable_x": "Deaktiver",        
+        "disable_x": "Deaktiver",
         "dkim_domains_selector": "Vælger",
         "dkim_key_length": "DKIM nøgle længde (bits)",
         "domain": "Domæne",
@@ -656,7 +656,7 @@
         "filter_table": "Filtertabel",
         "filters": "Filtre",
         "fname": "Fulde navn",
-        "force_pw_update": "Tving adgangskodeopdatering til næste login",   
+        "force_pw_update": "Tving adgangskodeopdatering til næste login",
         "gal": "Global adresseliste",
         "hourly": "Hver time",
         "in_use": "I brug (%)",
@@ -803,15 +803,10 @@
         "toggle_all": "Skift alt"
     },
     "queue": {
-        "delete_queue": "Slet alt",
         "flush_queue": "Tøm kø",
-        "queue_ays": "Bekræft venligst, at du vil slette alle emner fra den aktuelle kø.",
         "queue_deliver_mail": "Aflevere",
-        "queue_hold_mail": "Hold",
         "queue_manager": "Køadministrator",
-        "queue_unban": "kø ikke udeluk",
-        "queue_unhold_mail": "Unhold",
-        "queue_show_message": "Vis besked"
+        "queue_unhold_mail": "Unhold"
     },
     "start": {
         "help": "Vis / skjul hjælpepanel",

From 287118c3a71f206dca333626280f7b8524bb4793 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 064/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.es-es.json | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/data/web/lang/lang.es-es.json b/data/web/lang/lang.es-es.json
index 2e54e00e..caa46690 100644
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -602,13 +602,9 @@
         "toggle_all": "Seleccionar todos"
     },
     "queue": {
-        "delete_queue": "Eliminar todos",
         "flush_queue": "Vaciar la cola",
-        "queue_ays": "Confirme que desea eliminar todos los elementos de la cola actual.",
         "queue_deliver_mail": "Entregar",
-        "queue_hold_mail": "Retener",
         "queue_manager": "Administrador de cola",
-        "queue_unban": "Encolar desbloqueo",
         "queue_unhold_mail": "Liberar retención"
     },
     "start": {

From 8ad5acb0202b0917121fdc0a07789665713a0552 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 065/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.fi-fi.json | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/data/web/lang/lang.fi-fi.json b/data/web/lang/lang.fi-fi.json
index 485555da..61072d0a 100644
--- a/data/web/lang/lang.fi-fi.json
+++ b/data/web/lang/lang.fi-fi.json
@@ -559,7 +559,7 @@
         "daily": "Päivittäin",
         "deactivate": "Deaktivoi",
         "description": "Kuvaus",
-        "disable_x": "Poista käytöstä",        
+        "disable_x": "Poista käytöstä",
         "dkim_domains_selector": "Valitsin",
         "dkim_key_length": "DKIM avaimen pituus (bits)",
         "domain": "Verkkotunnukset",
@@ -686,13 +686,9 @@
         "toggle_all": "Valitse kaikki"
     },
     "queue": {
-        "delete_queue": "Poista kaikki",
         "flush_queue": "Tyhjennä jono",
-        "queue_ays": "Vahvista, että haluat poistaa kaikki nykyisen jonon kohteet.",
         "queue_deliver_mail": "Toimittaa",
-        "queue_hold_mail": "Pidossa",
         "queue_manager": "Jonon hallinta",
-        "queue_unban": "jono unban",
         "queue_unhold_mail": "Poista pidosta"
     },
     "start": {

From dca85f2ffbf209f5ccd6e66c1552ffff64384e36 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 066/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.fr-fr.json | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 666d1bc8..5b7dfd0f 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -675,10 +675,10 @@
         "enable_x": "Activer",
         "excludes": "Exclut",
         "filter_table": "Table de filtre",
-        "filters": "Filtres",   
+        "filters": "Filtres",
         "fname": "Nom complet",
         "force_pw_update": "Forcer la mise à jour du mot de passe à la prochaine ouverture de session",
-        "gal": "Carnet d'Adresses Global (GAL)",     
+        "gal": "Carnet d'Adresses Global (GAL)",
         "hourly": "Horaire",
         "in_use": "Utilisé (%)",
         "inactive": "Inactif",
@@ -827,15 +827,10 @@
         "toggle_all": "Tout basculer"
     },
     "queue": {
-        "delete_queue": "Tout supprimer",
         "flush_queue": "Vider la file d'attente",
-        "queue_ays": "Veuillez confirmer que vous voulez supprimer tous les éléments de la file d’attente actuelle.",
         "queue_deliver_mail": "Délivrer",
-        "queue_hold_mail": "Garder",
         "queue_manager": "Gestion de la file d'attente",
-        "queue_unban": "file d’attente unban",
-        "queue_unhold_mail": "Ne pas garder",
-        "queue_show_message": "Montrer message"
+        "queue_unhold_mail": "Ne pas garder"
     },
     "start": {
         "help": "Afficher/masquer le panneau d’aide",

From 174fcd7167f4e3313ae9a3e28134a6765c50ff7c Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 067/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.hu-hu.json | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/data/web/lang/lang.hu-hu.json b/data/web/lang/lang.hu-hu.json
index 4fa55a3b..8e1f5bca 100644
--- a/data/web/lang/lang.hu-hu.json
+++ b/data/web/lang/lang.hu-hu.json
@@ -216,16 +216,11 @@
         "toggle_all": "Összes átkapcsolása"
     },
     "queue": {
-        "delete_queue": "Delete all",
         "flush_queue": "Flush queue",
-        "queue_ays": "Please confirm you want to delete all items from the current queue.",
         "queue_command_success": "Queue command completed successfully",
-        "queue_deliver_mail": "Deliver",
         "queue_hold_mail": "Hold",
         "queue_manager": "Queue Manager",
-        "queue_show_message": "Show message",
-        "queue_unban": "queue unban",
-        "queue_unhold_mail": "Unhold"
+        "queue_unban": "queue unban"
     },
     "start": {
         "help": "Súgó panel megjelenítése/elrejtése",

From 01a61d4e622c6fbac02c23b14a45014bf1b13174 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 068/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.ro-ro.json | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/data/web/lang/lang.ro-ro.json b/data/web/lang/lang.ro-ro.json
index f99bcb87..23da7b9f 100644
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@@ -895,15 +895,10 @@
         "toggle_all": "Comută toate"
     },
     "queue": {
-        "delete_queue": "Șterge tot",
         "flush_queue": "Elimină coadă",
-        "queue_ays": "Te rog confirmă că dorești să ștergi toate articolele din coada curentă.",
         "queue_deliver_mail": "Livrează",
-        "queue_hold_mail": "Blochează",
         "queue_manager": "Manager de coadă",
-        "queue_unban": "coadă pentru dezactivare interdicție",
-        "queue_unhold_mail": "Deblochează",
-        "queue_show_message": "Arată mesajul"
+        "queue_unhold_mail": "Deblochează"
     },
     "ratelimit": {
         "disabled": "Dezactivat",

From b368c299d99e1de6ae037778ab144cff01bdd550 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 069/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.ru-ru.json | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index bce3cd3a..d14b2b41 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -893,15 +893,10 @@
         "type": "Тип"
     },
     "queue": {
-        "delete_queue": "Удалить все сообщения",
         "flush_queue": "Отправить все сообщения",
-        "queue_ays": "Пожалуйста, подтвердите, что вы хотите удалить все элементы из очереди.",
         "queue_deliver_mail": "Доставить",
-        "queue_hold_mail": "Поставить на удержание",
         "queue_manager": "Очередь на отправку",
-        "queue_show_message": "Показать сообщение",
-        "queue_unban": "разблокировать очередь",
-        "queue_unhold_mail": "Снять с удержания"
+        "queue_unban": "разблокировать очередь"
     },
     "ratelimit": {
         "disabled": "Отключен",

From 614aa1e49e660a55a87397fd97d3108077dd11b3 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 070/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.sk-sk.json | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index 88761448..593c48da 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -895,15 +895,10 @@
         "type": "Typ"
     },
     "queue": {
-        "delete_queue": "Vymazať všetko",
         "flush_queue": "Vyprázdniť frontu",
-        "queue_ays": "Prosím potvrďte vymazanie všetkých položiek z aktuálnej fronty.",
         "queue_deliver_mail": "Doručiť",
-        "queue_hold_mail": "Pozdržať",
         "queue_manager": "Správca fronty",
-        "queue_show_message": "Zobraziť správu",
-        "queue_unban": "Odblokovať",
-        "queue_unhold_mail": "Uvoľniť"
+        "queue_unban": "Odblokovať"
     },
     "ratelimit": {
         "disabled": "Vypnuté",

From de9564c4c96f1f892d3817bd595249201b220db1 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 071/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.zh-cn.json | 28 ++++++++--------------------
 1 file changed, 8 insertions(+), 20 deletions(-)

diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 7715da33..07d1938f 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -152,7 +152,6 @@
         "credentials_transport_warning": "<b>警告</b>: 添加新的传输规则将会为所有的\"下一跳\"列匹配的规则更新认证凭证。",
         "customer_id": "客户 ID",
         "customize": "页面自定义",
-        "delete_queue": "删除所有",
         "destination": "目标地址",
         "dkim_add_key": "添加 ARC/DKIM 密钥",
         "dkim_domains_selector": "选择器",
@@ -258,13 +257,9 @@
         "quarantine_release_format_att": "附件",
         "quarantine_release_format_raw": "原件 (未修改)",
         "quarantine_retention_size": "每个邮箱保留隔离项目数:<br><small>0 表示 <b>禁用</b>。</small>",
-        "queue_ays": "你真的确定想要删除当前队列中的所有项目吗？",
         "queue_deliver_mail": "传递",
-        "queue_hold_mail": "暂停",
         "queue_manager": "队列管理",
-        "queue_show_message": "显示消息",
         "queue_unban": "队列取消封禁",
-        "queue_unhold_mail": "继续",
         "quota_notification_html": "通知邮件模板:<br><small>留空则恢复默认模板。</small>",
         "quota_notification_sender": "通知邮件发件人",
         "quota_notification_subject": "通知邮件主题",
@@ -747,12 +742,10 @@
         "last_run_reset": "下一次运行",
         "mailbox": "邮箱",
         "mailbox_defaults": "默认设置",
-        "mailbox_defaults_info": "调整新邮箱的默认设置",
+        "mailbox_defaults_info": "配置新邮箱的默认设置",
         "mailbox_defquota": "默认邮箱大小",
         "mailbox_quota": "最大邮箱大小",
         "mailboxes": "邮箱",
-        "mailbox_defaults": "默认设置",
-        "mailbox_defaults_info": "配置新邮箱的默认设置",
         "mins_interval": "间隔 (分钟)",
         "msg_num": "消息 #",
         "multiple_bookings": "登记限制",
@@ -782,7 +775,7 @@
         "remove": "删除",
         "resources": "资源",
         "running": "运行中",
-       "sender": "发件人",
+        "sender": "发件人",
         "set_postfilter": "标记为 postfilter",
         "set_prefilter": "标记为 prefilter",
         "sieve_info": "你可以为每个用户存储多个过滤器，但只能同时启用一个 prefilter 和一个 postfilter 。<br>\r\n过滤器将按列表中的顺序依次执行，下一个脚本不会因为上一个脚本运行失败或保留运行而停止运行。更改全局 sieve 脚本会重启 Dovecot。<br><br>全局 sieve prefilter &#8226; prefilter &#8226; 用户脚本 &#8226; postfilter &#8226; 全局 sieve postfilter",
@@ -895,22 +888,17 @@
         "type": "类型"
     },
     "queue": {
-        "delete_queue": "删除所有",
         "flush_queue": "清空队列",
-        "queue_ays": "请确认你真的想要删除当前队列中的所有项目。",
         "queue_deliver_mail": "递送",
-        "queue_hold_mail": "暂停",
         "queue_manager": "队列管理器",
-        "queue_unban": "队列取消封禁",
-        "queue_unhold_mail": "继续",
-        "queue_show_message": "显示消息"
+        "queue_unhold_mail": "继续"
     },
     "ratelimit": {
-      "disabled": "禁用",
-      "second": "msgs / 秒",
-      "minute": "msgs / 分钟",
-      "hour": "msgs / 小说",
-      "day": "msgs / 天"
+        "disabled": "禁用",
+        "second": "msgs / 秒",
+        "minute": "msgs / 分钟",
+        "hour": "msgs / 小说",
+        "day": "msgs / 天"
     },
     "start": {
         "help": "显示/隐藏 帮助面板",

From bff96eb1ae74804ab6bfda027a833a598aaa1944 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 072/170] [Web] Updated lang.sv-se.json

[Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: Filip <filipborglandgren@live.se>
Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.sv-se.json | 59 +++++++++++++++++------------------
 1 file changed, 28 insertions(+), 31 deletions(-)

diff --git a/data/web/lang/lang.sv-se.json b/data/web/lang/lang.sv-se.json
index 216aeae0..c23e6e5f 100644
--- a/data/web/lang/lang.sv-se.json
+++ b/data/web/lang/lang.sv-se.json
@@ -2,51 +2,53 @@
     "acl": {
         "alias_domains": "Lägg till aliasdomäner",
         "app_passwds": "Hantera applikationslösenord",
-        "bcc_maps": "Dåld kopia-kopplingar",
+        "bcc_maps": "Dold kopia-kopplingar",
         "delimiter_action": "Avgränsningsåtgärder",
-        "eas_reset": "Återställ EAS-cache",
-        "extend_sender_acl": "Tillåt inmatning av externa avsändaradresser",
+        "eas_reset": "Återställ EAS enheter",
+        "extend_sender_acl": "Tillåt att utöka avsändarens ACL med externa adresser",
         "filters": "Filter",
-        "login_as": "Logga in som en brevlådeanvändare",
+        "login_as": "Logga in som mejlanvändare",
         "prohibited": "Inte tillåtet enligt en åtkomstlista",
-        "protocol_access": "Ändra tillåtna protokoll",
+        "protocol_access": "Ändra protokollåtkomst",
         "pushover": "Pushover",
         "quarantine": "Karantän åtgärder",
         "quarantine_attachments": "Karantänsbilagor",
         "quarantine_notification": "Ändra karantänsnotifieringar",
         "quarantine_category": "Ändra kategorin för karantänsnotifieringar",
         "ratelimit": "Hastighetsgräns",
-        "recipient_maps": "Om skrivning av mottagare",
-        "smtp_ip_access": "Hantera tillåtna värdar för SMTP",
+        "recipient_maps": "Kartor över mottagare",
+        "smtp_ip_access": "Ändra tillåtna värdar för SMTP",
         "sogo_access": "Tillåt hantering av SOGo-åtkomst",
         "sogo_profile_reset": "Återställ SOGo-profil",
         "spam_alias": "Tillfälliga e-postalias",
-        "spam_policy": "Svartlista/vitlista",
+        "spam_policy": "Svartlista/Vitlista",
         "spam_score": "Skräppost-betyg",
-        "syncjobs": "synkroniseringsjobb",
+        "syncjobs": "Synkroniseringsjobb",
         "tls_policy": "Krypteringspolicy",
         "unlimited_quota": "Obegränsad kvot för postlådor",
-        "domain_desc": "Ändra domänbeskrivningen"
+        "domain_desc": "Ändra domänbeskrivningen",
+        "domain_relayhost": "Ändra relävärd för domän",
+        "mailbox_relayhost": "Ändra relävärd för e-postlåda"
     },
     "add": {
-        "activate_filter_warn": "Alla andra filter av den här typen kommer inaktiveras om det här skriptet markeras som aktivt.",
+        "activate_filter_warn": "Alla andra filter kommer att inaktiveras när aktiva är markerade.",
         "active": "Aktiv",
         "add": "Lägg till",
-        "add_domain_only": "Lägg bara till domänen",
-        "add_domain_restart": "Lägg till domänen, och starta om SOGo",
-        "alias_address": "Alias-adress/adresser",
-        "alias_address_info": "<small>Fulständig e-postadress/adresser, eller @example.com för att fånga alla meddelanden på en domän (separerade med komma). <b>endast mailcow domäner</b>.</small>",
-        "alias_domain": "Aliasdomän",
-        "alias_domain_info": "<small>Endast giltiga domännamn (separerade med komma).</small>",
+        "add_domain_only": "Lägg enbart till domän",
+        "add_domain_restart": "Lägg till domän och starta om SOGo",
+        "alias_address": "Aliasadress/-er",
+        "alias_address_info": "<small>Fullständig e-postadress/er eller @example.com, för att fånga alla meddelanden för en domän (kommaseparerad).<b>Endast Mailcow-domäner</b>.</small>",
+        "alias_domain": "Alias domän",
+        "alias_domain_info": "<small>Endast giltiga domännamn (kommaavgränsade).</small>",
         "app_name": "Applikationsnamn",
         "app_password": "Lägg till applikationslösenord",
-        "automap": "Koppla automatiskt de vanliga e-post katalogerna (\"Skickade meddelanden\", \"Skickat\" => \"Skickat\" mm)",
-        "backup_mx_options": "Inställningar för vidarebefordran",
-        "comment_info": "En privat kommentar är inte synlig för användaren, medan en offentlig kommentar visas i användaröversikten",
+        "automap": "Försök att automatiskt mappa mappar (\"Skickade objekt\", \"Skickat\" => \"Skickat\" etc.)",
+        "backup_mx_options": "Reläalternativ",
+        "comment_info": "En privat kommentar är inte synlig för användaren, medan en offentlig kommentar visas som verktygstips när du hovrar den i en användares översikt",
         "custom_params": "Egna parametrar",
         "custom_params_hint": "Korrekt: --param=xy, Felaktigt: --param xy",
-        "delete1": "Ta bort meddelande från källservern när överföringen är slutförd.",
-        "delete2": "Ta bort meddelanden från destinationsservern som inte finns på källservern",
+        "delete1": "Ta bort från källan när du är klar",
+        "delete2": "Ta bort meddelanden på målet som inte finns på källan",
         "delete2duplicates": "Ta bort dubbletter på destinationsservern",
         "description": "Beskrivning",
         "destination": "Destination",
@@ -102,7 +104,9 @@
         "timeout2": "Timeout för anslutning till lokalserver",
         "username": "Användarnamn",
         "validate": "Validera",
-        "validation_success": "Korrekt validerad"
+        "validation_success": "Korrekt validerad",
+        "app_passwd_protocols": "Tillåtna protokoll för applösenord",
+        "bcc_dest_format": "BCC-destinationen måste vara en enda giltig e-postadress.<br>Om du behöver skicka en kopia till flera adresser skapar du ett alias och använder det här."
     },
     "admin": {
         "access": "Åtkomst",
@@ -836,15 +840,8 @@
         "toggle_all": "Markera alla"
     },
     "queue": {
-        "delete_queue": "Ta bort allt",
-        "flush_queue": "Kasta kön",
-        "queue_ays": "Bekräfta att du verkligen vill ta bort dessa objekt från den aktuella kön.",
         "queue_deliver_mail": "Leverera",
-        "queue_hold_mail": "Håll kvar",
-        "queue_manager": "Kö-hanteraring",
-        "queue_unban": "schemalägg en borttagning från banlysning",
-        "queue_unhold_mail": "Släpp på",
-        "queue_show_message": "Visa meddelandet"
+        "queue_manager": "Kö-hanteraring"
     },
     "start": {
         "help": "Visa/dölj hjälppanel",

From f40b6b5b6568b8eb87185810f87cb1239c073678 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 073/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.it-it.json | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index b0508f5d..39cf8689 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -537,7 +537,6 @@
         "hostname": "Hostname",
         "inactive": "Inattivo",
         "kind": "Genere",
-        "last_mail_login": "Last mail login",
         "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
         "mailbox": "Modifica casella di posta",
         "mailbox_quota_def": "Default mailbox quota",
@@ -894,15 +893,10 @@
         "type": "Tipologia"
     },
     "queue": {
-        "delete_queue": "Elimina tutto",
         "flush_queue": "Svuota la coda",
-        "queue_ays": "Conferma di voler eliminare tutti gli elementi dalla coda corrente.",
         "queue_deliver_mail": "Consegna",
-        "queue_hold_mail": "Trattieni",
         "queue_manager": "Gestore code",
-        "queue_show_message": "Visualizza messaggio",
-        "queue_unban": "queue unban",
-        "queue_unhold_mail": "Rilascia"
+        "queue_unban": "queue unban"
     },
     "start": {
         "help": "Mostra/Nascondi pannello di aiuto",

From f4351c119f5d3750876f621c2a1d3479968dfaea Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 074/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.ko-kr.json | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/data/web/lang/lang.ko-kr.json b/data/web/lang/lang.ko-kr.json
index 6111e99a..f501a310 100644
--- a/data/web/lang/lang.ko-kr.json
+++ b/data/web/lang/lang.ko-kr.json
@@ -777,15 +777,10 @@
         "toggle_all": "선택 반전"
     },
     "queue": {
-        "delete_queue": "전부 삭제",
         "flush_queue": "큐 비우기",
-        "queue_ays": "현재 대기열에서 모든 항목을 삭제할지 확인하십시오.",
         "queue_deliver_mail": "Deliver",
-        "queue_hold_mail": "Hold",
         "queue_manager": "대기열 관리자",
-        "queue_unban": "대기열 밴 해제",
-        "queue_unhold_mail": "Unhold",
-        "queue_show_message": "메시지 표시"
+        "queue_unhold_mail": "Unhold"
     },
     "start": {
         "help": "Show/Hide help panel",

From 24cea0cf22d2c90a5ba6901c57b279c278cad885 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 075/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.lv-lv.json | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index d3b53ddf..277ca3ae 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -400,16 +400,11 @@
         "toggle_all": "Pārslēgt visu"
     },
     "queue": {
-        "delete_queue": "Delete all",
         "flush_queue": "Flush queue",
-        "queue_ays": "Please confirm you want to delete all items from the current queue.",
         "queue_command_success": "Queue command completed successfully",
-        "queue_deliver_mail": "Deliver",
         "queue_hold_mail": "Hold",
         "queue_manager": "Queue Manager",
-        "queue_show_message": "Show message",
-        "queue_unban": "queue unban",
-        "queue_unhold_mail": "Unhold"
+        "queue_unban": "queue unban"
     },
     "start": {
         "help": "Rādīt/Paslēp palīdzības paneli",

From c2927af5548758e1ff1fd4e0b1215f6d04a17e3a Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 076/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.nl-nl.json | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/data/web/lang/lang.nl-nl.json b/data/web/lang/lang.nl-nl.json
index 68a9e02f..b9a4d084 100644
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -659,7 +659,6 @@
         "domain_admins": "Domeinadministrators",
         "domain_aliases": "Domeinaliassen",
         "domain_quota": "Quota",
-        "domain_quota_m": "Totale domeinquota",
         "domains": "Domeinen",
         "edit": "Wijzig",
         "empty": "Geen resultaten",
@@ -816,15 +815,10 @@
         "toggle_all": "Selecteer alles"
     },
     "queue": {
-        "delete_queue": "Verwijder alles",
         "flush_queue": "Leeg queue",
-        "queue_ays": "Bevestig het verwijderen van alle items uit de queue.",
         "queue_deliver_mail": "Lever af",
-        "queue_hold_mail": "Houd vast",
         "queue_manager": "Queue manager",
-        "queue_unban": "hef verbanning op",
-        "queue_unhold_mail": "Geef vrij",
-        "queue_show_message": "Toon item"
+        "queue_unhold_mail": "Geef vrij"
     },
     "start": {
         "help": "Toon/verberg hulppaneel",

From 7a5be0ccbf1313de01a5c466f0aa746131be319c Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 077/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.pl-pl.json | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/data/web/lang/lang.pl-pl.json b/data/web/lang/lang.pl-pl.json
index c2f2bd36..979fbe69 100644
--- a/data/web/lang/lang.pl-pl.json
+++ b/data/web/lang/lang.pl-pl.json
@@ -285,16 +285,11 @@
         "toggle_all": "Zaznacz wszystkie"
     },
     "queue": {
-        "delete_queue": "Delete all",
         "flush_queue": "Flush queue",
-        "queue_ays": "Please confirm you want to delete all items from the current queue.",
         "queue_command_success": "Queue command completed successfully",
-        "queue_deliver_mail": "Deliver",
         "queue_hold_mail": "Hold",
         "queue_manager": "Queue Manager",
-        "queue_show_message": "Show message",
-        "queue_unban": "queue unban",
-        "queue_unhold_mail": "Unhold"
+        "queue_unban": "queue unban"
     },
     "start": {
         "help": "Pokaż/Ukryj panel pomocy",

From ffb68c8848173952dcb68233a2f624576a4a6434 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 078/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.pt-pt.json | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/data/web/lang/lang.pt-pt.json b/data/web/lang/lang.pt-pt.json
index 6eba0529..5987ae77 100644
--- a/data/web/lang/lang.pt-pt.json
+++ b/data/web/lang/lang.pt-pt.json
@@ -193,16 +193,11 @@
         "remove": "Remover"
     },
     "queue": {
-        "delete_queue": "Delete all",
         "flush_queue": "Flush queue",
-        "queue_ays": "Please confirm you want to delete all items from the current queue.",
         "queue_command_success": "Queue command completed successfully",
-        "queue_deliver_mail": "Deliver",
         "queue_hold_mail": "Hold",
         "queue_manager": "Queue Manager",
-        "queue_show_message": "Show message",
-        "queue_unban": "queue unban",
-        "queue_unhold_mail": "Unhold"
+        "queue_unban": "queue unban"
     },
     "start": {
         "help": "Mostrar/Ocultar painel de ajuda",

From 714b8417f46bb9990acfa603372a49261bf08f85 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 079/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.uk-ua.json | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index 957211de..939b547e 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -305,7 +305,6 @@
         "excludes": "Виключає цих отримувачів",
         "f2b_filter": "Правила фільтрування за допомогою регулярних виразів",
         "f2b_list_info": "Хости або підмережі, занесені до чорного списку, завжди переважатимуть об'єкти з білого списку. <b>Оновлення списку займе декілька секунд.</b>",
-        "flush_queue": "Відправити всі повідомлення",
         "forwarding_hosts_add_hint": "Можна вказувати: IPv4/IPv6 підмережі в нотації CIDR, імена хостів (які будуть дозволятися в IP-адреси) або доменні імена (які будуть вирішуватися з IP-адресами шляхом запиту SPF записів або, у разі їх відсутності, запитом MX записів).",
         "forwarding_hosts_hint": "Вхідні повідомлення приймаються від будь-яких хостів, перерахованих тут. Ці хости не проходять перевірку DNSBL і greylisting. Спам, отриманий від них, ніколи не відхиляється, але за бажання можна включити спам-фільтр і листи з поганим рейтингом потраплятимуть до спаму. Найбільш поширене використання – вказати поштові сервери, на яких ви встановили правило, яке перенаправляє вхідні електронні листи на ваш поштовий сервер mailcow.",
         "guid_and_license": "Ліцензія та GUID",
@@ -320,7 +319,6 @@
         "quarantine_notification_html": "Шаблон сповіщення:<br><small>Залиште порожнім, щоб відновити шаблон за промовчанням.</small>",
         "quarantine_notification_subject": "Тема листа",
         "quarantine_redirect": "<b>Перенаправити всі повідомлення</b> цьому одержувачу:<br><small><b>Одержувач повинен бути внутрішнім, оскільки пошта не підписана та не перевірена. </b></br>Вимкнено, якщо одержувач не вказано.</small>",
-        "queue_ays": "Будь ласка, підтвердіть, що ви хочете видалити всі елементи з черги.",
         "quota_notification_html": "Шаблон сповіщення:<br><small>Залиште порожнім, щоб відновити шаблон за замовчуванням.</small>",
         "quota_notifications_info": "Повідомлення про досягнення квоти надсилаються користувачам при досягненні 80% та 95% від встановленої квоти.",
         "r_info": "Затінені/вимкнені елементи в списку активних обмежень не відомі як дійсні обмеження для mailcow і не можуть бути переміщені. Невідомі обмеження все одно будуть встановлені в порядку появи. <br>Ви можете додати нові елементи в <code>inc/vars.local.inc.php</code>, щоб мати можливість перемикати їх.",
@@ -898,14 +896,10 @@
         "table_size_show_n": "Відображати %s полів"
     },
     "queue": {
-        "delete_queue": "Видалити всі повідомлення",
         "flush_queue": "Flush queue",
-        "queue_deliver_mail": "Доставити",
         "queue_hold_mail": "Поставити на утримання",
         "queue_manager": "Черга на відправлення",
-        "queue_show_message": "Показати повідомлення",
-        "queue_unban": "розблокувати чергу",
-        "queue_unhold_mail": "Зняти з утримання"
+        "queue_unban": "розблокувати чергу"
     },
     "ratelimit": {
         "disabled": "Вимкнено",

From e7817fab78eaec6b062e3467aacb90b4b39bf6a1 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 23 Dec 2022 20:45:23 +0000
Subject: [PATCH 080/170] [Web] Language file updated by 'Cleanup translation
 files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.zh-tw.json | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index 7b34172f..46a7bbc2 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -152,7 +152,6 @@
         "credentials_transport_warning": "<b>警告</b>: 新增新的傳輸規則會同時更新所有\"下一跳\"欄中符合項目的認證憑證。",
         "customer_id": "客戶 ID",
         "customize": "自訂",
-        "delete_queue": "刪除全部",
         "destination": "目標地址",
         "dkim_add_key": "新增 ARC/DKIM 金鑰",
         "dkim_domains_selector": "選擇器",
@@ -189,7 +188,6 @@
         "f2b_retry_window": "重試次數的時間區間大小 (秒)",
         "f2b_whitelist": "網路/主機白名單",
         "filter_table": "篩選表格",
-        "flush_queue": "清空佇列",
         "forwarding_hosts": "轉發主機",
         "forwarding_hosts_add_hint": "你可以指定 IPv4/IPv6 地址、CIDR 表示的網路、主機名稱 (會被自動解析為 IP 地址)，或者信箱域名 (會自動查詢 SPF 紀錄或 MX 紀錄並解析為 IP 地址)。",
         "forwarding_hosts_hint": "來自此處所列的主機的郵件會被無條件接收。而且這些主機不會經過 DNSBL 或灰名單的檢查。來自它們的垃圾郵件不會被拒絕，但可以設定被歸入垃圾郵件資料夾。這個欄位經常用於設定轉寄信件至 mailcow 伺服器的郵件伺服器。",
@@ -259,13 +257,9 @@
         "quarantine_release_format_att": "如附件",
         "quarantine_release_format_raw": "未修改的原始信件",
         "quarantine_retention_size": "每個信箱的隔離保留上限：<br><small>0 表示 <b>停用</b>。</small>",
-        "queue_ays": "請確定是否要刪除目前佇列中的所有項目。",
         "queue_deliver_mail": "遞送",
-        "queue_hold_mail": "暫停",
         "queue_manager": "佇列管理",
-        "queue_show_message": "顯示訊息",
         "queue_unban": "佇列解除封鎖",
-        "queue_unhold_mail": "繼續",
         "quota_notification_html": "通知信模版：<br><small>留空來重設為預設模版。</small>",
         "quota_notification_sender": "通知信寄件人",
         "quota_notification_subject": "通知信主旨",
@@ -652,7 +646,6 @@
         "administration": "設定和管理",
         "apps": "應用程式",
         "debug": "系統訊息",
-        "mailboxes": "信箱設定",
         "mailcow_settings": "設定",
         "quarantine": "隔離",
         "restart_netfilter": "重新啟動 netfilter",
@@ -905,11 +898,11 @@
         "type": "類型"
     },
     "ratelimit": {
-      "disabled": "停用",
-      "second": "訊息 / 秒",
-      "minute": "訊息 / 分鐘",
-      "hour": "訊息 / 小時",
-      "day": "訊息 / 天"
+        "disabled": "停用",
+        "second": "訊息 / 秒",
+        "minute": "訊息 / 分鐘",
+        "hour": "訊息 / 小時",
+        "day": "訊息 / 天"
     },
     "start": {
         "help": "顯示/隱藏 幫助面板",

From 55d57c552df09b63095138c6bb7f894070a935f3 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sat, 24 Dec 2022 11:48:08 +0100
Subject: [PATCH 081/170] Translations update from Weblate (#4909)

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>
---
 data/web/lang/lang.ca-es.json | 5 +----
 data/web/lang/lang.cs-cz.json | 4 +---
 data/web/lang/lang.da-dk.json | 4 +---
 data/web/lang/lang.es-es.json | 4 +---
 data/web/lang/lang.fi-fi.json | 4 +---
 data/web/lang/lang.fr-fr.json | 4 +---
 data/web/lang/lang.hu-hu.json | 5 +----
 data/web/lang/lang.it-it.json | 4 +---
 data/web/lang/lang.ko-kr.json | 4 +---
 data/web/lang/lang.lv-lv.json | 5 +----
 data/web/lang/lang.nl-nl.json | 4 +---
 data/web/lang/lang.pl-pl.json | 5 +----
 data/web/lang/lang.pt-pt.json | 5 +----
 data/web/lang/lang.ro-ro.json | 4 +---
 data/web/lang/lang.ru-ru.json | 4 +---
 data/web/lang/lang.sk-sk.json | 4 +---
 data/web/lang/lang.sv-se.json | 1 -
 data/web/lang/lang.uk-ua.json | 4 +---
 data/web/lang/lang.zh-cn.json | 6 +-----
 data/web/lang/lang.zh-tw.json | 3 ---
 20 files changed, 18 insertions(+), 65 deletions(-)

diff --git a/data/web/lang/lang.ca-es.json b/data/web/lang/lang.ca-es.json
index 81b0c422..07bf8512 100644
--- a/data/web/lang/lang.ca-es.json
+++ b/data/web/lang/lang.ca-es.json
@@ -393,11 +393,8 @@
         "toggle_all": "Marcar tots"
     },
     "queue": {
-        "flush_queue": "Flush queue",
         "queue_command_success": "Queue command completed successfully",
-        "queue_hold_mail": "Hold",
-        "queue_manager": "Queue Manager",
-        "queue_unban": "queue unban"
+        "queue_manager": "Queue Manager"
     },
     "start": {
         "help": "Mostrar/Ocultar panell d'ajuda",
diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index 9b944e51..d0b34525 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -889,10 +889,8 @@
         "type": "Typ"
     },
     "queue": {
-        "flush_queue": "Vyprázdnit frontu (opětovně doručit)",
         "queue_deliver_mail": "Doručit",
-        "queue_manager": "Správce fronty",
-        "queue_unban": "odblokovat"
+        "queue_manager": "Správce fronty"
     },
     "ratelimit": {
         "disabled": "Vypnuto",
diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json
index 3d8fe85e..eec15b2c 100644
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -803,10 +803,8 @@
         "toggle_all": "Skift alt"
     },
     "queue": {
-        "flush_queue": "Tøm kø",
         "queue_deliver_mail": "Aflevere",
-        "queue_manager": "Køadministrator",
-        "queue_unhold_mail": "Unhold"
+        "queue_manager": "Køadministrator"
     },
     "start": {
         "help": "Vis / skjul hjælpepanel",
diff --git a/data/web/lang/lang.es-es.json b/data/web/lang/lang.es-es.json
index caa46690..d1c8a975 100644
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -602,10 +602,8 @@
         "toggle_all": "Seleccionar todos"
     },
     "queue": {
-        "flush_queue": "Vaciar la cola",
         "queue_deliver_mail": "Entregar",
-        "queue_manager": "Administrador de cola",
-        "queue_unhold_mail": "Liberar retención"
+        "queue_manager": "Administrador de cola"
     },
     "start": {
         "help": "Mostrar/Ocultar panel de ayuda",
diff --git a/data/web/lang/lang.fi-fi.json b/data/web/lang/lang.fi-fi.json
index 61072d0a..efe55e74 100644
--- a/data/web/lang/lang.fi-fi.json
+++ b/data/web/lang/lang.fi-fi.json
@@ -686,10 +686,8 @@
         "toggle_all": "Valitse kaikki"
     },
     "queue": {
-        "flush_queue": "Tyhjennä jono",
         "queue_deliver_mail": "Toimittaa",
-        "queue_manager": "Jonon hallinta",
-        "queue_unhold_mail": "Poista pidosta"
+        "queue_manager": "Jonon hallinta"
     },
     "start": {
         "help": "Näytä/Piilota help paneeli",
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 5b7dfd0f..686241ed 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -827,10 +827,8 @@
         "toggle_all": "Tout basculer"
     },
     "queue": {
-        "flush_queue": "Vider la file d'attente",
         "queue_deliver_mail": "Délivrer",
-        "queue_manager": "Gestion de la file d'attente",
-        "queue_unhold_mail": "Ne pas garder"
+        "queue_manager": "Gestion de la file d'attente"
     },
     "start": {
         "help": "Afficher/masquer le panneau d’aide",
diff --git a/data/web/lang/lang.hu-hu.json b/data/web/lang/lang.hu-hu.json
index 8e1f5bca..14f1ed85 100644
--- a/data/web/lang/lang.hu-hu.json
+++ b/data/web/lang/lang.hu-hu.json
@@ -216,11 +216,8 @@
         "toggle_all": "Összes átkapcsolása"
     },
     "queue": {
-        "flush_queue": "Flush queue",
         "queue_command_success": "Queue command completed successfully",
-        "queue_hold_mail": "Hold",
-        "queue_manager": "Queue Manager",
-        "queue_unban": "queue unban"
+        "queue_manager": "Queue Manager"
     },
     "start": {
         "help": "Súgó panel megjelenítése/elrejtése",
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index 39cf8689..7b7d9b3b 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -893,10 +893,8 @@
         "type": "Tipologia"
     },
     "queue": {
-        "flush_queue": "Svuota la coda",
         "queue_deliver_mail": "Consegna",
-        "queue_manager": "Gestore code",
-        "queue_unban": "queue unban"
+        "queue_manager": "Gestore code"
     },
     "start": {
         "help": "Mostra/Nascondi pannello di aiuto",
diff --git a/data/web/lang/lang.ko-kr.json b/data/web/lang/lang.ko-kr.json
index f501a310..e6bfa2a9 100644
--- a/data/web/lang/lang.ko-kr.json
+++ b/data/web/lang/lang.ko-kr.json
@@ -777,10 +777,8 @@
         "toggle_all": "선택 반전"
     },
     "queue": {
-        "flush_queue": "큐 비우기",
         "queue_deliver_mail": "Deliver",
-        "queue_manager": "대기열 관리자",
-        "queue_unhold_mail": "Unhold"
+        "queue_manager": "대기열 관리자"
     },
     "start": {
         "help": "Show/Hide help panel",
diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index 277ca3ae..6053ddc7 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -400,11 +400,8 @@
         "toggle_all": "Pārslēgt visu"
     },
     "queue": {
-        "flush_queue": "Flush queue",
         "queue_command_success": "Queue command completed successfully",
-        "queue_hold_mail": "Hold",
-        "queue_manager": "Queue Manager",
-        "queue_unban": "queue unban"
+        "queue_manager": "Queue Manager"
     },
     "start": {
         "help": "Rādīt/Paslēp palīdzības paneli",
diff --git a/data/web/lang/lang.nl-nl.json b/data/web/lang/lang.nl-nl.json
index b9a4d084..2369599f 100644
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -815,10 +815,8 @@
         "toggle_all": "Selecteer alles"
     },
     "queue": {
-        "flush_queue": "Leeg queue",
         "queue_deliver_mail": "Lever af",
-        "queue_manager": "Queue manager",
-        "queue_unhold_mail": "Geef vrij"
+        "queue_manager": "Queue manager"
     },
     "start": {
         "help": "Toon/verberg hulppaneel",
diff --git a/data/web/lang/lang.pl-pl.json b/data/web/lang/lang.pl-pl.json
index 979fbe69..b885bbbc 100644
--- a/data/web/lang/lang.pl-pl.json
+++ b/data/web/lang/lang.pl-pl.json
@@ -285,11 +285,8 @@
         "toggle_all": "Zaznacz wszystkie"
     },
     "queue": {
-        "flush_queue": "Flush queue",
         "queue_command_success": "Queue command completed successfully",
-        "queue_hold_mail": "Hold",
-        "queue_manager": "Queue Manager",
-        "queue_unban": "queue unban"
+        "queue_manager": "Queue Manager"
     },
     "start": {
         "help": "Pokaż/Ukryj panel pomocy",
diff --git a/data/web/lang/lang.pt-pt.json b/data/web/lang/lang.pt-pt.json
index 5987ae77..9dbb4c4e 100644
--- a/data/web/lang/lang.pt-pt.json
+++ b/data/web/lang/lang.pt-pt.json
@@ -193,11 +193,8 @@
         "remove": "Remover"
     },
     "queue": {
-        "flush_queue": "Flush queue",
         "queue_command_success": "Queue command completed successfully",
-        "queue_hold_mail": "Hold",
-        "queue_manager": "Queue Manager",
-        "queue_unban": "queue unban"
+        "queue_manager": "Queue Manager"
     },
     "start": {
         "help": "Mostrar/Ocultar painel de ajuda",
diff --git a/data/web/lang/lang.ro-ro.json b/data/web/lang/lang.ro-ro.json
index 23da7b9f..470fef16 100644
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@@ -895,10 +895,8 @@
         "toggle_all": "Comută toate"
     },
     "queue": {
-        "flush_queue": "Elimină coadă",
         "queue_deliver_mail": "Livrează",
-        "queue_manager": "Manager de coadă",
-        "queue_unhold_mail": "Deblochează"
+        "queue_manager": "Manager de coadă"
     },
     "ratelimit": {
         "disabled": "Dezactivat",
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index d14b2b41..a602e47e 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -893,10 +893,8 @@
         "type": "Тип"
     },
     "queue": {
-        "flush_queue": "Отправить все сообщения",
         "queue_deliver_mail": "Доставить",
-        "queue_manager": "Очередь на отправку",
-        "queue_unban": "разблокировать очередь"
+        "queue_manager": "Очередь на отправку"
     },
     "ratelimit": {
         "disabled": "Отключен",
diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index 593c48da..60f8351a 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -895,10 +895,8 @@
         "type": "Typ"
     },
     "queue": {
-        "flush_queue": "Vyprázdniť frontu",
         "queue_deliver_mail": "Doručiť",
-        "queue_manager": "Správca fronty",
-        "queue_unban": "Odblokovať"
+        "queue_manager": "Správca fronty"
     },
     "ratelimit": {
         "disabled": "Vypnuté",
diff --git a/data/web/lang/lang.sv-se.json b/data/web/lang/lang.sv-se.json
index c23e6e5f..4cc84619 100644
--- a/data/web/lang/lang.sv-se.json
+++ b/data/web/lang/lang.sv-se.json
@@ -840,7 +840,6 @@
         "toggle_all": "Markera alla"
     },
     "queue": {
-        "queue_deliver_mail": "Leverera",
         "queue_manager": "Kö-hanteraring"
     },
     "start": {
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index 939b547e..1a7e0b87 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -896,10 +896,8 @@
         "table_size_show_n": "Відображати %s полів"
     },
     "queue": {
-        "flush_queue": "Flush queue",
         "queue_hold_mail": "Поставити на утримання",
-        "queue_manager": "Черга на відправлення",
-        "queue_unban": "розблокувати чергу"
+        "queue_manager": "Черга на відправлення"
     },
     "ratelimit": {
         "disabled": "Вимкнено",
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 07d1938f..d09c79b4 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -257,9 +257,7 @@
         "quarantine_release_format_att": "附件",
         "quarantine_release_format_raw": "原件 (未修改)",
         "quarantine_retention_size": "每个邮箱保留隔离项目数:<br><small>0 表示 <b>禁用</b>。</small>",
-        "queue_deliver_mail": "传递",
         "queue_manager": "队列管理",
-        "queue_unban": "队列取消封禁",
         "quota_notification_html": "通知邮件模板:<br><small>留空则恢复默认模板。</small>",
         "quota_notification_sender": "通知邮件发件人",
         "quota_notification_subject": "通知邮件主题",
@@ -888,10 +886,8 @@
         "type": "类型"
     },
     "queue": {
-        "flush_queue": "清空队列",
         "queue_deliver_mail": "递送",
-        "queue_manager": "队列管理器",
-        "queue_unhold_mail": "继续"
+        "queue_manager": "队列管理器"
     },
     "ratelimit": {
         "disabled": "禁用",
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index 46a7bbc2..012ae427 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -257,9 +257,7 @@
         "quarantine_release_format_att": "如附件",
         "quarantine_release_format_raw": "未修改的原始信件",
         "quarantine_retention_size": "每個信箱的隔離保留上限：<br><small>0 表示 <b>停用</b>。</small>",
-        "queue_deliver_mail": "遞送",
         "queue_manager": "佇列管理",
-        "queue_unban": "佇列解除封鎖",
         "quota_notification_html": "通知信模版：<br><small>留空來重設為預設模版。</small>",
         "quota_notification_sender": "通知信寄件人",
         "quota_notification_subject": "通知信主旨",
@@ -646,7 +644,6 @@
         "administration": "設定和管理",
         "apps": "應用程式",
         "debug": "系統訊息",
-        "mailcow_settings": "設定",
         "quarantine": "隔離",
         "restart_netfilter": "重新啟動 netfilter",
         "restart_sogo": "重新啟動 SOGo",

From 240b2c63f6d2b544782ad0c661cb589c2231fff2 Mon Sep 17 00:00:00 2001
From: Tom Udding <tomudding@users.noreply.github.com>
Date: Sat, 24 Dec 2022 17:33:49 +0100
Subject: [PATCH 082/170] Fix timestamps not sorting in datatables

Timestamps retrieved from the API were always converted to a browser
local format. The format specified for moment.js added in
5160eff29446ba94329116a6ed3787400b03e461 did not work because of this.

Additionally, the format specified used `dd` which looks for two letter
days, such as "Mo", "Tu", "We", etc. Furthermore, `mm` is used for
minutes, not months.

Because the locale formatted datetime can vary a lot, it is not easy to
get this into moment.js to enable the sorting of datetimes in the
datatables. In other words, there is no conversion from an
`Intl.DateTimeFormat` specifier string to moment.js. Adding many
`$.fn.dataTable.moment(format);` with different `format`s is not useful.

I have fixed this rewriting how the timestamps from the API are added
to the tables. It still uses the locale of the browser, because not
everyone wants to use ISO 8601, but no longer requires moment.js (which
has been removed).

Two data attributes are added to the `td`s of the timestamps:
- `data-order`
- `data-sort`

The values of these are the timestamps as returned by the server, which
are very easily sorted (as they are just UNIX timestamps). Then, when
creating the cell in the table, it will be converted to what the locale
of the browser specified (this has not changed).
---
 .../{005-datatables.js => 004-datatables.js}  |    0
 data/web/js/build/004-moment.min.js           |    7 -
 ...ations.min.js => 005-notifications.min.js} |    0
 data/web/js/build/006-datetime-moment.js      |   70 -
 ...-formcache.min.js => 006-formcache.min.js} |    0
 .../js/build/{009-chart.js => 007-chart.js}   |    0
 ...ls.js => 008-chartjs-plugin-datalabels.js} |    0
 ...rea.min.js => 009-numberedtextarea.min.js} |    0
 .../{012-sha1.min.js => 010-sha1.min.js}      |    0
 data/web/js/build/{013-api.js => 011-api.js}  |    0
 ...kdown-it.min.js => 012-markdown-it.min.js} |    0
 .../build/{015-mailcow.js => 013-mailcow.js}  |  707 ++--
 data/web/js/site/debug.js                     | 3063 ++++++++---------
 13 files changed, 1883 insertions(+), 1964 deletions(-)
 rename data/web/js/build/{005-datatables.js => 004-datatables.js} (100%)
 delete mode 100644 data/web/js/build/004-moment.min.js
 rename data/web/js/build/{007-notifications.min.js => 005-notifications.min.js} (100%)
 delete mode 100644 data/web/js/build/006-datetime-moment.js
 rename data/web/js/build/{008-formcache.min.js => 006-formcache.min.js} (100%)
 rename data/web/js/build/{009-chart.js => 007-chart.js} (100%)
 rename data/web/js/build/{010-chartjs-plugin-datalabels.js => 008-chartjs-plugin-datalabels.js} (100%)
 rename data/web/js/build/{011-numberedtextarea.min.js => 009-numberedtextarea.min.js} (100%)
 rename data/web/js/build/{012-sha1.min.js => 010-sha1.min.js} (100%)
 rename data/web/js/build/{013-api.js => 011-api.js} (100%)
 rename data/web/js/build/{014-markdown-it.min.js => 012-markdown-it.min.js} (100%)
 rename data/web/js/build/{015-mailcow.js => 013-mailcow.js} (96%)

diff --git a/data/web/js/build/005-datatables.js b/data/web/js/build/004-datatables.js
similarity index 100%
rename from data/web/js/build/005-datatables.js
rename to data/web/js/build/004-datatables.js
diff --git a/data/web/js/build/004-moment.min.js b/data/web/js/build/004-moment.min.js
deleted file mode 100644
index 9fb34ee0..00000000
--- a/data/web/js/build/004-moment.min.js
+++ /dev/null
@@ -1,7 +0,0 @@
-//! moment.js
-//! version : 2.8.4
-//! authors : Tim Wood, Iskren Chernev, Moment.js contributors
-//! license : MIT
-//! momentjs.com
-(function(a){function b(a,b,c){switch(arguments.length){case 2:return null!=a?a:b;case 3:return null!=a?a:null!=b?b:c;default:throw new Error("Implement me")}}function c(a,b){return zb.call(a,b)}function d(){return{empty:!1,unusedTokens:[],unusedInput:[],overflow:-2,charsLeftOver:0,nullInput:!1,invalidMonth:null,invalidFormat:!1,userInvalidated:!1,iso:!1}}function e(a){tb.suppressDeprecationWarnings===!1&&"undefined"!=typeof console&&console.warn&&console.warn("Deprecation warning: "+a)}function f(a,b){var c=!0;return m(function(){return c&&(e(a),c=!1),b.apply(this,arguments)},b)}function g(a,b){qc[a]||(e(b),qc[a]=!0)}function h(a,b){return function(c){return p(a.call(this,c),b)}}function i(a,b){return function(c){return this.localeData().ordinal(a.call(this,c),b)}}function j(){}function k(a,b){b!==!1&&F(a),n(this,a),this._d=new Date(+a._d)}function l(a){var b=y(a),c=b.year||0,d=b.quarter||0,e=b.month||0,f=b.week||0,g=b.day||0,h=b.hour||0,i=b.minute||0,j=b.second||0,k=b.millisecond||0;this._milliseconds=+k+1e3*j+6e4*i+36e5*h,this._days=+g+7*f,this._months=+e+3*d+12*c,this._data={},this._locale=tb.localeData(),this._bubble()}function m(a,b){for(var d in b)c(b,d)&&(a[d]=b[d]);return c(b,"toString")&&(a.toString=b.toString),c(b,"valueOf")&&(a.valueOf=b.valueOf),a}function n(a,b){var c,d,e;if("undefined"!=typeof b._isAMomentObject&&(a._isAMomentObject=b._isAMomentObject),"undefined"!=typeof b._i&&(a._i=b._i),"undefined"!=typeof b._f&&(a._f=b._f),"undefined"!=typeof b._l&&(a._l=b._l),"undefined"!=typeof b._strict&&(a._strict=b._strict),"undefined"!=typeof b._tzm&&(a._tzm=b._tzm),"undefined"!=typeof b._isUTC&&(a._isUTC=b._isUTC),"undefined"!=typeof b._offset&&(a._offset=b._offset),"undefined"!=typeof b._pf&&(a._pf=b._pf),"undefined"!=typeof b._locale&&(a._locale=b._locale),Ib.length>0)for(c in Ib)d=Ib[c],e=b[d],"undefined"!=typeof e&&(a[d]=e);return a}function o(a){return 0>a?Math.ceil(a):Math.floor(a)}function p(a,b,c){for(var d=""+Math.abs(a),e=a>=0;d.length<b;)d="0"+d;return(e?c?"+":"":"-")+d}function q(a,b){var c={milliseconds:0,months:0};return c.months=b.month()-a.month()+12*(b.year()-a.year()),a.clone().add(c.months,"M").isAfter(b)&&--c.months,c.milliseconds=+b-+a.clone().add(c.months,"M"),c}function r(a,b){var c;return b=K(b,a),a.isBefore(b)?c=q(a,b):(c=q(b,a),c.milliseconds=-c.milliseconds,c.months=-c.months),c}function s(a,b){return function(c,d){var e,f;return null===d||isNaN(+d)||(g(b,"moment()."+b+"(period, number) is deprecated. Please use moment()."+b+"(number, period)."),f=c,c=d,d=f),c="string"==typeof c?+c:c,e=tb.duration(c,d),t(this,e,a),this}}function t(a,b,c,d){var e=b._milliseconds,f=b._days,g=b._months;d=null==d?!0:d,e&&a._d.setTime(+a._d+e*c),f&&nb(a,"Date",mb(a,"Date")+f*c),g&&lb(a,mb(a,"Month")+g*c),d&&tb.updateOffset(a,f||g)}function u(a){return"[object Array]"===Object.prototype.toString.call(a)}function v(a){return"[object Date]"===Object.prototype.toString.call(a)||a instanceof Date}function w(a,b,c){var d,e=Math.min(a.length,b.length),f=Math.abs(a.length-b.length),g=0;for(d=0;e>d;d++)(c&&a[d]!==b[d]||!c&&A(a[d])!==A(b[d]))&&g++;return g+f}function x(a){if(a){var b=a.toLowerCase().replace(/(.)s$/,"$1");a=jc[a]||kc[b]||b}return a}function y(a){var b,d,e={};for(d in a)c(a,d)&&(b=x(d),b&&(e[b]=a[d]));return e}function z(b){var c,d;if(0===b.indexOf("week"))c=7,d="day";else{if(0!==b.indexOf("month"))return;c=12,d="month"}tb[b]=function(e,f){var g,h,i=tb._locale[b],j=[];if("number"==typeof e&&(f=e,e=a),h=function(a){var b=tb().utc().set(d,a);return i.call(tb._locale,b,e||"")},null!=f)return h(f);for(g=0;c>g;g++)j.push(h(g));return j}}function A(a){var b=+a,c=0;return 0!==b&&isFinite(b)&&(c=b>=0?Math.floor(b):Math.ceil(b)),c}function B(a,b){return new Date(Date.UTC(a,b+1,0)).getUTCDate()}function C(a,b,c){return hb(tb([a,11,31+b-c]),b,c).week}function D(a){return E(a)?366:365}function E(a){return a%4===0&&a%100!==0||a%400===0}function F(a){var b;a._a&&-2===a._pf.overflow&&(b=a._a[Bb]<0||a._a[Bb]>11?Bb:a._a[Cb]<1||a._a[Cb]>B(a._a[Ab],a._a[Bb])?Cb:a._a[Db]<0||a._a[Db]>24||24===a._a[Db]&&(0!==a._a[Eb]||0!==a._a[Fb]||0!==a._a[Gb])?Db:a._a[Eb]<0||a._a[Eb]>59?Eb:a._a[Fb]<0||a._a[Fb]>59?Fb:a._a[Gb]<0||a._a[Gb]>999?Gb:-1,a._pf._overflowDayOfYear&&(Ab>b||b>Cb)&&(b=Cb),a._pf.overflow=b)}function G(b){return null==b._isValid&&(b._isValid=!isNaN(b._d.getTime())&&b._pf.overflow<0&&!b._pf.empty&&!b._pf.invalidMonth&&!b._pf.nullInput&&!b._pf.invalidFormat&&!b._pf.userInvalidated,b._strict&&(b._isValid=b._isValid&&0===b._pf.charsLeftOver&&0===b._pf.unusedTokens.length&&b._pf.bigHour===a)),b._isValid}function H(a){return a?a.toLowerCase().replace("_","-"):a}function I(a){for(var b,c,d,e,f=0;f<a.length;){for(e=H(a[f]).split("-"),b=e.length,c=H(a[f+1]),c=c?c.split("-"):null;b>0;){if(d=J(e.slice(0,b).join("-")))return d;if(c&&c.length>=b&&w(e,c,!0)>=b-1)break;b--}f++}return null}function J(a){var b=null;if(!Hb[a]&&Jb)try{b=tb.locale(),require("./locale/"+a),tb.locale(b)}catch(c){}return Hb[a]}function K(a,b){var c,d;return b._isUTC?(c=b.clone(),d=(tb.isMoment(a)||v(a)?+a:+tb(a))-+c,c._d.setTime(+c._d+d),tb.updateOffset(c,!1),c):tb(a).local()}function L(a){return a.match(/\[[\s\S]/)?a.replace(/^\[|\]$/g,""):a.replace(/\\/g,"")}function M(a){var b,c,d=a.match(Nb);for(b=0,c=d.length;c>b;b++)d[b]=pc[d[b]]?pc[d[b]]:L(d[b]);return function(e){var f="";for(b=0;c>b;b++)f+=d[b]instanceof Function?d[b].call(e,a):d[b];return f}}function N(a,b){return a.isValid()?(b=O(b,a.localeData()),lc[b]||(lc[b]=M(b)),lc[b](a)):a.localeData().invalidDate()}function O(a,b){function c(a){return b.longDateFormat(a)||a}var d=5;for(Ob.lastIndex=0;d>=0&&Ob.test(a);)a=a.replace(Ob,c),Ob.lastIndex=0,d-=1;return a}function P(a,b){var c,d=b._strict;switch(a){case"Q":return Zb;case"DDDD":return _b;case"YYYY":case"GGGG":case"gggg":return d?ac:Rb;case"Y":case"G":case"g":return cc;case"YYYYYY":case"YYYYY":case"GGGGG":case"ggggg":return d?bc:Sb;case"S":if(d)return Zb;case"SS":if(d)return $b;case"SSS":if(d)return _b;case"DDD":return Qb;case"MMM":case"MMMM":case"dd":case"ddd":case"dddd":return Ub;case"a":case"A":return b._locale._meridiemParse;case"x":return Xb;case"X":return Yb;case"Z":case"ZZ":return Vb;case"T":return Wb;case"SSSS":return Tb;case"MM":case"DD":case"YY":case"GG":case"gg":case"HH":case"hh":case"mm":case"ss":case"ww":case"WW":return d?$b:Pb;case"M":case"D":case"d":case"H":case"h":case"m":case"s":case"w":case"W":case"e":case"E":return Pb;case"Do":return d?b._locale._ordinalParse:b._locale._ordinalParseLenient;default:return c=new RegExp(Y(X(a.replace("\\","")),"i"))}}function Q(a){a=a||"";var b=a.match(Vb)||[],c=b[b.length-1]||[],d=(c+"").match(hc)||["-",0,0],e=+(60*d[1])+A(d[2]);return"+"===d[0]?-e:e}function R(a,b,c){var d,e=c._a;switch(a){case"Q":null!=b&&(e[Bb]=3*(A(b)-1));break;case"M":case"MM":null!=b&&(e[Bb]=A(b)-1);break;case"MMM":case"MMMM":d=c._locale.monthsParse(b,a,c._strict),null!=d?e[Bb]=d:c._pf.invalidMonth=b;break;case"D":case"DD":null!=b&&(e[Cb]=A(b));break;case"Do":null!=b&&(e[Cb]=A(parseInt(b.match(/\d{1,2}/)[0],10)));break;case"DDD":case"DDDD":null!=b&&(c._dayOfYear=A(b));break;case"YY":e[Ab]=tb.parseTwoDigitYear(b);break;case"YYYY":case"YYYYY":case"YYYYYY":e[Ab]=A(b);break;case"a":case"A":c._isPm=c._locale.isPM(b);break;case"h":case"hh":c._pf.bigHour=!0;case"H":case"HH":e[Db]=A(b);break;case"m":case"mm":e[Eb]=A(b);break;case"s":case"ss":e[Fb]=A(b);break;case"S":case"SS":case"SSS":case"SSSS":e[Gb]=A(1e3*("0."+b));break;case"x":c._d=new Date(A(b));break;case"X":c._d=new Date(1e3*parseFloat(b));break;case"Z":case"ZZ":c._useUTC=!0,c._tzm=Q(b);break;case"dd":case"ddd":case"dddd":d=c._locale.weekdaysParse(b),null!=d?(c._w=c._w||{},c._w.d=d):c._pf.invalidWeekday=b;break;case"w":case"ww":case"W":case"WW":case"d":case"e":case"E":a=a.substr(0,1);case"gggg":case"GGGG":case"GGGGG":a=a.substr(0,2),b&&(c._w=c._w||{},c._w[a]=A(b));break;case"gg":case"GG":c._w=c._w||{},c._w[a]=tb.parseTwoDigitYear(b)}}function S(a){var c,d,e,f,g,h,i;c=a._w,null!=c.GG||null!=c.W||null!=c.E?(g=1,h=4,d=b(c.GG,a._a[Ab],hb(tb(),1,4).year),e=b(c.W,1),f=b(c.E,1)):(g=a._locale._week.dow,h=a._locale._week.doy,d=b(c.gg,a._a[Ab],hb(tb(),g,h).year),e=b(c.w,1),null!=c.d?(f=c.d,g>f&&++e):f=null!=c.e?c.e+g:g),i=ib(d,e,f,h,g),a._a[Ab]=i.year,a._dayOfYear=i.dayOfYear}function T(a){var c,d,e,f,g=[];if(!a._d){for(e=V(a),a._w&&null==a._a[Cb]&&null==a._a[Bb]&&S(a),a._dayOfYear&&(f=b(a._a[Ab],e[Ab]),a._dayOfYear>D(f)&&(a._pf._overflowDayOfYear=!0),d=db(f,0,a._dayOfYear),a._a[Bb]=d.getUTCMonth(),a._a[Cb]=d.getUTCDate()),c=0;3>c&&null==a._a[c];++c)a._a[c]=g[c]=e[c];for(;7>c;c++)a._a[c]=g[c]=null==a._a[c]?2===c?1:0:a._a[c];24===a._a[Db]&&0===a._a[Eb]&&0===a._a[Fb]&&0===a._a[Gb]&&(a._nextDay=!0,a._a[Db]=0),a._d=(a._useUTC?db:cb).apply(null,g),null!=a._tzm&&a._d.setUTCMinutes(a._d.getUTCMinutes()+a._tzm),a._nextDay&&(a._a[Db]=24)}}function U(a){var b;a._d||(b=y(a._i),a._a=[b.year,b.month,b.day||b.date,b.hour,b.minute,b.second,b.millisecond],T(a))}function V(a){var b=new Date;return a._useUTC?[b.getUTCFullYear(),b.getUTCMonth(),b.getUTCDate()]:[b.getFullYear(),b.getMonth(),b.getDate()]}function W(b){if(b._f===tb.ISO_8601)return void $(b);b._a=[],b._pf.empty=!0;var c,d,e,f,g,h=""+b._i,i=h.length,j=0;for(e=O(b._f,b._locale).match(Nb)||[],c=0;c<e.length;c++)f=e[c],d=(h.match(P(f,b))||[])[0],d&&(g=h.substr(0,h.indexOf(d)),g.length>0&&b._pf.unusedInput.push(g),h=h.slice(h.indexOf(d)+d.length),j+=d.length),pc[f]?(d?b._pf.empty=!1:b._pf.unusedTokens.push(f),R(f,d,b)):b._strict&&!d&&b._pf.unusedTokens.push(f);b._pf.charsLeftOver=i-j,h.length>0&&b._pf.unusedInput.push(h),b._pf.bigHour===!0&&b._a[Db]<=12&&(b._pf.bigHour=a),b._isPm&&b._a[Db]<12&&(b._a[Db]+=12),b._isPm===!1&&12===b._a[Db]&&(b._a[Db]=0),T(b),F(b)}function X(a){return a.replace(/\\(\[)|\\(\])|\[([^\]\[]*)\]|\\(.)/g,function(a,b,c,d,e){return b||c||d||e})}function Y(a){return a.replace(/[-\/\\^$*+?.()|[\]{}]/g,"\\$&")}function Z(a){var b,c,e,f,g;if(0===a._f.length)return a._pf.invalidFormat=!0,void(a._d=new Date(0/0));for(f=0;f<a._f.length;f++)g=0,b=n({},a),null!=a._useUTC&&(b._useUTC=a._useUTC),b._pf=d(),b._f=a._f[f],W(b),G(b)&&(g+=b._pf.charsLeftOver,g+=10*b._pf.unusedTokens.length,b._pf.score=g,(null==e||e>g)&&(e=g,c=b));m(a,c||b)}function $(a){var b,c,d=a._i,e=dc.exec(d);if(e){for(a._pf.iso=!0,b=0,c=fc.length;c>b;b++)if(fc[b][1].exec(d)){a._f=fc[b][0]+(e[6]||" ");break}for(b=0,c=gc.length;c>b;b++)if(gc[b][1].exec(d)){a._f+=gc[b][0];break}d.match(Vb)&&(a._f+="Z"),W(a)}else a._isValid=!1}function _(a){$(a),a._isValid===!1&&(delete a._isValid,tb.createFromInputFallback(a))}function ab(a,b){var c,d=[];for(c=0;c<a.length;++c)d.push(b(a[c],c));return d}function bb(b){var c,d=b._i;d===a?b._d=new Date:v(d)?b._d=new Date(+d):null!==(c=Kb.exec(d))?b._d=new Date(+c[1]):"string"==typeof d?_(b):u(d)?(b._a=ab(d.slice(0),function(a){return parseInt(a,10)}),T(b)):"object"==typeof d?U(b):"number"==typeof d?b._d=new Date(d):tb.createFromInputFallback(b)}function cb(a,b,c,d,e,f,g){var h=new Date(a,b,c,d,e,f,g);return 1970>a&&h.setFullYear(a),h}function db(a){var b=new Date(Date.UTC.apply(null,arguments));return 1970>a&&b.setUTCFullYear(a),b}function eb(a,b){if("string"==typeof a)if(isNaN(a)){if(a=b.weekdaysParse(a),"number"!=typeof a)return null}else a=parseInt(a,10);return a}function fb(a,b,c,d,e){return e.relativeTime(b||1,!!c,a,d)}function gb(a,b,c){var d=tb.duration(a).abs(),e=yb(d.as("s")),f=yb(d.as("m")),g=yb(d.as("h")),h=yb(d.as("d")),i=yb(d.as("M")),j=yb(d.as("y")),k=e<mc.s&&["s",e]||1===f&&["m"]||f<mc.m&&["mm",f]||1===g&&["h"]||g<mc.h&&["hh",g]||1===h&&["d"]||h<mc.d&&["dd",h]||1===i&&["M"]||i<mc.M&&["MM",i]||1===j&&["y"]||["yy",j];return k[2]=b,k[3]=+a>0,k[4]=c,fb.apply({},k)}function hb(a,b,c){var d,e=c-b,f=c-a.day();return f>e&&(f-=7),e-7>f&&(f+=7),d=tb(a).add(f,"d"),{week:Math.ceil(d.dayOfYear()/7),year:d.year()}}function ib(a,b,c,d,e){var f,g,h=db(a,0,1).getUTCDay();return h=0===h?7:h,c=null!=c?c:e,f=e-h+(h>d?7:0)-(e>h?7:0),g=7*(b-1)+(c-e)+f+1,{year:g>0?a:a-1,dayOfYear:g>0?g:D(a-1)+g}}function jb(b){var c,d=b._i,e=b._f;return b._locale=b._locale||tb.localeData(b._l),null===d||e===a&&""===d?tb.invalid({nullInput:!0}):("string"==typeof d&&(b._i=d=b._locale.preparse(d)),tb.isMoment(d)?new k(d,!0):(e?u(e)?Z(b):W(b):bb(b),c=new k(b),c._nextDay&&(c.add(1,"d"),c._nextDay=a),c))}function kb(a,b){var c,d;if(1===b.length&&u(b[0])&&(b=b[0]),!b.length)return tb();for(c=b[0],d=1;d<b.length;++d)b[d][a](c)&&(c=b[d]);return c}function lb(a,b){var c;return"string"==typeof b&&(b=a.localeData().monthsParse(b),"number"!=typeof b)?a:(c=Math.min(a.date(),B(a.year(),b)),a._d["set"+(a._isUTC?"UTC":"")+"Month"](b,c),a)}function mb(a,b){return a._d["get"+(a._isUTC?"UTC":"")+b]()}function nb(a,b,c){return"Month"===b?lb(a,c):a._d["set"+(a._isUTC?"UTC":"")+b](c)}function ob(a,b){return function(c){return null!=c?(nb(this,a,c),tb.updateOffset(this,b),this):mb(this,a)}}function pb(a){return 400*a/146097}function qb(a){return 146097*a/400}function rb(a){tb.duration.fn[a]=function(){return this._data[a]}}function sb(a){"undefined"==typeof ender&&(ub=xb.moment,xb.moment=a?f("Accessing Moment through the global scope is deprecated, and will be removed in an upcoming release.",tb):tb)}for(var tb,ub,vb,wb="2.8.4",xb="undefined"!=typeof global?global:this,yb=Math.round,zb=Object.prototype.hasOwnProperty,Ab=0,Bb=1,Cb=2,Db=3,Eb=4,Fb=5,Gb=6,Hb={},Ib=[],Jb="undefined"!=typeof module&&module&&module.exports,Kb=/^\/?Date\((\-?\d+)/i,Lb=/(\-)?(?:(\d*)\.)?(\d+)\:(\d+)(?:\:(\d+)\.?(\d{3})?)?/,Mb=/^(-)?P(?:(?:([0-9,.]*)Y)?(?:([0-9,.]*)M)?(?:([0-9,.]*)D)?(?:T(?:([0-9,.]*)H)?(?:([0-9,.]*)M)?(?:([0-9,.]*)S)?)?|([0-9,.]*)W)$/,Nb=/(\[[^\[]*\])|(\\)?(Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Q|YYYYYY|YYYYY|YYYY|YY|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|mm?|ss?|S{1,4}|x|X|zz?|ZZ?|.)/g,Ob=/(\[[^\[]*\])|(\\)?(LTS|LT|LL?L?L?|l{1,4})/g,Pb=/\d\d?/,Qb=/\d{1,3}/,Rb=/\d{1,4}/,Sb=/[+\-]?\d{1,6}/,Tb=/\d+/,Ub=/[0-9]*['a-z\u00A0-\u05FF\u0700-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]+|[\u0600-\u06FF\/]+(\s*?[\u0600-\u06FF]+){1,2}/i,Vb=/Z|[\+\-]\d\d:?\d\d/gi,Wb=/T/i,Xb=/[\+\-]?\d+/,Yb=/[\+\-]?\d+(\.\d{1,3})?/,Zb=/\d/,$b=/\d\d/,_b=/\d{3}/,ac=/\d{4}/,bc=/[+-]?\d{6}/,cc=/[+-]?\d+/,dc=/^\s*(?:[+-]\d{6}|\d{4})-(?:(\d\d-\d\d)|(W\d\d$)|(W\d\d-\d)|(\d\d\d))((T| )(\d\d(:\d\d(:\d\d(\.\d+)?)?)?)?([\+\-]\d\d(?::?\d\d)?|\s*Z)?)?$/,ec="YYYY-MM-DDTHH:mm:ssZ",fc=[["YYYYYY-MM-DD",/[+-]\d{6}-\d{2}-\d{2}/],["YYYY-MM-DD",/\d{4}-\d{2}-\d{2}/],["GGGG-[W]WW-E",/\d{4}-W\d{2}-\d/],["GGGG-[W]WW",/\d{4}-W\d{2}/],["YYYY-DDD",/\d{4}-\d{3}/]],gc=[["HH:mm:ss.SSSS",/(T| )\d\d:\d\d:\d\d\.\d+/],["HH:mm:ss",/(T| )\d\d:\d\d:\d\d/],["HH:mm",/(T| )\d\d:\d\d/],["HH",/(T| )\d\d/]],hc=/([\+\-]|\d\d)/gi,ic=("Date|Hours|Minutes|Seconds|Milliseconds".split("|"),{Milliseconds:1,Seconds:1e3,Minutes:6e4,Hours:36e5,Days:864e5,Months:2592e6,Years:31536e6}),jc={ms:"millisecond",s:"second",m:"minute",h:"hour",d:"day",D:"date",w:"week",W:"isoWeek",M:"month",Q:"quarter",y:"year",DDD:"dayOfYear",e:"weekday",E:"isoWeekday",gg:"weekYear",GG:"isoWeekYear"},kc={dayofyear:"dayOfYear",isoweekday:"isoWeekday",isoweek:"isoWeek",weekyear:"weekYear",isoweekyear:"isoWeekYear"},lc={},mc={s:45,m:45,h:22,d:26,M:11},nc="DDD w W M D d".split(" "),oc="M D H h m s w W".split(" "),pc={M:function(){return this.month()+1},MMM:function(a){return this.localeData().monthsShort(this,a)},MMMM:function(a){return this.localeData().months(this,a)},D:function(){return this.date()},DDD:function(){return this.dayOfYear()},d:function(){return this.day()},dd:function(a){return this.localeData().weekdaysMin(this,a)},ddd:function(a){return this.localeData().weekdaysShort(this,a)},dddd:function(a){return this.localeData().weekdays(this,a)},w:function(){return this.week()},W:function(){return this.isoWeek()},YY:function(){return p(this.year()%100,2)},YYYY:function(){return p(this.year(),4)},YYYYY:function(){return p(this.year(),5)},YYYYYY:function(){var a=this.year(),b=a>=0?"+":"-";return b+p(Math.abs(a),6)},gg:function(){return p(this.weekYear()%100,2)},gggg:function(){return p(this.weekYear(),4)},ggggg:function(){return p(this.weekYear(),5)},GG:function(){return p(this.isoWeekYear()%100,2)},GGGG:function(){return p(this.isoWeekYear(),4)},GGGGG:function(){return p(this.isoWeekYear(),5)},e:function(){return this.weekday()},E:function(){return this.isoWeekday()},a:function(){return this.localeData().meridiem(this.hours(),this.minutes(),!0)},A:function(){return this.localeData().meridiem(this.hours(),this.minutes(),!1)},H:function(){return this.hours()},h:function(){return this.hours()%12||12},m:function(){return this.minutes()},s:function(){return this.seconds()},S:function(){return A(this.milliseconds()/100)},SS:function(){return p(A(this.milliseconds()/10),2)},SSS:function(){return p(this.milliseconds(),3)},SSSS:function(){return p(this.milliseconds(),3)},Z:function(){var a=-this.zone(),b="+";return 0>a&&(a=-a,b="-"),b+p(A(a/60),2)+":"+p(A(a)%60,2)},ZZ:function(){var a=-this.zone(),b="+";return 0>a&&(a=-a,b="-"),b+p(A(a/60),2)+p(A(a)%60,2)},z:function(){return this.zoneAbbr()},zz:function(){return this.zoneName()},x:function(){return this.valueOf()},X:function(){return this.unix()},Q:function(){return this.quarter()}},qc={},rc=["months","monthsShort","weekdays","weekdaysShort","weekdaysMin"];nc.length;)vb=nc.pop(),pc[vb+"o"]=i(pc[vb],vb);for(;oc.length;)vb=oc.pop(),pc[vb+vb]=h(pc[vb],2);pc.DDDD=h(pc.DDD,3),m(j.prototype,{set:function(a){var b,c;for(c in a)b=a[c],"function"==typeof b?this[c]=b:this["_"+c]=b;this._ordinalParseLenient=new RegExp(this._ordinalParse.source+"|"+/\d{1,2}/.source)},_months:"January_February_March_April_May_June_July_August_September_October_November_December".split("_"),months:function(a){return this._months[a.month()]},_monthsShort:"Jan_Feb_Mar_Apr_May_Jun_Jul_Aug_Sep_Oct_Nov_Dec".split("_"),monthsShort:function(a){return this._monthsShort[a.month()]},monthsParse:function(a,b,c){var d,e,f;for(this._monthsParse||(this._monthsParse=[],this._longMonthsParse=[],this._shortMonthsParse=[]),d=0;12>d;d++){if(e=tb.utc([2e3,d]),c&&!this._longMonthsParse[d]&&(this._longMonthsParse[d]=new RegExp("^"+this.months(e,"").replace(".","")+"$","i"),this._shortMonthsParse[d]=new RegExp("^"+this.monthsShort(e,"").replace(".","")+"$","i")),c||this._monthsParse[d]||(f="^"+this.months(e,"")+"|^"+this.monthsShort(e,""),this._monthsParse[d]=new RegExp(f.replace(".",""),"i")),c&&"MMMM"===b&&this._longMonthsParse[d].test(a))return d;if(c&&"MMM"===b&&this._shortMonthsParse[d].test(a))return d;if(!c&&this._monthsParse[d].test(a))return d}},_weekdays:"Sunday_Monday_Tuesday_Wednesday_Thursday_Friday_Saturday".split("_"),weekdays:function(a){return this._weekdays[a.day()]},_weekdaysShort:"Sun_Mon_Tue_Wed_Thu_Fri_Sat".split("_"),weekdaysShort:function(a){return this._weekdaysShort[a.day()]},_weekdaysMin:"Su_Mo_Tu_We_Th_Fr_Sa".split("_"),weekdaysMin:function(a){return this._weekdaysMin[a.day()]},weekdaysParse:function(a){var b,c,d;for(this._weekdaysParse||(this._weekdaysParse=[]),b=0;7>b;b++)if(this._weekdaysParse[b]||(c=tb([2e3,1]).day(b),d="^"+this.weekdays(c,"")+"|^"+this.weekdaysShort(c,"")+"|^"+this.weekdaysMin(c,""),this._weekdaysParse[b]=new RegExp(d.replace(".",""),"i")),this._weekdaysParse[b].test(a))return b},_longDateFormat:{LTS:"h:mm:ss A",LT:"h:mm A",L:"MM/DD/YYYY",LL:"MMMM D, YYYY",LLL:"MMMM D, YYYY LT",LLLL:"dddd, MMMM D, YYYY LT"},longDateFormat:function(a){var b=this._longDateFormat[a];return!b&&this._longDateFormat[a.toUpperCase()]&&(b=this._longDateFormat[a.toUpperCase()].replace(/MMMM|MM|DD|dddd/g,function(a){return a.slice(1)}),this._longDateFormat[a]=b),b},isPM:function(a){return"p"===(a+"").toLowerCase().charAt(0)},_meridiemParse:/[ap]\.?m?\.?/i,meridiem:function(a,b,c){return a>11?c?"pm":"PM":c?"am":"AM"},_calendar:{sameDay:"[Today at] LT",nextDay:"[Tomorrow at] LT",nextWeek:"dddd [at] LT",lastDay:"[Yesterday at] LT",lastWeek:"[Last] dddd [at] LT",sameElse:"L"},calendar:function(a,b,c){var d=this._calendar[a];return"function"==typeof d?d.apply(b,[c]):d},_relativeTime:{future:"in %s",past:"%s ago",s:"a few seconds",m:"a minute",mm:"%d minutes",h:"an hour",hh:"%d hours",d:"a day",dd:"%d days",M:"a month",MM:"%d months",y:"a year",yy:"%d years"},relativeTime:function(a,b,c,d){var e=this._relativeTime[c];return"function"==typeof e?e(a,b,c,d):e.replace(/%d/i,a)},pastFuture:function(a,b){var c=this._relativeTime[a>0?"future":"past"];return"function"==typeof c?c(b):c.replace(/%s/i,b)},ordinal:function(a){return this._ordinal.replace("%d",a)},_ordinal:"%d",_ordinalParse:/\d{1,2}/,preparse:function(a){return a},postformat:function(a){return a},week:function(a){return hb(a,this._week.dow,this._week.doy).week},_week:{dow:0,doy:6},_invalidDate:"Invalid date",invalidDate:function(){return this._invalidDate}}),tb=function(b,c,e,f){var g;return"boolean"==typeof e&&(f=e,e=a),g={},g._isAMomentObject=!0,g._i=b,g._f=c,g._l=e,g._strict=f,g._isUTC=!1,g._pf=d(),jb(g)},tb.suppressDeprecationWarnings=!1,tb.createFromInputFallback=f("moment construction falls back to js Date. This is discouraged and will be removed in upcoming major release. Please refer to https://github.com/moment/moment/issues/1407 for more info.",function(a){a._d=new Date(a._i+(a._useUTC?" UTC":""))}),tb.min=function(){var a=[].slice.call(arguments,0);return kb("isBefore",a)},tb.max=function(){var a=[].slice.call(arguments,0);return kb("isAfter",a)},tb.utc=function(b,c,e,f){var g;return"boolean"==typeof e&&(f=e,e=a),g={},g._isAMomentObject=!0,g._useUTC=!0,g._isUTC=!0,g._l=e,g._i=b,g._f=c,g._strict=f,g._pf=d(),jb(g).utc()},tb.unix=function(a){return tb(1e3*a)},tb.duration=function(a,b){var d,e,f,g,h=a,i=null;return tb.isDuration(a)?h={ms:a._milliseconds,d:a._days,M:a._months}:"number"==typeof a?(h={},b?h[b]=a:h.milliseconds=a):(i=Lb.exec(a))?(d="-"===i[1]?-1:1,h={y:0,d:A(i[Cb])*d,h:A(i[Db])*d,m:A(i[Eb])*d,s:A(i[Fb])*d,ms:A(i[Gb])*d}):(i=Mb.exec(a))?(d="-"===i[1]?-1:1,f=function(a){var b=a&&parseFloat(a.replace(",","."));return(isNaN(b)?0:b)*d},h={y:f(i[2]),M:f(i[3]),d:f(i[4]),h:f(i[5]),m:f(i[6]),s:f(i[7]),w:f(i[8])}):"object"==typeof h&&("from"in h||"to"in h)&&(g=r(tb(h.from),tb(h.to)),h={},h.ms=g.milliseconds,h.M=g.months),e=new l(h),tb.isDuration(a)&&c(a,"_locale")&&(e._locale=a._locale),e},tb.version=wb,tb.defaultFormat=ec,tb.ISO_8601=function(){},tb.momentProperties=Ib,tb.updateOffset=function(){},tb.relativeTimeThreshold=function(b,c){return mc[b]===a?!1:c===a?mc[b]:(mc[b]=c,!0)},tb.lang=f("moment.lang is deprecated. Use moment.locale instead.",function(a,b){return tb.locale(a,b)}),tb.locale=function(a,b){var c;return a&&(c="undefined"!=typeof b?tb.defineLocale(a,b):tb.localeData(a),c&&(tb.duration._locale=tb._locale=c)),tb._locale._abbr},tb.defineLocale=function(a,b){return null!==b?(b.abbr=a,Hb[a]||(Hb[a]=new j),Hb[a].set(b),tb.locale(a),Hb[a]):(delete Hb[a],null)},tb.langData=f("moment.langData is deprecated. Use moment.localeData instead.",function(a){return tb.localeData(a)}),tb.localeData=function(a){var b;if(a&&a._locale&&a._locale._abbr&&(a=a._locale._abbr),!a)return tb._locale;if(!u(a)){if(b=J(a))return b;a=[a]}return I(a)},tb.isMoment=function(a){return a instanceof k||null!=a&&c(a,"_isAMomentObject")},tb.isDuration=function(a){return a instanceof l};for(vb=rc.length-1;vb>=0;--vb)z(rc[vb]);tb.normalizeUnits=function(a){return x(a)},tb.invalid=function(a){var b=tb.utc(0/0);return null!=a?m(b._pf,a):b._pf.userInvalidated=!0,b},tb.parseZone=function(){return tb.apply(null,arguments).parseZone()},tb.parseTwoDigitYear=function(a){return A(a)+(A(a)>68?1900:2e3)},m(tb.fn=k.prototype,{clone:function(){return tb(this)},valueOf:function(){return+this._d+6e4*(this._offset||0)},unix:function(){return Math.floor(+this/1e3)},toString:function(){return this.clone().locale("en").format("ddd MMM DD YYYY HH:mm:ss [GMT]ZZ")},toDate:function(){return this._offset?new Date(+this):this._d},toISOString:function(){var a=tb(this).utc();return 0<a.year()&&a.year()<=9999?"function"==typeof Date.prototype.toISOString?this.toDate().toISOString():N(a,"YYYY-MM-DD[T]HH:mm:ss.SSS[Z]"):N(a,"YYYYYY-MM-DD[T]HH:mm:ss.SSS[Z]")},toArray:function(){var a=this;return[a.year(),a.month(),a.date(),a.hours(),a.minutes(),a.seconds(),a.milliseconds()]},isValid:function(){return G(this)},isDSTShifted:function(){return this._a?this.isValid()&&w(this._a,(this._isUTC?tb.utc(this._a):tb(this._a)).toArray())>0:!1},parsingFlags:function(){return m({},this._pf)},invalidAt:function(){return this._pf.overflow},utc:function(a){return this.zone(0,a)},local:function(a){return this._isUTC&&(this.zone(0,a),this._isUTC=!1,a&&this.add(this._dateTzOffset(),"m")),this},format:function(a){var b=N(this,a||tb.defaultFormat);return this.localeData().postformat(b)},add:s(1,"add"),subtract:s(-1,"subtract"),diff:function(a,b,c){var d,e,f,g=K(a,this),h=6e4*(this.zone()-g.zone());return b=x(b),"year"===b||"month"===b?(d=432e5*(this.daysInMonth()+g.daysInMonth()),e=12*(this.year()-g.year())+(this.month()-g.month()),f=this-tb(this).startOf("month")-(g-tb(g).startOf("month")),f-=6e4*(this.zone()-tb(this).startOf("month").zone()-(g.zone()-tb(g).startOf("month").zone())),e+=f/d,"year"===b&&(e/=12)):(d=this-g,e="second"===b?d/1e3:"minute"===b?d/6e4:"hour"===b?d/36e5:"day"===b?(d-h)/864e5:"week"===b?(d-h)/6048e5:d),c?e:o(e)},from:function(a,b){return tb.duration({to:this,from:a}).locale(this.locale()).humanize(!b)},fromNow:function(a){return this.from(tb(),a)},calendar:function(a){var b=a||tb(),c=K(b,this).startOf("day"),d=this.diff(c,"days",!0),e=-6>d?"sameElse":-1>d?"lastWeek":0>d?"lastDay":1>d?"sameDay":2>d?"nextDay":7>d?"nextWeek":"sameElse";return this.format(this.localeData().calendar(e,this,tb(b)))},isLeapYear:function(){return E(this.year())},isDST:function(){return this.zone()<this.clone().month(0).zone()||this.zone()<this.clone().month(5).zone()},day:function(a){var b=this._isUTC?this._d.getUTCDay():this._d.getDay();return null!=a?(a=eb(a,this.localeData()),this.add(a-b,"d")):b},month:ob("Month",!0),startOf:function(a){switch(a=x(a)){case"year":this.month(0);case"quarter":case"month":this.date(1);case"week":case"isoWeek":case"day":this.hours(0);case"hour":this.minutes(0);case"minute":this.seconds(0);case"second":this.milliseconds(0)}return"week"===a?this.weekday(0):"isoWeek"===a&&this.isoWeekday(1),"quarter"===a&&this.month(3*Math.floor(this.month()/3)),this},endOf:function(b){return b=x(b),b===a||"millisecond"===b?this:this.startOf(b).add(1,"isoWeek"===b?"week":b).subtract(1,"ms")},isAfter:function(a,b){var c;return b=x("undefined"!=typeof b?b:"millisecond"),"millisecond"===b?(a=tb.isMoment(a)?a:tb(a),+this>+a):(c=tb.isMoment(a)?+a:+tb(a),c<+this.clone().startOf(b))},isBefore:function(a,b){var c;return b=x("undefined"!=typeof b?b:"millisecond"),"millisecond"===b?(a=tb.isMoment(a)?a:tb(a),+a>+this):(c=tb.isMoment(a)?+a:+tb(a),+this.clone().endOf(b)<c)},isSame:function(a,b){var c;return b=x(b||"millisecond"),"millisecond"===b?(a=tb.isMoment(a)?a:tb(a),+this===+a):(c=+tb(a),+this.clone().startOf(b)<=c&&c<=+this.clone().endOf(b))},min:f("moment().min is deprecated, use moment.min instead. https://github.com/moment/moment/issues/1548",function(a){return a=tb.apply(null,arguments),this>a?this:a}),max:f("moment().max is deprecated, use moment.max instead. https://github.com/moment/moment/issues/1548",function(a){return a=tb.apply(null,arguments),a>this?this:a}),zone:function(a,b){var c,d=this._offset||0;return null==a?this._isUTC?d:this._dateTzOffset():("string"==typeof a&&(a=Q(a)),Math.abs(a)<16&&(a=60*a),!this._isUTC&&b&&(c=this._dateTzOffset()),this._offset=a,this._isUTC=!0,null!=c&&this.subtract(c,"m"),d!==a&&(!b||this._changeInProgress?t(this,tb.duration(d-a,"m"),1,!1):this._changeInProgress||(this._changeInProgress=!0,tb.updateOffset(this,!0),this._changeInProgress=null)),this)},zoneAbbr:function(){return this._isUTC?"UTC":""},zoneName:function(){return this._isUTC?"Coordinated Universal Time":""},parseZone:function(){return this._tzm?this.zone(this._tzm):"string"==typeof this._i&&this.zone(this._i),this},hasAlignedHourOffset:function(a){return a=a?tb(a).zone():0,(this.zone()-a)%60===0},daysInMonth:function(){return B(this.year(),this.month())},dayOfYear:function(a){var b=yb((tb(this).startOf("day")-tb(this).startOf("year"))/864e5)+1;return null==a?b:this.add(a-b,"d")},quarter:function(a){return null==a?Math.ceil((this.month()+1)/3):this.month(3*(a-1)+this.month()%3)},weekYear:function(a){var b=hb(this,this.localeData()._week.dow,this.localeData()._week.doy).year;return null==a?b:this.add(a-b,"y")},isoWeekYear:function(a){var b=hb(this,1,4).year;return null==a?b:this.add(a-b,"y")},week:function(a){var b=this.localeData().week(this);return null==a?b:this.add(7*(a-b),"d")},isoWeek:function(a){var b=hb(this,1,4).week;return null==a?b:this.add(7*(a-b),"d")},weekday:function(a){var b=(this.day()+7-this.localeData()._week.dow)%7;return null==a?b:this.add(a-b,"d")},isoWeekday:function(a){return null==a?this.day()||7:this.day(this.day()%7?a:a-7)},isoWeeksInYear:function(){return C(this.year(),1,4)},weeksInYear:function(){var a=this.localeData()._week;return C(this.year(),a.dow,a.doy)},get:function(a){return a=x(a),this[a]()},set:function(a,b){return a=x(a),"function"==typeof this[a]&&this[a](b),this},locale:function(b){var c;return b===a?this._locale._abbr:(c=tb.localeData(b),null!=c&&(this._locale=c),this)},lang:f("moment().lang() is deprecated. Instead, use moment().localeData() to get the language configuration. Use moment().locale() to change languages.",function(b){return b===a?this.localeData():this.locale(b)}),localeData:function(){return this._locale},_dateTzOffset:function(){return 15*Math.round(this._d.getTimezoneOffset()/15)}}),tb.fn.millisecond=tb.fn.milliseconds=ob("Milliseconds",!1),tb.fn.second=tb.fn.seconds=ob("Seconds",!1),tb.fn.minute=tb.fn.minutes=ob("Minutes",!1),tb.fn.hour=tb.fn.hours=ob("Hours",!0),tb.fn.date=ob("Date",!0),tb.fn.dates=f("dates accessor is deprecated. Use date instead.",ob("Date",!0)),tb.fn.year=ob("FullYear",!0),tb.fn.years=f("years accessor is deprecated. Use year instead.",ob("FullYear",!0)),tb.fn.days=tb.fn.day,tb.fn.months=tb.fn.month,tb.fn.weeks=tb.fn.week,tb.fn.isoWeeks=tb.fn.isoWeek,tb.fn.quarters=tb.fn.quarter,tb.fn.toJSON=tb.fn.toISOString,m(tb.duration.fn=l.prototype,{_bubble:function(){var a,b,c,d=this._milliseconds,e=this._days,f=this._months,g=this._data,h=0;g.milliseconds=d%1e3,a=o(d/1e3),g.seconds=a%60,b=o(a/60),g.minutes=b%60,c=o(b/60),g.hours=c%24,e+=o(c/24),h=o(pb(e)),e-=o(qb(h)),f+=o(e/30),e%=30,h+=o(f/12),f%=12,g.days=e,g.months=f,g.years=h},abs:function(){return this._milliseconds=Math.abs(this._milliseconds),this._days=Math.abs(this._days),this._months=Math.abs(this._months),this._data.milliseconds=Math.abs(this._data.milliseconds),this._data.seconds=Math.abs(this._data.seconds),this._data.minutes=Math.abs(this._data.minutes),this._data.hours=Math.abs(this._data.hours),this._data.months=Math.abs(this._data.months),this._data.years=Math.abs(this._data.years),this},weeks:function(){return o(this.days()/7)},valueOf:function(){return this._milliseconds+864e5*this._days+this._months%12*2592e6+31536e6*A(this._months/12)},humanize:function(a){var b=gb(this,!a,this.localeData());return a&&(b=this.localeData().pastFuture(+this,b)),this.localeData().postformat(b)},add:function(a,b){var c=tb.duration(a,b);return this._milliseconds+=c._milliseconds,this._days+=c._days,this._months+=c._months,this._bubble(),this},subtract:function(a,b){var c=tb.duration(a,b);return this._milliseconds-=c._milliseconds,this._days-=c._days,this._months-=c._months,this._bubble(),this},get:function(a){return a=x(a),this[a.toLowerCase()+"s"]()},as:function(a){var b,c;if(a=x(a),"month"===a||"year"===a)return b=this._days+this._milliseconds/864e5,c=this._months+12*pb(b),"month"===a?c:c/12;switch(b=this._days+Math.round(qb(this._months/12)),a){case"week":return b/7+this._milliseconds/6048e5;case"day":return b+this._milliseconds/864e5;case"hour":return 24*b+this._milliseconds/36e5;case"minute":return 24*b*60+this._milliseconds/6e4;case"second":return 24*b*60*60+this._milliseconds/1e3;
-case"millisecond":return Math.floor(24*b*60*60*1e3)+this._milliseconds;default:throw new Error("Unknown unit "+a)}},lang:tb.fn.lang,locale:tb.fn.locale,toIsoString:f("toIsoString() is deprecated. Please use toISOString() instead (notice the capitals)",function(){return this.toISOString()}),toISOString:function(){var a=Math.abs(this.years()),b=Math.abs(this.months()),c=Math.abs(this.days()),d=Math.abs(this.hours()),e=Math.abs(this.minutes()),f=Math.abs(this.seconds()+this.milliseconds()/1e3);return this.asSeconds()?(this.asSeconds()<0?"-":"")+"P"+(a?a+"Y":"")+(b?b+"M":"")+(c?c+"D":"")+(d||e||f?"T":"")+(d?d+"H":"")+(e?e+"M":"")+(f?f+"S":""):"P0D"},localeData:function(){return this._locale}}),tb.duration.fn.toString=tb.duration.fn.toISOString;for(vb in ic)c(ic,vb)&&rb(vb.toLowerCase());tb.duration.fn.asMilliseconds=function(){return this.as("ms")},tb.duration.fn.asSeconds=function(){return this.as("s")},tb.duration.fn.asMinutes=function(){return this.as("m")},tb.duration.fn.asHours=function(){return this.as("h")},tb.duration.fn.asDays=function(){return this.as("d")},tb.duration.fn.asWeeks=function(){return this.as("weeks")},tb.duration.fn.asMonths=function(){return this.as("M")},tb.duration.fn.asYears=function(){return this.as("y")},tb.locale("en",{ordinalParse:/\d{1,2}(th|st|nd|rd)/,ordinal:function(a){var b=a%10,c=1===A(a%100/10)?"th":1===b?"st":2===b?"nd":3===b?"rd":"th";return a+c}}),Jb?module.exports=tb:"function"==typeof define&&define.amd?(define("moment",function(a,b,c){return c.config&&c.config()&&c.config().noGlobal===!0&&(xb.moment=ub),tb}),sb(!0)):sb()}).call(this);
\ No newline at end of file
diff --git a/data/web/js/build/007-notifications.min.js b/data/web/js/build/005-notifications.min.js
similarity index 100%
rename from data/web/js/build/007-notifications.min.js
rename to data/web/js/build/005-notifications.min.js
diff --git a/data/web/js/build/006-datetime-moment.js b/data/web/js/build/006-datetime-moment.js
deleted file mode 100644
index 52b537c0..00000000
--- a/data/web/js/build/006-datetime-moment.js
+++ /dev/null
@@ -1,70 +0,0 @@
-/**
- * This plug-in for DataTables represents the ultimate option in extensibility
- * for sorting date / time strings correctly. It uses
- * [Moment.js](http://momentjs.com) to create automatic type detection and
- * sorting plug-ins for DataTables based on a given format. This way, DataTables
- * will automatically detect your temporal information and sort it correctly.
- *
- * For usage instructions, please see the DataTables blog
- * post that [introduces it](//datatables.net/blog/2014-12-18).
- *
- * @name Ultimate Date / Time sorting
- * @summary Sort date and time in any format using Moment.js
- * @author [Allan Jardine](//datatables.net)
- * @depends DataTables 1.10+, Moment.js 1.7+
- *
- * @example
- *    $.fn.dataTable.moment( 'HH:mm MMM D, YY' );
- *    $.fn.dataTable.moment( 'dddd, MMMM Do, YYYY' );
- *
- *    $('#example').DataTable();
- */
-
-(function (factory) {
-	if (typeof define === "function" && define.amd) {
-		define(["jquery", "moment", "datatables.net"], factory);
-	} else {
-		factory(jQuery, moment);
-	}
-}(function ($, moment) {
-
-function strip (d) {
-	if ( typeof d === 'string' ) {
-		// Strip HTML tags and newline characters if possible
-		d = d.replace(/(<.*?>)|(\r?\n|\r)/g, '');
-
-		// Strip out surrounding white space
-		d = d.trim();
-	}
-
-	return d;
-}
-
-$.fn.dataTable.moment = function ( format, locale, reverseEmpties ) {
-	var types = $.fn.dataTable.ext.type;
-
-	// Add type detection
-	types.detect.unshift( function ( d ) {
-		d = strip(d);
-
-		// Null and empty values are acceptable
-		if ( d === '' || d === null ) {
-			return 'moment-'+format;
-		}
-
-		return moment( d, format, locale, true ).isValid() ?
-			'moment-'+format :
-			null;
-	} );
-
-	// Add sorting method - use an integer for the sorting
-	types.order[ 'moment-'+format+'-pre' ] = function ( d ) {
-		d = strip(d);
-		
-		return !moment(d, format, locale, true).isValid() ?
-			(reverseEmpties ? -Infinity : Infinity) :
-			parseInt( moment( d, format, locale, true ).format( 'x' ), 10 );
-	};
-};
-
-}));
diff --git a/data/web/js/build/008-formcache.min.js b/data/web/js/build/006-formcache.min.js
similarity index 100%
rename from data/web/js/build/008-formcache.min.js
rename to data/web/js/build/006-formcache.min.js
diff --git a/data/web/js/build/009-chart.js b/data/web/js/build/007-chart.js
similarity index 100%
rename from data/web/js/build/009-chart.js
rename to data/web/js/build/007-chart.js
diff --git a/data/web/js/build/010-chartjs-plugin-datalabels.js b/data/web/js/build/008-chartjs-plugin-datalabels.js
similarity index 100%
rename from data/web/js/build/010-chartjs-plugin-datalabels.js
rename to data/web/js/build/008-chartjs-plugin-datalabels.js
diff --git a/data/web/js/build/011-numberedtextarea.min.js b/data/web/js/build/009-numberedtextarea.min.js
similarity index 100%
rename from data/web/js/build/011-numberedtextarea.min.js
rename to data/web/js/build/009-numberedtextarea.min.js
diff --git a/data/web/js/build/012-sha1.min.js b/data/web/js/build/010-sha1.min.js
similarity index 100%
rename from data/web/js/build/012-sha1.min.js
rename to data/web/js/build/010-sha1.min.js
diff --git a/data/web/js/build/013-api.js b/data/web/js/build/011-api.js
similarity index 100%
rename from data/web/js/build/013-api.js
rename to data/web/js/build/011-api.js
diff --git a/data/web/js/build/014-markdown-it.min.js b/data/web/js/build/012-markdown-it.min.js
similarity index 100%
rename from data/web/js/build/014-markdown-it.min.js
rename to data/web/js/build/012-markdown-it.min.js
diff --git a/data/web/js/build/015-mailcow.js b/data/web/js/build/013-mailcow.js
similarity index 96%
rename from data/web/js/build/015-mailcow.js
rename to data/web/js/build/013-mailcow.js
index 1532ee54..c734c824 100644
--- a/data/web/js/build/015-mailcow.js
+++ b/data/web/js/build/013-mailcow.js
@@ -1,354 +1,353 @@
-$(document).ready(function() {
-  // mailcow alert box generator
-  window.mailcow_alert_box = function(message, type) {
-    msg = $('<span/>').text(message).text();
-    if (type == 'danger' || type == 'info') {
-      auto_hide = 0;
-      $('#' + localStorage.getItem("add_modal")).modal('show');
-      localStorage.removeItem("add_modal");
-    } else {
-      auto_hide = 5000;
-    }
-    $.notify({message: msg},{z_index: 20000, delay: auto_hide, type: type,placement: {from: "bottom",align: "right"},animate: {enter: 'animated fadeInUp',exit: 'animated fadeOutDown'}});
-  }
-
-  $(".generate_password").click(function( event ) {
-    event.preventDefault();
-    $('[data-hibp]').trigger('input');
-    if (typeof($(this).closest("form").data('pwgen-length')) == "number") {
-      var random_passwd = GPW.pronounceable($(this).closest("form").data('pwgen-length'))
-    }
-    else {
-      var random_passwd = GPW.pronounceable(8)
-    }
-    $(this).closest("form").find('[data-pwgen-field]').attr('type', 'text');
-    $(this).closest("form").find('[data-pwgen-field]').val(random_passwd);
-  });
-  function str_rot13(str) {
-    return (str + '').replace(/[a-z]/gi, function(s){
-      return String.fromCharCode(s.charCodeAt(0) + (s.toLowerCase() < 'n' ? 13 : -13))
-    })
-  }
-  $(".rot-enc").html(function(){
-    return str_rot13($(this).html())
-  });
-  // https://stackoverflow.com/questions/4399005/implementing-jquerys-shake-effect-with-animate
-  function shake(div,interval,distance,times) {
-      if(typeof interval === 'undefined') {
-        interval = 100;
-      }
-      if(typeof distance === 'undefined') {
-        distance = 10;
-      }
-      if(typeof times === 'undefined') {
-        times = 4;
-      }
-    $(div).css('position','relative');
-    for(var iter=0;iter<(times+1);iter++){
-      $(div).animate({ left: ((iter%2==0 ? distance : distance*-1))}, interval);
-    }
-    $(div).animate({ left: 0},interval);
-  } 
-
-  // form cache
-  $('[data-cached-form="true"]').formcache({key: $(this).data('id')});
-
-  //  tooltips
-  $(function () {
-    $('[data-bs-toggle="tooltip"]').tooltip()
-  });
-
-  // remember last navigation pill
-  (function () {
-    'use strict';
-      // remember desktop tabs
-      $('button[data-bs-toggle="tab"]').on('click', function (e) {
-        if ($(this).data('dont-remember') == 1) {
-          return true;
-        }
-        var id = $(this).parents('[role="tablist"]').attr('id');
-        var key = 'lastTag';
-        if (id) {
-          key += ':' + id;
-        }
-
-        var tab_id = $(e.target).attr('data-bs-target').substring(1);
-        localStorage.setItem(key, tab_id);
-      });
-      // remember mobile tabs
-      $('button[data-bs-target^="#collapse-tab-"]').on('click', function (e) {
-        // only remember tab if its being opened
-        if ($(this).hasClass('collapsed')) return false;
-        var tab_id = $(this).closest('div[role="tabpanel"]').attr('id');
-
-        if ($(this).data('dont-remember') == 1) {
-          return true;
-        }
-        var id = $(this).parents('[role="tablist"]').attr('id');;
-        var key = 'lastTag';
-        if (id) {
-          key += ':' + id;
-        }
-
-        localStorage.setItem(key, tab_id);
-      });
-      // open last tab
-      $('[role="tablist"]').each(function (idx, elem) {
-        var id = $(elem).attr('id');
-        var key = 'lastTag';
-        if (id) {
-          key += ':' + id;
-        }
-        var lastTab = localStorage.getItem(key);
-        if (lastTab) {
-          $('[data-bs-target="#' + lastTab + '"]').click();
-          var tab = $('[id^="' + lastTab + '"]');
-          $(tab).find('.card-body.collapse').collapse('show');
-        }
-      });
-  })();
-
-  // IE fix to hide scrollbars when table body is empty
-  $('tbody').filter(function (index) {
-    return $(this).children().length < 1;
-  }).remove();
-
-  // selectpicker
-  $('select').selectpicker({
-    'styleBase': 'btn btn-xs-lg',
-    'noneSelectedText': lang_footer.nothing_selected
-  });
-
-  // haveibeenpwned and passwd policy
-  $.ajax({
-    url: '/api/v1/get/passwordpolicy/html',
-    type: 'GET',
-    success: function(res) {
-      $(".hibp-out").after(res);
-    }
-  });
-  $('[data-hibp]').after('<p class="small haveibeenpwned"><i class="bi bi-shield-fill-exclamation"></i> ' + lang_footer.hibp_check + '</p><span class="hibp-out"></span>');
-  $('[data-hibp]').on('input', function() {
-    out_field = $(this).next('.haveibeenpwned').next('.hibp-out').text('').attr('class', 'hibp-out');
-  });
-  $('.haveibeenpwned:not(.task-running)').on('click', function() {
-    var hibp_field = $(this)
-    $(hibp_field).addClass('task-running');
-    var hibp_result = $(hibp_field).next('.hibp-out')
-    var password_field = $(this).prev('[data-hibp]')
-    if ($(password_field).val() == '') {
-      shake(password_field);
-    }
-    else {
-      $(hibp_result).attr('class', 'hibp-out badge fs-5 bg-info');
-      $(hibp_result).text(lang_footer.loading);
-      var password_digest = $.sha1($(password_field).val())
-      var digest_five = password_digest.substring(0, 5).toUpperCase();
-      var queryURL = "https://api.pwnedpasswords.com/range/" + digest_five;
-      var compl_digest = password_digest.substring(5, 41).toUpperCase();
-      $.ajax({
-        url: queryURL,
-        type: 'GET',
-        success: function(res) {
-          if (res.search(compl_digest) > -1){
-            $(hibp_result).removeClass('badge fs-5 bg-info').addClass('badge fs-5 bg-danger');
-            $(hibp_result).text(lang_footer.hibp_nok)
-          } else {
-            $(hibp_result).removeClass('badge fs-5 bg-info').addClass('badge fs-5 bg-success');
-            $(hibp_result).text(lang_footer.hibp_ok)
-          }
-          $(hibp_field).removeClass('task-running');
-        },
-        error: function(xhr, status, error) {
-          $(hibp_result).removeClass('badge fs-5 bg-info').addClass('badge fs-5 bg-warning');
-          $(hibp_result).text('API error: ' + xhr.responseText)
-          $(hibp_field).removeClass('task-running');
-        }
-      });
-    }
-  });
-
-  // Disable disallowed inputs
-  $('[data-acl="0"]').each(function(event){
-    if ($(this).is("a")) {
-      $(this).removeAttr("data-bs-toggle");
-      $(this).removeAttr("data-bs-target");
-      $(this).removeAttr("data-action");
-      $(this).click(function(event) {
-        event.preventDefault();
-      });
-    }
-    if ($(this).is("select")) {
-      $(this).selectpicker('destroy');
-      $(this).replaceWith(function() {
-        return '<label class="control-label"><b>' + this.innerText + '</b></label>';
-      });
-    }
-    if ($(this).hasClass('btn-group')) {
-      $(this).find('a').each(function(){
-        $(this).removeClass('dropdown-toggle')
-          .removeAttr('data-bs-toggle')
-          .removeAttr('data-bs-target')
-          .removeAttr('data-action')
-          .removeAttr('id')
-          .attr("disabled", true);
-        $(this).click(function(event) {
-          event.preventDefault();
-          return;
-        });
-      });
-      $(this).find('button').each(function() {
-        $(this).attr("disabled", true);
-      });
-    } else if ($(this).hasClass('input-group')) {
-      $(this).find('input').each(function() {
-        $(this).removeClass('dropdown-toggle')
-          .removeAttr('data-bs-toggle')
-          .attr("disabled", true);
-        $(this).click(function(event) {
-          event.preventDefault();
-        });
-      });
-      $(this).find('button').each(function() {
-        $(this).attr("disabled", true);
-      });
-    } else if ($(this).hasClass('form-group')) {
-      $(this).find('input').each(function() {
-        $(this).attr("disabled", true);
-      });
-    } else if ($(this).hasClass('btn')) {
-      $(this).attr("disabled", true);
-    } else if ($(this).attr('data-provide') == 'slider') {
-      $(this).attr('disabled', true);
-    } else if ($(this).is(':checkbox')) {
-      $(this).attr("disabled", true);
-    }
-    $(this).data("toggle", "tooltip");
-    $(this).attr("title", lang_acl.prohibited);
-    $(this).tooltip();
-  });
-
-  // disable submit after submitting form (not API driven buttons)
-  $('form').submit(function() {
-    if ($('form button[type="submit"]').data('submitted') == '1') {
-      return false;
-    } else {
-      $(this).find('button[type="submit"]').first().text(lang_footer.loading);
-      $('form button[type="submit"]').attr('data-submitted', '1');
-      function disableF5(e) { if ((e.which || e.keyCode) == 116 || (e.which || e.keyCode) == 82) e.preventDefault(); };
-      $(document).on("keydown", disableF5);
-    }
-  });
-  // Textarea line numbers
-  $(".textarea-code").numberedtextarea({allowTabChar: true});
-  // trigger container restart
-  $('#RestartContainer').on('show.bs.modal', function(e) {
-    var container = $(e.relatedTarget).data('container');
-    $('#containerName').text(container);
-    $('#triggerRestartContainer').click(function(){
-      $(this).prop("disabled",true);
-      $(this).html('<div class="spinner-border text-white" role="status"><span class="visually-hidden">Loading...</span></div>');
-      $('#statusTriggerRestartContainer').html(lang_footer.restarting_container);
-      $.ajax({
-        method: 'get',
-        url: '/inc/ajax/container_ctrl.php',
-        timeout: docker_timeout,
-        data: {
-        'service': container,
-        'action': 'restart'
-        }
-      })
-      .always( function (data, status) {
-        $('#statusTriggerRestartContainer').append(data);
-        var htmlResponse = $.parseHTML(data)
-        if ($(htmlResponse).find('span').hasClass('text-success')) {
-          $('#triggerRestartContainer').html('<i class="bi bi-check-lg"></i> ');
-          setTimeout(function(){
-            $('#RestartContainer').modal('toggle');
-            window.location = window.location.href.split("#")[0];
-          }, 1200);
-        } else {
-          $('#triggerRestartContainer').html('<i class="bi bi-slash-lg"></i> ');
-        }
-      })
-    });
-  })
-
-  // Jquery Datatables, enable responsive plugin and date sort plugin
-  $.extend($.fn.dataTable.defaults, {
-    responsive: true
-  });
-  $.fn.dataTable.moment('dd:mm:YYYY');
-
-  // tag boxes
-  $('.tag-box .tag-add').click(function(){
-    addTag(this);
-  });
-  $(".tag-box .tag-input").keydown(function (e) {
-    if (e.which == 13){
-      e.preventDefault();
-      addTag(this);
-    } 
-  });
-
-  // Dark Mode Loader
-  $('#dark-mode-toggle').click(toggleDarkMode);
-  if ($('#dark-mode-theme').length) {
-    $('#dark-mode-toggle').prop('checked', true);
-    if ($('#rspamd_logo').length) $('#rspamd_logo').attr('src', '/img/rspamd_logo_light.png');
-    if ($('#rspamd_logo_sm').length) $('#rspamd_logo_sm').attr('src', '/img/rspamd_logo_light.png');
-  }
-  function toggleDarkMode(){
-    if($('#dark-mode-theme').length){
-      $('#dark-mode-theme').remove();
-      $('#dark-mode-toggle').prop('checked', false);
-      if ($('#rspamd_logo').length) $('#rspamd_logo').attr('src', '/img/rspamd_logo_dark.png');
-      if ($('#rspamd_logo_sm').length) $('#rspamd_logo_sm').attr('src', '/img/rspamd_logo_dark.png');
-      localStorage.setItem('theme', 'light');
-    }else{
-      $('head').append('<link id="dark-mode-theme" rel="stylesheet" type="text/css" href="/css/themes/mailcow-darkmode.css">');
-      $('#dark-mode-toggle').prop('checked', true);
-      if ($('#rspamd_logo').length) $('#rspamd_logo').attr('src', '/img/rspamd_logo_light.png');
-      if ($('#rspamd_logo_sm').length) $('#rspamd_logo_sm').attr('src', '/img/rspamd_logo_light.png');
-      localStorage.setItem('theme', 'dark');
-    }
-  }
-});
-
-
-// https://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
-function escapeHtml(n){var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"}; return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
-function unescapeHtml(t){var n={"&amp;":"&","&lt;":"<","&gt;":">","&quot;":'"',"&#39;":"'","&#x2F;":"/","&#x60;":"`","&#x3D;":"="};return String(t).replace(/&amp;|&lt;|&gt;|&quot;|&#39;|&#x2F|&#x60|&#x3D;/g,function(t){return n[t]})}
-
-function addTag(tagAddElem, tag = null){
-  var tagboxElem = $(tagAddElem).parent();
-  var tagInputElem = $(tagboxElem).find(".tag-input")[0];
-  var tagValuesElem = $(tagboxElem).find(".tag-values")[0];
-
-  if (!tag)
-    tag = $(tagInputElem).val();
-  if (!tag) return;
-  var value_tags = [];
-  try {
-    value_tags = JSON.parse($(tagValuesElem).val());
-  } catch {}
-  if (!Array.isArray(value_tags)) value_tags = [];
-  if (value_tags.includes(tag)) return;
-
-  $('<span class="badge bg-primary tag-badge btn-badge"><i class="bi bi-tag-fill"></i> ' + escapeHtml(tag) + '</span>').insertBefore('.tag-input').click(function(){
-    var del_tag = unescapeHtml($(this).text());
-    var del_tags = [];
-    try {
-      del_tags = JSON.parse($(tagValuesElem).val());
-    } catch {}
-    if (Array.isArray(del_tags)){
-      del_tags.splice(del_tags.indexOf(del_tag), 1);
-      $(tagValuesElem).val(JSON.stringify(del_tags));
-    }
-    $(this).remove();
-  });
-
-  value_tags.push(tag);
-  $(tagValuesElem).val(JSON.stringify(value_tags));
-  $(tagInputElem).val('');
-}
\ No newline at end of file
+$(document).ready(function() {
+  // mailcow alert box generator
+  window.mailcow_alert_box = function(message, type) {
+    msg = $('<span/>').text(message).text();
+    if (type == 'danger' || type == 'info') {
+      auto_hide = 0;
+      $('#' + localStorage.getItem("add_modal")).modal('show');
+      localStorage.removeItem("add_modal");
+    } else {
+      auto_hide = 5000;
+    }
+    $.notify({message: msg},{z_index: 20000, delay: auto_hide, type: type,placement: {from: "bottom",align: "right"},animate: {enter: 'animated fadeInUp',exit: 'animated fadeOutDown'}});
+  }
+
+  $(".generate_password").click(function( event ) {
+    event.preventDefault();
+    $('[data-hibp]').trigger('input');
+    if (typeof($(this).closest("form").data('pwgen-length')) == "number") {
+      var random_passwd = GPW.pronounceable($(this).closest("form").data('pwgen-length'))
+    }
+    else {
+      var random_passwd = GPW.pronounceable(8)
+    }
+    $(this).closest("form").find('[data-pwgen-field]').attr('type', 'text');
+    $(this).closest("form").find('[data-pwgen-field]').val(random_passwd);
+  });
+  function str_rot13(str) {
+    return (str + '').replace(/[a-z]/gi, function(s){
+      return String.fromCharCode(s.charCodeAt(0) + (s.toLowerCase() < 'n' ? 13 : -13))
+    })
+  }
+  $(".rot-enc").html(function(){
+    return str_rot13($(this).html())
+  });
+  // https://stackoverflow.com/questions/4399005/implementing-jquerys-shake-effect-with-animate
+  function shake(div,interval,distance,times) {
+      if(typeof interval === 'undefined') {
+        interval = 100;
+      }
+      if(typeof distance === 'undefined') {
+        distance = 10;
+      }
+      if(typeof times === 'undefined') {
+        times = 4;
+      }
+    $(div).css('position','relative');
+    for(var iter=0;iter<(times+1);iter++){
+      $(div).animate({ left: ((iter%2==0 ? distance : distance*-1))}, interval);
+    }
+    $(div).animate({ left: 0},interval);
+  }
+
+  // form cache
+  $('[data-cached-form="true"]').formcache({key: $(this).data('id')});
+
+  //  tooltips
+  $(function () {
+    $('[data-bs-toggle="tooltip"]').tooltip()
+  });
+
+  // remember last navigation pill
+  (function () {
+    'use strict';
+      // remember desktop tabs
+      $('button[data-bs-toggle="tab"]').on('click', function (e) {
+        if ($(this).data('dont-remember') == 1) {
+          return true;
+        }
+        var id = $(this).parents('[role="tablist"]').attr('id');
+        var key = 'lastTag';
+        if (id) {
+          key += ':' + id;
+        }
+
+        var tab_id = $(e.target).attr('data-bs-target').substring(1);
+        localStorage.setItem(key, tab_id);
+      });
+      // remember mobile tabs
+      $('button[data-bs-target^="#collapse-tab-"]').on('click', function (e) {
+        // only remember tab if its being opened
+        if ($(this).hasClass('collapsed')) return false;
+        var tab_id = $(this).closest('div[role="tabpanel"]').attr('id');
+
+        if ($(this).data('dont-remember') == 1) {
+          return true;
+        }
+        var id = $(this).parents('[role="tablist"]').attr('id');;
+        var key = 'lastTag';
+        if (id) {
+          key += ':' + id;
+        }
+
+        localStorage.setItem(key, tab_id);
+      });
+      // open last tab
+      $('[role="tablist"]').each(function (idx, elem) {
+        var id = $(elem).attr('id');
+        var key = 'lastTag';
+        if (id) {
+          key += ':' + id;
+        }
+        var lastTab = localStorage.getItem(key);
+        if (lastTab) {
+          $('[data-bs-target="#' + lastTab + '"]').click();
+          var tab = $('[id^="' + lastTab + '"]');
+          $(tab).find('.card-body.collapse').collapse('show');
+        }
+      });
+  })();
+
+  // IE fix to hide scrollbars when table body is empty
+  $('tbody').filter(function (index) {
+    return $(this).children().length < 1;
+  }).remove();
+
+  // selectpicker
+  $('select').selectpicker({
+    'styleBase': 'btn btn-xs-lg',
+    'noneSelectedText': lang_footer.nothing_selected
+  });
+
+  // haveibeenpwned and passwd policy
+  $.ajax({
+    url: '/api/v1/get/passwordpolicy/html',
+    type: 'GET',
+    success: function(res) {
+      $(".hibp-out").after(res);
+    }
+  });
+  $('[data-hibp]').after('<p class="small haveibeenpwned"><i class="bi bi-shield-fill-exclamation"></i> ' + lang_footer.hibp_check + '</p><span class="hibp-out"></span>');
+  $('[data-hibp]').on('input', function() {
+    out_field = $(this).next('.haveibeenpwned').next('.hibp-out').text('').attr('class', 'hibp-out');
+  });
+  $('.haveibeenpwned:not(.task-running)').on('click', function() {
+    var hibp_field = $(this)
+    $(hibp_field).addClass('task-running');
+    var hibp_result = $(hibp_field).next('.hibp-out')
+    var password_field = $(this).prev('[data-hibp]')
+    if ($(password_field).val() == '') {
+      shake(password_field);
+    }
+    else {
+      $(hibp_result).attr('class', 'hibp-out badge fs-5 bg-info');
+      $(hibp_result).text(lang_footer.loading);
+      var password_digest = $.sha1($(password_field).val())
+      var digest_five = password_digest.substring(0, 5).toUpperCase();
+      var queryURL = "https://api.pwnedpasswords.com/range/" + digest_five;
+      var compl_digest = password_digest.substring(5, 41).toUpperCase();
+      $.ajax({
+        url: queryURL,
+        type: 'GET',
+        success: function(res) {
+          if (res.search(compl_digest) > -1){
+            $(hibp_result).removeClass('badge fs-5 bg-info').addClass('badge fs-5 bg-danger');
+            $(hibp_result).text(lang_footer.hibp_nok)
+          } else {
+            $(hibp_result).removeClass('badge fs-5 bg-info').addClass('badge fs-5 bg-success');
+            $(hibp_result).text(lang_footer.hibp_ok)
+          }
+          $(hibp_field).removeClass('task-running');
+        },
+        error: function(xhr, status, error) {
+          $(hibp_result).removeClass('badge fs-5 bg-info').addClass('badge fs-5 bg-warning');
+          $(hibp_result).text('API error: ' + xhr.responseText)
+          $(hibp_field).removeClass('task-running');
+        }
+      });
+    }
+  });
+
+  // Disable disallowed inputs
+  $('[data-acl="0"]').each(function(event){
+    if ($(this).is("a")) {
+      $(this).removeAttr("data-bs-toggle");
+      $(this).removeAttr("data-bs-target");
+      $(this).removeAttr("data-action");
+      $(this).click(function(event) {
+        event.preventDefault();
+      });
+    }
+    if ($(this).is("select")) {
+      $(this).selectpicker('destroy');
+      $(this).replaceWith(function() {
+        return '<label class="control-label"><b>' + this.innerText + '</b></label>';
+      });
+    }
+    if ($(this).hasClass('btn-group')) {
+      $(this).find('a').each(function(){
+        $(this).removeClass('dropdown-toggle')
+          .removeAttr('data-bs-toggle')
+          .removeAttr('data-bs-target')
+          .removeAttr('data-action')
+          .removeAttr('id')
+          .attr("disabled", true);
+        $(this).click(function(event) {
+          event.preventDefault();
+          return;
+        });
+      });
+      $(this).find('button').each(function() {
+        $(this).attr("disabled", true);
+      });
+    } else if ($(this).hasClass('input-group')) {
+      $(this).find('input').each(function() {
+        $(this).removeClass('dropdown-toggle')
+          .removeAttr('data-bs-toggle')
+          .attr("disabled", true);
+        $(this).click(function(event) {
+          event.preventDefault();
+        });
+      });
+      $(this).find('button').each(function() {
+        $(this).attr("disabled", true);
+      });
+    } else if ($(this).hasClass('form-group')) {
+      $(this).find('input').each(function() {
+        $(this).attr("disabled", true);
+      });
+    } else if ($(this).hasClass('btn')) {
+      $(this).attr("disabled", true);
+    } else if ($(this).attr('data-provide') == 'slider') {
+      $(this).attr('disabled', true);
+    } else if ($(this).is(':checkbox')) {
+      $(this).attr("disabled", true);
+    }
+    $(this).data("toggle", "tooltip");
+    $(this).attr("title", lang_acl.prohibited);
+    $(this).tooltip();
+  });
+
+  // disable submit after submitting form (not API driven buttons)
+  $('form').submit(function() {
+    if ($('form button[type="submit"]').data('submitted') == '1') {
+      return false;
+    } else {
+      $(this).find('button[type="submit"]').first().text(lang_footer.loading);
+      $('form button[type="submit"]').attr('data-submitted', '1');
+      function disableF5(e) { if ((e.which || e.keyCode) == 116 || (e.which || e.keyCode) == 82) e.preventDefault(); };
+      $(document).on("keydown", disableF5);
+    }
+  });
+  // Textarea line numbers
+  $(".textarea-code").numberedtextarea({allowTabChar: true});
+  // trigger container restart
+  $('#RestartContainer').on('show.bs.modal', function(e) {
+    var container = $(e.relatedTarget).data('container');
+    $('#containerName').text(container);
+    $('#triggerRestartContainer').click(function(){
+      $(this).prop("disabled",true);
+      $(this).html('<div class="spinner-border text-white" role="status"><span class="visually-hidden">Loading...</span></div>');
+      $('#statusTriggerRestartContainer').html(lang_footer.restarting_container);
+      $.ajax({
+        method: 'get',
+        url: '/inc/ajax/container_ctrl.php',
+        timeout: docker_timeout,
+        data: {
+        'service': container,
+        'action': 'restart'
+        }
+      })
+      .always( function (data, status) {
+        $('#statusTriggerRestartContainer').append(data);
+        var htmlResponse = $.parseHTML(data)
+        if ($(htmlResponse).find('span').hasClass('text-success')) {
+          $('#triggerRestartContainer').html('<i class="bi bi-check-lg"></i> ');
+          setTimeout(function(){
+            $('#RestartContainer').modal('toggle');
+            window.location = window.location.href.split("#")[0];
+          }, 1200);
+        } else {
+          $('#triggerRestartContainer').html('<i class="bi bi-slash-lg"></i> ');
+        }
+      })
+    });
+  })
+
+  // Jquery Datatables, enable responsive plugin
+  $.extend($.fn.dataTable.defaults, {
+    responsive: true
+  });
+
+  // tag boxes
+  $('.tag-box .tag-add').click(function(){
+    addTag(this);
+  });
+  $(".tag-box .tag-input").keydown(function (e) {
+    if (e.which == 13){
+      e.preventDefault();
+      addTag(this);
+    }
+  });
+
+  // Dark Mode Loader
+  $('#dark-mode-toggle').click(toggleDarkMode);
+  if ($('#dark-mode-theme').length) {
+    $('#dark-mode-toggle').prop('checked', true);
+    if ($('#rspamd_logo').length) $('#rspamd_logo').attr('src', '/img/rspamd_logo_light.png');
+    if ($('#rspamd_logo_sm').length) $('#rspamd_logo_sm').attr('src', '/img/rspamd_logo_light.png');
+  }
+  function toggleDarkMode(){
+    if($('#dark-mode-theme').length){
+      $('#dark-mode-theme').remove();
+      $('#dark-mode-toggle').prop('checked', false);
+      if ($('#rspamd_logo').length) $('#rspamd_logo').attr('src', '/img/rspamd_logo_dark.png');
+      if ($('#rspamd_logo_sm').length) $('#rspamd_logo_sm').attr('src', '/img/rspamd_logo_dark.png');
+      localStorage.setItem('theme', 'light');
+    }else{
+      $('head').append('<link id="dark-mode-theme" rel="stylesheet" type="text/css" href="/css/themes/mailcow-darkmode.css">');
+      $('#dark-mode-toggle').prop('checked', true);
+      if ($('#rspamd_logo').length) $('#rspamd_logo').attr('src', '/img/rspamd_logo_light.png');
+      if ($('#rspamd_logo_sm').length) $('#rspamd_logo_sm').attr('src', '/img/rspamd_logo_light.png');
+      localStorage.setItem('theme', 'dark');
+    }
+  }
+});
+
+
+// https://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
+function escapeHtml(n){var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"}; return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
+function unescapeHtml(t){var n={"&amp;":"&","&lt;":"<","&gt;":">","&quot;":'"',"&#39;":"'","&#x2F;":"/","&#x60;":"`","&#x3D;":"="};return String(t).replace(/&amp;|&lt;|&gt;|&quot;|&#39;|&#x2F|&#x60|&#x3D;/g,function(t){return n[t]})}
+
+function addTag(tagAddElem, tag = null){
+  var tagboxElem = $(tagAddElem).parent();
+  var tagInputElem = $(tagboxElem).find(".tag-input")[0];
+  var tagValuesElem = $(tagboxElem).find(".tag-values")[0];
+
+  if (!tag)
+    tag = $(tagInputElem).val();
+  if (!tag) return;
+  var value_tags = [];
+  try {
+    value_tags = JSON.parse($(tagValuesElem).val());
+  } catch {}
+  if (!Array.isArray(value_tags)) value_tags = [];
+  if (value_tags.includes(tag)) return;
+
+  $('<span class="badge bg-primary tag-badge btn-badge"><i class="bi bi-tag-fill"></i> ' + escapeHtml(tag) + '</span>').insertBefore('.tag-input').click(function(){
+    var del_tag = unescapeHtml($(this).text());
+    var del_tags = [];
+    try {
+      del_tags = JSON.parse($(tagValuesElem).val());
+    } catch {}
+    if (Array.isArray(del_tags)){
+      del_tags.splice(del_tags.indexOf(del_tag), 1);
+      $(tagValuesElem).val(JSON.stringify(del_tags));
+    }
+    $(this).remove();
+  });
+
+  value_tags.push(tag);
+  $(tagValuesElem).val(JSON.stringify(value_tags));
+  $(tagInputElem).val('');
+}
diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index 8c409022..c44cbbc1 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -1,1533 +1,1530 @@
-$(document).ready(function() {
-  // Parse seconds ago to date
-  // Get "now" timestamp
-  var ts_now = Math.round((new Date()).getTime() / 1000);
-  $('.parse_s_ago').each(function(i, parse_s_ago) {
-    var started_s_ago = parseInt($(this).text(), 10);
-    if (typeof started_s_ago != 'NaN') {
-      var started_date = new Date((ts_now - started_s_ago) * 1000);
-      if (started_date instanceof Date && !isNaN(started_date)) {
-        var started_local_date = started_date.toLocaleDateString(undefined, {
-          year: "numeric",
-          month: "2-digit",
-          day: "2-digit",
-          hour: "2-digit",
-          minute: "2-digit",
-          second: "2-digit"
-        });
-        $(this).text(started_local_date);
-      } else {
-        $(this).text('-');
-      }
-    }
-  });
-  // Parse general dates
-  $('.parse_date').each(function(i, parse_date) {
-    var started_date = new Date(Date.parse($(this).text()));
-    if (typeof started_date != 'NaN') {
-      var started_local_date = started_date.toLocaleDateString(undefined, {
-        year: "numeric",
-        month: "2-digit",
-        day: "2-digit",
-        hour: "2-digit",
-        minute: "2-digit",
-        second: "2-digit"
-      });
-      $(this).text(started_local_date);
-    }
-  });
-
-  // set update loop container list
-  containersToUpdate = {}
-  // set default ChartJs Font Color
-  Chart.defaults.color = '#999';
-  // create host cpu and mem charts
-  createHostCpuAndMemChart();
-  // check for new version
-  if (mailcow_info.branch === "master"){
-    check_update(mailcow_info.version_tag, mailcow_info.project_url);
-  }
-  $("#maiclow_version").click(function(){
-    if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin" ||
-       mailcow_info.branch !== "master")
-      return;
-
-    showVersionModal("Version " + mailcow_info.version_tag, mailcow_info.version_tag);
-  })
-  // get public ips
-  get_public_ips();
-  update_container_stats();
-});
-jQuery(function($){
-  if (localStorage.getItem("current_page") === null) {
-    var current_page = {};
-  } else {
-    var current_page = JSON.parse(localStorage.getItem('current_page'));
-  }
-  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
-  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
-  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
-  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
-  function hashCode(t){for(var n=0,r=0;r<t.length;r++)n=t.charCodeAt(r)+((n<<5)-n);return n}
-  function intToRGB(t){var n=(16777215&t).toString(16).toUpperCase();return"00000".substring(0,6-n.length)+n}
-  $(".refresh_table").on('click', function(e) {
-    e.preventDefault();
-    var table_name = $(this).data('table');
-    $('#' + table_name).DataTable().ajax.reload();
-  });
-  function draw_autodiscover_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#autodiscover_log') ) {
-      $('#autodiscover_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#autodiscover_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/autodiscover/100",
-        dataSrc: function(data){
-          return process_table_data(data, 'autodiscover_log');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          responsivePriority: 1,
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: 'User-Agent',
-          data: 'ua',
-          defaultContent: '',
-          className: 'dtr-col-md',
-          responsivePriority: 5
-        },
-        {
-          title: 'Username',
-          data: 'user',
-          defaultContent: '',
-          responsivePriority: 4
-        },
-        {
-          title: 'IP',
-          data: 'ip',
-          defaultContent: '',
-          responsivePriority: 2
-        },
-        {
-          title: 'Service',
-          data: 'service',
-          defaultContent: '',
-          responsivePriority: 3
-        }
-      ]
-    });
-  }
-  function draw_postfix_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#postfix_log') ) {
-      $('#postfix_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#postfix_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/postfix",
-        dataSrc: function(data){
-          return process_table_data(data, 'general_syslog');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.priority,
-          data: 'priority',
-          defaultContent: ''
-        },
-        {
-          title: lang.message,
-          data: 'message',
-          defaultContent: '',
-          className: 'dtr-col-md text-break'
-        }
-      ]
-    });
-  }
-  function draw_watchdog_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#watchdog_log') ) {
-      $('#watchdog_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#watchdog_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/watchdog",
-        dataSrc: function(data){
-          return process_table_data(data, 'watchdog');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: 'Service',
-          data: 'service',
-          defaultContent: ''
-        },
-        {
-          title: 'Trend',
-          data: 'trend',
-          defaultContent: ''
-        },
-        {
-          title: lang.message,
-          data: 'message',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-  function draw_api_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#api_log') ) {
-      $('#api_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#api_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/api",
-        dataSrc: function(data){
-          return process_table_data(data, 'apilog');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: 'URI',
-          data: 'uri',
-          defaultContent: '',
-          className: 'dtr-col-md dtr-break-all'
-        },
-        {
-          title: 'Method',
-          data: 'method',
-          defaultContent: ''
-        },
-        {
-          title: 'IP',
-          data: 'remote',
-          defaultContent: ''
-        },
-        {
-          title: 'Data',
-          data: 'data',
-          defaultContent: '',
-          className: 'dtr-col-md dtr-break-all'
-        }
-      ]
-    });
-  }
-  function draw_rl_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#rl_log') ) {
-      $('#rl_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#rl_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/ratelimited",
-        dataSrc: function(data){
-          return process_table_data(data, 'rllog');
-        }
-      },
-      columns: [
-        {
-          title: ' ',
-          data: 'indicator',
-          defaultContent: ''
-        },
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.rate_name,
-          data: 'rl_name',
-          defaultContent: ''
-        },
-        {
-          title: lang.sender,
-          data: 'from',
-          defaultContent: ''
-        },
-        {
-          title: lang.recipients,
-          data: 'rcpt',
-          defaultContent: ''
-        },
-        {
-          title: lang.authed_user,
-          data: 'user',
-          defaultContent: ''
-        },
-        {
-          title: 'Msg ID',
-          data: 'message_id',
-          defaultContent: ''
-        },
-        {
-          title: 'Header From',
-          data: 'header_from',
-          defaultContent: ''
-        },
-        {
-          title: 'Subject',
-          data: 'header_subject',
-          defaultContent: ''
-        },
-        {
-          title: 'Hash',
-          data: 'rl_hash',
-          defaultContent: ''
-        },
-        {
-          title: 'Rspamd QID',
-          data: 'qid',
-          defaultContent: ''
-        },
-        {
-          title: 'IP',
-          data: 'ip',
-          defaultContent: ''
-        },
-        {
-          title: lang.action,
-          data: 'action',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-  function draw_ui_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#ui_logs') ) {
-      $('#ui_logs').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#ui_logs').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/ui",
-        dataSrc: function(data){
-          return process_table_data(data, 'mailcow_ui');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: 'Type',
-          data: 'type',
-          defaultContent: ''
-        },
-        {
-          title: 'Task',
-          data: 'task',
-          defaultContent: ''
-        },
-        {
-          title: 'User',
-          data: 'user',
-          defaultContent: '',
-          className: 'dtr-col-sm'
-        },
-        {
-          title: 'Role',
-          data: 'role',
-          defaultContent: '',
-          className: 'dtr-col-sm'
-        },
-        {
-          title: 'IP',
-          data: 'remote',
-          defaultContent: '',
-          className: 'dtr-col-md dtr-break-all'
-        },
-        {
-          title: lang.message,
-          data: 'msg',
-          defaultContent: '',
-          className: 'dtr-col-md dtr-break-all'
-        },
-        {
-          title: 'Call',
-          data: 'call',
-          defaultContent: '',
-          className: 'none dtr-col-md dtr-break-all'
-        }
-      ]
-    });
-  }
-  function draw_sasl_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#sasl_logs') ) {
-      $('#sasl_logs').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#sasl_logs').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/sasl",
-        dataSrc: function(data){
-          return process_table_data(data, 'sasl_log_table');
-        }
-      },
-      columns: [
-        {
-          title: lang.username,
-          data: 'username',
-          defaultContent: ''
-        },
-        {
-          title: lang.service,
-          data: 'service',
-          defaultContent: ''
-        },
-        {
-          title: 'IP',
-          data: 'real_rip',
-          defaultContent: '',
-          className: 'dtr-col-md text-break'
-        },
-        {
-          title: lang.login_time,
-          data: 'datetime',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data.replace(/-/g, "/")); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        }
-      ]
-    });
-  }
-  function draw_acme_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#acme_log') ) {
-      $('#acme_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#acme_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/acme",
-        dataSrc: function(data){
-          return process_table_data(data, 'general_syslog');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.message,
-          data: 'message',
-          defaultContent: '',
-          className: 'dtr-col-md dtr-break-all'
-        }
-      ]
-    });
-  }
-  function draw_netfilter_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#netfilter_log') ) {
-      $('#netfilter_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#netfilter_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/netfilter",
-        dataSrc: function(data){
-          return process_table_data(data, 'general_syslog');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.priority,
-          data: 'priority',
-          defaultContent: ''
-        },
-        {
-          title: lang.message,
-          data: 'message',
-          defaultContent: '',
-          className: 'dtr-col-md text-break'
-        }
-      ]
-    });
-  }
-  function draw_sogo_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#sogo_log') ) {
-      $('#sogo_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#sogo_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/sogo",
-        dataSrc: function(data){
-          return process_table_data(data, 'general_syslog');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.priority,
-          data: 'priority',
-          defaultContent: ''
-        },
-        {
-          title: lang.message,
-          data: 'message',
-          defaultContent: '',
-          className: 'dtr-col-md text-break'
-        }
-      ]
-    });
-  }
-  function draw_dovecot_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#dovecot_log') ) {
-      $('#dovecot_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#dovecot_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/dovecot",
-        dataSrc: function(data){
-          return process_table_data(data, 'general_syslog');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.priority,
-          data: 'priority',
-          defaultContent: ''
-        },
-        {
-          title: lang.message,
-          data: 'message',
-          defaultContent: '',
-          className: 'dtr-col-md text-break'
-        }
-      ]
-    });
-  }
-  function rspamd_pie_graph() {
-    $.ajax({
-      url: '/api/v1/get/rspamd/actions',
-      async: true,
-      success: function(data){
-        console.log(data);
-
-        var total = 0;
-        $(data).map(function(){total += this[1];});
-        var labels = $.makeArray($(data).map(function(){return this[0] + ' ' + Math.round(this[1]/total * 100) + '%';}));
-        var values = $.makeArray($(data).map(function(){return this[1];}));
-        console.log(values);
-
-        var graphdata = {
-          labels: labels,
-          datasets: [{
-            data: values,
-            backgroundColor: ['#DC3023', '#59ABE3', '#FFA400', '#FFA400', '#26A65B']
-          }]
-        };
-
-        var options = {
-          responsive: true,
-          maintainAspectRatio: false,
-          plugins: {
-            datalabels: {
-              color: '#FFF',
-              font: {
-                weight: 'bold'
-              },
-              display: function(context) {
-                return context.dataset.data[context.dataIndex] !== 0;
-              },
-              formatter: function(value, context) {
-                return Math.round(value/total*100) + '%';
-              }
-            }
-          }
-        };
-        var chartcanvas = document.getElementById('rspamd_donut');
-        Chart.register('ChartDataLabels');
-        if(typeof chart == 'undefined') {
-          chart = new Chart(chartcanvas.getContext("2d"), {
-            plugins: [ChartDataLabels],
-            type: 'doughnut',
-            data: graphdata,
-            options: options
-          });
-        }
-        else {
-          chart.destroy();
-          chart = new Chart(chartcanvas.getContext("2d"), {
-            plugins: [ChartDataLabels],
-            type: 'doughnut',
-            data: graphdata,
-            options: options
-          });
-        }
-      }
-    });
-  }
-  function draw_rspamd_history() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#rspamd_history') ) {
-      $('#rspamd_history').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#rspamd_history').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/rspamd-history",
-        dataSrc: function(data){
-          return process_table_data(data, 'rspamd_history');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: 'IP address',
-          data: 'ip',
-          defaultContent: ''
-        },
-        {
-          title: 'From',
-          data: 'sender_mime',
-          defaultContent: ''
-        },
-        {
-          title: 'To',
-          data: 'rcpt',
-          defaultContent: ''
-        },
-        {
-          title: 'Subject',
-          data: 'subject',
-          defaultContent: ''
-        },
-        {
-          title: 'Action',
-          data: 'action',
-          defaultContent: ''
-        },
-        {
-          title: 'Score',
-          data: 'score',
-          defaultContent: ''
-        },
-        {
-          title: 'Subject',
-          data: 'header_subject',
-          defaultContent: ''
-        },
-        {
-          title: 'Symbols',
-          data: 'symbols',
-          defaultContent: '',
-          className: 'none dtr-col-md'
-        },
-        {
-          title: 'Msg size',
-          data: 'size',
-          defaultContent: ''
-        },
-        {
-          title: 'Scan Time',
-          data: 'scan_time',
-          defaultContent: ''
-        },
-        {
-          title: 'ID',
-          data: 'message-id',
-          defaultContent: ''
-        },
-        {
-          title: 'Authenticated user',
-          data: 'user',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-  function process_table_data(data, table) {
-    if (table == 'rspamd_history') {
-    $.each(data, function (i, item) {
-      if (item.rcpt_mime != "") {
-        item.rcpt = escapeHtml(item.rcpt_mime.join(", "));
-      }
-      else {
-        item.rcpt = escapeHtml(item.rcpt_smtp.join(", "));
-      }
-      item.symbols = Object.keys(item.symbols).sort(function (a, b) {
-        if (item.symbols[a].score === 0) return 1
-        if (item.symbols[b].score === 0) return -1
-        if (item.symbols[b].score < 0 && item.symbols[a].score < 0) {
-          return item.symbols[a].score - item.symbols[b].score
-        }
-        if (item.symbols[b].score > 0 && item.symbols[a].score > 0) {
-          return item.symbols[b].score - item.symbols[a].score
-        }
-        return item.symbols[b].score - item.symbols[a].score
-      }).map(function(key) {
-        var sym = item.symbols[key];
-        if (sym.score < 0) {
-          sym.score_formatted = '(<span class="text-success"><b>' + sym.score + '</b></span>)'
-        }
-        else if (sym.score === 0) {
-          sym.score_formatted = '(<span><b>' + sym.score + '</b></span>)'
-        }
-        else {
-          sym.score_formatted = '(<span class="text-danger"><b>' + sym.score + '</b></span>)'
-        }
-        var str = '<strong>' + key + '</strong> ' + sym.score_formatted;
-        if (sym.options) {
-          str += ' [' + escapeHtml(sym.options.join(", ")) + "]";
-        }
-        return str
-      }).join('<br>\n');
-      item.subject = escapeHtml(item.subject);
-      var scan_time = item.time_real.toFixed(3);
-      if (item.time_virtual) {
-        scan_time += ' / ' + item.time_virtual.toFixed(3);
-      }
-      item.scan_time = {
-        "options": {
-          "sortValue": item.time_real
-        },
-        "value": scan_time
-      };
-      if (item.action === 'clean' || item.action === 'no action') {
-        item.action = "<div class='badge fs-6 bg-success'>" + item.action + "</div>";
-      } else if (item.action === 'rewrite subject' || item.action === 'add header' || item.action === 'probable spam') {
-        item.action = "<div class='badge fs-6 bg-warning'>" + item.action + "</div>";
-      } else if (item.action === 'spam' || item.action === 'reject') {
-        item.action = "<div class='badge fs-6 bg-danger'>" + item.action + "</div>";
-      } else {
-        item.action = "<div class='badge fs-6 bg-info'>" + item.action + "</div>";
-      }
-      var score_content;
-      if (item.score < item.required_score) {
-        score_content = "[ <span class='text-success'>" + item.score.toFixed(2) + " / " + item.required_score + "</span> ]";
-      } else {
-        score_content = "[ <span class='text-danger'>" + item.score.toFixed(2) + " / " + item.required_score + "</span> ]";
-      }
-      item.score = {
-        "options": {
-          "sortValue": item.score
-        },
-        "value": score_content
-      };
-      if (item.user == null) {
-        item.user = "none";
-      }
-    });
-    } else if (table == 'autodiscover_log') {
-      $.each(data, function (i, item) {
-        if (item.ua == null) {
-          item.ua = 'unknown';
-        } else {
-          item.ua = escapeHtml(item.ua);
-        }
-        item.ua = '<span style="font-size:small">' + item.ua + '</span>';
-        if (item.service == "activesync") {
-          item.service = '<span class="badge fs-6 bg-info">ActiveSync</span>';
-        }
-        else if (item.service == "imap") {
-          item.service = '<span class="badge fs-6 bg-success">IMAP, SMTP, Cal-/CardDAV</span>';
-        }
-        else {
-          item.service = '<span class="badge fs-6 bg-danger">' + escapeHtml(item.service) + '</span>';
-        }
-      });
-    } else if (table == 'watchdog') {
-      $.each(data, function (i, item) {
-        if (item.message == null) {
-          item.message = 'Health level: ' + item.lvl + '% (' + item.hpnow + '/' + item.hptotal + ')';
-          if (item.hpdiff < 0) {
-            item.trend = '<span class="badge fs-6 bg-danger"><i class="bi bi-caret-down-fill"></i> ' + item.hpdiff + '</span>';
-          }
-          else if (item.hpdiff == 0) {
-            item.trend = '<span class="badge fs-6 bg-info"><i class="bi bi-caret-right-fill"></i> ' + item.hpdiff + '</span>';
-          }
-          else {
-            item.trend = '<span class="badge fs-6 bg-success"><i class="bi bi-caret-up-fill"></i> ' + item.hpdiff + '</span>';
-          }
-        }
-        else {
-          item.trend = '';
-          item.service = '';
-        }
-      });
-    } else if (table == 'mailcow_ui') {
-      $.each(data, function (i, item) {
-        if (item === null) { return true; }
-        item.user = escapeHtml(item.user);
-        item.call = escapeHtml(item.call);
-        item.task = '<code>' + item.task + '</code>';
-        item.type = '<span class="badge fs-6 bg-' + item.type + '">' + item.type + '</span>';
-      });
-    } else if (table == 'sasl_log_table') {
-      $.each(data, function (i, item) {
-        if (item === null) { return true; }
-        item.username = escapeHtml(item.username);
-        item.service = '<div class="badge fs-6 bg-secondary">' + item.service.toUpperCase() + '</div>';
-      });
-    } else if (table == 'general_syslog') {
-      $.each(data, function (i, item) {
-        if (item === null) { return true; }
-        if (item.message.match("^base64,")) {
-          try {
-            item.message = atob(item.message.slice(7)).replace(/\\n/g, "<br />");
-          } catch(e) {
-            item.message = item.message.slice(7);
-          }
-        } else {
-          item.message = escapeHtml(item.message);
-        }
-        item.call = escapeHtml(item.call);
-        var danger_class = ["emerg", "alert", "crit", "err"];
-        var warning_class = ["warning", "warn"];
-        var info_class = ["notice", "info", "debug"];
-        if (jQuery.inArray(item.priority, danger_class) !== -1) {
-          item.priority = '<span class="badge fs-6 bg-danger">' + item.priority + '</span>';
-        } else if (jQuery.inArray(item.priority, warning_class) !== -1) {
-          item.priority = '<span class="badge fs-6 bg-warning">' + item.priority + '</span>';
-        } else if (jQuery.inArray(item.priority, info_class) !== -1) {
-          item.priority = '<span class="badge fs-6 bg-info">' + item.priority + '</span>';
-        }
-      });
-    } else if (table == 'apilog') {
-      $.each(data, function (i, item) {
-        if (item === null) { return true; }
-        if (item.method == 'GET') {
-          item.method = '<span class="badge fs-6 bg-success">' + item.method + '</span>';
-        } else if (item.method == 'POST') {
-          item.method = '<span class="badge fs-6 bg-warning">' + item.method + '</span>';
-        }
-        item.data = escapeHtml(item.data);
-      });
-    } else if (table == 'rllog') {
-      $.each(data, function (i, item) {
-        if (item.user == null) {
-          item.user = "none";
-        }
-        if (item.rl_hash == null) {
-          item.rl_hash = "err";
-        }
-        item.indicator = '<span style="border-right:6px solid #' + intToRGB(hashCode(item.rl_hash)) + ';padding-left:5px;">&nbsp;</span>';
-        if (item.rl_hash != 'err') {
-          item.action = '<a href="#" data-action="delete_selected" data-id="single-hash" data-api-url="delete/rlhash" data-item="' + encodeURI(item.rl_hash) + '" class="btn btn-xs btn-danger"><i class="bi bi-trash"></i> ' + lang.reset_limit + '</a>';
-        }
-      });
-    }
-    return data
-  };
-  $('.add_log_lines').on('click', function (e) {
-    e.preventDefault();
-    var log_table= $(this).data("table")
-    var new_nrows = $(this).data("nrows")
-    var post_process = $(this).data("post-process")
-    var log_url = $(this).data("log-url")
-    if (log_table === undefined || new_nrows === undefined || post_process === undefined || log_url === undefined) {
-      console.log("no data-table or data-nrows or log_url or data-post-process attr found");
-      return;
-    }
-
-    if (table = $('#' + log_table).DataTable()) {
-      var heading = $('#' + log_table).closest('.card').find('.card-header');
-      var load_rows = (table.page.len() + 1) + '-' + (table.page.len() + new_nrows)
-
-      $.get('/api/v1/get/logs/' + log_url + '/' + load_rows).then(function(data){
-        if (data.length === undefined) { mailcow_alert_box(lang.no_new_rows, "info"); return; }
-        var rows = process_table_data(data, post_process);
-        var rows_now = (table.page.len() + data.length);
-        $(heading).children('.table-lines').text(rows_now)
-        mailcow_alert_box(data.length + lang.additional_rows, "success");
-        table.rows.add(rows).draw();
-      });
-    }
-  })
-
-  // detect element visibility changes
-  function onVisible(element, callback) {
-    $(document).ready(function() {
-      element_object = document.querySelector(element);
-      if (element_object === null) return;
-
-      new IntersectionObserver((entries, observer) => {
-        entries.forEach(entry => {
-          if(entry.intersectionRatio > 0) {
-            callback(element_object);
-          }
-        });
-      }).observe(element_object);
-    });
-  }
-  // Draw Table if tab is active
-  onVisible("[id^=postfix_log]", () => draw_postfix_logs());
-  onVisible("[id^=dovecot_log]", () => draw_dovecot_logs());
-  onVisible("[id^=sogo_log]", () => draw_sogo_logs());
-  onVisible("[id^=watchdog_log]", () => draw_watchdog_logs());
-  onVisible("[id^=autodiscover_log]", () => draw_autodiscover_logs());
-  onVisible("[id^=acme_log]", () => draw_acme_logs());
-  onVisible("[id^=api_log]", () => draw_api_logs());
-  onVisible("[id^=rl_log]", () => draw_rl_logs());
-  onVisible("[id^=ui_logs]", () => draw_ui_logs());
-  onVisible("[id^=sasl_logs]", () => draw_sasl_logs());
-  onVisible("[id^=netfilter_log]", () => draw_netfilter_logs());
-  onVisible("[id^=rspamd_history]", () => draw_rspamd_history());
-  onVisible("[id^=rspamd_donut]", () => rspamd_pie_graph());
-
-
-
-  // start polling host stats if tab is active
-  onVisible("[id^=tab-containers]", () => update_stats());
-  // start polling container stats if collapse is active
-  var containerElements = document.querySelectorAll(".container-details-collapse");
-  for (let i = 0; i < containerElements.length; i++){
-    new IntersectionObserver((entries, observer) => {
-      entries.forEach(entry => {
-        if(entry.intersectionRatio > 0) {
-
-          if (!containerElements[i].classList.contains("show")){
-            var container = containerElements[i].id.replace("Collapse", "");
-            var container_id = containerElements[i].getAttribute("data-id");
-
-            // check if chart exists or needs to be created
-            if (!Chart.getChart(container + "_DiskIOChart"))
-              createReadWriteChart(container + "_DiskIOChart", "Read", "Write");
-            if (!Chart.getChart(container + "_NetIOChart"))
-              createReadWriteChart(container + "_NetIOChart", "Recv", "Sent");
-
-            // add container to polling list
-            containersToUpdate[container] = {
-              id: container_id,
-              state: "idle"
-            }
-
-            // stop polling if collapse is closed
-            containerElements[i].addEventListener('hidden.bs.collapse', function () {
-              var diskIOCtx = Chart.getChart(container + "_DiskIOChart");
-              var netIOCtx = Chart.getChart(container + "_NetIOChart");
-
-              diskIOCtx.data.datasets[0].data = [];
-              diskIOCtx.data.datasets[1].data = [];
-              diskIOCtx.data.labels = [];
-              netIOCtx.data.datasets[0].data = [];
-              netIOCtx.data.datasets[1].data = [];
-              netIOCtx.data.labels = [];
-            
-              diskIOCtx.update();
-              netIOCtx.update();
-              
-              delete containersToUpdate[container];
-            });
-          }
-
-        }
-      });
-    }).observe(containerElements[i]);
-  }
-});
-
-
-// update system stats - every 5 seconds if system & container tab is active
-function update_stats(timeout=5){
-  if (!$('#tab-containers').hasClass('active')) {
-    // tab not active - dont fetch stats - run again in n seconds
-    return;
-  }
-
-  window.fetch("/api/v1/get/status/host", {method:'GET',cache:'no-cache'}).then(function(response) {
-    return response.json();
-  }).then(function(data) {
-    console.log(data);
-
-    if (data){
-      // display table data
-      $("#host_date").text(data.system_time);
-      $("#host_uptime").text(formatUptime(data.uptime));
-      $("#host_cpu_cores").text(data.cpu.cores);
-      $("#host_cpu_usage").text(parseInt(data.cpu.usage).toString() + "%");
-      $("#host_memory_total").text((data.memory.total / (1024 ** 3)).toFixed(2).toString() + "GB");
-      $("#host_memory_usage").text(parseInt(data.memory.usage).toString() + "%");
-
-      // update cpu and mem chart
-      var cpu_chart = Chart.getChart("host_cpu_chart");
-      var mem_chart = Chart.getChart("host_mem_chart");
-
-      cpu_chart.data.labels.push(data.system_time.split(" ")[1]);
-      if (cpu_chart.data.labels.length > 30) cpu_chart.data.labels.shift();
-      mem_chart.data.labels.push(data.system_time.split(" ")[1]);
-      if (mem_chart.data.labels.length > 30) mem_chart.data.labels.shift();
-
-      cpu_chart.data.datasets[0].data.push(data.cpu.usage);
-      if (cpu_chart.data.datasets[0].data.length > 30)  cpu_chart.data.datasets[0].data.shift();
-      mem_chart.data.datasets[0].data.push(data.memory.usage);
-      if (mem_chart.data.datasets[0].data.length > 30)  mem_chart.data.datasets[0].data.shift();
-
-      cpu_chart.update();
-      mem_chart.update();
-    }
-
-    // run again in n seconds
-    setTimeout(update_stats, timeout * 1000);
-  });
-}
-// update specific container stats - every n (default 5s) seconds
-function update_container_stats(timeout=5){
-  
-  if ($('#tab-containers').hasClass('active')) {
-    for (let container in containersToUpdate){
-      container_id = containersToUpdate[container].id;
-      // check if container update stats is already running
-      if (containersToUpdate[container].state == "running")
-        continue;
-      containersToUpdate[container].state = "running";
-
-
-      window.fetch("/api/v1/get/status/container/" + container_id, {method:'GET',cache:'no-cache'}).then(function(response) {
-        return response.json();
-      }).then(function(data) {
-        var diskIOCtx = Chart.getChart(container + "_DiskIOChart");
-        var netIOCtx = Chart.getChart(container + "_NetIOChart");
-
-        console.log(container);
-        console.log(data);
-        prev_stats = null;
-        if (data.length >= 2){
-          prev_stats = data[data.length -2];
-
-          // hide spinners if we collected enough data
-          $('#' + container + "_DiskIOChart").removeClass('d-none');
-          $('#' + container + "_DiskIOChart").prev().addClass('d-none');
-          $('#' + container + "_NetIOChart").removeClass('d-none');
-          $('#' + container + "_NetIOChart").prev().addClass('d-none');
-        }
-          
-        data = data[data.length -1];
-
-        if (prev_stats != null){
-          // calc time diff
-          var time_diff = (new Date(data.read) - new Date(prev_stats.read)) / 1000;
-    
-          // calc disk io b/s
-          if ('io_service_bytes_recursive' in prev_stats.blkio_stats && prev_stats.blkio_stats.io_service_bytes_recursive !== null){
-            var prev_read_bytes = 0;
-            var prev_write_bytes = 0;
-            for (var i = 0; i < prev_stats.blkio_stats.io_service_bytes_recursive.length; i++){
-              if (prev_stats.blkio_stats.io_service_bytes_recursive[i].op == "read")
-                prev_read_bytes = prev_stats.blkio_stats.io_service_bytes_recursive[i].value;
-              else if (prev_stats.blkio_stats.io_service_bytes_recursive[i].op == "write")
-                prev_write_bytes = prev_stats.blkio_stats.io_service_bytes_recursive[i].value;
-            }
-            var read_bytes = 0;
-            var write_bytes = 0;
-            for (var i = 0; i < data.blkio_stats.io_service_bytes_recursive.length; i++){
-              if (data.blkio_stats.io_service_bytes_recursive[i].op == "read")
-                read_bytes = data.blkio_stats.io_service_bytes_recursive[i].value;
-              else if (data.blkio_stats.io_service_bytes_recursive[i].op == "write")
-                write_bytes = data.blkio_stats.io_service_bytes_recursive[i].value;
-            }
-            var diff_bytes_read = (read_bytes - prev_read_bytes) / time_diff;
-            var diff_bytes_write = (write_bytes - prev_write_bytes) / time_diff;
-          }
-    
-          // calc net io b/s
-          if ('networks' in prev_stats){
-            var prev_recv_bytes = 0;
-            var prev_sent_bytes = 0;
-            for (var key in prev_stats.networks){
-              prev_recv_bytes += prev_stats.networks[key].rx_bytes;
-              prev_sent_bytes += prev_stats.networks[key].tx_bytes;
-            }
-            var recv_bytes = 0;
-            var sent_bytes = 0;
-            for (var key in data.networks){
-              recv_bytes += data.networks[key].rx_bytes;
-              sent_bytes += data.networks[key].tx_bytes;
-            }
-            var diff_bytes_recv = (recv_bytes - prev_recv_bytes) / time_diff;
-            var diff_bytes_sent = (sent_bytes - prev_sent_bytes) / time_diff;
-          }
-    
-          addReadWriteChart(diskIOCtx, diff_bytes_read, diff_bytes_write, "");
-          addReadWriteChart(netIOCtx, diff_bytes_recv, diff_bytes_sent, "");
-        }
-    
-        // run again in n seconds
-        containersToUpdate[container].state = "idle";
-      }).catch(err => {
-        console.log(err);
-      });
-    }
-  }
-
-  // run again in n seconds
-  setTimeout(update_container_stats, timeout * 1000);
-}
-// get public ips
-function get_public_ips(){
-  window.fetch("/api/v1/get/status/host/ip", {method:'GET',cache:'no-cache'}).then(function(response) {
-    return response.json();
-  }).then(function(data) {
-    console.log(data);
-
-    // display host ips
-    if (data.ipv4)
-      $("#host_ipv4").text(data.ipv4);
-    if (data.ipv6)
-      $("#host_ipv6").text(data.ipv6);
-  });
-}
-// format hosts uptime seconds to readable string
-function formatUptime(seconds){
-  seconds = Number(seconds);
-  var d = Math.floor(seconds / (3600*24));
-  var h = Math.floor(seconds % (3600*24) / 3600);
-  var m = Math.floor(seconds % 3600 / 60);
-  var s = Math.floor(seconds % 60);
-
-  var dFormat = d > 0 ? d + "D " : "";
-  var hFormat = h > 0 ? h + "H " : "";
-  var mFormat = m > 0 ? m + "M " : "";
-  var sFormat = s > 0 ? s + "S" : "";
-  return dFormat + hFormat + mFormat + sFormat;
-} 
-// format bytes to readable string
-function formatBytes(bytes){
-  // b
-  if (bytes < 1000) return bytes.toFixed(2).toString()+' B/s';
-  // b to kb
-  bytes = bytes / 1024;
-  if (bytes < 1000) return bytes.toFixed(2).toString()+' KB/s';
-  // kb to mb
-  bytes = bytes / 1024;
-  if (bytes < 1000) return bytes.toFixed(2).toString()+' MB/s';
-  // final mb to gb
-  return (bytes / 1024).toFixed(2).toString()+' GB/s';
-}
-// create read write line chart
-function createReadWriteChart(chart_id, read_lable, write_lable){
-  var ctx = document.getElementById(chart_id);
-
-  var dataNet = {
-    labels: [],
-    datasets: [{
-      label: read_lable,
-      backgroundColor: "rgba(41, 187, 239, 0.3)",
-      borderColor: "rgba(41, 187, 239, 0.6)",
-      pointRadius: 1,
-      pointHitRadius: 6,
-      borderWidth: 2,
-      fill: true,
-      tension: 0.2,
-      data: []
-    }, {
-      label: write_lable,
-      backgroundColor: "rgba(239, 60, 41, 0.3)",
-      borderColor: "rgba(239, 60, 41, 0.6)",
-      pointRadius: 1,
-      pointHitRadius: 6,
-      borderWidth: 2,
-      fill: true,
-      tension: 0.2,
-      data: []
-    }]
-  };
-  var optionsNet = {
-    interaction: {
-        mode: 'index'
-    },
-    scales: {
-      yAxis: {
-        min: 0,
-        grid: {
-            display: false
-        },
-        ticks: {
-          callback: function(i, index, ticks) {
-             return formatBytes(i);
-          }
-        }  
-      },
-      xAxis: {
-        grid: {
-            display: false
-        }  
-      }
-    }
-  };
-  
-  return new Chart(ctx, {
-    type: 'line',
-    data: dataNet,
-    options: optionsNet
-  });
-}
-// add to read write line chart
-function addReadWriteChart(chart_context, read_point, write_point, time, limit = 30){
-  // push time label for x-axis
-  chart_context.data.labels.push(time);
-  if (chart_context.data.labels.length > limit) chart_context.data.labels.shift();
-
-  // push datapoints
-  chart_context.data.datasets[0].data.push(read_point);
-  chart_context.data.datasets[1].data.push(write_point);
-  // shift data if more than 20 entires exists
-  if (chart_context.data.datasets[0].data.length > limit)  chart_context.data.datasets[0].data.shift();
-  if (chart_context.data.datasets[1].data.length > limit) chart_context.data.datasets[1].data.shift();
-
-  chart_context.update();
-}
-// create host cpu and mem chart
-function createHostCpuAndMemChart(){
-  var cpu_ctx = document.getElementById("host_cpu_chart");
-  var mem_ctx = document.getElementById("host_mem_chart");
-
-  var dataCpu = {
-    labels: [],
-    datasets: [{
-      label: "CPU %",
-      backgroundColor: "rgba(41, 187, 239, 0.3)",
-      borderColor: "rgba(41, 187, 239, 0.6)",
-      pointRadius: 1,
-      pointHitRadius: 6,
-      borderWidth: 2,
-      fill: true,
-      tension: 0.2,
-      data: []
-    }]
-  };
-  var optionsCpu = {
-    interaction: {
-        mode: 'index'
-    },
-    scales: {
-      yAxis: {
-        min: 0,
-        grid: {
-            display: false
-        },
-        ticks: {
-          callback: function(i, index, ticks) {
-             return i.toFixed(0).toString() + "%";
-          }
-        }  
-      },
-      xAxis: {
-        grid: {
-            display: false
-        }  
-      }
-    }
-  };
-
-  var dataMem = {
-    labels: [],
-    datasets: [{
-      label: "MEM %",
-      backgroundColor: "rgba(41, 187, 239, 0.3)",
-      borderColor: "rgba(41, 187, 239, 0.6)",
-      pointRadius: 1,
-      pointHitRadius: 6,
-      borderWidth: 2,
-      fill: true,
-      tension: 0.2,
-      data: []
-    }]
-  };
-  var optionsMem = {
-    interaction: {
-        mode: 'index'
-    },
-    scales: {
-      yAxis: {
-        min: 0,
-        grid: {
-            display: false
-        },
-        ticks: {
-          callback: function(i, index, ticks) {
-            return i.toFixed(0).toString() + "%";
-          }
-        }  
-      },
-      xAxis: {
-        grid: {
-            display: false
-        }  
-      }
-    }
-  };
-
-  
-  var net_io_chart = new Chart(cpu_ctx, {
-    type: 'line',
-    data: dataCpu,
-    options: optionsCpu
-  });
-  var disk_io_chart = new Chart(mem_ctx, {
-    type: 'line',
-    data: dataMem,
-    options: optionsMem
-  });
-}
-// check for mailcow updates
-function check_update(current_version, github_repo_url){
-  if (!current_version || !github_repo_url) return false; 
-
-  var github_account = github_repo_url.split("/")[3];
-  var github_repo_name = github_repo_url.split("/")[4];
-
-  // get details about latest release
-  window.fetch("https://api.github.com/repos/"+github_account+"/"+github_repo_name+"/releases/latest", {method:'GET',cache:'no-cache'}).then(function(response) {
-    return response.json();
-  }).then(function(latest_data) {
-    // get details about current release
-    window.fetch("https://api.github.com/repos/"+github_account+"/"+github_repo_name+"/releases/tags/"+current_version, {method:'GET',cache:'no-cache'}).then(function(response) {
-      return response.json();
-    }).then(function(current_data) {
-      // compare releases
-      var date_current = new Date(current_data.created_at);
-      var date_latest = new Date(latest_data.created_at);
-      if (date_latest.getTime() <= date_current.getTime()){
-        // no update available
-        $("#mailcow_update").removeClass("text-warning text-danger").addClass("text-success");
-        $("#mailcow_update").html("<b>" + lang_debug.no_update_available + "</b>");
-      } else {
-        // update available
-        $("#mailcow_update").removeClass("text-danger text-success").addClass("text-warning");
-        $("#mailcow_update").html(lang_debug.update_available + ` <a href="#" id="mailcow_update_changelog">`+latest_data.tag_name+`</a>`);
-        $("#mailcow_update_changelog").click(function(){
-          if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin")
-            return;
-      
-          showVersionModal("New Release " + latest_data.tag_name, latest_data.tag_name);
-        })
-      }
-    }).catch(err => {
-      // err
-      console.log(err);
-      $("#mailcow_update").removeClass("text-success text-warning").addClass("text-danger");
-      $("#mailcow_update").html("<b>"+ lang_debug.update_failed +"</b>");
-    });
-  }).catch(err => {
-    // err
-    console.log(err);
-    $("#mailcow_update").removeClass("text-success text-warning").addClass("text-danger");
-    $("#mailcow_update").html("<b>"+ lang_debug.update_failed +"</b>");
-  });
-}
-// show version changelog modal
-function showVersionModal(title, version){
-  $.ajax({
-    type: 'GET',
-    url: 'https://api.github.com/repos/' + mailcow_info.project_owner + '/' + mailcow_info.project_repo + '/releases/tags/' + version,
-    dataType: 'json',
-    success: function (data) { 
-      var md = window.markdownit();
-      var result = md.render(data.body);
-      result = parseGithubMarkdownLinks(result);
-
-      $('#showVersionModal').find(".modal-title").html(title);
-      $('#showVersionModal').find(".modal-body").html(`
-        <h3>` + data.name + `</h3>
-        <span class="mt-4">` + result + `</span>
-        <span><b>Github Link:</b> 
-          <a target="_blank" href="https://github.com/` + mailcow_info.project_owner + `/` + mailcow_info.project_repo + `/releases/tag/` + version + `">` + version + `</a>
-        </span>
-      `);
-
-      new bootstrap.Modal(document.getElementById("showVersionModal"), {
-        backdrop: 'static',
-        keyboard: false
-      }).show();
-    }
-  });
-}
-function parseGithubMarkdownLinks(inputText) {
-  var replacedText, replacePattern1;
-
-  replacePattern1 = /(\b(https?):\/\/[-A-Z0-9+&@#\/%?=~_|!:,.;]*[-A-Z0-9+&@#\/%=~_|])/gim;
-  replacedText = inputText.replace(replacePattern1, (matched, index, original, input_string) => {
-      if (matched.includes('github.com')){
-        // return short link if it's github link
-        last_uri_path = matched.split('/');
-        last_uri_path = last_uri_path[last_uri_path.length - 1];
-
-        // adjust Full Changelog link to match last git version and new git version, if link is a compare link
-        if (matched.includes('/compare/') && mailcow_info.last_version_tag !== ''){
-          matched = matched.replace(last_uri_path,  mailcow_info.last_version_tag + '...' + mailcow_info.version_tag);
-          last_uri_path = mailcow_info.last_version_tag + '...' + mailcow_info.version_tag;
-        }
-        
-        return '<a href="' + matched + '" target="_blank">' + last_uri_path + '</a><br>';
-      };
-
-      // if it's not a github link, return complete link
-      return '<a href="' + matched + '" target="_blank">' + matched + '</a>'; 
-  });
-
-  return replacedText;
-}
\ No newline at end of file
+const LOCALE = undefined;
+const DATETIME_FORMAT = {
+  year: "numeric",
+  month: "2-digit",
+  day: "2-digit",
+  hour: "2-digit",
+  minute: "2-digit",
+  second: "2-digit"
+};
+
+$(document).ready(function() {
+  // Parse seconds ago to date
+  // Get "now" timestamp
+  var ts_now = Math.round((new Date()).getTime() / 1000);
+  $('.parse_s_ago').each(function(i, parse_s_ago) {
+    var started_s_ago = parseInt($(this).text(), 10);
+    if (typeof started_s_ago != 'NaN') {
+      var started_date = new Date((ts_now - started_s_ago) * 1000);
+      if (started_date instanceof Date && !isNaN(started_date)) {
+        var started_local_date = started_date.toLocaleDateString(LOCALE, DATETIME_FORMAT);
+        $(this).text(started_local_date);
+      } else {
+        $(this).text('-');
+      }
+    }
+  });
+  // Parse general dates
+  $('.parse_date').each(function(i, parse_date) {
+    var started_date = new Date(Date.parse($(this).text()));
+    if (typeof started_date != 'NaN') {
+      var started_local_date = started_date.toLocaleDateString(LOCALE, DATETIME_FORMAT);
+      $(this).text(started_local_date);
+    }
+  });
+
+  // set update loop container list
+  containersToUpdate = {}
+  // set default ChartJs Font Color
+  Chart.defaults.color = '#999';
+  // create host cpu and mem charts
+  createHostCpuAndMemChart();
+  // check for new version
+  if (mailcow_info.branch === "master"){
+    check_update(mailcow_info.version_tag, mailcow_info.project_url);
+  }
+  $("#maiclow_version").click(function(){
+    if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin" ||
+       mailcow_info.branch !== "master")
+      return;
+
+    showVersionModal("Version " + mailcow_info.version_tag, mailcow_info.version_tag);
+  })
+  // get public ips
+  get_public_ips();
+  update_container_stats();
+});
+jQuery(function($){
+  if (localStorage.getItem("current_page") === null) {
+    var current_page = {};
+  } else {
+    var current_page = JSON.parse(localStorage.getItem('current_page'));
+  }
+  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
+  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
+  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
+  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
+  function hashCode(t){for(var n=0,r=0;r<t.length;r++)n=t.charCodeAt(r)+((n<<5)-n);return n}
+  function intToRGB(t){var n=(16777215&t).toString(16).toUpperCase();return"00000".substring(0,6-n.length)+n}
+  $(".refresh_table").on('click', function(e) {
+    e.preventDefault();
+    var table_name = $(this).data('table');
+    $('#' + table_name).DataTable().ajax.reload();
+  });
+  function createSortableDate(td, cellData) {
+    $(td).attr({
+      "data-order": cellData,
+      "data-sort": cellData
+    });
+    $(td).html(convertTimestampToLocalFormat(cellData));
+  }
+  function draw_autodiscover_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#autodiscover_log') ) {
+      $('#autodiscover_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#autodiscover_log').DataTable({
+      processing: true,
+      serverSide: false,
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/autodiscover/100",
+        dataSrc: function(data){
+          return process_table_data(data, 'autodiscover_log');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          responsivePriority: 1,
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: 'User-Agent',
+          data: 'ua',
+          defaultContent: '',
+          className: 'dtr-col-md',
+          responsivePriority: 5
+        },
+        {
+          title: 'Username',
+          data: 'user',
+          defaultContent: '',
+          responsivePriority: 4
+        },
+        {
+          title: 'IP',
+          data: 'ip',
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'Service',
+          data: 'service',
+          defaultContent: '',
+          responsivePriority: 3
+        }
+      ]
+    });
+  }
+  function draw_postfix_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#postfix_log') ) {
+      $('#postfix_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#postfix_log').DataTable({
+      processing: true,
+      serverSide: false,
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/postfix",
+        dataSrc: function(data){
+          return process_table_data(data, 'general_syslog');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: lang.priority,
+          data: 'priority',
+          defaultContent: ''
+        },
+        {
+          title: lang.message,
+          data: 'message',
+          defaultContent: '',
+          className: 'dtr-col-md text-break'
+        }
+      ]
+    });
+  }
+  function draw_watchdog_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#watchdog_log') ) {
+      $('#watchdog_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#watchdog_log').DataTable({
+      processing: true,
+      serverSide: false,
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/watchdog",
+        dataSrc: function(data){
+          return process_table_data(data, 'watchdog');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: 'Service',
+          data: 'service',
+          defaultContent: ''
+        },
+        {
+          title: 'Trend',
+          data: 'trend',
+          defaultContent: ''
+        },
+        {
+          title: lang.message,
+          data: 'message',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+  function draw_api_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#api_log') ) {
+      $('#api_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#api_log').DataTable({
+      processing: true,
+      serverSide: false,
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/api",
+        dataSrc: function(data){
+          return process_table_data(data, 'apilog');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: 'URI',
+          data: 'uri',
+          defaultContent: '',
+          className: 'dtr-col-md dtr-break-all'
+        },
+        {
+          title: 'Method',
+          data: 'method',
+          defaultContent: ''
+        },
+        {
+          title: 'IP',
+          data: 'remote',
+          defaultContent: ''
+        },
+        {
+          title: 'Data',
+          data: 'data',
+          defaultContent: '',
+          className: 'dtr-col-md dtr-break-all'
+        }
+      ]
+    });
+  }
+  function draw_rl_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#rl_log') ) {
+      $('#rl_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#rl_log').DataTable({
+      processing: true,
+      serverSide: false,
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/ratelimited",
+        dataSrc: function(data){
+          return process_table_data(data, 'rllog');
+        }
+      },
+      columns: [
+        {
+          title: ' ',
+          data: 'indicator',
+          defaultContent: ''
+        },
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: lang.rate_name,
+          data: 'rl_name',
+          defaultContent: ''
+        },
+        {
+          title: lang.sender,
+          data: 'from',
+          defaultContent: ''
+        },
+        {
+          title: lang.recipients,
+          data: 'rcpt',
+          defaultContent: ''
+        },
+        {
+          title: lang.authed_user,
+          data: 'user',
+          defaultContent: ''
+        },
+        {
+          title: 'Msg ID',
+          data: 'message_id',
+          defaultContent: ''
+        },
+        {
+          title: 'Header From',
+          data: 'header_from',
+          defaultContent: ''
+        },
+        {
+          title: 'Subject',
+          data: 'header_subject',
+          defaultContent: ''
+        },
+        {
+          title: 'Hash',
+          data: 'rl_hash',
+          defaultContent: ''
+        },
+        {
+          title: 'Rspamd QID',
+          data: 'qid',
+          defaultContent: ''
+        },
+        {
+          title: 'IP',
+          data: 'ip',
+          defaultContent: ''
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+  function draw_ui_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#ui_logs') ) {
+      $('#ui_logs').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#ui_logs').DataTable({
+      processing: true,
+      serverSide: false,
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/ui",
+        dataSrc: function(data){
+          return process_table_data(data, 'mailcow_ui');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: 'Type',
+          data: 'type',
+          defaultContent: ''
+        },
+        {
+          title: 'Task',
+          data: 'task',
+          defaultContent: ''
+        },
+        {
+          title: 'User',
+          data: 'user',
+          defaultContent: '',
+          className: 'dtr-col-sm'
+        },
+        {
+          title: 'Role',
+          data: 'role',
+          defaultContent: '',
+          className: 'dtr-col-sm'
+        },
+        {
+          title: 'IP',
+          data: 'remote',
+          defaultContent: '',
+          className: 'dtr-col-md dtr-break-all'
+        },
+        {
+          title: lang.message,
+          data: 'msg',
+          defaultContent: '',
+          className: 'dtr-col-md dtr-break-all'
+        },
+        {
+          title: 'Call',
+          data: 'call',
+          defaultContent: '',
+          className: 'none dtr-col-md dtr-break-all'
+        }
+      ]
+    });
+  }
+  function draw_sasl_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#sasl_logs') ) {
+      $('#sasl_logs').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#sasl_logs').DataTable({
+      processing: true,
+      serverSide: false,
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/sasl",
+        dataSrc: function(data){
+          return process_table_data(data, 'sasl_log_table');
+        }
+      },
+      columns: [
+        {
+          title: lang.username,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: lang.service,
+          data: 'service',
+          defaultContent: ''
+        },
+        {
+          title: 'IP',
+          data: 'real_rip',
+          defaultContent: '',
+          className: 'dtr-col-md text-break'
+        },
+        {
+          title: lang.login_time,
+          data: 'datetime',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            cellData = Math.floor((new Date(data.replace(/-/g, "/"))).getTime() / 1000);
+            createSortableDate(td, cellData)
+          }
+        }
+      ]
+    });
+  }
+  function draw_acme_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#acme_log') ) {
+      $('#acme_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#acme_log').DataTable({
+      processing: true,
+      serverSide: false,
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/acme",
+        dataSrc: function(data){
+          return process_table_data(data, 'general_syslog');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: lang.message,
+          data: 'message',
+          defaultContent: '',
+          className: 'dtr-col-md dtr-break-all'
+        }
+      ]
+    });
+  }
+  function draw_netfilter_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#netfilter_log') ) {
+      $('#netfilter_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#netfilter_log').DataTable({
+      processing: true,
+      serverSide: false,
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/netfilter",
+        dataSrc: function(data){
+          return process_table_data(data, 'general_syslog');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: lang.priority,
+          data: 'priority',
+          defaultContent: ''
+        },
+        {
+          title: lang.message,
+          data: 'message',
+          defaultContent: '',
+          className: 'dtr-col-md text-break'
+        }
+      ]
+    });
+  }
+  function draw_sogo_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#sogo_log') ) {
+      $('#sogo_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#sogo_log').DataTable({
+      processing: true,
+      serverSide: false,
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/sogo",
+        dataSrc: function(data){
+          return process_table_data(data, 'general_syslog');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: lang.priority,
+          data: 'priority',
+          defaultContent: ''
+        },
+        {
+          title: lang.message,
+          data: 'message',
+          defaultContent: '',
+          className: 'dtr-col-md text-break'
+        }
+      ]
+    });
+  }
+  function draw_dovecot_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#dovecot_log') ) {
+      $('#dovecot_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#dovecot_log').DataTable({
+      processing: true,
+      serverSide: false,
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/dovecot",
+        dataSrc: function(data){
+          return process_table_data(data, 'general_syslog');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: lang.priority,
+          data: 'priority',
+          defaultContent: ''
+        },
+        {
+          title: lang.message,
+          data: 'message',
+          defaultContent: '',
+          className: 'dtr-col-md text-break'
+        }
+      ]
+    });
+  }
+  function rspamd_pie_graph() {
+    $.ajax({
+      url: '/api/v1/get/rspamd/actions',
+      async: true,
+      success: function(data){
+        console.log(data);
+
+        var total = 0;
+        $(data).map(function(){total += this[1];});
+        var labels = $.makeArray($(data).map(function(){return this[0] + ' ' + Math.round(this[1]/total * 100) + '%';}));
+        var values = $.makeArray($(data).map(function(){return this[1];}));
+        console.log(values);
+
+        var graphdata = {
+          labels: labels,
+          datasets: [{
+            data: values,
+            backgroundColor: ['#DC3023', '#59ABE3', '#FFA400', '#FFA400', '#26A65B']
+          }]
+        };
+
+        var options = {
+          responsive: true,
+          maintainAspectRatio: false,
+          plugins: {
+            datalabels: {
+              color: '#FFF',
+              font: {
+                weight: 'bold'
+              },
+              display: function(context) {
+                return context.dataset.data[context.dataIndex] !== 0;
+              },
+              formatter: function(value, context) {
+                return Math.round(value/total*100) + '%';
+              }
+            }
+          }
+        };
+        var chartcanvas = document.getElementById('rspamd_donut');
+        Chart.register('ChartDataLabels');
+        if(typeof chart == 'undefined') {
+          chart = new Chart(chartcanvas.getContext("2d"), {
+            plugins: [ChartDataLabels],
+            type: 'doughnut',
+            data: graphdata,
+            options: options
+          });
+        }
+        else {
+          chart.destroy();
+          chart = new Chart(chartcanvas.getContext("2d"), {
+            plugins: [ChartDataLabels],
+            type: 'doughnut',
+            data: graphdata,
+            options: options
+          });
+        }
+      }
+    });
+  }
+  function draw_rspamd_history() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#rspamd_history') ) {
+      $('#rspamd_history').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#rspamd_history').DataTable({
+      processing: true,
+      serverSide: false,
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/rspamd-history",
+        dataSrc: function(data){
+          return process_table_data(data, 'rspamd_history');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: 'IP address',
+          data: 'ip',
+          defaultContent: ''
+        },
+        {
+          title: 'From',
+          data: 'sender_mime',
+          defaultContent: ''
+        },
+        {
+          title: 'To',
+          data: 'rcpt',
+          defaultContent: ''
+        },
+        {
+          title: 'Subject',
+          data: 'subject',
+          defaultContent: ''
+        },
+        {
+          title: 'Action',
+          data: 'action',
+          defaultContent: ''
+        },
+        {
+          title: 'Score',
+          data: 'score',
+          defaultContent: ''
+        },
+        {
+          title: 'Subject',
+          data: 'header_subject',
+          defaultContent: ''
+        },
+        {
+          title: 'Symbols',
+          data: 'symbols',
+          defaultContent: '',
+          className: 'none dtr-col-md'
+        },
+        {
+          title: 'Msg size',
+          data: 'size',
+          defaultContent: ''
+        },
+        {
+          title: 'Scan Time',
+          data: 'scan_time',
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'message-id',
+          defaultContent: ''
+        },
+        {
+          title: 'Authenticated user',
+          data: 'user',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+  function process_table_data(data, table) {
+    if (table == 'rspamd_history') {
+    $.each(data, function (i, item) {
+      if (item.rcpt_mime != "") {
+        item.rcpt = escapeHtml(item.rcpt_mime.join(", "));
+      }
+      else {
+        item.rcpt = escapeHtml(item.rcpt_smtp.join(", "));
+      }
+      item.symbols = Object.keys(item.symbols).sort(function (a, b) {
+        if (item.symbols[a].score === 0) return 1
+        if (item.symbols[b].score === 0) return -1
+        if (item.symbols[b].score < 0 && item.symbols[a].score < 0) {
+          return item.symbols[a].score - item.symbols[b].score
+        }
+        if (item.symbols[b].score > 0 && item.symbols[a].score > 0) {
+          return item.symbols[b].score - item.symbols[a].score
+        }
+        return item.symbols[b].score - item.symbols[a].score
+      }).map(function(key) {
+        var sym = item.symbols[key];
+        if (sym.score < 0) {
+          sym.score_formatted = '(<span class="text-success"><b>' + sym.score + '</b></span>)'
+        }
+        else if (sym.score === 0) {
+          sym.score_formatted = '(<span><b>' + sym.score + '</b></span>)'
+        }
+        else {
+          sym.score_formatted = '(<span class="text-danger"><b>' + sym.score + '</b></span>)'
+        }
+        var str = '<strong>' + key + '</strong> ' + sym.score_formatted;
+        if (sym.options) {
+          str += ' [' + escapeHtml(sym.options.join(", ")) + "]";
+        }
+        return str
+      }).join('<br>\n');
+      item.subject = escapeHtml(item.subject);
+      var scan_time = item.time_real.toFixed(3);
+      if (item.time_virtual) {
+        scan_time += ' / ' + item.time_virtual.toFixed(3);
+      }
+      item.scan_time = {
+        "options": {
+          "sortValue": item.time_real
+        },
+        "value": scan_time
+      };
+      if (item.action === 'clean' || item.action === 'no action') {
+        item.action = "<div class='badge fs-6 bg-success'>" + item.action + "</div>";
+      } else if (item.action === 'rewrite subject' || item.action === 'add header' || item.action === 'probable spam') {
+        item.action = "<div class='badge fs-6 bg-warning'>" + item.action + "</div>";
+      } else if (item.action === 'spam' || item.action === 'reject') {
+        item.action = "<div class='badge fs-6 bg-danger'>" + item.action + "</div>";
+      } else {
+        item.action = "<div class='badge fs-6 bg-info'>" + item.action + "</div>";
+      }
+      var score_content;
+      if (item.score < item.required_score) {
+        score_content = "[ <span class='text-success'>" + item.score.toFixed(2) + " / " + item.required_score + "</span> ]";
+      } else {
+        score_content = "[ <span class='text-danger'>" + item.score.toFixed(2) + " / " + item.required_score + "</span> ]";
+      }
+      item.score = {
+        "options": {
+          "sortValue": item.score
+        },
+        "value": score_content
+      };
+      if (item.user == null) {
+        item.user = "none";
+      }
+    });
+    } else if (table == 'autodiscover_log') {
+      $.each(data, function (i, item) {
+        if (item.ua == null) {
+          item.ua = 'unknown';
+        } else {
+          item.ua = escapeHtml(item.ua);
+        }
+        item.ua = '<span style="font-size:small">' + item.ua + '</span>';
+        if (item.service == "activesync") {
+          item.service = '<span class="badge fs-6 bg-info">ActiveSync</span>';
+        }
+        else if (item.service == "imap") {
+          item.service = '<span class="badge fs-6 bg-success">IMAP, SMTP, Cal-/CardDAV</span>';
+        }
+        else {
+          item.service = '<span class="badge fs-6 bg-danger">' + escapeHtml(item.service) + '</span>';
+        }
+      });
+    } else if (table == 'watchdog') {
+      $.each(data, function (i, item) {
+        if (item.message == null) {
+          item.message = 'Health level: ' + item.lvl + '% (' + item.hpnow + '/' + item.hptotal + ')';
+          if (item.hpdiff < 0) {
+            item.trend = '<span class="badge fs-6 bg-danger"><i class="bi bi-caret-down-fill"></i> ' + item.hpdiff + '</span>';
+          }
+          else if (item.hpdiff == 0) {
+            item.trend = '<span class="badge fs-6 bg-info"><i class="bi bi-caret-right-fill"></i> ' + item.hpdiff + '</span>';
+          }
+          else {
+            item.trend = '<span class="badge fs-6 bg-success"><i class="bi bi-caret-up-fill"></i> ' + item.hpdiff + '</span>';
+          }
+        }
+        else {
+          item.trend = '';
+          item.service = '';
+        }
+      });
+    } else if (table == 'mailcow_ui') {
+      $.each(data, function (i, item) {
+        if (item === null) { return true; }
+        item.user = escapeHtml(item.user);
+        item.call = escapeHtml(item.call);
+        item.task = '<code>' + item.task + '</code>';
+        item.type = '<span class="badge fs-6 bg-' + item.type + '">' + item.type + '</span>';
+      });
+    } else if (table == 'sasl_log_table') {
+      $.each(data, function (i, item) {
+        if (item === null) { return true; }
+        item.username = escapeHtml(item.username);
+        item.service = '<div class="badge fs-6 bg-secondary">' + item.service.toUpperCase() + '</div>';
+      });
+    } else if (table == 'general_syslog') {
+      $.each(data, function (i, item) {
+        if (item === null) { return true; }
+        if (item.message.match("^base64,")) {
+          try {
+            item.message = atob(item.message.slice(7)).replace(/\\n/g, "<br />");
+          } catch(e) {
+            item.message = item.message.slice(7);
+          }
+        } else {
+          item.message = escapeHtml(item.message);
+        }
+        item.call = escapeHtml(item.call);
+        var danger_class = ["emerg", "alert", "crit", "err"];
+        var warning_class = ["warning", "warn"];
+        var info_class = ["notice", "info", "debug"];
+        if (jQuery.inArray(item.priority, danger_class) !== -1) {
+          item.priority = '<span class="badge fs-6 bg-danger">' + item.priority + '</span>';
+        } else if (jQuery.inArray(item.priority, warning_class) !== -1) {
+          item.priority = '<span class="badge fs-6 bg-warning">' + item.priority + '</span>';
+        } else if (jQuery.inArray(item.priority, info_class) !== -1) {
+          item.priority = '<span class="badge fs-6 bg-info">' + item.priority + '</span>';
+        }
+      });
+    } else if (table == 'apilog') {
+      $.each(data, function (i, item) {
+        if (item === null) { return true; }
+        if (item.method == 'GET') {
+          item.method = '<span class="badge fs-6 bg-success">' + item.method + '</span>';
+        } else if (item.method == 'POST') {
+          item.method = '<span class="badge fs-6 bg-warning">' + item.method + '</span>';
+        }
+        item.data = escapeHtml(item.data);
+      });
+    } else if (table == 'rllog') {
+      $.each(data, function (i, item) {
+        if (item.user == null) {
+          item.user = "none";
+        }
+        if (item.rl_hash == null) {
+          item.rl_hash = "err";
+        }
+        item.indicator = '<span style="border-right:6px solid #' + intToRGB(hashCode(item.rl_hash)) + ';padding-left:5px;">&nbsp;</span>';
+        if (item.rl_hash != 'err') {
+          item.action = '<a href="#" data-action="delete_selected" data-id="single-hash" data-api-url="delete/rlhash" data-item="' + encodeURI(item.rl_hash) + '" class="btn btn-xs btn-danger"><i class="bi bi-trash"></i> ' + lang.reset_limit + '</a>';
+        }
+      });
+    }
+    return data
+  };
+  $('.add_log_lines').on('click', function (e) {
+    e.preventDefault();
+    var log_table= $(this).data("table")
+    var new_nrows = $(this).data("nrows")
+    var post_process = $(this).data("post-process")
+    var log_url = $(this).data("log-url")
+    if (log_table === undefined || new_nrows === undefined || post_process === undefined || log_url === undefined) {
+      console.log("no data-table or data-nrows or log_url or data-post-process attr found");
+      return;
+    }
+
+    if (table = $('#' + log_table).DataTable()) {
+      var heading = $('#' + log_table).closest('.card').find('.card-header');
+      var load_rows = (table.page.len() + 1) + '-' + (table.page.len() + new_nrows)
+
+      $.get('/api/v1/get/logs/' + log_url + '/' + load_rows).then(function(data){
+        if (data.length === undefined) { mailcow_alert_box(lang.no_new_rows, "info"); return; }
+        var rows = process_table_data(data, post_process);
+        var rows_now = (table.page.len() + data.length);
+        $(heading).children('.table-lines').text(rows_now)
+        mailcow_alert_box(data.length + lang.additional_rows, "success");
+        table.rows.add(rows).draw();
+      });
+    }
+  })
+
+  // detect element visibility changes
+  function onVisible(element, callback) {
+    $(document).ready(function() {
+      element_object = document.querySelector(element);
+      if (element_object === null) return;
+
+      new IntersectionObserver((entries, observer) => {
+        entries.forEach(entry => {
+          if(entry.intersectionRatio > 0) {
+            callback(element_object);
+          }
+        });
+      }).observe(element_object);
+    });
+  }
+  // Draw Table if tab is active
+  onVisible("[id^=postfix_log]", () => draw_postfix_logs());
+  onVisible("[id^=dovecot_log]", () => draw_dovecot_logs());
+  onVisible("[id^=sogo_log]", () => draw_sogo_logs());
+  onVisible("[id^=watchdog_log]", () => draw_watchdog_logs());
+  onVisible("[id^=autodiscover_log]", () => draw_autodiscover_logs());
+  onVisible("[id^=acme_log]", () => draw_acme_logs());
+  onVisible("[id^=api_log]", () => draw_api_logs());
+  onVisible("[id^=rl_log]", () => draw_rl_logs());
+  onVisible("[id^=ui_logs]", () => draw_ui_logs());
+  onVisible("[id^=sasl_logs]", () => draw_sasl_logs());
+  onVisible("[id^=netfilter_log]", () => draw_netfilter_logs());
+  onVisible("[id^=rspamd_history]", () => draw_rspamd_history());
+  onVisible("[id^=rspamd_donut]", () => rspamd_pie_graph());
+
+
+
+  // start polling host stats if tab is active
+  onVisible("[id^=tab-containers]", () => update_stats());
+  // start polling container stats if collapse is active
+  var containerElements = document.querySelectorAll(".container-details-collapse");
+  for (let i = 0; i < containerElements.length; i++){
+    new IntersectionObserver((entries, observer) => {
+      entries.forEach(entry => {
+        if(entry.intersectionRatio > 0) {
+
+          if (!containerElements[i].classList.contains("show")){
+            var container = containerElements[i].id.replace("Collapse", "");
+            var container_id = containerElements[i].getAttribute("data-id");
+
+            // check if chart exists or needs to be created
+            if (!Chart.getChart(container + "_DiskIOChart"))
+              createReadWriteChart(container + "_DiskIOChart", "Read", "Write");
+            if (!Chart.getChart(container + "_NetIOChart"))
+              createReadWriteChart(container + "_NetIOChart", "Recv", "Sent");
+
+            // add container to polling list
+            containersToUpdate[container] = {
+              id: container_id,
+              state: "idle"
+            }
+
+            // stop polling if collapse is closed
+            containerElements[i].addEventListener('hidden.bs.collapse', function () {
+              var diskIOCtx = Chart.getChart(container + "_DiskIOChart");
+              var netIOCtx = Chart.getChart(container + "_NetIOChart");
+
+              diskIOCtx.data.datasets[0].data = [];
+              diskIOCtx.data.datasets[1].data = [];
+              diskIOCtx.data.labels = [];
+              netIOCtx.data.datasets[0].data = [];
+              netIOCtx.data.datasets[1].data = [];
+              netIOCtx.data.labels = [];
+
+              diskIOCtx.update();
+              netIOCtx.update();
+
+              delete containersToUpdate[container];
+            });
+          }
+
+        }
+      });
+    }).observe(containerElements[i]);
+  }
+});
+
+
+// update system stats - every 5 seconds if system & container tab is active
+function update_stats(timeout=5){
+  if (!$('#tab-containers').hasClass('active')) {
+    // tab not active - dont fetch stats - run again in n seconds
+    return;
+  }
+
+  window.fetch("/api/v1/get/status/host", {method:'GET',cache:'no-cache'}).then(function(response) {
+    return response.json();
+  }).then(function(data) {
+    console.log(data);
+
+    if (data){
+      // display table data
+      $("#host_date").text(data.system_time);
+      $("#host_uptime").text(formatUptime(data.uptime));
+      $("#host_cpu_cores").text(data.cpu.cores);
+      $("#host_cpu_usage").text(parseInt(data.cpu.usage).toString() + "%");
+      $("#host_memory_total").text((data.memory.total / (1024 ** 3)).toFixed(2).toString() + "GB");
+      $("#host_memory_usage").text(parseInt(data.memory.usage).toString() + "%");
+
+      // update cpu and mem chart
+      var cpu_chart = Chart.getChart("host_cpu_chart");
+      var mem_chart = Chart.getChart("host_mem_chart");
+
+      cpu_chart.data.labels.push(data.system_time.split(" ")[1]);
+      if (cpu_chart.data.labels.length > 30) cpu_chart.data.labels.shift();
+      mem_chart.data.labels.push(data.system_time.split(" ")[1]);
+      if (mem_chart.data.labels.length > 30) mem_chart.data.labels.shift();
+
+      cpu_chart.data.datasets[0].data.push(data.cpu.usage);
+      if (cpu_chart.data.datasets[0].data.length > 30)  cpu_chart.data.datasets[0].data.shift();
+      mem_chart.data.datasets[0].data.push(data.memory.usage);
+      if (mem_chart.data.datasets[0].data.length > 30)  mem_chart.data.datasets[0].data.shift();
+
+      cpu_chart.update();
+      mem_chart.update();
+    }
+
+    // run again in n seconds
+    setTimeout(update_stats, timeout * 1000);
+  });
+}
+// update specific container stats - every n (default 5s) seconds
+function update_container_stats(timeout=5){
+
+  if ($('#tab-containers').hasClass('active')) {
+    for (let container in containersToUpdate){
+      container_id = containersToUpdate[container].id;
+      // check if container update stats is already running
+      if (containersToUpdate[container].state == "running")
+        continue;
+      containersToUpdate[container].state = "running";
+
+
+      window.fetch("/api/v1/get/status/container/" + container_id, {method:'GET',cache:'no-cache'}).then(function(response) {
+        return response.json();
+      }).then(function(data) {
+        var diskIOCtx = Chart.getChart(container + "_DiskIOChart");
+        var netIOCtx = Chart.getChart(container + "_NetIOChart");
+
+        console.log(container);
+        console.log(data);
+        prev_stats = null;
+        if (data.length >= 2){
+          prev_stats = data[data.length -2];
+
+          // hide spinners if we collected enough data
+          $('#' + container + "_DiskIOChart").removeClass('d-none');
+          $('#' + container + "_DiskIOChart").prev().addClass('d-none');
+          $('#' + container + "_NetIOChart").removeClass('d-none');
+          $('#' + container + "_NetIOChart").prev().addClass('d-none');
+        }
+
+        data = data[data.length -1];
+
+        if (prev_stats != null){
+          // calc time diff
+          var time_diff = (new Date(data.read) - new Date(prev_stats.read)) / 1000;
+
+          // calc disk io b/s
+          if ('io_service_bytes_recursive' in prev_stats.blkio_stats && prev_stats.blkio_stats.io_service_bytes_recursive !== null){
+            var prev_read_bytes = 0;
+            var prev_write_bytes = 0;
+            for (var i = 0; i < prev_stats.blkio_stats.io_service_bytes_recursive.length; i++){
+              if (prev_stats.blkio_stats.io_service_bytes_recursive[i].op == "read")
+                prev_read_bytes = prev_stats.blkio_stats.io_service_bytes_recursive[i].value;
+              else if (prev_stats.blkio_stats.io_service_bytes_recursive[i].op == "write")
+                prev_write_bytes = prev_stats.blkio_stats.io_service_bytes_recursive[i].value;
+            }
+            var read_bytes = 0;
+            var write_bytes = 0;
+            for (var i = 0; i < data.blkio_stats.io_service_bytes_recursive.length; i++){
+              if (data.blkio_stats.io_service_bytes_recursive[i].op == "read")
+                read_bytes = data.blkio_stats.io_service_bytes_recursive[i].value;
+              else if (data.blkio_stats.io_service_bytes_recursive[i].op == "write")
+                write_bytes = data.blkio_stats.io_service_bytes_recursive[i].value;
+            }
+            var diff_bytes_read = (read_bytes - prev_read_bytes) / time_diff;
+            var diff_bytes_write = (write_bytes - prev_write_bytes) / time_diff;
+          }
+
+          // calc net io b/s
+          if ('networks' in prev_stats){
+            var prev_recv_bytes = 0;
+            var prev_sent_bytes = 0;
+            for (var key in prev_stats.networks){
+              prev_recv_bytes += prev_stats.networks[key].rx_bytes;
+              prev_sent_bytes += prev_stats.networks[key].tx_bytes;
+            }
+            var recv_bytes = 0;
+            var sent_bytes = 0;
+            for (var key in data.networks){
+              recv_bytes += data.networks[key].rx_bytes;
+              sent_bytes += data.networks[key].tx_bytes;
+            }
+            var diff_bytes_recv = (recv_bytes - prev_recv_bytes) / time_diff;
+            var diff_bytes_sent = (sent_bytes - prev_sent_bytes) / time_diff;
+          }
+
+          addReadWriteChart(diskIOCtx, diff_bytes_read, diff_bytes_write, "");
+          addReadWriteChart(netIOCtx, diff_bytes_recv, diff_bytes_sent, "");
+        }
+
+        // run again in n seconds
+        containersToUpdate[container].state = "idle";
+      }).catch(err => {
+        console.log(err);
+      });
+    }
+  }
+
+  // run again in n seconds
+  setTimeout(update_container_stats, timeout * 1000);
+}
+// get public ips
+function get_public_ips(){
+  window.fetch("/api/v1/get/status/host/ip", {method:'GET',cache:'no-cache'}).then(function(response) {
+    return response.json();
+  }).then(function(data) {
+    console.log(data);
+
+    // display host ips
+    if (data.ipv4)
+      $("#host_ipv4").text(data.ipv4);
+    if (data.ipv6)
+      $("#host_ipv6").text(data.ipv6);
+  });
+}
+// format hosts uptime seconds to readable string
+function formatUptime(seconds){
+  seconds = Number(seconds);
+  var d = Math.floor(seconds / (3600*24));
+  var h = Math.floor(seconds % (3600*24) / 3600);
+  var m = Math.floor(seconds % 3600 / 60);
+  var s = Math.floor(seconds % 60);
+
+  var dFormat = d > 0 ? d + "D " : "";
+  var hFormat = h > 0 ? h + "H " : "";
+  var mFormat = m > 0 ? m + "M " : "";
+  var sFormat = s > 0 ? s + "S" : "";
+  return dFormat + hFormat + mFormat + sFormat;
+}
+// format bytes to readable string
+function formatBytes(bytes){
+  // b
+  if (bytes < 1000) return bytes.toFixed(2).toString()+' B/s';
+  // b to kb
+  bytes = bytes / 1024;
+  if (bytes < 1000) return bytes.toFixed(2).toString()+' KB/s';
+  // kb to mb
+  bytes = bytes / 1024;
+  if (bytes < 1000) return bytes.toFixed(2).toString()+' MB/s';
+  // final mb to gb
+  return (bytes / 1024).toFixed(2).toString()+' GB/s';
+}
+// create read write line chart
+function createReadWriteChart(chart_id, read_lable, write_lable){
+  var ctx = document.getElementById(chart_id);
+
+  var dataNet = {
+    labels: [],
+    datasets: [{
+      label: read_lable,
+      backgroundColor: "rgba(41, 187, 239, 0.3)",
+      borderColor: "rgba(41, 187, 239, 0.6)",
+      pointRadius: 1,
+      pointHitRadius: 6,
+      borderWidth: 2,
+      fill: true,
+      tension: 0.2,
+      data: []
+    }, {
+      label: write_lable,
+      backgroundColor: "rgba(239, 60, 41, 0.3)",
+      borderColor: "rgba(239, 60, 41, 0.6)",
+      pointRadius: 1,
+      pointHitRadius: 6,
+      borderWidth: 2,
+      fill: true,
+      tension: 0.2,
+      data: []
+    }]
+  };
+  var optionsNet = {
+    interaction: {
+        mode: 'index'
+    },
+    scales: {
+      yAxis: {
+        min: 0,
+        grid: {
+            display: false
+        },
+        ticks: {
+          callback: function(i, index, ticks) {
+             return formatBytes(i);
+          }
+        }
+      },
+      xAxis: {
+        grid: {
+            display: false
+        }
+      }
+    }
+  };
+
+  return new Chart(ctx, {
+    type: 'line',
+    data: dataNet,
+    options: optionsNet
+  });
+}
+// add to read write line chart
+function addReadWriteChart(chart_context, read_point, write_point, time, limit = 30){
+  // push time label for x-axis
+  chart_context.data.labels.push(time);
+  if (chart_context.data.labels.length > limit) chart_context.data.labels.shift();
+
+  // push datapoints
+  chart_context.data.datasets[0].data.push(read_point);
+  chart_context.data.datasets[1].data.push(write_point);
+  // shift data if more than 20 entires exists
+  if (chart_context.data.datasets[0].data.length > limit)  chart_context.data.datasets[0].data.shift();
+  if (chart_context.data.datasets[1].data.length > limit) chart_context.data.datasets[1].data.shift();
+
+  chart_context.update();
+}
+// create host cpu and mem chart
+function createHostCpuAndMemChart(){
+  var cpu_ctx = document.getElementById("host_cpu_chart");
+  var mem_ctx = document.getElementById("host_mem_chart");
+
+  var dataCpu = {
+    labels: [],
+    datasets: [{
+      label: "CPU %",
+      backgroundColor: "rgba(41, 187, 239, 0.3)",
+      borderColor: "rgba(41, 187, 239, 0.6)",
+      pointRadius: 1,
+      pointHitRadius: 6,
+      borderWidth: 2,
+      fill: true,
+      tension: 0.2,
+      data: []
+    }]
+  };
+  var optionsCpu = {
+    interaction: {
+        mode: 'index'
+    },
+    scales: {
+      yAxis: {
+        min: 0,
+        grid: {
+            display: false
+        },
+        ticks: {
+          callback: function(i, index, ticks) {
+             return i.toFixed(0).toString() + "%";
+          }
+        }
+      },
+      xAxis: {
+        grid: {
+            display: false
+        }
+      }
+    }
+  };
+
+  var dataMem = {
+    labels: [],
+    datasets: [{
+      label: "MEM %",
+      backgroundColor: "rgba(41, 187, 239, 0.3)",
+      borderColor: "rgba(41, 187, 239, 0.6)",
+      pointRadius: 1,
+      pointHitRadius: 6,
+      borderWidth: 2,
+      fill: true,
+      tension: 0.2,
+      data: []
+    }]
+  };
+  var optionsMem = {
+    interaction: {
+        mode: 'index'
+    },
+    scales: {
+      yAxis: {
+        min: 0,
+        grid: {
+            display: false
+        },
+        ticks: {
+          callback: function(i, index, ticks) {
+            return i.toFixed(0).toString() + "%";
+          }
+        }
+      },
+      xAxis: {
+        grid: {
+            display: false
+        }
+      }
+    }
+  };
+
+
+  var net_io_chart = new Chart(cpu_ctx, {
+    type: 'line',
+    data: dataCpu,
+    options: optionsCpu
+  });
+  var disk_io_chart = new Chart(mem_ctx, {
+    type: 'line',
+    data: dataMem,
+    options: optionsMem
+  });
+}
+// check for mailcow updates
+function check_update(current_version, github_repo_url){
+  if (!current_version || !github_repo_url) return false;
+
+  var github_account = github_repo_url.split("/")[3];
+  var github_repo_name = github_repo_url.split("/")[4];
+
+  // get details about latest release
+  window.fetch("https://api.github.com/repos/"+github_account+"/"+github_repo_name+"/releases/latest", {method:'GET',cache:'no-cache'}).then(function(response) {
+    return response.json();
+  }).then(function(latest_data) {
+    // get details about current release
+    window.fetch("https://api.github.com/repos/"+github_account+"/"+github_repo_name+"/releases/tags/"+current_version, {method:'GET',cache:'no-cache'}).then(function(response) {
+      return response.json();
+    }).then(function(current_data) {
+      // compare releases
+      var date_current = new Date(current_data.created_at);
+      var date_latest = new Date(latest_data.created_at);
+      if (date_latest.getTime() <= date_current.getTime()){
+        // no update available
+        $("#mailcow_update").removeClass("text-warning text-danger").addClass("text-success");
+        $("#mailcow_update").html("<b>" + lang_debug.no_update_available + "</b>");
+      } else {
+        // update available
+        $("#mailcow_update").removeClass("text-danger text-success").addClass("text-warning");
+        $("#mailcow_update").html(lang_debug.update_available + ` <a href="#" id="mailcow_update_changelog">`+latest_data.tag_name+`</a>`);
+        $("#mailcow_update_changelog").click(function(){
+          if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin")
+            return;
+
+          showVersionModal("New Release " + latest_data.tag_name, latest_data.tag_name);
+        })
+      }
+    }).catch(err => {
+      // err
+      console.log(err);
+      $("#mailcow_update").removeClass("text-success text-warning").addClass("text-danger");
+      $("#mailcow_update").html("<b>"+ lang_debug.update_failed +"</b>");
+    });
+  }).catch(err => {
+    // err
+    console.log(err);
+    $("#mailcow_update").removeClass("text-success text-warning").addClass("text-danger");
+    $("#mailcow_update").html("<b>"+ lang_debug.update_failed +"</b>");
+  });
+}
+// show version changelog modal
+function showVersionModal(title, version){
+  $.ajax({
+    type: 'GET',
+    url: 'https://api.github.com/repos/' + mailcow_info.project_owner + '/' + mailcow_info.project_repo + '/releases/tags/' + version,
+    dataType: 'json',
+    success: function (data) {
+      var md = window.markdownit();
+      var result = md.render(data.body);
+      result = parseGithubMarkdownLinks(result);
+
+      $('#showVersionModal').find(".modal-title").html(title);
+      $('#showVersionModal').find(".modal-body").html(`
+        <h3>` + data.name + `</h3>
+        <span class="mt-4">` + result + `</span>
+        <span><b>Github Link:</b>
+          <a target="_blank" href="https://github.com/` + mailcow_info.project_owner + `/` + mailcow_info.project_repo + `/releases/tag/` + version + `">` + version + `</a>
+        </span>
+      `);
+
+      new bootstrap.Modal(document.getElementById("showVersionModal"), {
+        backdrop: 'static',
+        keyboard: false
+      }).show();
+    }
+  });
+}
+function parseGithubMarkdownLinks(inputText) {
+  var replacedText, replacePattern1;
+
+  replacePattern1 = /(\b(https?):\/\/[-A-Z0-9+&@#\/%?=~_|!:,.;]*[-A-Z0-9+&@#\/%=~_|])/gim;
+  replacedText = inputText.replace(replacePattern1, (matched, index, original, input_string) => {
+      if (matched.includes('github.com')){
+        // return short link if it's github link
+        last_uri_path = matched.split('/');
+        last_uri_path = last_uri_path[last_uri_path.length - 1];
+
+        // adjust Full Changelog link to match last git version and new git version, if link is a compare link
+        if (matched.includes('/compare/') && mailcow_info.last_version_tag !== ''){
+          matched = matched.replace(last_uri_path,  mailcow_info.last_version_tag + '...' + mailcow_info.version_tag);
+          last_uri_path = mailcow_info.last_version_tag + '...' + mailcow_info.version_tag;
+        }
+
+        return '<a href="' + matched + '" target="_blank">' + last_uri_path + '</a><br>';
+      };
+
+      // if it's not a github link, return complete link
+      return '<a href="' + matched + '" target="_blank">' + matched + '</a>';
+  });
+
+  return replacedText;
+}
+
+function convertTimestampToLocalFormat(timestamp) {
+  var date = new Date(timestamp ? timestamp * 1000 : 0);
+  return date.toLocaleDateString(LOCALE, DATETIME_FORMAT);
+}

