Update translations.

Fix release-tool merge cmd and rename to "tag"
Bump version to 2.7.11
2025-12-04 15:39:34 +01:00 · 2025-11-23 23:15:03 +01:00 · 2025-11-23 23:13:32 +01:00 · 2025-11-23 22:50:31 +01:00 · 2025-11-23 22:45:57 +01:00 · 2025-11-23 22:45:57 +01:00
1740 changed files with 579612 additions and 279941 deletions
--- a/.clang-format
+++ b/.clang-format
@@ -19,7 +19,7 @@ AlwaysBreakBeforeMultilineStrings: false
 AlwaysBreakTemplateDeclarations: false
 BinPackArguments: false
 BinPackParameters: false
-BraceWrapping:   
+BraceWrapping:
  AfterClass:      true
  AfterFunction:   true
  AfterControlStatement: false
@@ -44,7 +44,7 @@ DerivePointerAlignment: false
 DisableFormat:   false
 ExperimentalAutoDetectBinPacking: false
 ForEachMacros:   [ foreach, Q_FOREACH, BOOST_FOREACH ]
-IncludeCategories: 
+IncludeCategories:
  - Regex:           '^"(llvm|llvm-c|clang|clang-c)/'
    Priority:        2
  - Regex:           '^(<|"(gtest|isl|json)/)'
@@ -54,6 +54,7 @@ IncludeCategories:
 IndentCaseLabels: false
 IndentWidth:     4
 IndentWrappedFunctionNames: false
+InsertNewlineAtEOF: true
 KeepEmptyLinesAtTheStartOfBlocks: true
 MacroBlockBegin: ''
 MacroBlockEnd:   ''
@@ -85,4 +86,3 @@ Standard:        Cpp11
 TabWidth:        4
 UseTab:          Never
 ...
-
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,3 +1,14 @@
+# Github-linguist language hints
+*.h linguist-language=C++
+*.cpp linguist-language=C++
+
+# Line endings harmony
+* text=auto eol=lf
+
+# binary files
+*.ai binary
+
+# Export
 src/version.h.cmake export-subst
 .gitattributes export-ignore
 .gitignore export-ignore
@@ -7,7 +18,3 @@ src/version.h.cmake export-subst
 snapcraft.yaml export-ignore
 make_release.sh export-ignore
 AppImage-Recipe.sh export-ignore
-
-# github-linguist language hints
-*.h linguist-language=C++
-*.cpp linguist-language=C++
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -63,7 +63,7 @@ Before submitting a bug report, check if the problem has already been reported.

 ### Discuss with the team

-As with feature requests, you can talk to the KeePassXC team about bugs, new features, other issues and pull requests on the dedicated issue tracker, or in the IRC channel on Freenode (`#keepassxc-dev` on `irc.freenode.net`, or use a [webchat link](https://webchat.freenode.net/?channels=%23keepassxc-dev)).
+As with feature requests, you can talk to the KeePassXC team about bugs, new features, other issues and pull requests on the dedicated issue tracker, on the [Matrix development channel](https://matrix.to/#/!RhJPJPGwQIFVQeXqZa:matrix.org?via=matrix.org), or in the IRC channel on Libera.Chat (`#keepassxc-dev` on `irc.libera.chat`, or use a [webchat link](https://web.libera.chat/#keepassxc-dev)).

 ### Your first code contribution

@@ -85,16 +85,23 @@ All pull requests must comply with the above requirements and with the [stylegui
 Translations are managed on [Transifex](https://www.transifex.com/keepassxc/keepassxc/) which offers a web interface.
 Please join an existing language team or request a new one if there is none.

+If you open a Pull Request with new strings that require translations, you will need to run the following:
+```
+./release-tool i18n lupdate
+```
+This will make the new strings available for translation in Transifex.
+
 ## Styleguides

 ### Git branch strategy

 The Branch Strategy is based on [git-flow-lite](http://nvie.com/posts/a-successful-git-branching-model/).

-* **master** – points to the latest public release
 * **develop** – points to the development of the next release, contains tested and reviewed code
 * **feature/**[name] – points to a branch with a new feature, one which is candidate for merge into develop (subject to rebase)
-* **hotfix/**[name] – points to a branch with a fix for a particular issue ID
+* **fix/**[name] – points to a branch with a fix for a particular issue ID
+
+Note: The **latest** tag is used to point to the most recent stable release.


 ### Git commit messages
@@ -121,18 +128,18 @@ For names made of only one word, the first letter should be lowercase.
 For names made of multiple concatenated words, the first letter of the whole is lowercase, and the first letter of each subsequent word is capitalized.