From eefce62f017be3a13c2ff6d9fee51a31689829d2 Mon Sep 17 00:00:00 2001
From: Tom Udding <tomudding@users.noreply.github.com>
Date: Sat, 24 Dec 2022 18:10:57 +0100
Subject: [PATCH 083/170] Fix incorrect datetime for Rspamd logs

---
 data/web/js/site/debug.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index c44cbbc1..d15f6e1e 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -731,7 +731,7 @@ jQuery(function($){
       columns: [
         {
           title: lang.time,
-          data: 'time',
+          data: 'unix_time',
           defaultContent: '',
           createdCell: function(td, cellData) {
             createSortableDate(td, cellData)

From 136cc2e3fff2276074de7e51cd2e5a66f4659ef1 Mon Sep 17 00:00:00 2001
From: Tom Udding <tomudding@users.noreply.github.com>
Date: Sat, 24 Dec 2022 18:18:28 +0100
Subject: [PATCH 084/170] Fix missing score and scan time Rspamd logs

---
 data/web/js/site/debug.js | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index d15f6e1e..296886f9 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -765,7 +765,14 @@ jQuery(function($){
         {
           title: 'Score',
           data: 'score',
-          defaultContent: ''
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            $(td).attr({
+              "data-order": cellData.sortBy,
+              "data-sort": cellData.sortBy
+            });
+            $(td).html(cellData.value);
+          }
         },
         {
           title: 'Subject',
@@ -786,7 +793,14 @@ jQuery(function($){
         {
           title: 'Scan Time',
           data: 'scan_time',
-          defaultContent: ''
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            $(td).attr({
+              "data-order": cellData.sortBy,
+              "data-sort": cellData.sortBy
+            });
+            $(td).html(cellData.value);
+          }
         },
         {
           title: 'ID',
@@ -843,9 +857,7 @@ jQuery(function($){
         scan_time += ' / ' + item.time_virtual.toFixed(3);
       }
       item.scan_time = {
-        "options": {
-          "sortValue": item.time_real
-        },
+        "sortBy": item.time_real,
         "value": scan_time
       };
       if (item.action === 'clean' || item.action === 'no action') {
@@ -864,9 +876,7 @@ jQuery(function($){
         score_content = "[ <span class='text-danger'>" + item.score.toFixed(2) + " / " + item.required_score + "</span> ]";
       }
       item.score = {
-        "options": {
-          "sortValue": item.score
-        },
+        "sortBy": item.score,
         "value": score_content
       };
       if (item.user == null) {

From 82c80a9682f29d69a935f93dd26b2b1ed1b107cf Mon Sep 17 00:00:00 2001
From: Tom Udding <tomudding@users.noreply.github.com>
Date: Sat, 24 Dec 2022 18:29:46 +0100
Subject: [PATCH 085/170] Make default ordering of Rspamd table consistent

---
 data/web/js/site/debug.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index 296886f9..1996600a 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -721,6 +721,7 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       language: lang_datatables,
+      order: [[0, 'desc']],
       ajax: {
         type: "GET",
         url: "/api/v1/get/logs/rspamd-history",

From 8070db96e9d752be0c0e2b6574a840d219a2a1be Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Sat, 24 Dec 2022 22:25:42 +0100
Subject: [PATCH 086/170] [UI] Fixed Wrong Table content in Qurantine (sender
 instead of subject)

---
 data/web/js/site/quarantine.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/js/site/quarantine.js b/data/web/js/site/quarantine.js
index d838b0fb..34531b0d 100644
--- a/data/web/js/site/quarantine.js
+++ b/data/web/js/site/quarantine.js
@@ -97,7 +97,7 @@ jQuery(function($){
           },
           {
             title: lang.subj,
-            data: 'sender',
+            data: 'subject',
             defaultContent: ''
           },
           {

From 3281b97ea9123bcda388c261013e96aa7bdaf6a4 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Sat, 24 Dec 2022 23:25:52 +0100
Subject: [PATCH 087/170] [UI] Removed solr informations if container is
 disabled

---
 data/web/lang/lang.de-de.json |  1 +
 data/web/lang/lang.en-gb.json |  1 +
 data/web/templates/debug.twig | 12 +++++++++++-
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index b6229491..7b4b1f46 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -488,6 +488,7 @@
         "chart_this_server": "Chart (dieser Server)",
         "containers_info": "Container-Information",
         "container_running": "Läuft",
+        "container_disabled": "Container gestoppt oder deaktiviert",
         "container_stopped": "Angehalten",
         "cores": "Kerne",
         "current_time": "Systemzeit",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index ce6e2cf8..00b14f07 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -491,6 +491,7 @@
         "chart_this_server": "Chart (this server)",
         "containers_info": "Container information",
         "container_running": "Running",
+        "container_disabled": "Container stopped or disabled",
         "container_stopped": "Stopped",
         "cores": "Cores",
         "current_time": "System Time",
diff --git a/data/web/templates/debug.twig b/data/web/templates/debug.twig
index eb48d54e..6c96de88 100644
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
@@ -160,8 +160,14 @@
                   <div class="d-flex p-2 list-group-header">
                     <div>
                       <span class="fw-bold">solr-mailcow</span>
+                      {% if containers["solr-mailcow"].State.Running == 1 %}
                       <span class="d-block d-md-inline">({{ containers["solr-mailcow"].Config.Image }})</span>
+                      {% endif %}
+                      {% if containers["solr-mailcow"].State.Running == 1 %}
                       <small class="d-block">({{ lang.debug.started_on }} <span class="parse_date">{{ containers["solr-mailcow"].State.StartedAtHR }}</span>)</small>
+                      {% elseif containers["solr-mailcow"].State.Running != 1 %}
+                      <small class="d-block">{{ lang.debug.container_disabled }}</small>
+                      {% endif %}
                       {% if containers["solr-mailcow"].State.Running == 1 %}
                         <span class="badge fs-7 bg-success loader" style="min-width:100px">
                           {{ lang.debug.container_running }}
@@ -169,19 +175,22 @@
                           <span class="loader-dot">.</span>
                           <span class="loader-dot">.</span>
                         </span>
-                      {% elseif containers["solr-mailcow"].State %}
+                      {% elseif containers["solr-mailcow"].State.Running != 1 %}
                         <span class="badge fs-7 bg-danger" style="min-width:100px">
                           {{ lang.debug.container_stopped }}
                           <i class="bi-x ms-1"></i>
                         </span>
                       {% endif %}
                     </div>
+                  {% if containers["solr-mailcow"].State.Running == 1 %}
                     <div class="mt-auto ms-auto">
                       <button class="btn btn-light" type="button" data-bs-toggle="collapse" data-bs-target="#solr-mailcowCollapse" aria-expanded="false" aria-controls="solr-mailcowCollapse">
                         <i class="bi bi-caret-down-fill caret"></i>
                       </button>
                     </div>
+                  {% endif %}  
                   </div>
+                  {% if containers["solr-mailcow"].State.Running == 1 %}
                   <div class="collapse p-0 list-group-details container-details-collapse" id="solr-mailcowCollapse" data-id="{{ containers["solr-mailcow"].Id }}">    
                     <div class="row p-2 pt-4">
                       <div class="col-sm-3">
@@ -238,6 +247,7 @@
                       </div>
                     </div>                  
                   </div>
+                  {% endif %}
                 </div>
               </div>
 

From 13bdd4ad0bd6c1f417386192683d5fc36e06ec69 Mon Sep 17 00:00:00 2001
From: Tomy Hsieh <tomy0000000@gmail.com>
Date: Sun, 25 Dec 2022 16:56:43 +0800
Subject: [PATCH 088/170] =?UTF-8?q?=F0=9F=9B=A0=20fix:=20Locale=20decision?=
 =?UTF-8?q?=20algorithm?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 data/web/inc/prerequisites.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index 754d98d5..b3b1cc13 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -234,7 +234,7 @@ if (!isset($_SESSION['mailcow_locale']) && !isset($_COOKIE['mailcow_locale'])) {
 
     // Try suggest match
     // e.g. suggest en-gb when only en-us is provided
-    if (!isset($_COOKIE['mailcow_locale'])) {
+    if (!isset($_SESSION['mailcow_locale'])) {
       foreach ($lang2pref as $lang => $q) {
         if (array_key_exists(substr($lang, 0, 2), $AVAILABLE_BASE_LANGUAGES)) {
           $_SESSION['mailcow_locale'] = $AVAILABLE_BASE_LANGUAGES[substr($lang, 0, 2)];

From dabf4d4383bbc6adaa61d49c8d68ce83dfe1af0e Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Sun, 25 Dec 2022 14:44:00 +0100
Subject: [PATCH 089/170] [UI] Show Restart SOGo only when permission = admin

---
 data/web/templates/base.twig | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index 743a2b2d..06c47bd2 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -80,7 +80,9 @@
             {% if mailcow_cc_role == 'admin' %}
             <li><a href="/queue" class="dropdown-item {% if is_uri('queue') %}active{% endif %}">{{ lang.queue.queue_manager }}</a></li>
             {% endif %}
+            {% if mailcow_cc_role == 'admin' %}
             <li><a href="#" class="dropdown-item" data-bs-toggle="modal" data-container="sogo-mailcow" data-bs-target="#RestartContainer">{{ lang.header.restart_sogo }}</a></li>
+            {% endif %}
           </ul>
         </li>
         {% endif %}

From e7a929a947291ce8ae3c47d33a3da7640cc0f396 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 26 Dec 2022 11:35:18 +0100
Subject: [PATCH 090/170] [Web] add missing </code> tag in edit/mailbox.twig

---
 data/web/templates/edit/mailbox.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index ce01a659..289638d6 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -274,7 +274,7 @@
         </div>
         <div class="col-sm-10">
           <p class="text-muted">{{ lang.user.pushover_info|format(mailbox)|raw }}</p>
-          <p class="text-muted">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code>, <code>{TO_NAME}</code>, <code>{TO_ADDRESS}, <code>{MSG_ID}</code></p>
+          <p class="text-muted">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code>, <code>{TO_NAME}</code>, <code>{TO_ADDRESS}</code>, <code>{MSG_ID}</code></p>
           <div class="row">
             <div class="col-sm-6 mb-2">
               <label for="token">API Token/Key (Application)</label>

From 0cf59159cd8e92e3699615e1bbe64071b3a5fa79 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 26 Dec 2022 12:03:51 +0100
Subject: [PATCH 091/170] [Web] fix SAL display

---
 data/web/admin.php | 4 ----
 data/web/debug.php | 6 ++++++
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/data/web/admin.php b/data/web/admin.php
index e53d18fd..a3b908b7 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -10,9 +10,6 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
 $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 $tfa_data = get_tfa();
 $fido2_data = fido2(array("action" => "get_friendly_names"));
-if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CACHE')) {
-  $_SESSION['gal'] = json_decode($license_cache, true);
-}
 
 $js_minifier->add('/web/js/site/admin.js');
 $js_minifier->add('/web/js/presets/rspamd.js');
@@ -89,7 +86,6 @@ $template_data = [
   'tfa_id' => @$_SESSION['tfa_id'],
   'fido2_cid' => @$_SESSION['fido2_cid'],
   'fido2_data' => $fido2_data,
-  'gal' => @$_SESSION['gal'],
   'api' => [
     'ro' => admin_api('ro', 'get'),
     'rw' => admin_api('rw', 'get'),
diff --git a/data/web/debug.php b/data/web/debug.php
index 5618ec00..45c4456c 100644
--- a/data/web/debug.php
+++ b/data/web/debug.php
@@ -11,6 +11,11 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 $solr_status = (preg_match("/^([yY][eE][sS]|[yY])+$/", $_ENV["SKIP_SOLR"])) ? false : solr_status();
 $clamd_status = (preg_match("/^([yY][eE][sS]|[yY])+$/", $_ENV["SKIP_CLAMD"])) ? false : true;
 
+
+if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CACHE')) {
+  $_SESSION['gal'] = json_decode($license_cache, true);
+}
+
 $js_minifier->add('/web/js/site/debug.js');
 
 // vmail df
@@ -54,6 +59,7 @@ $template_data = [
   'vmail_df' => $vmail_df,
   'hostname' => $hostname,
   'timezone' => $timezone,
+  'gal' => @$_SESSION['gal'],
   'license_guid' => license('guid'),
   'solr_status' => $solr_status,
   'solr_uptime' => round($solr_status['status']['dovecot-fts']['uptime'] / 1000 / 60 / 60),

From 48310034e5f2fa072788ea17110caecdc1706533 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 26 Dec 2022 14:33:15 +0100
Subject: [PATCH 092/170] [Compose Updater] Corrected syntax errors

---
 helper-scripts/update_compose.sh | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/helper-scripts/update_compose.sh b/helper-scripts/update_compose.sh
index 01be926f..ae2d6ab1 100755
--- a/helper-scripts/update_compose.sh
+++ b/helper-scripts/update_compose.sh
@@ -42,8 +42,6 @@ echo -e "\e[32mTrying to determine GLIBC version...\e[0m"
     elif [[ $(curl -sL -w "%{http_code}" https://github.com/docker/compose/releases/latest -o /dev/null) == "200" ]]; then
         LATEST_COMPOSE=$(curl -Ls -w %{url_effective} -o /dev/null https://github.com/docker/compose/releases/latest) # redirect to latest release
         LATEST_COMPOSE=${LATEST_COMPOSE##*/} #get the latest version from the redirect, inlcuding the "v" prefix
-        if [ $DC_DL_SUFFIX]; then
-          LATEST_COMPOSE=1.27.4 # force 1.27.4 for legacy systems, tag is not prefixed by "v"
         COMPOSE_VERSION=$(docker-compose version --short)
         if [[ "$LATEST_COMPOSE" != "$COMPOSE_VERSION" ]]; then
         COMPOSE_PATH=$(command -v docker-compose)
@@ -71,4 +69,4 @@ elif [ "${DOCKER_COMPOSE_VERSION}" == "native" ]; then
 else
     echo -e "\e[31mCan not read DOCKER_COMPOSE_VERSION variable from mailcow.conf! Is your mailcow up to date? Exiting...\e[0m"
     exit 1
-fi
+fi
\ No newline at end of file

From f3f5471ef776f7cd6a0f7dbc2656ebcf30e20aa3 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 26 Dec 2022 15:56:23 +0100
Subject: [PATCH 093/170] [Web] Removed double Sender Entry in RSPAMD Logs

---
 data/web/js/site/debug.js | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index 1996600a..85e6b789 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -775,11 +775,6 @@ jQuery(function($){
             $(td).html(cellData.value);
           }
         },
-        {
-          title: 'Subject',
-          data: 'header_subject',
-          defaultContent: ''
-        },
         {
           title: 'Symbols',
           data: 'symbols',

From eaa0dea63bb951081b8ff6cfb1b2b4987724a094 Mon Sep 17 00:00:00 2001
From: Tom Udding <tomudding@users.noreply.github.com>
Date: Mon, 26 Dec 2022 17:30:25 +0100
Subject: [PATCH 094/170] [WEB] Update DataTables to v1.13.1 and fix crash for
 non-English locales

This newer version of DataTables includes a fix for improper access
to localisation information from `Intl.NumberFormat`. This improper access
lead to datatables not being created.
---
 data/web/css/build/011-datatables.css |  58 ++--
 data/web/js/build/004-datatables.js   | 417 ++++++++++++++++----------
 2 files changed, 278 insertions(+), 197 deletions(-)

diff --git a/data/web/css/build/011-datatables.css b/data/web/css/build/011-datatables.css
index e0512bdf..d03514ff 100644
--- a/data/web/css/build/011-datatables.css
+++ b/data/web/css/build/011-datatables.css
@@ -4,10 +4,10 @@
  *
  * To rebuild or modify this file with the latest versions of the included
  * software please visit:
- *   https://datatables.net/download/#bs5/dt-1.12.0/r-2.3.0/sl-1.4.0
+ *   https://datatables.net/download/#bs5/dt-1.13.1/r-2.4.0/sl-1.5.0
  *
  * Included libraries:
- *   DataTables 1.12.0, Responsive 2.3.0, Select 1.4.0
+ *   DataTables 1.13.1, Responsive 2.4.0, Select 1.5.0
  */
 
 @charset "UTF-8";
@@ -63,7 +63,7 @@ table.dataTable thead > tr > td.sorting_desc_disabled:after {
   opacity: 0.125;
   right: 10px;
   line-height: 9px;
-  font-size: 0.9em;
+  font-size: 0.8em;
 }
 table.dataTable thead > tr > th.sorting:before, table.dataTable thead > tr > th.sorting_asc:before, table.dataTable thead > tr > th.sorting_desc:before, table.dataTable thead > tr > th.sorting_asc_disabled:before, table.dataTable thead > tr > th.sorting_desc_disabled:before,
 table.dataTable thead > tr > td.sorting:before,
@@ -72,7 +72,7 @@ table.dataTable thead > tr > td.sorting_desc:before,
 table.dataTable thead > tr > td.sorting_asc_disabled:before,
 table.dataTable thead > tr > td.sorting_desc_disabled:before {
   bottom: 50%;
-  content: "▴";
+  content: "▲";
 }
 table.dataTable thead > tr > th.sorting:after, table.dataTable thead > tr > th.sorting_asc:after, table.dataTable thead > tr > th.sorting_desc:after, table.dataTable thead > tr > th.sorting_asc_disabled:after, table.dataTable thead > tr > th.sorting_desc_disabled:after,
 table.dataTable thead > tr > td.sorting:after,
@@ -81,7 +81,7 @@ table.dataTable thead > tr > td.sorting_desc:after,
 table.dataTable thead > tr > td.sorting_asc_disabled:after,
 table.dataTable thead > tr > td.sorting_desc_disabled:after {
   top: 50%;
-  content: "▾";
+  content: "▼";
 }
 table.dataTable thead > tr > th.sorting_asc:before, table.dataTable thead > tr > th.sorting_desc:after,
 table.dataTable thead > tr > td.sorting_asc:before,
@@ -287,6 +287,9 @@ table.dataTable > tbody > tr.selected > * {
   box-shadow: inset 0 0 0 9999px rgba(13, 110, 253, 0.9);
   color: white;
 }
+table.dataTable > tbody > tr.selected a {
+  color: #090a0b;
+}
 table.dataTable.table-striped > tbody > tr.odd > * {
   box-shadow: inset 0 0 0 9999px rgba(0, 0, 0, 0.05);
 }
@@ -335,6 +338,9 @@ div.dataTables_wrapper div.dataTables_paginate ul.pagination {
   white-space: nowrap;
   justify-content: flex-end;
 }
+div.dataTables_wrapper div.dt-row {
+  position: relative;
+}
 
 div.dataTables_scrollHead table.dataTable {
   margin-bottom: 0 !important;
@@ -380,17 +386,6 @@ div.dataTables_wrapper div.dataTables_paginate {
 table.dataTable.table-sm > thead > tr > th:not(.sorting_disabled) {
   padding-right: 20px;
 }
-table.dataTable.table-sm .sorting:before,
-table.dataTable.table-sm .sorting_asc:before,
-table.dataTable.table-sm .sorting_desc:before {
-  top: 5px;
-  right: 0.85em;
-}
-table.dataTable.table-sm .sorting:after,
-table.dataTable.table-sm .sorting_asc:after,
-table.dataTable.table-sm .sorting_desc:after {
-  top: 5px;
-}
 
 table.table-bordered.dataTable {
   border-right-width: 0;
@@ -629,13 +624,13 @@ table.dataTable > tbody > tr > .selected {
   background-color: rgba(13, 110, 253, 0.9);
   color: white;
 }
-table.dataTable tbody td.select-checkbox,
-table.dataTable tbody th.select-checkbox {
+table.dataTable > tbody > tr > td.select-checkbox,
+table.dataTable > tbody > tr > th.select-checkbox {
   position: relative;
 }
-table.dataTable tbody td.select-checkbox:before, table.dataTable tbody td.select-checkbox:after,
-table.dataTable tbody th.select-checkbox:before,
-table.dataTable tbody th.select-checkbox:after {
+table.dataTable > tbody > tr > td.select-checkbox:before, table.dataTable > tbody > tr > td.select-checkbox:after,
+table.dataTable > tbody > tr > th.select-checkbox:before,
+table.dataTable > tbody > tr > th.select-checkbox:after {
   display: block;
   position: absolute;
   top: 1.2em;
@@ -644,20 +639,20 @@ table.dataTable tbody th.select-checkbox:after {
   height: 12px;
   box-sizing: border-box;
 }
-table.dataTable tbody td.select-checkbox:before,
-table.dataTable tbody th.select-checkbox:before {
+table.dataTable > tbody > tr > td.select-checkbox:before,
+table.dataTable > tbody > tr > th.select-checkbox:before {
   content: " ";
   margin-top: -5px;
   margin-left: -6px;
   border: 1px solid black;
   border-radius: 3px;
 }
-table.dataTable tr.selected td.select-checkbox:before,
-table.dataTable tr.selected th.select-checkbox:before {
+table.dataTable > tbody > tr.selected > td.select-checkbox:before,
+table.dataTable > tbody > tr.selected > th.select-checkbox:before {
   border: 1px solid white;
 }
-table.dataTable tr.selected td.select-checkbox:after,
-table.dataTable tr.selected th.select-checkbox:after {
+table.dataTable > tbody > tr.selected > td.select-checkbox:after,
+table.dataTable > tbody > tr.selected > th.select-checkbox:after {
   content: "✓";
   font-size: 20px;
   margin-top: -19px;
@@ -665,12 +660,12 @@ table.dataTable tr.selected th.select-checkbox:after {
   text-align: center;
   text-shadow: 1px 1px #B0BED9, -1px -1px #B0BED9, 1px -1px #B0BED9, -1px 1px #B0BED9;
 }
-table.dataTable.compact tbody td.select-checkbox:before,
-table.dataTable.compact tbody th.select-checkbox:before {
+table.dataTable.compact > tbody > tr > td.select-checkbox:before,
+table.dataTable.compact > tbody > tr > th.select-checkbox:before {
   margin-top: -12px;
 }
-table.dataTable.compact tr.selected td.select-checkbox:after,
-table.dataTable.compact tr.selected th.select-checkbox:after {
+table.dataTable.compact > tbody > tr.selected > td.select-checkbox:after,
+table.dataTable.compact > tbody > tr.selected > th.select-checkbox:after {
   margin-top: -16px;
 }
 
@@ -690,4 +685,3 @@ table.dataTable.table-sm tbody td.select-checkbox::before {
   margin-top: -9px;
 }
 
-
diff --git a/data/web/js/build/004-datatables.js b/data/web/js/build/004-datatables.js
index 7dadd85a..9ece8ea5 100644
--- a/data/web/js/build/004-datatables.js
+++ b/data/web/js/build/004-datatables.js
@@ -4,20 +4,20 @@
  *
  * To rebuild or modify this file with the latest versions of the included
  * software please visit:
- *   https://datatables.net/download/#bs5/dt-1.12.0/r-2.3.0/sl-1.4.0
+ *   https://datatables.net/download/#bs5/dt-1.13.1/r-2.4.0/sl-1.5.0
  *
  * Included libraries:
- *   DataTables 1.12.0, Responsive 2.3.0, Select 1.4.0
+ *   DataTables 1.13.1, Responsive 2.4.0, Select 1.5.0
  */
 
-/*! DataTables 1.12.0
+/*! DataTables 1.13.1
  * ©2008-2022 SpryMedia Ltd - datatables.net/license
  */
 
 /**
  * @summary     DataTables
  * @description Paginate, search and order HTML tables
- * @version     1.12.0
+ * @version     1.13.1
  * @author      SpryMedia Ltd
  * @contact     www.datatables.net
  * @copyright   SpryMedia Ltd.
@@ -1162,6 +1162,10 @@
 				$( rowOne[0] ).children('th, td').each( function (i, cell) {
 					var col = oSettings.aoColumns[i];
 			
+					if (! col) {
+						_fnLog( oSettings, 0, 'Incorrect column count', 18 );
+					}
+			
 					if ( col.mData === i ) {
 						var sort = a( cell, 'sort' ) || a( cell, 'order' );
 						var filter = a( cell, 'filter' ) || a( cell, 'search' );
@@ -3166,6 +3170,11 @@
 				create = nTrIn ? false : true;
 	
 				nTd = create ? document.createElement( oCol.sCellType ) : anTds[i];
+	
+				if (! nTd) {
+					_fnLog( oSettings, 0, 'Incorrect column count', 18 );
+				}
+	
 				nTd._DT_CellIndex = {
 					row: iRow,
 					column: i
@@ -3316,10 +3325,16 @@
 	
 			for ( i=0, ien=cells.length ; i<ien ; i++ ) {
 				column = columns[i];
-				column.nTf = cells[i].cell;
 	
-				if ( column.sClass ) {
-					$(column.nTf).addClass( column.sClass );
+				if (column) {
+					column.nTf = cells[i].cell;
+		
+					if ( column.sClass ) {
+						$(column.nTf).addClass( column.sClass );
+					}
+				}
+				else {
+					_fnLog( oSettings, 0, 'Incorrect column count', 18 );
 				}
 			}
 		}
@@ -5079,6 +5094,10 @@
 				_fnDraw( settings );
 			}
 		}
+		else {
+			// No change event - paging was called, but no change
+			_fnCallbackFire( settings, null, 'page-nc', [settings] );
+		}
 	
 		return changed;
 	}
@@ -5348,6 +5367,7 @@
 			footerCopy = footer.clone().prependTo( table );
 			footerTrgEls = footer.find('tr'); // the original tfoot is in its own table and must be sized
 			footerSrcEls = footerCopy.find('tr');
+			footerCopy.find('[id]').removeAttr('id');
 		}
 	
 		// Clone the current header and footer elements and then place it into the inner table
@@ -5355,6 +5375,7 @@
 		headerTrgEls = header.find('tr'); // original header is in its own table
 		headerSrcEls = headerCopy.find('tr');
 		headerCopy.find('th, td').removeAttr('tabindex');
+		headerCopy.find('[id]').removeAttr('id');
 	
 	
 		/*
@@ -8332,8 +8353,12 @@
 	
 	$(document).on('plugin-init.dt', function (e, context) {
 		var api = new _Api( context );
+		
+		const namespace = 'on-plugin-init';
+		const stateSaveParamsEvent = `stateSaveParams.${namespace}`;
+		const destroyEvent = `destroy.${namespace}`;
 	
-		api.on( 'stateSaveParams', function ( e, settings, d ) {
+		api.on( stateSaveParamsEvent, function ( e, settings, d ) {
 			// This could be more compact with the API, but it is a lot faster as a simple
 			// internal loop
 			var idFn = settings.rowIdFn;
@@ -8347,7 +8372,11 @@
 			}
 	
 			d.childRows = ids;
-		})
+		});
+	
+		api.on( destroyEvent, function () {
+			api.off(`${stateSaveParamsEvent} ${destroyEvent}`);
+		});
 	
 		var loaded = api.state.loaded();
 	
@@ -9668,7 +9697,7 @@
 	 *  @type string
 	 *  @default Version number
 	 */
-	DataTable.version = "1.12.0";
+	DataTable.version = "1.13.1";
 	
 	/**
 	 * Private data store, containing all of the settings objects that are
@@ -14092,7 +14121,7 @@
 		 *
 		 *  @type string
 		 */
-		build:"bs5/dt-1.12.0/r-2.3.0/sl-1.4.0",
+		build:"bs5/dt-1.13.1/r-2.4.0/sl-1.5.0",
 	
 	
 		/**
@@ -14730,7 +14759,7 @@
 				var classes = settings.oClasses;
 				var lang = settings.oLanguage.oPaginate;
 				var aria = settings.oLanguage.oAria.paginate || {};
-				var btnDisplay, btnClass, counter=0;
+				var btnDisplay, btnClass;
 	
 				var attach = function( container, buttons ) {
 					var i, ien, node, button, tabIndex;
@@ -14805,7 +14834,7 @@
 										'class': classes.sPageButton+' '+btnClass,
 										'aria-controls': settings.sTableId,
 										'aria-label': aria[ button ],
-										'data-dt-idx': counter,
+										'data-dt-idx': button,
 										'tabindex': tabIndex,
 										'id': idx === 0 && typeof button === 'string' ?
 											settings.sTableId +'_'+ button :
@@ -14817,8 +14846,6 @@
 								_fnBindAction(
 									node, {action: button}, clickHandler
 								);
-	
-								counter++;
 							}
 						}
 					}
@@ -15163,7 +15190,7 @@
 			}
 		}
 		else if (window.luxon) {
-			dt = format
+			dt = format && typeof d === 'string'
 				? window.luxon.DateTime.fromFormat( d, format )
 				: window.luxon.DateTime.fromISO( d );
 	
@@ -15303,14 +15330,26 @@
 	}
 	
 	// Based on locale, determine standard number formatting
-	var __thousands = '';
-	var __decimal = '';
+	// Fallback for legacy browsers is US English
+	var __thousands = ',';
+	var __decimal = '.';
 	
 	if (Intl) {
-		var num = new Intl.NumberFormat().formatToParts(1000.1);
-	
-		__thousands = num[1].value;
-		__decimal = num[3].value;
+		try {
+			var num = new Intl.NumberFormat().formatToParts(100000.1);
+		
+			for (var i=0 ; i<num.length ; i++) {
+				if (num[i].type === 'group') {
+					__thousands = num[i].value;
+				}
+				else if (num[i].type === 'decimal') {
+					__decimal = num[i].value;
+				}
+			}
+		}
+		catch (e) {
+			// noop
+		}
 	}
 	
 	// Formatted date time detection - use by declaring the formats you are going to use
@@ -15379,6 +15418,10 @@
 						return d;
 					}
 	
+					if (d === '' || d === null) {
+						return d;
+					}
+	
 					var negative = d < 0 ? '-' : '';
 					var flo = parseFloat( d );
 	
@@ -15569,7 +15612,7 @@
 	$.each( DataTable, function ( prop, val ) {
 		$.fn.DataTable[ prop ] = val;
 	} );
-	
+
 	return DataTable;
 }));
 
@@ -15578,14 +15621,6 @@
  * 2020 SpryMedia Ltd - datatables.net/license
  */
 
-/**
- * DataTables integration for Bootstrap 4. This requires Bootstrap 5 and
- * DataTables 1.10 or newer.
- *
- * This file sets the defaults and adds options to DataTables to style its
- * controls using Bootstrap. See http://datatables.net/manual/styling/bootstrap
- * for further information.
- */
 (function( factory ){
 	if ( typeof define === 'function' && define.amd ) {
 		// AMD
@@ -15597,16 +15632,22 @@
 		// CommonJS
 		module.exports = function (root, $) {
 			if ( ! root ) {
+				// CommonJS environments without a window global must pass a
+				// root. This will give an error otherwise
 				root = window;
 			}
 
-			if ( ! $ || ! $.fn.dataTable ) {
-				// Require DataTables, which attaches to jQuery, including
-				// jQuery if needed and have a $ property so we can access the
-				// jQuery object that is used
-				$ = require('datatables.net')(root, $).$;
+			if ( ! $ ) {
+				$ = typeof window !== 'undefined' ? // jQuery's factory checks for a global window
+					require('jquery') :
+					require('jquery')( root );
 			}
 
+			if ( ! $.fn.dataTable ) {
+				require('datatables.net')(root, $);
+			}
+
+
 			return factory( $, root, root.document );
 		};
 	}
@@ -15619,11 +15660,21 @@
 var DataTable = $.fn.dataTable;
 
 
+
+/**
+ * DataTables integration for Bootstrap 5. This requires Bootstrap 5 and
+ * DataTables 1.10 or newer.
+ *
+ * This file sets the defaults and adds options to DataTables to style its
+ * controls using Bootstrap. See http://datatables.net/manual/styling/bootstrap
+ * for further information.
+ */
+
 /* Set the defaults for DataTables initialisation */
 $.extend( true, DataTable.defaults, {
 	dom:
 		"<'row'<'col-sm-12 col-md-6'l><'col-sm-12 col-md-6'f>>" +
-		"<'row'<'col-sm-12'tr>>" +
+		"<'row dt-row'<'col-sm-12'tr>>" +
 		"<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
 	renderer: 'bootstrap'
 } );
@@ -15645,7 +15696,7 @@ DataTable.ext.renderer.pageButton.bootstrap = function ( settings, host, idx, bu
 	var classes = settings.oClasses;
 	var lang    = settings.oLanguage.oPaginate;
 	var aria = settings.oLanguage.oAria.paginate || {};
-	var btnDisplay, btnClass, counter=0;
+	var btnDisplay, btnClass;
 
 	var attach = function( container, buttons ) {
 		var i, ien, node, button;
@@ -15714,7 +15765,7 @@ DataTable.ext.renderer.pageButton.bootstrap = function ( settings, host, idx, bu
 								'href': '#',
 								'aria-controls': settings.sTableId,
 								'aria-label': aria[ button ],
-								'data-dt-idx': counter,
+								'data-dt-idx': button,
 								'tabindex': settings.iTabIndex,
 								'class': 'page-link'
 							} )
@@ -15725,13 +15776,12 @@ DataTable.ext.renderer.pageButton.bootstrap = function ( settings, host, idx, bu
 					settings.oApi._fnBindAction(
 						node, {action: button}, clickHandler
 					);
-
-					counter++;
 				}
 			}
 		}
 	};
 
+	var hostEl = $(host);
 	// IE9 throws an 'unknown error' if document.activeElement is used
 	// inside an iframe or frame. 
 	var activeEl;
@@ -15741,17 +15791,26 @@ DataTable.ext.renderer.pageButton.bootstrap = function ( settings, host, idx, bu
 		// elements, focus is lost on the select button which is bad for
 		// accessibility. So we want to restore focus once the draw has
 		// completed
-		activeEl = $(host).find(document.activeElement).data('dt-idx');
+		activeEl = hostEl.find(document.activeElement).data('dt-idx');
 	}
 	catch (e) {}
 
+	var paginationEl = hostEl.children('ul.pagination');
+
+	if (paginationEl.length) {
+		paginationEl.empty();
+	}
+	else {
+		paginationEl = hostEl.html('<ul/>').children('ul').addClass('pagination');
+	}
+
 	attach(
-		$(host).empty().html('<ul class="pagination"/>').children('ul'),
+		paginationEl,
 		buttons
 	);
 
 	if ( activeEl !== undefined ) {
-		$(host).find( '[data-dt-idx='+activeEl+']' ).trigger('focus');
+		hostEl.find('[data-dt-idx='+activeEl+']').trigger('focus');
 	}
 };
 
@@ -15760,14 +15819,54 @@ return DataTable;
 }));
 
 
-/*! Responsive 2.3.0
+/*! Responsive 2.4.0
  * 2014-2022 SpryMedia Ltd - datatables.net/license
  */
 
+(function( factory ){
+	if ( typeof define === 'function' && define.amd ) {
+		// AMD
+		define( ['jquery', 'datatables.net'], function ( $ ) {
+			return factory( $, window, document );
+		} );
+	}
+	else if ( typeof exports === 'object' ) {
+		// CommonJS
+		module.exports = function (root, $) {
+			if ( ! root ) {
+				// CommonJS environments without a window global must pass a
+				// root. This will give an error otherwise
+				root = window;
+			}
+
+			if ( ! $ ) {
+				$ = typeof window !== 'undefined' ? // jQuery's factory checks for a global window
+					require('jquery') :
+					require('jquery')( root );
+			}
+
+			if ( ! $.fn.dataTable ) {
+				require('datatables.net')(root, $);
+			}
+
+
+			return factory( $, root, root.document );
+		};
+	}
+	else {
+		// Browser
+		factory( jQuery, window, document );
+	}
+}(function( $, window, document, undefined ) {
+'use strict';
+var DataTable = $.fn.dataTable;
+
+
+
 /**
  * @summary     Responsive
  * @description Responsive tables plug-in for DataTables
- * @version     2.3.0
+ * @version     2.4.0
  * @author      SpryMedia Ltd (www.sprymedia.co.uk)
  * @contact     www.sprymedia.co.uk/contact
  * @copyright   SpryMedia Ltd.
@@ -15781,35 +15880,6 @@ return DataTable;
  *
  * For details please refer to: http://www.datatables.net
  */
-(function( factory ){
-	if ( typeof define === 'function' && define.amd ) {
-		// AMD
-		define( ['jquery', 'datatables.net'], function ( $ ) {
-			return factory( $, window, document );
-		} );
-	}
-	else if ( typeof exports === 'object' ) {
-		// CommonJS
-		module.exports = function (root, $) {
-			if ( ! root ) {
-				root = window;
-			}
-
-			if ( ! $ || ! $.fn.dataTable ) {
-				$ = require('datatables.net')(root, $).$;
-			}
-
-			return factory( $, root, root.document );
-		};
-	}
-	else {
-		// Browser
-		factory( jQuery, window, document );
-	}
-}(function( $, window, document, undefined ) {
-'use strict';
-var DataTable = $.fn.dataTable;
-
 
 /**
  * Responsive is a plug-in for the DataTables library that makes use of
@@ -15863,9 +15933,10 @@ var Responsive = function ( settings, opts ) {
 	}
 
 	this.s = {
-		dt: new DataTable.Api( settings ),
+		childNodeStore: {},
 		columns: [],
-		current: []
+		current: [],
+		dt: new DataTable.Api( settings )
 	};
 
 	// Check if responsive has already been initialised on this table
@@ -16070,6 +16141,63 @@ $.extend( Responsive.prototype, {
 	 * Private methods
 	 */
 
+	/**
+	 * Get and store nodes from a cell - use for node moving renderers
+	 *
+	 * @param {*} dt DT instance
+	 * @param {*} row Row index
+	 * @param {*} col Column index
+	 */
+	_childNodes: function( dt, row, col ) {
+		var name = row+'-'+col;
+
+		if ( this.s.childNodeStore[ name ] ) {
+			return this.s.childNodeStore[ name ];
+		}
+
+		// https://jsperf.com/childnodes-array-slice-vs-loop
+		var nodes = [];
+		var children = dt.cell( row, col ).node().childNodes;
+		for ( var i=0, ien=children.length ; i<ien ; i++ ) {
+			nodes.push( children[i] );
+		}
+
+		this.s.childNodeStore[ name ] = nodes;
+
+		return nodes;
+	},
+
+	/**
+	 * Restore nodes from the cache to a table cell
+	 *
+	 * @param {*} dt DT instance
+	 * @param {*} row Row index
+	 * @param {*} col Column index
+	 */
+	_childNodesRestore: function( dt, row, col ) {
+		var name = row+'-'+col;
+
+		if ( ! this.s.childNodeStore[ name ] ) {
+			return;
+		}
+
+		var node = dt.cell( row, col ).node();
+		var store = this.s.childNodeStore[ name ];
+		var parent = store[0].parentNode;
+		var parentChildren = parent.childNodes;
+		var a = [];
+
+		for ( var i=0, ien=parentChildren.length ; i<ien ; i++ ) {
+			a.push( parentChildren[i] );
+		}
+
+		for ( var j=0, jen=a.length ; j<jen ; j++ ) {
+			node.appendChild( a[j] );
+		}
+
+		this.s.childNodeStore[ name ] = undefined;
+	},
+
 	/**
 	 * Calculate the visibility for the columns in a table for a given
 	 * breakpoint. The result is pre-determined based on the class logic if
@@ -16399,8 +16527,8 @@ $.extend( Responsive.prototype, {
 				: details.renderer;
 
 			var res = details.display( row, update, function () {
-				return renderer(
-					dt, row[0], that._detailsObj(row[0])
+				return renderer.call(
+					that, dt, row[0], that._detailsObj(row[0])
 				);
 			} );
 
@@ -16622,9 +16750,11 @@ $.extend( Responsive.prototype, {
 			}
 		} );
 
-		if ( changed ) {
-			this._redrawChildren();
+		// Always need to update the display, regardless of if it has changed or not, so nodes
+		// can be re-inserted for listHiddenNodes
+		this._redrawChildren();
 
+		if ( changed ) {
 			// Inform listeners of the change
 			$(dt.table().node()).trigger( 'responsive-resize.dt', [dt, this.s.current] );
 
@@ -16650,6 +16780,7 @@ $.extend( Responsive.prototype, {
 	{
 		var dt = this.s.dt;
 		var columns = this.s.columns;
+		var that = this;
 
 		// Are we allowed to do auto sizing?
 		if ( ! this.c.auto ) {
@@ -16663,11 +16794,11 @@ $.extend( Responsive.prototype, {
 		}
 
 		// Need to restore all children. They will be reinstated by a re-render
-		if ( ! $.isEmptyObject( _childNodeStore ) ) {
-			$.each( _childNodeStore, function ( key ) {
+		if ( ! $.isEmptyObject( this.s.childNodeStore ) ) {
+			$.each( this.s.childNodeStore, function ( key ) {
 				var idx = key.split('-');
 
-				_childNodesRestore( dt, idx[0]*1, idx[1]*1 );
+				that._childNodesRestore( dt, idx[0]*1, idx[1]*1 );
 			} );
 		}
 
@@ -16787,6 +16918,7 @@ $.extend( Responsive.prototype, {
 	 */
 	_setColumnVis: function ( col, showHide )
 	{
+		var that = this;
 		var dt = this.s.dt;
 		var display = showHide ? '' : 'none'; // empty string will remove the attr
 
@@ -16803,9 +16935,9 @@ $.extend( Responsive.prototype, {
 			.toggleClass('dtr-hidden', !showHide);
 
 		// If the are child nodes stored, we might need to reinsert them
-		if ( ! $.isEmptyObject( _childNodeStore ) ) {
+		if ( ! $.isEmptyObject( this.s.childNodeStore ) ) {
 			dt.cells( null, col ).indexes().each( function (idx) {
-				_childNodesRestore( dt, idx.row, idx.column );
+				that._childNodesRestore( dt, idx.row, idx.column );
 			} );
 		}
 	},
@@ -16972,52 +17104,6 @@ Responsive.display = {
 };
 
 
-var _childNodeStore = {};
-
-function _childNodes( dt, row, col ) {
-	var name = row+'-'+col;
-
-	if ( _childNodeStore[ name ] ) {
-		return _childNodeStore[ name ];
-	}
-
-	// https://jsperf.com/childnodes-array-slice-vs-loop
-	var nodes = [];
-	var children = dt.cell( row, col ).node().childNodes;
-	for ( var i=0, ien=children.length ; i<ien ; i++ ) {
-		nodes.push( children[i] );
-	}
-
-	_childNodeStore[ name ] = nodes;
-
-	return nodes;
-}
-
-function _childNodesRestore( dt, row, col ) {
-	var name = row+'-'+col;
-
-	if ( ! _childNodeStore[ name ] ) {
-		return;
-	}
-
-	var node = dt.cell( row, col ).node();
-	var store = _childNodeStore[ name ];
-	var parent = store[0].parentNode;
-	var parentChildren = parent.childNodes;
-	var a = [];
-
-	for ( var i=0, ien=parentChildren.length ; i<ien ; i++ ) {
-		a.push( parentChildren[i] );
-	}
-
-	for ( var j=0, jen=a.length ; j<jen ; j++ ) {
-		node.appendChild( a[j] );
-	}
-
-	_childNodeStore[ name ] = undefined;
-}
-
-
 /**
  * Display methods - functions which define how the hidden data should be shown
  * in the table.
@@ -17029,6 +17115,7 @@ function _childNodesRestore( dt, row, col ) {
 Responsive.renderer = {
 	listHiddenNodes: function () {
 		return function ( api, rowIdx, columns ) {
+			var that = this;
 			var ul = $('<ul data-dtr-index="'+rowIdx+'" class="dtr-details"/>');
 			var found = false;
 
@@ -17045,7 +17132,7 @@ Responsive.renderer = {
 							'</span> '+
 						'</li>'
 					)
-						.append( $('<span class="dtr-data"/>').append( _childNodes( api, col.rowIndex, col.columnIndex ) ) )// api.cell( col.rowIndex, col.columnIndex ).node().childNodes ) )
+						.append( $('<span class="dtr-data"/>').append( that._childNodes( api, col.rowIndex, col.columnIndex ) ) )// api.cell( col.rowIndex, col.columnIndex ).node().childNodes ) )
 						.appendTo( ul );
 
 					found = true;
@@ -17229,7 +17316,7 @@ Api.registerPlural( 'columns().responsiveHidden()', 'column().responsiveHidden()
  * @name Responsive.version
  * @static
  */
-Responsive.version = '2.3.0';
+Responsive.version = '2.4.0';
 
 
 $.fn.dataTable.Responsive = Responsive;
@@ -17256,12 +17343,12 @@ $(document).on( 'preInit.dt.dtr', function (e, settings, json) {
 } );
 
 
-return Responsive;
+return DataTable;
 }));
 
 
 /*! Bootstrap 5 integration for DataTables' Responsive
- * ©2021 SpryMedia Ltd - datatables.net/license
+ * © SpryMedia Ltd - datatables.net/license
  */
 
 (function( factory ){
@@ -17275,17 +17362,26 @@ return Responsive;
 		// CommonJS
 		module.exports = function (root, $) {
 			if ( ! root ) {
+				// CommonJS environments without a window global must pass a
+				// root. This will give an error otherwise
 				root = window;
 			}
 
-			if ( ! $ || ! $.fn.dataTable ) {
-				$ = require('datatables.net-bs5')(root, $).$;
+			if ( ! $ ) {
+				$ = typeof window !== 'undefined' ? // jQuery's factory checks for a global window
+					require('jquery') :
+					require('jquery')( root );
 			}
 
-			if ( ! $.fn.dataTable.Responsive ) {
+			if ( ! $.fn.dataTable ) {
+				require('datatables.net-bs5')(root, $);
+			}
+
+			if ( ! $.fn.dataTable ) {
 				require('datatables.net-responsive')(root, $);
 			}
 
+
 			return factory( $, root, root.document );
 		};
 	}
@@ -17298,6 +17394,7 @@ return Responsive;
 var DataTable = $.fn.dataTable;
 
 
+
 var _display = DataTable.Responsive.display;
 var _original = _display.modal;
 var _modal = $(
@@ -17359,33 +17456,14 @@ _display.modal = function ( options ) {
 };
 
 
-return DataTable.Responsive;
+return DataTable;
 }));
 
 
-/*! Select for DataTables 1.4.0
+/*! Select for DataTables 1.5.0
  * 2015-2021 SpryMedia Ltd - datatables.net/license/mit
  */
 
-/**
- * @summary     Select for DataTables
- * @description A collection of API methods, events and buttons for DataTables
- *   that provides selection options of the items in a DataTable
- * @version     1.4.0
- * @file        dataTables.select.js
- * @author      SpryMedia Ltd (www.sprymedia.co.uk)
- * @contact     datatables.net/forums
- * @copyright   Copyright 2015-2021 SpryMedia Ltd.
- *
- * This source file is free software, available under the following license:
- *   MIT license - http://datatables.net/license/mit
- *
- * This source file is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the license files for details.
- *
- * For details please refer to: http://www.datatables.net/extensions/select
- */
 (function( factory ){
 	if ( typeof define === 'function' && define.amd ) {
 		// AMD
@@ -17397,13 +17475,22 @@ return DataTable.Responsive;
 		// CommonJS
 		module.exports = function (root, $) {
 			if ( ! root ) {
+				// CommonJS environments without a window global must pass a
+				// root. This will give an error otherwise
 				root = window;
 			}
 
-			if ( ! $ || ! $.fn.dataTable ) {
-				$ = require('datatables.net')(root, $).$;
+			if ( ! $ ) {
+				$ = typeof window !== 'undefined' ? // jQuery's factory checks for a global window
+					require('jquery') :
+					require('jquery')( root );
 			}
 
+			if ( ! $.fn.dataTable ) {
+				require('datatables.net')(root, $);
+			}
+
+
 			return factory( $, root, root.document );
 		};
 	}
@@ -17416,10 +17503,11 @@ return DataTable.Responsive;
 var DataTable = $.fn.dataTable;
 
 
+
 // Version information for debugger
 DataTable.select = {};
 
-DataTable.select.version = '1.4.0';
+DataTable.select.version = '1.5.0';
 
 DataTable.select.init = function ( dt ) {
 	var ctx = dt.settings()[0];
@@ -18688,7 +18776,6 @@ $(document).on( 'preInit.dt.dtSelect', function (e, ctx) {
 } );
 
 
-return DataTable.select;
+return DataTable;
 }));
 
-

From 24acd4258945fcc5412d372275a886aaba1119b8 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 26 Dec 2022 20:06:49 +0100
Subject: [PATCH 095/170] Translations update from Weblate (#4926)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.fr-fr.json

[Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: Clément Hampaï <clement.hampai@cypressxt.net>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: Clément Hampaï <clement.hampai@cypressxt.net>
---
 data/web/lang/lang.ca-es.json | 1 -
 data/web/lang/lang.cs-cz.json | 1 -
 data/web/lang/lang.da-dk.json | 1 -
 data/web/lang/lang.es-es.json | 1 -
 data/web/lang/lang.fi-fi.json | 1 -
 data/web/lang/lang.fr-fr.json | 5 +++--
 data/web/lang/lang.hu-hu.json | 1 -
 data/web/lang/lang.it-it.json | 1 -
 data/web/lang/lang.ko-kr.json | 1 -
 data/web/lang/lang.lv-lv.json | 1 -
 data/web/lang/lang.nl-nl.json | 1 -
 data/web/lang/lang.pl-pl.json | 1 -
 data/web/lang/lang.pt-pt.json | 1 -
 data/web/lang/lang.ro-ro.json | 1 -
 data/web/lang/lang.ru-ru.json | 1 -
 data/web/lang/lang.sk-sk.json | 1 -
 data/web/lang/lang.uk-ua.json | 1 -
 data/web/lang/lang.zh-cn.json | 2 --
 data/web/lang/lang.zh-tw.json | 1 -
 19 files changed, 3 insertions(+), 21 deletions(-)

diff --git a/data/web/lang/lang.ca-es.json b/data/web/lang/lang.ca-es.json
index 07bf8512..26a30afd 100644
--- a/data/web/lang/lang.ca-es.json
+++ b/data/web/lang/lang.ca-es.json
@@ -393,7 +393,6 @@
         "toggle_all": "Marcar tots"
     },
     "queue": {
-        "queue_command_success": "Queue command completed successfully",
         "queue_manager": "Queue Manager"
     },
     "start": {
diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index d0b34525..d1f2bb07 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -889,7 +889,6 @@
         "type": "Typ"
     },
     "queue": {
-        "queue_deliver_mail": "Doručit",
         "queue_manager": "Správce fronty"
     },
     "ratelimit": {
diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json
index eec15b2c..c0d42afe 100644
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -803,7 +803,6 @@
         "toggle_all": "Skift alt"
     },
     "queue": {
-        "queue_deliver_mail": "Aflevere",
         "queue_manager": "Køadministrator"
     },
     "start": {
diff --git a/data/web/lang/lang.es-es.json b/data/web/lang/lang.es-es.json
index d1c8a975..d9c3bfd3 100644
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -602,7 +602,6 @@
         "toggle_all": "Seleccionar todos"
     },
     "queue": {
-        "queue_deliver_mail": "Entregar",
         "queue_manager": "Administrador de cola"
     },
     "start": {
diff --git a/data/web/lang/lang.fi-fi.json b/data/web/lang/lang.fi-fi.json
index efe55e74..7305e19e 100644
--- a/data/web/lang/lang.fi-fi.json
+++ b/data/web/lang/lang.fi-fi.json
@@ -686,7 +686,6 @@
         "toggle_all": "Valitse kaikki"
     },
     "queue": {
-        "queue_deliver_mail": "Toimittaa",
         "queue_manager": "Jonon hallinta"
     },
     "start": {
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 686241ed..91524ee6 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -26,7 +26,9 @@
         "syncjobs": "Tâches de synchronisation",
         "tls_policy": "Police TLS",
         "unlimited_quota": "Quota illimité pour les boites de courriel",
-        "domain_desc": "Modifier la description du domaine"
+        "domain_desc": "Modifier la description du domaine",
+        "domain_relayhost": "Changer le relais pour un domaine",
+        "mailbox_relayhost": "Changer le relais d’une boîte de réception"
     },
     "add": {
         "activate_filter_warn": "Tous les autres filtres seront désactivés, quand activé est coché.",
@@ -827,7 +829,6 @@
         "toggle_all": "Tout basculer"
     },
     "queue": {
-        "queue_deliver_mail": "Délivrer",
         "queue_manager": "Gestion de la file d'attente"
     },
     "start": {
diff --git a/data/web/lang/lang.hu-hu.json b/data/web/lang/lang.hu-hu.json
index 14f1ed85..f04cf9c5 100644
--- a/data/web/lang/lang.hu-hu.json
+++ b/data/web/lang/lang.hu-hu.json
@@ -216,7 +216,6 @@
         "toggle_all": "Összes átkapcsolása"
     },
     "queue": {
-        "queue_command_success": "Queue command completed successfully",
         "queue_manager": "Queue Manager"
     },
     "start": {
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index 7b7d9b3b..65c3d47a 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -893,7 +893,6 @@
         "type": "Tipologia"
     },
     "queue": {
-        "queue_deliver_mail": "Consegna",
         "queue_manager": "Gestore code"
     },
     "start": {
diff --git a/data/web/lang/lang.ko-kr.json b/data/web/lang/lang.ko-kr.json
index e6bfa2a9..3f3cb153 100644
--- a/data/web/lang/lang.ko-kr.json
+++ b/data/web/lang/lang.ko-kr.json
@@ -777,7 +777,6 @@
         "toggle_all": "선택 반전"
     },
     "queue": {
-        "queue_deliver_mail": "Deliver",
         "queue_manager": "대기열 관리자"
     },
     "start": {
diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index 6053ddc7..b03848a4 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -400,7 +400,6 @@
         "toggle_all": "Pārslēgt visu"
     },
     "queue": {
-        "queue_command_success": "Queue command completed successfully",
         "queue_manager": "Queue Manager"
     },
     "start": {
diff --git a/data/web/lang/lang.nl-nl.json b/data/web/lang/lang.nl-nl.json
index 2369599f..547c7bb7 100644
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -815,7 +815,6 @@
         "toggle_all": "Selecteer alles"
     },
     "queue": {
-        "queue_deliver_mail": "Lever af",
         "queue_manager": "Queue manager"
     },
     "start": {
diff --git a/data/web/lang/lang.pl-pl.json b/data/web/lang/lang.pl-pl.json
index b885bbbc..b2862d8e 100644
--- a/data/web/lang/lang.pl-pl.json
+++ b/data/web/lang/lang.pl-pl.json
@@ -285,7 +285,6 @@
         "toggle_all": "Zaznacz wszystkie"
     },
     "queue": {
-        "queue_command_success": "Queue command completed successfully",
         "queue_manager": "Queue Manager"
     },
     "start": {
diff --git a/data/web/lang/lang.pt-pt.json b/data/web/lang/lang.pt-pt.json
index 9dbb4c4e..bfd640fd 100644
--- a/data/web/lang/lang.pt-pt.json
+++ b/data/web/lang/lang.pt-pt.json
@@ -193,7 +193,6 @@
         "remove": "Remover"
     },
     "queue": {
-        "queue_command_success": "Queue command completed successfully",
         "queue_manager": "Queue Manager"
     },
     "start": {
diff --git a/data/web/lang/lang.ro-ro.json b/data/web/lang/lang.ro-ro.json
index 470fef16..fe0d2064 100644
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@@ -895,7 +895,6 @@
         "toggle_all": "Comută toate"
     },
     "queue": {
-        "queue_deliver_mail": "Livrează",
         "queue_manager": "Manager de coadă"
     },
     "ratelimit": {
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index a602e47e..60aba927 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -893,7 +893,6 @@
         "type": "Тип"
     },
     "queue": {
-        "queue_deliver_mail": "Доставить",
         "queue_manager": "Очередь на отправку"
     },
     "ratelimit": {
diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index 60f8351a..b6933b28 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -895,7 +895,6 @@
         "type": "Typ"
     },
     "queue": {
-        "queue_deliver_mail": "Doručiť",
         "queue_manager": "Správca fronty"
     },
     "ratelimit": {
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index 1a7e0b87..e3acb8b5 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -896,7 +896,6 @@
         "table_size_show_n": "Відображати %s полів"
     },
     "queue": {
-        "queue_hold_mail": "Поставити на утримання",
         "queue_manager": "Черга на відправлення"
     },
     "ratelimit": {
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index d09c79b4..7532d7c4 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -257,7 +257,6 @@
         "quarantine_release_format_att": "附件",
         "quarantine_release_format_raw": "原件 (未修改)",
         "quarantine_retention_size": "每个邮箱保留隔离项目数:<br><small>0 表示 <b>禁用</b>。</small>",
-        "queue_manager": "队列管理",
         "quota_notification_html": "通知邮件模板:<br><small>留空则恢复默认模板。</small>",
         "quota_notification_sender": "通知邮件发件人",
         "quota_notification_subject": "通知邮件主题",
@@ -886,7 +885,6 @@
         "type": "类型"
     },
     "queue": {
-        "queue_deliver_mail": "递送",
         "queue_manager": "队列管理器"
     },
     "ratelimit": {
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index 012ae427..f9c81c66 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -257,7 +257,6 @@
         "quarantine_release_format_att": "如附件",
         "quarantine_release_format_raw": "未修改的原始信件",
         "quarantine_retention_size": "每個信箱的隔離保留上限：<br><small>0 表示 <b>停用</b>。</small>",
-        "queue_manager": "佇列管理",
         "quota_notification_html": "通知信模版：<br><small>留空來重設為預設模版。</small>",
         "quota_notification_sender": "通知信寄件人",
         "quota_notification_subject": "通知信主旨",

From 02b2988beb996a1af11d164082b79c302267206a Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 27 Dec 2022 13:56:09 +0100
Subject: [PATCH 096/170] [Web] fix typo in SASL table logs

---
 data/web/js/site/debug.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index 85e6b789..358b00c6 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -479,7 +479,7 @@ jQuery(function($){
           data: 'datetime',
           defaultContent: '',
           createdCell: function(td, cellData) {
-            cellData = Math.floor((new Date(data.replace(/-/g, "/"))).getTime() / 1000);
+            cellData = Math.floor((new Date(cellData.replace(/-/g, "/"))).getTime() / 1000);
             createSortableDate(td, cellData)
           }
         }

From 4d2e32ee4000b349d8915f574f492c1861d4edba Mon Sep 17 00:00:00 2001
From: Vincent Simon <vincent@simon.vg>
Date: Thu, 29 Dec 2022 18:24:15 +0100
Subject: [PATCH 097/170] [Web] added missing unban action

---
 data/web/lang/lang.en-gb.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 00b14f07..0bdbe8ea 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -264,6 +264,7 @@
         "quota_notifications": "Quota notifications",
         "quota_notifications_info": "Quota notifications are sent to users once when crossing 80% and once when crossing 95% usage.",
         "quota_notifications_vars": "{{percent}} equals the current quota of the user<br>{{username}} is the mailbox name",
+        "queue_unban": "unban",
         "r_active": "Active restrictions",
         "r_inactive": "Inactive restrictions",
         "r_info": "Greyed out/disabled elements on the list of active restrictions are not known as valid restrictions to mailcow and cannot be moved. Unknown restrictions will be set in order of appearance anyway. <br>You can add new elements in <code>inc/vars.local.inc.php</code> to be able to toggle them.",

From 690c34bc1d10d8ab463d59988ddaa0559ff1f1ec Mon Sep 17 00:00:00 2001
From: Tom Udding <tomudding@users.noreply.github.com>
Date: Fri, 30 Dec 2022 16:22:52 +0100
Subject: [PATCH 098/170] Sort sync jobs DataTable based on ID

By setting the default column to perform the sort on, the additional
sort option for the first (hidden) column is also removed.
---
 data/web/js/site/mailbox.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 12c4bb4d..30bd91bf 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -1908,6 +1908,7 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       language: lang_datatables,
+      order:[[2, 'desc']],
       ajax: {
         type: "GET",
         url: "/api/v1/get/syncjobs/all/no_log",

From de30650dc78c025f8413e498a063b1e64ad6398b Mon Sep 17 00:00:00 2001
From: Tom Udding <tomudding@users.noreply.github.com>
Date: Fri, 30 Dec 2022 16:32:02 +0100
Subject: [PATCH 099/170] Sort other mailbox DataTables also descending by ID

Also removes the extra non-usable sort option.
---
 data/web/js/site/mailbox.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 30bd91bf..0e400b30 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -623,6 +623,7 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       language: lang_datatables,
+      order:[[2, 'desc']],
       ajax: {
         type: "GET",
         url: "/api/v1/get/domain/template/all",
@@ -1078,6 +1079,7 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       language: lang_datatables,
+      order:[[2, 'desc']],
       ajax: {
         type: "GET",
         url: "/api/v1/get/mailbox/template/all",
@@ -1414,6 +1416,7 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       language: lang_datatables,
+      order:[[2, 'desc']],
       ajax: {
         type: "GET",
         url: "/api/v1/get/bcc/all",
@@ -1510,6 +1513,7 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       language: lang_datatables,
+      order:[[2, 'desc']],
       ajax: {
         type: "GET",
         url: "/api/v1/get/recipient_map/all",
@@ -1593,6 +1597,7 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       language: lang_datatables,
+      order:[[2, 'desc']],
       ajax: {
         type: "GET",
         url: "/api/v1/get/tls-policy-map/all",
@@ -1686,6 +1691,7 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       language: lang_datatables,
+      order:[[2, 'desc']],
       ajax: {
         type: "GET",
         url: "/api/v1/get/alias/all",
@@ -2049,6 +2055,7 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       language: lang_datatables,
+      order:[[2, 'desc']],
       ajax: {
         type: "GET",
         url: "/api/v1/get/filters/all",

From 75e4953070c6e1e39bbe93682df8b5d5d72b0aaa Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 31 Dec 2022 16:49:02 +0100
Subject: [PATCH 100/170] Update mugi111/tweet-trigger-release action to v1.2
 (#4952)

Signed-off-by: milkmaker <milkmaker@mailcow.de>

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/tweet-trigger-publish-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tweet-trigger-publish-release.yml b/.github/workflows/tweet-trigger-publish-release.yml
index 86cf628d..9aab121a 100644
--- a/.github/workflows/tweet-trigger-publish-release.yml
+++ b/.github/workflows/tweet-trigger-publish-release.yml
@@ -11,7 +11,7 @@ jobs:
         run:  |
           RELEASE_TAG=$(curl https://api.github.com/repos/mailcow/mailcow-dockerized/releases/latest | jq -r '.tag_name')
       - name: Tweet-trigger-publish-release
-        uses: mugi111/tweet-trigger-release@v1.1
+        uses: mugi111/tweet-trigger-release@v1.2
         with:
           consumer_key: ${{ secrets.CONSUMER_KEY }}
           consumer_secret: ${{ secrets.CONSUMER_SECRET }}

From 9fe8bfadf3c0eb6fec3fbd1a0a7c452e45244b23 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 31 Dec 2022 16:49:21 +0100
Subject: [PATCH 101/170] Update actions/stale action to v7 (#4953)

Signed-off-by: milkmaker <milkmaker@mailcow.de>

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/close_old_issues_and_prs.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/close_old_issues_and_prs.yml b/.github/workflows/close_old_issues_and_prs.yml
index 83a75d25..64002617 100644
--- a/.github/workflows/close_old_issues_and_prs.yml
+++ b/.github/workflows/close_old_issues_and_prs.yml
@@ -14,7 +14,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Mark/Close Stale Issues and Pull Requests 🗑️
-        uses: actions/stale@v6.0.1
+        uses: actions/stale@v7.0.0
         with:
           repo-token: ${{ secrets.STALE_ACTION_PAT }}
           days-before-stale: 60

From 072cbe62de4674f63c5f592e38a5253701fc6c2e Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Sat, 31 Dec 2022 17:11:16 +0100
Subject: [PATCH 102/170] Enable regex as manager

Add regex for matchstring line
---
 .github/renovate.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 37962b2a..7d0eabf2 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -9,5 +9,13 @@
     "@magiccc"
   ],
   "baseBranches": ["staging"],
-  "enabledManagers": ["github-actions"]
+  "enabledManagers": ["github-actions", "regex"],
+  "regexManagers": [
+    {
+      "fileMatch": ["^helper-scripts\/nextcloud.sh$"],
+      "matchStrings": [
+        "#\\srenovate:\\sdatasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?\\s.*?_VERSION=(?<currentValue>.*)"
+       ]
+    }
+  ]
 }

From afa1ed1effd8942e147b0a8d82f699513bae2830 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Sat, 31 Dec 2022 17:13:38 +0100
Subject: [PATCH 103/170] Add matchstring line for regex

Update nextcloud to 25.0.2
change download URLs
---
 helper-scripts/nextcloud.sh | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index 16311fc2..37c0d5f3 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
-NEXTCLOUD_VER="25"
+# renovate: datasource=github-releases depName=nextcloud/server versioning=semver extractVersion=^v(?<version>.*)$
+NEXTCLOUD_VERSION=25.0.2
 
 for bin in curl dirmngr; do
   if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
@@ -77,7 +78,7 @@ elif [[ ${NC_UPDATE} == "y" ]]; then
     echo "Cannot upgrade to new major version, please update manually."
     exit 1
   else
-    curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/latest-$NEXTCLOUD_VER.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
+    curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-$NEXTCLOUD_VERSION.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
       && tar -xjf nextcloud.tar.bz2 -C ./data/web/ \
       && rm nextcloud.tar.bz2 \
       && mkdir -p ./data/web/nextcloud/data \
@@ -98,7 +99,7 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
 
   ADMIN_NC_PASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
 
-  curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/latest-$NEXTCLOUD_VER.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
+  curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-$NEXTCLOUD_VERSION.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
     && tar -xjf nextcloud.tar.bz2 -C ./data/web/ \
     && rm nextcloud.tar.bz2 \
     && mkdir -p ./data/web/nextcloud/data \

From 08f93c7d58a35778c8f2319412b6eebb506555e7 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 3 Jan 2023 18:12:18 +0100
Subject: [PATCH 104/170] Translations update from Weblate (#4960)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Web] Updated lang.zh-cn.json

Co-authored-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: 雨 <luotianyi@luotianyi.me>

* [Web] Updated lang.en-gb.json

Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.de-de.json

Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.it-it.json

Co-authored-by: Stefano <stefano.vassena@gmail.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: 雨 <luotianyi@luotianyi.me>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: Stefano <stefano.vassena@gmail.com>
---
 data/web/lang/lang.de-de.json |  50 +++++-----
 data/web/lang/lang.en-gb.json |  60 ++++++------
 data/web/lang/lang.it-it.json | 177 +++++++++++++++++++++++-----------
 data/web/lang/lang.zh-cn.json |  35 ++++++-
 4 files changed, 206 insertions(+), 116 deletions(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 7b4b1f46..d430d0b3 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -459,30 +459,30 @@
         "yotp_verification_failed": "Yubico OTP-Verifizierung fehlgeschlagen: %s"
     },
     "datatables": {
-      "collapse_all": "Alle Einklappen",
-      "decimal": "",
-      "emptyTable": "Keine Daten in der Tabelle vorhanden",
-      "expand_all": "Alle Ausklappen",
-      "info": "_START_ bis _END_ von _TOTAL_ Einträgen",
-      "infoEmpty": "0 bis 0 von 0 Einträgen",
-      "infoFiltered": "(gefiltert von _MAX_ Einträgen)",
-      "infoPostFix": "",
-      "thousands": ".",
-      "lengthMenu": "_MENU_ Einträge anzeigen",
-      "loadingRecords": "Wird geladen...",
-      "processing": "Bitte warten...",
-      "search": "Suchen",
-      "zeroRecords": "Keine Einträge vorhanden.",
-      "paginate": {
-        "first": "Erste",
-        "previous": "Zurück",
-        "next": "Nächste",
-        "last": "Letzte"
-      },
-      "aria": {
-        "sortAscending": ": aktivieren, um Spalte aufsteigend zu sortieren",
-        "sortDescending": ": aktivieren, um Spalte absteigend zu sortieren"
-      }
+        "collapse_all": "Alle Einklappen",
+        "decimal": "",
+        "emptyTable": "Keine Daten in der Tabelle vorhanden",
+        "expand_all": "Alle Ausklappen",
+        "info": "_START_ bis _END_ von _TOTAL_ Einträgen",
+        "infoEmpty": "0 bis 0 von 0 Einträgen",
+        "infoFiltered": "(gefiltert von _MAX_ Einträgen)",
+        "infoPostFix": "",
+        "thousands": ".",
+        "lengthMenu": "_MENU_ Einträge anzeigen",
+        "loadingRecords": "Wird geladen...",
+        "processing": "Bitte warten...",
+        "search": "Suchen",
+        "zeroRecords": "Keine Einträge vorhanden.",
+        "paginate": {
+            "first": "Erste",
+            "previous": "Zurück",
+            "next": "Nächste",
+            "last": "Letzte"
+        },
+        "aria": {
+            "sortAscending": ": aktivieren, um Spalte aufsteigend zu sortieren",
+            "sortDescending": ": aktivieren, um Spalte absteigend zu sortieren"
+        }
     },
     "debug": {
         "chart_this_server": "Chart (dieser Server)",
@@ -942,7 +942,7 @@
     "queue": {
         "delete": "Queue löschen",
         "flush": "Queue flushen",
-        "info" : "In der Mailqueue befinden sich alle E-Mails, welche auf eine Zustellung warten. Sollte eine E-Mail eine längere Zeit innerhalb der Mailqueue stecken wird diese automatisch vom System gelöscht.<br>Die Fehlermeldung der jeweiligen Mail gibt aufschluss darüber, warum diese nicht zugestellt werden konnte",
+        "info": "In der Mailqueue befinden sich alle E-Mails, welche auf eine Zustellung warten. Sollte eine E-Mail eine längere Zeit innerhalb der Mailqueue stecken wird diese automatisch vom System gelöscht.<br>Die Fehlermeldung der jeweiligen Mail gibt aufschluss darüber, warum diese nicht zugestellt werden konnte",
         "legend": "Funktionen der Mailqueue Aktionen:",
         "ays": "Soll die derzeitige Queue wirklich komplett bereinigt werden?",
         "deliver_mail": "Ausliefern",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 00b14f07..22fffac8 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -462,30 +462,30 @@
         "yotp_verification_failed": "Yubico OTP verification failed: %s"
     },
     "datatables": {
-      "collapse_all": "Collapse All",
-      "decimal": "",
-      "emptyTable": "No data available in table",
-      "expand_all": "Expand All",
-      "info": "Showing _START_ to _END_ of _TOTAL_ entries",
-      "infoEmpty": "Showing 0 to 0 of 0 entries",
-      "infoFiltered": "(filtered from _MAX_ total entries)",
-      "infoPostFix": "",
-      "thousands": ",",
-      "lengthMenu": "Show _MENU_ entries",
-      "loadingRecords": "Loading...",
-      "processing": "Please wait...",
-      "search": "Search:",
-      "zeroRecords": "No matching records found",
-      "paginate": {
-          "first": "First",
-          "last": "Last",
-          "next": "Next",
-          "previous": "Previous"
-      },
-      "aria": {
-          "sortAscending": ": activate to sort column ascending",
-          "sortDescending": ": activate to sort column descending"
-      }
+        "collapse_all": "Collapse All",
+        "decimal": "",
+        "emptyTable": "No data available in table",
+        "expand_all": "Expand All",
+        "info": "Showing _START_ to _END_ of _TOTAL_ entries",
+        "infoEmpty": "Showing 0 to 0 of 0 entries",
+        "infoFiltered": "(filtered from _MAX_ total entries)",
+        "infoPostFix": "",
+        "thousands": ",",
+        "lengthMenu": "Show _MENU_ entries",
+        "loadingRecords": "Loading...",
+        "processing": "Please wait...",
+        "search": "Search:",
+        "zeroRecords": "No matching records found",
+        "paginate": {
+            "first": "First",
+            "last": "Last",
+            "next": "Next",
+            "previous": "Previous"
+        },
+        "aria": {
+            "sortAscending": ": activate to sort column ascending",
+            "sortDescending": ": activate to sort column descending"
+        }
     },
     "debug": {
         "chart_this_server": "Chart (this server)",
@@ -947,7 +947,7 @@
     "queue": {
         "delete": "Delete all",
         "flush": "Flush queue",
-        "info" : "The mail queue contains all e-mails that are waiting for delivery. If an email is stuck in the mail queue for a long time, it is automatically deleted by the system.<br>The error message of the respective mail gives information about why the mail could not be delivered.",
+        "info": "The mail queue contains all e-mails that are waiting for delivery. If an email is stuck in the mail queue for a long time, it is automatically deleted by the system.<br>The error message of the respective mail gives information about why the mail could not be delivered.",
         "legend": "Mail queue actions functions:",
         "ays": "Please confirm you want to delete all items from the current queue.",
         "deliver_mail": "Deliver",
@@ -961,11 +961,11 @@
         "unhold_mail_legend": "Releases selected mails for delivery. (Requires prior hold)"
     },
     "ratelimit": {
-      "disabled": "Disabled",
-      "second": "msgs / second",
-      "minute": "msgs / minute",
-      "hour": "msgs / hour",
-      "day": "msgs / day"
+        "disabled": "Disabled",
+        "second": "msgs / second",
+        "minute": "msgs / minute",
+        "hour": "msgs / hour",
+        "day": "msgs / day"
     },
     "start": {
         "help": "Show/Hide help panel",
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index 65c3d47a..8bfa9738 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -43,7 +43,7 @@
         "app_name": "Nome app",
         "app_password": "Aggiungi la password dell'app",
         "automap": "Prova a mappare automaticamente le cartelle (\"Sent items\", \"Sent\" => \"Posta inviata\" ecc.)",
-        "backup_mx_options": "Relay options",
+        "backup_mx_options": "Opzioni di inoltro",
         "comment_info": "Un commento privato non è visibile all'utente, mentre un commento pubblico viene mostrato come suggerimento quando si passa con il mouse nella panoramica di un utente",
         "custom_params": "Parametri personalizzati",
         "custom_params_hint": "Corretto: --param=xy, errato: --param xy",
@@ -303,7 +303,7 @@
         "spamfilter": "Filtri spam",
         "subject": "Oggetto",
         "success": "Successo",
-        "sys_mails": "System mails",
+        "sys_mails": "Mail di sistema",
         "text": "Testo",
         "time": "Orario",
         "title": "Titolo",
@@ -335,7 +335,8 @@
         "api_read_write": "Accesso in lettura-scrittura",
         "oauth2_apps": "App OAuth2",
         "oauth2_add_client": "Aggiungere il client OAuth2",
-        "rsettings_preset_4": "Disattivare Rspamd per un dominio"
+        "rsettings_preset_4": "Disattivare Rspamd per un dominio",
+        "options": "Opzioni"
     },
     "danger": {
         "access_denied": "Accesso negato o form di login non corretto",
@@ -364,7 +365,7 @@
         "extra_acl_invalid": "External sender address \"%s\" is invalid",
         "extra_acl_invalid_domain": "External sender \"%s\" uses an invalid domain",
         "fido2_verification_failed": "FIDO2 verification failed: %s",
-        "file_open_error": "File cannot be opened for writing",
+        "file_open_error": "Il file non può essere aperto per la scrittura",
         "filter_type": "Wrong filter type",
         "from_invalid": "Il mittente non può essere vuoto",
         "global_filter_write_error": "Could not write filter file: %s",
@@ -397,7 +398,7 @@
         "mailbox_quota_exceeds_domain_quota": "Lo spazio massimo supera la spazio del dominio",
         "mailbox_quota_left_exceeded": "Non c'è abbastanza spazio libero (space left: %d MiB)",
         "mailboxes_in_use": "Lo spazio massimo della casella deve essere maggiore o uguale a %d",
-        "malformed_username": "Malformed username",
+        "malformed_username": "Nome utente non valido",
         "map_content_empty": "Map content cannot be empty",
         "max_alias_exceeded": "Numero massimo di alias superato",
         "max_mailbox_exceeded": "Numero massimo di caselle superato (%d of %d)",
@@ -429,18 +430,18 @@
         "resource_invalid": "Il nome della risorsa non è valido",
         "rl_timeframe": "Rate limit time frame is incorrect",
         "rspamd_ui_pw_length": "Rspamd UI password should be at least 6 chars long",
-        "script_empty": "Script cannot be empty",
+        "script_empty": "Lo script non può essere vuoto",
         "sender_acl_invalid": "Il valore di Sender ACL non è valido",
         "set_acl_failed": "Failed to set ACL",
         "settings_map_invalid": "Settings map ID %s invalid",
         "sieve_error": "Sieve parser error: %s",
         "spam_learn_error": "Spam learn error: %s",
-        "subject_empty": "Subject must not be empty",
+        "subject_empty": "L'oggetto non deve essere vuoto",
         "target_domain_invalid": "Goto domain non è valido",
         "targetd_not_found": "Il target del dominio non è stato trovato",
         "targetd_relay_domain": "Target domain %s is a relay domain",
-        "temp_error": "Temporary error",
-        "text_empty": "Text must not be empty",
+        "temp_error": "Errore temporaneo",
+        "text_empty": "Il testo non deve essere vuoto",
         "tfa_token_invalid": "TFA token invalid",
         "tls_policy_map_dest_invalid": "Policy destination is invalid",
         "tls_policy_map_entry_exists": "A TLS policy map entry \"%s\" exists",
@@ -448,40 +449,54 @@
         "totp_verification_failed": "TOTP verification failed",
         "transport_dest_exists": "Transport destination \"%s\" exists",
         "webauthn_verification_failed": "WebAuthn verification failed: %s",
-        "unknown": "An unknown error occurred",
+        "unknown": "Si è verificato un errore sconosciuto",
         "unknown_tfa_method": "Unknown TFA method",
         "unlimited_quota_acl": "Unlimited quota prohibited by ACL",
-        "username_invalid": "Username %s non può essere utilizzato",
+        "username_invalid": "Il nome utente %s non può essere utilizzato",
         "validity_missing": "Assegnare un periodo di validità",
         "value_missing": "Si prega di fornire tutti i valori",
-        "yotp_verification_failed": "Verifica OTP Yubico fallita: %s"
+        "yotp_verification_failed": "Verifica OTP Yubico fallita: %s",
+        "demo_mode_enabled": "La modalità demo è abilitata",
+        "template_name_invalid": "Nome template non valido",
+        "template_exists": "Il template %s esiste già",
+        "template_id_invalid": "Il template con ID %s non è valido"
     },
     "debug": {
         "chart_this_server": "Grafico (questo server)",
-        "containers_info": "Container information",
+        "containers_info": "Informazioni sul container",
         "disk_usage": "Uso del disco",
         "docs": "Docs",
-        "external_logs": "External logs",
-        "history_all_servers": "History (all servers)",
+        "external_logs": "Log esterni",
+        "history_all_servers": "Cronologia (tutti i server)",
         "in_memory_logs": "In-memory logs",
         "jvm_memory_solr": "JVM memory usage",
         "last_modified": "Ultima modifica",
         "log_info": "<p>mailcow <b>in-memory logs</b> are collected in Redis lists and trimmed to LOG_LINES (%d) every minute to reduce hammering.\r\n  <br>In-memory logs are not meant to be persistent. All applications that log in-memory, also log to the Docker daemon and therefore to the default logging driver.\r\n  <br>The in-memory log type should be used for debugging minor issues with containers.</p>\r\n  <p><b>External logs</b> are collected via API of the given application.</p>\r\n  <p><b>Static logs</b> are mostly activity logs, that are not logged to the Dockerd but still need to be persistent (except for API logs).</p>",
-        "login_time": "Time",
+        "login_time": "Orario",
         "logs": "Logs",
-        "online_users": "Users online",
+        "online_users": "Utenti online",
         "restart_container": "Riavvio",
         "service": "Servizio",
-        "size": "Size",
-        "solr_dead": "Solr is starting, disabled or died.",
+        "size": "Dimensione",
+        "solr_dead": "Solr sta partendo, è disabilitato o morto.",
         "solr_status": "Stato Solr",
-        "started_at": "Started at",
-        "started_on": "Started on",
-        "static_logs": "Static logs",
+        "started_at": "Iniziato alle",
+        "started_on": "Iniziato",
+        "static_logs": "Log statici",
         "success": "Successo",
-        "system_containers": "System & Containers",
+        "system_containers": "Sistema & Containers",
         "uptime": "Tempo di attività",
-        "username": "Username"
+        "username": "Nome utente",
+        "container_disabled": "Container arrestato o disattivato",
+        "update_available": "È disponibile un aggiornamento",
+        "container_running": "In esecuzione",
+        "container_stopped": "Arrestato",
+        "cores": "Cores",
+        "current_time": "Orario di sistema",
+        "memory": "Memoria",
+        "timezone": "Fuso orario",
+        "no_update_available": "Il sistema è aggiornato all'ultima versione",
+        "update_failed": "Impossibile verificare la presenza di un aggiornamento"
     },
     "diagnostics": {
         "cname_from_a": "Valore letto dal record A/AAAA. Questo è supportato finché il record punta alla risorsa corretta.",
@@ -514,7 +529,7 @@
         "delete1": "Elimina dalla sorgente al termine",
         "delete2": "Delete messages on destination that are not on source",
         "delete2duplicates": "Elimina duplicati nella destinazione",
-        "delete_ays": "Please confirm the deletion process.",
+        "delete_ays": "Si prega di confermare il processo di eliminazione.",
         "description": "Descrizione",
         "disable_login": "Disabilita l'accesso (la posta in arrivo viene correttamente recapitata)",
         "domain": "Modifica dominio",
@@ -527,12 +542,12 @@
         "exclude": "Escludi oggetti (regex)",
         "extended_sender_acl": "External sender addresses",
         "extended_sender_acl_info": "A DKIM domain key should be imported, if available.<br>\r\n  Remember to add this server to the corresponding SPF TXT record.<br>\r\n  Whenever a domain or alias domain is added to this server, that overlaps with an external address, the external address is removed.<br>\r\n  Use @domain.tld to allow to send as *@domain.tld.",
-        "force_pw_update": "Force password update at next login",
+        "force_pw_update": "Forza l'aggiornamento della password al prossimo accesso",
         "force_pw_update_info": "Questo utente potrà accedere solo a %s.",
         "full_name": "Nome completo",
         "gal": "Global Address List",
         "gal_info": "The GAL contains all objects of a domain and cannot be edited by any user. Free/busy information in SOGo is missing, if disabled! <b>Restart SOGo to apply changes.</b>",
-        "generate": "generate",
+        "generate": "crea",
         "grant_types": "Grant types",
         "hostname": "Hostname",
         "inactive": "Inattivo",
@@ -549,7 +564,7 @@
         "mbox_rl_info": "This rate limit is applied on the SASL login name, it matches any \"from\" address used by the logged-in user. A mailbox rate limit overrides a domain-wide rate limit.",
         "mins_interval": "Intervallo (min)",
         "multiple_bookings": "Prenotazioni multiple",
-        "nexthop": "Next hop",
+        "nexthop": "Prossimo hop",
         "password": "Password",
         "password_repeat": "Conferma password (riscrivi)",
         "previous": "Pagina precedente",
@@ -561,9 +576,9 @@
         "pushover_sender_array": "Only consider the following sender email addresses <small>(comma-separated)</small>",
         "pushover_sender_regex": "Consider the following sender regex",
         "pushover_text": "Notification text",
-        "pushover_title": "Notification title",
+        "pushover_title": "Titolo della notifica",
         "pushover_vars": "When no sender filter is defined, all mails will be considered.<br>Regex filters as well as exact sender checks can be defined individually and will be considered sequentially. They do not depend on each other.<br>Useable variables for text and title (please take note of data protection policies)",
-        "pushover_verify": "Verify credentials",
+        "pushover_verify": "Verifica credenziali",
         "quota_mb": "Spazio (MiB)",
         "quota_warning_bcc": "Quota warning BCC",
         "quota_warning_bcc_info": "Warnings will be sent as separate copies to the following recipients. The subject will be suffixed by the corresponding username in brackets, for example: <code>Quota warning (user@example.com)</code>.",
@@ -582,42 +597,44 @@
         "sender_acl": "Consenti di inviare come",
         "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Sender check is disabled</span>",
         "sender_acl_info": "If mailbox user A is allowed to send as mailbox user B, the sender address is not automatically displayed as selectable \"from\" field in SOGo.<br>\r\n  Mailbox user B needs to create a delegation in SOGo to allow mailbox user A to select their address as sender. To delegate a mailbox in SOGo, use the menu (three dots) to the right of your mailbox name in the upper left while in mail view. This behaviour does not apply to alias addresses.",
-        "sieve_desc": "Short description",
+        "sieve_desc": "Breve descrizione",
         "sieve_type": "Filter type",
         "skipcrossduplicates": "Skip duplicate messages across folders (first come, first serve)",
-        "sogo_visible": "Alias is visible in SOGo",
+        "sogo_visible": "L'alias è visibile in SOGo",
         "sogo_visible_info": "This option only affects objects, that can be displayed in SOGo (shared or non-shared alias addresses pointing to at least one local mailbox). If hidden, an alias will not appear as selectable sender in SOGo.",
         "spam_alias": "Create or change time limited alias addresses",
         "spam_filter": "Spam filter",
-        "spam_policy": "Add or remove items to white-/blacklist",
-        "spam_score": "Set a custom spam score",
+        "spam_policy": "Aggiungi o rimuovi elementi dalla whitelist/blacklist",
+        "spam_score": "Imposta un punteggio spam personalizzato",
         "subfolder2": "Sincronizza in una sottocartella<br /><small>(vuoto = non sincronizzare in sottocartella)</small>",
         "syncjob": "Modifica sincronizzazione",
         "target_address": "Vai all'indirizzo/i <small>(separato da virgola)</small>",
         "target_domain": "Target dominio",
-        "timeout1": "Timeout for connection to remote host",
-        "timeout2": "Timeout for connection to local host",
+        "timeout1": "Timeout per la connessione all'host remoto",
+        "timeout2": "Timeout per la connessione all'host remoto",
         "title": "Modifica oggetto",
         "unchanged_if_empty": "Se immutato lasciare vuoto",
-        "username": "Username",
+        "username": "Nome utente",
         "validate_save": "Convalida e salva",
         "pushover": "Pushover",
         "sogo_access_info": "Il single-sign-on dall'interno dell'interfaccia di posta rimane funzionante. Questa impostazione non influisce sull'accesso a tutti gli altri servizi né cancella o modifica il profilo SOGo esistente dell'utente.",
         "none_inherit": "Nessuno / Eredita",
         "sogo_access": "Concedere l'accesso diretto a SOGo",
         "acl": "ACL (autorizzazione)",
-        "app_passwd_protocols": "Protocolli consentiti per la password dell'app"
+        "app_passwd_protocols": "Protocolli consentiti per la password dell'app",
+        "last_modified": "Ultima modifica",
+        "pushover_sound": "Suono"
     },
     "fido2": {
-        "confirm": "Confirm",
+        "confirm": "Conferma",
         "fido2_auth": "Login with FIDO2",
-        "fido2_success": "Device successfully registered",
-        "fido2_validation_failed": "Validation failed",
-        "fn": "Friendly name",
-        "known_ids": "Known IDs",
-        "none": "Disabled",
-        "register_status": "Registration status",
-        "rename": "Rename",
+        "fido2_success": "Dispositivo registrato con successo",
+        "fido2_validation_failed": "Validazione fallita",
+        "fn": "Nome descrittivo",
+        "known_ids": "ID conosciuti",
+        "none": "Disabilitato",
+        "register_status": "Stato di registrazione",
+        "rename": "Rinominare",
         "set_fido2": "Register FIDO2 device",
         "set_fn": "Set friendly name",
         "start_fido2_validation": "Start FIDO2 validation",
@@ -641,13 +658,14 @@
     "header": {
         "administration": "Amministrazione",
         "apps": "App",
-        "debug": "Informazioni di sistema",
+        "debug": "Informazioni",
         "email": "E-Mail",
         "mailcow_config": "Configurazione",
         "quarantine": "Quarantena",
         "restart_netfilter": "Riavvia netfilter",
         "restart_sogo": "Riavvia SOGo",
-        "user_settings": "Impostazioni utente"
+        "user_settings": "Impostazioni utente",
+        "mailcow_system": "Sistema"
     },
     "info": {
         "awaiting_tfa_confirmation": "In attesa di conferma TFA",
@@ -661,7 +679,7 @@
         "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
         "other_logins": "Key login",
         "password": "Password",
-        "username": "Username"
+        "username": "Nome utente"
     },
     "mailbox": {
         "action": "Azione",
@@ -733,7 +751,7 @@
         "inactive": "Inattivo",
         "insert_preset": "Insert example preset \"%s\"",
         "kind": "Tipo",
-        "last_mail_login": "Last mail login",
+        "last_mail_login": "Ultimo accesso alla posta",
         "last_modified": "Ultima modifica",
         "last_pw_change": "Ultima modifica della password",
         "last_run": "Ultima esecuzione",
@@ -828,7 +846,15 @@
         "sender": "Mittente",
         "all_domains": "Tutti i domini",
         "recipient": "Destinatario",
-        "syncjob_EX_OK": "Successo"
+        "syncjob_EX_OK": "Successo",
+        "add_template": "Aggiungi template",
+        "force_pw_update": "Forza il cambio della password al prossimo accesso",
+        "relay_unknown": "Inoltra a caselle di posta sconosciute",
+        "mailbox_templates": "Template della mailbox",
+        "domain_templates": "Template di dominio",
+        "gal": "Elenco indirizzi globale",
+        "templates": "Template",
+        "template": "Template"
     },
     "oauth2": {
         "access_denied": "Effettua il login alla casella di posta per garantire l'accesso tramite OAuth2.",
@@ -847,7 +873,7 @@
         "confirm_delete": "Conferma l'eliminazione di questo elemento.",
         "danger": "Pericolo",
         "deliver_inbox": "Consegna nella posta in arrivo",
-        "disabled_by_config": "The current system configuration disables the quarantine functionality. Please set \"retentions per mailbox\" and a \"maximum size\" for quarantine elements.",
+        "disabled_by_config": "L'attuale configurazione del sistema disabilita la funzionalità di quarantena. Imposta \"conservazioni per casella di posta\" e \"dimensione massima\" per gli elementi di quarantena.",
         "download_eml": "Download (.eml)",
         "empty": "Nessun risultato",
         "high_danger": "Alto",
@@ -893,7 +919,18 @@
         "type": "Tipologia"
     },
     "queue": {
-        "queue_manager": "Gestore code"
+        "queue_manager": "Gestore code",
+        "delete": "Cancella tutto",
+        "ays": "Conferma che desideri eliminare tutti gli elementi dalla coda corrente.",
+        "info": "La coda di posta contiene tutte le e-mail in attesa di consegna. Se un'e-mail rimane a lungo nella coda di posta, viene automaticamente cancellata dal sistema.<br>Il messaggio di errore della rispettiva e-mail fornisce informazioni sul motivo per cui non è stato possibile consegnarla.",
+        "deliver_mail_legend": "Tenta di riconsegnare i messaggi selezionati.",
+        "hold_mail": "Blocca",
+        "flush": "Svuota la coda",
+        "deliver_mail": "Consegna",
+        "show_message": "Mostra messaggio",
+        "unhold_mail": "Sblocca",
+        "hold_mail_legend": "Blocca le mail selezionate. (Previene ulteriori tentativi di consegna)",
+        "legend": "Funzioni delle azioni della coda di posta:"
     },
     "start": {
         "help": "Mostra/Nascondi pannello di aiuto",
@@ -978,7 +1015,10 @@
         "verified_totp_login": "Verified TOTP login",
         "verified_webauthn_login": "Verified WebAuthn login",
         "verified_yotp_login": "Verified Yubico OTP login",
-        "domain_add_dkim_available": "Esisteva già una chiave DKIM"
+        "domain_add_dkim_available": "Esisteva già una chiave DKIM",
+        "template_added": "Aggiunto template %s",
+        "template_modified": "Le modifiche al template %s sono state salvate",
+        "template_removed": "Il template con ID %s è stato cancellato"
     },
     "tfa": {
         "api_register": "%s usa le API Yubico Cloud. Richiedi una chiave API <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">qui</a>",
@@ -1142,7 +1182,7 @@
         "tls_enforce_in": "Imponi TLS in ingresso",
         "tls_enforce_out": "Imponi TLS in uscita",
         "tls_policy": "Politica di crittografia",
-        "tls_policy_warning": "<strong>Attenzione:</strong> If you decide to enforce encrypted mail transfer, you may lose emails.<br />Messages to not satisfy the policy will be bounced with a hard fail by the mail system.<br />This option applies to your primary email address (login name), all addresses derived from alias domains as well as alias addresses <b>with only this single mailbox</b> as target.",
+        "tls_policy_warning": "<strong>Attenzione:</strong> Se decidi di applicare il trasferimento di posta crittografato, potresti perdere le email.<br />I messaggi che non soddisfano la politica verranno respinti con un hard fail dal sistema di posta.<br />This option applies to your primary email address (login name), all addresses derived from alias domains as well as alias addresses <b>with only this single mailbox</b> as target.",
         "user_settings": "Impostazioni utente",
         "username": "Nome utente",
         "verify": "Verifica",
@@ -1166,7 +1206,8 @@
         "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Impossibile connettersi al server remoto",
         "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nome utente o password errati",
         "with_app_password": "con password dell'app",
-        "direct_protocol_access": "Questo utente della mailbox ha <b>accesso diretto ed esterno</b> ai seguenti protocolli e applicazioni. Questa impostazione è controllata dal tuo amministratore. Le password delle applicazioni possono essere create per garantire l'accesso ai singoli protocolli e applicazioni.<br>Il pulsante \"Accedi alla webmail\" fornisce un singolo accesso a SOGo ed è sempre disponibile."
+        "direct_protocol_access": "Questo utente della mailbox ha <b>accesso diretto ed esterno</b> ai seguenti protocolli e applicazioni. Questa impostazione è controllata dal tuo amministratore. Le password delle applicazioni possono essere create per garantire l'accesso ai singoli protocolli e applicazioni.<br>Il pulsante \"Accedi alla webmail\" fornisce un singolo accesso a SOGo ed è sempre disponibile.",
+        "pushover_sound": "Suono"
     },
     "warning": {
         "cannot_delete_self": "Cannot delete logged in user",
@@ -1187,5 +1228,29 @@
         "second": "messaggi / secondo",
         "hour": "messaggi / ora",
         "day": "messaggi / giorno"
+    },
+    "datatables": {
+        "infoFiltered": "(filtrato da _MAX_ voci totali)",
+        "collapse_all": "Comprimi tutto",
+        "emptyTable": "Nessun dato disponibile nella tabella",
+        "expand_all": "Espandi tutto",
+        "info": "Visualizzazione da _START_ a _END_ di _TOTAL_ voci",
+        "infoEmpty": "Visualizzazione da 0 a 0 di 0 voci",
+        "thousands": ".",
+        "loadingRecords": "Caricamento...",
+        "processing": "Attendere prego...",
+        "search": "Ricerca:",
+        "zeroRecords": "Nessuna corrispondenza trovata",
+        "paginate": {
+            "first": "Prima",
+            "last": "Ultima",
+            "next": "Prossima",
+            "previous": "Precedente"
+        },
+        "lengthMenu": "Mostra _MENU_ voci",
+        "aria": {
+            "sortAscending": ": attivare l'ordinamento crescente delle colonne",
+            "sortDescending": ": attivare l'ordinamento decrescente delle colonne"
+        }
     }
 }
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 7532d7c4..ea42c50c 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -335,7 +335,8 @@
         "username": "用户名",
         "validate_license_now": "通过证书服务器验证 GUID",
         "verify": "验证",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "options": "选项"
     },
     "danger": {
         "access_denied": "访问被拒绝或者表单数据无效",
@@ -454,7 +455,8 @@
         "username_invalid": "用户名 %s 无法使用",
         "validity_missing": "请设置有效期",
         "value_missing": "请填入所有值",
-        "yotp_verification_failed": "Yubico OTP 认证失败: %s"
+        "yotp_verification_failed": "Yubico OTP 认证失败: %s",
+        "template_exists": "模板 %s 已存在"
     },
     "debug": {
         "chart_this_server": "图表 (此服务器)",
@@ -481,7 +483,11 @@
         "success": "成功",
         "system_containers": "系统和容器",
         "uptime": "运行时间",
-        "username": "用户名"
+        "username": "用户名",
+        "container_disabled": "容器已被停止或禁用",
+        "container_running": "运行中",
+        "cores": "核心数",
+        "memory": "内存"
     },
     "diagnostics": {
         "cname_from_a": "虽然此记录为 A/AAAA 类型，但只要此记录指向了正确的资源便可以被支持",
@@ -820,7 +826,12 @@
         "username": "用户名",
         "waiting": "等待中",
         "weekly": "每周",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "domain_templates": "域名模板",
+        "mailbox_templates": "邮箱模板",
+        "gal": "全局地址列表",
+        "max_aliases": "最大别名数",
+        "max_mailboxes": "最大可能的邮箱数"
     },
     "oauth2": {
         "access_denied": "请作为邮箱所有者登录以使用 OAuth2 授权",
@@ -885,7 +896,8 @@
         "type": "类型"
     },
     "queue": {
-        "queue_manager": "队列管理器"
+        "queue_manager": "队列管理器",
+        "delete": "全部删除"
     },
     "ratelimit": {
         "disabled": "禁用",
@@ -1179,5 +1191,18 @@
         "quota_exceeded_scope": "域名配额超标: 此域名下现在只能创建无限容量的邮箱。",
         "session_token": "表单字段无效: Token 不匹配",
         "session_ua": "表单字段无效: User-Agent 校验错误"
+    },
+    "datatables": {
+        "info": "正从 _TOTAL_ 个条目中显示 _START_ 到 _END_ 条目",
+        "collapse_all": "全部折叠",
+        "expand_all": "全部展开",
+        "infoEmpty": "正从共 0 个条目中显示从 0 到 0 条目",
+        "processing": "请稍等...",
+        "search": "搜索：",
+        "paginate": {
+            "first": "第一页",
+            "last": "最后一页",
+            "previous": "上一页"
+        }
     }
 }

From c601eca25d79e9c3d00e74fc698606e136b9d915 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Wed, 4 Jan 2023 18:54:19 +0100
Subject: [PATCH 105/170] Update thollander/actions-comment-pull-request action
 to v2.3.0

---
 .github/workflows/check_prs_if_on_staging.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/check_prs_if_on_staging.yml b/.github/workflows/check_prs_if_on_staging.yml
index cb49ffbc..d084a582 100644
--- a/.github/workflows/check_prs_if_on_staging.yml
+++ b/.github/workflows/check_prs_if_on_staging.yml
@@ -10,7 +10,7 @@ jobs:
     if: github.event.pull_request.base.ref != 'staging' #check if the target branch is not staging
     steps:
       - name: Send message
-        uses: thollander/actions-comment-pull-request@main
+        uses: thollander/actions-comment-pull-request@v2.3.0
         with:
           GITHUB_TOKEN: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
           message: |

From b3c54ed07af02f4f213dfad39982280313a90d4a Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Wed, 4 Jan 2023 19:09:23 +0100
Subject: [PATCH 106/170] Add regex for matchstring line in Dockerfiles

---
 .github/renovate.json | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/renovate.json b/.github/renovate.json
index 7d0eabf2..5fab8128 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -16,6 +16,12 @@
       "matchStrings": [
         "#\\srenovate:\\sdatasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?\\s.*?_VERSION=(?<currentValue>.*)"
        ]
+    },
+    {
+      "fileMatch": ["(^|/)Dockerfile[^/]*$"],
+      "matchStrings": [
+        "#\\srenovate:\\sdatasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s(ENV|ARG) .*?_VERSION=(?<currentValue>.*)\\s"
+       ]
     }
   ]
 }

From cb098df743a5da37ca450212da0321f00c97163e Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Wed, 4 Jan 2023 19:10:32 +0100
Subject: [PATCH 107/170] Update gosu to 1.16

Change ENV to ARG
Add matchstring line
---
 data/Dockerfiles/dovecot/Dockerfile | 4 +++-
 data/Dockerfiles/sogo/Dockerfile    | 3 ++-
 data/Dockerfiles/solr/Dockerfile    | 3 ++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 4e90052b..38af3c20 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -3,8 +3,10 @@ LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
 ARG DOVECOT=2.3.19.1
+# renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
+ARG GOSU_VERSION=1.16
 ENV LC_ALL C
-ENV GOSU_VERSION 1.14
+
 
 # Add groups and users before installing Dovecot to not break compatibility
 RUN groupadd -g 5000 vmail \
diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile
index f08600ac..da8f23be 100644
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -3,8 +3,9 @@ LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
 ARG SOGO_DEBIAN_REPOSITORY=http://packages.sogo.nu/nightly/5/debian/
+# renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
+ARG GOSU_VERSION=1.16
 ENV LC_ALL C
-ENV GOSU_VERSION 1.14
 
 # Prerequisites
 RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
diff --git a/data/Dockerfiles/solr/Dockerfile b/data/Dockerfiles/solr/Dockerfile
index 06299257..0c5af1af 100644
--- a/data/Dockerfiles/solr/Dockerfile
+++ b/data/Dockerfiles/solr/Dockerfile
@@ -2,7 +2,8 @@ FROM solr:7.7-slim
 
 USER root
 
-ENV GOSU_VERSION 1.11
+# renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
+ARG GOSU_VERSION=1.16
 
 COPY solr.sh /
 COPY solr-config-7.7.0.xml /

From 5c2f48e94c5d0798acaf0553dd786c6edd862cfc Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 5 Jan 2023 17:40:36 +0100
Subject: [PATCH 108/170] [Web] Updated lang.zh-cn.json (#4965)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: 雨 <luotianyi@luotianyi.me>

Co-authored-by: 雨 <luotianyi@luotianyi.me>
---
 data/web/lang/lang.zh-cn.json | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index ea42c50c..5d05ef62 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -31,7 +31,7 @@
         "unlimited_quota": "无限邮箱容量配额"
     },
     "add": {
-        "activate_filter_warn": "当 \"启用\" 选项被勾选后，所有其他过滤器都会被禁用",
+        "activate_filter_warn": "当“启用”选项被勾选后，其它所有的过滤器都会被禁用。",
         "active": "启用",
         "add": "添加",
         "add_domain_only": "只添加域名",
@@ -208,7 +208,7 @@
         "includes": "包括这些收件人",
         "is_mx_based": "基于 MX 记录",
         "last_applied": "最后应用的条目",
-        "license_info": "你不需要获取证书便可以使用此项目，但是获取证书可以帮助此项目进一步发展。<br>在这里<a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">注册</a>你的 GUID或者为你的 Mailcow 安装<a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">购买</a>支持服务。",
+        "license_info": "使用并不需要许可证，但获得许可证能够帮助此项目进一步发展。<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"订购 SAL\">在这里注册你的 GUID </a>或者<a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"订购支持服务\">为你的 Mailcow 安装购买支持服务。</a>",
         "link": "链接",
         "loading": "请等待...",
         "login_time": "登录时间",
@@ -403,7 +403,7 @@
         "max_alias_exceeded": "超出最大别名数",
         "max_mailbox_exceeded": "超出最大邮箱数 (%d / %d)",
         "max_quota_in_use": "邮箱数必须大于等于 %d MiB",
-        "maxquota_empty": "每个邮箱的最大配额必须不为0",
+        "maxquota_empty": "每个邮箱的最大配额必须不为 0 。",
         "mysql_error": "MySQL 错误: %s",
         "network_host_invalid": "网络或主机无效: %s",
         "next_hop_interferes": "%s 与下一跳 %s 冲突",
@@ -475,7 +475,7 @@
         "restart_container": "重启",
         "service": "服务",
         "size": "大小",
-        "solr_dead": "Solr 在启动中、已关闭或已停止",
+        "solr_dead": "Solr 在启动中、已关闭或已停止。",
         "solr_status": "Solr 状态",
         "started_at": "开始于",
         "started_on": "启动于",
@@ -490,7 +490,7 @@
         "memory": "内存"
     },
     "diagnostics": {
-        "cname_from_a": "虽然此记录为 A/AAAA 类型，但只要此记录指向了正确的资源便可以被支持",
+        "cname_from_a": "来自 A/AAAA 记录的值。但只要记录指向正确的资源即可。",
         "dns_records": "DNS 记录",
         "dns_records_24hours": "请注意 DNS 记录的更改可能需要24小时才可以使此页面的当前状态显示正确。此页面为你提供了一个可以便捷查询如何配置 DNS 记录以及检查你的 DNS 记录是否正确的方式。",
         "dns_records_data": "正确数据",
@@ -507,7 +507,7 @@
         "advanced_settings": "高级设置",
         "alias": "编辑别名",
         "allow_from_smtp": "只允许这些 IP 使用 <b>SMTP</b>",
-        "allow_from_smtp_info": "留空以允许所有发送者。<br>IPv4/IPv6地址或网络",
+        "allow_from_smtp_info": "留空以允许所有发送者。<br>IPv4/IPv6 地址和网络。",
         "allowed_protocols": "允许的协议",
         "app_name": "应用名称",
         "app_passwd": "应用密码",
@@ -635,7 +635,7 @@
         "delete_these_items": "请确认对以下对象 ID 的更改",
         "hibp_check": "使用 haveibeenpwned.com 网站检查密码",
         "hibp_nok": "匹配到密码！存在潜在的使用危险！",
-        "hibp_ok": "未匹配到密码",
+        "hibp_ok": "未找到匹配的记录。",
         "loading": "请等待...",
         "nothing_selected": "未选择",
         "restart_container": "重启容器",
@@ -691,7 +691,7 @@
         "aliases": "别名",
         "all_domains": "全部域名",
         "allow_from_smtp": "只允许这些 IP 使用 <b>SMTP</b>",
-        "allow_from_smtp_info": "留空以允许所有发送者，<br>IPv4/IPv6地址或网络",
+        "allow_from_smtp_info": "留空以允许所有发送者。<br>IPv4/IPv6 地址或网络。",
         "allowed_protocols": "允许用户直接访问的协议 (不会影响应用的密码协议)",
         "backup_mx": "中继域名",
         "bcc": "BCC",
@@ -745,7 +745,7 @@
         "last_run_reset": "下一次运行",
         "mailbox": "邮箱",
         "mailbox_defaults": "默认设置",
-        "mailbox_defaults_info": "配置新邮箱的默认设置",
+        "mailbox_defaults_info": "配置新邮箱的默认设置。",
         "mailbox_defquota": "默认邮箱大小",
         "mailbox_quota": "最大邮箱大小",
         "mailboxes": "邮箱",
@@ -876,7 +876,7 @@
         "refresh": "刷新",
         "rejected": "已拒绝",
         "release": "移除",
-        "release_body": "我们已在此消息中将你的消息作为 eml 附件文件",
+        "release_body": "我们已将你的消息作为 eml 文件附在此消息中。",
         "release_subject": "存在潜在危险的隔离文件 %s",
         "remove": "删除",
         "rewrite_subject": "重写主题",

From 9727e4084f7303208f24da2154e40030b54516c2 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 6 Jan 2023 08:40:26 +0100
Subject: [PATCH 109/170] [Web] load public ip on click and add curl timeout

---
 data/web/js/site/debug.js     | 49 ++++++++++++++++++++++++-----------
 data/web/json_api.php         |  4 +++
 data/web/lang/lang.de-de.json |  2 ++
 data/web/lang/lang.en-gb.json |  2 ++
 data/web/templates/debug.twig | 10 +++++--
 5 files changed, 50 insertions(+), 17 deletions(-)

diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index 85e6b789..ea7b9fd3 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -51,7 +51,40 @@ $(document).ready(function() {
     showVersionModal("Version " + mailcow_info.version_tag, mailcow_info.version_tag);
   })
   // get public ips
-  get_public_ips();
+  $("#host_show_ip").click(function(){  
+    $("#host_show_ip").find(".text").addClass("d-none");
+    $("#host_show_ip").find(".spinner-border").removeClass("d-none");
+
+    window.fetch("/api/v1/get/status/host/ip", { method:'GET', cache:'no-cache' }).then(function(response) {
+      return response.json();
+    }).then(function(data) {
+      console.log(data);
+
+      // display host ips
+      if (data.ipv4)
+        $("#host_ipv4").text(data.ipv4);
+      if (data.ipv6)
+        $("#host_ipv6").text(data.ipv6);
+
+      $("#host_show_ip").addClass("d-none");
+      $("#host_show_ip").find(".text").removeClass("d-none");
+      $("#host_show_ip").find(".spinner-border").addClass("d-none");
+      $("#host_ipv4").removeClass("d-none");
+      $("#host_ipv6").removeClass("d-none");
+      $("#host_ipv6").removeClass("text-danger");
+      $("#host_ipv4").addClass("d-block");
+      $("#host_ipv6").addClass("d-block");
+    }).catch(function(error){
+      console.log(error);
+      
+      $("#host_ipv6").removeClass("d-none");
+      $("#host_ipv6").addClass("d-block");
+      $("#host_ipv6").addClass("text-danger");
+      $("#host_ipv6").text(lang_debug.error_show_ip);
+      $("#host_show_ip").find(".text").removeClass("d-none");
+      $("#host_show_ip").find(".spinner-border").addClass("d-none");
+    });
+  });
   update_container_stats();
 });
 jQuery(function($){
@@ -1224,20 +1257,6 @@ function update_container_stats(timeout=5){
   // run again in n seconds
   setTimeout(update_container_stats, timeout * 1000);
 }
-// get public ips
-function get_public_ips(){
-  window.fetch("/api/v1/get/status/host/ip", {method:'GET',cache:'no-cache'}).then(function(response) {
-    return response.json();
-  }).then(function(data) {
-    console.log(data);
-
-    // display host ips
-    if (data.ipv4)
-      $("#host_ipv4").text(data.ipv4);
-    if (data.ipv6)
-      $("#host_ipv6").text(data.ipv6);
-  });
-}
 // format hosts uptime seconds to readable string
 function formatUptime(seconds){
   seconds = Number(seconds);
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 79b6bfd5..0d3dbb2f 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1548,10 +1548,14 @@ if (isset($_GET['query'])) {
                     curl_setopt($curl, CURLOPT_URL, 'http://ipv4.mailcow.email');
                     curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
                     curl_setopt($curl, CURLOPT_POST, 0);
+                    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); 
+                    curl_setopt($ch, CURLOPT_TIMEOUT, 10);
                     $ipv4 = curl_exec($curl);
                     curl_setopt($curl, CURLOPT_URL, 'http://ipv6.mailcow.email');
                     curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
                     curl_setopt($curl, CURLOPT_POST, 0);
+                    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); 
+                    curl_setopt($ch, CURLOPT_TIMEOUT, 10);
                     $ipv6 = curl_exec($curl);
                     $ips = array(
                       "ipv4" => $ipv4,
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 7b4b1f46..89942e4e 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -494,6 +494,7 @@
         "current_time": "Systemzeit",
         "disk_usage": "Festplattennutzung",
         "docs": "Dokumente",
+        "error_show_ip": "konnte die öffentlichen IP Adressen nicht auflösen",
         "external_logs": "Externe Logs",
         "history_all_servers": "History (alle Server)",
         "in_memory_logs": "In-memory Logs",
@@ -506,6 +507,7 @@
         "online_users": "Benutzer online",
         "restart_container": "Neustart",
         "service": "Dienst",
+        "show_ip": "Zeige öffentliche IP",
         "size": "Größe",
         "solr_dead": "Solr startet, ist deaktiviert oder temporär nicht erreichbar.",
         "solr_status": "Solr Status",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 00b14f07..bec5351d 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -497,6 +497,7 @@
         "current_time": "System Time",
         "disk_usage": "Disk usage",
         "docs": "Docs",
+        "error_show_ip": "Could not resolve the public IP addresses",
         "external_logs": "External logs",
         "history_all_servers": "History (all servers)",
         "in_memory_logs": "In-memory logs",
@@ -509,6 +510,7 @@
         "online_users": "Users online",
         "restart_container": "Restart",
         "service": "Service",
+        "show_ip": "Show public IP",
         "size": "Size",
         "solr_dead": "Solr is starting, disabled or died.",
         "solr_status": "Solr status",
diff --git a/data/web/templates/debug.twig b/data/web/templates/debug.twig
index 6c96de88..a9399a12 100644
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
@@ -52,8 +52,14 @@
                       <tr>
                         <td>IPs</td>
                         <td class="text-break">
-                          <span class="d-block" id="host_ipv4">-</span>
-                          <span class="d-block" id="host_ipv6">-</span>
+                          <span class="d-none" id="host_ipv4">-</span>
+                          <span class="d-none mb-2" id="host_ipv6">-</span>
+                          <button class="d-block btn btn-primary btn-sm" id="host_show_ip">
+                            <span class="text">{{ lang.debug.show_ip }}</span>
+                            <div class="spinner-border spinner-border-sm d-none" role="status">
+                              <span class="visually-hidden">Loading...</span>
+                            </div>  
+                          </button>
                         </td>
                       </tr>
                       <tr>

From 68f5fbf65c04585485672dd1d91749134cdd861c Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 6 Jan 2023 09:11:51 +0100
Subject: [PATCH 110/170] [Web] remove remote Google fonts from lumen theme