 #### Indention
-For **C++ files** (*.cpp .h*): 4 spaces  
+For **C++ files** (*.cpp .h*): 4 spaces
 For **Qt-UI files** (*.ui*): 2 spaces

 #### Includes
-```c
+```cpp
 // Class includes
 #include "MyWidget.h"
 #include "ui_MyWidget.h"

 // Application includes
 #include "core/Config.h"
-#include "core/FilePath.h"
+#include "core/Resources.h"

 // Global includes
 #include <QWidget>
@@ -140,7 +147,7 @@ For **Qt-UI files** (*.ui*): 2 spaces
 ```

 #### Classes
-```c
+```cpp
 // Note: order is important, stay organized!
 class MyWidget : public QWidget
 {
@@ -174,13 +181,13 @@ MyWidget::MyWidget(QWidget* parent)
 ```

 #### Pointers / References
-```c
+```cpp
 int* count;
 const QString& string;
 ```

 #### Braces
-```c
+```cpp
 if (condition) {
    doSomething();
 } else {
@@ -194,7 +201,7 @@ void ExampleClass::exampleFunction()
 ```

 #### Switch statement
-```c
+```cpp
 // Note: avoid declaring variables in a switch statement
 switch (a) {
 case 1:
@@ -221,6 +228,6 @@ Example: `<widget class="QCheckBox" name="rememberCheckBox">`



-[beginner]:https://github.com/keepassxreboot/keepassx/issues?q=is%3Aopen+is%3Aissue+label%3Abeginner+label%3A%22help+wanted%22+sort%3Acomments-desc
+[beginner]:https://github.com/keepassxreboot/keepassxc/issues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22+sort%3Acomments-desc+
 [help-wanted]:https://github.com/keepassxreboot/keepassx/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22+sort%3Acomments-desc
 [issues-section]:https://github.com/keepassxreboot/keepassxc/issues
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1,5 @@
+github: ["droidmonkey", "phoerious"]
+patreon: keepassxc
+open_collective: keepassxc
+liberapay: keepassxc
+custom: ["https://keepassxc.org/donate"]
--- a/.github/ISSUE_TEMPLATE/bug-report.md
+++ b/.github/ISSUE_TEMPLATE/bug-report.md
@@ -6,44 +6,34 @@ labels: bug
 assignees: ''

 ---
-
-[TIP]:  # ( Provide a general summary of the issue in the title above ^^ )
+## Overview
 [TIP]:  # ( DO NOT include screenshots of your actual database! )
+[NOTE]: # ( Give a BRIEF summary about your problem )
+
+
+## Steps to Reproduce
+[NOTE]: # ( Provide a simple set of steps to reproduce this bug. )
+1. 
+2. 
+3. 

 ## Expected Behavior
 [NOTE]: # ( Tell us what you expected to happen )


-## Current Behavior
+## Actual Behavior
 [NOTE]: # ( Tell us what actually happens )


-## Possible Solution
-[NOTE]: # ( Not required, but suggest a fix/reason for the bug )
-
-
-## Steps to Reproduce
-[NOTE]: # ( Provide a link to a live example, or an unambiguous set of steps to )
-[NOTE]: # ( reproduce this bug. Include code to reproduce, if relevant )
-1.
-2.
-3.
-
 ## Context
-[NOTE]: # ( How has this issue affected you? What unique circumstances do you have? )
+[NOTE]: # ( Give us any additional information you may have. )


-## Debug Info
 [NOTE]: # ( Paste debug info from Help → About here )
 KeePassXC - VERSION
 Revision: REVISION

-Libraries:
- LIBS
-
-Operating system: OS
-CPU architecture: ARCH
-Kernel: KERNEL
-
-Enabled extensions:
- EXTENSIONS
+[NOTE]: # ( Pick choices based on your environment )
+Operating System: Windows/Linux/macOS
+Desktop Env: Gnome/KDE/XFCE/Mate/Cinnamon
+Windowing System: X11/Wayland
--- a/.github/ISSUE_TEMPLATE/feature-request.md
+++ b/.github/ISSUE_TEMPLATE/feature-request.md
@@ -1,25 +1,18 @@
 ---
 name: Feature Request
-about: tell us about a new capability you want to see
+about: tell us about a new feature you want
 title: 
 labels: new feature
 assignees: ''

 ---
-
-[TIP]:  # ( Provide a general summary of the feature in the title above ^^ )
-[TIP]:  # ( DO NOT include screenshots of your actual database! )
-
 ## Summary
+[TIP]:  # ( DO NOT include screenshots of your actual database! )
 [NOTE]: # ( Provide a brief overview of what the new feature is all about )


-## Desired Behavior
-[NOTE]: # ( Tell us how the new feature should work, be specific )
-
-
-## Possible Solution
-[NOTE]: # ( Not required, but suggest ideas on how to implement the addition or change )
+## Examples
+[NOTE]: # ( Show us a picture or mock-up of your proposal )


 ## Context
--- a/.github/ISSUE_TEMPLATE/release-preview-bug-report.md
+++ b/.github/ISSUE_TEMPLATE/release-preview-bug-report.md
@@ -1,49 +1,39 @@
 ---
 name: Release Preview Bug report
-about: report a bug with a release preview (eg, 2.4.0-beta1)
-title: "[PRE-RELEASE] "
+about: report a bug with a release preview (e.g., 2.6.0-beta1)
+title: 
 labels: PRE-RELEASE BUG
 assignees: droidmonkey

 ---
-
-[TIP]:  # ( Provide a general summary of the issue in the title above ^^ )
+## Overview
 [TIP]:  # ( DO NOT include screenshots of your actual database! )
+[NOTE]: # ( Give a BRIEF summary about your problem )
+
+
+## Steps to Reproduce
+[NOTE]: # ( Provide a simple set of steps to reproduce this bug. )
+1. 
+2. 
+3. 