---
 data/web/css/themes/lumen-bootstrap.css       |  81 +++++++++++++++++-
 .../fonts/source-sans-pro-v21-latin-300.woff  | Bin 0 -> 16084 bytes
 .../fonts/source-sans-pro-v21-latin-300.woff2 | Bin 0 -> 12956 bytes
 .../source-sans-pro-v21-latin-300italic.woff  | Bin 0 -> 15704 bytes
 .../source-sans-pro-v21-latin-300italic.woff2 | Bin 0 -> 12556 bytes
 .../fonts/source-sans-pro-v21-latin-700.woff  | Bin 0 -> 16104 bytes
 .../fonts/source-sans-pro-v21-latin-700.woff2 | Bin 0 -> 12924 bytes
 .../source-sans-pro-v21-latin-700italic.woff  | Bin 0 -> 15640 bytes
 .../source-sans-pro-v21-latin-700italic.woff2 | Bin 0 -> 12612 bytes
 .../source-sans-pro-v21-latin-italic.woff     | Bin 0 -> 15704 bytes
 .../source-sans-pro-v21-latin-italic.woff2    | Bin 0 -> 12580 bytes
 .../source-sans-pro-v21-latin-regular.woff    | Bin 0 -> 16156 bytes
 .../source-sans-pro-v21-latin-regular.woff2   | Bin 0 -> 13036 bytes
 13 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 data/web/fonts/source-sans-pro-v21-latin-300.woff
 create mode 100644 data/web/fonts/source-sans-pro-v21-latin-300.woff2
 create mode 100644 data/web/fonts/source-sans-pro-v21-latin-300italic.woff
 create mode 100644 data/web/fonts/source-sans-pro-v21-latin-300italic.woff2
 create mode 100644 data/web/fonts/source-sans-pro-v21-latin-700.woff
 create mode 100644 data/web/fonts/source-sans-pro-v21-latin-700.woff2
 create mode 100644 data/web/fonts/source-sans-pro-v21-latin-700italic.woff
 create mode 100644 data/web/fonts/source-sans-pro-v21-latin-700italic.woff2
 create mode 100644 data/web/fonts/source-sans-pro-v21-latin-italic.woff
 create mode 100644 data/web/fonts/source-sans-pro-v21-latin-italic.woff2
 create mode 100644 data/web/fonts/source-sans-pro-v21-latin-regular.woff
 create mode 100644 data/web/fonts/source-sans-pro-v21-latin-regular.woff2

diff --git a/data/web/css/themes/lumen-bootstrap.css b/data/web/css/themes/lumen-bootstrap.css
index a7582237..bcf62683 100644
--- a/data/web/css/themes/lumen-bootstrap.css
+++ b/data/web/css/themes/lumen-bootstrap.css
@@ -11,7 +11,86 @@
  * Copyright 2011-2021 Twitter, Inc.
  * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)
  */
-@import url("https://fonts.googleapis.com/css2?family=Source+Sans+Pro:ital,wght@0,300;0,400;0,700;1,400&display=swap");
+
+/* source-sans-pro-300 - latin */
+@font-face {
+  font-family: 'Source Sans Pro';
+  font-style: normal;
+  font-weight: 300;
+  src: url('/fonts/source-sans-pro-v21-latin-300.eot'); /* IE9 Compat Modes */
+  src: local(''),
+       url('/fonts/source-sans-pro-v21-latin-300.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
+       url('/fonts/source-sans-pro-v21-latin-300.woff2') format('woff2'), /* Super Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-300.woff') format('woff'), /* Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-300.ttf') format('truetype'), /* Safari, Android, iOS */
+       url('/fonts/source-sans-pro-v21-latin-300.svg#SourceSansPro') format('svg'); /* Legacy iOS */
+}
+/* source-sans-pro-300italic - latin */
+@font-face {
+  font-family: 'Source Sans Pro';
+  font-style: italic;
+  font-weight: 300;
+  src: url('/fonts/source-sans-pro-v21-latin-300italic.eot'); /* IE9 Compat Modes */
+  src: local(''),
+       url('/fonts/source-sans-pro-v21-latin-300italic.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
+       url('/fonts/source-sans-pro-v21-latin-300italic.woff2') format('woff2'), /* Super Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-300italic.woff') format('woff'), /* Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-300italic.ttf') format('truetype'), /* Safari, Android, iOS */
+       url('/fonts/source-sans-pro-v21-latin-300italic.svg#SourceSansPro') format('svg'); /* Legacy iOS */
+}
+/* source-sans-pro-regular - latin */
+@font-face {
+  font-family: 'Source Sans Pro';
+  font-style: normal;
+  font-weight: 400;
+  src: url('/fonts/source-sans-pro-v21-latin-regular.eot'); /* IE9 Compat Modes */
+  src: local(''),
+       url('/fonts/source-sans-pro-v21-latin-regular.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
+       url('/fonts/source-sans-pro-v21-latin-regular.woff2') format('woff2'), /* Super Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-regular.woff') format('woff'), /* Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-regular.ttf') format('truetype'), /* Safari, Android, iOS */
+       url('/fonts/source-sans-pro-v21-latin-regular.svg#SourceSansPro') format('svg'); /* Legacy iOS */
+}
+/* source-sans-pro-italic - latin */
+@font-face {
+  font-family: 'Source Sans Pro';
+  font-style: italic;
+  font-weight: 400;
+  src: url('/fonts/source-sans-pro-v21-latin-italic.eot'); /* IE9 Compat Modes */
+  src: local(''),
+       url('/fonts/source-sans-pro-v21-latin-italic.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
+       url('/fonts/source-sans-pro-v21-latin-italic.woff2') format('woff2'), /* Super Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-italic.woff') format('woff'), /* Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-italic.ttf') format('truetype'), /* Safari, Android, iOS */
+       url('/fonts/source-sans-pro-v21-latin-italic.svg#SourceSansPro') format('svg'); /* Legacy iOS */
+}
+/* source-sans-pro-700 - latin */
+@font-face {
+  font-family: 'Source Sans Pro';
+  font-style: normal;
+  font-weight: 700;
+  src: url('/fonts/source-sans-pro-v21-latin-700.eot'); /* IE9 Compat Modes */
+  src: local(''),
+       url('/fonts/source-sans-pro-v21-latin-700.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
+       url('/fonts/source-sans-pro-v21-latin-700.woff2') format('woff2'), /* Super Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-700.woff') format('woff'), /* Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-700.ttf') format('truetype'), /* Safari, Android, iOS */
+       url('/fonts/source-sans-pro-v21-latin-700.svg#SourceSansPro') format('svg'); /* Legacy iOS */
+}
+/* source-sans-pro-700italic - latin */
+@font-face {
+  font-family: 'Source Sans Pro';
+  font-style: italic;
+  font-weight: 700;
+  src: url('/fonts/source-sans-pro-v21-latin-700italic.eot'); /* IE9 Compat Modes */
+  src: local(''),
+       url('/fonts/source-sans-pro-v21-latin-700italic.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
+       url('/fonts/source-sans-pro-v21-latin-700italic.woff2') format('woff2'), /* Super Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-700italic.woff') format('woff'), /* Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-700italic.ttf') format('truetype'), /* Safari, Android, iOS */
+       url('/fonts/source-sans-pro-v21-latin-700italic.svg#SourceSansPro') format('svg'); /* Legacy iOS */
+}
+
 :root {
   --bs-blue: #158cba;
   --bs-indigo: #6610f2;
diff --git a/data/web/fonts/source-sans-pro-v21-latin-300.woff b/data/web/fonts/source-sans-pro-v21-latin-300.woff
new file mode 100644
index 0000000000000000000000000000000000000000..e966494d358e1ec78307f375e4ccde0ae2567400
GIT binary patch
literal 16084
zcmZ8|b8v4x)NZX)+qT_P+qP}nZclC7w(Xv}zuLBqQ{(o%_xt0Uo5`B&^~}o7Gg--=
z>?F%wUQ7%K80aVQEds&)SGu(S=>He_Py63VTtrk12nd+*2V?sY0gw)mBXI?J<sZxf
z2ndE72#7HDRrUs6Tv=5J2<TVw51tML1nQIrZUHQ>%)kr;1jqAJ@5dg<K&#wY(%9C}
z;RlQVv2z9j0>S51FHSbM@iYShLI48-qJaJ3r15I_ugAjF&;$sG9r33g`+tHHf<IyL
z1O7Zp{OE)~LJAWKv14KD;_-w1Z~>tL0s?bbJYsOMu{Zv)`<?uQ{n&wUX%b0E+ZuZO
zw9D1}QxEq?2!UCF-t7!+O@FZ2A1(|(c2<ffwx|yF&MrVe|4{~61Ofu5HNcT?@mPl&
zXh0HBKm_mi#ei-mQ3gQ^H~kZ>_}QmB085$F7~V2!h9Mr;G<t*{r|#p&2IOV|p7-+x
zkM*l`a0gs<<j_9N#oBZ%x=9$8|CdlhGBPrZxx^sj=GGjDn_8HqvT%FftE{bBOG{f#
za%j|DK2>kJJ?r$JW#sz;hd~>00mGzj+pagkYfr^A^gLN`@?E#dO_;ym|3uA{#DE1j
zdkjU{8V$Enwh}omQ(;)?J!0JUSF;FIRux>uF6%G%rb;N9;}=A0$c%#A<&9nw3lq%l
zifx%+L$?8rw!G~+-nBN`Hff(rvySatgzdsrkvT@ETCb2T1>fW>SnDW_?HVRo1T#)y
zMaS3N7FRkH<Lqp33G!a}(BDt)(`HZOG1amS$tmrQ{#5frXS((-hmQDP=RsamJwrYh
z;4C;|Y<6`<ra`c?j7HokL;1+K`@4}`gFg3mL3btE#oF@YjgDHUl293RG~)9AVNjcN
zcSdmFM?gFvO4voxBbJPYi-=I05XFNl%oR(>mn5}Bx6~2|RhyH@qAb&8og>mZEeyl#
zDU9Kpn>N{F8pFocR36fheync|Z-_lL)SVmfBA$jI9u6&xju8RHiK5L4*JC%O(OT1D
zZDN3oKNL`$Cc+i{CGO0_B)6yX$`j+f*c%=-?!>7+KO$Qg$}Li3T9EWEN`VkbkB`1J
zF<hi_mtMZ>s5p*N7(^jTCV$s_X&!0CV_Kh!84org64^{8ko~8^9L$>U9TU2|y%)Dr
z15%}jvlpiVRGm?5OR7zQ?UmykmEq=#Z0U`HP8Y60OPls)vZh6)FJQ6*_unG*H8Tf!
zucEYux2n2s=8eo|dh7)`-VDM(&w*1u_vP?4-5t3peVxpdJB!QBC*r2hEVbXHS&W6v
za{G2z)CB@7NtkUEXO@9qnsFhmKhQDVf%jK*{Xb*?e3v{bi53m<^~Eg{M$K&zrBHzf
zZfB&is5gjXk>U3>lY8oQ070-eA>O^Y|GqX6gL3~Ty^rX}OFIT(IM-#aA~)i5!+X>l
zOabmw6$Qd$AdVsbgXyP$_iRw7K?<BmosfgrvOWI%Zm*ND)dqH9Ug07Tme9Uhw7;(|
z-<UIc|0hj(>Adq)tqL9_-DKcZ+Iz0}CZ(weIP=~s3K|D!l!g)OiCL_(xYi}@=s;4R
zV2z>m!9A=PPb}Ef+dPe=s(Vh>d1;XMXyb=>6yws=)5;DlHl_<F&O4aR(zl}OD@1^|
ziukQ~|HtHCZ!eJV-bEaRJ389UTnjl>^`<#{7q`ccqJ6%g{kLcpt?8przo2y}HQIX4
zmVrxq;VOZr5^JT5jPuluuGNYC*DkWoN}9`adShjFrR!h&+Koz@o%UNiHg0oyQ*Wi1
zvU*{W)*EnHp>dwd=R{6`qCJ3UQ#tpmOHCMA!sV}XAdNV?**V14+Xvieu$uCva-7!A
zH|*i(l>?zqJ1JX(rpCu6IxX<xDD{;-lp@-=SNCFEI9A2dcJRr}f00Z(N_0M0b?n5A
zoURF#vCCp2n;TjoeJ(cv?@H><0H=nbo}#WNok^isV0H)N!d-8b-ewM*{^e_@NPR~A
z^=N@jovPHJ7_`l@0x9g0Jg)Ti)g((1N5_Y&^y78=>9}a`FbM3&%LTOfEsoN^!)z5_
z1xhqaGfQ7S>WNU|_Zv+w_GDsklE6nQ`-;Nc&|IQ$Ng{NhHbQt^4II9glLN3$Fy>A8
zCyq>6juoq+H0_DD9ck~Yxhq4l-9&EtbPX){OnyS3vrvdO#tNGpS4Gj}S{B9uw94V2
zR7GiE_2`m7%cxZPkdjFS8EWfi`AHCw)kJlQmaub&N#KO|#Ax-YaiZ|RSb6Y)l66c-
zcOo6P8aU}-E)jl}vb>6tDV8CMzsQq7uYfxPGj}_*5mK8lFA`8Kv#^SkNXwBdtwgb0
ziDi4n<_W23S(aEMv@%6`=?W9n=47%IdSm1gj1nc733*Dx+kM~3G?nj^tLdyX#7#8R
zlbdqOjeHgVLKMcriGt!pkh7!H*$}T+-_JiSsZRzLrUZ**28)uFg=5R1Ny;7AC}od^
zEUsc0M5&rjR5tzOh03PCl}*8IBI0*6be<T{5(Jqa(b&uMpKixHSHI@n)APaP7ZGx{
zt%a@EJ}TX1c*Me*7$`UB$*Ov@-v>POV;U!dS>KkKY>I?SauFIe@Hb0H^rANQ^=^}u
z=%o%TP|6_)gX8}x1&nE)5c^?t?ZqDn)sy_)Ut9oB_2<@mech2@cga0-@T0@vY|FNI
znzut`%`5{UB9K6drm^$Ti4xWL5crz_iKK=?06bg4ZUb!7Pk)J8kpgVMADe8X1ZklE
z<`sI;Ms%tF7VFvH1MT-gd-N3j4STs0aFl-u3!Gz9Nvl)L_ln%<XHr9c+v9W1=h_$D
zOEfMnnJ^k6072-1fqk=K8D0|zL0kK2j}asAVq+<kTFM(u^HhT3V=w;Edhd@VZ=@oD
zA`nUISXo{g4WCdF#W!(=!Dcg2yVw|adVnZrhJ4~ckK@>}`X?_^_AdNR7(0MGz+eM(
z*mps%(y}C!s##H*`(J;++?WZ_GLQis)2=m(YV&N_*w!P9gfP+rc1kH?4POh;Vi+bA
zP-KFzKvWzvve#&Z!4esr67f`~0J=mtrsG00C5iDlmLy{ZY%}gD(0S0iKL%6rAc<Wr
za_BJAp`uDWQi_Qvo9et&r%1M4La})9DVpgc_)71@7sk`7R`Hq`>1rz8;&y`Wp|QH6
zWlF*^Wx~D%(g|j)`a76hX{57Aq_gNUbt!<lwDLu*e}pt3uZaxbRb+@R*2Qz5df}=f
zXP4Wc<hC4QULXXjkv_3l=0FTx203sffI1&n#;Tg)H^vPIDWPBUGZs}}CS;^N&|Z^s
zUSplN)bqh}v9cyFR)5@HsD`X#6QM^TxDoGPV*N{Z|HN9_SJ<ubo`SMP@p*!-5Y%C_
zi5VZM$oIYT5C7Wq5M<Xmgp#i`M@}D{XY}2KeR%vsLp?L<g-`oxdO~1C8w$a8sngQs
zUO4R2f&{(HQwqDWuyx<XS%yr}%@y>-=Jm|0{Al*h$n=$RQlUk|RSt00kZ{PySB*o&
z&*rye=w^gmCZzFjxddRsUn-GK)G{m}l`<PKs%d;iq#eSf9ts{jwENw(MlxvQ254T@
z@*w5Ush;{C{<qsna?f^m(@*e^?9c0CELra9<IXzcuecH7yq1|~E#~Vnn*h4a3ERzD
z3wNh9pBZDmUm6mLSz{L6QQF0Ao!!-);f_r-4pFR=F>gKNG3DkOynh=#lQ)`swx*8Y
z*LErzx=fPdmyB5Dd-TiA$sFYj;*(ahl1i}MJ$G)>Z9)}o9yIHFx{9M%m1@KP`VDo9
zJw(2A6HhA+5oyL!?#EX@H0H``r4}{fvedO@)OF*<`6R%^Qen18up{Hj3X&9kbu&F^
zK+Vi8KVu#m$I^<~T-VT>tF?6@Y5K+BWwb)?%xE}-GF>NZQ>dD)W+oL=NTaM<?~0r+
zHkEj_5|u8Sw3L28dOhK6{;VBiW?BBG8e&519(bkLZs_bMUuiYk;z(yVULYJEm)dA+
z+gVvb&&0oOwF8v%^HCfXOO?~~f-ecWJf>N3$fvRRmx3&dPNozT8P1-Bxztx$4*~?2
zmIzq$&0S4jA0_4FkV;aNRdX0ps|Tg1sv_6*X|Y0*Rm4nNBxp4)!BZ3@WwCl!m0&1q
z3$giEh5Uw96h0wwUQt!`*jz`a(m8qWPeSC<S-h&_JPQ`c<#Dfkb58*c3*GMt)9L)a
zv2C6OO~}WddXz%wM2Lik@#y0-gvEz(HB6M)Vw&7F^Wu_$@%mD>!-a*)a@+^i&eL7H
zh0^q0`<2$U(qtT9b{^Cwy@#Re$n-VMh0yx6B^jd7HHHx`LRruWw=by)$_i2%c5wRS
zc%>bK(DD_P&9lgXJ`rTuPFO^Rh0O|@lxL&iCe)<LTt{4b-c{wz3fplFL_=xOVK0uA
ztwO)QK<Rr>KS`*eiIGkG!mBIFaqK#eTDh+~PkJHoz4j}_@uemG*W8n)V7N}>2mLO4
zwV_)0L2<fTZ9LZLhKaC${sltj{Ezt}O&}Lg$KhXC1yg7xmTje*L1aaDlY=iCGhu!1
zpfP)GOB;X~5|a;e17HyQT5rS%uSaJnAg|OQT7g&hXb?}qae!f)e|+r=U<uIug$h3F
zy3=O6m2tD$dPUx9TPBCK(Q3<Kh;pzMVQalO#A$w`OFwiA-z&QXwByC`#6(Sb%u6sy
z-Dh-eQ5*-%zD{$Uc}VE3z|u<JO5#T9M*BheLHfb|!TG@}1N#l_911?DWZ34QCuB6Z
z`==m6pTh5%m6H>zz~;xvwIgqtCP}`;E6O$44J|X8JAe2?`%1Mr2S4oVsgt@nTdavX
z#I3r@*fHc2bJ4vr&(8WJ^+|p4;ess;7Ma%3T4K#aR11af=I&bW*eME8AdUK9R0Mvx
z2r+=xLqIw#M7b}E+IRIs8P~XvpnXO&&G^u4G7iB8(=jbFx^FqoP+rj11B4I&a2h5R
z!}u`KE(4lnIZc}rySi1wvJYdh)<MtNPCMjT!2<eK0C>K7MU&2|+77$s%n8b>?0f3+
z(^RR-^2*F}tMZcIYb}e4l;w4ci&i(T^WrA@&hvt-iFF+FZb|ZV3n!R3%UFe<KF{%n
z^g$7S`UXg~M$=*Z+b+@lM_*&3*?6RP7~23mYQT6!NLri_9Ly>~f`%NcLU=V_yP{Kf
zc4Sps{H){m&&%}FpG9jDeb1?HhX2k=eJ97$cDvj6#!^t#0-b1NY%_?|0^CYOs#uV+
zz=4tnKGu2s1#E`f1vv$bhP3G=YY;e_lZIyMsJKFPa6_4Z-wCX)FQemV5&pW@b^|}N
z;{YBrp#E`@AFJY4ekdP1Uv~-@cmn2+N+Z~4V|G=iR-sh6PPXuq>^G!ei#CyJd!7&f
zho6hY%P1pXy}P}eIDMNiC8M}p&gXF!;R>$898ii_u{b=jE^+Nrd6g+P9cKq=ga=oO
zi7x%{{_rNoF@w~|Mi@e__k(Aa+Dz@1uft!@6C18ET&zq9cs42P(az<mJ>48S-l;Nt
z9L%#TG0eMP{wCNN2V+4BDM_Zv<1X0krzW%)PHO7bi&}JuC$39N9u7A8@;6^8bPHlh
z6%31QHJnW)98Blz4NdncZT1^(HpEs<YdoKj=F57#yAN6*&_fDvJo$oj^Wpa><5jx2
zh-Abl8TK1K`3k@5Ek}>px|Aw(t=U<`N8o2>cDM%M@HJY_8~y%3qkTB%D~YR12!Dq?
z;BJ$DK&?Re4{rgGZg#o{tMo`?{SsI8aAo5-yG1=f>JYy`NJ9F&LkI{J-QiBJUnI7a
zYgL4R-{R!;<~RI@RZf!UOitwyt^sDP2%%z+?)<hJl-PuZtr<OJpqT$=90&PvzY=+(
zT@}6Jq2MumrbF&@e$(Qb$3oQ^j#f0?1>C00Tey%!r_RnXMtXqm_J;89I|JDZNt~E)
z=1!yrAsI}Yzc>a<=RLQy{<-qK7tuIzM~L1}1M{|`4itgjWK`EH%;<;Cm>^5A4ESw#
z;Qz*7v7-a6gge6hO$peO-+WpwMC$`}t`w;-WQ+}>ZS%sQnjX;o)l)TZ<r?9Vsg5+2
zXt_<6)J~fHYgvm)y}fl?gP~?+MSlS)k$HXyZW|}b0mAQn^Algb4@V!k(|@~d+g+p`
zQ{NYi{tr?@F!b+oO2}&I{x`%)!vs52YslhuYD_dfOv<?^9VA_X;WnU_JRPKr2pDZd
zVRa9*Y6p@=)oP}HLa}eV^F{}`3B0_#-eO|oCl)6@<SaXq{6|SYp7yda+FxC^ZIge4
ztkdgyGVuQ%XtA!t7a=1U^)KbC)mksAr%H1>0zJ`dv_GM6vt6&Zd{_e{+)X)O{Bd^>
z-&qyGSHwEWu%tEyBAT&e4g~0=Ytpw=cN2N1MueB3oM669kEadUbC>aV>zh~A)gYut
zt^ksUaym+1mLj@s-j-v?blJDL=r(l7_KMjG(WAkd%f;8p=)$vT)ep6C=(V^%QWi1l
zx{R#c+|FT+$HqDn*jff3eiMIy$v-_I93qMt-Y%{P<{>tCtSJjpz_V6t8jA?$Oiv*8
zIQZ^#WH0gV=w!E+;XWL<3iw3MOl!rY?s*sjlICZ;*V_-dJjo57M<BF(9L0spbFHI9
z-+hs~md-8Zn-r~e>!}nZhDHaWP<DpCL9xff`D&Ae50pM;<nQGDCv2X*<hP`{J@7mr
z@0josSOK$JA|-UT)esPEZ{q7bd#e_|x$qG@*2RuOm+6FG${nT`yJtA~L+sJ{*qck1
zfSQX1Zh5WvljCVOkP_AXQ8tPiD@v@YtmF^Xcgxb6?W{uheXzDx%<A7a7-tkY?K#2I
ziXR{2C3_uMxfIK)k|tvQX%lN>8yGKHo|6lSBV*JlEK67~($Isv<w@K~l(-e&0k^N`
zhVuIWJq;mr=)r&eQQNHm()0)6f$LW$lROns^AQ4(r$|VXxqDgJ=f-}Norkdfj2&CS
zkIU1ySCz_&hC4Zs%>M3OHfMfq-ofal@p-cp-n5Fr$%U9e&i{~o8v@BvS5V`5En4j!
ztVpcflzm7Tb;Rp^^K_3JT{!U5Yu9)|0mS^>L>Ow%8HCqhyqq1n)7t~~`NgBhz{FIf
zw@@+T8PV1n5VsZajZ!^2=K*CmTvj1H-p(W37C9*TxGMo<Z_q#Ix5(r72&OhtIHwq_
zm2iEW$xU0WvadP(8Y+at5PouarCWp|CGVcD%5{h?>qAV%lh*b}gTcEl+tw^eaF-j@
z=R3(0*sZhaaEl&`$Cr(Hf3a*7H3LK_a$D1dSv8mNAOp5mKTkI=1`eV+r`!AYE?zu0
zfay4dU}ilCat5!9aK@A!z0thHxB5190rp7(q)t9C_WNsmGk#|^JIg-89W%N!nuZ-2
zKALnbNYI>SqNz)4#LaYzD{DDXZ)dxe{%Uqz#%@UAoWD5pcR2XuVTX#*xKku^oqzRK
zLXI^&`lbwGv>Dc&_q%560vcWD$WfZVkB9oUS+3uQ3hd?ZtA>qZX4cBdvM%NQE4qbY
zxzEJ>>3%(PAq=v3qSN36u1)N}3RN6N5+9hbk$IggNy}?bjL|4?eS4MdPHPVn_3NOx
z8iiVm9N7z1xezoQbF-iWD8oVEjf}MT*5-p(73AM^q1dt@ApIk;u|7?cWcJOh^|{W|
z1N!b#ZO=~}9oCgB6*bkf!SP_E?7L}#`@gNkjZJT)8ulw}sPZYySau;7C7|b^Ny#V>
zL9?Yk)bO9$S_q8sq<Xp}CqqMtt-QB-PR^?bj70DhSkG1;QyU5Z$Av{}Yk3l|?U}-7
z2?owyQGg034fWoYw5GQ664&ZA{K}-tF3>w80ktE=wuT0y`qtL%S`IIzsonv`-j$4p
z<2SE|?QG?Cz?60me1%FDb11Vx8P=PPzo3sEmDGhG{uWtV4s;_)L*TXnG0rJ8GXqpy
zQ$ve6^vwRPf<Gnc&yM0R3n(HN9A|>Rg|ZH+F=!{Coww^j(0E0s*T`P@$Q^-YDNP6|
z>AnE4jBlyU*Ob*eJixEAFPyGky6(ukFB(MhE?8eQvqhAP1qIs9af&9vm|`(C66<)3
z3><meHp5FZQZjr%oxzk%au~g$7SX-rKPOJpLa%(hmpb2}jl{a=m{&U(TYCaHa+a&2
zmw&+Ww0N*3y<)7qonpVG9zzxidjdMWBD_ilBycsEv4~VHnH&ka!CAlTGbD5$LYJ4}
zrsxiv$kbp%A{$N>7=M#qpIp{9B<O0=_te(-`gS(gA;rkye#!3^6nlF~D$R+b`ItHo
z8+ED8*DqdP8rvfZFDT5ed|Mwks5w*7t^o%1zcr9D%h_?ih#ZvWbaVEpg6~ImQ6eW!
z1LK&U=E5<BBzQgslwMx`8DH24VhdG|>{e{^(<2ZRUi}g&i%dyrkWO83hs18a*Xn2-
z*tQ<2tAl5kuIf=m?v?g{J>D3&J{j=w7v0V_8E&p*#z0a|AShd2k7>;{DILyX?&=CA
z3D)UTw3p~&q0$}%Jc+LIahf|}ZcbG%S^v>ZyDfp3(#o2TcT3;w?1b><+MjMXJcHj9
z2DlZ|3?m^YzktPvoDZLVYRUW5YfRyDnZ&XEK0nF~@TtZt%bphw)7Xn}FcWRjR)b6?
z51dcCyO5w$k_tyfHEQ=u^U#;hA0>EHVX8HJU2k$wda-mQOzg)2doO1QWLyh;0nWcG
zz&+~HkGw8t5z;e^zk%`v?xX(ztX()fayd%W|K;Ho0@N_xd?y$2I0(Be!Gy?Y73nag
zWCs0)Q)f#mu+~;vW?z!DR&hlU_@)xi+S)$u|7fJ)e(K`Vt+h+LrP*BrYSaVek&GR5
zo@9p3u%i;UY=5?}(U3d;rTb~{vg~b~^e<J+GPuI<gW%>;(R0bF&T7W~+bM*;d=AW&
zv~diB=S48zic}3XC-8*EX0HD+tGR_ObKO8r^SkI2+|_KX(WOOOXr~t8P`~nsRMoee
z;9KpbqGiVJrfL7SqOIqXbcZ!?$UDG|%HJ{N9s`9vZ_rZWnb*q)p$f&UBP2x0U7#`1
z5GfcjaSu%+bQbHj6Q;W@dPRK~&$PP%q%GA^6}-13+8PRe1^eZN+eB~aa6G~k8XOZN
z_!j=W!a=UXWOea7c`+5mFL-8zJ4FBcO#U}{wvQ_Zp9A8}E(0n|6xvIjzwGb3U-<K?
zKypeGl3^6(V9kkT*lJOk+%w@Ts=Ga=-M#;{gtl84dP-WNES)DnLr;DRrPJ33TSIa>
zc!MZI)GXSZTi6$79jJh=h$bk#MA_m}WN{`q5x1O{?37e4KZAAm{}V?WNB}cM_nWLX
z#1Gxt6EeItjn$u!_Q<iJVn`@=ZAT3qX8rS5>q^QwZVE2N$f>1jNy))8e_eK}9Yk@{
z5+7EO^A#JHJor|2vR;lGXLAAJU*QI4sV>^4@*j}Zivd>xf`Pm?&Nl>@t^(|7d&3aJ
zvasbw!fa$7Ny$dF(S2pR@gyE-(N`?@=~Q7}-munv<3bKw3+t@4t@%dp{pHu!zs6+t
z`{~!clj=2Gj8LulOV}+HYR#@RLgxJ!)VJHrdisIdlkHMNmRCY&n9?q@)-LXd!&(Am
z5GF_u6D&^+;h`8YF*(~)ozHqY%}nVvr<QcThazzjYNJ<i7HHjmmP<|pc)d<1y}sOa
zn_ZTFLuI`)NHFAVGPR%kotvG3kQb=KUwI{LN|9G~tz5{vTS5Gbq9@b#5Ln{U?m{E)
zC??t)LHw(ttDxbZXaY?61I%qvj})FWE|_!D6Ut3voq&aLQ;saqMK;@$Ngs?vZ*?Aq
z=D721q6DgBYb0FTo3@+|T&#|0NqneSagQ3wQ#x4CEaE6hxHavH>RRFT-4!ox>dX52
zT_KLHa*AlutU5tvFoxENO4K`0)uc5D<Qf|CTX$Khyt0x8c4h!#YRGs=zwniO17p=H
zi_lk;w=8*uZLKkE^<2gNhda$Jim49O{$U>^G#*n^EoWZ7XS<&}mX`Ev$j;zDDj{u=
zBh*h6o$uJ6QFQcbgdb8nQpfOwW=<%Lb}4}6@S)rJ#OHW5W%{~Zi2GTX>uNq^O>@gJ
z(cTT>-yO}Nvis8`iMxcl9($l4+8-3*hi=43b;}jy1QMx2oA*$oXQvQ{r0bl|JA+$u
z1@Qx`g&e}yJPERCwOS)hE2E)8*L|X2?zF+d5s%roaI$f}%-|6&rTJ&A@+D%sQqXIU
z9%3(^*%H9>k|4X|cF7_&Xs?~8{blbA&jqBtmjfE9nt4;TGtD+km@6$ZcJWYoaB(6X
zJiqPiD{Z$e^mfqk9^WC05(Wee9Dv`$)_ZgXnHFxY=wNkknM$1I48zvFy=d;gb`--(
z*ieEq^ovYPSLkSE$sVFLqUWz^Q*vEIs+HE=xWg_QE$FDcc?@Gp3)N_>W5hDMf}4ax
zfN9KI#1<53wBxf};dAImJA>4U=q}yLgdEKoSvuYp`7!?iTK8Z_#fjCTHcVW~K6SDn
zm(z}`7Uc^IzsC@{K=rf(`xHlx&|V^#Yf&9D#}&E8k?|g<nLk9Z)RA$S%F#}{$3Ae`
z68KQ$S7NzhUmSE=`w^o|c5N0zrE6Q+eq$bX<siF-%RV<fmoA$oHFXHgDdj!v%zE@^
zhnZ`~eTI$%uNgUANoQ1OTpV|AWjd0n!Q7a(KDq)pnlAg@b^<!2Z<IAvktPEwxSvmR
z=eEEb>_~LUz#A7jW$)%pwP$&evbmM#$UPN2=5X^>vzBN-u9_?17T&TC7vTur;06jE
zmX~T6*<M@<+^vf3B4}~U=F4*1<t{53{f@~RaqxBpYgt^>_%<yDxb=UzxwxEsWb2%%
zfPvH<No<r1%=dRlZit=|)ub&23rju2Xwo-THbR5)3}j^mlzjtovKOo=F=}e4ySR6%
zpLE=FgsUsCyAF2BZJuZu>LdohZKQq3$ak~epF91UDG3Vrq1;XtN({=f4oHScy?esH
zVJ^m$?5Xa^Qw%Dg(ezROippne)htbc9bgIbSi&2LDKgksRw#0`1CX_uPRGm10BPyk
zfAXGUS;dSzoHpdytCE-OELB-kqR)BGdb<%M<8hWr;CX#Hr3&Exs0b)UQy<m*T}V1@
ztG9FkB9l^YoIlWoO@EvWwhCz)wta@!ryH*TOLMRMH@vLkT%P4RMW!PuDzLQgiUx>j
z)tl!1Os<=}z^NxY(H(Fr9hkdV9%YvE?)+Rd9#G_4U9!2AufIak9T!lK>bNRYa4^?C
z>1|(A9$k91$-Pwv0dHGD?`hxC6oHKt!hL~thFXeX^VBq>?_F$q&ue*jur_D6%Ra-!
zI=jTgOYuJ*x(g%V^V?^+ockMQ-}`!NIFF_kf!G_?@#m>UX-GO^Fn*+l#|uAgr4zw1
zdY)Q&CC@9KBv+J=55Y&)<gxI|M5oh+sa?v#XQTGw?D7|^ChhfEs%q1xdNup~$WD6O
z&Ohj0SDtfr?**KZb$WiTNr`TO1&~f25Y}LoB-1H4br{^jAkj1T110Z+PmzQbOu7TS
zkQ8lt{B$$##sR^mIi~SZ@xd)B`+=<N)T|Hete?%eZKi3@^);6P^M>`m*Vh^w@k&}K
z=P-8%{mFu|tlsTlHH5y<xtDOcsK=GbBq0%WI+?lOKd#<fjsG(-ccR;NorBPfr^Qx<
zrn1Ad5BX>6(mmWYI)B_eFt$l3sS$=cY=lhPDy=64Q^p!LwLvJK;rH5wq^1oQfUX?Q
zQr*jy**kUfRCR;4q2IyCLaR(|59nF1h`PSB%v#r{0p*#jJ~LZ{6)m3OAraAijAgRx
z^5`Gu5$;K)co;9;w2<K^eXB7uE;Xi1W;7jBic2+YZFWrTZiax>La%^-yLXMlWo;IR
zZdamfW{sHgMGMATVb-zMGAR<dHTX=Ev;_kB%<Z9hEJVa*mg?7?+g{U4=J7zjnAciU
zp8j8~sFfX;XWC0%22YTnZuayIp-YnMw#9orFHc9ZN$nZrh9y-giLY7ar2R%U3o4Ai
z2i7%yDV%%ZvP-WZTdykeKJAs(v`t+2*3bXO{}$Z|$QMdhUdaFP?!I`_v275mAfCmB
z!VvbTG44;pzLp7X%)Zq~h&u|HwV2ot>x2Q;l0@9_8fY!a*YF!mRZkfzIck)5ee5FV
zSu*~6UF~dLuWUchx`AA!6q`~Iv36=<vQ-;<^%BNw{Wn5359$#bP^j3mSRTO*ukYE7
z<6$1~yb#6Rb*_JD6TM=;(VC0fL!<sQNc4Sq*G1rYczuv}6ua&7Qkn(7<CFYi%p!EE
zUN6N4mE!(XbmHx-#jzm6@y|5M`_1{=P5!+N@BHkP!aFm|DmVM8$ooxQ+M6q$^5!fg
zWSDnKrAXS6&lnP)A40Nn&Q$iWt6h2b>*&!B$LAY<Od+PWT)5ER_gwhvUkLS%Mb<4{
zcUuR4zTUOIKmisdj~o@Q3a#0(e(_G7jv%F*5XToLwxDauos)Ue_+l|5=Al=NTHT7(
zqlt}+AxbB~2(=-t_|JK=7CYI_?!9y+8BB16q`6(k-%6VYBRZa34M=%w`Uz<MQHN7A
z!d3#+B$nM|D{#N`eeFHV9{Bc#Q!@l12Mm1?Cq5UJ2e7Hv(tzzEz*c$W$Nspq5_E=0
zt4y};lA+EPY2}@$kG_2!<3mm(yNe&B7wWgUWiLHAoP3VS+Q-#WtW`D2iGLTy4h7(m
znFOLnt4`e-j&TPxRR=*Ao7V}{pPiuqU&$>VBEqiY_wxj7K{!bco>V3+$@rI}Ijc>j
z8Y@<eEKJc|)LlWV%{0oHCC6`}1#o?HYi)lINeu`x^mz}8&zvceT4lXKvSv7BSxz=h
z`uB&=19+hwb=mZLP4}_^8>~BJJBYsve}rpm7<BfruU)m^o*0{2t8v6oUeH{~9!%@u
zlpJ-0NU|yhBG6t^NVc}b$JYCOtApNYJ9Da`ee@8_qqPX_Imdm%dND)~3lc3wD%h)F
ziR$L}Oe%5UxIQ{3bFrDvWx5GyRH@-|;B;;bdnL`4zqPLQM7f#<@>R>>h(4q|iHSgw
zfz5FtrfEBqq+BQx!gmQR!7Lh2=_7Yq!Wk}wpYyRo2~QUzkb_7pAjER>N#w)1z!eC*
z;QeDCi9PAT$%3z?S9FY5yV`C@y_K9lNTVhGhU?SC27J3_8h+;TzFEJkP{diwH45NZ
z?6NTif#?2t;w?nA?B`JY(2LxmxqmElZ$MokfmV<qW8F^MIci7#;`_o*O>+nviL&?F
zxuV|#=%?)g;(#f<;jIm3awf-4x1DAa+KP4t<SK&`Cab;ivSyle`24-uk?d__C>q0`
z77+HHG5F-m&jTuP`+SHdLHK$YL%%>gU3hnGJX46QeK=P(vRF)=J1)&n^f?`NQ(jBg
zR^0U;-?-9^!#H=4P8>?~$mH{$HMzEvZ_ZwA7CKiL)<55DP;!1bv(wrP!#)U;7G>0r
zfRBcvyg%V30W`i|D?=p8HCH2hX=4dBv2inf-{o+dB(hWex5dTUMX-q+cMzwKU?a;B
zT+W(`KF;x8K~67xN=pY0oIJ6un7bFyTUD*;&~4dtaHY{%oF!w#%~w2CDq?(?EF;Q{
zsul)@V9p{<2z$6vWs*zYi^jAs-{?LkWV8bUB5_-wW16&*|CSJ4vZ_^u);pWMhzh;{
zn52oJt3f0UQlLPpR5lZ7?{So=sbk4G)2PUyZ_s{S5OML!t-w><!r&T*V8}_Ze?L6U
zcQM_H7=C4KhhQ7$yx$}~e@hzspaHn6SnFVp4fQ;7hwtV^%+`47+hNS4PHoz7E^ZmX
zcPhRI7-0PJ=Y#V`w*X1yz+!WF0~9VMCu8lP<bJYO)c|^J^{!NomV=X}1-mN8hwkn3
zTs8Ulc3gcAbpK3GsFERiW6?H}sl2b+Kda}6zdR$>Cr;;07(qSf?30SntC(=$%Y3gs
zuX>Bi6fG^`-o2*0d?RBZeXn}1dNDVO4`K9S+%RnI=vR3yoZph@n>6iZf9D8hrA&qv
z+MbKm%_TZ%y0W)089Bb#s@c=y+Ap)d%3Md|`6otk*I<kGUr4vxSgHQ8*wcT(?M>@F
zTLDTXO?8S)q(FTcye;|cT5lw{fQe<c&uQGH-vRXRM$4xQGx7m1tzx8K#KUwbWW8J?
zPiafStoHkqBOQIzi%#6cX6yg<cO`Ck`w-guI1@2?`xu-x{rfi!4o;Vk$LH0<gcUn4
z+=Im{hu*}N?&)L`D`!19O}z9O9r9Tw<gc<fM3i?KN$WnF^|B7zZ;z!+wiVPiQMD6o
zwNM+cA~o)9Hb&FA^ndiEqEee7&n)uu`u)O`a2H?pe&8n}I~08{bk>plSXtqt6h^m@
z7+-dEZ5uZ?_phDNTdC!8NDmH3QPb5-YmVwJm1Nv#QL?7mrG@C<2BccBV3D(C4;Z-|
zjnv*tl}3(HN+q+iVm#Z!F3it?E1BUtol2~kl*nAVK_`|7gJhsgE}2bjdFzhE8O@Tm
zcg1B=TzlE^YJ0lv<44F}7!*%+S}pn>*N35bpEiFbwX82qz6N}7j}#M*i=+ODc61yN
zQy_uML2J4e+Jr!uoskj1^Sw4&-Uj{~E!~*ua5TB@EI5|z;~+DQ=2UN=M7)A8tp>o9
zZE#xOK)GILo%fn3w|e|Le`)Wsbn4@?ZK1;JR2V?x<MBJ0h8uN160_6c@DyDBtLd|q
zbDco%zxZBLmH5D0MSpeFw%zS@9a^YpE&DyU_tC7m&^WP!D+W7mdi$Jioe<G$JJ6-{
z2sC$A;5hde{CIzFL~|s9YU(k1z_fkolr>u3O0A}3Ww|J`h@q3f&7a^acp-|R_vJY(
ztw&u+w!QyZ(+9POl8J@+QFzx2H6DsD(lY`ho**I|Lq94B)l)}gkda*6oL3NWXcoH?
zl;G>M@_RDGs6ikWYDRo8Bid*5W8`XsWBSGcAR|+)$-=}G%$Nxdtv{qr->WJC6Fd`B
zmJPpYTFLUu+du@&<Gx?|yRI_m5BUP;S(HO*_+UP*$9ztp(MMP4he{d=qC1Z3vH<-J
z4rUBDQmGR~Ai8u(E$uB0RNBGD$=@EUsK&K3NrYze4WVlKLS_ps-iGUdtrV&WVYQky
zyxT@U=S|CJO&6^sZoG$~b5kaLF7YQp%;K3qKh^RGwa5C{&SV-@D`!hHh9oJLj2Zv!
zt$8O8tBXGlxn_HDPY>~wmMnlKH3{m-F_bio<cG-!`Wn$3vz`i*{vj%ta|--&dlzeE
z&_b7~0;swwdoMswm)N%I*uRBvghgkUPmOpO3Hrn|PI-T(TENN1NV()h*qX%H3Li55
zqjo#FXt1#H9xt-*#Cqn<XU6jUTH2l0LY=J^H#<gkT~kfDJKS+|r(Q0Bz&=g{&nYRx
zk`ld=G*hFnYH9MfdOP*VMTu|M%=B+p+moA8``BTD304V9pqrT7r(=!bs`t&rg|i{#
z936kA4V+d?T)YGibAi2m2)gm`Epz~TLpO~r&CpQ@(8@fis)y}>8Q*0Dt3-;Sdh;io
zJ>cAoPVVLxQrB=njk9?TlMzeaDYxsGvSt(m&G2g^Sf>{$E~BUnGT(lLo7V4;#B`dg
z1d*n-)@@WwM<AMR%bJd+JdECL1#M>aa1CoeGZ$e*+U15@wny*}K-fdC@t47@{UaxC
zZ*S`7f$_U`rq+|I%jM)CE&-rJHd{I2*)_w*t!w7+7sPvJqY10bIzM}Fo=V3rf6<eo
z=>_Zg1hJOR2FaRQMH)1#7NH9As#BeIw5#9-m;}F&i3G1ARVCfJg{7*0fmb73c~~55
zRH|xGWpHz=L5`5lxWwZK0V=#P68}y`kD($Yh>-{WrI#7|krJDzB@)L)Nnnl~o>o(&
z##ok)B@rV-lKzZzRj~kOyocuSAp@DrSWht#A5*=VND0WXJMd%m0G_tr5b+z7_ub)O
zj%Zv2aUl0W;lB&^SH%+uqQVJw0_XtJh*3NF4XeOAU1!f6macT$koN8=)|_sh67#e@
zfzmm<3WPn5-0bhwHIZVj6f4M$YSL^}IrMg1*8MT|;SfqbbXn|Uvj0+Rk104yhHE)&
zYT-Dq)P`uC7(^YG`oeeh0kU$(V@TGP5d(qt>G=3Lnb>%_Zm_L~5D-pu!DQoo!8qyS
z{F%!+1G%|`oH_;Zzu-S|*!dQgQ};G5nGkT|n(#X(t511O1Go}mhJ5ut5|F1mkN8y*
zo7FxV8j1f}vb$0)S(%1akSwoZU9cwFM+P;ptS_PU1WbAJc%px;es~_s`A(lrUvvSs
z1`Iep!js*(o!{h~)hSi}{`-?Jd2$6E=4An%uKOF-^T<EN3g+qY5c3}U>MWw+c<PWk
zYMVLJ=Hk))(fvi-S*Lo+fb}84gd4n+%iS(H6u>TA9u;@=N$>AnXsgufSTtnKoOKoA
z!Fc5u`kv`sR>^@3J%4*g=^Xy$l|+4IaSw)cu#5bB&)rNIB)pIvp)PsC{n)bJLNbnD
zBbxMdyx!9CyhE1arIXIG*4A3S2^01Q?@(;{jgCCHY0Uebvu&_sI*z+oZ*Wb@IY~M`
z#KEoPRPhd*%QHOTKplbSw!cBVs7cnXM8#4a5X$fT9*n@}(bu#RDBgE+`sl%hw}ZlW
za_YK`pz;q<(jW9~NCIBm)i9~TBrz;1as>$wTf9Z9NKLtA0?W<mEoejt|G=lf@J7c%
zz<Tb!Hlc&78g2XUi~F~3U+K(>UBjx_VVIkCv1_K5N6HTImb31vU85KM_IbHtbwJt&
zUY6T?H^iHL<^3=F0|ucd`@$`!hF{$_x@eXY>ZJ(*foMxhzmm8U7pTmO^A|3d-Q@M^
znjRthnAewj=Y8C!uIaXLvZ|&zak_}i*?*-ms?`i18oBL8>`k?J=wF%LckOAN7JbHY
z%2D%S$?d-1byPbvWqTejk`9FocOhc%37EggF@qkX0*<AaP^SrYubR{DKtJHP3JJuz
z1;jrb_V|a8s!qcxZujoPSLAT!#Kb?K_%)92$?@(yGA0ERMn1#&AZO)1=t4_;;m&bN
zl8;M9@gI1fR;SBW%XZ^p|MGmH^F>)y1yS^(>;xLBCvi)<pgo#hP=PBoMS@?{-yKRG
zjC+rr@TzC<|D$>kMo5@}3=Bfaf#czISPGXR^P1H5OEg{SKY1muX_YLPqa0${dv8`N
znYBWrrrYlH5H0#AFEBz7z}_dGrO4*9Eyu<KyIDDo6OJ!GQIs&w%7yopS`WQ*_caiF
zL(t3Mp>H57l&PW2nJRzh6M3MdicNtPdh=Tc8?8O=YXnq}e7&Y&-l;KJxOqG4CAKN=
zp64O@q@sxz->3rqa>$*@9p#+*%^sgKO=j7V^<%tWK`9e6s4EW<p2zuimxa`MsO5#`
zMGHBKNu}`!GCW0dQ}8pjeCOA{{Q1HuE%dsnOxjwu4q3Cb`I{p1mKAk9bB#XgdZEb2
zzB{@>xEFYhz3;%Tz>wz*x6(ifwUT(p-+`vtAl&-Q2WUz<#$K9nJH9jF7a{zZJ1Eg*
zF{3<|A-7!7NrU<T21kahKYizpJ$JkxwFW*jlpnw&aR=_RbhFRNLC3rJjgGqc%YSx!
z1J63V3<EcZ;n&g7%I#r{(rz%5My~)jX+7o-#DwouN;Jf2Of@fR$1$ci%Ql8wcjg(R
zX+5gWyiG9rf3tx^sE9e3nqH)iodhyP4h=_Q+!^hG3(*s9=sj*(jezEi*oe8myvXB}
z`gMi6Shyx-r)e@iDCpc1yg8V5#QDZ2hP^X`k9`5p?wn7F-ZTB(57G~$Cb?fy6iF*v
zrbN$v&=1ogp8LEpUU?a>y>@lMn_c0SqASQ-yZCvt<Ndm|J+uA=PdsOyfK^!z%cmQP
zBEIPlAYHPvlA`wc`iG^ipsvNPVgQ0lms<sUydsMXMJGbF5zs68C)G^yXGI`YW{+Fe
zh>1aVbWlqcXP2&Vu|AJXSx8GU=g9VDU{rKiLyL#RhjFg>vox1QtAiK<UZY1~_%gL4
zqoMuTI<YGw(XnTb?2WS|v8}^X7wH~|0{0l8um|vSC96K^=_@0{wF~$gt_isT;7i&`
znK}&4gw9BV(Z(+X7(4<{H|KFGP8g($Ck!=SEXiWaqToJ<o139=((wn(;~!(3N=5uD
zqOuLh&XjpY&VX0}Ff7WF4uneI!6wJD*s((TiBeI0iK-o)c=B_~&{_utJC=O}s!;FB
zV`*mPm|n4?Q}RM>y;zQ?#+4pQlJZ=e%-1;ocJV4pdNup=FZ8b-yHWGt!lGG&#z1Kt
zy@vvZk;Gvl-7<QFk{mlJjR-Ga-lWwDgkGZ>*4~*W?~*3yClA5fci!takO2d&AJBi1
zUm(9iEcgY-^bvUe0Re-a{vbfBy7_7Um0M;E>|fkpCr}Qc4L>R<5XgV%fALMm1||ju
zy>~afprE7C{>$IhoG<~zlmUtmK*ekjP9Ez&$D+*|Oh90>l1dvRZMGZi)*I{`EgPz~
z*1EP<8?9Hp)8ia!{*E(;oJl;K@VX8l@o);#p#@!!0d1E<DyQ_<%-jzi)SU;QaWeyI
zTuclPA557d4<1{MjI!x1d!!cyJ=p=Z`)rj|5pMfP*inBK8sRoQrsdrPC>&AoyLW_n
zN;4VJW;{2ca&A#0Jghb`Fn;?*$xQ&~n6Ow?+}srBK_5O$8WQ`=%CU=;uEu#eVQ599
zSP;S&=4yntcFL0_(`8=7UaDiiFBO{jF!Ifp?c1TfmMf6Ir<A_Kg_XFRyww|<s*wC?
z<ls&lp3WzH@{`o(q`%gIrbrn)#FlbnkaefnMj`A_+vS=dXH2m*tfbArdzE3N9rA5g
zfY4O-wi2-&3&tG_y(|fc8w;uPQ1jUFPCtG3Bh=X3^M&x?eCoITlO(NJ33p0?+So!?
zPwJj4kMS8l{RrwPQ!)bcbV!EIjKO@x83tLeNL~-TL!<TZ^6R}t1U^Fn!AkC!%e#mj
zzksHxbGjpZUuUa0D8~oJy#Y$r1VQ4cm|H90I|DO-{!oVfu(;{o*)Bw9JoN#ZM7uf=
zG(+{ZLuIw0%hJ({<)#SqHA#K19Sxjlc#L7Nr#ZnNu_{wRxJTVAgvUh<RqTzAGyGjD
zTO7MDgIwDPO}FT5G3|JPcwJ5$$e53=aKR;KWY*(c<drqcZVon6z}kZ5YSC-&n=l_s
z2p9-ZeDV{(_cNAY2S9-?34wrSJzLx?WOXlouD<@S{F+M$W%<Rx0E@~Fl@_92NNI*F
z9jQ7zy|3XI>!J2RNR|jADO{pD&#jr9Gy#6JeGl`R?js&Sb(GvYA$HVZRoSz|dG6$z
z<fY|X$f>1P)4?v@RqngUa;p08`px9C`U{j4v_sHQ0c#PmM$nxRvl^JYAISlD6PTgj
zoKgTxHyx-nkkbH319&-*W|!>+syDa~)?ihPuc&u!{nQSYeFUc|=7=%~Q!0|Vu)CbJ
zGU&WWt(*ose55eLf@(edsW8cG)yArp%{^0mD(YDGq2!fK<@X{lE0qhm%^&NqvOoS}
z`=X6v=i=xhu_At=&SEs8>LPi2jInXj`;qPBcH!Flf*z>3f7EvmUYL91cC=Te?Acn5
zwXAD$mf<dN6eW@s64OnHL?uO)(wa$sPB54wX$h^znC=67n$fxfwr23HXBySly{|Up
z_{v(Frk1u~uW6tEcn|cP@j2;t>GK?y+*5my^ptF)5xkFox_!ZX$NP_di_lG25NBqZ
z6?j@QY2_~G!&%a-XFL@MpZ(^FnJ!X4yU`fbs9HT={dHWgWy7pJq}CvN$=EfR+h`w%
zHA^V0Kw*LZ2uBWX9V9$ZwM#+4LpC!Ib=%mDT{okB8{3UR02sa1^a0-)iMze{P{lpj
zIkY+CIov<YJW?CWNqHxoVW<NQ1_DaX^ZK7}O|s#s*{<Q3p#kK5Jn%1279bpVV5XnD
z@(ICq;Eb3deQQ5N25dH3v20h^2`m{JJZ4&wj=8ilTgy04zNz!k5a1TsS|z`iuTWj^
zP+WV!b>-c4odr1@M&t!K)J!rR?i6RIqU%*=x0H5CO3;miHCssKkY8HlBxlOsp)F$*
z`)R&YQEELFxnzYj+a58Hj;@<yndw&IR+RJ)$!Uoy{}>8pbEayTDf_8Fm$@?EAJ=dc
zdB(cF8Y%|2+fEd5mf1nmR@GVPsM(c7cFZ6_Zc2S#_=H4iFX2Aq7pt=om7u8pD-~e`
z53Mlp*-)NZbH<tbMYCM|<VbZz$#_p(T>LlHg}!j1*9s7;zwA7YRrQ)sZObBsYB66)
zN^74@6|KWhrHbVpRqPcc6X<57|C`K}L<loy7*=h22A1go(#Kfa;AgIx3<#@`0Re^1
z-ORLluhpj6uB^7&9z<VdO#PG_dU2Yz*8ZIsC_olI(MXv|z>H+cjDrz`iIjyAM5({`
zB?%Kqqe+v5s4a_=1j#i`l7#8Wl9j|b(NvT~+1M86gHoFd*=#MOxz`s0V_gbabWf!?
zI-SG4H}@EQPba0`?gG9xkND(0#z^p40x)=vu*5OPsAKOl)4GiicU~vtLmATxV9hZ}
zRwpFHSR$FCO?eK|`$e`HBdBD4qEs?Q*kc>QGXMtYO|Ju<y?4^&%qbawwE(u-_Ptoh
zT#vmNgkDS&B5BQWE%wHgoXaCZ@odK-1b=vg5%{3BSh(ZtV^|8#VOcxJ44O-0emUF|
zFb)j?q}J60abVulkYBvxC%>Km=0wsO041UN_@wM3V)c%3UHtpxwC*DkeXK(Ye{f0#
zK^V1gA+%BlQA#DnNVRAqv@#De$^=;(wZv$^9&#$cxF<1VQnZ8;jpn?f2pH1uA*=}u
zSpd<RvY3NArPRfgGRY|QF4dj(gg5V{n%0y?ykkPS7e=L=7_CaAgj%_STBU+owMwi-
zmNx<1Zio?4bh1XdQxcUDW^zSCQ?pEvn>kr-=Vhik?MoZsl#COulcDnMtA4BbVuhft
z<8EJGGl_u<U@k@j@-0h|aZ_E$GM8zP@y2lN{E0y5d@gM%wB+xGPw6uA3*mj!xa(I`
z)CO=fp2UXW?3xv54%960ED$0n;i*Uve1L1fEU*xyON&I+W3d*s&Ox1Q%t=&Z&stE^
z2%rfpF$2CS1j~R8G#(4lj4(a05G!CRfDv>MHW^UfZ&r~o)o%j9lhE!;0pa+FUmY>i
zSvj!*kezq+v^I67u3_6TL>jAkUACY;k8Fz7Tofhx{SYcIHIN}k{UcUCV)y%olK{;8
m+ygzkE9qR%VO~-dH7=VWL))atf$Hw`;Pc>sfVxoE`TqbF;Xz{n

literal 0
HcmV?d00001

diff --git a/data/web/fonts/source-sans-pro-v21-latin-300.woff2 b/data/web/fonts/source-sans-pro-v21-latin-300.woff2
new file mode 100644
index 0000000000000000000000000000000000000000..fed32a93357b8e3d3e60d10f548574191a2f4913
GIT binary patch
literal 12956
zcmV;NGGonmPew8T0RR9105Y5a4FCWD0Cl(k05U}Y0RR9100000000000000000000
z0000QKpVjh9ENfRU;u<33jSE+O$&rN00A}vBm;<W1Rw>3Y6pre8;WHm?AVLqb^t0_
zkxiqhnVi%KMj>sGoPs6)|2aX9F&bz$G^+X+nQawuZHGE*v9zF6ech*?Q*I##M;olS
z^zDz#<DD{bhaa)jp&9Y<9+SNs_WxXb5t*#)K_Zcxs!5%4dk~RBf}L1o#NIWz;2>vU
z+sL2f<mKUOKYr)#zAx^fV3w?s7@|oec~eUajY!55Sv6_H)93v>e`$a2eHuG&j7*w|
zr^fF7q?k5n{syX7ti4o?6hM+f^y71Te<pcU=0MG#c%&wB1(F&y*?kk(Cflm(@ci6*
z!lw<Q$HwySZ~rd~77@TUV2p|hf)!ZF37Cl0=v8{2eHC6})MXp|({nF*-+bDZ0@jHV
zz-Xv8p&SoZ)=&rDp?~6H`~FSIVU1^$K%Quz7GH(?|L>YMdui@t@()T^!~rUDEGOKA
z93w-nwSeJb1pxg2x3-I}D1Qc*W|BGNB~w~?_wJ`!Ov*{JldJF}Pym$v5#{}+<)oau
z&$$~H!2i#$E4hQ|+C{k&t<2WTd-MnkX#C#)rLf?C*(}p})z!5t^DiA{o<j^0wSh6B
zP?{cT)aq;LfTre%=6H8aAZhNlbbuHcA|M$sI*!btD|cOFz$`W=p;N~WL#K)3&_4fb
zes1~A$4P-OTh$e^Usa-THRjE`lMDqW^kMQhCp-BBfyMm7Kw*(=K~?>~s^!2kIs&y_
zRY13ufWlW8S=G9p6;jj}9vjQgM-aZfZ8n1uQues)Z~vdU(fwLlN&8BUBqK+XWS9Ny
zy)l+m9!B9HN07wP?%zV-a^_&_v>wLr^zoh8pRNGv0Z2HobV#;rNEclpg$f}hN+1;~
zA;S!Zj5HdCfLeVtAlJOR^nu(*qv|Rk@~p1peQ>-^HB^BP2`JxUM4X5dkp=$FZ{2J}
z&<~&?<2QCLP&xS2P3&!vp71otAQ-5IQv(v@2QwL$1yJg{mDA(co7C~f>+83VHw`yd
z&3>pt1<xrGeju?+ZDblXYpkdWjq~$piLOYJ;U!qGARR7!14(V%cFvegR^l0BX3kDZ
z{-Tv5(CpWDX(`Y5j+zD8D}%EPUU%om;O(0^-5juq^HHW(I5C#IB<C7xnEmfZLYiVK
zaM4WIY_pN(`V|F>z%VU7J{biCIVB~MiV8(djiI5zrKP2$qr<1Cr($5BVZy@9%ycX)
z^z7^q7dMuN2j=C)^6|m^{8#}220=lDurOLg1V>bqLQD)#x^!l7S+ufcQ|qQDN-w?e
z^;Jlt$RJpWQmitSuzC%6MjB1$8{d$aXd<a8rZSpg2BTSKF_~kIG;_@(GT(dx3oIbC
z&_V)>EF!encZ^n8K@6Em4g(cHH4Yl%I|pQ>M%Ej9s-5pYU;UvIV2~eJh@b*m8^ocT
z?eXw$7UF-kY)o*a08(#LY&VH=Q7{Um_9~oC9;d~8R^r5sGI)Q@fJ;gJcrHJhj!p;a
z==yMVKk#*7+}pWZzk@nZ{zj$>`U`elKm(hi8P`XJMcf*bu}R`7?kxmOBtExFMxQWM
zqOx4{RB=h^x=Rx!tmwqN2l`AoL!h?O67Q?YgPldF3mJhCsD$Sh*+b8|lBr>$mQi>F
zoR1~^V(F(!@guuIW;a|xfl5w(n+V2H0M^!YfStV>K*mUs`T<g-i5>mALTR8BqYXr9
zkB10Z>)6iaUs2KdGIf@;oPp%vzB7rq9dyD7R~bn(Hil@IS!BZet3?OvV>x@vKj+!F
zak4DkL9`HD^W}y~DsSjmeV0QG&@V-juJK23(lzhU%I~VAP}#Sp<uzm{dP&FY)C(59
zvtRTvMUC;|M&>HDmGgsWfl>z1C={$0mQ0?cX1;m)0GTN<@}(odznUPJMO`+KcWbhb
z<ue9yLkaA(!*=Z9>dbuqORTAI@;-1|z>{<{D?SU3Qqthnt-+VUEk8IgH=jhZh4h`X
z4KvHpx#|H&^C?$0Db3pZ8j<GRfeYG#HZ+o|XGT7B(&j5$Z_!Gq2s-ReV>v#CrqZJo
zuP5vpk$LGgD<4i2aYgE*EF|V`%8tg_q2tYyuZo8CNviD>QEri#r0krNywjrnq#g2s
zt;*zx(e<nXZ*wjFvR&0IR7Q~wcJ_vGayfMvOrVY|WN3?VuTbzjz-(Zp&q6IGIv-|O
zJzjswpPOfM$!`)}lMcR&i3EiL>IfkcdL$zw2`eiphjcRSbz#v>A1);-1XXL0VYuOP
zj51oTX{O8fr#~hA?QgC9>tAgk*m??}0}!s3z&q&=Y!ruzhK>V|69H6OZEjxARqHdG
z41ND}7Y3J_mY#u;0=Mj@1Y!qQ5f6yDhUQ*)M7k-cfq?-VIimmpzK{3>V``AVMr=Aq
z5FwEkAT9-k3D_(!gk~_U({sukEZAqwWc!$KCz6C1QsR&iLry%3oPf@;#J-dolGBiq
zmeh1{Ej^4xvl7KYh*J~iAE?la=7S{s#1$aEAc=&u1Wd*hOvN->r#{UbeoX3X^%i3E
zA)ykIC{>g^x&p0Q9mx@>H40@k6EPz*FhhmmP@{^;UgWBcx35U}HZ(c$l~mS6Aj}wf
z?{?cV<1D4MoR`BUO^zrT`jOb*5cTkIlv`Hh%y#OP3G-nfr(Hgo)Dgm7=-Hx0<?xsl
zR%!|><cOpubcC{v&s|9y%O~?L-&=69)G%k(mRs}RAaZlYt<EK2EP1R;O$buZWpO8|
z^wwiFXY;h2y(H6Ds^?44-{C2B!3uiH3-7(3eLs3pJK9$N3Z^;s>73^7w*({3IBPw9
z2QjR9U16i+RjWaLGfzF@A>Wa6dpJ<6i?q<*tIMypqzcGJ>$lK5k-dFrcFw2!8upBA
zpdIqxU1X8chGRPQW52-cpHrDW?-u;SZKvgQT32685~##O5E0`rFyJw<;Ipxjh-*ix
ztFA2iDrQxwO4LXrrQ2YGI0Rcm0dxYw)rP@4=?`p#n3jZ-j+CApn6$Q%9ncKGoN?f%
ztBGh>Sf#OXQ9ufphuF!rBn4tyje`T`L`PH54I2a2am5G#szAR#!voX;1rkOWCn4bA
zLL(EWK%oIPALvIbv>srBlMq70F%mRmh>Jr4ToU4GakqUT6GTWO3QIKeNDfQ?wdmh4
zLp~!Xg``{sZQZ1{#M(hZU5Qahw4#vE-yrIy6cee0XjQ~Bk~lV0h&BTf^DI4(fKHBO
zmpAq~J;ra$e9}FTgoF^IYPEU-^3rPBXu`&MpiscZKqKlvH^24Tq1dapys59y>=lz+
zK$!+-D$nS)<EGy>>YcR&AU|1VQ|<+BV!0J8H4pNwy15r_eIw=J`FprV>#p8Y(tASn
zx+MZ$_V(_ry;8@@UxQ1pDV#WU>3WTWe>2|xcWC1~0SL5-W|`wRODsFHVB!TU*jR~D
zf+5oL;LQ|RN@glHO*t}?Z7d`MCO3aWcwd9MJ7fFQ1{^x3=PiQ*hy|B9X9b`HH3YXn
zEfP&_wBWd`bl{8v)WAqwplj!rb8CTj5(3Z&t+!_kbUX^9OeE4QLgo<RH^P<_s6iwo
zR1LIsuk#(OF&z!d8e2u)r0Lvp+%_xxXtWytgUB(|%%Vp6+PB6UXS@j}nq;yiF1zBY
zYbf8~`j*L9CgT>3XM%mZY^?e`U;m@}-)!Il6vV8Flnp0r%fuNqsjnuBA}g%oj;guu
zmm#FM4ADigE-D706~%H;zXL0^07=yKuFv;%b!!Czv4kcJ0vLr8{&7qgP7|;m4+msi
zpzSJB0Jymv!Eg-0%#HQ(1nOaeCIT=N7=h8&>6WqPamGm>o2u4yi4L-njqJK93WLd9
zB>Wt>f&I;#5KwDfyZ<49Eo5W)@B{CHSovwoLgHSpJ}kH%^y<ul3Y2fV&BqHVsF~QO
zAw@tQ8E#}72PA%~1qRl!&U6*Fl%B=F{@yVz2_18YaEPUn9S5Llc=J-HaXhZ7u0-i~
z#sBr<`Gz-l`Rlf_6g<0G&yWgua2LPrudIVx>ixRHaAn*X5GaNifG*^J5jnJgabkLX
zVx}_NC%Td8XpV?}P;uyNwas>ocGzi`-S*gPpZyLvI3(&B0gs)BTzw14dz+vjsyhl6
zG_u%cqY*l&n>W`e?IRvcANtC*_Wg^52oNw61tdNWK$UW^)!r-{g$}WY0U}e9mT9n*
zwmLZFyIVx+q6WwyEu1cyQUa=6g3UU+5G@>3BsxXPuq63lhaGX$F~^;7(kZ8%bKV(e
zVT8*)pEVWFpZ+SbfXzJ^8zLU(LxFT`?*i-Y|Cfx-BC#OVkpw{!7?S{|fDC|@_mkZL
z3|~IMca{douadq1T?53YnGOsifCOZq9RUID$ixG%Rz3<(P^NtUGstKk+30{KcfCd7
zdheAr&gnUOBZEEJC#z#ktc7*3Q8vN0VH?;#rxx>+>9m>5qI~n@ZDd$TLV-dlV=T7G
zLCx+JuGe0MYyDs~tl_dm*vxPPC^u`zYXQpP81^$G2IhahQO44VTdp*J2H?}D=AP!a
zo6DOIH9MP?lXIFnn%d9bIDZ@)Af13Mz&>EVkAPdi3*e{Ib^h#z_X{)4v)*O5ePC{2
zmtSp#`=<KY6ia@EH{lbHJvH09|06B)kLUgf;HIVi^8zx<byr++)p9E%VYMbddg*6t
zqTr%uHrX74F;@941~zK;lRNIZXO7<5X|IEhIu&R8-R^X`Jzjrze{)M~TYJYJojr+}
zy?q0-99_G1kB{xy3qVCbAT0p?f##0@9sdC;nn6ARPyr+a1ViU~?3U-hV*pC|a?)!O
z&0LP3J*QlRtHdB36x_6C!_&neGM(%S6B!&1;t7@xpq7aR4_l7q+3%<ul2TnBm?P~@
zx!U83oa@3lNVCCuewW23tExNvD~ki)>61`Y(gd+91co?b7Mh9AHH<1VMjJ#tfo`1D
zMnkUBsERdoE@NJ4oV3i!RK;@NZ4I53eafsRE;%K|a|MrGTpC>Gvm&M4{(h}n716;l
z@mz;-qEQDTIEYdP3DT2VLQ!Oy_g;LA04FDYydCMrJXba_iwM<29QetS&|3!{OJ8f2
zN<Zk8q9&0F6Fb?DE(V#Gd8-haJn9CbW@%Fa)Lk#r(__X>^&jfQF-DYywOO6F(fUk2
zRxp>yKv5yT3`@jh6*5SXz+`%QyEciCQZ5sbish}vgnWz8@6lG@;}3Ha_(Je2nQ?v!
zAlRIK&KWir)*NJVlqDq&o@<<!36>x70K+*0IHQwuQ6X;DNqU8zGW(8_Omk=_>6D;Q
zG1fvABvLe2b9cpsy;zBNS{-Z4<$JcA<RvoFQ3)t-wZ=Zez}lK@n=P<DXcm%DK3uv)
z92be%tyFuPVnPOfD@#!_^xw5I7=mDy;wX7DGd4`)t5wn84K>HCM~GA*>6eZAs`-_i
z%@NL#R7}P`eM10f`Me>2SSv3@;UW%zK?lWHoZ)>CYw=C%El-DPu|)ewmApW&JmLs?
zr_>$KN>7V?LCh{akO#G!g4-ScEcSsyt1CO;jakmox*X}`Evwo6<eeno_5E+Udw^7_
z6N9lS9mgO)5VM$&kuswjq;8MFg_-7h?F~jdX$=448cCmp%1~hB2*aq5I&2*YH{*31
zL>_tQl>OAdwi)(GM!9mqUbw=x(43y{b@%5M<|s*=^4C-x#eXuFvt5}7iu`sSh@I5P
z`@$sBw1p*Un15T8+K&;G-u&A_N}Z@BMfn>lqe#rTZ%ne{PPEa4O(2fVHl4IrxfCjQ
z-?cIrgbR)HGf}rv6Em8%6Mc3M6(>k%nl?3;=$6`euaYEWq;u}|Hnt~DC2V<2&uaWC
z8V5Y!wJ0c$c?bPCMC$itUNv1KQ7V15v_qsz!Bu=na$|;i%)-~jB@Jn`YvoU9hlmxj
zGAXCU$Q@>m(p1Z5+^2QNvtfCfIX``(H6EpTxd#zT>SVV1_7^D~RDCt?*@-;uDKDNh
z-+<RPn~JM)v{u2D3$SXV5M2k7)+~#p0(%aVp)uB1cRe^THY%O2Wu-s?$)Uch&SEYM
z7NFD$WOkt399;%v>RrfynB;0=_mqm)UjCHbOs6bEY<kNy?ge+!z}!W+$E?M)WY33V
zOWX0I7pZ(;X+3yoeRcA^Vn^Dfm3Q(FqbaDH(5xesErATAn18PoW1_a+Bj0*;>s;<L
z?qB9|^%<IE2+~W`J7<b{^X1)(vyc_5_VU;xTrFnEeJ-0Ct9sZ|*2pl9zU{6)8vWLF
zOE?jo(MhCB=ryBx4G+8GNXp;2-0Lsm!U3+r;HPbUzDAZooRVJ=KwM{t-&cJ<$Q?vd
z=2|+!2Y*bN<-$kZoxUaJVCAwB_POmp=CUq{v&1{m&!ed6_rabGe~5GL(?I|^{w6l|
z`XeLnfZ<E?9hrD%DQN^ubZJRStK4m@>3XvnT_EuH!naesgDiZXI$j01-FO#-O&v-a
zvm8@Sc|lTi+Naai=vFNTYR~k`EpV3C!g<(0#ERBZ^MdOfi8|g)3Nub%yy2={NXzdW
zIsnNq1*fX*bd)czgwnXI)XWLiFH|2i5NAGQ=<t1~4fku_3Df&F^MzQ)zsAhNh@-ZM
zmkC0yZsp8(*pR`@O%X+D@v;|=Cd+)5g(1SdkkvhI7kSH#yjCO`%SH^9R|QAq7zMpF
zbHE;=j~@qN;z4k}!q-1|@TKyrFq@7}`d)?4fz$)iecH;KF*XLI;zW*5G0KnS=y_^j
zoqe`J!`4^Y2G)d{EJL{*X{#sRo%qC!INH~ANMg289Fkf$c_(U`1I<!*BP1<An$c1i
zEwsKs?%OTlG`WA6l_$i^L?xj#8tAv%%@7TmvDBFM8_oQuYxBAYzaA6*^=2}O?V0R|
zBl>Urp<ALw@h|)tyKolkba7x!Pi>K>>aMhBblA~`MZUeuhCgZ>bA{hWpPCwIsbAyC
zbcS!0B&#(l<=0mKb{3jn{4KbVDrQg-9W}JaQUv4ZGH482k?XDd9-lZvh`8qBT5)^c
z)J)xQcSM}94O&chK?K5g#I7)lm50`_7LKqL6^m*zOPYziIgM2%Y)hKjXmgl;@?~{W
zpKHXZ?r@gc{j8;|-`N2xe7yqd3KCwdVozTl=g4m9d_I7V6)D`E@&ZAdzY;PrYi)cO
zdQoD7wYHgSxavkD0g-kV7FS7^eTnmohNg3y;@hL;%hpvrXNHPgE~uv67w+ucMVfxH
z=5%ulVew27?ZZsSaxr`O3}$_)28yShQr`bzhz!Hj>2vf|lenlc$48T)|B7;jB+?Y#
zhWTve`a1)N7+>_G7sjN<2YYjZZhDN6F|qk!0S9*Ak1I5X{xZ#6oLCJ@-={zIT0;P(
zmW?WGEl8Uo!?JKZu5RYJ-nZpxBYi<3xvabm>?yq#8=(pH`{{0<fM{8&r#*9LEWV-T
zSb6uqVr31!)%?t7a?l?=zR9LB=&88|vx>C8PZ9Wa^sUFIYS~Bnh5^g2oJzFG&eyLI
zqiLAH!q-d$z4u28uAdN6C@}(`qY<9AEx_eKS82E3!HQLmvRfF!4A9Ym6!h~&&`f#Q
zcg0nVI@i-{Q!tpWN~ql@Qf<UKTeTQR9Wm!f-k8uuJ(FeQ)S08_A7teUUP(%k)|Rbh
zW4K6goa&2X6yyi$(rRszxOYpESnoiwIk@q=H<2d$`C@A&XE{ejR|RXa+A~gZO{iTs
z)?XFdAxbSXqqL6KPcIGZh@L)6Ep#v<s>SL6mL-XErzBB(4ShE5BaNRuiPWeb@}S=7
za;JzGc`s(}BvD3xfu#(}yo;?Xm{;V@oRRv}$TZs&<a8ksi`c{@Es|s&Q_Q&P@x35x
zsD(Nj-<pJjw{%Ntiysy9VQFN)ycJTmDvv<Ia9~GSaL1haLr;c?x@2fF0bU+t%=_-0
zC8u;ug#@+d(rfpJ*nGyh_M0h=n;<srY-7LOCluHT(7z71zHWJaVsoOmsY)w1My27|
zrWFk{EiO~HzG(%p@;wWDhV5-_#?ggdzdXblJ9WxLWtm&e(&dq`WL2}pByb^;6E#sj
zh)vtxJm^+$X>3$)9rQMJz|A!Yt8g$F6fQ}aYnmfv+7QLR=}0=+fE*l=7DSes;mS|}
z4?nQTXWZV_W*%MU4e5gXou}5B>0(=#S#D-S?G_u$Su*>bG5Xb%8x4%ld)TBHiERvP
z%qn;KDR31M4}SwZ_alZ<W^sSXz9A|Pn)vk_>rSfZl6>&{PYXq#&tI|ac5$?WYr#R#
ztXX!x#QYZYR+0Jq>SfxeSZ5f?b;S^WXu~RG<0`=rRD2X+oEcstx8QxtGH3=lkh>LI
zZ66^y%-s$QeAisRVS8JvVRWw7<yLC-);5p&>vJ)5ajRriI4oHnH|umlMQEd|;y3(9
z9ZD?nG{+Xyb}ztbXEw!59$%xXxeFL{y0}fUI?_#!c+~%H$<Ouf_HHnxc8643<HlO!
z6<hgCnNwL!i;C{NIdc9mh)sL7q2F2Os;PElJR26BWv}N1218M!#Tr$H2EkNx=#jKf
zO5$9ZJ!FwHepOG4W3Svh#pCkKK}4d6vL|=H<Dl|2?n*K2a?FdPuJ2&AfG=>@vcS(9
zKScKZ>;Q@^rnC5aYO`a6y(PqryAU?lgYe>^E$E2j{%`g7u43@b&mrF2B`Bd$0V(i}
z=-efo&xXL+;UTVf@L*xb0q7ZR$A#uWPV?X=CG8iWgNpWp-a*#TkYM)tl{v-%XdutH
zvj05Dx!`|Z#qT)x$(;Y7FRCtdoZ~!SdBMx?y>j^jJoISG_1-JsGTvIni@%dhGEgBZ
z#qfLl9nOVSS%8n5=c+-r;^w;+Bj7E_Je7L)uy;=ml%t=<<+^A~xmgi?K3%5am3f5%
zSe0xKU`-4={lfl+tUg*XEW8GavdA_fE=f&$4|{(~)aggD`nu%_kG!u=b%<w`FdH-q
zd_*gfP#wrY{7efDOhayiT$*rsl!>@p&eu>@jx{Zy@SGx6ow|})>l6uLHE~7vcQy+6
zFDu-!bgomLs8`7_H9;{YbP;<GRwcjf#6}P^62N=3I11M$#p+abo>?F#OVy}QB%Cfq
zqE0Ca#`@Ybrf90Ou&7%krr+O}Ghx8rE#XIOVGYBGay%fuMoZQtcbHUW8HMxo{R`7!
zlc==^?s*CPbFZ+?q#}mXAYFeMQTZR_qv=sTX0tOn`F|bQPfNtVfqAIShH~<cW<2aE
zF7=CBJa(asA+a{GZ2L${%Mg{>BoJ7P6$rKzTO@W;o+BVj#4Txgl$4K4Sw0Df9KhrO
zCzoe6)<lIE+rc+0Py_Z#`}{1(P5OZ>*!k+SB;FY4_;3)6WGU>Mu;KE8<V1a6>_ZS~
zhLbJHe>k~_{F7_z-9pCZ7lbVKNQc^0-Hx#x0<%={HJzjWO4DZ|GbUFgTpp!1DwC_1
zdt4<(cs3DMTdBtCD8b{}MQEM660Kd{8H7*12rH6NUyk2ZMm7<`=^GxV+RKhSi(hJ%
zM`y;EQv2A2a?<!d@Fht$+KX@go<Kkbe^siI=j)~Dbl<b1&*V-g8pSxB3A_hU4gBBc
z2L_5zx(y~sEH5hc<!2cpr`1L`<AxV4t)fZ|B;0NIrKqX=E{7U1(ZDw_^4w~XjciL!
z8S7ZL4qhi?|IM48zWr(AF>n`%+-m1r<OhX4)PUWfL9Qgk!3S?#p5%65drOSt(1gZ#
zrUPT0nFNP6oRkiTmrU=0788~P#iC&AA#D2VN%+OAHIs55V`zqUAJm(x-{+-+>4#nn
z-{Cpto*g|8oo{*5I+wlm!M?wE{$&@h-GM$n{;6jfFrUU%kM!y@F{P>S%3BY(eXNr>
z(|gcqm1%b~i}fn*64U%Oz!l^6K7z$XrF&^~P&#N{ex(z-r<_H5t#hawq5u1*>rXNd
zsr&q!f$PAhde#vAo-)@Wdewzh6q3SyK^;J;bL~94Nw+9Wr!q6=a-7<U*Q`X=GXBkK
z>D}jw(&iPqGv^#s&{MY7YuMV@XxOsW-MX!!pZ(o%rJ*u1V3I8j24#Z-Rxr@TQ|_Ju
zw_%f>e4F=654(S5_ksZ9@jF%?dT0KoVydS3;BCmfl{)vZZ-?C6%V9ZbGrt6OO+Hnj
zS3frrQj7f2zV?jVV!INHI)q&M;eF%@Enb8^{89a5moPwY;I13aRFgB;N&1a4;mg1L
zYLA$s8oHK^`aq-^y8-I&dL;j#9~!uJ5msNU-zqaK#`#4tpY|OVsSk<%`k=^_FZUi^
zpTo10U-5pJbrYnbRb8hw;qoZ8CqXK2HWnL8)U|ebAlBEOOY$gLQKyhg|7;(5!iX1D
z#_fA>hC1Utu2saStyDAW7M;sMV@euL#gBjSMC?&DqO<QmXg8m(!(DV=G!pq3O!@MW
z<?+`x>c^1}$k^W;nciQWg5^h|tqzUFA*FxX{S5*C(SOyyf8wFns;Qvmv=j|mxtK(+
zAT?DGSs^<a7MuAr-@al|twi2z)(YZLsS35xE=;v3+qZ47d_Smr{(6!_YhXXzVEJyj
z{)FxLJhxz=Mh(Izk6=uNmx;v^`q|*aX}ef<C#Put{$+=zGuqi=mTW!fUNiX;CZW4h
zZPVLT%-GY#g*oU6X>hW`q?A<h*;RCjyV$Pjm6Wyib?f2vGIm;eMrRnB?(%v0r5XT(
z6nEK+^Yr1RTQRnY=aiNZDkcILXhrWg=S`U=c-+?~oKAUNlziL9!Ds_Qv6)p24o@TH
z8Iy}POUT4O5wu)p6b4bgOM=0=>&3DnFRZqCl_IH5h+;auEX=O&$527nbTn5hTQCz<
zQ(wCGoe}94hFF)MMG>`*f-o%fpDN?CIcF+u;3tIRC&%~1kA@=+NB4|3oD9=+&f%dU
z=VqPOwRvdBH4OaDk=$NF^G6YC)jB$0l(n|6+hv$9QEEMA)Xq77O%f8xgVC6$(!6xp
za8-0mL+KX?xDSD?v`s(uu7|JH`0Q$Jvu6(78lu+0VuM<NS&>(E&+xM(d?$sa=T++M
z8fdl}qw81_fhU9l!=+!oQzdCqprtcD5&ZBvT#6h-cGSUjuY+3<SW7~>jc>cT8q~x@
z9Ri0xWTF|*-zsF%=}*cl8@&{96;n`U)XQrlJn%3~_Anb$8eI#Vv>hZf+n}ydx6~(g
zZE2#d(fIr{HcL%fchWMiTo6<U*7T?QIG8`$7?X3VodWO*w8VYQGf`RXp|2^G+N|r*
zP5HZ%qu{qJd6*@1@ln{YZxVu~W&s;B*ywC;O|6;o&1N<<;mJbTTw4&!tXaaeFhqJs
zg~*^4vPvB=WYoKD65fI;Ms8N6ON4AR(LivkQBz}~cv;$%M)!Ot^%%+2@(9zC=AX2z
zEf)k7!ZrPAJ`T%wbKC9WbLtX1hE{6E+VucndF!b?W39*P>s24y)0V1(O}^nRL%vNW
z6Z+5=HVID1`UnH(Bh<x!S=QRVHh(v0JeK?0gM3+_!9=d_)LCeW>zZq#qFP6vUn;ek
z*E2WexqeW)_}PaG3J+)JtST&61ynn}CXFG))MV+3{QQI2MbDBXG9O4RN!j0?4UA?H
z@oPO=+t-_pW%E`9MwK)BNMZi;VCEOD2K&y&itX=yH<iW_85EAnBX2k{p~Vx@Fi6_}
zztNea*{@}f78H(3;b>vOD0t^({k25x!wyrF;px67Y_U;6)si;6@Sc;!sL9?|m_KUZ
zD1^_Z4S_ytNFRcxro3fD5oVuTm|4ioPMz_oJg*Vh&X#b~lm49iMp@u#)9P{fy}irl
zjm;Yej`qEC$LEgCS~Cs<`d#{0baVTC>Sii=f4|mkhrbZ;zl7;u@&#XjtY6@-VDRNR
zW!(7H^5shJ*{9`E<>c%EdgQf0e##-Wo`KoD(bKB9Ax2Ym5StYl$1fx=#Do0N^MgDd
z0h8M$eRgSDy|Cb8BZWvYew-&tYmnIcBxHO!`=*GOQYFT`m!Zo(RJ`@^gtyq`8ifAk
zw}g*Ib=RTmTFfK5*+Z7b?UH9gl&5h+1;Vs?sXZ<Q>HFn*&9F`fYM(!_Jpf{lqi~e{
zRDDMMjFSB+^;0nT&VF&InzB1ulG;Q}jn@|KuA!`-^8J-w@L-V8MZWgs=t(x)OD3;-
zY{vh!mc^~m{Zv$nf9oupVZ=YTsLulPU&E8uJT~J0UeD&I`=5;HsV(aAr$^{#^duYp
z4!0d)oYj-9gxk4eU{?3r?AwcVmIP7}w%X+3Hbjr@0lj=pFS{zlpJ%u6=T-%KSsJog
zp&);*&HmIwq5k^S1jiDaV|7i9W91U7!?DzAh4!GYUTX8Sa$IaqRfU}A^I{xi(d@RS
z3k0RjqqmxaD(Zqp#o-UZrAa(5hZmG9^j0sI$G?>uRLH4cvW%%`(5)OU-KJ;0&Ilb7
zv2i(wRmUh%ziYt%3+MGf+yD)>aqKPlqBD6pdK?jS)?{~39#J~8#|1*cLP7u{1b7RD
z0@_|E26;au*H1kJrS^isE%l?G(9Z6L%CYXmMx`sZ&S~FR7m)V(<xE5`PTIAT!q(|^
z)M6(`r)OZI$)r^l$}6OmwM2~oiyMR5#S4rf!y<8Gi+po+%(h{bt(xyC5k2yY7XDuB
z{(x`-2Nki@GID?^`x->GpZKVu{G(OWNbxz!k{&KON8U<#se$~XL29`86AJS1*tPh7
zM@o-?XR<W5j>fpHU87Mw-q@B_6FK6r&nK?tuqD;@Z?z;0CiGsM6-QbLq$OIFKZxi^
z=uJBAcE(Dhnn@FDl@$!8#pcR+gA69J*hWls0XImd)gZ8ip)OP0Boi;gML)nRtWVQ;
zdJ&H{{t!+u#5N^}PFWgCZh<6T$)nyg1rv{{f5?gQUhqtoK!-&yD10ztW^u$Qu6b%t
z-V2wgho%nPR}_jYI*rO^2Csft`sayct=Pnd?<2?s<QuiKG3;U0TTv#y^S|lWrxxHF
zs8+1sNKmSb5{c0Q)<LGy0b%Fpb#hA4ba8LdK(Yax%~BZEDE;&Ipe0N>rjc^^S}~h;
zY8qtjqHwL1Wj7=|!fj&tvv~618Slc~L_9I@otmN`WCN!J`2@w?J)Wc$n>n<<v<7@v
z2Ej1r%{){nDn{EOQaj@jH!EgA!Ki6Fy3p%U@9lfm5Ep2*xod&0{pq#kEya7y={4v=
zkM|4)PG&|lH%BldTac400POZFJFb@zQ>RsD=Qd2sUx=rj0&6#*b*QL8+@6uL+)a2P
z>pP{kj4sD?vde@Zq_OuD6&-1gWLPjVQ3cL!Q29enw?C*-sqS{B5^wNiR=G-M;qlN_
za;5`2U&9O)5-AF1d8uSSUZ=c4gU?YY=V00!KsxidMq8vLQ&mM8-8P**OQ*}y>UYZa
z7OALYWtv*MQ>%NZ*FWq_gFmGjSZsOBXE5zEnt{#wr}`<lxj8NfVAmF1c45Lwtxm$*
ztznqS8pa+$rOSUYPLC(uU%T_=9*(e5&Bul{R5MA#Vwhy6U{IS92Qu7ZUW+_W$898O
zl8T25taMjRjZ0`?M6Q}Wh^o>iK?=+x2dTTc{QL^4hX~OTaQ)~Z@*&e9(zfF+ZuE^`
z%C-4Wez_JzH?dE;c94#kj*yQW1cI!pzO~Z_H29A)3o<igX%%>N^0ZO&*2P#BR^8QT
zBgIueJF}&bRFamHk)_Q1mGslp#_9nx<DW}AzjN}zV_cU%tz)3YAZQ3l^*!XS8){1P
z{KomjrJAq%JFl9_XF8wtI$ce=jD`RDn!tgqo?~$LG4RFaD=)$?USUj20+JZs2?NJh
zJI4?0bZbAd_lOeTd${^s-?@?<$jb?2=NNMG4B0K)Ebz*f9s9Aj7ka;XIUl0mt^`P1
zgn|x~0bgvo@*?fUYm94VJFndAr0t{ujd^%Jdt^RpzbaS`@t4cifSHT`@2Po(g&n!)
zs*m8+{e0SV1U%Jsr5E1$Gawb+`{Le<=~GEY@Y|Vt_kf^ikypE|_vrWT^3nSNfah}I
zyL&SXrK>=hYST#Bid`W8-15Z4f_Zm&ASq?5EH2p-V2yj$Cg%HA|ICGuH|X8MPb4sE
zj&2MBwq)6YKYvi-Rutxxr~8Rzoqs-5mafXrA!O)*eII`I<G+=K*U3qQZxHo+T;V6-
zF*TUipZXUS_(L;P)i+z8Eoa^*vO(-<wjeu)YqNDZ<QWRl5ka;9P??QP6l!FY?CrQf
zIWd6aPYAI*0A8W7VT47ast~wBRx}NdpI%f<z~k}2e!5Ey{aaXQT!92Bc<tZa1iA&O
zsg%?NngG!Bq5Mm&`>Xk+7)MW$g)VDMMHW>|V#!;~$2;zwg^Qw_i7YBFL7Ro}pF~bn
zR+?lZdoyOZ@==N`s+f4m+80H4E3&A(WObYylWcHNa6u$d#3&ZLVxxH5DVtmrTvH@b
zc;OBVKt@fZL}7*5+Q<fMw>mhMB8ehKUa+%^g3Ck_g%|AVqSUy{3c5Fzj0u*SV9Qzz
za^?j9eR&<KeRTqO$`lX>INKD~)LN7NT>!sd!?CIc%#O95OMI>gY(AgQ7GMEEs`6p}
z2W+uf+>U*3z8CBV^FuGkhT4&7o4_`8$@1;Ik?+7(H1KVFJ8$GW_)fly@8)~>UcQg-
z=LguqkcJje*ad!L7?`r9M{v5)`#`X@wRKIm?M>G2l6Ewe<;A!6Ytu$xzU-ra%53;R
zDcbZrm%|&NDnDW1$u;M30T*!@mvBW^Rb$}eR*(3%4}aZ#`Rg-)rC-Xu`9OT~@h+Kv
z;oc%P09WV7tG;@(>5t?4(uh9r_B_c=?^GsZX%pi`QXrnql!LdI^mDzZx+m*v?D{oZ
zMmo5D1O7YmRZ`!Pl(BzIKgvmN%0L7Ip)Uh(pTs6W+_4f{YyKX<T896=M)=}~Uldzf
zzjTWvYW++Z!CR7qfE#jhF7Ua7y$;NGw2y%wR?*maFpXp{Qtq6$WT3_RVtE;OOA=d9
z-tAWxe=#G~|JXPzh)44=ou~du$Wt48Dibs!hNV{PDrUD&Xq)`BWQVek$3Wfn?(5`R
zE>UxVZItj%3T|D!UFds7A{M7-uMX8TA&#a8wywbJYKG9O7|@90he41kWgIT9#ui&t
zKq%)hga{?KCu&WL%`{7xMAji@1!_@_L}gk;R8B$!83?O*GVVSPPugzDoa7eFsqTw{
z`rItO_u<mBr->PNhS_R6(-!U@?$2hZ<%-Q~bmRw2QynhsyTzf_w^gt1X5MnMC%63l
z<~aE1==*fCo3R#UqwDk<O_+YI*<zDtKr8o|-^W(PZril>-i09`)qVNv*rTiyEC1<;
zxCVIjaPfinPlNF{iuXA+#~C2Q00Hu=%bx+NuLLZ`nvmT-NB>3|U?)h8z)4A|5z3gN
zWG6$auT|8uK90E;zRNuU)JHw_rec9wA2D_b_LI+mzzD!NqYdnPWX53V0%;o&Nhi`x
zi7_eaoY=5pT}&YZ=B|1(OBA`RD?Mye2Nk(pdtkB2*F}AFQNPb3M^VGrS}}}N-_8=G
zzi6686w3%=I=xR(a%^@}`pF27mhRzL-D7*d@W8(aCbv2YWcXNuq<$^?M5X+U6!i{?
zg3kF}h7=00a$|eldR#;llLJQ&u{b*Zmk3FUR4kVrFDI5&M#emP=EH7P8g(n#Y7$cP
zffGhZphFBkxZcb=2wL@?%&xSJ-^JR`<aO46YeXByoY6YvL+6h=elWCTcn2C{?=b3&
z-nFL4B}lar51#-pcDzZv9mex=)m(e9j_#_JaP^2F)ZPUw21BW>=N*^ex?muq4t$+<
zO^OTwp1CaAWU?6y=YXF%+fW-_y8(hATqYnR%S}WeY`dM2wA~i*EgDPT2lwP@D6>R{
z-^7%VW#TF{({uIMFjWp3*Sym4$W=WfU&aDrr)EJ?wjDDSyma7<UbVKIBC~NEpP~#C
zFd4twn?N}Mld%UUFdU;$ghG6Y)A$Udu?WAiKkZ@wj)E0mFZzumP=SH$4y`}{)k+ai
z!3FTJT(vFYNzoP)1>Kg=!G=n*U0X`A|Fxw##FXe3f^8ahyGBB=TD>9al&jGo6j1+p
zR0yb6r%X_H?R3#wwPETEQKGk$D)oA(Q_Zi7a%GxTzksgOqN+pHSrGvtG3m03szwi~
zRl_R_C&dm6$!u6D<$WbBRjE}Y)zzZX@#E43nI(E(9tGM+>MqMhx0mW(J8r9&5@mZ<
zNU76NV5f$iCbIfB%XG;0kt}}+THU`uv1)^*8dX$7t1Gny9aTjjs8e&MQ}wF2%*~Y*
zJz_sHAf-_UdaKHQ=;p)LhUFRz#d@OaBX5Rl)a{~-2GvdS)Jl66xuNl~@P-xwu-$W&
z`$Zg~=m#<zI|nBhHxDl#zkr~Su!v|TCXCCdiBu*ZTdC3;?kIh--J$sEu?z%5Rn;}&
zNc7~D9e+2(H#c4@xxD+p{o`$=AJy|UhyH2VGV$rrV?)2ce*6Dz9bKK><2^GIy?y<&
z24;UYa^Bqe3m5D?vu5$4B};!G)fzY42_piLh=N(T<P?-t)HJko^bFC6K^(+IJj6!=
zBt#-41}QNklRuDtVDUX3$_gtjv)ne@ZLraAekZZSQd@m3iBBL`z5xc287R*+LSOmD
zIAe`xMTaD5vg9dJrb?YAZMyUsGG;0*HglG&*|O)znJagmy!rAMC|Jk>3kw(Vx%C)d
znpxBr))gxq$77E?A#&F}tFY3TO;aG{$Kqwws!Xj-aMCFg??FE$CCVzhoN~)6KTX<n
z=`&=^lsQY*Y+YkV4yM1VJj54BlA8yXD&If}RptI1G<)7a2dAg1WE-C~qEzF3b^}wD
z`$i6*k|-bE_Qt;Qk$C@zxWvaq#O00M<y9G?EilW#?S1_<^|%nh8ek#b(hZH>)ocNP
z2-W}#007zoAc7?T0nz_Ou+Mp*s8$@VBf$Tlh^WK=UkMk9*0C2j09*(F5v&0g006WF
zKm<zwETG5=qz|YfSj6a9_yTljRq`iXSiUPo_&iZ&Uqz~ZXyD}*txT-0CyyA?xaaIs
zCTKX3E8tTjcqk;`ax)U_cxgSakyp=e<kt%t1wkS8lAyFzqco@y4H^$$0wKcQQ{*G2
S&HPjg++oFLySDAx0RR9@0u~<t

literal 0
HcmV?d00001

diff --git a/data/web/fonts/source-sans-pro-v21-latin-300italic.woff b/data/web/fonts/source-sans-pro-v21-latin-300italic.woff
new file mode 100644
index 0000000000000000000000000000000000000000..c0dca072a3b5991167bcafb099907f255ba0ace2
GIT binary patch
literal 15704
zcmYj&V{k6d6Yd*3IkC+X+qP}z#I|{2+qP}nc1~>DPHukxdq3Q+?V9RmdS-Teduyg@
z`*D>M6$JnReuPII0QX;Oqx@t45Bbmf|3yq#L=*r3qW{5Ie^eBN1;jv1UQX!;GXns?
zdjS9pmp!^YEHNb&K>z@f;s;j+0DxU=-d%{~l;{`%04P5I0HE=s`kGmee+;b+?0&F~
zA3wJrKRlk%!XQ&CcM|{rMi~I0xC8+B+tq2RZ_JDhi~s;;;h%B;t;>qtKs9Xk1O8xM
zKQ_sK3gZGbU}o*~GY@m_&s@d;0I1!-Jk_O@t>KR!8{`j0^rM{p$@Q1k25vv=a!~(_
z!}(DHAZEb3je+&g7!L8Ddtv|atJMHFCfV6KIspKjen0jS002g9#4hFFwg%T%2geUU
z0qgbbNl+Iv1tpU|rwFU<^d-jtGL|P}cvi3cb6)q%p1J1`F;d~h!<Wejo&o^4txctZ
z+2KeaiReZ25il|}R6Q~<{ZHtaYEDy)ahb+AVUx`}D>?Qj&7u}2-mk@+#D<*Inb>rv
z@p~fb87mqh^27Y#-`pwT<h<V;^~NWkyH5+QO_5{(NO6dF`~#j_PX;aIas-T30$j7~
zk9^*I`u-De{Mc}ta!xQ^pPM}<JQV^f6sihh%%feDSWTM>v%#LLS7?_@OK(ZCD^Q*k
zX|k79m0HgJE+us=U&TO&$~O(N-{Wau_Z{Y|F7>|!lo{`zkXKMc>ccasFGb_Q6(%bS
zr<-HWgk?I4q|IxHcjMB@<9%fJXWLg@jw#{WN6IK|Xt->|9@ZZ&r8wh{ta=#XpHy>|
zIFk6q{^FsQ(VjD?YZh5^030>WHej5Q>5f&#w8#{er?BkL3oa{))!#$iQR02r;k+|T
za(uiORX-nVoed%R1KLH!<eICgpyG$~N*&_UN1B9s?CBcu{dB)-PNEYTp36yWLEj)A
z#nm=lBJR%S?YiCrBsawJwRwD;fR!LvU=6?rRYulK_Drdt6@X64Ow^VoJ~-9rBRI<$
zje3fPCvl~VxfXHkbX4X}*9!H{#XP#I3eK%xYpu6)r?BQ|#ZR8-ECXoSy0M;0`lN-|
zMnjv+%wU9KQ8zWxC{yS=_Z4!l3tcHqpBm!Bb92=60+I?86^cAe!tPAk!ci|6JmV{Y
zyrt{z3_@B___vqDYklymTL^f_+TA<7bx8Hiv1Uvc3TSdc?tBi=8kq*akEAP~N3jCc
zPt;kPp#rFbNq|LVhsx7;apq?@RLm>7u8ro??On8H%6y=#%WU;#tL@jn6lT7Z4Sn56
z0v$_t9NvabnS|1t3M%^Ewi(&{9L9I+7wFO87G@m0`<w%Y!L9G_B>~p+XmFMR48paV
z#yZNFZQVT6sSX-4;-bc1E!A{)cJ0iXm^`@B`-<R>+~zXO^Z_A_WCw3)6;;s}EJwPR
zjYr$@kmfb_D}FBVxVGKZx4a3}mBluahVEKRx6Luwb5>KFM;0KZDAVbd^Dmq^NPwt+
zYKSe1&L+H>*-l>MPTGf9?dBOagyJmTQ8#AGA#qo5hETRJlt$M*@}^#%!#N0PU#niN
zGE}x`DuK+GP=+TZdfQ8-4($R$Z&{8Yr=M0W#O+g`HN+dP%9Ynwd8r{Kde8iqTAu2*
zefgjNN-ics3EhL8xii|v1ESaNLS2^K5j=RG)6F6{%Kd%drOV4z*o`~XEGq2Fcp;@>
z$RE&f7ZDE!QoiD7tLik%Hz~eV4M|h?H%`w`a1V6RtRJwiOS{mnqs<ar%qcvhO)i7k
zL8IP2e;@S`oSs7D@|B!!3$EAldbC_#DKJcVv&;Be%01_wh?#RHzQV&jq)+ivSu@X#
z32UDGp}m|mMO@IZm^9&tF@TR@lHJGTPI=_cVY?IG8WwYh$7j<WAb*9eIRvJ4o;Vy{
zZ;Qvjf%p02l?k+u42zXRQa`iZ0D6H8c`6Ng7<efxUHfFzZdMq=p^w#=x~pu`%|L#r
z$a&*QAEx2dFzEwazVWrjm>Qdp=-&d`Ky?S`a|EAF%U>5S1RMA~PXQZtFa(0pkf5tb
z{qryv7^amr0xf;?hdxRe4U87NIDLwQF$<IZ&WZ(FXC0(*4ysoe#{jVMl&)081Cs+j
z+44O^O`4xUmK&tXiGw@;>Fz&g{lE}pK1uQ?TCAz}E9IXYKZcm92PL3EiP~k%u!<i>
z#spX~3~2_4rV-*(1iU&x)dZ`AhzeG0YeuD4^Pbrd_cOIMX{oZ$h!i}G8V2^8EX>^h
zq`EZBr1<Y$rwVqWlEgrGQh{8+V*F#^f~@g9xJ7s{<+H|RqV0>Q!A91>Db_4YuFes~
zRfVM!{iAdLD2G_=i0Zc|;X7cKz<XMR*%4FiM#yKH&Yt>(Ig7tWLj0W|5!s__*H#)k
z;Y9q4Eft)Hj31<|&>EnWYT;WYU5I-@PT)2!X$vm%n=|w$iaMyTlBd&v;$ky4N>e9v
zIA;4aMEjt*QG_UP9~<T%Or*Mb(vxsqye@hVr$+AdLEM8^DiEt3#p&aT&ZLxk;m$v=
z;OGE!?5vAJKjP)d)9IW(hv~wY2IV8GlBnuSM{5Yvv??zl2GbLh=|$f2i(RYZ8HKQW
zX3+vihT}8#;||wBq~cw2UYHGXmz;lZ%ktS|o~Juj3#8{G%WuJsCFjY?Ek^GJ%PrPg
zT%|-bnb~!UE<J@sV>E`<m@<~*0<Mt_Q@NI^9<=Rb#jDwWwChVSVuqSrk=jgP`I5fz
zv89S*+}5mSK_=1UQHF1~+vpmsVcQ6!R+nR~*JY+68!k<3ZND;kh$o*`Hn+3~zT2K(
zaQ;TKTErbq>$NYB2CU2CEvq1|ttSNvnm}a1rkGS|x5<Btq_rn}=H2N`Z0}2imvf$V
z-rvLt!7sPHzck}EuejT7XIr!S9LM28RMp(ylnISgRo<JSMVt#$5P|{+GC~UqAQF}h
zN2y~Q7SwQ6YgU)=mr9DBqk$}KIBtU=@Z9}FhQnepU(Q#F59H5?5xn)Z!Jw(|-)cAE
zAx}G~Gzz?jPD=<J#qye=IH!P0(cXVA#Fkms5MWfcHJ}7Wl_)hA4#g-XfJO88LX0aB
zj9+ZrYp7|bg#7#tg(K`X?L3SrGlAT_vUSxcKliPPrz6rkY8j1dx42(qn(4Zkr>g0?
zU53E#y4O{FVJ-C~XOsqh^MxDG1jj>J-|uUl004eT8I=BaE}$9uIZw#{^4tBs!V4?4
zvda=R2FX`4Qvsi^Pn9(X4g=#R={_1TN(cvaT4vCF*mh!6hzL09qgF2lq5#@oak})|
zab098*6%=xrtUnLMYX#C>g9&-{W;jUt$9xhx#=jN1n=7BtTjJ%HCeA;6*gPDZWvgv
zH>XKh9czy?H{?j~QGXSn&-zjFD>;Le>Zw$~P3q$;mCEP^S2PBy;Ov6(*^7~9d(G)l
zFLs;DYQ~}wS&nhmms!!QOBGxYL5w3h#BY%2U`7Tn1UC#151Y8ZzP|bu;uB-cD5^Rp
zYJK#BAVZC7=6chZu*A_AuM1lG;pqNl!M^jY_=G;glkd>GBp78mjv7BtT3OoY)!uf3
z?{%7QTsZi%X4P(+ZjDu@x7>23)&D@RS4HEG*$b|ZZWoH&i{6VMo^QkvnqQBky+gTO
zhd97ceG_@?Mevu2dxzPUeS$+#f-p+TYai^|O#)mFtaFd1W=z;F4)Q|X{w6ynpE3t(
zA5TN_g{a(sFe~Q+$={0iR(){?g7Z0yG}?`}A@;YlG1fv_pLBfc5Y7=}%qz7%BG<ne
zaMt>;DJui2F)Kszj(<~lPY!<GlO|j%t<y9%b_wfXHDl5BZfjAVVEWi%%iojLqs`P2
zYSJBlOjhG3DTJgYtRS$8$>37f8zsiO8YOOP-9DdvCnJk$U`MpueMUGaaTd?7r!0y_
zWe|`&)!wEiJ#Du--S4;7S>p2nf{T)8s=@_ii@}Yfe)5{f#ivfZ*Cu8y+cV>boSG#C
zAY!*-G1;-OxO?BRU)=EMo$;t6-3-qej`;aDIvY{XH67=)K3@atEqeau)H)y7MLXYN
zrA5bx{dz?<Kx<fmPIryl$M+44n8W6{Fo``2-xI9n70Q3Eck~92hfDgCeRch7I2=fN
zY6==Nu8VCnHtyFfA&u?>607*dA}U9vNTf?5!Mmi%*w`r?Oi!ICQ>I?jcZD7kzW;Su
zwhTjTTmi4U?uL(fceu(`tvP<x?K(<Xn${HCU|!0>f*T`otmENmV)uELv^U^J<hZJh
z2O0dra;EN*buaCRMJ6m8Ii4`#{Jk?a>dm`c0GusKOh3*<kM3yfNZI~2AJ$K?KkqF1
zHdFQTxv*IWJpy`^_<5{G*`mXl{LGMjvh%m1-NPl38$M$shQdJBM}X}u7_;unsXPIR
zy!N==vY6M-?z(&YFKS;vNN|~!4Y$)yL`UmW)re?|wqPL%vk`xRh&oH#O^(aN=g5sF
z*ta&8QaGt{KQ8nc8r}7w@18Zz0!eh<SPeT7RpbfT=Jw4ULYPOWKi)sziV*G$xrJO9
zmp`6loW4U&29YO3oQ<y3J9;b_nDoI{%3fU8X-ZGoe5!4q^K<RI?JiDhaNCD3E4bP+
z&8ur(^NrX(8n|(^+Jg;4H@9~9-*viYXkW*vIvW9EuQO^Rxz__2?VR9mc*MaVG;XKP
z9};E?goAEgU!4Ty(U2aV=IZ;+v?#$^Y=LaeSp^rNCu-AA`)Y3YlgsHi#u#Ol^V0i`
z+9UH09KZ1MZ-!2NHxRpauRtO1csnm^KES;`o)(rAULYgm!{-yOQuJ$p2RRN=%eEjc
zP4aX`3h(<r9NM_4N;J|hU^zy&SFPhCKXbjfnOBU=iq$^;arKHHScfn5Ufn5`+$f~J
z9{Xbhv)zW=M6rR*K;0P<T_*8ssTE`qD_Q4ay&FmA%d^M@#fb4{$Bwd0De==eID1Lq
zY(t^+I0`ukWo}1OC<mkF_@S;4Rd*jTS8}A5gx{$}HFUrHqwgd%n25AJ!{8uCOy^}^
zY%0pRk9Kvj#?x<uI@~Ercn#<<NeD=hhTCwuEp@fKM#UZQ96w-n(!~tx=!JG*1L=9A
z^|OY}8I-xXW#PK!cCgQT@8qk>?uu<UHgdSe`$FA#Z_5ToD%_+MuMl7e?7WVRu6%QN
zJsi|ESpT!YD4>VATB4<1Iz`Oh=G$uBZNw;1b@bQUIc)bS?eE;O)=Y&=+4rD`p)wiG
z{kSF59Q5)qvj;^jwgD?k$wTkQ^ajV_1QNQQ${C;ARbLX-vqH;53_7}l!<ReGVNXQK
zvW!bHqNqjf7GM9Q;GjpJTU5U3J&e-$;n})8SwI_Oq{7bg8Qg%)iXaCATG+cPcso)B
z^iY#(hdUAS)t%A5G`BqO1P6TNiI=y6-FyaXtg+$YeaxC6)O*ydIe%Vr+-cWJS>SIO
z`W%8uF<Fy=qfLk8uf-xc${RLRIbF%ir+0K)QZ8fYO5=8m1x18WQXBf%&`_!FQi@8A
z1{KOQ$e0O|eZ#!DKkL$NMJ{ex4(lG?vw<~7bf&;-sE)gE$S-(4K2zDCd0ZeHm;5cL
ztqbN^a}=7)ysMaZ;#wp~QXQ9Nklz4|+o86upp8D*ZY)-w$c><1)_!r*XS9i@hf8ss
zg8uUQr;&7Y7vVbW(h7-#natk2^OQsJ;uqPF-xZnAh7#Bn?m%XG@#|Ru_+F^KV>T}#
zHU3q1rM}d^FyL-PcA6iUVv#}EkOirW7k&Z;yd^&p9+IU!ZD8T+#6MS_t1%-}*Q1Ms
zYd+7c5bSs4(utLV#|AD__ix~X?M1FzUov9~>|TjJB8fi}qTSjEjio)1zSws1GVCCO
zWvcPFK|9CrH$zC$OZst}03F*T?~LAHk8Go#0BzRE;r&0jiI82fV7;B5@?LbwSCXyj
zTKNXuiM^4|K@Vbm>zdtdVxB)?T}!y$SjGKF)~{h1HMUiB&QW5N=Zbl>p>W*T|Ior*
z2{H5_OQ=QU-0~-#DUMAcXf?${R&}>nj->2g4|4YZ4o)_2jMDF-0c_}$W(Yy{%DdB&
z8rmB(E0sByPR!I1s1xR1?(H-Xu(~)f80EWzjGooqoUAFi=f<21fwBEDr9zO{6=u3>
z=h9NOBrqJq(k|O}cN2Y~hWv%`33pxqlQXg}S>BOLviH|fH39CV{+E$M7%mXQ6WX@;
zE5@wql;cyD;0V*AI%pX~D0u6MIjJruxb5jz6b0-Vhwbmr<L8SKPI)_HzGYp%Jf~qI
z#$3x|kdE#+QX||s`2Kx4v{d4y&f46dseIquO(x&mcv<DE5gzhwo?%9Hv`=!rpN!av
zn}~x7C5Rj@M}5AR5MfguiLak<C}d0<*!`*4JfihLX3FhiFTMHoxKM6t*ikBa4N?JK
zO~||Q`<%5IZg|Qnqj{)&|BuYDPPmTaizV%tyHG%tjI6sOhXdZoGjfzf3iXRf>R;rc
z!3K>;Vgi7sjVFDKar?XPDJtzSCkke!Vg|5d*`2VPkqps4u=IzE#VcwsR#3%e7didP
zNwhCEef#vbCc}5&u(q`Bf&1UJaYHRf&3nbt4+y!_Wm9Q=gnzJsTDd{bO{+X2+fm04
z`cJi)270IZv@1w>v9Bg)=cn~cgpooy)Q*Bnk6+l7zLZ^6Eg5d)_5$bf!-bJGzJ$!o
z!)8Tm6rUA&8&P@3YKtLei!4(rPmX~-1W;*~58V7ct}07GFs=*hXdat{c5z207ab#f
z2eU(7)fk+YjOi)s9yp0SCCJwVr+^|%YE?~>@nG-<)JgwxP^=}23PogdwzX<)Nw*lR
z(d1QRmR<LI2!l@N1E;#G4KOBIJupiFH(33aC_?+Es7iDS>nv&R8>o?m1)UruSD`5M
zLQ22)hdz!&OAHR*k_yN{U6|txDRYX25m}=fUWL}wvDCe#<gX331MN10vlwyuN(1qI
z-foZ)ShZ#Tmt@%G@BXB71sjbMzFNj^cbV<JBzs!!W)40El}F&%Lu%UB+X;T1f8TfQ
z8-biuFRbo9X>0|yps(Kd`PeYd*c1Wp5m8$gBa12TI$`C=p{=gIdo%fLFgFnjdd|E)
zADU4GDE-$BPg4#t0mzj>cU2NB9+%i#>n9FAA7K%|W$g>PIB$*x6NqXi$aagg4ZqrI
zx``;myqTA+<jW7Sl5C4AV0s$KwDXI6G&%nXF+$b8t=z)r{<7M*^^YirU?$>0npVDV
z@0fQ4@9?2NqIFx0lP~9)-Org?b#}KcB)*m?ew<@4PG;gPNKVx`Hj-)1XH&mR#0Y5G
zaSVA}mY+pBH4%8@-Pshntn~cW&UUL~zSTCWS={_4hgQIPjvOc3sJtxQGeao8^oi10
z&4;E~_ofu0vT>ED?ug#Ux1Miq<)L9L>4YnN27b)hO9@?KG#%o1&vFCz>dp+fM5GRA
z6V;(=5bA@|2iwIomJ_vH+Q<3s)UO+Z-5Ts5>(q$%gzDHWYB0>L81ZM&NKnpyJiUUs
z_Z^|TrK=^zb4eYt-x5)cU|)sMFZ6sBzfDNR4BdtD)}=7YFG?(&T6S?97ni6NHdf1l
z?o^yrV$PL)bne|@aE+N*+8@S+%h6_^ROQZwp76zAeg@P3fZ8z^4V`+&CPL$IBtr@B
zagt>(l4p@%t~4>dD6`&mN~jjezr{qjsnIriz<Tf*5b5#Ur$A=H8Ytf9e`J!<%?HWX
za_0$|pj!wIcc7f4Y!XGTW`|YkV-JHDV0sRI!N+9$<Vzaglp#JO_+t6inMuvSJ+gDU
zZR!=r0eWQHy%WgY5;hvPVv)2+-m$i&uoLg^LDxbt@xnJfTCtasTCxD|g6?Du;>Xzt
z?2d>H{r1nU+^2ziv3$_SwH4V0Q||rEv#B+*o;+8#Y_9|IW$j^!%k~TBV_FJwjxhAr
zXcUs?z&uM{^RJU`t!1l_ZkSL8UbVO&(?`@!z6<3`PRX|XM^j({^cV3iz865xnPzL-
zKJ>a871HO!kiCI3xwG&I=z|295Bxk7XKDN|y>A-(w;I;X80S_!EPmyF)d?!2H)6}O
z{bt(N2|n<r$*!^$7K#G5NNI$b6mAxAqe!E(UD?)(rkHb6_oAf0wzZ14A?B{yloOcG
z*_oG}76`A#h*t7$fO98m3(x{3uf$1&+j{-iGG{e0dw$=QkBp8SPiW<6h$1Azmlutg
z@m=JGIv@Lo2e_I}Yqf{ZOWmAVQ>7zJn8iq?ag#w+F<kwXq|Y!V+m2yy9?F<0pM=AD
zG1`~IfZtealWRe2jVQ=@l-7oleSAoWcT7~vKEk_T?DE}qfK*7$$S|E95Mcp0qGw+@
z^JsAFx{~vhY2<ju@)CSfm}O1I+bob*kN@}f;x$SSje%^RUJ7R?y~D3@m1_>jqVjSD
z`$e-RBQQ?HI}w3nQH5j0z_S-4Tw9G`gymaRY8}n;{hx<Ieur^S;2$Ac+Y|ehrUFiT
zDadPHan$hYTGl#8KlHRk_$oibMQMBbe)zl(#TDcoh031o8t%>qhN?`;7;0LeJ`j66
zWAtfobkZNq6{CFsf7P~=zr=(t-=fRS-DW!zlB3SGq6BEGctw9C8?{D0P>to$9g$nP
zJu-foaMpGQhp72f$5o>__f^AP`GVo}=nac{^P7&@ZIsPL!Ya?QZ1bW4zh5C9Y`BB}
z)3y{jk}?5PlKU)8c9%DJvsjgJu-j-FXl<wl*5Hlg;;kqy-CfrBK(?WSR%Okcn5IzT
z65N?F&nW40(1lsq&l+E5m*iqB=DF>}zh|JR5wTU|da%w!N@#t$mWn=~tjMgfqloD{
zCZ<NYd!qFRN$3bm^DZ9e*U{OpBMadfg5HYP#9Ysm(s$dH+Zy?jb2mqjFPVHML^akO
zz1*wveN9A!-j<$UZ-3x(PY@M01b%YP5%-d)QAAlo%rUS&)WUNx71kTPN4dfaoE4m{
zSK_k#sU*=K6;y=kMZ>!(2aN<OjOo(=*EgF}XCwpr<{H^t_$Ndq2Z7z86_C0m|HTL?
zbF}3_t21=l&v7}bAM!BFkXSeH>3FC#$&GjJ_7&5B&%Yr<W!JA_n@@AE9rlw9DRm~$
z15QX3aykJyZUVS~RCVn8-(wL;NJ84^Ke8|DPyNCa(6b?*0r5g<|Hn>vEC&XJZ|zKR
zV5E7?T1&d|{A>@}n`>)#_i(_nHruhO=#ik1d`zl^%jKxd1B=9Kh-PM&fEu~FJ?X!$
z`c=o=6Jia}HU}Q|m?;#v;0x^OFia8STwf=RH68{|_6F)cHz{M4l{-5{wpYZ1U5>!Q
zM-0x4u(^YeQX3gUwQ^&&MuF?xu!MoEi`uNZgUvc#HSXQ|kO3FlK`nTeYsgERG3mnk
zE>MS|ecJEbd6Q<$$)Qs6X?ueba#YwN4LwR$L_M!8M&o0LtRa5SLHtI|PdvS0^b@$=
zaWzBzzIvp5W1fiVou7Ai&-ii3S*;zstuoT2(uoBD?Zilw#f5d#an_o=6H27PKw8ut
zqD&!jQI&3WP*E|=%suMYt9%84<Fsn`Hq8;<*I$leeG%?FNlGiDEO>QSZk0PDZ9l!9
zzHK<k4x63-s(k-w)w{s+t>CL?clQFizSZ+i7glEEaxYBX4}SsWsv(seI&C4&!BvGj
zMnxu8{V!4MPq#Ru3-O)m{m^$Ry-$<o%NrXe@h8D=pR6p#x7QXz<H5o`f|u}SO&sqd
z1M!Zz<#L;OOWf`wp+1oEr<HVlm{CWD^3E5xYqO>|p-Z5OfUI+}!wc6kz~M|a<ZkcB
z{e9mntwxKklEiA4rgcRCRAKt#42&^R%$szY*)jJQ*0!9ah*mIo5;WUyRBH~o4+_<&
zP@LLg&RF8xE0xlZ)mI!XnoxfC@X=fN?i^mKF+*qti5c?aFao%Z?YNt!_eofr8Yy8a
zf&8y;O{Q<r@o!b*Z_x+ef)QUX<nYYr7oR*LbhniS-G`_q2a|4(dS7~8Ztr(iccODl
zlO?;%XIQCI7ggChnCNl;^Otv~gVt=QS-fImN}QF$@NlJDJ{m5ejRPG!{t>}YGC59)
z<aQXMQsy&JafnmjsW)>4q+LzVLSQb`T&Kqb?VDK@oqkqTh3%vXL1KjnrX}nvog_`f
zIpL6iTQeUOZN6WTPh7y&W34RK%ZCwpj#uXspyX{kv2!c?BRxj(CQ{X0X16uEUM}@~
zY@3EuhwEyjciofWHexG5xBs@T{!T0;^EZsBKZtJSoWr#ur8s54@Cf@V%x<fdVaG-f
z229?Sm@wlIG`?tulg$)$$DP@y7HsbC8nrCoTw=jE@?hrlVLaP!YUFHTs3o%=w8!9S
zCj7RYbk=h>BOEAFyW)+NnJk>IaK)b-E>VO`zyP-`iH2P2=MFOqlO^zXrm$J-(mOh5
zai{H;9ae~xv5=?nNd>{bL5qCB88stZr4?`VvR6SFe36OQakU9`cJdfzS8^j`;KkJN
z+y~E0&{)xJ@|Iy_8Fg^6wKI10S%{u6>4Y@<LO%K=&BZL6UdwTnZz8{OZ_P304?Z(2
zmlF$_w{~%EJ(-amTE14T+`<}5*`TT<v!P{V<y0ASX|YxEh$kDys0#`%2(o8oIFNMa
zpn>l&?d<4OAXh*zjj&V<C32RF-GQ_q%h`w>IA%})IVaUZs8oqg@WKBs2gQGyrlvT0
zZSlcPu{em&{XR$gAm|C(_c6S3Fe%u(-y89ZKfY*-<v7`JP}ObepBa2ZwuVn?A<oR4
zibUZt53xr&M=9ZQh8nqfyULPO>z~BvZ+;LoH<PcJ(@*v+(qQ4zTGc|jL)>`;na#iw
z3A!(vhOG2>g(9u-cOJHUkI2gtH&sZWT4(5H=0Sp#yPzQVaH5^ze=q)0wb|lg%+hjm
z_+#low#Bo2bgVhm6DSs)!Rux38*1EMB3B9ZwxZhJoD>GJ4w2H+pD7VlmN1?GAwsF?
zv%%`&mi?U%tVe{s$&os%`?P_6%)Wjj)3U{a@V*36&j(-6CGey;wI;B#de&v}_~^>y
z)YK)71Fl2$3bh@{7dd5=F9ei9%z+8>5EKlPUfWPReKqM0o}XQB+lzt|H8LW2IHn&n
zuQgUOa<3WI#1o4P*V>WbU7-`7te<_E8odW*oj;*Q!4c6Ht@~w|ovmJoVZ6b_6Bmz+
zhz%6Rr?=27>&2>})+$R)4MfJdzeb|G_~oFWMWMxTMF$>2yd|8nHTKwKi)D6*)=8|i
z%JK?3_bvO;c4hAjVBX~HX5pE#?8j4>I~Q$lPT_yY#&2!yIU>(~xBVR4Z}Vv(-QvQW
ziuar`8eCDk!In9Vt)auGr^hsQ7gD`J*1=}_o|lUa$rn8nzvQ5`NAiTfNRc7iRFfCc
zitxUbBzX&t`5@n}-Cur;(-wGu6EfTlvRv66?RW=A%J>ZG^aWxzJ_&Ex;VSFe7b_)B
zgw-h{xwI8}Zz&_5^?As->1rm={lp+@Zi`wRn694^YMukBcnv{u%ds+g=ig+N+wgei
zp8aKwY^ELLSKNAc@V*2rvp;{%?+V)#T9VmXac2=FRASRW2}jwrp1a%@Dyyr#7WO2l
zM<XbV>>d+hjq%3<`lv8<*rIDScOhnbcQ%<lOLM;wO9~sxwEvX&g)0$1OZfA}f+T=z
zC-98xM#;a>k{}ra*oN210YGRr)Iy*iDXU0Ftn7Uj;v=ycMN*ia7*ZOS%qH$Qy_Rd?
ztXUPLQCgKV<co2%;?=;5jxj~;T!4OaT~UCEA$yJ`%2dv=(hf)O+ofsvy-e@px1!hp
z-n3;df67hoL2PylenvbR+1cBnbSHbCdl*%}AuYl=(I-8*FqKL}m9I0<H(gDU1wQYg
ze>*fO>{>^jIN3&{s->UHq;h(OCE-;;OATf!3FP>~ysJ7fd%|51pBa{lW!zJrFdH+w
z#i^Ds#?6sy({SpyzaMZ&3DQ2iYzW@G`1W=|&l#N~whc5T*~b>^(e%+;#!~9Ae_Vr$
z*X?2+*0|4M_MG<|hx*rYDH(o0We&fr1}RDvj3^(oT+v(Hkdj<8z#wc*zn4x+`m$ou
zq<Fn-&P<x#fzJo^Gy1Ka9w{-^y0K!Sq5z{Q`1ih=WdI~tEmA)+K6p0o0}v66wg6i1
zU!pAp6z`J&(2xp0x=-^{z*^8S1%Glh^%e<{FVe+@P2Tb5o)xeeMpq!8fJME#FP<Xd
z(ID$<h*QZ?@HIlGobSqKVGPh4x6<`~h%C@%nfpEK5WSOGM~;zyAUrR^+skZMAg{LE
zFNsn0PSM_LVs>pHh;*Dc7R|w`LP`F_nX#UNm!=gh>sOjDNL5v>jamN~=FjE*vSxWc
zTdO?Y0zWiG^g(zh1l}Bf?|^W2P;a5!f`u3QTOxNkLmc-aHe(6*)<l-uzgD9PJN1O7
ze@WlJmWrNtW@x<Q<x@bMJAnBJ`6zC1wbT0t7Ucrj#s`IB;^OiFj%}+N{}`-Ro&6ZR
z>yNii2jskrtBxqX8{WmPXn}`JlZ$5?mh5ZI8w(RNYQP22?yEmx4I9{@*ZInL!rR`d
zTv0RHuhTd_4pRQ=t<S@A%kT(#v4L=9qfo5#x<Gi(ZK97}7p|;reWgW>zC%7(lt0D8
z#ObHgj?uPW6P<eUxs*g5S=qu^jtJKLK1nK7;{j#pt%Ei-z#1J$PKM(9g9VEW@}kb3
zYrvcwnhAG8B6D`s{KQS=Ec{7xgHy74*&iusIIGT{@gd7<hMQ5A`ha)QOIE{MN6eGl
zVB8Qlbt~R1F@G?tK4MB~k|7iOwp)ZNkLnp{lp<J^7^(n6H0VLy%ff-7z{s9E!6-&D
zyHRLian}mEWin0sEF2npR7!*#%TlJf#_8a?#)!FtL!6mq0Rw5$yl$-xFv4Il4+}LH
z`=jPT4N~uAZw~Us{Fqw1#~vkigTT(~#@2Ot`HVPats9@Wzi2)`ZZ@Ajb>%zT<FhWT
zd1R2;$Qhlt(7s~hv`G=2k0sjIexi><6Y1Phhxi?eK>Y>f8xsSF!oFd8p?GAkgUhNd
z(N~MxB!BkR+-6#+pEgsninX~*Lw*@qODkP%3R)|#Ut4ajLg{?Fx9k7%O%(Me5HJ)G
z7u<-Gd!T$gE{BJLngksvc!Uohi>pQfHOzsQYo$*1q1`x@bS>1;k#N5cf4YesGP$^^
z6;UhaIixgN{OX1QKD1F{Ke|3)4q}3;S+_C0Co~;BJW$;75~*pd;DQKXtq76{v=V4p
z&v``afJIB`nTU|Hvrjf=4#RMI#9F!(7Aug->8FcxWs}emgbqQ{f$>^kHnD}<I{R%+
zB__H;zR-}cSP|i}agI-yxRRXp!9hQa;Jy!aCR!*!eP-ju_qe&OGTF1=l{1Wj6EckO
zT)2#%QNE=bsa;FC-0dyida16a+m{r~Z6$1N<EYg-r_69Vt-%~!?{HIpns@&62&c=*
z<Mi3h>$ws=(LVg-8rI?{MitanzdnrN9Q@!V*0xaGgoP{a|7H)iEyV-t*jzwA9=l+u
zaX@{)k^n@M&qsG83wv(sR(hjoMv<945dtxg)+XJEgh}0BgdehYN!!tP#r(b~+OS%^
zv}#An9zSVI88X^rBr!!ck#LIH>cqQWo5mepCTR=<B1V@#3(YPRt@s=;q$xnTClNX`
zSCqEaA?>az8yJf}b(z>hyPe(Bz+`TbG&ro3RXIV#@drk7P1}ucxqb7)Jd?NHVhQmp
z&C~VcfSl_J?5wV+Ytgn0M!!n6)3K?%Xt_bxFm_^au=Lj1uwM7tt;@jS>EFptkgN2x
z-m+4vl!F0>F|C{6XY?e0?}25JW)@Tt$0VHay=QSq&E~>_XDj2<CR!@1X1z&I`jQ*8
zfZ@f#$s=~N&%s^a_*~L?^#y{v)!(hF8z;S93us@yRke+lKYJhD*+SQPOumIPmP}{g
zCkA|1%=Nh5)mG37!g?<wi;s4$@m`rzYQ76i{xLTb{%_(!wYKHvoJ<Ry^^?iAf!k#!
zFUyVPGYikz-C@XS$b37z{XC%GJ5K@lA3ON?e;qFuUR<>Et?jCLB8zV?{VKr^=y3rD
zh=^%@EBoHSccr0LLA>ul3NeVF2aEh9DZ?dS_ZjpfoY2E&wyD~lg4xU!yZ!wtZS6R^
zY-yTH64leAv(U6W%3VZ}(*lsw7Zq{9c^)Er`PnRrdXr|@BLgOB?NL1#21w=xXodQr
z)sQR3BEXmwQj}@iS*58+JFik!<veZfAJ~doGyP`z|N7`nY-!Qb(rsOd7%W`@G}{gc
z|KxoE<9qPs>1(KUcug`%H?Lgbr0(@bkM4U6GFXybtD!OXE|dwfRa5wItx7JIqx#34
z%lediG)>J$)ZLvjmF(;W$%=$XatShd0ZVA;?a!sl)R_5cF_O9tWLyWAlVeR<B`LFn
z`|Gy<5PoXm^cyP_wmjkpb8M&?aikvn3(HD>??!r9SL$ZD3;Xb`94U}<1$e7)SYxs#
z&X%+2Iq9x#C{GWAcM{~mxuNirOCBIsz_5Tz(|~eTRL^ET*9H+-($ZHTC4C4|jxZ+E
zuVW`zu5Fh2*SI;_)@443;#7B#2dif3xuntTrZMhQitKga)x(3>VFtR#xjq~0hF$wL
z+6NhLh94h(=XQ`AmRIGZyI^(DwwJ=p`Qw5M2;RXP)_-k9y8U5E4z~~yr<ZUq&vOBk
z|Msj~V@wQpGNJ*0C&9brS{0t$q0$gMk|)Wd9wgGSkjU6hr8Xw|>xJ#*WbC2$V8Y#<
zJAv!NdeqRChNiQ81{2p%ib--8#))hR`bue;bzFJpSK5FIw7g+6DNy)l6xrFH$3Cri
zAj#?(RVR0lgPIgN!SCqB7805YOZ$+XLRvoWmouF=5Kl-BaCK-|$uIqfguj0o_VrUF
zmD0AFPP0|cPTy6*SnWt`-f$z?Nu&K}l%hxlFsPl_AiyaL9qo8lSi3CuyXb-ME_(8K
zU$&(mv{!0YZ4{_jOoEgw=bFzZXRpzvTJi`_O3>~%jaO|NmZ;(=S){cxSY4|{4jal<
zJhE1Qp=HZG8AP@yy8g{^hb*$AA|SV?YF23Z<x5KB&aVpXjfWV=9GQ+1D<)zDc$0=I
zz_UDQkm3Il6D9+!l16%H3)A{3phJ6S6NFOCVCBsu5Gev1$?|6-#eqH04==_5+%<(S
z2+oOt?;=A7Yf%`hCHS*Z5m^qH(4j^hSvX%nd1XHn<MUE}A@%4Hc-0(T{^6P@bfuA-
z%=$EO<{@}hq)5n)Oc$&|Dr#ETB4I$UdZMk+xm;-26u{?Iu%fd))29~r+HG7qgk-n1
zPp@aHQ%6x?nT|bG$L7ewRp5^MZ9*nwr-8V`=`Dc2eu}V%+%;7FXui8AE<L=LHW=>4
zEo4%Q%oo^E8uN+n6yUD5j62EYC>ycT%Q@u(5`s@D+{Orz62Ed4nx>5i0a}Nc3-drb
z#FuBa17%2(Q)%PVDx|LIOF&Khmwwg7#{`oqCJ$K7!WznQL(#$cjWW27HH6f5OrxF0
z`(m1(G*0qG4EdBe8Lw#uBg4T3yW^o)Jf>&{6G4t$6gD7|WjQ``45cFwrvKN^E~Zx^
zo8T1)q>vmk&*2b>odPjWko1wrt7>2+O}ff*E_tX_eWETngV|a?ok#b6R{)HbGj=+?
zo<F)~H9Z+Vt^XSf65Z=Y+<rk-WYNYY_}wAfiT>Ahw26sgMyOouz#&*^2H4oCI9b+h
z!)rr;J3S#s#R^RIJWYy}Sja6$cv7O%h;+WzzOw0tjuPV;-fPw=?DDAemtg^8(IjD=
zYii4d6c?ta{y=Nn!Hqb|d>x2F82Sqm+ZUQMSUsCCeUz^U|H@vf=Z5RVwdy7@UlU=X
zf*C53V_+Ng$N2AFfGeLFcEf&}*ybm%UeCM2*Zvd3dVs%=-iWPWBOclxJ_p^SQDY5$
z*)Ja%QT5TYzin0~3580!xfu?3nFd2oPueZhRT6=Q4PBg-N%tigC)=ZXMdTg<U8)I=
zL3e8tQ}SzU3&`jXuD!`&E>_nK?*UIdA>L>eN;mgPQnowad0R17p%vB4P=D_p4<8pe
z{?=*B1_V1(o-r6co8{Van%!V{X=KTu+eN;&Ph!36ueFjVU?R*MXg&RAopiFnx?AX&
zPIAMn7!$ouk$1_GI?tOPIPKN|<0boT4UT{ffty&?Vd;JZ^U{K2tE`Bxl?gVZU<o#J
zi|zE}y1UB$D1>ndL6<Q|+4>DW1KpGua`Pz|1CuxM9)yQLobu05_~aI&Tlu68&BIIg
z!T{M*I0!Fh#{!oTjE9%>!L4!HxJP`SWP?F6ck_h`MNIb1D|xE8!CYvq7fbhb(zI>H
z$K|;pdj$WPo9bZz_l3%hCasG0oRx%t`|`$3T#7Ce0YOpmuYc-&ymz<0$M?G>AGyr)
zreQmT&lS@q1PYQF!p#G8T7HvcP2GVwn-@55O!=dS^8nrMJ8VI)W~S!U&SsMw{W|Cy
z-slU>c*s{|GXbXdHpJb~?4{q`L6>|D+d0eVA$V|~9-*)O^B!qRr`vniMpt)GB1s#+
z36yt_>Se~v(Y;0w9~BG9&jS0GUqOW=O*<Xv(oz1|;)`1A4pU<dHVU46gDd!6@!kiB
zPh$bpQp`<$Ixhi>A&|~l(H~3HW8G*rPnie9NXlNYnsmo8yv`plO0#TXTDRo4&Lri-
z*%&G@Ww^@LOmLcp0zF$NOPX+C>uED~%vu~3n+5RT7SC^-18))nFdA&5p|<<mF*PBm
zU&#G8XhINQaW5uUtJhp=$ejO#SHf+%XO4pX4-kR`l?3FfMfTkyJ$7(wxJ@rMf)Rdo
zPZxa`DJF(bVrDPC+G9<8Voi3M4LjUG6r<C;Joo6+Pth^<>^xqd#M~DOCz#Sd-TJci
zjCPsreH-*K-#dPAZQVEq>ji$H@2BL&f4P$YWyL#O4|)5Lh3I{4jlvCn<)L2ttK#p0
zRU8jNpJymTbSHb<PiiTp=Dm$+DZyP!d1p|@Jr`kZCBDHfiESlXxQU&iFH+t`qY!8!
zz7jU!@rmdFg=z|a$-dqkgK~NxrfJ>f`w~I_A{H2}EQ5bAj}5t?{U^|(_wxhOdBe~<
zwh^q<Hg{&O!onJ#{a{VTdtY&#VSZWW5#)2BsW~YaL8Hv)Ucx}nrVww0=E11y((foS
z%wwZbt~C5BnUXMjH1HRkIkc4;8n$fUO6oC*@|fNI?@iP||3nWA%TvO6De@=A)9Ua_
zmg)p~g!8BC6)U1fAIZmEP_rS}E{o(fi6t5p5grTYv`X*_v0VjqLD`52BPR7t8N4<Y
z;YSXyXfHnpXFHdkuAPERT-{u^bPu%W*{;DS=WC01KIR6rjOo!P_KdXvv=&s}2FZ~8
zERW>_)*yCH4c4|mPx47%h4Z=dMO0w~EX5#pnxbVjo)t<9v`wi^DQ>lWp->nV4;auv
z6AM)cwJJ?hGE0#vLEBzQHbS0L8mHiHa}08y2TqKnfLHyB;Ehrh_^Q<+26N3I>{|?%
zvyNIk)!bYy(Y&uRby5QDvTM#pvXV9Ju6{EFx2Bwd@FoJ2w#Ki;w8Aql)>XWK?OK|X
z+FrUtm=_`*AidU=c)JW7sFqb(lG7kln3B^f{)rdb#_~d0_CG;>#L3TEUQi9&g5I0Q
z_lKRlzSDb6ChQqw;O9=H{}>=1l>bD>-NKO5EjrT`a7wlIWWm+J4m<KSDbP0PvGUCt
zv4|qof>;p$#sr7@LXhswk@=}J{U2Kh2t&bo_$pBkf%_2v1ak5p{7)x$_`i13gpT#A
z^XnKA2c#YV3;_Aj|0_Q%BanYz*FRh#{;$r@-k<&xK>zpb|Lgr}fN<Q_tY<+Ybp=qs
zb{tKAs#aYs*PE@^T>{#p>i#QYwO)VY;<?t_C)JzYnLgN5*!&fd;Mci`t|Bs6%C9WH
zgh*U-0(z{%aUF@lz3W9K?9S-w;7#LP3{+al4XwD<r^1^TVi9uW07SFo4I9h!R&6C{
z`8sq@E3P~pn)Dc|RxO^09g0pMvf3vp9Xg~Fn@tXpN*8Bgu=rJw!+l&TGwfbA`D#@~
z3dEAcVj<4@Z4YNL=H)F>|7em{(S!Y&INYzn$LzuUMg=PeO|_^c@dt6r$TtY{vn+X3
znUH(LmpTb*PIUXC4YKxl@6Ll3jJm$Jg}-vn)8J@JLW6M0jq0B3OE5h3rF%OK;aAn(
z4&`y2aG!(jcP<}}XRJIKT!G#Fn&GlapFYQMd)FJ&ieRemlyk={c@6x^PL$=FfUc&M
zm{{sBIbKGXP2=RRfi8`C#D>%YbM}!RJ?E1Y`$WV?l+tBHtvetk3_aM4L*pko&xqjK
zJ1p}diY_Ide#>MZ2y#!nhde^ussm}6O>k{yJ4T^SY`BSQF)K|b7A?+8wg@doqZLn%
zfQ)tdM}j+>tSL$UVA5`1MYRwfXo=T`Ia)d8MC_?8N=<vtre5?t?|rp&&^9z#pV*ha
z*0vhRk*twGd8-Wp-A_r9K()dtjy*mh{$Sc8dmzM$lFelkO~y$Y112xDIn4eDpGA@N
zUe;!Tf<=y;K${Q36s4FnPqqY12(CQ<dMfODtMe6(aR1A?_}wYMM}Z4Kh$6LA%9X3f
zRF&#_!sF1*Y9u6pBFh5c*{oEv8Jf&|L3p1d$oa`Mw>8*4kbhM_+_qWmb=sAAo2u;p
zrPoh}{qOSi`sTnHF_zE_$QZ@l%eMP|!O#n~9d<n;zo~fL{Ez~I6bUNsr`(OlKm)1E
z|0k<Wsf)rV8L!NL_M0Z<YNB16ACJ~H31PJ4&@{X>QNe>^A_;<0!Lf{I@$k&}F(6s8
zq8x6{#B!o(YR%`e(M87-mVjQsAr|uhqDX*c_E#g&W}iMi-X!=$pGhq~a4LFopo)Re
zKeVU7i5&?yRNg?_UAe)$UuRLl1!HEsno-RKLMPPifAI<sPUOU4MTElS)8(V(w`a5L
z#_g8v`s`NirtB8%MsB`tW+0;%qp8Cr=l153=EUZ<>j;*qSvg(kr-#ft#k_1ku#@df
zGO^Kzi|maz&|HVSZ;d*kt_MnPXg-uy9`D}lyxY6g`Es|H^v?7ieTB);B*Yxz{uDBr
z^RLC*7;&cwxx`W(aJ(9$Fp6R<M3D}Y?Wf)jQvYFPeby>ZTGuq+Y{b*3siIrf<BHPh
zwK17#d0xfORF)MmO>|srJN7DpmJwi@*KVYz5vrK?Xymx$_na4SV$Kpgo;P;F-4xX$
zx68NtqrBHy(b~4*bA|WZ=(*Z;*=_&r(OaNvQsbw#fPE%&lkDEnRk3A>W`IXEliu)U
zg_ALa*1%##wLTKv0CPd+Imlb<+kJ-ZquJxPJ)g5P^T_tD_AvtlbqC(${~Zw|0HAZo
z`C%Zstr_YY>FXyNoS5twj2h@e+{FUHfG`2DU4a<f)*|D;WI^dsgdtp~XDP1W5jQpo
zhub?wf+p;KJt%iF>qJ?nZ+Dv<$@wTrd_tE?;ckN5sEu^&!^^mIa$YUkjTG(EX1O|X
zUM;tO;XIG(O`I;}C*#HlDyqAyYG$Mx9v&#EB3`+>C5KZ?rzxruK2YJFX}fN~jPJqq
z;*s9!ILeuWv-l?{XUXHW6Tjfun^<c?x6A>j-LK7tH{TT7y;Uk!nm1&!&mtENqSRIs
zn5Hpm4%P`))z|E3S*MRL9x>W5F3_i$XI7af<6c^-smZU~I_aoA;4&XJ^UZ{K&vd#m
zFe`Ob331)+Keb0fL%FjXB*=<CtoBH(ZyK`jjk`_sBwwT_l_axTav_@`rzZ<U?H~xX
zlyXp3<V$fi`X+?XN{EMQOn#HZewGl7<w5`uUd-NpcqIW!>bO5_(wQ7<*9IN7_3G7T
z>-~(&OXL5(yBt&7n2N0)c>2HXJ#gD2;>4qXR3u4^UEyC6D073qq;PIYV#Sd}<0S}_
znCHg`5~%CP2vd+Ge-~szQ<mkYV_BFBDy7e5qBRzxR+$TFt<7b_I~5{lt&Y&x)aKwl
z82#>Q6|%K)$bi^5#Ctv+K*qZZ1$i*Wgm9l$%ASjv@j9RaIho-HX9^{>GNKs39EKES
zOjn3Bpr*qZ0Uc(F8<YNn9FjVsTudKz>b1+9^FoH4HZFZs-;1TTVK)LI*LgDxp$A)^
zm{e&@thG9(3-6GKJk7or!skhE2-9aZ4DJ~1=wE=dPr1TA1LjhPO%CrENHv)UsdX`0
z;798;5LA6|59DdWlma$sN=T?aszK|Jl(BJ0DCa(=#e0_|;B%+u2aH;%A4H*S0Ie2C
zgj!@aM4@UQuI7)VG2%fwHVQj!Fh;FPm6n#N60TUcN9X$z0<!(uCjksa5Q>U2pH)?<
zkUpQ3CmpUaD5YDMy3)DdRi9Xeb4V%oN-3Wgu3U+fR4#p3E?-oxT!po?{49*tia5ZJ
zLer8kFO$!&px!+^E}3b(&X_2>{g_jh@}-4vLdqdyvg-8txyzj4vhCJ6p~0=(l&^Pb
zeJQ<`tx<rvhn}Nszsr&{XOw`h=_9G9?gLVu%hzPEIPppZJVsq7&l++dxCOg2#lHpX
zKW;`1&d3ke3&IcUmkT^j2~YqM1cOAKO;Xa$h{|rYi|XlS&gQyIaRF5e*t9{7oswRA
zvjQJA0kDGf!-6u&vx0<T{xacD{Tq&n9-hV=j+r{;M-JU`HAob_mC*94;i}`Q6%+*>
z;c;iduCldWa{$S)Mi)?Ad`<G6DYMN?qJiKrA8*8QDqf%YK%yaQLvl@uFJAA&opA6i
j;VKvJHP13ta3F=6iN#DyitpX&>-7Po)2Ao>v!DDQU%{pB

literal 0
HcmV?d00001

diff --git a/data/web/fonts/source-sans-pro-v21-latin-300italic.woff2 b/data/web/fonts/source-sans-pro-v21-latin-300italic.woff2
new file mode 100644
index 0000000000000000000000000000000000000000..a8e1fff22a7f33acedd783c155310c8926fbf58d
GIT binary patch
literal 12556
zcmV+nG4sxMPew8T0RR9105J>z4FCWD0B>Lb05G%w0RR9100000000000000000000
z0000QMjNnp9E5fTU;u<33W0-2=q?L{IsgGS0we>7a0DO)g)j$-EE}U<73|oHfb)Rj
zx-;_ZkqBYqz}U<9u|^`y2^Wd%|BuOyF|-5Rss}R$X0lK$7pqK^N(Ld*(K3yfWvLb4
z6>2M-e4#UqbixOA?!`&O^x`T#gwgO$Kh5XtU^V}EHDC@hvZA2J&#Y&FJFIAmli>Tc
z{_S&TVQ>Lo5LqF~ADN0HP$HVp0ihz^o#FYp^|pO-Fh=z{SQIRajUF;a)+nPW0}HSM
zl?yM7zH9CC6f+Pb?>w)(v-yAegLdv)2@+U?f&haw+G!F@Af_w{G-#&JKmQys@B2Sa
z0tu`<sna>}W&@edXi6g)&~*R4ocgPlXRHrsTS}C$ECmV-vzoQmt-{WGIb8l{`zl{s
zPD+ewayeH*xfA+P0}Dln<8zd@Pf0mR%e%)_LJ$AI{oebdlDfBX1r7B@g5bo?vRvLa
zGzPReQGd@0;QxQu^!W-olGBsG7SWl`PL~LdD2G4EpbY*4@c;Lxy1pw#jTE%v@?@Pf
zRHE5UX#yT*-oM^`_SgMSzyDj68$o=mgk=>ZLrn#Je_O^9!BkVhb^&1mqN&5ywVir8
zW$dta%h<8Y${P>ERC|6-feNTM_7lP<cQ0JV-;GrPRX}ZWQWpOEpEf(mJD1kB>1b5-
z8R5Q@+uEnJB5~lbamaNV<?zQo=L3btrm@U8&iwewZ^L@~#=o)GLbCs`i~q7#{DTaG
zNC*<_c^$H8l>mEnEJV>>#LFJ4)H!Rjpmu<;sC6G$fC@kjfFuN*0F0a*jFk<HhX+ih
zN-zx?!F1>Z(`_2K>868$0ZJTN@DsnRIUwoQ+1><DAb|Fx0P`6@y7^~YB(6&UNMKpW
z|9fPMKQW&R0|N)-;Ny1z0V1!xM(%gBB8*s$pO_P{Xg?id0S08HReyPM9xI?*B?}vK
z8Nx90^-)@Ea#338G)c!3n>a@kE;|iWfO}|LGNY)@B$Z`koQm0?p1s)PWX{=M-3eHV
zssk_}EU$<fDOlDwRMWbYF(TE3V*EyVK)u9-Rmh$ifrVUJiS0HaRZq&p(v?YA&fL&L
z6EnX<e=b96Efze#T4Lxyv8_QlT3oj<<)CS!B58JZ*T=kZ$gHUMjUp$F0UH|2oUR%$
zDV(2u+0yHL;T*D>xs>+hLW2aM<{V3W!3HivjkvM)m5<)AFrt`43@zdR^ZB%!_k)_>
zHIzwdBdNsnvn5DXP98_XRgWE0Pu4*;_cag@B_)*y<Z3e&HJ-fm>fQo#^0yetlz*3#
z6}<FE$>9rUHpXagYJXCVj?$bL{=H1Tl`=XG>xq}DKHS0`*Y&iAUIyyuh%;ETPEzTz
zNj48daMK(Hrlxigwys5g%)5h}qS$7_{Jq|4DmkhLNv)@&0GP1)6nZzg70vBM+>WHI
z(M)TdH7%M|hXW<8t0gh4QGdkcXwfnWTjqkC&RtCtlIpCmUlp=?ox8n02R-4Sse}*d
zm)_Le-mt^%jN9E%<f?a4=hzWFmDWsK5Qgm~bu+$@`C(^v11+5#qYK|z&IOZ8SAH}K
zw|Qf<*%HkbeNe2+>5wLg<0&W1W}M-oe5`UK@c6*tCR>D+iVE0NAJ6r7hId>vENU%x
z1z)R!!;Efh5sTDy&*2r5R5-)Uhnvn!*KuXg7W#sGvCjkzVd%xB$k52{z=JK{FUu~f
z(l$>%b4r9aChGR7Sbm-d2a)Y98O}_;5cpd7T-3G;leJ*YwHkGh7VVR=Qwe8O%k$AJ
zvY9=m`1kFteuT@bCf~!KQ3tbIJPwqhOJlp}4g$7YjSq>u952I%pfFvlTR7e~R8lkP
zCd;Np)B5pk-y5;7OVQKUQBjF<%Nd<}e2h-*g3;QYQ!BmkSu{DY7v`XkT8GIlzHS2h
zv0z`xX<@=MU#u+lmbPK;fnDCH^mkENE2m8j_$tf|e)wp{oll(gr^)#$`ul#<$GMnR
zx_W*rH>tUlJ+yyo!GawCNi?_sKwmHjQn)~9X+mJ&B_JV5K_Qb$L4nJ_ipQ>$SfzFr
zojQ4Ro37Z9l}fF)T9vgvSM4ib>9pN;U3S{38w}jHh+~*=#^%uT%Uf4~2?G}a4IxS@
zV5^A&!Hu&|+mfD2agtCCmxq!p5*d-2Gx)X7;R^F2fWlj~P4R~V6t&V~Kn0Ob;OuQV
zDFAE-l-{s#Xrj@@rdSNfVkDl93Yli|;{js__y~Xnbipb&B!Yq4K?nz;8t0Gzn(9UY
zplE*d;v`6xA`J!(0SQbb2+$KGR2YB(P$jOhevDZ0lE85J>9FvK;EO83io%n{fGxM0
zAW9<Ggg}r$7to_<F(w2G0R#Lhfia*jX}tol8&HO(q678@?1zhuV=)qEU_#Q26BxTd
z{j}r=uT~N3AOYel?x|3?@X4jnj}L85uKJw-r0#Uv13>(Rc{>)}(aOWU0_9@gMdHto
zMp0G?!Sa-<v{#1mV|%*4PW35^kMpC8o=|;o5q1f%${O43wigWCG)TY{0Ee3ackwb_
zL$r67U?`!VY7i}zQNEl+7)E^Bxi|rWgbM*wi(1TzwN72oR)>NC#%<Bw^0NJy76TR#
zVp+|ZXmF5K@WQO|B5d=*?KYs*F%E|ID`Qk%&ZJR7dFP&=ZMWV^%k-#_M+pvLo*}?v
zmP2~ru`mJVLo(X3VN*`vQZXiF0S=I2MAjO+&8czMc$Huv#*6%!Fo+myUDr>Gvm#r-
zRl*1tuiRiHpwNk?8Cqtpr&U#)jLVw|{!7Wg!cYdnAjBzXT+Dzp2wVY@wJ1sQp#+ED
zfk5d2jCMpC8C(Oe2?(H6Z2SujQ^P@*5Evo^5(fOZZ%!jfczPz$v9b_!)B{r`Xr~t3
z`Kn#>tGN+0Txb7xX`?{d3U0O4K2W?&b9n>ETi#noV;gYNdkF(GmIDX@PM8xwpv<I6
z=<cn83y#OiiB_D|=CF&BiXG<hA&7|09d^V~#~gRUNxwMdSErpZ?kqSsd(Ai81_R|W
z7&;$93{>V+aBSV;!<q&m**ONb5SJxGnRc0J01z23#@V`!;nKu_5t=yAPl_M*>s=o#
zHitMv3Ye%U3X(ve_pr06A3cXkTWbQqbXYQ6w-_l2x7}Tnqqag#v2kaQ*-3y?aR1J`
z;G#<|yW*;AuDj*78*YL_XkF#QhK2gd*OtOg?=4Azh&N*h0Mb2EaDTG6foLni3j?I8
zlVzu}B6W6((#-2e^|%MM1HfSZKf+&JAOP71MLq-AqX6;6EC*~00Z4!uKZ5{UP(!H%
zoK7h~C^iYDBBiF8<tJxN_`^pSx7u#__weKJ8}M705DXF%gGs`qVQ?4{hL4eAw3v3x
zS6Cc&2s?s{!o`00I2^Do4k;B6pXo;Z?3}w^#?3X~@r-}MBw$iD4-X@eXN}4Ep#6?I
z4LVrHcc|6(TE1qi$zMiHKHmKe@Wsa$&38}Vt-brn7q+{yi8Y_sPt@I+xN{kv0>%uu
z4sZuxlUaZ#0Pg{Q#peIcvug`0t@DEielx?`hW>fl@1<d%8nWAn<^J`LS62Jpc6;sc
zzb^yeaeM6Y8q6wBJape9`y2@JjXTD?@u_bMaL<2!@^dh69ki_=Kbr7~-@WjMHQe+J
zj7-cd{$ge4;FQfJN0Sa!s@14fr{3QhG;7hSjbEpBHjUQXVAMvNYzBxe0n(v>zktyX
z0Ly0qx+5UF4?q`?AhuA)Fr&jK+mL!41>2zqOW2mFZQA@M?;P28T%$(pk~=Eb*avEU
zwz%P2BpwagCfKqls}7cc>d}d?{US=hum_78TM@SPvYnc44I67r1oS<tDa~STLHo-#
zKb?mA`hrkLm;e$i$Ru_>tt$-GFvWf7$)ua1nObSoN<HjM(t!2Y&$;#4W4#;oW!CG1
z&x658g_571cqKH@fmNn=TC`I>T>mGL*R0C@BgT0d%0yBbs)oK$ZOKyanC43H-sDw_
zNhyTu#oV3r$cCzFm_=gH?=&zu$IjZ}l>1HOi?W!BMa9&a%4Ih?48v@`L<rzg89J^H
zU|Hse(Ce5lgsL1KE=*P(jLbra%qgkNAOIpAZi|#A433aGxCA`|xDD1rV1yMcAeknH
z=<yp9!X}d%WdcxuI3zk_G7RO7MrN+O)oqy&Lz0x>Z!&LgZUGD-2-3wN10&N;kuind
zp_=_Pm3;;W)vc#e`Z6^ZK&KR&1=$~JoBLLiwK$W8SVYQ0NOa)bDa=dc^t6N20aAXo
z00zNUlfU&72Ro#e#{)_(O@a$!SW2;;1c1^7pLg8-4ks>S67WRmFn*QqRuw8TYgryb
z29cFd)nxoK_dEu6CO0RzQw!v-5z}~-XF9XxZ6W`)9yq2Ah0d6wVcOED_9TRuP=mkf
zdpqV2<668*r)unnW%?n1O=o8Qn?#z2sUN~JabOTy6cj_0dy^S_c*>~q5bWz^;S}Q%
z>d`wogsbo(ZD;IJXbq$sGu?06GB#BdwIW9vFx-O$yZtR?%_(tjW*ZPhNQ8HpgbIQi
zpyKFw^XNR1va6bNYcnzB{Y-Q}SAivzvJMJJA!gq-@k=Vfym_IyKh%3bRS7j%EBQXi
z@K-lff|#)hZBX~P=T~j$MED-SkrIU@2^WPIau^k%hm(CeB9d01_s5O$>~fPus?HaY
zam}NRLERkz;j4syue#4hjU;xERUd_|{{*EyP4;0CPS=9s4KlJQTY?GpPYgO!C(+3a
zhwUJM6*mAEW5r)>z(PO^%Qmn~{UOhfJ(%;xT@!yx+`DJA$y;v=H2XC=k4a?A8Rhuz
z8Z2f6dj5`xXv(t6zh?piDdU#QBCrf^)h?v0Sy<$7Op8u5gZl$j{ln>Ig$GD=AWsJl
zTsLxd?H3P8XtBk6p}6#$Q}k8n)b{zz{&Rdwz$$`crh81gNT}fv^b8~=zD579^I@Qz
z_Zq&twsMZnLs^})1*N^>1y$>LNX=|d6f_mt2BnmDVf3DZ(3y^hNrh=ZeHAB_X~gM3
z%vHh%-=-jjSy_!vt9@$ciyY!R3RQn{f|*+n<ejw+fVwTeDk?5*6|d}Lj`H||#<lY!
z6`}Bj+|A*)d(K-|$1<eELhXYf=8G|G?5<>|Pl1{=%B=?v-p}eke0cQ;HI2kBKy-A@
zK05dAofFOb_b+e3$0ht8V|>AV-%jR)I>V%mvV6wmno}po8G4*jkKx})j*eD9!79c(
zkx!q_)Sw_9jA(2DyC^;sZc*cg1!w2X8o0W$Iz*r(w_HND*<Gt5E%c+H9&SNf<&{mG
z(4}m~4?HDk1q%Y<xmOAYmhD?N>oT7IkWR$}7M(_oE!x992uc}x-UBk_mV&X84uBX>
zL=|{af_C-k9;1U1ST|`i7SIN31l(!f8hS}(A^9ciN0){dMCttE#@xyEv=k@tocc>M
zfm2oy7242+yuWY3qazuU2i(d}Off&rFit1Of@me`#2JNmEjuC~LN4bx2JMItr*YBZ
z$0GV504g=kG#aj^uM)>CaJD{cJzdd!Bq*qgal_#`??ABM^rA8OW4oQB(^tyJW}DA$
zL@ga^#<#*cRm{N<SM76cj$G#E)=lhRTb^42?I{**SfT7)&xyaG&+1gYpD$}9MP!nL
zxhjfd@2fTVDE<1?Ak1*pPx$FmV)O7v;Z!kadS)Ub9B7vRTjtSpY7dbXsY2&wCX5)n
zz>3b^<&7N;8aSLI$sPyI(q;$0fyutlh+U)H|Cs4`G9bbPC1|&TbIFgulgS(TH_Bv6
za~F&>`8THF4=W%G|Av`=$auxbBTcU}tnvJ!b&%GNcu3J_%+w5mJ;*ftQj7|v5>Z8T
zl@-4JAaxG%&Blq?r)UiTr!QIVUUPa{VA6w7lh{Ci;~#Q7j+1}kpL#ToDtx;!?Qvj9
zZY0i-YzVSqz{@jRZ{B=xtCF?5<Z`w4lyhq)#D-|TKO`@+SACk#Bw=a!extd&YopA4
z_~2c$J0mQFPORg3v;`>0=BZepR@00dJ3Z+r<>V9{bjH#ekD*wjj<q*ykPze?um1S2
zT7whydMM>HS4?TeCGy|2n{|j+)o{vidhXx{9i&5{8QkPCtlVa9K~S;Uxvm+Hyvf0n
zy?iTSD&#c>?C@ylIp=Op#VQ*Gb@}GF85LTfXrd;rS9c=NE)b?=Owx#rBe3+DRnad-
z)5eiUK4MS1&I;xg<MAqzH`qWdEg~^gpI@a`lZNaouDN?Wugd^?9=@))TLkLuyS2j(
zYR>93m3QdOF<6-Xgvg-0nZJihuPohb5XE<O9+C3B5KG$SSL;sGEv9AbC5*@rU9j`<
zfnSAG)t^!zSmIPd0V~(JQ5pSK*`%CWTl09MG4?&Ch|bBiCE1dv#Z7%7r!1XPyo%-P
zre-HgTd52PYM1;Cqy5t1YQGz4%rC0QId}bHk9VaS<uCCUD?uG|j(ktK(hc_AJdyc8
zEOjLL#tB?QrT5{$lnh&FTt`6@gJc)Z)+4k8SHFG(i}&SV)aImO^VtmAQ1Ull>x8)_
zs-52guVP$fLj49y*74ny2Y0?p?(4VCYMou?$V{gOH_2|YA-)c2@QbQ6b4#;Xle+mV
zw6~1H5?-#a@$3v>KO11+F(wv(HcS!gYQBtmH8<!owc1dmkGA2zFQvQ7=oUmmN;a5{
zATT<`JU}U}F%SQ>_gIW)5AHxbX=!R(=zDtqHdf~CjSZvQNX_3_^h|wEAl9mhI!BXN
z#9lWT)!FCE(Kw28JvwzKqF}Bx=8yBZm2KZ0N;iP$*UY$f;mnz(;f#3yAy%sAPoJa`
z(<7aGu46WTVK?Qy?3tc^musgnV~=&vjvh{VA@U;~F-@T?Bu#?`5GP<xWnK8pGetFu
z@zP7q(#8o?nX)f+tNdb;I@R<bxaIzSjC^_e#arA0>5Kgvqj?+meo7aO5vm}2RnN2^
z;Q7##pt_(#5O{MyGwT6rmOiZ61pO+h$NW?`%ytgb6Cb>t_5hH3hPM<~n6(_1PD=@Z
z0^2B5gWA(YcQ~3_8tR=&fm4##*kSH9)?s8Oh1g@r82|}LbD4(QVKy_C=S`n(v5U>Z
z%2(K13~imx)Jp2hQjw~&WlEL_tEg|yC&|AjjSB__+uNM`*VX!)@Ga(6vAu%QW2tDH
z)^41-%Hnn|?>)R7$cWPRt|ue()@3OG4r#Aa@jI+$#)^XJv&}BCWu3{Hh9;e*mCUk+
z&Q<6c+LRpXh1LE;LS$+_o<BjC;&M(Vz4x9{n{!m=zCyPitU$^Q5+ouir$}sYhiSZ%
z^wLKtS4jow+Vz$2sg?ZKf34iaT-dv51^ahQd|D%MLyt^m*4+3Z$TD<!uA+CCmcM6y
zjCU2nzU0~<Q9Bs71gb%mbm#4%>Y26uBC{Ww6<)s4xr(lJ8DE`eFN8|b-uI_!J%~XX
zy*l=Erzp9NUu$*yI8sxIjy)|~M_rOVwau(2WR>eQP59YTBcZ`6&&(>*X`67l!hmnI
z$>+W4Uwdkd&gNAOv!{ttvs6tl_p0(lIo%*WVPw;_n&vzszTthH++}LkMwtu43P+mO
z99m0R?C5T>7-07cc=Ch}?WYU;>+)$~jm9Pu6qX2%&tP+=GWul<jniM>R_x5o;pMh~
zd&ogUbKv_tU%{~u=^7^eS#A!mE7K@ov8}l*vCP9C`(>$(nL&S;l+G04U7TkkgGegQ
z^Krn=>Gh{Nf9gCny&j;Eo{Gwn7^BG6Pq)s^6Gb_!`Bs{lCiS9hu2Fi<r;$a5hGI4t
zQVi3u{kqU55wt?ww&zqoqi`71fnhqVFSa2T>gUvV?CoQO^+ENZ9-`MX>qq+-3B$th
zqhw$Sf*#|{LFbMF0xYjZ#?+qZIN60@rY<?m`b#y<$uypu2cHi&b_K6E1r`aA4Fe3}
z*%7pEIl|92v@Jc$LJtU#APUd9b?x1zad&k)IDpKu7UbyY-KN4~9*_16hlo<)yc76P
z3#2RL_Oc6wquiGpKf}>&Y`F_xDKtq8;1-g8iie0&;g^n6spn!!;U$G^uF{g9tD|+B
z3q8DON~XxG5*oh&c@!^qfd6sB47iB26_<JR^fr^bn8BegtzB368J1$D$t`%F$gaxP
z5Pt8q4Vwtt`H)}7K~W{tbJS(y&9C`gq`SPrr=_(RoCS22UF9_=PPaS4%-9k$gN=FK
z!#rwE`!b1EoPss~L!~*`QWs$7f0ya~JGK#}*Xh`aj3;TIZi^<|8jNkM^Vj8n2R?ns
zx07EteXhqd^iEHNCBC^UpUqR)^4%I*yRo2%%b`BQK~XAPO>ks>O@%C&;^oia{`TWM
z9L2(xJ8@+hdXXMbmX1>eA%~zxZZ17DOAtlXDg;yoTOdI(X0Xz8*g1M1`Q=%IMkHf-
z-yQa+(5qoReF-yw2N~TTi`4WiqxOshh9DwPkh2WqzXvF#6Sxoy)Zymh<)I1bg?zl+
zA&8P>C<HVGTSrAP8W{0;>=?a|DsMY-i@8qLJ{Om<i%01U(o|4hq@}hRatc{ob3vI$
zLv1tU6tRwwO*EMWS0=J6ow9!(ysyt}0KYbP5Er6>yanbTU6AvB@n~<A@R)kc*ZW^O
z!WTD>4`06mu&?31PV9!~7jb#kcajSau6}7?-2R(3ya+mFma#(Bdta47C{m6tU74u>
z8<G6{49&4j9fO6PnwlE@VfU)!g+%IfC6=7yIZmh}GFFkWb<v?zaT4RK1qZ%HicgYI
zgfOMp;<X_#^YO{^d;C30X)qRvJw%Q?wQu{CSzs?xAy8&SN%;x^Rj#B0CMJiY`30eR
zCvYJ)Xv~!X1}qa)Cd(CUR6$Wh18xh89ykG-s1vk!2?kQ8Lw_VI?=F?_VkKyVG6I@N
zQNA3KP$nnD(X=SIDH57YGyOH62G|qtOD5^u?v6`+5P}5NbhA!9tNe$~n>)b#1PUn1
zZ|wzXH-h`FybO+{n~b-N&c{?1LltV_Ech*e-^`$qlMH;Lh6O^!m0SMx)5KL<lKg<$
z=bLxL)B>$>`TalL9j<N1^WOj4{<n<CY|o=zyRz;Y_-sXS1xDpdp{CSLd(NAp^OOUW
zlO4ma&n$A$J_$T#Gxm(>^i&?&X*)f#KY65J<(G3m(P+uQK7alqf17jvhT68V_9X86
z=k3pAL_&Kfp4V<JGPRY+4=IqSY=#CsOhU|~FBu+etZ598dq(JSQ+tZ44bGNT4YQ|W
z#waHnyShCEsyvaq3v57g3=)aPnLR@GA$;+?F+R?ii2nnhn@Sa^g<|{^88;F1sQNLn
zR3+qKpAV<*&G&(p;gY>W*N8@lJ}y2lxpEeKwaHAEhrhDZLj}Ra7Q3viXR3DsxDRkI
zk~x2C$su?8-De^+8r^hti0s+DR;AJEjUI)kRN~tA&xoSX^^fxjS-VJ_58yP?l<!pz
z{a0G)G=*r>HPvRJUF|g|4%#zA&1oen1{HI2ICZZnjjGJCg_yCrR@YWi$Q2@0623}I
zrJ?t@B+0-Q{2?ijcti5Z`sFoPmRicheYpSkn{?cv&$k`MlT-}i8LDk#HIh~zKgQ3u
z33vjPLPk0H<)<f;lV43f{F_7}sdQwJ{{=Z!{W(>f>)`gnZLTLQX}*SCKmAXRiA{BK
z1(-6qEte^vsOdd0ExzH|^31i1WQDQ|=9tY(h7@ZTNHFBtP7`)^majkv;Mb6QKF<uf
zhzi~TKH@HjAH*Fz{<2>fm6p4~FQ>MO!c}53pcH&}?!>4!Da-qJbU9jY((zI)@#y2%
z<0&cYK6W@4!8extAKG18AldYGQ(f5Q?{(wFCrODyrFh3k3m44&jIs4dwyRE-?OH*u
zgcnHP32+9-$Db3GL2gEAm|_CH0nRF<UNjdv(l_?P*P6^M3Ak`SzO-PCQE--;v@)Hi
z%A;}Bxel$6n{8KqhZIQ|xdt|seVmjbwC861o~i9xaz@iMK}pv-X5QOIUVyFqVtEOD
z%UYpYl|glovzF?oc?*;xk`nxY<SAvTUZFB!F2kQyWaZPj@6t-!Y|ejdnS~bqR)Uhp
z&mq>wv<f(}u1ON%uZ%omeRP|E9qXI~Y5t}4ajl*lRm@D>)S?A$5F)Mhtm^YtF^jl7
zi7pdo!SQE|xhNc)BS$Hs`#jZyGrTTg4%mrg>am!|$N&BEOR~U8Wg3{`Db|Lz{0cT*
zkKr}RvG%lWGv)bMhSh9UDx9UJD9Djz5Xi(um0Z9j6TeTDw0}l)Z7A{=2IHTwo)}S0
zP+tSsg=A^cKRzLs%<Je}H;-Q^HyCv?9QK^kfs6LPP)t(arx~ZXbIe&yH8SA&#jdH4
z(eymJi>*{xWRWGukAwwJzt1-c$R&z0+L&!>wMM~FQgN@+brN5;W^q`NxPU}7WqZt7
zg33ZU=u4hq9&g`YkZ<x&_m~YeOLQabjgbZ53X<g_@J%8<!>SjyLf>Aa2sma3nMF}!
zHgPqEyxCCb=a2AGQFbvSrEt=lMiOgfOx$=8RjO6RyQyX@OUYt9voKcv>~N_VgUU3}
zvPUVm%A#hU*cuibZqroAs0JQAoA843jQc1{Bk^TxHwK0MIEzhL8C69xQN|JSe6&yQ
zN{t4bKngW-j8~vcoXhg7iX42VK$D3n&8XQNx3X~1JtQ?xltZeIZ543hU0B-v$r9#~
z>tosk>^LVEG`31xJ&w>Y?Ce<}L|W|`>6=nTFXHk9I<bL02FuE6zQXExGm2ddtsR=4
zTleSXXZl+_MnlzNZGugYdOaFK#hi;qKR`$C0P!mq&-G|v2pF1&j$9HOEsc{~OF_wQ
z&u`RlL*5wgM|2FO;~z8br#3VH6HM{%Ubo;Q8nZnH4WXhBfu;MS>9&be6eW!-VBucY
zE?j3PGqViZOdiE_=LN&a=KZwXsGno1%sG*1&?)eY-cBvn;Lq-9gATHG%FLsFjD8Y&
z&&JOSGf=|~n0a8s-N>m45_#_bCkJ+<Luh4Wqyfyl*P2<4j;x&;6f8DWZmr(120yeh
ze=8sxenkqlF8NIF0{F)j7uq*VKlRO?`_$}i1#{LBV`yosqH%;6TKZ>yft0q^UwmNZ
z_5@|xW><&kWc4=&&$8ONt@trh+@@(Dar@ji)>79Tx3TWvrqogQ^xgWU>L5U^3O!Q1
zias?ILFlRnvQ?h0P(ER*WevszJ^E0#QIpY@I2YQK5Hqy15z|HBFO8@kMp^nrcuN|y
zVr+VN*^+h8|D$VeN6zwCV+Ko1Sw~2z2l7>(G=_g<kkrrOnE#=gJLn{|<&u`Vh>%*3
z^NB*u;%=%rA!_c=GdXQjmWJ1EL0LwGz_=;3yeb~dUj@ouKfyi$4>koKslt4F)q=9v
zYuIa;h)dW@VCOZi(&b`&UYs6VzALE08*cU`6Fp1VIba8yZX>*0zg~kQ(67+aU$Zyj
z|0IesO^EvS=uEp#Lf2E)eOow;!|$M_{Ewa!_YYAvE8{hW+@vOSE+))6{8#7b1dHHX
zeyL-J7~mWu_o(?1!K&nyB)L_rpnJ^nDQR53dlXQSwsxIzhReX6Kc%@xo!x=yjs-o~
zQ%s$ixz)@WSw9@Vr7F{KeWt22i|Z72vssMK|6Y&5;lF#;e-BC`n0ed+sp4xc)-x1(
z`3#sa(exCWkt^c)^5r7Bj#@K*k1`3<#HG8r3Y|kHc|5x7DbqN@si!5W?^6;E8B(0-
z2_{m6DYiT@@pvpcDmn$sZ4pG)mi|*(EsR{P;Bn(;h2=ubT<a{}asYh#=EQ1f*7X$1
zbqH0RUfsa4ET_k8UQk-8+txL6rOsJ6!=#*>J4G}nU&AGA^T7wZa5RldNl(q@tF>fG
zLeUBMsdV<Goe63>K`Ui6JM6-a2DQsLPubvCuJshEX0@x$+5bH6$c~PEk)-M&ef5DD
ziECRBtHub<1FHIRcCU-S%{`JUKZHNYMQ=jcBYm?sZz6zWwm4#Yy`&y+3FtveMR^K(
zY%#;3;?iFub2C4MlDiQ{$LY~_0w1rZqgNT2sx)|vxf3NR)_xEmD^S)Kvdt8uIpMu9
zuVycv*Uw^boMi=8@sD;e8_7~~KJ2>ribP&d!ETl}aKGIao9f1~FNIRFSVIh=<@+Lj
z5=nm(sFw9adJ-xieK!1K%m1Zd;%z$TA8CUG6`%*nQAv2=$1xM$-pA9<5>v2QFZuhA
zHjUw@KTSY$ZwXiwt(pL`ma6M;_!(T{AU<(sbM7XN$!5qCb`;8aLUzp>I$lL%x*7tP
zVtLaUY@%v2a3od~@33c|YkEWc;OJ&{-&y6^A!0Gc9f%LR;<$Plk1@ia=r=<4<CqMG
z3fwUgGH{jY`2R838!=}{Kaf(Etz0;~H<|Pr*dgL{eBxp+q%Oka8)DXcwLS?-8p~A#
zZNhLD(Jwk?H}@f54jd+Oc3qiv)RODfWoK^5ql9}AfT@+FhEG8(A-!~c+Rb2IYI@Wf
zbQml=dOnD+Tl2L}8W0wNiYbeTNQk8il;FT(npC3T`5Y2v!pdKugUJecY7ew<$JeQk
zx2Ft$$dAGQLvgWK#o*-P45><%#h>Ef(f$l*=glNc5FIRbF9|<Eva_WRaPknfnn`%4
z!J-$+^PJz3Y_<dpJw36}nuw7B>@1T>>8*@oVVpmHEQTWoFqs~c(qvJ;VAE4=8-&K?
z0^Q0tI1RHVlw#trT^X`84%yuN{II}KV|4jdQ%3!FO(s4!%Wco3zD=o4`j5n6m@HII
zw2u%|Av(>tmU)UKGOLBSzY?m`J~A^{E*DoA<pV(mGs)0n2@DJH&dfoim=Y_ho86qh
zP><e;uvt#8Ezy&@*|!=B4zTiC<xpe}*o^sXw0<<)vbkZ{>!R_GwnS<=pnkfhbjDHo
zq-(fg+)q+wyh=d;((Rjvn3-AQrwj;dTroC#XO%`Gd`(2a-}x-JL{$}~j%tV+pge83
z4{xxwtEnpDwrMZyRB$Xbw)sD^*PTiBsrA{Uo|sx(Or2Xx`j$NXg0(OEx1NYYIxIG}
zv4N-IyG7QXtuC3c44gwg{gQC%2~5_H@5b#pNjSM@InX#@OK=Nupm15&+AV8G^RQ9c
z(iY=YkDf*g(ddk?hZjcFx6;5jD+V_cP=|D<a2gky#<|V_>=oo2<1j9fCVB#sZKrnQ
z_Z%f0-DBZ$6Hi@f!!N{x!t|vxam!{BET`DLa8@sW8lVeHzR_D36K9RwVeCrrpQ0Kp
zuOF|(Eqn>!$L4+VUU$Bm<96diZ}M^{pNcEqiuR_i196GJ-MKvw2oDT^cit1f0b(Mh
z4cxi)obdeoTI>vfgFEl4FOuVof`wp(q;u5V@EKV5gMa$l`W}#@F>YA48MK}V8ftC>
zK&D;1lwLH{lRp~*%fq<77KW$AS?q(rOX}qJ9bd;L$8|-{UNe%O^se*!*yN!8$fj+}
z!Id+K<Yfn<<0M<}%~?cE3fh6kjk@PT%VJQH{Xzx0+$bI@W;GhcMMuvEgxs{Ws2Wrn
zCbD`%IA|`SKziXDtDcvRuG#Ri7tle(2ay<JC2P?OU98%cvJ{(eJ1IY-iMPPw@6#@m
zNF9{4OC)k-Z5nV=j+MblEVmQZneml;{->P$Iad6mo~m{0#v(6y0q~tw0(vq2@WZ+s
zZva1^eiSaU(|u*l^7&XChKo}$7gSmnt-!Ew&sWwgpO0~hQK-OQ#mPQj)tZxUG!2a-
zq|HZ9=zdZEoP1@?a@!V%;W&lj!Xmo9vSzt$;}kJTp}tVcWbPvQ(${|AC(M*qS~w$2
zm^<W4Uo&a12+MmuU*>B~B2}7hi8h(LYJBNyKVTwGm>c({ubC(#EUmIhQ|O90zmGk0
z@6Bw_-=$vH>Q4r~>|%(v0qlotc*f2bk3f6a2;-BXO&&*UO=+zGt!KS9q#Fk5_Hbse
zmXb!}Xk1&awpe1c)wZ^hKZeMn-LfNGt>h@jIG!EGE1V-7<rv2~!AXAM6u)wsGmPu(
zN6%eAG|AKNz%CBshQig;ax`2WZY)$e0wYu9cr!>5vvjoKy<;4)HMQA_kDdLgLRSB@
zcJv`wzw8aHwdRqMngJ6=%+ked>b2&7t|9)qzyJR9_Rqh8qduqalmPLZj~^X#2Wthe
zE8y#Gx%rpuHrAg5;>pb`eYVcEZ&&}4W~&Y<`S0hqlJpqdY(g%0l3h%k%gN~$$Nr5i
z#CZ#G=}es0O4)ePswvK~w+W~8drn$SmOXG$n{cB4oGcfJwP%c%9?mQ9BAt90M0y3&
zn>NypKJ7QOtG)9IrElj&>8F_-?C<@c0Dg@!3J`}kX>bgh7$1z2RCCAEr8&oCf|ApT
z`sU`mGQ41N=ce0z#1793{^+Lri+kTOgVKR`X=dL$4jdwn4BwR*goBe14f|N!s(jIf
zo48t&2an1cSoL+Tf*IA(WF7OJ*6!CjKitb}Q^yMSvKJJ_n%XWlfoJgS(rm8Nu2v@B
z6!~eD9ZTVEVJ%cyQ>!<)CRkiMn+z2mTh0g((M3djf^$K~&O^|340gJSpbIvEhOQuz
z11_yw<VdjefmHT5+B>TN9XX+GF*Pl>s3rByP1d!hW8V}r>ZbP0Rp^FwPz?Kk2RnP_
zxYW1(Y+94mZTt0V(&o>r;z!%M{6mxH@17?A&hmP{x{`jKIbM&{-l%@TA$kkm-o=dY
zxPk#<<GWhHDMS(Sf5EWq2Y?S=Mvnu)r>|_`hws;Jp0c}tbjAy)3$hRX{{iI32A<VR
z?1{tMu6Vv%vE`JaI0?iLcWz|JOCg;Kxu?cXlq{=eQ#|e`_kyL_jShO_zCu2q)ln=O
zPjSCP_ouQI$nGrn?x^e6yVWkay#`A|jG<84jy5z#SJ47spM?mB6+&)Z_I2j>6N)D|
zmo)kS`hO%A)~<3rDQ;^2eT+`CK<c)V?n~Mh-1%4H!tHL}z0wkSsTS3Kp^w@uA_A~<
zMd2Hk?Mz_;01oDsv2<j4(WH?}()>?XN%RI`AqqW^9aM)JitYdbfSLfDI<bcPud#cN
zy;nE9-X@Sng>D>^S(@kmV{bj80R|b+B5@DtUXL$RW5>MT-(Qr@@*NicM%7+i7U%Mr
zK)v11<2{-c#Mj5SvU}^YzC3<V2dMQ`(2+;0`@B@Jl$R*J*k+?l9$Pv><L(Ra_YRz0
z6j~4Neqr>X+E?KgQPRFt1HSHydG3Jg%5NhTK3ua5c3OPDv1|o$b7*JbxI|!ePI3iy
zRV1I1?uu1{B3tl60KoKUKnmz667xe{K(Q&#bF0rgy5o~(1cpEad|l_j4qc=H$XStF
zsvD~Wy3H#pPo+$P+Qx+&#6ysd^SfrVA2xbj0FK`c-TPf}n!sxur>z>pS>AJs9NY$j
zx2thU#}qD`R&m}tuiV9Z9D?0&2d=_vUjbkn*cFb|ul!X$YwQB;O`v@N7egPmg6-My
zJGOJ7S481%z~a5dmIj4s5CmqveH{out_lLIQvhD6&rg7%RWt!EEY6;QU=2P2B6ey*
zfC^O;0`X)JN|L}0+K;{#QtV8>a&2mBYG*HtpBiq|?DSTR%|Xw~&D5c{zFZ|YpC*1z
zZJIGz)v9JBlSX|SI9V=FB{&l`clM6K#lj&WAQNhaEDsu;HqOG0HkN7RQ?D{%$|{w*
zRRRwLNg)A&wigOAFjmLd!kBg#Yn5@uQqfX#km(Z{<j{6H&Rj{6+q6iI+Hwr$9S}!V
zDmwMDe3~lM{*sL>DU&AUZILb4(if%*>4?%&*|n6j_?RRsiyHkT6$3_BS*u+Q443q`
zO7CQn`nEuOg`H2Mj00Q~wAHvK0v7nC)yHOz<9TAsuWyEch=h!SiiVDXiG_`Wi-#|R
zfRKoogp`b&f|f4bc;i+!a_i%lD^I=xg^G9-o8oJ~IAOao<(8@Nt4b%GN}x}Tt8y`M
ze)1iv4cUp|-qd*Rso&M9Rj*NlCZn3QYI%1XcWBqC%T=3bnEK~%rWrQdWr5jdnPaZs
zeCwGP!6S=KbfYIkv>37C#7mGUNwSoJB99`<sG^Q01~H70ND)${`4VI+oGn5H*zbV7
z_Bra9AN^#TFQDzV#}V_WA%)4LRH9TAuPjf58!+FXg%-gJjB!y#7gKC;#g|ZGNhOz3
zYH6j12^%hagou$MM~NCOdW@K{V#l$;#<=nH`azI>E92|)eHjS^C!4<(Q2y}JK^W<<
zMyU9VS(PwR;v_T{yXLwjZn*7E(qzd~lv!5FRH@UXO_x4H#!Q*BWbNa&ppK?m4v#NF
zRC%k+-5%iA3WSg43;AVQZb&gZxVfpa7jEyGlA$v4vaH<@lX9cqtnFOq)?eFAOLp;8
ztc!>C-nZ9he@Ba-J%N$X$!XkFG&RE!A}|s<0tlTTQ2>OlfcoEh2+ld0j3~FQR6r`$
zWn1$<+t1~!pzr|f0U|IGIzj-QAW;B>&O&DT;kW^Z0$n}OciReqx73AxO9IdN7>~yl
zg!&tN{u-8?q!Z+8^X#rkFQkLqohuAEd>#q@3y06)gfv;@Q)zCNo91PCX?~Vp%pff)
iikD`^MOBtj<#{4z0>0Z|P*;b_>v<WNRC=9W4*&oODLhXA

literal 0
HcmV?d00001

diff --git a/data/web/fonts/source-sans-pro-v21-latin-700.woff b/data/web/fonts/source-sans-pro-v21-latin-700.woff
new file mode 100644
index 0000000000000000000000000000000000000000..a6786d1f4a52561fd9a03e17378c4c10914d1ffe
GIT binary patch
literal 16104
zcmYj&18}at6Ykgc)IIH~+f&=NZQHhOpW3!<+qP}nwr+p_xp(Gfva{J|Ht%NMY%)n^
z*F{EH7ytzLDcmQ3-~VyPlppzj$bZuRUql3jgaH5`+8>PRhj@Wofe%GwWfXoeQvd*J
z006+_zH>jz6j4y(2LNCwfAACl0K`5U)D%cYfrcIc`2C{;Q2HTVO+M!;11mjS000*A
zN6!HO0LJE0DM&D}bTbA3;9>v(;&=dn%M}ii^UKso&kz7$Cj9Bg{2yWXU@w^dfIm&m
z9~t+D2%&ty)=jM(U4JmopKp-?0KaU18Q}f1v@!V6V=ei?e)NFZDUvW(tn^%e?6Qyi
z^!u?5zy)FiJX`Bo8U0`fKVzZ!(eso)vfi?_ac~3xIFWwj1pok)QWry}(RJ;2Z!J8p
z>>tn`FI30|0tH~?5Tk$yxzBE`UKrB&x{$_UV^opo`r$*AXcbRyCV;akX!eg0*R{(O
zP+N>qgrM$3<v1#I!(mCiqTz}ES3G|jl3f|`1R}@D_oe^5VLQ&ARhAc)pn!vgs=Li6
zr!FjArb|pr2=Q}9#$V8G=d*4*l5Yc=z269~_wlYjM%K5-<DNTT4RCZr(0U?5EYH~E
z+oI%`|8zfJ;><ckX7e8WorgLY{-WDpc&Mln*yr4|hF2dkM1nS)p7;>$L;-|b4o%f<
zuL^T4M>Re+O%+{=JSn~Bc#UcsHLosW#;g#x|FNu>@}CrqCL*d+t1Xi{x!Oc(PiQB)
zqlaa-K&}ZJ3kN#WFTENbQgo*zm%$}+PESe5zTA+ieRL^*M*0<M*SJ|Q@MW%qRQSNS
zu6s<DM<(>n)V|b}^w8?W!|e?f8d-h;v2Kl#2y%V5#MLx9PW4`UE07LU8lL&*=%xPG
zt>zaU50Lj1jpBP^$m{QK{Ngo%kq|!dymV~3U~Tw$68nd6V352-zS;2@QaZ{vG<c8*
zx@egD!9UOgwBbSn^hxJaP_cT2DZ}KkdW|W=f9d+vV-I`rrv(I|;gGpFC6U}(Ql<%9
zD>!+iAMSy*C8Lr<5NM7YVQ$#B1cRFIVOKp#u9qK0UeScO2TjoSH1a0k1e2%xNO@56
zKjb5BE$CDnZZ+6nGEMiN^D=otn7>HZUJ-qizxRbmVvTKK(Q&~WLO4NHd?{-!kRU9&
zUO4nk-{m3QG=Gn6*<Im;_8Mo19nKOdFP_CBtmCPFx~x#WWh7bGnq7syxF>9eUB)PT
zf@+pEsWobw?K|gwTq%3ycPLu<H{`8>ZLWW>QP_2dOo}&?=h?inv!U@?IF1o~r*=+w
z6LuN4Tk_X#7t~@IonLS!^3+GK#_BG9x~Du$L-F0XBy+xqOHOb4O;kIA@1R_Aes|0?
z!4GuzW{wEB2i!5AA7XpeBkH!tmQ@O0?5(9#mK`&*blo556}e3`afMQHRZXvoSo%}y
zxrjHn9il(RbUN~k=_a#eg4=*kuaC=De%B!`<bBO8xRRADQmy-NmbsN)mjVttFadkC
zMXN)#E0(5%A5vAV>zGfdi?@k_eldJob(L;GL`fLWZKH}PNS|-8yOp-j_5_*Xqc7#y
zYAnCj*O4Eq3ZA`4oef6Pi}d#=pV`-s>USI}>cXZu{;UU7ITAzOGt|IMd!$XqcujZd
znXIMi4zD@aoHM<ZsTUQZuDPB#k#oV2wu!ZaSd!1$E@yM9Oly{7y||}|rW~)IsW-=s
z_)RxeAEsH>PI`Du5u`)5O1y;{vlY`t1mDNGleE&Ee$KNoTee$aOsYIP);mvLr8aF@
zZ3j*Vh<g^wgh%QvztX@R(sf;7g`Fy$ch;1>#{@0)8(I*Dy3rpv73ygvSVp@SXskS6
zth2X^uQnFzMT!Z5h5(@%j&?mo3fE4KHp|OZD73KjSq8gxD;SMB2gk-vY$OG_&dr{C
z*L0{gH5$jU%m*lSZd5ectxHE=%14()4|tRmd7NsQZny3p{}b~}D7Aw{yteviDmFWh
zzHk|fcIc(98#i>yJOVy^2~d}*2|qMqDP!n?Di3Q%5=g9h-_chAa@TGXW7qB;@<d^N
zJx+Rqe|u-EidH@R^476z#?oEqOsZrqMX<@nPi1ib#cVYurxRY~WI@!h(AX97E-|+~
zEx1p1U@Z|u&jv)a7E0;?8xckiErcrJ%DTxJe_ZQ}dPARd>%29r&OI{hN|^m8`gq<m
zh~!4Wdnle&ku$J=P=QUJb8@=3coq%@KxhOe??mR`Ksx|oKv_sAqlSA;i4UgiUQok-
z;7^^)OVJ-8Z%A$RP^`M;sDfUiM=A@9t0BOxXVk;B45;*L?F$r|+Kd%#2oF)>MWxl5
z$X{nd$V|}U$iUWA%{bxL1)>E<bw35ku7|N04F$Hs-}lxZ%i~Qp&DB6kAqaa2VRjcH
z@yZMLrV9p|9nU!txi7R|K}U8&3B!~S9FUKF-1cTu9`VUi%9}8s9s4V%UwN{_mp9=r
z!~zG;#i{skOH0?&KNw@8-Rtw{bc;YYA|d3L9O}G9J=P&`;7W2$Fb)0+Ve}2ky0e=4
zd~tDef%$lWdHcVL_nMeQgCMZ`_Cax?&&1dzb%`Rn^?;ndc-*)_P%CiBIX~LuO{Jk!
zsYC-;*ze*CyRMgRrF<dJX6;jp`0T|G!(o~EGU}dQp*T;HTBB3Wl%aerFLCc>1F{=>
zliI|IwRQS<9J<*OBO}5W6I7e6YO^X6Qm^k&vQ1bShJKS$%f&4bFTcI*no|IABp2X?
zwVsi79L7yzIp!RI-s2oPscl_D)zx0S*O<we_}RTJfVAwYw!IaD4ijQ@^(qN?^HkA+
zsMvv=Tg+(>up88d1>CzrO!o;Hq~RID+I51TZvP9Uh(B=-t<*jDbY}i{l%tQhTaa9A
zm|YvW%hTE3#}l;@**hinM8koS<1AEW5?`Nop$xR~MYKUxTaFHyp9MjX0i`{6T);}|
zbgnlE^qTVY7-*GO`qFC1V>0`$_C<rfRzMe1ESdz%Zl))Qgl+&tgi@PAAH9R_c<)&o
zlYGzI*p&@;L(5Hs-FvzhyL(ZOZ~`Ja_8L<rp@vHXl5iTAZLM|zgu>BT2P2^d+e2Q<
zYRZE}sTYH{9h^KWgX?OU(DfG#coXojP{XQc_MgW|0O$7wY8OX>B>x);2d41F{}T?Q
zw*1dDcah27zGWuM6cSA$)9Z*H&U1>sZ7L+BVm%z|`DmodG+(Jf0V&f_bR8X0?I;ZM
zUNGx5FA&rfECd!MnA4RKJ{l1en?^sYC*J83DT`WS`p;z+5vVrBU5B)x8<)-8W4ap#
zR)@~Pt1qehQ-kZ1V@!sWD;k|GakQKUi)_`l0LB{rt=clltP_h&9ufR3B$BUl>>F5|
z4e>EjFHyEBj3aLxh!H(6eUfPgTHSS6(MUbvqX!_pYFoh)TBdH^GF*#-E8c_RYM8n)
zEOVk0g+qxQ?^ETIhBqAv(OIJGF?;UO8Di3?@pF{A$w#bPzS-hbjAL0^568ZGXz%-2
z!i7aA_4l`(49TM%KMn`|fm9aGjfD3kALeB3?j#G?06?tu&(A`4IL%9Ed!UWhKAIoa
zuZyxgaR)L&3HOfu&CVOer!z?Km2O7~I>0EdDd3WmJQdWe&#cGy^WSSydU?ZnokB9&
z2`cp!8-QhDEGh-lEy`y!hMZQ|Y}I&!FnRvabtA!dqo~0mphuy!8VU(>2B4jcItqH^
znKP1gvbQn5Njx;3aLwN5F~M8vXN0rG+1!wA@e0C$zNJnJD18%e@2z_VU*B<c(M0nc
zh}3n*Lb>EHRkd%n@eH{XY&V*972mxxOC;H>!)(WXi8kVIFDy1&w!aOXVU%A7{IK>!
zoRe0Zv#sa_5fm$Y&i2%6F(2LLvnltwj#Q(L#KsP(zvbJGCn`$WV)o{#g4mr;1gG6j
z#e~!GEhdlOQ4j4;;H#U2)6J#F&Td^&oyCjq{7`3Va?@oRpIPf^Gn--S<OTZkn*$0;
zE-djRp`vFlO5bv>)<svXWzovY@vW-`*z2FG*J~}$Z(V0RHBPRM<OGjvk`WbwXcX9d
zLD{lLCi0W;(fgHi&0+?N?yk_a>dK{uW`>T7rR8qlAQ25aZ?0>RGYtJndT3xf`|gQW
z>zaEBm+Ey^7!nzE=Wqu{MV1;G*5>Ar(=o4`EfWekIf!<0MGDE<{uemyu2YN{#8c=z
zi~r2>k0)j2XilF5*j1LB_I>#l7jYPKOq`5fAH<}k;R_QLlrm|OD*D99%EQ)lDA5BG
z6ori%MJd(HKoe!fq|m!o<e^Bb^8WIy@Ouv`%6@`lydo)SGdT@Urm%6{9S2IMFt}Gl
zyXDRk%V1u5Wt~ja&Ud`WPNnd8MK!zS)*~FbX_NA!;Qhfph(Q^h#w|FAuB0RVE3C#*
zIVU3K7o#I?HJF#DAkDE~;V{*{lP5vlzE@^ZB|*gU%i5LPu<Iab4S~9{ArDfAvM^N$
zvQjV9kv|<W_U0uiRzX%=)%v#%F;-D)AEZoaS;Gv1pJymhhCMo7US5N&8tLh9h#@(l
z0{bDmwnuqMgX~sxE#5$KMDUAUSrb3&7YKDH(kB5qBtC+ncSuEP35IpsVH3wy+i@2-
zw)<YG2)2Zn&#FuOBozBeOrQ5fmj*;54+utklcnn#)gT@MuPjo~?DZGwKSS_p^gJxu
zv>b61!gFSQJY~I#9z@o|9dpN+f69|RFILc%i#hl%GMeJPP`2KiGcv#W5S<2LJ{stC
zIea(Qe0{rNZeg1LcW3dMVDQy~MgpC2+HSVmOub%dx+HG0DwalHZ?a<1L)_mCwX#?k
zU^BVaq8_+`?ULFAY`e2O(UFrLap8=Uck7>-7DNLvuTfm39pHM%GBi;)5jYb%Q+|+s
z5PmR!uzhez!hAzI1cCO+>owbI^XvER1muS5ka#~cvazA(TK-IQ)zDj-VZ0aqvO?wG
z+Qw<M?Es#j?jjAgz7Lxk^7sz6Mhm=F5%cz9W>lHDEEM;&)6;G-9YQbc-~Oh$3v_G9
zjZwyeN_qUZv$svR%p`e;;QHNAioDQ{{4^jnVBog%;Vw%;HtjtS29+*D$e$5()1DL?
zv;#2yRCEipE}M4Kr00}16Z~)!zf}!O2eF|d9DCJ@GwV0TcC^X|rS3;yEdD)b*l!c3
z`}69QPr!25$QibkSG8I<q>Yi5XWWsOoFs{tm6WBOnU@s$U#XjxCN8a+o;NwOpB2<o
zx1HstkF8;tbchkBnA$@{n?=d~+!HfBKy@)x=Ds~B)WWRL11O3Tod=Twn_%e2{?ub}
zgwk2}NMW`Rm->U}<|D-ynT<_!KILre&uN{0V?A(_J9Jw(crIHUe0OX{;uo?xHax7m
zG29<brf0gf^9h*(@XV9g!w5^zlyH&f@R5|*6Rt>y>Fx{}Qw>eU;`+s30fl2*?$F1H
z?w#`4pDk9)4~$otc~MzuIM<n(pZktlT2E~v*pu1;&D>Cws62jJ6i#R@<nZ$2`IzJO
z5t77mB8xD#-o<z4$VNr<rF}P}4se_<k;i6mS5?*3TS$>s6W9f?*=x>^ix7@ypwy2&
zLZJ~OVvOO!j_j4f#LIW!=mep{2)AhCw6?)KPhD%w+ei<B>g&`eDb_NIBKoPjnUBBw
z7xW~EFLA13lBle#v2OQh-qDt_w7NE~g(321_O455oiJ1XklWW;awduT5~@$tMJN!@
zn>*qXi;dqL%q#~bYcVEhU!E`!rt&8HG|a~@J^v<iuUcXCS=3!%6Vkv}pek=}fk9*l
z*?YVO`jm)amhnLE2ja<Nk$c%)OooHiq(@|2h6(2HXEHvsT_@6L(%h=uNj*8&*cDE(
z?Zp8}miM-7fVEN_@99Ftnf`iARIvqha-II#9DWK(xP~u3R(RSgulMoZ|DDrjKV3TC
zY30AQHnpfxTW?2<tu$unx*s;46sg6&RJ*igQF8k@AsJzzI`|<nH65xI#a86FL{(qj
zoRDC-8vEHwKxoQG#ZhUahyf}M^Ks5~_cohftq}bEwydyjYxGpW8>$T=4k-hPWOxEp
zt@*+Ag|d?fF)N)UaTX$Nmjl@Eob6m{RYzua?GOQu4{K|)4(@D2-_E*}nr6b6d*f_S
zg5b<QD-oO&Jy_c!n8Vq6ICy8#h69QF1fibvPTTZbEbqo^>ea<nBy6w)&=v6}$9qUS
zbf8|Xy|kNWMnw@Lh%r5crBIKK9KuYXP!ujcZMk}fmI<ooQL4H0<GIxe{>{eBh!883
zIKaI}cF12`GaZ^zSm$nfhFhun8rP|6`u(uZ1BT8fBL_`?LK*>Gn;u}`$gb;os3j$D
z_Nr%3N)BQit@HO?{|t-P@O?0ptJDR4F#7CRPmuzuL-m0*N)pk|_4ee>Um_V>llnsA
z{Y_m@0Y<CQyC3=Ub9m|JY2^fZ-PnZ1DlKy}NDv41{%HZ}g*Jb3vUQog*@S+54V=S;
zaj{u0xHa@EYqjiqP{2VBXOHQ;$Qm#y4j&%Fp@WFF4$O7PZdWvVQ&NJ)T-BbCx=wM@
zZj^TQY`%FYthD*@#Fn?e@pM69;qLhCB_-?qy-8fGM7=4iNo)>_h?7Xb&g0Ar*mIJB
z81q^2=F?#Jepu@C=PC^fLW23{;ihv;nE81gjI)<|W}8B^-|y=rkpnlAo0lO13=#z`
zmz~PXNVNiCk=FGGT~C-RS9hU%LT-8~b6dH7uz6u?pte_iTU3j<Q4AiovbIh-d@|2I
zQN^eXVcY;{yP(&QL8DT<*t>v>P7dVm_Y5l2gHY6;TaMr)IqqkwkJ09mF)k13Ov1m;
zenFp}6@-89;twY(dcAa59T^iPmvlOG>@H9^6S?T;=NbH2jBVNu(fY!DfUe|BHNZBA
z+_0%%ui}><lxC3U?7iHsYjOOyJCStKMJporX?bME@kG~iGxKY-xWR?-1-)Aj#yP5C
z#>R~15S+w}ZNQ%7-BLMSXPZRQk`j=`jEp4y`hJJcI@PYUkycH0sdAx4SBLMI+uFme
zpW8pyt?J-O=0PC?Qo&+MlLXD=6yqcvq!Wl}KBu&r7n0_T=H#u!F4j1@y(H@YQ70#z
ziDTIESg%xuuUgV=UR~_32E+Z$SGHJi{ZnycvQq&%h1|oY-J|wC5WieF7HKqR@1V9B
zO0wPGjOox^Z`uB?>b%D_GaC5kOEIF|?!tGs7q$|5z20Xq+E}N50_tNX3wgDQ%aHj6
zx9Jnp2kMQ%(-Gua>@JGn*p+3D9DOdB5VG&1{<z%=1UyPMVtMHxOvOr6s(MonztM@3
zu4U2dk$F(H&BiUzf8IhxO*5T(qzjpe0d?lA7NJ{6#=pV%1`6x(*IdXfc2+0MfZ?lJ
zuAg0;2)VUOgL*+&rAR>%v&rXO+1u%%r9R`%qAL=tM~3@e7IuE&tpnG%bCHXoJ1nSA
z899kp@E0f0CtcPj<L)uPH8;i@3yX{P3d$L6GsBZBJJwS00@-s(p5FV+O%oUem({76
z_1U8G#ER5_IHv6<(t|PqN3DDm6>9X+>hVLs`{lq<+i6Pk5H1Js5S=k8SF!v%lVqOw
z?PI3@I>zK%7KcouGDa%aUl7yHwb{ieQtkU?K8H@z^naoUxC|Ml)S-8~Q0wf}re>Md
z=P4C&@~g=b^ozHGOdL*o8k#++vW(Uke>ak(ZA=x~!x80%q4JT7J8sG8X&!6Vg}I<b
zypM>d!%z<3D>YZ=_WqhS4w6e52?vh0>4R>y*N!0JM3Nca3kkt4wK2749|%kh;u3*J
zmdj$DfwkYTBQgLKZUG%;x@2HxB*W1_BLvBD9V_K1`#3GXY<d?IrGnQCmoYj^OI>?z
zGrisHEZyex71%mK5X;w|95q;{fYVv#23qsMg8LS37!0Ixwg{;1S0rP_OUov8wy)(Z
zNuA8i+qH<0*&EBMnAp+!rr$a;miKSp>O?fb+T`(PF(y#-Q;q3o23P_)`MlRY6FZ{p
zjqc%F-OLPY&O-*RpH6x|mC-&hi0h~IMEVSJ>fv$*g%SiIK4~5q!h|e#B%=~fEFf+M
zk5SKO%Q?Gn_kw55Qk7%e*f~UnNAG#7thxl<FMmICIe#WGJ_<U|$4?u5AA@7HLvX!>
zK%G$hq6r{oOZF}*z6z;p5v5ij+X%ZYL~=MYQV+Zx!f(YD(f5nBzp+0lp*;fSN;r<1
zG!*t1U@FJjTm+HG?Y^R2Roac0YRcK(ui)Oiw0#1)wO#YZ6^N%H*!J#O+Dd1@<xXt^
zgT5e{0NRuL7F^1au(7sS&ycn;w^&br4dU;Wr6rx(3bN`KSjRwdPfzn0Ar$u9I4yAO
zQHiY3ZOw2Fps-_8FXu*d4#`TQwm#JSbnMf%p*#!D*?%_Ugi~<oN%%ZlGUAvc7Wg(=
zAp*m~<96JWar<(f;m9Jibl?LPRw5gXhI{c$%^f8B^>e=1-5LW839i1FU4OyVt5wNX
zkJ4&|z*9xj0hU(;%_lXPURhq~H=iVWqZcS_<@1+`5-JN1>%vWRCs<w1=|t%`b~l|y
zKB$d(hE@}ZLLWu1Ktek<Sv+4sF<CpRQRf%7$UOcqYBXp<F_=)*7+=HaaDZB3)}x&@
zFO=5Gvt4vw7h(IfkBpkf7?Vg{lRYQAwIdSU6tog(h=JrKhnuEFFuCiaOFOYSm%CC|
z)un_IfUJ}zUy9~#mvi3fSt|CjPIdH`<YQd~DdyRa7j;N_rWnNikhq~L-<&v$x*$zl
zX+y>!wxfJE->_)dnX)u$=Kyd*<O}Wa*@yoNK5Mq-Sre@D)pruR7h>6s$7%6kt6Ki#
zYmyI1TM#onB(+T3{+gKoI>{REuR}mTKpY&USwK=5DZJBnTU0^0f*c#)=}^S(A=$Qb
zsk3CchxNH|?2fPW3>$UjL_Z?Ki|*|PH}jP4J%o&%Hz`QK={{)V4XqMv6KouC`<N@Q
zf~GJHY*1C0&^yZqs?>q*_8Z)WF$1wJ!r(8s4v&06x?wtu<f);e6<})=I4+?bQ<B)o
zLU?_Sa!x4Y4XA7R%JVo$`@$J3(6Egi*B`L?>Pxj_z?z_`D~ufX4B&unw*hhCK9`Lz
zkVROmqv873-0@(~18a3T{?%Ri2Rcw)^Uf_K5D5o5ycRSQnue-J!@*Szh&!&I0_tW8
zv+4`uqtO?n;YA}P5^N;NP!yai#-GMdKws2sux|<8<e+7&S*2{ZZo3Ea<BEjm9X-i-
z+9&6Cb=E-JjpCDo{;0<wGA{TTG*RgmUsOV}z&;tiPD#4kD}C+ul*3*jsH+7m4Mh)!
zLyLM3Do;Rpvnw|du#aO#@ioxf6K99w4+z{5c!PRN5ATC`qur-7un0`O5YW*{A?N`I
zuUYco`jx2PEj%5XjIvY7)=>e#8Qnz&bv1!iLBte`F}XE5BYngY6qtDQ6>%8V9EvSC
zY>g23-76`DPl&U}7HX{_(>@3Uy0KQ3ggt`0Ygr~hko*}<v9#u*W}$OC{<9tzeE2vL
zY;SYh$fn<nOZfU%tfEY7=UU0$Cz@7sDBi&tbR_=a!{1;b1MAqc3V}|&L~)cMC0jbW
zz8}oa)>5eKwtqj&NuZgCn6^1rw7FO8-%)8$o9%y^0O=fSZ*BAR@>RdSg*InNH;_l{
zv)#-AcQ6GfBkyFgX;SU*JN4evg?Was$Q^{K_p6km&<SuJv%{ZmuVrP`tAsyY4fZDC
zSJ0?3wABh!cq?$~WX9+mDqY>qC%(ttMpa(Qwnf8TnwDVX!DbIfK0i+dIcH~tyXVq)
zR^p5KO&Mz+6RG;ou-(LYX1LP?|I9XvgR2|Rmn5tT@=fxQ?eCodkn*0U?xE~|s0Fh1
zDc@O2+_Ru$9WO2W^_ps!)H%Axodjftk329<El*m~Y@JKQDi!8d_zAPC9KcitKqI%?
zs&fd8B9idV^f8#V!^&vojD-jri>B`{&dJN@a;|F~pA_U5{HKR{nws-N%#r!5D6@*v
z7?s||(MbBt!sE&MJP=EY@mZ}Xi3RHaveaI)PJ5t#VVc8l<vGvJg*ogIy|UIeg!~NL
z#J)wm2h|5kr7xrs{sr2NK6}^kaF<B`>w}>u9nuG0CFF$$AcOdYUj?i=QtrpYO;&Zl
zcNQgMOac0Zv?sDf5#@Pl#zn?PvrO`&;v(Hah(q!g(vk=8VF*q}-I+eHMedFLb>jj=
zBV=z#Kqpz58$SR?=tGc16ext<dX;`h;W#Cm$D(G`z=yIi`)6mGxv>2l4ipjLl<qG<
z^r@Va%#*av7<ZCyMT*3WLR9T9!=bFJEaAxd54p&k-fJTA8$FgXVW!rM_v<!mJ>n}A
z=()Lv*VCfkr!T&%>`0bs(wa|By+-*Liny%$^^e0HxiQO#F#2rQb^2}CckTk9U4QT1
zKw2+8?e<Ff4+W&;W%5f}_J|6q@WeQmL_^zR<o6q<4r991i3TiRmUx3H)UoK*HEUBO
zEN0m)b7zcZA3-kn`8t(kc(-%-tF<oa&CJqA(Qj2fE0zs+)fLomyqn#m$T#*~gf^rb
zhYanP1OG{Y(B|<|k9i2IKA=IfqiV-RD_kGi3jNP}LRquRZ$0(#v*#FCb5ZS(dk38|
zC?8P<R7mgR|MqgyMMVppb?|{+10C<hcQaHu`S>rR4!4=-cN;71ze<&krW6WWRJ5mT
z7D4_^ONrP=a2C;$xqNFr``hk;+$Qf&p7`mu>8Wy@7LayTd1^{rE=QrrEnwmx@Hwdg
z#=Y&<c9fSjvZ$&4x?S2DB^oI;Rq96CswtMwsA4bHw7toP@tQWCb3RqwN~@#r4V=w+
zT-GsuR7uOvY?B+k;^EUF$V?M!ul<o;!Cp%rI^g-`tqKZ>e}HQPGS!M;UsVY2c`-#m
zMRj3Y&XvnZ7V+2reyToMyzYI}9uf;HG+~SdWfT*}ic*su@2)q!8vNC-yAjI4IdI@6
zaekG8f#oP!vMThed`i1ylp-f52YB|M<*1MU#ZmY2vyXCaw@tJI*~{~!LsQ?!#C5Uz
zt(dnLef0rFv8&N9E!LoCvYXQ*0_F7Ha_+G30(U8+!n(Nn>C?h1=0q*OLLoR=7Gs^r
zS4!%Ql()G+?oRP0Ic?4j70oQn$XHWTU%OZGZ)@D3If&SeSVK;?cu|;%Jc4nj09<tB
zsRK$JOt;3D`DF=-l$t1J)<mrGGLAm;N*~-=t}`>oGz~2<Wjj%16RSqBq56qqEf3b+
zXZOuZltv(*f;-a&JaDTc=}u%V6f+HDgEcFqP9+elt|eA08``yZey8-jMD^1?gyOBC
zj}feYJJ<4YV?)2~b_CAGOB6NvLWc#l*yvow5A!9Kt~T3~EWzNUJYd|TwXfwioaUvP
zx7_EYT(oww{$ixtvXcxA6}`B`p|5<RHm2*8h9PDXZ3c;DzOM0C%(HdZ__9PNr!W<B
zYvC>^uXKW{r$916&bX1q>awy%ns54hFf3}D$n(fDttVxLElUkNJhst9JzR0|s47jO
zzZ1-kxC(gQ9|aVc!tIv(Z*@X>cA8Y{(#A*~N{sqYy|-^gN~RO-mzL4FG)FVLshZ5K
zVWmh-UP%haV@+Zp!A}>g4z^BcZ)zf++iFBosC~cKIti0hURYINJjK71f!+E9eWAuL
zf;%O+0+aPG+KFgNUG$jRuqp-=LK(ObzMnsLZ7v2TSJeMjkAzfkp1);!xnB)$!X)9!
z$px<l!qMP^6P#R>WgBr|epA@yT-P_dS1dLMHf}By3OwGTajF@;O*?uFOYxXHiBb$E
zI3&lh-l~_~#jqH!i1I7aj=Aya0C(lZt>L2Lzgu+~HQ}dM#>h*H`x~5JHnvt%+G*io
z;oi5Vk;=$GCaix_2h%Ih<E)V(VNs3<uk$o`RBfZpx`o_8rINZ~u<2~<E;a55qlYki
z!!g5C*EJ_fG&&w^ANt{*%Ak<#g~*d;>7*jQyltoNIz6@o?V`gTO860f&b6h&ibTMz
z(c-O1n-Ev85}}6YGj#WGrpSH*J4}2wv?PL=Ta?CRJau08a)x|WQ@@qZRE*^JWm={|
z!{j22@Y!|xB^xYlej*_P#{Y8PTf=c;@8EYq!wQ$8UK*w0siZ4Ga`FUgBXPsp_{Tj!
z#N7G<;X_|%SNsr5FBz|lT8#a2H|U|Dv6^1bd9jU@)<9p4kV#=(6egk@{r2{0f}CHu
zH-b6YrlQe^c<rN+3RQa%^ltx8G&!#~Tip>Q0o3b7fU~n@$$B%8vl9lpq@i@Wq;}?1
z`AN6_)mpndO?G;Fo=-0q8)x0zsU{me=c#Z?#jibcv`Qj~!=nc$=vnGv;SX4zOgMyW
zr=F{BKIr|^RZZH-fmTe+mD#2VwQ?MY>}BT0R%4-G#&^cv#M3>3QNqkpA@?bUbbFjd
zh9}`6ngSuY;=FL^Z*gIo;q||+uJ^BtcixapaRuHJMIY*PyoScBV%XNs>biTM3Dr}8
zX+U7<c5XDX`g;-j=zy1f4yxgl5TbsEcZ=ZUd*~IwXQDDi*Upkcr{hn#?b*ShqIRj8
z4nUYH@j@H#WJnWNi$ymQ2a=Hu5+Ya<GT-)dOVzJm>j`X53UKh&;X-}~?adhVRQw*@
zfoSPz1axN%d+fM*fr=W;8X-gUYH>=_^EjeAVPwDl=9eK{a4LcDGmAr@CQlx@Usx@q
zVplKt9scQxDgui=(RI_V=_2}$N7<VVb!m3jmXLJNm`ye}Wg6Z#`1Fi55PJa)erqFY
z(Dy48{#f~p`UVb#Q5S>AWcb}4GP8OPGBxU6Z9}<Uhhb!*NLN}Fggd_>HB!(Ot8?-;
zN5`ZdgK2Xsq`Y`a3!_TB?at|m%J{}Ahar}9X)|)hL96vZGAM34^cf+)17;M}ZMGsX
z#91nMK%49AtkPjQpkFK~<Y~6UR0b)VeO@BM{f5##vJLJcU;$HAt!orGsc~nu7!KR>
z?-1nG{_!q%xOB{|-)A+vS@M9uiPf3)9+i0>LUjf+JUnANKGKxqnm?bo@Txx$XM)*D
zib<N|Z=eabO}@D<km(#A`RE*ReAJ>2%IVc5K8er?><113J<fT-<#=PuoX%VMJvLnQ
zZ*WoLStdb(6@Ou05RngJTf^DLU%{OrG*P)cdGBQZauj?J{(KO(;gH(wklFls7c?J?
zzIh&nGK>osz~bX^Jdw4(KT4B0rv8n|1B(Qi^Rj6M^&(=y()W3g`?m$F#SzvO1kMvx
zw&sMm592BNUY!u|4HmsEX}bafi}`t?cG0sa3XHigSNR=1Jv9mW0{z0lin{|_iQ{t_
zSV{&|{1p?dzyp*q!SjGJ(QQGN!q@XmDC<6Btr<xpfXwTrOxQiFHBI|yopj;SKA%By
zX<x{txkgn{Y}0>D#VtiRgUjdleSC96yOSB-xgyXRHU=<pAb@Q>a5#N>dJv>X5c9U!
zqyUHQsEg8iybF4yndVQYZ74-rxAoLLj_ZI5CNam4O@lOjrE-2ce8kY!9=x;4om|<&
ze3Ii4w$JU-*Tr~WO=B7+Li8$5dwUTDMN%!mRl~5%ZM5)l?udT#-Y#zb1C>5PKsv<5
z=a|8BV-4mxde3}K27~JBy)vh&cu-a4jEc<ERItdLxiDBqT{>07y+wNxCSo;2&M6)k
z@g({W-SVW~m8&y%&9t_GRUPB()}4y&(_HA(j$2~X<LTbwpYK1(UQhKeUh34CwW`Fn
zU751R^7+>?OmMlatc((ExDazRLj?GCI>AVNRpQVgE&tzw?yGw+(y}tQ`^8b>V_BJQ
zPhg{KGBPn9`Qh{rxR3A~`{hxysWODuUS%XM6EoxlO>u&Y*B^#QB>EKO)yS%vzb^?r
z*Hh6o{c$Fov)zGs5~YCPP-OPfOHE|iWN+&U&<jT?;~YdV&W=v4j5>`p9`BuggSgVu
zs%(~a+xE_=aiOaEy}*29kKA-a-WS6&j%Yx~h8>FargN4jz+l=ih7O6(>d!gSyLCCJ
zIdx9<Ej2IId%LI|E{K|MEQv3pA!-_U5F8(iBiBE#<v*gBbYvR{cYGDfaZ&oAS$!Rm
zH%Y0SGBr`%pOG*cOB>Oz`b+Wogm=XiY7F02x(Cmy<{DjQXbC{uh+G#>e7HExY~$C6
zQX@u^->O7^R2g^_d1-j)`o3i=P*+4wK1NKq*Ed3(_=o%Cb;)S`TL|GZivtQIt=mD2
zR3)n$a&U%9pq#LU=6O{$RZ9sOCP7i(K@0D#eeaVz>bt56lr+{;n^YyN#YZq-AfdQS
zD-#_su`TUCI@+6Ax$5fD8voZjtJUe%KFt5ysy#T!xvA+2^Y7Yb6JtkSmvuwfEDLF3
zq@QVLTb`7Oki6lrm?zDn!WUH&_z-02_f)#2^o{MEd9)5B>c-dR!Pu_~B|;TK1d6y*
zKR-uzTiM2ckaSz_<w6=jKI$0}k;{vb!vS88w!{pQO=%>T(#>_vUEYm#4Gq8*G=t}*
z1PfF<vBWckQ$Cf2MAy-$ru3uL+_d&FQWnF*wyP^$Zqg)$tC8apg^gBBbMhTuleM)h
zc4r+)N%wU!la`&2OO*_UlI5r(g!v1NC7_Rok>M>*!sd2CGT}l<f<lLNrq(SldtA>s
zK?3ra0-n=z)t06wD<1a)ACCrGOMFw?4FPjat7mN$qt@MiRQY4W0&B_^bEzA2>kSr4
zmpi@O)+5GnmF6W4rH{zW<=I^%j83x?uP)c-=-s;?PfnN8(c^pAmT-|qo(-eVJo$dT
zhR0V~D;Fvv#?MT%i6CHqmrY@GngY}-Dho`c18@~S{?gy-s1m2P)Ce7Z6dAol0_B(P
z4wY1SsJVT&I14g>Yka$|jxcsgHb*&EQDl2qn$Is(-hc-WV|&10FdzEh;R{gXwf94-
z3T5UUoDAc-0R2J4^@`Ky&6>c&xWSF)B*KT8vE0?*lKL~V2En$%*oAqg(njk)`P?|n
zfQXnH6&eZ)(vPOA(4&%ge}Ch2C@V!AFKS57L^ur;MebRWL)_vN$YO{#7=)54oVp46
zYarPcXJj52dFFtgn~!vbw8e4AT%KVp=nZ-D)9gC1bjYlE(0XPOrlGieh@S!yZpQ78
zYYnK~1w$d{v}_7%v~Y05q-2V-WZQ?Zx)p^@O>=-|WW}Q4<J%gtHuGQRlf1|Vpbm*t
z-HRdf;z^y-5`9fb40H{!hAm((3j9??dU4I{Aap!xYplO9Vq6!^)a(i3TIZWv@3X3V
zG}k6WF(s#e8W<3z?!%qgz^zg>(LYz-1nbin&@LjjjG@TBuf^3;^~5Ys>4kh2cp2Qo
z1Dn2WIq_l}77O17uC;C;RC7{XwdTlB(eFp?zlO2!Jyzi=j_{L}t)3pErJ`TW6T0l%
zhps8?l@=RX=AP5NsQuZ#UXn&ft%kyu=EBm<O)P#VJI7)R>NaD#=lmfj4pNj%@N8Ga
zaoh@C<xLb{t1;(nqgSeT?g|vtR>s5tc`-vib=vZ8%^^OXYC)yy$lBqmG$J&mX9Y8t
z|Aeu+jZ(yTC=>5A2%S1>WUUN4ieXU3Q+ln8U0VxblclbVXceH!K8ZB1ERvVtv6h=}
zvtKK1jG-HEj#WpD%+T^98H`X}u<%KkMQwF7uOH2xKqu9l2VPz8If0=LoXes!%m#-}
zRJ=pEV{8i<4N05}Z_a(bJ<p!pkbddc^XW$XQf|7?Xw}yV@6@xgINuUB?dMHD9%Keh
zU0(v?=h>+)Q#Z3AT-d32SFYFqx9Yh0dUS5Mzc6>0I<QaG)!3s?S6wo6hD2XGo(196
zAX83%Z8X*#cCT3gG)TMLcNO#*HK|2Ri7H(JLaBrwAhU|11QK50Y2$8Zg~4WzYS648
z^nnYai{0)Rfh)n>4#?p3e2t;E&rUhh@UY#41vPymZYr~oV<8&Ur{+Hd1y?YSv$Kve
zEFLpL3TC-Zyw0?Evv{OHM(#Q9{)M>8p=?HV14hE}^##CZKsfK>LR4>zHw3w$?Vg;t
zr_OfW|8;x&SEmiWkMwvfvUPbZqIf^I(IjZnNzA%SiC#N9+DT#c6Ui%yD)S{PIk-A>
zl4OxD&5hMDM|OFfB1$KAb!)~_){#~UCXuEefcWsBx-KkZK{>sDXywW#Z|gH_P!c0<
zU0g~LdU$nh8Rji>Al<s=%T<%~9V@-)Z-{L^N566(m>snkM<-u&DmSm2>#2Fxwyz#r
zI77cjEbBeHU&7Mtmh<($D3C`|j*P3=^q@X9yfDYvlBAa12-C}q8LIft%WW@WOAp{*
z+E$fWo{Y`V8RVHqQXts%GH-06nM()%ZD#-zC~Bu$IS`$T+{A(k?4rSjAw=-Q)iHAj
zPww}4d6x541g&759Q>7>;N7O_Oj6XmmJCv!Lfo{;G_usZSTB&Ov@0#qOs4Nr%Q>^%
zZsr7U!ZU4Y#nN^;#mm0ZS?0O<*R6+HpH?-~J$Mn@9M+{uVJcP}CRQnhhQQ})bSRc&
zfQ^29Be~MPQUC*%S+}E2ikL>a%De*I8J1M7vsj#(>y0R)(VY@~8D`+n=x!E2QYAAh
z<fR3uk{L<4RdN5Wj;Ja{tWD&FJu<GZEh%usc+ZgHL!64-Tm5dcysFK7IhG<HN+7jC
zQU`_2-EcV+ktE764*i1r#I&~mTKB1Y_b%jS6Ne}mTPa>L^7=Q1f3m+A>*zJSm?h)i
zO5y%ziewfzX|F_UN!<+70vc^B%tpA<PGO(Qz2xdW@N2T_M>XIxzU2V@^Cag|O}ymf
z(Y3Iqi@Tanb1wrc7df-o4*o92RC){#V7)z!$8ef`7rcBHd~j0&>boPbL<M5kT>Hvj
z6Byv9XG*Aj9HV^Hl@^U@4OL<64(<2kEc^Cu#p6#l7bzBGYD{E}GZc?;7h<LAbY?Y3
zQv0F04ud3#QU_GK^sep+vcqDH#KUr)ELmzvoqT+o_U6EOeW&ezkhyt}TZq*X3n0}U
z_<sfNgS*mnliw0h4kZ4OWpxe1q3ObtuQ(#h8iG3@O{phMx<!)N(}AdkB<<iFR0uB?
z4Aa7o7TF2G6PDVIF8SrAP3YGB2O;UZ<@@XP{W{y-^-AyM)=@Q>r!SkNQ>h<uD>S>G
zT`!R^qNyj0yx##AxmeZu>Z0vsuS$Y?_gSNjrnTW+{zYrfi_F$Gk2<CmNo?Q+_~Q=s
zmeB1O_ZZ7WDKQ>05baj<fcx5o{nN1Dp?Er{S=tft<V7P)s9R_~2IeXF6?@9Bf%esX
z<}#|i(Y`gQ=vHJE&HL($#^?2`6?}=ihCzv_QXF}Xcz@I|V}DObodmCcdJ<BR14otO
z=q_)Q9EwT>$t7fIyelxf{fffDWrOZH@%(7yBU%^PJFqRvR^|SiC&u95Ze$TvyORMa
z0ZhR5+17a-wfp0c2DlP5bD+Dw85hg+H`AYeq%3UZvxkG!2BlUl^{LtYE4%w*^`g4r
z&IdxPLIo!#CEJ>`-4qN1w08U*<X~hgqOIgkARh4ibT6rpuxnYWgt!wSibG7+`V0kc
z`y8BP@mhV|Zun}hr6{LWxV2~_nG7MFfOtcA0x<*3(XZU^o~KWc)oqMgY6qC=QEe~E
z_)ow|@D0#|iEEmuShrcLr>IvzRUdc_oX?l_jl4Zh_hhw=vD@}USb30vA{TaS!ChC{
zD>82PPAmd^YEhY<)k9|ojZu=q?*ojA4jV&dxyF~`1qR;|K|>rS-|M_9&;ofu>SFzu
z070k_VL@vR#XV?vKF1Vc!yy)h#}fF0e#{u(>}1d54n)Pz#&T@J=b%y!*=WHOoP#X^
zFBb(DN=Y2zXK#qhE|Im+XLgwkkwq8omavU?=7#p<21K`}jZKlwSufYLjq|*+S%Cr@
zTN?Dj!yRh4Nu2cRRf<iC%GGWjW;(tS;anUSF?Ba`X<Uu%hP$9dDF^v8ZR>ku>j2qC
z+21Gay2w~3J@4@s5d!c&=CkcqU_ycN^n6T(FAm`_(xqUHa#jsUkJNz%2(SSvVQ<Xt
z;`IL-0#vlk<HIkoBpW5vs$wN2IP|M(+T(a8Ww)DD9f{p!Fnm<kU^9+NfgF(@NIHYv
z9FROp{6@v__qEGVek<@0$O)yQ!foWnU@(_04byVh#a>$`17Et7m;^vE@wf}#PqD0Z
zXs2iHV>h~SGPe&4EV^4MS1&`=xE`=^MRgIJe!OQeud_~ptv?SCJhlv*KOWfhn86_n
zfD_95#oyT|PEJ-<P8uqp!;r6(sQUBB>fqe45K6IUhFbQV>Z{6h12_+^?Zb-ZXGIkh
z1kGqk_42XBe)-?J(x!->?UqVdFuK>A5`~L1Mivn2kIF0~%H@7(X{e*t1oq_{Cuu#~
zWeVn3&WstShi5*SGQB-(eEGOw!L9wIMEwK<0z(J#rIS?Yz;QkTfIv=u5WtF7PQZVB
z)0l?&i{)zo!V2W}M;8PD{2%&X&Xa+zp{{P%?KKw&$Z&+u(f0(Ky&pcQuN)X4UlPpZ
zC)RBaq(YMq5V-4bywvn*xo}lqxhAZ--UPqs+#mGYoS~v`&D!RhdMvVSG?_t#!GYK!
zicH0XaDMgG@QrkwkYY{}?^6zPzICgJk^)#qX%gm88{M;y7<0!hmn1l5_fEhot1#8}
zI3FvQyr_~qZEOmBUiGV}j9<!RP;L2828=GbTdBakC`vsgYNNWaNg3-n@782P(9Rid
zFjX1?@jBkqfa-WvY_Z9>q|K~Yx+sr)^)RKsM%hiNj+%64aTuIq-0kp8w0nDI+D&p;
z@(vx_z5Vr%B^<%&Gx%F-qq(l|4HlMHtp(}WV*5mPh5D46`*7^CUHt9zRM(2tNGNCV
zJI=`!!X>xCGF#Q2W>iVmXTZd9I#roX85v;I^dEakXd46{EB|aCVOe9N8edUZTKiTw
z%J!{x1$&Bo2WpOTghA!cyK4c<rA3B8?wuwz#jo6rX~xGyu_hs?{U%YnXfdC`oJgnW
z4iRJW2$=fxSe~QHT;20Xa<$FGFw+EF1Su`GoH1o0<oHNUH)X%7EQQr?1|iktg^3FV
zG7mp}m`%;^`p_{!0XQDU8@uQP9({NSo}+6h9xXYDw6ABE{)Lsl#qK-~Fdmgf>bS^}
z;w6#NXV*w>t6U2`u)7)c@a677+<@&E?t#2o3(kM7y{Sj(Zx9NQS2;Ls1^{CNCTB5e
zOek9@l9(X<fqW3*eO!9ZB7HXH7MP^><`t}MAXffv>Hql>OfSfvgP+{Po;I^F#!k(!
z4y&IaRG6)%|JZ+Z<&c$n^BcL<Z$teG_&MRdw|E!&&gk{%gV!6_C&Y&m7cYE9IE7FX
z0XsY|MYe(p79KTheb7Z-zcgb(M4d(}5qc!@K-r$fEu%xcE8kX}y)cVjS*^T7){3cK
zT^g&TO6j@;XMqO*3>@bRg9~R0yylCo3y}gi@<rB#W(7?7V(dV^0KQCR3Dl{qYM8at
zE2);5E#4cKXM*q~A?y48)lgPIHunnLV0M6J_sXyrW3VsApQb)|x|4OLZHd|xy399Y
z6v=IxS~f7ZVfaVh4q5JpicMG=lQ{T;R`M@-o;N&>IA7d3dwBSHZGY`1*axw#XT(pD
z9HYj?_;Ds+8;QKiDJ=j!@)69yG=OY6ay9>3@3GpAvQ2Ko*zCNbdyacw`TPfJxeF-n
zQM1+7L}VH4yjARgu^Ha($k4W{4qF~MKajf79^$PqvlP0ZC*xm>zcK`%ixJ1J9spV;
zyM`DB#|PU7RfgddM4@Nd8xXPhlINTpIk<Rb<|H1Nz4*81Y`CulaNc9HH)O6&o;BVS
zKK=dBkRabcDg2-H&S+IsNhy(+U^N1``sH>zY@J*QKmL40*(Q*aBP@o!2^!=P&1RiQ
zIuf{}b%t?^_@s<s9@P_4B2x5>)v{MGoew9~#9#dNhzES9X9Q|iXvS}NwsO%z0F)uJ
z@c-{#lc1N<)6*X_(F1#c2Z91-48ULkqWXzjj}?*!r9%>;xstSVamn7f;y!3^rwQev
zH724AP$=C|uZ`a*-i#wZR0<6fFW(u?Qy3RAr%7wltQgDF8z)*@ia(V9eb#HAy3y9C
zS*1OxUKLE(Jr~iE#MCP~T37(QF@Mt{Z=1p}R1WtUfEnDjleIfY1a~2e)UI$v7ipHs
zB{^i#P;eWa>tdcp8gG~}55;CM;DSyR&TQ0RHzh`uD-wd<heP4Uc29}O=TPA`NteXB
zy*&G>E>>Jwc;A@x+`8N_`VRRJO<nN``CPf&yj{PQE>0puGqZAT1+U)EL0tSuv6C1?
zFys+UN`0TXZ|s6L8A<<gigP%Dmb}lj)^Zz>^V>`@vjphkbB4`4EKzYuc%4~?>o*o6
zUY~`D$^Ls5dphG63<<Ih>Ce7x*ejq&1OWWRlTSB!tX3skEw40L?MGauPX6$9?PxVC
z3!gSrM1ZMh1bkXN5G_#xZC@yE9BE!CUJ~n`7;Y?K1YtZsxmiIxAF-NYyZ|*(g1j&r
zvZA~Y6Vt-nzodpdCM#13j<tEeD91botrKyUHir<8ja^!=lX3C4Ti>sZLv9(@5dv%m
zUsTRRbP==>@~FGC<PQBm+pl9XL9{8kFeYdOD`TR<3}JK;Mx6U8J%U@bp=6TA<nyUR
z%u%%=sS~;=^{>5dUAGd%^ogkxtG-NCExS?RS+2X0a9wDIcoJ%(>dbYCnHPt+A{llA
za6YiQL$Lo=qkbP{9Kn#V4N6(trBYlN@JM4G|6)<)g>PDk6#?Qp354bvJ%)aoFu{{h
zosj3RiHXlR#8+t@)xy3@NbWc!&_O>S@c|{3<%3cV;YTjA6(W_F3sa8JM=o|HB8`=@
zRE~?7*hNU1FzAd+9TzGjMW#3_%?ASaz7MYdg~0pAg0z5zBeBTQh%{b5={CuQ@|Y|8
zrGnCkLZo#}p$kf}1RuFvu#jA#m0YouT&Y~RQHm=T)OvvSkI;CfLYo*8Db)C~s+w9c
z9|wJc^!CeiMe>&h+zAoe?>3sUx38MbhVx~d>ekym8MSyC_6ZYV3gB-klGN*pJcijc
z-PAXlD~C@wT!%9WGyX*%XKYf(X=u3j4TE;*@bGn@1}xEazL`~XkW7dfpc%j)5Zn{N
zf3UtzzB54l;Es)=<qrkw<eK}{Qjy2ub)BpK>W3!kf5oN3)(4{NGJ(XP|1ri*@ykQ^
zo%E#z>4Qm_DCsdSjh*Z<1mlctaUub;d%&&;oo*`|Tc41cb8@pVav-l{+SY>~seD~B
zB|i(Rk5XF@!ehM;k`eDsl_vio^B=Niy=KGtWpd_<lF=T2rfoYXri2uoL6fRsm~TsV
Qd$RwzzmG$nr{(Z}0AVJDfdBvi

literal 0
HcmV?d00001

diff --git a/data/web/fonts/source-sans-pro-v21-latin-700.woff2 b/data/web/fonts/source-sans-pro-v21-latin-700.woff2
new file mode 100644
index 0000000000000000000000000000000000000000..cd6bfd0f4b5e5e4b1382139664aa7867dadbabb7
GIT binary patch
literal 12924
zcmV-?GK0-`Pew8T0RR9105W_44FCWD0CjKx05T>30RR9100000000000000000000
z0000QKpVn79ENfRU;u<33j9#x4hw`j00A}vBm;<W1Rw>3d<Tjw8;xak2M~5UfVg)#
z_njFPHV!}p`YRb32sREB4Dt!H|Nnc^5l3y<s&M=Zp(Cp&#*peLOegbM%x2nfHFo5T
zSi?=UV=-+oKZhwqSB&9FFcD;)9a+(s2BU2c*yon(xNof=URC;&j!gE+0%PKmw9_*~
zKOLmoWTD<9#)9=F-0)8-(c11k>!@ddJ2_$}BK(7M`P$}^1Aw%Lq=q1;EjmA~_J4kV
zyyx5p;Zqu{xMVfJrLCmhXZOw~o_Xp1cO+F_93qruT2&Gbh-_$s%6S_>?(QFg1Tu;&
zsI3HIOsL`cZT5h#Q*q8fN|6eo6%<jTr3}PCQA`Zfi9KDqcBw8ZUAVYh<Sp}-brrKQ
z(}h>cp``ROObHL)??*fLeqFP+h=(X5p%NJ)4MG-cG(sgaeLH6Q3gG{Lb>=YLwH=o(
zLwOjx@dO0pA%WtPgR<i1{Ct!As}N80hhT5_hg#v%h!Vh1vrMQ01~cKrI^)p+-JE69
zKb+9_U*{{?A9dr?9dOuS>%=5T@;-2BSb*Hs*^7t`C;)I7zWUqTtld}o0@X|qaa;CQ
zgFJ=)Z%$j=ygkpLi7bPfa;@ELf$4Ig!r)S%e~JIS&DVC%ym=qO*XB~;A6BTB108S$
z0F}P(O8QsND;a3NOtfY>_>Bt&fhj;#VMPi7Oz-K_ao2>W&-6)Kr0!Gq{C{g@_E#9^
zMFG2g5h_Z@sOqX7s+!66*32XWfq@Xz0`&%ZCqV2rQHjf2)ewf+AUI@qcaDr9VFaPP
zcTm|GpKSc|Qquujl@qDa0oJro(R2y8r0Yas6;6_yeM;*}L|TMJd5jc5$WW7$7{5F)
zCG?9IAvEi-v<_?7e(tVq_C+U#7`2#dS;(>wV($lG)fSyu6WoH>z@670@ng7UFeB>=
zmX{#@FD?Nf4*&@9h&rfMD>P~hTCoCcwi()GH+0w$=$I1-1Z2%Rgznu|CukpCEe)W0
zwp7)F{NrtH1R)xLf_ep_0jR+Och9!G6LH-aU?B5Hb^&19rb#!{8?`|em=FP^k!%GT
zL@(zPWCJG1(#18cD@U4*@YlERef7@tBVm-B8%kcdF+n4VmQcogQ7(I*c8n5cLb?<g
zZfXlaV`;Fw!sgMcmE$1kC}KKKm1V~<nLu9XZBA!aDV1yH@CxNYv*TA|JAL=$JHIq3
zeEiLnKhWX+s?~fqQY?31hxqg}Ika=e<<&Vd&Y<J}V_bFx@aqQRmRo3dJi#EU5kx>D
zG1+VuhlA#FF+3iQ&nE~39HEdT5^=?1zEmb6OO{Z!Y>_;9P@y83iWMVDl*m-76j7#3
zrgG(C6)I4wRAE)C#;Z}oR;!k%PMs|ES_E3P@{F6pm^Mu^XN7N-b%@Qj$h6gN#6gFM
zjyWN8-g&wUE-+knMdG^a5;xtHy6v_Mcig4A=N{R8_bDEDK=#l>ibozxeDa9~-C!Yr
z6d;Yq;;=XXL}(NmLTGoYEBx8Z-yvYA46s5X6Ih{!4xVV<)|~gG4zoL-oeToB`JCqn
zY(;Oo9I27&mz}HV(D5L<Q7j#EmcjduCs(Gjv<J5P?d60AkcNWRPZlv<Yw@H_+WYs$
zU(tKDm`@!qZXax1EqB+yj}JiTNWz+u+_&uB5s-K%ikKcE7x<x74Br?!ZeFf{9$?oe
zB;IB%_j9NO$zvF9l`Xng5(bQc0DFR`!BV6GoF+f}aJ+-%axyb&j*@4RopYNhLwgc%
ztUqYBeD|^2as0x)&A*W547@V`36=X6!68M?&@p^!XdcOH#@k)IPe0kCCAGIrG>B6V
zpDjVCu1Ge#THsfJ%1SnJ<U9mj1az3?ZjjWlDsXQ~rNzv}9|kB^b3qcd*_dOo1_<Qk
zq0f?U0hqi>=Cm|R+OAr&{A31w`{6<y4UK5Bj?QM|g)rqey6X&@QP)27EM^P#l1^}u
ztc>6M$=PR>74#}yD`?BY1-5ZeDd$LD36si`ZUfm7dSm(yo0Udr=prw2v*KN#x1`{(
z@){6hVT%h*+}?Q+QX89GAUf8-nOt#pX?b4GEIW}X%OHNX#%T3U`!ro89MMAqa8SAB
zdclQ1NirT*%XS?@=*nDt$7~4~+z*VwZFEFm$s0naC6`<=x&EstBia)Ac2D;j__iK$
z(k`~=UhH6Z8bX<jQeW%>wam$QU;r(!E_f9WX6W~qsK;<;86zT({%g&VE70cM*odvr
zMn3cSt=`gpw6+!fzVkkhgC|{X4zFdCn{*&%FBZT!uBy+Ddvhg`<!#|Uv~bl36Vjld
zuw!MmTs#N2BhV+?kWZmDvCqOHzr_zB*qSqQus2JjhZoW@ZgwC?f%NuE0_k!-3q!s-
zrU9d}jhj_yvt26ebx4CFj%ah-3GJ@Brqc^U-Cj|TH}!fU;wKMGBLKD$A=ule7uLZG
z#Zm<%g(!esO)hI%V_aC_u<ncJ;|L-NQ3ja@wTlKyWgB#O<Prd)Mpl=gIFaoNWRRgi
zO?E6m0L4Y6pdvBFOs3yBLK@wu(AfrsDa3LB32NYh8(aXa5f$xqIkFI;5KSkJK|GT<
z7Kv<<IizvP;E}~AM?jvib09)OtQ=zG6Dly&hkanY60A~4S4M(zl2nkY(&(T}Wh+<t
zCRCl_KHyV^8<<hz%#va=>9z=?v+u&%>j3?OKjSM?u}W2mid9?|e}G0M477B=b%7zG
zlM*&1*<GGLt&z;<{fRJIJy)mNP#gCZHVkgX9>wmT%wE*1qZIX4uuUhX!|ZSkI-aU;
z6xMNyu}5_(lAcs0e_4Q$myc)L*FjVV`g!Oqp-UB(K)BO9ae|}vd_J(ZHy30r><7;S
z$rM@jrqT9$Kyb1nsf$L29upB6rt$WOeLoc&$6H%`kO#Y;>P}W6y0_Z|%<&c)3s(i(
z*DR{41=Aep)_5*fZmn!pV{<ZQo4XCXlXrySQF3R^pbtYW#rXpQ%o{<wflmtbg-?2i
zPk9q9`=pWnbY4FH$;N?-VN9LeaRmHkOl5`6DePD~jC~$%v*WNMeZ~%F=hzhjGZGB1
zVOChmonv$HdQRk|cqWOSLw_X+rZvL>S)T@2B8o~=#3BY{*UyzlSFfLGEP6TSY-*J5
zwnwdFP`zJH!`y=s-L$tt3{La(!V(&v&JZ)@umRK6ICDhjxgy!%<hj{Bs(gWP1YfXF
z$#T#@6C^gZPbNsLH|FUAlqTkN1!hPTsK(wS130jc&nX6E0S1kr7ETm-0vL3i8Bi#|
z4JE*E?&&;|iMgAB2qCI7L4#Es33!qTq!5kPYFCj$lni2I5-W>%*(Av&Ri4p5F|E+$
zwBga(b=A^teKh@$VvIN|#9HN1R$E8udYh<rL##bHQ8}yP%hb7q)QaOzJ!IA@kI&#a
zi)2ooF3V2F6iN~a8r+2n6!Ei7G0dT}2nyE6Xh0Ep10|3w4~pAnixva4S$in7J7d^5
znL)n$v$^jRfA}o`(7r39o${0$pc%=}td0mkM7$uM1hiigbGIwqZn(8072XW2Y|%Bo
za{9?)<iVfHPo~->SKWPjy8vsRrB@xz&Qk?g7u<B)Q}2A}dPucVMvr|%^u>%AOcq-v
zM;2G!hhAJhIZrm-Wa34K@{@gxz`!Q{aIrjf2MrjIXtbI700$6&MoMSHOQgEy3BYe0
zm;!<w3y?uV0&uc6YnRARI8n@{f{E502U;cw#s#9?By^i7Pl<R}V9ZFUx*kx^vg-}|
zHy`p${`juuLe`}(b+LvY0A9Q8oIR%L<N<>+3I>@(r|D*xX_ndg%`w+J^X>E83opGA
zY=&qvC730_?16p>=1fDFIWlWx{<JXDM`lc!2{H?0_PBnKISb4km^WqqNU#~>Wv-{6
zWJglX`X&S~mI?xuBG8Bi!M-a5T|^ud$$aE>(?yytT(xP?Jh1AT=O7J*w7{Ty#;74k
zgNUXd2VBX*C|bS*1du)n)}Tp2%2lHhpdrY}B2E`d2*WaxKsg36x(hbU10ey8tUf#3
zLXieV$^!)yP?UP1l!Gqdx;pS*jCm*$7+}z`ocqQJwMxy>?H`pDV)Ju73CN%1I7xu@
zEXP6uXrO%63N{)FMgscc1qm0^8%98bA_Qr`VmvB5RRbYRlsFU+;7=GXR3tpI2NPn9
zl#}4w4Rj)45iwpjHu+&8*Z%*`aVLZSkM*~;HD2)Nfto5Bz?WnBeVe}pypxaaT!R;|
zF+d1XFa;1?sJ@lur3JW<7>qNVpe-?xU3Bh869SHAOyK?Kgp*D=?ToX|Iq!mtesam>
z*(n|dxa1+2U1q^}iy@#yy!<Y30-fN<x*?DWz`&3zF)a!Mr(V-+l3p>PaD5=S1Sl|4
zz)=TY{Luv;g9RSqM)6>xlT63}g2}P1UIx7OPDCOWFb9^6y8%aXu=0J9T&z{Zni7LW
z@nwOM<gHzG&2=~2bjxjb-1Wdi_uL1E;2M9{LSc5;8K|t5y%-uqa(YY<kjGj8*t@M%
zaez2%AcsaF5D)?mhXAkwPyxW^ry2(!A^rWD9~KNibu&@-fSm`3j~xUogaBm0<Y@>n
zASlCrdG}BW5=J1EN|7?%#{1SKk9_nMCQ5FP^;GZn{=HDrCDLu*^+TWdnLqnW|4eEn
z?T9JyXFQNZCyoEFB^DBrQ*-kgXN~V%_SmP0lGCF&>)i5f-`_JQf8p&1%J-?|Q2?bK
zZQn7HfPeq|SKwkk=I5)AzXCk`{IKcqg~zpzH$AjJRy<nzp#D+a!^aPA!sEeY0uBNW
z1CAOGxCpoo_$=(>=iYdtu*h=9J@;OZWet6xgFahmlLhvDsxkg|zxl%w$Nq{mY`4E`
z4*(bJx7Xib7JKc5XI?tsP#`ekkq!Q_$&mzsr~dSv?*jwl9JV#1z_%XT=!1_wSt^%-
zk%?I*i(gpTIb_L}!>Li5YBhXn)v5QZ22Glc)gqu>D;vKRR$60~)z$*UEI_UT`~b!u
z17_X;&@2V2695`OLV$sT9W*>LmcC9EN?F75dkHHqu;*ntlPa0Q3Q0s|R|&_2{1EoI
zfY<@f3^FbR&3ERLArSGs$}kLP?XS@c4k*Ybl18Lpk!yH!s=)IzTy1$sDeEG_aA&Xm
z?(itoZ7>31s&ZR+Y6e|`TAr5OfHNjlF5E8bap+ikHtG5(kDjPKk99B5wXS!L!`@Sq
zspc38cdR1u1DW{X+dr<;x30R@y5D|VoDAW!v)U4~GBd}#hD-`N2@y@C)M@2R+J8_f
z%=bIxT;ERCjcLGzyMIgxkp3arOh-O8%lJhJt+52uW{%r+{+?vQMHH$M)j@Ksxs??2
zpnu~IH!8xKN}|gU+(iR1D@>%l_-L+aDw49Sq{|x6`q3*LTePD^Z2*;Y^2XG{9jzX-
zjGYB+p_?466o&%UeJM|q#$^O7KmAA)7`&}o0xRz0Z#?!Hu+d&n4T!=kBS!rq^`5Tc
z=P*Y01gA0~Xp>wr)!J+{*&bJsjW(EiqJ&GE3<>pyG?gw{ab3A_Fc-w~LO8ueZrd>|
zP8D}KNNq@sH=I%!=5CrUCn->%q=jtVSKk#Qmtjr$ou7C3jlS9coL~A7ze<0E1)EPZ
zy$x|cXe3>%FCGrmLS&Zfz1$VDY88+=BQ~%rBwUbOc%AZ9rht0KKPMe%oTO=3uVy5s
zXJ?EZOPa@&WLW`;btW}oqOee#Usir7ACe{6fHFL?-=j1MtJM^HqHL&fK_dlO<&<6>
z6OjK}$Mzi>x;P!TfNJ3azWxDX)Fxj@7zEPGg||x`hqSenv%~Y0t=@4s$EvVs^=h2t
zd0BYBHN36-OqNnfIX$(tv-xkFq=CKl=Ox-C;b`f9ylM_3NkCPT8vO0!1$HjYT*%>V
zKj7aQ9s1@fNtu;18i=mcRc4ffPCz)o>qv)ksw(>~MER5{3A&i?O-rJhn}M!PK*32G
zlw2!glY_-?#v%#R=;`H(o_{6(a82)K{kd62AP9F)wY;XBZyK|BW3ad|!ds9{K%K9d
zi-kxq+;#$?JQD5F{OP+s5TPWb_*wS3?w!&SqWDuBSJm0hEo~gOgd;#8N}dt{c2J-Z
zQcZC|Qe3WlR!33wBjdG*coP&kN})_sHI#<rCqGqXUzkD^F+AZLi`)Q<Dly_%b<hSy
zE>~b?OF<$n)6^nr9@lbW(o??a)dG{B-K8&>1TR1@w$U?nG*;Y(uf~RuLlSO7Yhk&T
z(dVc#8FZl`C#+HkGvJ{W6kUfeYat)dq4>)Q3obY`GoD6VAsYHJvM9$RUPptrYCdpB
zUujp)$%MGhw|<P<r!mCL>L1L11xJDDI-9I|-Z6rGYxy!O#Xko;dN8QZZfpSb`gz++
zt8zeHVesK2+}Hn>!tIFvuBpd4HaiflizoeQr4XIGS)>+Zz117cXnD;9NhW-*pM|)Y
z5_}ezpB1ABH@_tN-dX>0#M+S#CFv7j0oRE+d*nIn4-)pBq-ja-3O*K@;|MoeFu?{C
z((Iq~PwhoocUeur9%wyFvb3z!KLA;FZ1ICfO7Vr{B!AWC;<6={7*QlLj9*fv*5<w2
z00@Nq$DwbyjA`e3Lodb;od2UCMw#Y_QJ<})9VKgmL_CB<VuHP4otYVD;Q;Uv4Q-7R
zGLXE=N8b*`G9LxWv-`gw%~$`0e-CG9EGKBnuGwW7(YCloY4op5`4RsgB7CqYmgOVK
z&{`T1U$21<*{9y>FJxV2RzR{<^6$uMlKz>@4;z`oJy+_gOQrhV-oxw#=WVGiuQ8e|
zu12jI+Orx_2B0tevzuIfAzkL)^Se_`ht~ChT}DE~nq$2>rruv~Gqd7ObDq*^`-_X6
zq?f4OHihf!{ba0!n+vuPMfI6f`=OGiJ5*CRmS!B5;NKrd<N;@jk2ct&LtqvytN7yL
zSg97P{uWwoq!<-cz&KXXJl*)FusJ4uh*1F(D{g|95at3WWb`R}i^v6#aTF3lM~-NL
z710abu=m%@{$<;g$*C_<Fm+n0qysWRm_fckwZ*4=q#HGS(7O;?gqpLWc^6Y&z6(6e
z0N>K7^l{mNt=5SS+m3B1N7hr&rB&f!0SQmo3WsHIAXp*i3rj25=k{9d(W}jCgZz0I
zW$N`c>#^2dr~bib5ZaneK7uVtXhIX3P<{94f4+j4QzvhYJ&yFjAa>bM6ioQdJEX8q
z<&110uxq-RVZrBcU=AgImt#UPc3(gQGT{&v7b8cgnT&LkC8(36FbaZ5&Ocv&kA*ZL
z5g`%!5=JXg5O%n0%;wd3b7*stCKCQMbbgZ=(O@1SErA+Iy5GkIfKwG4R?S`4<Bhr!
zEe_rSRy>YxrlNs$8S;=@kjy;GrzJ}vOU&LHs8Qx|J?CFUDifw%o2?j<dkYaB;Zx`+
zU!lQAhXO>K!%`}ki%K8#scuKk@fWlta2lP%+XVa5TqbQS@vyw?Oa>r<5S#1=8ZmPs
zlg$WrLR6n6XZxE>Bjbtg2i#Ql5TM=*Xsh?SVLN4&%CoUTd`Ju_XM5z&5@t2@^(2>q
znelO(=^dzcjrjS*$$~$kIw(LMvJ1{#H%6gJ<y!xYu_x<Z?D41XEbG@i)yM|cK6*F`
z?}s*1FvbPni{yY3+2qcEP@dl%)6WSX@7ZTv;zW6@_JrA2Ez2Boe|B*84}~lEh76{v
z*<2b85uVfd3k6YFndtd=vyj4z_ZgTC{wDpA`b7o()S$^HeSzL9kv{`13r})dS&wCi
zoZ(8g8T%~?l~h#HDjt^j7Ho_^R6)a%YWckc2Fm<+UM-Dzjs2H0UCzVAm4pRHusaXZ
z&!B;HN@)BO9IHB9v1<Z3^#KB%%I(3!CRx*5<07+MeFH}S<jDrd!g6H$8cE4i`#h}Q
z)a#Q1w#KF9U)6*anf{7h;{$iHR#;u7EE-sML*z3<{st15nqyp0yY=&q?H8A>%^yu*
zFYcF(Mf;3-hnjItIZf9>)xoHTiUY^d@vOb3S%cAoMMWDJR+bmqt`qAwi0%1%$(t^(
z=dfqQ+7c)k0ng3<%zpbF-v0x%AKUO(_xag-jcWyS+38mj*!myo>f@DqWg<6cJQT0V
zRBN@lV_8PeG`%#G${;2gw&ZpdBo3$Nf?{OOOiRw7zrnerKPyLBA%@vXrZrHxCK0DZ
zQ<>LfVm<A&xwA`wt^aW40&UjZ=4Qu&xrQ=sdwfa`ljpYEc?CJNl=z;-lAfR`563-R
zG^S_wAeQ%pEPm4S<Ui1WESzs~4*DBhOXg+e8>=LrtR+)>Io8sq@=AA;8&x>c+|c=f
z8`;cz!)D;0pZ^)`AB_AtlGE-7KO-}%<oF76<X0SPqI&bdeq~}!ar)@PA)&uv>rNnE
zO<%hz+ETH*Uqr%Jn$ubzc{yPvv~u+FYVw-?X&*_!_7DdjN?KO@XZ9vZmO&Y#98y5~
z_?qS7ty<+gNHThY{6+unq;<+UkUo5z{3Xak7W8FjE~%@}9PG0f*s=D^p}M*SUrqAI
zYi)t@a+_aUkUz%&u=PJSwKDW>hgI(l@b%dba!j2*$zKW`$gA%UZuRMWzWPZxa?QL-
zilrvDXXmV?{z;tDw9SL}+6nAf!!=wTb_cNaztxYWY4h!-jAFw8w6W(+_S-V6{5zrW
zq}&Q(kgD+lLT)85kIv$MPatyFI;o?-q3Z=wdA?7gOKD16npynk-v`D|@d<P0=aM(;
zbM?|xw_gS>MDFkTyJvqSupuW*9opa-^p~YtWU@3%nSZWl!{j0G&57A7Y=UR#s^`!R
zOx1O(V9}4W!Sv4Ai@Cy_(bc)oKy>v&y|7m=oF82?2vvqxd%40nf!QNUW?Q&b3+0Ae
z+Z0TI9JX&&Y)I+eSn(6IOFJa#Ub#iP-?%~5H&Xrp+L^Oe(FcydI<bCL>d<wZ?j&?0
zPIp2+wCq&*6`&Oo4+ixd$^Va0d%$s|&f!wpr{ph;h-9#de<UT9y{n_jORM}X@tq5y
zw+70nu{Z-I-xhj=fPDdUNV0}>2^tO@AJ~DgoYlrt6#41=W@}zrrza!7gORMaPIGbl
z&x?8i7O8Jks9JM!je$0Wj&C3w)Oon1<P3{im0=ZPuk%w&9eH^0nTi`{b!E$2J?Tm8
zanpk=TL+GJ&WD!jDX<P~1@=67CyJV^F`D^0kbpFfO;-nUvNeJFj5K3$2ER@hlZ0gt
z>BXYtEMY-m31MmKes(37;sHgy8owHfOQz;IBwAwHZ}|EXgW++P83~1f!d~$CPhNuS
z;3^DEh`X5>_jv-efTc}Tq}ofE$z0@tdPm(PRI0?BPn8i~C!k}Z*jdG8a;-$0HI8RK
zL#SmleFQ=ci(SiV5dVV1G|?qE_`c1!_zOUNd|*d#!Qo7fINMZLk~Bb;o+ib2wmX3O
z_`HSCiW6&go<Ble-Sl0Cp&Oh=TIEF+>Hr%93uV@2MKuf?fcjJCYUqQWD@s;zm@u<Y
zl$E)Nq4ckgRD5(yv(r`3e^%}q%wmzsMuoODCs!K~ms06hxN>u}t+zR&oyW7P)I1B1
z&$XykTq{r=+R`~6I%}dZi)v;B^3pmy8B)@bC6IlAof<8}W{E5I>^rnL$TD4>Kq;eI
z+`k0v32b>vts3IcI}z%F)>?#&*x^CU_#dZ4#-9<9z*VHEn(k4%v2Tdvn=w%*uP(i}
zzLTx@<>jTi7%$cN1IhSQCU!>2-#^UYYio+ZS1Y#Hy3XqSmY~Qf-F+Q_j?)|(A$;lp
zx{h8CZXmPUB>DEgkiufqz^BeI9pafe5$xaeaZvesFxt8Znig#xRK1?F_9GY^_i>@%
zxii$52UUfeCrh7CkUj5<FjhfTA;wDn^BL_QcW_UZhwE#gnlOEN;z<y(7&iC)szk?N
z(IC`{ZzVgH%=>@Ir&WUN;rd~yPd=5A4LZI@2R+3#m7zlDffcpiJQ*}xUmK+#gjymE
zlhdxx+5W3v=Crc`!*Pi>5@@zx;@=7Yeg(U@7Y!*HC0TQmXTR+Ed&;$O*A_uNi--1V
z2SI>kN!8_@BaPL|m2<TzNu6zxTS^wk*Q)i<y1-))#L(is&U=xfq)^P4>EjP`-jthR
zaiFbaz>v3~x!E;$k=DDt=Z`6u$6a0o>)GCpS%pb;(S-R9htTa}fNGvqV}Y>2CB3%S
z*emhB5*2P^3qx1ru<5-4p58s~Q%<K(awaVYe2?U*nN%&?F{xld1QE?n_#;VD_O6O5
z<?ER_zZe)?jZ2x>phF3<2?4c;7ay}*<S8sBaAmoi&#48J7W@nGE(&A{y-UEp`0(9k
zo{UY21nN%%pTOR)xpjjhITU`f#p<eky*j}q#c(0xsRMPd=XcYwq|7`t)y(T(aR!Q<
zJ~UDR!jK(4MMi5*t};-kP$oNghi_-|c$$0%8WKSaC41rJ@?O2MCraAcRA|9wMS_ny
z@q4oY$u(e-#1#lW{#-03LoO1r2<DTfI6^Ry&(p|nE_kUHSJtLx>5BwhOCoLT^|3K1
zxjaeE=dm-h62b1LX&2d?B(p6X9aaFtCw7%3X87dFdb26DvN$=3&|<(@H_tK9Re{v>
zv;E2fvYs6>*GN}&D7IVHHD{&t)*6B8P}{(EgkjNN6i+=X2S)P^A<UOT{gF8RIj(*o
zHH=Wr{ygwrN-VTW!J^)+y#vDc&47{6b8|#mQc*CzVR#6Ii=<+<;>B<lrE(!_>Bni*
zT(e7ie`nUe>BmF0XYBwv=?)RsPt6z%h0Y<`IM}hM$loFxe)o}lm>h^^(?$PzJQy*j
z1&`lHZyuoiN5;4@ICNy3u}my<iggC({}hytDBxHfd}(H$L&sriuA{%zC{pLqZO5nK
zll(a!`=(IZJDlXjbE_z`f1sBnvS-?L+8;?%!6@XGo~`TF^=zmvXoK0-s<F6MbV+_b
z+U=6qu^6}eZx&P13Je{ynmXL6#<-XUsG|eWomtkN9=(qz0BlNim&5+ESFBT(h?0uZ
zljV)>#^jb^^u!+Ug=`HXrndOJp2`xm)8Y@CWA#4Q{|s^~gW|tqE<E7n$jdv6az#=-
z9cnUIGtyK!bsVsI)U+BRlr<XqI&@dGU`b5X%iiIDx!Jq~{7&|IiBnyCR!d`v7Knsn
zx$(B|)$Ayhujh4GdjvyP#Fn{q2319^1VqztTv2FdCz<?MDt=86ru$X8Sxp_L#jPf-
z(#?Hn&Hr2%PaUMV;O2QI3L&S?Q>97ucqCwTP%U}0erZ|`q31}ERHJF5b&r{cC<ejE
zj*7%oyF{L0J`Gs}MzK_4ceB&-YdsFW$PfhmQ`(ebnWK^y*V`bZ_tOXibmmbchyFV&
z9(Al)Gfd#D0-N`W|Dxfz<j_nXh4e}Bi?W#az?T2HD4y0wb-~PYO;m!^$rib^n$*%#
zacYKNrJLE@Zd%f60%WAI&MqJHt(>&A-dJaqFYx)~gLQU8dt58JIM<0T92*xmDYnp=
z8(Z85R=wzOvrTab|2V*NI;<T%S|6`0k20;xVgFJt(s>&F#mTb9g2vdEVRTau7z(N-
zZPqT8=ZxvuQIxDvw^7pjtr$WwXiOH3!Jx62G+_CjU<;(GAUI8Oidc*ihFD@&=eRpS
z*9(*g>KlamP$Iz>C2CQ+bC8uy2$?@coDttSu=GVitg3RwIW*Cc5WiKDWoCIra;cLl
zvZT>(f4gdtMD>M%VzN-nNWL7A=FMO&cI(^KizpN4>v0xCEG6t9^N4x>E;-}(#-G|2
z{HQw^%;pR9=|+9Mk@EHA4mUCwo_UHwKL)Bxzs_xQNx_FGV>_i^QI|0v9F$F+=i8$7
zjf-spG{_qM`tvxzIph01ce&`9<$-fKZ||lL^O-FEemY}6pT*=41LW-7`?=u!zKm+!
zgT6kGwSt>2Efd|WuVbv#3uf=zH<5Xp)YWUUvJcNRPX=%;F1}{3`mV|jc#G}T-&NbM
z6@xd6HTSb=It>wT2QHWmPg3it+4nU{dknFd%|clDsp0~tK%B})SlH}hV$6Ke7?O2|
zPq^JpV}eYYu2vS?N~)Vub3dD^SCjBIm<!nPM2(J?eP08@SBDQ&m!%3I@2^*7ufX#o
zT94M}C_7kouvB!a>=YO%J}<AS7ov>;On93uyuAgBF<QL*q@8yZfRDK{9}Dlyge!=r
zV^BpSnuH^Cm4Ly~>M#9?*OfS(@*>ttjk{tTUdoKFyQ?GKZ{j6#)HS;gV6@(%9UHKp
z*dsro7$k$8Sit}@9QOzAe?b{rCHfkxQ|Aq^^xV^+Jw(&abGwqd?e?TDx3itA(X?~j
zd6F)hUDEA#we!@9%r>pQJ10lq*`~=fw`=sBHP`NTtur&lB@h)T(vtHE_+tLmj)qU4
zx&i`M634;G!35d^Dgt;Rl@&^oi_+2(F2iK90)vstl#U#OL1Ri~7MNdr%*jIPBMP0w
zvMTNo6qT`K9wU+e$Hao7+Nb&Xqx18hPL?+?%45|KT1_wa%L~fFTA-8-I@ty&>_8dV
zzTGmNS68CwFRL|d>*-pjE^b&=<XT;;XH{!-S!8D79|5>kOCzS4vh;j{OR6`s6LGF{
z@H=kaJyf1Hp`M&2GfBHUEaj>$NtrighO<0tQlHY!%tn7CI&PPt6|%^uEX=fb#Dtw_
zb%GYSVvl5c@<#g|9ye-(GiHO&R}K}z{Z3CQ`bb{SS0hm}wq`N+ful%++h1Ppt~VHy
zQq25@Y#h^IpyP0K{pZRA8*zo2sn;gDrU9NjGriP9Cp?OaVFjH|a}=uWI;9}PHK)A@
zj36c1tRa<HAjE{AB_$cOO*qsLCg%C&lV8+CKJ88xg?M-Oy}4A{kS+mCU6I8OYK53q
z`uqI-(*8fEy_Or~`QQk$F4?XUv#N2pFIWN>OWgD*^80u0#d$wW4oS+?rpcW)@ZIi&
zqh?8L%;ETC_ECqcsiedc$meuLur+u8M<p&+i3BNXO$syPDQHt*%D6?*yNVd{L;R|!
zdW0GrMQU<Ye9Dizph;l~Vn<4f+@2ziPxM2VrqKDhYT;kg@iDE@k%7qA;8EYv_hT?q
zFQO^2_rc__WC^v$EJnv1#)}hcBiNcdUsqI5cv39eQ)X6PQ%Ol_04y!!s0EXX3Kgqt
zC&rU|v|36MKue*6Na*s#e@GlPe^OzQR0cJp;w15L$#M2!ikE<-NiKH)2?ZVkK0A)0
z7Nn{iU{WK$o|RmX>J33vV^NoTXj+5`!&Di}mgBh#pr~6x_A&nRGN>Uc0gN<q%q*T&
zDnl}}If*8A(PUCi-o)Z$6ZW#$`v`<}Y}Q(Ea1KjFW2iVBgTZ&k&dKT%Ok|QNflxpq
z7l7g%lldY+tsH$^B%S_GX%f~e7b#vvM*n`%{dnjN^=WwN%Ssy!#pA}(Xt7)#3f%Np
z4wo?m%5t}kK+D$So!@H7M?JjE>@xl68gJF_#>Ah@xm&O#S_uW4bzDn4PFD#{_G)XS
z4+z~qDjdn9!r4tOEfl<QMvPMGE)!*><gn2W2js-E-V38EM1$^0!Qp(awi`m60^bZQ
zH7u1S^X`ST#p1p_SoJ07JB*8p`UX#9yA8`^%jBgS09i=Sj23iLhCVkqoZ}RxUUwbc
zG^eYQm&g1q+fJE|Pn>i3X6B<HB*SU!C(DkTGdYB#>?})~TL7Y2rDfr5ll?|nO_}<R
zH@l?bol8@AYh9#P{8nCkSQn2fUE=1^RQ$h{O0W%Cx<1cV1y@QA@A2(9+)z6hAjkSH
z_&{fq$vkK7oO!10+<9~HFFp`Y9XIaz1<D)B=Az!EQ0A@alEC|#^Lwi4t7~`aG(LnM
z>i}|%_`9B1fGaC!?D6f{(y%4RXT+^s)mTx~vf1r(UtPQj+-VSg91#?MB)+goW0|2A
zxzWO>cg13P|F~Q;`CwAX;WFO^68I}vJ!QzQ3yX!2jzc$js2YfHXm<Tgw5qLY(j5A!
zZXkO~G<zXH_wu)a(6r$d<z-6`fY8kc+ijk0vlq>1^mtN4Q=0{g1P)f#PhPaS0zGc1
zZ&17A_rk_CXZU+fE(E3mt9d;+e2h@)hG3)0OnG;h;Bw9m81_@c6;Tn%98WM}#Gp;0
z{cDXZ9C=u;0|Sl{RtZR@-=R|P&}%YiNFmN3CTIncFM;SgLhP*237rm|pz$cNCLy7Q
zDD!@c8AwuV6p36-np&MSZX#7w(&$-e^sH!O0!AdydAw&5@vp|@H+0l=6lz*j)HL%A
zF&$KW*tTwe?3iaa1YTF1svw&rsTK~ghciGG063TdW`Q1bI_L-90w$KMShE!e=z1^@
z!7X66B`dKAYXM$MR$|SVZDe{P*SzP&k`-&QK(~OSmaN1Yyb6~1FON1BEnBr2n}l(f
z9@3VvXgMZT%>x!K#~k)H(lnekZ&xf@wi***^O#t)9FwFLQNldIaK08e+T(iesAU=e
z&eV(GZ`ySLUts|d+vo*AjjV-Dmb=#gxb}@3tLxuQsaZznW!|e5dWBkvl?1YL!N31e
zYn(Nc)w*Oh$BbHUt!MS@3jiM*3}|>KfH+e0NqtJ6#*a>`(XDP(YopKTv-+GquP^9}
z`X_x!UG{>(&wy7?^qZl;ifz~;V0x2YK=H@?JgV!7JyDgrcRG7jUgwj!(e>2+bGo%=
z<P-J2Xce5}`!W0v=<@Hsah&Qf9j+sEw2ss$LI?BSV;JJczWn>)pU*#m_1|k3Q~>eN
zguNQ|1z%w$;9jro;uId4qxLtDThDl{)y}+W(xc$-N`+m*2E>PBm}qTsG?oKAooEGO
zJI%wkExipb1H}H6+(+&^PW-8kC(LMV1~M_j5rWp1nx=uA!Qxy+t{*w8_mzI?oS`EG
zXuFc*`IjW}^Jq|3@2i>4>^xvu6V*WMrg_J)&3&~SvXPn9K!QKf_Uov517>yjEB$n>
zGZcOErv^!4(~1{fHsrq+OY2e4QvXq>qXRhz9|waxR><W)ktFa1V*GBU*YPo*@pm=A
zv{`voXUI<0l;>i1ktHWryPYv*dD;<L?zZ3U(VVC8A}QIH??|!xwCSGtn3dn1I;`nP
zbpI0v*-t3dCtIkB=2E=BQ`#jX2u8mZ+|(tlARAPxnR_LtfF@3X7zKHTCQV1B9bWe(
zs^VgOw*PI;1VnxIns`E*qUu>#t9V<>n@SjbNfUhYQGu_?paKi_bEjCB5BVY|eR<wp
z@~epR$lW%$@j#^&<zincX!>_3=51=uuMCr$m2KT=VUx1#Kw#6Zq#XnX$f2o^PYgXT
z9i#X!1crD8aP!rg0PejJNdIL{^#1et=zjuq1l7&IAA$Z{$C6zbOz}C#Z1>4>2FUd*
zwuG$){EjO^O9+?oM{8Z*@bLZ<+3KqVgTJv<cJv%)163{;RRq^=Gs|mS;qXMH3^GT5
z{aFH9#{f>#sdEj@<e2~Db&>~LG)mK29Z_UKZ@09%#RTe8NL@w$CTeqPec#M&ztN*&
zGeJ~SD2fE(RS3Wq4k9uXgvSL8TcRpsj%|T`ik78Ec*`}hHV+FKyCRs(IyLyV`C(=r
zgl{dIeUUQeL=)ItC72#TZ98Rm-yLI}`s|IQ=}1SnliCDG!8pRhn>vIY7r=H8?0JXe
zP`Vthk?08qBmj*VV88|!oCl^<CppV78v)3g&O-E<n7oinmsCA*xY8xhZ_IYCvc@SJ
zx`Zv97FmmPxnzj3iVR~U)o^J<;!5)vJSM9|N<5_0GV2v$<yYZRz$6eNAACcUmbpep
zIB==>;#mwEpHB~FKj7sjq;3OM(~0cj@0i=knsgkfHSmMn01aZpzzqjVjZt03UOvQm
zPG5tNHdr&GAG48A!a#^{#7<Kv+fC}6LioeRKX%hDhP5S)5t;}fHiS-lEha6(l~Wug
z%ExV#q5xh@#=_Vpps10HA219vT+l#{2JF-p^kA-<H=t5+wPPg0=bANNxC*1d@X~4s
zK(87CtPTahT(Uar!6Zby9$ZLp)<ZCOwjPA#*m^-K6|5JGCP^Z^2OQEGW6k6Qr2!RM
z)E=c(i7y}xMVcD*Y6v(OSmmm;h58k$<nn41ki`=>;n8T)ppr|KmU)vrb|VroKA|MZ
z()f^8pBgFcL5YN49#|+<8b7akRSKy_I+H!OB;!gYD^deH3I&pPNWPI2sC)OT>1a5l
zF|c#R5eoYAg{Ww@k~BgdBS?5Vq=@>>VNJ?Qq{~ZdHGWq#YZRl{qWRi*<5KCXvD#xg
z4kP%yNQPe|{<g=)MGEn?TKSOVm_QSpb|hmE9Icb=y!<rIbg#|lboX%Z!GH1a*@=ZW
z7_)#14IKj$3mZowE*?Gs*P@t2?06}e6shEkJ}act(YHA_v)#(}>s(HGT=EqtRK%@V
ziJi_mZI^Nt=BspGl{3z{bSCzp+O_b1yJEK*3+!>zbvO9D_1b%NYSr^=&}fY&V>N3L
z(56+p4!3mb)@7VtJ=WT5rU}NIXp(o1c;m`2p`vP8EL04XSZEknICyd5BUm>~%XVDP
zmndTpB-jqJ9>qFgf*f?numet5HRoGfZ4+sq{eJY322!{TDjsE`l~Q`8$}}^~HcLOM
z;QXRQi-8gg4Fd}YFHSsy1Vkic6jU^H3`{I+9ErGi_ymMmX;nnTnc}!nrdkw9`W#D=
z<b?Q*LaKe_nLt8BHbBj5L!@L<q(*Cw+hTsW%M{P0Gz#f5D5<DvXzAz~7@3%5vanKM
z8`aiWD-=s)i0abnl(hy`VHo;g(01njJEW<xDlb|)nnq!_+`u1(-iyOIo7#3w8K~{#
z&La|TB%-)%tZjTDYWb~8ZUx$!12hFG5NT72%El&(00b!z0RS2RK@2dCc(Vw*l?UD7
zm{|*B<jq7hZ}*K7n%XM67y{6&06_{w0DuNS5ChbpyAH-dDrm2Qz58t(yibSF1Gw1d
z{7oztC5HtXya6BoLJ|8>-j=!F@pKg0u-lk0#YHF)6G%GtA{2(Q;a3dAqEr-%Q*kUw
mC6gp#*(7CRnle#KqRz!KMA#jQ94k%OZCcn3>wg;b1_J=`%zc*t

literal 0
HcmV?d00001

diff --git a/data/web/fonts/source-sans-pro-v21-latin-700italic.woff b/data/web/fonts/source-sans-pro-v21-latin-700italic.woff
new file mode 100644
index 0000000000000000000000000000000000000000..729bdee92b30adc67b04bb968bb599c33135fba4
GIT binary patch
literal 15640
zcmYj&V{|9Y6K-tVwm0U+wr$(iW@Fp7?c|q@ZQHi3oA-Y|+*>ns`t;LPUG-sRPMw~o
z+~vi@fPjI1gbxb{{=d;y<7fUq<iFYfFXAGiVn9H^Og|X=kBWh^ff|Y{$SeO~7C=A{
z7eGK*8LKhttm4Y5LO?)JDnGay5D<u)-Mbr!yfPy*5D;|LkDum`8tAaQ{WG>TbN~W^
zf%>uY_^~748z~AlxA8Os0)qVm1Vr_N@fRK1H&9!c8kztBvAq2F{TG)Vx1Dyy;s*o*
zV*M`{vi}s;8@k=X*5${C^(QWf3lI>P!`(Mwl8wFbj~)BS4@UB%+%c>EF1CgqKXEyK
z@&&^CQ6gYgpietPTT>t)uK#l3{IM(30CLK8uy_91hg;xhz6b;aPG`a??c}ir-&+qa
z0E7nK<K3O8A#M&vp>R$WUI*}}!~!-|p!oHyQDt;q|IC@S=M*_y>BGmL#SD=O1mv+c
zm<Db`CW#`dziMjcotCcYF!4Vr*flkSNPG%8wn&$BS!h^;RkN;}zWd|li}jq0+n~HY
z&(i$S?Wd+DrY2&7Rw406Z0Sa<V(aC|-7n5^`(p#KTb7pkZ~BGgLTH7(&*^&u|0;;2
zf)uC%-)R8!CaZNfOj&8gesjZ2bBQtHxd!l(EjjJVW=r%j8aq)ps6i^<u%CU4UgzXg
zi)@QLGJ@0^%~~CPv#*tO!}F?YN+V!xVwRrru$b0IKWC`LsxV#DazqMe`cIr@09;%*
z4!~U8W}Dg!GdzzCQ#M`d-G$6*xS?_Ljz{|aWkQff*zI-X-0S3V5%ZF83-)Wcaj^=L
z4zt1$OhUeX%r!unW(CY_v?J(w&EEt2nzCxP5-?zw<Qi<042oMHPgRM03UwA<sPwDi
zn)hfG@le%#dV0UcVAafj_9Wiv+f8eMA8YL|zGyY8h4<yz&S5MRYa;MdS%Vka1x1c>
z5F7MUDx7m{JhmE?`?Bt84x-wD=ikGI!Q0Aj!A@8J3Hp@^?OOK%WOK2D2!RCcJKH2o
ze19_|`b8K#smQZdchfS$dbi_BHVzN8P2%JF;1jO5{f%EIFF(Wf^SWK<>{a7?&sE|h
zsayJ|(8t)yyrs4d^1FKaHovAIfm?F)bu03Mmu#^`u=pS7e<TH+R%tJuYH;e`w&=M=
zifUu|X_qwh`J6HD;Yj?WmO$^t6|5$^(D_u`0(G<(V$a`zZTpyqBKJPD+G87~PV9?1
zC;G9!n`e)VwX4P@T>H&+g~{jA_+L?I&T4V=Ifu3%1T_5i>}R&%E8TLB8{w_QX5b?U
zLr+!L?{w4Po!3Dv-6nu18eYP*nCFYM!~Xd4gJ+42$j_Akhk^b%Q!4)PU^hC<&PY$X
zdU%|53OzIbxrzC|#oKmEBf4(sZPpvsufB@dPpuv`=1H{tG$yJ^2&SBrvRdB)8p-;U
zPkGDaCKzkXE6BA4Xu9cxWgM}ZOSZ3hdY$N1u?obO=!16M%6mSc%m?cgKK+1tpL@Mn
zN}6Nb<<`D0l|ye$jp?v%%Z{#pXYXNXZyYpQz^lvvmP`r0ZeMnd{EP^!V>$Ymh{x`D
z^eRyP;V#OlfjdQCVSZ^}NqHZ>Bz(fh!rD{faszOCW!}IWU$<cRvYh92hIL@KWdB@O
z>j$y-#F+2Tm**Jt1|MH4qr_(f^H;0b>(-lUPMbg+<r1snlizlxY8vCn>$MkllOOmG
zS~)B$lXHI#`<;C~gSlSKcb-|#F}e*2fz)EU^6gt7FY~OFMC!IzIL5594<j3{PkjW}
z{@JKLp5JhV=$4{iR~z6yy)%nFFeF!#RBc~1>fU;@K54h8t+HictL+VjcE1Z<>uf)X
zE_GgnPS0E$tKDp2`mWO+dQ2H~-(J>~W`)yq6yfB>cqwIA<fpiq&Gz6Ou>_0m!KK{5
znBCDh(%bK5SM6{5q@>=F`;G9t)W1OcjWNEEnL7v2VTS7;p>({$eD1}zOMXDF59B6L
z9T92(MPTo&mnU3z;;^=AHm;}1vf+<`NfxP*9MIP(WbJB+7;A{r&Rdw*?{V&j{bI#v
zT-Ai9(i%8b)DI&W4x%vc#1gRGacMA)X%orn*GZWjb)pE<EfQ>Cjw}{r0i{Il0sNYT
zq>y5>OP@$mc-@v-#JPl{wHH!oUgKSs>nM`Us9YTT#`Dz5%b;+H3rSv>m1ykdfKEO`
zqNG|fQRP)+XiUEMSuCa@iO`6d3fphi%j+s9L$;PI7QiDTSf!TkU-@_?!4Y1SL(N4<
ziKqaq9rn;zR<~ua2{ttRO%@yn0o91I{@5lXSCaTjEm|mJUqRAu8mBWC?Hrd%G5%}2
zZ=%8R^{>(J)K3m(9lcxiLTy}Iae`KfYs*GmlVinq?oZQr$E9Fwv;0IkM~u4Km%m{I
za?5&Jo}LgqrqeIJ3j_7C!D&m74yc<;u+eATj_p3Kn$l#kwG$x8B4w0=(OvewM?T5h
zGmCs+v|()VsQmi0^2T^D&!`oGM^Xz$3K=K%uv_%a8XIK>G*kwR%2VXZ72*<Ob%{Ra
zOF{3u`-95S_rz3+#sssNJ0$P62x-n(c%Rhi`!$DQy91jY-uiHmcgvK}X!bFR!SxB0
z7N&q|_6f_ioSIvfVk=F`k+l)Ea<O}9n|goiE#nO3g{*y*O7%TB+ygrN?7Fz*eBF}Q
z%md@bQ>@b_CTod8?SpexN$;%US<s9{qHW;_we$PPh+lce5jo>^X6PoHXx{TDns$<=
zTs85)ePIXAY+e~?M`9_nRFQw_3LBD=*43JE6bBNHpTMZKO}1&WDYA*}p~pVIcORGc
zJl1SxKqoL1(1vce+Zh{e;o6C#SC`^!*JUT88ZXW4?Z2}4NGG0_H@9^9zuTW*@B(7k
zt>TZS^gEVD0@vjTmQ<0~){}#T%pkMjQq8J$+7-S<(>oGB^Y3)WxA!F@D!9)8_c!sv
z2utnnFD>{j%bpI~IkxP6$MN`()wTCG<-)_&RreMck>?^*#9$yn%rHWN$i(GC(HgkM
zg|$32S~aBtWm0127@&(A&fB1fe0M9T@HlLiO9iS4K?0evLbu*_SoD>Dw>r%DDANzB
zOoHxV(i4M5aD1kz&Z(eNb@tzjaAlV?1({Xs4QW8oCCe;D!m!GS;4r+tkmE~*5*C{F
z8f!afpgzCD;EDg40}f-$&7gL#?A<jh&i!i>7)kVxT1VnLtnL?Brn_$DXluJ}mmmqd
z?)8*j*vtGWnPouU{NekxAPCUb_j_B$fq;;t4a@$kA?OExY7Yf8f!X)1z_2k0eR3^a
zq->!|=C~9`I3pNCpx-E^TxmKTD1YU+UlOk})x>D11?N}j>O?^EfTHv_+4;Dxo;u#4
zY!WAkSs1xofbpJyVABxWe~KWFHQxzg4_!sHkX`%SwU(!@X500vq83~C4MW@YmUKy*
zW1Zoa#$1^_y01danLjiF%C6vL`l^-i69#yTWwQDql}$mac)MWyj^dO#KC}9C3;!(T
zwBj&GtVg*U%5CV^r3)`eAjgoM5;iDvv7<ufLmG#MhRi%)Utj+e5t3p}E2%jrX@B&A
zqC$^p<@wT^vBlGyt_xZJ!P5(1!@cvb{De6pQ0UaZBpP8mjvhNtUS8bj(b;xE=y92A
znm;gFv+1zUu*E6YUur$m?t5U;ucrTt-2-8O=@5q6gV}>9QDDLqR?vW=vqQ68kKF&O
z<|gXchbVxBcZb!UbDT>_k~mu0XCM69LlQzB9I!`UJ1XK34|Sp8c#{)bK$8o-PoOFF
zLQ-K!oSplD^4I3~t;WI*B=>VTd5i}`V;r@NDb9R)uS`PPAl?yk>?@rCGSA911bajH
zq>Ul%sEsjY=gK6(lhYsH2{WGMwkdi$hs1U8+R>N>kF{hkNCPzS1~+$mlsT(r&nB)Y
zH}y>C1a_)pIx-OyC?r9H9*mVEC<;y@g#G?ghnDaCtKEz7<A*EkV;8RDtiZ<YRkKI+
z>6jGsBl65_Y~OiZT~*y5otFrbfr?i?Fe4L?R)AL`ffrItmL&?KNTeeT>(HqZNpLAw
zL76xFsO?9DZTwO`>&l(22#$WQkpr-Kz_-6{u=`lqii;aM`B+K$Kc)Bi`5a&qar<Ks
z^UBA7>VgZ=NG=?@bZFFL?UzM>SKL1i2ZMbrFJKb%p_XRamvOGgmJSUIC)ST-^tm~G
zY}Cw`BHx&T8BGd^$GD8hwMU9I;WTTI%+6(|p^K1)drXYx_%jiBI&S8CQ6yMg@UPU`
z+Kr3t!;cShd+pu+aspKHv*n|xnG5?`16~v+tW9C@!zH>f4U;nbA;q{wT}c{vvTrqF
zdNiU2M%PS53YS1W$v{zpyxh(9tr1*GQ*kNJ3vz0Lip$57mWpNP=Z?CJrR~>pq(eIA
zzP=vA|3MeJ^&yD|B^v#i4~a+(Fx~=Z#Z3EWcr{;nwZ7+k%)uJfayoijiGcs{F?Jd4
zy$ttE6vPF?o~JN485fi+vTL4*6}!{Fh8VrQ?6(~QuI1$OG;m>VKEBRKZOus4(&8ik
z{)xrf<=%1w%=k<-Vq5H#8V>IiISAO0WXDGTa{=#tw5J^Ueoq@+sp@BKCR@-he_6$D
zxA?)nze4i4K&<DLSnu!eehp)J*qa@kDq92YCr5Wfm@E=NP+5RCIp~L-&f`P(ISwZC
z*6!TNr2OJs&sP)r1X9Ci>z;-Kj<x7N)g8F~mxB%Jms=@qIXFV%jEES4bTtQk^5BJU
zv#~R6#hi6f{Z83bGvv1Z2uGE*&dwgvLo!DB93c~NJkV>~&ZhRa-#&ciGSBF3ACHEX
zN2vpncZ*;4@nPhQ^uTk$WNTL~xZjt?+#}&mSB`hBQ9%;ES~97m8i@h;!WB7D?`WP-
z8kg^Wd?0kVmNqrkKYDB>*x<P_EV!4=&CYtlAk3AwcluV0twGh+kl)BOS^MSs@C&N2
z3#d$lia89XpFgD&RYgSv-fy2rwM+#SU3B2Th?_`!NnV6hF*!0<vc7+yr22WU13Xh0
zb1dsbupLF6$OyFST<}&rWqlse>ATihZdKLU8|Z&YbN99k(8JH+BF1jF(a$%yV|VFZ
zo$BTiq}@E!NF&l6R|8__YeHJ@3ep=<7GDQnqf6kUNyWwAeXB1wK~Fs(x$LgTYd4TT
z;Rz<peILX2UBdQNLI6-)Cn(hQC4aHqQ|b|LW>VD5c-vT~Sl&9}hgYVM^}@D5KhN}9
z*XS^5LFV}&AtLBv85loYjf%h4EcFUx%^Aw;u|)f16UYH{d_<9Ozf2n>%I;}WkD5zP
zLq=;(<>~QZT3X$oi}o%L+Nyavoy=|XZ>IhCRAn7oK@G`3HmwCo+|wtOP#EOWMD{)+
zK(Vn)s8;zio`RN6-}!RVGACd6RwrfQGx5e<$~(Mjr&rM)Ok1VrCqEJV`6^p2vxl~1
ztW24A36~n}5~sAzncYfoN|hFVr{4YKL1u#j2-rzUhiraPp9o|ra$Bx(_AjXR3K-_H
z7`$1E&r_T52KvGtHe=K$vB^G1gYg|TkXv=P&3z4XIj(9E41I@jFUuY?5&o9?2=ANK
zjs+eR#B%3Xs1ggSVXIDAV^HW@rm$B)BF13$J31(Zjs4s1$JfF|u#MM0SvQbx&M)*=
z@x(GPXJaJ6NFM!rpqg<fPFwSH!ZEr|iB1JlW%-H(%MHC)`rqeBduT98e%%@k57dKx
zlx_H+Splc6$1i5oSo;7<4P5H;vi{j?I)DgAWiD`QrGX5-P?Z#tsfSzQg6K_Ws)*9_
z(gSs7nG}hNMkS>E$0vCy9t!oR@IMg5-3esd1(OI%M9i<Qn`G3tvRSNoeZ)C9;KTZY
z;RuRxYU9!Ro+DH-=ow|6W?Fli5Be7lpKIM1_SDLLM{&c;Z7O|2A$$GV#70S*z|(&A
zaEWjZv?J^fP0?Kfn=<@f#;F(#9J74th92It8*vHQXXzt=_^}SdqDBJuLxQ(|UHkHK
zCxzAYNZ3=tBTrb*?}FK4Yt3?D!)b2%xzX^cu1cdSF1<L8#++=7X=83%C+7X<nR*i@
zHE>THOQdm4csc|OKqr}$Y{oO)$K7FzP1J=Y*74l=u?@G;xntAAi`SCLYSes%`J9$H
zI&E;k$oz8^yGG>x)j<ezo%~tT0)x!XyFSpWOqL1ec2ybei>VXI8DYjKgtn?Ln^|<_
z>f!AP{#}!!0*=<=g3oG0SR!`Hcw(i}SDIFb%Kpyd(%5)|hW&Tf-X3$n0<Sw?ZF|xc
z$mA+q;&YaDmw;<f;z1`-c#Thr2c<D8;|Ous-PrqlgtTz~d0%w4T5;PAkD+v0c$v@<
zy1JjFiBkjpob+<5KKEWEUG!>ZWyajvnPW8gu$79L{a>qU1cune)X1EuNmOo>S{7(b
z%msLM%Z$O~-T)Wwi^`dCxF?v=HnRdkeHQu_QE}1`YQ^Hw%MGoS$dM1od&dHhDf$up
ztH}h(n}^71_!s@6dd8O$0JbqI?u6R8E$G!pSgE(`!WI##g`13JZOoZcbBdLkp}hfp
z?b52c)uiEf&?XoAY=^aG+M51li)`EQNt<+ObQJm7dASL58`{YH#+0_5`wqGWIvX!d
zfq>g*mNIP<{F@VX02RkF6_RLrU2{0^=OS@pCs(O~YOs1;p_n#y^9oFC;j3p%O*TL-
z%L0d(Y$)QF!1436d0n({EmeWECqWpl$Br=!Qq~m;3Um}ViO=0aW$N@J!g4|>EDPgz
z+s$!mNItC?LfR+yN#W74Uwmb9*r4-mp2_e=F_ttrNxg`ME@kxVBi(Jzdr6UyhHm(6
zlR{rCy+V(UM_aw;ZF(e4z78R-8xk?kg=8@8rg4sr64gNxN_=QF{R43k*yRp~R#iaU
zIQCcC-zk3j37}@<oWRJKNq7wol!@Y({DO%-C_;69L9>}D9s%W;i9>7Sdj8#o$4FCc
zA>s2v_<iEG#Z_gx@wGWOwGL<1<(lGuCu4YBwz0KVP$Ii~v9l8g)AzbXAZ5<ycu!78
zfJP%OL<&XvJI#p=1iCszZZ3WF<^gn(lFp6^Q{U(;N$sq`LAzgax{=X<X|D>k@mFIk
z`BtVJD52BX>cqiHFm){af!}8|&*S2RRL*qzoo*?QNgH?V&^El+nlISxghR?H(@?D&
zujNRvvY>j&HGTS)acfQ`Xnw}FOtdJv3@AZ+!TR^ePhA4NqqX+GHQF_*`a)?C!Aj@@
z>x)J&@7r+-$M<HDonyypIo9?m^eO&n;XpSXz*$u*mfFICb@KhT4pp*OV4(m{j1BeL
z=y63F;uT>K7V{gjoQkJZWSGpi+Qr|i?4l<LXcgVOOkdQkSUnu%)GDs2Qe~6!o^y))
z$eiEn4{i1H4+oHtA=e}?%&_f&bl3FQ=dGcb`qj@i1w3E4o0Xdq*doD@=D5sna5JgD
zmo<@>)>S$b+$dXR%C<EU**6FMF@hj20FThoQ6`|em?Tt%f(r2vsNY|6eu-|y_mwlR
zy}$g6=jE!nAE?)2#P~ZwQpmqP<a)XTrJfAaysEkj!5A2M?BOn2UB!SdX>m+V|FP>m
zXmI$~#}KaTCW1JkHo$$kOEJzr^3tW9d)2-d?h9%tp<hFXZlA_Ho{MmN!QcENO_L5C
zwh~@-7I(Ua+b({jXF1IT8*mW2uhlBHKO2Sl`(>OtTE6npDiwG$cltOiV2-{q>R>NU
zjIO5gX~_f4N?3&fpMMN0Sc9r{oI_vPgOc4@O{>0U&UAiv`+JPLuR-`pA6;ae5?R3y
zk)am&&?rebPz5hpWyxR^bJ0Uqc2|FU?qPpnske_-yPWc<0`{-)Ksc0;#NX7sZXyCo
zt==3IJ=G9g@M>~E2OJ>=9sMqwX`A+pQlBasV{~V2kTn&;{F`$S*f_BmDk)BhL;+3B
zLT~BjO`{-1SnAO;8`Q*UANvQ_2j~%fzx71rMW~En_u)3h?bBo$d@WtoG0O|j)t^}+
z7WJ73uqcWHF=Hm-cB-SNtOp~#x9!wjZz+#O5<qj1dg`vLiWGr*_V6u}cz443af*$O
zfPK+|XH!K`PC=7rQ%8_riqetdB8XJYQIoFn0=t^?zGFHyM-G4raVh2h-{+m$m!MX2
z;a_o3B~=XA{q^K`7(gNi$ht;YFbGTCiMYrlAxdQ29=e9CjcbBDPv)1bo1rZo2YKTB
zgOl^UiJ2HhAaA>=@$bN2HB91`5FLqTlUSI)S(i)MHM{_<qZ9JQEt#FX55MlM9keyB
zLPQ?aStDyy=%@jb)ilva5)OFOalpixT_=vyxCx{cS}PPOgnZ3sESa~dY5rLHW_k_X
z(`X3RL-?<!A+tY~x0emMx%m36u?~2+RlxW)C%v^NJ?^Zhk34j(R#0oo&6%i&G_?9H
zXX>GY%LCxi7ZNxq%RzJ8G$6$2D;*&585w~&;wr(T9C>cg^2z4y$V%C_*5I|0t~OwP
zg6-r?Eu5OPh?{WC^1wAIV#dtH&B0uR==uaV)Zc$_G&z{izw7UW4!M&(o(>k>(;2_t
z1@Z}&J&Z~YXuzZNr`erj2E=@{1dU@f^K17dN1i02)Rb_d5Yg{!hvIVvF_#$|ZcCA&
z{`yVlcpI=a%mRVahsJ_l$});A#oU23xe<Rx$kl?jZi^I{>3iPyFALyGHE*dH0rQQ-
z9+XzcY@?GB7G3U3+tcR?mKdNn-VO=%i;EuH(z?TYLUJIPBviIgqmWH&b;+nN-hKxq
zCU5g}(}<Z?lOCF@xw)1ho-yDfP|7kxeWnV&h}BuiYPOZ@v>h*Oz9V`04H46U1dU9}
z!xUStY{^qcD}>akC5YBDOH2q`DmQkIb_ippKZ!e5EoCM!i9J?I`UF@iT|C*?XCeA`
zk3HQ2g(+@K&2Zf}#(E-x-Ph*FhyQ?MpJ)>vC4t^tF2hdI-@Cs3WYe}Zr~dsp<_*Eq
z`?e}LOr_tRI+BiK+aHACDG~<i&7_1vlFb>CPL3r#$$+xT{UzfG^4YEE?wW>o=Os=1
z!tjul&)FbGZTiAkzS(mSF4`~m#l}9E-TRJ@j6R+#nY!$dwXY=FTG{nZx7as;?CWTr
z0*QxQBv=wZFo?HX9@QAbSPklTF+5|;13o$JSMQ07gMlpPYK0LcK=k~R((-{Bxo#_7
z!$)RP?u_2CGMjDilCGwUaAMhT@`hTF6A4PWa#FpOqQ^?LMS>HHRvJmKOu<1dl1Y6X
zN_YuRSVBdu5f+N-yay&%HCtYm)vEE&8=+5o<8qGDyDLOz?<ISk-;#kVW#!V8ZPHPx
zcAzn|cTbIb`$K%O5`1HWmhF6Hwb_z+edq>o=I9ze?aECz4rSs}N?Pme`OHYPnRyUA
zBE+eT^DLdYB=J^)U)0ooIEtQTjI#8e<0;994YWGOtx?eMZ1}B<9%t<Q6K_osC&>tc
z%f^9wS;m~C6SU3WY11)UR=HF#x|sPr&%n;gE!EVzND~5O-?<eO+}I4<;e?|iojvaI
zZAy0*Pw~dDBERlMJL}CC8DHj>24H~9^LlUi(8yYTUN2LYtwqcTeS@Iu448cWYD)_#
z%d1ih<ZCm=q9a$1$Q?hqr#@A!gf87U>cvro5~ln;Q#E{EY!Bs#At0d{jbFO%O`y6{
zO1FAmRc_k0;^C23om!VMh4cIt5*!U18l9H);Mu_1FUW>Qt%pIyvgvr7Rr2e)p#h!%
zhnJ5DvN@ANQPqLTR%+=j1<ORNMaV}>D3YthgTDF*%N8AdoOK-HhAp^DVHSB&NK{;H
zGT9}H{mU~SAnX}{-396at=puP^r0a&ba$#%AGJWHsUlYK(sbOgmYtzVI8;xgS}d3B
z_{0tiz9kQ@Aa`+WEgd=6V#EM>;jjUv2WH3pWj^^aP4|_n@?`1m8Bwmx0dfpN?C`~Z
zdb?LZB;@Y;VSDpe?SOiH9<ypjRgK$`UImwH+ugXy`(OpDw`wq<;{Js_Bvc(rWb{&_
z?0Vi(7iUo+H+VanmPS;rQ3|~Cey0o|r~2Y8a=g-4rsl}QjN<V75{L`@T`=g)u*&QO
zC;HEENz&eZt{PTP!60RL;{BLQIAyyyUDb{0*+js^0JpvNXTsP^go(4aNl&F*nyupE
zZ)0@@LPg4pOZMvy=?&N3Jn~|;wcA+ur8Si<TE8oM+76UY%j#d{@-hRRIQ@L^UM;I9
zc<`p~!v|KgEijc!HlKjS!q%q+>p&ec=(l&uc7#PD=~sfgTSN{1t8FZt5I$?17TQ?i
zv-0MQwn~@fDf(yKgf-XIl=l|$)&aHaON*#M%4auL5o9r%pc_yVM)hIoInLw=hCfC*
zPa{1HqJZUpj%KZHJpZf!eR*8ZPi`9b_QJ9HApFg&=9BTT$BJ-f8oG_IPmZbcNbD_O
zYN2X2R%?7W!k0ZOi#&;Lwei?4?Ue7CZWC@(Ak7>C9owL6)8N}-SvJg0$fUDqft%_$
z?%pY<YnSy^`Shh$m%o;I((1~|n<#jHC!U9gWV%Z!!)Lp>kJ!3cmcsdU4dyG#ufR*M
zvlw&dSIjT7BIk8f18HsnpVC^&&OyAoqbTnZi$L-@ut5X7yNhp1V20(N-K;ydv*y*P
z$c2ifo!_;5%9uD<oYT7^+1Szq5}a8HK(&rU6K+5p2n#V;AH4R}rrQ|KVVWQ}I=HP}
zfMQv?O=Op9%C9!(OpHUj{!t&^t5WlEvUGNP*|_Y?(cRzxzcEiC_!RSnQZlNsJSD)V
z`UqKy{l0F@+{9U`iOFy<H}mv3IH-85YW31NVlJXw9Fh}Wzk7HXzYTeds^2QDtyKAB
z?y7&hX<UbUJhK~O>gqMYCK$gu5x|n2+rTy{V#~t=c3mZ74loI9_wMMrF^Ax<IMK_k
ztzEr+(XDRWrx%a)Z2*OiLpOWz-B}OXpo&47wq({bYV$Etg=G%lgN=CPn8N<xs^jL!
zV9&rUQTn&*p_~QJZqK&FeTiUAwc}!%S%6`$V0A6mT4NAYlEuPz(a1WCGb|%i!n47I
z(c`^9UAlPaxC9Qf4F{2BSV(bhMw+)MwR43CtEK9wMNf{mz@Nm<ww0U0iNUXHt~?yI
zGXB?&El+-xIX!XSJoTTesF$&`o2SKr^2@&hF<QaS=-{B<>Z>^%4jZPwV$SP45mpQ}
zjwCPJRkzzQHqmsOXt<jw*qbLT<R4z4n`uF`-9zsBUiEBS0Z2Jy-sR1yYA-Kunxa*y
z*}ucSr|2)OUy?sRzb#GWx4EraZ)v?x-!`VUmKj?bh~3_3EuPc`WTO!LB#ars75E`_
z!e;Zyp|-k(FaN&3-@HHY*>8(P#SmFUq!5dw^t{vT;AkA#L`$T+*61ixS={1BpljnU
z=F-}v;pe`Lp;qSe+ndjP<A|KzvcUT5kIz<S`$K+0zQHBj;pib*&+Sz_W>!rFE!fV3
zPv}*WB6hrd`tW#xYb_IzIo@i6ZRcyH*j3bdl5TljUnF)#RN?bfyOvuR++jsYiN9j{
zCAQ5-CJli~z`5^)6t-e@$L}|Qy1hvo;8Aj83qWn{Nh869%O!-iOUxrGnT&2qNYJiJ
zhMj^XI2{c(PCA#&9;&5InHQvP@022-O??HXieNG+;zYb6+w>EnTQafoD$^I_Gey@}
zxFuQeIsqNS*uDtYbg!%7vVumV_Y99801wQR(Wj$24G}xu?iLF)gjM2-PHC)|aq#F~
zZqkNuERZYd-MYm8WBDpouwL0`$*`#jn983b5~+i~>dsQ<Bgv~q0N}q=i^c>m5=k&K
z6F(P+iLr}5d0ur7Al6BP1*79yyK!-^C^AlzrpCMsF!76^<1bk=uVsC@L16<h%n?jr
z(~!lyZ`3Y8@FS6w$P<y+uV<-hSxRn~7zsIVOw&j`<e>oW1?%nY?b+ijzcTvHe@XwA
zen!yC?;)QRArYM-Xj+DZ1dZ!Ih3>^@C9I7FW2S9v5KEudH)hc$O&U`3;X;TT=E7mn
zaCYO-X4oLEW~mqkF)DxNxqQqA_VF~!cW0exV}{*OWPs@jM%^5Bbf?V42Q}5;j|KI^
z4BZ~w_wa+^3zb6^II`z^UMBf_Em)d=*rhY>?fH792+AFrTi`lZL<<cKcV9j^w$8f@
z$GXvQmH4IHI?oPaaW7UL4U5z4U4t!Sr^YS-`jq0zL{c1>`-ffb;hW00?f0ak5zvPr
z!Z+ODE)3^PQ~q*2I-~`Kd})8lYvj>mIrZC6%s+6xjX@6faNY1{s_teV&s+Fc*H_#-
zCSTCPhkXA6_nS?yCA5fq#QbVl-C+C|u!@kDNQ}PAT@3FnVMg`lLA=YaB@f-uT#W8+
zK7X!%{$H9>x*!XIY%iv-^<REhc$)nGqCT>CQV$Po1!VY|Q_@Y(P_*A5%$HP0iuEV_
z-AtBg<*Tdt^<E~UbDC+-s225w^!c`zlNE-HH|+WyQSvseDpG&N45TnF5e}y$Zn4px
zuY8z?x_7;y?G;2%z9`+{C7`kJsR8Be=BJvR%U4x$k!vjaGR(?qe`09S?`u2G>Z%x2
zq<0ufJ<SQ1c8t<)5@wfZEecoC=Bt)9J<s^2UZHY<EK|jm3PL=~H^x0$1OG;TUbL{1
zu`?YY#fTh05&c&zS<`?;LsNu4XV5iEr96hl9ej~AZEa<5uVQt6g9Lp}KO5xBxoqpc
zjQBP;N-h+>SYT~AZMiUJxARKbBMZ|8?aVuWnf8w9&fqZA0L19ft59MB_Ej&3wMNx$
zaH6xJZSw2l@P|;O{7)GZA$!pxX|u;z+&fTdJb@T5pSK}Ai{Qo6$&dcGnBLA2fw&{j
zR&#^Hg<kJaEa!V}8fKyR2>*$;7_zENlt0nSym<4&<jRNEgJ3-&X;{V8dFIKncYK2$
z6AR4=<<477>^`R-V8-)m{bf)H$3kY`^#%P7CP9$a&b9Zg;9OzPi*u=Ss9|wU(^2!#
z&D<Ho9<f%MecgPp(-eOSdzg%*=hgV7^#C?+nAgEUke)Iguv1B)KNRn9L<w|%=tRb_
z{~9|Z=AK#8HDz&oaF-+2y}^M7D_3`UmZoWZ%f|MqL>zB19%Ilc+7G5xZS@&f>nC&k
z%cA*-+h3Vzt&(l!FP~m)qr9yt7TY-#+iOBshg4UUJNm!%6SoDmRd|Tj#B!5zyR~CN
z(g*E7e`;WnZPfk-M@Xss!IhiJ{?PIArC?=Fe5%GH;pb5gwdNy@&Yq`F5elhn?~=bF
z=O6+%QuLcmU%IofBF>tlxcokJ#JRv;na|l^;!pxSa$IA<gQ>S-+FSDs=}v+&u&X83
zu#dSab`Iy)TV<`1>q3S=#7>)ZKK0vLv*YUiUeC(bYkQ1wp&V*d%cN0N)=hn0fV8S$
zF*p)pjZ%KeWSV9h2?9{TH0lyeS2EJUb|m<457gBJH}H>7K|%`GkLoxO1??xoe<7%Q
zuWjpX4=u!|;df~13YFKYjW1dSqLhLN&xS-#2J~upDLXT<qDef5LIjovJUE*bX6Vi(
zj@v4zvxMa_@Cxful=e!&yV#o~Zg60$CTVgKCYg{Yfsao0wBez?S{V476?O<&SZ*Zg
zmXu@K-K_>2!RNe=&&=pE;bC87&;jZkw^RQ$*^_2lUVpR^iQ9?Gmc>q~{K?8KH{xpg
zm;n-|#WVVSN<B%)q52VytH<MEf1WccGMztNz2Rf*KTa-7N9U|Mg>v0c(!m#?rNn}x
zdJGSLH50S=`kCp(*LgpLp_^?kLfu+M$3~$%a`VUBW&32QcIq(}k1&^O_S6LnKX9@)
zT+V&vGxBz%qvqqOW#cI`m416OFX`E$nRDQT-xAt=MGH9}8KazRI4(f!PH{%#7Ly*`
z;v^QlxqK&>Z@v_}{Cqx!ECdx7Mfg_lE!B*bC2KV<eMO;lxBRd(B{$%E=V?J%-f)tk
z!+I;Ywr72Wi$rj`z|9Ao$Wx#Og%0?Di@-7<><B89SAXe<qGlNu4Op&{r~r4EqX37y
z_3*VYq_OqhbA^5iK-yH*n;dAp0^P^m*F5(&r7&FcwC8G4vA$c(e};(M$KZ2WpkwUb
z&s@%9gLTqhlBH2i<pZ+&ikPPh8dW12)}_G)b@amvNLkZrmyB;XK4ZZLo$N#(ZK2n5
zt=8JIs5jjUFMq+JIojleOu~ztwiWo?5vuq&eU%^VWSbQ04mT~FOA1t^m9;|5G~Krq
z7HjO(Ju?p!Ow9OYdd>>tnp`DH8vFi6$K1V@%uFi6IRz;ogk0@KQRo6KVG#3rs@vKz
zM>GMItY7KnW=}*fO??HY%k>p|SnvN??D`7Q8aT7AGDJ@(4GR9`Gv`OL1g--C$ADVc
z+Hk8sZm*(dHPBmC8@XRMl{a5$V?NwKk`V2!t*euT*d#89s&sHb3nqX=Rk>IkbZp!l
zfG-xkc2<wGv6?fnCeq2FXl#U6UxCxgo^aQc?XZq#R*M{YrL)EDrfEz?TNyrFi4JdQ
z-wBI89kgQ^7cxD&Vic2N3XwTIQg0_&F{#^l7cx~Z;xry(76c{%hj$bp4C<6W^2)*p
zxTL4KB^##!M)`*V6g%9wX~~mfts@)b(YRjl%Y(ZJCRwb887s=GG8-DZ7~9`hjG@YL
zVU4t;sFnd?njn$S(o^29La`hxTIo9}+|Xt5%_}+H47W%5-m_XT1bP47Kj717l;89U
z$YP>Qan-7<Z$itw3Iz>A&U;O_{c2*(vo;<Ix~%3#xT0Pp%4%ZyNNcOZr3Kk=<Z0Rf
z_=_tcc{oai(@dqfwS`>kp3Cwv$X>X?`gzLieua<rT%D)v^26>6&MV~lxZsRBII?ER
zM~~)Q`Mk;&wJFdWU1pv2QvMzN=o?ixhM}-=Ac-84xO&#qEb0-RqIy-<f5UU<RoH^R
zDf!;h-jiL4))gX1!`2bkx*Ak{u<}x@aLLA5BZHz$f2;uUM$sukVn!3K*GM47@K?w^
z@q+Sg7-F2QPUf)(8B~{>)5yK4ErL^*9+kCon6TbKyqZAGu2<Ip>3aThX*)aPy#&mf
z&RDZ&uz25}38#@tUgiLTUdKCa0lj@>dM~i9N#fdj2`Ka#Y#(x>?Hy$74g|h2;_ZWY
zKLDsd#Mz_K11&=%c2IY1Xtr{cpKRmHoHuzxiqqiT{AkUfxlPyXiG#qn8jLlB7DN~m
zkviwWPFDphLpIL!2*&}3nbo3eaIHsSAkHU3d(<RnGz2#SKSPCB$DJd?!^yVfBgIhQ
z!(IifMU$&v-rD9u6Zg_$R&LbeGr8>2zoJ<&YPr2k0rS`oc{Klwi<_3^(lx%zszrE7
zw=U@Ig`6i>ueJFt26^kh)zyXkQi^}oP{}17C@n3gBqaNyfg6fzO^k5%BBXQ8Fwy4c
zRtoCQK6Ph3#?Tbq*;`apG#+-ZJgR=_cF!X*^Hjant#Yl#H@toLmbft3CrLWvTeb`D
zU$dFs(TnM(((4|(tScdeLK4G$orsl<0!CGH6Q^K>O&mrrLxvO1S+{`al}biW5!zU=
zpG%4>k~3Of+Gy+=I=Kvl8hxcr!|>T&H>&6_Vp-oI&1shGRoNcTZ5a|rucKQ+LtEAD
z^3G8f@&jP7wKqUdDV*XPL+WT}0JJp35ju#Pl@~|{E$qYZ@Tg8|$94lR6pxf(829>%
z((u+!m7-p@!zm$ojgjTH=kX&nORqe(eVRe-ZDg`f#LAi~4JT;ZLN-ndKF*JmsvPS2
zzwRW(RH%{5@GAle8Flr18_^u@>FG}~F50)2j2c@tY8gL(z5w85<L!(O97Kfv1iwck
z8&7c2(Stfu`q*u<H;BhZNkoXC#tPoT$1{}hJ6x5dZOf$ZZC4S)kod_u#jzgGK{85a
ztWGHztTD!-7AO01(nE?$HO)^XT-9(*@K?<O%~ty7JY2sBMZj(=fLGhF4~@j_2)Gz@
zK<qT2B?ij|_O8o2QeM5(f>nJhI?~+gv>2sd&v>8YQmx4Fo=cOJRo5x*GQB_(nw3%1
zZS9+tG+qi<nDW^omiC^AQEL(ygEd{|byGJw;|RZyzD>$@k`h9v=)vXdZc@T#b7w`r
z#2m}MPxD)00VR;*J74C2fXa}p!D&Z&Gl5qBT`k_oB%es+nnBnXxtc*Si(BGtp`lib
zeJ$S5Tx#EEzgX*AAIl`{oFVL*BNQR)n`_CaE96m5+}NSQjIxl$kDKi&nOskU$wcK?
z{@;&e%LwPU*SC5!)iieVK{u)O|1>g33u$i=!{ZBkjw@Wy3GMj2nq03e);Dz4XKA(V
z+wva=puM_)se%*;qgDq^y+TO%Bv;)?sk}oR{fr)8t4#U1uQ<-CF=B^}s)tz!DhDrH
zH2AWHzwmBe<o87E3v?ymmiK$~foub3Hy)~r`;px($WY+>ceXJ*Zq*4nT}}dQV{3d(
z%-M<H%*vByo?-`EMm?CZ-P`v_WKVhnAqfZcH{CSZso+f9e>Y$dgU}<_wq^`wpbpvs
zo?x!`7`OeF7qZ>uHeGqjU<w(k`nrkSmCtC<MMfDi1YI{9E>p7oYG*M2wC2)X{6qLE
ztOxNzG-=1Q{9`>5r{Vo8gDugB94!{tcZ%D!tG<72IAcdql+b(Im`;W!4d#Z!&+ilv
z{zq;Dqm}w5zOVmfoT)K*I{?bTEiaZT@;I2Bke^y6@mF|IdkW9sm7PV0-6aBv3C@I-
z_8>}s>d2{RXz-@$-NmDht;3f)nH-vmoEWj=E>%h!ntjempQ@0~qHAARZCm@#q3o7*
zM>~_dpf|GIoRd^S?~0~J>-oSFs&24*bX&!#nUCl0%A{<tJ2FK0(mvjWtdLwR%4kOT
zxzPTfM*?p%znp*M+#cs5;8Sz3KA-pAWYN<wIO9{K*`)Ljyh^J-yi+n6d6ML8!H#f~
zQ|zLKd2z&eI6hynumtfO;{F%H12`flf>$od9eo%mA}fN^baewt6p(^qD2p$Bvgj|U
z52!XAMCbX-&gZy?!10{?>)$~7PwKt-!S3$4Ie_r2e{R_7o(+i@7mzit?uqHc;u7OM
z$L#a&zwe-)pr7af+PL2A(gfHW9I}?bW&2j7O@$?ZxFG2i)zG<}&NbY`B>F}J#f_}n
z*T_7v#KEeYk|XR@Gq?Qgz0cd?crP+nckzm=|A{rUK{oXX&`xm=!XAx!zm&STb=8!V
zs5L1qWz+GgKgU&Rm9nRafb!9FN!g=3K7%x4j-=jD^ePomFY!w)NWBlXYUHXa>T1_(
z{Xz*8Z;$dO(`Qa+6_eD@94%t&fv5TeHWLz^Qg{WAOFT(l$s_9@Pf^?ilK}Pl`H}vq
z^6DN$8yx^;eHSVjIB5pET5SX56lk9a=a$$wlcKr7t@T8=xay0Mz4;EFJ!w6=4j?oB
zmGP-oIN0d`DdkTrzYoYe>@HO)ZS<^)+WZXG${Yr9ziS!<GK}uU(rP393$>D@An;qR
zoR?r7-Hu>NJR=0vDp9GJSr~vG)WQBas41p5&J1%R6Bo%FQwjbahqlNt(*aeVxCNj$
zb#HYMRiP*rvQ>#6-t==`xp)H4*fX<@UMfhj7Ch%ULNCLFZnrmc)M|F^XsgDQYNEsy
z5;A&diCW~L>x+>7UX@^7!)f-=y+`Tf!bs26Kan2Lh@AO`)F5!s`(K9-FqWc?u49=#
zBJU#*FzCq-4HRfaH?QNranp>E<E#5?7>WS&8VK~~0{IX9k)O^W(3P+2pZ*?!ukO#5
zpY;=<zVDg;yZAo?y#Mikqx2M!z;{^gt=2Wxf4HPA>t${#BF*b{QOfHrw(FPMfb1Lq
zTY?Xlb2^W@dI8B45RS=k6C;fU{K7)~L|++^f0{6--UN5h);i(k_($(6CTng=eoBkP
zRLw-eNICgTvb8NM2!586Md|L7fR4+;-zWKg1<ig%iKoH>h`a_LK~c*9B6y};2&dnS
zhpp*aahiC&a`<R-Of=zAfaB^rz{Ktv#ycr0Qsoy^@^x7y;f&JOD*me-qG|W%-P>r$
z{04y+Uqkl;8CjQ0m#JZQmYB>_YR>XDYmfzI&OUDABYbg?Z{u;)inCccpE-CbiZjyk
zs<)Tkb&)A@-Usb9A?2+-CdtU^pi0tQIbd593LSI#-#q4$XBq=bz*{2W;k?ua2mItA
z-*Z><a|WSkIzPZyeumUE7px!(Y;8QrrRGKkS43Hn>(7=`Pn5MXc|6Fku%SAFAEG|2
zauHNt89>KG&xAdwTSxHEKG7fVH7V<-=Y<+6+Jz+cCk?Gk>FHwfF-ISHtyMoPFQ=}|
z)J`UuFCiDAj8h7gJs$2;qb3&!QY9ZM3gtSzp@M)Y5o5+u68>YaF^&6C31?+zv<RoJ
znkX>_Y+DFnC>`&B`4kC6j~aq$`hy&*E%eL;-sPZ2kDN-$+nvmv0yH_&7?@Gcro`P7
zqW#3i+UM(b>eRNB5jru^GV(WV513Md3NFuIYvDr<rC>ts1gTYm9o!VnPx<65L3^w{
zTUO#p>InjHNc}+c!MF!=G+I(TCscezOMgDe3I6~^82QE#%oA{n)&dPM)z0xON#$34
zGZIEAV-e-S3IPL|?_y_rtikny_B8$UgUxI>XjRr~tDm?2Jazx?-sclUQu@}{!y>Uk
zVSud_m7JhU!LSb790=bNy8ZhiDn*l=Bqp6%6x%>ink+pkd=PyH{u+!TUtR*I=tfJZ
zDqdY0qf}Y}yP$i<NB>Vv={(<dM(;#}vC4hM{7m~nod^adP%97n1nez9(EvvSZ0c|3
z4)qJvmk`{(flnHYSunVvrUoi|FutL_2cDlG3JftMxgfRzJ}XqTaN`Vf6ZEBUse@P+
zX6k^dqwogCb5GzcCod{vf9B0^9~k}q*qcs)lAg4l$DaM3_nvDaIIZ57UbWuAUSVQ1
z8p1W4H;ft_0+bxw-zbWt)TC^rjilP)ViAdUCTOb?ZV7=0WbG1q39$#IhFF$Scw)$f
z5wnwNhFOJw#4Jg)g4m1kE%mvh<O-xu*uBDX3R_QM-xkqi%qV`rro&H69WmWknQBW`
zMXC8!HZ0C^TX%)i5^!)`#bpoGSaUS4uk&35JmI|m`D8s4zZcOK#T0jE$v!l0*5F_d
zsW!=6v2zQ`HeFuvefsNb(v7zW&DDZBEqPVs-oR6xO+B@hhC_>Xj;u}KeM#Zk*yg!G
zVyD`gzP^dSJLRa}5xU`iB_Hb{3GmTFuMOqsTR+IYBk&~b>c(^E!_SE;-Anf*&`VN3
zg7@^^N|oP<e5L-%`F^D557l2Lyr{jCfBANUh5*Kp%^UoW<8EwVVqlPDnAX$NA2-^A
za6k--0bvG&+YHR&u@)T<Y6mWWCTf2f(o9ix$zEm~-28b7?@Bya5|Q|@IB_xoc)yZR
zDnUppC|aO<p`bR*DjF+--#0<0ki{yskU|_PKby;T%y^=j&Z@z1#X1(Aiw8lAeOr*Z
zwO0R)&w|(^d)IFsm0CrBlDnK{)-=IOMY!hcp^bThk)~gvDEwf4!4cli?h<7MpDpik
zic+mi8$*AlTKeWXpalev9IR(78$}hCyYD3Rn+Bgr%tFqVirZ56A^W7`ch+cE&e&@E
z#(De3d!jGrXr7qDr0_Q&_i&<-{VnkOy0qi(+5*WH4BNjcuRK8jL$k4`Vgtwx7b(w9
zgY*Jr?1>|J$X5B$ynl$OA}Wk?;OGKZy%yUDGM|_~7(MdiybnzJdfE#*cpjH+V!x)&
z?K@993L77=bdLq-&$m8MSp)y48+1C?*1b`eW4&gz#dbgQ^3wFbmoL}cKDKhJ8-XdH
zqZ@vESb}r}C=EplYgYtG5^Z(>NgD5#EKUMNEJ2bunRRZID3PvVlsFYdin=fhhNiqA
z1INlzNI7FR3!|wBz1mV(du=uc!KDZ_dv%!Jt}d70!GyZ2P1xSfDHC$zkl^{WAC=%P
z4D`Vi8`5)1IcGL@+UI~4^kiB9f+dXD#)PULdk9L5IYTkZkd6^+7;K0oepJQ?H8gEl
zrGzQ^)MuA9_k{vAeN5)4p$A8O!(kXy9&j@RsSnqXlw4&>s=Yd@hv1ZiI>osc%J0o&
z4BKln1mPUx{I?KqpJthJ8r-cOmlDA_h;||$O8a7@@DGDae{jvgJ+QYKODgz;IWe)u
zh$e$ma^}V%vApM~_V2r7LBBioKOpEu2EkM+hA`?uB<RH!gH&pc5$b<YG>5&&M@QhM
z3`gnIXw%cPR3nt?_Za<OLP57*dnG}jiNes)=CZ4+6f@?M^JOA52c-4t)0P4IT@6Xq
zc!xCduQUqz5h_(E$rUn(6$-@_D%CiPOV1)0ZOHusX!Na#bFu{jiW>ih#-y@L*O`;#
zwjXoLQ@^wkPsq7s%~oALKX+L(-L^dd<C?rG%?0|GwwE$%IhuvodziT@j=OBRvnGj{
zT7FXc8h)S^dHl_W3*)aOAft5k3hbc=LR)Y<lLA|Cf5$B7AeaTfdq4%?{^Ws-(Eup|
z3xWR}0wgQzWk%<;IYf8=W6j~YOmzcO58SjvkDHWPd$WNUF#}=;?SlhjQD6rR!$vX_
zNDGL-#*9d3jlfQu{6h)TdNn{2vz6HTs_CxltsNW<6X|tl#i_crUV8w=wZ<4&QgTi9
zo+Z1@N~VeEG?!q)bt=)2^+2X6XGeBTPAJjf!kc*TE$J?w;4{ZIS$H6go`u88Ku+ij
Q@b~!u*6r1o`6*-m5ASzn+yDRo

literal 0
HcmV?d00001

diff --git a/data/web/fonts/source-sans-pro-v21-latin-700italic.woff2 b/data/web/fonts/source-sans-pro-v21-latin-700italic.woff2
new file mode 100644
index 0000000000000000000000000000000000000000..b413356f73ba0ff60670b2478eeaaf24c65b4cf9
GIT binary patch
literal 12612
zcmV-KF}u!pPew8T0RR9105L=W4FCWD0B%$O05I+V0RR9100000000000000000000
z0000QMjNpj9E5fTU;u<33W0$j=MxKrIsgGS0we>7a0DO)g(wG#EE^<VMF(P!13=?t
ziK1MyPQ*xrIiWHT{C`WJBG>Jt9XQcZ=o~jV(V!XmvUPdVV0=@I9zZia{d=AnprUu0
z$17<fyyyeJXji;{H;z(6FvT@3_!w3<XBkDVqcgxAR*aJqMQhJnJ@=VWQ5aQNA*eW#
zu|O(1ia?PAQZG9MbL$p>Y!YL|D%n^juxPeX8$)_9DkM^0u`w!MG2_L=e(UWIU%wLT
z!{+}#?%}ugdGbF{`hl7Rk_6J|Pm^F0SS|?#&2*uNi|yXw&%D(569$@UoKhqKrQOxE
zT|RC5ZStk|@hF4=AwgJ#(fqGY+ojjHcS^@2*mx!g!L&B(bqrw30V#y0Sg}LwZ|ea1
z@AtaR<i5000f$3K25Ww)!bpre|GTC_R|r2>TQ_omm@6<jpj<KKETwyY85h96{=3|@
z?Dk;{(zZLWmAP*dBTz_90WMl-GtUX{`odT=08~A%G_vI<E}8(g=k^gHaAj)w|8hMC
z&T;X_H#odA#5<3diH|S&NWO9<(eCz;vxC`%al-BjcfRU?cOcG^JhQ+OSD=%zJ~R&G
zIg7jZK9Vs$k}{<VrBKm_uOw5b@RQKR@<EU&%LV`covD*~`AHY-ZZ;R}8+Ko)r&KLa
z1&a|ZaD*yc-6ZT1w-%s<%YrW=Z_c;R9SM@{@gS)YLAb&QA&fC5q{sDHv!#|5a>MQj
zBc;{%{lks345yP!>|TcyO2AY3e?KaKApj_`pj04?j3B&xAc_=$s8R)@Q4@$xT_Ae&
zf$G-}0s<IB$_Bb;pEm%A@8OPS5DyN}J_?A`52#zNYwNKh1weuwV*j^CH|~Sk0mg!W
z0tSGNd;mBw`V;CXkP`wNl@OBA28X$-1by&8H?T!{s|Ft4*bN83vQ){=wrT=;mFf>m
zG1id_MI}YJOLw{<FSYPi5NfwV-RJ=wPMq*;;Dq<?bQj!>S2R=`Gced(-}P*`rrXL{
z@rrSZgt}!}JX)1Pk$xAjjmNdtc2i5Kd@NI7Vdd9p91{(aSlv}Ge!uhW?{jb3_9de6
zpucltB3uH{Q^e0I32&mBL3VZ(|LkIKKcz)s8|KO}rfptXJCYm}Gs)QyNNoRTM%-^Z
zG`d}==lbA*bPg=q#|Fy5i$QZ38>ejIku~wRh$w#DRcdE31#Wtz^Ckn~U*XVSq?v?D
zz^^4{udC4k&Hye?b2=B^nOj=}*^ho-i0~eEyrCO4FR#vSQVPbKt1{UdO-Kr+wo0LE
zFEUZHq~eBTaJ$H_&sd%$YPoiLCk4wE&pas3b9@lYJ6$8$S|juYqkuOPOn6MvG5@Pk
zTJ7rgu6Ci9s?gGnwH5_-M9R0~UDW1*Ja-)9w}~JVG8nvOcM2M<B^)Hv-v__!Vhyb)
zlh;zSob!}drN&rkV!di!@cvQOgI5xVf1C+@t)F`3c;TLtR;<f=zv1=pnw8K@JU4>l
zVol`Dh2;5BjWZo^u1#O|D@9ggH$K_4c{~kJ#LnefB@ANU^bE|MC6ek55^1`b;F{aF
z!5q6(@GL-dF(%}P<2KP@Z!WIi%aw2ze?b~$bcltIBXg={qv}m}Iz#NN3h_CnnvJZ~
zN#V1`pmiEst?#F|MOvum2;dhEe(>yuD~l=RO)P72<Cua+UBU}IBgN2q(lw3Voy9uy
z`IfuIjW1=snI#@>AC^TPzR>G&s2pKJ7==rX=KNZ)vGB3s?0sBgj|?KcMcka=Gp%s9
zlJuKwX##x^Lix#1PuBVD(Ty6KaohuST*Hk;terc2GL~5}IL4wG=GkpoMfw7n?nV8c
zL(hnx#@8gSc!}3Lx%>BeUEA9`1+nGxka*tIW$*OC{fi`5QJZ1o56f|@r^5GP*Lb=(
zjt__z=R;qnhXY{GQIo#e@YNgwr)wr!5ViJ{a^0|(*K>xy^aI|3i~`5cjnwamNQM33
zjf5_M>aRm3oYN|ZWmakzkAl`8_9#GqW56NBiI#{e79C46E-o@21Bx_hWSqR@{K{!n
z>5!>Qmm)p-6<cJvax1M=ZM7Y0?6zB%z4q$1-+nzHpgzL}3;-zKXd)mZ?b|>QV?iaL
zfk7byrfeb_5rF>ZW-bo0%Y}$z$0P1HPQhk0uaBMs=-3bpm~~1sNwNUQ+@9pafx#p(
z00RA9JS2e30G?(88B!$?z`#L+@2GOA_>dG1<AB60L|A~aq%RRYUNQ)%eF9dJBx}H(
zQXDG5vpotrT%6?4+oPgmV&j59fd@J{2EtevhKUK3{B|+0@Q5HNXc$;Hpl>f3=nKp;
z%A2`hr*BLEp;M#5MN?qL0mrG)VnGNi8W;)akNAuNWFg^6{yjvNiIs39q&uoyArWLM
z2S8#z_|GU0^lw!D7cL6E{5_Fd`?IF>E_|o+F@QM(@Ouwe>G-b#r=0JOcIK(CZq0lb
zio5SNK1<;WK7owGX|APPil0S1N;o}dTe!8}3QK!G%)WULQC3)G$U%oeK=nZaMg!oD
z#sD&&-63GTjvgZ(LIM=)uS}BWP_;}W!I%@=r;ZUP7BKjP=JnBYG=)0|5O~p?C?x=%
zmyw49;~=(nu=^*1f?I(Q#HtX?PzdT^0zN1+AyOapjHoZQ$&FU3W4&<QQ5&tc)C{dE
zm_WhIv<UFBrI3E~i?PPQ=jD7ofs4>Ul!*-_xhz-Y8wk`yY8)>Je~UIGsjQ?Z3DTlG
zQ*iWDaCGDNxuDhsvAWRWQblcsno1k|)2{MZ^p)yLRJ0Nn^(0vPLx~dKw8-QNVnQlt
zCBbSyLh8wyxf?<VUlKS`V3C1&EPXKH5s^ZywOpxM0TO}zhT`yIH!q4w`U;qBBNh@J
zbmxg|7fAk6$V6Q+VqR8sodo^g&=?3~uf4sc2{abo|3<9~RGjO*t|knMPid)a1o`Lq
z-r3X!vc->Y7I<(rKtu%~0YIW<=TpMvD*`npFBeFvI98g>FR2a}(w)PWkV%|3;)07V
zx$KIouKC<`H{5g!6tt23xyOsZbqj!C8G*rw@81hbqGv@I`oN^5KF(;09wox`(urmO
zj@@F?Ssw~Tg#n>v7wBK%p7*&Nfn*Y}4<Um{QldKv+=kA(b@6Zh5MR?XnLsQ^C45=S
zQm1J?n9p1Gir<`@ZoRw}z|?T#zHrA~_uTiuLyvsv8;^bEYf!M*7kt5D2)pg6brC4r
z8!}jW85RZ9lPhS?$t<rFTczaj0X4XP*Y)WJR-c<C*E!s-J3m{p00aI1N9f;+2B7;&
z)CC|f0p#~A1<U{g6hJ4B0RsuaYta4gAtq4}By>y)mFx3~Gj4fe)JKTSyc*u6e3fsm
zSo%S~(}{E{ok{1?6?8q_M(?2SW-u9x7)zK*Ozek`9}hD~>6sM?>$lNaw>|YNnYne+
z^5h#mnNEIT<aFI-M}c<k_Yi-kwJt#G1T-a}_veH0gYZMjcM0E}Pu~FW)6b_ZPp?0%
zd%EqZ@2TO*swWLk>c4&R?R_X22oK<Tz@2~xeFAtN@CD${xA*#IzvJ!2a%-IOqd!fs
zy1V~xb<{J9eQJ?|mRRZ^ul#GJVS636&;ND>z`G7P;5CR9e)W?d{OpKh!JY7}t={<5
zXGQtmf6h1?#9PM=72~ugw)xB7My-;^!O6wVBhw3Bep#~R$Q976Q?(kk>eOrSQll2F
z#%t5AO9!7OYpt`<dK+v4$P@sz0pLGi#4iBGe*mEG2tfBVfWCkN0|5m&QK;`VFC37@
zUX8D5b3457s=c!gRHVgKewCxeCIP$PR$ix_u-+iZxYsfEkSCLxOD^GOrtv>vyC5im
zdxQBp;@LHFsNbhiptZf1CQRV^;WcSs6pHPm!@bw1U%#%qGC_qnArhKP=2{F}l`F<^
z!~^tfF>q>I$0i*cU~gtaZ662KAL?gbb35+$?uh}FK47lNEaF`#qdskn-nQ&ob-8~s
z5VU7^?H`$@KDLR7sjS4lsOKg|uTiN*yIq#q>%x|~1Kc0keH0&-NnMZJ450Nfc9gkb
zcT@002Qm`YL5xy0&BSD8$JOLKDl(yh5Lq>Kiat?pI1ixLDUtVF#f={vazjA|NEz0e
zM4$s!p2=BPSWK!zB$wmqPRfZKHUV&*y7<L!;U3Mr(ty|o5&8}Aqh6l%z~C=!P$3fy
z5m0cL=i;S672zwP0aU?<V5wEf6%tm}x%9>+*^7|4G!;*{AJoGGfz8nSKw)r*ESXp`
zr1qREMrzGfF0iSBZfaVS$^i<Bw2bjLJD}KWdskNShZo6ihNU!>0ok1GTFyGL-t^8@
zKo?a|_v9bVxbK@B8pTetL$;O>AF~%e%s9`=|0i%W(rhACz^l8qq<0PkNMA(RJB4<0
z|1HD@`bhCK2!%AErXiF8K^Gy&9KsKRD-=@tjJG6<O;J`12i+bTx4v_r+GKExD=f}}
zZX=UkX$C4J%P#J3P9sF6se-JEuL)dgkzmCO=#m>E73;|YhBKC%6s~bei!>o*`r%62
zG@%HqSQGdqc2f%)gHU)WL0TNej*W_TvJH`*p%9Dk=pKE<3d2G5lg@;a5`rN#pD*$J
z38$2j@KlQ?T<^>OQA@ak@m~cXNpTCg5OEM7LBQ25UFC<doId$d+<}^#4l?I%g9aJu
z81|-rAb1^toX{Dw$p+cNj1JPo-=SauU7<V;Vm97kC@%`ckV@bs+D3w9yu~$TQj+&4
z*2lMXohfshnwp}@FwlIR@J~xzq>^2%-QRt<fu=l)|BQ-|&P)z#HFqU73AffBOM;lF
zk5J%)2z__XALa;DG?vL)0~MyZZVMLwa?~nz8MW!WWNqdbqUTM902ymBQ#qgv$b89Z
zNM`|5Tx>{JhQk(wXgEJGQzHs4lw^4-hu6g+hqa|$jO?sQkx`xY2dHII058FkDQwFe
zvJZZ)@Pi~G*7cEdnWM!>F_~)m;$JCjW;Ml4RTM5s<I*ZeR5r1+*(q$9>%)U?x_s=1
zJ@jbuGRbuG`gkf7h9NdUaHiEBedReNzB~517o|8G<_k(LNXQFGC>Dl1>;|#HuTw0j
zQx};Rc~#TS^(8&ePF-idw%~Z@FiuEp<wTRHP@fe*UMJv;%Dy9GgiUAEBPSrG+Vr#2
zF0G#VX$=H{Zjh~w*}-gh7$7H39Z<x87f2tw8F;U}y2k`pU{3gF5sd<o3&G^WA??oi
znB*&qM0jO@T`podYqmz46&AZ7Lvt4&FRGIpb4tLQo<rJd7$?MdKwYlz3FbH=(kEze
z8W+d?4+$#r5-{`zDnckM3E=HB)~v^)2E?+gxVQbZ<Yw7N&y9W5Zt^F&gzI3cpL3*Z
z>4zZymx9#m7E9bDBi8b<RzNeh8^viL8x_tXf4X?42nVo$oXykf(6n&*k6UJ|Wc5M!
zX2X16dpF=*9b~xf3iy%9hJ`evlGCWjcyeIPMw#E{Mfx(yY8(keB&!}0T@>b>zI1R-
z5hQSCL!ecyB>yKd%uC`AEa|f-)7R1@2RARKGk3bSRTo~C0i|FPgASf11`LacN-rhZ
z2ig?!{sJye6Oj^@R7?V|%<<f#l4^<Jd3fhIYmQ(HI9WTX0;T^hpjVBn11pBXF#O~Y
zvMfeA+U4WH)T<f`ON74s?&c(7?u|Zw$nCYMOM-#gYxa4wS5?-eTcR4N_ezGc&XyrE
zR>a)%#d?~dLmu8fyxI+(b(w+{-8r`12jOqTFjLo4EvDAM^MC^{Le3~9Lex2N;V6!4
z-qI>{U6L8qW51)I{`{#l?_XBV|NpscJ-C8KSIqM&3b6<_I2rzAp#pzc>snRSnCcfx
zZ@19?d##<)E0fEBT*Z{mHX@;11rQ|Y>A!j<r`75jU!DqCKoOxCg53vJR5D`cimo;u
zr=2U5zw#$_koV;af3|zsU*{Ewg@!7H6e>);NdU8|1hK)*n*_a*p=4_Y3n)6ujT^Ms
z+Wb^t6w1zheq&;+{UEij9DZ;pSma`HlRKO(CO^IMeaz4@dI^?i-F9&y<@L@dhXJ`B
zkKB49Y)=jx7JxEap*!frrTu&qfW=Qx?XXfCDKG}0Z$E|HR=v|FBW|cvTx}Anp0f?x
z{}k<7ZCkT=it0mQxFkTjRM<U%|EROi`W|@?4+=q8MNxU1Nr?41kpi|w!)-?;-Rvy|
z>|W}I0bNvN$4Y_3xCg{+6{2cqoT(?@v9&ZU*nbs&L3R&()rCaNo51_CVfMWjq1B~s
zB??IG83!sxjWt8;*OP&KOa7uAy-;eeCoWL%+79nS4b9o*Rfy@I>riBD=aOwK889Cp
z0UtObcW8!QV#Rv+JA5n41$-AbQ_VG4dHufmP{Q-7BT)bl2v<2!DctvH)KK>UvaB4q
z98*d34wXC<3EY-IU>kPRRmAec5((xc<^4(^9hS%b9kgx-sjDj(oKQtFl?88HF{=w&
z2@c6WAJ^o?*!2?PD{%GtSNj1a*aj>y$eMCTySXD>gvR{eAAew6<;E92T~i3F{3f}O
zPo{|5Rje<DWjmFD&_M>mNmF~)htmX(&^7Nua{qk7$HELgi2oNxsF2onUJ^qat2U96
z1WJY=BHj2%x2g26`4Xo%(|fJ@pcL<~59otHE@#0<F1olx5CELJw8{tUs#hbcN)=vN
zF0A^URK9(wP9QtM0w3Vh+L!FeB+rWh4$$xHLaHZD$_PHwEvKpY4IuSW)uGbocW0jy
zSI3x)t-82t0moj^nVi13z@Fp`sJ-lej5KRmBvC`bBnfZ8Dq2%w<VeKv#GPT8N!Bqk
zaA*jr5=jB1z0d~>65z_B5ZH>98I2`EGqP%!&0y&{uCbdNu0<M@4dSd#%HYGBD%EcB
zB&m?9-Lq09xe6%1Bd@2AP`g*Sh`^0yLi<Xzy>HVNY!F=z*O&Jbrk+!seLlrMW!hQr
zp*$rx7Z#+!O3-j~N@?Dr(44KNISXR8ocC@4<SBD5SM)f2T5sqDx_GzL>n)v>>cdVp
z+eQR*rb=IMBIt0d<UEfm2qehN7L&0r7*H-QZJL<o))lDtmpHYGRHsnorB<lD86g*C
z&U9_)T11Jk_X`G>e=;z+X#d8-IzbaZqf)QyE6d4s+lZ|yr(oOOlIGnHj=Im-3hS#2
zQ8(PX4-`>AhwPoTU?8AeT;4R0=F2El?=N-=Kc^c@y{ZZBOw%|orsyhZQUj*t2ZP#M
z%ayaeLB+c#vUh_6b7pICPgJ<QD(*YjhtyUmZsz4aQZv2yp1_X5ac76L;Zl9K?JJS6
zSIFgmA{R|sP{XgN=bUbQSwr%Fs<m1q7AAJU4INvAi`{jYtb&%Ky;$#hSoX4&2#o}R
zUIx!V_HIx>`|R=bx;*B5xCJqJyX@a719PU;=h7F#9b^0YHeUk~vUS>`Df!Ap#SL8s
zOJ<YV&==x1iW<5N`c9UaukcVSbbf6}U4jzAX<dQrKZu*AN`^i&qbR3&raaFl_|D?D
zyM5_t!kH=uP(~zqZskOOf5`iZ{D6rJhM0v8LeBIm<h`izY@gWZjZgQG_?UYyqpG7H
zVf~xox+y}}xzdVCTAcU@WMSUl+2X%#MRvD4L&fh<*}-2(Q;$|+3VWA&g{i3;7I8A?
z{z;|Bs5KVWs7?B6l{Y_ou#L^zK_Q$8{riW&p*0xGn>1iq9ex+K{VA?}R~;TGknNo<
z?YKd$C3DabQK*tMCp3~YFRC!JcSdG6W!aQLFhf0OL81u_tAWEK!kWs3rWM(9fDbok
zE=H?}t<8fgM0L#R+75^o0;|KoG2Gf0P1>pN=InuK=<r-6`~uB;f072UpJzo3E9q10
zn;YR{UtaVNEdJ5l=w8X5S9h=hj(qug%muSWf7EQ4Pg)y6SgYY`jy+JgdI@@i_zw_;
z%Bj2r!L@Bm%q_o2!nc8)NVBJ;z$xhS6qPCz%!7}ifu@Sl7KjO!l*7lg5a#zX_Z_#R
zn3p&uM$vEJBk!hYw>N(7@F0DCaxoO)rg1E8LBu`Z*upy6<4@viB7Sx*=d&Fg@GVjk
zlE{lpX5sj({5n~h#KPfbW{*C>rkK>+BCTjiD$)8@n|IjHR_RADeFa07P}UF59lkyL
zCxeg1zaR@+TPy97*6f_HKxS~rXn9H|%2Y_sFl%LatWXlXH;&q^IP6DLuW?ys6=3_P
znJ^JkRQ6(Vu1}`ZAq3?etKv!Io~nFIeSvoxIB-o^&e~)sJo26;IeVQDg7`T6jGRD$
zmEZ2lFP18piyy;mE#<#p8>Uvv-Gu%Q>e?$D6mt<XpyvGo;^z(za*krN;A8zfVY<eY
zj$&HURD*i9*p5&r@bS+w99_RTa+bkAyR!1yqfXqQ=W=#7z6;Dks(ug=E1FXWTcy!4
z@VFB(QQ76N$cP%mSB|zo%y3DzC{>%Ve0o5dnyxmbqvUb~MV^>5JATYclSX5M7i8p!
zB>M1ve1D}LBSW<<#V$#ER$hfbp%2O>h3S>QUse;dgIS~(Gg*vjj3T{=1#rh^ZEqO^
zqxv~qum3m-njZ;`D^H$2mE?Zq<o2IN%rVk*b{jM)m!A@6?{4PyA(Bf`@rUlHGWboO
zQGlM-A?#ebc`W0}1q~GpA;l5dUw(6%hB6z2J9)fHZxu`Au6({qkt2BGwll60$wUm^
zd-mvQl~n02=7DR-OtV{;=$EA4w4fudDE>fu^1ygZeMjoOF$rU&3Z!}ozKpvUtU;z}
z%;_kZJWVxA$4*xv6!O#s8IHm5XbZ#wr{+pPfBNXG#20KxW)wV%=80;4G2`7RD94Y^
z1fwvh3j@DLaKES;?T(2a3S69r2E6NT@#v(xqnlv2pw4Lc1H9u-;1=M0F(&x)Y)UYA
zJOIBiv{fEld@ic!x4G2($k$cyi`VWO@&W5y+^%2v;aCib`|Nn|$62^18L%8E`~@TH
zdCimQ$Ty0Dx)Okh_eN_Dq3g@y{n4u1n0k=clwLDI$AsP17A{%4ZO#K++Y92n>%mc<
zGq=9o)l};0?Io*$=3#l|w+U`Rx!h>2DZQlpSY6ZOIA<zLZ`4x#hv6v_78{fBNO8`$
zJSp6JjsRoe@%O>FSt~vn7%1Aexv=&yuI+EqysN=cR~TFWTWw+!Hn@+I5t#vh#(+3Y
z?l|RuYp@ICR~vo%#CS_TAWvB`h^Z+smN3+r8AZ9xv*fwigaOIlPLDr5P3V;6fYnH?
z*P?Uh1O_>IkSIhHCy_yZMW>V=36o^PCoe3PY@<U)P5s;2la#(nijN{ogNO5}YGpty
zJ2Ea6)Z&cuP*AK7;*oH1zr4G)Gnp1ky~d>-3A?L0t6~(aI}aZNJAHx26n#r8ZA0$Z
zb<>_1EBS<>qc<-;VpeuXR&IQ;Cv`@K*nDG4B=8vMsSysikIaj-6uZRjzPwU_Ok<IX
zL?Nj_v1qCn1+i=s;IaF9Fo&*G1!PijiGt8Xv(bw5;v^QumS83P#UXrRuW;z!v7Jb+
z2ZPfT8b=7EL?UM2yeYeAOvx1ygR+m#SG%^9eLGn7|7YnX5w%qkpsCDC0r4vgHgQc;
z)gqQm=Fby@wP$%<DeOE(q5Ix?3a^>uGQUs;#qy9rPASu81;iR^{hR3Q#)Ue9sbBVS
zep9;NY7(#g87BP7j5eE%KE+a3l@4&nkgQIgZ#?s_FLQ+WWk0WCn>vm#eMRK;VD-mE
zf*iL5Wc#OW^-UWrz=c=N%?$nmrD+0Ioi-Ft7WNcvE$3vH;+t^lCXemu3@ITWW9?V_
zDhw-iuHX-};RjmHnRY>HcPo+HCCQVX=4P7Qy2Nxz>dl46S?3zOh84V`u`szzy?2Bz
zamJ!WNQEmvTLvKb*eI@uMr)JvcTlzWIph3!i7bmcsTl%anaNJB#Z_C9in1V?q4;e9
zV2?<XjveEru&MV9=z{P#mpavJ)ppKVPE;#H<CGe+&1sOy+&<lqTxI$?N}em3FzoF3
zVFOyJYQWoQQG3F)#{Kj`w&b@_jXQLN3LYVSRqd^Hl8xDo6&i&v(%u$pE32VG&95b~
z_{I1>hv6lK#O9Zj|5ehz0BCH}RNp5Zi9x4_h^ej{+lg%gaq+&Iz^bXi77eqWOF|ws
z`yUkZq=nTbK2t_>N1M;_5ZeZ>A`KmyRr!tq8;_~H#V3Di#il2fTiwKOh_nt49zJ3Y
zJufB7^6T>K#<YMt8P1eCgeFs{MFcu0QdcD;l_@80^>n#0b?#?%gV^!oQO*iDxy}o&
zBMtTH)j|8f<rJ|kLo586PtZT-`waQGwkOO9*XgeEK%U>#+F=Cyuc%HisWUUlJOLBK
zABjafzBLwTrB&7`Ip-HP6!Wfa9|^i1)RS~25p?CSgG#a$WCzo<%@I3@P?}xGBWrCI
zJg#kDV$fx-n3+D9GCST5enpCl8EGz^HFw+$`0!({PM2LS&<eAuN|Vx%5%9vfVwX&B
z3e<~8J?$Yb9mk=+=CU7iq$xMW+-HIxck@}_f#Hoj0|TQw6pKcvhFH{@9?VtVwH<f!
zo%f4Kx{^wC<w+-%XdRawOxHG5+0AJMT8Z}UEocDWBXjH9TkB*S^BSu)%Dmc+@zhps
zLzP-kOUV-!6Z#wmE0Y`%me4l!7LZ@@XM18$;~}!ECiQtR5(zAuntKS55e!tEIjy;+
z&EvSSQb@3^`+aF8w7oaiBnHQY>W}D8po>8Xl2*$gOuRv%7t%SUVC-jcp2_dVgKcy+
zUclQdE^QkGZQq$r4w5J4rWO1}KSY^#Dp^lo&L0Medm4>GQ<nXvK~VZTC3*fSu;`a8
zjzt=aBvTTp+-jT8<tWUl%yLRtrkqJb1(Dyx>DY7q;Lr)n^z7@>j>zI#=mZ3XOsA&U
z?OsMMCpCs%NaL0W#(;UZUQa#dFlypV(nRfHu(N_WUThQ>`i+kZeS)<KP$+~pnMywg
zCU+K<#3K+Gl-63oWwwb85^Wnsus~O{6ct`Md+oFpzE!}c3myNeilz!czm6&YeR>AK
zxP>a{#RJ*XYSkw)vsKAq*#1l{ZdZ$n&9MIo#DnqPs|jAvcCeYXHMc``wf1CYnLnj&
zPMESdHKr_K+#w)3SiJ@6B0)@PeBnqwvzfg$=K#32#{jwlF;aXb&Q&?@YDK&YkXOXJ
z!t<|&TX7|QUxRroR3`<LcpJv{dlGJBGAawTa9pV+7*5Ro%VJ7!p=q0Xx{?0=<3IPn
zkDj3s;>;-9V=M+jK*hNLXGP2Bc%U}?4Hml>>8f1<O1vFo`z;A~egKsPHep=Lify7^
zA+T-0TdRxkmDM2h`q%tl!Nv{nk?I2Y-S{J*@<jfLp!jnBWw5(R>Is*ssit}ct<4b?
z(=k3S*51V7)S1}E5^yF<S|yli4a~Cf+2r4GxJ7sW+#puyJs00FBm#F<s!|f-b8MN4
z3@Y|#Jm%o5kE&3k@%-<0$7j|SHLoN8YGeQ636n^VES!IJi-9g{;n#x;zutz|Rqzct
z2B##FW3Hp>goPu3KgQqVv`x&;QqQTZn`O*B2PQ!MukAIOo8`F$qBe7yI8to1@9u#z
zk0Y4lR&#?UqmP!tl72t)=5Qi`MNQ?c<6u8{i_U@%8i`*d$x`SQRVAi$iLdPT!*t5(
zduYALF5za0bvCa~WRs-$C0eVmHf1E2>LX*O^d!606ygnZWg<oqhbJY0mO9aI`3YIj
zsgXB4bWJqqs?jAePB_)6FR3x=LYS(Qet7jEA>$A{svlDY`i87M{E}Q%e_n(8=;T@3
zyhXK(a=df$>&^2T9VS-QG`Qd%P382PCA5&n;o_x=TcN+^$sePG8KgzLuq#8-)NC!u
zn2=W8l(r-^&fU?W%OIOk3s~-DIarh=@n=4D_TLoBGoqbg1x&+9FQy=u)$YXx1=aQ(
zg2=*b<@U^4m5e;4k>emz2w@^CyN-aRNbWCehtwfy&$sDQ9{x0$G>0oGcXR5A9O?4A
zw-0pc$e~lyVH^FK(?Rs7HP+f%0j4`SaU`LSdYfmo8&qmvxk=fX7yt{9Dwoh=5}y`P
zgc!U~F|4&>QI(jaYiWEl`xZ-ORSLaX)KlLOQ)b#IAiSnz1F;)!2*UnC6&&Ak{{Mc_
zZ@M^(Hn9NALn@sDAJN35N)q8Jp7?^UJojBfU@>{AIa+dEB@kGgT+lp^zaNWvMHQsd
zcR`|fYtq~W)}Ud0nO<$*SNzvaJV&|p&&fD>uS~$VS-Bt$SLmN_a_mS55T<uoYkAG_
zCNKw?<}!$Qb7-&+wq$1b9Y<wS3)#~~;r<~CbGe<0{3k(}fVL!}KgA{ukxmld;ql3h
zuX*T`VB!b-DWGsDe?JxtkLO`WzQu7>OKxM?piIcO+PEp{t^#Yo&{n1gxgi0eQsbg^
zSX)#k3ne{}w!VmmEWQA^p-M<!m5(gCmr2nlM>-D#|KWyl)LJS&_!8;?_)iWOe_?=N
z{=iWulapW3Oui7<*(?z2Gvrm-1~D#W3H%4Y+3hF7?<Dw9w%6$9mJ%ekVh)$A2VXR6
zJuZ_;RUA}EBHd1NhN`3$*UJ`VYA9Jaws5&+vJ`x^SYx;8gsBc2pQp9qPyydL3DZKK
z&PpC3Gdf+{z+9rYn>7hS5iN7=6=#|_Q%j*39BHc$PufWxSP|8;7U@b?nhgeBPm7cE
z>=B#mq7%VG4rd&g(S)fT@=4C;<u<<M@*lAnlZOxROrosny1baAiXu$CH7P6T<(nwX
z85GLg&kpizvYhIsP%NerKoj%6a+gxdQN?yRALmG`t=E}VUh%e&^WPK#UvKrq#KkN@
zhx>$7$8Go@=r%BmvUKTK^U@u@z3v?T9Nb(}thpQ}W1A(uxw9_wyDa3mu~h#p3uwsF
z=3e;t^f(imA`nXAOe}&sR5xB{(%RL7Vbk&7lci3(^NTpg1F}ADcbt8LQEn0uzOrRx
zzb<BiyQrjcCnCS0AVW~?_7sVtlghkF<!W`v@43F{t|s}2o*%+GNRgzn99#BSCE}Jg
z4?IAAxhs2mO~8ZFliR~PPE?)P5#D(cNC@F0VKC5bvCN#$YS2Av-pqMcV?Km6!P>R@
z@&^4FopypwKS2|cw7OCi;W!-M@(J)`!_mFvNB6W287GV2lf`HSBn@pljg!RiNur(6
zYS?x;c(7{S_VA9iRcm*IcdkRM!o3xoNlRxpE}h*foRK;ME|?*j0fPUKkCv)2ykmCp
zf0-f{#Rbrn9ub&QdNS|e<;VbcX!@4_9FqJEoS9knw|WnoS5h&ENpp#F!820#yd};I
zL@XQ;yHusBZonZS5a4z-cXjxZM}X3bkY}c3FnAU$)~?#wk>7I`tlP3>dP)A`RiMOd
z@EzZlQv=HODE#O9jS-L}{ddZw<$)<9b!BjX-#w?PZlkT)!U^WW!AT<ly>e<oLZ7z~
z9_MqpHH4&9Q)JTH-dL~O18yB+4ZlOhb@UfUCuZhYm3&-cd}m(;AY`NRNmkzNub^8;
zzRh6JSd?>gRvbVY2vjn4m`0$HX*&-R;?HO|jhL_o|1yp`5@`b+Pa%;P984zB>Os3o
zW)i2$vdtOt4`2RK0COInh)1LE;88fR@VMYt5fw~i^36P<*qMPr-@qkcQJB-1L=IT^
zw_(vM74^_Ib2yk{a($Q9-g@vIH0FgLKy<2a<bUxiYkY|bhTk!n%E+d*m36vFSB1y$
z6Paqw9l8C$UrISuHTThHJ88+Qm~@y-WwfR`9+MH7YE2C~9PVi3A$&!m&{$hblTIi6
zYvv(5BvGuM4@ZC%r<987!=Cj{hbn}xnM9#kt(%ANC5d9SUY<6JU5cY#`kDN%Xbrp$
zr~C!b)>N9F&3K#7BD(y*MPYHny!%H0s!L4>{cqdz+O0-swXe0-)@of`w<&+#S?>>O
z<6)y#n;)B<Vr>aq<bai>MU>upWQ4tLdVyY~mm=rMi>4#=0=-Bt(aZD-y-Kgq&*^n~
zgWjBW>x`m31xkLm(ccCF^PQJkJlx-k#BtAe;rj3qNrBwMFSVA&2W;UBol9J_v+C>Q
zj=q+j>kw_xb8&qD^pAf%cKD)$=ny)Lj-n&z7&#82AMkK14*~mcFTbO2pZ^cQ*5Bys
zCII`Cj~{J+fiw_c7?4@Hv57Ovz*)}&(qIF}*0}bDr_>rg*#(LVYtip~0`19Su9e6@
z&FlbZZ@@ZpPA%D-)OF>>uDq_~O{C~2o&eoR>19NF1J=Yu3Rz@|K{BGf)T*+S4b<71
z(29f_s6#y?zZTi~LAK8GKq$(|yyQFDl6U8X0&s)@1;PL`%+J`;LpB}*!gvG-^C3)G
z`|1a%C;6%d9GfxSx^Q&;YI2YYd?r#LP<>W*s5LNDp5No8hg36Yx$y^E`ZP14fb`OT
zG#dZ8LY_)|NIIz`2=X%|Ux?Q|-%qnAao{#-lP!8{C}_PQTxC9Fn})h7w%!A2VJ_H;
zpc|rj^nKPa64|qLuTigBZ(ZGKtoLL*7o60^veb~N2(hHzdYU)Q+DfyF&c&KbNO3EL
zgwTpG9sxoOII)W9B+cYCq7~yQWFYM;7ucIBKY)v%my=6<u%jOFX4>~e`)bLST_p?V
zJ;nHw%&UzGRj@>;59W7LP2Q3e^6&ML`m~=MrL4*#WUqVEdA<hT&(g>6%E`h@mKNSU
z<DQ>ePX5jgkEixYp*)9@3%s>JA@fTB1ds{O|BUx4i^ks=NcSs%ufA>+0lxnx(R?`b
z;qn-2M}dKX0tnE3^&bUbz>Ze%{m~VE<^0{|&~~O|1&S*`%~>eL$kU)*Eh7oY{VytW
zm>Z1i{IUPFsb1CMN5Ir&wv=wpk_7srh^jFJI`>BAQptLV_{JahJ=u$EZ^MH&KJobg
zWlU&2gOU?_%zcFwVjxO`+r-3$GaAmUs8da=$3h){1Djxz_w=3PwvdcLN-r_)Ph9=J
zM_JV#d-5QbFDL8hVbnkZr)Q7LBl=*8gPQ4LdV#3!!(AS-SATL|fQygOy@aR(4nNqS
zo90efd<Hdy&@ev)n3-Xoi^pScHkIe-q=Uk(SA2SKA3z89QasDZ7<eB<4y8fpHln8W
zBYhnG(f_yo5hRq$S2*G+p}Cn&vgX&JRBuo1Od@up8dex}|FP)pLx@FKG-M(S(ExyG
z2#tVele*#L#$+apZo_<FnBDfgd8G8+zR*ouW_zNiy=UnMU5NS0U+HcqeFPU`hT!da
zR8_Bm)MfT<L~U5k=5jq11ic}t9_wn9Q7y}x-3wVkfzsZ*w7o~64hn5DRxdg?w~rc_
z=l%W2<@=!Gn>k5?*$QEvgf$Q=X$EbO3@#{e3h740=Qh5oWz`H>oIi;%q7mE&ND7j8
znM>*M&s%L8swY<cBcl4jkkYfHXwHy2#i2L2rf~<2xk0j#aE4fv_3`N8xJTZTm1GIo
zP0o?W5f9K_!<(R4uq4<{ktgIhxg>tB$ujZ<{H~~=`LYGsh(p(tMD~w0g@wkd69WQQ
zt`8VsfNC(1J_7-tH9<NRf?DaRP`F&D!gzc*6;AESsZk;#r$&=fiuhFmZqy->R(g{D
z?JBjY%SA_o#M;|wB-Wx$4T&rcUU?9m+pbhaJFK}cvZK^O#A5r_D8j8nSfe_X@>OZG
z6fKjj(aDHO>8KdgLUb%$k?7i8F`06xL6fisRq8WWtJ0&2$caj*O{nfjwYLO)x9EE(
zeFS~4b@YW}W@C}X5R=u4tUV5Un?~Hpp+Hg^c@CXOBwE`n(zGh-Meh<FnQSs~-I|kg
z+q4$3um(Mh#_Ox>KFtven@X{PXzG;sgy=iEPKR1_xw5@uR+p)Cbcb}5{lc0&y~<m1
zw5_}mfEW~L{{Y%e`W^nrGX<c-#=(_>hcA_YkcgOsl#HB$l8Ty!mX4l*Q5qZjKlVPi
zm+#Ka6A+Xyq`)|ZiWDoc$5of@RiV;C5udAa#kGG`-<O-J-F4d+_NlSReh;?4*K7UZ
zH-D*Dr$LiO%{FQ=UaL0kI(6vM?V%ohdi9%Vf=vz>G|49>8}O&k{O<3d>Cz{C(@!ik
z3@jYHWCTPc<YF=)12ZUtGbBSZEW<Mblmrx1yTEP1v>8H_qmDW3hzl+{?TjHiB|7Mk
z5i?mJjg`)%RJkN&GW;se471EJ+gvQs8EKMeF=EAuH(7#2Ns^^Vl_p(=Oj)w!$TdZt
zd{Y%DRHRsmQr20YOgU4X5@WjMDVSzBr7Fh!Tlcp^yiv~_M@Pf3gjv{DD^jabs}8Gq
z9{JLIUwQ1?^cpmpX1W=gVvZ%&*kX?(&bZ=^Cz<ia*T3`jI;mWtfmL6sR;43Kvob8a
zEF63P`?C7C9~O>jxxH!(cRbJ{5t+fUip6djmT~T;F8g8aH}&8b(ivgCbJprP=sg!W
zroFSZ9R&vL5$M@9g(J-^x<?=wut%UrAP{IrAQ-SkAk6s9&+FO7Q4S;|+F&B{owL*Q
zZF>DN><0B*83+_KAQ-SmphqAOXh$Fzutgv|K-mj)y}+IUrA&1A8Jf}0HwOPj2>p{!
zC6~)oi1u5<?X}`8AcdIl-D#s+DPu!D(>kh)QiUAT6e<^`(pcogl?f{Alu>!7oGLmM
mmJ(EBX^ov)%S_YFLAeHrLH`$pUSuqYO!9b7`r3Sl-QfTrj3_n$