 ## Expected Behavior
 [NOTE]: # ( Tell us what you expected to happen )


-## Current Behavior
+## Actual Behavior
 [NOTE]: # ( Tell us what actually happens )


-## Possible Solution
-[NOTE]: # ( Not required, but suggest a fix/reason for the bug )
-
-
-## Steps to Reproduce
-[NOTE]: # ( Provide a link to a live example, or an unambiguous set of steps to )
-[NOTE]: # ( reproduce this bug. Include code to reproduce, if relevant )
-1.
-2.
-3.
-
 ## Context
-[NOTE]: # ( How has this issue affected you? What unique circumstances do you have? )
+[NOTE]: # ( Give us any additional information you may have. )


-## Debug Info
 [NOTE]: # ( Paste debug info from Help → About here )
 KeePassXC - VERSION
 Revision: REVISION

-Libraries:
- LIBS
-
-Operating system: OS
-CPU architecture: ARCH
-Kernel: KERNEL
-
-Enabled extensions:
- EXTENSIONS
+[NOTE]: # ( Pick choices based on your environment )
+Operating System: Windows/Linux/macOS
+Desktop Env: Gnome/KDE/XFCE/Mate/Cinnamon
+Windowing System: X11/Wayland
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,17 +1,6 @@
-[TIP]:  # ( Provide a general summary of your changes in the title above ^^ )
-
-## Type of change
-[NOTE]: # ( Please remove all lines which don't apply. )
- ✅ Bug fix (non-breaking change which fixes an issue)
- ✅ Refactor (significant modification to existing code)
- ✅ New feature (non-breaking change which adds functionality)
- ✅ Breaking change (fix or feature that would cause existing functionality to change)
- ✅ Documentation (non-code change)
-
-## Description and Context
 [NOTE]: # ( Describe your changes in detail, why is this change required? )
-[NOTE]: # ( Describe the context of your change. Explain large code modifications. )
-[NOTE]: # ( If it fixes an open issue, please add "Fixes #XXX" as necessary )
+[NOTE]: # ( Explain large or complex code modifications. )
+[NOTE]: # ( If it fixes an open issue, please add "Fixes #XXX" )


 ## Screenshots
@@ -23,14 +12,10 @@
 [TIP]:  # ( We expect new code to be covered by unit tests and documented with doc blocks! )


-## Checklist:
-[NOTE]: # ( Please go over all the following points. )
-[NOTE]: # ( Again, remove any lines which don't apply. )
-[NOTE]: # ( Pull Requests that don't fulfill all [REQUIRED] requisites are likely )
-[NOTE]: # ( to be sent back to you for correction or will be rejected.  )
- ✅ I have read the **CONTRIBUTING** document. **[REQUIRED]**
- ✅ My code follows the code style of this project. **[REQUIRED]**
- ✅ All new and existing tests passed. **[REQUIRED]**
- ✅ I have compiled and verified my code with `-DWITH_ASAN=ON`. **[REQUIRED]**
- ✅ My change requires a change to the documentation, and I have updated it accordingly.
- ✅ I have added tests to cover my changes.
+## Type of change
+[NOTE]: # ( Please remove all lines which don't apply. )
+- ✅ Bug fix (non-breaking change that fixes an issue)
+- ✅ New feature (change that adds functionality)
+- ✅ Breaking change (causes existing functionality to change)
+- ✅ Refactor (significant modification to existing code)
+- ✅ Documentation (non-code change)
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -0,0 +1,44 @@
+This repository is a C++ (C++20) Qt-based password manager. The important domain concepts are
+Database, Group, and Entry (KDBX format). Key areas to know before making changes are below.
+
+Quick reference (common commands)
+- Configure + build (preferred: CMake presets)
+	- Windows (PowerShell): `cmake --preset x64-debug`
+	- Build: `cmake --build --preset x64-debug` or `cmake --build . -j <n>` from the build dir
+- Formatting (required before commits):
+	- `cmake --build . --target format` (runs clang-format)
+- Tests:
+	- Run all tests: `ctest -j <n>` from build dir
+	- Run single test (verbose): `ctest -R <Test Name> -V`
+- Translations & i18n (release tooling):
+	- Update translation sources: `python ./release-tool.py i18n lupdate`
+
+Big-picture architecture (where to look)
+- src/core: core data model (Database, Groups, Entries). Example: `src/core/Database.h`
+- src/format: KDBX readers/writers and import/export logic.  (sensitive - avoid casual edits)
+- src/crypto: cryptographic primitives and key derivation. (sensitive - avoid casual edits)
+- src/gui: Qt UI layers, widgets, main window and app lifecycle (entry: `src/main.cpp`, `src/gui/MainWindow.cpp`)
+- src/sshagent, src/browser, src/fdosecrets, src/quickunlock: integration adapters for external systems
+- tests/ and tests/gui/: QTest-based unit and GUI tests (follow existing test patterns)
+
+Project-specific conventions & patterns
+- Language/features: C++20, heavy use of Qt signal/slot idioms and QObject-derived classes.
+- Build: use provided CMake commands to configure and build the project successfully.
+- Formatting: a CMake target (`format`) runs clang-format — run it before committing.
+- Translations: translation files are generated/updated via the release tool — run it before committing.
+- UI files: .ui changes are non-trivial; prefer proposing .ui edits rather than committing wholesale .ui changes unless very simple.
+- Sensitive areas: `src/crypto` and `src/format` contain security-sensitive logic — avoid refactors that change algorithms without expert review.
+
+Concrete examples (where to copy patterns)
+- Signal connections: see `src/keeshare/ShareObserver.cpp` (connect to Database signals like `groupAdded` / `modified`).
+- Opening/locking DBs: `src/gui/DatabaseTabWidget.*` and `src/gui/DatabaseWidget.*` show typical lifecycle and `emitActiveDatabaseChanged()`.
+- Format/validation: use `src/format/KdbxReader.cpp` and `Kdbx4Reader.cpp` for error handling patterns when reading DBs.
+
+Rules for automated agents
+- Do not change cryptographic or serialization logic unless the change is narrowly scoped and you run tests.
+- When adding features, create relevant unit tests within existing files in `tests/`.
+- Always run code formatting, translation update, and tests before submitting commits.
+- All tests related to your change must pass before committing.
+- Reference real files in PR descriptions (e.g., "changed src/core/Database.h and tests/TestDatabase.cpp").
+
+If anything above is unclear or you want more detail about a specific area (build matrix, CI, or release-tool commands), tell me which part and I will expand.
--- a/.github/pull.yml
+++ b/.github/pull.yml
@@ -0,0 +1,8 @@
+# doc: https://github.com/wei/pull#basic-setup
+# manual trigger: https://pull.git.ci/process/${fork-user}/keepassxc
+# pull from: https://github.com/keepassxreboot/keepassxc
+version: "1"
+rules:
+  - base: develop
+    upstream:  keepassxreboot:develop
+    mergeMethod: rebase
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,70 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches:
+    - 'develop'
+    - 'release/**'
+  pull_request:
+  schedule:
+    - cron: '5 16 * * 3'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'cpp' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Use only 'java' to analyze code written in Java, Kotlin or both
+        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - if: matrix.language == 'cpp'
+      name: Install dependencies
+      run: |
+        sudo apt update
+        sudo apt install build-essential cmake g++
+        sudo apt install qtbase5-dev qtbase5-private-dev qttools5-dev qttools5-dev-tools libqt5svg5-dev libargon2-dev libkeyutils-dev libminizip-dev libbotan-2-dev libqrencode-dev zlib1g-dev asciidoctor libreadline-dev libpcsclite-dev libusb-1.0-0-dev libxi-dev libxtst-dev  libqt5x11extras5-dev
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        queries: security-and-quality
+
+    - if: matrix.language == 'cpp'
+      name: Build C++
+      run: |
+        mkdir build && cd build
+        cmake -DWITH_XC_ALL=ON -DWITH_TESTS=OFF ..
+        make -j $(nproc)
+
+    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - if: matrix.language != 'cpp'
+      name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"
--- a/.gitignore
+++ b/.gitignore
@@ -21,3 +21,13 @@ desktop.ini
 /*.snap
 /*_source.tar.bz2

+# MSVC Files
+CMakeSettings.json
+CMakePresets.json
+.vs/
+out/
+\.clangd
+
+# vcpkg
+vcpkg_installed*/
+
--- a/.tx/config
+++ b/.tx/config
@@ -1,8 +1,21 @@
 [main]
-host = https://www.transifex.com
+host = https://app.transifex.com
+
+[o:keepassxc:p:keepassxc:r:share-translations-keepassxc-en-ts--develop]
+file_filter            = share/translations/keepassxc_<lang>.ts
+source_file            = share/translations/keepassxc_en.ts
+type                   = QT
+minimum_perc           = 60
+resource_name          = keepassxc_en.ts (develop)
+replace_edited_strings = false
+keep_translations      = false
+
+[o:keepassxc:p:keepassxc:r:share-translations-keepassxc-en-ts--master]
+file_filter            = share/translations/keepassxc_<lang>.ts
+source_file            = share/translations/keepassxc_en.ts
+type                   = QT
+minimum_perc           = 60
+resource_name          = keepassxc_en.ts (2.7.x stable)
+replace_edited_strings = false
+keep_translations      = false

-[keepassxc.keepassxc]
-source_file = share/translations/keepassx_en.ts
-file_filter = share/translations/keepassx_<lang>.ts
-source_lang = en
-type = QT
--- a/416
+++ b/416
@@ -1,416 +0,0 @@
-2.4.0 (2019-03-19)
-=========================
-
- New Database Wizard [#1952]
- Advanced Search [#1797]
- Automatic update checker [#2648]
- KeeShare database synchronization [#2109, #1992, #2738, #2742, #2746, #2739]
- Improve favicon fetching; transition to Duck-Duck-Go [#2795, #2011, #2439]
- Remove KeePassHttp support [#1752]
- CLI: output info to stderr for easier scripting [#2558]
- CLI: Add --quiet option [#2507]
- CLI: Add create command [#2540]
- CLI: Add recursive listing of entries [#2345]
- CLI: Fix stdin/stdout encoding on Windows [#2425]
- SSH Agent: Support OpenSSH for Windows [#1994]
- macOS: TouchID Quick Unlock [#1851]
- macOS: Multiple improvements; include CLI in DMG [#2165, #2331, #2583]
- Linux: Prevent Klipper from storing secrets in clipboard [#1969]
- Linux: Use polling based file watching for NFS [#2171]
- Linux: Enable use of browser plugin in Snap build [#2802]
- TOTP QR Code Generator [#1167]
- High-DPI Scaling for 4k screens [#2404]
- Make keyboard shortcuts more consistent [#2431]
- Warn user if deleting referenced entries [#1744]
- Allow toolbar to be hidden and repositioned [#1819, #2357]
- Increase max allowed database timeout to 12 hours [#2173]
- Password generator uses existing password length by default [#2318]
- Improve alert message box button labels [#2376]
- Show message when a database merge makes no changes [#2551]
- Browser Integration Enhancements [#1497, #2253, #1904, #2232, #1850, #2218, #2391, #2396, #2542, #2622, #2637, #2790]
- Overall Code Improvements [#2316, #2284, #2351, #2402, #2410, #2419, #2422, #2443, #2491, #2506, #2610, #2667, #2709, #2731]
-
-2.3.4 (2018-08-21)
-=========================
-
- Show all URL schemes in entry view [#1768]
- Disable merge when database is locked [#1975]
- Fix intermittent crashes with favorite icon downloads [#1980]
- Provide potential crash warning to Qt 5.5.x users [#2211]
- Disable apply button when creating new entry/group to prevent data loss [#2204]
- Allow for 12 hour timeout to lock idle database [#2173]
- Multiple SSH Agent fixes [#1981, #2117]
- Multiple Browser Integration enhancements [#1993, #2003, #2055, #2116, #2159, #2174, #2185]
- Fix browser proxy application not closing properly [#2142]
- Add real names and Patreon supporters to about dialog [#2214]
- Add settings button to toolbar, Donate button, and Report a Bug button to help menu [#2214]
- Enhancements to release-tool to appsign intermediate build products [#2101]
-
-
-2.3.3 (2018-05-09)
-=========================
-
- Fix crash when browser integration is enabled [#1923]
-
-2.3.2 (2018-05-07)
-=========================
-
- Enable high entropy ASLR on Windows [#1747]
- Enhance favicon fetching [#1786]
- Fix crash on Windows due to autotype [#1691]
- Fix dark tray icon changing all icons [#1680]
- Fix --pw-stdin not using getPassword function [#1686]
- Fix placeholders being resolved in notes [#1907]
- Enable auto-type start delay to be configurable [#1908]
- Browser: Fix native messaging reply size [#1719]
- Browser: Increase maximum buffer size [#1720]
- Browser: Enhance usability and functionality [#1810, #1822, #1830, #1884, #1906]
- SSH Agent: Parse aes-256-cbc/ctr keys [#1682]
- SSH Agent: Enhance usability and functionality [#1677, #1679, #1681, #1787]
-
-2.3.1 (2018-03-06)
-=========================
-
- Fix unnecessary automatic upgrade to KDBX 4.0 and prevent challenge-response key being stripped [#1568]
- Abort saving and show an error message when challenge-response fails [#1659]
- Support inner stream protection on all string attributes [#1646]
- Fix favicon downloads not finishing on some websites [#1657]
- Fix freeze due to invalid STDIN data [#1628]
- Correct issue with encrypted RSA SSH keys [#1587]
- Fix crash on macOS due to QTBUG-54832 [#1607]
- Show error message if ssh-agent communication fails [#1614]