literal 0
HcmV?d00001

diff --git a/data/web/fonts/source-sans-pro-v21-latin-italic.woff b/data/web/fonts/source-sans-pro-v21-latin-italic.woff
new file mode 100644
index 0000000000000000000000000000000000000000..f927419cba20a1e8dcdf12e8802bb837378cb3f2
GIT binary patch
literal 15704
zcmYj&1CVAt(C$07c5Lm~wr$(CZQHhI$F^<T*s-x=&p+S&Z`HkBr>jq%bayJL;GCr6
zCMPNi00R6Fk2(PEKWWqVlm0)*f2seU#Dqme0RSNSAB^>fML}3V48-K+lzuRC00830
z2BYwBZs$`>NktF<fVBR>RRI8CSKD`2A~_{GMgRb6=*Ld;hxN5Uo!yOW4D0~_Xo4R-
z_a8kxp0VN(Giwi1001T(03go-0QgC7AX)FtO$>|y0A}VNyZ_2%#crnBF#iF6u%9vj
zzyD(xcc?yd8|NQC%<(_Id;kDY`(=GHXKOp7A3Zk2AM8gDn6uC#am~iS{ij@x|NP<n
zFaZ!V;K|m&#^eW+|KIun2P-|;_1fDxIRgNk{y%oh000=ZF}swb`vzQpJsdv(1+34j
zH%VR043t#<f;^(G%a05L$V8r$;aR=P@S^^iJ$v6VYP8auhcBBEJPiPF-<V1Vi^ds6
z6OlupiET7)L7#duGyRW_zeVygIHvxi41WPC8O8{%jjDpd_V$G)%|G)`CAcBi%U92)
zl_k2%n-yx+gutF2thJ>NZ)`oEpVV(}W<B3B$MQh&;Zsu(l6vn0ZreM)z({DQp8j`T
zQDX4LdEvk2WGrr%mGxiNgGTSQbKyJWBQ!UPi9MtX;3S)XnyBI^oWpD8R5;~(7n6yt
zTdZ+yqAnGZs=cy{gO=nMX9NE&16TySK>WGkgHvH61(ITuP$mY^n*C*$rdp=+gAD+d
zlFZc<rU8b)?!)!mN>&x0Je$_8oc;!)DaJl*NieOp3XAW17=U*N&K)!+sQdh(&z6b;
z3}(2cWg`69VPm3F8#q9b^qN;|%N;8(WPV$Y$#!WY<`GzA0dj}hGq_X7WadcjE8qn)
zsrimMx8#OurPv20s}$%|oP~LtgY$GZz>mydb7Q3?f4W0lj2v7Cp$`xTDdxeyn4je#
zJ+F&&`YSSDQlN|^k2XiEiI@D?ArMPs-yB-%!iAO`XpFBkl0xexV{BIex$Go{>KSNQ
zzt*Cexta#B_tF9Hj5H?%y?xkwG~i;5k6W1Yh$ItG^KZ<Jd>)RI-|T|YeDZ2{x#q3$
zHK~dh7t=JDF?cS+(j$2B)W79or$xre63i+aTvUAZFn3Plot0b_#u=CcvQa>TW>~~E
zf>c1uQB<HhHp>|2!H6VtigL&f(9}8uJ{<S$A*BE@=fkw@GTbMeIh&@qN|?WyLaqwi
zK|T5Hv#042wM9G`Vq<1IxI-Q63O*I8+0N7GRd)Yf0>PLSc6aGgI!JmrVB_+!RsY_j
zt}~}H1<+9}=ABl=&lNa--C{;Hdo%zQ#EvbB$yXQC>I}rP^f%nJrsYg4trzW;7ZS_t
zJeTJCh9g)7&Z*RyUK|sh=0N9QTK&f~RX)Go$U`+(9r8t7S!M}BKJzsB#!RQxHxXi3
zMIX4|=Y>_osVt*ou2V3Ha#8FW`a!W0l0V6L%%x%8Gh4KAoiW{-a(uV5^|}%meSGB3
zQnZ1Ja<TJJ(@sBK`>6~#wH~$HOBHlGraV9UC~5L2d39Ma<Pnej__(mv?Q;ThMrSXI
znOP3Z)bLg6)%U$%x(T~|FTn3nvHG>72&1Sqdwl!TN4lE@;I{J@ox8e&0M5lTZlbeG
zXgU&4Jw>YZZU`h*h2R#SGU=#$9!i(&T1~pKCZuz|rYG*aMVX*77p${44S_cTc6$s#
z@IYqe<;eaahx{_Gh;Oa%EPh3F0Hbv{pKvFK(r#y;4UOKjDcu0Ji6qlnG-rM#l;D+n
z3?VPeZrTZp%|fq!!(%QN*0u$`KZ^ri%s6f(xW8|Np#`Djz=~V({o&=VB#cYNc25)p
zTgy^Bcg3$5EN?Lcxk{gyhvN%|>QulwPD=#wT`XbgB@qs&&44PWNUHWssE<&Oo!pV_
zPTISY<n9f7`kp<o`Iz}e;$AWFPi{U&X}+0y$7XQG(%6?i2*a}Y_Qmf<g_GGcQux{U
zP0<Bz*9*hKeI+l404Aa8(5VvBz^B0aTiThHsNL?kQw9t{Ri-8*^oHTKf={K?Aa%@t
z6Z;?n#|R7Pj`G(<;gU#DMuXc&vh^`9Fpe#zSj5Wo_f$vJqlU>z?=6fxN>KZ_^Chui
z)Wex(kyJA%h4|Tg080*`Kp2K=nI}6@8Uy49vAuyR!mx@!md^81d;lkZU#B@71KN8H
z;UUG5bbSsg3b0_xxrhS)y5C38p|{!~D`o07i9`blAS<WiZ**)1h^K}L?ZoO<ocF%G
zaPFkHIQJUd*f6bk&ba}@oYEWWITY_UiNVmq2qLHzQxGzD9#<8ihB=kOaH7t?8~56c
zTXS0cZS_@8o9brH8Cg)XrZK6;v0dV6L3O}30Gu-DmOfZk6V_|QgOm4u-SI|%Q*qHt
z5#?99?-PR9WA$tpUrBs=*!XoMNM5a%E`<V7Hm6e)GVp#z%m#pDvG^w7m@$r0XXy;+
zjWHBS2o|{^u^|l-1C|}}g%BJH>R$0FeJ>U-UpVAD6X~0662~}|eWS{l>$f2;sy@M+
z$ivlX(R^i*$~@$=15K$Dfmb7y-`=Kos+v;al-(=WEnVZy9_2U|kO4VlVU$%yZe-=i
zm2X>Tr!OA-@Wxb?a4`+fI8(p88H0xr+IQu&mdlc&b|D0wK7%?OD;0dIU@xi^?yxFy
zlZnGP4~r<5*hT-F<!?eIBE{r^L8~r<Bn`Bxn05pe<R#ORsO?I`rZ~#MSkkviDLzxV
zl-z$8B_tKRyXzl0;8;EB>{B?!Z^CtHXiLL$UkoRCRB!ZV=`^hz?ue|mdaXI>HiKO0
zQLoZbf3w(>19tX*7FzcW>p74qG<lSff4l8;jW)3DgfZ(Y@iv<>)6tDrrgnB;**wHk
zPpjKI+JoQi&o4Luv8<K}$1{2zD`P>MvUn>hNE@3e!Gfj`Ik0J_)!Oay-y#_uNuLFG
zI+MEx5|I_0=Uw-=2}1BI?e8xwxGk$5_Pe<@tiC4+xDeH~_qXLjqt#XS=4eqD!sLXY
zz`=~rf&xf{<s&ib*hWRQTs4|CrTk@*q8Df&%Ue#nAP78nYshd|EEX$;Dv81TS#g5@
zylgRODg$>qOnJyM4y%lV@1Zl2g2%ADXUQ+fq0+Pu-ixtiRx|_{mF)~Dfl(#OEQG@`
z$_QZ5Jim|<N(B>_n)VxOJ18MPzr*1Od(66y;>t}S_pa^SG%7CqY7^;*^p0D{5;`pJ
zmzZX|Zx^U)yZ@~~;CJ8aD!#Cm`H?Y71Hbvf4Qhhpp==)Xw@d;6h*Ab+|FtX4Fc7#u
zKO+A;A5&)nKbyKBz&WUaACh1$09YXmh5!;#Ctv2_uYu!OAViLfG}|Ye0x4EGKaAZm
zwHm~d|351uHiBTXvlPZUoeBRcfa5th=q1?sG6L^^zI~>I+;tRCLig<QHd>y#n{76)
zi(72mwhU}GTQVf9Pqar{8uO(0slSTQ=lm)8m0ZBe^i(S0ru1=^%VhLIE1QB<aP~m?
z9K^_Sz326)mwGH@HRI8Utj0MT%B^WOrHU?zASRF;6Sv6nFrz~kLmNj%Moc|kUtj%;
z@rf~J6;+**wLS(wkfA0t^L=PcSrTYWHU+KxadZP%u<!gTKcUa@<U94Q2*y}WVkRz9
zR+qQ>w0E81`<xe=77q<KtUK&7ZLrGqR$9-s1|I13s%Zi-`@r?l?Zc7#(EAX?3ynF#
z3mblE|E1imM;c_Pxs5*YCJ12S{>yB~KFOgdK^P<DeE@djE&(nF*0oPlJ1%UW0C}nI
zaGM)fNSOz9fTtn(LR4Wun3MPME6|$vpZd~Y2+rpSl2~`z#&`;86RgFIe(A*YVVs|N
z;gwn+iEC{ZoV6ih+S-6>+}en&b8Q;$$<g0u%9LxhZHC6yK4}xIc09JheIrH-%o|&5
zC2u{2L@U)~GO*eBpQI*3bup@XgNbR&;M5$mvb3VDQVHFaLOV~1wwLzX1jX|;mnr#k
zdO<=DTV)DS=_>)BRrA};R8fY<{mv$oB|mL&8P5`fa1rTJ<VFG>q3%V#g)X9c=rKpE
z3OT53rAiy^AQ|m@S(V)p_Kw#VX47~m?dQXq-HKl-r>i4dkMZ;{dYY<Ex5;F~^A6SP
zzvms0!XtE~f!#m0;2l`OP0+db?(C|xqv@*+{Ew^arOAwcq)qpw==P?mM$I;McLM0v
zI@#)(a@JKd3v7AYpO4az#)g3zxaQ^wklRn1y|?mL$B&>x1U^hHcylF5xi8DHpYG^t
zHgQj#41DcRZ;f5AHc~)}DqXMiI?W6Z30&?^<?Hy?$dynRiLC-(wg?GP_+GF3+_@2e
zi=<!al*2nf))6i3J-Nq)1Au*_2M!E!EG281F#IF>{PAY$ugXs+h!4&(Vv|{q#%nHI
zIK-TGc)2b#i_W?H9QW5egaUWXPVTa1ZzifGHn<L25DSHU6bp5lTsG=(=Bg$A_E^}c
zw|t)V_XqZRY_jsN=3!>u?^1JLH`%JzffyrEHv9z}*;S##0@dp5P3T6sv?P0<z7;;b
z@Vu6mriX8yzN%Yme3W#&G%a!8j3)6r^3N{1|J<lO&IWwR7Jh#h_w+$?!;wPfdj0M=
zU&z>sR+xj{85jXV=i0fNFyB^d?Mig0R@rv^I;_73w-Ozzk#TAA`BVDPu}mY;TvP!j
z$Mtv65|?1r7|UxBIZe(r%~w9(mbN?Wk?eWj`Aql^!W+y(!7y*})sb-_fi`W*cc5Hf
zl4>wUX&5qPpk+k5o0-{T7w16~x~8gJjm>7^uK}PmyQ*+KS`YM@)ZZH5J}Rgc+{dVz
zsjB4u-U%bbli#kJQzEOu{K;bW-|v66-49gw${z+=1#7`2d>1~ntE_+m@TxRFk=$)j
z@~kj*5m}`FfT{{KGHbv<&*{sI5MX;-P9GT^$dIO3pGWBL5F}M%iv?`!sOiP91zx`g
zae=g^;`LS9!Cgb9+9sRZfo*J1UZKo4$DSWv`Q{hmV03!#tMilEslWqwFRu>G?EkaO
zcmIa_m~lU|6)vE~xM`-}u^H3l+ova6MnR{O9~X8xthbrv*c)~N7i;}J5C!p`I0-#7
zFX4!*;B$JrHhlv7fS-xod6XT{QxkJy%$l9F=`QQ~*}mY75OGjdnRi27&C{&iTkrXO
z`sbeO*RYG0Yb=6Y080mZH;w8W1YTzD#I1O;Q#H966*SSIE)fQ%-R!S^)Mb^(bxwwF
zUbg@T+l*pC{ktmNX~Dwg#y|ZDQ#PDzS_$q4?YsDSD?3e63uZ5GpTu|k{GumWBr@!C
z#bB7S7J?-czjS)KJa=>3L7Y0DVLr1~Z1J#l<+i!mTP@>C9;~d%yQ9!eA(W6B7L@6Y
zr1BGbeMf-dWR*!%Dyq5Kv&qMmySBA_yt*+b1Ls(f9pm1e#+Tc-JhAO?U^|mi)2+A@
z$81zg8Uy&d_^u+c2TG6#d9mf(2UYWEHqIh21dj;`J1K!aR{dEe=0pXY4ZzZSAIN4r
zs=#{J?p`>Sg!OjE!@`r5==sK^nZz4~vdx6^H|_>jraKQC=Ev(xaswVDKc`-*UKy8T
ztKY(rZfJCn9pPoGc0%lEt~&k!3)-Qzp^0D<sat3U31oJ@gl;LD2@%sUk;>?0(D`7M
zT+|<Glpn4`bz!5iKWK*`;s)o!pHeWYhVul3%F@m2Tg1z016^d6q%hMYF(?dz2+63I
zz?|A<lYd$y1r9Ja3*95ef6E)XF}8CBxb<z<C|ja$^-r`7vkW^NXhVGnzLF7CHZ}xm
z&`dKW*8P2Ns%pxjK&g3ln=M7H5Y;@e=J9)KJ(+T&*ub)=)^dW%9o5mJ2bIBP7&McL
zOTqi-NMOqVJxCKs<H)zJcBk@%GLhCBy~%`UX=a_5t~<EZK68VLzMYQi0O!6YTqXX~
zZ4%7S*ru2oDP{(C>EAziTRN0S>mwFZtB|U?U%vurLKiCcRhU+V2Y<Z5cbgX<J7sX3
ztal=So~j;AtlNEjh<}cW5L<K9-X&T>V|{9yTtB(Vqg0d6YwP+*V#Bap5z-H%dao<i
zV~pi0<~fjn@0tCT!1C{!d(RZa)-PX{fX7kgn6*;BxhpUl9bfNUV@T&iM_>4&!!G+T
zY_b*aZ$>#_VymT-Y=c2gU9jvj<hbfqP*vJrBRqXkbcdhUt=zJ8CD<=KkQ*5n&Xsyx
z3$dR;<<tEUaO3)EgvF2Qg;C|wE4hs9GRPIxR&NN@!r3F_MK`;ft6b&_LoT-CwkT?g
z#XGj&oqG*e&RJ&rrsIxD*NZfx>#IDjj6NM_<O)fn0?5dYtM|yC(L%aWJm$KvsNue~
zbk~qE)v?ebl@$dK&Pm;~cH{J_lT%_7DBIUYNmeRcY_OL(aG|9Krn=iaSFD!q-Ef^*
zT$)o1o51RH{)jyRZ}5h~d~-6(UU(rGl%QxGSy49CNgheP-Ae1_4lh_N*eY3Qx2245
zOhryK(}9AR2vew%lM&PQ>mlEuoNMy#<GR%Ti+Y^*{0Ss0@7C4{E*TJAAqvg&O!(t+
z5TdH1++c9kS34Cv@djquKtfYfXdYIFWO!1E4zbVH&!Fh&Z}2tYN$ujbn~}Ic-&S~~
zcJ?03X~epN;A!~sWJ5Y_zVMVo)$ADrk_#=^WQ8`2yViB_*3{8%<Hm!>d$$0W{cdh-
ziV~Ze1sL|S3v<l-FsVGsG$@$|x^sbvpq9QI9IH@;cI}?Rse<09Qx8<<{E6?@KD|hq
zaM-`xDA4-txo;<TWV0FCjjO^r<Qnw8^$#O<&-j77{dao)Ur<Z3mub?<TUEMba9<iC
zuLTjr7*^&S)E+?<T1LgLIb9<2!mUP>WJwa*<!%PBA4F;r7NUwex~1=mOxCBWW86-;
z)>VWJTRC#$#vu`1(yYb!@bHM0uvnoWATQHMYSOphuZEgN%gb8FOFGNf1Oj3?pndN_
zAKs07B&z6VdA1J~2=5H?)*`7J8)fatf{h(py-dw$Xa?SvI`-Dpe9VKT`-g=aJ(hp_
z1lt_1&bBvqxt1W(1cXz*RgeGS`!}>rpt4v%nW#SKLSOyz`_t8;CEFP=!M=BJwxD>`
z61VzZnN}X=X-#NRzS*)HQ-4^;ZP$s5s^k6<M>z@}UdmU;npy*UX|GQ4d}rUS*YkAk
zIeK@ued0mH((3I9e84$N6f<h@cTJTIuWqdJV2-*mIxPBahBe7*D|OVa2I@HL4ZG9n
zPnrQwFG4CGuuuCUampeHYP>SE(sf)lkln_?zZ0J`ds6mauyL7#nmc<De=b9WomEqA
zJ*{`>t@f=;0_o(PJF9eaD2y9DH*$3P<$JM*Na`tcWv^;pACvh%km=rvIeWiia)V*b
zLNiBohG&E-h%q-Vm9sKgY>-sk%9fV`H<{qnbX3T@H+O8CDX~FCs0wnxH+o0yh>T)f
zw<#ATXFeO7S?H}X16lZ61aG=3)aKTj*j3(QSHw%mbafeH8n_EGgC^+$&LIl3CPPPb
z7~7>w94zcI$#aJ6Qg;kT)mOt|u%$>BoDd1mIZn^iHyW?u3#BQJ^WEwWY%q*8tjsn^
zjIbhym`hrs!u&d9X$n(UoC5l5vp;2D23I<`kX0K7X;<mB-ms%D-2DHwQnBhcYwMsC
z>dOwZ_2XA(KCo4wHmG`C3~WWnDD{iRD6SkY)eJ9Pbi!rpo-E#cUEn`s4}c5BbNKsT
zCmlh4vCM%DqwISlZGZprDx+v$s9|ks?Ti|EYIi`0_+Y+%x)_z}Wjqe;{UdLjdFO!E
ztMb-u6lgM<qwaJUmk>cv@Ws~V4OFIPi2tk2P`AK($cN9S|8-=ch(rYupEg)h4J}*^
ztrGD;bs~rybpJ2u1G4h)w{&gg-n7e0?`Z(mPM|MvS-29AXK`pNt;J34o@U_c%XRsl
zXJAn6D~BNS;ikAOk!982W<!ZX<zF}cmxyM^e9Lm3Vp3^;(f?JSFWh|EHFeDxDM_6X
zZ#AYJ42Jy+tgB=uBzckJh58_{YfbC`yG@Gtz^Ed2RCe@J@M|yruD!T*Vd?UK;*}rN
znyZ~W!n&^A+fcfymng19aqBKwr|bxlPn$c&>PVYQol9MJgnL|-w`rznR%vpx8r~rw
z>>u`4Ib2nphiF~hyRdY>|K*(@8pK7OM&b=pK(|*dwefD%mijlGHjnx{vLo${s0tN5
zl4!_Ya9Rf@y0AqJk`r95tEI`reof!rYjs^>BSV+I*50O0@QFJ)v$3i2*3l*{uDArB
z6x~DUjA^4PWqYAB(l{^M3%9e|jAXowXU6VNkbB%V6sF}F!td_u=yR!7O`P9!;CrG&
z=jvpF@Mgn=d6}}dx>Q$@?oa2~1!ci}MYNwhw@#089#u+dv5s6};t6M`U?+YajqF*T
z<kKHl*sIoLEr?Eh^DE%vE0)gCdTN7NX@5ajy1**`w|z9ryVJoUoTV3VKEQz?MgB5U
zABX3pY$>w~r9_jbQ^T{snWm{u3bs<&4Sw=sZC+HE_QDcT_?eX%HGk+3Du5Xdlz;dn
za?}|jC=<JC23fUU<KS)x;BwKo(0B7Z?cK~uo4UtqO_iLg#&1$jY=`%R$-~)I>`i!P
zdv=Fb%I+ysJyv7Y=q`LYv2^)BeQjdZ5VIF1;GV{-Q-$7{7kA|S3AU6j{%g6XN0U-^
zont(snusAMiFgw6u53%#n}na!Z2>3aK)6Xz`CJ7(5*0IJVo;Fw8@sj{)>*3oywZa*
zF@05-EyJ3L7t@yg!XA<BOG28rDkPmU4>SG5yjd1A+WB<BQ|dR?Ayxa>7B~Z{gqM&v
zFJj%jYX{k^=Z-4FZ-zZ^0X?^M$ve)uRmyWK{@QR?#KzzAU#{a{v#Yl^3o<O)8e!l5
z|5fMw)((kF%Dpo<NxeK|E^YsPWRH?lu1u<|A(WQ5i9}gNs1(Ws$_78R(D8xMw^6gZ
z$tHab^1Z2iA=fdSsh?~*xYdgI%Sho@Z}Ay|<;#V$5}ew~o*k0KZ*3RoQs&^E;L3}Q
z@4zvNy(>_%yOiAmloy|+V4UB4DBV~Nmd?{x%N{(kh&s6L9o^8<SzvB-b{UNi7!vl}
zxZ_&y7?48;$O)6&xBR-C>#yOJAXJ|{1*m@#+u0O<19>!TawF2h;$$O?s`T`uB6*3O
z-QdLsi;J@jZaw9LQZ9{tN|oN9-M91N+utukeQvyD_MM)q`%2sF;#5xUe=DXt*@|b-
z97pK;3S4brLdgn@Af_KHvEO=eOzp1)CUc_P>vX4-Z!%p4wpTVjqr(Wfln-G?D@>G2
zfF0(=E0q#-)JCNbGDFHqB_=4BW%kc`=A@9;K+d*@*-#H|viD;_YjAPcl_oirY{_Vi
zx|J<Noz=X`#$Ggm2d?y`PnZYCQy$m9WY_pl;~lq!Z(}|nfJ?$DN7XT^T;3Od&>{@h
zxgy-a!@iG)M>*887Zol<zp-+Lur1r0@W^)S4ys7q&Mx0RLF-0*3Ufk5%#_OR6?X@>
zBI78K1DG0f-jFN_ok1B&<e*S*2A8`1{@Fvr>l;cq97ibG>9L~XLX9_B#Nt2OM9G9)
z>cCK_wF)G>#kCY|l&ue=MYlHToIS8dS>a1Y!{suW#~iMHad4(dTW3Ri;XsfQaxvIn
z8R%>+93dNqjfBx|CyFdbBQn~9II1xYd^3@JX!`u4ydFQ}jYnQ+O#oiOOcZ?PibpZ5
z_q~O74^#c?zJVQ$F=!brsgt!{!0okf?XruIB7@mZgqE*O=EvElUcM)fU(h4egIkQ}
z6UrHT+us3?hK8qyLpF@-vMJq4Qg)%7;bPrZ|HwCN7$>Ji@x*Mw+H4(cC}+Vz@d7K*
zFP1?HmY0Be)}r~|zi$rjk2BA-ni!05Xj_%+wTzl!>5a{jr=2+8+#Eu~0~I;5)hiBK
ze$d0*oz&2iDf|E{zV!XwA}uqqI1Ebh{Z0B_+&Su8c4QA8bXhI@6#j>cVwU^1cSB*J
zSfZ$^d|_Q<KA5PJ`zumi?LNmLt`=3@(nLZbC~hd!%ua`_C{REQ-|C?X9$tpU6q<3P
zWzG1)#qGM2ocwxTSF&1dq<bH4n{UrP)i;IV{Z95>VJ&5wc0WSP!1}$MOTH1qjG#KU
zoED(@OSDUMcV<8kES$_OTF`j{)yi}16MH(>wq_7zY(!K|WCY}De%ziiB@^Ky%2scO
z*&I6#8p*5Yub!V0=@k50yDq8rQ12~hhJB_9juDw3J6n1tZMtLmLxVc+lpG3mgv?Ig
zvGq-Xu)NY7NzT^iUeh|p8ts~B_|=Dgr&^g+0yu~8<|kckyX;Wd)>p#g_)GpITLbOL
zBMEhXox92(HdNIuFL(0J^18cRp`h0<AGPOa8f<^78^&M>*eJRJ+F!e7(7!Fgt}Jv7
zEZc2Ad5;3)x!f}<Aik+<9CN)JN;5}!;TQ$@RLSQ`V~R2r*$FCj{0=rC^P13ewCy#V
zUEBShZgE!12bjWGYak&yaazhoTMPNxT|amBbOrBk@=xyh7riw9gre@dFo{$EpHuzG
z42#mL;%36S&|~ctVQG$xx=-bWVQV$@TwgP1OxrD>4DFg3QV+eEe!Elko0z)YUhIBd
z_RKJ4&(%XBej*`BNfU4*@fbbv&(`h}c3Y7_OM4Loj}w^R%OUM@_4SlxQKRHLNNA-p
z=B&MT2li`fYL$0iQglv7#x<TM`t=B4@#;on`PU3TW^H+YnXs=ZwIwh89u~9>r8Re*
zJ`#}X_6w`m!Chw;uMF^t1N9B6cWSwqZeRACAi6xT^|D^PG6RzK+^4#aEh3;cD^ydt
z>xBZElxOHc4#C2g8i!q~?Jj1?iI~Y-Nyd>c#ooC;*|8k!F*+AmcO4QCGFGNW&PhBy
zRl9)Q!M5Y4Yd3X0`GlMK+?Fbb=K6#v^Ygui#jm7@ODhlTkpKeX*JJW<nXv$4>0RWw
z*zPm+I_u-x!Paw}U^W}5atbK-16ACV2bfeiVOnQbE$>qrS^Wtw+o+JFueVU(b9n8q
z%?nBU1M-=@o~e%Z91{!ymb1Fm+`oS<`5qJmR#`cEadEKUO-#8e&dHj&G&aQ{n|`|)
z^)FW>t7<sS)$~NrU24=EN0)>2pnZXj#-cXs`E1(ALckkl2|STkt+}?P;YA6G;$>d-
zLXhID`R6c?#YKo{hhchOdu#j1Qp(@pD&)n`Ey`$yp^czw8cJzs|K%Qavm!i4s--L_
z-F0P}Ht%w0p4j?w=eEzIdpYI1@_TpU+to4}Cf4qkVo`42i|7tpa>MYDm2%2<IvEvT
zD}`T4N-sPiPLP5!fwInX*6c>DHi~1KylTT=y2_eoyDz;9pJ|s$p@i_JozWAY#S=NB
zql{IqhzehX4IUuoqtiscK086|Z@}+_BB`wLd%uKe@eiN%-Z3YO86`(&4x)QI5N+S*
zfY;VR#tx^3he0&&2*>TOosL%sl;R(*5$0FGGP!%FOdtZep{)_^RA_7xlZY~%(?6UF
zg>Rj(rU#<|FH#?WH}PQUz}#pd6uu;=bHR0<PKXX<RM&_a@45@H_ez@t{jI%{(A}qU
z=m`9sygx@%25}?g_yVq7+=kNItZ3m+u8+j-F-M~V*{=k<FzCK5*sT~N=m6rvmWZSQ
z8vbl9l0&U!M%EN15){G26n$awaj^VHN{{OgM99Mt;RDx4sia+Ku=PgAj^~x3rRz{%
z+cbF533lbbVG_1sE!Yyk2fV;dbKg7fIn$W9p-ce*myh9Gq^E{$!RLB3*(D1Mc%BI<
zGyCMxoq)!2*X(`Ky79;rOjbr+3O2<^Xv2EXZ6%8VMcL7b1HxD1n9M|pd4R&C>@eqJ
z1Afx!bENjqhJyZWrdfwSa{L1~i)J+Z5#uMJhc|QDSVuRKli1pbLP(}7hE5<~&=+K?
z4ZpY)<z%E(`U*oezTYu%rJ7%{HtFoYtJ|$0UP)2V8hrGVdAzX?igUs{cxe=I6dC+D
zwZo3Q`q<LV0fxu{PbL&7?Wcf8Ts)!PjCm&6Qy*4ejL9;wp&k9P;zbR<R$AMrA^*01
zYZk^8sE@j=vm0aB=p^}ob)vhk-?vZsT*4XGfD8b7xi40k=UfhGSY`NNO((Wa+)N>W
zLeJ+;3Kev8PGjy4ul|T9QB`*-Y-bQ50jr`9Dt?Tf&Bm%{(EC7eS0}_MmFpT+4YBD}
zp&AY%#{C`+rp9L4XRgm4z1$L+^MzCTcURn87}YIMHqeJ4Qg7a0doXQox(BAJA<@M3
zBmsRDKHFCfS~ZV5sSk}Q<=noRjp(>C-wa8WTzS4qKS5l(P_p9OFqKojf2b%`_{k%<
zb1M*3kpt*OXyzAH2q3jEkg3U=X)VRJ;~`fbcC?pcPT|?r<az;dX}ywVRQ?^6n0&R|
zIB_7=h8|dSMZVOzhl#9gqO^ECMzojqkegycTyAV<OQT-bc|0etVXGLml%F3pw=0i$
zf{$EB77sN`X;RHmn>q4OPWI*}H6>3g?1T<m&Zw?inCl%gMOW>1Pub`_64dkRJF%<s
za>#Tu<`TetR9Jk^7Q;Ppmo{JY-JB1;6vFIX(AC^2s?ZD*2WRPbmvL7%AD1V*IECeN
z?+A#RuI9~nnj%)HQI?3L;eOn6WDejT5)SEYAVA*Cm#e2NIRU1nYGhW56k1L?27ksc
zlv!JtDL7h$R!gjmE^#LiygrWSBYcB$W8B&{iz;8orO9#Ns-Q;|Wg0}Y`k5Iy<_s<o
zO?;t>6;z4|Lu4huAu%lz>jA65^6W>6=GKMdhbCEA%Q4e<D`j9S;GIa69x6yani@(@
zPFl3jd-C+)T?fBz4F1}jLpt!@pC0-Pzz}sb&9g*AFee;e96kQM$wd{zyLZRnOQ)6D
z60-C8F50KaYry%0c;vcEp1;j>iSV1Z>!lM7nJmDsc`!29ecull;!vcks6mg8LVKGx
z+!Y4qx}7BXI>dfiR)jUj>CfwPQ=BDcY5KK_Rz=$Yjk@LV-goyTGopXMI?Ni!7J%PG
z9p{0|Wzx9>v<Ys?5#cZ?cR*G?ONjSK6H_zDxSt!&aB(MIo==>k@W(|pQX-)RC0I`n
zj>gER#5XOhbu^@n2Va4i1}!Kl)t}d<RV1i;Sf7(t?M2MBK~N3i!j;rXG^}@Wa%B2C
ze(|t=y)BrFrNpYf3ANPwNj@yeXxdkf9DnMGv0{c5^5T}Ea@SzB6|^hWf3jRjOyDcw
z&Y?nsn+s}#t&dbhs-Aduk=^}b$ZzVX#aTv|8AFFv=5xOo_kO2*YG1d28G=Xqs8_L7
zfsFvpPyykA*9k|3i<t6*uGGHHZ@+72=#9#ZboNTBs@Kx-mO%NN6#*VEJFK>ur}26q
zJSwKCeVKJ+2U|LHim+&YWt-dC*z{q8XIS8+!&YuSZQI%4dF~qc6^pyF&el;_J=IP9
zQC7ywJ@OLOCc8h-*c|kEFRaXLm<a@ED5<-cSC+S1aSTe)a;Q%GF$XZ&gN_47s%jco
zRB$+<Y|c)f4g>f8p5@(*RvN+J1vjJG9l*d5-9|@`Cues~x;hPJ=FOU!6*(*Hw5UU;
zJ`LXDU}<mPSg<X5e8IjWv@O5`XlzC{2Bsr=!={;4mP3Q83JlL@PhMO4kUM%CiV5*8
z(KyD%8iO(IywqMHwrcsyqmCArwli7|!o&n2NvGZW{3q>67hy^0h(<o36Bu=F?aWA}
zJbneAP2XLgHmxD=&8UZ7-B}ya@*r%LPM3|#`!x2|MGe-qTCQFJZ2Ayq4@k>#4VyuM
z##`IsmNPQoFn9Qi%JmTz4+rPMu%uInP%TPi@JQp@$cW8${b_hol(a^B%ig(fG_$=R
z_pe}Y9Kr{EHmYk(9M0**&UXST75sDCAkbEN?`pBktV02TIVe2;)G}v6jPYuf{Oj$q
zVa$s`zqzLSUkcggsnF8pdk$VNP+q0;_1kFA0y2fJGPC3T+hIDGR+wFXzuU*VNjjtT
zE8~+7=F8HgrclNF(mBu`_;?9^+I$*+ZXJQYo(#Nl!nq0YBIZuQmygr}!gT-8w}R|K
zFwH7!RsHBU+gP<O!yh2Vn&X%ts%>0b-BoC)L{;U2(@+PkNCzAmum*Hes0Peg)_@Kw
z<%^On;*}3R1|~#l7mzagEM#jesB|E&=$l{yQDEy+$C`PIlY`pp3|*y`Y*&8{F4`w^
zE_d4YeE*Pj(jPXkbGp>Xs&T5adj;2;9{A=Tz2aLzD@qg`U)4lDT6v%Q2gQss$rKd#
z+x~myS{zpA{pHNrj;FF@%fP`AHhgno-;7-ipO=Qv(P*i%b%;c*KS-*N4Mu}KWS&hH
zC4g{11NV5?ubNaP=coOz+mLxNd1aTi$LlMP3-|lWNWb*A4ba=h`Jd`@y4%M;K}GdI
zh)jpB#XPP-LX*FBRd!4)>RCsj1HK}o$NeWaD@^f@TbU{E#^rk<651hgJp1t|8FW{d
z=h4GDuk~eO7Olq&BiLy=!fgpSGBu{%JhDyo+`BXevkolm_DZCw_gdRA4tyGeU{0Jp
zxO0>au1ad`%Vxo_5(Z{q&4te;e@j#xnh%bk63dZ01Xa=FnQ!0r{l2;6beCl-Uu^dG
zW{95!y%Vu2)v|n7(m4`iSHY1Fm$W~8su<!&kJ{uMK~C^qs$z2zkx3gg|L2Gs>%PQ$
zsbn(nb<L_#85VJrBoH@8Y4xbFp8ROTs^3zdW4h{;9n{>+k;ICwE(O0JOk$-{2|%sU
zEL8_m*8~t4R=a6FDA<fyMlc5!Q16TdH_#YFm~?H+*6mPAZ))R;a;#N7;G|o6c6B#W
z;as~!w19Xy9MKi%?b#8#_<V??7@0OjSF`P%UD#S=-PuS#-SBlz(tGVX-f*HvNbQ9B
zB8Y#oGd5Zk7*VYv=m2w`^8Cr`bZfV(mXdqJUlV%Eq5cM;DSTaI(k&G=V`)08j`4&u
zBF0~MDm}uUr!@B}iEb@gzfKv~gj20frMPr!ZsT&vjD?qi;FJ7NLQ1*yU1LHyl|UJl
z<hLD?oKj*#jw2!DCa@Z2m6H<3@vKHmF#G)*!iF`nJGa`ZQB62EDPDmeKC)X@d`#ff
zrG4$#1L`c4HEW2KPFx%-K8EP7Ft~~z!3g&enO`>%5!n;NM^0EbH6F5LZrPoNpjKS`
zC)B7zKv*{=9?YAg2g>rr@d1WmQX_a5U1_)A@HFkWS1r#fkr<1Xbk3`DBRc}#9ob6;
z;$XS)xxAY&?ZsFbCumUla7jIM6`bBq%Cy}C1FrVjzwmi17xfy(^8q8ET5JWCnL}ei
zo>BzSUvwl<5$y!prrl4$+Xk&9SMc5*em!0^yK4SYzv*#q!S?pykl<SW9=NBzanG^j
z2H4u9^q|djI@TfAafDHw)(t@5(+#!Z(c(X&wCm5<{Bvoa<`t~Ryc+B+-O^78PZx`%
z0_wpe(B^6+B1@pt@Xf9hexv6qHgC!z?k}UTY8-ARz7)@zPKGU(_V9|cV%t1`dCd{g
zJN56KJ7x$jsrGPl>y#}$dvfFYL>znSd~1d+g^LdL5a^2c5mxF!?G^ph<wm7;mxak2
zRx%4+3^Z#ObSR=_H;rTnA~cvolNz=zu)y1quk#SnPBSSA;g@qG;7*&rTHiov6{()j
z4W`2UD`+8SO(bo%wSv+VOuZvLmIFxwjvVnCY)zaXOe%t`+rag!8(CsaXT~`l=?P|D
zj}xV#q#)sOdNG;0ofQ3s?f0f2tAViSc0mU(#y}J0R4$t|+gv#~Y4O!=awL~e&P)hY
z^=$m$rxtL7?q5sMaLW+QtUt7Y8h3fn6%JEjIBv|_1#jw$%ax=)kt?E^|1e$UKK@!B
zjcQ)Y?-=y1@*(#5jN<yxy5)VkpUwCAf9vMg1hq27AQnJS*<}mh6F{%Nk!Q=NMX3qV
zVA<(xMZ!#=kR<(+kuY_2lRaHD)B3bFXgt%CxtTOxYE7a0+e4kj<hgZUA%);!qN#fD
zhwSN@zkPM&DifileM6{{m7SAFmacHl_*L%3Y)L1-S_;RE0l>-9hNI&!3JnH#yj)R^
z{^+Ch)gO{iTjE6Kf&{n8pfAUe(^639o3zW;2M4~ym6C-HohA0sP`!!8EiJxENVP48
zx%rEes~f~@(P-K|gs2&I&k^z|6X-nG()3mD<xzONs*u;s5wA=1k-|O3Z4T47h+F*@
zVJ-^<0ei&q#TTL$rIK83|G+TnK7V+17)`D~wtTp4ZC}H?dCd^H$z8^>Uz|qKFsk$)
zh+!0cle>WRKk1lBya@1ee*+Ye&0Cn{yh}2{M43AY-PsF`&)J^a;Tk%;-6!qi@>0gx
zh%0-HUjJ4kn`VhH-blX4!3<arMPadmg(@@(aSd9HQ?9Pj*#5kmmQC-`*f-uMhT4~t
zPLTONCy?9dK^>~|s<}!!&IOm}z7vz6VZ*X_#2z{=SkEXCySl$RD-$`WO)-U~{GyK6
zhjHd)iGz=<@pRF#z-%lL_gmM+TD9`0nBcwg8__rJ|Hcx~<9vzU$M>C;(Xxm%1vk?u
zZ9<9(esj>S=g0LpzuZc_#1?fcF=#k<yhz;5;As+#+g3}_l!|lyzUYqP^IT_Z(0i49
z!cH?OKoE6mL-qqRrIKH@BrH4@pJ8#c+FQvr43B;2Tbz^<!|S@6fGDtmoV-;^Nyp+E
zRHn&qQCx0j-oZTP<^-vP!sxU~@lwOyGRhdYXz=HIRO=ZG*kB)gVev;zj4c)lvZLM(
z<AWyF7TtdjbVT}YapY9{*WWm9h*v649;Yfxh7bxqvXb;|%XrBUmZe1<r-ZNP$;~m5
zeqswzvvP-xBG>#Y2Adfg{$9P`!hR9icWccb`%}(&pDcIZUg&IhOX<(`;)YQ`vN0&Q
zk=z;n7g<N%ZQ9p-#L<@03!fB^oWmbKf%k5Ct`sE%q6~9|5W}0b^dfZnroC%N4evJ%
z_j3UfhnckEiE}Pxv|WkTT+Y2<tukK6f%0qX#k4YJj!k8^iZf*8glx+SuGt477J(Ti
zpaojOT1Bec=khFoMN<5(g1`s!qZYsOFGj5vV00`*5Q2SO5tDf)0tA|si1f{x(``8u
z{BWNLZlki=eB_6f^G2@PU$n(Njt(E5chpddmHd`x>yA%KNELJs3AA_Cfu1-_4;|-?
zIxBIV<)c9m<BfL+0<Efr*n-T)6m{zBqMOZ5RBg?SlviC(;F|*fu4o_WTNZ+fQ&cUN
z_t?9vbG0an@L2P@XWK%XJVPk=VbwzdRL!zW<piq-idodL!Bl8TcbHT~DmbK2W#E<O
zL{3Qmat%#1AoE|HEHSx9;t9M_HY*K5R^MRg<dDXwr71p!N?SjsdXDI`K8!o^EToaY
zLo1iq5^XHjVKY-m$t*$F&u|OJ6hM?iM6_1;J=*uIOfYi7NX0OK7ZnZaHxXBSm|^US
zo;%H@YHVcIcHS(}tNL&my|=yC)F~o+(ipLw!nT~V6~-reB3Yk(?@|myfxUz$GlRoi
zs%i!a)h=>X?DCKEgU#EO?fS+m`W(8(s-4Qb1n-oMn;1sZ5~DtN33VSHK&w9-`w!1W
z_^W1mf_^6L-1jbajAu}Tt_$<_)q(R2GA<EkucjS!eML`NEM=(|?T8=uhnP_P;^|1X
z;^!r{9h6_~4m_WbXO&Z%7|kSKf75eFZWpRdsy?%8z#y)7Y~M&r9E{}uhLc^3(*C(3
z^ApSqgrQ&{&upxR!2JjS0y+Ib0Bbt=Q~$|rQ#!V<?yqe~T##`9FaYF-|CfI3K-Ru)
ze(nbGe|3L${p6nl2EOP2Z|;u(!ug32UI2;K5x@ZZdp}#<yc5=8RoU_rX=)SFj8xi!
zz5Mfj<ym?{QR$XMXZCPnnm<B}hz=N^OH&~REz?(4s74})c!>WzzKjzFEUfkBGbzK~
zV~xr!&}RmoS2-Aio+!!-GtLRYiBi1=w45V&j<bCV*A(Uiu1o|XnuuC(_!F22hIa|a
zt0NV76I9Sk9#Hu#-XB3RK_!S<B&&*y>*q*(H!e$wt<bGnEckyv2%B&OSe`RuP5i{{
z$et=S=zcd|jp7pX^R-^hxAa!Ur>dlO9~CafsFOaYrTF;yAQkN+>F*YCjguQ~vOQ<R
zwVhlxTyn5sBuqihINfNhKg(7?5?Pyp<rYC3a={~s!U>O|Co9115z-;bs(KWBD-dns
zflB5RDyMRjL|km#f7v>1t9<J03`|JZ*LM2z*0{WYA^V=C)iB2v<y^^*%dHfYRxMg&
zXVF;EXK^Ho*7GEaI`|Y;%}0m}k!Kha3y%M8X?4a03MKHr(2{^0IAqyX0Gx{>-f$p-
z{g&5Db0i=9Lba%k+vo9=@N#ZBfu4#ly_F|rR=7YUugv(I+X@#=<_^<%Gs=1pkU9%N
zTR_J(0dTXg<QNSw*jEuCUuKolqW<xAk3sBOz^~IOT~u0GHrO_tA+h)2zNlDF{48P4
zwNx-!ap|X0ug7IL?03N}=K9{8%}}BDH`7S(B1cFe(6fwq;+z<!F9>}Lln}*xP_hU=
z_O4ROnQ~42cVa#oU8t@i{jFppKLOrLueoB_G!Yd?S&L$FT{P{SQM1Tq3DXxPtsI~U
zcq1fPVDXf-E<(CzYealiGI=W9cnmwxdhtVq1}Gij5B&5%_YK&75dTAZ0HDthNjrma
zv&8PF^ZmbP1a{P+{F`nT?x4kqtqp<uuhYHCtLO*7m$f&um%?7qvmlXPWR2znO@$##
zT?2>s8pSRWUx-2wPS8k5Y|xwCqfN(M)ct4M{zdr3<hM$(qcOj+*`bnhTx!HqBy9{{
z<QEVHzsnr_1MpzqZ+e6(;LSebTlkMa02V!-G*n~XM;%HPICj5l9Xbv;S-+RKC<=)H
zraYc9u!{iG+^;5}D*>`O)CWLXKZ`x`7SMA)@vSj8LhX>&t$;V$?vUI+u@5%*(Ud4H
z%x4+spPwL!@nUI3UW;O9bx(4#l+E!pRHd^rYE@S%x#eI>sOHuVweFHXD;pLtP174X
zSLIKt?-ifRxIDSJ(z8XYOIhc*j{$GMK0k3N#l)}T6bp&b1WIGT4T;tyqvJAn$==ND
zLX2ezb7LkbY?)X=F%~0|2SFLz)TXMe*qJ)h<Hu%E>NeFmD=?jfJY#q^a`h)0lb4lG
zQesY$?9<t2Gae`HSu-}*@UADFTH8|BHqR07E1#ksk>mw<GSZ84Rm}J_vQ%?eO+Y!4
z2n%ZUQ}uZD)AeGyjI|M~>lasWPbKbB-8MT8H!aTt=$}o#@V(i)Yd05iPj2s}pLWtF
z<Laua@hOHW8n`RT%|_en0M<kqGpTh`*LWR+SrC>nltY9H@b19Z{`tQyKO2%C*s#C=
z-0{3U_YEU`V}1Q(gHwaQ2I5Bg5O?uFFd$3->|a3C?i(QqEUIAiD8h8tP3*;k+plof
z*YLaBJ`$IKk;`?EC6KoBSxoo3uw^4+m?TFmeM;l)N543wj;YfW^%#xYqeXIQ(wO>+
zj-a`<wQ7pPpeAF8AmbHe=tt`;vDhdAHO+>EiieS=9TZ>w+|*C7ifNijj9;K~MU1z~
zMY0E3lP{E~=PxOpQ6vYoafd2|Vi=@K;DClFC5S<{v)PC@;w%)gLs99{dS}9%hca-G
zE|)UPPOv?mQ6FD1kK~SebIy)_qN|%G@XYhI*6;ANtMQt=d!0bcV-TP67WTI;N1Fr1
z;m~5MDJzTOh|F7)M`>9`f?_!k$@mJ*ru9w~O~m7{W~nC#|9NEePryp%Bj8NVRFz9;
zTvt7cPC&ZaSB{=B%;eh{Z=!zyrsy+3|C#TDl+<y5Zj;XD*|;_8ux-|?x7ZwHU0s>{
zH|+Av?BXhSdg18<I(p%DN5zT90O`LZG4_NJB~a#v5T$Vb{f-y^C7LKfn8Lg;PLM?1
zFix2EOOm1}8=A7bFcZttLQpAlJ{zs67`56$NNZz07v8xTIcI&8#<ngG@4=X&yG_W>
z)-elW>j>}pY!DgmE*#{+1QWtzMk#kbZr1yd3gmQ_ADk(i(At=M5OV}llrd8w+JKr4
zV-$3RDPdgN5IHP;RJnvc=FEGKIq!uOIb%ZlxS<bAZOeWXM6T<01VRtCAvvYWgjj2R
zTo>Lk8F_|%Ka9_d-Uz1OdIa1l)+w+E=YVpReHP5M9-9o_DVS=i08;C6tjM3%c`&5r
z@E*v^lqn5t%8ZaueN2PaF(qs3h)~XBT#NTEMZot?%^w)GSU-eZ*#KHCm<aWc`7pVv
zL!?^ZFO5-8lJPOv8G~_ZRjQ1PY?VmG`h7aTmoSjs*M13LD1vZQl!ct?Duv92lmh8U
zjUg%B`t;SVgYJgpYMdiVxmQa0f=K16Unv#RM-}paDwM0SmRFvI(b|v(`B7+ElNMwO
z`4!ZAMkXY)O*R>mWp^L*%G18I5Kc)rWK7qcKR@@Fvs`!GyCyZbm75Fou57NPH*z(K
zF!#~(lpXe1^5%_`&^3J}_0)YqD)RZ74VETfiGatc>*ZO)4h45$|4#Gozy?m3Q-d?|
zgY|*%!}{j~Pf!9BfCRxHQRh;WbhBb|+w5a{dzf>%uF_mV)q=KdQRAnjH{Ptl$4mjN
zAOo<VO!BNC;h2b~{OJLanCOui%#oPs)Ba@8t=B_Du{%kvuNrPTURohB&{3Xumh37!
zo3)3K92;~&B_%h%-?L?QnSW~_I4&d_bDW7cWIz1YkhT4NLxL~f;LM$L_$}ckm*~B~
dGF@~ig_@1UOiP0A)8*&=0i@HfC;hXI{13*sWP|_!

literal 0
HcmV?d00001

diff --git a/data/web/fonts/source-sans-pro-v21-latin-italic.woff2 b/data/web/fonts/source-sans-pro-v21-latin-italic.woff2
new file mode 100644
index 0000000000000000000000000000000000000000..9448cd526e701238d1dc01cfdafe0afe5a4f3205
GIT binary patch
literal 12580
zcmV+<G26~}Pew8T0RR9105K#04FCWD0B*nl05Hq|0RR9100000000000000000000
z0000QMjNpr9E5fTU;u<33W0(s=PnC`IsgGS0we>7a0DO)g#-tREE^+UCDU!5AkZDS
z6OYnLF%n@fD5u!L|9?r~Wb9lW+^V8O=xl2u7T2U^iXo)2xLnwdI=MXPd)~8QR;J|`
z<kRbgA4$<$iQGu~yY{s|%VznG7p=5Vwrj=(@~4Gu?DVN;VB5%_<mBby|NX0PpZf}W
zt*YPs1&)~+;jBsND40ly7(ocdGd#?#e+z0Oa)Yt4HLGM12^%AFR7xutO|)oZV&;XB
zcSc@X@zv}8$`k)bu)i~}Z2=9i<I%ENAYsuem_Pz?<SPZb{y+cg&pi{%*p-RHHrvW*
zx|&XA9^8T?)$qfA>61`yEw3$r02OsUK}UwR1BP?gj&x>H!ZX$r8KjGj>_akyVOAr1
z{m~H=O@RE*QX53joy)Jd=)M5{8}M*Z{Pp`as1TAjhD<b>ZraLSg?Mg!wG+|(Z;{a8
z%G6Tw)7TqvaUQ}O-pf)a%6Q1dw{rG<ENAn@^nkOogC!0Gspo<od<Rg5=2#CBGFUG0
z1@euzq2!6Xcf5ORTqffpg-Vqv`%p@<3l%Dfy~}e&sce|F4CL5bky0{6f12~Hw<Gi7
zUV8*rO@$Gz5W*N^LVAAP%b413=-%}co&*w}ZiUR8X&@VI1$+)geZCKmpaL)eKoJE>
z0zyRv!o>}uND+u?)gYQQgXq!?VzypTefmH^06lyr&|@CE0s!+m)Y$@J!2$BE0O9%o
z<=U6+950dp6v!m%e|uEZuP5&o4FU@2fKDC;aA0^h;T=M3z}E9T<Xsm$btVn=mxt_u
zNpt$$hZAcXp$1l_X_-@67<zZ}WSq_Q!-k&tMUs(2OmBo#Tm!=L<d{o&LW3K`sjVfH
z0&@}!3G=<@TMhlOg0=1z24KlD&nz4vdgi#Hg`#EyHDy7AW!7~$1WO3N@j%2TNe}xQ
zhw`ztQ0HpvZo@2*ocz^bp(R#3<FAuh6jFqpmyyUqJ7OQq&#)=BW}6WrW2#bRnGg-L
z&boy~7qN-CLc1KmLfpcpvz1f+qLmNi0#bW%J_dN*sZ5MTi&fcNYCd`5&JHqp1shLO
zU-2p1SdQ1k(wIWp%8A>h(wKoyk;eq%H?KlVR#sXHY6;s?YJDa}!U@3T8Mmgw(<YfO
zfQv-;Kz^)Ix+|<be0tZ^CfTR#|M~oH$D<Fpk8;`kJ)2&MvNbh!A(-(h{oFww4f#mN
zt$)KMj~4gBE6#KM$QxE*OYd3>h%J@t$s77XuJU478q!0fQ6ok=QOM%;WNGMG6snri
zLs65T>A4dG^$yC&dPg&`Byxnk>eKemTEbCE-1K2=WQ^=Dp@^g?8j(F!P3Ejhw%b9R
zSBU<-R>_j5oQ3~@`6fYL_z#Gxi}ml^FL^!Sy!c8s^3|Fe?V70Hz;yo0oFF>dfRSD*
zopo}_+C3&&jz(qJ(vUp1&g$ivTrh6W1BWLLt_1gZkCyGK`^?9v9c)pqSsNEu@Y`M|
zzdMs#shL)au?Y}%`Oq2txqyQ@!hv9huCwq=_T0L6Zwm3vpzvbjoX?BL_UrF~ZCD|o
z@l^-IT5H3@kjPa~J<go)nG-)ZiCk=t2R1q>n4t8tvu&l?<|-I9pOw6+w8^)QTj{pL
z*7y50$vaD0t3$Gw1y?#YL_HQ>9d8nsYTir5JHyNR+6rFNnupTh`M%w~=1k)APooFr
z`?Z5Hmwp9FCO~U#$e&Ar@7&>qF(;E?7d>Dh=DB6YLRVi0)_>6(*P%DYiT-O6SG;2D
zeZ$QWZ@f(3Z9QY$>Y0E=yn8*<Nk79oZgr79Q&ZZ-awBXmjgfC}5Myad;^{-@K=Oij
zs7aXZea_a>^xtLp!`(Mak8ffFSt5yU{QN)RDaaXTZqqjTs^4S^^_Tt1Y1S{oa_k8~
zyT<PJ!)@v!$==t)0Bw=rkYa?3mmvxPSt=SDEIK6|H8lY%7a@;wGSxacb?a7Swm!us
ztyXTWwQ8)lTdn=}>vqsVJq|l;HVCMbsDKVYxvjYXk95+yAfiFVi3gJi2UxJFaBe7V
z0E^+^QVR{j&liuCE<q+Ly=R~U7&|mN1Ow(>P>$ss09b6qEerG^K?7QA^}zzL1n8z4
zO2U+cB?akZ@Qk7sJO)%o3ZsF<GSpB2)6fKwv!#K6IwWB!Bo=lc0n|ae0LUagsVJ$^
zVPzm7p`d|C0CzMu0zx#5vA~$$p~+I9VL<T3@rcN%pgUp5i+QJ(1?HzI5-k^_HXK|y
z1@SN-P#Z1^1jv!VB%lrRh61n#=q>|GVWZrFG!H+csD+IK#Y`GVtb+I+WzZjyApQ?r
z7<7*AaoL{lG&MZ_I%m%sT>ucL-p3&&`PP`bw-{^RT=Y#uo$o^V)Nv=De_gKVdT2XO
zT1vx690+>L9c%lAHfx2Ydsy;1ZxCVDSZ9x;j)Q>eg#-)%&@lpd+_SmEUPnfXg%Br!
z_g5uy9h6#>ARXH*C}ASRhywI?qVb3@4k`RYBR~L?<?*Q;z&N=qFbz?j!R{Lm3T_QT
z5bHuPdqPl06YxO^K`?)v0TWrASt*Pzv`F@k&z!Z}Hq*w;Qb7j_rr#vsF)Jax@}+2z
z`lk$tHHdCVvf)W1l8sIop8_)=*&u{r2od@R1{X0jzu|ouS;Xjs@tI&o2gatEm;^zE
zFDfSsGcaXvU}(Zf{@6Ui3_*m`Aml_UzoOkJ{bJUrofU>htB$ZHCB0uR+<<DEG$8=E
zG!se_vWA#QMp>@R00%V?gc%+rISy_y8wEG?lEW58dd6mgc=%ihpr_dFpH#di5;P^u
zEhY*Q0rbdopADowd!^!KZ6V_3gx4uB26p7aT;Q^|t<9jRDE_b1rh|$XdtF}}0>#g6
zt!x6p7kS&&+zx#5{b&RZybvISX%G!SxT<U_IDbl@BIB_H!VHwP7V=1}yQU&RQN+bu
z7hUp!4_$V}Ro7g1!%er`b_Wy`1O)JgCm`S&1cGG^OtRR%b3pOTmO`RlFhsoidSX+w
zs1T~3nrAs+xTP3><_n=RB!kFGEkL`X^`aY2Q!&?_#9~aM5X~uIHgwUQo*#WHw#JwW
z5C>8T4?Ic9CFMus*<qL1Eq&XaTX6-DOq{cied1G}`P^Oi-1op^PdxMp6wG(z!&X4p
z?|{dIR(4{rVDV*42m{JJ&7Z|te&3i<N*FRw`pv3pRNc}5tor`dMSA3+!3!V=|0nc^
zOa!3%AQBb>$fE%9U0DfO3<f9w=8nKX9;xA_2RMmN7z7?UokHb$&3Dcn&-~~uL=gU-
z?&b2ZJYF0{=o3Z+3?YL+BG3pTf`VWobQ1P2ArU8+Of5|$rM$_v!(x02dPPF|Y;oR4
zp8F|+$muD~xkExK0lR911bOyUATL;QY7W^AT}1rT^uHf(RI&B3RqnVKW6vK0_~OGC
zt*)ET>s>p(aJ!Vx)_vaSY@pAceh$TgZ~(3V+yuDUe84k+_W(b8{XYB7H<lDu+u)2>
zzBAYQ?*8@kj-RZs)1;%Otn|Cz{9&!r4m$3Tzw8SDk2~gwzd@|=mDgVS!U^vN?tM>f
z_m7=UCd~i*>74U{_}6>(B*IzG?C`xG{Ae9N3o9Et2d7`SczF3_%Ms9`OO0A}>NRNe
zt0t{xY16Jlw@z-&rfsyvCYx;qi1`3zH{cIo;uA1)8-V5nP~8Wh2`FImG(IFb(9QQ)
z6fQ`9^GJME%ac~UlDk%cva|@1U*&kAlYkuvtzx59u$U7}m`6}9qM}GVhl0bhPU0V^
z2H6h`9MqYwA>ZhHw~_la4zxCQ=)f2uA61hQMxia!(-qlhwW{ixQL1yE5rLL)#$nK^
z4B5t#kEtt*fl*sKI_~JO^kzEX=GZssoOM;Z@qn9PNYMrbHHn;G`2jfU(N^dy%dXn#
z{+|Ihs13t?p}CED266edr6Hs8c*3ApXqp(Eyu3KGl<s#ok-p58x*nTI*46s)XlugU
z+lDgZK8B^ZKB}l%q6@=9uKUS(oE%=#Ao_fAVL;>+yHe_P(pWma29?m!vKeFsVWVXM
z5nE|Vtuk8s$s{-n-9z|2ycdZMdbR@m`Y&4L5kUq$RC5F%`%>NEk`W8PMZ4fi?~3`y
z$KV3G6!!3=yKKr;fI<kccz2}eXcQnMAdQB0l-=P<95^UpFwvGe)Yc?sK?ZD@pA}a-
zD;Mn=^#RBdZGYKt>_bXJhN!c(AKhtzyt>yO)PZbf0Sk6Q$nM<(Xo5{`XD=AGpz%rH
z>UfP=RpeGX*b<BJx@Pa6aEUb{@$>1Fjb85S0u_iETl^NSCZ{f9+3(%;R_nSP?h`@^
zx+fX6h-;7q=m2X3S)=>Kf)eeW77A}nupHC->;k-ib+O&=o0h#`yhigG4&?%ZOb&I}
z3FS7(42o@$Z}CJU$Y`g*+MfIlj#f(vc|GqgJB(+r>d3nZ^q~N2p?-}7UdKMFz&f;n
z;U?62nBvm`v}SCjaV1oPgG6|v!10JL#SH4Zj?<};#7s0!=OJ)U`x%r?ISR857@0Av
z&KtU(_!oh_HVmoh%;1*Lux0R0lwdyD;z_ikYHt?YYKYJP`%luX(~fy@|4hCK;NEt9
z$UJ^l4ILx{@9e7ArVVmOXfmN}3I-&xCKT>+Zo|RsMz=z8zOM`1=_M$kX%?2VY5zB!
z=QmvAt1ITRz!at;{ZQ<h95g)sWq>=50g=Rg_dA$jzvE<kH8TXxxI45tYpAyKEtsMP
zPt;s_?)5oGtD|wcFNZxHeKiv%AKgiXzQ$Z3&Y7)CDE_z9xYb?QA==8VX%vuRku|?a
zCPp_R>jr1<LA_|evNg1uL?AT93hoesBnYo>Ej|!(vtQL^Rz0k%g8p9hp9CNDJ}|XV
zHyV9}67E9xP&GQV00Xrop9;}hoS<|597HO4!&YBmil_a$K=ixrV<QdCGL+Zei4Kzw
zK!VP)1ZD_BKqgU5W)jDuY%_Odxu=?IgUV^cDem|Jt>YPy-ku6Ru2JgZyc~{!X!C}(
zzSE|!WykpR{yufSEJ~+D;|059_VQEw+DyTPgerTbcJr*ev@_pzIc9ZG&l{U|tcTvB
zlfQlYwCfh`+&SZnJ&anDbAY;q;?0{U72LI3K2}`2Qh9!6IWM|nt{8cw2p=!UQr0ZW
zVY*jJ)#{Q`3e$f$$<>SNJQ?&Fx`SCCGzm6T0l%u?UoA#rG%2VDx^En|5+QBejh)<p
z9|1%WC^X?HO!BaegWXGR*t#)!uvmcO+0Bh@=aUliFt7QXow$Q_7%Xh^tNrT!?M<*Y
z%o_5pZj;)pz81}C+@*({Z6Z;azrrjUpyy}7yrVf;L0{1!pem0ngs{w?@dxvpN~ekz
zQl70^yapUF`_M)MI+1sv-d+SqOiKl|wDnCRpd-dZ5X70-x1IP#hyCg3{QE{H$S#R_
zjsvV2Cf03m+tlO#k8rqkwsMGiP4b3gmZF`uH+XQEsgJZiML<bXwxqT=wWo)E+F1LX
z5bZ(uuVjzLoxZMrE%lKcu;^}8C_)V`Qsl-$hY^;whsqMkriHd>_~p+106u^pK0IL2
zQ@f=}X20<Etsh#C?wA+4^19f&mAR`Z<vB@sAZ=N~(<I&6F>qe^Dk%GyQNYT`4OHEC
z3#l-vWpb1R$JlBU2AgO>BOf!8r<6DRbj6pHHj49XPq+AAf9@6;7OnYTHAhAw^Uh(@
zORUBatgz1{9an?3;-Sh|GuBr!y~3H`9yId{++L(x4DE!_-fF#ah(eX+7D{OLDkeQx
zKhS7W57Say8X$K{%g-Q(hHIYuW+xc_6lgWB5aV&2ScNO)XdIQbCq>5CsuJ8l9466h
z36~_#2@w-D$3K7m`n=n=Ip}yBBx6#{l!k}z(XC-qptmydDR}iPdZnV~%CBF?E*3i+
z%x0L=fOys%O((j>VUAdIH)nkt57N`NlF$njN-93PvKM0P!t$J)#Fqyu*g^qTlOfCk
zD<CD9g)WUkoT-Ry4x8qVPlg>Dxa9~O9iA2j?4gddGb_C2n%e)W!hiKH*;JS|l<>rk
zU+b~<;Z+Bga>M73OtNxe5II>qJ8Y?a4!%+-K^t`ne9|>blMJ7lfp89RNvthU3QWH-
z=-%K=s9W8m%DG+D`b#yJe#+=(Mq$v6AtA9{EwUw}7RH|JOKr)mXSIjaSSB&WXe|>B
z$MG1n(uu+1+)K<OpC-EBf^R%$7END!6NVenRj3@|Mzhav&f<B7G>|u>ii<c)yHug9
zDD<nQ-IEk`c28~X9tTbM#y2T(+J@A!7GJY$A!zn#ZJgbZgoGi~p?y;1NF@j(DUcG8
zJc~vhZP4LpH{wmo!UV%LI9bq`P|0E&FE3Fgkfz3)9Xm;{uws$rByWz^Gi6g#Q+(2=
z7v%))qI;E!xOKGKO%4G`9iV?r@MRKPlszoOsn@Ts!}GHk>Cz}Vzn4=w_3E85ndyYO
ztLt^DVDk3p%};83xm;%>-=YDJg1DlcgADptadSe-Y&*(PVRW`Erfb%YSkR5hgRyz;
z#_%`7s5^L4mMDT??yDy2*nf~Kq1Zk$D5?2`ddh6D8{|dsX$bpS1r=3P5Rj^-aFVT*
z-~@@dHC#@CDbEajU%EQgE`>-Df>mbKveXU*5~xQ?Ov7z>uFuWizRtkrR$(GP1lFx<
z=oNx3?66A>sM;uU&dwGTPxN<09iu7Phdps?R7Y=0jK)!%=$2)?)3I1svh0~jp5j!J
z<%3Z)Ti~?*G=FE<>EqzCp_vDGGxXFk^aOpzUdZ8i{9eE@`P6s4+(e^QY}#}jF2^C9
z)&yY1)dU$6B%^9bdKE<{iK4FB!Z2NzB2NavL%T6XdDJ&Mp)luq`u$hjw)JDCX4C8b
z++DXP{r|D;?lCjFH#{EwoBQAYuro~mq`b7nW2yC0RI4beUJ73;tPvfo94~Z^XD8hJ
zs_rHrFCITs)@Zk~nMMOk3S*gdGP|X?kL8hfm6jG*q#TpLQPhyqUfOJO30*3CCm<r7
zwFXI#$IY86=$>nF$$VLJ@_9j;qEw}?B=@M4#A3TxNjKpCA!>@*icWm*;K=ehJ%MAJ
zs#<fk!Q4K-VO6N4rmiw;*2E3bIvnG(pJVht3V)}$y0Hs`{qpB%{ZC3dU?IEbPR#c3
zrV6_knzNO@tid{74P6sbnUtOw1*ya-(Ng+(l;Z<;Zp+fuB^01ek2IP7UAhl?G*Y@+
zI%djA2b++J>?}9)(*cH1?TFSD-Sm{)iwjh>EL*b92(uaUfB&~-DtlgNU>W<-WOtW4
zIoi01N@Sswez>{+VyNVKlAX@B;k5dbaL?rVBDSh1WfEQ#Q`cv2TRY*Z8O8wI7t^%D
zROCE9{qCu4%n^7_Z2hFU9AqF{I#<tia>jEzJ53fxl~L5|?_}aAJ4^<HB&bw}h@J9~
zz0)%Tij1P%)&+g$-Y;&m2YvRMh5SIhC_-l`tFHHY<xZik8j!?Wc2hy@Qfwy`56T~R
z{j;5^-kikXSfl0>VPg)v+nQ|pFhqbUj+?pYLg@N$$noM?W`9w0b549a*58=Yo|R$@
zRF+m|Te2KnTRHdwjji%IL)QZWsmf=RQ7)LBoOKGDR4C3a5-62rqAxk4W;&PZxsy(d
zl{neoiY!uvqOe*7c6PeXMjLKK8_spQ01jEzP*;;uDzmqG9Ni-%i`He96%-{m_$FQ1
zE7M08%?6{2aWAIP6wyS5FBP{;9d8T-$3a=-xG$=X3~dy{t9Xt6nL2A^9jq}6E@3u^
zM(f-$<CWnP6o@ArewW}3KRN*@|N0x10qKG2Q*&Su@vnRK=6t8`bO)60*8MUE#;`;#
zI0lA=ZyUya?9)qPP0L_aEK5h<DSyJa=q<QuH=Z4%8{D`9?~K)hqez{zFxSGGZ7(Vj
ziZZVNI9pTxS{q@7Q}VcYnunud-8Uy-DF%kvmQgI!MuV?0^9q2ew4+ztv@<DXP?ev_
z(K!o(P|CaJCnK&{r1_6Q@-Zl!FC;{8551MuB_>w8D^Sjru#e>5p#^aKT%)AbXpor|
zgaTi}l#622k*vnU;!3G!+~ZfCR@Tk&{Mvqr!Mgg8nceEhE@JVeIu6b&#2$64#_(PP
zg^3#||KtN-##+i-%r*uaKSq|61OO|rOS@YKkMqUa-8pK^G-l`OJqg4`z418}XDS1`
zz}`oKTq;}qj)_Ru*qzT(Yjgc9p4yw6Yh-rV@{0rl+C2bcYpefDEN!or5y(Df8uLyr
z1WVS@g=SnHU-=Edk6v-}zWEQnIGfAXh;=f2hg#xNvP9AtrwwamJTc|Xy@{0l5Be9#
zzi_=1<0<~GwJog|G$Hlcg#6wH_uQ87NLXS5%ojpT`2oKCwKm)a_vi3wig4?<c|xjM
zqLU@4MQVv#C11CukTWr5x&;LXV%zu3l59TLoF#sW-jdoPGppSmDB%dbr9<GDXfwyB
z7q*%V5{qzZhWl>@Q8x#VYRh1r0Gk`L2SZ4EhYL-p&DgXZ(BPXx<$Nh70K!eeCR{hv
zoX6#|ZjT0!ZUXVe9o+R0#qb+W6(`MxG5(36I5pp>gkT#|P%P^Iz2#3D^A;JieEx$`
z28*S$QP^BN`OG~sgGh_UXXO6;v69W<8M7(iJ)};<iIYdm60EzOaPl%eW?A2vd9oB@
zV#XO#?7HpYfBXRUBGnSTG(jUoRTs*_Hk^g!#077MxBG=)vE{XkoGJ`+2;nfYjXaj>
zhQ0>%q}Q%E90V94@D~{4&kJzQcw7P`)IUx;z4LLl$FIv`qM*PEgTKUD|JM}-*bg9u
zFFlOLuDexd_s+jw1seTVeyjM&%WCV2Sq1++omSEg!ahR$ad#j!k*ZTIO3eAfMUB@*
zxJYm)#hEZ1@5057DO^?-K=c{<p4?K;HT1qY17v;vzTL(E%wlg?aP<24iWpr2<FnV%
z`d7l=G12;3+J(!DF93IYX%${yR5lM!7N8x^FBO*8J}a!&$6(FMp<YP%NOmf(nRkS7
z`NW#I5`MbV%S^e=><N%FFuHus?7*>2m92YYbWzODp2g^&2!Bs@17>S8>*K9QA*pz{
z)dGpmXdN&^<@jcK%VIxYy<rs~FP`$C+B*uG9l1Vx?LvN_0k?*Ax3s3-=aJim)_O3F
z6xmgBbGCnsRt)7NA=oV(yctcl1`4rkp^m#CJt*W#^%dZv<45P1%C)$)zE6&OGI(OY
zG~&Ms;WXaI9MVF)P0&8AntUSS%U{xIbs>{+mv83Wxp0SGgVs}&T4>b!QmURVv|#gd
zAUCx7F@1{U`Ci?AWH2>r;!uafpLM@jgrpUSc`_a$4;r}x+(B1yZIPK-JF+5<K<&^y
z{<l&uF!0oKTGPEVRNO%M#bYi!TOBaQ=y3IxAK9LCo5Awtn6G{erdj!ai69UFIY_EC
z^(#^Z6`xs7!`;7d=^>tQpr-pEfs~#}DxjE$s{e7-MZY60$d$-cew~rFqrP$n8vV(k
z6Q597Osj(dW*rsF9a(&vncWF9bLMA?oGN-r%`XBEkDVhC<3mbMfRjae?F(<0xL2tD
zS}vvjaYRl2cw|EP*V3$bYOl*mT&Sxmk%Oq4$c|Ozzqk^-^_`j!h4a<f<KIU!A_rDw
z#bd$x7P7mA6k|5z0%>5^x!hf@s(h+qEOB;Ujuv-XzU!U$lgS_V#@fzT>hK6-7a0mw
z-l`ClTr8`*ZosZg&;0QR#nl2mjlJ{F<nB^`B6d-h>C%?<-I^;)i6kI0&XD5Zd+Ru@
zhm&5|_3eS~wMc=LtP@UVmO|9Y2;sYIqM^<14;0<rtsbMB*e1hiWUy~@=_7bO(TiC=
z3p!7$rXB;Y{-Es(eqT#Q&%&_e4nECMm}AM}dY$S$m@FAD=;m{?in$_*%ddWH)KyrA
zRF&&28G2{$uZ_?Df9bQyGTPWSZa<f7O8=`tUt9B3X9HJIXpvGXGzE+;w!Sipq|cX=
z!{b#*-)!qGHAiO}jG|fCev^?E<W9{*4F6gIm^;H|PueB}$dIx_z4#nJ%q#Pa_LhXW
z`CK+jLeLR1T2BP&{G7aelY~){UDnr{V@*ct!AYdPO7}Q3WETlcL5E!A*H^#qEu=SP
zFjGW0L;B^498HNY=ryPvMfPO4PGJ?QRrz&%;Ixqrp_i1b3wX!<XZ%3@A@y`|g038{
z?2v*}NPUUsW~xsok}<6emP@4hR*XOQQ<Rs@iq?NEIu)@Y%~l%ly9_POD$sk)tOy8c
zXGwOtRHzfCd59VWy6#1mSIR8cR<O5uyPNbniHWb3rKyBLgQhpeALb_$t${p`Cab<w
z3ua?`?3Y{i`@C5(`mxE1;;vJM4^d6v337vEsZAze+Ku9J_^F4PQjsgj5Hf6dj!vjE
z=eEFAv)?5tlsV;WY?W1M7xFroY_mcle26ns{_CMr7aQnR>3WAuYEyxc{Zf%mnCc~R
z5$I^cFHGuLvOVs(*u>+@{?-U{4VvEQY<LcdXbI$bv{`i}TBX#J#SCdf?3taMpWtK6
za>!{RbpdOOv#-J;&9W<~73xCfW@m56%w|}Ol35x3CL=#663uiT4ZI+zYQnWo<|0GN
z1@i!6Ua@bew<yHU=d!=$MK<X2N775YWj(E4E5feFWij>p-QLV-{ldx8;<i)z%Y|)5
zqJ~kJMl5PBD$NO!W)8d<u7si<pwehK%&`o6K`W@fl>N}1Sd=?ocL%j$jgD^0C_(aj
zQ&tw!X%nKFzN#Hq)bNi*F_^eYV%XO$&8IS+(6Nod(OW(m$C7Q+3uu--*H{L%`L^Eq
zQx|2nUC+<kdzEEW>BESBG2!|p1yuTNI<7Hq-r1H^sxL4lfeq)^f<36Uu|>|rBF0*<
z?Fjl)g4tQt^ZVy~BX%Yf8nd35h5i`K|NPq*@$;rbpk?}rX*+H9338QzvHLX}4{Vq^
zJ-Q*V1qkn-9`RCg)(eon#G)r3U3V)y-!bpR<#c!l7@A-;a0xf_sEl4N@n#T^`?g-2
z1al58AZ*L&%DP&6(q4SEepw@76F0ItsqAwA4qZF0ZXj&rbtaU)PTYsB$NO6C`ygTs
z;!^RRrnaal=&b#Kzh=5M>KN}JId@-rxr60vxT~1hczd!d-iS)s#@b5i5evqVMJr<6
zyH(t23>~+*H@a|iqM8ox(V#GKwj_6)DK)K@kU9-SYeu-2VJ+;9DV(=8H`veBtiv&R
zgtTckZ#ARAv)u6}RMP3~Ckw|B#WQiPT}oixoKCKhrHg7n>EB<8zXI3yL`1GQ!XN(%
zB-|3;5@GI$?|?%`{xjv}@zE88)cRu)4K*<hH5t_MZc!dMq2vTJNsBfZDHIx;g!w(A
z1@$X6OXYakG!n1R_2}7d`knpOHUj<+GWLBvRmVQfR!H@zqK0@D!)T+`Ph~L5&vmjL
zbR5RGbxF)-!17K$bFX-oBUDypDn0U`yLDccg&*7x7zlT_ML##&AsQ@eUaHIXbeRns
z89D*WbZ)w(LmsH$%+XrKjg@Lk3;1VS#7(E8q*Ryfwo56&$2J0m{QYnGk6xe&dJfAY
z))UCVULIfm`aAH=RJNVTatdXliUN&XfjybHvOt~9u?m>ke5Ki=oI1nzXMxc>OuuHp
z;jpL`wdo#uikTE^POe0uS0!c;(?D;t2v)iE@5yozY)maNq1q8Xc&5+NZdOU8>BIO|
zc-IXw^#&Z#iX8@J>w`m%?9u94>%rbd8*G8HB`)*QU`V;V%#=m`s{+=zlgKq$bnJ|P
z*l4BGc`KmTMS}Yq3+O~$7PG-+7q>SXf~F;!hBocmf&z12ht}de-t1*+A~-k6TdrM9
z$h<<z$>cNwn(n6eat>#e?`}Zxo=E=QydvqndzPPlH&=U8th+fM%|6(Ic(Dt>AX1?V
z>UroQuFJ?_akIJT;v+P0LfGR^;%pS|ztq>aD==FvE$ps-zJTXi1|Zeh@~QyOLc#q+
zNEsrNPadO6z7%LeE#<bE6<`@sVC2P(JlIMkqlmaP`2ff2PfYtijxn*jM=!X@rha`U
zJpn_j`46~PcE&o>8sP^2-^uld%Rm1|&-+O}Bts4?M+!_@zvVAbiJdG;9sw20sS%yL
zvtkpr>dIZD;IV|mG#aTOdrW>FhkMDyC*hL6keRkh?AexFS!a<_q{>Y>$>2IY2q%Pr
z74~sCnTAh+Ewwy<#^%1TB24he*}?4m0W3p`O)@U?ED!dk3oUS}#JmsKv_H<mJ?~|Z
zt97{eFORaYv1z#WbZjO1G7&{2zj<pVO7KfS85Ey{OZk%?E<c}vdl?~9<)&Px^IYC2
z=g$h9V3^Cz)W0NsUKd%R68JoHR7hgVXw$bSa}C*=t@-rm(qBQWr^=Y4*^<wQF8Ou4
zOjx;H-we<R;so?lRJ_Suj{v%D=D$t_JkFnxdM_!dDOIGlgQJU?N`+cj;ZtzXHSfaj
zax^+#DSY<mxzzIFv}IRcCS){|94z`PaN`Gw&ZyRkN^*qkAZXB3&KAxmDDYMm14+O;
z=1r9z4ep%b-V$VLcT%{gg*1|GCz5iKii^ykoT6eQ0jHf|QMY!XIC$@w?~cEjoWkRi
z2sRDFrumu4&TvnQjWZJCipvCDR%0UhAG)0@y38c$m@j{Dg3;!r>h~OiO>xa;9!F}{
ziYc!U!RRk(0=CP`Ati-m$u;yF#aPuEGXFk@I`iL4rdcfJ_;W-{l0pDJY9ZOWZLly{
z`3^4}rAji1D~csbp;3@+`{x2)Y74lNWGT}pM<6Cv)pa-wsRwHaTc!u6k){np1BC_;
z{ZM(Vp#xS$H<UFVa^EuytltoAnqD`J-vVNh!Rm#eSF^^SDCCR!4JcQ3TccJfHAt;1
ze^^b{R5qmf{~7*ID@yoe`Z_2ylq<+v`b+ixOmJOGt~W$^DswfAO0zA%IF?i`NUAZJ
zv%Z66c9@EP&TpN0X~BPzTvs8NF&smt{2H@_83do;%YEYSrvp6cy>d`~=#uKvA^G7e
zfX9)qmxH?Hv!~W~yXQ@F|H}1f9hlniDa|);qF|+{Ib_PMy#aOWgQx!%xc1A29f}P*
z_1C>~dGNXX>mI;cZn)v;<HP%SH@te{bSS`+-1`R=hfb(Y98w&9|LaAH^$L)KnOv-q
zldsbqVK0SomuimyCoKIzs2~}|j@vi(HJ&>Ss<-=^z5$~(S4!pU0f;)geEZkav(1cK
z)0}0;k7VW1uy^-G=U`WXNX&)v7gtBX!^B#B@O&2l6%!GbKCeCh@tb5AXg%V1>m-!x
zH-VM%B{O<{+hH($eA)caoMDh>VDDP{EoeCVXnThfL`Yu@4*K&)T1q<L0DThK*OKR-
zRaa092Nxz|q86@8LOtrJIH_<6KKQ*uKd$iak-NaB57Q+3RwdAr4E~dPEeAt=b<`j-
zf7P31pvRGP7nMdpCtq>L$O9NxLRAv_SxRDcGU|sN9Leo^3Ix|zGwP!hSt~i^qa8#7
zi#!iHS@e23N3Rz%-sSy@QQ%TGpwr~|qlUoPDUyZGc)%uS(V16g(8RQqf)q5VT?lnx
z$qUqxVRX_<zp^-sZlq7AYRdS5B!I3|4QR#W2{ffAa4bL%r5#<5Wn-VzvlbsaE*U!n
zou$FUGm)%?uej@_u}|t*i#tOogxO7X&*J9oFJGTEH9U^T*_;-AEq>eGm|~56QqRix
z*l~$7goaviH^z*8QqRhChHx-$wf8mbwma^Uv1c3@$Ba{Sq-BJs-PQ;z?zm>`83%NV
z4+rT8Zr<L!18vG-*wnt#nA`5SpNu`@z&J*yH2#V^J~8%;13IONSKPBZFqPA?@K-T)
z(e>)Ze*kpq6529Yp0~;*UE07nNml4qy7vIcl351QPWARptw(sh9ojUV);0z<%Hq3L
z``;1Kwm4g)+BUfjjMZky3|3|*$&%`8E^%j=en3B@muoH(20<^;59o*VGQC2t(rffO
zy+Lo%Tl99|PPcH+gHtaG`t?v?m5aEEl|_A>LO|Qa96nz5l61|r?Bxtlw3ZeAAlnlk
z>NzcSYJFd`KWh-~B3Ge#18CRp7(2Yt9v#pzIz=bwNKHewfKM0j0PK(b`t!$sfBq9V
z@NsxkmjHXo+qVu~fusNy0sijMRc4Yu@xoU?yj#_Te>r7O{`;8MD(fmc?=a=Z+(JG_
zIb|9dC=*o;(K2cdFdJj8Y<gTBjGH(VGeur;>{JW1l!KOO=0qrkn7pz^IMFg{?#tu{
z%EFvvu9d$|9HvA~?W?sKSKj2E{fPV?b&ed(FDB%<IwScx80390$d7ATJP<X<NS*@*
zc|I88XP~JpY2!SyL0{1?X#zY4nf#IG<&>x>I9_@G&{FcUii*b4kcD3;Loh&mQ06aU
z*VG`9{5F?Fz(a_KD+K*=uI5R)moc9o7s?50vM_tIx|_A+Xm<6O)||?oo?dWGMl?e&
z=#9>p;cyZS=pE`!wDVbNPnz|d1Rg}rIXLbtNRJG@Vcz6=Z_?grV?o5WGC>4+K`ey=
z#h@gYAml6shwK#Sgj+!?D@Dox75N2DCAmC?(V)APd4U>8sW@wmw#eKp$#_2#Bnw_G
zlNX4&TXgDRe}W!(4=Uj!;KKE@!gndx<72aOH2Zqg*Hy&E6Bl(kx{u)_m4$a!AHGrd
z@xRl8+$-aLC_6qV-^-aJ2(Y{bI^p#I1Q4^&JcKEZFN;(C)`3(%0DSOb;3fck`YJ{G
z=K0u@NL+Od6buwV0M!To{|G?mFcq{<Z|5r)f5Ffhj`^h%#Z@5w-;G+4OCzrjIe#MO
zK@2X^67*m8YR1Y_c{`UEEHt`vsH!|k7OwbzM92S1TF0B8<n%XX`60h@i@)IQ+os8E
zDtwNi7A-R`P=mp05=iO8`(Cp@tTG<UGylRq_+(=sVf8dRK_{5t@m(<$Ggafsa-Oo6
zSaM*`QNKi4Kk((d&m3|(y`oP+2oHouAM~4j_*BUQ#J~!?3X#3~Qu=QM|LDD#5F<dq
z4=$+I`!owa0uM1TWEzbX8H+PnsF5X5{irMEJA_)q#TS^3V1fxGh(`dV2v841H$H#y
zH34P$wC}An@*2jg2$s7l^m%@P_RC%%bI$SiHfo=ll66X7X38%XX3ZSGXpyavY=PAZ
zeSeym<3IEobf(cw&qgZp4)TE@`{np#V&r9hg-jo6K8GSw`s7_m2yy;(0^9JVGMy%W
z@+tH3L|mC+?>dyMZfCTT>u_=MOlqp^Nr)$9+^G;uwYUt50Rlip!M#{2qyZ39IowN`
z{x@##Y%56}^e_e@5P}kf;DAohf{YaCFgjjR96vZW#e%6!edVh298w_x;DCkX=XeB`
zJn2DG_d7iYuCo8(io-{_o~z=9p794b!y22vH(Lgt$1i4OZFR$Ztw$Yn1a`s=xC1}b
z<NzjN26m8BgZTjdgxm3F2s)np8q_1xy4|VlMNJg|+yP|t2Q=S^Xf+~0Y}E}gvO^G9
zu+eRMIr&^IL`D>~P|>lm7RKPaS~#}zwPC6h*M_4L%h;I(uF`30W>Mhv?NF&*eJndQ
z#ML32ylhP?)#CB8aPh0`T9qqR^9yOw!H1L9io>o`NRxV%f~vJ^$yRnU0s$^QISHjY
z$WAapqB~2ju&q$3SxBSmo2>EfY}EiENZc$EfZSs#LC6jv8wg$-UpqY$123g3UL(D0
zj9Il518R?H#rM@gz+pk=>Q#|WMZKIeWoM+CReJ1NRK~7m6)Gf=RdYOg&s5K@gDa$}
zxC*kF$uh7JR%E?SbqI1)M^~I~Rb}Y_bmlxlnk{YSPO7(W-kmhS1qJeVAa4_TI*TzM
zP@$lr$wbG%#KOkG#q<566cQ1W$RZ^pr=X;wW?~*o=UuUj`;zqw$Q6_)Ux7kJij_Fv
znkx>fP-#My8>(G(Jwg4X+*adLANklJwI&^Qw>c|yzV)^5HK^C9S(6r9v}!Z!E&Xe?
zOQ&u<?wPIE9DU}QYpWv$Eim6gi+ty#Z~PEwRMCiLv_wggECmW$sx%nsu!)FHbfXvj
z7(^XoF&+~V#KFn158MorZ4kn|<6Xy{@PQAVb<Q4p#XIVlOZpigMbpqJRW4B(t*^vb
zZosf1BR=00zM42`@|39PsncSn$HvWwPe@EkPDxFhnVylEm7SBDmv5up?}e7QWxOhz
zKP`3ht3+fn_eBxQV0w=Mk7&viA=_>FDJ?5!G@AS`o97ip(2B~c>YCcR`i91)=9bpB
z_Kwc3ZsieOE%kh%ND8YdtFd}#SajuJA#Nz@_hnhehczQxTdF6*ojt7zVFt(6j>;Gw
ztD5S&*I%Ziem3Su=LP!C`M@0XMMqenqia?NPH->~6hEbKRZA-qf^aYp6v9AI91ISE
zpyILrKF@69IIYDc+Bb+Jedl~Xb^pBnSbm1gk-@+T2ExHWPzb_6aWFUtf)el*ioy99
zILASy!b7((9)5dm_%A}RXTC6@P#{5cG=)0qxb~0ch){cO^=zuBF*B{>%58j+kbtO`
zFXHo~nz)rqsGv$fg;hc-suDS3sML|IStWDy#gp_wp%e=a`-Vb{lmTIq$4g?1G8VJN
G0ssK9UqeO!

literal 0
HcmV?d00001

diff --git a/data/web/fonts/source-sans-pro-v21-latin-regular.woff b/data/web/fonts/source-sans-pro-v21-latin-regular.woff
new file mode 100644
index 0000000000000000000000000000000000000000..db90a83e0431df39bc65d1e1b39aba44a4bcddec
GIT binary patch
literal 16156
zcmYj&1CS<7u<bWHwrz9A_Kt1awr%d%wr$(CZQC<Ddh_475${&?iK;x2rR?nLu8u5M
zSrHKc5a1{A;Q(O&%bjw6<o{v*lm2fK6%rN!0D$O!IF=vq|7!bnBq}GX_`{h208l#s
z03q+|@%^-@qOt%003-Iprvd=L4mqG^K(dN-i~s=a?oU0HALwbqI~5pO>)QbUaO^*N
zjsU<fJRa4;L{lqw6953d5&$5p004LrcQfP+%#8Jo0036CpL(qS0XrCP$LxpvDaQWD
z1V12w3If|UvvzX(;c9={q6Gjz?2fId46SSpfArXQf4CpLU!3$Ngk9G9Za@8U{Zs?s
z{D1(68SreQZ*Ba;{m4L+KYAwe$5vf-wvJ8!0Qb*4ek}q3pfq~evQ2L5uzhui{Bj7O
zz24}Mjl_z-P{WLaBIQ4OwEJKv66(X6MoiE}V;V+|&|*}*d{_W3W}rDgow%)Erh?jG
zk0FKhplZ~U3Q93<=pP^6GBEvbI`}CGrXD<y{ynfubWrZ;X>V?BEQ-Cs>v{2A;<~S1
zVp>=Lrv61R)8K|)CdzXxKC@3)<Mqw8J($1JeXwL}w4R~!RoyZx4AmRyXS8$zGG~hD
z4W?l0^~CkqwN8!DS~Loj*1hA@;=)t?CR+yc`x^0FjARi_OegsjizCF3cEi+lHKxkS
z@=9UD<l^y6^_l!V`*U*JFvALVgcQ4ZqmQZ?*otqJR7srIb=_ve!kCO=qc^BfL&Yy@
zL#8&1N);HvcH-LbRn6AbO}DwAyR?({*(m`-o~J-c?w$>3%>zOi;y1ddPxC*2<=!td
z*9~WjIgh628J7a@SUDG1(WFmMBK(wf7FHA2^{Qt=z=q*~jty@}OwPO81mN-?{je@s
z;>rEW8`!ONw_w0cI11mcYoT~;SP+FgorW1|f*CU9x^OyNT#@1-ML27_5YJYA7T%mV
zJ}?OeiZ)ERP4Qnp%t<3Zb)r5ihF+XFy=n}->{I=2v3fZpHIj2R8Vz-#dm7Y0ngb(=
zOd?J<C|U9;CLx}g<6x(IA{~(c)dwsvx8Js8eO&J7?%N~ar~8ii;Wc3<F#>cuXkA{a
zk9Xd4HEJKRM0`lFA8IJC;byxf`Moo*99@~jSdg!931R^ATp6R$b|4b*Hc%PnlLtN`
zP+0tmP~PK!s8y&h1}eWRR}t%uDrFfJs~lyDRc+QvSx@IJTIvVD(Sv<g4Vj?<+bY=>
z_R5yLroL<Jg03-F?uqdd>#=XyZyZhM4?&}Y+~mY7M_$?KU$xj)xT|1X13D#3&*UVi
z3D(VP%d6_m)76UZA)m`Kz)uINID)Ld^bCa*n8$Sl+c+IY&~=r_X@%c3dbagL{b2lJ
zcD?Vu*5I&T99lf+ajGZ|Sh`gQH!cm8@+7v8^*8V>rw9esC}Qu>hVDnYO>F0&S|Qz|
zxGgvPmM^fz;R3cCUfEaI_;Y3=naXoEnq0cB-~ORt&&5XtWovTZ%TH1OC3NC|K%FCU
zgWO1R6OE7CZ-o=tB+as}lf4`>K`x=W%K~GTD+|oTaM%C6fzbIC3tsEJui_VeETT+z
z_l3MgDRAmJ`8@R1q9TqLdkKZVF)*%zV_z~6V9gd&ck{8D8Y4ItVy*NNGVqF{?ygtL
zD)Wr{9+YKy5}<8RkgHy=@HO3Bf4z-&%;|zDXt5Pm1)_O_c}?nP@=8&~E5Ww9wC;c7
zrx9$wt;BR<DRR83uwxr@5}^$DEsaflSvAz)Vu%vHimX|olMLCg*}r+)rbd`(Dl%O|
z%O$rk)7G?RmO_=i@j=rJ9TOyR$y<wywT8>z=S}yZPIt&g7xA%i)vIu8dr69A-LcZ>
zDrAiZ`QSm$UpeK@!{?O&|7*db!1iMCoMA(eX~M_=h5|qj;xY;+PrLym1s=xNB*9F}
zwY2=?W*syKci_`Aj-%hx-#WxH)wO6Od)k)YoMP?U$Y|ZPrK93x3u;Z`{r%(<#3Uix
zUs+Zl($uzh5`YNM1%^}(yGbA1U~6%at<&9zxish)A90B2tbTZN?$|2faPO*W{yVY<
zcf4kkx8T>}T39}U4jj1qKHYW4BVo^t61`rl%eHda@J@kXYu_1FG>~&SkTBuWvu#UE
z1!U_@@l>XqCjY!JmCD<uJe9QUrkVc^kUhXJLW#3VO}$hhs|JxS1YJ}l$PKqqc>GI7
z7GY9cmxzWpk$|yJ$sK{&na;+L({fLn{D5aqb#nsD9b|j|8*eygkoYyijie-86ft(!
zVBH_iuT%;!w_}sFD4(C9Q!GE@6wg1LCIyu$jrH@SBd^2MAD-ria(gq+>I_M7mMV)z
zDv0p_#xT;t)(CYRVMc==A+-{+!YL3y5$VCrz`%s~e%tt)6^>P%HU?N)7zyrir-M{e
zHu{gy^m)w_Nd}6^AyB3ZC7Z~LMvO9wADW}WHinC=3pa?GBW2}B#h>O%nq_9{<lP~f
z7l-?u5uM%mn42(Uz&HvaI|@g;=V!m=kN%n)6qxHLnj1Hmn?{-&Q<ytSOL=PPHpwQG
z;8rwpPo}uFm>aYdN?*ArW9&?FojtVm%gWBeoSDuyHLWo<jWIQaFA2xXZ)uduMlre>
z;|?`B7P$Io?n0<~<QzKn0EQQHsna&)TpK>F_gvoE()kL2<1$(Y?%Xs+)h$z`f?tQ?
znzGrqyH`XTwb<DZxs2^0wjwIFTUk!9YoU5S$51_#m;Jzc(27=hdgWjxKJNrEi~92A
z;+NjBEx+qr`iQhiI@exn429tPc7t^1?D94KQXd!m05L($XMg8qv%1)q7jm4X(lIdp
z_$_gH!fs3~>TSAtYCQG1ipNW0;<nWSm_7Qf1u=PmSf9{0UZ>r-n*#>q1|fSW9)uYf
z11!AHqIc2;e%W6NO6h-7T`^#V3Eg0|YS;v6W}MzNGCn8M2`RwWVqUC;!-YOFzW(sn
z)D|o$7i-x;X|3;c0SgTvT)S7Ba&gckWLhKw_`CFJQeHihnB<+TugQNDrz8seP4%e@
ziDg7dAec=ej8#@Z&aDq4KZ8;{KgftD2rY}2;Lchzzs2@|mVC=w7b!V-e|x#0;`p4V
z@B;~AZRR;C{NFIMP*SezX<*$sza|kE1TP9t-|gVL9+@JVso0|%WL3qW0aXmeqLUDJ
z>4yB2g}S>Iu4M5&>T!tbCcy3lq(~%N_4(16n!AO4%3+n+uWP1ZW4jEJv$6spBwM=U
zck4KBsIZ4Z{+(uzceJzQ@!K`bz(fPNrG^kQ0C^*eRB&=+yT79j<zjaTcrwYNw`N%G
zkrZypM(%l|w?uJ=L!FT@bSKIv?hT{2XmKx>We=B>NLkWq0#L1y2@qyL^@B#5me-*B
zfj003?g8X;9*DCT|7gO>5yM2tt`6<v!f8NJ2*>@&koXr<^gt=ax@j>82bck1_HQ<7
zVLibQZtn%w&Dh2#_j*T9t6<m-T<){=6TKmQ)!{X_dc+2+Du~}#RvlYId(QQr+mF!c
zmo0Ul<2~k<S9sAx9e&`18@AZid>n8k3RAY5N9jB9k}g;PAk6N5*Eimt6PRfz)oxw_
zP=ureNMWi*pLBD5q$-%%VS+0u(zDUfo;79$Wv4JBv#dhOH=66bXxe|}eke^6LuQcX
z1&C%bagi8MKSq}-LQx>sqe5UumX~?_ivw`aB{(;?n}DohwAq@zvkU_<?<P|4QU&qS
zC3))-vkMUuWn$Drq|9ZJhZzo>(~G!_-Ywom?<)yl1CfO~2Ca=k-Rw2@3VHdglBj15
z13(3w4)72U@`w<1B4lbze^&p}$VFmA+T7CCwZpn>aqnOvr&*tq3EUB<Gu#dgf<Pve
zh-{4(SD5D8OJtfZQ?*vUAu<sDt`2V-`R<lRe$GL!Q`k<2^nm)@djGe75phYz@bbC?
z3i%#yL7C=Jmf&?0Iv9GMJ)VTDilHCnzFeizcESBZ;V6?ucXArWrm!3=5ixz@eqy;~
znZ=grS^kiB*fkwGzcR1MEVeDqyRSrPDqdWeS)?&utl{LL^qJe8IC|eurjs!K(xvj;
zR<fC;@nIuFdR?~?v>}#utK-0yW0OKv25<4OFj;Ezt9<M<uHhp()nH1a#iFaJK_Y_=
zxqDK)dhX187k};7Q0ve4ZPYB&K(amt*zSQxlJ$nxe&Urzy*0LEX8i^H;c>B*rlyUB
z1>{WZ+g9tOVs0+7y?n7^ica7qeuvvMGd9^YCf`zkdBMq)oIKsxvmmGHO7nr=pQR;y
z=3G-}<F`j~85zW)Bt_*cy5!1!3CfDU>$)_U!HG&D#!X^0>gJ$Ha^ljM-Kz>v6xI1y
ze5(RJLrQX=;Mi{{$~r90BU7myJohKTGO0`+l`-yl3uLl5SKisDlXVN7?{U+qeBRM5
z?s*MJ$L=~50%(K?1c$L`V>1MWhcQ(Q6j&naTvhX;;{LI^64pcc`HC`J2bGS~9lQCG
zv>p59merD^Y#=snR7Ty0A?rxARgL+Ox->;;!jM(^;Z6b>ka4%K$#IHu5^6TEx@5S;
zZT*n4W#x^tNd8{oq?rzwg!%c6a_SUkBVk5VB#N9zoI0KrrHyjiF?EE4DUqSC_T|k2
z>|emNT_~T#RFFhSMm}McWu@3Q?MKaA*X<|W;CLSUWukbJ;=XIH2~$v<r?LG$m))8W
zO?<%E9nDs5>%WHxk@)3MLgsG1(3wQ)1KEgARs7~al<Nt^XRRlogd}f4WH?$KHpKo^
znCN{p2M<%p#kG^ulJdi{_t>10YxE;KkHCC1GU|c*X|MbH_1tH{xc;}F@t$Pz(}qR?
zops)6vEE9%S#7=|Yql<t!Q5!JX46ML*b29{TpZ*uz0sx}yoKwQ-U94+ust(SQ5^H&
zPf+z3oSPNK0I{x9U#A}uc*-#~(>4>kkhsu%P<)VluzqlS@JPXYLpp|l_ABVO*y#uu
z^zR1ch3k_0yfAZcVCGr<-014zf9XaE-b5>kRakXRGwM4*d?7u>njHNfwzX6Vog7V;
zgl(c09VM*jvhmqy9_eRiJ>t3~-gvNqW_pVZ>!?l9CPK>j0(WzF&3CNi`N-e~Jy1&g
z&`tt$z_noDb_)@%%fhxDy%2^~uEVIGkqk3l)SL8!FoC}r7U^BL>}M!0Xlf?~;3r|#
zjLL@apdy|6)Jw7&Hph3hD~6;WMqw-iUNRka$T9-?bt@*}cx&a2+AFHtY#P(YDJnAW
zsY*|iCCW?7)6XqRivq7T%*v9M*Uc`PT{zDR8))0l^D@TQu}wS0$x_W6pkmCU<$i3Q
z<q4{Xt=jzDMZCs1N&r1<fWgpUB%b^;41_dbo8It&jlxZ^cIkA7jQ!)JGi%J3u72HO
ztF)A~by_C2gYV5bwYc@mf@R{U?zWd%o|j1uQ?gRHDMBIPQp;EXOFrwO{~<&$iAea6
zSp!498U>o6*`LV}(tM5&?PvO7V10dNDwso`G%m|;AMTEr_T$y(!M>p()#DlVz^=;z
z*;N9ccVr<T9wGCx0e<CxSS6Ht^(xllZXE(xam?J0kS|p4&^+x`lh@~$lODd5FKaMg
zeSN~_f(lFUj(AS5%R^ONVSYnWIR;=<NCm<WF*GPD6bJP#v1#umrT{s5EJ#gEk$SKC
z`=XEGYCk%TL=Jbmo%XT5xVWf}lH(Prn_@WZzu~=V8MW?>vrJcmrlbMdUxvQphwU8*
zB6~%A@)qYJg~FxNMol99a}>Av!Yb5;<uxf2C{TI`1s50gWsgI7dx6MhOIR^fCsH+#
zpsGdQfgUy1U2a2h)|xSizd}lf6M4FnIH^t9f_eT3*?R>2i2)<oYXY2MY6>57#cX;l
zG${&}^!f@e?s?jDp7r&UdOl~y(5Hp>z%ymEImcli5pn?MP~WXxwtRiL;^e}i?_9r2
z<MZ7M8r+q~A=zy5eE}78>l*b;U6_ONz<x`}=9>hC2a)8SpPva16rfL|ESq(XYtgsx
z)>}d^5O*D7|NGrpPN=P945s{|MS0U&lk%A~7d##>*Jqse2aO%$Rg1$PI3eMZYf=As
zMa|>V2uFX1B1Qzh*9?daOC;_HT&w4i+zWBn8e)!2Gg8wJ0>;ny`!-WZ0@0LcPkf@)
zEn;EVDD+l!jo*uR*m0(p+dfSPB2-90gdn~q6G3n6L$gQc;hr{j*Pi<p-i11w^IKcT
z;Dc<k?0__+PYvFId%LA_MyIv>s9FLQiW4PjxKOCVj(Io?B(itdPf$XI_7Zu)AWw~U
zyTQKk4*|?g_!T5HDABHKN7)L9uN&Uu_Wt&9dvX`Ptj@*yu}ROM<1GN(JPjDPUL(95
zwSA%I8ko^=q2~-43bH8}I&h=k?U&h>(;q#@)Gl!O&2gKcB<qT&y?c>5(1Og0G<MbD
zfuc`u?{`V$_kZs%(j=xInx>{L|4fGxR&3Yqi%_Y%8;vKP5`f<tBusUE-qwm5?!#Vo
zO>Cr%mERGbx9*}|7I&u~^R6~lWMwC%W)wrG6h9-NFH2haG%q9U@2m1<fZjA>kqITE
zxCyGJB$X$qIlFg4sPFar${U)zHx!M>kTW74m4x&y%x$4vj%LzG`em{czQ44(&7aGg
zjCqdXXTr6wIrU||iE9FZoXmuslHdlp%9q@zdpJ0BS}nhhnOve1C5XAo1}6XZ-(o?&
z8`7BihMzF<tkK^=k-whU{=tVgy)p)e70d+Iws=9Eiz{|UnS*J0$-ahSBoD6tT=(<Q
z*|`dvBu{{j6lL3uI*R(Ugk{;n(M}NEii{>ZZ(DDvf%|(plaKxQF10|zaJ9;{H2vx-
z+lqi26@-JCV6r4PDeQDmD6;m#*9+zQmV!l%2G286j1xF}FBs8bn{JeBzfgNymOW=D
zIos~BeN%YE&7*?7-4yzZsKeDNX{p@;24C;Rb`2Sn^A?{J!1=pZT&@Wo<fezOrAY8M
zs*4$kX7M)YcPB?31CXy9PfLP%DmWnorsavUq8`Z6d!U%zJLy7KRK1A4qv=EWp7Op-
zU2R=Knd?V?Fl>}Htbn}e0B5eRpphlXFD^Y|PeC`$H<;&s(q$m(kGc{<seG_6;9I3%
zvSkE950wUlK%2g9I{D2fc-lNG0xgi5NBe1OHQX&8))DR6tK~>JLF9HXTTm@37b=@m
zyd%8#Vy0px(9XO8xARDHUpgGL!9*;HM|3@mY)jR)=n_)a2~0J$ujS-Z!VyJgKJi;)
zL{i+K-`O#<h*m*G{UUAPGj*bOSC=Vw=>$vaFgWjp@JX&rJ|N#fWwB|4eD!ID`qODb
ztkX@0NFfyZ#Cz$`n{+NUt@~i%6W2J4SW?(Xjt8J|y^R8Wg=r1TphLiGca-70(-=nD
zP$SXGmn+CvrqhKzxxbGb)%<iJUq2H(P{rT4fHw>FvZ>JRJ6|FCt<|o#BXEm>0{IiE
z<%b#G#V-=bQ56lxbiCmWN5i7l37*a)8Z<WYw2@0nJkeF7ZRs(SnVIi|=<M7f8s|S$
zUGeMBxI9=(>Nn=Ubcz(O7ur3ok=+#q^jV`L6gx&FI~2({sjeQShse>I>Qk4+XpVu`
zcQls$Se3&zi1LgThlo%`d^MYx+GvlZu!E5G$fs)S$%}60*BF=cUq2d#WyCL(kY#Zr
zT+MO1+*JhM$@ZDB5r)RTIY)QGAD6J~^as@-)qfG2Qb?J$6f;5Bv0yU{@yfF)8pT^w
z`CP)%OgaUtgmt*aMBT{TtZn97;i&&k5i;hq!o|S^ratRc!aNrwp}RT7px>(m5jxt`
z_O_;7;o|4o;95-Y-zVxO)@Ea5U!WKdI}yFV#3JF(CI$XN9mV9|GArEYL$q8%7exxY
z3r`$VY3A!$57@oCr8y!l7}LOeNNG!`8ip$pUpI%A0W&&I_CzCT^yM~VYI0Kh^`NL&
zmNhVaoj8$n9*ssW*gd9V*ir6y8X6qgElFtAZ27p2mRGs^H<DA>Iqf-&m-{l7xx%=S
zcKHhPc~6uvPK*jQ+-McLqlzp^j>37|TBlYL^70;5P5&BB=}y`K{rE#cfeJD;ZdXiq
z?5c(2_ihlh$WA-UWyY$!nC9=xDu`zrI)PK_MZ-i?>!1b?nl<3ldA1a*Q+YU^g2?PZ
zHy?bUo+Bv%2}Z~aF&zy;H`66t+3HR&)F-Nnfm70F&z@BeS{Skp2ybK)I}T`kGxw6#
zkqe3@Rw&{8W3b>>Y5{9bmnfwGdkqR2$9y073*$rfxxD-H#Z&TfuasVW*nw)d;wjE^
zJS>W~t~r6Rs|d7PQQ={9JFfl-3HZ8}d)<j;V7z(@yrpH}`bo1PuOPLmC%5l!+*vch
zbL3+T)SN!+u^}lFhP3s>F)ImU5fR3-IeDL(VwaR**Al1*<b(`1Ss5B4+J8Z}eEv4>
zH!6k1O5q!G4(85}gz;D-S`P@W`^BB%oPp51m<<e{XirJ4!#;i0^JlgGCD(&b%5$MY
zVF+K#j4AD6k;FP{P<63Fa=3)Ign2Hb>Tt+BBISfHGNeMCPra4H)4`Bc%br#sE2;({
zwkPhpL}m3%;dZFR)bF?&?b<Y!3nxjh1?skqWx5nF#cQhJ;O4#k;Cju-mvR}(cH+X;
zGJPc|H^C>Ep?SOa?@@$JlqZ?k50Ms^<E4EU^KVO1eFqrG8_Wzva|NpDr^RT7gK;=a
zv-;*Gih`C$Q@@8(SCSimUu1T-C9i~-Z+Z~C3<zltl|Eim3bsB6q`Sc3FtUDg+ILKn
z>#W6S&O4*)q?&&3LNY@w<eTI&gCuSb;}fo#x&#El5A)%i<=DMdi6hsAnX7f$z``}`
zP!w9zw&ItET=@izbr0x*V&zP*WqX)eI5Tb0SQTfe)U@LJ4t|Yq&d`6F&=@KUK?jwN
z=xu*f?6e*QjD3Zu#MS0?*_(N_%Fh#6nIS(#Ww*##Sy_TKmH{65z}N!$Dl0h^_c)97
z>K+*{OL`knjl413;=PDXD#oFN9`C#go{}q0>Zh`P_nQbiI{Z7&IQgfcRMnp>V;}u#
zl(9&ez)`f}^L?TX)uMHs?}`Xb^TrNcTG2&_R>2@b-BhnlZDSkD!kKS9MJH`-rV?Om
zB+YaXBk9$3vjp9sq&;sqjNjn9_>vL%3AX8Q3IC-Jf5*z>r3LgjfeEQNE%u1<i2_eY
zxVbxQdbo8d{8m)tz(cnRK#UiF2)82+!EpW6*#<_Za+{3hl^f8qw3`h@Th%99z3UJ#
z;0`Phz*%jO5C}(fTka7VvobOaLEK+_{T__?tj`@`tLJ++M!wps^Y0nV>-fyg4ZGq9
z`s5^=SgT)>Q{fXBop2<0m<h+V`rmP5#Yq!u7J_YcUj%Ar5!j28ojIm1Cs@xHzGz9A
z6h7|Za7_Q}F;!<<B;6<6t&Bj<h^E_zs-Gpu&uD%h9JR+cxM15}$-|vk2uJ&H)vVk?
z-W_9gs`Y7F-1<Xps|0#dwI=S?CifNLD{hp6BSyh!1vLyM+Y&lOqA4pN`b+&WL^>=y
zVw?*>wd@k^f`sas`ZTw#=>svoIOZ)Y#KjgEXwcLRLXw}K{-P*ls&UBKhHug}0cASj
ztb#vZrBQh$hk0#0J-SSjoByYJx)yPu6$1O~tT%9dEStrFEnwCjygrEJBg<-~$#usO
zWT)SA7OUs`(Q(@Swix?nZ?lA-1!uG4#UP(a)!4pS@s@Qe4|#8j#jP%&W${0Q|2M_J
zf`WbTeYQ;*`u-7ul^ePHxBZiUl0qd3Bg5q#QY$(U4YY);N*>ZXPj{&GnH9GvM>rJ<
zClka;zufm9{jat{n{&FoJq#QyxSZWejO%?LLN2;toqZZRpI;IGK#!K~9a;gz=OAy3
zEi(U^gQBbM$;#a*-!7-$!7JZJV|}!sYJsuewSlZYq}Yi%=dq7xwkGGlSrt%)p44k&
zX9`}@uBg@_r1*6%Yq#%9UeR`R=~^;ZMTtaMuPf-;RQY)e(`T9NTV(l=tZL6&VbMon
zW2fIzUI6!eOETi&R95xw^Xhutm`IP@T4>CZE(}dpIIuP_=gT`ht-^;6lm8*UiH}y2
z%#Dj)5cAJqmu{m9YAEz?u^WKA`x&rW>c|kws~~D;!H<7n`Fw)s4V;X^dXAp{3Kv&4
zL;jQE141Ef_E4HC=nG^<oi|y4>-p-1wH3~%as8MiVP~ogWK7F+q_W;u(^y5cbHg4j
zqchWtyf3}P9vA#y%buv6O<=yI0j>x*kbrLvqqY$_;MJjMIVlmzwnDjEx_;%zOPCD)
zx}2|e((6(6&E!%A=&>6&Ml&+g3<bk7Nk(eU9+P*;?Fdkp9g_D(R?F0Aeny<jkcKo0
zl0l#`gR)&?z9xI54{<$^9OGDcVN1)SzZK`D7OGV;-M@`xhhW2lm0koGd28k?BP+G&
z^mKDGLBSIM__)w6Q<m-1Qn2tPyS?$gg$I3vynHhx9rc53fdewr91V93RAc{M`j{r1
z;fCaH3VI!GBB0@P{*YuAyD^CA_oaYU#TK1|=+Suf&Q-956u_nM#5Gn(Ta*yTQ(33S
zJZdhXHSwg?%0?{x4WiC9&EzzkHHT{T^03r%3PM#3c+-B)+(L5ZP}UH!6bE5kFoJF4
zPIv(I9TJrZVpBd?l%;NM{U5X4vZwglJM|lLp2m#WGiHx)K}1ua0CDmabVsd2WTjeh
zc(>T^iD)!MBd7{BW27wLx)uX3<5?2M)G?Tj!)xK}%;IV$)IL*c?k`VpzJw~OIL_I*
zpP(xa%sKDC!*RGwH(O|Iwl7_JYHR+3#y$X3^oTO<jcda0SBUZGjl1Z6kGyMuns`z!
zViT}9`L6G#(jTbxzWSA@Dm5KeF;3mrL?=~Fqvc(sEVH<*np%<njq5w8+QahOGq8W2
z$o$fZ!8KW7$D&jc`dq+9!t;_mu;IuDyb0?cZtX?XE~`}0$)5;z)%Z}}6`(%P9f~6d
z!GS*+LL;eHwu_B|t1N}2^Gw_uaW;@|3oKoTyI|cL(3?2qm(`2OTt`sy3LEzBjb(PX
zx#2ZFr*qffmRR&l&Io0Z$?j0gz%z%wReQd_hr*k9>%_<z`+W&@&CP@I^^a(39h8f(
zcH%YR7^U7MMdym*7fhux$n3HzyNbHn#EBi*FDR62v@cThXmYy+KC$1UvT+jn2QGHf
zlf*9;oQY(6FOn=if^D$F>%i24k(_2S<Ux#o*8E{ng|2gL1<2+JSrD^cfg`54B<2Du
z<3DW=rX*F_oy%tS9q|<b$wA^Gnw~scpsw2nsZZx#*2MF)8I)BjsUnxjZ=#|3#gW5&
zBdH%KMKY&O>M6^pJkRMhDE8?2jfR6TS+`$76$q-}vh^IxL!Q$R3n3u_3BraB+^7@g
ziPOPh#n|$ru<xI!=LWNZ$BxiCyXSr%FHKx7l|1Gn(Fyy(0^Hjh)IPh*8`s_M&6@b5
zS3QsOj?-<A^Pdm}3_-UCi@envD1_PKjlor%E=y(Cl~j(kem!{Rxf?OKq-+L8Au%cb
zHR+K$aP34J_Ktn(Vm7*-rK#u5=*+zD<&T@iALaw)t@mTS>(sK)Lx1rCXK>XsC9)j*
zFi0<f)2U{U)N|k3wt<oTxjWN^pO{v4VQm@Nn+om*bFFP!=}ja;F5Rm(>KS?Ky2vvz
zVsc2L8RWBC$PKO-jbP*p=q#2)FlQFU4CKhH(ng0QZG?Wj;tR`cM~oAUp&r+u&?s3X
z5>cwMca*J%YEYoAoMrF}LQ-XB@?%e2xhLLb!RmF7g10|A-7|Gn7?QIS-~_|Md7Cd8
z<sjnJss9wQ2U?)bg(F*yA%&ecK{JxpBVks<%8GuaLl=!zfHkAW%SMr4VOM&CX<uR4
z+~TSoE9A~+=N_f$%ta46KVb!ub7O%I-_$CzQ)790@%%(Ga270dgU+}|*rbZJ;tuAW
zXtT*$N5~!ges#@qk*CetyRF-5w$R4*yw*slfy-%FFw~^){c=u!dP?SvI2-pUJg*eV
zEoO!qhF8`SWweTZ2dn+*l6E_Ja-DVt{gmU|_f&{~32@g1b$_C7iBJpK(T`jIO-A>U
z0J1c5Jf5Z3{q!EQ=oJ}$mRj0_lCD-#H_`Y<&@5`OmxSoLus{y|<|)R#DvzPgl>2lN
zY(04VOHXgM&Sf_Bu?ccxYm0WL6x??CnZ8?V(-fBRa!#rjvDt+p;#!QZt`e8T+h?s_
z!N>PO-d}ghO!^=?;iJ)LezwH+^yb;bRFIgehNhS}%V?{$3xpNc7_HsIb>DOz*kvZ&
znRw*OWFg30`gKxTh0S!nKR80qw4VoT)3?4e<Kk<`X81RBhbvty@!C#Kkl@FyG~15r
z&J-Ju)~fH_kZF$h-OzhDc|bvK&j8gQ8SS+x*R12|GRDNe8>1(2@@TJaUp-qR)lJ}@
z9rMpRO*?Jno;HN8=LDArqR}^owx#tkDapw%49YRnM-HgSXNG|!Pp1(`_Zd6HcAwnW
z9&8_9oTG9vaE%1pJ=q_bzFW$+m@*AF`xE=Z9gXWfegc&Odmqb38kf@7FN6$vslnZ^
z$YyL7)lqStNiYSMMi>kQ%Z!mKQ?Yg3MdnT@!!EsQwSiUJgG$n46Iwn}ONv>M>gKg5
zH&2pGE|p8APx`VmoV%0u{X2P9rxFCspd@~_y&UB%ugW;Q@UF*-ei^9RWx^2E`&T46
zf~pF#_HUagvz`g<m`iaGsK~1VME<1`nTi=@kmc$F7xpMQJbW{F9zFSRX*)67gT53q
zCF02OXi8JMh3OsXl;C{d;qG3no@Ut&87vkd@|KfAzo=L5Y0h;DNxG35ia~Sk;#7dN
zf6x8=i%J<mxW!IroS{d>)&Z5*(Kb~`my#eAJH3z<E&%gP(Ya!LF9x?xb0a#bgwTq%
zrmO~r{dirH2weZG(swuFxP;{uc#vC;z5DtPco^i0O{&c;N=L_}?;+}9k#<;ih#Ja(
zIT~NURWT+YICc^28P(bheG+Q@PSCYV$9rWSsV(|sw;femRt1a~-`_T}{r2;e@*MK|
zlZXhOJS{WjTq=tJ>$*_`^og+mZs*3a$i$h|I0d;PQ35wD3#gh-PS(DmFFx*{1$jns
z722Py&D?^fVho?r@=FJO<r0Y##}X5MqTR?AU{mV$xP(&?BE(&O<QuSb6({7-oyJHy
zZ=f!}={$&lXdYdWTN@|1$j&5ecj}r1@T1w5Tf;(0j0WLcn%wV)e(0%^oa_!l@4)Nf
z41FOKkq<X_kPq33lhg%SQ`&KJn{IhmK`b+1STC^1+WZYj>(|b-1R|){HXI-D(49Ya
zxu^U)eb#EhAp8tS@m#$BWXKeUef{u9vWzz=Tz4mYXP1<R%X(Dy7B~D7vO+;?AG*cD
zTXC1ch_6neHvMKuJ9t%$w}`X7wt+`b+sv4AVniInE}U{g`P4n)<%;~vF??NhX@-r9
z4_f2?(OLj)YN#8JqV;6cqAlbJsjBYpMeT68-M&L-k$c;|T;F5`(O;(8Kl1oQS8eh~
z+P{Qz*myyh@J_~DYrTH;1?~u9?Dv|`<mrgyJ9rQFGJGd3$Z!#<U2%!Lwd%ahn>^z2
z1ss~%oyzh&%@Ondee(7o$JF09Z+-P1u#ZLnVn6byYV%b(lDP$*%^^dMlA;)7CX2^w
z(pIctz}OwA=0(B}p8{+0!5Q|EHe+Q)df@=x9+M+jq_Bc{7fjgpb5v*C?0-1ga7sGq
zJj%w+<>u4SnVIN4RfcoUTG#V~4;{}sw_pYjJRYuIjAO+1#aIO}MZ+SJ7VZhnfrV29
z*)Gg$bOvyaS7E}%h3NeKe5eYL&e4&ruGT3RU6Jqcuh5dN<Gh3KBhPV(r>>&6t>><R
zJJu(CKOwQ9l`Skk_Ae@;SL~gVA)yc4(IX!53D`0I<R|sN8O+ElwhorxlnDzqt2Y#C
zj=0jkSZ8Gc!$RL!9<ug+mAUHNs@UwVTCmJnkx9TfQTM>BKY5qOK(%-fs)<#DgHe4i
zl_m!XyklwS2LqK$j4ZN>{S-NV{A1j2^Rmh`6v?A!o)8K1Hq87yT{>r8XZnxPC8w!r
zi{aK-vt71kX=7fvYk1X=#e<UtE^0Y{iDO>JHKuc`8Y(9JG)&4^z6{8@xT`zymz?H$
zq%Cth%zCs+#oS@YjSH9Au9^o%&qNms_`enZV5&4zv49t;?Uf#`l(o4Fyb>R`Nx#7D
zCP70>94pAa*WUS@vXQchSQG{d!Fn7z;dR!$+-RaItS{-ham$#x8I#7P8uQF_9&2NY
z#{0(0`<L78yu7Xf!S|4mXK4`fU0Bi{rnRwAoN_f@Y?fD4PU-eFwgywT*Guyn*MFCL
zdpu0MC%t`XX%GM2XEM?_*y(RFB*}|Ahh;LPcoQe1D2k?Kh>-#Ujc@hOSr$Vc5%!2`
zkI8)os)$;mUfl0LqAqkCvG)RJoglvY51B3}H?G`Em~0!4oCm;ar1qZ};gTu>mv^P?
zXyY<r!Aujv+j56^cOPKcaSj)@KSP!`^J;P^(Ad(}IT3<E+{l}f+mSn!VHNId_2S5T
zoG8!^IAJ0ogmRBESoQk)S%7(?<PNT4!h?Xjf$|`31}U(#1=u~#PfyD(FVL;s?}mP(
zBjUsUwni~46)XjhqICr<pww6^b4(ZX(vXzHD@V>sD0ekb`PHZmF~6QawM?JLbl5l?
zEFGLJ>3HTxD?DQecAe|xXdap6r5mzt73OWkahNLm+z1#v22k3L720JfC3+^Ut7J_s
z7q#rjwLdLJxn`!PwYm&UVp3)ZTVhkJN`jJCHTHOD=t;W_b$^`>PnfP~FV@6^DM`>Q
zpW5aX&B<5nh&vI7Z-Z+sSCG$0ra`#+fo&3+wgv(Xi0}1F9KA}7ELw01<m_OcY5kc_
zikl9U80d=*v~|%=aKrhM)LM8t&amBYw=CbeD-}JyM@IF6{FlTp5I#H6`+~%O`HHkj
zJp1b&Du&*TZ`y8D9?!l%)!t@V6;hxuM9K<8_epo<pX{Mz5jRJrPtVfvOGFD@WoQZ!
zdUNQoh^VNDi0H^DwmZRI&23)#`tBEHfhO9pzG+uu6c4tVLz6N5ZGk>Y<eQf@LVT#|
z)COjeqCwHavr!Jq#fPh;`JA;gHWy|>1G)9tmFp0~G06;o^un}aU#vFSigfZb)Hck;
z8RQAfR#uhXhKb@5DTB%y9!|q~SWf(s5o^h#VQi57k~2#DH<Njq+D{0THN<K@W_`a*
ztTzsGrQnqo54@$gXsTFS9qG;;XdXR=*W>h;(0==VG^+20756jOjme;7dZ>Fl^3n}`
zMp@!QOenZn%A&0Sw+_=(;{{i@i=|`5A0$i-`D9wXI!`W*vyubyB{nq1GD6yG;3uM%
z0F&7AavStC3&C!)wc#1cOQ)<It6Fu~uA-+;GTDyuB??F5bFDg~;Y4n#D=89gm;)c*
ziSw)t&cW>B<*z@Uwwv(=uUN4QB3jjj7z*O@`M?6ovtL-rul-Q^`X>g=CNkc8iN6GX
z$?&S#)4sqhcDE>RIM*pBoigj@B|MC@hjw8V)zM-2llhIYny8FcS`?8|u)4A6I4_b;
zxBtF#$s5dj89LxiXi=tsr0>3@BULGrD7jfo>$X^MvM8Ji@f(MHuD`ptd*-xf!K)}A
z`cwPF%5)_M0gTqgV|6dKs7K=}a{8ClLrUDSt`V;#jXQH{6@6kE%K^o3nM80>wHgKA
zpYtkk=EU>+_})zmuVT&&_k!2e!ojzNsE#gWCnJD^HPw-iuY_zT<2mk*H*|!lSnO)*
z<e3y@>z%x0I+&xns3%X*?6?8-EK{l|ek^euEJ-U*f%1@wD8c?r!3kqH9_re$Ng!9-
z6lqbM8LLbInR990YDKS2tGY3Dt1D~}b#Nc?TqKN$4ycTb7K<fMS3Xpnc^{F>rk`gs
zRn;wMa{T|ebj9!?$DuOb9YEpGq-&V?&*or^dzXb&+6p$eK?Q;By%-u#aJ0e>@L|;v
zgWu*1q3uH$wBjj(4)`b+w}H?~-T=-$ZH!uOw37n90L~X8dZ_cQXX5*(VRiFyO<+p~
z6^qssb@lzYXGSKx)@gK=_8^rAYQo&OjwTfv3Z!u#T83qzW(<6gR-9WxAEB*%Q&~h>
z%5U6rKkxFsVtFb^x@_0CDV8(eyW@4k=={KsC(f)cxX_ssyVuWGKW_>o+~&2Af;d7?
z3hZd3hB&+AS?67FdO;pQcS+?eXnju6KVw65CKMPr2K$7$Gv<DO{8{qKF#`s3=~Kd+
zTDLB=VM&VeS)wnnBY%j~LksR)h#aRULDBd_T0Zy6T8ehh$zwd%z8vv)=<7-$vIL_o
zP|m!oJMTVSnt#AU`}yS9qv*dl;N7X$5(*L`DaB2Bx)jQi@T7{s#`-?7<0@`_6?z2l
z6lB%-GH?W=N?)x^Xui9Bi~1}u?uHGYv%B%$-B^!iDz?(Y2C$F(#=5hx&$ZTRqpBt@
z0O8s^{vTQk!?4aW*8Ek_9aFpsV~UZ_Rp#qq2xM=#E6T1a*Iuj+H?LYcI_`m}Li7Sx
z_{dOb_qfvWL*b*f<M3>uW~!P8zg6Xb1;SAWrZ?HU>7k)v&HpQdr45W(HXitwNVuJE
z4*hZ#>>b1ei@y`Hosw*4LbNIW5YN`;9e0qmVcYXr&s8kC(TE_^WL=Qps^c?)>$-V4
z^UrR^dzgFRFzTgl=Dq$a<0qcBpa;bJ^`s~_f&~XM)X+{LOML)#ON}mJ!YETCiH57e
zp{9^L+`eAaL9feH2{jfRw(Slr*_h$$c|}8{<F~zWFFPgg4KsQt&CV(TV%vob-;Uv9
zStNEbaQ<=#nR$V)Mb*%ui~ZKcbrJq<fgDijSa${Wj&}L-5?Q!|m#_m6hT5-Ri!)g`
z>bUS7o@O1B1&l$)Ce}Sy-BR4khMSvS&&%7vN(0Nn<Ao5ev#DJf3a&xQWPL>0V>8XW
zb;;`YR(5dz%)Se4NLX?pLT|O*EHk@gq_(`R(1-@^mBV0q_{m?T>wo$GGT9iHN9p$U
zcXiZ`Ou4o6iaC;9tZ74}qx0^MQ5%YSrRpwY+`q}eoEwR91LYfwqVEfnZ9^1INq$At
zJv85pX@$bK9=?&YsV?Yq7v;!$J2s3l#`m;(kUUG-jlmApe#Pw!Hlq&q?1l^oqRyf<
z1$n=9Ow26cFIVX{%5vSY3w#f`7(01-=Wf}&Y&$}mnQC#f0fi!KL~{#?^^4KwuW8>Q
zFXaU1)h&SqOJBY)|H`=a7F-d(aB?bvv(@1}Xz!m1jKo(^c?55ST^cxP$_xSb%gF3R
zG^-P$aflO>S$M^D`NenJmnVpi)5_)Qx??7Xfm4Nx9WiKtnDJYIoGniO)gSms-rMyA
zAwMkV&c(8#DU-tBu<AwiqxVa6eug*0$H;e0fwIz{!ig!5_ULOVHwrOaK@=?d(G<8}
z53M?T<l6J~;{iXU&Lr|q^VP!UMSw@MEm&zguJ?d5XNyc#ja0{ZTFyDTZoY64E7FJj
z#rmFu`U2)c6<j5Z|64PF&ah?(z89)N^2qo7fg!1AJ<Q4(DGnA#!ze-TOi^c(Vo<uf
zB=PlbC9^f_GwXrHWtZu|KC)5JfO(kkxn{crO7?BFhoWxq4a+AI*K2C*3vD>%7W!2D
z)E(-Ns~v*8cwPQfknRVrj`P*eR_<?$1Fn4XgG}-bQ?{h@0q-BlB~64Kz@Z78`F@;Y
z8GCoiKl7yw_=_?cpLCC!^RCpcMTG7skJ9tsVG(5<Ua-!n1XtV+*hhn&Wjnu!4&p|V
zo!o$t0QtQRLeC$x<=8|19ex+HvsG-Qv<2<ozg^JVT+p6K{z9?R=qBLYY0L1qOI&I>
zTq&oz3cF|fO*-l%=eFaz4vjXg=x>A4$MlfZX<Zj&J7rI3Z-@=e!3wdpqCw9Q*`;E;
zq_{AZK+Bex&~+`=TB2h%;c_;vK>XdL&~#rNJN~_(Ims2gs93Jup=3E)3P}}#2dJ1O
z*n#9J*R@`{Ac0E%E8kta4&{v*9FVD~Zb!mKEEe6{GD0F1320(CM|}*_15nEFM<HO(
zvp=@Ol}R9=3-N5WbpgqgsUB*yjS*aq_qocXjv|ds=N-?!Eh=Y%>b+#fWR$j5(>ffn
zSRf3Qj)+;sDG3M5baf-cS;$pfE}n5FX#|xPWi2AKLoKIP7*`mIm7aT52^7eWvZTN7
z#tv|>6edkHErH9eOLh52LvVky6bVNMXnca;1Q9)jh)n0)@9>{djfcAg$l528eCKz=
z6)XI4aKehpvXh%`oxqIY(zcHfFJQo8!9td62VHi{+CBVEk7q)2<lMIpm8wahbmBZO
z%iThR;k^9QAW}3R3vA`F5f2yTP=_9#Y#AZP0i9t!>LyL=Dm0;1;$u})fXXQRS?(41
z=f<Jn`+f2oUSJHl_2(GX&!MMZ(7~geTZy{x+)n^t;L{%lu&SM#_g}tcLdW{W`LzLI
z3q1NG0t0^i$Nm>rXsBnTr`LUV!vhRF66ve*UCDm$PekD-4+bcB2DAN%ftv@e#QOsP
z*<IUOcgcy`5wZRWINXTFT53KRF8e8aW_6efbsbJzzM0q_DL4(<^N0KyBReJev>W}J
z+&?ARW(0Teg&cW1;}tNrK32r*5qU6Yndwkin4k#-Q3p~!)M`wDk}HzafkHuVVUbo5
zsehfm*q@WY2^A;nr`aAL$w%lv82boOdHvh|TC9zJ!@fK#0Xiokq5$E>qu5izbh8si
zm5)kwn?1ab^mnwOlps1kl^1OTvHWE$$|28hF7A_2pYIBui`B5ZWW{{TL0@qy?J^~8
z&K9fR*qb*3*RepNzvRW_gyvS+b70#!75<cT1T)Jq@0`i<mb=5$#EBdeu7p>0mwP-N
zBCZM{KZMD;vxK~V5S&Eb@o&C_Qan{W>5~@s(3pf>L|kn+UD$F>!W&|qE_nnIg$`l(
z85y`wE?L@w0<HiXVsvxJRTv?3ObY_nY`|I3IgV$U$9U>r;xsJ-Hb=IFD7WesH`EZf
z+qV7y_PeytNi$)F#V7&F{!tr>Ao$aM8k0k?=_ha!N$CBbsFNX;>VY!34_6nw7?71T
zjOb?+(YQoCqwA6QvE=kRw}EWi)b}{Cy>D+_(di4hph8o_!ICd{aE>ysa)Nbp+yx4F
zB4v3cRePnOS8{VJk7FW!c@#o$;y)uC)<f<mSOYNaB8H{t(nZ3J+0lS?v2?MKGm@tw
z!o~FT1tZQs17?7#{HDh3S#ZjY&cs*nxUQS~|NIH24;WBM4*<+=#$L2LTkrfh%m2To
zUf820pM2GA5L)86MtF|9?<ikCyv(~f_+oQ<@elE#vt!jyi6+smq49-uCkdL7N+L7|
z72`>aldvQei;(9f+x~7!<59%KrHq3g%}6LwmO9BNQ;#SqOBW@}YnDbVHk|A3`nwUJ
zj)Fn?JLIBaKnw?@=~1piJO?D~Qn^8F2js{F(?&uo_E*-jX~C=vY~8YV!rTy}l8UCu
z`zT>4i$=+NI)QER%g%y7f)nHP-PuWGf}-~t+re&vxb}MALU<`aH+g7KS7oq@VV6wJ
zC!6Cxk$3=gb#%`mL}?9kAJp1UC`}5OFgX^x4}6%RHiT$YRCzB$Uj#l4pjjD_H!7}U
zUhTUubtG)f;F;Dm%y7+)-6XnNaCK#3P9vEHHY{+QYdL0f<!Em&ZS_iD7TZI&9c`jr
z6S&rQ40`Vl-6?o-bnfd|*Oa(UyyKOjq~UX1ojhv3;(la*5%@Op4egxe-0_Jh3P%Wc
zh^&ajASIv>!-~-{`d1Qfi~%{sYZ0}KA>Su^LB9e(ZTJHR|D+R0#*&|+OhQMG$W<Cy
zsaY9bil$Q1U?js(heY*H@5S0#v@&j@WyAX_@*m7bHZog_iO#1v5%Y-K&XPa={v37-
zNu8jOoSd)KssyPRPOrVTLfIItZXmzh`5L7hZyPh7kdD=)c7*~1T0zg+```5@QU6qb
zS6|Ff5BxqB2pX6PfQ<x1^Apn^$D;CE9tHG*TIR2yX)6~=Ylm?w7q_pV0mf-->25w^
zMb-7%JlLVbAimG%6tIpDEXbGeQ_Xm959OCK&MUklH^|rf*h36(^RMp`|LWc$q|8{m
z4t+nB7WVf+cIT{E&9Dh{otiAX3OdF;Z53_u@H3u7*S7f<p-FQl>gi}@y3CPPJJbQR
zCTb#1v%INy7pBqh29WpCSOrVbse&!Xo`0krnHeiXaVs#Pd3hTJp*Af(H91_Nn1(^Z
zXCpHh3K7S{J(M|I`7g;7kDKDSje8FgQ#Td7=BdEAo`fkZNwIVcQ_QND6~nE4OdX|X
zF{SU%Z1b&i`NWN5WNk_nCE;REO5fp!3CJ&DaZuLCoHb%%(3cKp%zq{LdK8sJCa6<v
zG$H<H-8SkIR3Zfce&Wn$nmyO5Q><53o2?HbuhOP|@(rCBb!$uCc64NbnO7uYdIAtV
zX(D}pI6*u`emG$=`@T3q97!Zef&i6yVZt9Wb)y79TGB)X5e`%(1z{GJ#rc5b#(WlQ
zGfA%X1^;NLd?xKv3AT2}Fwf0BdhgQ-iGO!~Uz<m~vTmcqcuaoi+(($A7^76t_vtB}
z1_(QE<FX<2sd+G_7{sgNVj@g`86u6j4^n%Dw&}wurA(+6(uP^1>%!6|_0SsL`rNzk
zB*_?)(k9pZSgKq1qQSG>_M+gsF^mW$)yFhg>yxrBj|fCF?FZp~;q->#0@k8ok28;9
z$T^0jZS2#iFAe!*a85wj)c6sbSK~y1cus?%dB#qlpC?TTCDkSs1ZrawGLMK<+s3r<
z?h{iwkBD_K56OK&Ddhe@se}oj7TXC^D9Ha+i8MehaU-ROleSWckDS~?N}e?Aicgym
zE}}rCJ})Z(0{3|cZ2&>yN3f(QWaCOIb~2_&Fi5^jcBMJt$$71$F{T!68&~XxQYs}v
ztq>}rQf#AADx*@a5NVR;i37D6q(=~*s8VbfN1=e4SW#0~FZsj8m?*RJI#ZeQrTO#D
z;ec(YEC2UZyVZEHf?v~iw=b)nK*u?0DnkA1TbexWrZS&tE?qC}AKkU%Cp>}Uxum(k
zlCKLMh0_c){QIV12XsWl22dle*v6mPH4ES@h*_Xn00J<<sZao%pR?aAkN~(-lUT)L
zp$3)KL5+0ONko0uT0q0_WCKWi8eBs#rXCA$EGB{pL8^Z~rr(qwJ#arv;$&&BNm<-f
zuMrq`T&puVnEfMOW%x{c`S`}9^t`jXrLiMb70Zr3;%L>|vKiI+--c-QMPWkrhY(qb
zzBC!CA6WdrhW&;EAH?+B4K1@H;ataVUR)U^CX+5r)2P6X^6vED^WXrVDqq|2{{b0}
BX_){3

literal 0
HcmV?d00001

diff --git a/data/web/fonts/source-sans-pro-v21-latin-regular.woff2 b/data/web/fonts/source-sans-pro-v21-latin-regular.woff2
new file mode 100644
index 0000000000000000000000000000000000000000..e49928e8297a96a91c41824c0362e354e6a5c867
GIT binary patch
literal 13036
zcmV<IG84^rPew8T0RR9105a?V4FCWD0Ck)I05X&S0RR9100000000000000000000
z0000QKpVn79ENfRU;u<33jGk{1q*~a00A}vBm;<W1Rw>3W(SHa8*XJK%(Lzcls90u
z^`CW0uA`!yir!;HO3qi=|9?%8W5i%zH&E3tMPL$@D3>TCZQ-!O+R~&Vk2D2(NgfQz
zgVMcbf?Z+d@ag-G%YDy@9_-&5vF4mBjcO`&*xBt0L<MpoC$f0#V{zZ)j*&1|kdB2V
ze9er_KNChBo;ov<W7o&0-h9~^*f#PfIeGurruC)KXh@oo$3$a<c!|)PIEe%HKHCYu
zegUvM;_A4muBorO>eimd@y*-)q!Jj(Y&F>@s~rMvI|KqD10z+2AsU))x@igKXm;J<
z`MLFApBycWZ46eh$Y#wpBEq0-un^A13KZcKqtLUe?#^n=^Aw){U;E!a_m00m^UV~O
zs@jNz;?|(jG_g9-R8Il?@2ArrwzX5o^3(}%BH)i0hKrI@Y*n?DoZnIZaIj`y!kHzS
z#tEi)q(}6ro<Bfm?|UR5;h<KFSgd=2s(DK}Ey+#}q<9fh01g%oVP=%r1zLW5?zsI<
zzHJwY3b~;0UE%%)t|_sf8_UfT2nDRCL~AEZ5%$joN(w-iqyYs0F8lv)s|H?o|M^Te
z{#Gn&b{FwJ1PQZ9W)h1?b-n7Ye*NcftyoR%AhTF+V~uGG(%tMJ?lFhKe9*`=2#Gjk
z9tDJANeDqsm~coF;?S<9m9(|`f9ss#y#ZRYs|UzsWW)_f?~KA|bV2FYTJ1-zgMx!r
z=b+pD5CbwhKXS-uPM`K1KV;;P0XmzR1(X0XK+MKAwW0sI@wL72o0AN0!9GHhC6ZEt
zfffMg%U(^MgwYLW>IfbsRF*0IZ+H9ZZ6auUyQe)a5t)V|NRS{RVcz-MWlZg(_wRfw
zXM#jX44w_5W;1(4)EHveOVLK`R~HZf1^@s6Q(>zh8*PLfbO>_61xQN^GG!VvV-_-R
z5rzQhP8uM~?t>>`^S02Ng2vHnO+xl=4muD*0Kg}ONIzDLSBxBpu2yfP&TSlkfy$rQ
zH2}1YhdpSE>noDLhF}0H90x#v^qNjINdO_$`a_rE?3azXc=O@etGkwF#JyGh&tx`l
zDbVM_p|P7+%Y_KH{%OJ9$`eesD=xK87xO5mW_z3;YNMadl;-asrH8=fLUrJ(qnSbQ
z-Nu*ZuvEBe;Wes(9*q8$=gXr%_lKT*p~rD<d;X;}Ee-#BpoG3vuo}wDTCbH1LcfRO
z_}2#%Fyf&{0G@gVd*KD*mCwkq1`G=_7;GLMZeCu5kB`jHPZ1EH2@3KG2{D9)`9wqn
z#5k~ogpj19u#5~OufS1Mgq4&y%F3{c3P)8{L`{uk$PlWbLAAmP9xJV+TV<7m)iwy)
zXd}PFj*%UAoZ*xU0xr4=YZ>JjGY#t-(9K&Ea>EV6J@>dg^hnfGPencVT+B-^#l7;H
z>5Vs-x8CC3d53xLJ??{#qJHrU3-XK`1|S1asVL>LQ~&@8F~|qwPWcUg``D8LF%=*%
zg$clj7%D}lp2bwt*D~=)wThQT<Dx*3N73XbiO|C^x~*6#cP55}RfJpKRO|_3&z+(B
z?FHh)sD*m*(1@5zPe11RUU<Ia=4H0pSe|(~_gitzc<1RX>)9r`fm<W}(P<)9NxYg>
zm>)O-X7ly-aG?S40Nra*Yi;bNa_Zvcc~LOG)`WA>1Yhn?lPNN;Srx;+ijo67HqD5K
zo!U9NM3^J>dd^cks7h*kCjLl})GJdq6iw%)z4hzw?Ii_)tU{j@Ss=@<R0y)uj7ktU
zGm+74REoi$+&UwH*pt*;I*UurA0l5uA1C8>AizRl=@fQ#lA<mYs!06Do%$C56@DVL
z9{k}XS=u~FP**>$|5y|CLtpFXXD+ei9Dkx}dHtn7L8%ADr0TS+)l)u;5UHvf3OHc;
z;G4&TLZ3U(&?NSL6%G4e=LewgRPFA?wLK-Wx;e3voe`7Mq5I><&ku(B$G&B0+-pJ4
z*<X_W*GhyMs$Vq`zLsJ~6#<pmqiA*_Dm<r)i9ye~Pu(C4+0eSxV#`*6hk?GBh7Id@
z6~Rl#&>FN^>vRy)n!bVePEkul0d-RU$Gxa-@H#zS<7*?}t6<Ba3s^T%i?*#3z6vBK
zmqFhKjJb7?>jtW38;4qv4HxPgC<Ig0%4D7f^E>5)&Pp!zGA3+^C94@*)#*57c1-VL
zQk*>Cd{sD!X-f&Y?CRwf{9*F4S;aI5uD&kVivcUEGB|O7?XBV<6TsoOE`Iu{kEKeU
z8?A@?zxMg}=|+O7A#KcNK}jPtizi!ocxj5SCzh}fc+NvwmshOy`LeIadS(ib7HnEv
z@U62R!gydFln?(&&LA2ap_MN|!ND3lf*klw&J`DOtW}luS^siSpGHiO$p8!-B7_l9
zQ9??JOV%p3Jq}7b?4-PwDK%XKYs{Lp$$~|jJ@&*_U-`;*-}uH3-}%l?2=*Hv06zdo
z7sKFJzPz*mRZv(|mLW$1K)p#dO(k*!P=uxK^XDlvArZP5#s?c+;0NvfI!Fd+FSSu!
zLa{v^1fU_NK&4hK00Mt{qzu3Xz~P9qVW|jW5ypf89uQ{0CP&D+vvHaiN+npWzmbAH
z2;)QuQn*NElfq3p4>4Y{_{haiZUOQNl3!>*P#967QY6a~k~7k=4|1`DDuaXyX{uzX
zk*RJ3C|h}yPX$a!bw)YxDOVJ9f=O|bxE2YcBJ=U5P+dLZ@Mi+bR8*NNsv;`V5ILYx
z(qT!;?`43i&S>wisCt<45w-a&_<`N}^qZ-zImY9Z4Z~^1y8OZXXNX^$DJ>52ZN7d_
z|9b2Nct&_+OTnP6X<~R`a~4)$o{aUUn!v#=APsS%Hwo})m>?YjkW<^NomQj&)ls$Q
zmFC5iw-%W1e1OD}g4TW)D7K8uSB@WZ5W=OYIRRsrTLHHN4^WxM`XD&}3dcoLOf_@W
zJ?6({OvAqBk26IMoy%=A9?Nj9DHDG~<xyd@8SHBDdvI<N@@eSp$0_=-dzZsmtTwF_
zOA0eeCR5TyRJW_mE@2O{6u0v4w@;S1D%G(ntlWZ!Y#Dlz6%=hBD5GOcqDFo!uLaR(
zgGtAxq~!}pt@-DVJYbWx!nS_=gNAuk%$rw=F&F_r=_DqLDq=3)-y}m?hOpXhwnGj{
zIb}rJw2qbL&0FnvzguH_M(-Vc`lV%9LIjr>o5KSjcZz(n7?4+xGHfoy0p<#pNV<7k
zk=OMUY>y4WmfHXTJZ(9hN4b4&5I_)d1<JSnFaQNKQj`E)2s$w-a3NM{V2~RigOEcj
z!}bhFN+BP`VIo8tfDurokVYj&BThF~uOlu7lEg{o5S1WRk_>4wWsG=aTA@g>2}NSF
zZF~84yI6LExI?74K-9&e<dUl>ZyI5m22q`YuAKR(4W=z2E2Y7o+#t52RQuM?{wyKL
z(&ftB%4I^yU|5Up5*!yl=!%g~R(B!2STYwa!<z{hv_at?jwhYSbl|DOurgelh!5aX
zr`<sw_h-6DZ^Xk^0<`c9%UKJ?={tsM{*nO-%okTvfDgB=M*y9}_Z~gVXt=Ygf=zC7
zdB?;JO7HDlmBk{oP@&*4%$koQztX~|tOo#qQ1?9d(&v8g)6_#u6GhrmmRw$3oQuuP
z!{L?SlOcKDUdl)kLneN*QYZz;f&+Z_5vq_FZZrS^?TNO%0}h}H+9aKXzr8dlBM5b=
z02u&i)dFaUk_N0kW}OCh;X<5df(iRo2bP$G$?g%+vJUd2i(pKVKg(gjFcM+c8^~FN
z{OxW3(kJao=jy4gn(VOxc<r7G7PT9xfFBBiP=?1hQipNeVykVo+hM0&cH85WXP$fE
zCC?UVwkoqtneEXIWp=i#t;M!tPeqZ<(UxSu7r)QBNcN+;T_dvFmOZ|BVyoN4xMCd1
zn@_G;%TTPKRYnWy(J1Ukz-<I7C9((d%8XJrlfNqvh;=BGKqv`zM*sO;aKSO#K?9|z
z!RHke0AMmajS%=if6M3u3<+5lC=dh*2*~D`QI2#O4w1uLdN_y`<`Kmciagkejo4V;
z<Z%seuqxULuZTWc8UmpEHGHp}Q18?&J^OwgB#raC99Tb(pL8I<9zWoK4}4M-#d-L}
zWUwe>++J5y8e+m2z&IiW&nA=TT*8tF2s?~vgpfoLQCZaJz&9H}VG4-L?w#&5Qg4<2
zo#SeT|F`w2_E;1C+fa9S3jW=eJ2TUT(1X|Voh~pug{1(3pdtkbh4!^9uS{Tw$bo#(
zLRe%xr<mIJM+Am}NGWpEDW{!r);Z^0aM2}~U2)Yl>y%D_OP(Nqn?syZ90d_CrGP)y
zM)F73XfSlKx3~!Xs$(I<hz=^z4zPSFF*w5DFto(-!wEq0VW|_BASNkl$ZD9Mpva62
z7`lBcyav4XiBx+PkfmxosB+}SuW?zD%MKRd<EyTHs;GjVi`RF<O}E^3$6fc__rPOM
zJoE^Ix0=4!9HGqGShch2emMqUCX_t_fZ4VzfEno@Nm+~+5ilv&TE`mW0O|oO0Dy6?
z?MFZZ_w(ET?Rfz9X3<~x9R)z1ZyrDe7{CB5AO{Qr<bX^Bm`)=AF|0{x<R~&)tAj3j
z>Z|{L+`QYj6T7o}hHxP`I4%~4#wFnhI1-MJli>`wCfo)*0Y4i*mk>jU`vsogzYi*K
z$Y|v%Hb%EYu6gEL+&tS$Gvc$NprT~mbX5!<G7Hedk0{7+Me}#80QmR+-y<WL^y805
ze*p0C_i*ULbC0SYu72ozsJQDv?Sq>8j~?9c$M7Q%U^T#cfDKv!&H`KqK8u@}=RSBk
zq1{sZJ@HwwB^`aZ9X^<2wb`~l)|mdqXJ0L{@Bc`D+3dUZ0i3W+zaRYQ@WLCfytQU$
z5L+G^^`F)D6u?XW9CDN&MRr+R5C<L^^VV12EaqimW|7Lu<`X+77q>JXK0`FCP^n6_
z8np)08ETk%4H^yC#9^>yx^!D^g_QtE2>@mQ;0KWL4aofsxCMaS0RS$*z#$lP(yU%C
zxMc=K?^XG_M2(8;-t-(^(W9zSs8`)0cP{WhYVisAFJP7-hZ<xRSRq4I27luRO?rOg
zBFfa_2+;b?Y?Q~w1lzdVaCdgV>h)F;#>ZVG+Rf{~7Dcxqp;VG|)z-9_d`nDEFd{gO
zd4$O{Giqs7)n_I{LJ#X69`*2`;%hMB<s#`7%)>q0E(N@YHxSXO2xz)X<J{EBTp?OO
zO*5q-5>gWR;>Ij1G8XbkNjDNKYC4=}tn*sLWNykHQYc4lTTuuv%7|&IYPn2iuvQ6T
zctk{qHt}pTOUS^8K#m%57UW3fplLEYqzU$_h_h-b)`%#CeF&JY=Rglo;_^SiK|A12
zdi=D6Fl0`yai1{8kP;Rloe{InRe@r2ffte=nE~!2r;@{*V>1BF(7c~>ntaX)9Op!#
zFg#@WtRv>SMpSg3;AAoFu$dIqb=|@MX)<Y&c@&%Tcn|>w0uNqx!O?)Rr(cCz$j+(V
zRL65UL~g|4Vo2MMpHB}JW-dEp_^FpSu*#CJKydHUo88UUvQOj%x!8CK=q=;fh71>4
zCz=m%{EOtHw0~U-sH@B*DlF>`Ee93L$Z==ek9>cMA<NCIe4tLV?V0TIf{BJKDInb$
z;B`{J-)66$XS^siM@G4=q#qiwP<&pZFAwD!Uj;%BC}bxsH-*{oL3KZ8&$9+jil%^j
z-_-AC1soDZ>pXp0z2xuVQF3EVh6A7Vc6}wg%+<n~ESVjNRb-E?P>d$=9hePN1LKwm
zda%(0ZEdTN@x&dnC~v%J<?Ij@mV?QS;|PG^S6?L^w925qReh;WPBCZ)xf|>U(y;3q
z)YGqL=vEly5EUj3F8st3J@Ux9!%4utB*LUvLx<;k6_Kz@D2Es)r<c|r*|G}=qblQi
z9HYi7Dwm;>pMIb50v(P=_iFZXLIQ+~d#|6H!z`VEX}0Kgk2uOKJEqx592>h^@;-OG
zMs|>JFjx~XE48iRr#<HIXR<9Xm<Y4Wn$LFcKV2&`@phv>Zb;uoW73!~9UmzGF1FKn
zOhW)MkQT}@ONa8_4&L9+_oGpuo>MgyC5w6=)yH~{GtQN}N-s*U@CTC`BIvOK`sM2-
zm)U)Q74fqt?A`vcD(C)}7aU4`W${~QoL*j@4BZ0zWZW+EX1%Z0jm(FN8B$s@Koe^l
zT_%$e&du}k{6Cbp!|GqD_Y|fX140in9&AwT()8~Zwh1CgUrSSR28gHLC8<t(&HnJO
z!O9IE79UwUcUFzQ_k6Yu%Ptw_u+J&BcIc)x@&G}Eks|H})CnU8<!*oN*^o`_#V)BN
zUK`p+(>sEzNVHfunhWg6*jbSG@##!VaQoEr?;YxR@!c0ObnJQNcC<7bF6!SdAhvIe
zpwW>Lsjq3zYtGfH+<cRw<lVD~zZejOKh#MWyLF0<`0LO!Ve572Lg%tO(%WQ>zJJXD
zo>H~)=DVKjtU_wk`vShM`cnpVGFDS<Gs~KSY9(vU3*for5Rv)C#H?V$wB8umH;Bg?
zVZ9mJHbXAZVV;3S;~tj-!{m+BX>=~3R7e`g(#qXze;pW$ue{0R_~uvoz-WGq<Bd9f
zW$ou#@~kN07&@<aOVkw}y9JZ@vOB!{T4knYT)&cB#xj<#iZWhdU}Wv{W#y^6YEyNz
z&77XCTKa-uHJ4$r9;PttTF^cAO?%G8ZN8dP-C2y_26kp5E2mWD=g5`E0uM+X&8DBH
zHds{8{Iq?B$7{W&I%|u~b9XMShB=MJO8a7I8B#&flodl{cs|uCC+jj_Qk}_I?#8aU
z?FD1~2|nv8?~79Rc(={t;`8+r<1P)sHWr?4@^piivQlK_Lnw+0y7p#0I`K!AzC)fO
z{}p`0Dx)&ItOT6Z{U0XD9`W$uMc9{i%2R;6G<NUa^jaBWFH4?^=c4SvL3EBP4vtHn
zf}Ubv3@a6U$cyi5u2tX{AOb0<y;;YJEvtyEUIfITbSNz`F>wuotda-w*9FGZt))ZZ
z$+s<UTkG#Yan1LBq(m)Hh(RN4-TaBRGaOGz=_`C%K7*gmoZZN3z#*>~+RqNq`Ef62
z{+uPtFq)8Q8AOIP9c9HY;Zb39F%!~%^B?+C{$%Jc{xfjd>D5vY6O*TfW4c!9c7tW}
z=YO`^9PwFZdht9yWwc2oA@LcpveG{3$?mlOu3d4|%)UnDp~6s@Lq1L|Zc?eBf(pI2
zXLMmFB(B@TibM~EPF_{Ms^-`rXp(pIlbqj(RnsZfWLg14rVs^g-;K8NI87B{hfqiz
zH#Mw{ah~ibO45M!&+=p??|YkGCgx`JuC^%Na1DMgUnM&f<`e(gEUcdHV08zOLShEL
z-J}FVr;s<7QX@hM3JcDTCgx-5K$xR1Yn%accbptYh2qOo1OfvsK|(IoWPps;Glxqm
z#TI|-zgi~ElJfo4@Qx|FVzRV)Ds!$4b@ykt@~U<Y^^kRM0z9ghp+X1EYzU-U7UiS~
z6msrRYbz-?N}oY7c#^8iADEFXWNjPNO{VLPkXu_?#@>>GKQJ8jbld|X>e8`?u(Z45
z_rKOC2J$pXM~{|CC+Su|kAB%<knI%L9<}F}97U5lg}FP#0LU@3Z8zv>5A`0XZhFsB
zAgHKrNlMK4$)xpN=eM|#q&gl4v2vX-$2w$hr90^26>bE^=B-zILliFR|JdcNG=bM-
znJHj=*>;l(@^>T*8*$zpSjh`C={VIYhh6aqPwW3Hh!_Zl<bO|0`1O=k9P9E$?E!>8
zoEQbJhaoay0hV4iLF%)|bwA$15Q4zJwo4icX{qzyuj)F6X85`Ff9XDg+QJ*fq>3IM
za9ETQlkT>KI$_>!tAequ|MHuR4C4qW1zHP=pfNZEdL)$w0cYt?aH=*~dIu{i%3I|2
z_5TsVzJo?Ef}S(vs?-KvmoRI%KCSy<qU2~GTB!l^yVm>l=>C-adZw;^Vcl*>^~dg2
z1D2jSK~`Jy)j^fY>Enr+_vJoVwG;DJNXO03IK3Y|2;0AH|I6<3n1``v%^7yz$xpGf
z-uT{BP6Y*|SXR-eJ5!#v3aiVceo$OscE2>tyEkvB)Xy@BUjYd#gvTIGzIOPl=ireI
ztxsB?WuCv#@(i3Al2m#;<Pg}pZ_smzZ?C#Ps{r5QY~{&!s*@n6^QgWID>2Hr9OqkT
zoz-E`sM3d0tt}&qeW_BO)XsL4hc%?<t8~gdNk#)mgL}ritqW^wYzrr)c@?>wgU6R@
z@ibMQhS%)za7X57RqRyq<EwSWT#(cG=c2AP%et0robS`y8XKmL9ox{>XtT~R+C;wa
z-TeJ6*Zk^Rc<{sYg9LKn8I#?%g|#(~g&k>`hCJT>>r=Euo~~FUX!eX9)>%y)z^|WX
zyczqbiZ)W=9mE~v>+}h^!r`TMf~)W`(yHAV4MZVdV>{`)C`rzDi9Ub7R9KXy;N17u
z^Yf4ThP7RK&#}KMC~L{@M;Q8{{@9;^WAe*8oz;w>8XCl(H^wVYc<F*@fi;ZkQ~8Y7
zOHCaRz6u0hSG>VD%S`PMC$LhG32bmrtJk!+y4tj$)$Q@NxXlaVVDsV@ug4<K(6L8)
zMpw_s%2Io@2e+K5138_0t%He5pQUngX<Z#;Dar6?Oy&$xMgg!%GT%Mg$9zEi4FCJN
zqp~nMQ%G&5e0Gt6znB8)tja7Syv9ctB4UsJejNZgo#*wH1ex1lcjf7$Rwov8#g2%}
z9^yz-X|!p4#}E(+H#Q5_qmm04e63l=A)JK2$)~(NP0@0A0%tx$E-z&ekKeQ4SYjQY
zfel72$s-q@BWkz;p|6w+{<fYlJu;oJ0v%jmBUFy5p5UG2qU0D-=nP{@NnDfM6RM5D
zLU85stn8{{6uOKGp%ThMZWow-aTe&AIxE9a);6fR4f->_rZ=a|{$$(c3;PRdi>{e#
zD06qrDl3^fIl|Hml}BIxYb}}zA`f`_6?s{G$7^3h_iWoU`m(la4mk4)x18+xAG$wh
zXTcV5?ANi`*}h$$l8gfogg5@<-IaN4_Ag+`%Zitodbru~`DSn!u5??p?wP(NQP`j!
z3N00T^jlmBMV9TV%cU8rVF_+(oR)Z*)iE-nNY19l0t%d9!Tp34>rQ!&_+^GUNtD9k
z$@N}YbAi%mP&g}c+_DlQ_5=I(e+opyHI;ICz1yRyuaT=b27LQ`-Lpi7fkpC3yq*d@
zVVPGH=E8xmatF7Ka>*Kslw#Wb?=a6^?<qqSY_E-iG-%|yU$5Ge$Zu0Tl1yU>K)|)t
z3T3^^t*S3oiu23HRD}m4Es#AU*F^lY`}jZ3#4{<7Rb`j*-A+){t5azqht-gg8o%gE
z(t3=cz)`8M>;<3C9;#PkvjQM=2L_wSfEr19x{&MeQn|6BV{6rAk!4r`+vcM1$Wdp|
zvGERWLAp<*WXf%WS+*^-3qs*uI(@HDctJSA<W-OeRJJby_G!+jII@)qJf}QI{7Z3m
z7SCZS$`^R3hW(tBRfZzqIhFP|?85Kp;Ul{UIWu15RF4O1;H*D{6`s05mqMVTqK%DS
z;CX5YG{QdGSaivwS6L1|!)8&CvP61o(Wu7OG98%UFj0<x%PZundbdZhwB(BNUGcb~
z{08-Edxh6$uT-lXl|HYd0;HYWW~hY0on(4JaeD^|;CUnjT_VcQ_vi3{K>pOn>fdk<
zCZF2~%RFl((<<s+{S5PO(QUgB5Fl#T4>J=s!z`pGR!5q*@guQ1?hFaI1Q+C!=<VP1
zI6CJi7Uf4;i_zldQRP`q7t?{=(Ks;^$6AYtzc;Xsp~szIkttdy8N7r$71@?>i^>Lt
zbQu4bq@NVQ1hnv5+x{251P|d3b5Xv)OEqldkXEC!jsCsaVDUCK*t_XTdhVcJgt-Um
zL73;}4oX}91gvO(;xi-b!*#__eWY%J73sDiCq(J$q5242u?gv%@TANLO^ndDK~0f{
zIeHj~SpNT<XW5#Xo>51k-s~P(O~#z}T?5&sVaJzVgN}{fp&bUYFGU^S7OANhgiv!{
z_a1qgUJ|wmX<i9+4>GUF2y^cUk7U^l41i_)9{x&i&tIH~9^gkPnm5=XL5=J0%vnoK
zhzrln&)?$AO$RTO8~}xhSB*KZ@XeM~cG@blO6k60$oheAGV|sv-YSzOCXN&3`5hmm
z*u_8Gkw)?TW8J@!n&UzJ{JxD{%hs$}v_k72x<}6m<_sS_sikG~6fjKdqB~)@h9|l=
zpFN-b-*?FH)Y@c)*HSgPq;B|vJ9RAF?-i!kfm3j08ehNy_^MFM-+gdgAw?uIir-#H
z6LYf*$5vtRa(`QTu8KIk`_@19M4mEDw5>eHq9wRUu!ebXR6|6uoK1z^Km1~oxg@;Q
zm`Ax%(E3?F_`1JYLe;X8y>z`@sF{UH7h*Vauf!<cdKn@dUyj1HWone#UEwjbT!U4B
zAh@iQXB<U+sgUHWmh8&b2y=>yF;yK+wdtu;;(`gB1Eu+zosy9w^a@*r*JrC#P*Caf
z?n%`BA2ua{bq-F1Qw``RAu<uQ8%rG3)m={`bfY(6Nu5-o+~FATzzWKT6$s7b6fGrX
zm31vTv0=l!QCxL;I+%E$mty@!GUx_pMZm-0+C+lhk~@VZDUm3uECx|oo>)dQVJDmy
z=lP~vMz(6i2faKa<HrnK`*`g>Ti*z`aAc7lq@A1ZISjntZON3PQc6Ayq81YjJeQ5V
zg)korpV$<h+`vfmBwFQ}pr!Y0uZQ;p8oM>q&MOYTM|4iYQJqbK8|TNfZ4K!#{L!Xw
zi(p38F)N;ahq0+w?dD7WZ=SYwv4^UmYT5WJ33e|ihR$Wh@}j~&Z=AOymby&i-(_G@
z5<kKtfu4Z?`}`6@?w{9b=!s|WDcflxc@B%4CS)Y*=OZKtdom-%XrM5adb5m9*XzXA
z519owZn27<IoOinrHF@pae9<Jd5kun(!WP+)rttOc74w(O-}d;{wb>4(7m#*uc)xD
zZ)JDgh61fb-#UG|ezZhl7(IQup%u6cb8a*VcWMwT)Uq}Mpl}NdCwCf~_+q(HNzpS7
zz8#YzP-T}_q$_lzo7!#8*^Q{(X7CDbFBg5Bf8N2A$WqlpQdJh#t~NNaad`GBK1D}7
zw@sJLka%l-4w*WY4=r<fbP{n|0UcC+IJFxMGY3OEmfql<-GUWGEzFyqsmt5~Ucl|8
zLePBH#*oO}PQ5NQRfYfO$lh3<+Wa+YU+w)waTZOOX*4Q|in#zXW6k8dL3yTPC0lJ*
zt7I0wS5>N){!uaBuylw?EwGX{Tp^84Vy5y~!~M#xxoBi>NlA&4pX=j;{(upr1NJql
z43&8)Ut%`5k=q9?hUJ0p6!{F1i$^19iXK7~p_#{Jr>0T(-l9S)eow0kx|r~j&gMDt
z7*Ul!*+jNfD`fPsNfY!0NGdU?xYSS1l*?H>BSYvkfTn#anMIB>kzWVpnTwPxjXg7n
zZznCiDymIl+W4#yp!~XvPVrcD!F+Y8UeZxH-mrAA353DR>Nj^SuU}VIruOo#9qp3b
z+&Xotd6c|JqdwbK(1&go?$jbys9OP@TUa=$)6m2hON=UtfwB2lR}N2^U0RW@(2j0w
zPYoCJ3;O~_Bp<M?QD$(=GtL#v#x`<$jLUz%v2YY2A(4PW5)u;#K(|)i^D8JS&>zXb
zB&bk0JyT;W0*%K*NBQM@{qjRcC0x$xR_y%9r9TuXbQBSj@agB8fFXhv$A`q5*B}3k
zqXcvCn`&Nu^0CDBoOCPs*R$PdZ7TjUDkdQ@28Ghlym52`sPWWXKjteJ-&OPDqhiy<
zTJt5FB3Jw8W<62v^@)QK>yskr3Sp*lcvcn-7Z@9YLfr@Ho655+bX-8(cO?3Ld}0zq
zA<6)MX*-svP*yfCZSDeDT6)ISX8!S>1C%@Jr)s+Ifpn%6E(jLRWa_jckxs`HNp~Y!
z0B;fB6NBrUm1V|zZEeQ;%2KklKyt64K@rD-tj#NoY@^rkKgoL_e_`G>cJr@hHb`2?
zZu-^4-kJygStwuV5C>=S64^Kbj*a05XNn!|<ulm{l-*obfS1qR`VIQFjl&P{vbeh`
z31$JBy4D70h|{~Uhs%eGYpG~9L(y@bMfn(Ylpso-$eY@s03j=)wpA#!2jqT#E_)7;
ztFrut2xnzyrI<^yOJGXxSV?{n`As=8xRx7SQxX5><C7QX*O}76E445y<q@W1DTQ(h
zli2jynE1Sf#fUV#3qlL*4jbEv-_g{Vji(vV2?zI@5?@?6`&IhGuW0fN3vty_e9c1>
z=JEL_ctY(%<MPQJ3<6_Zk9?2TaV_;sZK2Jj%B!Oo8Jj?3sJ4lfoxvMpxAR72r#FFV
z6$|c-nvJp09;~6-$6BnDGBd3c#+vQ67ISIr-@v36izlDwVR5olGQQ8p<j}fDkoawA
zvCb;jY3w50H_z>zm%tSjKb_0VlF50QaQFfQnQ~c;C<$mfGTFjr>#&YOqnRWC>60Yi
zJ8Q??OO8<mFg+}Sk!q?y(+QE$@fc7(7?g@&qB1Z~l*(#Ma6n%|W}`(Uo)TCESq`%U
zgO<5H1<YAevLY>iMN_%9r>Swi%2z(e<C<5RsT`gwXHgay{HK4x^9>dQ1)av#o2U$Q
z`zilEG3jJtlMi=@lBZ2mwTw3B>c<L8%cL{1iXDHno6}ios2KO!0;CZhcXuXc`Hd^F
z<jF}65@!_1L7sI>Go$CG%kmIAgs>;aXM~$3Teqco2l$J9wk-!(sI4xyft_%DT5Va0
zn);%Yl*Kw8iS4|vVB1M#YS6!PC)glJrv+?P3EF`mB_}Pvf<YQXM0Eyvigi?q+@w~e
zq!={jC9A|>8=P&W6?LPNu(+!P!bd5UHzEmBj6;lu6)(F&;iZargu?qlII<{B1?uJx
zHNom2uABR{YAe3?r{%qjC948E-~tP+sGIhSKs=N}xt|=5|Nm+9-s_U?(1PpVqJ>ty
zTH&^W1IG~!m8sv8adkvuF7~o9ttxLwagBv=_`hYh!(-_xGnCpVma7bsl!P8I38qI4
z=2kSH7Dp$);tz>yfa$?@xYDL!q})6RjSt4MO=6zVEM^m0lu%R=k?qtFU%G{Z(D?}{
zCo(A-egby`gWP*%T_G2}78FMi>XPFpW=ca+uw(g3!eRJ^+u^Ycl^JGTBbKR+ViLM1
z*>p1(4i-5#Fvg|(7_A$QXX9FQdfeDtknVhv3tO+NgX|~MP1~35&J~aq6uUSMu{bt%
z3L<U_;4}{0iO1jqqW_AE+cgOFS2BZV038z<C3In-xFRHS5fNRcsF`U%lNBPP`WUYa
z;-U|c`_k<}CorhzVEaU>kxa1)MHHKnM5P)?RGUahwHnCt3YJD7)H*7atq}@@VATfv
zOe#rkHS%~Wl9Q;diTEyJN*7)(FooC!j1~LT8jjw;QET_<jRR`cKoITIXai+Lf-F#@
zX~l+;If<GlLl7KeszO0NhdcRa3GNRr9muBr%=*txVo9o4)W**y!jExWy(>!-Qm!Z+
z&`~#R+2f$Hyo}`54<`IivQcFA=9xmufrv*J6-pxHj52`^7PBH8n_f}k720Skev$qs
zh$I>T_SLKvk~tW9qyTGr0HMs_;_@C&kG6+Bqeq?LSoa8{`w01CbdMbCe7)+K>|Sjz
zr*}C}!E?q=h-%W%dxK*_f};cFjDe`;iESlJ2ct70H43M5m4v1L;`#?h1cwd^zQeg5
z=5rJ(Q<^5gL%m!OfUC+19XhJUC@9U9kEjt;_J1gE<euov`XJ--Pn+>2mFqI}s?4#j
zI&~&k4X^H#RQG|Kl}C4|b{y5JSpc4<+Nc8gE&G-%U(ywo#mkkhCH~?S+vDqJ;{Qj^
zZyO)~CLZ|)QMr@@7bb4#)1l6M#W9%+;p-THpD3pJU<PorwSR|d#{unu9QJ={y-X}m
zSU4f|S+Zz0bJ`$o+v_8N3nV?SuZlzDMPAyhrQ(*9%bQ{_z4B=7zyLoGgWS32)a~F%
zC?xX5Qoj@Mkik*6gB^w)KR5XzBnqS*j(g_@5jpsIAY8F*(Sqr#LDa5=4Nqr`tJ$Jt
zE|^$q%0C55GV7;#p2O_sVNg97x<^_yEaQTtgYzI@)+A&-z7>tAjVVF1>;jDVa4H6o
z7hQ^aUtm3kX?uMwX3%VQBSolX7A}qwq-~@MHJ~j^8Y%@=<ZBf24HA{8*Pzgf*cTVK
z4-q$#*IRKLF{n5bw|8TEn5{eLtlx!LKV^HUycf`TJL$BYyey>Acg7<9Fc^SDf^eaJ
zU@xthLM^6I>#3CbNwKfc=vT3byFu_1cR|ME5&zym#Kx_n=Lj)6av_%Pqi^|A3}>MQ
zP~=)(taHm!!w(A5kOdVR=C<sP7c%_l476$}X~R5j^r}Id4fD89%SH|(?ixCX4Rc#@
z<Et9lZo@ooLc@T!M5>Am>t;4>$3txRkd9MTq*^zNz2}Uk9*bF@8TMJQjU2_hiY#T_
z%w}xrR;`=GW@Xjk6LzOC{-Q9!B~08VaiC8&y|uI6sDRa*4ahpwCLju@IYC|Y1Zc-q
z2gjeVy)CnZ0p0r5GTp1X&_}@d5%~89)olk4tDbn+a#6h)$#nCz6Y0hn2u{iNqEG8H
z`YcXtq@yDpsmMp4)93XCeNkW1m-Q8WRb4B3Jcp!S=nvCCy$#F9*vlFK;*(DA8g%Sl
zs@%0ZTbD8qINk0+Cr<4IU9%xYiyzer%<1!y`~vX9{=DK%bfnXCqO){{&Y`^G-g+Pn
z{^LIV`|#iQe*mNY%3tyU_E6c4k5|)g044#P-j2I>^|pqc1O`m$E7c~Qs+mtTjNp=%
zuw`-px!+q0Z7OHp{{Uw#IP)na?|r_&OWtdz<O$>eruC%~+`!61Ewm{IF=c{P18q7Y
z^L``uOs}Q>7tVb9w`<ofuiDL|zhiYtZSJEBIn!G$nGv7z&G#8NW0?S7DAvdMd~b30
z8YDR$4<I*oSvUV4H74FU7=4*Gv&jXnW`X_dA{D0WPBNKV(A4{ZO+^6Y`C6eMhZ#z_
zVOcQ{;GCoF#jftMz6>WqJ`R0+jT*SyT=uq-wxPQ1qOPYlY%eY8hB~asMF#0ix<<5v
z2;+~c4aQ~@^3H?EY?{}PXcY94<|QIFE_DzZi`yzE`junLdYsVYI-O9LSfF;v33b7U
zzJMtv0x!1;jU`LE)?O!epD{M{Zk|826~kMgGo+_9DcY{la-4^{c{kv{ksJxc<U=^>
z1@;EtLFo6h&kl95Ya%;b&9)jpW#$*o-GJqvyzEI@w|^x~+rC{^GFvOR+0<n>Z*#01
zt(LvBep;1+K>(B5_)Bij6s9Zw2gB@3fSd1Q0RZlO+FSq2-VKJnQ-Fm5K!CmZ^A!X~
z97lFZesudRC7U7JDKHgaW~Q9U306s|NTPZx)wMG{Sy1s2?dc&;ExD=akVT#qDM&vq
z1lo`=n=ErMV6()}4{5o3x&+L=5sb>yDORIn_a3WcNxU#~xF_(1(bv1xJCS~K;-O5A
zXp(e|M?as-$Ep`54<rt4>naIzejnZe5#4ee)|a}2>9$X>e=0IyXhHgag3zSC4`2IL
zhZ(%*BJiyW=CG~sGt2R>u5`a>GM~?-_YC#r-Xs{3_t<$^;cs0M&)hu?kKa`=8FZUU
z!Z>*`>}6U>^GJF_i||lh4A%z?g$v0*BN`~n*$wJLQ-&t49<R?*bcQboy~QmY&t7GU
zICILuciJ&*j`#jj5MDa87HRPu-?>|tfk+|hU8JyTTu>yIky9HBHXa~G?GX|W=bf|H
zI4BJWlXf0}gaTj<K`pUBDBtC&h@m}X^^G|W>YlT$PyAZI>>PZnK+I!%H&iBr0-~j<
zx|?8H9!0V@d^u&TAN{Psn;bn`N`oaymkl*7Ab`-ut3{PEF1wc}L44tOKZ+VmdgK6a
zr3g?Uc@e^D(GKT3PwVm*#^WZMP=Xej3am`+0JI*Xa0+KojyibZ!Wf*!5L96fR;ZN|
z%XH`8L_|JQiRr>f69hrI0|x}A13Qru0?s8{j3TtcjABShGKyzl2mReh4v&(JxIBs~
zS}EpS1Q<7Xq^?`9R^B(Pr(Mfnr>cHmrc`zHjHx+dw}VbVW+WQcqVlGWzN7R~yDE-r
z88c%_Q_pEFy)(S@t`0{-RozOfY%s2CV0fp@iW-t?dHA|@Hkj5lsih&Kka_iuWfh{;
zRx#F9o$rCQ%}(1LvB5syK#oX@T|2AIL#JY$iuv3UQ@3?bM`Z<Tqisf9d(A`^k_>h;
zZ5Z#<@i^|eJ~GYSGLl;5Q^L&k_N;22$yAMG+AbE9Ig;KsFwSw@^doI&&t!H-6@wXv
zHBH-bj*j%_@I45su<pivI?v9x92Eda(lWAg@(PMd$||aA>V`C|u+l24t+CcR>us>n
zCOhrA`*O_(9g-9Bex7pL8D~K&TaH|L@@;h5S@TMi>Qv^eRHs~U^<L{J%~kpH?Yae(
zX4~S1TW-tn%6p$>sa9*SIzx0Ds@^aS8Z~P&+z2=28*P*^T8y<)zbVFPHQofTZF}iU
z{$j-umkuGwixmeU9uf*#0!)G8OCX^{l9DuuC6RPwMWQLmdJrQBdW0g#x}E;A-7%-_
zJ7}$SqHMLzQFV0SNZ>`IK#>@Q)Si>1)*q&sYC57o$tb#*1{GUeh~h(r3SB~&5=#mj
zE_{TDC6^K@a+IjiqQ{6CD|Q@RmdA}}lKq0Hu^_%S`w}D+%x?p}h~TSlcEQ2In@g+M
zpNSGDNlI^qTkflO$74^DB~OtuRq8Zp)1}XlF;nI&rDn~Rz3)Gy%yioI244&ty)vqa
zft-<o_T$gqz4`m7-A-#daWJ=G^iOJVrJ%iSBRiYap4A!HZ_o3)Mf?VTD8z3J?6f=6
zrFM02=HdOB>wTX3aEsx(e=7q<I$f{MFh1O3xXv&P>oANDHyEbF{C5cNQysjltguIi
z@v#u!H22R4v-?(gFFRm(ngQd(Er#n1!>|s+_;7<^D&XZxSY_ds56>siX4pDtNDJf#
zTfB6Bs78Y;4DC-f`{UIYK}=PeJu5$VXtas<nG!yttIp@qkMG7V4kv_3tkMn5ZR2WQ
u8&C7w_*Q@xTgkyTiPg$H+9XfR;^V!8D9Z$${uvf_!&~p(y=(Vw0001!A^9Qz

literal 0
HcmV?d00001


From fc0e6b6efb041c6fa85024d101b44d4bf0a5f2ec Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 6 Jan 2023 09:21:14 +0100
Subject: [PATCH 111/170] [Web] fix quarantine darkmode style