- Fix --pw-stdin and filename parameters being ignored [#1608]
- Fix Auto-Type syntax check not allowing spaces and special characters [#1626]
- Fix reference placeholders in combination with Auto-Type [#1649]
- Fix qtbase translations not being loaded [#1611]
- Fix startup crash on Windows due to missing SVG libraries [#1662]
- Correct database tab order regression [#1610]
- Fix GCC 8 compilation error [#1612]
- Fix copying of advanced attributes on KDE [#1640]
- Fix member initialization of CategoryListWidgetDelegate [#1613]
- Fix inconsistent toolbar icon sizes and provide higher-quality icons [#1616]
- Improve preview panel geometry [#1609]
-
-2.3.0 (2018-02-27)
-=========================
-
- Add support for KDBX 4.0, Argon2 and ChaCha20 [#148, #1179, #1230, #1494]
- Add SSH Agent feature [#1098, #1450, #1463]
- Add preview panel with details of the selected entry [#879, #1338]
- Add more and configurable columns to entry table and allow copying of values by double click [#1305]
- Add KeePassXC-Browser API as a replacement for KeePassHTTP [#608]
- Deprecate KeePassHTTP [#1392]
- Add support for Steam one-time passwords [#1206]
- Add support for multiple Auto-Type sequences for a single entry [#1390]
- Adjust YubiKey HMAC-SHA1 challenge-response key generation for KDBX 4.0 [#1060]
- Replace qHttp with cURL for website icon downloads [#1460]
- Remove lock file [#1231]
- Add option to create backup file before saving [#1385]
- Ask to save a generated password before closing the entry password generator [#1499]
- Resolve placeholders recursively [#1078]
- Add Auto-Type button to the toolbar [#1056]
- Improve window focus handling for Auto-Type dialogs [#1204, #1490]
- Auto-Type dialog and password generator can now be exited with ESC [#1252, #1412]
- Add optional dark tray icon [#1154]
- Add new "Unsafe saving" option to work around saving problems with file sync services [#1385]
- Add IBus support to AppImage and additional image formats to Windows builds [#1534, #1537]
- Add diceware password generator to CLI [#1406]
- Add --key-file option to CLI [#816, #824]
- Add DBus interface for opening and closing KeePassXC databases [#283]
- Add KDBX compression options to database settings [#1419]
- Discourage use of old fixed-length key files in favor of arbitrary files [#1326, #1327]
- Correct reference resolution in entry fields [#1486]
- Fix window state and recent databases not being remembered on exit [#1453]
- Correct history item generation when configuring TOTP for an entry [#1446]
- Correct multiple TOTP bugs [#1414]
- Automatic saving after every change is now a default [#279]
- Allow creation of new entries during search [#1398]
- Correct menu issues on macOS [#1335]
- Allow compilation on OpenBSD [#1328]
- Improve entry attachments view [#1139, #1298]
- Fix auto lock for Gnome and Xfce [#910, #1249]
- Don't remember key files in file dialogs when the setting is disabled [#1188]
- Improve database merging and conflict resolution [#807, #1165]
- Fix macOS pasteboard issues [#1202]
- Improve startup times on some platforms [#1205]
- Hide the notes field by default [#1124]
- Toggle main window by clicking tray icon with the middle mouse button [#992]
- Fix custom icons not copied over when databases are merged [#1008]
- Allow use of DEL key to delete entries [#914]
- Correct intermittent crash due to stale history items [#1527]
- Sanitize newline characters in title, username and URL fields [#1502]
- Reopen previously opened databases in correct order [#774]
- Use system's zxcvbn library if available [#701]
- Implement various i18n improvements [#690, #875, #1436]
-
-2.2.4 (2017-12-13)
-=========================
-
- Prevent database corruption when locked [#1219]
- Fixes apply button not saving new entries [#1141]
- Switch to Consolas font on Windows for password edit [#1229]
- Multiple fixes to AppImage deployment [#1115, #1228]
- Fixes multiple memory leaks [#1213]
- Resize message close to 16x16 pixels [#1253]
-
-2.2.2 (2017-10-22)
-=========================
-
- Fixed entries with empty URLs being reported to KeePassHTTP clients [#1031]
- Fixed YubiKey detection and enabled CLI tool for AppImage binary [#1100]
- Added AppStream description [#1082]
- Improved TOTP compatibility and added new Base32 implementation [#1069]
- Fixed error handling when processing invalid cipher stream [#1099]
- Fixed double warning display when opening a database [#1037]
- Fixed unlocking databases with --pw-stdin [#1087]
- Added ability to override QT_PLUGIN_PATH environment variable for AppImages [#1079]
- Fixed transform seed not being regenerated when saving the database [#1068]
- Fixed only one YubiKey slot being polled [#1048]
- Corrected an issue with entry icons while merging [#1008]
- Corrected desktop and tray icons in Snap package [#1030]
- Fixed screen lock and Google fallback settings [#1029]
-
-2.2.1 (2017-10-01)
-=========================
-
- Corrected multiple snap issues [#934, #1011]
- Corrected multiple custom icon issues [#708, #719, #994]
- Corrected multiple Yubikey issues [#880]
- Fixed single instance preventing load on occasion [#997]
- Keep entry history when merging databases [#970]
- Prevent data loss if passwords were mismatched [#1007]
- Fixed crash after merge [#941]
- Added configurable auto-type default delay [#703]
- Unlock database dialog window comes to front [#663]
- Translation and compiling fixes
-
-2.2.0 (2017-06-23)
-=========================
-
- Added YubiKey 2FA integration for unlocking databases [#127]
- Added TOTP support [#519]
- Added CSV import tool [#146, #490]
- Added KeePassXC CLI tool [#254]
- Added diceware password generator [#373]
- Added support for entry references [#370, #378]
- Added support for Twofish encryption [#167]
- Enabled DEP and ASLR for in-memory protection [#371]
- Enabled single instance mode [#510]
- Enabled portable mode [#645]
- Enabled database lock on screensaver and session lock [#545]
- Redesigned welcome screen with common features and recent databases [#292]
- Multiple updates to search behavior [#168, #213, #374, #471, #603, #654]
- Added auto-type fields {CLEARFIELD}, {SPACE}, {{}, {}} [#267, #427, #480]
- Fixed auto-type errors on Linux [#550]
- Prompt user prior to executing a cmd:// URL [#235]
- Entry attributes can be protected (hidden) [#220]
- Added extended ascii to password generator [#538]
- Added new database icon to toolbar [#289]
- Added context menu entry to empty recycle bin in databases [#520]
- Added "apply" button to entry and group edit windows [#624]
- Added macOS tray icon and enabled minimize on close [#583]
- Fixed issues with unclean shutdowns [#170, #580]
- Changed keyboard shortcut to create new database to CTRL+SHIFT+N [#515]
- Compare window title to entry URLs [#556]
- Implemented inline error messages [#162]
- Ignore group expansion and other minor changes when making database "dirty" [#464]
- Updated license and copyright information on souce files [#632]
- Added contributors list to about dialog [#629]
-
-2.1.4 (2017-04-09)
-=========================
-
- Bumped KeePassHTTP version to 1.8.4.2
- KeePassHTTP confirmation window comes to foreground [#466]
-
-2.1.3 (2017-03-03)
-=========================
-
- Fix possible overflow in zxcvbn library [#363]
- Revert HiDPI setting to avoid problems on laptop screens [#332]
- Set file meta properties in Windows executable [#330]
- Suppress error message when auto-reloading a locked database [#345]
- Improve usability of question dialog when database is already locked by a different instance [#346]
- Fix compiler warnings in QHttp library [#351]
- Use unified toolbar on Mac OS X [#361]
- Fix an issue on X11 where the main window would be raised instead of closed on Alt+F4 [#362]
-
-2.1.2 (2017-02-17)
-=========================
-
- Ask for save location when creating a new database [#302]
- Remove Libmicrohttpd dependency to clean up the code and ensure better OS X compatibility [#317, #265]
- Prevent Qt from degrading Wifi network performance on certain platforms [#318]
- Visually refine user interface on OS X and other platforms [#299]
- Remove unusable tray icon setting on OS X [#293]
- Fix compositing glitches on Ubuntu and prevent flashing when minimizing to the tray at startup [#307]
- Fix AppImage tray icon on Ubuntu [#277, #273]
- Fix global menu disappearing after restoring KeePassXC from the tray on Ubuntu [#276]
- Fix result order in entry search [#320]
- Enable HiDPI scaling on supported platforms [#315]
- Remove empty directories from installation target [#282]
-
-2.1.1 (2017-02-06)
-=========================
-
- Enabled HTTP plugin build; plugin is disabled by default and limited to localhost [#147]
- Escape HTML in dialog boxes [#247]
- Corrected crashes in favicon download and password generator [#233, #226]
- Increase font size of password meter [#228]
- Fixed compatibility with Qt 5.8 [#211]
- Use consistent button heights in password generator [#229]
-
-2.1.0 (2017-01-22)
-=========================
-
- Show unlock dialog when using autotype on a closed database [#10, #89]
- Show different tray icon when database is locked [#37, #46]
- Support autotype on Windows and OS X [#42, #60, #63]
- Add delay feature to autotype [#76, #77]
- Add password strength meter [#84, #92]
- Add option for automatically locking the database when minimizing
-  the window [#57]
- Add feature to download favicons and use them as entry icons [#30]
- Automatically reload and merge database when the file changed on
-  disk [#22, #33, #93]
- Add tool for merging two databases [#22, #47, #143]
- Add --pw-stdin commandline option to unlock the database by providing
-  a password on STDIN [#54]
- Add utility script for reading the database password from KWallet [#55]
- Fix some KeePassHTTP settings not being remembered [#34, #65]
- Make search box persistent [#15, #67, #157]
- Enhance search feature by scoping the search to selected group [#16, #118]
- Improve interaction between search field and entry list [#131, #141]
- Add stand-alone password-generator [#18, #92]