---
 data/web/css/themes/mailcow-darkmode.css | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/data/web/css/themes/mailcow-darkmode.css b/data/web/css/themes/mailcow-darkmode.css
index e1824420..6e0db0e9 100644
--- a/data/web/css/themes/mailcow-darkmode.css
+++ b/data/web/css/themes/mailcow-darkmode.css
@@ -358,3 +358,11 @@ table.dataTable.dtr-inline.collapsed>tbody>tr>td.dataTables_empty {
     background: #333;
 }
 
+span.mail-address-item {
+    background-color: #333;
+    border-radius: 4px;
+    border: 1px solid #555;
+    padding: 2px 7px;
+    display: inline-block;
+    margin: 2px 6px 2px 0;
+}

From dd9296ffc28d6442d479f0f41a90950226cccaf2 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 6 Jan 2023 11:07:44 +0100
Subject: [PATCH 112/170] [Web] fix extend_sender_acl issue for domainadmins

---
 data/web/inc/functions.mailbox.inc.php | 95 +++++++++++++-------------
 data/web/lang/lang.de-de.json          |  1 +
 data/web/lang/lang.en-gb.json          |  1 +
 data/web/templates/edit/mailbox.twig   |  6 +-
 4 files changed, 54 insertions(+), 49 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index d67fa3e3..f6162cc6 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -2879,67 +2879,68 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 $_SESSION['return'][] = array(
                   'type' => 'danger',
                   'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                  'msg' => 'access_denied'
+                  'msg' => 'extended_sender_acl_denied'
                 );
-                return false;
               }
-              $extra_acls = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['extended_sender_acl']));
-              foreach ($extra_acls as $i => &$extra_acl) {
-                if (empty($extra_acl)) {
-                  continue;
-                }
-                if (substr($extra_acl, 0, 1) === "@") {
-                  $extra_acl = ltrim($extra_acl, '@');
-                }
-                if (!filter_var($extra_acl, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($extra_acl)) {
-                  $_SESSION['return'][] = array(
-                    'type' => 'danger',
-                    'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                    'msg' => array('extra_acl_invalid', htmlspecialchars($extra_acl))
-                  );
-                  unset($extra_acls[$i]);
-                  continue;
-                }
-                $domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains'));
-                if (filter_var($extra_acl, FILTER_VALIDATE_EMAIL)) {
-                  $extra_acl_domain = idn_to_ascii(substr(strstr($extra_acl, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46);
-                  if (in_array($extra_acl_domain, $domains)) {
+              else {
+                $extra_acls = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['extended_sender_acl']));
+                foreach ($extra_acls as $i => &$extra_acl) {
+                  if (empty($extra_acl)) {
+                    continue;
+                  }
+                  if (substr($extra_acl, 0, 1) === "@") {
+                    $extra_acl = ltrim($extra_acl, '@');
+                  }
+                  if (!filter_var($extra_acl, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($extra_acl)) {
                     $_SESSION['return'][] = array(
                       'type' => 'danger',
                       'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                      'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
+                      'msg' => array('extra_acl_invalid', htmlspecialchars($extra_acl))
                     );
                     unset($extra_acls[$i]);
                     continue;
                   }
-                }
-                else {
-                  if (in_array($extra_acl, $domains)) {
-                    $_SESSION['return'][] = array(
-                      'type' => 'danger',
-                      'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                      'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
-                    );
-                    unset($extra_acls[$i]);
-                    continue;
+                  $domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains'));
+                  if (filter_var($extra_acl, FILTER_VALIDATE_EMAIL)) {
+                    $extra_acl_domain = idn_to_ascii(substr(strstr($extra_acl, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46);
+                    if (in_array($extra_acl_domain, $domains)) {
+                      $_SESSION['return'][] = array(
+                        'type' => 'danger',
+                        'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                        'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
+                      );
+                      unset($extra_acls[$i]);
+                      continue;
+                    }
+                  }
+                  else {
+                    if (in_array($extra_acl, $domains)) {
+                      $_SESSION['return'][] = array(
+                        'type' => 'danger',
+                        'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                        'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
+                      );
+                      unset($extra_acls[$i]);
+                      continue;
+                    }
+                    $extra_acl = '@' . $extra_acl;
                   }
-                  $extra_acl = '@' . $extra_acl;
                 }
-              }
-              $extra_acls = array_filter($extra_acls);
-              $extra_acls = array_values($extra_acls);
-              $extra_acls = array_unique($extra_acls);
-              $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `external` = 1 AND `logged_in_as` = :username");
-              $stmt->execute(array(
-                ':username' => $username
-              ));
-              foreach ($extra_acls as $sender_acl_external) {
-                $stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`, `external`)
-                  VALUES (:sender_acl, :username, 1)");
+                $extra_acls = array_filter($extra_acls);
+                $extra_acls = array_values($extra_acls);
+                $extra_acls = array_unique($extra_acls);
+                $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `external` = 1 AND `logged_in_as` = :username");
                 $stmt->execute(array(
-                  ':sender_acl' => $sender_acl_external,
                   ':username' => $username
                 ));
+                foreach ($extra_acls as $sender_acl_external) {
+                  $stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`, `external`)
+                    VALUES (:sender_acl, :username, 1)");
+                  $stmt->execute(array(
+                    ':sender_acl' => $sender_acl_external,
+                    ':username' => $username
+                  ));
+                }
               }
             }
             if (isset($_data['sender_acl'])) {
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 89942e4e..bc94e619 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -363,6 +363,7 @@
         "domain_not_empty": "Domain %s ist nicht leer",
         "domain_not_found": "Domain %s nicht gefunden",
         "domain_quota_m_in_use": "Domain-Speicherplatzlimit muss größer oder gleich %d MiB sein",
+        "extended_sender_acl_denied": "Keine Rechte zum setzen von externen Absenderadressen",
         "extra_acl_invalid": "Externe Absenderadresse \"%s\" ist ungültig",
         "extra_acl_invalid_domain": "Externe Absenderadresse \"%s\" verwendet eine ungültige Domain",
         "fido2_verification_failed": "FIDO2-Verifizierung fehlgeschlagen: %s",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index bec5351d..e1323f94 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -363,6 +363,7 @@
         "domain_not_empty": "Cannot remove non-empty domain %s",
         "domain_not_found": "Domain %s not found",
         "domain_quota_m_in_use": "Domain quota must be greater or equal to %s MiB",
+        "extended_sender_acl_denied": "missing ACL to set external sender addresses",
         "extra_acl_invalid": "External sender address \"%s\" is invalid",
         "extra_acl_invalid_domain": "External sender \"%s\" uses an invalid domain",
         "fido2_verification_failed": "FIDO2 verification failed: %s",
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index 289638d6..36fe053b 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -200,8 +200,10 @@
           {% if sender_acl_handles.external_sender_aliases %}
             {% set ext_sender_acl = sender_acl_handles.external_sender_aliases|join(', ') %}
           {% endif %}
-          <input type="text" class="form-control" name="extended_sender_acl" value="{{ ext_sender_acl }}" placeholder="user1@example.com, user2@example.org, @example.com, ...">
-          <small class="text-muted">{{ lang.edit.extended_sender_acl_info|raw }}</small>
+          {% if acl.extend_sender_acl and acl.extend_sender_acl == 1 %}
+            <input type="text" class="form-control" name="extended_sender_acl" value="{{ ext_sender_acl }}" placeholder="user1@example.com, user2@example.org, @example.com, ...">
+            <small class="text-muted">{{ lang.edit.extended_sender_acl_info|raw }}</small>
+          {% endif %}
         </div>
       </div>
       <div class="row">

From 1e98784eee64240418d6e6df2336e2c0d7ac9dd2 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 6 Jan 2023 12:09:15 +0100
Subject: [PATCH 113/170] [Web] Opt-In for third party ip_check

---
 data/web/admin.php                            |  1 +
 data/web/debug.php                            |  1 +
 data/web/inc/functions.customize.inc.php      | 33 +++++++++++++++++++
 data/web/json_api.php                         | 14 ++++----
 data/web/lang/lang.de-de.json                 |  4 +++
 data/web/lang/lang.en-gb.json                 |  4 +++
 .../templates/admin/tab-config-customize.twig | 14 ++++++++
 data/web/templates/debug.twig                 | 20 ++++++-----
 8 files changed, 76 insertions(+), 15 deletions(-)

diff --git a/data/web/admin.php b/data/web/admin.php
index a3b908b7..cd3eb890 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -103,6 +103,7 @@ $template_data = [
   'rsettings' => $rsettings,
   'rspamd_regex_maps' => $rspamd_regex_maps,
   'logo_specs' => customize('get', 'main_logo_specs'),
+  'ip_check' => customize('get', 'ip_check'),
   'password_complexity' => password_complexity('get'),
   'show_rspamd_global_filters' => @$_SESSION['show_rspamd_global_filters'],
   'lang_admin' => json_encode($lang['admin']),
diff --git a/data/web/debug.php b/data/web/debug.php
index 45c4456c..52052f68 100644
--- a/data/web/debug.php
+++ b/data/web/debug.php
@@ -65,6 +65,7 @@ $template_data = [
   'solr_uptime' => round($solr_status['status']['dovecot-fts']['uptime'] / 1000 / 60 / 60),
   'clamd_status' => $clamd_status,
   'containers' => $containers,
+  'ip_check' => customize('get', 'ip_check'),
   'lang_admin' => json_encode($lang['admin']),
   'lang_debug' => json_encode($lang['debug']),
   'lang_datatables' => json_encode($lang['datatables']),
diff --git a/data/web/inc/functions.customize.inc.php b/data/web/inc/functions.customize.inc.php
index 16c5c036..6025d97d 100644
--- a/data/web/inc/functions.customize.inc.php
+++ b/data/web/inc/functions.customize.inc.php
@@ -160,6 +160,25 @@ function customize($_action, $_item, $_data = null) {
             'msg' => 'ui_texts'
           );
         break;
+        case 'ip_check':
+          $ip_check = ($_data['ip_check_opt_in'] == "1") ? 1 : 0;
+          try {
+            $redis->set('IP_CHECK', $ip_check);
+          }
+          catch (RedisException $e) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_item, $_data),
+              'msg' => array('redis_error', $e)
+            );
+            return false;
+          }
+          $_SESSION['return'][] = array(
+            'type' => 'success',
+            'log' => array(__FUNCTION__, $_action, $_item, $_data),
+            'msg' => 'ip_check_opt_in_modified'
+          );
+        break;
       }
     break;
     case 'delete':
@@ -276,6 +295,20 @@ function customize($_action, $_item, $_data = null) {
             return false;
           }
         break;
+        case 'ip_check':
+          try {
+            $ip_check = ($ip_check = $redis->get('IP_CHECK')) ? $ip_check : 0;
+            return $ip_check;
+          }
+          catch (RedisException $e) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_item, $_data),
+              'msg' => array('redis_error', $e)
+            );
+            return false;
+          }
+        break;
       }
     break;
   }
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 0d3dbb2f..1823e5a5 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1544,18 +1544,15 @@ if (isset($_GET['query'])) {
                   } 
                   else if ($extra == "ip") {
                     // get public ips
+                    
                     $curl = curl_init();
-                    curl_setopt($curl, CURLOPT_URL, 'http://ipv4.mailcow.email');
                     curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
                     curl_setopt($curl, CURLOPT_POST, 0);
-                    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); 
-                    curl_setopt($ch, CURLOPT_TIMEOUT, 10);
+                    curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
+                    curl_setopt($curl, CURLOPT_TIMEOUT, 15);
+                    curl_setopt($curl, CURLOPT_URL, 'http://ipv4.mailcow.email');
                     $ipv4 = curl_exec($curl);
                     curl_setopt($curl, CURLOPT_URL, 'http://ipv6.mailcow.email');
-                    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
-                    curl_setopt($curl, CURLOPT_POST, 0);
-                    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); 
-                    curl_setopt($ch, CURLOPT_TIMEOUT, 10);
                     $ipv6 = curl_exec($curl);
                     $ips = array(
                       "ipv4" => $ipv4,
@@ -1917,6 +1914,9 @@ if (isset($_GET['query'])) {
         case "ui_texts":
           process_edit_return(customize('edit', 'ui_texts', $attr));
         break;
+        case "ip_check":
+          process_edit_return(customize('edit', 'ip_check', $attr));
+        break;
         case "self":
           if ($_SESSION['mailcow_cc_role'] == "domainadmin") {
             process_edit_return(domain_admin('edit', $attr));
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index bc94e619..1832cddd 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -204,6 +204,9 @@
         "include_exclude": "Ein- und Ausschlüsse",
         "include_exclude_info": "Ohne Auswahl werden <b>alle Mailboxen</b> adressiert.",
         "includes": "Diese Empfänger einschließen",
+        "ip_check": "IP Check",
+        "ip_check_disabled": "IP check ist deaktiviert. Unter dem angegebenen Pfad kann es aktiviert werden<br> <strong>System > Configuration > Options > Customize</strong>",
+        "ip_check_opt_in": "Opt-In für die Nutzung der Drittanbieter-Dienste <strong>ipv4.mailcow.email</strong> und <strong>ipv6.mailcow.email</strong> zur Auflösung externer IP-Adressen.",
         "is_mx_based": "MX-basiert",
         "last_applied": "Zuletzt angewendet",
         "license_info": "Eine Lizenz ist nicht erforderlich, hilft jedoch der Entwicklung mailcows.<br><a href=\"https://www.servercow.de/mailcow#sal\" target=\"_blank\" alt=\"SAL Bestellung\">Hier kann die mailcow-GUID registriert werden.</a> Alternativ ist <a href=\"https://www.servercow.de/mailcow#support\" target=\"_blank\" alt=\"SAL Bestellung\">die Bestellung von Support-Paketen möglich</a>.",
@@ -1004,6 +1007,7 @@
         "forwarding_host_removed": "Weiterleitungs-Host %s wurde entfernt",
         "global_filter_written": "Filterdatei wurde erfolgreich geschrieben",
         "hash_deleted": "Hash wurde gelöscht",
+        "ip_check_opt_in_modified": "IP Check wurde erfolgreich gespeichert",
         "item_deleted": "Objekt %s wurde entfernt",
         "item_released": "Objekt %s freigegeben",
         "items_deleted": "Objekt(e) %s wurde(n) erfolgreich entfernt",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index e1323f94..4472d039 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -206,6 +206,9 @@
         "include_exclude": "Include/Exclude",
         "include_exclude_info": "By default - with no selection - <b>all mailboxes</b> are addressed",
         "includes": "Include these recipients",
+        "ip_check": "IP Check",
+        "ip_check_disabled": "IP check is disabled. You can enable it under<br> <strong>System > Configuration > Options > Customize</strong>",
+        "ip_check_opt_in": "Opt-In for using third party service <strong>ipv4.mailcow.email</strong> and <strong>ipv6.mailcow.email</strong> to resolve external IP addresses.",
         "is_mx_based": "MX based",
         "last_applied": "Last applied",
         "license_info": "A license is not required but helps further development.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">Register your GUID here</a> or <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">buy support for your mailcow installation.</a>",
@@ -1016,6 +1019,7 @@
         "forwarding_host_removed": "Forwarding host %s has been removed",
         "global_filter_written": "Filter was successfully written to file",
         "hash_deleted": "Hash deleted",
+        "ip_check_opt_in_modified": "IP check was saved successfully",
         "item_deleted": "Item %s successfully deleted",
         "item_released": "Item %s released",
         "items_deleted": "Item %s successfully deleted",
diff --git a/data/web/templates/admin/tab-config-customize.twig b/data/web/templates/admin/tab-config-customize.twig
index 4ec6aecb..766c0b6a 100644
--- a/data/web/templates/admin/tab-config-customize.twig
+++ b/data/web/templates/admin/tab-config-customize.twig
@@ -33,6 +33,20 @@
           </div>
         </div>
       {% endif %}
+      <legend style="padding-top:20px" unselectable="on">{{ lang.admin.ip_check }}</legend><hr />
+      <div id="ip_check">
+        <form class="form" data-id="ip_check" role="form" method="post">
+          <div class="mb-4">
+            <input class="form-check-input" type="checkbox" value="1" name="ip_check_opt_in" id="ip_check_opt_in" {% if ip_check == 1 %}checked{% endif %}>
+            <label class="form-check-label" for="ip_check_opt_in">
+              {{ lang.admin.ip_check_opt_in|raw }}
+            </label>
+          </div>
+          <p><div class="btn-group">
+            <button class="btn btn-sm btn-xs-half d-block d-sm-inline btn-success" data-action="edit_selected" data-item="admin" data-id="ip_check" data-reload="no" data-api-url='edit/ip_check' data-api-attr='{}' href="#"><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
+          </div></p>
+        </form>
+      </div>
       <legend>{{ lang.admin.app_links }}</legend><hr />
       <p class="text-muted">{{ lang.admin.merged_vars_hint|raw }}</p>
       <form class="form-inline" data-id="app_links" role="form" method="post">
diff --git a/data/web/templates/debug.twig b/data/web/templates/debug.twig
index a9399a12..60e78bdf 100644
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
@@ -52,14 +52,18 @@
                       <tr>
                         <td>IPs</td>
                         <td class="text-break">
-                          <span class="d-none" id="host_ipv4">-</span>
-                          <span class="d-none mb-2" id="host_ipv6">-</span>
-                          <button class="d-block btn btn-primary btn-sm" id="host_show_ip">
-                            <span class="text">{{ lang.debug.show_ip }}</span>
-                            <div class="spinner-border spinner-border-sm d-none" role="status">
-                              <span class="visually-hidden">Loading...</span>
-                            </div>  
-                          </button>
+                          {% if ip_check == 1 %}
+                            <span class="d-none" id="host_ipv4">-</span>
+                            <span class="d-none mb-2" id="host_ipv6">-</span>
+                            <button class="d-block btn btn-primary btn-sm" id="host_show_ip">
+                              <span class="text">{{ lang.debug.show_ip }}</span>
+                              <div class="spinner-border spinner-border-sm d-none" role="status">
+                                <span class="visually-hidden">Loading...</span>
+                              </div>  
+                            </button>
+                          {% else %}
+                            <span class="d-block">{{ lang.admin.ip_check_disabled|raw }}</span>
+                          {% endif %}
                         </td>
                       </tr>
                       <tr>

From c44281f62d0e18de8bff3c42e46265ee79afb716 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 6 Jan 2023 12:43:10 +0100
Subject: [PATCH 114/170] [Web] set domain tab default active

---
 data/web/templates/mailbox.twig | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/data/web/templates/mailbox.twig b/data/web/templates/mailbox.twig
index cdb6a428..d1044288 100644
--- a/data/web/templates/mailbox.twig
+++ b/data/web/templates/mailbox.twig
@@ -4,18 +4,18 @@
 <div id="mail-content" class="responsive-tabs">
   <ul class="nav nav-tabs" role="tablist">
     <li class="nav-item dropdown" role="presentation">
-    <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.domains }}</a>
-    <ul class="dropdown-menu">
-      <li><button class="dropdown-item" aria-selected="false" aria-controls="tab-domains" role="tab" data-bs-toggle="tab" data-bs-target="#tab-domains">{{ lang.mailbox.domains }}</button></li>
-      <li><button class="dropdown-item {% if mailcow_cc_role != 'admin' %} d-none{% endif %}" aria-selected="false" aria-controls="tab-templates-domains" role="tab" data-bs-toggle="tab" data-bs-target="#tab-templates-domains">{{ lang.mailbox.templates }}</button></li>
-    </ul>
+      <a class="nav-link dropdown-toggle active" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.domains }}</a>
+      <ul class="dropdown-menu">
+        <li><button class="dropdown-item" aria-selected="false" aria-controls="tab-domains" role="tab" data-bs-toggle="tab" data-bs-target="#tab-domains">{{ lang.mailbox.domains }}</button></li>
+        <li><button class="dropdown-item {% if mailcow_cc_role != 'admin' %} d-none{% endif %}" aria-selected="false" aria-controls="tab-templates-domains" role="tab" data-bs-toggle="tab" data-bs-target="#tab-templates-domains">{{ lang.mailbox.templates }}</button></li>
+      </ul>
     </li>
     <li class="nav-item dropdown" role="presentation">
-    <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.mailboxes }}</a>
-    <ul class="dropdown-menu">
-      <li><button class="dropdown-item" aria-selected="false" aria-controls="tab-mailboxes" role="tab" data-bs-toggle="tab" data-bs-target="#tab-mailboxes">{{ lang.mailbox.mailboxes }}</button></li>
-      <li><button class="dropdown-item {% if mailcow_cc_role != 'admin' %} d-none{% endif %}" aria-selected="false" aria-controls="tab-templates-mbox" role="tab" data-bs-toggle="tab" data-bs-target="#tab-templates-mbox">{{ lang.mailbox.templates }}</button></li>
-    </ul>
+      <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.mailboxes }}</a>
+      <ul class="dropdown-menu">
+        <li><button class="dropdown-item" aria-selected="false" aria-controls="tab-mailboxes" role="tab" data-bs-toggle="tab" data-bs-target="#tab-mailboxes">{{ lang.mailbox.mailboxes }}</button></li>
+        <li><button class="dropdown-item {% if mailcow_cc_role != 'admin' %} d-none{% endif %}" aria-selected="false" aria-controls="tab-templates-mbox" role="tab" data-bs-toggle="tab" data-bs-target="#tab-templates-mbox">{{ lang.mailbox.templates }}</button></li>
+      </ul>
     </li>
     <li class="nav-item" role="presentation"><button class="nav-link" aria-controls="tab-resources" role="tab" data-bs-toggle="tab" data-bs-target="#tab-resources">{{ lang.mailbox.resources }}</button></li>
     <li class="nav-item dropdown">

From 606eaad8f747423fbe8241fa8759095d38a15fc7 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 6 Jan 2023 12:48:37 +0100
Subject: [PATCH 115/170] [Web] set correct type for routing password input

---
 data/web/templates/admin/tab-routing.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/templates/admin/tab-routing.twig b/data/web/templates/admin/tab-routing.twig
index 8caeec8a..9b584289 100644
--- a/data/web/templates/admin/tab-routing.twig
+++ b/data/web/templates/admin/tab-routing.twig
@@ -36,7 +36,7 @@
             </div>
             <div class="mb-4">
               <label for="rlyhost_password">{{ lang.admin.password }}</label>
-              <input class="form-control" id="rlyhost_password" name="password">
+              <input class="form-control" id="rlyhost_password" name="password" type="password">
             </div>
             <button class="btn btn-sm d-block d-sm-inline btn-success" data-action="add_item" data-id="rlyhost" data-api-url='add/relayhost' data-api-attr='{}' href="#"><i class="bi bi-plus-lg"></i> {{ lang.admin.add }}</button>
           </form>
@@ -86,7 +86,7 @@
             </div>
             <div class="mb-4">
               <label for="transport_password">{{ lang.admin.password }}</label>
-              <input class="form-control" id="transport_password" name="password">
+              <input class="form-control" id="transport_password" name="password" type="password">
             </div>
             <div class="mb-2">
               <label>

From c928948b1508a0f2c787926c8b2843ede56489f9 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 6 Jan 2023 13:18:59 +0100
Subject: [PATCH 116/170] [Web] use saved password policy for pwgen

---
 data/web/js/build/013-mailcow.js | 12 ++++++++++--
 data/web/json_api.php            |  9 +++++++++
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/data/web/js/build/013-mailcow.js b/data/web/js/build/013-mailcow.js
index c734c824..afe17bc6 100644
--- a/data/web/js/build/013-mailcow.js
+++ b/data/web/js/build/013-mailcow.js
@@ -12,14 +12,22 @@ $(document).ready(function() {
     $.notify({message: msg},{z_index: 20000, delay: auto_hide, type: type,placement: {from: "bottom",align: "right"},animate: {enter: 'animated fadeInUp',exit: 'animated fadeOutDown'}});
   }
 
-  $(".generate_password").click(function( event ) {
+  $(".generate_password").click(async function( event ) {   
+    try { 
+      var password_policy = await window.fetch("/api/v1/get/passwordpolicy", { method:'GET', cache:'no-cache' });
+      var password_policy = await password_policy.json();
+      random_passwd_length = password_policy.length;
+    } catch(err) {
+      var random_passwd_length = 8;
+    }
+
     event.preventDefault();
     $('[data-hibp]').trigger('input');
     if (typeof($(this).closest("form").data('pwgen-length')) == "number") {
       var random_passwd = GPW.pronounceable($(this).closest("form").data('pwgen-length'))
     }
     else {
-      var random_passwd = GPW.pronounceable(8)
+      var random_passwd = GPW.pronounceable(random_passwd_length)
     }
     $(this).closest("form").find('[data-pwgen-field]').attr('type', 'text');
     $(this).closest("form").find('[data-pwgen-field]').val(random_passwd);
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 1823e5a5..acaeaba9 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -561,6 +561,15 @@ if (isset($_GET['query'])) {
                   echo '{}';
                 }
               break;
+              default:
+                $password_complexity_rules = password_complexity('get');
+                if ($password_complexity_rules !== false) {
+                  process_get_return($password_complexity_rules);
+                }
+                else {
+                  echo '{}';
+                }
+              break;
             }
           break;
 

From b22f74cb5985456eb659ee237c392632e4515166 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 6 Jan 2023 13:45:52 +0100
Subject: [PATCH 117/170] [Web] persist table settings + fix quarantine sort

---
 data/web/js/site/admin.js      | 12 ++++++++++++
 data/web/js/site/debug.js      | 24 ++++++++++++++++++++++++
 data/web/js/site/edit.js       |  4 ++++
 data/web/js/site/mailbox.js    | 27 ++++++++++++++++++++++++---
 data/web/js/site/quarantine.js | 14 +++++++++++---
 data/web/js/site/queue.js      |  2 ++
 data/web/js/site/user.js       | 10 ++++++++++
 7 files changed, 87 insertions(+), 6 deletions(-)

diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index d47a2227..97196964 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -70,8 +70,10 @@ jQuery(function($){
     }
 
     $('#domainadminstable').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -143,8 +145,10 @@ jQuery(function($){
     }
 
     $('#oauth2clientstable').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -206,8 +210,10 @@ jQuery(function($){
     }
 
     $('#adminstable').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -272,8 +278,10 @@ jQuery(function($){
     }
 
     $('#forwardinghoststable').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -330,8 +338,10 @@ jQuery(function($){
     }
 
     $('#relayhoststable').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -402,8 +412,10 @@ jQuery(function($){
     }
 
     $('#transportstable').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index ea7b9fd3..14092f18 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -119,8 +119,10 @@ jQuery(function($){
     }
 
     $('#autodiscover_log').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -176,8 +178,10 @@ jQuery(function($){
     }
 
     $('#postfix_log').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -218,8 +222,10 @@ jQuery(function($){
     }
 
     $('#watchdog_log').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -264,8 +270,10 @@ jQuery(function($){
     }
 
     $('#api_log').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -317,8 +325,10 @@ jQuery(function($){
     }
 
     $('#rl_log').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -408,8 +418,10 @@ jQuery(function($){
     }
 
     $('#ui_logs').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -479,8 +491,10 @@ jQuery(function($){
     }
 
     $('#sasl_logs').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -527,8 +541,10 @@ jQuery(function($){
     }
 
     $('#acme_log').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -564,8 +580,10 @@ jQuery(function($){
     }
 
     $('#netfilter_log').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -606,8 +624,10 @@ jQuery(function($){
     }
 
     $('#sogo_log').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -648,8 +668,10 @@ jQuery(function($){
     }
 
     $('#dovecot_log').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -751,8 +773,10 @@ jQuery(function($){
     }
 
     $('#rspamd_history').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
diff --git a/data/web/js/site/edit.js b/data/web/js/site/edit.js
index 55a8e6b4..4ca77ed9 100644
--- a/data/web/js/site/edit.js
+++ b/data/web/js/site/edit.js
@@ -78,8 +78,10 @@ jQuery(function($){
   }
   function draw_wl_policy_domain_table() {
     $('#wl_policy_domain_table').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -133,8 +135,10 @@ jQuery(function($){
   }
   function draw_bl_policy_domain_table() {
     $('#bl_policy_domain_table').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 12c4bb4d..47540ae3 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -433,8 +433,10 @@ jQuery(function($){
     }
 
     var table = $('#domain_table').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -619,9 +621,10 @@ jQuery(function($){
     }
 
     $('#templates_domain_table').DataTable({
-			responsive : true,
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -816,9 +819,10 @@ jQuery(function($){
     }
 
     $('#mailbox_table').DataTable({
-			responsive : true,
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -1074,9 +1078,10 @@ jQuery(function($){
     }
 
     $('#templates_mbox_table').DataTable({
-			responsive : true,
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -1285,8 +1290,10 @@ jQuery(function($){
     }
 
     $('#resource_table').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -1411,8 +1418,10 @@ jQuery(function($){
     }
     
     $('#bcc_table').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -1507,8 +1516,10 @@ jQuery(function($){
     }
 
     $('#recipient_map_table').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -1590,8 +1601,10 @@ jQuery(function($){
     }
 
     $('#tls_policy_table').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -1683,8 +1696,10 @@ jQuery(function($){
     }
 
     $('#alias_table').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -1823,8 +1838,10 @@ jQuery(function($){
     }
 
     $('#aliasdomain_table').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -1905,8 +1922,10 @@ jQuery(function($){
     }
 
     $('#sync_job_table').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -2044,9 +2063,11 @@ jQuery(function($){
     }
 
     var table = $('#filter_table').DataTable({
+			responsive: true,
       autoWidth: false,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
diff --git a/data/web/js/site/quarantine.js b/data/web/js/site/quarantine.js
index 34531b0d..c2028d28 100644
--- a/data/web/js/site/quarantine.js
+++ b/data/web/js/site/quarantine.js
@@ -14,8 +14,10 @@ jQuery(function($){
   });
   function draw_quarantine_table() {
     $('#quarantinetable').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -129,9 +131,15 @@ jQuery(function($){
             title: lang.received,
             data: 'created',
             defaultContent: '',
-            render: function (data,type) {
-              var date = new Date(data ? data * 1000 : 0); 
-              return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+            createdCell: function(td, cellData) {    
+              $(td).attr({
+                "data-order": cellData,
+                "data-sort": cellData
+              });
+              
+              var date = new Date(cellData ? cellData * 1000 : 0); 
+              var dateString = date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+              $(td).html(dateString);
             }
           },
           {
diff --git a/data/web/js/site/queue.js b/data/web/js/site/queue.js
index 057ad840..a5ee95fd 100644
--- a/data/web/js/site/queue.js
+++ b/data/web/js/site/queue.js
@@ -35,8 +35,10 @@ jQuery(function($){
     }
 
     $('#queuetable').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index 36bcfa63..9caae599 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -135,8 +135,10 @@ jQuery(function($){
     }
 
     $('#tla_table').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -216,8 +218,10 @@ jQuery(function($){
     }
 
     $('#sync_job_table').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -366,8 +370,10 @@ jQuery(function($){
     }
 
     $('#app_passwd_table').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -456,8 +462,10 @@ jQuery(function($){
     }
 
     $('#wl_policy_mailbox_table').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -521,8 +529,10 @@ jQuery(function($){
     }
 
     $('#bl_policy_mailbox_table').DataTable({
+			responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
       language: lang_datatables,
       ajax: {
         type: "GET",

From 7966f010a2d487603f990fa352818f9e5087216e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 6 Jan 2023 15:03:04 +0100
Subject: [PATCH 118/170] [Web] switch table length + filter field positions

---
 ...{015-datatables.css => 013-datatables.css} |  0
 .../{013-mailcow.css => 014-mailcow.css}      | 11 ++++++
 ...{014-responsive.css => 015-responsive.css} |  4 +++
 data/web/js/site/admin.js                     | 18 ++++++++++
 data/web/js/site/debug.js                     | 36 +++++++++++++++++++
 data/web/js/site/edit.js                      |  6 ++++
 data/web/js/site/mailbox.js                   | 36 +++++++++++++++++++
 data/web/js/site/quarantine.js                |  3 ++
 data/web/js/site/queue.js                     |  3 ++
 data/web/js/site/user.js                      | 15 ++++++++
 10 files changed, 132 insertions(+)
 rename data/web/css/build/{015-datatables.css => 013-datatables.css} (100%)
 rename data/web/css/build/{013-mailcow.css => 014-mailcow.css} (92%)
 rename data/web/css/build/{014-responsive.css => 015-responsive.css} (98%)

diff --git a/data/web/css/build/015-datatables.css b/data/web/css/build/013-datatables.css
similarity index 100%
rename from data/web/css/build/015-datatables.css
rename to data/web/css/build/013-datatables.css
diff --git a/data/web/css/build/013-mailcow.css b/data/web/css/build/014-mailcow.css
similarity index 92%
rename from data/web/css/build/013-mailcow.css
rename to data/web/css/build/014-mailcow.css
index 374d484d..3d0eeaee 100644
--- a/data/web/css/build/013-mailcow.css
+++ b/data/web/css/build/014-mailcow.css
@@ -370,3 +370,14 @@ button[aria-expanded='true'] > .caret {
 .btn-check:checked+.btn-outline-secondary, .btn-check:active+.btn-outline-secondary, .btn-outline-secondary:active, .btn-outline-secondary.active, .btn-outline-secondary.dropdown-toggle.show {
     background-color: #f0f0f0 !important;
 }
+
+
+div.dataTables_wrapper div.dataTables_filter {
+  text-align: left;
+}
+div.dataTables_wrapper div.dataTables_length {
+  text-align: right;
+}
+.dataTables_paginate, .dataTables_length, .dataTables_filter {
+  margin: 10px 0!important;
+}
\ No newline at end of file
diff --git a/data/web/css/build/014-responsive.css b/data/web/css/build/015-responsive.css
similarity index 98%
rename from data/web/css/build/014-responsive.css
rename to data/web/css/build/015-responsive.css
index a9877271..47eadb53 100644
--- a/data/web/css/build/014-responsive.css
+++ b/data/web/css/build/015-responsive.css
@@ -199,6 +199,10 @@
     display: none !important;
   }
 
+  div.dataTables_wrapper div.dataTables_length {
+    text-align: left;
+  }
+
 }
 
 @media (max-width: 350px) {
diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index 97196964..9877bb68 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -74,6 +74,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -149,6 +152,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -214,6 +220,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -282,6 +291,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -342,6 +354,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -416,6 +431,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index 14092f18..3b85c498 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -123,6 +123,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -182,6 +185,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -226,6 +232,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -274,6 +283,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -329,6 +341,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -422,6 +437,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -495,6 +513,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -545,6 +566,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -584,6 +608,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -628,6 +655,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -672,6 +702,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
@@ -777,6 +810,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
       ajax: {
diff --git a/data/web/js/site/edit.js b/data/web/js/site/edit.js
index 4ca77ed9..4c57b35e 100644
--- a/data/web/js/site/edit.js
+++ b/data/web/js/site/edit.js
@@ -82,6 +82,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -139,6 +142,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 47540ae3..2bdd5bf1 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -437,6 +437,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -625,6 +628,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -823,6 +829,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -1082,6 +1091,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -1294,6 +1306,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -1422,6 +1437,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -1520,6 +1538,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -1605,6 +1626,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -1700,6 +1724,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -1842,6 +1869,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -1926,6 +1956,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -2068,6 +2101,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
diff --git a/data/web/js/site/quarantine.js b/data/web/js/site/quarantine.js
index c2028d28..2c4d541b 100644
--- a/data/web/js/site/quarantine.js
+++ b/data/web/js/site/quarantine.js
@@ -18,6 +18,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
diff --git a/data/web/js/site/queue.js b/data/web/js/site/queue.js
index a5ee95fd..6b2d2b3b 100644
--- a/data/web/js/site/queue.js
+++ b/data/web/js/site/queue.js
@@ -39,6 +39,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index 9caae599..d1b9780f 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -139,6 +139,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -222,6 +225,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -374,6 +380,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -466,6 +475,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",
@@ -533,6 +545,9 @@ jQuery(function($){
       processing: true,
       serverSide: false,
       stateSave: true,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       ajax: {
         type: "GET",

From e501642b8ebc0d6af25f8a2663b4d1dbfb56bc80 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 9 Jan 2023 08:04:16 +0100
Subject: [PATCH 119/170] [Web] fix mailboxtable sort by quota

---
 data/web/js/site/mailbox.js | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 2bdd5bf1..83e0d032 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -838,7 +838,13 @@ jQuery(function($){
         url: "/api/v1/get/mailbox/reduced",
         dataSrc: function(json){
           $.each(json, function (i, item) {
-            item.quota = item.quota_used + "/" + item.quota;
+            item.quota = {
+              sortBy: item.quota_used,
+              value: item.quota
+            }
+            item.quota.value = (item.quota.value == 0 ? "∞" : humanFileSize(item.quota.value));
+            item.quota.value = humanFileSize(item.quota_used) + "/" + item.quota.value;
+
             item.max_quota_for_mbox = humanFileSize(item.max_quota_for_mbox);
             item.last_mail_login = item.last_imap_login + '/' + item.last_pop3_login + '/' + item.last_smtp_login;
             /*
@@ -943,14 +949,10 @@ jQuery(function($){
           },
           {
             title: lang.domain_quota,
-            data: 'quota',
+            data: 'quota.value',
             responsivePriority: 8,
-            defaultContent: '',
-            render: function (data, type) {
-              data = data.split("/");
-              var of_q = (data[1] == 0 ? "∞" : humanFileSize(data[1]));
-              return humanFileSize(data[0]) + " / " + of_q;
-            }
+            defaultContent: '',  
+            orderData: 23
           },
           {
             title: lang.last_mail_login,
@@ -1076,6 +1078,13 @@ jQuery(function($){
             responsivePriority: 6,
             defaultContent: ''
           },
+          {
+            title: "",
+            data: 'quota.sortBy',
+            responsivePriority: 8,
+            defaultContent: '',
+            className: "d-none"
+          },
       ]
     });
   }

From 028ad4ceb9e687e6557947a7d40a7751722bbd57 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 9 Jan 2023 10:43:42 +0100
Subject: [PATCH 120/170] changed language string (de)

---
 data/web/lang/lang.de-de.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 1832cddd..f2ce746f 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -205,7 +205,7 @@
         "include_exclude_info": "Ohne Auswahl werden <b>alle Mailboxen</b> adressiert.",
         "includes": "Diese Empfänger einschließen",
         "ip_check": "IP Check",
-        "ip_check_disabled": "IP check ist deaktiviert. Unter dem angegebenen Pfad kann es aktiviert werden<br> <strong>System > Configuration > Options > Customize</strong>",
+        "ip_check_disabled": "IP check ist deaktiviert. Unter dem angegebenen Pfad kann es aktiviert werden<br> <strong>System > Konfiguration > Einstellungen > UI-Anpassung</strong>",
         "ip_check_opt_in": "Opt-In für die Nutzung der Drittanbieter-Dienste <strong>ipv4.mailcow.email</strong> und <strong>ipv6.mailcow.email</strong> zur Auflösung externer IP-Adressen.",
         "is_mx_based": "MX-basiert",
         "last_applied": "Zuletzt angewendet",

From e990856629bd923811cada248f0d7203ecc19787 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 9 Jan 2023 18:03:41 +0100
Subject: [PATCH 121/170] [Web] Updated lang.fr-fr.json (#4972)

Co-authored-by: Frederic Ollivier <fredol@me.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: Frederic Ollivier <fredol@me.com>
---
 data/web/lang/lang.fr-fr.json | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 91524ee6..8afc5738 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -105,7 +105,8 @@
         "username": "Nom d'utilisateur",
         "validate": "Valider",
         "validation_success": "Validation réussie",
-        "bcc_dest_format": "La destination Cci doit être une seule adresse e-mail valide.<br>Si vous avez besoin d'envoyer une copie à plusieurs adresses, créez un alias et utilisez-le ici."
+        "bcc_dest_format": "La destination Cci doit être une seule adresse e-mail valide.<br>Si vous avez besoin d'envoyer une copie à plusieurs adresses, créez un alias et utilisez-le ici.",
+        "tags": "Etiquettes"
     },
     "admin": {
         "access": "Accès",
@@ -318,7 +319,9 @@
         "oauth2_add_client": "Ajouter un client OAuth2",
         "password_policy": "Politique de mots de passe",
         "admins": "Administrateurs",
-        "api_read_only": "Accès lecture-seule"
+        "api_read_only": "Accès lecture-seule",
+        "password_policy_lowerupper": "Doit contenir des caractères minuscules et majuscules",
+        "password_policy_numbers": "Doit contenir au moins un chiffre"
     },
     "danger": {
         "access_denied": "Accès refusé ou données de formulaire non valides",

From 814f4aed15f6d36d5a30aece3fa1cdf54e906a56 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 14 Jan 2023 10:05:55 +0100
Subject: [PATCH 122/170] Update thollander/actions-comment-pull-request action
 to v2.3.1 (#4986)

Signed-off-by: milkmaker <milkmaker@mailcow.de>

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/check_prs_if_on_staging.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/check_prs_if_on_staging.yml b/.github/workflows/check_prs_if_on_staging.yml
index d084a582..485dc26e 100644
--- a/.github/workflows/check_prs_if_on_staging.yml
+++ b/.github/workflows/check_prs_if_on_staging.yml
@@ -10,7 +10,7 @@ jobs:
     if: github.event.pull_request.base.ref != 'staging' #check if the target branch is not staging
     steps:
       - name: Send message
-        uses: thollander/actions-comment-pull-request@v2.3.0
+        uses: thollander/actions-comment-pull-request@v2.3.1
         with:
           GITHUB_TOKEN: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
           message: |

From 36fa5dc6330102da68425fda09670c25be548bce Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 16 Jan 2023 09:07:28 +0100
Subject: [PATCH 123/170] [Web] fix domain admins cant delete tags

---
 data/web/inc/functions.mailbox.inc.php | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index f6162cc6..f96894ff 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -5171,15 +5171,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $tags = $_data['tags'];
           if (!is_array($tags)) $tags = array();
 
-          
-          if ($_SESSION['mailcow_cc_role'] != "admin") {
-            $_SESSION['return'][] = array(
-              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-              'msg' => 'access_denied'
-            );
-            return false;
-          }
 
           $wasModified = false;
           foreach ($domains as $domain) {            
@@ -5191,7 +5182,15 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               continue;
             }
-
+            if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+              $_SESSION['return'][] = array(
+                'type' => 'danger',
+                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                'msg' => 'access_denied'
+              );
+              return false;
+            }
+            
             foreach($tags as $tag){
               // delete tag
               $wasModified = true;

From 152431a7d710385f5e93f7af19ce78c8fd4cba21 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 16 Jan 2023 09:24:10 +0100
Subject: [PATCH 124/170] [Web] fix Spamfilter flag fwdhosts wrong naming

---
 data/web/js/site/admin.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index 9877bb68..0dba1aa8 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -331,7 +331,10 @@ jQuery(function($){
           {
             title: lang.spamfilter,
             data: 'keep_spam',
-            defaultContent: ''
+            defaultContent: '',
+            render: function(data, type){
+              return 'yes'==data?'<i class="bi bi-x-lg"></i>':'no'==data&&'<i class="bi bi-check-lg"></i>';
+            }
           },
           {
             title: lang.action,

From 5c57df466943580d77c44ff8af22fe4115eb058a Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 16 Jan 2023 10:10:20 +0100
Subject: [PATCH 125/170] [Acme] Implemented IP Check Bypass properly

---
 data/Dockerfiles/acme/acme.sh | 2 ++
 docker-compose.yml            | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/Dockerfiles/acme/acme.sh b/data/Dockerfiles/acme/acme.sh
index 4f5cb803..1cd456a4 100755
--- a/data/Dockerfiles/acme/acme.sh
+++ b/data/Dockerfiles/acme/acme.sh
@@ -213,11 +213,13 @@ while true; do
   done
   ADDITIONAL_WC_ARR+=('autodiscover' 'autoconfig')
 
+  if [[ ${SKIP_IP_CHECK} != "y" ]]; then
   # Start IP detection
   log_f "Detecting IP addresses..."
   IPV4=$(get_ipv4)
   IPV6=$(get_ipv6)
   log_f "OK: ${IPV4}, ${IPV6:-"0000:0000:0000:0000:0000:0000:0000:0000"}"
+  fi
 
   #########################################
   # IP and webroot challenge verification #
diff --git a/docker-compose.yml b/docker-compose.yml
index b940b336..32302d87 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -389,7 +389,7 @@ services:
     acme-mailcow:
       depends_on:
         - nginx-mailcow
-      image: mailcow/acme:1.83
+      image: mailcow/acme:1.84
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:

From 099db33e447fac10a47d3b2d974209cfcd0ad1fa Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 16 Jan 2023 11:41:34 +0100
Subject: [PATCH 126/170] [Web] disable datatable default row click listener

---
 data/web/js/build/013-mailcow.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/data/web/js/build/013-mailcow.js b/data/web/js/build/013-mailcow.js
index afe17bc6..e060a2d0 100644
--- a/data/web/js/build/013-mailcow.js
+++ b/data/web/js/build/013-mailcow.js
@@ -286,6 +286,8 @@ $(document).ready(function() {
   $.extend($.fn.dataTable.defaults, {
     responsive: true
   });
+  // disable default datatable click listener
+  $(document).off('click', 'tbody>tr');
 
   // tag boxes
   $('.tag-box .tag-add').click(function(){

From 9c55d46bc6335505cb0c03b3eb303dd3664a50cd Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 16 Jan 2023 14:35:15 +0100
Subject: [PATCH 127/170] [Nextcloud] Updated and improved script (implemented
 -u and more)

---
 helper-scripts/nextcloud.sh | 104 +++++++++++++++++++++++++++---------
 1 file changed, 78 insertions(+), 26 deletions(-)

diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index 37c0d5f3..849a3016 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -9,9 +9,14 @@ done
 [[ -z ${1} ]] && NC_HELP=y
 
 while [ "$1" != '' ]; do
+  if [[ $# -ne 1 ]]; then
+      echo -e "\033[31mPlease use only one parameter at the same time!\033[0m" >&2
+      exit 2
+  fi
   case "${1}" in
     -p|--purge) NC_PURGE=y && shift;;
     -i|--install) NC_INSTALL=y && shift;;
+    -u|--update)  NC_UPDATE=y && shift;;
     -r|--resetpw) NC_RESETPW=y && shift;;
     -h|--help) NC_HELP=y && shift;;
     *) echo "Unknown parameter: ${1}" && shift;;
@@ -22,13 +27,11 @@ if [[ ${NC_HELP} == "y" ]]; then
   printf 'Usage:\n\n'
   printf '  -p|--purge\n    Purge Nextcloud\n'
   printf '  -i|--install\n    Install Nextcloud\n'
+  printf '  -u|--update\n    Update Nextcloud\n'
   printf '  -r|--resetpw\n    Reset password\n\n'
   exit 0
 fi
 
-[[ ${NC_PURGE} == "y" ]] && [[ ${NC_INSTALL} == "y" ]] && { echo "Cannot use -p and -i at the same time!"; exit 1; }
-[[ ${NC_PURGE} == "y" ]] && [[ ${NC_RESETPW} == "y" ]] && { echo "Cannot use -p and -r at the same time!"; exit 1; }
-
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cd ${SCRIPT_DIR}/../
 source mailcow.conf
@@ -41,8 +44,27 @@ if [[ ${NC_PURGE} == "y" ]]; then
     exit 1
   fi
 
-  docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
-    "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'oc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)"
+  echo -e "\033[33mDetecting Database information...\033[0m"
+  if [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "Show databases" | grep "nextcloud") ]]; then
+    echo -e "\033[32mFound seperate nextcloud Database (newer scheme)!\033[0m"
+    echo -e "\033[31mPurging...\033[0m"
+    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP DATABASE nextcloud;" > /dev/null
+    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP USER 'nextcloud'@'%';" > /dev/null
+  elif [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} mailcow -e "SHOW TABLES LIKE 'oc_%'") && $? -eq 0 ]]; then
+    echo -e "\033[32mFound nextcloud (oc) tables inside of mailcow Database (old scheme)!\033[0m"
+    echo -e "\033[31mPurging...\033[0m"
+    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
+     "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'oc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)" > /dev/null
+  elif [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} mailcow -e "SHOW TABLES LIKE 'nc_%'") && $? -eq 0 ]]; then
+    echo -e "\033[32mFound nextcloud (nc) tables inside of mailcow Database (old scheme)!\033[0m"
+    echo -e "\033[31mPurging...\033[0m"
+    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
+     "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'nc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)" > /dev/null
+  else
+    echo -e "\033[31mError: No Nextcloud Databases/Tables found!"
+    echo -e "\033[33mNot purging anything...\033[0m"
+    exit 1
+  fi
   docker exec -it $(docker ps -f name=redis-mailcow -q) /bin/sh -c ' cat <<EOF | redis-cli
 SELECT 10
 FLUSHDB
@@ -58,9 +80,10 @@ EOF
 
   docker restart $(docker ps -aqf name=nginx-mailcow)
 
+  echo -e "\033[32mNextcloud has been sucessfully uninstalled!\033[0m"
+
 elif [[ ${NC_UPDATE} == "y" ]]; then
-  exit;
-  read -r -p "Are you sure you want to update Nextcloud? [y/N] " response
+  read -r -p "Are you sure you want to update Nextcloud (with nextclouds own updater)? [y/N] " response
   response=${response,,}
   if [[ ! "$response" =~ ^(yes|y)$ ]]; then
     echo "OK, aborting."
@@ -68,23 +91,14 @@ elif [[ ${NC_UPDATE} == "y" ]]; then
   fi
 
   if [ ! -f data/web/nextcloud/occ ]; then
-    echo "Nextcloud occ not found. Is Nextcloud installed?"
+    echo -e "\033[31mError: Nextcloud occ not found. Is Nextcloud installed?\033[0m"
     exit 1
   fi
   if ! grep -q 'installed: true' <<<$(docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings status"); then
     echo "Nextcloud seems not to be installed."
     exit 1
-  elif ! grep -q 'version: 20\.' <<<$(docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings status"); then
-    echo "Cannot upgrade to new major version, please update manually."
-    exit 1
   else
-    curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-$NEXTCLOUD_VERSION.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
-      && tar -xjf nextcloud.tar.bz2 -C ./data/web/ \
-      && rm nextcloud.tar.bz2 \
-      && mkdir -p ./data/web/nextcloud/data \
-      && chmod +x ./data/web/nextcloud/occ \
-       docker exec -it $(docker ps -f name=php-fpm-mailcow -q) bash -c "chown www-data:www-data -R /web/nextcloud" \
-       docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings upgrade"
+    docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "php /web/nextcloud/updater/updater.phar"
   fi
 
 elif [[ ${NC_INSTALL} == "y" ]]; then
@@ -97,25 +111,48 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
     [[ ! ${NC_CONT_FAIL,,} =~ ^(yes|y)$ ]] && { echo "Ok, exiting..."; exit 1; }
   fi
 
-  ADMIN_NC_PASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
-
+  echo -e "\033[33mDownloading \033[34mNextcloud ${NEXTCLOUD_VERSION}\033[33m...\033[0m"
   curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-$NEXTCLOUD_VERSION.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
     && tar -xjf nextcloud.tar.bz2 -C ./data/web/ \
     && rm nextcloud.tar.bz2 \
     && mkdir -p ./data/web/nextcloud/data \
     && chmod +x ./data/web/nextcloud/occ
 
+  echo -e "\033[33mCreating Nextcloud Database...\033[0m"
+  NC_DBPASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
+  NC_DBUSER=nextcloud
+  NC_DBNAME=nextcloud
+
+  echo -ne "[1/3] Creating nextcloud Database"
+  docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE DATABASE ${NC_DBNAME};"
+  sleep 2
+  echo -ne "\r[2/3] Creating nextcloud Database user"
+  docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE USER '${NC_DBUSER}'@'%' IDENTIFIED BY '${NC_DBPASS}';"
+  sleep 2
+  echo -ne "\r[3/3] Granting nextcloud user all permissions on database nextcloud"
+  docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "GRANT ALL PRIVILEGES ON ${NC_DBNAME}.* TO '${NC_DBUSER}'@'%';"
+  sleep 2
+
+  echo ""
+  echo -e "\033[33mInstalling Nextcloud...\033[0m"
+  ADMIN_NC_PASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
+
+  echo -ne "[1/4] Setting correct permissions for www-data"
   docker exec -it $(docker ps -f name=php-fpm-mailcow -q) /bin/bash -c "chown -R www-data:www-data /web/nextcloud"
+  sleep 2
+  echo -ne "\r[2/4] Running occ maintenance:install to install nextcloud"
   docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) /web/nextcloud/occ --no-warnings maintenance:install \
     --database mysql \
     --database-host mysql \
-    --database-name ${DBNAME} \
-    --database-user ${DBUSER} \
-    --database-pass ${DBPASS} \
+    --database-name ${NC_DBNAME} \
+    --database-user ${NC_DBUSER} \
+    --database-pass ${NC_DBPASS} \
     --admin-user admin \
     --admin-pass ${ADMIN_NC_PASS} \
-      --data-dir /web/nextcloud/data
+      --data-dir /web/nextcloud/data 2>&1 /dev/null
 
+  echo -ne "\r[3/4] Setting custom parameters inside the nextcloud config file"
+  echo ""
   docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings config:system:set redis host --value=redis --type=string; \
     /web/nextcloud/occ --no-warnings config:system:set redis port --value=6379 --type=integer; \
     /web/nextcloud/occ --no-warnings config:system:set redis timeout --value=0.0 --type=integer; \
@@ -141,13 +178,28 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
     #/web/nextcloud/occ --no-warnings config:system:set user_backends 0 arguments 0 --value={dovecot:143/imap/tls/novalidate-cert}; \
     #/web/nextcloud/occ --no-warnings config:system:set user_backends 0 class --value=OC_User_IMAP; \
 
+    echo -e "\r[4/4] Enabling NGINX Configuration"
     cp ./data/assets/nextcloud/nextcloud.conf ./data/conf/nginx/
     sed -i "s/NC_SUBD/${NC_SUBD}/g" ./data/conf/nginx/nextcloud.conf
+    sleep 2
 
-  echo "Restarting Nginx..."
+  echo ""
+  echo -e "\033[33mFinalizing installation...\033[0m"
   docker restart $(docker ps -aqf name=nginx-mailcow)
 
-  echo "Login as admin with password: ${ADMIN_NC_PASS}"
+  echo ""
+  echo "******************************************"
+  echo "*        SAVE THESE CREDENTIALS          *"
+  echo "*    INSTALL DATE: $(date +%Y-%m-%d_%H-%M-%S)   *"
+  echo "******************************************"
+  echo ""
+  echo -e "\033[36mDatabase Name:      ${NC_DBNAME}\033[0m"
+  echo -e "\033[36mDatabase User:      ${NC_DBUSER}\033[0m"
+  echo -e "\033[36mDatabase Password:  ${NC_DBPASS}\033[0m"
+  echo ""
+  echo -e "\033[31mUI Admin Password:  ${ADMIN_NC_PASS}\033[0m"
+  echo ""
+
 
 elif [[ ${NC_RESETPW} == "y" ]]; then
     printf 'You are about to set a new password for a Nextcloud user.\n\nDo not use this option if your Nextcloud is configured to use mailcow for authentication.\nSet a new password for the corresponding mailbox in mailcow, instead.\n\n'

From 8782304e8dea57fc7991af0654f3f89c48ba2792 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 16 Jan 2023 15:38:35 +0100
Subject: [PATCH 128/170] [Web] show fold/unfold action if child rows exists

---
 data/web/js/site/debug.js                     | 114 ++++++++++++++++--
 data/web/js/site/mailbox.js                   | 113 +++++++++++++++--
 data/web/js/site/quarantine.js                |  17 ++-
 data/web/templates/debug.twig                 |  72 +++++------
 data/web/templates/mailbox/tab-bcc.twig       |  24 ++--
 .../templates/mailbox/tab-domain-aliases.twig |  14 +--
 data/web/templates/mailbox/tab-domains.twig   |  12 +-
 data/web/templates/mailbox/tab-filters.twig   |  12 +-
 data/web/templates/mailbox/tab-mailboxes.twig |  20 +--
 .../templates/mailbox/tab-mbox-aliases.twig   |  12 +-
 data/web/templates/mailbox/tab-resources.twig |  12 +-
 data/web/templates/mailbox/tab-syncjobs.twig  |  12 +-
 .../mailbox/tab-templates-domains.twig        |  12 +-
 .../templates/mailbox/tab-templates-mbox.twig |  12 +-
 .../web/templates/mailbox/tab-tls-policy.twig |  12 +-
 data/web/templates/quarantine.twig            |  12 +-
 16 files changed, 339 insertions(+), 143 deletions(-)

diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index 7a84503d..a7b06e5a 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -118,7 +118,7 @@ jQuery(function($){
       return;
     }
 
-    $('#autodiscover_log').DataTable({
+    var table = $('#autodiscover_log').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -128,6 +128,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-autodiscover-logs', '#autodiscover_log');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/logs/autodiscover/100",
@@ -172,6 +175,10 @@ jQuery(function($){
         }
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-autodiscover-logs', '#autodiscover_log');
+    });
   }
   function draw_postfix_logs() {
     // just recalc width if instance already exists
@@ -180,7 +187,7 @@ jQuery(function($){
       return;
     }
 
-    $('#postfix_log').DataTable({
+    var table = $('#postfix_log').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -190,6 +197,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-postfix-logs', '#postfix_log');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/logs/postfix",
@@ -219,6 +229,10 @@ jQuery(function($){
         }
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-postfix-logs', '#postfix_log');
+    });
   }
   function draw_watchdog_logs() {
     // just recalc width if instance already exists
@@ -227,7 +241,7 @@ jQuery(function($){
       return;
     }
 
-    $('#watchdog_log').DataTable({
+    var table = $('#watchdog_log').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -237,6 +251,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-watchdog-logs', '#watchdog_log');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/logs/watchdog",
@@ -270,6 +287,10 @@ jQuery(function($){
         }
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-watchdog-logs', '#watchdog_log');
+    });
   }
   function draw_api_logs() {
     // just recalc width if instance already exists
@@ -278,7 +299,7 @@ jQuery(function($){
       return;
     }
 
-    $('#api_log').DataTable({
+    var table =  $('#api_log').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -288,6 +309,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-api-logs', '#api_log');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/logs/api",
@@ -328,6 +352,10 @@ jQuery(function($){
         }
       ]
     });
+    
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-api-logs', '#api_log');
+    });
   }
   function draw_rl_logs() {
     // just recalc width if instance already exists
@@ -336,7 +364,7 @@ jQuery(function($){
       return;
     }
 
-    $('#rl_log').DataTable({
+    var table = $('#rl_log').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -346,6 +374,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-rl-logs', '#rl_log');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/logs/ratelimited",
@@ -424,6 +455,10 @@ jQuery(function($){
         }
       ]
     });
+    
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-rl-logs', '#rl_log');
+    });
   }
   function draw_ui_logs() {
     // just recalc width if instance already exists
@@ -432,7 +467,7 @@ jQuery(function($){
       return;
     }
 
-    $('#ui_logs').DataTable({
+    var table = $('#ui_logs').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -442,6 +477,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-ui-logs', '#ui_logs');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/logs/ui",
@@ -500,6 +538,10 @@ jQuery(function($){
         }
       ]
     });
+    
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-ui-logs', '#ui_log');
+    });
   }
   function draw_sasl_logs() {
     // just recalc width if instance already exists
@@ -508,7 +550,7 @@ jQuery(function($){
       return;
     }
 
-    $('#sasl_logs').DataTable({
+    var table = $('#sasl_logs').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -518,6 +560,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-sasl-logs', '#sasl_logs');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/logs/sasl",
@@ -553,6 +598,10 @@ jQuery(function($){
         }
       ]
     });
+    
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-sasl-logs', '#sasl_logs');
+    });
   }
   function draw_acme_logs() {
     // just recalc width if instance already exists
@@ -561,7 +610,7 @@ jQuery(function($){
       return;
     }
 
-    $('#acme_log').DataTable({
+    var table = $('#acme_log').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -571,6 +620,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-acme-logs', '#acme_log');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/logs/acme",
@@ -595,6 +647,10 @@ jQuery(function($){
         }
       ]
     });
+    
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-acme-logs', '#acme_log');
+    });
   }
   function draw_netfilter_logs() {
     // just recalc width if instance already exists
@@ -603,7 +659,7 @@ jQuery(function($){
       return;
     }
 
-    $('#netfilter_log').DataTable({
+    var table = $('#netfilter_log').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -613,6 +669,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-netfilter-logs', '#netfilter_log');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/logs/netfilter",
@@ -642,6 +701,10 @@ jQuery(function($){
         }
       ]
     });
+    
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-netfilter-logs', '#netfilter_log');
+    });
   }
   function draw_sogo_logs() {
     // just recalc width if instance already exists
@@ -650,7 +713,7 @@ jQuery(function($){
       return;
     }
 
-    $('#sogo_log').DataTable({
+    var table = $('#sogo_log').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -660,6 +723,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-sogo-logs', '#sogo_log');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/logs/sogo",
@@ -689,6 +755,10 @@ jQuery(function($){
         }
       ]
     });
+    
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-sogo-logs', '#sogo_log');
+    });
   }
   function draw_dovecot_logs() {
     // just recalc width if instance already exists
@@ -697,7 +767,7 @@ jQuery(function($){
       return;
     }
 
-    $('#dovecot_log').DataTable({
+    var table = $('#dovecot_log').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -707,6 +777,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-dovecot-logs', '#dovecot_log');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/logs/dovecot",
@@ -736,6 +809,10 @@ jQuery(function($){
         }
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-dovecot-logs', '#dovecot_log');
+    });
   }
   function rspamd_pie_graph() {
     $.ajax({
@@ -805,7 +882,7 @@ jQuery(function($){
       return;
     }
 
-    $('#rspamd_history').DataTable({
+    var table = $('#rspamd_history').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -815,6 +892,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-rspamd-logs', '#rspamd_history');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/logs/rspamd-history",
@@ -903,6 +983,10 @@ jQuery(function($){
         }
       ]
     });
+    
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-rspamd-history', '#rspamd_history');
+    });
   }
   function process_table_data(data, table) {
     if (table == 'rspamd_history') {
@@ -1098,6 +1182,12 @@ jQuery(function($){
       });
     }
   })
+  function hideTableExpandCollapseBtn(tab, table){
+    if ($(table).hasClass('collapsed'))
+      $(tab).find(".table_collapse_option").show(); 
+    else
+      $(tab).find(".table_collapse_option").hide(); 
+  }
 
   // detect element visibility changes
   function onVisible(element, callback) {
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index cdcf7dbb..b93b1819 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -441,6 +441,9 @@ jQuery(function($){
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-domains', '#domain_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/domain/all",
@@ -614,7 +617,11 @@ jQuery(function($){
           defaultContent: ''
         },
       ]
-    });  
+    });      
+    
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-domains', '#domain_table');
+    });
   }
   function draw_templates_domain_table() {
     // just recalc width if instance already exists
@@ -623,7 +630,7 @@ jQuery(function($){
       return;
     }
 
-    $('#templates_domain_table').DataTable({
+    var table = $('#templates_domain_table').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -633,6 +640,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order:[[2, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-templates-domains', '#templates_domain_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/domain/template/all",
@@ -817,6 +827,10 @@ jQuery(function($){
           },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-templates-domains', '#templates_domain_table');
+    });
   }
   function draw_mailbox_table() {
     // just recalc width if instance already exists
@@ -825,7 +839,7 @@ jQuery(function($){
       return;
     }
 
-    $('#mailbox_table').DataTable({
+    var table = $('#mailbox_table').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -834,6 +848,9 @@ jQuery(function($){
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-mailboxes', '#mailbox_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/mailbox/reduced",
@@ -1088,6 +1105,10 @@ jQuery(function($){
           },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-mailboxes', '#mailbox_table');
+    });
   }
   function draw_templates_mbox_table() {
     // just recalc width if instance already exists
@@ -1096,7 +1117,7 @@ jQuery(function($){
       return;
     }
 
-    $('#templates_mbox_table').DataTable({
+    var table = $('#templates_mbox_table').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -1106,6 +1127,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order:[[2, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-templates-mbox', '#templates_mbox_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/mailbox/template/all",
@@ -1304,6 +1328,10 @@ jQuery(function($){
         },
       ]
     });
+    
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-templates-mbox', '#templates_mbox_table');
+    });
   }
   function draw_resource_table() {
     // just recalc width if instance already exists
@@ -1312,7 +1340,7 @@ jQuery(function($){
       return;
     }
 
-    $('#resource_table').DataTable({
+    var table = $('#resource_table').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -1321,6 +1349,9 @@ jQuery(function($){
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-resources', '#resource_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/resource/all",
@@ -1407,6 +1438,10 @@ jQuery(function($){
           },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-resources', '#resource_table');
+    });
   }
   function draw_bcc_table() {
     $.get("/api/v1/get/bcc-destination-options", function(data){
@@ -1443,7 +1478,7 @@ jQuery(function($){
       return;
     }
     
-    $('#bcc_table').DataTable({
+    var table = $('#bcc_table').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -1453,6 +1488,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order:[[2, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#collapse-tab-bcc', '#bcc_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/bcc/all",
@@ -1537,6 +1575,10 @@ jQuery(function($){
           },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#collapse-tab-bcc', '#bcc_table');
+    });
   }
   function draw_recipient_map_table() {
     // just recalc width if instance already exists
@@ -1545,7 +1587,7 @@ jQuery(function($){
       return;
     }
 
-    $('#recipient_map_table').DataTable({
+    var table = $('#recipient_map_table').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -1555,6 +1597,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order:[[2, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#collapse-tab-bcc-filters', '#recipient_map_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/recipient_map/all",
@@ -1626,6 +1671,10 @@ jQuery(function($){
           },
       ]
     });
+    
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#collapse-tab-bcc-filters', '#recipient_map_table');
+    });
   }
   function draw_tls_policy_table() {
     // just recalc width if instance already exists
@@ -1634,7 +1683,7 @@ jQuery(function($){
       return;
     }
 
-    $('#tls_policy_table').DataTable({
+    var table = $('#tls_policy_table').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -1644,6 +1693,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order:[[2, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-tls-policy', '#tls_policy_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/tls-policy-map/all",
@@ -1725,6 +1777,10 @@ jQuery(function($){
           },
       ]
     });
+    
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-tls-policy', '#tls_policy_table');
+    });
   }
   function draw_alias_table() {
     // just recalc width if instance already exists
@@ -1733,7 +1789,7 @@ jQuery(function($){
       return;
     }
 
-    $('#alias_table').DataTable({
+    var table = $('#alias_table').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -1743,6 +1799,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order:[[2, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-mbox-aliases', '#alias_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/alias/all",
@@ -1871,6 +1930,10 @@ jQuery(function($){
           },
       ]
     });
+    
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-mbox-aliases', '#alias_table');
+    });
   }
   function draw_aliasdomain_table() {
     // just recalc width if instance already exists
@@ -1879,7 +1942,7 @@ jQuery(function($){
       return;
     }
 
-    $('#aliasdomain_table').DataTable({
+    var table = $('#aliasdomain_table').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -1888,6 +1951,9 @@ jQuery(function($){
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-domain-aliases', '#aliasdomain_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/alias-domain/all",
@@ -1958,6 +2024,10 @@ jQuery(function($){
           },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-domain-aliases', '#aliasdomain_table');
+    });
   }
   function draw_sync_job_table() {
     // just recalc width if instance already exists
@@ -1966,7 +2036,7 @@ jQuery(function($){
       return;
     }
 
-    $('#sync_job_table').DataTable({
+    var table = $('#sync_job_table').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -1976,6 +2046,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order:[[2, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-syncjobs', '#sync_job_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/syncjobs/all/no_log",
@@ -2103,6 +2176,10 @@ jQuery(function($){
           },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-syncjobs', '#sync_job_table');
+    });
   }
   function draw_filter_table() {
     // just recalc width if instance already exists
@@ -2122,6 +2199,9 @@ jQuery(function($){
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
       order:[[2, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-filters', '#filter_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/filters/all",
@@ -2206,8 +2286,19 @@ jQuery(function($){
           },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-filters', '#filter_table');
+    });
   };
 
+  function hideTableExpandCollapseBtn(tab, table){
+    if ($(table).hasClass('collapsed'))
+      $(tab).find(".table_collapse_option").show(); 
+    else
+      $(tab).find(".table_collapse_option").hide(); 
+  }
+  
   // detect element visibility changes
   function onVisible(element, callback) {
     $(document).ready(function() {
diff --git a/data/web/js/site/quarantine.js b/data/web/js/site/quarantine.js
index 2c4d541b..7da3a7dd 100644
--- a/data/web/js/site/quarantine.js
+++ b/data/web/js/site/quarantine.js
@@ -13,7 +13,7 @@ jQuery(function($){
     $('#' + table_name).DataTable().ajax.reload();
   });
   function draw_quarantine_table() {
-    $('#quarantinetable').DataTable({
+    var table = $('#quarantinetable').DataTable({
 			responsive: true,
       processing: true,
       serverSide: false,
@@ -22,6 +22,9 @@ jQuery(function($){
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#quarantinetable');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/quarantine/all",
@@ -153,6 +156,10 @@ jQuery(function($){
           },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#quarantinetable');
+    });
   }
 
   $('body').on('click', '.show_qid_info', function (e) {
@@ -268,4 +275,12 @@ jQuery(function($){
 
   // Initial table drawings
   draw_quarantine_table();
+
+  
+  function hideTableExpandCollapseBtn(table){
+    if ($(table).hasClass('collapsed'))
+      $(".table_collapse_option").show(); 
+    else
+      $(".table_collapse_option").hide(); 
+  }
 });
diff --git a/data/web/templates/debug.twig b/data/web/templates/debug.twig
index 60e78bdf..1e011c8b 100644
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
@@ -350,9 +350,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="postfix_log" data-log-url="postfix" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="postfix_log" data-log-url="postfix" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="postfix_log" data-table="postfix_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="postfix_log" data-table="postfix_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="postfix_log" data-table="postfix_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="postfix_log" data-table="postfix_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="postfix_log" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -373,9 +373,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="mailcow_ui" data-table="ui_logs" data-log-url="ui" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="mailcow_ui" data-table="ui_logs" data-log-url="ui" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="ui_logs" data-table="ui_logs" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="ui_logs" data-table="ui_logs" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="ui_logs" data-table="ui_logs" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="ui_logs" data-table="ui_logs" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="ui_logs" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -396,9 +396,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="sasl_log_table" data-table="sasl_logs" data-log-url="ui" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="sasl_log_table" data-table="sasl_logs" data-log-url="ui" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="sasl_logs" data-table="sasl_logs" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="sasl_logs" data-table="sasl_logs" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="sasl_logs" data-table="sasl_logs" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="sasl_logs" data-table="sasl_logs" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="sasl_logs" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -419,9 +419,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="dovecot_log" data-log-url="dovecot" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="dovecot_log" data-log-url="dovecot" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="dovecot_log" data-table="dovecot_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="dovecot_log" data-table="dovecot_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="dovecot_log" data-table="dovecot_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="dovecot_log" data-table="dovecot_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="dovecot_log" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -442,9 +442,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="sogo_log" data-log-url="sogo" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="sogo_log" data-log-url="sogo" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="sogo_log" data-table="sogo_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="sogo_log" data-table="sogo_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="sogo_log" data-table="sogo_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="sogo_log" data-table="sogo_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="sogo_log" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -465,9 +465,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="netfilter_log" data-log-url="netfilter" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="netfilter_log" data-log-url="netfilter" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="netfilter_log" data-table="netfilter_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="netfilter_log" data-table="netfilter_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="netfilter_log" data-table="netfilter_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="netfilter_log" data-table="netfilter_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="netfilter_log" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -493,9 +493,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="rspamd_history" data-table="rspamd_history" data-log-url="rspamd_history" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="rspamd_history" data-table="rspamd_history" data-log-url="rspamd_history" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="rspamd_history" data-table="rspamd_history" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="rspamd_history" data-table="rspamd_history" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="rspamd_history" data-table="rspamd_history" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="rspamd_history" data-table="rspamd_history" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="rspamd_history" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -516,9 +516,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="autodiscover_log" data-table="autodiscover_log" data-log-url="autodiscover" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="autodiscover_log" data-table="autodiscover_log" data-log-url="autodiscover" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="autodiscover_log" data-table="autodiscover_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="autodiscover_log" data-table="autodiscover_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="autodiscover_log" data-table="autodiscover_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="autodiscover_log" data-table="autodiscover_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="autodiscover_log" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -539,9 +539,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="watchdog" data-table="watchdog_log" data-log-url="watchdog" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="watchdog" data-table="watchdog_log" data-log-url="watchdog" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="watchdog_log" data-table="watchdog_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="watchdog_log" data-table="watchdog_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="watchdog_log" data-table="watchdog_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="watchdog_log" data-table="watchdog_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="watchdog_log" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -562,9 +562,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="acme_log" data-log-url="acme" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="acme_log" data-log-url="acme" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="acme_log" data-table="acme_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="acme_log" data-table="acme_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="acme_log" data-table="acme_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="acme_log" data-table="acme_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="acme_log" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -585,9 +585,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="apilog" data-table="api_log" data-log-url="api" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="apilog" data-table="api_log" data-log-url="api" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="api_log" data-table="api_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="api_log" data-table="api_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="api_log" data-table="api_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="api_log" data-table="api_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="api_log" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -608,9 +608,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="rllog" data-table="rl_log" data-log-url="ratelimited" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="rllog" data-table="rl_log" data-log-url="ratelimited" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="rl_log" data-table="rl_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="rl_log" data-table="rl_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="rl_log" data-table="rl_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="rl_log" data-table="rl_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <p class="text-muted">{{ lang.admin.hash_remove_info }}</p>
             <table id="rl_log" class="table table-striped dt-responsive w-100"></table>
diff --git a/data/web/templates/mailbox/tab-bcc.twig b/data/web/templates/mailbox/tab-bcc.twig
index 7f8319e7..76845c3d 100644
--- a/data/web/templates/mailbox/tab-bcc.twig
+++ b/data/web/templates/mailbox/tab-bcc.twig
@@ -23,9 +23,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="bcc" data-api-url='edit/bcc' data-api-attr='{"type":"rcpt"}' href="#">{{ lang.mailbox.bcc_to_rcpt }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="bcc" data-api-url='delete/bcc' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="bcc_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="bcc_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="bcc_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="bcc_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addBCCModalAdmin"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_bcc_entry }}</a>
         </div>
@@ -44,9 +44,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="bcc" data-api-url='edit/bcc' data-api-attr='{"type":"rcpt"}' href="#">{{ lang.mailbox.bcc_to_rcpt }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="bcc" data-api-url='delete/bcc' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="bcc_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="bcc_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="bcc_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="bcc_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addBCCModalAdmin"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_bcc_entry }}</a>
         </div>
@@ -74,9 +74,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="recipient_map" data-api-url='edit/recipient_map' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="recipient_map" data-api-url='delete/recipient_map' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="recipient_map_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="recipient_map_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="recipient_map_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="recipient_map_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addRecipientMapModalAdmin"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_recipient_map_entry }}</a>
         </div>
@@ -92,9 +92,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="recipient_map" data-api-url='edit/recipient_map' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="recipient_map" data-api-url='delete/recipient_map' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="recipient_map_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="recipient_map_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="recipient_map_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="recipient_map_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addRecipientMapModalAdmin"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_recipient_map_entry }}</a>
         </div>
diff --git a/data/web/templates/mailbox/tab-domain-aliases.twig b/data/web/templates/mailbox/tab-domain-aliases.twig
index f2037766..579520b5 100644
--- a/data/web/templates/mailbox/tab-domain-aliases.twig
+++ b/data/web/templates/mailbox/tab-domain-aliases.twig
@@ -1,7 +1,7 @@
 <div role="tabpanel" class="tab-pane fade" id="tab-domain-aliases" role="tabpanel" aria-labelledby="tab-domain-aliases">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-domain-aliases" data-bs-toggle="collapse" aria-controls="ollapse-tab-domain-aliases">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-domain-aliases" data-bs-toggle="collapse" aria-controls="collapse-tab-domain-aliases">
         {{ lang.mailbox.domain_aliases }} <span class="badge bg-info table-lines"></span>
       </button>
       <span class="d-none d-md-block">{{ lang.mailbox.domain_aliases }} <span class="badge bg-info table-lines"></span></span>
@@ -20,9 +20,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="alias-domain" data-api-url='edit/alias-domain' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="alias-domain" data-api-url='delete/alias-domain' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="aliasdomain_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="aliasdomain_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="aliasdomain_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="aliasdomain_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-acl="{{ acl.alias_domains }}" data-bs-toggle="modal" data-bs-target="#addAliasDomainModal"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_domain_alias }}</a>
         </div>
@@ -37,9 +37,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="alias-domain" data-api-url='edit/alias-domain' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="alias-domain" data-api-url='delete/alias-domain' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="aliasdomain_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="aliasdomain_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="aliasdomain_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="aliasdomain_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-acl="{{ acl.alias_domains }}" data-bs-toggle="modal" data-bs-target="#addAliasDomainModal"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_domain_alias }}</a>
         </div>
diff --git a/data/web/templates/mailbox/tab-domains.twig b/data/web/templates/mailbox/tab-domains.twig
index d3d88246..1d63a7d8 100644
--- a/data/web/templates/mailbox/tab-domains.twig
+++ b/data/web/templates/mailbox/tab-domains.twig
@@ -22,10 +22,10 @@
               <li><a class="dropdown-item" data-action="edit_selected" data-id="domain" data-api-url='edit/domain' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
               <li><hr class="dropdown-divider"></li>
               <li><a class="dropdown-item" data-action="delete_selected" data-id="domain" data-api-url='delete/domain' href="#">{{ lang.mailbox.remove }}</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="domain_table">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="domain_table">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
             {% endif %}
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="domain_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="domain_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           {% if mailcow_cc_role == 'admin' %}
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addDomainModal"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_domain }}</a>
@@ -43,10 +43,10 @@
               <li><a class="dropdown-item" data-action="edit_selected" data-id="domain" data-api-url='edit/domain' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
               <li><hr class="dropdown-divider"></li>
               <li><a class="dropdown-item" data-action="delete_selected" data-id="domain" data-api-url='delete/domain' href="#">{{ lang.mailbox.remove }}</a></li>
-              <li><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
             {% endif %}
-            <li><a class="dropdown-item" data-datatables-expand="domain_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="domain_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="domain_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="domain_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           {% if mailcow_cc_role == 'admin' %}
             <button class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addDomainModal"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_domain }}</button>
diff --git a/data/web/templates/mailbox/tab-filters.twig b/data/web/templates/mailbox/tab-filters.twig
index 942f784f..02a86f27 100644
--- a/data/web/templates/mailbox/tab-filters.twig
+++ b/data/web/templates/mailbox/tab-filters.twig
@@ -23,9 +23,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="filter_item" data-api-url='edit/filter' data-api-attr='{"filter_type":"postfilter"}' href="#">{{ lang.mailbox.set_postfilter }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-text="{{ lang.user.eas_reset }}?" data-id="filter_item" data-api-url='delete/filter' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="filter_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="filter_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="filter_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="filter_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addFilterModalAdmin"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_filter }}</a>
         </div>
@@ -44,9 +44,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="filter_item" data-api-url='edit/filter' data-api-attr='{"filter_type":"postfilter"}' href="#">{{ lang.mailbox.set_postfilter }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-text="{{ lang.user.eas_reset }}?" data-id="filter_item" data-api-url='delete/filter' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="filter_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="filter_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="filter_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="filter_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addFilterModalAdmin"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_filter }}</a>
         </div>
diff --git a/data/web/templates/mailbox/tab-mailboxes.twig b/data/web/templates/mailbox/tab-mailboxes.twig
index d04cf0d8..573d8ae8 100644
--- a/data/web/templates/mailbox/tab-mailboxes.twig
+++ b/data/web/templates/mailbox/tab-mailboxes.twig
@@ -16,9 +16,9 @@
           <a class="btn btn-sm btn-xs-half btn-secondary" id="toggle_multi_select_all" data-id="mailbox" href="#"><i class="bi bi-check-all"></i> {{ lang.mailbox.toggle_all }}</a>
           <a class="btn btn-sm btn-xs-half btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.quick_actions }}</a>
           <ul class="dropdown-menu">
-            <li><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="mailbox_table">{{ lang.datatables.collapse_all }}</a></li>
-            <li><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="mailbox_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
             <li class="dropdown-header">{{ lang.mailbox.mailbox }}</li>
             <li><a class="dropdown-item" data-action="edit_selected" data-id="mailbox" data-api-url='edit/mailbox' data-api-attr='{"active":"1"}' href="#">{{ lang.mailbox.activate }}</a></li>
             <li><a class="dropdown-item" data-action="edit_selected" data-id="mailbox" data-api-url='edit/mailbox' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
@@ -64,8 +64,8 @@
           <a class="btn btn-sm btn-secondary" id="toggle_multi_select_all" data-id="mailbox" href="#"><i class="bi bi-check-all"></i> {{ lang.mailbox.toggle_all }}</a>          
           <a class="btn btn-sm btn-xs-half btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.quick_actions }}</a>
           <ul class="dropdown-menu">
-            <li><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="mailbox_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="mailbox_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <div class="btn-group">
             <a class="btn btn-sm btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.mailbox }}</a>
@@ -130,9 +130,9 @@
           <a class="btn btn-sm btn-xs-half btn-secondary" id="toggle_multi_select_all" data-id="mailbox" href="#"><i class="bi bi-check-all"></i> {{ lang.mailbox.toggle_all }}</a>
           <a class="btn btn-sm btn-xs-half btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.quick_actions }}</a>
           <ul class="dropdown-menu">
-            <li><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="mailbox_table">{{ lang.datatables.collapse_all }}</a></li>
-            <li><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="mailbox_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
             <li class="dropdown-header">{{ lang.mailbox.mailbox }}</li>
             <li><a class="dropdown-item" data-action="edit_selected" data-id="mailbox" data-api-url='edit/mailbox' data-api-attr='{"active":"1"}' href="#">{{ lang.mailbox.activate }}</a></li>
             <li><a class="dropdown-item" data-action="edit_selected" data-id="mailbox" data-api-url='edit/mailbox' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
@@ -178,8 +178,8 @@
           <a class="btn btn-sm btn-secondary" id="toggle_multi_select_all" data-id="mailbox" href="#"><i class="bi bi-check-all"></i> {{ lang.mailbox.toggle_all }}</a>
           <a class="btn btn-sm btn-xs-half btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.quick_actions }}</a>
           <ul class="dropdown-menu">
-            <li><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="mailbox_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="mailbox_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <div class="btn-group">
             <a class="btn btn-sm btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.mailbox }}</a>
diff --git a/data/web/templates/mailbox/tab-mbox-aliases.twig b/data/web/templates/mailbox/tab-mbox-aliases.twig
index 6b8fcaf7..e186dc64 100644
--- a/data/web/templates/mailbox/tab-mbox-aliases.twig
+++ b/data/web/templates/mailbox/tab-mbox-aliases.twig
@@ -20,9 +20,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="alias" data-api-url='edit/alias' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="alias" data-api-url='delete/alias' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="alias_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="alias_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="alias_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="alias_table">{{ lang.datatables.collapse_all }}</a></li>
             {% if not skip_sogo %}
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="edit_selected" data-id="alias" data-api-url='edit/alias' data-api-attr='{"sogo_visible":"1"}' href="#">{{ lang.mailbox.sogo_visible_y }}</a></li>
@@ -44,9 +44,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="alias" data-api-url='edit/alias' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="alias" data-api-url='delete/alias' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="alias_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="alias_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="alias_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="alias_table">{{ lang.datatables.collapse_all }}</a></li>
             {% if not skip_sogo %}
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="edit_selected" data-id="alias" data-api-url='edit/alias' data-api-attr='{"sogo_visible":"1"}' href="#">{{ lang.mailbox.sogo_visible_y }}</a></li>
diff --git a/data/web/templates/mailbox/tab-resources.twig b/data/web/templates/mailbox/tab-resources.twig
index 26d5d0f6..f0576b47 100644
--- a/data/web/templates/mailbox/tab-resources.twig
+++ b/data/web/templates/mailbox/tab-resources.twig
@@ -20,9 +20,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="resource" data-api-url='edit/resource' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="resource" data-api-url='delete/resource' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="resource_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="resource_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="resource_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="resource_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addResourceModal"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_resource }}</a>
         </div>
@@ -41,9 +41,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="resource" data-api-url='edit/resource' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="resource" data-api-url='delete/resource' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="resource_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="resource_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="resource_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="resource_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addResourceModal"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_resource }}</a>
         </div>
diff --git a/data/web/templates/mailbox/tab-syncjobs.twig b/data/web/templates/mailbox/tab-syncjobs.twig
index 8ecfda5f..da692e7f 100644
--- a/data/web/templates/mailbox/tab-syncjobs.twig
+++ b/data/web/templates/mailbox/tab-syncjobs.twig
@@ -22,9 +22,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="syncjob" data-api-url='edit/syncjob' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="syncjob" data-api-url='delete/syncjob' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="sync_job_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="sync_job_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="sync_job_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="sync_job_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addSyncJobModalAdmin"><i class="bi bi-plus-lg"></i> {{ lang.user.create_syncjob }}</a>
         </div>
@@ -41,9 +41,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="syncjob" data-api-url='edit/syncjob' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="syncjob" data-api-url='delete/syncjob' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="sync_job_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="sync_job_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="sync_job_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="sync_job_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addSyncJobModalAdmin"><i class="bi bi-plus-lg"></i> {{ lang.user.create_syncjob }}</a>
         </div>
diff --git a/data/web/templates/mailbox/tab-templates-domains.twig b/data/web/templates/mailbox/tab-templates-domains.twig
index 95bd2d7a..e5858b22 100644
--- a/data/web/templates/mailbox/tab-templates-domains.twig
+++ b/data/web/templates/mailbox/tab-templates-domains.twig
@@ -18,9 +18,9 @@
           <ul class="dropdown-menu">
             {% if mailcow_cc_role == 'admin' %}
               <li><a class="dropdown-item" data-action="delete_selected" data-id="domain_template" data-api-url='delete/domain/template' href="#">{{ lang.mailbox.remove }}</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="templates_domain_table">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="templates_domain_table">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="templates_domain_table">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="templates_domain_table">{{ lang.datatables.collapse_all }}</a></li>
             {% endif %}
           </ul>
           {% if mailcow_cc_role == 'admin' %}
@@ -36,9 +36,9 @@
           <ul class="dropdown-menu">
             {% if mailcow_cc_role == 'admin' %}
               <li><a class="dropdown-item" data-action="delete_selected" data-id="domain_template" data-api-url='delete/domain/template' href="#">{{ lang.mailbox.remove }}</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="templates_domain_table">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="templates_domain_table">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="templates_domain_table">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="templates_domain_table">{{ lang.datatables.collapse_all }}</a></li>
             {% endif %}
           </ul>
           {% if mailcow_cc_role == 'admin' %}
diff --git a/data/web/templates/mailbox/tab-templates-mbox.twig b/data/web/templates/mailbox/tab-templates-mbox.twig
index a43ec914..529fad38 100644
--- a/data/web/templates/mailbox/tab-templates-mbox.twig
+++ b/data/web/templates/mailbox/tab-templates-mbox.twig
@@ -18,9 +18,9 @@
           <ul class="dropdown-menu">
             {% if mailcow_cc_role == 'admin' %}
               <li><a class="dropdown-item" data-action="delete_selected" data-id="mailbox_template" data-api-url='delete/mailbox/template' href="#">{{ lang.mailbox.remove }}</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="templates_mbox_table">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="templates_mbox_table">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="templates_mbox_table">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="templates_mbox_table">{{ lang.datatables.collapse_all }}</a></li>
             {% endif %}
           </ul>
           {% if mailcow_cc_role == 'admin' %}
@@ -36,9 +36,9 @@
           <ul class="dropdown-menu">
             {% if mailcow_cc_role == 'admin' %}
               <li><a class="dropdown-item" data-action="delete_selected" data-id="mailbox_template" data-api-url='delete/mailbox/template' href="#">{{ lang.mailbox.remove }}</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="templates_mbox_table">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="templates_mbox_table">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="templates_mbox_table">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="templates_mbox_table">{{ lang.datatables.collapse_all }}</a></li>
             {% endif %}
           </ul>
           {% if mailcow_cc_role == 'admin' %}
diff --git a/data/web/templates/mailbox/tab-tls-policy.twig b/data/web/templates/mailbox/tab-tls-policy.twig
index efefcf21..2a6548a2 100644
--- a/data/web/templates/mailbox/tab-tls-policy.twig
+++ b/data/web/templates/mailbox/tab-tls-policy.twig
@@ -20,9 +20,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="tls-policy-map" data-api-url='edit/tls-policy-map' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="tls-policy-map" data-api-url='delete/tls-policy-map' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="tls_policy_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="tls_policy_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="tls_policy_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="tls_policy_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addTLSPolicyMapAdmin"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_tls_policy_map }}</a>
         </div>
@@ -38,9 +38,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="tls-policy-map" data-api-url='edit/tls-policy-map' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="tls-policy-map" data-api-url='delete/tls-policy-map' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="tls_policy_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="tls_policy_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="tls_policy_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="tls_policy_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addTLSPolicyMapAdmin"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_tls_policy_map }}</a>
         </div>
diff --git a/data/web/templates/quarantine.twig b/data/web/templates/quarantine.twig
index c0b3737f..5ff7fe66 100644
--- a/data/web/templates/quarantine.twig
+++ b/data/web/templates/quarantine.twig
@@ -16,9 +16,9 @@
             <a class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary" id="toggle_multi_select_all" data-id="qitems" href="#"><i class="bi bi-check-all"></i> {{ lang.quarantine.toggle_all }}</a>
             <a class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.quarantine.quick_actions }}</a>
             <ul class="dropdown-menu">
-              <li><a class="dropdown-item" data-datatables-expand="quarantinetable" data-table="quarantinetable" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="quarantinetable" data-table="quarantinetable" href="#">{{ lang.datatables.collapse_all }}</a></li>
-              <li><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="quarantinetable" data-table="quarantinetable" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="quarantinetable" data-table="quarantinetable" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
               <li><a class="dropdown-item" data-action="edit_selected" data-id="qitems" data-api-url='edit/qitem' data-api-attr='{"action":"release"}' href="#">{{ lang.quarantine.deliver_inbox }}</a></li>
               <li><hr class="dropdown-divider"></li>
               <li><a class="dropdown-item" data-action="edit_selected" data-id="qitems" data-api-url='edit/qitem' data-api-attr='{"action":"learnspam"}' href="#">{{ lang.quarantine.learn_spam_delete }}</a></li>
@@ -43,9 +43,9 @@
             <a class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary" id="toggle_multi_select_all" data-id="qitems" href="#"><i class="bi bi-check-all"></i> {{ lang.quarantine.toggle_all }}</a>
             <a class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.quarantine.quick_actions }}</a>
             <ul class="dropdown-menu">
-              <li><a class="dropdown-item" data-datatables-expand="quarantinetable" data-table="quarantinetable" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="quarantinetable" data-table="quarantinetable" href="#">{{ lang.datatables.collapse_all }}</a></li>
-              <li><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="quarantinetable" data-table="quarantinetable" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="quarantinetable" data-table="quarantinetable" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
               <li><a class="dropdown-item" data-action="edit_selected" data-id="qitems" data-api-url='edit/qitem' data-api-attr='{"action":"release"}' href="#">{{ lang.quarantine.deliver_inbox }}</a></li>
               <li><hr class="dropdown-divider"></li>
               <li><a class="dropdown-item" data-action="edit_selected" data-id="qitems" data-api-url='edit/qitem' data-api-attr='{"action":"learnspam"}' href="#">{{ lang.quarantine.learn_spam_delete }}</a></li>

From b6799d9fcb2d1719cdf43a4938a2e1ad91871296 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 16 Jan 2023 15:38:42 +0100
Subject: [PATCH 129/170] Feature: Add developer mode option to
 generate_config.sh

---
 generate_config.sh | 95 ++++++++++++++++++++++++++++++++--------------
 1 file changed, 66 insertions(+), 29 deletions(-)

diff --git a/generate_config.sh b/generate_config.sh
index 70dc5887..89af0f64 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -57,7 +57,13 @@ else
   echo -e "\e[31mPlease install it regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
   exit 1
 fi
-    
+
+### If generate_config.sh is started with --dev or -d it will not check out nightly or master branch and will keep on the current branch
+if [[ ${1} == "--dev" || ${1} == "-d" ]]; then
+  SKIP_BRANCH=y
+else
+  SKIP_BRANCH=n
+fi
 
 if [ -f mailcow.conf ]; then
   read -r -p "A config file exists and will be overwritten, are you sure you want to continue? [y/N] " response
@@ -135,32 +141,44 @@ else
   SKIP_SOLR=n
 fi
 
-echo "Which branch of mailcow do you want to use?"
-echo ""
-echo "Available Branches:"
-echo "- master branch (stable updates) | default, recommended [1]"
-echo "- nightly branch (unstable updates, testing) | not-production ready [2]"
-sleep 1
+if [[ ${SKIP_BRANCH} != y ]]; then
+  echo "Which branch of mailcow do you want to use?"
+  echo ""
+  echo "Available Branches:"
+  echo "- master branch (stable updates) | default, recommended [1]"
+  echo "- nightly branch (unstable updates, testing) | not-production ready [2]"
+  sleep 1
 
-while [ -z "${MAILCOW_BRANCH}" ]; do
-  read -r -p  "Choose the Branch with it´s number [1/2] " branch
-  case $branch in
-    [2])
-      MAILCOW_BRANCH="nightly"
+  while [ -z "${MAILCOW_BRANCH}" ]; do
+    read -r -p  "Choose the Branch with it´s number [1/2] " branch
+    case $branch in
+      [2])
+        MAILCOW_BRANCH="nightly"
+        ;;
+      *)
+        MAILCOW_BRANCH="master"
       ;;
-    *)
-      MAILCOW_BRANCH="master"
-    ;;
-  esac
-done
+    esac
+  done
+
+  git fetch --all
+  git checkout -f $git_branch
+
+elif [[ ${SKIP_BRANCH} == y ]]; then
+  echo -e "\033[33mEnabled Dev Mode.\033[0m"
+  echo -e "\033[33mNot checking out a different branch!\033[0m"
+  MAILCOW_BRANCH=$(git rev-parse --short $(git rev-parse @{upstream}))
+
+else
+  echo -e "\033[31mCould not determine branch input..."
+  echo -e "\033[31mExiting."
+  exit 1
+fi  
 
 if [ ! -z "${MAILCOW_BRANCH}" ]; then
   git_branch=${MAILCOW_BRANCH}
 fi
 
-git fetch --all
-git checkout -f $git_branch
-
 [ ! -f ./data/conf/rspamd/override.d/worker-controller-password.inc ] && echo '# Placeholder' > ./data/conf/rspamd/override.d/worker-controller-password.inc
 
 cat << EOF > mailcow.conf
@@ -427,18 +445,37 @@ echo "Copying snake-oil certificate..."
 cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
 
 # Set app_info.inc.php
-if [ ${git_branch} == "master" ]; then
-  mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
-elif [ ${git_branch} == "nightly" ]; then
-  mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
-  mailcow_last_git_version=""
-else
-  mailcow_git_version=$(git rev-parse --short HEAD)
-  mailcow_last_git_version=""
-fi
+case ${git_branch} in
+  master)
+    mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
+    ;;
+  nightly)
+    mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
+    mailcow_last_git_version=""
+    ;;
+  *)
+    mailcow_git_version=$(git rev-parse --short HEAD)
+    mailcow_last_git_version=""
+    ;;
+esac
+# if [ ${git_branch} == "master" ]; then
+#   mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
+# elif [ ${git_branch} == "nightly" ]; then
+#   mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
+#   mailcow_last_git_version=""
+# else
+#   mailcow_git_version=$(git rev-parse --short HEAD)
+#   mailcow_last_git_version=""
+# fi
 
+if [[ $SKIP_BRANCH != "y" ]]; then
 mailcow_git_commit=$(git rev-parse origin/${git_branch})
 mailcow_git_commit_date=$(git log -1 --format=%ci @{upstream} )
+else
+mailcow_git_commit=$(git rev-parse ${git_branch})
+mailcow_git_commit_date=$(git log -1 --format=%ci @{upstream} )
+git_branch=$(git rev-parse --abbrev-ref HEAD)
+fi
 
 if [ $? -eq 0 ]; then
   echo '<?php' > data/web/inc/app_info.inc.php

From 4c6f8c4f6034c7e3d526c2c940555243c0991955 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 16 Jan 2023 15:54:29 +0100
Subject: [PATCH 130/170] [Generate] Refactor compose version detection using
 regex

---
 generate_config.sh | 26 ++++++++------------------
 1 file changed, 8 insertions(+), 18 deletions(-)

diff --git a/generate_config.sh b/generate_config.sh
index 89af0f64..6b3ad711 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -25,8 +25,9 @@ for bin in openssl curl docker git awk sha1sum; do
   if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
 done
 
-if docker compose > /dev/null 2>&1; then
-    if docker compose version --short | grep "^2." > /dev/null 2>&1; then
+if command -v docker compose > /dev/null 2>&1; then
+    version=$(docker compose version --short)
+    if [[ $version =~ ^2\.([0-9]+)\.([0-9]+) ]]; then
       COMPOSE_VERSION=native
       echo -e "\e[31mFound Docker Compose Plugin (native).\e[0m"
       echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
@@ -34,12 +35,12 @@ if docker compose > /dev/null 2>&1; then
       echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m"
     else
       echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
-      echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+      echo -e "\e[31mPlease update/install manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
       exit 1
     fi
-elif docker-compose > /dev/null 2>&1; then
-  if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
-    if docker-compose version --short | grep "^2." > /dev/null 2>&1; then
+elif command -v docker-compose > /dev/null 2>&1; then
+    version=$(docker-compose version --short)
+    if [[ $version =~ ^2\.([0-9]+)\.([0-9]+) ]]; then
       COMPOSE_VERSION=standalone
       echo -e "\e[31mFound Docker Compose Standalone.\e[0m"
       echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
@@ -50,11 +51,9 @@ elif docker-compose > /dev/null 2>&1; then
       echo -e "\e[31mPlease update/install manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
       exit 1
     fi
-  fi
-
 else
   echo -e "\e[31mCannot find Docker Compose.\e[0m" 
-  echo -e "\e[31mPlease install it regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+  echo -e "\e[31mPlease install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
   exit 1
 fi
 
@@ -458,15 +457,6 @@ case ${git_branch} in
     mailcow_last_git_version=""
     ;;
 esac
-# if [ ${git_branch} == "master" ]; then
-#   mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
-# elif [ ${git_branch} == "nightly" ]; then
-#   mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
-#   mailcow_last_git_version=""
-# else
-#   mailcow_git_version=$(git rev-parse --short HEAD)
-#   mailcow_last_git_version=""
-# fi
 
 if [[ $SKIP_BRANCH != "y" ]]; then
 mailcow_git_commit=$(git rev-parse origin/${git_branch})

From a76e6b32f7973c79936cc9aa3dfbfc900135df3d Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 16 Jan 2023 16:02:56 +0100
Subject: [PATCH 131/170] [Update.sh] Implemented optimized Regex Compose
 Detection

---
 update.sh | 27 ++++++++++++---------------
 1 file changed, 12 insertions(+), 15 deletions(-)

diff --git a/update.sh b/update.sh
index 34d17354..db6be252 100755
--- a/update.sh
+++ b/update.sh
@@ -177,38 +177,35 @@ remove_obsolete_nginx_ports() {
 
 detect_docker_compose_command(){
 if ! [ "${DOCKER_COMPOSE_VERSION}" == "native" ] && ! [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
-  if docker compose > /dev/null 2>&1; then
-      if docker compose version --short | grep "2." > /dev/null 2>&1; then
-        DOCKER_COMPOSE_VERSION=native
-        COMPOSE_COMMAND="docker compose"
+  if command -v docker compose > /dev/null 2>&1; then
+      version=$(docker compose version --short)
+      if [[ $version =~ ^2\.([0-9]+)\.([0-9]+) ]]; then
+        COMPOSE_VERSION=native
         echo -e "\e[31mFound Docker Compose Plugin (native).\e[0m"
         echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
         sleep 2
-        echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
+        echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m"
       else
         echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
-        echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+        echo -e "\e[31mPlease update/install manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
         exit 1
       fi
-  elif docker-compose > /dev/null 2>&1; then
-    if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
-      if docker-compose version --short | grep "^2." > /dev/null 2>&1; then
-        DOCKER_COMPOSE_VERSION=standalone
-        COMPOSE_COMMAND="docker-compose"
+  elif command -v docker-compose > /dev/null 2>&1; then
+      version=$(docker-compose version --short)
+      if [[ $version =~ ^2\.([0-9]+)\.([0-9]+) ]]; then
+        COMPOSE_VERSION=standalone
         echo -e "\e[31mFound Docker Compose Standalone.\e[0m"
         echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
         sleep 2
         echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
       else
         echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
-        echo -e "\e[31mPlease update/install regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+        echo -e "\e[31mPlease update/install manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
         exit 1
       fi
-    fi
-
   else
     echo -e "\e[31mCannot find Docker Compose.\e[0m" 
-    echo -e "\e[31mPlease install it regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+    echo -e "\e[31mPlease install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
     exit 1
   fi
 

From 9279ee2e76a1ad67720e2cd69ef5a1298b434afe Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Tue, 17 Jan 2023 16:23:31 +0100
Subject: [PATCH 132/170] [Dovecot] Update to 2.3.20

---
 data/Dockerfiles/dovecot/Dockerfile | 2 +-
 docker-compose.yml                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 38af3c20..b3a83974 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -2,7 +2,7 @@ FROM debian:bullseye-slim
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG DOVECOT=2.3.19.1
+ARG DOVECOT=2.3.20
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
 ARG GOSU_VERSION=1.16
 ENV LC_ALL C
diff --git a/docker-compose.yml b/docker-compose.yml
index b940b336..629f3f35 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -216,7 +216,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.21
+      image: mailcow/dovecot:1.22
       depends_on:
         - mysql-mailcow
       dns:

From 5d5e95972914e548209b54c9a7f996a247d5e6f6 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Tue, 17 Jan 2023 19:45:32 +0100
Subject: [PATCH 133/170] Add regex for matchstring line in Dockerfiles

Update composer to 2.5.1
---
 data/Dockerfiles/phpfpm/Dockerfile | 32 ++++++++++++++++++------------
 docker-compose.yml                 |  2 +-
 2 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 93acb33f..05081c6d 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,12 +1,18 @@
 FROM php:8.1-fpm-alpine3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
-ENV APCU_PECL 5.1.22
-ENV IMAGICK_PECL 3.7.0
-ENV MAILPARSE_PECL 3.1.4
-ENV MEMCACHED_PECL 3.2.0
-ENV REDIS_PECL 5.3.7
-ENV COMPOSER 2.4.4
+# renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced
+ARG APCU_PECL_VERSION=5.1.22
+# renovate: datasource=github-tags depName=Imagick/imagick versioning=semver-coerced
+ARG IMAGICK_PECL_VERSION=3.7.0
+# renovate: datasource=github-tags depName=php/pecl-mail-mailparse versioning=semver-coerced
+ARG MAILPARSE_PECL_VERSION=3.1.4
+# renovate: datasource=github-tags depName=php-memcached-dev/php-memcached versioning=semver-coerced
+ARG MEMCACHED_PECL_VERSION=3.2.0
+# renovate: datasource=github-tags depName=phpredis/phpredis versioning=semver-coerced
+ARG REDIS_PECL_VERSION=5.3.7
+# renovate: datasource=github-tags depName=composer/composer versioning=semver-coerced
+ARG COMPOSER_VERSION=2.5.1
 
 RUN apk add -U --no-cache autoconf \
   aspell-dev \
@@ -55,11 +61,11 @@ RUN apk add -U --no-cache autoconf \
   samba-client \
   zlib-dev \
   tzdata \
-  && pecl install mailparse-${MAILPARSE_PECL} \
-  && pecl install redis-${REDIS_PECL} \
-  && pecl install memcached-${MEMCACHED_PECL} \
-  && pecl install APCu-${APCU_PECL} \
-  && pecl install imagick-${IMAGICK_PECL} \
+  && pecl install APCu-${APCU_PECL_VERSION} \
+  && pecl install imagick-${IMAGICK_PECL_VERSION} \
+  && pecl install mailparse-${MAILPARSE_PECL_VERSION} \
+  && pecl install memcached-${MEMCACHED_PECL_VERSION} \
+  && pecl install redis-${REDIS_PECL_VERSION} \
   && docker-php-ext-enable apcu imagick memcached mailparse redis \
   && pecl clear-cache \
   && docker-php-ext-configure intl \
@@ -72,7 +78,7 @@ RUN apk add -U --no-cache autoconf \
   && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets zip bcmath gmp \
   && docker-php-ext-configure imap --with-imap --with-imap-ssl \
   && docker-php-ext-install -j 4 imap \
-  && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER} \
+  && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER_VERSION} \
   && mv composer.phar /usr/local/bin/composer \
   && chmod +x /usr/local/bin/composer \
   && apk del --purge autoconf \
@@ -102,4 +108,4 @@ COPY ./docker-entrypoint.sh /
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
-CMD ["php-fpm"]
+CMD ["php-fpm"]
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index b940b336..bbf67c79 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -106,7 +106,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.81
+      image: mailcow/phpfpm:1.82
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow

From 7626becb38f8b5908b1e4c0d238f3a918bba2f1c Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Tue, 17 Jan 2023 19:48:42 +0100
Subject: [PATCH 134/170] Add regex for matchstring line in Dockerfiles

---
 data/Dockerfiles/dovecot/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index b3a83974..1d8e1e5b 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -2,6 +2,7 @@ FROM debian:bullseye-slim
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
+# renovate: datasource=github-tags depName=dovecot/core versioning=semver-coerced
 ARG DOVECOT=2.3.20
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
 ARG GOSU_VERSION=1.16

From 1af785a94f73cbe588435e15b7e749762e876019 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Wed, 18 Jan 2023 19:37:09 +0100
Subject: [PATCH 135/170] Enable dependencyDashboard

Add label for PRs
Add docker-compose manager
---
 .github/renovate.json | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 5fab8128..36b4aec5 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,15 +1,19 @@
 {
   "enabled": true,
   "timezone": "Europe/Berlin",
-  "dependencyDashboard": false,
+  "dependencyDashboard": true,
   "dependencyDashboardTitle": "Renovate Dashboard",
   "commitBody": "Signed-off-by: milkmaker <milkmaker@mailcow.de>",
   "rebaseWhen": "auto",
+  "labels": ["renovate"],
   "assignees": [
     "@magiccc"
   ],
   "baseBranches": ["staging"],
-  "enabledManagers": ["github-actions", "regex"],
+  "enabledManagers": ["github-actions", "regex", "docker-compose"],
+  "ignorePaths": [
+    "data\/web\/inc\/lib\/vendor\/matthiasmullie\/minify\/**"
+  ],
   "regexManagers": [
     {
       "fileMatch": ["^helper-scripts\/nextcloud.sh$"],

From 8e3d2f70106fdc7f33b4f7d6984bd9bb6556bc66 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Thu, 19 Jan 2023 11:28:03 +0100
Subject: [PATCH 136/170] [SOGo] Update to newer 5.8.0 (fix for macOS Caldav
 Bug)

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index bbf67c79..8e462881 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -169,7 +169,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.113
+      image: mailcow/sogo:1.114
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From 520d070081a0e863f1b6a68e135ac3347be3215c Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Thu, 19 Jan 2023 14:04:55 +0100
Subject: [PATCH 137/170] [Compose] Removed OOMKillDisabled from dockerapi

---
 docker-compose.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 93257cf5..3b3ccee3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -514,7 +514,6 @@ services:
       security_opt:
         - label=disable
       restart: always
-      oom_kill_disable: true
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:

From f5baeb31c1766e797a9bab5c0b8112dedf8e18c9 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 19 Jan 2023 15:57:49 +0100
Subject: [PATCH 138/170] Revert "[Update.sh] Implemented optimized Regex
 Compose Detection"

This reverts commit a76e6b32f7973c79936cc9aa3dfbfc900135df3d.
---
 update.sh | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/update.sh b/update.sh
index db6be252..34d17354 100755
--- a/update.sh
+++ b/update.sh
@@ -177,35 +177,38 @@ remove_obsolete_nginx_ports() {
 
 detect_docker_compose_command(){
 if ! [ "${DOCKER_COMPOSE_VERSION}" == "native" ] && ! [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
-  if command -v docker compose > /dev/null 2>&1; then
-      version=$(docker compose version --short)
-      if [[ $version =~ ^2\.([0-9]+)\.([0-9]+) ]]; then
-        COMPOSE_VERSION=native
+  if docker compose > /dev/null 2>&1; then
+      if docker compose version --short | grep "2." > /dev/null 2>&1; then
+        DOCKER_COMPOSE_VERSION=native
+        COMPOSE_COMMAND="docker compose"
         echo -e "\e[31mFound Docker Compose Plugin (native).\e[0m"
         echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
         sleep 2
-        echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m"
+        echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
       else
         echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
-        echo -e "\e[31mPlease update/install manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+        echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
         exit 1
       fi
-  elif command -v docker-compose > /dev/null 2>&1; then
-      version=$(docker-compose version --short)
-      if [[ $version =~ ^2\.([0-9]+)\.([0-9]+) ]]; then
-        COMPOSE_VERSION=standalone
+  elif docker-compose > /dev/null 2>&1; then
+    if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
+      if docker-compose version --short | grep "^2." > /dev/null 2>&1; then
+        DOCKER_COMPOSE_VERSION=standalone
+        COMPOSE_COMMAND="docker-compose"
         echo -e "\e[31mFound Docker Compose Standalone.\e[0m"
         echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
         sleep 2
         echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
       else
         echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
-        echo -e "\e[31mPlease update/install manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+        echo -e "\e[31mPlease update/install regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
         exit 1
       fi
+    fi
+
   else
     echo -e "\e[31mCannot find Docker Compose.\e[0m" 
-    echo -e "\e[31mPlease install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+    echo -e "\e[31mPlease install it regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
     exit 1
   fi
 

From 2ebd8345dfe4fe6ebb246be6de06f2f5fb0e4f8b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 19 Jan 2023 15:58:22 +0100
Subject: [PATCH 139/170] Revert "[Generate] Refactor compose version detection
 using regex"

This reverts commit 4c6f8c4f6034c7e3d526c2c940555243c0991955.
---
 generate_config.sh | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/generate_config.sh b/generate_config.sh
index 6b3ad711..89af0f64 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -25,9 +25,8 @@ for bin in openssl curl docker git awk sha1sum; do
   if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
 done
 
-if command -v docker compose > /dev/null 2>&1; then
-    version=$(docker compose version --short)
-    if [[ $version =~ ^2\.([0-9]+)\.([0-9]+) ]]; then
+if docker compose > /dev/null 2>&1; then
+    if docker compose version --short | grep "^2." > /dev/null 2>&1; then
       COMPOSE_VERSION=native
       echo -e "\e[31mFound Docker Compose Plugin (native).\e[0m"
       echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
@@ -35,12 +34,12 @@ if command -v docker compose > /dev/null 2>&1; then
       echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m"
     else
       echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
-      echo -e "\e[31mPlease update/install manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+      echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
       exit 1
     fi
-elif command -v docker-compose > /dev/null 2>&1; then
-    version=$(docker-compose version --short)
-    if [[ $version =~ ^2\.([0-9]+)\.([0-9]+) ]]; then
+elif docker-compose > /dev/null 2>&1; then
+  if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
+    if docker-compose version --short | grep "^2." > /dev/null 2>&1; then
       COMPOSE_VERSION=standalone
       echo -e "\e[31mFound Docker Compose Standalone.\e[0m"
       echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
@@ -51,9 +50,11 @@ elif command -v docker-compose > /dev/null 2>&1; then
       echo -e "\e[31mPlease update/install manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
       exit 1
     fi
+  fi
+
 else
   echo -e "\e[31mCannot find Docker Compose.\e[0m" 
-  echo -e "\e[31mPlease install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+  echo -e "\e[31mPlease install it regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
   exit 1
 fi
 
@@ -457,6 +458,15 @@ case ${git_branch} in
     mailcow_last_git_version=""
     ;;
 esac
+# if [ ${git_branch} == "master" ]; then
+#   mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
+# elif [ ${git_branch} == "nightly" ]; then
+#   mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
+#   mailcow_last_git_version=""
+# else
+#   mailcow_git_version=$(git rev-parse --short HEAD)
+#   mailcow_last_git_version=""
+# fi
 
 if [[ $SKIP_BRANCH != "y" ]]; then
 mailcow_git_commit=$(git rev-parse origin/${git_branch})

From 1b3a13ca19086130dd9cca98974b4ad8c2fff4c6 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 20 Jan 2023 15:36:52 +0100
Subject: [PATCH 140/170] Update alpine Docker tag to v3.17 (#4997)

Signed-off-by: milkmaker <milkmaker@mailcow.de>

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .../EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml b/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
index 7d4424e3..8fcc6fff 100644
--- a/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
+++ b/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
@@ -26,6 +26,6 @@ services:
         - /var/run/mysqld/mysqld.sock:/var/run/mysqld/mysqld.sock
 
     mysql-mailcow:
-      image: alpine:3.10
+      image: alpine:3.17
       command: /bin/true
       restart: "no"

From 9af40eba10da1741f1005223e7d953215adf9eae Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 20 Jan 2023 15:37:12 +0100
Subject: [PATCH 141/170] Update dependency nextcloud/server to v25.0.3 (#4996)

Signed-off-by: milkmaker <milkmaker@mailcow.de>

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helper-scripts/nextcloud.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index 849a3016..9565c836 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # renovate: datasource=github-releases depName=nextcloud/server versioning=semver extractVersion=^v(?<version>.*)$
-NEXTCLOUD_VERSION=25.0.2
+NEXTCLOUD_VERSION=25.0.3
 
 for bin in curl dirmngr; do
   if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi

From ef6452cf55f5f8ba4f92d563a6ebe038615b68e3 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Sun, 22 Jan 2023 15:06:36 +0100
Subject: [PATCH 142/170] Fix installation of nextcloud

---
 helper-scripts/nextcloud.sh | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index 9565c836..31cdb6a4 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -46,22 +46,22 @@ if [[ ${NC_PURGE} == "y" ]]; then
 
   echo -e "\033[33mDetecting Database information...\033[0m"
   if [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "Show databases" | grep "nextcloud") ]]; then
-    echo -e "\033[32mFound seperate nextcloud Database (newer scheme)!\033[0m"
+    echo -e "\033[32mFound seperate Nextcloud database (newer scheme)!\033[0m"
     echo -e "\033[31mPurging...\033[0m"
     docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP DATABASE nextcloud;" > /dev/null
     docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP USER 'nextcloud'@'%';" > /dev/null
   elif [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} mailcow -e "SHOW TABLES LIKE 'oc_%'") && $? -eq 0 ]]; then
-    echo -e "\033[32mFound nextcloud (oc) tables inside of mailcow Database (old scheme)!\033[0m"
+    echo -e "\033[32mFound Nextcloud (oc) tables inside of mailcow database (old scheme)!\033[0m"
     echo -e "\033[31mPurging...\033[0m"
     docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
      "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'oc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)" > /dev/null
   elif [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} mailcow -e "SHOW TABLES LIKE 'nc_%'") && $? -eq 0 ]]; then
-    echo -e "\033[32mFound nextcloud (nc) tables inside of mailcow Database (old scheme)!\033[0m"
+    echo -e "\033[32mFound Nextcloud (nc) tables inside of mailcow database (old scheme)!\033[0m"
     echo -e "\033[31mPurging...\033[0m"
     docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
      "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'nc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)" > /dev/null
   else
-    echo -e "\033[31mError: No Nextcloud Databases/Tables found!"
+    echo -e "\033[31mError: No Nextcloud databases/tables found!"
     echo -e "\033[33mNot purging anything...\033[0m"
     exit 1
   fi
@@ -80,10 +80,10 @@ EOF
 
   docker restart $(docker ps -aqf name=nginx-mailcow)
 
-  echo -e "\033[32mNextcloud has been sucessfully uninstalled!\033[0m"
+  echo -e "\033[32mNextcloud has been uninstalled sucessfully!\033[0m"
 
 elif [[ ${NC_UPDATE} == "y" ]]; then
-  read -r -p "Are you sure you want to update Nextcloud (with nextclouds own updater)? [y/N] " response
+  read -r -p "Are you sure you want to update Nextcloud (with Nextclouds own updater)? [y/N] " response
   response=${response,,}
   if [[ ! "$response" =~ ^(yes|y)$ ]]; then
     echo "OK, aborting."
@@ -118,18 +118,18 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
     && mkdir -p ./data/web/nextcloud/data \
     && chmod +x ./data/web/nextcloud/occ
 
-  echo -e "\033[33mCreating Nextcloud Database...\033[0m"
+  echo -e "\033[33mCreating 'nextcloud' database...\033[0m"
   NC_DBPASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
   NC_DBUSER=nextcloud
   NC_DBNAME=nextcloud
 
-  echo -ne "[1/3] Creating nextcloud Database"
+  echo -ne "[1/3] Creating 'nextcloud' database"
   docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE DATABASE ${NC_DBNAME};"
   sleep 2
-  echo -ne "\r[2/3] Creating nextcloud Database user"
+  echo -ne "\r[2/3] Creating 'nextcloud' database user"
   docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE USER '${NC_DBUSER}'@'%' IDENTIFIED BY '${NC_DBPASS}';"
   sleep 2
-  echo -ne "\r[3/3] Granting nextcloud user all permissions on database nextcloud"
+  echo -ne "\r[3/3] Granting 'nextcloud' user all permissions on database 'nextcloud'"
   docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "GRANT ALL PRIVILEGES ON ${NC_DBNAME}.* TO '${NC_DBUSER}'@'%';"
   sleep 2
 
@@ -140,7 +140,7 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
   echo -ne "[1/4] Setting correct permissions for www-data"
   docker exec -it $(docker ps -f name=php-fpm-mailcow -q) /bin/bash -c "chown -R www-data:www-data /web/nextcloud"
   sleep 2
-  echo -ne "\r[2/4] Running occ maintenance:install to install nextcloud"
+  echo -ne "\r[2/4] Running occ maintenance:install to install Nextcloud"
   docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) /web/nextcloud/occ --no-warnings maintenance:install \
     --database mysql \
     --database-host mysql \
@@ -149,9 +149,9 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
     --database-pass ${NC_DBPASS} \
     --admin-user admin \
     --admin-pass ${ADMIN_NC_PASS} \
-      --data-dir /web/nextcloud/data 2>&1 /dev/null
+    --data-dir /web/nextcloud/data > /dev/null 2>&1
 
-  echo -ne "\r[3/4] Setting custom parameters inside the nextcloud config file"
+  echo -ne "\r[3/4] Setting custom parameters inside the Nextcloud config file"
   echo ""
   docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings config:system:set redis host --value=redis --type=string; \
     /web/nextcloud/occ --no-warnings config:system:set redis port --value=6379 --type=integer; \
@@ -178,7 +178,7 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
     #/web/nextcloud/occ --no-warnings config:system:set user_backends 0 arguments 0 --value={dovecot:143/imap/tls/novalidate-cert}; \
     #/web/nextcloud/occ --no-warnings config:system:set user_backends 0 class --value=OC_User_IMAP; \
 
-    echo -e "\r[4/4] Enabling NGINX Configuration"
+    echo -e "\r[4/4] Enabling Nginx Configuration"
     cp ./data/assets/nextcloud/nextcloud.conf ./data/conf/nginx/
     sed -i "s/NC_SUBD/${NC_SUBD}/g" ./data/conf/nginx/nextcloud.conf
     sleep 2
@@ -193,11 +193,11 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
   echo "*    INSTALL DATE: $(date +%Y-%m-%d_%H-%M-%S)   *"
   echo "******************************************"
   echo ""
-  echo -e "\033[36mDatabase Name:      ${NC_DBNAME}\033[0m"
-  echo -e "\033[36mDatabase User:      ${NC_DBUSER}\033[0m"
-  echo -e "\033[36mDatabase Password:  ${NC_DBPASS}\033[0m"
+  echo -e "\033[36mDatabase name:      ${NC_DBNAME}\033[0m"
+  echo -e "\033[36mDatabase user:      ${NC_DBUSER}\033[0m"
+  echo -e "\033[36mDatabase password:  ${NC_DBPASS}\033[0m"
   echo ""
-  echo -e "\033[31mUI Admin Password:  ${ADMIN_NC_PASS}\033[0m"
+  echo -e "\033[31mUI admin password:  ${ADMIN_NC_PASS}\033[0m"
   echo ""
 
 

From afddcf7f3b79c506a5b385a7dbbf6fadf95639fa Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 24 Jan 2023 09:49:49 +0100
Subject: [PATCH 143/170] replace nullnull.org with fuzzy.mailcow.email

---
 data/conf/rspamd/local.d/multimap.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/conf/rspamd/local.d/multimap.conf b/data/conf/rspamd/local.d/multimap.conf
index 17ada99e..3f554c5b 100644
--- a/data/conf/rspamd/local.d/multimap.conf
+++ b/data/conf/rspamd/local.d/multimap.conf
@@ -175,7 +175,7 @@ BAD_SUBJECT_00 {
   type = "header";
   header = "subject";
   regexp = true;
-  map = "http://nullnull.org/bad-subject-regex.txt";
+  map = "http://fuzzy.mailcow.email/bad-subject-regex.txt";
   score = 6.0;
   symbols_set = ["BAD_SUBJECT_00"];
 }

From 9ba65a572e1e22d89d75130f0ee609ec1f9f6d70 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 24 Jan 2023 10:13:30 +0100
Subject: [PATCH 144/170] [Web] add missing template var for dadmins

---
 data/web/user.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/user.php b/data/web/user.php
index b92e87a7..5fddff6e 100644
--- a/data/web/user.php
+++ b/data/web/user.php
@@ -20,6 +20,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'doma
     'tfa_data' => $tfa_data,
     'fido2_data' => $fido2_data,
     'lang_user' => json_encode($lang['user']),
+    'lang_datatables' => json_encode($lang['datatables']),
   ];
 }
 elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {

From 8281d3fa557c01f4a250550443001d4c1412d0be Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 24 Jan 2023 20:18:17 +0100
Subject: [PATCH 145/170] [Web] Updated lang.da-dk.json (#5020)

Co-authored-by: osos <osos@openeyes.dk>

Co-authored-by: osos <osos@openeyes.dk>
---
 data/web/lang/lang.da-dk.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json
index c0d42afe..fa50ff59 100644
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -1,6 +1,6 @@
 {
     "acl": {
-        "alias_domains": "Tilføj kældenavn domæner",
+        "alias_domains": "Tilføj domænealias",
         "app_passwds": "Administrer app-adgangskoder",
         "bcc_maps": "BCC kort",
         "delimiter_action": "Afgrænsning handling",
@@ -22,9 +22,9 @@
         "spam_alias": "Midlertidige aliasser",
         "spam_policy": "Sortliste / hvidliste",
         "spam_score": "Spam-score",
-        "syncjobs": "Synkroniser job",
+        "syncjobs": "Synkroniserings job",
         "tls_policy": "TLS politik",
-        "unlimited_quota": "Ubegrænset quote for mailbokse",
+        "unlimited_quota": "Ubegrænset plads for mailbokse",
         "domain_desc": "Skift domæne beskrivelse"
     },
     "add": {
@@ -33,7 +33,7 @@
         "add": "Tilføj",
         "add_domain_only": "Tilføj kun domæne",
         "add_domain_restart": "Tilføj domæne og genstart SOGo",
-        "alias_address": "Alias adresse (r)",
+        "alias_address": "Alias adresse(r)",
         "alias_address_info": "<small>Fuld e-mail-adresse eller @ eksempel.com for at fange alle beskeder til et domæne (kommasepareret). <b> kun mailcow-domæner</b>.</small>",
         "alias_domain": "Alias-domæne",
         "alias_domain_info": "<small>Kun gyldige domænenavne (kommasepareret).</small>",

From b71998250406656963fc9176826522e1af73cc66 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 25 Jan 2023 09:31:22 +0100
Subject: [PATCH 146/170] partial rollback of dockerapi

---
 data/Dockerfiles/dockerapi/Dockerfile   |   1 +
 data/Dockerfiles/dockerapi/dockerapi.py | 614 ++++++++++--------------
 docker-compose.yml                      |   2 +-
 3 files changed, 267 insertions(+), 350 deletions(-)

diff --git a/data/Dockerfiles/dockerapi/Dockerfile b/data/Dockerfiles/dockerapi/Dockerfile
index 97c3808c..aa4a3858 100644
--- a/data/Dockerfiles/dockerapi/Dockerfile
+++ b/data/Dockerfiles/dockerapi/Dockerfile
@@ -13,6 +13,7 @@ RUN apk add --update --no-cache python3 \
   fastapi \
   uvicorn \
   aiodocker \
+  docker \
   redis 
 
 COPY docker-entrypoint.sh /app/
diff --git a/data/Dockerfiles/dockerapi/dockerapi.py b/data/Dockerfiles/dockerapi/dockerapi.py
index 304c1781..9e699c22 100644
--- a/data/Dockerfiles/dockerapi/dockerapi.py
+++ b/data/Dockerfiles/dockerapi/dockerapi.py
@@ -1,5 +1,6 @@
 from fastapi import FastAPI, Response, Request
 import aiodocker
+import docker
 import psutil
 import sys
 import re
@@ -9,11 +10,38 @@ import json
 import asyncio
 import redis
 from datetime import datetime
+import logging
+from logging.config import dictConfig
 
 
+log_config = {
+    "version": 1,
+    "disable_existing_loggers": False,
+    "formatters": {
+        "default": {
+            "()": "uvicorn.logging.DefaultFormatter",
+            "fmt": "%(levelprefix)s %(asctime)s %(message)s",
+            "datefmt": "%Y-%m-%d %H:%M:%S",
+
+        },
+    },
+    "handlers": {
+        "default": {
+            "formatter": "default",
+            "class": "logging.StreamHandler",
+            "stream": "ext://sys.stderr",
+        },
+    },
+    "loggers": {
+        "api-logger": {"handlers": ["default"], "level": "INFO"},
+    },
+}
+dictConfig(log_config)
+
 containerIds_to_update = []
 host_stats_isUpdating = False
 app = FastAPI()
+logger = logging.getLogger('api-logger')
 
 
 @app.get("/host/stats")
@@ -21,18 +49,15 @@ async def get_host_update_stats():
   global host_stats_isUpdating
 
   if host_stats_isUpdating == False:
-    print("start host stats task")
     asyncio.create_task(get_host_stats())
     host_stats_isUpdating = True
 
   while True:
     if redis_client.exists('host_stats'):
       break
-    print("wait for host_stats results")
     await asyncio.sleep(1.5)
 
 
-  print("host stats pulled")
   stats = json.loads(redis_client.get('host_stats'))
   return Response(content=json.dumps(stats, indent=4), media_type="application/json")
 
@@ -106,14 +131,14 @@ async def post_containers(container_id : str, post_action : str, request: Reques
       else:
         api_call_method_name = '__'.join(['container_post', str(post_action) ])
 
-      docker_utils = DockerUtils(async_docker_client)
+      docker_utils = DockerUtils(sync_docker_client)
       api_call_method = getattr(docker_utils, api_call_method_name, lambda container_id: Response(content=json.dumps({'type': 'danger', 'msg':'container_post - unknown api call' }, indent=4), media_type="application/json"))
 
 
-      print("api call: %s, container_id: %s" % (api_call_method_name, container_id))
-      return await api_call_method(container_id, request_json)
+      logger.info("api call: %s, container_id: %s" % (api_call_method_name, container_id))
+      return api_call_method(container_id, request_json)
     except Exception as e:
-      print("error - container_post: %s" % str(e))
+      logger.error("error - container_post: %s" % str(e))
       res = {
         "type": "danger",
         "msg": str(e)
@@ -152,398 +177,289 @@ class DockerUtils:
     self.docker_client = docker_client
 
   # api call: container_post - post_action: stop
-  async def container_post__stop(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        await container.stop()
-    res = {
-      'type': 'success', 
-      'msg': 'command completed successfully'
-    }
-    return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  def container_post__stop(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
+      container.stop()
 
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
+    return Response(content=json.dumps(res, indent=4), media_type="application/json")
   # api call: container_post - post_action: start
-  async def container_post__start(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        await container.start()
-    res = {
-      'type': 'success', 
-      'msg': 'command completed successfully'
-    }
+  def container_post__start(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
+      container.start()
+
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
     return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-
   # api call: container_post - post_action: restart
-  async def container_post__restart(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        await container.restart()
-    res = {
-      'type': 'success', 
-      'msg': 'command completed successfully'
-    }
+  def container_post__restart(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
+      container.restart()
+
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
     return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-
   # api call: container_post - post_action: top
-  async def container_post__top(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        ps_exec = await container.exec("ps")      
-        async with ps_exec.start(detach=False) as stream:
-          ps_return = await stream.read_out()
-
-        exec_details = await ps_exec.inspect()
-        if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-          res = {
-            'type': 'success', 
-            'msg': ps_return.data.decode('utf-8')
-          }
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-        else:
-          res = {
-            'type': 'danger', 
-            'msg': ''
-          }
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
+  def container_post__top(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
+      res = { 'type': 'success', 'msg': container.top()}
+      return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: stats
+  def container_post__stats(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
+      for stat in container.stats(decode=True, stream=True):
+        res = { 'type': 'success', 'msg': stat}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
 
   # api call: container_post - post_action: exec - cmd: mailq - task: delete
-  async def container_post__exec__mailq__delete(self, container_id, request_json):
+  def container_post__exec__mailq__delete(self, container_id, request_json):
     if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
       filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         flagged_qids = ['-d %s' % i for i in filtered_qids]
-        sanitized_string = str(' '.join(flagged_qids))
+        sanitized_string = str(' '.join(flagged_qids));
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
+          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
+          return exec_run_handler('generic', postsuper_r)
 
-        for container in (await self.docker_client.containers.list()):
-          if container._id == container_id:
-            postsuper_r_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-            return await exec_run_handler('generic', postsuper_r_exec)
 
   # api call: container_post - post_action: exec - cmd: mailq - task: hold
-  async def container_post__exec__mailq__hold(self, container_id, request_json):
+  def container_post__exec__mailq__hold(self, container_id, request_json):
     if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
       filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         flagged_qids = ['-h %s' % i for i in filtered_qids]
-        sanitized_string = str(' '.join(flagged_qids))
-
-        for container in (await self.docker_client.containers.list()):
-          if container._id == container_id:
-            postsuper_r_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-            return await exec_run_handler('generic', postsuper_r_exec)
+        sanitized_string = str(' '.join(flagged_qids));
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
+          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
+          return exec_run_handler('generic', postsuper_r)
 
   # api call: container_post - post_action: exec - cmd: mailq - task: cat
-  async def container_post__exec__mailq__cat(self, container_id, request_json):
+  def container_post__exec__mailq__cat(self, container_id, request_json):
     if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
       filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
-        sanitized_string = str(' '.join(filtered_qids))
+        sanitized_string = str(' '.join(filtered_qids));
 
-        for container in (await self.docker_client.containers.list()):
-          if container._id == container_id:
-            postcat_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postcat -q " + sanitized_string], user='postfix')
-            return await exec_run_handler('utf8_text_only', postcat_exec)
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
+          postcat_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postcat -q " + sanitized_string], user='postfix')
+        if not postcat_return:
+          postcat_return = 'err: invalid'
+        return exec_run_handler('utf8_text_only', postcat_return)
 
    # api call: container_post - post_action: exec - cmd: mailq - task: unhold
-  async def container_post__exec__mailq__unhold(self, container_id, request_json):
+  def container_post__exec__mailq__unhold(self, container_id, request_json):
     if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
       filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         flagged_qids = ['-H %s' % i for i in filtered_qids]
-        sanitized_string = str(' '.join(flagged_qids))
-
-        for container in (await self.docker_client.containers.list()):
-          if container._id == container_id:
-            postsuper_r_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-            return await exec_run_handler('generic', postsuper_r_exec)
-
+        sanitized_string = str(' '.join(flagged_qids));
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
+          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
+          return exec_run_handler('generic', postsuper_r)
 
   # api call: container_post - post_action: exec - cmd: mailq - task: deliver
-  async def container_post__exec__mailq__deliver(self, container_id, request_json):
+  def container_post__exec__mailq__deliver(self, container_id, request_json):
     if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
       filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         flagged_qids = ['-i %s' % i for i in filtered_qids]
-
-        for container in (await self.docker_client.containers.list()):
-          if container._id == container_id:
-            for i in flagged_qids:
-              postsuper_r_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postqueue " + i], user='postfix')      
-              async with postsuper_r_exec.start(detach=False) as stream:
-                postsuper_r_return = await stream.read_out()
-              # todo: check each exit code
-            res = {
-              'type': 'success', 
-              'msg': 'Scheduled immediate delivery'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-
-  # api call: container_post - post_action: exec - cmd: mailq - task: list
-  async def container_post__exec__mailq__list(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        mailq_exec = await container.exec(["/usr/sbin/postqueue", "-j"], user='postfix')
-        return await exec_run_handler('utf8_text_only', mailq_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: mailq - task: flush
-  async def container_post__exec__mailq__flush(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        postsuper_r_exec = await container.exec(["/usr/sbin/postqueue", "-f"], user='postfix')
-        return await exec_run_handler('generic', postsuper_r_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: mailq - task: super_delete
-  async def container_post__exec__mailq__super_delete(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        postsuper_r_exec = await container.exec(["/usr/sbin/postsuper", "-d", "ALL"])
-        return await exec_run_handler('generic', postsuper_r_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: system - task: fts_rescan
-  async def container_post__exec__system__fts_rescan(self, container_id, request_json):
-    if 'username' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          rescan_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -u '" + request_json['username'].replace("'", "'\\''") + "'"], user='vmail')         
-          async with rescan_exec.start(detach=False) as stream:
-            rescan_return = await stream.read_out()
-
-          exec_details = await rescan_exec.inspect()
-          if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-            res = {
-              'type': 'success', 
-              'msg': 'fts_rescan: rescan triggered'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-          else:
-            res = {
-              'type': 'warning', 
-              'msg': 'fts_rescan error'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-    if 'all' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          rescan_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -A"], user='vmail')          
-          async with rescan_exec.start(detach=False) as stream:
-            rescan_return = await stream.read_out()
-
-          exec_details = await rescan_exec.inspect()
-          if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-            res = {
-              'type': 'success', 
-              'msg': 'fts_rescan: rescan triggered'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-          else:
-            res = {
-              'type': 'warning', 
-              'msg': 'fts_rescan error'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-
-  # api call: container_post - post_action: exec - cmd: system - task: df
-  async def container_post__exec__system__df(self, container_id, request_json):
-    if 'dir' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          df_exec = await container.exec(["/bin/bash", "-c", "/bin/df -H '" + request_json['dir'].replace("'", "'\\''") + "' | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
-          async with df_exec.start(detach=False) as stream:
-            df_return = await stream.read_out()
-
-          print(df_return)
-          print(await df_exec.inspect())
-          exec_details = await df_exec.inspect()
-          if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-            return df_return.data.decode('utf-8').rstrip()
-          else:
-            return "0,0,0,0,0,0"
-
-
-  # api call: container_post - post_action: exec - cmd: system - task: mysql_upgrade
-  async def container_post__exec__system__mysql_upgrade(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        sql_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/mysql_upgrade -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "'\n"], user='mysql')
-        async with sql_exec.start(detach=False) as stream:
-          sql_return = await stream.read_out()
-
-        exec_details = await sql_exec.inspect()
-        if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-          matched = False
-          for line in sql_return.data.decode('utf-8').split("\n"):
-            if 'is already upgraded to' in line:
-              matched = True
-          if matched:
-            res = {
-              'type': 'success', 
-              'msg': 'mysql_upgrade: already upgraded',
-              'text': sql_return.data.decode('utf-8')
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-          else:
-            await container.restart()
-            res = {
-              'type': 'warning', 
-              'msg': 'mysql_upgrade: upgrade was applied',
-              'text': sql_return.data.decode('utf-8')
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-        else:
-          res = {
-            'type': 'error', 
-            'msg': 'mysql_upgrade: error running command',
-            'text': sql_return.data.decode('utf-8')
-          }
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
+          for i in flagged_qids:
+            postqueue_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postqueue " + i], user='postfix')
+            # todo: check each exit code
+          res = { 'type': 'success', 'msg': 'Scheduled immediate delivery'}
           return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-  # api call: container_post - post_action: exec - cmd: system - task: mysql_tzinfo_to_sql
-  async def container_post__exec__system__mysql_tzinfo_to_sql(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        sql_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/mysql_tzinfo_to_sql /usr/share/zoneinfo | /bin/sed 's/Local time zone must be set--see zic manual page/FCTY/' | /usr/bin/mysql -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "' mysql \n"], user='mysql')
-        async with sql_exec.start(detach=False) as stream:
-          sql_return = await stream.read_out()
-
-        exec_details = await sql_exec.inspect()
-        if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-          res = {
-            'type': 'info', 
-            'msg': 'mysql_tzinfo_to_sql: command completed successfully',
-            'text': sql_return.data.decode('utf-8')
-          }
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-        else:
-          res = {
-            'type': 'error', 
-            'msg': 'mysql_tzinfo_to_sql: error running command',
-            'text': sql_return.data.decode('utf-8')
-          }
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-  # api call: container_post - post_action: exec - cmd: reload - task: dovecot
-  async def container_post__exec__reload__dovecot(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        reload_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/dovecot reload"])
-        return await exec_run_handler('generic', reload_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: reload - task: postfix
-  async def container_post__exec__reload__postfix(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        reload_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postfix reload"])
-        return await exec_run_handler('generic', reload_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: reload - task: nginx
-  async def container_post__exec__reload__nginx(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        reload_exec = await container.exec(["/bin/sh", "-c", "/usr/sbin/nginx -s reload"])
-        return await exec_run_handler('generic', reload_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: sieve - task: list
-  async def container_post__exec__sieve__list(self, container_id, request_json):
-    if 'username' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          sieve_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/doveadm sieve list -u '" + request_json['username'].replace("'", "'\\''") + "'"])
-          return await exec_run_handler('utf8_text_only', sieve_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: sieve - task: print
-  async def container_post__exec__sieve__print(self, container_id, request_json):
-    if 'username' in request_json and 'script_name' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          cmd = ["/bin/bash", "-c", "/usr/bin/doveadm sieve get -u '" + request_json['username'].replace("'", "'\\''") + "' '" + request_json['script_name'].replace("'", "'\\''") + "'"]  
-          sieve_exec = await container.exec(cmd)
-          return await exec_run_handler('utf8_text_only', sieve_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: maildir - task: cleanup
-  async def container_post__exec__maildir__cleanup(self, container_id, request_json):
-    if 'maildir' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          sane_name = re.sub(r'\W+', '', request_json['maildir'])
-          cmd = ["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"]
-          maildir_cleanup_exec = await container.exec(cmd, user='vmail')
-          return await exec_run_handler('generic', maildir_cleanup_exec)
-
-  # api call: container_post - post_action: exec - cmd: rspamd - task: worker_password
-  async def container_post__exec__rspamd__worker_password(self, container_id, request_json):
-    if 'raw' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
           
-          cmd = "./set_worker_password.sh '" + request_json['raw'].replace("'", "'\\''") + "' 2> /dev/null"
-          rspamd_password_exec = await container.exec(cmd, user='_rspamd')  
-          async with rspamd_password_exec.start(detach=False) as stream:
-            rspamd_password_return = await stream.read_out()
-
-          matched = False
-          if "OK" in rspamd_password_return.data.decode('utf-8'):
+  # api call: container_post - post_action: exec - cmd: mailq - task: list
+  def container_post__exec__mailq__list(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      mailq_return = container.exec_run(["/usr/sbin/postqueue", "-j"], user='postfix')
+      return exec_run_handler('utf8_text_only', mailq_return)
+  # api call: container_post - post_action: exec - cmd: mailq - task: flush
+  def container_post__exec__mailq__flush(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      postqueue_r = container.exec_run(["/usr/sbin/postqueue", "-f"], user='postfix')
+      return exec_run_handler('generic', postqueue_r)
+  # api call: container_post - post_action: exec - cmd: mailq - task: super_delete
+  def container_post__exec__mailq__super_delete(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      postsuper_r = container.exec_run(["/usr/sbin/postsuper", "-d", "ALL"])
+      return exec_run_handler('generic', postsuper_r)
+  # api call: container_post - post_action: exec - cmd: system - task: fts_rescan
+  def container_post__exec__system__fts_rescan(self, container_id, request_json):
+    if 'username' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -u '" + request_json['username'].replace("'", "'\\''") + "'"], user='vmail')
+        if rescan_return.exit_code == 0:
+          res = { 'type': 'success', 'msg': 'fts_rescan: rescan triggered'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        else:
+          res = { 'type': 'warning', 'msg': 'fts_rescan error'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+    if 'all' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -A"], user='vmail')
+        if rescan_return.exit_code == 0:
+          res = { 'type': 'success', 'msg': 'fts_rescan: rescan triggered'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        else:
+          res = { 'type': 'warning', 'msg': 'fts_rescan error'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: exec - cmd: system - task: df
+  def container_post__exec__system__df(self, container_id, request_json):
+    if 'dir' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H '" + request_json['dir'].replace("'", "'\\''") + "' | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
+        if df_return.exit_code == 0:
+          return df_return.output.decode('utf-8').rstrip()
+        else:
+          return "0,0,0,0,0,0"
+  # api call: container_post - post_action: exec - cmd: system - task: mysql_upgrade
+  def container_post__exec__system__mysql_upgrade(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      sql_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/mysql_upgrade -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "'\n"], user='mysql')
+      if sql_return.exit_code == 0:
+        matched = False
+        for line in sql_return.output.decode('utf-8').split("\n"):
+          if 'is already upgraded to' in line:
             matched = True
-            await container.restart()
+        if matched:
+          res = { 'type': 'success', 'msg':'mysql_upgrade: already upgraded', 'text': sql_return.output.decode('utf-8')}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        else:
+          container.restart()
+          res = { 'type': 'warning', 'msg':'mysql_upgrade: upgrade was applied', 'text': sql_return.output.decode('utf-8')}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+      else:
+        res = { 'type': 'error', 'msg': 'mysql_upgrade: error running command', 'text': sql_return.output.decode('utf-8')}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: exec - cmd: system - task: mysql_tzinfo_to_sql
+  def container_post__exec__system__mysql_tzinfo_to_sql(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      sql_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/mysql_tzinfo_to_sql /usr/share/zoneinfo | /bin/sed 's/Local time zone must be set--see zic manual page/FCTY/' | /usr/bin/mysql -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "' mysql \n"], user='mysql')
+      if sql_return.exit_code == 0:
+        res = { 'type': 'info', 'msg': 'mysql_tzinfo_to_sql: command completed successfully', 'text': sql_return.output.decode('utf-8')}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
+      else:
+        res = { 'type': 'error', 'msg': 'mysql_tzinfo_to_sql: error running command', 'text': sql_return.output.decode('utf-8')}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: exec - cmd: reload - task: dovecot
+  def container_post__exec__reload__dovecot(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/dovecot reload"])
+      return exec_run_handler('generic', reload_return)
+  # api call: container_post - post_action: exec - cmd: reload - task: postfix
+  def container_post__exec__reload__postfix(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postfix reload"])
+      return exec_run_handler('generic', reload_return)
+  # api call: container_post - post_action: exec - cmd: reload - task: nginx
+  def container_post__exec__reload__nginx(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      reload_return = container.exec_run(["/bin/sh", "-c", "/usr/sbin/nginx -s reload"])
+      return exec_run_handler('generic', reload_return)
+  # api call: container_post - post_action: exec - cmd: sieve - task: list
+  def container_post__exec__sieve__list(self, container_id, request_json):
+    if 'username' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm sieve list -u '" + request_json['username'].replace("'", "'\\''") + "'"])
+        return exec_run_handler('utf8_text_only', sieve_return)
+  # api call: container_post - post_action: exec - cmd: sieve - task: print
+  def container_post__exec__sieve__print(self, container_id, request_json):
+    if 'username' in request.json and 'script_name' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        cmd = ["/bin/bash", "-c", "/usr/bin/doveadm sieve get -u '" + request_json['username'].replace("'", "'\\''") + "' '" + request_json['script_name'].replace("'", "'\\''") + "'"]  
+        sieve_return = container.exec_run(cmd)
+        return exec_run_handler('utf8_text_only', sieve_return)
+  # api call: container_post - post_action: exec - cmd: maildir - task: cleanup
+  def container_post__exec__maildir__cleanup(self, container_id, request_json):
+    if 'maildir' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        sane_name = re.sub(r'\W+', '', request_json['maildir'])
+        cmd = ["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"]
+        maildir_cleanup = container.exec_run(cmd, user='vmail')
+        return exec_run_handler('generic', maildir_cleanup)
+  # api call: container_post - post_action: exec - cmd: rspamd - task: worker_password
+  def container_post__exec__rspamd__worker_password(self, container_id, request_json):
+    if 'raw' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        cmd = "/usr/bin/rspamadm pw -e -p '" + request_json['raw'].replace("'", "'\\''") + "' 2> /dev/null"
+        cmd_response = exec_cmd_container(container, cmd, user="_rspamd")
 
-          if matched:
-            res = {
-              'type': 'success', 
-              'msg': 'command completed successfully'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-          else:
-            res = {
-              'type': 'danger', 
-              'msg': 'command did not complete'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        matched = False
+        for line in cmd_response.split("\n"):
+          if '$2$' in line:
+            hash = line.strip()
+            hash_out = re.search('\$2\$.+$', hash).group(0)
+            rspamd_passphrase_hash = re.sub('[^0-9a-zA-Z\$]+', '', hash_out.rstrip())
+            rspamd_password_filename = "/etc/rspamd/override.d/worker-controller-password.inc"
+            cmd = '''/bin/echo 'enable_password = "%s";' > %s && cat %s''' % (rspamd_passphrase_hash, rspamd_password_filename, rspamd_password_filename)
+            cmd_response = exec_cmd_container(container, cmd, user="_rspamd")
+            if rspamd_passphrase_hash.startswith("$2$") and rspamd_passphrase_hash in cmd_response:
+              container.restart()
+              matched = True
+        if matched:
+          res = { 'type': 'success', 'msg': 'command completed successfully' }
+          logger.info('success changing Rspamd password')
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        else:
+          logger.error('failed changing Rspamd password')
+          res = { 'type': 'danger', 'msg': 'command did not complete' }
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
 
 
+def exec_cmd_container(container, cmd, user, timeout=2, shell_cmd="/bin/bash"):
 
-async def exec_run_handler(type, exec_obj):
-  async with exec_obj.start(detach=False) as stream:
-    exec_return = await stream.read_out()
+  def recv_socket_data(c_socket, timeout):
+    c_socket.setblocking(0)
+    total_data=[]
+    data=''
+    begin=time.time()
+    while True:
+      if total_data and time.time()-begin > timeout:
+        break
+      elif time.time()-begin > timeout*2:
+        break
+      try:
+        data = c_socket.recv(8192)
+        if data:
+          total_data.append(data.decode('utf-8'))
+          #change the beginning time for measurement
+          begin=time.time()
+        else:
+          #sleep for sometime to indicate a gap
+          time.sleep(0.1)
+          break
+      except:
+        pass
+    return ''.join(total_data)
+    
 
-  if exec_return == None:
-    exec_return = ""
-  else:
-    exec_return = exec_return.data.decode('utf-8')
-
-  if type == 'generic':       
-    exec_details = await exec_obj.inspect()
-    if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-      res = {
-        "type": "success",
-        "msg": "command completed successfully"
-      }
+  try :
+    socket = container.exec_run([shell_cmd], stdin=True, socket=True, user=user).output._sock
+    if not cmd.endswith("\n"):
+      cmd = cmd + "\n"
+    socket.send(cmd.encode('utf-8'))
+    data = recv_socket_data(socket, timeout)
+    socket.close()
+    return data
+  except Exception as e:
+    logger.error("error - exec_cmd_container: %s" % str(e))
+    traceback.print_exc(file=sys.stdout)
+def exec_run_handler(type, output):
+  if type == 'generic':
+    if output.exit_code == 0:
+      res = { 'type': 'success', 'msg': 'command completed successfully' }
       return Response(content=json.dumps(res, indent=4), media_type="application/json")
     else:
-      res = {
-        "type": "success",
-        "msg": "'command failed: " + exec_return
-      }
+      res = { 'type': 'danger', 'msg': 'command failed: ' + output.output.decode('utf-8') }
       return Response(content=json.dumps(res, indent=4), media_type="application/json")
   if type == 'utf8_text_only':
-    return Response(content=exec_return, media_type="text/plain")
+    return Response(content=output.output.decode('utf-8'), media_type="text/plain")
 
 async def get_host_stats(wait=5):
   global host_stats_isUpdating
@@ -570,12 +486,10 @@ async def get_host_stats(wait=5):
       "type": "danger",
       "msg": str(e)
     }
-    print(json.dumps(res, indent=4))
 
   await asyncio.sleep(wait)
   host_stats_isUpdating = False
   
-
 async def get_container_stats(container_id, wait=5, stop=False):
   global containerIds_to_update
 
@@ -598,13 +512,11 @@ async def get_container_stats(container_id, wait=5, stop=False):
         "type": "danger",
         "msg": str(e)
       }
-      print(json.dumps(res, indent=4))
   else:
     res = {
       "type": "danger",
       "msg": "no or invalid id defined"
     }
-    print(json.dumps(res, indent=4))
 
   await asyncio.sleep(wait)
   if stop == True:
@@ -615,9 +527,13 @@ async def get_container_stats(container_id, wait=5, stop=False):
     await get_container_stats(container_id, wait=0, stop=True)
 
 
+
 if os.environ['REDIS_SLAVEOF_IP'] != "":
   redis_client = redis.Redis(host=os.environ['REDIS_SLAVEOF_IP'], port=os.environ['REDIS_SLAVEOF_PORT'], db=0)
 else:
   redis_client = redis.Redis(host='redis-mailcow', port=6379, db=0)
 
+sync_docker_client = docker.DockerClient(base_url='unix://var/run/docker.sock', version='auto')
 async_docker_client = aiodocker.Docker(url='unix:///var/run/docker.sock')
+
+logger.info('DockerApi started')
diff --git a/docker-compose.yml b/docker-compose.yml
index 3b3ccee3..19e20345 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -510,7 +510,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:2.0
+      image: mailcow/dockerapi:2.01
       security_opt:
         - label=disable
       restart: always

From ed7b384e2431e4c98a45c3262c2229b285f778b6 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 25 Jan 2023 09:34:12 +0100
Subject: [PATCH 147/170] [Web] fix queue btn showing undefined

---
 data/web/js/site/queue.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/data/web/js/site/queue.js b/data/web/js/site/queue.js
index 6b2d2b3b..ebebaff8 100644
--- a/data/web/js/site/queue.js
+++ b/data/web/js/site/queue.js
@@ -21,7 +21,6 @@ jQuery(function($){
           url: '/api/v1/get/postcat/' + button.data('queue-id'),
           dataType: 'text',
           complete: function (data) {
-            console.log(data);
             $('#queue_msg_content').text(data.responseText);
           }
       });
@@ -54,7 +53,7 @@ jQuery(function($){
             });
             item.recipients = rcpts.join('<hr style="margin:1px!important">');
             item.action = '<div class="btn-group">' +
-              '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.queue_show_message + '</a>' +
+              '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.show_message + '</a>' +
             '</div>';
           });
           return data;

From 99e38d81b1a34893f5738919e719fa50a032fcb9 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <derlinkman@gmail.com>
Date: Wed, 25 Jan 2023 16:09:15 +0100
Subject: [PATCH 148/170] Removed Integration Tests

---
 .github/workflows/integration_tests.yml | 63 -------------------------
 README.md                               |  1 -
 2 files changed, 64 deletions(-)
 delete mode 100644 .github/workflows/integration_tests.yml

diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml
deleted file mode 100644
index ee083bf4..00000000
--- a/.github/workflows/integration_tests.yml
+++ /dev/null
@@ -1,63 +0,0 @@
-name: mailcow Integration Tests
-
-on:
-  push:
-    branches: [ "master", "staging" ]
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  integration_tests:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Setup Ansible
-        run: |
-          export DEBIAN_FRONTEND=noninteractive
-          sudo apt-get update
-          sudo apt-get install python3 python3-pip git
-          sudo pip3 install ansible
-      - name: Prepair Test Environment
-        run: |
-          git clone https://github.com/mailcow/mailcow-integration-tests.git --branch $(curl -sL https://api.github.com/repos/mailcow/mailcow-integration-tests/releases/latest | jq -r '.tag_name') --single-branch .
-          ./fork_check.sh
-          ./ci.sh
-          ./ci-pip-requirements.sh
-        env:
-          VAULT_PW: ${{ secrets.MAILCOW_TESTS_VAULT_PW }}
-          VAULT_FILE: ${{ secrets.MAILCOW_TESTS_VAULT_FILE }}
-      - name: Start Integration Test Server
-        run: |
-          ./fork_check.sh
-          ansible-playbook mailcow-start-server.yml --diff
-        env:
-          PY_COLORS: '1'
-          ANSIBLE_FORCE_COLOR: '1'
-          ANSIBLE_HOST_KEY_CHECKING: 'false'
-      - name: Setup Integration Test Server
-        run: |
-          ./fork_check.sh
-          sleep 30
-          ansible-playbook mailcow-setup-server.yml --private-key id_ssh_rsa --diff
-        env:
-          PY_COLORS: '1'
-          ANSIBLE_FORCE_COLOR: '1'
-          ANSIBLE_HOST_KEY_CHECKING: 'false'
-      - name: Run Integration Tests
-        run: |
-          ./fork_check.sh
-          ansible-playbook mailcow-integration-tests.yml --private-key id_ssh_rsa --diff
-        env:
-          PY_COLORS: '1'
-          ANSIBLE_FORCE_COLOR: '1'
-          ANSIBLE_HOST_KEY_CHECKING: 'false'
-      - name: Delete Integration Test Server
-        if: always()
-        run: |
-          ./fork_check.sh
-          ansible-playbook mailcow-delete-server.yml --diff
-        env:
-          PY_COLORS: '1'
-          ANSIBLE_FORCE_COLOR: '1'
-          ANSIBLE_HOST_KEY_CHECKING: 'false'
diff --git a/README.md b/README.md
index b40a767c..c15b8ef0 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,5 @@
 # mailcow: dockerized - 🐮 + 🐋 = 💕
 
-[![Mailcow Integration Tests](https://github.com/mailcow/mailcow-dockerized/actions/workflows/integration_tests.yml/badge.svg?branch=master)](https://github.com/mailcow/mailcow-dockerized/actions/workflows/integration_tests.yml)
 [![Translation status](https://translate.mailcow.email/widgets/mailcow-dockerized/-/translation/svg-badge.svg)](https://translate.mailcow.email/engage/mailcow-dockerized/)
 [![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/mailcow_email.svg?style=social&label=Follow%20%40mailcow_email)](https://twitter.com/mailcow_email)
 

From 6ff3f3f044b8673d315d0e7dc3f7c33e70bef977 Mon Sep 17 00:00:00 2001
From: realizelol <bsw.bsw@gmx.de>
Date: Wed, 25 Jan 2023 23:50:39 +0100
Subject: [PATCH 149/170] [Web] Set pageLength to pagination_size + repect
 savedState... Fix width in quarantine table.