- Don't require password repetition when password is visible [#27, #92]
- Add support for entry attributes in autotype sequences [#107]
- Always focus password field when opening the database unlock widget [#116, #117]
- Fix compilation errors on various platforms [#53, #126, #130]
- Restructure and improve kdbx-extract utility [#160]
-
-2.0.3 (2016-09-04)
-=========================
-
- Improved error reporting when reading / writing databases fails. [#450, #462]
- Display an error message when opening a custom icon fails.
- Detect custom icon format based on contents instead of the filename. [#512]
- Keep symlink intact when saving databases. [#442].
- Fix a crash when deleting parent group of recycle bin. [#520]
- Display a confirm dialog before moving an entry to the recycle bin. [#447]
- Repair UUIDs of inconsistent history items. [#130]
- Only include top-level windows in auto-type window list when using gnome-shell.
- Update translations.
-
-2.0.2 (2016-02-02)
-=========================
-
- Fix regression in database writer that caused it to strip certain special
-  characters (characters from Unicode plane > 0).
- Fix bug in repair function that caused it to strip non-ASCII characters.
-
-2.0.1 (2016-01-31)
-=========================
-
- Flush temporary file before opening attachment. [#390]
- Disable password generator when showing entry in history mode. [#422]
- Strip invalid XML chars when writing databases. [#392]
- Add repair function to fix databases with invalid XML chars. [#392]
- Display custom icons scaled. [#322]
- Allow opening databases that have no password and keyfile. [#391]
- Fix crash when importing .kdb files with invalid icon ids. [#425]
- Update translations.
-
-2.0 (2015-12-06)
-=========================
-
- Improve UI of the search edit.
- Clear clipboard when locking databases. [#342]
- Enable Ctrl+M shortcut to minimize the window on all platforms. [#329]
- Show a better message when trying to open an old database format. [#338]
- Fix global auto-type behavior with some window managers.
- Show global auto-type window on the active desktop. [#359]
- Disable systray on OS X. [#326]
- Restore main window when clicking on the OS X docker icon. [#326]
-
-2.0 Beta 2 (2015-09-06)
-=========================
-
- Fix crash when locking with search UI open [#309]
- Fix file locking on Mac OS X [#327]
- Set default extension when saving a database [#79, #308]
-
-2.0 Beta 1 (2015-07-18)
-=========================
-
- Remember entry column sizes [#159]
- Add translations
- Support opening attachments directly
- Support cmd:// URLs [#244]
- Protect opened databases with a file lock [#18]
- Export to csv files [#57]
- Add optional tray icon [#153]
- Allow setting the default auto-type sequence for groups [#175]
- Make the kdbx parser more lenient
- Remove --password command line option [#285]
-
-2.0 Alpha 6 (2014-04-12)
-=========================
-
- Add option to lock databases after user inactivity [#62]
- Add compatibility with libgcrypt 1.6 [#129]
- Display passwords in monospace font [#51]
- Use an icon for the button that shows/masks passwords [#38]
- Add an option to show passwords by default [#93]
- Improve password generator design [#122]
- On Linux link .kdbx files with KeePassX
- Remember window size [#154]
- Disallow global auto-typing when the database is locked
-
-2.0 Alpha 5 (2013-12-20)
-=========================
-
- Support copying entries and groups using drag'n'drop [#74]
- Open last used databases on startup [#36]
- Made the kdbx file parser more robust
- Only edit entries on doubleclick (not single) or with enter key
- Allow removing multiple entries
- Added option to minimize window when copying data to clipboard
- Save password generator settings
- Fixed auto-type producing wrong chars in some keyboard configurations [#116]
- Added some more actions to the toolbar
-
-2.0 Alpha 4 (2013-03-29)
-=========================
-
- Add random password generator [#52]
- Merge the 'Description' tab into the 'Entry' tab [#59]
- Fix crash when deleting history items [#56]
- Fix crash on Mac OS X Mountain Lion during startup [#50]
- Improved KeePassX application icon [#58]
-
-2.0 Alpha 3 (2012-10-27)
-=========================
-
- Auto-Type on Linux / X11
- Database locking
- Fix database corruption when changing key transformation rounds [#34]
- Verify header data of kdbx files
- Add menu entry to open URLs in the browser
- Add menu entry to copy an entry attribute to clipboard
-
-2.0 Alpha 2 (2012-07-02)
-=========================
-
- Import kdb (KeePass 1) files [#2]
- Display history items [#23]
- Implement history item limits [#16]
- Group and entry icons can be set [#22]
- Add keyboard shortcuts
- Search in databases [#24]
- Sortable entry view
- Support building Mac OS X bundles
-
-2.0 Alpha 1 (2012-05-07)
-=========================
-
- First release.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -14,20 +14,27 @@
 #  You should have received a copy of the GNU General Public License
 #  along with this program.  If not, see <http://www.gnu.org/licenses/>.

-cmake_minimum_required(VERSION 3.1.0)
+cmake_minimum_required(VERSION 3.10.0)

 project(KeePassXC)
+set(APP_ID "org.keepassxc.${PROJECT_NAME}")

 if(NOT CMAKE_BUILD_TYPE)
    set(CMAKE_BUILD_TYPE "RelWithDebInfo" CACHE STRING
-            "Choose the type of build, options are: None Debug Release RelWithDebInfo Debug DebugFull Profile MinSizeRel."
+            "Choose the type of build, options are: Debug Release RelWithDebInfo Profile"
            FORCE)
 endif()
+string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER)
+if(CMAKE_BUILD_TYPE_LOWER STREQUAL "debug" OR CMAKE_BUILD_TYPE_LOWER STREQUAL "relwithdebinfo")
+    set(IS_DEBUG_BUILD TRUE)
+endif()

 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_SOURCE_DIR}/cmake)

 # Support Visual Studio Code
 include(CMakeToolsHelpers OPTIONAL)
+include(FeatureSummary)
+include(KPXCMacDeployHelpers)

 include(CheckCCompilerFlag)
 include(CheckCXXCompilerFlag)
@@ -39,47 +46,91 @@ option(WITH_DEV_BUILD "Use only for development. Disables/warns about deprecated
 option(WITH_ASAN "Enable address sanitizer checks (Linux / macOS only)" OFF)
 option(WITH_COVERAGE "Use to build with coverage tests (GCC only)." OFF)
 option(WITH_APP_BUNDLE "Enable Application Bundle for macOS" ON)
+option(WITH_CCACHE "Use ccache for build" OFF)

-set(WITH_XC_ALL OFF CACHE BOOLEAN "Build in all available plugins")
+set(WITH_XC_ALL OFF CACHE BOOL "Build in all available plugins")

 option(WITH_XC_AUTOTYPE "Include Auto-Type." ON)
-option(WITH_XC_NETWORKING "Include networking code (e.g. for downlading website icons)." OFF)
+option(WITH_XC_NETWORKING "Include networking code (e.g. for downloading website icons)." OFF)
 option(WITH_XC_BROWSER "Include browser integration with keepassxc-browser." OFF)
+option(WITH_XC_BROWSER_PASSKEYS "Passkeys support for browser integration." OFF)
 option(WITH_XC_YUBIKEY "Include YubiKey support." OFF)
 option(WITH_XC_SSHAGENT "Include SSH agent support." OFF)
 option(WITH_XC_KEESHARE "Sharing integration with KeeShare" OFF)
-option(WITH_XC_KEESHARE_SECURE "Sharing integration with secured KeeShare containers" OFF)
-if(APPLE)
-    option(WITH_XC_TOUCHID "Include TouchID support for macOS." OFF)
+option(WITH