---
 data/web/css/site/quarantine.css              |  206 +-
 data/web/js/site/admin.js                     | 1468 +++++++-------
 data/web/js/site/debug.js                     |  144 +-
 data/web/js/site/edit.js                      |  442 ++---
 data/web/js/site/mailbox.js                   | 1740 +++++++++--------
 data/web/js/site/qhandler.js                  |  142 +-
 data/web/js/site/quarantine.js                |  583 +++---
 data/web/js/site/queue.js                     |  217 +-
 data/web/js/site/user.js                      | 1329 ++++++-------
 data/web/templates/admin.twig                 |    6 +-
 data/web/templates/debug.twig                 |   40 +-
 data/web/templates/domainadmin.twig           |    2 +-
 data/web/templates/edit.twig                  |    2 +-
 data/web/templates/mailbox.twig               |    2 +-
 data/web/templates/quarantine.twig            |    4 +-
 data/web/templates/queue.twig                 |    2 +-
 .../templates/user_domainadmin_common.twig    |    2 +-
 17 files changed, 3190 insertions(+), 3141 deletions(-)

diff --git a/data/web/css/site/quarantine.css b/data/web/css/site/quarantine.css
index 98a74d66..0455b7c1 100644
--- a/data/web/css/site/quarantine.css
+++ b/data/web/css/site/quarantine.css
@@ -1,102 +1,104 @@
-.pagination a {
-  text-decoration: none !important;
-}
-
-.panel.panel-default {
-  overflow: visible !important;
-}
-
-.table-responsive {
-  overflow: visible !important;
-}
-
-.table-responsive {
-  overflow-x: scroll !important;
-}
-
-.footer-add-item {
-  display: block;
-  text-align: center;
-  font-style: italic;
-  padding: 10px;
-  background: #F5F5F5;
-}
-
-@media (min-width: 992px) {
-  .container {
-    width: 100%;
-  }
-}
-@media (min-width: 1920px) {
-  .container {
-      width: 80%;
-  }
-}
-
-.mass-actions-quarantine {
-  user-select: none;
-}
-
-.inputMissingAttr {
-  border-color: #FF4136;
-}
-
-.modal#qidDetailModal p {
-  word-break: break-all;
-}
-
-span#qid_detail_score {
-  font-weight: 700;
-  margin-left: 5px;
-}
-
-span.rspamd-symbol {
-  display: inline-block;
-  margin: 2px 6px 2px 0;
-  border-radius: 4px;
-  padding: 0 7px;
-}
-
-span.rspamd-symbol.positive {
-  background: #4CAF50;
-  border: 1px solid #4CAF50;
-  color: white;
-}
-
-span.rspamd-symbol.negative {
-  background: #ff4136;
-  border: 1px solid #ff4136;
-  color: white;
-}
-
-span.rspamd-symbol.neutral {
-  background: #f5f5f5;
-  color: #333;
-  border: 1px solid #ccc;
-}
-
-span.rspamd-symbol span.score {
-  font-weight: 700;
-}
-
-span.mail-address-item {
-  background-color: #f5f5f5;
-  border-radius: 4px;
-  border: 1px solid #ccc;
-  padding: 2px 7px;
-  display: inline-block;
-  margin: 2px 6px 2px 0;
-}
-
-table tbody tr {
-  cursor: pointer;
-}
-
-table tbody tr td input[type="checkbox"] {
-  cursor: pointer;
-}
-.label-rspamd-action {
-  font-size:110%;
-  margin:20px;
-}
-
+.pagination a {
+  text-decoration: none !important;
+}
+
+.panel.panel-default {
+  overflow: visible !important;
+}
+
+.table-responsive {
+  overflow: visible !important;
+}
+
+.table-responsive {
+  overflow-x: scroll !important;
+}
+
+.footer-add-item {
+  display: block;
+  text-align: center;
+  font-style: italic;
+  padding: 10px;
+  background: #F5F5F5;
+}
+
+@media (min-width: 992px) {
+  .container {
+    width: 100%;
+  }
+}
+@media (min-width: 1920px) {
+  .container {
+      width: 80%;
+  }
+}
+
+.mass-actions-quarantine {
+  user-select: none;
+}
+
+.inputMissingAttr {
+  border-color: #FF4136;
+}
+
+.modal#qidDetailModal p {
+  word-break: break-all;
+}
+
+span#qid_detail_score {
+  font-weight: 700;
+  margin-left: 5px;
+}
+
+span.rspamd-symbol {
+  display: inline-block;
+  margin: 2px 6px 2px 0;
+  border-radius: 4px;
+  padding: 0 7px;
+}
+
+span.rspamd-symbol.positive {
+  background: #4CAF50;
+  border: 1px solid #4CAF50;
+  color: white;
+}
+
+span.rspamd-symbol.negative {
+  background: #ff4136;
+  border: 1px solid #ff4136;
+  color: white;
+}
+
+span.rspamd-symbol.neutral {
+  background: #f5f5f5;
+  color: #333;
+  border: 1px solid #ccc;
+}
+
+span.rspamd-symbol span.score {
+  font-weight: 700;
+}
+
+span.mail-address-item {
+  background-color: #f5f5f5;
+  border-radius: 4px;
+  border: 1px solid #ccc;
+  padding: 2px 7px;
+  display: inline-block;
+  margin: 2px 6px 2px 0;
+}
+
+table tbody tr {
+  cursor: pointer;
+}
+
+table tbody tr td input[type="checkbox"] {
+  cursor: pointer;
+}
+.label-rspamd-action {
+  font-size:110%;
+  margin:20px;
+}
+.senders-mw220 {
+  max-width: 220px;
+}
diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index 0dba1aa8..0e5a9ae6 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -1,731 +1,737 @@
-// Base64 functions
-var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
-jQuery(function($){
-  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
-  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
-  function jq(myid) {return "#" + myid.replace( /(:|\.|\[|\]|,|=|@)/g, "\\$1" );}
-  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
-  function validateRegex(e){var t=e.split("/"),n=e,r="";t.length>1&&(n=t[1],r=t[2]);try{return new RegExp(n,r),!0}catch(e){return!1}}
-  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
-  function hashCode(t){for(var n=0,r=0;r<t.length;r++)n=t.charCodeAt(r)+((n<<5)-n);return n}
-  function intToRGB(t){var n=(16777215&t).toString(16).toUpperCase();return"00000".substring(0,6-n.length)+n}
-  $("#dkim_missing_keys").on('click', function(e) {
-    e.preventDefault();
-     var domains = [];
-     $('.dkim_missing').each(function() {
-       domains.push($(this).val());
-     });
-     $('#dkim_add_domains').val(domains);
-  });
-  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
-  $("#mass_exclude").change(function(){ $("#mass_include").selectpicker('deselectAll'); });
-  $("#mass_include").change(function(){ $("#mass_exclude").selectpicker('deselectAll'); });
-  $("#mass_disarm").click(function() { $("#mass_send").attr("disabled", !this.checked); });
-  $(".admin-ays-dialog").click(function() { return confirm(lang.ays); });
-  $(".validate_rspamd_regex").click(function( event ) {
-    event.preventDefault();
-    var regex_map_id = $(this).data('regex-map');
-    var regex_data = $(jq(regex_map_id)).val().split(/\r?\n/);
-    var regex_valid = true;
-    for(var i = 0;i < regex_data.length;i++){
-      if(regex_data[i].startsWith('#') || !regex_data[i]){
-        continue;
-      }
-      if(!validateRegex(regex_data[i])) {
-        mailcow_alert_box('Cannot build regex from line ' + (i+1), 'danger');
-        var regex_valid = false;
-        break;
-      }
-      if(!regex_data[i].startsWith('/') || !/\/[ims]?$/.test(regex_data[i])){
-        mailcow_alert_box('Line ' + (i+1) + ' is invalid', 'danger');
-        var regex_valid = false;
-        break;
-      }
-    }
-    if (regex_valid) {
-      mailcow_alert_box('Regex OK', 'success');
-      $('button[data-id="' + regex_map_id + '"]').attr({"disabled": false});
-    }
-  });
-	$('.textarea-code').on('keyup', function() {
-    $('.submit_rspamd_regex').attr({"disabled": true});
-	});
-  $("#show_rspamd_global_filters").click(function() {
-    $.get("inc/ajax/show_rspamd_global_filters.php");
-    $("#confirm_show_rspamd_global_filters").hide();
-    $("#rspamd_global_filters").removeClass("d-none");
-  });
-  $("#super_delete").click(function() { return confirm(lang.queue_ays); });
-  
-  $(".refresh_table").on('click', function(e) {
-    e.preventDefault();
-    var table_name = $(this).data('table');
-    $('#' + table_name).DataTable().ajax.reload();
-  });
-  function draw_domain_admins() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#domainadminstable') ) {
-      $('#domainadminstable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#domainadminstable').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/domain-admin/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'domainadminstable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: lang.username,
-            data: 'username',
-            defaultContent: ''
-          },
-          {
-            title: lang.admin_domains,
-            data: 'selected_domains',
-            defaultContent: '',
-          },
-          {
-            title: "TFA",
-            data: 'tfa_active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ],
-      initComplete: function(settings, json){
-      }
-    });
-  }
-  function draw_oauth2_clients() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#oauth2clientstable') ) {
-      $('#oauth2clientstable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#oauth2clientstable').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/oauth2-client/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'oauth2clientstable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            defaultContent: ''
-          },
-          {
-            title: lang.oauth2_client_id,
-            data: 'client_id',
-            defaultContent: ''
-          },
-          {
-            title: lang.oauth2_client_secret,
-            data: 'client_secret',
-            defaultContent: ''
-          },
-          {
-            title: lang.oauth2_redirect_uri,
-            data: 'redirect_uri',
-            defaultContent: ''
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ]
-    });
-  }
-  function draw_admins() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#adminstable') ) {
-      $('#adminstable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#adminstable').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/admin/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'adminstable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: lang.username,
-            data: 'username',
-            defaultContent: ''
-          },
-          {
-            title: "TFA",
-            data: 'tfa_active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            defaultContent: '',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right'
-          },
-      ]
-    });
-  }
-  function draw_fwd_hosts() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#forwardinghoststable') ) {
-      $('#forwardinghoststable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#forwardinghoststable').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/fwdhost/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'forwardinghoststable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: lang.host,
-            data: 'host',
-            defaultContent: ''
-          },
-          {
-            title: lang.source,
-            data: 'source',
-            defaultContent: ''
-          },
-          {
-            title: lang.spamfilter,
-            data: 'keep_spam',
-            defaultContent: '',
-            render: function(data, type){
-              return 'yes'==data?'<i class="bi bi-x-lg"></i>':'no'==data&&'<i class="bi bi-check-lg"></i>';
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ]
-    });
-  }
-  function draw_relayhosts() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#relayhoststable') ) {
-      $('#relayhoststable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#relayhoststable').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/relayhost/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'relayhoststable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            defaultContent: ''
-          },
-          {
-            title: lang.host,
-            data: 'hostname',
-            defaultContent: ''
-          },
-          {
-            title: lang.username,
-            data: 'username',
-            defaultContent: ''
-          },
-          {
-            title: lang.in_use_by,
-            data: 'in_use_by',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ]
-    });
-  }
-  function draw_transport_maps() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#transportstable') ) {
-      $('#transportstable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#transportstable').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/transport/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'transportstable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            defaultContent: ''
-          },
-          {
-            title: lang.destination,
-            data: 'destination',
-            defaultContent: ''
-          },
-          {
-            title: lang.nexthop,
-            data: 'nexthop',
-            defaultContent: ''
-          },
-          {
-            title: lang.username,
-            data: 'username',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ]
-    });
-  }
-
-  function process_table_data(data, table) {
-    if (table == 'relayhoststable') {
-      $.each(data, function (i, item) {
-        item.action = '<div class="btn-group">' +
-          '<a href="#" data-bs-toggle="modal" data-bs-target="#testTransportModal" data-transport-id="' + encodeURI(item.id) + '" data-transport-type="sender-dependent" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-caret-right-fill"></i> Test</a>' +
-          '<a href="/edit/relayhost/' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-          '<a href="#" data-action="delete_selected" data-id="single-rlyhost" data-api-url="delete/relayhost" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '</div>';
-        if (item.used_by_mailboxes == '') { item.in_use_by = item.used_by_domains; }
-        else if (item.used_by_domains == '') { item.in_use_by = item.used_by_mailboxes; }
-        else { item.in_use_by = item.used_by_mailboxes + '<hr style="margin:5px 0px 5px 0px;">' + item.used_by_domains; }
-        item.chkbox = '<input type="checkbox" data-id="rlyhosts" name="multi_select" value="' + item.id + '" />';
-      });
-    } else if (table == 'transportstable') {
-      $.each(data, function (i, item) {
-        if (item.is_mx_based) {
-          item.destination = '<i class="bi bi-info-circle-fill text-info mx-info" data-bs-toggle="tooltip" title="' + lang.is_mx_based + '"></i> <code>' + item.destination + '</code>';
-        }
-        if (item.username) {
-          item.username = '<i style="color:#' + intToRGB(hashCode(item.nexthop)) + ';" class="bi bi-square-fill"></i> ' + item.username;
-        }
-        item.action = '<div class="btn-group">' +
-          '<a href="#" data-bs-toggle="modal" data-bs-target="#testTransportModal" data-transport-id="' + encodeURI(item.id) + '" data-transport-type="transport-map" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-caret-right-fill"></i> Test</a>' +
-          '<a href="/edit/transport/' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-          '<a href="#" data-action="delete_selected" data-id="single-transport" data-api-url="delete/transport" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '</div>';
-        item.chkbox = '<input type="checkbox" data-id="transports" name="multi_select" value="' + item.id + '" />';
-      });
-    } else if (table == 'queuetable') {
-      $.each(data, function (i, item) {
-        item.chkbox = '<input type="checkbox" data-id="mailqitems" name="multi_select" value="' + item.queue_id + '" />';
-        rcpts = $.map(item.recipients, function(i) {
-          return escapeHtml(i);
-        });
-        item.recipients = rcpts.join('<hr style="margin:1px!important">');
-        item.action = '<div class="btn-group">' +
-          '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.queue_show_message + '</a>' +
-          '</div>';
-      });
-    } else if (table == 'forwardinghoststable') {
-      $.each(data, function (i, item) {
-        item.action = '<div class="btn-group">' +
-          '<a href="#" data-action="delete_selected" data-id="single-fwdhost" data-api-url="delete/fwdhost" data-item="' + encodeURI(item.host) + '" class="btn btn-xs btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '</div>';
-        item.chkbox = '<input type="checkbox" data-id="fwdhosts" name="multi_select" value="' + item.host + '" />';
-      });
-    } else if (table == 'oauth2clientstable') {
-      $.each(data, function (i, item) {
-        item.action = '<div class="btn-group">' +
-          '<a href="/edit.php?oauth2client=' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-          '<a href="#" data-action="delete_selected" data-id="single-oauth2-client" data-api-url="delete/oauth2-client" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '</div>';
-        item.scope = "profile";
-        item.grant_types = 'refresh_token password authorization_code';
-        item.chkbox = '<input type="checkbox" data-id="oauth2_clients" name="multi_select" value="' + item.id + '" />';
-      });
-    } else if (table == 'domainadminstable') {
-      $.each(data, function (i, item) {
-        item.selected_domains = escapeHtml(item.selected_domains);
-        item.selected_domains = item.selected_domains.toString().replace(/,/g, "<br>");
-        item.chkbox = '<input type="checkbox" data-id="domain_admins" name="multi_select" value="' + item.username + '" />';
-        item.action = '<div class="btn-group">' +
-          '<a href="/edit/domainadmin/' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-          '<a href="#" data-action="delete_selected" data-id="single-domain-admin" data-api-url="delete/domain-admin" data-item="' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '<a href="/index.php?duallogin=' + encodeURIComponent(item.username) + '" class="btn btn-xs btn-xs-third btn-success"><i class="bi bi-person-fill"></i> Login</a>' +
-          '</div>';
-      });
-    } else if (table == 'adminstable') {
-      $.each(data, function (i, item) {
-        if (admin_username.toLowerCase() == item.username.toLowerCase()) {
-          item.usr = '<i class="bi bi-person-check"></i> ' + item.username;
-        } else {
-          item.usr = item.username;
-        }
-        item.chkbox = '<input type="checkbox" data-id="admins" name="multi_select" value="' + item.username + '" />';
-        item.action = '<div class="btn-group">' +
-          '<a href="/edit/admin/' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-          '<a href="#" data-action="delete_selected" data-id="single-admin" data-api-url="delete/admin" data-item="' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '</div>';
-      });
-    }
-    return data
-  };
-
-  // detect element visibility changes
-  function onVisible(element, callback) {
-    $(document).ready(function() {
-      element_object = document.querySelector(element);
-      if (element_object === null) return;
-
-      new IntersectionObserver((entries, observer) => {
-        entries.forEach(entry => {
-          if(entry.intersectionRatio > 0) {
-            callback(element_object);
-          }
-        });
-      }).observe(element_object);
-    });
-  }
-  // Draw Table if tab is active
-  onVisible("[id^=adminstable]", () => draw_admins());
-  onVisible("[id^=domainadminstable]", () => draw_domain_admins());
-  onVisible("[id^=oauth2clientstable]", () => draw_oauth2_clients());
-  onVisible("[id^=forwardinghoststable]", () => draw_fwd_hosts());
-  onVisible("[id^=relayhoststable]", () => draw_relayhosts());
-  onVisible("[id^=transportstable]", () => draw_transport_maps());
-
-
-  $('body').on('click', 'span.footable-toggle', function () {
-    event.stopPropagation();
-  })
-
-  // API IP check toggle
-  $("#skip_ip_check_ro").click(function( event ) {
-   $("#skip_ip_check_ro").not(this).prop('checked', false);
-    if ($("#skip_ip_check_ro:checked").length > 0) {
-      $('#allow_from_ro').prop('disabled', true);
-    }
-    else {
-      $("#allow_from_ro").removeAttr('disabled');
-    }
-  });
-  $("#skip_ip_check_rw").click(function( event ) {
-   $("#skip_ip_check_rw").not(this).prop('checked', false);
-    if ($("#skip_ip_check_rw:checked").length > 0) {
-      $('#allow_from_rw').prop('disabled', true);
-    }
-    else {
-      $("#allow_from_rw").removeAttr('disabled');
-    }
-  });
-  // Relayhost
-  $('#testRelayhostModal').on('show.bs.modal', function (e) {
-    $('#test_relayhost_result').text("-");
-    button = $(e.relatedTarget)
-    if (button != null) {
-      $('#relayhost_id').val(button.data('relayhost-id'));
-    }
-  })
-  $('#test_relayhost').on('click', function (e) {
-    e.preventDefault();
-    prev = $('#test_relayhost').text();
-    $(this).prop("disabled",true);
-    $(this).html('<i class="bi bi-arrow-repeat icon-spin"></i> ');
-    $.ajax({
-        type: 'GET',
-        url: 'inc/ajax/relay_check.php',
-        dataType: 'text',
-        data: $('#test_relayhost_form').serialize(),
-        complete: function (data) {
-          $('#test_relayhost_result').html(data.responseText);
-          $('#test_relayhost').prop("disabled",false);
-          $('#test_relayhost').text(prev);
-        }
-    });
-  })
-  // Transport
-  $('#testTransportModal').on('show.bs.modal', function (e) {
-    $('#test_transport_result').text("-");
-    button = $(e.relatedTarget)
-    if (button != null) {
-      $('#transport_id').val(button.data('transport-id'));
-      $('#transport_type').val(button.data('transport-type'));
-    }
-  })
-  $('#test_transport').on('click', function (e) {
-    e.preventDefault();
-    prev = $('#test_transport').text();
-    $(this).prop("disabled",true);
-    $(this).html('<div class="spinner-border" role="status"><span class="visually-hidden">Loading...</span></div> ');
-    $.ajax({
-        type: 'GET',
-        url: 'inc/ajax/transport_check.php',
-        dataType: 'text',
-        data: $('#test_transport_form').serialize(),
-        complete: function (data) {
-          $('#test_transport_result').html(data.responseText);
-          $('#test_transport').prop("disabled",false);
-          $('#test_transport').text(prev);
-        }
-    });
-  })
-  // DKIM private key modal
-  $('#showDKIMprivKey').on('show.bs.modal', function (e) {
-    $('#priv_key_pre').text("-");
-    p_related = $(e.relatedTarget)
-    if (p_related != null) {
-      var decoded_key = Base64.decode((p_related.data('priv-key')));
-      $('#priv_key_pre').text(decoded_key);
-    }
-  })
-  // FIDO2 friendly name modal
-  $('#fido2ChangeFn').on('show.bs.modal', function (e) {
-    rename_link = $(e.relatedTarget)
-    if (rename_link != null) {
-      $('#fido2_cid').val(rename_link.data('cid'));
-      $('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
-    }
-  })
-  // App links
-  function add_table_row(table_id, type) {
-    var row = $('<tr />');
-    if (type == "app_link") {
-      cols = '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="app" required></td>';
-      cols += '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="href" required></td>';
-      cols += '<td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">' + lang.remove_row + '</a></td>';
-    } else if (type == "f2b_regex") {
-      cols = '<td><input style="text-align:center" class="input-sm input-xs-lg form-control" data-id="f2b_regex" type="text" value="+" disabled></td>';
-      cols += '<td><input class="input-sm input-xs-lg form-control regex-input" data-id="f2b_regex" type="text" name="regex" required></td>';
-      cols += '<td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">' + lang.remove_row + '</a></td>';
-    }
-    row.append(cols);
-    table_id.append(row);
-  }
-  $('#app_link_table').on('click', 'tr a', function (e) {
-    e.preventDefault();
-    $(this).parents('tr').remove();
-  });
-  $('#f2b_regex_table').on('click', 'tr a', function (e) {
-    e.preventDefault();
-    $(this).parents('tr').remove();
-  });
-  $('#add_app_link_row').click(function() {
-      add_table_row($('#app_link_table'), "app_link");
-  });
-  $('#add_f2b_regex_row').click(function() {
-      add_table_row($('#f2b_regex_table'), "f2b_regex");
-  });
-});
+// Base64 functions
+var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
+jQuery(function($){
+  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
+  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
+  function jq(myid) {return "#" + myid.replace( /(:|\.|\[|\]|,|=|@)/g, "\\$1" );}
+  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
+  function validateRegex(e){var t=e.split("/"),n=e,r="";t.length>1&&(n=t[1],r=t[2]);try{return new RegExp(n,r),!0}catch(e){return!1}}
+  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
+  function hashCode(t){for(var n=0,r=0;r<t.length;r++)n=t.charCodeAt(r)+((n<<5)-n);return n}
+  function intToRGB(t){var n=(16777215&t).toString(16).toUpperCase();return"00000".substring(0,6-n.length)+n}
+  $("#dkim_missing_keys").on('click', function(e) {
+    e.preventDefault();
+     var domains = [];
+     $('.dkim_missing').each(function() {
+       domains.push($(this).val());
+     });
+     $('#dkim_add_domains').val(domains);
+  });
+  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
+  $("#mass_exclude").change(function(){ $("#mass_include").selectpicker('deselectAll'); });
+  $("#mass_include").change(function(){ $("#mass_exclude").selectpicker('deselectAll'); });
+  $("#mass_disarm").click(function() { $("#mass_send").attr("disabled", !this.checked); });
+  $(".admin-ays-dialog").click(function() { return confirm(lang.ays); });
+  $(".validate_rspamd_regex").click(function( event ) {
+    event.preventDefault();
+    var regex_map_id = $(this).data('regex-map');
+    var regex_data = $(jq(regex_map_id)).val().split(/\r?\n/);
+    var regex_valid = true;
+    for(var i = 0;i < regex_data.length;i++){
+      if(regex_data[i].startsWith('#') || !regex_data[i]){
+        continue;
+      }
+      if(!validateRegex(regex_data[i])) {
+        mailcow_alert_box('Cannot build regex from line ' + (i+1), 'danger');
+        var regex_valid = false;
+        break;
+      }
+      if(!regex_data[i].startsWith('/') || !/\/[ims]?$/.test(regex_data[i])){
+        mailcow_alert_box('Line ' + (i+1) + ' is invalid', 'danger');
+        var regex_valid = false;
+        break;
+      }
+    }
+    if (regex_valid) {
+      mailcow_alert_box('Regex OK', 'success');
+      $('button[data-id="' + regex_map_id + '"]').attr({"disabled": false});
+    }
+  });
+  $('.textarea-code').on('keyup', function() {
+    $('.submit_rspamd_regex').attr({"disabled": true});
+  });
+  $("#show_rspamd_global_filters").click(function() {
+    $.get("inc/ajax/show_rspamd_global_filters.php");
+    $("#confirm_show_rspamd_global_filters").hide();
+    $("#rspamd_global_filters").removeClass("d-none");
+  });
+  $("#super_delete").click(function() { return confirm(lang.queue_ays); });
+
+  $(".refresh_table").on('click', function(e) {
+    e.preventDefault();
+    var table_name = $(this).data('table');
+    $('#' + table_name).DataTable().ajax.reload();
+  });
+  function draw_domain_admins() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#domainadminstable') ) {
+      $('#domainadminstable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#domainadminstable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/domain-admin/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'domainadminstable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: lang.username,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: lang.admin_domains,
+          data: 'selected_domains',
+          defaultContent: '',
+        },
+        {
+          title: "TFA",
+          data: 'tfa_active',
+          defaultContent: '',
+            render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        },
+      ],
+      initComplete: function(settings, json){
+      }
+    });
+  }
+  function draw_oauth2_clients() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#oauth2clientstable') ) {
+      $('#oauth2clientstable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#oauth2clientstable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/oauth2-client/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'oauth2clientstable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: ''
+        },
+        {
+          title: lang.oauth2_client_id,
+          data: 'client_id',
+          defaultContent: ''
+        },
+        {
+          title: lang.oauth2_client_secret,
+          data: 'client_secret',
+          defaultContent: ''
+        },
+        {
+          title: lang.oauth2_redirect_uri,
+          data: 'redirect_uri',
+          defaultContent: ''
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        },
+      ]
+    });
+  }
+  function draw_admins() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#adminstable') ) {
+      $('#adminstable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#adminstable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/admin/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'adminstable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: lang.username,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: "TFA",
+          data: 'tfa_active',
+          defaultContent: '',
+          render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          defaultContent: '',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right'
+        },
+      ]
+    });
+  }
+  function draw_fwd_hosts() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#forwardinghoststable') ) {
+      $('#forwardinghoststable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#forwardinghoststable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/fwdhost/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'forwardinghoststable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: lang.host,
+          data: 'host',
+          defaultContent: ''
+        },
+        {
+          title: lang.source,
+          data: 'source',
+          defaultContent: ''
+        },
+        {
+          title: lang.spamfilter,
+          data: 'keep_spam',
+          defaultContent: '',
+          render: function(data, type){
+            return 'yes'==data?'<i class="bi bi-x-lg"></i>':'no'==data&&'<i class="bi bi-check-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        },
+      ]
+    });
+  }
+  function draw_relayhosts() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#relayhoststable') ) {
+      $('#relayhoststable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#relayhoststable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/relayhost/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'relayhoststable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: ''
+        },
+        {
+          title: lang.host,
+          data: 'hostname',
+          defaultContent: ''
+        },
+        {
+          title: lang.username,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: lang.in_use_by,
+          data: 'in_use_by',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        },
+      ]
+    });
+  }
+  function draw_transport_maps() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#transportstable') ) {
+      $('#transportstable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#transportstable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/transport/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'transportstable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: ''
+        },
+        {
+          title: lang.destination,
+          data: 'destination',
+          defaultContent: ''
+        },
+        {
+          title: lang.nexthop,
+          data: 'nexthop',
+          defaultContent: ''
+        },
+        {
+          title: lang.username,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        },
+      ]
+    });
+  }
+
+  function process_table_data(data, table) {
+    if (table == 'relayhoststable') {
+      $.each(data, function (i, item) {
+        item.action = '<div class="btn-group">' +
+          '<a href="#" data-bs-toggle="modal" data-bs-target="#testTransportModal" data-transport-id="' + encodeURI(item.id) + '" data-transport-type="sender-dependent" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-caret-right-fill"></i> Test</a>' +
+          '<a href="/edit/relayhost/' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+          '<a href="#" data-action="delete_selected" data-id="single-rlyhost" data-api-url="delete/relayhost" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '</div>';
+        if (item.used_by_mailboxes == '') { item.in_use_by = item.used_by_domains; }
+        else if (item.used_by_domains == '') { item.in_use_by = item.used_by_mailboxes; }
+        else { item.in_use_by = item.used_by_mailboxes + '<hr style="margin:5px 0px 5px 0px;">' + item.used_by_domains; }
+        item.chkbox = '<input type="checkbox" data-id="rlyhosts" name="multi_select" value="' + item.id + '" />';
+      });
+    } else if (table == 'transportstable') {
+      $.each(data, function (i, item) {
+        if (item.is_mx_based) {
+          item.destination = '<i class="bi bi-info-circle-fill text-info mx-info" data-bs-toggle="tooltip" title="' + lang.is_mx_based + '"></i> <code>' + item.destination + '</code>';
+        }
+        if (item.username) {
+          item.username = '<i style="color:#' + intToRGB(hashCode(item.nexthop)) + ';" class="bi bi-square-fill"></i> ' + item.username;
+        }
+        item.action = '<div class="btn-group">' +
+          '<a href="#" data-bs-toggle="modal" data-bs-target="#testTransportModal" data-transport-id="' + encodeURI(item.id) + '" data-transport-type="transport-map" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-caret-right-fill"></i> Test</a>' +
+          '<a href="/edit/transport/' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+          '<a href="#" data-action="delete_selected" data-id="single-transport" data-api-url="delete/transport" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '</div>';
+        item.chkbox = '<input type="checkbox" data-id="transports" name="multi_select" value="' + item.id + '" />';
+      });
+    } else if (table == 'queuetable') {
+      $.each(data, function (i, item) {
+        item.chkbox = '<input type="checkbox" data-id="mailqitems" name="multi_select" value="' + item.queue_id + '" />';
+        rcpts = $.map(item.recipients, function(i) {
+          return escapeHtml(i);
+        });
+        item.recipients = rcpts.join('<hr style="margin:1px!important">');
+        item.action = '<div class="btn-group">' +
+          '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.queue_show_message + '</a>' +
+          '</div>';
+      });
+    } else if (table == 'forwardinghoststable') {
+      $.each(data, function (i, item) {
+        item.action = '<div class="btn-group">' +
+          '<a href="#" data-action="delete_selected" data-id="single-fwdhost" data-api-url="delete/fwdhost" data-item="' + encodeURI(item.host) + '" class="btn btn-xs btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '</div>';
+        item.chkbox = '<input type="checkbox" data-id="fwdhosts" name="multi_select" value="' + item.host + '" />';
+      });
+    } else if (table == 'oauth2clientstable') {
+      $.each(data, function (i, item) {
+        item.action = '<div class="btn-group">' +
+          '<a href="/edit.php?oauth2client=' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+          '<a href="#" data-action="delete_selected" data-id="single-oauth2-client" data-api-url="delete/oauth2-client" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '</div>';
+        item.scope = "profile";
+        item.grant_types = 'refresh_token password authorization_code';
+        item.chkbox = '<input type="checkbox" data-id="oauth2_clients" name="multi_select" value="' + item.id + '" />';
+      });
+    } else if (table == 'domainadminstable') {
+      $.each(data, function (i, item) {
+        item.selected_domains = escapeHtml(item.selected_domains);
+        item.selected_domains = item.selected_domains.toString().replace(/,/g, "<br>");
+        item.chkbox = '<input type="checkbox" data-id="domain_admins" name="multi_select" value="' + item.username + '" />';
+        item.action = '<div class="btn-group">' +
+          '<a href="/edit/domainadmin/' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+          '<a href="#" data-action="delete_selected" data-id="single-domain-admin" data-api-url="delete/domain-admin" data-item="' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '<a href="/index.php?duallogin=' + encodeURIComponent(item.username) + '" class="btn btn-xs btn-xs-third btn-success"><i class="bi bi-person-fill"></i> Login</a>' +
+          '</div>';
+      });
+    } else if (table == 'adminstable') {
+      $.each(data, function (i, item) {
+        if (admin_username.toLowerCase() == item.username.toLowerCase()) {
+          item.usr = '<i class="bi bi-person-check"></i> ' + item.username;
+        } else {
+          item.usr = item.username;
+        }
+        item.chkbox = '<input type="checkbox" data-id="admins" name="multi_select" value="' + item.username + '" />';
+        item.action = '<div class="btn-group">' +
+          '<a href="/edit/admin/' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+          '<a href="#" data-action="delete_selected" data-id="single-admin" data-api-url="delete/admin" data-item="' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '</div>';
+      });
+    }
+    return data
+  };
+
+  // detect element visibility changes
+  function onVisible(element, callback) {
+    $(document).ready(function() {
+      element_object = document.querySelector(element);
+      if (element_object === null) return;
+
+      new IntersectionObserver((entries, observer) => {
+        entries.forEach(entry => {
+          if(entry.intersectionRatio > 0) {
+            callback(element_object);
+          }
+        });
+      }).observe(element_object);
+    });
+  }
+  // Draw Table if tab is active
+  onVisible("[id^=adminstable]", () => draw_admins());
+  onVisible("[id^=domainadminstable]", () => draw_domain_admins());
+  onVisible("[id^=oauth2clientstable]", () => draw_oauth2_clients());
+  onVisible("[id^=forwardinghoststable]", () => draw_fwd_hosts());
+  onVisible("[id^=relayhoststable]", () => draw_relayhosts());
+  onVisible("[id^=transportstable]", () => draw_transport_maps());
+
+
+  $('body').on('click', 'span.footable-toggle', function () {
+    event.stopPropagation();
+  })
+
+  // API IP check toggle
+  $("#skip_ip_check_ro").click(function( event ) {
+   $("#skip_ip_check_ro").not(this).prop('checked', false);
+    if ($("#skip_ip_check_ro:checked").length > 0) {
+      $('#allow_from_ro').prop('disabled', true);
+    }
+    else {
+      $("#allow_from_ro").removeAttr('disabled');
+    }
+  });
+  $("#skip_ip_check_rw").click(function( event ) {
+   $("#skip_ip_check_rw").not(this).prop('checked', false);
+    if ($("#skip_ip_check_rw:checked").length > 0) {
+      $('#allow_from_rw').prop('disabled', true);
+    }
+    else {
+      $("#allow_from_rw").removeAttr('disabled');
+    }
+  });
+  // Relayhost
+  $('#testRelayhostModal').on('show.bs.modal', function (e) {
+    $('#test_relayhost_result').text("-");
+    button = $(e.relatedTarget)
+    if (button != null) {
+      $('#relayhost_id').val(button.data('relayhost-id'));
+    }
+  })
+  $('#test_relayhost').on('click', function (e) {
+    e.preventDefault();
+    prev = $('#test_relayhost').text();
+    $(this).prop("disabled",true);
+    $(this).html('<i class="bi bi-arrow-repeat icon-spin"></i> ');
+    $.ajax({
+      type: 'GET',
+      url: 'inc/ajax/relay_check.php',
+      dataType: 'text',
+      data: $('#test_relayhost_form').serialize(),
+      complete: function (data) {
+        $('#test_relayhost_result').html(data.responseText);
+        $('#test_relayhost').prop("disabled",false);
+        $('#test_relayhost').text(prev);
+      }
+    });
+  })
+  // Transport
+  $('#testTransportModal').on('show.bs.modal', function (e) {
+    $('#test_transport_result').text("-");
+    button = $(e.relatedTarget)
+    if (button != null) {
+      $('#transport_id').val(button.data('transport-id'));
+      $('#transport_type').val(button.data('transport-type'));
+    }
+  })
+  $('#test_transport').on('click', function (e) {
+    e.preventDefault();
+    prev = $('#test_transport').text();
+    $(this).prop("disabled",true);
+    $(this).html('<div class="spinner-border" role="status"><span class="visually-hidden">Loading...</span></div> ');
+    $.ajax({
+      type: 'GET',
+      url: 'inc/ajax/transport_check.php',
+      dataType: 'text',
+      data: $('#test_transport_form').serialize(),
+      complete: function (data) {
+        $('#test_transport_result').html(data.responseText);
+        $('#test_transport').prop("disabled",false);
+        $('#test_transport').text(prev);
+      }
+    });
+  })
+  // DKIM private key modal
+  $('#showDKIMprivKey').on('show.bs.modal', function (e) {
+    $('#priv_key_pre').text("-");
+    p_related = $(e.relatedTarget)
+    if (p_related != null) {
+      var decoded_key = Base64.decode((p_related.data('priv-key')));
+      $('#priv_key_pre').text(decoded_key);
+    }
+  })
+  // FIDO2 friendly name modal
+  $('#fido2ChangeFn').on('show.bs.modal', function (e) {
+    rename_link = $(e.relatedTarget)
+    if (rename_link != null) {
+      $('#fido2_cid').val(rename_link.data('cid'));
+      $('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
+    }
+  })
+  // App links
+  function add_table_row(table_id, type) {
+    var row = $('<tr />');
+    if (type == "app_link") {
+      cols = '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="app" required></td>';
+      cols += '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="href" required></td>';
+      cols += '<td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">' + lang.remove_row + '</a></td>';
+    } else if (type == "f2b_regex") {
+      cols = '<td><input style="text-align:center" class="input-sm input-xs-lg form-control" data-id="f2b_regex" type="text" value="+" disabled></td>';
+      cols += '<td><input class="input-sm input-xs-lg form-control regex-input" data-id="f2b_regex" type="text" name="regex" required></td>';
+      cols += '<td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">' + lang.remove_row + '</a></td>';
+    }
+    row.append(cols);
+    table_id.append(row);
+  }
+  $('#app_link_table').on('click', 'tr a', function (e) {
+    e.preventDefault();
+    $(this).parents('tr').remove();
+  });
+  $('#f2b_regex_table').on('click', 'tr a', function (e) {
+    e.preventDefault();
+    $(this).parents('tr').remove();
+  });
+  $('#add_app_link_row').click(function() {
+    add_table_row($('#app_link_table'), "app_link");
+  });
+  $('#add_f2b_regex_row').click(function() {
+    add_table_row($('#f2b_regex_table'), "f2b_regex");
+  });
+});
diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index a7b06e5a..e0b9a5ab 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -34,7 +34,7 @@ $(document).ready(function() {
   });
 
   // set update loop container list
-  containersToUpdate = {}
+  containersToUpdate = {};
   // set default ChartJs Font Color
   Chart.defaults.color = '#999';
   // create host cpu and mem charts
@@ -44,14 +44,13 @@ $(document).ready(function() {
     check_update(mailcow_info.version_tag, mailcow_info.project_url);
   }
   $("#maiclow_version").click(function(){
-    if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin" ||
-       mailcow_info.branch !== "master")
+    if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin" || mailcow_info.branch !== "master")
       return;
 
     showVersionModal("Version " + mailcow_info.version_tag, mailcow_info.version_tag);
   })
   // get public ips
-  $("#host_show_ip").click(function(){  
+  $("#host_show_ip").click(function(){
     $("#host_show_ip").find(".text").addClass("d-none");
     $("#host_show_ip").find(".spinner-border").removeClass("d-none");
 
@@ -76,7 +75,7 @@ $(document).ready(function() {
       $("#host_ipv6").addClass("d-block");
     }).catch(function(error){
       console.log(error);
-      
+
       $("#host_ipv6").removeClass("d-none");
       $("#host_ipv6").addClass("d-block");
       $("#host_ipv6").addClass("text-danger");
@@ -119,10 +118,11 @@ jQuery(function($){
     }
 
     var table = $('#autodiscover_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -188,10 +188,11 @@ jQuery(function($){
     }
 
     var table = $('#postfix_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -242,10 +243,11 @@ jQuery(function($){
     }
 
     var table = $('#watchdog_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -300,10 +302,11 @@ jQuery(function($){
     }
 
     var table =  $('#api_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -352,7 +355,7 @@ jQuery(function($){
         }
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-api-logs', '#api_log');
     });
@@ -365,10 +368,11 @@ jQuery(function($){
     }
 
     var table = $('#rl_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -455,7 +459,7 @@ jQuery(function($){
         }
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-rl-logs', '#rl_log');
     });
@@ -468,10 +472,11 @@ jQuery(function($){
     }
 
     var table = $('#ui_logs').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -538,7 +543,7 @@ jQuery(function($){
         }
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-ui-logs', '#ui_log');
     });
@@ -551,10 +556,11 @@ jQuery(function($){
     }
 
     var table = $('#sasl_logs').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -598,7 +604,7 @@ jQuery(function($){
         }
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-sasl-logs', '#sasl_logs');
     });
@@ -611,10 +617,11 @@ jQuery(function($){
     }
 
     var table = $('#acme_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -647,7 +654,7 @@ jQuery(function($){
         }
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-acme-logs', '#acme_log');
     });
@@ -660,10 +667,11 @@ jQuery(function($){
     }
 
     var table = $('#netfilter_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -701,7 +709,7 @@ jQuery(function($){
         }
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-netfilter-logs', '#netfilter_log');
     });
@@ -714,10 +722,11 @@ jQuery(function($){
     }
 
     var table = $('#sogo_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -755,7 +764,7 @@ jQuery(function($){
         }
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-sogo-logs', '#sogo_log');
     });
@@ -768,10 +777,11 @@ jQuery(function($){
     }
 
     var table = $('#dovecot_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -883,10 +893,11 @@ jQuery(function($){
     }
 
     var table = $('#rspamd_history').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -983,7 +994,7 @@ jQuery(function($){
         }
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-rspamd-history', '#rspamd_history');
     });
@@ -998,31 +1009,31 @@ jQuery(function($){
         item.rcpt = escapeHtml(item.rcpt_smtp.join(", "));
       }
       item.symbols = Object.keys(item.symbols).sort(function (a, b) {
-        if (item.symbols[a].score === 0) return 1
-        if (item.symbols[b].score === 0) return -1
+        if (item.symbols[a].score === 0) return 1;
+        if (item.symbols[b].score === 0) return -1;
         if (item.symbols[b].score < 0 && item.symbols[a].score < 0) {
-          return item.symbols[a].score - item.symbols[b].score
+          return item.symbols[a].score - item.symbols[b].score;
         }
         if (item.symbols[b].score > 0 && item.symbols[a].score > 0) {
-          return item.symbols[b].score - item.symbols[a].score
+          return item.symbols[b].score - item.symbols[a].score;
         }
-        return item.symbols[b].score - item.symbols[a].score
+        return item.symbols[b].score - item.symbols[a].score;
       }).map(function(key) {
         var sym = item.symbols[key];
         if (sym.score < 0) {
-          sym.score_formatted = '(<span class="text-success"><b>' + sym.score + '</b></span>)'
+          sym.score_formatted = '(<span class="text-success"><b>' + sym.score + '</b></span>)';
         }
         else if (sym.score === 0) {
-          sym.score_formatted = '(<span><b>' + sym.score + '</b></span>)'
+          sym.score_formatted = '(<span><b>' + sym.score + '</b></span>)';
         }
         else {
-          sym.score_formatted = '(<span class="text-danger"><b>' + sym.score + '</b></span>)'
+          sym.score_formatted = '(<span class="text-danger"><b>' + sym.score + '</b></span>)';
         }
         var str = '<strong>' + key + '</strong> ' + sym.score_formatted;
         if (sym.options) {
           str += ' [' + escapeHtml(sym.options.join(", ")) + "]";
         }
-        return str
+        return str;
       }).join('<br>\n');
       item.subject = escapeHtml(item.subject);
       var scan_time = item.time_real.toFixed(3);
@@ -1155,14 +1166,14 @@ jQuery(function($){
         }
       });
     }
-    return data
+    return data;
   };
   $('.add_log_lines').on('click', function (e) {
     e.preventDefault();
-    var log_table= $(this).data("table")
-    var new_nrows = $(this).data("nrows")
-    var post_process = $(this).data("post-process")
-    var log_url = $(this).data("log-url")
+    var log_table= $(this).data("table");
+    var new_nrows = $(this).data("nrows");
+    var post_process = $(this).data("post-process");
+    var log_url = $(this).data("log-url");
     if (log_table === undefined || new_nrows === undefined || post_process === undefined || log_url === undefined) {
       console.log("no data-table or data-nrows or log_url or data-post-process attr found");
       return;
@@ -1184,9 +1195,9 @@ jQuery(function($){
   })
   function hideTableExpandCollapseBtn(tab, table){
     if ($(table).hasClass('collapsed'))
-      $(tab).find(".table_collapse_option").show(); 
+      $(tab).find(".table_collapse_option").show();
     else
-      $(tab).find(".table_collapse_option").hide(); 
+      $(tab).find(".table_collapse_option").hide();
   }
 
   // detect element visibility changes
@@ -1220,7 +1231,6 @@ jQuery(function($){
   onVisible("[id^=rspamd_donut]", () => rspamd_pie_graph());
 
 
-
   // start polling host stats if tab is active
   onVisible("[id^=tab-containers]", () => update_stats());
   // start polling container stats if collapse is active
@@ -1303,9 +1313,9 @@ function update_stats(timeout=5){
       if (mem_chart.data.labels.length > 30) mem_chart.data.labels.shift();
 
       cpu_chart.data.datasets[0].data.push(data.cpu.usage);
-      if (cpu_chart.data.datasets[0].data.length > 30)  cpu_chart.data.datasets[0].data.shift();
+      if (cpu_chart.data.datasets[0].data.length > 30) cpu_chart.data.datasets[0].data.shift();
       mem_chart.data.datasets[0].data.push(data.memory.usage);
-      if (mem_chart.data.datasets[0].data.length > 30)  mem_chart.data.datasets[0].data.shift();
+      if (mem_chart.data.datasets[0].data.length > 30) mem_chart.data.datasets[0].data.shift();
 
       cpu_chart.update();
       mem_chart.update();
@@ -1464,23 +1474,23 @@ function createReadWriteChart(chart_id, read_lable, write_lable){
   };
   var optionsNet = {
     interaction: {
-        mode: 'index'
+      mode: 'index'
     },
     scales: {
       yAxis: {
         min: 0,
         grid: {
-            display: false
+          display: false
         },
         ticks: {
           callback: function(i, index, ticks) {
-             return formatBytes(i);
+            return formatBytes(i);
           }
         }
       },
       xAxis: {
         grid: {
-            display: false
+          display: false
         }
       }
     }
@@ -1528,13 +1538,13 @@ function createHostCpuAndMemChart(){
   };
   var optionsCpu = {
     interaction: {
-        mode: 'index'
+      mode: 'index'
     },
     scales: {
       yAxis: {
         min: 0,
         grid: {
-            display: false
+          display: false
         },
         ticks: {
           callback: function(i, index, ticks) {
@@ -1544,7 +1554,7 @@ function createHostCpuAndMemChart(){
       },
       xAxis: {
         grid: {
-            display: false
+          display: false
         }
       }
     }
@@ -1566,13 +1576,13 @@ function createHostCpuAndMemChart(){
   };
   var optionsMem = {
     interaction: {
-        mode: 'index'
+      mode: 'index'
     },
     scales: {
       yAxis: {
         min: 0,
         grid: {
-            display: false
+          display: false
         },
         ticks: {
           callback: function(i, index, ticks) {
@@ -1582,7 +1592,7 @@ function createHostCpuAndMemChart(){
       },
       xAxis: {
         grid: {
-            display: false
+          display: false
         }
       }
     }
@@ -1678,22 +1688,22 @@ function parseGithubMarkdownLinks(inputText) {
 
   replacePattern1 = /(\b(https?):\/\/[-A-Z0-9+&@#\/%?=~_|!:,.;]*[-A-Z0-9+&@#\/%=~_|])/gim;
   replacedText = inputText.replace(replacePattern1, (matched, index, original, input_string) => {
-      if (matched.includes('github.com')){
-        // return short link if it's github link
-        last_uri_path = matched.split('/');
-        last_uri_path = last_uri_path[last_uri_path.length - 1];
+    if (matched.includes('github.com')){
+      // return short link if it's github link
+      last_uri_path = matched.split('/');
+      last_uri_path = last_uri_path[last_uri_path.length - 1];
 
-        // adjust Full Changelog link to match last git version and new git version, if link is a compare link
-        if (matched.includes('/compare/') && mailcow_info.last_version_tag !== ''){
-          matched = matched.replace(last_uri_path,  mailcow_info.last_version_tag + '...' + mailcow_info.version_tag);
-          last_uri_path = mailcow_info.last_version_tag + '...' + mailcow_info.version_tag;
-        }
+      // adjust Full Changelog link to match last git version and new git version, if link is a compare link
+      if (matched.includes('/compare/') && mailcow_info.last_version_tag !== ''){
+        matched = matched.replace(last_uri_path,  mailcow_info.last_version_tag + '...' + mailcow_info.version_tag);
+        last_uri_path = mailcow_info.last_version_tag + '...' + mailcow_info.version_tag;
+      }
 
-        return '<a href="' + matched + '" target="_blank">' + last_uri_path + '</a><br>';
-      };
+      return '<a href="' + matched + '" target="_blank">' + last_uri_path + '</a><br>';
+    };
 
-      // if it's not a github link, return complete link
-      return '<a href="' + matched + '" target="_blank">' + matched + '</a>';
+    // if it's not a github link, return complete link
+    return '<a href="' + matched + '" target="_blank">' + matched + '</a>';
   });
 
   return replacedText;
diff --git a/data/web/js/site/edit.js b/data/web/js/site/edit.js
index 4c57b35e..4680bdfa 100644
--- a/data/web/js/site/edit.js
+++ b/data/web/js/site/edit.js
@@ -1,220 +1,222 @@
-$(document).ready(function() {
-  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
-  $("#pushover_delete").click(function() { return confirm(lang.delete_ays); });
-  $(".goto_checkbox").click(function( event ) {
-   $("form[data-id='editalias'] .goto_checkbox").not(this).prop('checked', false);
-    if ($("form[data-id='editalias'] .goto_checkbox:checked").length > 0) {
-      $('#textarea_alias_goto').prop('disabled', true);
-    }
-    else {
-      $("#textarea_alias_goto").removeAttr('disabled');
-    }
-  });
-  $("#disable_sender_check").click(function( event ) {
-    if ($("form[data-id='editmailbox'] #disable_sender_check:checked").length > 0) {
-      $('#editSelectSenderACL').prop('disabled', true);
-      $('#editSelectSenderACL').selectpicker('refresh');
-    }
-    else {
-      $('#editSelectSenderACL').prop('disabled', false);
-      $('#editSelectSenderACL').selectpicker('refresh');
-    }
-  });
-  if ($("form[data-id='editalias'] .goto_checkbox:checked").length > 0) {
-    $('#textarea_alias_goto').prop('disabled', true);
-  }
-
-  $("#mailbox-password-warning-close").click(function( event ) {
-    $('#mailbox-passwd-hidden-info').addClass('hidden');
-    $('#mailbox-passwd-form-groups').removeClass('hidden');
-  });
-  // Sender ACL
-  if ($("#editSelectSenderACL option[value='\*']:selected").length > 0){
-    $("#sender_acl_disabled").show();
-  }
-  $('#editSelectSenderACL').change(function() {
-    if ($("#editSelectSenderACL option[value='\*']:selected").length > 0){
-      $("#sender_acl_disabled").show();
-    }
-    else {
-      $("#sender_acl_disabled").hide();
-    }
-  });
-  // Resources
-  if ($("#editSelectMultipleBookings").val() == "custom") {
-    $("#multiple_bookings_custom_div").show();
-    $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
-  }
-  $("#editSelectMultipleBookings").change(function() {
-    $('input[name=multiple_bookings]').val($("#editSelectMultipleBookings").val());
-    if ($('input[name=multiple_bookings]').val() == "custom") {
-      $("#multiple_bookings_custom_div").show();
-    }
-    else {
-      $("#multiple_bookings_custom_div").hide();
-    }
-  });
-  $("#multiple_bookings_custom").bind("change keypress keyup blur", function() {
-    $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
-  });
-
-  // load tags
-  if ($('#tags').length){
-    var tagsEl = $('#tags').parent().find('.tag-values')[0];
-    console.log($(tagsEl).val())
-    var tags = JSON.parse($(tagsEl).val());
-    $(tagsEl).val("");
-    
-    for (var i = 0; i < tags.length; i++)
-      addTag($('#tags'), tags[i]);
-  }
-});
-
-jQuery(function($){
-  // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
-  function validateEmail(email) {
-    var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
-    return re.test(email);
-  }
-  function draw_wl_policy_domain_table() {
-    $('#wl_policy_domain_table').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/policy_wl_domain/' + table_for_domain,
-        dataSrc: function(data){
-          $.each(data, function (i, item) {
-            if (!validateEmail(item.object)) {
-              item.chkbox = '<input type="checkbox" data-id="policy_wl_domain" name="multi_select" value="' + item.prefid + '" />';
-            }
-            else {
-              item.chkbox = '<input type="checkbox" disabled title="' + lang_user.spamfilter_table_domain_policy + '" />';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'prefid',
-            defaultContent: ''
-          },
-          {
-            title: lang_user.spamfilter_table_rule,
-            data: 'value',
-            defaultContent: ''
-          },
-          {
-            title: 'Scope',
-            data: 'object',
-            defaultContent: ''
-          }
-      ]
-    });
-  }
-  function draw_bl_policy_domain_table() {
-    $('#bl_policy_domain_table').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/policy_bl_domain/' + table_for_domain,
-        dataSrc: function(data){
-          $.each(data, function (i, item) {
-            if (!validateEmail(item.object)) {
-              item.chkbox = '<input type="checkbox" data-id="policy_bl_domain" name="multi_select" value="' + item.prefid + '" />';
-            }
-            else {
-              item.chkbox = '<input type="checkbox" disabled tooltip="' + lang_user.spamfilter_table_domain_policy + '" />';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'prefid',
-            defaultContent: ''
-          },
-          {
-            title: lang_user.spamfilter_table_rule,
-            data: 'value',
-            defaultContent: ''
-          },
-          {
-            title: 'Scope',
-            data: 'object',
-            defaultContent: ''
-          }
-      ]
-    });
-  }
-
-  
-  // detect element visibility changes
-  function onVisible(element, callback) {
-    $(document).ready(function() {
-      element_object = document.querySelector(element);
-      if (element_object === null) return;
-
-      new IntersectionObserver((entries, observer) => {
-        entries.forEach(entry => {
-          if(entry.intersectionRatio > 0) {
-            callback(element_object);
-            observer.disconnect();
-          }
-        });
-      }).observe(element_object);
-    });
-  }
-  // Draw Table if tab is active
-  onVisible("[id^=wl_policy_domain_table]", () => draw_wl_policy_domain_table());
-  onVisible("[id^=bl_policy_domain_table]", () => draw_bl_policy_domain_table());
-});
+$(document).ready(function() {
+  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
+  $("#pushover_delete").click(function() { return confirm(lang.delete_ays); });
+  $(".goto_checkbox").click(function( event ) {
+    $("form[data-id='editalias'] .goto_checkbox").not(this).prop('checked', false);
+    if ($("form[data-id='editalias'] .goto_checkbox:checked").length > 0) {
+      $('#textarea_alias_goto').prop('disabled', true);
+    }
+    else {
+      $("#textarea_alias_goto").removeAttr('disabled');
+    }
+  });
+  $("#disable_sender_check").click(function( event ) {
+    if ($("form[data-id='editmailbox'] #disable_sender_check:checked").length > 0) {
+      $('#editSelectSenderACL').prop('disabled', true);
+      $('#editSelectSenderACL').selectpicker('refresh');
+    }
+    else {
+      $('#editSelectSenderACL').prop('disabled', false);
+      $('#editSelectSenderACL').selectpicker('refresh');
+    }
+  });
+  if ($("form[data-id='editalias'] .goto_checkbox:checked").length > 0) {
+    $('#textarea_alias_goto').prop('disabled', true);
+  }
+
+  $("#mailbox-password-warning-close").click(function( event ) {
+    $('#mailbox-passwd-hidden-info').addClass('hidden');
+    $('#mailbox-passwd-form-groups').removeClass('hidden');
+  });
+  // Sender ACL
+  if ($("#editSelectSenderACL option[value='\*']:selected").length > 0){
+    $("#sender_acl_disabled").show();
+  }
+  $('#editSelectSenderACL').change(function() {
+    if ($("#editSelectSenderACL option[value='\*']:selected").length > 0){
+      $("#sender_acl_disabled").show();
+    }
+    else {
+      $("#sender_acl_disabled").hide();
+    }
+  });
+  // Resources
+  if ($("#editSelectMultipleBookings").val() == "custom") {
+    $("#multiple_bookings_custom_div").show();
+    $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
+  }
+  $("#editSelectMultipleBookings").change(function() {
+    $('input[name=multiple_bookings]').val($("#editSelectMultipleBookings").val());
+    if ($('input[name=multiple_bookings]').val() == "custom") {
+      $("#multiple_bookings_custom_div").show();
+    }
+    else {
+      $("#multiple_bookings_custom_div").hide();
+    }
+  });
+  $("#multiple_bookings_custom").bind("change keypress keyup blur", function() {
+    $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
+  });
+
+  // load tags
+  if ($('#tags').length){
+    var tagsEl = $('#tags').parent().find('.tag-values')[0];
+    console.log($(tagsEl).val())
+    var tags = JSON.parse($(tagsEl).val());
+    $(tagsEl).val("");
+
+    for (var i = 0; i < tags.length; i++)
+      addTag($('#tags'), tags[i]);
+  }
+});
+
+jQuery(function($){
+  // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
+  function validateEmail(email) {
+    var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
+    return re.test(email);
+  }
+  function draw_wl_policy_domain_table() {
+    $('#wl_policy_domain_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/policy_wl_domain/' + table_for_domain,
+        dataSrc: function(data){
+          $.each(data, function (i, item) {
+            if (!validateEmail(item.object)) {
+              item.chkbox = '<input type="checkbox" data-id="policy_wl_domain" name="multi_select" value="' + item.prefid + '" />';
+            }
+            else {
+              item.chkbox = '<input type="checkbox" disabled title="' + lang_user.spamfilter_table_domain_policy + '" />';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'prefid',
+          defaultContent: ''
+        },
+        {
+          title: lang_user.spamfilter_table_rule,
+          data: 'value',
+          defaultContent: ''
+        },
+        {
+          title: 'Scope',
+          data: 'object',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+  function draw_bl_policy_domain_table() {
+    $('#bl_policy_domain_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/policy_bl_domain/' + table_for_domain,
+        dataSrc: function(data){
+          $.each(data, function (i, item) {
+            if (!validateEmail(item.object)) {
+              item.chkbox = '<input type="checkbox" data-id="policy_bl_domain" name="multi_select" value="' + item.prefid + '" />';
+            }
+            else {
+              item.chkbox = '<input type="checkbox" disabled tooltip="' + lang_user.spamfilter_table_domain_policy + '" />';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'prefid',
+          defaultContent: ''
+        },
+        {
+          title: lang_user.spamfilter_table_rule,
+          data: 'value',
+          defaultContent: ''
+        },
+        {
+          title: 'Scope',
+          data: 'object',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+
+
+  // detect element visibility changes
+  function onVisible(element, callback) {
+    $(document).ready(function() {
+      element_object = document.querySelector(element);
+      if (element_object === null) return;
+
+      new IntersectionObserver((entries, observer) => {
+        entries.forEach(entry => {
+          if(entry.intersectionRatio > 0) {
+            callback(element_object);
+            observer.disconnect();
+          }
+        });
+      }).observe(element_object);
+    });
+  }
+  // Draw Table if tab is active
+  onVisible("[id^=wl_policy_domain_table]", () => draw_wl_policy_domain_table());
+  onVisible("[id^=bl_policy_domain_table]", () => draw_bl_policy_domain_table());
+});
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index b93b1819..49cce1b2 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -77,7 +77,7 @@ $(document).ready(function() {
         $('.dns-modal-body').html(xhr.responseText);
       }
     });
-  }); 
+  });
   // @Open Domain add modal
   $('#addDomainModal').on('show.bs.modal', function(e) {
     $.ajax({
@@ -85,24 +85,24 @@ $(document).ready(function() {
       data: {},
       dataType: 'json',
       success: async function(data){
-        $('#domain_templates').find('option').remove(); 
+        $('#domain_templates').find('option').remove();
         $('#domain_templates').selectpicker('destroy');
         $('#domain_templates').selectpicker();
         for (var i = 0; i < data.length; i++){
           if (data[i].template === "Default"){
-            $('#domain_templates').prepend($('<option>', { 
-                'value': data[i].id,
-                'text': data[i].template,
-                'data-attributes': JSON.stringify(data[i].attributes),
-                'selected': true
+            $('#domain_templates').prepend($('<option>', {
+              'value': data[i].id,
+              'text': data[i].template,
+              'data-attributes': JSON.stringify(data[i].attributes),
+              'selected': true
             }));
             setDomainTemplateData(data[i].attributes);
           } else {
-            $('#domain_templates').append($('<option>', { 
-                'value': data[i].id,
-                'text': data[i].template,
-                'data-attributes': JSON.stringify(data[i].attributes),
-                'selected': false
+            $('#domain_templates').append($('<option>', {
+              'value': data[i].id,
+              'text': data[i].template,
+              'data-attributes': JSON.stringify(data[i].attributes),
+              'selected': false
             }));
           }
         };
@@ -127,24 +127,24 @@ $(document).ready(function() {
       data: {},
       dataType: 'json',
       success: async function(data){
-        $('#mailbox_templates').find('option').remove(); 
+        $('#mailbox_templates').find('option').remove();
         $('#mailbox_templates').selectpicker('destroy');
         $('#mailbox_templates').selectpicker();
         for (var i = 0; i < data.length; i++){
           if (data[i].template === "Default"){
-            $('#mailbox_templates').prepend($('<option>', { 
-                'value': data[i].id,
-                'text': data[i].template,
-                'data-attributes': JSON.stringify(data[i].attributes),
-                'selected': true
+            $('#mailbox_templates').prepend($('<option>', {
+              'value': data[i].id,
+              'text': data[i].template,
+              'data-attributes': JSON.stringify(data[i].attributes),
+              'selected': true
             }));
             setMailboxTemplateData(data[i].attributes);
           } else {
-            $('#mailbox_templates').append($('<option>', { 
-                value: data[i].id,
-                text : data[i].template,
-                'data-attributes': JSON.stringify(data[i].attributes),
-                'selected': false
+            $('#mailbox_templates').append($('<option>', {
+              value: data[i].id,
+              text : data[i].template,
+              'data-attributes': JSON.stringify(data[i].attributes),
+              'selected': false
             }));
           }
         };
@@ -229,20 +229,20 @@ $(document).ready(function() {
     } else {
       $('#addDomain_gal').prop('checked', false);
     }
-    
+
     if (template.active == 1){
       $('#addDomain_active').prop('checked', true);
     } else {
       $('#addDomain_active').prop('checked', false);
     }
-    
+
     $("#addDomain_rl_value").val(template.rl_value);
     $('#addDomain_rl_frame').selectpicker('val', template.rl_frame);
     $("#dkim_selector").val(template.dkim_selector);
     if (!template.key_size)
       template.key_size = 2048;
     $('#key_size').selectpicker('val', template.key_size.toString());
-    
+
     if (template.backupmx == 1){
       $('#addDomain_relay_domain').prop('checked', true);
     } else {
@@ -259,7 +259,7 @@ $(document).ready(function() {
       $('#addDomain_relay_unknown_only').prop('checked', false);
     }
 
-    
+
     // load tags
     $('#addDomain_tags').val("");
     $($('#addDomain_tags').parent().find(".tag-values")[0]).val("");
@@ -404,7 +404,7 @@ $(document).ready(function() {
     } else {
       $('#sogo_access').prop('checked', false);
     }
-    
+
     // load tags
     $('#addMailbox_tags').val("");
     $($('#addMailbox_tags').parent().find(".tag-values")[0]).val("");
@@ -417,11 +417,11 @@ jQuery(function($){
   // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
   function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
   function unix_time_format(i){return""==i?'<i class="bi bi-x"></i>':new Date(i?1e3*i:0).toLocaleDateString(void 0,{year:"numeric",month:"2-digit",day:"2-digit",hour:"2-digit",minute:"2-digit",second:"2-digit"})}
-  
+
   $(".refresh_table").on('click', function(e) {
     e.preventDefault();
     var table_name = $(this).data('table');
-    
+
     if ($.fn.DataTable.isDataTable('#' + table_name))
       $('#' + table_name).DataTable().ajax.reload();
   });
@@ -433,10 +433,11 @@ jQuery(function($){
     }
 
     var table = $('#domain_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -617,8 +618,8 @@ jQuery(function($){
           defaultContent: ''
         },
       ]
-    });      
-    
+    });
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-domains', '#domain_table');
     });
@@ -631,15 +632,16 @@ jQuery(function($){
     }
 
     var table = $('#templates_domain_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
-      order:[[2, 'desc']],
+      order: [[2, 'desc']],
       initComplete: function(){
         hideTableExpandCollapseBtn('#tab-templates-domains', '#templates_domain_table');
       },
@@ -666,13 +668,13 @@ jQuery(function($){
             }
             item.attributes.rl_value = escapeHtml(item.attributes.rl_value);
 
-            
+
             if (item.template.toLowerCase() == "default"){
               item.action = '<div class="btn-group">' +
               '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
               '</div>';
             }
-            else{
+            else {
               item.action = '<div class="btn-group">' +
               '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
               '<a href="#" data-action="delete_selected" data-id="single-template" data-api-url="delete/domain/template" data-item="' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
@@ -693,138 +695,138 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: "ID",
-            data: 'id',
-            responsivePriority: 2,
-            defaultContent: ''
-          },
-          {
-            title: lang.template,
-            data: 'template',
-            responsivePriority: 3,
-            defaultContent: ''
-          },              
-          {
-            title: lang.max_aliases,
-            data: 'attributes.max_num_aliases_for_domain',
-            defaultContent: '',
-          },             
-          {
-            title: lang.max_mailboxes,
-            data: 'attributes.max_num_mboxes_for_domain',
-            defaultContent: '',
-          },             
-          {
-            title: lang.mailbox_defquota,
-            data: 'attributes.def_quota_for_mbox',
-            defaultContent: '',
-          },               
-          {
-            title: lang.max_quota,
-            data: 'attributes.max_quota_for_mbox',
-            defaultContent: '',
-          },            
-          {
-            title: lang.domain_quota_total,
-            data: 'attributes.max_quota_for_domain',
-            defaultContent: '',
-          },          
-          {
-            title: lang.gal,
-            data: 'attributes.gal',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
-            }
-          },           
-          {
-            title: lang.backup_mx,
-            data: 'attributes.backupmx',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
-            }
-          },           
-          {
-            title: lang.relay_all,
-            data: 'attributes.relay_all_recipients',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
-            }
-          },           
-          {
-            title: lang.relay_unknown,
-            data: 'attributes.relay_unknown_only',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
-            }
-          },           
-          {
-            title: lang.active,
-            data: 'attributes.active',
-            defaultContent: '',
-            responsivePriority: 4,
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
-            }
-          },               
-          {
-            title: 'rl_frame',
-            data: 'attributes.rl_frame',
-            defaultContent: '',
-            class: 'none',
-          },             
-          {
-            title: 'rl_value',
-            data: 'attributes.rl_value',
-            defaultContent: '',
-            class: 'none',
-          },            
-          {
-            title: lang.dkim_domains_selector,
-            data: 'attributes.dkim_selector',
-            defaultContent: '',
-            class: 'none',
-          },            
-          {
-            title: lang.dkim_key_length,
-            data: 'attributes.key_size',
-            defaultContent: '',
-            class: 'none',
-          }, 
-          {
-            title: 'Tags',
-            data: 'attributes.tags',
-            defaultContent: '',
-            className: 'none'
-          },    
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
-            responsivePriority: 6,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: "ID",
+          data: 'id',
+          responsivePriority: 2,
+          defaultContent: ''
+        },
+        {
+          title: lang.template,
+          data: 'template',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.max_aliases,
+          data: 'attributes.max_num_aliases_for_domain',
+          defaultContent: '',
+        },
+        {
+          title: lang.max_mailboxes,
+          data: 'attributes.max_num_mboxes_for_domain',
+          defaultContent: '',
+        },
+        {
+          title: lang.mailbox_defquota,
+          data: 'attributes.def_quota_for_mbox',
+          defaultContent: '',
+        },
+        {
+          title: lang.max_quota,
+          data: 'attributes.max_quota_for_mbox',
+          defaultContent: '',
+        },
+        {
+          title: lang.domain_quota_total,
+          data: 'attributes.max_quota_for_domain',
+          defaultContent: '',
+        },
+        {
+          title: lang.gal,
+          data: 'attributes.gal',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.backup_mx,
+          data: 'attributes.backupmx',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.relay_all,
+          data: 'attributes.relay_all_recipients',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.relay_unknown,
+          data: 'attributes.relay_unknown_only',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.active,
+          data: 'attributes.active',
+          defaultContent: '',
+          responsivePriority: 4,
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: 'rl_frame',
+          data: 'attributes.rl_frame',
+          defaultContent: '',
+          class: 'none',
+        },
+        {
+          title: 'rl_value',
+          data: 'attributes.rl_value',
+          defaultContent: '',
+          class: 'none',
+        },
+        {
+          title: lang.dkim_domains_selector,
+          data: 'attributes.dkim_selector',
+          defaultContent: '',
+          class: 'none',
+        },
+        {
+          title: lang.dkim_key_length,
+          data: 'attributes.key_size',
+          defaultContent: '',
+          class: 'none',
+        },
+        {
+          title: 'Tags',
+          data: 'attributes.tags',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
+          responsivePriority: 6,
+          defaultContent: ''
+        },
       ]
     });
 
@@ -840,10 +842,11 @@ jQuery(function($){
     }
 
     var table = $('#mailbox_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -927,7 +930,7 @@ jQuery(function($){
               '<div class="progress-bar-mailbox progress-bar progress-bar-' + item.percent_class + '" role="progressbar" aria-valuenow="' + item.percent_in_use + '" aria-valuemin="0" aria-valuemax="100" ' +
               'style="min-width:2em;width:' + item.percent_in_use + '%">' + item.percent_in_use + '%' + '</div></div>';
             item.username = escapeHtml(item.username);
-            
+
             if (Array.isArray(item.tags)){
               var tags = '';
               for (var i = 0; i < item.tags.length; i++)
@@ -942,167 +945,167 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: lang.username,
-            data: 'username',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.domain_quota,
-            data: 'quota.value',
-            responsivePriority: 8,
-            defaultContent: '',  
-            orderData: 23
-          },
-          {
-            title: lang.last_mail_login,
-            data: 'last_mail_login',
-            defaultContent: '',
-            responsivePriority: 7,
-            render: function (data, type) {
-              res = data.split("/");
-              return '<div class="badge bg-info mb-2">IMAP @ ' + unix_time_format(Number(res[0])) + '</div><br>' +
-                '<div class="badge bg-info mb-2">POP3 @ ' + unix_time_format(Number(res[1])) + '</div><br>' +
-                '<div class="badge bg-info">SMTP @ ' + unix_time_format(Number(res[2])) + '</div>';
-            }
-          },
-          {
-            title: lang.last_pw_change,
-            data: 'last_pw_change',
-            defaultContent: ''
-          },
-          {
-            title: lang.in_use,
-            data: 'in_use',
-            defaultContent: '',
-            responsivePriority: 9,
-            className: 'dt-data-w100'
-          },
-          {
-            title: lang.fname,
-            data: 'name',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.domain,
-            data: 'domain',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.tls_enforce_in,
-            data: 'tls_enforce_in',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.tls_enforce_out,
-            data: 'tls_enforce_out',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: 'SMTP',
-            data: 'smtp_access',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: 'IMAP',
-            data: 'imap_access',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: 'POP3',
-            data: 'pop3_access',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: 'SIEVE',
-            data: 'sieve_access',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.quarantine_notification,
-            data: 'quarantine_notification',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.quarantine_category,
-            data: 'quarantine_category',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.msg_num,
-            data: 'messages',
-            defaultContent: '',
-            responsivePriority: 5
-          },
-          {
-            title: lang.created_on,
-            data: 'created',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.last_modified,
-            data: 'modified',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: 'Tags',
-            data: 'tags',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            responsivePriority: 4,
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
-            responsivePriority: 6,
-            defaultContent: ''
-          },
-          {
-            title: "",
-            data: 'quota.sortBy',
-            responsivePriority: 8,
-            defaultContent: '',
-            className: "d-none"
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: lang.username,
+          data: 'username',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.domain_quota,
+          data: 'quota.value',
+          responsivePriority: 8,
+          defaultContent: '',
+          orderData: 23
+        },
+        {
+          title: lang.last_mail_login,
+          data: 'last_mail_login',
+          defaultContent: '',
+          responsivePriority: 7,
+          render: function (data, type) {
+            res = data.split("/");
+            return '<div class="badge bg-info mb-2">IMAP @ ' + unix_time_format(Number(res[0])) + '</div><br>' +
+              '<div class="badge bg-info mb-2">POP3 @ ' + unix_time_format(Number(res[1])) + '</div><br>' +
+              '<div class="badge bg-info">SMTP @ ' + unix_time_format(Number(res[2])) + '</div>';
+          }
+        },
+        {
+          title: lang.last_pw_change,
+          data: 'last_pw_change',
+          defaultContent: ''
+        },
+        {
+          title: lang.in_use,
+          data: 'in_use',
+          defaultContent: '',
+          responsivePriority: 9,
+          className: 'dt-data-w100'
+        },
+        {
+          title: lang.fname,
+          data: 'name',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.domain,
+          data: 'domain',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.tls_enforce_in,
+          data: 'tls_enforce_in',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.tls_enforce_out,
+          data: 'tls_enforce_out',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: 'SMTP',
+          data: 'smtp_access',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: 'IMAP',
+          data: 'imap_access',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: 'POP3',
+          data: 'pop3_access',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: 'SIEVE',
+          data: 'sieve_access',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.quarantine_notification,
+          data: 'quarantine_notification',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.quarantine_category,
+          data: 'quarantine_category',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.msg_num,
+          data: 'messages',
+          defaultContent: '',
+          responsivePriority: 5
+        },
+        {
+          title: lang.created_on,
+          data: 'created',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.last_modified,
+          data: 'modified',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: 'Tags',
+          data: 'tags',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          responsivePriority: 4,
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
+          responsivePriority: 6,
+          defaultContent: ''
+        },
+        {
+          title: "",
+          data: 'quota.sortBy',
+          responsivePriority: 8,
+          defaultContent: '',
+          className: "d-none"
+        },
       ]
     });
 
@@ -1118,15 +1121,16 @@ jQuery(function($){
     }
 
     var table = $('#templates_mbox_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
-      order:[[2, 'desc']],
+      order: [[2, 'desc']],
       initComplete: function(){
         hideTableExpandCollapseBtn('#tab-templates-mbox', '#templates_mbox_table');
       },
@@ -1175,17 +1179,17 @@ jQuery(function($){
               item.attributes.quarantine_category = lang.q_all;
             }
 
-            
+
             if (item.template.toLowerCase() == "default"){
-                item.action = '<div class="btn-group">' +
-                  '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-                  '</div>';
+              item.action = '<div class="btn-group">' +
+                '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+                '</div>';
             }
             else {
-                  item.action = '<div class="btn-group">' +
-                  '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-                  '<a href="#" data-action="delete_selected" data-id="single-template" data-api-url="delete/mailbox/template" data-item="' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-                  '</div>';              
+              item.action = '<div class="btn-group">' +
+                '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+                '<a href="#" data-action="delete_selected" data-id="single-template" data-api-url="delete/mailbox/template" data-item="' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+                '</div>';
             }
 
             if (Array.isArray(item.attributes.tags)){
@@ -1230,12 +1234,12 @@ jQuery(function($){
           data: 'template',
           responsivePriority: 3,
           defaultContent: ''
-        },              
+        },
         {
           title: lang.domain_quota,
           data: 'attributes.quota',
           defaultContent: '',
-        },             
+        },
         {
           title: lang.tls_enforce_in,
           data: 'attributes.tls_enforce_in',
@@ -1282,7 +1286,7 @@ jQuery(function($){
           data: 'attributes.quarantine_category',
           defaultContent: '',
           className: 'none'
-        },            
+        },
         {
           title: lang.force_pw_update,
           data: 'attributes.force_pw_update',
@@ -1291,25 +1295,25 @@ jQuery(function($){
           render: function (data, type) {
             return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
           }
-        },            
+        },
         {
           title: "rl_frame",
           data: 'attributes.rl_frame',
           defaultContent: '',
           class: 'none',
-        },           
+        },
         {
           title: 'rl_value',
           data: 'attributes.rl_value',
           defaultContent: '',
           class: 'none',
-        }, 
+        },
         {
           title: 'Tags',
           data: 'attributes.tags',
           defaultContent: '',
           className: 'none'
-        },           
+        },
         {
           title: lang.active,
           data: 'attributes.active',
@@ -1318,7 +1322,7 @@ jQuery(function($){
           render: function (data, type) {
             return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
           }
-        },     
+        },
         {
           title: lang.action,
           data: 'action',
@@ -1328,7 +1332,7 @@ jQuery(function($){
         },
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-templates-mbox', '#templates_mbox_table');
     });
@@ -1341,10 +1345,11 @@ jQuery(function($){
     }
 
     var table = $('#resource_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -1377,65 +1382,65 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: lang.description,
-            data: 'description',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.alias,
-            data: 'name',
-            defaultContent: ''
-          },
-          {
-            title: lang.kind,
-            data: 'kind',
-            defaultContent: ''
-          },
-          {
-            title: lang.domain,
-            data: 'domain',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: lang.multiple_bookings,
-            data: 'multiple_bookings',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            responsivePriority: 5,
-            defaultContent: '',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right'
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: lang.description,
+          data: 'description',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.alias,
+          data: 'name',
+          defaultContent: ''
+        },
+        {
+          title: lang.kind,
+          data: 'kind',
+          defaultContent: ''
+        },
+        {
+          title: lang.domain,
+          data: 'domain',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: lang.multiple_bookings,
+          data: 'multiple_bookings',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          responsivePriority: 5,
+          defaultContent: '',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right'
+        },
       ]
     });
 
@@ -1448,14 +1453,14 @@ jQuery(function($){
       // Domains
       var optgroup = "<optgroup label='" + lang.domains + "'>";
       $.each(data.domains, function(index, domain){
-        optgroup += "<option value='" + domain + "'>" + domain + "</option>"
+        optgroup += "<option value='" + domain + "'>" + domain + "</option>";
       });
-      optgroup += "</optgroup>"
+      optgroup += "</optgroup>";
       $('#bcc-local-dest').append(optgroup);
       // Alias domains
       var optgroup = "<optgroup label='" + lang.domain_aliases + "'>";
       $.each(data.alias_domains, function(index, alias_domain){
-        optgroup += "<option value='" + alias_domain + "'>" + alias_domain + "</option>"
+        optgroup += "<option value='" + alias_domain + "'>" + alias_domain + "</option>";
       });
       optgroup += "</optgroup>"
       $('#bcc-local-dest').append(optgroup);
@@ -1463,9 +1468,9 @@ jQuery(function($){
       $.each(data.mailboxes, function(mailbox, aliases){
         var optgroup = "<optgroup label='" + mailbox + "'>";
         $.each(aliases, function(index, alias){
-          optgroup += "<option value='" + alias + "'>" + alias + "</option>"
+          optgroup += "<option value='" + alias + "'>" + alias + "</option>";
         });
-        optgroup += "</optgroup>"
+        optgroup += "</optgroup>";
         $('#bcc-local-dest').append(optgroup);
       });
       // Finish
@@ -1477,17 +1482,18 @@ jQuery(function($){
       $('#bcc_table').DataTable().columns.adjust().responsive.recalc();
       return;
     }
-    
+
     var table = $('#bcc_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
-      order:[[2, 'desc']],
+      order: [[2, 'desc']],
       initComplete: function(){
         hideTableExpandCollapseBtn('#collapse-tab-bcc', '#bcc_table');
       },
@@ -1514,65 +1520,65 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.bcc_type,
-            data: 'type',
-            defaultContent: ''
-          },
-          {
-            title: lang.bcc_local_dest,
-            data: 'local_dest',
-            defaultContent: ''
-          },
-          {
-            title: lang.bcc_destinations,
-            data: 'bcc_dest',
-            defaultContent: ''
-          },
-          {
-            title: lang.domain,
-            data: 'domain',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.bcc_type,
+          data: 'type',
+          defaultContent: ''
+        },
+        {
+          title: lang.bcc_local_dest,
+          data: 'local_dest',
+          defaultContent: ''
+        },
+        {
+          title: lang.bcc_destinations,
+          data: 'bcc_dest',
+          defaultContent: ''
+        },
+        {
+          title: lang.domain,
+          data: 'domain',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
 
@@ -1588,15 +1594,16 @@ jQuery(function($){
     }
 
     var table = $('#recipient_map_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
-      order:[[2, 'desc']],
+      order: [[2, 'desc']],
       initComplete: function(){
         hideTableExpandCollapseBtn('#collapse-tab-bcc-filters', '#recipient_map_table');
       },
@@ -1605,7 +1612,7 @@ jQuery(function($){
         url: "/api/v1/get/recipient_map/all",
         dataSrc: function(json){
           if (role !== "admin") return null;
-          
+
           $.each(json, function (i, item) {
             item.recipient_map_old = escapeHtml(item.recipient_map_old);
             item.recipient_map_new = escapeHtml(item.recipient_map_new);
@@ -1620,58 +1627,58 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.recipient_map_old,
-            data: 'recipient_map_old',
-            defaultContent: ''
-          },
-          {
-            title: lang.recipient_map_new,
-            data: 'recipient_map_new',
-            defaultContent: '',
-            responsivePriority: 4
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.recipient_map_old,
+          data: 'recipient_map_old',
+          defaultContent: ''
+        },
+        {
+          title: lang.recipient_map_new,
+          data: 'recipient_map_new',
+          defaultContent: '',
+          responsivePriority: 4
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#collapse-tab-bcc-filters', '#recipient_map_table');
     });
@@ -1684,15 +1691,16 @@ jQuery(function($){
     }
 
     var table = $('#tls_policy_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
-      order:[[2, 'desc']],
+      order: [[2, 'desc']],
       initComplete: function(){
         hideTableExpandCollapseBtn('#tab-tls-policy', '#tls_policy_table');
       },
@@ -1701,7 +1709,7 @@ jQuery(function($){
         url: "/api/v1/get/tls-policy-map/all",
         dataSrc: function(json){
           if (role !== "admin") return null;
-          
+
           $.each(json, function (i, item) {
             item.dest = escapeHtml(item.dest);
             item.policy = '<b>' + escapeHtml(item.policy) + '</b>';
@@ -1721,63 +1729,63 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.tls_map_dest,
-            data: 'dest',
-            defaultContent: '',
-            responsivePriority: 4
-          },
-          {
-            title: lang.tls_map_policy,
-            data: 'policy',
-            defaultContent: ''
-          },
-          {
-            title: lang.tls_map_parameters,
-            data: 'parameters',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.tls_map_dest,
+          data: 'dest',
+          defaultContent: '',
+          responsivePriority: 4
+        },
+        {
+          title: lang.tls_map_policy,
+          data: 'policy',
+          defaultContent: ''
+        },
+        {
+          title: lang.tls_map_parameters,
+          data: 'parameters',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-tls-policy', '#tls_policy_table');
     });
@@ -1790,15 +1798,16 @@ jQuery(function($){
     }
 
     var table = $('#alias_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
-      order:[[2, 'desc']],
+      order: [[2, 'desc']],
       initComplete: function(){
         hideTableExpandCollapseBtn('#tab-mbox-aliases', '#alias_table');
       },
@@ -1849,88 +1858,88 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.alias,
-            data: 'address',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: lang.target_address,
-            data: 'goto',
-            defaultContent: ''
-          },
-          {
-            title: lang.domain,
-            data: 'domain',
-            defaultContent: '',
-            responsivePriority: 5,
-          },
-          {
-            title: lang.bcc_destinations,
-            data: 'bcc_dest',
-            defaultContent: ''
-          },
-          {
-            title: lang.sogo_visible,
-            data: 'sogo_visible',
-            defaultContent: '',
-            render: function(data, type){
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.public_comment,
-            data: 'public_comment',
-            defaultContent: ''
-          },
-          {
-            title: lang.private_comment,
-            data: 'private_comment',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            responsivePriority: 6,
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.alias,
+          data: 'address',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: lang.target_address,
+          data: 'goto',
+          defaultContent: ''
+        },
+        {
+          title: lang.domain,
+          data: 'domain',
+          defaultContent: '',
+          responsivePriority: 5,
+        },
+        {
+          title: lang.bcc_destinations,
+          data: 'bcc_dest',
+          defaultContent: ''
+        },
+        {
+          title: lang.sogo_visible,
+          data: 'sogo_visible',
+          defaultContent: '',
+          render: function(data, type){
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.public_comment,
+          data: 'public_comment',
+          defaultContent: ''
+        },
+        {
+          title: lang.private_comment,
+          data: 'private_comment',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          responsivePriority: 6,
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-mbox-aliases', '#alias_table');
     });
@@ -1943,10 +1952,11 @@ jQuery(function($){
     }
 
     var table = $('#aliasdomain_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -1978,50 +1988,50 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: lang.alias,
-            data: 'alias_domain',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.target_domain,
-            data: 'target_domain',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: lang.alias,
+          data: 'alias_domain',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.target_domain,
+          data: 'target_domain',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
 
@@ -2037,15 +2047,16 @@ jQuery(function($){
     }
 
     var table = $('#sync_job_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
-      order:[[2, 'desc']],
+      order: [[2, 'desc']],
       initComplete: function(){
         hideTableExpandCollapseBtn('#tab-syncjobs', '#sync_job_table');
       },
@@ -2082,9 +2093,9 @@ jQuery(function($){
               item.success = '<i class="text-' + (item.success == 1 ? 'success' : 'danger') + ' bi bi-' + (item.success == 1 ? 'check-lg' : 'x-lg') + '"></i>';
             }
             if (lang['syncjob_'+item.exit_status]) {
-	            item.exit_status = lang['syncjob_'+item.exit_status];
+              item.exit_status = lang['syncjob_'+item.exit_status];
             } else if (item.success != '-') {
-	            item.exit_status = lang.syncjob_check_log;
+              item.exit_status = lang.syncjob_check_log;
             }
             item.exit_status = item.success + ' ' + item.exit_status;
           });
@@ -2093,87 +2104,87 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.owner,
-            data: 'user2',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: 'Server',
-            data: 'server_w_port',
-            defaultContent: ''
-          },
-          {
-            title: lang.last_run,
-            data: 'last_run',
-            defaultContent: ''
-          },
-          {
-            title: lang.syncjob_last_run_result,
-            data: 'exit_status',
-            defaultContent: ''
-          },
-          {
-            title: 'Log',
-            data: 'log',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.status,
-            data: 'is_running',
-            defaultContent: ''
-          },
-          {
-            title: lang.excludes,
-            data: 'exclude',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.mins_interval,
-            data: 'mins_interval',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.owner,
+          data: 'user2',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: 'Server',
+          data: 'server_w_port',
+          defaultContent: ''
+        },
+        {
+          title: lang.last_run,
+          data: 'last_run',
+          defaultContent: ''
+        },
+        {
+          title: lang.syncjob_last_run_result,
+          data: 'exit_status',
+          defaultContent: ''
+        },
+        {
+          title: 'Log',
+          data: 'log',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.status,
+          data: 'is_running',
+          defaultContent: ''
+        },
+        {
+          title: lang.excludes,
+          data: 'exclude',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.mins_interval,
+          data: 'mins_interval',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
 
@@ -2189,16 +2200,17 @@ jQuery(function($){
     }
 
     var table = $('#filter_table').DataTable({
-			responsive: true,
+      responsive: true,
       autoWidth: false,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
-      order:[[2, 'desc']],
+      order: [[2, 'desc']],
       initComplete: function(){
         hideTableExpandCollapseBtn('#tab-filters', '#filter_table');
       },
@@ -2226,64 +2238,64 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 2,
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: 'Type',
-            data: 'filter_type',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: lang.owner,
-            data: 'username',
-            defaultContent: ''
-          },
-          {
-            title: lang.description,
-            data: 'script_desc',
-            defaultContent: ''
-          },
-          {
-            title: 'Script',
-            data: 'script_data',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 2,
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: 'Type',
+          data: 'filter_type',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: lang.owner,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: lang.description,
+          data: 'script_desc',
+          defaultContent: ''
+        },
+        {
+          title: 'Script',
+          data: 'script_data',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
 
@@ -2294,11 +2306,11 @@ jQuery(function($){
 
   function hideTableExpandCollapseBtn(tab, table){
     if ($(table).hasClass('collapsed'))
-      $(tab).find(".table_collapse_option").show(); 
+      $(tab).find(".table_collapse_option").show();
     else
-      $(tab).find(".table_collapse_option").hide(); 
+      $(tab).find(".table_collapse_option").hide();
   }
-  
+
   // detect element visibility changes
   function onVisible(element, callback) {
     $(document).ready(function() {
diff --git a/data/web/js/site/qhandler.js b/data/web/js/site/qhandler.js
index 4fcc9634..8a8471f2 100644
--- a/data/web/js/site/qhandler.js
+++ b/data/web/js/site/qhandler.js
@@ -1,71 +1,71 @@
-jQuery(function($){
-  var qitem = $('legend').data('hash');
-  var qError = $("#qid_error");
-  $.ajax({
-    url: '/inc/ajax/qitem_details.php',
-    data: { hash: qitem },
-    dataType: 'json',
-    success: function(data){
-      $('[data-id="qitems_single"]').each(function(index) {
-        $(this).attr("data-item", qitem);
-      });
-      $('#qid_detail_subj').text(data.subject);
-      $('#qid_detail_hfrom').text(data.header_from);
-      $('#qid_detail_efrom').text(data.env_from);
-      $('#qid_detail_score').html('');
-      $('#qid_detail_symbols').html('');
-      $('#qid_detail_recipients').html('');
-      $('#qid_detail_fuzzy').html('');
-      if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) {
-        $.each(data.fuzzy_hashes, function (index, value) {
-          $('#qid_detail_fuzzy').append('<p style="font-family:monospace">' + value + '</p>');
-        });
-      } else {
-        $('#qid_detail_fuzzy').append('-');
-      }
-      if (typeof data.symbols !== 'undefined') {
-        data.symbols.sort(function (a, b) {
-          if (a.score === 0) return 1
-          if (b.score === 0) return -1
-          if (b.score < 0 && a.score < 0) {
-            return a.score - b.score
-          }
-          if (b.score > 0 && a.score > 0) {
-            return b.score - a.score
-          }
-          return b.score - a.score
-        })
-        $.each(data.symbols, function (index, value) {
-          var highlightClass = ''
-          if (value.score > 0) highlightClass = 'negative'
-          else if (value.score < 0) highlightClass = 'positive'
-          else highlightClass = 'neutral'
-          $('#qid_detail_symbols').append('<span data-bs-toggle="tooltip" class="rspamd-symbol ' + highlightClass + '" title="' + (value.options ? value.options.join(', ') : '') + '">' + value.name + ' (<span class="score">' + value.score + '</span>)</span>');
-        });
-        $('[data-bs-toggle="tooltip"]').tooltip()
-      }
-      if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') {
-        if (data.action === "add header") {
-          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.junk_folder + '</span>');
-        } else if (data.action === "reject") {
-          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-danger"><b>' + data.score + '</b> - ' + lang.rejected + '</span>');
-        } else if (data.action === "rewrite subject") {
-          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.rewrite_subject + '</span>');
-        }
-      }
-      if (typeof data.recipients !== 'undefined') {
-        $.each(data.recipients, function(index, value) {
-          var elem = $('<span class="mail-address-item"></span>');
-          elem.text(value.address + ' (' + value.type.toUpperCase() + ')');
-          $('#qid_detail_recipients').append(elem);
-        });
-      }
-    },
-    error: function(data){
-      if (typeof data.error !== 'undefined') {
-        qError.text("Error loading quarantine item");
-        qError.show();
-      }
-    }
-  });
-});
+jQuery(function($){
+  var qitem = $('legend').data('hash');
+  var qError = $("#qid_error");
+  $.ajax({
+    url: '/inc/ajax/qitem_details.php',
+    data: { hash: qitem },
+    dataType: 'json',
+    success: function(data){
+      $('[data-id="qitems_single"]').each(function(index) {
+        $(this).attr("data-item", qitem);
+      });
+      $('#qid_detail_subj').text(data.subject);
+      $('#qid_detail_hfrom').text(data.header_from);
+      $('#qid_detail_efrom').text(data.env_from);
+      $('#qid_detail_score').html('');
+      $('#qid_detail_symbols').html('');
+      $('#qid_detail_recipients').html('');
+      $('#qid_detail_fuzzy').html('');
+      if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) {
+        $.each(data.fuzzy_hashes, function (index, value) {
+          $('#qid_detail_fuzzy').append('<p style="font-family:monospace">' + value + '</p>');
+        });
+      } else {
+        $('#qid_detail_fuzzy').append('-');
+      }
+      if (typeof data.symbols !== 'undefined') {
+        data.symbols.sort(function (a, b) {
+          if (a.score === 0) return 1;
+          if (b.score === 0) return -1;
+          if (b.score < 0 && a.score < 0) {
+            return a.score - b.score;
+          }
+          if (b.score > 0 && a.score > 0) {
+            return b.score - a.score;
+          }
+          return b.score - a.score;
+        })
+        $.each(data.symbols, function (index, value) {
+          var highlightClass = '';
+          if (value.score > 0) highlightClass = 'negative';
+          else if (value.score < 0) highlightClass = 'positive';
+          else highlightClass = 'neutral';
+          $('#qid_detail_symbols').append('<span data-bs-toggle="tooltip" class="rspamd-symbol ' + highlightClass + '" title="' + (value.options ? value.options.join(', ') : '') + '">' + value.name + ' (<span class="score">' + value.score + '</span>)</span>');
+        });
+        $('[data-bs-toggle="tooltip"]').tooltip();
+      }
+      if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') {
+        if (data.action === "add header") {
+          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.junk_folder + '</span>');
+        } else if (data.action === "reject") {
+          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-danger"><b>' + data.score + '</b> - ' + lang.rejected + '</span>');
+        } else if (data.action === "rewrite subject") {
+          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.rewrite_subject + '</span>');
+        }
+      }
+      if (typeof data.recipients !== 'undefined') {
+        $.each(data.recipients, function(index, value) {
+          var elem = $('<span class="mail-address-item"></span>');
+          elem.text(value.address + ' (' + value.type.toUpperCase() + ')');
+          $('#qid_detail_recipients').append(elem);
+        });
+      }
+    },
+    error: function(data){
+      if (typeof data.error !== 'undefined') {
+        qError.text("Error loading quarantine item");
+        qError.show();
+      }
+    }
+  });
+});
diff --git a/data/web/js/site/quarantine.js b/data/web/js/site/quarantine.js
index 7da3a7dd..e69863f7 100644
--- a/data/web/js/site/quarantine.js
+++ b/data/web/js/site/quarantine.js
@@ -1,286 +1,297 @@
-// Base64 functions
-var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
-
-jQuery(function($){
-  acl_data = JSON.parse(acl);
-  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
-  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
-  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
-  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
-  $(".refresh_table").on('click', function(e) {
-    e.preventDefault();
-    var table_name = $(this).data('table');
-    $('#' + table_name).DataTable().ajax.reload();
-  });
-  function draw_quarantine_table() {
-    var table = $('#quarantinetable').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      initComplete: function(){
-        hideTableExpandCollapseBtn('#quarantinetable');
-      },
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/quarantine/all",
-        dataSrc: function(data){
-          $.each(data, function (i, item) {
-            if (item.subject === null) {
-              item.subject = '';
-            } else {
-              item.subject = escapeHtml(item.subject);
-            }
-            if (item.score === null) {
-              item.score = '-';
-            }
-            if (item.virus_flag > 0) {
-              item.virus = '<span class="badge fs-6 bg-danger">' + lang.high_danger + '</span>';
-            } else {
-              item.virus = '<span class="badge fs-6 bg-secondary">' + lang.neutral_danger + '</span>';
-            }
-            if (item.action === "reject") {
-              item.rspamdaction = '<span class="badge fs-6 bg-danger">' + lang.rejected + '</span>';
-            } else if (item.action === "add header") {
-              item.rspamdaction = '<span class="badge fs-6 bg-warning">' + lang.junk_folder + '</span>';
-            } else if (item.action === "rewrite subject") {
-              item.rspamdaction = '<span class="badge fs-6 bg-warning">' + lang.rewrite_subject + '</span>';
-            }
-            if(item.notified > 0) {
-              item.notified = '&#10004;';
-            } else {
-              item.notified = '&#10006;';
-            }
-            if (acl_data.login_as === 1) {
-            item.action = '<div class="btn-group">' +
-              '<a href="#" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-info show_qid_info"><i class="bi bi-box-arrow-up-right"></i> ' + lang.show_item + '</a>' +
-              '<a href="#" data-action="delete_selected" data-id="del-single-qitem" data-api-url="delete/qitem" data-item="' + encodeURI(item.id) + '" class="btn btn-xs  btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-              '</div>';
-            }
-            else {
-            item.action = '<div class="btn-group">' +
-              '<a href="#" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-info show_qid_info"><i class="bi bi-file-earmark-text"></i> ' + lang.show_item + '</a>' +
-              '</div>';
-            }
-            item.chkbox = '<input type="checkbox" data-id="qitems" name="multi_select" value="' + item.id + '" />';
-          });
-
-          return data;
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            defaultContent: ''
-          },
-          {
-            title: lang.qid,
-            data: 'qid',
-            defaultContent: ''
-          },
-          {
-            title: lang.sender,
-            data: 'sender',
-            defaultContent: ''
-          },
-          {
-            title: lang.subj,
-            data: 'subject',
-            defaultContent: ''
-          },
-          {
-            title: lang.rspamd_result,
-            data: 'rspamdaction',
-            defaultContent: ''
-          },
-          {
-            title: lang.rcpt,
-            data: 'rcpt',
-            defaultContent: ''
-          },
-          {
-            title: lang.danger,
-            data: 'virus',
-            defaultContent: ''
-          },
-          {
-            title: lang.spam_score,
-            data: 'score',
-            defaultContent: ''
-          },
-          {
-            title: lang.notified,
-            data: 'notified',
-            defaultContent: ''
-          },
-          {
-            title: lang.received,
-            data: 'created',
-            defaultContent: '',
-            createdCell: function(td, cellData) {    
-              $(td).attr({
-                "data-order": cellData,
-                "data-sort": cellData
-              });
-              
-              var date = new Date(cellData ? cellData * 1000 : 0); 
-              var dateString = date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-              $(td).html(dateString);
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ]
-    });
-
-    table.on('responsive-resize', function (e, datatable, columns){
-      hideTableExpandCollapseBtn('#quarantinetable');
-    });
-  }
-
-  $('body').on('click', '.show_qid_info', function (e) {
-    e.preventDefault();
-    var qitem = $(this).attr('data-item');
-    var qError = $("#qid_error");
-
-    $('#qidDetailModal').modal('show');
-    qError.hide();
-
-    $.ajax({
-      url: '/inc/ajax/qitem_details.php',
-      data: { id: qitem },
-      dataType: 'json',
-      success: function(data){
-
-        $('[data-id="qitems_single"]').each(function(index) {
-          $(this).attr("data-item", qitem);
-        });
-
-        $("#quick_download_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&eml', '_blank')");
-        $("#quick_release_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&quick_release', '_blank')");
-        $("#quick_delete_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&quick_delete', '_blank')");
-
-        $('#qid_detail_subj').text(data.subject);
-        $('#qid_detail_hfrom').text(data.header_from);
-        $('#qid_detail_efrom').text(data.env_from);
-        $('#qid_detail_score').html('');
-        $('#qid_detail_recipients').html('');
-        $('#qid_detail_symbols').html('');
-        $('#qid_detail_fuzzy').html('');
-        if (typeof data.symbols !== 'undefined') {
-          data.symbols.sort(function (a, b) {
-            if (a.score === 0) return 1
-            if (b.score === 0) return -1
-            if (b.score < 0 && a.score < 0) {
-              return a.score - b.score
-            }
-            if (b.score > 0 && a.score > 0) {
-              return b.score - a.score
-            }
-            return b.score - a.score
-          })
-          $.each(data.symbols, function (index, value) {
-            var highlightClass = ''
-            if (value.score > 0) highlightClass = 'negative'
-            else if (value.score < 0) highlightClass = 'positive'
-            else highlightClass = 'neutral'
-            $('#qid_detail_symbols').append('<span data-bs-toggle="tooltip" class="rspamd-symbol ' + highlightClass + '" title="' + (value.options ? value.options.join(', ') : '') + '">' + value.name + ' (<span class="score">' + value.score + '</span>)</span>');
-          });
-          $('[data-bs-toggle="tooltip"]').tooltip()
-        }
-        if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) {
-          $.each(data.fuzzy_hashes, function (index, value) {
-            $('#qid_detail_fuzzy').append('<p style="font-family:monospace">' + value + '</p>');
-          });
-        } else {
-          $('#qid_detail_fuzzy').append('-');
-        }
-        if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') {
-          if (data.action == "add header") {
-            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.junk_folder + '</span>');
-          } else if (data.action == "reject") {
-            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-danger"><b>' + data.score + '</b> - ' + lang.rejected + '</span>');
-          } else if (data.action == "rewrite subject") {
-            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.rewrite_subject + '</span>');
-          }
-        }
-        if (typeof data.recipients !== 'undefined') {
-          $.each(data.recipients, function(index, value) {
-            var elem = $('<span class="mail-address-item"></span>');
-            elem.text(value.address + ' (' + value.type.toUpperCase() + ')');
-            $('#qid_detail_recipients').append(elem);
-          });
-        }
-        $('#qid_detail_text').text(data.text_plain);
-        $('#qid_detail_text_from_html').text(data.text_html);
-        var qAtts = $("#qid_detail_atts");
-        if (typeof data.attachments !== 'undefined') {
-          qAtts.text('');
-          $.each(data.attachments, function(index, value) {
-            qAtts.append(
-              '<p><a href="/inc/ajax/qitem_details.php?id=' + qitem + '&att=' + index + '" target="_blank">' + value[0] + '</a> (' + value[1] + ')' +
-              ' - <small><a href="' + value[3] + '" target="_blank">' + lang.check_hash + '</a></small></p>'
-            );
-          });
-        }
-        else {
-          qAtts.text('-');
-        }
-      },
-      error: function(data){
-        if (typeof data.error !== 'undefined') {
-          $('#qid_detail_subj').text('-');
-          $('#qid_detail_hfrom').text('-');
-          $('#qid_detail_efrom').text('-');
-          $('#qid_detail_score').html('-');
-          $('#qid_detail_recipients').html('-');
-          $('#qid_detail_symbols').html('-');
-          $('#qid_detail_fuzzy').html('-');
-          $('#qid_detail_text').text('-');
-          $('#qid_detail_text_from_html').text('-');
-          qError.text("Error loading quarantine item");
-          qError.show();
-        }
-      }
-    });
-  });
-
-  $('body').on('click', 'span.footable-toggle', function () {
-    event.stopPropagation();
-  })
-
-  // Initial table drawings
-  draw_quarantine_table();
-
-  
-  function hideTableExpandCollapseBtn(table){
-    if ($(table).hasClass('collapsed'))
-      $(".table_collapse_option").show(); 
-    else
-      $(".table_collapse_option").hide(); 
-  }
-});
+// Base64 functions
+var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
+
+jQuery(function($){
+  acl_data = JSON.parse(acl);
+  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
+  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
+  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
+  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
+  $(".refresh_table").on('click', function(e) {
+    e.preventDefault();
+    var table_name = $(this).data('table');
+    $('#' + table_name).DataTable().ajax.reload();
+  });
+  function draw_quarantine_table() {
+    var table = $('#quarantinetable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      order: [[2, 'desc']],
+      lengthMenu: [
+        [10, 25, 50, 100, -1],
+        [10, 25, 50, 100, 'all']
+      ],
+      pagingType: 'first_last_numbers',
+      aColumns: [
+        { sWidth: '8.25%' },
+        { sClass: 'classDataTable' }
+      ],
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#quarantinetable');
+      },
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/quarantine/all",
+        dataSrc: function(data){
+          $.each(data, function (i, item) {
+            if (item.subject === null) {
+              item.subject = '';
+            } else {
+              item.subject = escapeHtml(item.subject);
+            }
+            if (item.score === null) {
+              item.score = '-';
+            }
+            if (item.virus_flag > 0) {
+              item.virus = '<span class="badge fs-6 bg-danger">' + lang.high_danger + '</span>';
+            } else {
+              item.virus = '<span class="badge fs-6 bg-secondary">' + lang.neutral_danger + '</span>';
+            }
+            if (item.action === "reject") {
+              item.rspamdaction = '<span class="badge fs-6 bg-danger">' + lang.rejected + '</span>';
+            } else if (item.action === "add header") {
+              item.rspamdaction = '<span class="badge fs-6 bg-warning">' + lang.junk_folder + '</span>';
+            } else if (item.action === "rewrite subject") {
+              item.rspamdaction = '<span class="badge fs-6 bg-warning">' + lang.rewrite_subject + '</span>';
+            }
+            if(item.notified > 0) {
+              item.notified = '&#10004;';
+            } else {
+              item.notified = '&#10006;';
+            }
+            if (acl_data.login_as === 1) {
+            item.action = '<div class="btn-group">' +
+              '<a href="#" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-info show_qid_info"><i class="bi bi-box-arrow-up-right"></i> ' + lang.show_item + '</a>' +
+              '<a href="#" data-action="delete_selected" data-id="del-single-qitem" data-api-url="delete/qitem" data-item="' + encodeURI(item.id) + '" class="btn btn-xs  btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+              '</div>';
+            }
+            else {
+            item.action = '<div class="btn-group">' +
+              '<a href="#" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-info show_qid_info"><i class="bi bi-file-earmark-text"></i> ' + lang.show_item + '</a>' +
+              '</div>';
+            }
+            item.chkbox = '<input type="checkbox" data-id="qitems" name="multi_select" value="' + item.id + '" />';
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: ''
+        },
+        {
+          title: lang.qid,
+          data: 'qid',
+          defaultContent: ''
+        },
+        {
+          title: lang.sender,
+          data: 'sender',
+          className: 'senders-mw220',
+          defaultContent: ''
+        },
+        {
+          title: lang.subj,
+          data: 'subject',
+          defaultContent: ''
+        },
+        {
+          title: lang.rspamd_result,
+          data: 'rspamdaction',
+          defaultContent: ''
+        },
+        {
+          title: lang.rcpt,
+          data: 'rcpt',
+          defaultContent: ''
+        },
+        {
+          title: lang.danger,
+          data: 'virus',
+          defaultContent: ''
+        },
+        {
+          title: lang.spam_score,
+          data: 'score',
+          defaultContent: ''
+        },
+        {
+          title: lang.notified,
+          data: 'notified',
+          defaultContent: ''
+        },
+        {
+          title: lang.received,
+          data: 'created',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            $(td).attr({
+              "data-order": cellData,
+              "data-sort": cellData
+            });
+
+            var date = new Date(cellData ? cellData * 1000 : 0);
+            var dateString = date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+            $(td).html(dateString);
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        },
+      ]
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#quarantinetable');
+    });
+  }
+
+  $('body').on('click', '.show_qid_info', function (e) {
+    e.preventDefault();
+    var qitem = $(this).attr('data-item');
+    var qError = $("#qid_error");
+
+    $('#qidDetailModal').modal('show');
+    qError.hide();
+
+    $.ajax({
+      url: '/inc/ajax/qitem_details.php',
+      data: { id: qitem },
+      dataType: 'json',
+      success: function(data){
+
+        $('[data-id="qitems_single"]').each(function(index) {
+          $(this).attr("data-item", qitem);
+        });
+
+        $("#quick_download_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&eml', '_blank')");
+        $("#quick_release_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&quick_release', '_blank')");
+        $("#quick_delete_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&quick_delete', '_blank')");
+
+        $('#qid_detail_subj').text(data.subject);
+        $('#qid_detail_hfrom').text(data.header_from);
+        $('#qid_detail_efrom').text(data.env_from);
+        $('#qid_detail_score').html('');
+        $('#qid_detail_recipients').html('');
+        $('#qid_detail_symbols').html('');
+        $('#qid_detail_fuzzy').html('');
+        if (typeof data.symbols !== 'undefined') {
+          data.symbols.sort(function (a, b) {
+            if (a.score === 0) return 1;
+            if (b.score === 0) return -1;
+            if (b.score < 0 && a.score < 0) {
+              return a.score - b.score;
+            }
+            if (b.score > 0 && a.score > 0) {
+              return b.score - a.score;
+            }
+            return b.score - a.score;
+          })
+          $.each(data.symbols, function (index, value) {
+            var highlightClass = '';
+            if (value.score > 0) highlightClass = 'negative';
+            else if (value.score < 0) highlightClass = 'positive';
+            else highlightClass = 'neutral';
+            $('#qid_detail_symbols').append('<span data-bs-toggle="tooltip" class="rspamd-symbol ' + highlightClass + '" title="' + (value.options ? value.options.join(', ') : '') + '">' + value.name + ' (<span class="score">' + value.score + '</span>)</span>');
+          });
+          $('[data-bs-toggle="tooltip"]').tooltip();
+        }
+        if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) {
+          $.each(data.fuzzy_hashes, function (index, value) {
+            $('#qid_detail_fuzzy').append('<p style="font-family:monospace">' + value + '</p>');
+          });
+        } else {
+          $('#qid_detail_fuzzy').append('-');
+        }
+        if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') {
+          if (data.action == "add header") {
+            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.junk_folder + '</span>');
+          } else if (data.action == "reject") {
+            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-danger"><b>' + data.score + '</b> - ' + lang.rejected + '</span>');
+          } else if (data.action == "rewrite subject") {
+            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.rewrite_subject + '</span>');
+          }
+        }
+        if (typeof data.recipients !== 'undefined') {
+          $.each(data.recipients, function(index, value) {
+            var elem = $('<span class="mail-address-item"></span>');
+            elem.text(value.address + ' (' + value.type.toUpperCase() + ')');
+            $('#qid_detail_recipients').append(elem);
+          });
+        }
+        $('#qid_detail_text').text(data.text_plain);
+        $('#qid_detail_text_from_html').text(data.text_html);
+        var qAtts = $("#qid_detail_atts");
+        if (typeof data.attachments !== 'undefined') {
+          qAtts.text('');
+          $.each(data.attachments, function(index, value) {
+            qAtts.append(
+              '<p><a href="/inc/ajax/qitem_details.php?id=' + qitem + '&att=' + index + '" target="_blank">' + value[0] + '</a> (' + value[1] + ')' +
+              ' - <small><a href="' + value[3] + '" target="_blank">' + lang.check_hash + '</a></small></p>'
+            );
+          });
+        }
+        else {
+          qAtts.text('-');
+        }
+      },
+      error: function(data){
+        if (typeof data.error !== 'undefined') {
+          $('#qid_detail_subj').text('-');
+          $('#qid_detail_hfrom').text('-');
+          $('#qid_detail_efrom').text('-');
+          $('#qid_detail_score').html('-');
+          $('#qid_detail_recipients').html('-');
+          $('#qid_detail_symbols').html('-');
+          $('#qid_detail_fuzzy').html('-');
+          $('#qid_detail_text').text('-');
+          $('#qid_detail_text_from_html').text('-');
+          qError.text("Error loading quarantine item");
+          qError.show();
+        }
+      }
+    });
+  });
+
+  $('body').on('click', 'span.footable-toggle', function () {
+    event.stopPropagation();
+  })
+
+  // Initial table drawings
+  draw_quarantine_table();
+
+  function hideTableExpandCollapseBtn(table){
+    if ($(table).hasClass('collapsed'))
+      $(".table_collapse_option").show();
+    else
+      $(".table_collapse_option").hide();
+  }
+});
diff --git a/data/web/js/site/queue.js b/data/web/js/site/queue.js
index ebebaff8..bc4c7369 100644
--- a/data/web/js/site/queue.js
+++ b/data/web/js/site/queue.js
@@ -1,127 +1,128 @@
 jQuery(function($){
 
-    $(".refresh_table").on('click', function(e) {
-      e.preventDefault();
-      var table_name = $(this).data('table');
-      $('#' + table_name).DataTable().ajax.reload();
-    });
+  $(".refresh_table").on('click', function(e) {
+    e.preventDefault();
+    var table_name = $(this).data('table');
+    $('#' + table_name).DataTable().ajax.reload();
+  });
 
 
-    function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
+  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
 
-    // Queue item
-    $('#showQueuedMsg').on('show.bs.modal', function (e) {
-      $('#queue_msg_content').text(lang.loading);
-      button = $(e.relatedTarget)
-      if (button != null) {
-        $('#queue_id').text(button.data('queue-id'));
-      }
-      $.ajax({
-          type: 'GET',
-          url: '/api/v1/get/postcat/' + button.data('queue-id'),
-          dataType: 'text',
-          complete: function (data) {
-            $('#queue_msg_content').text(data.responseText);
-          }
-      });
-    })
-
-    function draw_queue() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#queuetable') ) {
-      $('#queuetable').DataTable().columns.adjust().responsive.recalc();
-      return;
+  // Queue item
+  $('#showQueuedMsg').on('show.bs.modal', function (e) {
+    $('#queue_msg_content').text(lang.loading);
+    button = $(e.relatedTarget)
+    if (button != null) {
+      $('#queue_id').text(button.data('queue-id'));
     }
+    $.ajax({
+      type: 'GET',
+      url: '/api/v1/get/postcat/' + button.data('queue-id'),
+      dataType: 'text',
+      complete: function (data) {
+        $('#queue_msg_content').text(data.responseText);
+      }
+    });
+  })
 
-    $('#queuetable').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/mailq/all",
-        dataSrc: function(data){
-          $.each(data, function (i, item) {
-            item.chkbox = '<input type="checkbox" data-id="mailqitems" name="multi_select" value="' + item.queue_id + '" />';
-            rcpts = $.map(item.recipients, function(i) {
-              return escapeHtml(i);
-            });
-            item.recipients = rcpts.join('<hr style="margin:1px!important">');
-            item.action = '<div class="btn-group">' +
-              '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.show_message + '</a>' +
+  function draw_queue() {
+  // just recalc width if instance already exists
+  if ($.fn.DataTable.isDataTable('#queuetable') ) {
+    $('#queuetable').DataTable().columns.adjust().responsive.recalc();
+    return;
+  }
+
+  $('#queuetable').DataTable({
+    responsive: true,
+    processing: true,
+    serverSide: false,
+    stateSave: true,
+    pageLength: pagination_size,
+    dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+         "tr" +
+         "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+    language: lang_datatables,
+    ajax: {
+      type: "GET",
+      url: "/api/v1/get/mailq/all",
+      dataSrc: function(data){
+        $.each(data, function (i, item) {
+          item.chkbox = '<input type="checkbox" data-id="mailqitems" name="multi_select" value="' + item.queue_id + '" />';
+          rcpts = $.map(item.recipients, function(i) {
+            return escapeHtml(i);
+          });
+          item.recipients = rcpts.join('<hr style="margin:1px!important">');
+          item.action = '<div class="btn-group">' +
+            '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.show_message + '</a>' +
             '</div>';
           });
           return data;
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'QID',
-            data: 'queue_id',
-            defaultContent: ''
-          },
-          {
-            title: 'Queue',
-            data: 'queue_name',
-            defaultContent: ''
-          },
-          {
-            title: lang_admin.arrival_time,
-            data: 'arrival_time',
-            defaultContent: '',
-            render: function (data, type){
-              var date = new Date(data ? data * 1000 : 0); 
-              return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-            }
-          },
-          {
-            title: lang_admin.message_size,
-            data: 'message_size',
-            defaultContent: '',
-            render: function (data, type){
-              return humanFileSize(data);
-            }
-          },
-          {
-            title: lang_admin.sender,
-            data: 'sender',
-            defaultContent: ''
-          },
-          {
-            title: lang_admin.recipients,
-            data: 'recipients',
-            defaultContent: ''
-          },
-          {
-            title: lang_admin.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'QID',
+          data: 'queue_id',
+          defaultContent: ''
+        },
+        {
+          title: 'Queue',
+          data: 'queue_name',
+          defaultContent: ''
+        },
+        {
+          title: lang_admin.arrival_time,
+          data: 'arrival_time',
+          defaultContent: '',
+          render: function (data, type){
+            var date = new Date(data ? data * 1000 : 0);
+            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+          }
+        },
+        {
+          title: lang_admin.message_size,
+          data: 'message_size',
+          defaultContent: '',
+          render: function (data, type){
+            return humanFileSize(data);
+          }
+        },
+        {
+          title: lang_admin.sender,
+          data: 'sender',
+          defaultContent: ''
+        },
+        {
+          title: lang_admin.recipients,
+          data: 'recipients',
+          defaultContent: ''
+        },
+        {
+          title: lang_admin.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        },
       ]
     });
   }
 
   draw_queue();
 
-})
\ No newline at end of file
+})
diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index d1b9780f..d93e692f 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -1,662 +1,667 @@
-// Base64 functions
-var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
-$(document).ready(function() {
-  // Spam score slider
-  var spam_slider = $('#spam_score')[0];
-  if (typeof spam_slider !== 'undefined') {
-    noUiSlider.create(spam_slider, {
-      start: user_spam_score,
-      connect: [true, true, true],
-      range: {
-        'min': [0], //stepsize is 50.000
-        '50%': [10],
-        '70%': [20, 5],
-        '80%': [50, 10],
-        '90%': [100, 100],
-        '95%': [1000, 1000],
-        'max': [5000]
-      },
-    });
-    var connect = spam_slider.querySelectorAll('.noUi-connect');
-    var classes = ['c-1-color', 'c-2-color', 'c-3-color'];
-    for (var i = 0; i < connect.length; i++) {
-      connect[i].classList.add(classes[i]);
-    }
-    spam_slider.noUiSlider.on('update', function (values, handle) {
-      $('.spam-ham-score').text('< ' + Math.round(values[0] * 10) / 10);
-      $('.spam-spam-score').text(Math.round(values[0] * 10) / 10 + ' - ' + Math.round(values[1] * 10) / 10);
-      $('.spam-reject-score').text('> ' + Math.round(values[1] * 10) / 10);
-      $('#spam_score_value').val((Math.round(values[0] * 10) / 10) + ',' + (Math.round(values[1] * 10) / 10));
-    });
-  }
-  // syncjobLogModal
-  $('#syncjobLogModal').on('show.bs.modal', function(e) {
-    var syncjob_id = $(e.relatedTarget).data('syncjob-id');
-    $.ajax({
-      url: '/inc/ajax/syncjob_logs.php',
-      data: { id: syncjob_id },
-      dataType: 'text',
-      success: function(data){
-        $(e.currentTarget).find('#logText').text(data);
-      },
-      error: function(xhr, status, error) {
-        $(e.currentTarget).find('#logText').text(xhr.responseText);
-      }
-    });
-  });
-  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
-  $("#pushover_delete").click(function() { return confirm(lang.delete_ays); });
-
-});
-jQuery(function($){
-  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
-  var entityMap = {
-  '&': '&amp;',
-  '<': '&lt;',
-  '>': '&gt;',
-  '"': '&quot;',
-  "'": '&#39;',
-  '/': '&#x2F;',
-  '`': '&#x60;',
-  '=': '&#x3D;'
-  };
-  function escapeHtml(string) {
-    return String(string).replace(/[&<>"'`=\/]/g, function (s) {
-      return entityMap[s];
-    });
-  }
-  // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
-  function validateEmail(email) {
-    var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
-    return re.test(email);
-  }
-  function unix_time_format(tm) {
-    var date = new Date(tm ? tm * 1000 : 0);
-    return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-  }
-  acl_data = JSON.parse(acl);
-
-  $('.clear-last-logins').on('click', function () {if (confirm(lang.delete_ays)) {last_logins('reset');}})
-  $(".login-history").on('click', function(e) {e.preventDefault(); last_logins('get', $(this).data('days'));$(this).addClass('active').siblings().removeClass('active');});
-
-  function last_logins(action, days = 7) {
-    if (action == 'get') {
-      $('.last-login').html('<i class="bi bi-hourglass"></i>' +  lang.waiting);
-      $.ajax({
-        dataType: 'json',
-        url: '/api/v1/get/last-login/' + encodeURIComponent(mailcow_cc_username) + '/' + days,
-        jsonp: false,
-        error: function () {
-          console.log('error reading last logins');
-        },
-        success: function (data) {
-          $('.last-login').html();
-          if (data.ui.time) {
-            $('.last-login').html('<i class="bi bi-person-fill"></i> ' + lang.last_ui_login + ': ' + unix_time_format(data.ui.time));
-          } else {
-            $('.last-login').text(lang.no_last_login);
-          }
-          if (data.sasl) {
-            $('.last-login').append('<ul class="list-group">');
-            $.each(data.sasl, function (i, item) {
-              var datetime = new Date(item.datetime.replace(/-/g, "/"));
-              var local_datetime = datetime.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-              var service = '<div class="badge fs-6 bg-secondary">' + item.service.toUpperCase() + '</div>';
-              var app_password = item.app_password ? ' <a href="/edit/app-passwd/' + item.app_password + '"><i class="bi bi-app-indicator"></i> ' + escapeHtml(item.app_password_name || "App") + '</a>' : '';
-              var real_rip = item.real_rip.startsWith("Web") ? item.real_rip : '<a href="https://bgp.he.net/ip/' + item.real_rip + '" target="_blank">' + item.real_rip + "</a>";
-              var ip_location = item.location ? ' <span class="flag-icon flag-icon-' + item.location.toLowerCase() + '"></span>' : '';
-              var ip_data = real_rip + ip_location + app_password;
-              $(".last-login").append('<li class="list-group-item">' + local_datetime + " " + service + " " + lang.from + " " + ip_data + "</li>");
-            })
-            $('.last-login').append('</ul>');
-          }
-        }
-      })
-    } else if (action == 'reset') {
-      $.ajax({
-        dataType: 'json',
-        url: '/api/v1/get/reset-last-login/' + encodeURIComponent(mailcow_cc_username),
-        jsonp: false,
-        error: function () {
-          console.log('cannot reset last logins');
-        },
-        success: function (data) {
-          last_logins('get');
-        }
-      })
-    }
-  }
-
-  function draw_tla_table() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#tla_table') ) {
-      $('#tla_table').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#tla_table').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/time_limited_aliases",
-        dataSrc: function(data){
-          console.log(data);
-          $.each(data, function (i, item) {
-            if (acl_data.spam_alias === 1) {
-              item.action = '<div class="btn-group">' +
-                '<a href="#" data-action="delete_selected" data-id="single-tla" data-api-url="delete/time_limited_alias" data-item="' + encodeURIComponent(item.address) + '" class="btn btn-xs btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-                '</div>';
-              item.chkbox = '<input type="checkbox" data-id="tla" name="multi_select" value="' + encodeURIComponent(item.address) + '" />';
-              item.address = escapeHtml(item.address);
-            }
-            else {
-              item.chkbox = '<input type="checkbox" disabled />';
-              item.action = '<span>-</span>';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [          
-        {
-          // placeholder, so checkbox will not block child row toggle
-          title: '',
-          data: null,
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: '',
-          data: 'chkbox',
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: lang.alias,
-          data: 'address',
-          defaultContent: ''
-        },
-        {
-          title: lang.alias_valid_until,
-          data: 'validity',
-          defaultContent: '',
-          render: function (data, type) {
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.created_on,
-          data: 'created',
-          defaultContent: '',
-          render: function (data, type) {
-            var date = new Date(data.replace(/-/g, "/"));
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.action,
-          data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-  function draw_sync_job_table() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#sync_job_table') ) {
-      $('#sync_job_table').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#sync_job_table').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/syncjobs/' + encodeURIComponent(mailcow_cc_username) + '/no_log',
-        dataSrc: function(data){
-          console.log(data);
-          $.each(data, function (i, item) {
-            item.user1 = escapeHtml(item.user1);
-            item.log = '<a href="#syncjobLogModal" data-bs-toggle="modal" data-syncjob-id="' + item.id + '">' + lang.open_logs + '</a>'
-            if (!item.exclude > 0) {
-              item.exclude = '-';
-            } else {
-              item.exclude  = '<code>' + escapeHtml(item.exclude) + '</code>';
-            }
-            item.server_w_port = escapeHtml(item.user1 + '@' + item.host1 + ':' + item.port1);
-            if (acl_data.syncjobs === 1) {
-              item.action = '<div class="btn-group">' +
-                '<a href="/edit/syncjob/' + item.id + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-                '<a href="#" data-action="delete_selected" data-id="single-syncjob" data-api-url="delete/syncjob" data-item="' + item.id + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-                '</div>';
-              item.chkbox = '<input type="checkbox" data-id="syncjob" name="multi_select" value="' + item.id + '" />';
-            }
-            else {
-              item.action = '<span>-</span>';
-              item.chkbox = '<input type="checkbox" disabled />';
-            }
-            if (item.is_running == 1) {
-              item.is_running = '<span id="active-script" class="badge fs-6 bg-success">' + lang.running + '</span>';
-            } else {
-              item.is_running = '<span id="inactive-script" class="badge fs-6 bg-warning">' + lang.waiting + '</span>';
-            }
-            if (!item.last_run > 0) {
-              item.last_run = lang.waiting;
-            }
-            if (item.success == null) {
-              item.success = '-';
-              item.exit_status = '';
-            } else {
-              item.success = '<i class="text-' + (item.success == 1 ? 'success' : 'danger') + ' bi bi-' + (item.success == 1 ? 'check-lg' : 'x-lg') + '"></i>';
-            }
-            if (lang['syncjob_'+item.exit_status]) {
-	            item.exit_status = lang['syncjob_'+item.exit_status];
-            } else if (item.success != '-') {
-	            item.exit_status = lang.syncjob_check_log;
-            }
-            item.exit_status = item.success + ' ' + item.exit_status;
-          });
-
-          return data;
-        }
-      },
-      columns: [          
-        {
-          // placeholder, so checkbox will not block child row toggle
-          title: '',
-          data: null,
-          searchable: false,
-          orderable: false,
-          defaultContent: '',
-          responsivePriority: 1
-        },
-        {
-          title: '',
-          data: 'chkbox',
-          searchable: false,
-          orderable: false,
-          defaultContent: '',
-          responsivePriority: 2
-        },
-        {
-          title: 'ID',
-          data: 'id',
-          defaultContent: '',
-          responsivePriority: 3
-        },
-        {
-          title: 'Server',
-          data: 'server_w_port',
-          defaultContent: ''
-        },
-        {
-          title: lang.username,
-          data: 'user1',
-          defaultContent: '',
-          responsivePriority: 3
-        },
-        {
-          title: lang.last_run,
-          data: 'last_run',
-          defaultContent: ''
-        },
-        {
-          title: lang.syncjob_last_run_result,
-          data: 'exit_status',
-          defaultContent: ''
-        },
-        {
-          title: 'Log',
-          data: 'log',
-          defaultContent: ''
-        },
-        {
-          title: lang.active,
-          data: 'active',
-          defaultContent: '',
-          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>'
-          }
-        },
-        {
-          title: lang.status,
-          data: 'is_running',
-          defaultContent: '',
-          responsivePriority: 5
-        },
-        {
-          title: lang.encryption,
-          data: 'enc1',
-          defaultContent: ''
-        },
-        {
-          title: lang.excludes,
-          data: 'exclude',
-          defaultContent: ''
-        },
-        {
-          title: lang.interval + " (min)",
-          data: 'mins_interval',
-          defaultContent: ''
-        },
-        {
-          title: lang.action,
-          data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
-          defaultContent: '',
-          responsivePriority: 5
-        }
-      ]
-    });
-  }
-  function draw_app_passwd_table() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#app_passwd_table') ) {
-      $('#app_passwd_table').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#app_passwd_table').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/app-passwd/all',
-        dataSrc: function(data){
-          console.log(data);
-          $.each(data, function (i, item) {
-            item.name = escapeHtml(item.name)
-            item.protocols = []
-            if (item.imap_access == 1) { item.protocols.push("<code>IMAP</code>"); }
-            if (item.smtp_access == 1) { item.protocols.push("<code>SMTP</code>"); }
-            if (item.eas_access == 1) { item.protocols.push("<code>EAS/ActiveSync</code>"); }
-            if (item.dav_access == 1) { item.protocols.push("<code>DAV</code>"); }
-            if (item.pop3_access == 1) { item.protocols.push("<code>POP3</code>"); }
-            if (item.sieve_access == 1) { item.protocols.push("<code>Sieve</code>"); }
-            item.protocols = item.protocols.join(" ")
-            if (acl_data.app_passwds === 1) {
-              item.action = '<div class="btn-group">' +
-                '<a href="/edit/app-passwd/' + item.id + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-                '<a href="#" data-action="delete_selected" data-id="single-apppasswd" data-api-url="delete/app-passwd" data-item="' + item.id + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-                '</div>';
-              item.chkbox = '<input type="checkbox" data-id="apppasswd" name="multi_select" value="' + item.id + '" />';
-            }
-            else {
-              item.action = '<span>-</span>';
-              item.chkbox = '<input type="checkbox" disabled />';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [          
-        {
-          // placeholder, so checkbox will not block child row toggle
-          title: '',
-          data: null,
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: '',
-          data: 'chkbox',
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: 'ID',
-          data: 'id',
-          defaultContent: ''
-        },
-        {
-          title: lang.app_name,
-          data: 'name',
-          defaultContent: ''
-        },
-        {
-          title: lang.allowed_protocols,
-          data: 'protocols',
-          defaultContent: ''
-        },
-        {
-          title: lang.active,
-          data: 'active',
-          defaultContent: '',
-          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>'
-          }
-        },
-        {
-          title: lang.action,
-          data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-  function draw_wl_policy_mailbox_table() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#wl_policy_mailbox_table') ) {
-      $('#wl_policy_mailbox_table').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#wl_policy_mailbox_table').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/policy_wl_mailbox',
-        dataSrc: function(data){
-          console.log(data);
-          $.each(data, function (i, item) {
-            if (validateEmail(item.object)) {
-              item.chkbox = '<input type="checkbox" data-id="policy_wl_mailbox" name="multi_select" value="' + item.prefid + '" />';
-            }
-            else {
-              item.chkbox = '<input type="checkbox" disabled title="' + lang.spamfilter_table_domain_policy + '" />';
-            }
-            if (acl_data.spam_policy === 0) {
-              item.chkbox = '<input type="checkbox" disabled />';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [          
-        {
-          // placeholder, so checkbox will not block child row toggle
-          title: '',
-          data: null,
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: '',
-          data: 'chkbox',
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: 'ID',
-          data: 'prefid',
-          defaultContent: ''
-        },
-        {
-          title: lang.spamfilter_table_rule,
-          data: 'value',
-          defaultContent: ''
-        },
-        {
-          title:'Scope',
-          data: 'object',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-  function draw_bl_policy_mailbox_table() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#bl_policy_mailbox_table') ) {
-      $('#bl_policy_mailbox_table').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#bl_policy_mailbox_table').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/policy_bl_mailbox',
-        dataSrc: function(data){
-          console.log(data);
-          $.each(data, function (i, item) {
-            if (validateEmail(item.object)) {
-              item.chkbox = '<input type="checkbox" data-id="policy_bl_mailbox" name="multi_select" value="' + item.prefid + '" />';
-            }
-            else {
-              item.chkbox = '<input type="checkbox" disabled tooltip="' + lang.spamfilter_table_domain_policy + '" />';
-            }
-            if (acl_data.spam_policy === 0) {
-              item.chkbox = '<input type="checkbox" disabled />';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [          
-        {
-          // placeholder, so checkbox will not block child row toggle
-          title: '',
-          data: null,
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: '',
-          data: 'chkbox',
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: 'ID',
-          data: 'prefid',
-          defaultContent: ''
-        },
-        {
-          title: lang.spamfilter_table_rule,
-          data: 'value',
-          defaultContent: ''
-        },
-        {
-          title:'Scope',
-          data: 'object',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-
-  // FIDO2 friendly name modal
-  $('#fido2ChangeFn').on('show.bs.modal', function (e) {
-    rename_link = $(e.relatedTarget)
-    if (rename_link != null) {
-      $('#fido2_cid').val(rename_link.data('cid'));
-      $('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
-    }
-  })
-
-  // Sieve data modal
-  $('#userFilterModal').on('show.bs.modal', function(e) {
-    $('#user_sieve_filter').text(lang.loading);
-    $.ajax({
-      dataType: 'json',
-      url: '/api/v1/get/active-user-sieve/' + encodeURIComponent(mailcow_cc_username),
-      jsonp: false,
-      error: function () {
-        console.log('Cannot get active sieve script');
-      },
-      complete: function (data) {
-        if (data.responseText == '{}') {
-          $('#user_sieve_filter').text(lang.no_active_filter);
-        } else {
-          $('#user_sieve_filter').text(JSON.parse(data.responseText));
-        }
-      }
-    })
-  });
-  $('#userFilterModal').on('hidden.bs.modal', function () {
-    $('#user_sieve_filter').text(lang.loading);
-  });
-
-  // detect element visibility changes
-  function onVisible(element, callback) {
-    $(document).ready(function() {
-      element_object = document.querySelector(element);
-      if (element_object === null) return;
-
-      new IntersectionObserver((entries, observer) => {
-        entries.forEach(entry => {
-          if(entry.intersectionRatio > 0) {
-            callback(element_object);
-          }
-        });
-      }).observe(element_object);
-    });
-  }
-
-  // Load only if the tab is visible
-  onVisible("[id^=tla_table]", () => draw_tla_table());
-  onVisible("[id^=bl_policy_mailbox_table]", () => draw_bl_policy_mailbox_table());
-  onVisible("[id^=wl_policy_mailbox_table]", () => draw_wl_policy_mailbox_table());
-  onVisible("[id^=sync_job_table]", () => draw_sync_job_table());
-  onVisible("[id^=app_passwd_table]", () => draw_app_passwd_table());
-  last_logins('get');
-});
+// Base64 functions
+var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
+$(document).ready(function() {
+  // Spam score slider
+  var spam_slider = $('#spam_score')[0];
+  if (typeof spam_slider !== 'undefined') {
+    noUiSlider.create(spam_slider, {
+      start: user_spam_score,
+      connect: [true, true, true],
+      range: {
+        'min': [0], //stepsize is 50.000
+        '50%': [10],
+        '70%': [20, 5],
+        '80%': [50, 10],
+        '90%': [100, 100],
+        '95%': [1000, 1000],
+        'max': [5000]
+      },
+    });
+    var connect = spam_slider.querySelectorAll('.noUi-connect');
+    var classes = ['c-1-color', 'c-2-color', 'c-3-color'];
+    for (var i = 0; i < connect.length; i++) {
+      connect[i].classList.add(classes[i]);
+    }
+    spam_slider.noUiSlider.on('update', function (values, handle) {
+      $('.spam-ham-score').text('< ' + Math.round(values[0] * 10) / 10);
+      $('.spam-spam-score').text(Math.round(values[0] * 10) / 10 + ' - ' + Math.round(values[1] * 10) / 10);
+      $('.spam-reject-score').text('> ' + Math.round(values[1] * 10) / 10);
+      $('#spam_score_value').val((Math.round(values[0] * 10) / 10) + ',' + (Math.round(values[1] * 10) / 10));
+    });
+  }
+  // syncjobLogModal
+  $('#syncjobLogModal').on('show.bs.modal', function(e) {
+    var syncjob_id = $(e.relatedTarget).data('syncjob-id');
+    $.ajax({
+      url: '/inc/ajax/syncjob_logs.php',
+      data: { id: syncjob_id },
+      dataType: 'text',
+      success: function(data){
+        $(e.currentTarget).find('#logText').text(data);
+      },
+      error: function(xhr, status, error) {
+        $(e.currentTarget).find('#logText').text(xhr.responseText);
+      }
+    });
+  });
+  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
+  $("#pushover_delete").click(function() { return confirm(lang.delete_ays); });
+
+});
+jQuery(function($){
+  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
+  var entityMap = {
+  '&': '&amp;',
+  '<': '&lt;',
+  '>': '&gt;',
+  '"': '&quot;',
+  "'": '&#39;',
+  '/': '&#x2F;',
+  '`': '&#x60;',
+  '=': '&#x3D;'
+  };
+  function escapeHtml(string) {
+    return String(string).replace(/[&<>"'`=\/]/g, function (s) {
+      return entityMap[s];
+    });
+  }
+  // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
+  function validateEmail(email) {
+    var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
+    return re.test(email);
+  }
+  function unix_time_format(tm) {
+    var date = new Date(tm ? tm * 1000 : 0);
+    return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+  }
+  acl_data = JSON.parse(acl);
+
+  $('.clear-last-logins').on('click', function () {if (confirm(lang.delete_ays)) {last_logins('reset');}})
+  $(".login-history").on('click', function(e) {e.preventDefault(); last_logins('get', $(this).data('days'));$(this).addClass('active').siblings().removeClass('active');});
+
+  function last_logins(action, days = 7) {
+    if (action == 'get') {
+      $('.last-login').html('<i class="bi bi-hourglass"></i>' +  lang.waiting);
+      $.ajax({
+        dataType: 'json',
+        url: '/api/v1/get/last-login/' + encodeURIComponent(mailcow_cc_username) + '/' + days,
+        jsonp: false,
+        error: function () {
+          console.log('error reading last logins');
+        },
+        success: function (data) {
+          $('.last-login').html();
+          if (data.ui.time) {
+            $('.last-login').html('<i class="bi bi-person-fill"></i> ' + lang.last_ui_login + ': ' + unix_time_format(data.ui.time));
+          } else {
+            $('.last-login').text(lang.no_last_login);
+          }
+          if (data.sasl) {
+            $('.last-login').append('<ul class="list-group">');
+            $.each(data.sasl, function (i, item) {
+              var datetime = new Date(item.datetime.replace(/-/g, "/"));
+              var local_datetime = datetime.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+              var service = '<div class="badge fs-6 bg-secondary">' + item.service.toUpperCase() + '</div>';
+              var app_password = item.app_password ? ' <a href="/edit/app-passwd/' + item.app_password + '"><i class="bi bi-app-indicator"></i> ' + escapeHtml(item.app_password_name || "App") + '</a>' : '';
+              var real_rip = item.real_rip.startsWith("Web") ? item.real_rip : '<a href="https://bgp.he.net/ip/' + item.real_rip + '" target="_blank">' + item.real_rip + "</a>";
+              var ip_location = item.location ? ' <span class="flag-icon flag-icon-' + item.location.toLowerCase() + '"></span>' : '';
+              var ip_data = real_rip + ip_location + app_password;
+              $(".last-login").append('<li class="list-group-item">' + local_datetime + " " + service + " " + lang.from + " " + ip_data + "</li>");
+            })
+            $('.last-login').append('</ul>');
+          }
+        }
+      })
+    } else if (action == 'reset') {
+      $.ajax({
+        dataType: 'json',
+        url: '/api/v1/get/reset-last-login/' + encodeURIComponent(mailcow_cc_username),
+        jsonp: false,
+        error: function () {
+          console.log('cannot reset last logins');
+        },
+        success: function (data) {
+          last_logins('get');
+        }
+      })
+    }
+  }
+
+  function draw_tla_table() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#tla_table') ) {
+      $('#tla_table').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#tla_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/time_limited_aliases",
+        dataSrc: function(data){
+          console.log(data);
+          $.each(data, function (i, item) {
+            if (acl_data.spam_alias === 1) {
+              item.action = '<div class="btn-group">' +
+                '<a href="#" data-action="delete_selected" data-id="single-tla" data-api-url="delete/time_limited_alias" data-item="' + encodeURIComponent(item.address) + '" class="btn btn-xs btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+                '</div>';
+              item.chkbox = '<input type="checkbox" data-id="tla" name="multi_select" value="' + encodeURIComponent(item.address) + '" />';
+              item.address = escapeHtml(item.address);
+            }
+            else {
+              item.chkbox = '<input type="checkbox" disabled />';
+              item.action = '<span>-</span>';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: lang.alias,
+          data: 'address',
+          defaultContent: ''
+        },
+        {
+          title: lang.alias_valid_until,
+          data: 'validity',
+          defaultContent: '',
+          render: function (data, type) {
+            var date = new Date(data ? data * 1000 : 0);
+            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+          }
+        },
+        {
+          title: lang.created_on,
+          data: 'created',
+          defaultContent: '',
+          render: function (data, type) {
+            var date = new Date(data.replace(/-/g, "/"));
+            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+  function draw_sync_job_table() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#sync_job_table') ) {
+      $('#sync_job_table').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#sync_job_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/syncjobs/' + encodeURIComponent(mailcow_cc_username) + '/no_log',
+        dataSrc: function(data){
+          console.log(data);
+          $.each(data, function (i, item) {
+            item.user1 = escapeHtml(item.user1);
+            item.log = '<a href="#syncjobLogModal" data-bs-toggle="modal" data-syncjob-id="' + item.id + '">' + lang.open_logs + '</a>'
+            if (!item.exclude > 0) {
+              item.exclude = '-';
+            } else {
+              item.exclude  = '<code>' + escapeHtml(item.exclude) + '</code>';
+            }
+            item.server_w_port = escapeHtml(item.user1 + '@' + item.host1 + ':' + item.port1);
+            if (acl_data.syncjobs === 1) {
+              item.action = '<div class="btn-group">' +
+                '<a href="/edit/syncjob/' + item.id + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+                '<a href="#" data-action="delete_selected" data-id="single-syncjob" data-api-url="delete/syncjob" data-item="' + item.id + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+                '</div>';
+              item.chkbox = '<input type="checkbox" data-id="syncjob" name="multi_select" value="' + item.id + '" />';
+            }
+            else {
+              item.action = '<span>-</span>';
+              item.chkbox = '<input type="checkbox" disabled />';
+            }
+            if (item.is_running == 1) {
+              item.is_running = '<span id="active-script" class="badge fs-6 bg-success">' + lang.running + '</span>';
+            } else {
+              item.is_running = '<span id="inactive-script" class="badge fs-6 bg-warning">' + lang.waiting + '</span>';
+            }
+            if (!item.last_run > 0) {
+              item.last_run = lang.waiting;
+            }
+            if (item.success == null) {
+              item.success = '-';
+              item.exit_status = '';
+            } else {
+              item.success = '<i class="text-' + (item.success == 1 ? 'success' : 'danger') + ' bi bi-' + (item.success == 1 ? 'check-lg' : 'x-lg') + '"></i>';
+            }
+            if (lang['syncjob_'+item.exit_status]) {
+              item.exit_status = lang['syncjob_'+item.exit_status];
+            } else if (item.success != '-') {
+              item.exit_status = lang.syncjob_check_log;
+            }
+            item.exit_status = item.success + ' ' + item.exit_status;
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: '',
+          responsivePriority: 3
+        },
+        {
+          title: 'Server',
+          data: 'server_w_port',
+          defaultContent: ''
+        },
+        {
+          title: lang.username,
+          data: 'user1',
+          defaultContent: '',
+          responsivePriority: 3
+        },
+        {
+          title: lang.last_run,
+          data: 'last_run',
+          defaultContent: ''
+        },
+        {
+          title: lang.syncjob_last_run_result,
+          data: 'exit_status',
+          defaultContent: ''
+        },
+        {
+          title: 'Log',
+          data: 'log',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>'
+          }
+        },
+        {
+          title: lang.status,
+          data: 'is_running',
+          defaultContent: '',
+          responsivePriority: 5
+        },
+        {
+          title: lang.encryption,
+          data: 'enc1',
+          defaultContent: ''
+        },
+        {
+          title: lang.excludes,
+          data: 'exclude',
+          defaultContent: ''
+        },
+        {
+          title: lang.interval + " (min)",
+          data: 'mins_interval',
+          defaultContent: ''
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: '',
+          responsivePriority: 5
+        }
+      ]
+    });
+  }
+  function draw_app_passwd_table() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#app_passwd_table') ) {
+      $('#app_passwd_table').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#app_passwd_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/app-passwd/all',
+        dataSrc: function(data){
+          console.log(data);
+          $.each(data, function (i, item) {
+            item.name = escapeHtml(item.name)
+            item.protocols = []
+            if (item.imap_access == 1) { item.protocols.push("<code>IMAP</code>"); }
+            if (item.smtp_access == 1) { item.protocols.push("<code>SMTP</code>"); }
+            if (item.eas_access == 1) { item.protocols.push("<code>EAS/ActiveSync</code>"); }
+            if (item.dav_access == 1) { item.protocols.push("<code>DAV</code>"); }
+            if (item.pop3_access == 1) { item.protocols.push("<code>POP3</code>"); }
+            if (item.sieve_access == 1) { item.protocols.push("<code>Sieve</code>"); }
+            item.protocols = item.protocols.join(" ")
+            if (acl_data.app_passwds === 1) {
+              item.action = '<div class="btn-group">' +
+                '<a href="/edit/app-passwd/' + item.id + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+                '<a href="#" data-action="delete_selected" data-id="single-apppasswd" data-api-url="delete/app-passwd" data-item="' + item.id + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+                '</div>';
+              item.chkbox = '<input type="checkbox" data-id="apppasswd" name="multi_select" value="' + item.id + '" />';
+            }
+            else {
+              item.action = '<span>-</span>';
+              item.chkbox = '<input type="checkbox" disabled />';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: ''
+        },
+        {
+          title: lang.app_name,
+          data: 'name',
+          defaultContent: ''
+        },
+        {
+          title: lang.allowed_protocols,
+          data: 'protocols',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>'
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+  function draw_wl_policy_mailbox_table() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#wl_policy_mailbox_table') ) {
+      $('#wl_policy_mailbox_table').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#wl_policy_mailbox_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/policy_wl_mailbox',
+        dataSrc: function(data){
+          console.log(data);
+          $.each(data, function (i, item) {
+            if (validateEmail(item.object)) {
+              item.chkbox = '<input type="checkbox" data-id="policy_wl_mailbox" name="multi_select" value="' + item.prefid + '" />';
+            }
+            else {
+              item.chkbox = '<input type="checkbox" disabled title="' + lang.spamfilter_table_domain_policy + '" />';
+            }
+            if (acl_data.spam_policy === 0) {
+              item.chkbox = '<input type="checkbox" disabled />';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'prefid',
+          defaultContent: ''
+        },
+        {
+          title: lang.spamfilter_table_rule,
+          data: 'value',
+          defaultContent: ''
+        },
+        {
+          title:'Scope',
+          data: 'object',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+  function draw_bl_policy_mailbox_table() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#bl_policy_mailbox_table') ) {
+      $('#bl_policy_mailbox_table').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#bl_policy_mailbox_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/policy_bl_mailbox',
+        dataSrc: function(data){
+          console.log(data);
+          $.each(data, function (i, item) {
+            if (validateEmail(item.object)) {
+              item.chkbox = '<input type="checkbox" data-id="policy_bl_mailbox" name="multi_select" value="' + item.prefid + '" />';
+            }
+            else {
+              item.chkbox = '<input type="checkbox" disabled tooltip="' + lang.spamfilter_table_domain_policy + '" />';
+            }
+            if (acl_data.spam_policy === 0) {
+              item.chkbox = '<input type="checkbox" disabled />';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'prefid',
+          defaultContent: ''
+        },
+        {
+          title: lang.spamfilter_table_rule,
+          data: 'value',
+          defaultContent: ''
+        },
+        {
+          title:'Scope',
+          data: 'object',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+
+  // FIDO2 friendly name modal
+  $('#fido2ChangeFn').on('show.bs.modal', function (e) {
+    rename_link = $(e.relatedTarget)
+    if (rename_link != null) {
+      $('#fido2_cid').val(rename_link.data('cid'));
+      $('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
+    }
+  })
+
+  // Sieve data modal
+  $('#userFilterModal').on('show.bs.modal', function(e) {
+    $('#user_sieve_filter').text(lang.loading);
+    $.ajax({
+      dataType: 'json',
+      url: '/api/v1/get/active-user-sieve/' + encodeURIComponent(mailcow_cc_username),
+      jsonp: false,
+      error: function () {
+        console.log('Cannot get active sieve script');
+      },
+      complete: function (data) {
+        if (data.responseText == '{}') {
+          $('#user_sieve_filter').text(lang.no_active_filter);
+        } else {
+          $('#user_sieve_filter').text(JSON.parse(data.responseText));
+        }
+      }
+    })
+  });
+  $('#userFilterModal').on('hidden.bs.modal', function () {
+    $('#user_sieve_filter').text(lang.loading);
+  });
+
+  // detect element visibility changes
+  function onVisible(element, callback) {
+    $(document).ready(function() {
+      element_object = document.querySelector(element);
+      if (element_object === null) return;
+
+      new IntersectionObserver((entries, observer) => {
+        entries.forEach(entry => {
+          if(entry.intersectionRatio > 0) {
+            callback(element_object);
+          }
+        });
+      }).observe(element_object);
+    });
+  }
+
+  // Load only if the tab is visible
+  onVisible("[id^=tla_table]", () => draw_tla_table());
+  onVisible("[id^=bl_policy_mailbox_table]", () => draw_bl_policy_mailbox_table());
+  onVisible("[id^=wl_policy_mailbox_table]", () => draw_wl_policy_mailbox_table());
+  onVisible("[id^=sync_job_table]", () => draw_sync_job_table());
+  onVisible("[id^=app_passwd_table]", () => draw_app_passwd_table());
+  last_logins('get');
+});
diff --git a/data/web/templates/admin.twig b/data/web/templates/admin.twig
index 863f87e9..33f2422b 100644
--- a/data/web/templates/admin.twig
+++ b/data/web/templates/admin.twig
@@ -57,7 +57,7 @@
       </div>
     </div> <!-- /col-md-12 -->
   </div> <!-- /row -->
-</div> 
+</div>
 
 {% include 'modals/admin.twig' %}
 
@@ -66,7 +66,7 @@ var lang = {{ lang_admin|raw }};
 var lang_datatables = {{ lang_datatables|raw }};
 var admin_username = '{{ mailcow_cc_username }}';
 var csrf_token = '{{ csrf_token }}';
-var pagination_size = '{{ pagination_size }}';
-var log_pagination_size = '{{ log_pagination_size }}';
+var pagination_size = Math.trunc('{{ pagination_size }}');
+var log_pagination_size = Math.trunc('{{ log_pagination_size }}');
 </script>
 {% endblock %}
diff --git a/data/web/templates/debug.twig b/data/web/templates/debug.twig
index 1e011c8b..006703fb 100644
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
@@ -41,7 +41,7 @@
               </div>
               <div class="col-sm-12 col-md-8">
                 <div class="table-responsive" style="margin-top: 10px;">
-                  <table class="table table-striped table-condensed">
+                  <table class="table table-striped table-condensed w-100">
                     <tbody>
                       <tr>
                         <td>Hostname</td>
@@ -59,7 +59,7 @@
                               <span class="text">{{ lang.debug.show_ip }}</span>
                               <div class="spinner-border spinner-border-sm d-none" role="status">
                                 <span class="visually-hidden">Loading...</span>
-                              </div>  
+                              </div>
                             </button>
                           {% else %}
                             <span class="d-block">{{ lang.admin.ip_check_disabled|raw }}</span>
@@ -71,7 +71,7 @@
                         <td class="text-break">
                           <div class="fw-bolder">
                             <p ><a href="#" id="maiclow_version">{{ mailcow_info.version_tag }}</a></p>
-                            <p id="mailcow_update"></p> 
+                            <p id="mailcow_update"></p>
                           </div>
                         </td>
                       </tr>
@@ -198,10 +198,10 @@
                         <i class="bi bi-caret-down-fill caret"></i>
                       </button>
                     </div>
-                  {% endif %}  
+                  {% endif %}
                   </div>
                   {% if containers["solr-mailcow"].State.Running == 1 %}
-                  <div class="collapse p-0 list-group-details container-details-collapse" id="solr-mailcowCollapse" data-id="{{ containers["solr-mailcow"].Id }}">    
+                  <div class="collapse p-0 list-group-details container-details-collapse" id="solr-mailcowCollapse" data-id="{{ containers["solr-mailcow"].Id }}">
                     <div class="row p-2 pt-4">
                       <div class="col-sm-3">
                         <p><img class="img-responsive" alt="Solr Logo" width="128px" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAABlCAYAAAAI2qyuAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAXEUAAFxFAbktYiwAAAAYdEVYdFNvZnR3YXJlAHBhaW50Lm5ldCA0LjEuNWRHWFIAABv7SURBVHhe7V0JuBxVlX4JMy6jM4qOC4rp6qWq+jW+ruoXkIjoS1d3EhYXRvNkFHFBYECUAXGAASEOyiLIrigOEpDoACIqwogLiwMSkIghYF4viSFhiUGWCAQIyXuZ/9w+3V3VdXtfee/+33e+16/uqXtv1T2n7j33nnvukIJCP7BjbOzvsgt0O5cyjsymzG9mU8YvcylzIucYT2Ydczt+7xDkGFuR/hf8XplxzHG6d20qauSSkfCSJUOzRWYKCtMBE3uZ/5hxjE9A4K+FEmwuKUFj9Nd1Y9brdwwNzco6xr10DXk8DAX77kTaXEQKx8UoKLz8AGE+D73BcxVC3zBl09HPUz6ZpOHI0kEboXhnrU3H5ogCFRQGHSvmzv17+stf/ZaVA71EppgXFO0Xcp4CYai2LZeKLs2m9BDxKygMHEg4Mynz+kzK2IP+X52KvlEmzI1SPml+kPLB8CyOXmJKxuMnYyvoG7l9Iv9E9yoo9B3Xjg/thC/8cegtnsffFyGcr6TrBWNcJsQNkGPeIjIHkO8yKU9teiSXiryfs1BQ6A8eWhTdBV/3W4qCid/3c9IQ9QAugW2YoGSTeSc6Snn8KTkcKAyf5Ly1iHudi9eNBV4lKqSg0Evk0tF5EN7HPILpmN/l5CEMdY71pDVKjnkFZ0HDqwulPE1QJmneM5E238ZZKih0H3ln+AB8oV/wC6TxOWYhBfmGP702offYknX0t9P9Dy6MvaE9I99Fjrk+50RiomIKCt0EBO7jENzyop6LVqNXYTbiu6YyvR5NpMz/4tuH8PvLMp6WyTFO5awVFLoDfIkXQ9CkygHatuL9c/+BWYfQwyyX8FQlKN1jGxfEX0P3blg879XoTTbJ+JolskUySeNEUae0PkxEvxUUOgoMfd4rZqkkQkgEAV/FrALgfVzGV41gb3yWbx3KYKgm42mWqKfLpqKHU54Fg9/cgHqtp8kFUZCCQidAK9UQrpoCD2H8HrMPUU9SbRhWhVZeOz6+E927A39h/K+R8DRHjrGVejzKM7dP5E3IM1NMQ92WF6ejFRTawoPjsVdA0O72CJ+E0AMcxbcMkVOhjEdGYgiUNlJ861DeMcdlfM2R8SyM8gWUHy0aQllWSPguFgUqKLSDfMrYRyJcPppImnvxLSTkSRmPlBzjRr5NAMr4eylfo+QYT2A4+C7Ki9ZAsk70NhmfUEw8myhUQaFV0PBKJmBuwvDlpXVjY6UFOVw7pJKnCm3LObHS9Cv1JBKeZuiRfHJ4N8qLPH2hbD+V8JTJMdY/OBZ7rShcQaEV7FgyNBtj9iekAsaE9AeYXSDjRJfI+CoJBvO3+BYBKNrNMr5GCHXIToyZGuVDjpIZx7xCxucjxzhbFK6g0CogSP/rEywXQThLBjoBw5fLZHxugnJsJuOZbxnKLtQtGvbIeOsRyr9vrfPOt1A+pBzoOc6V8ckIivRiUbEUFFoCBPcsmXAVKTvfPJpZBSCgv5bxecgxjmd2gXzKvErKV4egHLevTYdex9lQXZteYMykyi4yCgp1UXT3KAJC9JFKoXJTZoHxHmYVgPBnZXxFwlDqIbcTYatOidmkccNd83Z9NWczlEubR0BBpLy1iNZ31NqIQsOgIRL/FPgzBFgmWET4gm9fySvgBLFRSuqnVSYo4L8yuwAUqmmnxIxjXFncUEWgPFHupIy3EZpwzNM4KwWF6kBvEKRZqdtc+70L43q5oQ6h/BOzCZAtIOMrEgR7OeXH7IWNVU06JaJ+F7jzyM83F1GdZbyNEnqRh4uLlQoKVTGRLIzhK/d5QwApAolfuBzzSmYRoB2FUj4QlGkqM987HAP/KTJeGdH9EOST+VaBNRjeNatg1YjWbzhbBQU5MGQS0UMyaWNvviQAwTyzUqCIILReA72GvQJl+BGzCWyA/YB8G3JKLAyfyu70hDUpcwQK+pSMvxWinomzVlDwY82C0JsLgigE5iC+LABBXOwWpiKREyOzCOTmG8fL+cwXK4MqgLdBp0Rjaz41fCDfJiDcWRzjUTl/a4Q65jl7BQU/3EpQdBEvYt0iU3MLExG+uNsedbm4E6oZ3Og9zmEWAbJxoIx1nRIhtFvI3YVvE1i9KLpLxjHXyvjbIRrCqdkshapAb1BaYIOCeJz5eEX9abdAQaFWc3IJuH69h6dAIgAcswhAYQ6U8HkICviU28eLsGr/kZ0hyPfL+Nsmx9iu7BCFqoDg/colMDfx5RIgQN4FwLTXQCdgOOTznEW+HjuFAOWq45RoPDYBG4PZBWg6GUp6l5y/daLVdDzbpVBGk4tSUPAjk6RwOQWhwdf7Qb5cAoTobLdg5dLGMZwkUFgDqexlygHgiqgRKVEQ8siTjcHsAsLtPlnb5aVZwvANBr5x+rqx2Fu5mKHMmPHP/FNBoYyCa3h5oQ2/N7vXGgj5tPFRj4Alh9/HSQIUh9edhyDH/AAnl4BeoJZT4v3r9isLLKEwvDOvlvC2RJmU+TCGeF/c5PLkLYQwMi6nHoovKSiUwTv5HigKEQRyigSekwUecG2EQvp2t4ARMguNaDFd8KSMWyuVjALKkTHs5ivxO+Ydq/Ye2ZlZBUSv5JiXyPibJsdYlU1FP7XD1aPRPviC97HxLPFAQR7iJAUFL/BV9WyOyiZ1i5ME+EsuIrRDkLJ8uYTcgujC0r2pcgA4N6A0PyjyeMgxbnIHfSgCw7ivSvmbINTldjzLfm5lpWeBjXMInsMzVYz/NzOLgoIfEJDS8CefDIv4uG5gyPQbTv8hXyoBaUcU7804RikAXBHVnBJJacjGYLYSYKu0FnwOhOfYDrpudTpSCkVURGa+kULafbL7yGBnNgUFPwqr04WACxh6lPaZF4Gv8ddFGsbwfKkECPTXhKA5xnOVHsEEKMIFRUEsEuyBi+lrziwl4Iv/yWpDsVqEe15AOd9ekx7WOasSKOQP6nYjeKT3EikFeZkgEom8skixmP/r2k3Q/ggWljP4UgklQz0dHeNLJaAHuZLSMAzzecZWOiWSkIJKgeLcgPJ9CDxNub+jR3gyl4qevsoJio1TbhSimujfRHl184RyPcu3KQwq5u0679VG0NpWJF2z/8JJPYHwyHWMZyDwV/OlEvILYxHqYSoNeAKE9DbQY7J93rjn1LIQmpMQ2C9wkgf5VHg+0mu6y7sJ5a3HcO4YWZk0M4e0E4p2UyOEsh/m29vB+E6RyGjYDCY+YASsYwzN+oYRtJfi73X4eyPoZ3rQvhZ/L0cDnwOeY00t8UG6Z2hoiTpjrg4KCmLvKBIU5AlO6hkgVCeDlvO/JYjZLsdYwf96AIVam0uah/C/JRQiJRocV8t4CcryCU7yYCIZnYsy/1YptDJCfqvy6eGDZcew0TmGtFIPnnWye2tRNmn+gbNpDqY2YhqB+IkQ/JuhCJvdDdgMobGfMjT7el2zDo9G93gjZ6/gwiAoCPlY5R3DpyAECHgpCmIRPMP1e5k9AWE9UggfnSEyX9+fL3uQGTOiULCanr34uk9hCHQreoV9K6ePiyAvZFJs2f0N0vWcVX0EAmOvigTjn4Uwr3A3WKcIDb8VtAzkmU6c6RgEBSFMpMyDZLNLlQ6KBDLKi8Ha3Cg6JUJoN1d6/hbxwMLd3gHlWS8RVkFI2w7F+NFaPr1KBvIURjnXgqR5NEpQ5tM5y+oYw0OZocQR+NI/4m6oLtIkhOCqUCj+Zq7CjMagKAgNVXYc7nUTqYZqoTzFUCdl/qVyTaWI3N6RN6HnWC0TVtHjpMxLyO5hdh/W7z2yM5TvXFDVuMHNUDYZ/RhnLcdw2NpND1p/cDdQJWGYtR22xWr8vUYPJk6LBOJHmEF7cVSzFpphK4nr6TBsDj1gfRrDsRNwz6XohX6HfLdU5uUhzd5EeXBVZiwGRUHahVgFx5c/vzAsFXAy9KEcPqdFKMaTGMZ9dc2C6h9MWg0nQx+8NWN2NUu05ZiL8ANCPg7BlwoxhP5p/P0uGeaRyLtaOiSRpiuFAmn2+aQMlWUI0mjmxj6Ub5mRmC4KQj5VsvUQgvD9gj3hFk78/xB6jKNrRTskpYMNcgAUo2bklFYo45gbqtk2QwZsDTTGlLthBIlhlnXU3F384852QMoiytSsh31loh5kxDPrjMN0UZBqoJkwCGRp3wiU4n6yd9yBImQQs1wp8/bifR0nx7yUi/IirI18sDBscgupNUlTtPF4OaRLNxB/S/w1EIBzC+V5hGJ7JBj3eYLOBExnBSnMdhnfg6BTAIZbaLdg1a82Iw8jHsL7ffC3HNanESJ/LS6yDGNOPOiftrWep3ULZukJxJpK0H7OXQ8IxjM0vcwsMwbTWUHyKf0sCPo1E2Pm7nypKoSNkjK+Rsa6TKA7SajT47IZu1lQjl9VNMbWfhnKEc0eI+V01wdDvPt67WrRb0xXBaHTZnPJ3TwboWSgoVY+qR8GxdgoE+ZuEG035uLLMEKJlLshiCCk/87JfYEZtD/uqZNm5aPh0bmcPCMw3W2QWshgyAXFKO1L6RTxkG4T8qYtwT/OOcY55KKC3x9ZkzZ3l7nawzC3r/c2hEW7qfruCoJeYyno50bI3hf/zjjXlJmoIGsWRN8JO+MXbqFujjAMc8y1UIDb8HspeoTToACH0h4V2sjljgXcEDBseS2E8EV3Q0QGZw2iptE23TGTFOTBsdhbs0nzvyHYVc80LHz9yVvXXJlNGTeA//y8ox8HA//A1anou8m5kmbGOMumUHWCgBbz3I0AZSEvxhktmIOCmaAghYM+zZMg+M9guLMVtB49wB15x1iWSRtnkP8WzSpRz1I8HrpdkBLRPpGsE6VA17Sv5TcoV36ADnoLWuEuK0jQvpyTFPqMmaAgFPCBfLNoIXFFg+4szYCUgcL4YJj1CSjiebQoib+VnsJ/rRrFBC/+Ik8jBOPHcZJCnzGTjfRWQLNeHDDioGxKPx/KcHsxCEMtQg9V3e/KCFpXeBohYNd20poBGMdXJxqMG7QGZGr20REtfooesL5Cbv6RgPUZXUu8zzDmdj1uklKQ6qAYW3TwJ3qDT2N4dCGGSndimNZ0dHcM4f6Hs5QDNscyTyMEEh/mpBkFWsk3g9ZBeB8/9i+YSmkK9tsEhPZcnn7uuN3WDQWJBO3FyOvuIpG3NifVw6xhLRGIzME7ClrnmIWNcLdRHnrQuh3pXZtlJGWg6IprUvqncmnjIgj2negdOrFouJrOT+di5MADXgoqN7yWOJiTZgTItR7PfTaInDDL76FZ0ux7IsEEucR0TFG6oSAQ5s+788THoOa+B+opjVD8RJS9ynOfi5Dn80uWdGaHKLnLk0t8Nq0flqP94465HNT5FXTHeGJ1KmpwsdUBm+Msz8Nq9pc4aVpjLr5KRsg6XtesZ9zP3wG6VQ/sNszFtIV+Kkhh+t86A71F7a0JoHYURNgNwitXBIW7G387sp+jJlGk+Ipg2FUBAfm3igdeyknTFhhGDuM5a+11mYIwrscQ6ic0nMA7+rIRsk/EfafBLrkM/9+L9K2S+5isF0DHoqi2epN+KYgZsOaD7yEPXw3qQA8yi06yyiajH86n9K9AiG/CEGoj7Aq5gLdBUMAtFBOYy60PjEF39zysZq3H5Wm7DmIErAMg+M+6n7lEmrUBdsjJ4XCCNvbUfAf8hf0o7rsZ5N8eANJD9nXtbA/oh4IYwcQX/R7dLtJs2pawVOQTju+jByw7FprrOaatE6CFO/LZghH9IQyHTsVX/0YIeFs+WVC4pzNj3hOz6oK21eKBPeNvchbk5GmFQm/pdacnguD9FX8/R8MuZm0K4fDIKITql5X5EuH68tiu897ArE2hxwoyC/mf50ljwvWt+LBcYYZtGpb09eO5Hkoz4ZgfEEqTMn4GwX+EVtgrlcFHjpGjgHGcTXPAV2FpxQu5BZenVS8C5TgMz+b70uP6dZGI/SZmawez0GN8DArhM/YhlPe2svuylwqC3zRRUb5eTr+OtkKImwcTs2hLbjYV3R/Dp5PR0/wUfze4lQP//3T9/t5g2E1B10b3lLycabPdVQ/Y+0G4vMMGzdrWDY9lfc7uISjd/Z6yCnQz9dbM1hB6pSAUS8BzTVy3/6aHEp5zzF9OEEqT1PeDwizGv+1/7PFCbqh4SS/Qghgnv2yh67uH8CyerzoE+CU9EO/aeg/1FhjK3e4uU5QbtM9ilobQIwX5Fb0P9zXwPBoMjnpOdeoGyM7IJaMLs46xDMOkSzBkOoW23NKRzrR7sPLAnb6CDC28LM8CGRrkWSOQ8Byc+HICrYgbWvx3Fc9EW3g/wixdAxnxELzfu8sGTVKwCmapi54oSCVRRJlgvP76QAfB8XovhIJs9Q6NyLPXeAi/f5tPmVdRzN1M0jgy4xj75pxIjBb5KCQRZ9N90FcVL6linG5NRoLWOdTgzPaygVQYQtYJnNx1vDO451t41qdUPuqUp0B8zFITvVYQ6knYEO8LaOEOCnF9o9O7ZJzDvtgMRbor6+j/wtl0FzTNh5clmba0NqKHOb4XPkidQGzX2BtQ76fczwAB+AWSejr5wNuHPTNn5EHNyTXRawUxNevLzNZX5NKRMfQo98qUokjkdwXl+Dl+H7I2HXod39ob4GUdWjkuLRIaaSsU5SY0+rG0hjKoPYseTJxZUe9nIpGRXTm5p0AvcrG7LqCnGpnV6qmCaPYDzU4idBMU9YRc1KEo69BTPJ6lU3Md88pMKvrFtWljb1lghZ4iHEi8Gw2Slb5ML01BYTCMsH4LI/RqNMAluHY2rp2O31+BDXAKudCbgfghwjsWSsWhRbs2dhRGsmb9zVPPBr/a3UAgYL2ehNtdH12L13Xp6aWC4Lo0mHS/US8UUF9Bh7agUb6E3oQW0nwvtS0iAdbse4xg/DvkQt7JrzuU9ShvWfYm8tbl5L6AFNRTp6C1BpdrfiR6qCB/RNK0WvfqKchdAkpyGBr1LrxM30p0h4iiKN5LaxNkP3DRLQH5eGaPIBTSE4x6Ce5FPPG+jFC8pttDDxVkRod47SjMdyTeRsGoIYTfxstegb+d9oYFkQepdVEssIfnnOxGQHsWKvKa7IavUCvQtcRl7rrh3fljMLnQCwXB/1tM039KlELnMDsOm2JYi+8Z1uwPmSHr0xDKo0wtfjSdKBWhma+QvQSNcRFslGvQyHdiuLGBBNfdUDIC/7NmSKx2N2yvwNbxrApDAAbmQHg8jydABuo2wUlS9KQH0ezGD4pR6B12LTT+HjSkgsLcBPKEHvIQ0kOhuQ1N5UEIv+++Vw+OnMRJfUcsFnsFhNztSTxZa9q8Nwoi3w+iMGAYmTOys67FvwAh+LOnAYsUsFY2clQbeB903zdo7jIQyF+768dB8aRQCqLgg9jpR7NQ0n3h1l21VqHFvZ4geNakae41UONrPBcddFp+poB1DCf5oBREoSpEtPmgfZ+nMQv0HWbxgfeXl3ghUD09NrkRROhIO3cdQ/Z5nOSDUhCFmqCvv65Zd3gaNGhPVdvQJU7g9fBaKzlpYKCHhL9buY6avYyTfFAKolAXBdvEyrsbFYJyJyd7EAnEEx6+oJyvnzC1+CJ3HSl8Dif5oBREoSGE59h7oTErHCgTcU4uga55eDS7tcPguwgjYO/rrqNSEIWOAML+c3fDoqF9q+O6PkKbo8o8mvUoJw0MaFuuu46gqlFklIIoNAxDix/oadig9VtOKqGwk6/c00AYttN6CycPBMTCqes5UMczOckHpSAKDYPcTtwNC/viKU5yYzZdd/OR9zCnDQRQp8vd9cOQ60hO8kEpiEIzmI0hk3ttZErmQ0Q9i4sHZB3FSQMBDBU9C5kUpI2TfFAKotAUIOye2SxynOSkEiBEnthO6FF+wkl9R3TO6C6oU3kIqFkv1dpwphREoSlAQf7kblzy3OWkEiAA+7t5IFTPDYodEtWsw911A93NSVIoBVFoCmjcR92NKwv4Vti74t13Yc6xDuLkvgIK7gkFhN7tPzlJCqUgCg2DegE07rZy41ovVdtDjbQfuIUAgnUHJ/UNw2FrN9TFvZYzxTGAq0IpiELDoN137obF1zfDST4YoVHHzUsUDSfezcl9AQSzwg1fhHetCaUgAwLybepFJL12gF7hQk/D1j5slGa8POE/9WD8Vlzvy75rCLaF+ns2iOkhez9OrgqlIAOAsJY4WLiIa/amMIYBfHmgQF66EHjP1t560REjQXvczU+kB+I9jzUrojsW9vK760LGeV1lVQrSZ0ApTsVLKo+LNetx/N2DkwcFs1CvH5XqKMjaSLvzOL0aZlUKJglYr2NjkSHurgNoSg+OvpeTa0IpSJ8BBaG94uWXJcjaMkhRvSmmVmUdaZsuJ9cEHe4CgfAGZobBTuGMmKWrQC+2AALomlggsq7g5LpQCjIAwAs72fPCCkQnuH47Hu9vLCnagkt1cdcN9V3RTARA2UcAz3b1+ND4TszSFaCcPSB8nuB1KHcdhf9hlrpQCjIgwIv6LK3qel6ceHn2WjYme2rc0rZalF0ZrpME7MlIZDTMbA2BbAAI1m8q84po1g8bGKa1BD048l6UUXmQzgsQzncxS0PwKYjc/6wpKAVpETSNipfnWYgrkhCwOkHOOgU6bgGCMOGvh7Wl1TrQEWh4Nn+emvV/MneVNjArEkgcgfdVccCnNUneyMzTMArH49GBoKW8JqNvqx+4ohaUgrQBsae7Yt+Fl6zlaPxPxmJjHQ1YLcLhhOIfhmLcKS1XszbXcuprBBQ8Dvn7I6Zo1uN6wP4YWNrqJUX+/kOIQNakGUwcwmxNA3n80Z0fnuE4TmoJSkHaxyxDSxyMF1k1Hi/StuDFXodh2WF8fl3TwhWNju5iBu1x5EHHKlcvS7MfMAJzo3xbW9B16+0Q2JXScqCctB0WbE0F1aYeCHmeA3rel69mvdju1DIJsDtPvI9nYnPsGCdLEQvEqkakVArSIVBXjsb4ptQ2qaTC9PAvhd2gWSfga/8ZCP9iI2wdEC4clXwoBPAkPWR9C79vBs9jpXurEMreijy+3mlHQ3KRp22usjIFafYaPRj/uqmNLiqEPvUY87PI10vsfZ8jQhNRwDvpkcl4b+t1Lb4n39cywuHd34E6eYLq4V0+jWunGKFEKkrnj9BmMjFlb/0Q6WtBNLEhna5XCtJh0HFceKnfx8uvmK7sDqGsbaZmX9XtY8AovjDK82yukpP1PIT9cSjsJiGY9YN3k3AupWATXFTbQLmVaymNkDSkqFKQLoGGUpGgfTZe8EbPC+4UafFHIIhn9vLIYfIGpl6toV6yAcK7+Z0Rst7D2XcSs2nWTVZmdbIm9UDCdy64UpAug2ZWCt164gx06/fgBbtnWRomNNQTuPfXES1+SiQwOm9oaEnvDmOsQOEA08QZqJN0Fq8OPY8v/LUYVjZ8OGdrWDLbLCya+s5h95Nok7vRC7+fby5BKUiPQeE+zeDICPlGURhN9DJfZVvjcijQMnydL6PogRjSnGwER8gWSfPUal8cB2tjyWzy+kUdT4Lg3ADKg9zj/yk80yYMt+7E81xAdlavQ5vSDkTU6aOgM+g4BROE+pyH9/wfZO+R9wC1CbP7QDOVtE+/SDRxwUkKHgwN/T/fvy7K4dvMgwAAAABJRU5ErkJggg==" /></p>
@@ -238,10 +238,10 @@
                         <canvas class="d-none" id="solr-mailcow_NetIOChart" width="400" height="200"></canvas>
                       </div>
                       <div class="col-sm-12 d-flex" style="height: 40px">
-                        <a href data-bs-toggle="modal" 
-                          data-container="solr-mailcow" 
-                          data-bs-target="#RestartContainer" 
-                          class="btn btn-sm btn-secondary d-flex align-items-center justify-content-center mb-2 ms-auto" 
+                        <a href data-bs-toggle="modal"
+                          data-container="solr-mailcow"
+                          data-bs-target="#RestartContainer"
+                          class="btn btn-sm btn-secondary d-flex align-items-center justify-content-center mb-2 ms-auto"
                           style="height: 30px;">{{ lang.debug.restart_container }}
                             <i class="ms-1 bi
                             {% if containers["solr-mailcow"].State.Running == 1 %}
@@ -255,7 +255,7 @@
                           ></i>
                         </a>
                       </div>
-                    </div>                  
+                    </div>
                   </div>
                   {% endif %}
                 </div>
@@ -291,8 +291,8 @@
                           </button>
                         </div>
                       </div>
-                      <div class="collapse p-0 list-group-details container-details-collapse" id="{{ container }}Collapse" data-id="{{ container_info.Id }}">   
-                        <div class="row p-2 pt-4">   
+                      <div class="collapse p-0 list-group-details container-details-collapse" id="{{ container }}Collapse" data-id="{{ container_info.Id }}">
+                        <div class="row p-2 pt-4">
                           <div class="mt-4 col-sm-12 col-md-6 d-flex flex-column">
                             <h6>Disk I/O</h6>
                             <div class="spinner-border my-4 mx-auto" role="status">
@@ -306,12 +306,12 @@
                               <span class="visually-hidden">Loading...</span>
                             </div>
                             <canvas class="d-none" id="{{ container }}_NetIOChart" width="400" height="200"></canvas>
-                          </div>   
-                          <div class="col-12 d-flex" style="height: 40px">             
-                            <a href data-bs-toggle="modal" 
-                              data-container="{{ container }}" 
-                              data-bs-target="#RestartContainer" 
-                              class="btn btn-sm btn-secondary d-flex align-items-center justify-content-center mb-2 ms-auto" 
+                          </div>
+                          <div class="col-12 d-flex" style="height: 40px">
+                            <a href data-bs-toggle="modal"
+                              data-container="{{ container }}"
+                              data-bs-target="#RestartContainer"
+                              class="btn btn-sm btn-secondary d-flex align-items-center justify-content-center mb-2 ms-auto"
                               style="height: 30px;">{{ lang.debug.restart_container }}
                                 <i class="ms-1 bi
                                 {% if container_info.State.Running == 1 %}
@@ -340,7 +340,7 @@
         <div class="debug-log-info">{{ lang.debug.log_info|format(log_lines+1)|raw }}</div>
         <div class="card">
           <div class="card-header d-flex align-items-center fs-5">
-            <span class="mt-2 ms-2">Postfix</span>      
+            <span class="mt-2 ms-2">Postfix</span>
             <div class="btn-group ms-auto">
               <button class="btn btn-sm btn-secondary refresh_table" data-draw="draw_postfix_logs" data-table="postfix_log">{{ lang.admin.refresh }}</button>
             </div>
@@ -627,6 +627,6 @@
   var lang_debug = {{ lang_debug|raw }};
   var lang_datatables = {{ lang_datatables|raw }};
   var csrf_token = '{{ csrf_token }}';
-  var log_pagination_size = '{{ log_pagination_size }}';
+  var log_pagination_size = Math.trunc('{{ log_pagination_size }}');
 </script>
 {% endblock %}
diff --git a/data/web/templates/domainadmin.twig b/data/web/templates/domainadmin.twig
index 56f5e75f..070bf00c 100644
--- a/data/web/templates/domainadmin.twig
+++ b/data/web/templates/domainadmin.twig
@@ -46,7 +46,7 @@
       <div class="col-sm-3 col-5 text-end">{{ lang.fido2.known_ids }}:</div>
       <div class="col-sm-9 col-7">
         <div class="table-responsive">
-          <table class="table table-striped table-hover table-condensed" id="fido2_keys">
+          <table class="table table-striped table-hover table-condensed w-100" id="fido2_keys">
             <tr>
               <th>ID</th>
               <th style="min-width:240px;text-align: right">{{ lang.admin.action }}</th>
diff --git a/data/web/templates/edit.twig b/data/web/templates/edit.twig
index 29f36435..af83a31d 100644
--- a/data/web/templates/edit.twig
+++ b/data/web/templates/edit.twig
@@ -26,7 +26,7 @@
   var lang_user = {{ lang_user|raw }};
   var lang_datatables = {{ lang_datatables|raw }};
   var csrf_token = '{{ csrf_token }}';
-  var pagination_size = '{{ pagination_size }}';
+  var pagination_size = Math.trunc('{{ pagination_size }}');
   var table_for_domain = '{{ domain }}';
 </script>
 {% endblock %}
diff --git a/data/web/templates/mailbox.twig b/data/web/templates/mailbox.twig
index d1044288..1312441c 100644
--- a/data/web/templates/mailbox.twig
+++ b/data/web/templates/mailbox.twig
@@ -58,7 +58,7 @@
   var lang_rl = {{ lang_rl|raw }};
   var lang_datatables = {{ lang_datatables|raw }};
   var csrf_token = '{{ csrf_token }}';
-  var pagination_size = '{{ pagination_size }}';
+  var pagination_size = Math.trunc('{{ pagination_size }}');
   var role = '{{ role }}';
   var is_dual = {{ is_dual }};
   var ALLOW_ADMIN_EMAIL_LOGIN = {{ allow_admin_email_login }};
diff --git a/data/web/templates/quarantine.twig b/data/web/templates/quarantine.twig
index 5ff7fe66..79b5ea16 100644
--- a/data/web/templates/quarantine.twig
+++ b/data/web/templates/quarantine.twig
@@ -37,7 +37,7 @@
           </p>
           {% endif %}
         </p>
-        <table id="quarantinetable" class="table table-striped"></table>
+        <table id="quarantinetable" class="table table-striped w-100"></table>
         <div class="mass-actions-quarantine mt-4">
           <div class="btn-group" data-acl="{{ acl.quarantine }}">
             <a class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary" id="toggle_multi_select_all" data-id="qitems" href="#"><i class="bi bi-check-all"></i> {{ lang.quarantine.toggle_all }}</a>
@@ -66,7 +66,7 @@ var acl = '{{ acl_json|raw }}';
 var lang = {{ lang_quarantine|raw }};
 var lang_datatables = {{ lang_datatables|raw }};
 var csrf_token = '{{ csrf_token }}';
-var pagination_size = '{{ pagination_size }}';
+var pagination_size = Math.trunc('{{ pagination_size }}');
 var role = '{{ role }}';
 </script>
 {% endblock %}
diff --git a/data/web/templates/queue.twig b/data/web/templates/queue.twig
index 1a5d4ff9..e843c18e 100644
--- a/data/web/templates/queue.twig
+++ b/data/web/templates/queue.twig
@@ -55,7 +55,7 @@
   var lang = {{ lang_queue|raw }};
   var lang_datatables = {{ lang_datatables|raw }};
   var csrf_token = '{{ csrf_token }}';
-  var pagination_size = '{{ pagination_size }}';
+  var pagination_size = Math.trunc('{{ pagination_size }}');
   var table_for_domain = '{{ domain }}';
 </script>
 {% endblock %}
diff --git a/data/web/templates/user_domainadmin_common.twig b/data/web/templates/user_domainadmin_common.twig
index 8a7ace39..64a2205d 100644
--- a/data/web/templates/user_domainadmin_common.twig
+++ b/data/web/templates/user_domainadmin_common.twig
@@ -4,7 +4,7 @@
   var acl = '{{ acl_json|raw }}';
   var lang = {{ lang_user|raw }};
   var csrf_token = '{{ csrf_token }}';
-  var pagination_size = '{{ pagination_size }}';
+  var pagination_size = Math.trunc('{{ pagination_size }}');
   var mailcow_cc_username = '{{ mailcow_cc_username }}';
   var user_spam_score = [{{ user_spam_score }}];
   var lang_datatables = {{ lang_datatables|raw }};

From 5bf62481d51d0dcd7b8202f65fc73d2e6d349f93 Mon Sep 17 00:00:00 2001
From: Kristian Feldsam <feldsam@gmail.com>
Date: Fri, 6 Jan 2023 19:25:23 +0100
Subject: [PATCH 150/170] [Web] Implemented SSO for domain admins

Signed-off-by: Kristian Feldsam <feldsam@gmail.com>

Revert "[Web] Implemented SSO for domain admins"

This reverts commit 6860dc8ebe2c8f53d77df5bca7787f7cb3bb4ee0.

Signed-off-by: Kristian Feldsam <feldsam@gmail.com>
---
 data/web/api/openapi.yaml                   |   38 +-
 data/web/inc/functions.domain_admin.inc.php |  875 +++---
 data/web/inc/init_db.inc.php                | 2731 ++++++++++---------
 data/web/inc/sessions.inc.php               |  280 +-
 data/web/inc/triggers.inc.php               |   15 +-
 data/web/json_api.php                       |   12 +
 6 files changed, 2041 insertions(+), 1910 deletions(-)

diff --git a/data/web/api/openapi.yaml b/data/web/api/openapi.yaml
index 6310aa58..5e07c4b3 100644
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@@ -699,6 +699,38 @@ paths:
                   type: string
               type: object
       summary: Create Domain Admin user
+  /api/v1/add/sso/domain-admin:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    token: "591F6D-5C3DD2-7455CD-DAF1C1-AA4FCC"
+          description: OK
+          headers: { }
+      tags:
+        - Single Sign-On
+      description: >-
+        Using this endpoint you can issue a token for Domain Admin user. This token can be used for
+        autologin Domain Admin user by using query_string var sso_token={token}. Token expiration time is 30s
+      operationId: Issue Domain Admin SSO token
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                username: testadmin
+              properties:
+                username:
+                  description: the username for the admin user
+                  type: object
+              type: object
+      summary: Issue Domain Admin SSO token
   /api/v1/edit/da-acl:
     post:
       responses:
@@ -1999,7 +2031,7 @@ paths:
                 - domain.tld
                 - domain2.tld
               properties:
-                items: 
+                items:
                   type: array
                   items:
                     type: string
@@ -2993,7 +3025,7 @@ paths:
             application/json:
               schema:
                 type: array
-                items: 
+                items:
                   type: object
                   properties:
                     log:
@@ -5586,6 +5618,8 @@ tags:
     description: Manage DKIM keys
   - name: Domain admin
     description: Create or udpdate domain admin users
+  - name: Single Sign-On
+    description: Issue tokens for users
   - name: Address Rewriting
     description: Create BCC maps or recipient maps
   - name: Outgoing TLS Policy Map Overrides
diff --git a/data/web/inc/functions.domain_admin.inc.php b/data/web/inc/functions.domain_admin.inc.php
index 804c0f83..bb88ea34 100644
--- a/data/web/inc/functions.domain_admin.inc.php
+++ b/data/web/inc/functions.domain_admin.inc.php
@@ -1,407 +1,468 @@
-<?php
-function domain_admin($_action, $_data = null) {
-  global $pdo;
-  global $lang;
-  $_data_log = $_data;
-  !isset($_data_log['password']) ?: $_data_log['password'] = '*';
-  !isset($_data_log['password2']) ?: $_data_log['password2'] = '*';
-  !isset($_data_log['user_old_pass']) ?: $_data_log['user_old_pass'] = '*';
-  !isset($_data_log['user_new_pass']) ?: $_data_log['user_new_pass'] = '*';
-  !isset($_data_log['user_new_pass2']) ?: $_data_log['user_new_pass2'] = '*';
-  switch ($_action) {
-    case 'add':
-      $username		= strtolower(trim($_data['username']));
-      $password		= $_data['password'];
-      $password2  = $_data['password2'];
-      $domains    = (array)$_data['domains'];
-      $active     = intval($_data['active']);
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
-        );
-        return false;
-      }
-      if (empty($domains)) {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'domain_invalid'
-        );
-        return false;
-      }
-      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username) || $username == 'API') {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('username_invalid', $username)
-        );
-        return false;
-      }
-
-      $stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
-        WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username));
-      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-
-      $stmt = $pdo->prepare("SELECT `username` FROM `admin`
-        WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username));
-      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-
-      $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
-        WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username));
-      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-
-      foreach ($num_results as $num_results_each) {
-        if ($num_results_each != 0) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('object_exists', htmlspecialchars($username))
-          );
-          return false;
-        }
-      }
-      if (password_check($password, $password2) !== true) {
-        continue;
-      }
-      $password_hashed = hash_password($password);
-      $valid_domains = 0;
-      foreach ($domains as $domain) {
-        if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('domain_invalid', htmlspecialchars($domain))
-          );
-          continue;
-        }
-        $valid_domains++;
-        $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
-            VALUES (:username, :domain, :created, :active)");
-        $stmt->execute(array(
-          ':username' => $username,
-          ':domain' => $domain,
-          ':created' => date('Y-m-d H:i:s'),
-          ':active' => $active
-        ));
-      }
-      if ($valid_domains != 0) {
-        $stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `active`)
-          VALUES (:username, :password_hashed, '0', :active)");
-        $stmt->execute(array(
-          ':username' => $username,
-          ':password_hashed' => $password_hashed,
-          ':active' => $active
-        ));
-      }
-      $stmt = $pdo->prepare("INSERT INTO `da_acl` (`username`) VALUES (:username)");
-      $stmt->execute(array(
-        ':username' => $username
-      ));
-      $_SESSION['return'][] = array(
-        'type' => 'success',
-        'log' => array(__FUNCTION__, $_action, $_data_log),
-        'msg' => array('domain_admin_added', htmlspecialchars($username))
-      );
-    break;
-    case 'edit':
-      if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
-        );
-        return false;
-      }
-      // Administrator
-      if ($_SESSION['mailcow_cc_role'] == "admin") {
-        if (!is_array($_data['username'])) {
-          $usernames = array();
-          $usernames[] = $_data['username'];
-        }
-        else {
-          $usernames = $_data['username'];
-        }
-        foreach ($usernames as $username) {
-          $is_now = domain_admin('details', $username);
-          $domains = (isset($_data['domains'])) ? (array)$_data['domains'] : null;
-          if (!empty($is_now)) {
-            $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
-            $domains = (!empty($domains)) ? $domains : $is_now['selected_domains'];
-            $username_new = (!empty($_data['username_new'])) ? $_data['username_new'] : $is_now['username'];
-          }
-          else {
-            $_SESSION['return'][] = array(
-              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, $_data_log),
-              'msg' => 'access_denied'
-            );
-            continue;
-          }
-          $password     = $_data['password'];
-          $password2    = $_data['password2'];
-          if (!empty($domains)) {
-            foreach ($domains as $domain) {
-              if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
-                $_SESSION['return'][] = array(
-                  'type' => 'danger',
-                  'log' => array(__FUNCTION__, $_action, $_data_log),
-                  'msg' => array('domain_invalid', htmlspecialchars($domain))
-                );
-                continue 2;
-              }
-            }
-          }
-          if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username_new))) {
-            $_SESSION['return'][] = array(
-              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, $_data_log),
-              'msg' => array('username_invalid', $username_new)
-            );
-            continue;
-          }
-          if ($username_new != $username) {
-            if (!empty(domain_admin('details', $username_new)['username'])) {
-              $_SESSION['return'][] = array(
-                'type' => 'danger',
-                'log' => array(__FUNCTION__, $_action, $_data_log),
-                'msg' => array('username_invalid', $username_new)
-              );
-              continue;
-            }
-          }
-          $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
-          $stmt->execute(array(
-            ':username' => $username,
-          ));
-          $stmt = $pdo->prepare("UPDATE `da_acl` SET `username` = :username_new WHERE `username` = :username");
-          $stmt->execute(array(
-            ':username_new' => $username_new,
-            ':username' => $username
-          ));
-          if (!empty($domains)) {
-            foreach ($domains as $domain) {
-              $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
-                VALUES (:username_new, :domain, :created, :active)");
-              $stmt->execute(array(
-                ':username_new' => $username_new,
-                ':domain' => $domain,
-                ':created' => date('Y-m-d H:i:s'),
-                ':active' => $active
-              ));
-            }
-          }
-          if (!empty($password)) {
-            if (password_check($password, $password2) !== true) {
-              return false;
-            }
-            $password_hashed = hash_password($password);
-            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active, `password` = :password_hashed WHERE `username` = :username");
-            $stmt->execute(array(
-              ':password_hashed' => $password_hashed,
-              ':username_new' => $username_new,
-              ':username' => $username,
-              ':active' => $active
-            ));
-            if (isset($_data['disable_tfa'])) {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
-              $stmt->execute(array(':username' => $username));
-            }
-            else {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
-              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
-            }
-          }
-          else {
-            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active WHERE `username` = :username");
-            $stmt->execute(array(
-              ':username_new' => $username_new,
-              ':username' => $username,
-              ':active' => $active
-            ));
-            if (isset($_data['disable_tfa'])) {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
-              $stmt->execute(array(':username' => $username));
-            }
-            else {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
-              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
-            }
-          }
-          $_SESSION['return'][] = array(
-            'type' => 'success',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('domain_admin_modified', htmlspecialchars($username))
-          );
-        }
-        return true;
-      }
-      // Domain administrator
-      // Can only edit itself
-      elseif ($_SESSION['mailcow_cc_role'] == "domainadmin") {
-        $username = $_SESSION['mailcow_cc_username'];
-        $password_old		= $_data['user_old_pass'];
-        $password_new	= $_data['user_new_pass'];
-        $password_new2	= $_data['user_new_pass2'];
-
-        $stmt = $pdo->prepare("SELECT `password` FROM `admin`
-            WHERE `username` = :user");
-        $stmt->execute(array(':user' => $username));
-        $row = $stmt->fetch(PDO::FETCH_ASSOC);
-        if (!verify_hash($row['password'], $password_old)) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => 'access_denied'
-          );
-          return false;
-        }
-        if (password_check($password_new, $password_new2) !== true) {
-          return false;
-        }
-        $password_hashed = hash_password($password_new);
-        $stmt = $pdo->prepare("UPDATE `admin` SET `password` = :password_hashed WHERE `username` = :username");
-        $stmt->execute(array(
-          ':password_hashed' => $password_hashed,
-          ':username' => $username
-        ));
-        $_SESSION['return'][] = array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('domain_admin_modified', htmlspecialchars($username))
-        );
-      }
-    break;
-    case 'delete':
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
-        );
-        return false;
-      }
-      $usernames = (array)$_data['username'];
-      foreach ($usernames as $username) {
-        if (empty(domain_admin('details', $username))) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('username_invalid', $username)
-          );
-          continue;
-        }
-        $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
-        $stmt->execute(array(
-          ':username' => $username,
-        ));
-        $stmt = $pdo->prepare("DELETE FROM `admin` WHERE `username` = :username");
-        $stmt->execute(array(
-          ':username' => $username,
-        ));
-        $stmt = $pdo->prepare("DELETE FROM `da_acl` WHERE `username` = :username");
-        $stmt->execute(array(
-          ':username' => $username,
-        ));
-        $stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username");
-        $stmt->execute(array(
-          ':username' => $username,
-        ));
-        $stmt = $pdo->prepare("DELETE FROM `fido2` WHERE `username` = :username");
-        $stmt->execute(array(
-          ':username' => $username,
-        ));
-        $_SESSION['return'][] = array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('domain_admin_removed', htmlspecialchars($username))
-        );
-      }
-    break;
-    case 'get':
-      $domainadmins = array();
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
-        );
-        return false;
-      }
-      $stmt = $pdo->query("SELECT DISTINCT
-        `username`
-          FROM `domain_admins`
-            WHERE `username` IN (
-              SELECT `username` FROM `admin`
-                WHERE `superadmin`!='1'
-            )");
-      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-      while ($row = array_shift($rows)) {
-        $domainadmins[] = $row['username'];
-      }
-      return $domainadmins;
-    break;
-    case 'details':
-      $domainadmindata = array();
-      if ($_SESSION['mailcow_cc_role'] == "domainadmin" && $_data != $_SESSION['mailcow_cc_username']) {
-        return false;
-      }
-      elseif ($_SESSION['mailcow_cc_role'] != "admin" || !isset($_data)) {
-        return false;
-      }
-      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $_data))) {
-        return false;
-      }
-      $stmt = $pdo->prepare("SELECT
-        `tfa`.`active` AS `tfa_active`,
-        `domain_admins`.`username`,
-        `domain_admins`.`created`,
-        `domain_admins`.`active` AS `active`
-          FROM `domain_admins`
-          LEFT OUTER JOIN `tfa` ON `tfa`.`username`=`domain_admins`.`username`
-            WHERE `domain_admins`.`username`= :domain_admin");
-      $stmt->execute(array(
-        ':domain_admin' => $_data
-      ));
-      $row = $stmt->fetch(PDO::FETCH_ASSOC);
-      if (empty($row)) {
-        return false;
-      }
-      $domainadmindata['username'] = $row['username'];
-      $domainadmindata['tfa_active'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
-      $domainadmindata['tfa_active_int'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
-      $domainadmindata['active'] = $row['active'];
-      $domainadmindata['active_int'] = $row['active'];
-      $domainadmindata['created'] = $row['created'];
-      // GET SELECTED
-      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-        WHERE `domain` IN (
-          SELECT `domain` FROM `domain_admins`
-            WHERE `username`= :domain_admin)");
-      $stmt->execute(array(':domain_admin' => $_data));
-      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-      while($row = array_shift($rows)) {
-        $domainadmindata['selected_domains'][] = $row['domain'];
-      }
-      // GET UNSELECTED
-      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-        WHERE `domain` NOT IN (
-          SELECT `domain` FROM `domain_admins`
-            WHERE `username`= :domain_admin)");
-      $stmt->execute(array(':domain_admin' => $_data));
-      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-      while($row = array_shift($rows)) {
-        $domainadmindata['unselected_domains'][] = $row['domain'];
-      }
-      if (!isset($domainadmindata['unselected_domains'])) {
-        $domainadmindata['unselected_domains'] = "";
-      }
-
-      return $domainadmindata;
-    break;
-  }
-}
+<?php
+function domain_admin($_action, $_data = null) {
+  global $pdo;
+  global $lang;
+  $_data_log = $_data;
+  !isset($_data_log['password']) ?: $_data_log['password'] = '*';
+  !isset($_data_log['password2']) ?: $_data_log['password2'] = '*';
+  !isset($_data_log['user_old_pass']) ?: $_data_log['user_old_pass'] = '*';
+  !isset($_data_log['user_new_pass']) ?: $_data_log['user_new_pass'] = '*';
+  !isset($_data_log['user_new_pass2']) ?: $_data_log['user_new_pass2'] = '*';
+  switch ($_action) {
+    case 'add':
+      $username		= strtolower(trim($_data['username']));
+      $password		= $_data['password'];
+      $password2  = $_data['password2'];
+      $domains    = (array)$_data['domains'];
+      $active     = intval($_data['active']);
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+      if (empty($domains)) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'domain_invalid'
+        );
+        return false;
+      }
+      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username) || $username == 'API') {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => array('username_invalid', $username)
+        );
+        return false;
+      }
+
+      $stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
+        WHERE `username` = :username");
+      $stmt->execute(array(':username' => $username));
+      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+
+      $stmt = $pdo->prepare("SELECT `username` FROM `admin`
+        WHERE `username` = :username");
+      $stmt->execute(array(':username' => $username));
+      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+
+      $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
+        WHERE `username` = :username");
+      $stmt->execute(array(':username' => $username));
+      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+
+      foreach ($num_results as $num_results_each) {
+        if ($num_results_each != 0) {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'msg' => array('object_exists', htmlspecialchars($username))
+          );
+          return false;
+        }
+      }
+      if (password_check($password, $password2) !== true) {
+        continue;
+      }
+      $password_hashed = hash_password($password);
+      $valid_domains = 0;
+      foreach ($domains as $domain) {
+        if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'msg' => array('domain_invalid', htmlspecialchars($domain))
+          );
+          continue;
+        }
+        $valid_domains++;
+        $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+            VALUES (:username, :domain, :created, :active)");
+        $stmt->execute(array(
+          ':username' => $username,
+          ':domain' => $domain,
+          ':created' => date('Y-m-d H:i:s'),
+          ':active' => $active
+        ));
+      }
+      if ($valid_domains != 0) {
+        $stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `active`)
+          VALUES (:username, :password_hashed, '0', :active)");
+        $stmt->execute(array(
+          ':username' => $username,
+          ':password_hashed' => $password_hashed,
+          ':active' => $active
+        ));
+      }
+      $stmt = $pdo->prepare("INSERT INTO `da_acl` (`username`) VALUES (:username)");
+      $stmt->execute(array(
+        ':username' => $username
+      ));
+      $_SESSION['return'][] = array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $_action, $_data_log),
+        'msg' => array('domain_admin_added', htmlspecialchars($username))
+      );
+    break;
+    case 'edit':
+      if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+      // Administrator
+      if ($_SESSION['mailcow_cc_role'] == "admin") {
+        if (!is_array($_data['username'])) {
+          $usernames = array();
+          $usernames[] = $_data['username'];
+        }
+        else {
+          $usernames = $_data['username'];
+        }
+        foreach ($usernames as $username) {
+          $is_now = domain_admin('details', $username);
+          $domains = (isset($_data['domains'])) ? (array)$_data['domains'] : null;
+          if (!empty($is_now)) {
+            $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
+            $domains = (!empty($domains)) ? $domains : $is_now['selected_domains'];
+            $username_new = (!empty($_data['username_new'])) ? $_data['username_new'] : $is_now['username'];
+          }
+          else {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_data_log),
+              'msg' => 'access_denied'
+            );
+            continue;
+          }
+          $password     = $_data['password'];
+          $password2    = $_data['password2'];
+          if (!empty($domains)) {
+            foreach ($domains as $domain) {
+              if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
+                $_SESSION['return'][] = array(
+                  'type' => 'danger',
+                  'log' => array(__FUNCTION__, $_action, $_data_log),
+                  'msg' => array('domain_invalid', htmlspecialchars($domain))
+                );
+                continue 2;
+              }
+            }
+          }
+          if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username_new))) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_data_log),
+              'msg' => array('username_invalid', $username_new)
+            );
+            continue;
+          }
+          if ($username_new != $username) {
+            if (!empty(domain_admin('details', $username_new)['username'])) {
+              $_SESSION['return'][] = array(
+                'type' => 'danger',
+                'log' => array(__FUNCTION__, $_action, $_data_log),
+                'msg' => array('username_invalid', $username_new)
+              );
+              continue;
+            }
+          }
+          $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
+          $stmt->execute(array(
+            ':username' => $username,
+          ));
+          $stmt = $pdo->prepare("UPDATE `da_acl` SET `username` = :username_new WHERE `username` = :username");
+          $stmt->execute(array(
+            ':username_new' => $username_new,
+            ':username' => $username
+          ));
+          if (!empty($domains)) {
+            foreach ($domains as $domain) {
+              $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+                VALUES (:username_new, :domain, :created, :active)");
+              $stmt->execute(array(
+                ':username_new' => $username_new,
+                ':domain' => $domain,
+                ':created' => date('Y-m-d H:i:s'),
+                ':active' => $active
+              ));
+            }
+          }
+          if (!empty($password)) {
+            if (password_check($password, $password2) !== true) {
+              return false;
+            }
+            $password_hashed = hash_password($password);
+            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active, `password` = :password_hashed WHERE `username` = :username");
+            $stmt->execute(array(
+              ':password_hashed' => $password_hashed,
+              ':username_new' => $username_new,
+              ':username' => $username,
+              ':active' => $active
+            ));
+            if (isset($_data['disable_tfa'])) {
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
+              $stmt->execute(array(':username' => $username));
+            }
+            else {
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
+              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
+            }
+          }
+          else {
+            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active WHERE `username` = :username");
+            $stmt->execute(array(
+              ':username_new' => $username_new,
+              ':username' => $username,
+              ':active' => $active
+            ));
+            if (isset($_data['disable_tfa'])) {
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
+              $stmt->execute(array(':username' => $username));
+            }
+            else {
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
+              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
+            }
+          }
+          $_SESSION['return'][] = array(
+            'type' => 'success',
+            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'msg' => array('domain_admin_modified', htmlspecialchars($username))
+          );
+        }
+        return true;
+      }
+      // Domain administrator
+      // Can only edit itself
+      elseif ($_SESSION['mailcow_cc_role'] == "domainadmin") {
+        $username = $_SESSION['mailcow_cc_username'];
+        $password_old		= $_data['user_old_pass'];
+        $password_new	= $_data['user_new_pass'];
+        $password_new2	= $_data['user_new_pass2'];
+
+        $stmt = $pdo->prepare("SELECT `password` FROM `admin`
+            WHERE `username` = :user");
+        $stmt->execute(array(':user' => $username));
+        $row = $stmt->fetch(PDO::FETCH_ASSOC);
+        if (!verify_hash($row['password'], $password_old)) {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'msg' => 'access_denied'
+          );
+          return false;
+        }
+        if (password_check($password_new, $password_new2) !== true) {
+          return false;
+        }
+        $password_hashed = hash_password($password_new);
+        $stmt = $pdo->prepare("UPDATE `admin` SET `password` = :password_hashed WHERE `username` = :username");
+        $stmt->execute(array(
+          ':password_hashed' => $password_hashed,
+          ':username' => $username
+        ));
+        $_SESSION['return'][] = array(
+          'type' => 'success',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => array('domain_admin_modified', htmlspecialchars($username))
+        );
+      }
+    break;
+    case 'delete':
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+      $usernames = (array)$_data['username'];
+      foreach ($usernames as $username) {
+        if (empty(domain_admin('details', $username))) {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'msg' => array('username_invalid', $username)
+          );
+          continue;
+        }
+        $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
+        $stmt->execute(array(
+          ':username' => $username,
+        ));
+        $stmt = $pdo->prepare("DELETE FROM `admin` WHERE `username` = :username");
+        $stmt->execute(array(
+          ':username' => $username,
+        ));
+        $stmt = $pdo->prepare("DELETE FROM `da_acl` WHERE `username` = :username");
+        $stmt->execute(array(
+          ':username' => $username,
+        ));
+        $stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username");
+        $stmt->execute(array(
+          ':username' => $username,
+        ));
+        $stmt = $pdo->prepare("DELETE FROM `fido2` WHERE `username` = :username");
+        $stmt->execute(array(
+          ':username' => $username,
+        ));
+        $_SESSION['return'][] = array(
+          'type' => 'success',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => array('domain_admin_removed', htmlspecialchars($username))
+        );
+      }
+    break;
+    case 'get':
+      $domainadmins = array();
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+      $stmt = $pdo->query("SELECT DISTINCT
+        `username`
+          FROM `domain_admins`
+            WHERE `username` IN (
+              SELECT `username` FROM `admin`
+                WHERE `superadmin`!='1'
+            )");
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      while ($row = array_shift($rows)) {
+        $domainadmins[] = $row['username'];
+      }
+      return $domainadmins;
+    break;
+    case 'details':
+      $domainadmindata = array();
+      if ($_SESSION['mailcow_cc_role'] == "domainadmin" && $_data != $_SESSION['mailcow_cc_username']) {
+        return false;
+      }
+      elseif ($_SESSION['mailcow_cc_role'] != "admin" || !isset($_data)) {
+        return false;
+      }
+      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $_data))) {
+        return false;
+      }
+      $stmt = $pdo->prepare("SELECT
+        `tfa`.`active` AS `tfa_active`,
+        `domain_admins`.`username`,
+        `domain_admins`.`created`,
+        `domain_admins`.`active` AS `active`
+          FROM `domain_admins`
+          LEFT OUTER JOIN `tfa` ON `tfa`.`username`=`domain_admins`.`username`
+            WHERE `domain_admins`.`username`= :domain_admin");
+      $stmt->execute(array(
+        ':domain_admin' => $_data
+      ));
+      $row = $stmt->fetch(PDO::FETCH_ASSOC);
+      if (empty($row)) {
+        return false;
+      }
+      $domainadmindata['username'] = $row['username'];
+      $domainadmindata['tfa_active'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
+      $domainadmindata['tfa_active_int'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
+      $domainadmindata['active'] = $row['active'];
+      $domainadmindata['active_int'] = $row['active'];
+      $domainadmindata['created'] = $row['created'];
+      // GET SELECTED
+      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+        WHERE `domain` IN (
+          SELECT `domain` FROM `domain_admins`
+            WHERE `username`= :domain_admin)");
+      $stmt->execute(array(':domain_admin' => $_data));
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      while($row = array_shift($rows)) {
+        $domainadmindata['selected_domains'][] = $row['domain'];
+      }
+      // GET UNSELECTED
+      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+        WHERE `domain` NOT IN (
+          SELECT `domain` FROM `domain_admins`
+            WHERE `username`= :domain_admin)");
+      $stmt->execute(array(':domain_admin' => $_data));
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      while($row = array_shift($rows)) {
+        $domainadmindata['unselected_domains'][] = $row['domain'];
+      }
+      if (!isset($domainadmindata['unselected_domains'])) {
+        $domainadmindata['unselected_domains'] = "";
+      }
+
+      return $domainadmindata;
+    break;
+  }
+}
+function domain_admin_sso($_action, $_data) {
+  global $pdo;
+
+  switch ($_action) {
+    case 'check':
+      $token = $_data;
+
+      $stmt = $pdo->prepare("SELECT `t1`.`username` FROM `da_sso` AS `t1` JOIN `admin` AS `t2` ON `t1`.`username` = `t2`.`username` WHERE `t1`.`token` = :token AND `t1`.`created` > DATE_SUB(NOW(), INTERVAL '30' SECOND) AND `t2`.`active` = 1 AND `t2`.`superadmin` = 0;");
+      $stmt->execute(array(
+        ':token' => preg_replace('/[^a-zA-Z0-9-]/', '', $token)
+      ));
+      $return = $stmt->fetch(PDO::FETCH_ASSOC);
+      return empty($return['username']) ? false : $return['username'];
+    case 'issue':
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+
+      $username = $_data['username'];
+
+      $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
+        WHERE `username` = :username");
+      $stmt->execute(array(':username' => $username));
+      $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+
+      if ($num_results < 1) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data),
+          'msg' => array('object_doesnt_exist', htmlspecialchars($username))
+        );
+        return false;
+      }
+
+      $token = implode('-', array(
+        strtoupper(bin2hex(random_bytes(3))),
+        strtoupper(bin2hex(random_bytes(3))),
+        strtoupper(bin2hex(random_bytes(3))),
+        strtoupper(bin2hex(random_bytes(3))),
+        strtoupper(bin2hex(random_bytes(3)))
+      ));
+
+      $stmt = $pdo->prepare("INSERT INTO `da_sso` (`username`, `token`)
+            VALUES (:username, :token)");
+      $stmt->execute(array(
+        ':username' => $username,
+        ':token' => $token
+      ));
+
+      // perform cleanup
+      $pdo->query("DELETE FROM `da_sso` WHERE created < DATE_SUB(NOW(), INTERVAL '30' SECOND);");
+
+      return ['token' => $token];
+    break;
+  }
+}
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index e781f944..9fc9234e 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -1,230 +1,230 @@
-<?php
-function init_db_schema() {
-  try {
-    global $pdo;
-
-    $db_version = "23122022_1445";
-
-    $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
-    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-    if ($num_results != 0) {
-      $stmt = $pdo->query("SELECT `version` FROM `versions` WHERE `application` = 'db_schema'");
-      if ($stmt->fetch(PDO::FETCH_ASSOC)['version'] == $db_version) {
-        return true;
-      }
-      if (!preg_match('/y|yes/i', getenv('MASTER'))) {
-        $_SESSION['return'][] = array(
-          'type' => 'warning',
-          'log' => array(__FUNCTION__),
-          'msg' => 'Database not initialized: not running db_init on slave.'
-        );
-        return true;
-      }
-    }
-
-    $views = array(
-      "grouped_mail_aliases" => "CREATE VIEW grouped_mail_aliases (username, aliases) AS
-        SELECT goto, IFNULL(GROUP_CONCAT(address ORDER BY address SEPARATOR ' '), '') AS address FROM alias
-        WHERE address!=goto
-        AND active = '1'
-        AND sogo_visible = '1'
-        AND address NOT LIKE '@%'
-        GROUP BY goto;",
-      // START
-      // Unused at the moment - we cannot allow to show a foreign mailbox as sender address in SOGo, as SOGo does not like this
-      // We need to create delegation in SOGo AND set a sender_acl in mailcow to allow to send as user X
-      "grouped_sender_acl" => "CREATE VIEW grouped_sender_acl (username, send_as_acl) AS
-        SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as_acl FROM sender_acl
-        WHERE send_as NOT LIKE '@%'
-        GROUP BY logged_in_as;",
-      // END 
-      "grouped_sender_acl_external" => "CREATE VIEW grouped_sender_acl_external (username, send_as_acl) AS
-        SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as_acl FROM sender_acl
-        WHERE send_as NOT LIKE '@%' AND external = '1'
-        GROUP BY logged_in_as;",
-      "grouped_domain_alias_address" => "CREATE VIEW grouped_domain_alias_address (username, ad_alias) AS
-        SELECT username, IFNULL(GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ' '), '') AS ad_alias FROM mailbox
-        LEFT OUTER JOIN alias_domain ON target_domain=domain
-        GROUP BY username;",
-      "sieve_before" => "CREATE VIEW sieve_before (id, username, script_name, script_data) AS
-        SELECT md5(script_data), username, script_name, script_data FROM sieve_filters
-        WHERE filter_type = 'prefilter';",
-      "sieve_after" => "CREATE VIEW sieve_after (id, username, script_name, script_data) AS
-        SELECT md5(script_data), username, script_name, script_data FROM sieve_filters
-        WHERE filter_type = 'postfilter';"
-    );
-
-    $tables = array(
-      "versions" => array(
-        "cols" => array(
-          "application" => "VARCHAR(255) NOT NULL",
-          "version" => "VARCHAR(100) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("application")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "admin" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "password" => "VARCHAR(255) NOT NULL",
-          "superadmin" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE NOW(0)",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "fido2" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "friendlyName" => "VARCHAR(255)",
-          "rpId" => "VARCHAR(255) NOT NULL",
-          "credentialPublicKey" => "TEXT NOT NULL",
-          "certificateChain" => "TEXT",
-          // Can be null for format "none"
-          "certificate" => "TEXT",
-          "certificateIssuer" => "VARCHAR(255)",
-          "certificateSubject" => "VARCHAR(255)",
-          "signatureCounter" => "INT",
-          "AAGUID" => "BLOB",
-          "credentialId" => "BLOB NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE NOW(0)",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "_sogo_static_view" => array(
-        "cols" => array(
-          "c_uid" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "c_name" => "VARCHAR(255) NOT NULL",
-          "c_password" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "c_cn" => "VARCHAR(255)",
-          "mail" => "VARCHAR(255) NOT NULL",
-          // TODO -> use TEXT and check if SOGo login breaks on empty aliases
-          "aliases" => "TEXT NOT NULL",
-          "ad_aliases" => "VARCHAR(6144) NOT NULL DEFAULT ''",
-          "ext_acl" => "VARCHAR(6144) NOT NULL DEFAULT ''",
-          "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
-          "multiple_bookings" => "INT NOT NULL DEFAULT -1"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_uid")
-          ),
-          "key" => array(
-            "domain" => array("domain")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "relayhosts" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "hostname" => "VARCHAR(255) NOT NULL",
-          "username" => "VARCHAR(255) NOT NULL",
-          "password" => "VARCHAR(255) NOT NULL",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "hostname" => array("hostname")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "transports" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "destination" => "VARCHAR(255) NOT NULL",
-          "nexthop" => "VARCHAR(255) NOT NULL",
-          "username" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "password" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "is_mx_based" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "destination" => array("destination"),
-            "nexthop" => array("nexthop"),
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "alias" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "address" => "VARCHAR(255) NOT NULL",
-          "goto" => "TEXT NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "private_comment" => "TEXT",
-          "public_comment" => "TEXT",
-          "sogo_visible" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "unique" => array(
-            "address" => array("address")
-          ),
-          "key" => array(
-            "domain" => array("domain")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "api" => array(
-        "cols" => array(
-          "api_key" => "VARCHAR(255) NOT NULL",
-          "allow_from" => "VARCHAR(512) NOT NULL",
-          "skip_ip_check" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE NOW(0)",
-          "access" => "ENUM('ro', 'rw') NOT NULL DEFAULT 'rw'",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("api_key")
-          ),
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sender_acl" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "logged_in_as" => "VARCHAR(255) NOT NULL",
-          "send_as" => "VARCHAR(255) NOT NULL",
-          "external" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
+<?php
+function init_db_schema() {
+  try {
+    global $pdo;
+
+    $db_version = "06012023_1924";
+
+    $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
+    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+    if ($num_results != 0) {
+      $stmt = $pdo->query("SELECT `version` FROM `versions` WHERE `application` = 'db_schema'");
+      if ($stmt->fetch(PDO::FETCH_ASSOC)['version'] == $db_version) {
+        return true;
+      }
+      if (!preg_match('/y|yes/i', getenv('MASTER'))) {
+        $_SESSION['return'][] = array(
+          'type' => 'warning',
+          'log' => array(__FUNCTION__),
+          'msg' => 'Database not initialized: not running db_init on slave.'
+        );
+        return true;
+      }
+    }
+
+    $views = array(
+      "grouped_mail_aliases" => "CREATE VIEW grouped_mail_aliases (username, aliases) AS
+        SELECT goto, IFNULL(GROUP_CONCAT(address ORDER BY address SEPARATOR ' '), '') AS address FROM alias
+        WHERE address!=goto
+        AND active = '1'
+        AND sogo_visible = '1'
+        AND address NOT LIKE '@%'
+        GROUP BY goto;",
+      // START
+      // Unused at the moment - we cannot allow to show a foreign mailbox as sender address in SOGo, as SOGo does not like this
+      // We need to create delegation in SOGo AND set a sender_acl in mailcow to allow to send as user X
+      "grouped_sender_acl" => "CREATE VIEW grouped_sender_acl (username, send_as_acl) AS
+        SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as_acl FROM sender_acl
+        WHERE send_as NOT LIKE '@%'
+        GROUP BY logged_in_as;",
+      // END
+      "grouped_sender_acl_external" => "CREATE VIEW grouped_sender_acl_external (username, send_as_acl) AS
+        SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as_acl FROM sender_acl
+        WHERE send_as NOT LIKE '@%' AND external = '1'
+        GROUP BY logged_in_as;",
+      "grouped_domain_alias_address" => "CREATE VIEW grouped_domain_alias_address (username, ad_alias) AS
+        SELECT username, IFNULL(GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ' '), '') AS ad_alias FROM mailbox
+        LEFT OUTER JOIN alias_domain ON target_domain=domain
+        GROUP BY username;",
+      "sieve_before" => "CREATE VIEW sieve_before (id, username, script_name, script_data) AS
+        SELECT md5(script_data), username, script_name, script_data FROM sieve_filters
+        WHERE filter_type = 'prefilter';",
+      "sieve_after" => "CREATE VIEW sieve_after (id, username, script_name, script_data) AS
+        SELECT md5(script_data), username, script_name, script_data FROM sieve_filters
+        WHERE filter_type = 'postfilter';"
+    );
+
+    $tables = array(
+      "versions" => array(
+        "cols" => array(
+          "application" => "VARCHAR(255) NOT NULL",
+          "version" => "VARCHAR(100) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("application")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "admin" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "password" => "VARCHAR(255) NOT NULL",
+          "superadmin" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE NOW(0)",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "fido2" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "friendlyName" => "VARCHAR(255)",
+          "rpId" => "VARCHAR(255) NOT NULL",
+          "credentialPublicKey" => "TEXT NOT NULL",
+          "certificateChain" => "TEXT",
+          // Can be null for format "none"
+          "certificate" => "TEXT",
+          "certificateIssuer" => "VARCHAR(255)",
+          "certificateSubject" => "VARCHAR(255)",
+          "signatureCounter" => "INT",
+          "AAGUID" => "BLOB",
+          "credentialId" => "BLOB NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE NOW(0)",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "_sogo_static_view" => array(
+        "cols" => array(
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_password" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "c_cn" => "VARCHAR(255)",
+          "mail" => "VARCHAR(255) NOT NULL",
+          // TODO -> use TEXT and check if SOGo login breaks on empty aliases
+          "aliases" => "TEXT NOT NULL",
+          "ad_aliases" => "VARCHAR(6144) NOT NULL DEFAULT ''",
+          "ext_acl" => "VARCHAR(6144) NOT NULL DEFAULT ''",
+          "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
+          "multiple_bookings" => "INT NOT NULL DEFAULT -1"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_uid")
+          ),
+          "key" => array(
+            "domain" => array("domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "relayhosts" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "hostname" => "VARCHAR(255) NOT NULL",
+          "username" => "VARCHAR(255) NOT NULL",
+          "password" => "VARCHAR(255) NOT NULL",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "hostname" => array("hostname")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "transports" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "destination" => "VARCHAR(255) NOT NULL",
+          "nexthop" => "VARCHAR(255) NOT NULL",
+          "username" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "password" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "is_mx_based" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "destination" => array("destination"),
+            "nexthop" => array("nexthop"),
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "alias" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "address" => "VARCHAR(255) NOT NULL",
+          "goto" => "TEXT NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "private_comment" => "TEXT",
+          "public_comment" => "TEXT",
+          "sogo_visible" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "unique" => array(
+            "address" => array("address")
+          ),
+          "key" => array(
+            "domain" => array("domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "api" => array(
+        "cols" => array(
+          "api_key" => "VARCHAR(255) NOT NULL",
+          "allow_from" => "VARCHAR(512) NOT NULL",
+          "skip_ip_check" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE NOW(0)",
+          "access" => "ENUM('ro', 'rw') NOT NULL DEFAULT 'rw'",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("api_key")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sender_acl" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "logged_in_as" => "VARCHAR(255) NOT NULL",
+          "send_as" => "VARCHAR(255) NOT NULL",
+          "external" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
       "templates" => array(
         "cols" => array(
           "id" => "INT NOT NULL AUTO_INCREMENT",
@@ -241,1074 +241,1087 @@ function init_db_schema() {
         ),
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
       ),
-      "domain" => array(
-        // Todo: Move some attributes to json
-        "cols" => array(
-          "domain" => "VARCHAR(255) NOT NULL",
-          "description" => "VARCHAR(255)",
-          "aliases" => "INT(10) NOT NULL DEFAULT '0'",
-          "mailboxes" => "INT(10) NOT NULL DEFAULT '0'",
-          "defquota" => "BIGINT(20) NOT NULL DEFAULT '3072'",
-          "maxquota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
-          "quota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
-          "relayhost" => "VARCHAR(255) NOT NULL DEFAULT '0'",
-          "backupmx" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "gal" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "relay_all_recipients" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "relay_unknown_only" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("domain")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "tags_domain" => array(
-        "cols" => array(
-          "tag_name" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL"
-        ),
-        "keys" => array(
-          "fkey" => array(
-            "fk_tags_domain" => array(
-              "col" => "domain",
-              "ref" => "domain.domain",
-              "delete" => "CASCADE",
-              "update" => "NO ACTION"
-            )
-          ),
-          "unique" => array(
-            "tag_name" => array("tag_name", "domain")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "tls_policy_override" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "dest" => "VARCHAR(255) NOT NULL",
-          "policy" => "ENUM('none', 'may', 'encrypt', 'dane', 'dane-only', 'fingerprint', 'verify', 'secure') NOT NULL",
-          "parameters" => "VARCHAR(255) DEFAULT ''",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "unique" => array(
-            "dest" => array("dest")
-          ),
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "quarantine" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "qid" => "VARCHAR(30) NOT NULL",
-          "subject" => "VARCHAR(500)",
-          "score" => "FLOAT(8,2)",
-          "ip" => "VARCHAR(50)",
-          "action" => "CHAR(20) NOT NULL DEFAULT 'unknown'",
-          "symbols" => "JSON",
-          "fuzzy_hashes" => "JSON",
-          "sender" => "VARCHAR(255) NOT NULL DEFAULT 'unknown'",
-          "rcpt" => "VARCHAR(255)",
-          "msg" => "LONGTEXT",
-          "domain" => "VARCHAR(255)",
-          "notified" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "user" => "VARCHAR(255) NOT NULL DEFAULT 'unknown'",
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "mailbox" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "password" => "VARCHAR(255) NOT NULL",
-          "name" => "VARCHAR(255)",
-          "description" => "VARCHAR(255)",
-          // mailbox_path_prefix is followed by domain/local_part/
-          "mailbox_path_prefix" => "VARCHAR(150) DEFAULT '/var/vmail/'",
-          "quota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
-          "local_part" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "attributes" => "JSON",
-          "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
-          "multiple_bookings" => "INT NOT NULL DEFAULT -1",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          ),
-          "key" => array(
-            "domain" => array("domain"),
-            "kind" => array("kind")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "tags_mailbox" => array(
-        "cols" => array(
-          "tag_name" => "VARCHAR(255) NOT NULL",
-          "username" => "VARCHAR(255) NOT NULL"
-        ),
-        "keys" => array(
-          "fkey" => array(
-            "fk_tags_mailbox" => array(
-              "col" => "username",
-              "ref" => "mailbox.username",
-              "delete" => "CASCADE",
-              "update" => "NO ACTION"
-            )
-          ),
-          "unique" => array(
-            "tag_name" => array("tag_name", "username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sieve_filters" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "username" => "VARCHAR(255) NOT NULL",
-          "script_desc" => "VARCHAR(255) NOT NULL",
-          "script_name" => "ENUM('active','inactive')",
-          "script_data" => "TEXT NOT NULL",
-          "filter_type" => "ENUM('postfilter','prefilter')",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "username" => array("username"),
-            "script_desc" => array("script_desc")
-          ),
-          "fkey" => array(
-            "fk_username_sieve_global_before" => array(
-              "col" => "username",
-              "ref" => "mailbox.username",
-              "delete" => "CASCADE",
-              "update" => "NO ACTION"
-            )
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "app_passwd" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "name" => "VARCHAR(255) NOT NULL",
-          "mailbox" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "password" => "VARCHAR(255) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "imap_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "smtp_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "dav_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "eas_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "pop3_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "sieve_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "mailbox" => array("mailbox"),
-            "password" => array("password"),
-            "domain" => array("domain"),
-          ),
-          "fkey" => array(
-            "fk_username_app_passwd" => array(
-              "col" => "mailbox",
-              "ref" => "mailbox.username",
-              "delete" => "CASCADE",
-              "update" => "NO ACTION"
-            )
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "user_acl" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "spam_alias" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "tls_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "spam_score" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "delimiter_action" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "sogo_profile_reset" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "pushover" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          // quarantine is for quarantine actions, todo: rename
-          "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "quarantine_attachments" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "quarantine_notification" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "quarantine_category" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          ),
-          "fkey" => array(
-            "fk_username" => array(
-              "col" => "username",
-              "ref" => "mailbox.username",
-              "delete" => "CASCADE",
-              "update" => "NO ACTION"
-            )
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "alias_domain" => array(
-        "cols" => array(
-          "alias_domain" => "VARCHAR(255) NOT NULL",
-          "target_domain" => "VARCHAR(255) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("alias_domain")
-          ),
-          "key" => array(
-            "active" => array("active"),
-            "target_domain" => array("target_domain")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "spamalias" => array(
-        "cols" => array(
-          "address" => "VARCHAR(255) NOT NULL",
-          "goto" => "TEXT NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "validity" => "INT(11)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("address")
-          ),
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "filterconf" => array(
-        "cols" => array(
-          "object" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "option" => "VARCHAR(50) NOT NULL DEFAULT ''",
-          "value" => "VARCHAR(100) NOT NULL DEFAULT ''",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "prefid" => "INT(11) NOT NULL AUTO_INCREMENT"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("prefid")
-          ),
-          "key" => array(
-            "object" => array("object")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "settingsmap" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "desc" => "VARCHAR(255) NOT NULL",
-          "content" => "LONGTEXT NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "logs" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "task" => "CHAR(32) NOT NULL DEFAULT '000000'",
-          "type" => "VARCHAR(32) DEFAULT ''",
-          "msg" => "TEXT",
-          "call" => "TEXT",
-          "user" => "VARCHAR(64) NOT NULL",
-          "role" => "VARCHAR(32) NOT NULL",
-          "remote" => "VARCHAR(39) NOT NULL",
-          "time" => "INT(11) NOT NULL"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sasl_log" => array(
-        "cols" => array(
-          "service" => "VARCHAR(32) NOT NULL DEFAULT ''",
-          "app_password" => "INT",
-          "username" => "VARCHAR(255) NOT NULL",
-          "real_rip" => "VARCHAR(64) NOT NULL",
-          "datetime" => "DATETIME(0) NOT NULL DEFAULT NOW(0)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("service", "real_rip", "username")
-          ),
-          "key" => array(
-            "username" => array("username"),
-            "service" => array("service"),
-            "datetime" => array("datetime"),
-            "real_rip" => array("real_rip")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "quota2" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "bytes" => "BIGINT(20) NOT NULL DEFAULT '0'",
-          "messages" => "BIGINT(20) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "quota2replica" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "bytes" => "BIGINT(20) NOT NULL DEFAULT '0'",
-          "messages" => "BIGINT(20) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "domain_admins" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "username" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "username" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "da_acl" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "login_as" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "sogo_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "pushover" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "filters" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "ratelimit" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "extend_sender_acl" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "unlimited_quota" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "protocol_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "smtp_ip_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "alias_domains" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "mailbox_relayhost" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "domain_relayhost" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "domain_desc" => "TINYINT(1) NOT NULL DEFAULT '0'"
-          ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "imapsync" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "user2" => "VARCHAR(255) NOT NULL",
-          "host1" => "VARCHAR(255) NOT NULL",
-          "authmech1" => "ENUM('PLAIN','LOGIN','CRAM-MD5') DEFAULT 'PLAIN'",
-          "regextrans2" => "VARCHAR(255) DEFAULT ''",
-          "authmd51" => "TINYINT(1) NOT NULL DEFAULT 0",
-          "domain2" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "subfolder2" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "user1" => "VARCHAR(255) NOT NULL",
-          "password1" => "VARCHAR(255) NOT NULL",
-          "exclude" => "VARCHAR(500) NOT NULL DEFAULT ''",
-          "maxage" => "SMALLINT NOT NULL DEFAULT '0'",
-          "mins_interval" => "SMALLINT UNSIGNED NOT NULL DEFAULT '0'",
-          "maxbytespersecond" => "VARCHAR(50) NOT NULL DEFAULT '0'",
-          "port1" => "SMALLINT UNSIGNED NOT NULL",
-          "enc1" => "ENUM('TLS','SSL','PLAIN') DEFAULT 'TLS'",
-          "delete2duplicates" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "delete1" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "delete2" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "automap" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "skipcrossduplicates" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "custom_params" => "VARCHAR(512) NOT NULL DEFAULT ''",
-          "timeout1" => "SMALLINT NOT NULL DEFAULT '600'",
-          "timeout2" => "SMALLINT NOT NULL DEFAULT '600'",
-          "subscribeall" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "is_running" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "returned_text" => "LONGTEXT",
-          "last_run" => "TIMESTAMP NULL DEFAULT NULL",
-          "success" => "TINYINT(1) UNSIGNED DEFAULT NULL",
-          "exit_status" => "VARCHAR(50) DEFAULT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "bcc_maps" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "local_dest" => "VARCHAR(255) NOT NULL",
-          "bcc_dest" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "type" => "ENUM('sender','rcpt')",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "local_dest" => array("local_dest"),
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "recipient_maps" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "old_dest" => "VARCHAR(255) NOT NULL",
-          "new_dest" => "VARCHAR(255) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "local_dest" => array("old_dest"),
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "tfa" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "key_id" => "VARCHAR(255) NOT NULL",
-          "username" => "VARCHAR(255) NOT NULL",
-          "authmech" => "ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')",
-          "secret" => "VARCHAR(255) DEFAULT NULL",
-          "keyHandle" => "VARCHAR(1023) DEFAULT NULL",
-          "publicKey" => "VARCHAR(4096) DEFAULT NULL",
-          "counter" => "INT NOT NULL DEFAULT '0'",
-          "certificate" => "TEXT",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "forwarding_hosts" => array(
-        "cols" => array(
-          "host" => "VARCHAR(255) NOT NULL",
-          "source" => "VARCHAR(255) NOT NULL",
-          "filter_spam" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("host")
-          ),
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_acl" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "c_folder_id" => "INT NOT NULL",
-          "c_object" => "VARCHAR(255) NOT NULL",
-          "c_uid" => "VARCHAR(255) NOT NULL",
-          "c_role" => "VARCHAR(80) NOT NULL"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "sogo_acl_c_folder_id_idx" => array("c_folder_id"),
-            "sogo_acl_c_uid_idx" => array("c_uid")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_alarms_folder" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "c_path" => "VARCHAR(255) NOT NULL",
-          "c_name" => "VARCHAR(255) NOT NULL",
-          "c_uid" => "VARCHAR(255) NOT NULL",
-          "c_recurrence_id" => "INT(11) DEFAULT NULL",
-          "c_alarm_number" => "INT(11) NOT NULL",
-          "c_alarm_date" => "INT(11) NOT NULL"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_cache_folder" => array(
-        "cols" => array(
-          "c_uid" => "VARCHAR(255) NOT NULL",
-          "c_path" => "VARCHAR(255) NOT NULL",
-          "c_parent_path" => "VARCHAR(255) DEFAULT NULL",
-          "c_type" => "TINYINT(3) unsigned NOT NULL",
-          "c_creationdate" => "INT(11) NOT NULL",
-          "c_lastmodified" => "INT(11) NOT NULL",
-          "c_version" => "INT(11) NOT NULL DEFAULT '0'",
-          "c_deleted" => "TINYINT(4) NOT NULL DEFAULT '0'",
-          "c_content" => "LONGTEXT"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_uid", "c_path")
-          ),
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_folder_info" => array(
-        "cols" => array(
-          "c_folder_id" => "BIGINT(20) unsigned NOT NULL AUTO_INCREMENT",
-          "c_path" => "VARCHAR(255) NOT NULL",
-          "c_path1" => "VARCHAR(255) NOT NULL",
-          "c_path2" => "VARCHAR(255) DEFAULT NULL",
-          "c_path3" => "VARCHAR(255) DEFAULT NULL",
-          "c_path4" => "VARCHAR(255) DEFAULT NULL",
-          "c_foldername" => "VARCHAR(255) NOT NULL",
-          "c_location" => "VARCHAR(2048) DEFAULT NULL",
-          "c_quick_location" => "VARCHAR(2048) DEFAULT NULL",
-          "c_acl_location" => "VARCHAR(2048) DEFAULT NULL",
-          "c_folder_type" => "VARCHAR(255) NOT NULL"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_path")
-          ),
-          "unique" => array(
-            "c_folder_id" => array("c_folder_id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_quick_appointment" => array(
-        "cols" => array(
-          "c_folder_id" => "INT NOT NULL",
-          "c_name" => "VARCHAR(255) NOT NULL",
-          "c_uid" => "VARCHAR(1000) NOT NULL",
-          "c_startdate" => "INT",
-          "c_enddate" => "INT",
-          "c_cycleenddate" => "INT",
-          "c_title" => "VARCHAR(1000) NOT NULL",
-          "c_participants" => "TEXT",
-          "c_isallday" => "INT",
-          "c_iscycle" => "INT",
-          "c_cycleinfo" => "TEXT",
-          "c_classification" => "INT NOT NULL",
-          "c_isopaque" => "INT NOT NULL",
-          "c_status" => "INT NOT NULL",
-          "c_priority" => "INT",
-          "c_location" => "VARCHAR(255)",
-          "c_orgmail" => "VARCHAR(255)",
-          "c_partmails" => "TEXT",
-          "c_partstates" => "TEXT",
-          "c_category" => "VARCHAR(255)",
-          "c_sequence" => "INT",
-          "c_component" => "VARCHAR(10) NOT NULL",
-          "c_nextalarm" => "INT",
-          "c_description" => "TEXT"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_folder_id", "c_name")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_quick_contact" => array(
-        "cols" => array(
-          "c_folder_id" => "INT NOT NULL",
-          "c_name" => "VARCHAR(255) NOT NULL",
-          "c_givenname" => "VARCHAR(255)",
-          "c_cn" => "VARCHAR(255)",
-          "c_sn" => "VARCHAR(255)",
-          "c_screenname" => "VARCHAR(255)",
-          "c_l" => "VARCHAR(255)",
-          "c_mail" => "TEXT",
-          "c_o" => "VARCHAR(500)",
-          "c_ou" => "VARCHAR(255)",
-          "c_telephonenumber" => "VARCHAR(255)",
-          "c_categories" => "VARCHAR(255)",
-          "c_component" => "VARCHAR(10) NOT NULL",
-          "c_hascertificate" => "INT4 DEFAULT 0"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_folder_id", "c_name")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_sessions_folder" => array(
-        "cols" => array(
-          "c_id" => "VARCHAR(255) NOT NULL",
-          "c_value" => "VARCHAR(4096) NOT NULL",
-          "c_creationdate" => "INT(11) NOT NULL",
-          "c_lastseen" => "INT(11) NOT NULL"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_store" => array(
-        "cols" => array(
-          "c_folder_id" => "INT NOT NULL",
-          "c_name" => "VARCHAR(255) NOT NULL",
-          "c_content" => "MEDIUMTEXT NOT NULL",
-          "c_creationdate" => "INT NOT NULL",
-          "c_lastmodified" => "INT NOT NULL",
-          "c_version" => "INT NOT NULL",
-          "c_deleted" => "INT"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_folder_id", "c_name")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "pushover" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "key" => "VARCHAR(255) NOT NULL",
-          "token" => "VARCHAR(255) NOT NULL",
-          "attributes" => "JSON",
-          "title" => "TEXT",
-          "text" => "TEXT",
-          "senders" => "TEXT",
-          "senders_regex" => "TEXT",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_user_profile" => array(
-        "cols" => array(
-          "c_uid" => "VARCHAR(255) NOT NULL",
-          "c_defaults" => "LONGTEXT",
-          "c_settings" => "LONGTEXT"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_uid")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "oauth_clients" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "client_id" => "VARCHAR(80) NOT NULL",
-          "client_secret" => "VARCHAR(80)",
-          "redirect_uri" => "VARCHAR(2000)",
-          "grant_types" => "VARCHAR(80)",
-          "scope" => "VARCHAR(4000)",
-          "user_id" => "VARCHAR(80)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("client_id")
-          ),
-          "unique" => array(
-            "id" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "oauth_access_tokens" => array(
-        "cols" => array(
-          "access_token" => "VARCHAR(40) NOT NULL",
-          "client_id" => "VARCHAR(80) NOT NULL",
-          "user_id" => "VARCHAR(80)",
-          "expires" => "TIMESTAMP NOT NULL",
-          "scope" => "VARCHAR(4000)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("access_token")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "oauth_authorization_codes" => array(
-        "cols" => array(
-          "authorization_code" => "VARCHAR(40) NOT NULL",
-          "client_id" => "VARCHAR(80) NOT NULL",
-          "user_id" => "VARCHAR(80)",
-          "redirect_uri" => "VARCHAR(2000)",
-          "expires" => "TIMESTAMP NOT NULL",
-          "scope" => "VARCHAR(4000)",
-          "id_token" => "VARCHAR(1000)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("authorization_code")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "oauth_refresh_tokens" => array(
-        "cols" => array(
-          "refresh_token" => "VARCHAR(40) NOT NULL",
-          "client_id" => "VARCHAR(80) NOT NULL",
-          "user_id" => "VARCHAR(80)",
-          "expires" => "TIMESTAMP NOT NULL",
-          "scope" => "VARCHAR(4000)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("refresh_token")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      )
-    );
-
-    foreach ($tables as $table => $properties) {
-      // Migrate to quarantine
-      if ($table == 'quarantine') {
-        $stmt = $pdo->query("SHOW TABLES LIKE 'quarantaine'");
-        $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-        if ($num_results != 0) {
-          $stmt = $pdo->query("SHOW TABLES LIKE 'quarantine'");
-          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-          if ($num_results == 0) {
-            $pdo->query("RENAME TABLE `quarantaine` TO `quarantine`");
-          }
-        }
-      }
-
+      "domain" => array(
+        // Todo: Move some attributes to json
+        "cols" => array(
+          "domain" => "VARCHAR(255) NOT NULL",
+          "description" => "VARCHAR(255)",
+          "aliases" => "INT(10) NOT NULL DEFAULT '0'",
+          "mailboxes" => "INT(10) NOT NULL DEFAULT '0'",
+          "defquota" => "BIGINT(20) NOT NULL DEFAULT '3072'",
+          "maxquota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
+          "quota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
+          "relayhost" => "VARCHAR(255) NOT NULL DEFAULT '0'",
+          "backupmx" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "gal" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "relay_all_recipients" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "relay_unknown_only" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "tags_domain" => array(
+        "cols" => array(
+          "tag_name" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL"
+        ),
+        "keys" => array(
+          "fkey" => array(
+            "fk_tags_domain" => array(
+              "col" => "domain",
+              "ref" => "domain.domain",
+              "delete" => "CASCADE",
+              "update" => "NO ACTION"
+            )
+          ),
+          "unique" => array(
+            "tag_name" => array("tag_name", "domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "tls_policy_override" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "dest" => "VARCHAR(255) NOT NULL",
+          "policy" => "ENUM('none', 'may', 'encrypt', 'dane', 'dane-only', 'fingerprint', 'verify', 'secure') NOT NULL",
+          "parameters" => "VARCHAR(255) DEFAULT ''",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "unique" => array(
+            "dest" => array("dest")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "quarantine" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "qid" => "VARCHAR(30) NOT NULL",
+          "subject" => "VARCHAR(500)",
+          "score" => "FLOAT(8,2)",
+          "ip" => "VARCHAR(50)",
+          "action" => "CHAR(20) NOT NULL DEFAULT 'unknown'",
+          "symbols" => "JSON",
+          "fuzzy_hashes" => "JSON",
+          "sender" => "VARCHAR(255) NOT NULL DEFAULT 'unknown'",
+          "rcpt" => "VARCHAR(255)",
+          "msg" => "LONGTEXT",
+          "domain" => "VARCHAR(255)",
+          "notified" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "user" => "VARCHAR(255) NOT NULL DEFAULT 'unknown'",
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "mailbox" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "password" => "VARCHAR(255) NOT NULL",
+          "name" => "VARCHAR(255)",
+          "description" => "VARCHAR(255)",
+          // mailbox_path_prefix is followed by domain/local_part/
+          "mailbox_path_prefix" => "VARCHAR(150) DEFAULT '/var/vmail/'",
+          "quota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
+          "local_part" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "attributes" => "JSON",
+          "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
+          "multiple_bookings" => "INT NOT NULL DEFAULT -1",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          ),
+          "key" => array(
+            "domain" => array("domain"),
+            "kind" => array("kind")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "tags_mailbox" => array(
+        "cols" => array(
+          "tag_name" => "VARCHAR(255) NOT NULL",
+          "username" => "VARCHAR(255) NOT NULL"
+        ),
+        "keys" => array(
+          "fkey" => array(
+            "fk_tags_mailbox" => array(
+              "col" => "username",
+              "ref" => "mailbox.username",
+              "delete" => "CASCADE",
+              "update" => "NO ACTION"
+            )
+          ),
+          "unique" => array(
+            "tag_name" => array("tag_name", "username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sieve_filters" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "username" => "VARCHAR(255) NOT NULL",
+          "script_desc" => "VARCHAR(255) NOT NULL",
+          "script_name" => "ENUM('active','inactive')",
+          "script_data" => "TEXT NOT NULL",
+          "filter_type" => "ENUM('postfilter','prefilter')",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "username" => array("username"),
+            "script_desc" => array("script_desc")
+          ),
+          "fkey" => array(
+            "fk_username_sieve_global_before" => array(
+              "col" => "username",
+              "ref" => "mailbox.username",
+              "delete" => "CASCADE",
+              "update" => "NO ACTION"
+            )
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "app_passwd" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "name" => "VARCHAR(255) NOT NULL",
+          "mailbox" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "password" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "imap_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "smtp_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "dav_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "eas_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "pop3_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "sieve_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "mailbox" => array("mailbox"),
+            "password" => array("password"),
+            "domain" => array("domain"),
+          ),
+          "fkey" => array(
+            "fk_username_app_passwd" => array(
+              "col" => "mailbox",
+              "ref" => "mailbox.username",
+              "delete" => "CASCADE",
+              "update" => "NO ACTION"
+            )
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "user_acl" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "spam_alias" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "tls_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "spam_score" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "delimiter_action" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "sogo_profile_reset" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "pushover" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          // quarantine is for quarantine actions, todo: rename
+          "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "quarantine_attachments" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "quarantine_notification" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "quarantine_category" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          ),
+          "fkey" => array(
+            "fk_username" => array(
+              "col" => "username",
+              "ref" => "mailbox.username",
+              "delete" => "CASCADE",
+              "update" => "NO ACTION"
+            )
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "alias_domain" => array(
+        "cols" => array(
+          "alias_domain" => "VARCHAR(255) NOT NULL",
+          "target_domain" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("alias_domain")
+          ),
+          "key" => array(
+            "active" => array("active"),
+            "target_domain" => array("target_domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "spamalias" => array(
+        "cols" => array(
+          "address" => "VARCHAR(255) NOT NULL",
+          "goto" => "TEXT NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "validity" => "INT(11)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("address")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "filterconf" => array(
+        "cols" => array(
+          "object" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "option" => "VARCHAR(50) NOT NULL DEFAULT ''",
+          "value" => "VARCHAR(100) NOT NULL DEFAULT ''",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "prefid" => "INT(11) NOT NULL AUTO_INCREMENT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("prefid")
+          ),
+          "key" => array(
+            "object" => array("object")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "settingsmap" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "desc" => "VARCHAR(255) NOT NULL",
+          "content" => "LONGTEXT NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "logs" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "task" => "CHAR(32) NOT NULL DEFAULT '000000'",
+          "type" => "VARCHAR(32) DEFAULT ''",
+          "msg" => "TEXT",
+          "call" => "TEXT",
+          "user" => "VARCHAR(64) NOT NULL",
+          "role" => "VARCHAR(32) NOT NULL",
+          "remote" => "VARCHAR(39) NOT NULL",
+          "time" => "INT(11) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sasl_log" => array(
+        "cols" => array(
+          "service" => "VARCHAR(32) NOT NULL DEFAULT ''",
+          "app_password" => "INT",
+          "username" => "VARCHAR(255) NOT NULL",
+          "real_rip" => "VARCHAR(64) NOT NULL",
+          "datetime" => "DATETIME(0) NOT NULL DEFAULT NOW(0)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("service", "real_rip", "username")
+          ),
+          "key" => array(
+            "username" => array("username"),
+            "service" => array("service"),
+            "datetime" => array("datetime"),
+            "real_rip" => array("real_rip")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "quota2" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "bytes" => "BIGINT(20) NOT NULL DEFAULT '0'",
+          "messages" => "BIGINT(20) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "quota2replica" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "bytes" => "BIGINT(20) NOT NULL DEFAULT '0'",
+          "messages" => "BIGINT(20) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "domain_admins" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "username" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "username" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "da_acl" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "login_as" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "sogo_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "pushover" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "filters" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "ratelimit" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "extend_sender_acl" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "unlimited_quota" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "protocol_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "smtp_ip_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "alias_domains" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "mailbox_relayhost" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "domain_relayhost" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "domain_desc" => "TINYINT(1) NOT NULL DEFAULT '0'"
+          ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "da_sso" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "token" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("token", "created")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "imapsync" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "user2" => "VARCHAR(255) NOT NULL",
+          "host1" => "VARCHAR(255) NOT NULL",
+          "authmech1" => "ENUM('PLAIN','LOGIN','CRAM-MD5') DEFAULT 'PLAIN'",
+          "regextrans2" => "VARCHAR(255) DEFAULT ''",
+          "authmd51" => "TINYINT(1) NOT NULL DEFAULT 0",
+          "domain2" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "subfolder2" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "user1" => "VARCHAR(255) NOT NULL",
+          "password1" => "VARCHAR(255) NOT NULL",
+          "exclude" => "VARCHAR(500) NOT NULL DEFAULT ''",
+          "maxage" => "SMALLINT NOT NULL DEFAULT '0'",
+          "mins_interval" => "SMALLINT UNSIGNED NOT NULL DEFAULT '0'",
+          "maxbytespersecond" => "VARCHAR(50) NOT NULL DEFAULT '0'",
+          "port1" => "SMALLINT UNSIGNED NOT NULL",
+          "enc1" => "ENUM('TLS','SSL','PLAIN') DEFAULT 'TLS'",
+          "delete2duplicates" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "delete1" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "delete2" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "automap" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "skipcrossduplicates" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "custom_params" => "VARCHAR(512) NOT NULL DEFAULT ''",
+          "timeout1" => "SMALLINT NOT NULL DEFAULT '600'",
+          "timeout2" => "SMALLINT NOT NULL DEFAULT '600'",
+          "subscribeall" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "is_running" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "returned_text" => "LONGTEXT",
+          "last_run" => "TIMESTAMP NULL DEFAULT NULL",
+          "success" => "TINYINT(1) UNSIGNED DEFAULT NULL",
+          "exit_status" => "VARCHAR(50) DEFAULT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "bcc_maps" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "local_dest" => "VARCHAR(255) NOT NULL",
+          "bcc_dest" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "type" => "ENUM('sender','rcpt')",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "local_dest" => array("local_dest"),
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "recipient_maps" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "old_dest" => "VARCHAR(255) NOT NULL",
+          "new_dest" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "local_dest" => array("old_dest"),
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "tfa" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "key_id" => "VARCHAR(255) NOT NULL",
+          "username" => "VARCHAR(255) NOT NULL",
+          "authmech" => "ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')",
+          "secret" => "VARCHAR(255) DEFAULT NULL",
+          "keyHandle" => "VARCHAR(1023) DEFAULT NULL",
+          "publicKey" => "VARCHAR(4096) DEFAULT NULL",
+          "counter" => "INT NOT NULL DEFAULT '0'",
+          "certificate" => "TEXT",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "forwarding_hosts" => array(
+        "cols" => array(
+          "host" => "VARCHAR(255) NOT NULL",
+          "source" => "VARCHAR(255) NOT NULL",
+          "filter_spam" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("host")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_acl" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "c_folder_id" => "INT NOT NULL",
+          "c_object" => "VARCHAR(255) NOT NULL",
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_role" => "VARCHAR(80) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "sogo_acl_c_folder_id_idx" => array("c_folder_id"),
+            "sogo_acl_c_uid_idx" => array("c_uid")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_alarms_folder" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "c_path" => "VARCHAR(255) NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_recurrence_id" => "INT(11) DEFAULT NULL",
+          "c_alarm_number" => "INT(11) NOT NULL",
+          "c_alarm_date" => "INT(11) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_cache_folder" => array(
+        "cols" => array(
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_path" => "VARCHAR(255) NOT NULL",
+          "c_parent_path" => "VARCHAR(255) DEFAULT NULL",
+          "c_type" => "TINYINT(3) unsigned NOT NULL",
+          "c_creationdate" => "INT(11) NOT NULL",
+          "c_lastmodified" => "INT(11) NOT NULL",
+          "c_version" => "INT(11) NOT NULL DEFAULT '0'",
+          "c_deleted" => "TINYINT(4) NOT NULL DEFAULT '0'",
+          "c_content" => "LONGTEXT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_uid", "c_path")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_folder_info" => array(
+        "cols" => array(
+          "c_folder_id" => "BIGINT(20) unsigned NOT NULL AUTO_INCREMENT",
+          "c_path" => "VARCHAR(255) NOT NULL",
+          "c_path1" => "VARCHAR(255) NOT NULL",
+          "c_path2" => "VARCHAR(255) DEFAULT NULL",
+          "c_path3" => "VARCHAR(255) DEFAULT NULL",
+          "c_path4" => "VARCHAR(255) DEFAULT NULL",
+          "c_foldername" => "VARCHAR(255) NOT NULL",
+          "c_location" => "VARCHAR(2048) DEFAULT NULL",
+          "c_quick_location" => "VARCHAR(2048) DEFAULT NULL",
+          "c_acl_location" => "VARCHAR(2048) DEFAULT NULL",
+          "c_folder_type" => "VARCHAR(255) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_path")
+          ),
+          "unique" => array(
+            "c_folder_id" => array("c_folder_id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_quick_appointment" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_uid" => "VARCHAR(1000) NOT NULL",
+          "c_startdate" => "INT",
+          "c_enddate" => "INT",
+          "c_cycleenddate" => "INT",
+          "c_title" => "VARCHAR(1000) NOT NULL",
+          "c_participants" => "TEXT",
+          "c_isallday" => "INT",
+          "c_iscycle" => "INT",
+          "c_cycleinfo" => "TEXT",
+          "c_classification" => "INT NOT NULL",
+          "c_isopaque" => "INT NOT NULL",
+          "c_status" => "INT NOT NULL",
+          "c_priority" => "INT",
+          "c_location" => "VARCHAR(255)",
+          "c_orgmail" => "VARCHAR(255)",
+          "c_partmails" => "TEXT",
+          "c_partstates" => "TEXT",
+          "c_category" => "VARCHAR(255)",
+          "c_sequence" => "INT",
+          "c_component" => "VARCHAR(10) NOT NULL",
+          "c_nextalarm" => "INT",
+          "c_description" => "TEXT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_folder_id", "c_name")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_quick_contact" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_givenname" => "VARCHAR(255)",
+          "c_cn" => "VARCHAR(255)",
+          "c_sn" => "VARCHAR(255)",
+          "c_screenname" => "VARCHAR(255)",
+          "c_l" => "VARCHAR(255)",
+          "c_mail" => "TEXT",
+          "c_o" => "VARCHAR(500)",
+          "c_ou" => "VARCHAR(255)",
+          "c_telephonenumber" => "VARCHAR(255)",
+          "c_categories" => "VARCHAR(255)",
+          "c_component" => "VARCHAR(10) NOT NULL",
+          "c_hascertificate" => "INT4 DEFAULT 0"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_folder_id", "c_name")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_sessions_folder" => array(
+        "cols" => array(
+          "c_id" => "VARCHAR(255) NOT NULL",
+          "c_value" => "VARCHAR(4096) NOT NULL",
+          "c_creationdate" => "INT(11) NOT NULL",
+          "c_lastseen" => "INT(11) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_store" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_content" => "MEDIUMTEXT NOT NULL",
+          "c_creationdate" => "INT NOT NULL",
+          "c_lastmodified" => "INT NOT NULL",
+          "c_version" => "INT NOT NULL",
+          "c_deleted" => "INT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_folder_id", "c_name")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "pushover" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "key" => "VARCHAR(255) NOT NULL",
+          "token" => "VARCHAR(255) NOT NULL",
+          "attributes" => "JSON",
+          "title" => "TEXT",
+          "text" => "TEXT",
+          "senders" => "TEXT",
+          "senders_regex" => "TEXT",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_user_profile" => array(
+        "cols" => array(
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_defaults" => "LONGTEXT",
+          "c_settings" => "LONGTEXT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_uid")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "oauth_clients" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "client_id" => "VARCHAR(80) NOT NULL",
+          "client_secret" => "VARCHAR(80)",
+          "redirect_uri" => "VARCHAR(2000)",
+          "grant_types" => "VARCHAR(80)",
+          "scope" => "VARCHAR(4000)",
+          "user_id" => "VARCHAR(80)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("client_id")
+          ),
+          "unique" => array(
+            "id" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "oauth_access_tokens" => array(
+        "cols" => array(
+          "access_token" => "VARCHAR(40) NOT NULL",
+          "client_id" => "VARCHAR(80) NOT NULL",
+          "user_id" => "VARCHAR(80)",
+          "expires" => "TIMESTAMP NOT NULL",
+          "scope" => "VARCHAR(4000)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("access_token")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "oauth_authorization_codes" => array(
+        "cols" => array(
+          "authorization_code" => "VARCHAR(40) NOT NULL",
+          "client_id" => "VARCHAR(80) NOT NULL",
+          "user_id" => "VARCHAR(80)",
+          "redirect_uri" => "VARCHAR(2000)",
+          "expires" => "TIMESTAMP NOT NULL",
+          "scope" => "VARCHAR(4000)",
+          "id_token" => "VARCHAR(1000)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("authorization_code")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "oauth_refresh_tokens" => array(
+        "cols" => array(
+          "refresh_token" => "VARCHAR(40) NOT NULL",
+          "client_id" => "VARCHAR(80) NOT NULL",
+          "user_id" => "VARCHAR(80)",
+          "expires" => "TIMESTAMP NOT NULL",
+          "scope" => "VARCHAR(4000)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("refresh_token")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      )
+    );
+
+    foreach ($tables as $table => $properties) {
+      // Migrate to quarantine
+      if ($table == 'quarantine') {
+        $stmt = $pdo->query("SHOW TABLES LIKE 'quarantaine'");
+        $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+        if ($num_results != 0) {
+          $stmt = $pdo->query("SHOW TABLES LIKE 'quarantine'");
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results == 0) {
+            $pdo->query("RENAME TABLE `quarantaine` TO `quarantine`");
+          }
+        }
+      }
+
       // Migrate tls_enforce_* options
-      if ($table == 'mailbox') {
-        $stmt = $pdo->query("SHOW TABLES LIKE 'mailbox'");
-        $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-        if ($num_results != 0) {
-          $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE '%tls_enforce%'"); 
-          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-          if ($num_results != 0) {
-            $stmt = $pdo->query("SELECT `username`, `tls_enforce_in`, `tls_enforce_out` FROM `mailbox`");
-            $tls_options_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-            while ($row = array_shift($tls_options_rows)) {
-              $tls_options[$row['username']] = array('tls_enforce_in' => $row['tls_enforce_in'], 'tls_enforce_out' => $row['tls_enforce_out']);
-            }
-          }
-        }
-      }
-
-      $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'"); 
-      $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-      if ($num_results != 0) {
-        $stmt = $pdo->prepare("SELECT CONCAT('ALTER TABLE ', `table_schema`, '.', `table_name`, ' DROP FOREIGN KEY ', `constraint_name`, ';') AS `FKEY_DROP` FROM `information_schema`.`table_constraints`
-          WHERE `constraint_type` = 'FOREIGN KEY' AND `table_name` = :table;");
-        $stmt->execute(array(':table' => $table));
-        $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-        while ($row = array_shift($rows)) {
-          $pdo->query($row['FKEY_DROP']);
-        }
-        foreach($properties['cols'] as $column => $type) {
-          $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "` LIKE '" . $column . "'"); 
-          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-          if ($num_results == 0) {
-            if (strpos($type, 'AUTO_INCREMENT') !== false) {
-              $type = $type . ' PRIMARY KEY ';
-              // Adding an AUTO_INCREMENT key, need to drop primary keys first, if exists
-              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'");
-              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-              if ($num_results != 0) {
-                $pdo->query("ALTER TABLE `" . $table . "` DROP PRIMARY KEY");
-              }
-            }
-            $pdo->query("ALTER TABLE `" . $table . "` ADD `" . $column . "` " . $type);
-          }
-          else {
-            $pdo->query("ALTER TABLE `" . $table . "` MODIFY COLUMN `" . $column . "` " . $type);
-          }
-        }
-        foreach($properties['keys'] as $key_type => $key_content) {
-          if (strtolower($key_type) == 'primary') {
-            foreach ($key_content as $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'"); 
-              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-              $is_drop = ($num_results != 0) ? "DROP PRIMARY KEY, " : "";
-              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD PRIMARY KEY (" . $fields . ")");
-            }
-          }
-          if (strtolower($key_type) == 'key') {
-            foreach ($key_content as $key_name => $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'"); 
-              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-              $is_drop = ($num_results != 0) ? "DROP INDEX `" . $key_name . "`, " : "";
-              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD KEY `" . $key_name . "` (" . $fields . ")");
-            }
-          }
-          if (strtolower($key_type) == 'unique') {
-            foreach ($key_content as $key_name => $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'");
-              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-              $is_drop = ($num_results != 0) ? "DROP INDEX `" . $key_name . "`, " : "";
-              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD UNIQUE KEY `" . $key_name . "` (" . $fields . ")");
-            }
-          }
-          if (strtolower($key_type) == 'fkey') {
-            foreach ($key_content as $key_name => $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'");
-              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-              if ($num_results != 0) {
-                $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $key_name . "`");
-              }
-              @list($table_ref, $field_ref) = explode('.', $key_values['ref']);
-              $pdo->query("ALTER TABLE `" . $table . "` ADD FOREIGN KEY `" . $key_name . "` (" . $key_values['col'] . ") REFERENCES `" . $table_ref . "` (`" . $field_ref . "`)
-                ON DELETE " . $key_values['delete'] . " ON UPDATE " . $key_values['update']);
-            }
-          }
-        }
-        // Drop all vanished columns
-        $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "`"); 
-        $cols_in_table = $stmt->fetchAll(PDO::FETCH_ASSOC); 
-        while ($row = array_shift($cols_in_table)) {
-          if (!array_key_exists($row['Field'], $properties['cols'])) {
-            $pdo->query("ALTER TABLE `" . $table . "` DROP COLUMN `" . $row['Field'] . "`;");
-          }
-        }
-
-        // Step 1: Get all non-primary keys, that currently exist and those that should exist
-        $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE `Key_name` != 'PRIMARY'"); 
-        $keys_in_table = $stmt->fetchAll(PDO::FETCH_ASSOC); 
-        $keys_to_exist = array();
-        if (isset($properties['keys']['unique']) && is_array($properties['keys']['unique'])) {
-          foreach ($properties['keys']['unique'] as $key_name => $key_values) {
-             $keys_to_exist[] = $key_name;
-          }
-        }
-        if (isset($properties['keys']['key']) && is_array($properties['keys']['key'])) {
-          foreach ($properties['keys']['key'] as $key_name => $key_values) {
-             $keys_to_exist[] = $key_name;
-          }
-        }
-        // Index for foreign key must exist
-        if (isset($properties['keys']['fkey']) && is_array($properties['keys']['fkey'])) {
-          foreach ($properties['keys']['fkey'] as $key_name => $key_values) {
-             $keys_to_exist[] = $key_name;
-          }
-        }
-        // Step 2: Drop all vanished indexes
-        while ($row = array_shift($keys_in_table)) {
-          if (!in_array($row['Key_name'], $keys_to_exist)) {
-            $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $row['Key_name'] . "`");
-          }
-        }
-        // Step 3: Drop all vanished primary keys
-        if (!isset($properties['keys']['primary'])) {
-          $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'"); 
-          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-          if ($num_results != 0) {
-            $pdo->query("ALTER TABLE `" . $table . "` DROP PRIMARY KEY");
-          }
-        }
-      }
-      else {
-        // Create table if it is missing
-        $sql = "CREATE TABLE IF NOT EXISTS `" . $table . "` (";
-        foreach($properties['cols'] as $column => $type) {
-          $sql .= "`" . $column . "` " . $type . ",";
-        }
-        foreach($properties['keys'] as $key_type => $key_content) {
-          if (strtolower($key_type) == 'primary') {
-            foreach ($key_content as $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $sql .= "PRIMARY KEY (" . $fields . ")" . ",";
-            }
-          }
-          elseif (strtolower($key_type) == 'key') {
-            foreach ($key_content as $key_name => $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $sql .= "KEY `" . $key_name . "` (" . $fields . ")" . ",";
-            }
-          }
-          elseif (strtolower($key_type) == 'unique') {
-            foreach ($key_content as $key_name => $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $sql .= "UNIQUE KEY `" . $key_name . "` (" . $fields . ")" . ",";
-            }
-          }
-          elseif (strtolower($key_type) == 'fkey') {
-            foreach ($key_content as $key_name => $key_values) {
-              @list($table_ref, $field_ref) = explode('.', $key_values['ref']);
-              $sql .= "FOREIGN KEY `" . $key_name . "` (" . $key_values['col'] . ") REFERENCES `" . $table_ref . "` (`" . $field_ref . "`)
-                ON DELETE " . $key_values['delete'] . " ON UPDATE " . $key_values['update'] . ",";
-            }
-          }
-        }
-        $sql = rtrim($sql, ",");
-        $sql .= ") " . $properties['attr'];
-        $pdo->query($sql);
-      }
-      // Reset table attributes
-      $pdo->query("ALTER TABLE `" . $table . "` " . $properties['attr'] . ";");
-
-    }
-
-    // Recreate SQL views
-    foreach ($views as $view => $create) {
-      $pdo->query("DROP VIEW IF EXISTS `" . $view . "`;");
-      $pdo->query($create);
-    }
-    
-    // Mitigate imapsync argument injection issue
-    $pdo->query("UPDATE `imapsync` SET `custom_params` = '' 
-      WHERE `custom_params` LIKE '%pipemess%' 
-        OR custom_params LIKE '%skipmess%' 
-        OR custom_params LIKE '%delete2foldersonly%' 
-        OR custom_params LIKE '%delete2foldersbutnot%' 
-        OR custom_params LIKE '%regexflag%' 
-        OR custom_params LIKE '%pipemess%' 
-        OR custom_params LIKE '%regextrans2%' 
-        OR custom_params LIKE '%maxlinelengthcmd%';");
-    
-    // Migrate webauthn tfa
-    $stmt = $pdo->query("ALTER TABLE `tfa` MODIFY COLUMN `authmech` ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')");
-
-    // Inject admin if not exists
-    $stmt = $pdo->query("SELECT NULL FROM `admin`"); 
-    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-    if ($num_results == 0) {
-    $pdo->query("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)
-      VALUES ('admin', '{SSHA256}K8eVJ6YsZbQCfuJvSUbaQRLr0HPLz5rC9IAp0PAFl0tmNDBkMDc0NDAyOTAxN2Rk', 1, NOW(), NOW(), 1)");
-    $pdo->query("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
-        SELECT `username`, 'ALL', NOW(), 1 FROM `admin`
-          WHERE superadmin='1' AND `username` NOT IN (SELECT `username` FROM `domain_admins`);");
-    $pdo->query("DELETE FROM `admin` WHERE `username` NOT IN  (SELECT `username` FROM `domain_admins`);");
-    }
-    // Insert new DB schema version
-    $pdo->query("REPLACE INTO `versions` (`application`, `version`) VALUES ('db_schema', '" . $db_version . "');");
-
-    // Fix dangling domain admins
-    $pdo->query("DELETE FROM `admin` WHERE `superadmin` = 0 AND `username` NOT IN (SELECT `username`FROM `domain_admins`);");
-    $pdo->query("DELETE FROM `da_acl` WHERE `username` NOT IN (SELECT `username`FROM `domain_admins`);");
-
-    // Migrate attributes
-    // pushover
-    $pdo->query("UPDATE `pushover` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
-    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.evaluate_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.evaluate_x_prio') IS NULL;");
-    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.only_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.only_x_prio') IS NULL;");
-    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.sound', \"pushover\") WHERE JSON_VALUE(`attributes`, '$.sound') IS NULL;");
-    // mailbox
-    $pdo->query("UPDATE `mailbox` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.passwd_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.passwd_update') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.relayhost', \"0\") WHERE JSON_VALUE(`attributes`, '$.relayhost') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.force_pw_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.force_pw_update') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.sieve_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sieve_access') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.sogo_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sogo_access') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.imap_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.imap_access') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.pop3_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.pop3_access') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.smtp_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.smtp_access') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.mailbox_format', \"maildir:\") WHERE JSON_VALUE(`attributes`, '$.mailbox_format') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.quarantine_notification', \"never\") WHERE JSON_VALUE(`attributes`, '$.quarantine_notification') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.quarantine_category', \"reject\") WHERE JSON_VALUE(`attributes`, '$.quarantine_category') IS NULL;");
-    foreach($tls_options as $tls_user => $tls_options) {
-      $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_enforce_in),
-        `attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_enforce_out)
-          WHERE `username` = :username");
-      $stmt->execute(array(':tls_enforce_in' => $tls_options['tls_enforce_in'], ':tls_enforce_out' => $tls_options['tls_enforce_out'], ':username' => $tls_user));
-    }
-    // Set tls_enforce_* if still missing (due to deleted attrs for example)
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.tls_enforce_out', \"1\") WHERE JSON_VALUE(`attributes`, '$.tls_enforce_out') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.tls_enforce_in', \"1\") WHERE JSON_VALUE(`attributes`, '$.tls_enforce_in') IS NULL;");
-    // Fix ACL
-    $pdo->query("INSERT INTO `user_acl` (`username`) SELECT `username` FROM `mailbox` WHERE `kind` = '' AND NOT EXISTS (SELECT `username` FROM `user_acl`);");
-    $pdo->query("INSERT INTO `da_acl` (`username`) SELECT DISTINCT `username` FROM `domain_admins` WHERE `username` != 'admin' AND NOT EXISTS (SELECT `username` FROM `da_acl`);");
-    // Fix domain_admins
-    $pdo->query("DELETE FROM `domain_admins` WHERE `domain` = 'ALL';");
-
+      if ($table == 'mailbox') {
+        $stmt = $pdo->query("SHOW TABLES LIKE 'mailbox'");
+        $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+        if ($num_results != 0) {
+          $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE '%tls_enforce%'");
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results != 0) {
+            $stmt = $pdo->query("SELECT `username`, `tls_enforce_in`, `tls_enforce_out` FROM `mailbox`");
+            $tls_options_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+            while ($row = array_shift($tls_options_rows)) {
+              $tls_options[$row['username']] = array('tls_enforce_in' => $row['tls_enforce_in'], 'tls_enforce_out' => $row['tls_enforce_out']);
+            }
+          }
+        }
+      }
+
+      $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'");
+      $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+      if ($num_results != 0) {
+        $stmt = $pdo->prepare("SELECT CONCAT('ALTER TABLE ', `table_schema`, '.', `table_name`, ' DROP FOREIGN KEY ', `constraint_name`, ';') AS `FKEY_DROP` FROM `information_schema`.`table_constraints`
+          WHERE `constraint_type` = 'FOREIGN KEY' AND `table_name` = :table;");
+        $stmt->execute(array(':table' => $table));
+        $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+        while ($row = array_shift($rows)) {
+          $pdo->query($row['FKEY_DROP']);
+        }
+        foreach($properties['cols'] as $column => $type) {
+          $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "` LIKE '" . $column . "'");
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results == 0) {
+            if (strpos($type, 'AUTO_INCREMENT') !== false) {
+              $type = $type . ' PRIMARY KEY ';
+              // Adding an AUTO_INCREMENT key, need to drop primary keys first, if exists
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'");
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              if ($num_results != 0) {
+                $pdo->query("ALTER TABLE `" . $table . "` DROP PRIMARY KEY");
+              }
+            }
+            $pdo->query("ALTER TABLE `" . $table . "` ADD `" . $column . "` " . $type);
+          }
+          else {
+            $pdo->query("ALTER TABLE `" . $table . "` MODIFY COLUMN `" . $column . "` " . $type);
+          }
+        }
+        foreach($properties['keys'] as $key_type => $key_content) {
+          if (strtolower($key_type) == 'primary') {
+            foreach ($key_content as $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'");
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              $is_drop = ($num_results != 0) ? "DROP PRIMARY KEY, " : "";
+              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD PRIMARY KEY (" . $fields . ")");
+            }
+          }
+          if (strtolower($key_type) == 'key') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'");
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              $is_drop = ($num_results != 0) ? "DROP INDEX `" . $key_name . "`, " : "";
+              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD KEY `" . $key_name . "` (" . $fields . ")");
+            }
+          }
+          if (strtolower($key_type) == 'unique') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'");
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              $is_drop = ($num_results != 0) ? "DROP INDEX `" . $key_name . "`, " : "";
+              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD UNIQUE KEY `" . $key_name . "` (" . $fields . ")");
+            }
+          }
+          if (strtolower($key_type) == 'fkey') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'");
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              if ($num_results != 0) {
+                $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $key_name . "`");
+              }
+              @list($table_ref, $field_ref) = explode('.', $key_values['ref']);
+              $pdo->query("ALTER TABLE `" . $table . "` ADD FOREIGN KEY `" . $key_name . "` (" . $key_values['col'] . ") REFERENCES `" . $table_ref . "` (`" . $field_ref . "`)
+                ON DELETE " . $key_values['delete'] . " ON UPDATE " . $key_values['update']);
+            }
+          }
+        }
+        // Drop all vanished columns
+        $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "`");
+        $cols_in_table = $stmt->fetchAll(PDO::FETCH_ASSOC);
+        while ($row = array_shift($cols_in_table)) {
+          if (!array_key_exists($row['Field'], $properties['cols'])) {
+            $pdo->query("ALTER TABLE `" . $table . "` DROP COLUMN `" . $row['Field'] . "`;");
+          }
+        }
+
+        // Step 1: Get all non-primary keys, that currently exist and those that should exist
+        $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE `Key_name` != 'PRIMARY'");
+        $keys_in_table = $stmt->fetchAll(PDO::FETCH_ASSOC);
+        $keys_to_exist = array();
+        if (isset($properties['keys']['unique']) && is_array($properties['keys']['unique'])) {
+          foreach ($properties['keys']['unique'] as $key_name => $key_values) {
+             $keys_to_exist[] = $key_name;
+          }
+        }
+        if (isset($properties['keys']['key']) && is_array($properties['keys']['key'])) {
+          foreach ($properties['keys']['key'] as $key_name => $key_values) {
+             $keys_to_exist[] = $key_name;
+          }
+        }
+        // Index for foreign key must exist
+        if (isset($properties['keys']['fkey']) && is_array($properties['keys']['fkey'])) {
+          foreach ($properties['keys']['fkey'] as $key_name => $key_values) {
+             $keys_to_exist[] = $key_name;
+          }
+        }
+        // Step 2: Drop all vanished indexes
+        while ($row = array_shift($keys_in_table)) {
+          if (!in_array($row['Key_name'], $keys_to_exist)) {
+            $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $row['Key_name'] . "`");
+          }
+        }
+        // Step 3: Drop all vanished primary keys
+        if (!isset($properties['keys']['primary'])) {
+          $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'");
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results != 0) {
+            $pdo->query("ALTER TABLE `" . $table . "` DROP PRIMARY KEY");
+          }
+        }
+      }
+      else {
+        // Create table if it is missing
+        $sql = "CREATE TABLE IF NOT EXISTS `" . $table . "` (";
+        foreach($properties['cols'] as $column => $type) {
+          $sql .= "`" . $column . "` " . $type . ",";
+        }
+        foreach($properties['keys'] as $key_type => $key_content) {
+          if (strtolower($key_type) == 'primary') {
+            foreach ($key_content as $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $sql .= "PRIMARY KEY (" . $fields . ")" . ",";
+            }
+          }
+          elseif (strtolower($key_type) == 'key') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $sql .= "KEY `" . $key_name . "` (" . $fields . ")" . ",";
+            }
+          }
+          elseif (strtolower($key_type) == 'unique') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $sql .= "UNIQUE KEY `" . $key_name . "` (" . $fields . ")" . ",";
+            }
+          }
+          elseif (strtolower($key_type) == 'fkey') {
+            foreach ($key_content as $key_name => $key_values) {
+              @list($table_ref, $field_ref) = explode('.', $key_values['ref']);
+              $sql .= "FOREIGN KEY `" . $key_name . "` (" . $key_values['col'] . ") REFERENCES `" . $table_ref . "` (`" . $field_ref . "`)
+                ON DELETE " . $key_values['delete'] . " ON UPDATE " . $key_values['update'] . ",";
+            }
+          }
+        }
+        $sql = rtrim($sql, ",");
+        $sql .= ") " . $properties['attr'];
+        $pdo->query($sql);
+      }
+      // Reset table attributes
+      $pdo->query("ALTER TABLE `" . $table . "` " . $properties['attr'] . ";");
+
+    }
+
+    // Recreate SQL views
+    foreach ($views as $view => $create) {
+      $pdo->query("DROP VIEW IF EXISTS `" . $view . "`;");
+      $pdo->query($create);
+    }
+
+    // Mitigate imapsync argument injection issue
+    $pdo->query("UPDATE `imapsync` SET `custom_params` = ''
+      WHERE `custom_params` LIKE '%pipemess%'
+        OR custom_params LIKE '%skipmess%'
+        OR custom_params LIKE '%delete2foldersonly%'
+        OR custom_params LIKE '%delete2foldersbutnot%'
+        OR custom_params LIKE '%regexflag%'
+        OR custom_params LIKE '%pipemess%'
+        OR custom_params LIKE '%regextrans2%'
+        OR custom_params LIKE '%maxlinelengthcmd%';");
+
+    // Migrate webauthn tfa
+    $stmt = $pdo->query("ALTER TABLE `tfa` MODIFY COLUMN `authmech` ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')");
+
+    // Inject admin if not exists
+    $stmt = $pdo->query("SELECT NULL FROM `admin`");
+    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+    if ($num_results == 0) {
+    $pdo->query("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)
+      VALUES ('admin', '{SSHA256}K8eVJ6YsZbQCfuJvSUbaQRLr0HPLz5rC9IAp0PAFl0tmNDBkMDc0NDAyOTAxN2Rk', 1, NOW(), NOW(), 1)");
+    $pdo->query("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+        SELECT `username`, 'ALL', NOW(), 1 FROM `admin`
+          WHERE superadmin='1' AND `username` NOT IN (SELECT `username` FROM `domain_admins`);");
+    $pdo->query("DELETE FROM `admin` WHERE `username` NOT IN  (SELECT `username` FROM `domain_admins`);");
+    }
+    // Insert new DB schema version
+    $pdo->query("REPLACE INTO `versions` (`application`, `version`) VALUES ('db_schema', '" . $db_version . "');");
+
+    // Fix dangling domain admins
+    $pdo->query("DELETE FROM `admin` WHERE `superadmin` = 0 AND `username` NOT IN (SELECT `username`FROM `domain_admins`);");
+    $pdo->query("DELETE FROM `da_acl` WHERE `username` NOT IN (SELECT `username`FROM `domain_admins`);");
+
+    // Migrate attributes
+    // pushover
+    $pdo->query("UPDATE `pushover` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
+    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.evaluate_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.evaluate_x_prio') IS NULL;");
+    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.only_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.only_x_prio') IS NULL;");
+    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.sound', \"pushover\") WHERE JSON_VALUE(`attributes`, '$.sound') IS NULL;");
+    // mailbox
+    $pdo->query("UPDATE `mailbox` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.passwd_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.passwd_update') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.relayhost', \"0\") WHERE JSON_VALUE(`attributes`, '$.relayhost') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.force_pw_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.force_pw_update') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.sieve_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sieve_access') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.sogo_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sogo_access') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.imap_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.imap_access') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.pop3_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.pop3_access') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.smtp_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.smtp_access') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.mailbox_format', \"maildir:\") WHERE JSON_VALUE(`attributes`, '$.mailbox_format') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.quarantine_notification', \"never\") WHERE JSON_VALUE(`attributes`, '$.quarantine_notification') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.quarantine_category', \"reject\") WHERE JSON_VALUE(`attributes`, '$.quarantine_category') IS NULL;");
+    foreach($tls_options as $tls_user => $tls_options) {
+      $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_enforce_in),
+        `attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_enforce_out)
+          WHERE `username` = :username");
+      $stmt->execute(array(':tls_enforce_in' => $tls_options['tls_enforce_in'], ':tls_enforce_out' => $tls_options['tls_enforce_out'], ':username' => $tls_user));
+    }
+    // Set tls_enforce_* if still missing (due to deleted attrs for example)
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.tls_enforce_out', \"1\") WHERE JSON_VALUE(`attributes`, '$.tls_enforce_out') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.tls_enforce_in', \"1\") WHERE JSON_VALUE(`attributes`, '$.tls_enforce_in') IS NULL;");
+    // Fix ACL
+    $pdo->query("INSERT INTO `user_acl` (`username`) SELECT `username` FROM `mailbox` WHERE `kind` = '' AND NOT EXISTS (SELECT `username` FROM `user_acl`);");
+    $pdo->query("INSERT INTO `da_acl` (`username`) SELECT DISTINCT `username` FROM `domain_admins` WHERE `username` != 'admin' AND NOT EXISTS (SELECT `username` FROM `da_acl`);");
+    // Fix domain_admins
+    $pdo->query("DELETE FROM `domain_admins` WHERE `domain` = 'ALL';");
+
     // add default templates
     $default_domain_template = array(
       "template" => "Default",
@@ -1398,68 +1411,68 @@ function init_db_schema() {
       )); 
     } 
 
-    if (php_sapi_name() == "cli") {
-      echo "DB initialization completed" . PHP_EOL;
-    } else {
-      $_SESSION['return'][] = array(
-        'type' => 'success',
-        'log' => array(__FUNCTION__),
-        'msg' => 'db_init_complete'
-      );
-    }
-  }
-  catch (PDOException $e) {
-    if (php_sapi_name() == "cli") {
-      echo "DB initialization failed: " . print_r($e, true) . PHP_EOL;
-    } else {
-      $_SESSION['return'][] = array(
-        'type' => 'danger',
-        'log' => array(__FUNCTION__),
-        'msg' => array('mysql_error', $e)
-      );
-    }
-  }
-}
-if (php_sapi_name() == "cli") {
-  include '/web/inc/vars.inc.php';
-  include '/web/inc/functions.docker.inc.php';
-  // $now = new DateTime();
-  // $mins = $now->getOffset() / 60;
-  // $sgn = ($mins < 0 ? -1 : 1);
-  // $mins = abs($mins);
-  // $hrs = floor($mins / 60);
-  // $mins -= $hrs * 60;
-  // $offset = sprintf('%+d:%02d', $hrs*$sgn, $mins);
-  $dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
-  $opt = [
-    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
-    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
-    PDO::ATTR_EMULATE_PREPARES   => false,
-    //PDO::MYSQL_ATTR_INIT_COMMAND => "SET time_zone = '" . $offset . "', group_concat_max_len = 3423543543;",
-  ];
-  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
-  $stmt = $pdo->query("SELECT COUNT('OK') AS OK_C FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'sogo_view' OR TABLE_NAME = '_sogo_static_view';");
-  $res = $stmt->fetch(PDO::FETCH_ASSOC);
-  if (intval($res['OK_C']) === 2) {
-    // Be more precise when replacing into _sogo_static_view, col orders may change
-    try {
-      $stmt = $pdo->query("REPLACE INTO _sogo_static_view (`c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings`)
-        SELECT `c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings` from sogo_view");
-      $stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
-      echo "Fixed _sogo_static_view" . PHP_EOL;
-    }
-    catch ( Exception $e ) {
-      // Dunno
-    }
-  }
-  try {
-    $m = new Memcached();
-    $m->addServer('memcached', 11211);
-    $m->flush();
-    echo "Cleaned up memcached". PHP_EOL;
-  }
-  catch ( Exception $e ) {
-    // Dunno
-  }
-  init_db_schema();
-}
+    if (php_sapi_name() == "cli") {
+      echo "DB initialization completed" . PHP_EOL;
+    } else {
+      $_SESSION['return'][] = array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__),
+        'msg' => 'db_init_complete'
+      );
+    }
+  }
+  catch (PDOException $e) {
+    if (php_sapi_name() == "cli") {
+      echo "DB initialization failed: " . print_r($e, true) . PHP_EOL;
+    } else {
+      $_SESSION['return'][] = array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__),
+        'msg' => array('mysql_error', $e)
+      );
+    }
+  }
+}
+if (php_sapi_name() == "cli") {
+  include '/web/inc/vars.inc.php';
+  include '/web/inc/functions.docker.inc.php';
+  // $now = new DateTime();
+  // $mins = $now->getOffset() / 60;
+  // $sgn = ($mins < 0 ? -1 : 1);
+  // $mins = abs($mins);
+  // $hrs = floor($mins / 60);
+  // $mins -= $hrs * 60;
+  // $offset = sprintf('%+d:%02d', $hrs*$sgn, $mins);
+  $dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
+  $opt = [
+    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+    PDO::ATTR_EMULATE_PREPARES   => false,
+    //PDO::MYSQL_ATTR_INIT_COMMAND => "SET time_zone = '" . $offset . "', group_concat_max_len = 3423543543;",
+  ];
+  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
+  $stmt = $pdo->query("SELECT COUNT('OK') AS OK_C FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'sogo_view' OR TABLE_NAME = '_sogo_static_view';");
+  $res = $stmt->fetch(PDO::FETCH_ASSOC);
+  if (intval($res['OK_C']) === 2) {
+    // Be more precise when replacing into _sogo_static_view, col orders may change
+    try {
+      $stmt = $pdo->query("REPLACE INTO _sogo_static_view (`c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings`)
+        SELECT `c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings` from sogo_view");
+      $stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
+      echo "Fixed _sogo_static_view" . PHP_EOL;
+    }
+    catch ( Exception $e ) {
+      // Dunno
+    }
+  }
+  try {
+    $m = new Memcached();
+    $m->addServer('memcached', 11211);
+    $m->flush();
+    echo "Cleaned up memcached". PHP_EOL;
+  }
+  catch ( Exception $e ) {
+    // Dunno
+  }
+  init_db_schema();
+}
diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php
index 5c7ec710..1a33e760 100644
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -1,140 +1,140 @@
-<?php
-// Start session
-if (session_status() !== PHP_SESSION_ACTIVE) {
-  ini_set("session.cookie_httponly", 1);
-  ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
-}
-
-if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && 
-  strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") {
-  if (session_status() !== PHP_SESSION_ACTIVE) {
-    ini_set("session.cookie_secure", 1);
-  }
-  $IS_HTTPS = true;
-}
-elseif (isset($_SERVER['HTTPS'])) {
-  if (session_status() !== PHP_SESSION_ACTIVE) {
-    ini_set("session.cookie_secure", 1);
-  }
-  $IS_HTTPS = true;
-}
-else {
-  $IS_HTTPS = false;
-}
-
-if (session_status() !== PHP_SESSION_ACTIVE) {
-  session_start();
-}
-
-if (!isset($_SESSION['CSRF']['TOKEN'])) {
-  $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
-}
-
-// Set session UA
-if (!isset($_SESSION['SESS_REMOTE_UA'])) {
-  $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
-}
-
-// Keep session active
-if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $SESSION_LIFETIME)) {
-  session_unset();
-  session_destroy();
-}
-$_SESSION['LAST_ACTIVITY'] = time();
-
-// API
-if (!empty($_SERVER['HTTP_X_API_KEY'])) {
-  $stmt = $pdo->prepare("SELECT * FROM `api` WHERE `api_key` = :api_key AND `active` = '1';");
-  $stmt->execute(array(
-    ':api_key' => preg_replace('/[^a-zA-Z0-9-]/', '', $_SERVER['HTTP_X_API_KEY'])
-  ));
-  $api_return = $stmt->fetch(PDO::FETCH_ASSOC);
-  if (!empty($api_return['api_key'])) {
-    $skip_ip_check = ($api_return['skip_ip_check'] == 1);
-    $remote = get_remote_ip(false);
-    $allow_from = array_map('trim', preg_split( "/( |,|;|\n)/", $api_return['allow_from']));
-    if ($skip_ip_check === true || ip_acl($remote, $allow_from)) {
-      $_SESSION['mailcow_cc_username'] = 'API';
-      $_SESSION['mailcow_cc_role'] = 'admin';
-      $_SESSION['mailcow_cc_api'] = true;
-      if ($api_return['access'] == 'rw') {
-        $_SESSION['mailcow_cc_api_access'] = 'rw';
-      }
-      else {
-        $_SESSION['mailcow_cc_api_access'] = 'ro';
-      }
-    }
-    else {
-      $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
-      error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
-      http_response_code(401);
-      echo json_encode(array(
-        'type' => 'error',
-        'msg' => 'api access denied for ip ' . $_SERVER['REMOTE_ADDR']
-      ));
-      unset($_POST);
-      exit();
-    }
-  }
-  else {
-    $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
-    error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
-    http_response_code(401);
-    echo json_encode(array(
-      'type' => 'error',
-      'msg' => 'authentication failed'
-    ));
-    unset($_POST);
-    exit();
-  }
-}
-
-// Handle logouts
-if (isset($_POST["logout"])) {
-  if (isset($_SESSION["dual-login"])) {
-    $_SESSION["mailcow_cc_username"] = $_SESSION["dual-login"]["username"];
-    $_SESSION["mailcow_cc_role"] = $_SESSION["dual-login"]["role"];
-    unset($_SESSION["dual-login"]);
-    header("Location: /mailbox");
-    exit();
-  }
-  else {
-    session_regenerate_id(true);
-    session_unset();
-    session_destroy();
-    session_write_close();
-    header("Location: /");
-  }
-}
-
-// Check session
-function session_check() {
-  if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) {
-    return true;
-  }
-  if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) {
-    $_SESSION['return'][] = array(
-      'type' => 'warning',
-      'msg' => 'session_ua'
-    );
-    return false;
-  }
-  if (!empty($_POST)) {
-    if ($_SESSION['CSRF']['TOKEN'] != $_POST['csrf_token']) {
-      $_SESSION['return'][] = array(
-        'type' => 'warning',
-        'msg' => 'session_token'
-      );
-      return false;
-    }
-    unset($_POST['csrf_token']);
-    $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
-    $_SESSION['CSRF']['TIME'] = time();
-  }
-  return true;
-}
-
-if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
-  $_POST = array();
-  $_FILES = array();
-}
+<?php
+// Start session
+if (session_status() !== PHP_SESSION_ACTIVE) {
+  ini_set("session.cookie_httponly", 1);
+  ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
+}
+
+if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
+  strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") {
+  if (session_status() !== PHP_SESSION_ACTIVE) {
+    ini_set("session.cookie_secure", 1);
+  }
+  $IS_HTTPS = true;
+}
+elseif (isset($_SERVER['HTTPS'])) {
+  if (session_status() !== PHP_SESSION_ACTIVE) {
+    ini_set("session.cookie_secure", 1);
+  }
+  $IS_HTTPS = true;
+}
+else {
+  $IS_HTTPS = false;
+}
+
+if (session_status() !== PHP_SESSION_ACTIVE) {
+  session_start();
+}
+
+if (!isset($_SESSION['CSRF']['TOKEN'])) {
+  $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
+}
+
+// Set session UA
+if (!isset($_SESSION['SESS_REMOTE_UA'])) {
+  $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
+}
+
+// Keep session active
+if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $SESSION_LIFETIME)) {
+  session_unset();
+  session_destroy();
+}
+$_SESSION['LAST_ACTIVITY'] = time();
+
+// API
+if (!empty($_SERVER['HTTP_X_API_KEY'])) {
+  $stmt = $pdo->prepare("SELECT * FROM `api` WHERE `api_key` = :api_key AND `active` = '1';");
+  $stmt->execute(array(
+    ':api_key' => preg_replace('/[^a-zA-Z0-9-]/', '', $_SERVER['HTTP_X_API_KEY'])
+  ));
+  $api_return = $stmt->fetch(PDO::FETCH_ASSOC);
+  if (!empty($api_return['api_key'])) {
+    $skip_ip_check = ($api_return['skip_ip_check'] == 1);
+    $remote = get_remote_ip(false);
+    $allow_from = array_map('trim', preg_split( "/( |,|;|\n)/", $api_return['allow_from']));
+    if ($skip_ip_check === true || ip_acl($remote, $allow_from)) {
+      $_SESSION['mailcow_cc_username'] = 'API';
+      $_SESSION['mailcow_cc_role'] = 'admin';
+      $_SESSION['mailcow_cc_api'] = true;
+      if ($api_return['access'] == 'rw') {
+        $_SESSION['mailcow_cc_api_access'] = 'rw';
+      }
+      else {
+        $_SESSION['mailcow_cc_api_access'] = 'ro';
+      }
+    }
+    else {
+      $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
+      error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+      http_response_code(401);
+      echo json_encode(array(
+        'type' => 'error',
+        'msg' => 'api access denied for ip ' . $_SERVER['REMOTE_ADDR']
+      ));
+      unset($_POST);
+      exit();
+    }
+  }
+  else {
+    $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
+    error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+    http_response_code(401);
+    echo json_encode(array(
+      'type' => 'error',
+      'msg' => 'authentication failed'
+    ));
+    unset($_POST);
+    exit();
+  }
+}
+
+// Handle logouts
+if (isset($_POST["logout"])) {
+  if (isset($_SESSION["dual-login"])) {
+    $_SESSION["mailcow_cc_username"] = $_SESSION["dual-login"]["username"];
+    $_SESSION["mailcow_cc_role"] = $_SESSION["dual-login"]["role"];
+    unset($_SESSION["dual-login"]);
+    header("Location: /mailbox");
+    exit();
+  }
+  else {
+    session_regenerate_id(true);
+    session_unset();
+    session_destroy();
+    session_write_close();
+    header("Location: /");
+  }
+}
+
+// Check session
+function session_check() {
+  if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) {
+    return true;
+  }
+  if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) {
+    $_SESSION['return'][] = array(
+      'type' => 'warning',
+      'msg' => 'session_ua'
+    );
+    return false;
+  }
+  if (!empty($_POST)) {
+    if ($_SESSION['CSRF']['TOKEN'] != $_POST['csrf_token']) {
+      $_SESSION['return'][] = array(
+        'type' => 'warning',
+        'msg' => 'session_token'
+      );
+      return false;
+    }
+    unset($_POST['csrf_token']);
+    $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
+    $_SESSION['CSRF']['TIME'] = time();
+  }
+  return true;
+}
+
+if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
+  $_POST = array();
+  $_FILES = array();
+}
diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index aec043e9..fde1507f 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -1,4 +1,15 @@
 <?php
+// SSO Domain Admin
+if (!empty($_GET['sso_token'])) {
+  $username = domain_admin_sso('check', $_GET['sso_token']);
+
+  if ($username !== false) {
+    $_SESSION['mailcow_cc_username'] = $username;
+    $_SESSION['mailcow_cc_role'] = 'domainadmin';
+    header('Location: /mailbox');
+  }
+}
+
 if (isset($_POST["verify_tfa_login"])) {
   if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST)) {
     $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
@@ -6,7 +17,7 @@ if (isset($_POST["verify_tfa_login"])) {
     unset($_SESSION['pending_mailcow_cc_username']);
     unset($_SESSION['pending_mailcow_cc_role']);
     unset($_SESSION['pending_tfa_methods']);
-	
+
     header("Location: /user");
   } else {
     unset($_SESSION['pending_mailcow_cc_username']);
@@ -34,7 +45,7 @@ if (isset($_POST["quick_delete"])) {
 if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
 	$login_user = strtolower(trim($_POST["login_user"]));
 	$as = check_login($login_user, $_POST["pass_user"]);
-  
+
 	if ($as == "admin") {
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "admin";
diff --git a/data/web/json_api.php b/data/web/json_api.php
index acaeaba9..ec028fe4 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -288,6 +288,18 @@ if (isset($_GET['query'])) {
         case "domain-admin":
           process_add_return(domain_admin('add', $attr));
         break;
+        case "sso":
+          switch ($object) {
+            case "domain-admin":
+              $data = domain_admin_sso('issue', $attr);
+              if($data) {
+                echo json_encode($data);
+                exit(0);
+              }
+              process_add_return($data);
+            break;
+          }
+        break;
         case "admin":
           process_add_return(admin('add', $attr));
         break;

From 58ddc31db6ce3d86471ad6ffdf2fd3e2c33e12a6 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 26 Jan 2023 20:09:52 +0100
Subject: [PATCH 151/170] Translations update from Weblate (#5026)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Web] Updated lang.en-gb.json

Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.de-de.json

Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.sk-sk.json

Co-authored-by: Lukáš Matula <lukas@gbely.net>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: Lukáš Matula <lukas@gbely.net>
---
 data/web/lang/lang.de-de.json | 23 +++++++++++++++--------
 data/web/lang/lang.en-gb.json |  2 +-
 data/web/lang/lang.sk-sk.json |  3 ++-
 3 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 4f7feb5b..f348ce6a 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -339,7 +339,8 @@
         "oauth2_add_client": "Füge OAuth2 Client hinzu",
         "api_read_only": "Schreibgeschützter Zugriff",
         "api_read_write": "Lese-Schreib-Zugriff",
-        "oauth2_apps": "OAuth2 Apps"
+        "oauth2_apps": "OAuth2 Apps",
+        "queue_unban": "entsperren"
     },
     "danger": {
         "access_denied": "Zugriff verweigert oder unvollständige/ungültige Daten",
@@ -366,7 +367,7 @@
         "domain_not_empty": "Domain %s ist nicht leer",
         "domain_not_found": "Domain %s nicht gefunden",
         "domain_quota_m_in_use": "Domain-Speicherplatzlimit muss größer oder gleich %d MiB sein",
-        "extended_sender_acl_denied": "Keine Rechte zum setzen von externen Absenderadressen",
+        "extended_sender_acl_denied": "Keine Rechte zum Setzen von externen Absenderadressen",
         "extra_acl_invalid": "Externe Absenderadresse \"%s\" ist ungültig",
         "extra_acl_invalid_domain": "Externe Absenderadresse \"%s\" verwendet eine ungültige Domain",
         "fido2_verification_failed": "FIDO2-Verifizierung fehlgeschlagen: %s",
@@ -460,11 +461,14 @@
         "username_invalid": "Benutzername %s kann nicht verwendet werden",
         "validity_missing": "Bitte geben Sie eine Gültigkeitsdauer an",
         "value_missing": "Bitte alle Felder ausfüllen",
-        "yotp_verification_failed": "Yubico OTP-Verifizierung fehlgeschlagen: %s"
+        "yotp_verification_failed": "Yubico OTP-Verifizierung fehlgeschlagen: %s",
+        "template_exists": "Vorlage %s existiert bereits",
+        "template_id_invalid": "Vorlagen-ID %s ungültig",
+        "template_name_invalid": "Name der Vorlage ungültig"
     },
     "datatables": {
         "collapse_all": "Alle Einklappen",
-        "decimal": "",
+        "decimal": ",",
         "emptyTable": "Keine Daten in der Tabelle vorhanden",
         "expand_all": "Alle Ausklappen",
         "info": "_START_ bis _END_ von _TOTAL_ Einträgen",
@@ -498,7 +502,7 @@
         "current_time": "Systemzeit",
         "disk_usage": "Festplattennutzung",
         "docs": "Dokumente",
-        "error_show_ip": "konnte die öffentlichen IP Adressen nicht auflösen",
+        "error_show_ip": "Konnte die öffentlichen IP Adressen nicht auflösen",
         "external_logs": "Externe Logs",
         "history_all_servers": "History (alle Server)",
         "in_memory_logs": "In-memory Logs",
@@ -651,7 +655,8 @@
         "title": "Objekt bearbeiten",
         "unchanged_if_empty": "Unverändert, wenn leer",
         "username": "Benutzername",
-        "validate_save": "Validieren und speichern"
+        "validate_save": "Validieren und speichern",
+        "pushover_sound": "Ton"
     },
     "fido2": {
         "confirm": "Bestätigen",
@@ -692,7 +697,8 @@
         "quarantine": "Quarantäne",
         "restart_netfilter": "Netfilter neustarten",
         "restart_sogo": "SOGo neustarten",
-        "user_settings": "Benutzereinstellungen"
+        "user_settings": "Benutzereinstellungen",
+        "mailcow_system": "System"
     },
     "info": {
         "awaiting_tfa_confirmation": "Warte auf TFA-Verifizierung",
@@ -1236,7 +1242,8 @@
         "syncjob_EXIT_CONNECTION_FAILURE": "Verbindungsproblem",
         "syncjob_EXIT_TLS_FAILURE": "Problem mit verschlüsselter Verbindung",
         "syncjob_EXIT_AUTHENTICATION_FAILURE": "Authentifizierungsproblem",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Falscher Benutzername oder Passwort"
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Falscher Benutzername oder Passwort",
+        "pushover_sound": "Ton"
     },
     "warning": {
         "cannot_delete_self": "Kann derzeit eingeloggten Benutzer nicht entfernen",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 5719049e..f7fc0577 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -468,7 +468,7 @@
     },
     "datatables": {
         "collapse_all": "Collapse All",
-        "decimal": "",
+        "decimal": ".",
         "emptyTable": "No data available in table",
         "expand_all": "Expand All",
         "info": "Showing _START_ to _END_ of _TOTAL_ entries",
diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index b6933b28..f2f23681 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -106,7 +106,8 @@
         "username": "Používateľské meno",
         "validate": "Overiť",
         "validation_success": "Úspešne overené",
-        "app_passwd_protocols": "Povolené protokoly k heslu aplikácie"
+        "app_passwd_protocols": "Povolené protokoly k heslu aplikácie",
+        "tags": "Štítky"
     },
     "admin": {
         "access": "Prístup",

From a1f033e4c167e2d87eafc4acfdbed4177285c3b0 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 30 Jan 2023 19:58:17 +0100
Subject: [PATCH 152/170] Update docker/build-push-action action to v4 (#5032)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/rebuild_backup_image.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/rebuild_backup_image.yml b/.github/workflows/rebuild_backup_image.yml
index 120d68d9..21c218a8 100644
--- a/.github/workflows/rebuild_backup_image.yml
+++ b/.github/workflows/rebuild_backup_image.yml
@@ -26,7 +26,7 @@ jobs:
           password: ${{ secrets.BACKUPIMAGEBUILD_ACTION_DOCKERHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
         with:
           context: .
           file: data/Dockerfiles/backup/Dockerfile

From d62c27500430da91463e731cdf1ddb701e25366e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 31 Jan 2023 09:49:18 +0100
Subject: [PATCH 153/170] [Web] match PAGINATION_SIZE to an existing datatable
 option

---
 data/web/inc/vars.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index 4f09d5f9..5e6d72e7 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -124,7 +124,7 @@ $MAILCOW_APPS = array(
 );
 
 // Rows until pagination begins
-$PAGINATION_SIZE = 20;
+$PAGINATION_SIZE = 25;
 
 // Default number of rows/lines to display (log table)
 $LOG_LINES = 1000;

From 72e8180c6be0f8ae9444e4ae10129ffa830c0c9b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 31 Jan 2023 10:37:51 +0100
Subject: [PATCH 154/170] [Web] datatable adjustment

---
 data/web/css/build/013-datatables.css | 20 +++++++++++++++++++-
 data/web/css/build/014-mailcow.css    | 11 -----------
 data/web/css/build/015-responsive.css |  3 +++
 data/web/js/site/admin.js             | 12 ++++++------
 data/web/js/site/mailbox.js           | 24 ++++++++++++------------
 data/web/js/site/quarantine.js        |  2 +-
 data/web/js/site/queue.js             |  2 +-
 data/web/js/site/user.js              |  6 +++---
 8 files changed, 45 insertions(+), 35 deletions(-)

diff --git a/data/web/css/build/013-datatables.css b/data/web/css/build/013-datatables.css
index e5518ff8..13378460 100644
--- a/data/web/css/build/013-datatables.css
+++ b/data/web/css/build/013-datatables.css
@@ -77,4 +77,22 @@ li .dtr-data {
 table.dataTable>tbody>tr.child span.dtr-title {
     width: 30%;
     max-width: 250px;
-}
\ No newline at end of file
+}
+
+
+div.dataTables_wrapper div.dataTables_filter {
+    text-align: left;
+}
+div.dataTables_wrapper div.dataTables_length {
+    text-align: right;
+}
+.dataTables_paginate, .dataTables_length, .dataTables_filter {
+    margin: 10px 0!important;
+}
+
+td.dt-text-right {
+    text-align: end !important;
+}
+th.dt-text-right {
+    text-align: end !important;
+}
diff --git a/data/web/css/build/014-mailcow.css b/data/web/css/build/014-mailcow.css
index 3d0eeaee..374d484d 100644
--- a/data/web/css/build/014-mailcow.css
+++ b/data/web/css/build/014-mailcow.css
@@ -370,14 +370,3 @@ button[aria-expanded='true'] > .caret {
 .btn-check:checked+.btn-outline-secondary, .btn-check:active+.btn-outline-secondary, .btn-outline-secondary:active, .btn-outline-secondary.active, .btn-outline-secondary.dropdown-toggle.show {
     background-color: #f0f0f0 !important;
 }
-
-
-div.dataTables_wrapper div.dataTables_filter {
-  text-align: left;
-}
-div.dataTables_wrapper div.dataTables_length {
-  text-align: right;
-}
-.dataTables_paginate, .dataTables_length, .dataTables_filter {
-  margin: 10px 0!important;
-}
\ No newline at end of file
diff --git a/data/web/css/build/015-responsive.css b/data/web/css/build/015-responsive.css
index 47eadb53..a626a384 100644
--- a/data/web/css/build/015-responsive.css
+++ b/data/web/css/build/015-responsive.css
@@ -203,6 +203,9 @@
     text-align: left;
   }
 
+  .senders-mw220 {
+    max-width: 100% !important;
+  }
 }
 
 @media (max-width: 350px) {
diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index 0e5a9ae6..23ef1d25 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -133,7 +133,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: ''
         },
       ],
@@ -204,7 +204,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: ''
         },
       ]
@@ -277,7 +277,7 @@ jQuery(function($){
           title: lang.action,
           data: 'action',
           defaultContent: '',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right'
+          className: 'dt-sm-head-hidden dt-text-right'
         },
       ]
     });
@@ -343,7 +343,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: ''
         },
       ]
@@ -421,7 +421,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: ''
         },
       ]
@@ -499,7 +499,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: ''
         },
       ]
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 49cce1b2..2ef84688 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -613,7 +613,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
@@ -823,7 +823,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 6,
           defaultContent: ''
         },
@@ -1095,7 +1095,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 6,
           defaultContent: ''
         },
@@ -1326,7 +1326,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 6,
           defaultContent: ''
         },
@@ -1439,7 +1439,7 @@ jQuery(function($){
           data: 'action',
           responsivePriority: 5,
           defaultContent: '',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right'
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right'
         },
       ]
     });
@@ -1575,7 +1575,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
@@ -1672,7 +1672,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
@@ -1779,7 +1779,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
@@ -1933,7 +1933,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
@@ -2028,7 +2028,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
@@ -2181,7 +2181,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
@@ -2292,7 +2292,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
diff --git a/data/web/js/site/quarantine.js b/data/web/js/site/quarantine.js
index e69863f7..18d7a1d5 100644
--- a/data/web/js/site/quarantine.js
+++ b/data/web/js/site/quarantine.js
@@ -163,7 +163,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-text-right dt-sm-head-hidden',
           defaultContent: ''
         },
       ]
diff --git a/data/web/js/site/queue.js b/data/web/js/site/queue.js
index bc4c7369..f37884a6 100644
--- a/data/web/js/site/queue.js
+++ b/data/web/js/site/queue.js
@@ -116,7 +116,7 @@ jQuery(function($){
         {
           title: lang_admin.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: ''
         },
       ]
diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index d93e692f..b2139829 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -208,7 +208,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: ''
         }
       ]
@@ -363,7 +363,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: '',
           responsivePriority: 5
         }
@@ -460,7 +460,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: ''
         }
       ]

From 64ac6a88911e4a644fad3bba17d6e40887447eea Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 31 Jan 2023 10:54:16 +0100
Subject: [PATCH 155/170] [Web] Skip update_sogo_static_view if sogo is
 disabled

---
 data/web/inc/functions.mailbox.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index f96894ff..4529ee7b 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -5264,7 +5264,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
       }
     break;
   }
-  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'mailbox', 'resource'))) {
+  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'mailbox', 'resource')) && getenv('SKIP_SOGO') != "y") {
     update_sogo_static_view();
   }
 }

From 6aebb8352eabe0a144f4c3b48d038a6c11cb9bc7 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <derlinkman@gmail.com>
Date: Thu, 2 Feb 2023 11:03:51 +0100
Subject: [PATCH 156/170] [Fix] SOGo Update Fix for 5.8.0 (macOS fix)

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 44dc8f10..05a2f9aa 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -169,7 +169,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.114
+      image: mailcow/sogo:1.115
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From e8fd34d31f4551c7415b38a8a401e619a9fe24e4 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 2 Feb 2023 11:28:51 +0100
Subject: [PATCH 157/170] [Web] webauthn add lang strings

---
 data/web/inc/functions.inc.php | 24 ++++++++++++------------
 data/web/lang/lang.de-de.json  |  3 +++
 data/web/lang/lang.en-gb.json  |  3 +++
 3 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 3bab56bb..de1855fa 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1739,7 +1739,7 @@ function verify_tfa_login($username, $_data) {
               $_SESSION['return'][] =  array(
                   'type' => 'danger',
                   'log' => array(__FUNCTION__, $username, '*'),
-                  'msg' => array('webauthn_verification_failed', 'authenticator not found')
+                  'msg' => array('webauthn_authenticator_failed')
               );
               return false;
             } 
@@ -1748,11 +1748,20 @@ function verify_tfa_login($username, $_data) {
                 $_SESSION['return'][] =  array(
                     'type' => 'danger',
                     'log' => array(__FUNCTION__, $username, '*'),
-                    'msg' => array('webauthn_verification_failed', 'publicKey not found')
+                    'msg' => array('webauthn_publickey_failed')
                 );
                 return false;
             }
 
+            if ($process_webauthn['username'] != $_SESSION['pending_mailcow_cc_username']){
+              $_SESSION['return'][] =  array(
+                  'type' => 'danger',
+                  'log' => array(__FUNCTION__, $username, '*'),
+                  'msg' => array('webauthn_username_failed')
+              );
+              return false;
+            }
+
             try {
                 $WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $process_webauthn['publicKey'], $challenge, null, $GLOBALS['WEBAUTHN_UV_FLAG_LOGIN'], $GLOBALS['WEBAUTHN_USER_PRESENT_FLAG']);
             }
@@ -1784,21 +1793,12 @@ function verify_tfa_login($username, $_data) {
                 $_SESSION['return'][] =  array(
                   'type' => 'danger',
                   'log' => array(__FUNCTION__, $username, '*'),
-                  'msg' => array('webauthn_verification_failed', 'could not determine user role')
+                  'msg' => array('webauthn_role_failed')
                 );
                 return false;
               }
             }
 
-            if ($process_webauthn['username'] != $_SESSION['pending_mailcow_cc_username']){
-                $_SESSION['return'][] =  array(
-                    'type' => 'danger',
-                    'log' => array(__FUNCTION__, $username, '*'),
-                    'msg' => array('webauthn_verification_failed', 'user who requests does not match with sql entry')
-                );
-                return false;
-            }
-
             $_SESSION["mailcow_cc_username"] = $process_webauthn['username'];
             $_SESSION['tfa_id'] = $process_webauthn['id'];
             $_SESSION['authReq'] = null;
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index f348ce6a..3d1e2d59 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -455,6 +455,9 @@
         "totp_verification_failed": "TOTP-Verifizierung fehlgeschlagen",
         "transport_dest_exists": "Transport-Maps-Ziel \"%s\" existiert bereits",
         "webauthn_verification_failed": "WebAuthn-Verifizierung fehlgeschlagen: %s",
+        "webauthn_authenticator_failed": "Der ausgewählte Authenticator wurde nicht gefunden",
+        "webauthn_publickey_failed": "Zu dem ausgewählten Authenticator wurde kein Publickey hinterlegt",
+        "webauthn_username_failed": "Der ausgewählte Authenticator gehört zu einem anderen Konto",
         "unknown": "Ein unbekannter Fehler trat auf",
         "unknown_tfa_method": "Unbekannte TFA-Methode",
         "unlimited_quota_acl": "Unendliche Quota untersagt durch ACL",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index f7fc0577..02db0b0d 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -458,6 +458,9 @@
         "totp_verification_failed": "TOTP verification failed",
         "transport_dest_exists": "Transport destination \"%s\" exists",
         "webauthn_verification_failed": "WebAuthn verification failed: %s",
+        "webauthn_authenticator_failed": "The selected authenticator was not found",
+        "webauthn_publickey_failed": "No public key was stored for the selected authenticator",
+        "webauthn_username_failed": "The selected authenticator belongs to another account",
         "unknown": "An unknown error occurred",
         "unknown_tfa_method": "Unknown TFA method",
         "unlimited_quota_acl": "Unlimited quota prohibited by ACL",

From 2bc663dcd573c16c4bd246646dfca15c1ac9a4dd Mon Sep 17 00:00:00 2001
From: Niklas Meyer <derlinkman@gmail.com>
Date: Thu, 2 Feb 2023 14:55:44 +0100
Subject: [PATCH 158/170] Removed Twitter Action due to Twitter Paid API
 (soon). Thx Elon!

---
 .../tweet-trigger-publish-release.yml         | 20 -------------------
 1 file changed, 20 deletions(-)
 delete mode 100644 .github/workflows/tweet-trigger-publish-release.yml

diff --git a/.github/workflows/tweet-trigger-publish-release.yml b/.github/workflows/tweet-trigger-publish-release.yml
deleted file mode 100644
index 9aab121a..00000000
--- a/.github/workflows/tweet-trigger-publish-release.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: "Tweet trigger release"
-on:
-  release:
-    types: [published]
-
-jobs:
-  tweet:
-    runs-on: ubuntu-latest
-    steps:
-      - name: "Get Release Tag"
-        run:  |
-          RELEASE_TAG=$(curl https://api.github.com/repos/mailcow/mailcow-dockerized/releases/latest | jq -r '.tag_name')
-      - name: Tweet-trigger-publish-release
-        uses: mugi111/tweet-trigger-release@v1.2
-        with:
-          consumer_key: ${{ secrets.CONSUMER_KEY }}
-          consumer_secret: ${{ secrets.CONSUMER_SECRET }}
-          access_token_key: ${{ secrets.ACCESS_TOKEN_KEY }}
-          access_token_secret: ${{ secrets.ACCESS_TOKEN_SECRET }}
-          tweet_body: 'A new mailcow update has just been released! Checkout the GitHub Page for changelog and more informations: https://github.com/mailcow/mailcow-dockerized/releases/latest'

From 5dca4dac81260d92ce62f4b6c825a8c630e6c65e Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sat, 4 Feb 2023 15:00:07 +0100
Subject: [PATCH 159/170] [Web] Updated lang.ru-ru.json (#5046)

Co-authored-by: Aleksandr Kliushenok <alex.1501@icloud.com>
---
 data/web/lang/lang.ru-ru.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index 60aba927..017ffd02 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -37,7 +37,7 @@
         "add_domain_only": "Только добавить домен",
         "add_domain_restart": "Добавить домен и перезапустить SOGo",
         "alias_address": "Псевдоним/ы",
-        "alias_address_info": "<small>Укажите почтовые адреса разделенные запятыми или, если хотите пересылать все сообщения для домена владельцам псевдонима то: <code>@example.com</code>. <b>Только домены mailcow разрешены</b>.</small>",
+        "alias_address_info": "<small>Адрес(а) электронной почты (через запятую) или @example.com (для перехвата всех писем для домена). <b>только домены mailcow</b>.</small>",
         "alias_domain": "Псевдоним домена",
         "alias_domain_info": "<small>Действительные имена доменов, раздёленные запятыми.</small>",
         "app_name": "Название приложения",
@@ -335,7 +335,8 @@
         "username": "Имя пользователя",
         "validate_license_now": "Получить лицензию на основе GUID с сервера лицензий",
         "verify": "Проверить",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "queue_unban": "разблокировать"
     },
     "danger": {
         "access_denied": "Доступ запрещён, или указаны неверные данные",

From dc85f4996192210cdd1ab3b2a43bccca59e7e52a Mon Sep 17 00:00:00 2001
From: Tomy Hsieh <git@tomy.me>
Date: Sat, 11 Feb 2023 21:49:21 +0800
Subject: [PATCH 160/170] =?UTF-8?q?=E2=9C=A8=20feat:=20Change=20FIDO2=20lo?=
 =?UTF-8?q?gin=20to=20independent=20button?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 data/web/templates/index.twig | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/data/web/templates/index.twig b/data/web/templates/index.twig
index e90a720a..45054b5f 100644
--- a/data/web/templates/index.twig
+++ b/data/web/templates/index.twig
@@ -38,15 +38,8 @@
             </div>
           </div>
           <div class="d-flex mt-4" style="position: relative">
-            <div class="btn-group">
-              <div class="btn-group">
-                <button type="submit" class="btn btn-xs-lg btn-success" value="Login">{{ lang.login.login }}</button>
-                <button type="button" class="btn btn-xs-lg btn-success dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false"></button>
-                <ul class="dropdown-menu">
-                  <li><a class="dropdown-item" href="#" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</a></li>
-                </ul>
-              </div>
-            </div>
+            <button type="submit" class="btn btn-xs-lg btn-success" value="Login">{{ lang.login.login }}</button>
+            <button type="button" class="btn btn-xs-lg btn-success ms-2" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</button>
             {% if not oauth2_request %}
             <button type="button" {% if available_languages|length == 1 %}disabled="true"{% endif %} class="btn btn-xs-lg btn-secondary ms-auto dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
               <span class="flag-icon flag-icon-{{ mailcow_locale[-2:] }}"></span>

From ca64ff2c0b9e2edbd3b564169cea92eca6c358b9 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sun, 12 Feb 2023 23:56:14 +0100
Subject: [PATCH 161/170] Update devops-infra/action-pull-request action to
 v0.5.5 (#5060)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/pr_to_nightly.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr_to_nightly.yml b/.github/workflows/pr_to_nightly.yml
index 54dbda34..57aac781 100644
--- a/.github/workflows/pr_to_nightly.yml
+++ b/.github/workflows/pr_to_nightly.yml
@@ -12,7 +12,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Run the Action
-        uses: devops-infra/action-pull-request@v0.5.3
+        uses: devops-infra/action-pull-request@v0.5.5
         with:
           github_token: ${{ secrets.PRTONIGHTLY_ACTION_PAT }}
           title: Automatic PR to nightly from ${{ github.event.repository.updated_at}}

From 38291d123fe3af0769fbb5a48b7d9011da8b0aa5 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <derlinkman@gmail.com>
Date: Tue, 14 Feb 2023 10:11:55 +0100
Subject: [PATCH 162/170] [DB] Fix espacing of special db names during upgrade

---
 data/web/inc/init_db.inc.php | 216 +++++++++++++++++------------------
 1 file changed, 108 insertions(+), 108 deletions(-)

diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 9fc9234e..e286ab55 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "06012023_1924";
+    $db_version = "14022023_1000";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -225,22 +225,22 @@ function init_db_schema() {
         ),
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
       ),
-      "templates" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "template" => "VARCHAR(255) NOT NULL",
-          "type" => "VARCHAR(255) NOT NULL",
-          "attributes" => "JSON",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
+      "templates" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "template" => "VARCHAR(255) NOT NULL",
+          "type" => "VARCHAR(255) NOT NULL",
+          "attributes" => "JSON",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
       "domain" => array(
         // Todo: Move some attributes to json
         "cols" => array(
@@ -1076,7 +1076,7 @@ function init_db_schema() {
         }
       }
 
-      // Migrate tls_enforce_* options
+      // Migrate tls_enforce_* options
       if ($table == 'mailbox') {
         $stmt = $pdo->query("SHOW TABLES LIKE 'mailbox'");
         $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -1096,7 +1096,7 @@ function init_db_schema() {
       $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'");
       $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
       if ($num_results != 0) {
-        $stmt = $pdo->prepare("SELECT CONCAT('ALTER TABLE ', `table_schema`, '.', `table_name`, ' DROP FOREIGN KEY ', `constraint_name`, ';') AS `FKEY_DROP` FROM `information_schema`.`table_constraints`
+        $stmt = $pdo->prepare("SELECT CONCAT('ALTER TABLE `', `table_schema`, '`.', `table_name`, ' DROP FOREIGN KEY ', `constraint_name`, ';') AS `FKEY_DROP` FROM `information_schema`.`table_constraints`
           WHERE `constraint_type` = 'FOREIGN KEY' AND `table_name` = :table;");
         $stmt->execute(array(':table' => $table));
         $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
@@ -1322,95 +1322,95 @@ function init_db_schema() {
     // Fix domain_admins
     $pdo->query("DELETE FROM `domain_admins` WHERE `domain` = 'ALL';");
 
-    // add default templates
-    $default_domain_template = array(
-      "template" => "Default",
-      "type" => "domain",
-      "attributes" => array(
-        "tags" => array(),
-        "max_num_aliases_for_domain" => 400,
-        "max_num_mboxes_for_domain" => 10,
-        "def_quota_for_mbox" => 3072 * 1048576,
-        "max_quota_for_mbox" => 10240 * 1048576,
-        "max_quota_for_domain" => 10240 * 1048576,
-        "rl_frame" => "s",
-        "rl_value" => "",
-        "active" => 1,
-        "gal" => 1,
-        "backupmx" => 0,
-        "relay_all_recipients" => 0,
-        "relay_unknown_only" => 0,
-        "dkim_selector" => "dkim",
-        "key_size" => 2048,
-        "max_quota_for_domain" => 10240 * 1048576,
-      )
-    );     
-    $default_mailbox_template = array(
-      "template" => "Default",
-      "type" => "mailbox",
-      "attributes" => array(
-        "tags" => array(),
-        "quota" => 0,
-        "quarantine_notification" => strval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['quarantine_notification']),
-        "quarantine_category" => strval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['quarantine_category']),
-        "rl_frame" => "s",
-        "rl_value" => "",
-        "force_pw_update" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['force_pw_update']),
-        "sogo_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['sogo_access']),
-        "active" => 1,
-        "tls_enforce_in" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['tls_enforce_in']),
-        "tls_enforce_out" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['tls_enforce_out']),
-        "imap_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['imap_access']),
-        "pop3_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['pop3_access']),
-        "smtp_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['smtp_access']),
-        "sieve_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['sieve_access']),
-        "acl_spam_alias" => 1,
-        "acl_tls_policy" => 1,
-        "acl_spam_score" => 1,
-        "acl_spam_policy" => 1,
-        "acl_delimiter_action" => 1,
-        "acl_syncjobs" => 0,
-        "acl_eas_reset" => 1,
-        "acl_sogo_profile_reset" => 0,
-        "acl_pushover" => 1,
-        "acl_quarantine" => 1,
-        "acl_quarantine_attachments" => 1,
-        "acl_quarantine_notification" => 1,
-        "acl_quarantine_category" => 1,
-        "acl_app_passwds" => 1,
-      )
-    );        
-    $stmt = $pdo->prepare("SELECT id FROM `templates` WHERE `type` = :type AND `template` = :template");
-    $stmt->execute(array(
-      ":type" => "domain",
-      ":template" => $default_domain_template["template"]
-    ));
-    $row = $stmt->fetch(PDO::FETCH_ASSOC);
-    if (empty($row)){
-      $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
-        VALUES (:type, :template, :attributes)");
-      $stmt->execute(array(
-        ":type" => "domain",
-        ":template" => $default_domain_template["template"],
-        ":attributes" => json_encode($default_domain_template["attributes"])
-      )); 
-    }    
-    $stmt = $pdo->prepare("SELECT id FROM `templates` WHERE `type` = :type AND `template` = :template");
-    $stmt->execute(array(
-      ":type" => "mailbox",
-      ":template" => $default_mailbox_template["template"]
-    ));
-    $row = $stmt->fetch(PDO::FETCH_ASSOC);
-    if (empty($row)){
-      $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
-        VALUES (:type, :template, :attributes)");
-      $stmt->execute(array(
-        ":type" => "mailbox",
-        ":template" => $default_mailbox_template["template"],
-        ":attributes" => json_encode($default_mailbox_template["attributes"])
-      )); 
-    } 
-
+    // add default templates
+    $default_domain_template = array(
+      "template" => "Default",
+      "type" => "domain",
+      "attributes" => array(
+        "tags" => array(),
+        "max_num_aliases_for_domain" => 400,
+        "max_num_mboxes_for_domain" => 10,
+        "def_quota_for_mbox" => 3072 * 1048576,
+        "max_quota_for_mbox" => 10240 * 1048576,
+        "max_quota_for_domain" => 10240 * 1048576,
+        "rl_frame" => "s",
+        "rl_value" => "",
+        "active" => 1,
+        "gal" => 1,
+        "backupmx" => 0,
+        "relay_all_recipients" => 0,
+        "relay_unknown_only" => 0,
+        "dkim_selector" => "dkim",
+        "key_size" => 2048,
+        "max_quota_for_domain" => 10240 * 1048576,
+      )
+    );     
+    $default_mailbox_template = array(
+      "template" => "Default",
+      "type" => "mailbox",
+      "attributes" => array(
+        "tags" => array(),
+        "quota" => 0,
+        "quarantine_notification" => strval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['quarantine_notification']),
+        "quarantine_category" => strval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['quarantine_category']),
+        "rl_frame" => "s",
+        "rl_value" => "",
+        "force_pw_update" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['force_pw_update']),
+        "sogo_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['sogo_access']),
+        "active" => 1,
+        "tls_enforce_in" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['tls_enforce_in']),
+        "tls_enforce_out" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['tls_enforce_out']),
+        "imap_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['imap_access']),
+        "pop3_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['pop3_access']),
+        "smtp_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['smtp_access']),
+        "sieve_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['sieve_access']),
+        "acl_spam_alias" => 1,
+        "acl_tls_policy" => 1,
+        "acl_spam_score" => 1,
+        "acl_spam_policy" => 1,
+        "acl_delimiter_action" => 1,
+        "acl_syncjobs" => 0,
+        "acl_eas_reset" => 1,
+        "acl_sogo_profile_reset" => 0,
+        "acl_pushover" => 1,
+        "acl_quarantine" => 1,
+        "acl_quarantine_attachments" => 1,
+        "acl_quarantine_notification" => 1,
+        "acl_quarantine_category" => 1,
+        "acl_app_passwds" => 1,
+      )
+    );        
+    $stmt = $pdo->prepare("SELECT id FROM `templates` WHERE `type` = :type AND `template` = :template");
+    $stmt->execute(array(
+      ":type" => "domain",
+      ":template" => $default_domain_template["template"]
+    ));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+    if (empty($row)){
+      $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
+        VALUES (:type, :template, :attributes)");
+      $stmt->execute(array(
+        ":type" => "domain",
+        ":template" => $default_domain_template["template"],
+        ":attributes" => json_encode($default_domain_template["attributes"])
+      )); 
+    }    
+    $stmt = $pdo->prepare("SELECT id FROM `templates` WHERE `type` = :type AND `template` = :template");
+    $stmt->execute(array(
+      ":type" => "mailbox",
+      ":template" => $default_mailbox_template["template"]
+    ));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+    if (empty($row)){
+      $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
+        VALUES (:type, :template, :attributes)");
+      $stmt->execute(array(
+        ":type" => "mailbox",
+        ":template" => $default_mailbox_template["template"],
+        ":attributes" => json_encode($default_mailbox_template["attributes"])
+      )); 
+    } 
+
     if (php_sapi_name() == "cli") {
       echo "DB initialization completed" . PHP_EOL;
     } else {

From 9054ca18be0bc9ea9399658499910a5f7a653ef5 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 14 Feb 2023 19:33:12 +0100
Subject: [PATCH 163/170] [Web] Updated lang.lv-lv.json (#5061)

Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>
---
 data/web/lang/lang.lv-lv.json | 42 ++++++++++++++++++++++++++---------
 1 file changed, 31 insertions(+), 11 deletions(-)

diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index b03848a4..962b9000 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -3,7 +3,8 @@
         "bcc_maps": "BCC kartes",
         "filters": "Filtri",
         "recipient_maps": "Saņēmēja kartes",
-        "syncjobs": "Sinhronizācijas uzdevumi"
+        "syncjobs": "Sinhronizācijas uzdevumi",
+        "spam_score": "Mēstules novērtējums"
     },
     "add": {
         "activate_filter_warn": "Visi pārējie filtri tiks deaktivizēti, kad aktīvs ir atzīmēts.",
@@ -104,10 +105,10 @@
         "host": "Hosts",
         "import": "Importēt",
         "import_private_key": "Importēt privātu atslēgu",
-        "in_use_by": "Tiek lietots ar",
+        "in_use_by": "Izmanto",
         "inactive": "Neaktīvs",
         "link": "Saite",
-        "loading": "Lūdzu uzgaidiet...",
+        "loading": "Lūgums uzgaidīt...",
         "logo_info": "Jūsu attēls augšējā navigācijas joslā tiks palielināts līdz 40 pikseļiem un maks. sākumlapas platums par 250 pikseļi. Ir ļoti ieteicama pielāgojama grafikaYour image will be scaled to a height of 40px for the top navigation bar and a max. width of 250px for the start page. Ir ļoti ieteicama pielāgojamā grafika",
         "main_name": "\"mailcow UI\" nosaukums",
         "merged_vars_hint": "Pelēkās rindas tika apvienotas <code>vars.(local.)inc.php</code> un nevar tikt modificētas.",
@@ -144,7 +145,10 @@
         "ui_texts": "UI etiķetes un teksti",
         "unchanged_if_empty": "Ja nav veiktas izmaiņas, atstājiet tukšu",
         "upload": "Augšupielādēt",
-        "username": "Lietotājvārds"
+        "username": "Lietotājvārds",
+        "generate": "izveidot",
+        "message": "Ziņojums",
+        "last_applied": "Pēdējoreiz pielietots"
     },
     "danger": {
         "access_denied": "Piekļuve liegta, vai nepareizi dati",
@@ -170,7 +174,7 @@
         "is_alias": "%s jau ir zināms alias",
         "is_alias_or_mailbox": "%s jau ir zināms alias, pastkastes vai alias addrese izvērsta no alias domēna.",
         "is_spam_alias": "%s ir jau zināms spam alias",
-        "last_key": "Pēdējā atslēga nevar būt dzēsta",
+        "last_key": "Pēdējo atslēgu nevar izdzēst, tā vietā jāatspējo divpakāpju pārbaude.",
         "login_failed": "Ielogošanās neveiksmīga",
         "mailbox_invalid": "Pastkastes vārds ir nederīgs",
         "mailbox_quota_exceeded": "Kvota pārsniedz domēna limitu (max. %d MiB)",
@@ -262,7 +266,8 @@
         "title": "Labot priekšmetu",
         "unchanged_if_empty": "Ja neizmainīts atstājiet tukšu",
         "username": "Lietotājvārds",
-        "validate_save": "Apstiprināt un saglabāt"
+        "validate_save": "Apstiprināt un saglabāt",
+        "last_modified": "Pēdējoreiz mainīts"
     },
     "footer": {
         "cancel": "Atcelt",
@@ -314,21 +319,21 @@
         "bcc_destinations": "BCC galamērķi/s",
         "bcc_info": "BCC kartes tiek izmantotas, lai klusu pārsūtītu visu ziņojumu kopijas uz citu adresi. Saņēmēja kartes tipa ieraksts tiek izmantots, kad vietējais galamērķis darbojas kā pasta adresāts. Sūtītāja kartes atbilst vienam un tam pašam principam. <br/>\r\n   Vietējais galamērķis netiks informēts par piegādes neveiksmi. ",
         "bcc_local_dest": "Vietējais galamērķis",
-        "bcc_map_type": "BCC tips",
+        "bcc_map_type": "BCC veids",
         "bcc_maps": "BCC kartes",
         "bcc_rcpt_map": "saņēmēja karte",
         "bcc_sender_map": "Sūtītāja karte",
         "bcc_to_rcpt": "Pārslēdzieties uz adresāta kartes tipu",
         "bcc_to_sender": "Pārslēgties uz sūtītāja kartes tipu",
         "bcc_type": "BCC tips",
-        "deactivate": "Deaktivizēt",
+        "deactivate": "Deaktivēt",
         "description": "Apraksts",
         "dkim_key_length": "DKIM atslēgas garums (bits)",
         "domain": "Domēns",
         "domain_admins": "Domēna administratori",
         "domain_aliases": "Domēna aliases",
         "domain_quota": "Kvota",
-        "domain_quota_total": "Kopējā  domēna kvota",
+        "domain_quota_total": "Kopējais domēna ierobežojums",
         "domains": "Domēns",
         "edit": "Labot",
         "empty": "Nav rezultātu",
@@ -341,7 +346,7 @@
         "inactive": "Neaktīvs",
         "kind": "Veids",
         "last_run": "Pēdējā norise",
-        "last_run_reset": "Nākamais grafiks",
+        "last_run_reset": "Ievietot sarakstā kā nākamo",
         "mailbox_quota": "Maks. pastkastes izmērs",
         "mailboxes": "Pastkaste",
         "max_aliases": "Maks. iespejamās aliases",
@@ -374,7 +379,13 @@
         "tls_enforce_out": "Piespiest TLS izejošajiem",
         "toggle_all": "Pārslēgt visu",
         "username": "Lietotājvārds",
-        "waiting": "Gaidīšana"
+        "waiting": "Gaidīšana",
+        "last_modified": "Pēdējoreiz mainīts",
+        "booking_0_short": "Vienmēŗ bezmaksas",
+        "daily": "Ik dienu",
+        "hourly": "Ik stundu",
+        "last_mail_login": "Pēdējā pieteikšanās pastkastē",
+        "mailbox": "Pastkaste"
     },
     "quarantine": {
         "action": "Darbības",
@@ -547,5 +558,14 @@
         "waiting": "Waiting",
         "week": "Nedēļa",
         "weeks": "Nedēļas"
+    },
+    "datatables": {
+        "paginate": {
+            "first": "Pirmā",
+            "last": "Pēdējā"
+        }
+    },
+    "debug": {
+        "last_modified": "Pēdējoreiz mainīts"
     }
 }

From aa4d8b1f47675bd47148aa5ad5358f899325fea6 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 15 Feb 2023 13:51:12 +0000
Subject: [PATCH 164/170] Update dependency composer/composer to v2.5.4

Signed-off-by: milkmaker <milkmaker@mailcow.de>
---
 data/Dockerfiles/phpfpm/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 05081c6d..c8713e04 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -12,7 +12,7 @@ ARG MEMCACHED_PECL_VERSION=3.2.0
 # renovate: datasource=github-tags depName=phpredis/phpredis versioning=semver-coerced
 ARG REDIS_PECL_VERSION=5.3.7
 # renovate: datasource=github-tags depName=composer/composer versioning=semver-coerced
-ARG COMPOSER_VERSION=2.5.1
+ARG COMPOSER_VERSION=2.5.4
 
 RUN apk add -U --no-cache autoconf \
   aspell-dev \

From 63e92e0897acffb770ab6e6517fb1bc7ba93ef22 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <derlinkman@gmail.com>
Date: Thu, 16 Feb 2023 14:56:56 +0100
Subject: [PATCH 165/170] [CLAMAV] Update to 1.0.1

---
 data/Dockerfiles/clamd/Dockerfile | 2 +-
 docker-compose.yml                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile
index 91716b84..f381e0ef 100644
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -1,4 +1,4 @@
-FROM clamav/clamav:1.0_base
+FROM clamav/clamav:1.0.1-1_base
 
 LABEL maintainer "André Peters <andre.peters@servercow.de>"
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 05a2f9aa..d9bad657 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -58,7 +58,7 @@ services:
             - redis
 
     clamd-mailcow:
-      image: mailcow/clamd:1.60
+      image: mailcow/clamd:1.61
       restart: always
       depends_on:
         - unbound-mailcow

From 29e5b87207bd4e3d20b468a03a8c408924257c36 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <derlinkman@gmail.com>
Date: Thu, 16 Feb 2023 16:30:36 +0100
Subject: [PATCH 166/170] Changed Language strings for clearer button meaning

---
 data/web/lang/lang.cs-cz.json | 2 +-
 data/web/lang/lang.da-dk.json | 2 +-
 data/web/lang/lang.de-de.json | 2 +-
 data/web/lang/lang.en-gb.json | 2 +-
 data/web/lang/lang.fr-fr.json | 2 +-
 data/web/lang/lang.it-it.json | 2 +-
 data/web/lang/lang.nl-nl.json | 2 +-
 data/web/lang/lang.ro-ro.json | 2 +-
 data/web/lang/lang.ru-ru.json | 2 +-
 data/web/lang/lang.sk-sk.json | 2 +-
 data/web/lang/lang.sv-se.json | 2 +-
 data/web/lang/lang.uk-ua.json | 2 +-
 data/web/lang/lang.zh-cn.json | 2 +-
 data/web/lang/lang.zh-tw.json | 2 +-
 14 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index d1f2bb07..5e119fbd 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -650,7 +650,7 @@
     },
     "login": {
         "delayed": "Přihlášení zpožděno o %s sekund.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Přihlásit",
         "mobileconfig_info": "Ke stažení profilového souboru se přihlaste jako uživatel schránky.",
         "other_logins": "Přihlášení klíčem",
diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json
index fa50ff59..18080080 100644
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -586,7 +586,7 @@
     },
     "login": {
         "delayed": "Login blev forsinket med% s sekunder.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Login",
         "mobileconfig_info": "Log ind som postkassebruger for at downloade den anmodede Apple-forbindelsesprofil.",
         "other_logins": "Nøgle login",
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 3d1e2d59..8ff1cf06 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -710,7 +710,7 @@
     },
     "login": {
         "delayed": "Login wurde zur Sicherheit um %s Sekunde/n verzögert.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Anmelden",
         "mobileconfig_info": "Bitte als Mailbox-Benutzer einloggen, um das Verbindungsprofil herunterzuladen.",
         "other_logins": "Key Login",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 02db0b0d..bfac011e 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -710,7 +710,7 @@
     },
     "login": {
         "delayed": "Login was delayed by %s seconds.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Login",
         "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
         "other_logins": "Key login",
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 8afc5738..4db773e0 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -612,7 +612,7 @@
     },
     "login": {
         "delayed": "La connexion a été retardée de %s secondes.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Connexion",
         "mobileconfig_info": "Veuillez vous connecter en tant qu’utilisateur de la boîte pour télécharger le profil de connexion Apple demandé.",
         "other_logins": "Clé d'authentification",
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index 8bfa9738..d8d6978c 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -674,7 +674,7 @@
     },
     "login": {
         "delayed": "L'accesso è stato ritardato di %s secondi.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Login",
         "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
         "other_logins": "Key login",
diff --git a/data/web/lang/lang.nl-nl.json b/data/web/lang/lang.nl-nl.json
index 547c7bb7..774627ca 100644
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -598,7 +598,7 @@
     },
     "login": {
         "delayed": "Aanmelding vertraagd met %s seconden.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Aanmelden",
         "mobileconfig_info": "Log in als mailboxgebruiker om het Apple-verbindingsprofiel te downloaden.",
         "other_logins": "Meld aan met key",
diff --git a/data/web/lang/lang.ro-ro.json b/data/web/lang/lang.ro-ro.json
index fe0d2064..8e6e1d45 100644
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@@ -656,7 +656,7 @@
     },
     "login": {
         "delayed": "Conectarea a fost întârziată cu %s secunde.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Autentificare",
         "mobileconfig_info": "Autentificați-vă cu adresa de email pentru a descărca profilul de conexiune Apple.",
         "other_logins": "Autentificare cu cheie",
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index 60aba927..47dae3fd 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -654,7 +654,7 @@
     },
     "login": {
         "delayed": "Вход был отложен на %s секунд.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Войти",
         "mobileconfig_info": "Пожалуйста, войдите в систему как пользователь почтового аккаунта для загрузки профиля подключения Apple.",
         "other_logins": "Вход с помощью ключа",
diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index f2f23681..2b93650f 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -657,7 +657,7 @@
     },
     "login": {
         "delayed": "Prihlásenie bolo oneskorené o %s sekúnd.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Prihlásenie",
         "mobileconfig_info": "Prosím, prihláste sa ako mailový používateľ pre stiahnutie požadovaného Apple profilu.",
         "other_logins": "Prihlásenie kľúčom",
diff --git a/data/web/lang/lang.sv-se.json b/data/web/lang/lang.sv-se.json
index 4cc84619..31bc0ab3 100644
--- a/data/web/lang/lang.sv-se.json
+++ b/data/web/lang/lang.sv-se.json
@@ -618,7 +618,7 @@
     },
     "login": {
         "delayed": "Av säkerhetsskäl har inloggning inaktiverats i %s sekunder.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Logga in",
         "mobileconfig_info": "Logga in som en användare av brevlåda för att ladda ner den begärda Apple-anslutningsprofilen.",
         "other_logins": "Loggain med nyckel",
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index e3acb8b5..0a5c71b8 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -656,7 +656,7 @@
         "awaiting_tfa_confirmation": "В очікуванні підтвердження TFA"
     },
     "login": {
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Увійти",
         "other_logins": "Вхід за допомогою ключа",
         "password": "Пароль",
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 5d05ef62..e57ea2a7 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -661,7 +661,7 @@
     },
     "login": {
         "delayed": "请在 %s 秒后重新登录。",
-        "fido2_webauthn": "使用 FIDO2/WebAuthn 登录",
+        "fido2_webauthn": "使用 FIDO2/WebAuthn Login 登录",
         "login": "登录",
         "mobileconfig_info": "请使用邮箱用户登录以下载 Apple 连接描述文件。",
         "other_logins": "Key 登录",
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index f9c81c66..916188db 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -655,7 +655,7 @@
     },
     "login": {
         "delayed": "請在 %s 秒後重新登入。",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "登入",
         "mobileconfig_info": "請使用信箱使用者登入以下載 Apple 連接描述檔案。",
         "other_logins": "金鑰登入",

From e1cd719a178b77a388662a9ec50b1e8faf118ea6 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 16 Feb 2023 17:12:03 +0100
Subject: [PATCH 167/170] [Web] fix mbox percentage sorting

---
 data/web/js/site/mailbox.js | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 2ef84688..f4039268 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -926,9 +926,12 @@ jQuery(function($){
               '<a href="#" data-action="delete_selected" data-id="single-mailbox" data-api-url="delete/mailbox" data-item="' + encodeURIComponent(item.username) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
               '</div>';
             }
-            item.in_use = '<div class="progress">' +
+            item.in_use = {
+              sortBy: item.percent_in_use,
+              value: '<div class="progress">' +
               '<div class="progress-bar-mailbox progress-bar progress-bar-' + item.percent_class + '" role="progressbar" aria-valuenow="' + item.percent_in_use + '" aria-valuemin="0" aria-valuemax="100" ' +
-              'style="min-width:2em;width:' + item.percent_in_use + '%">' + item.percent_in_use + '%' + '</div></div>';
+              'style="min-width:2em;width:' + item.percent_in_use + '%">' + item.percent_in_use + '%' + '</div></div>'
+            };
             item.username = escapeHtml(item.username);
 
             if (Array.isArray(item.tags)){
@@ -994,10 +997,11 @@ jQuery(function($){
         },
         {
           title: lang.in_use,
-          data: 'in_use',
+          data: 'in_use.value',
           defaultContent: '',
           responsivePriority: 9,
-          className: 'dt-data-w100'
+          className: 'dt-data-w100',
+          orderData: 24
         },
         {
           title: lang.fname,
@@ -1102,7 +1106,12 @@ jQuery(function($){
         {
           title: "",
           data: 'quota.sortBy',
-          responsivePriority: 8,
+          defaultContent: '',
+          className: "d-none"
+        },
+        {
+          title: "",
+          data: 'in_use.sortBy',
           defaultContent: '',
           className: "d-none"
         },

From 7f0dd7d0d7a52115c3b97bb8c634b4b67d0693bb Mon Sep 17 00:00:00 2001
From: Niklas Meyer <derlinkman@gmail.com>
Date: Fri, 17 Feb 2023 12:53:31 +0100
Subject: [PATCH 168/170] [Nextcloud] Added bzip2 as required package

---
 helper-scripts/nextcloud.sh | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index 31cdb6a4..50fcbab3 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -2,9 +2,12 @@
 # renovate: datasource=github-releases depName=nextcloud/server versioning=semver extractVersion=^v(?<version>.*)$
 NEXTCLOUD_VERSION=25.0.3
 
-for bin in curl dirmngr; do
-  if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
+echo -ne "Checking prerequisites..."
+sleep 1
+for bin in curl dirmngr tar bzip2; do
+  if [[ -z $(which ${bin}) ]]; then echo -ne "\r\033[31mCannot find ${bin}, exiting...\033[0m\n"; exit 1; fi
 done
+echo -ne "\r\033[32mFound all prerequisites! Continuing...\033[0m\n"
 
 [[ -z ${1} ]] && NC_HELP=y
 
@@ -215,5 +218,4 @@ elif [[ ${NC_RESETPW} == "y" ]]; then
       read -p "Enter the username: " NC_USER
     done
     docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) /web/nextcloud/occ user:resetpassword ${NC_USER}
-
 fi

From 04403aaf70b106bdffa19614b1ce25f715d4d7c0 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 17 Feb 2023 13:15:44 +0100
Subject: [PATCH 169/170] [Netfilter] fix setting SNAT Rule if chain is empty

---
 data/Dockerfiles/netfilter/server.py | 37 +++++++++++++++++-----------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/data/Dockerfiles/netfilter/server.py b/data/Dockerfiles/netfilter/server.py
index 1ccc150e..0b0e2a41 100644
--- a/data/Dockerfiles/netfilter/server.py
+++ b/data/Dockerfiles/netfilter/server.py
@@ -359,21 +359,28 @@ def snat4(snat_target):
         chain = iptc.Chain(table, 'POSTROUTING')
         table.autocommit = False
         new_rule = get_snat4_rule()
-        for position, rule in enumerate(chain.rules):
-          match = all((
-            new_rule.get_src() == rule.get_src(),
-            new_rule.get_dst() == rule.get_dst(),
-            new_rule.target.parameters == rule.target.parameters,
-            new_rule.target.name == rule.target.name
-          ))
-          if position == 0:
-            if not match:
-              logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
-              chain.insert_rule(new_rule)
-          else:
-            if match:
-              logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}')
-              chain.delete_rule(rule)
+
+        if not chain.rules:
+          # if there are no rules in the chain, insert the new rule directly
+          logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
+          chain.insert_rule(new_rule)
+        else:
+          for position, rule in enumerate(chain.rules):
+            match = all((
+              new_rule.get_src() == rule.get_src(),
+              new_rule.get_dst() == rule.get_dst(),
+              new_rule.target.parameters == rule.target.parameters,
+              new_rule.target.name == rule.target.name
+            ))
+            if position == 0:
+              if not match:
+                logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
+                chain.insert_rule(new_rule)
+            else:
+              if match:
+                logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}')
+                chain.delete_rule(rule)
+
         table.commit()
         table.autocommit = True
       except:

From 1a4f11209a52ac38847ac9562cedf6972b25307b Mon Sep 17 00:00:00 2001
From: Niklas Meyer <derlinkman@gmail.com>
Date: Fri, 17 Feb 2023 13:22:23 +0100
Subject: [PATCH 170/170] Updated netfilter to 1.51

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index d9bad657..7c6c5d6a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -425,7 +425,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.50
+      image: mailcow/netfilter:1.51
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow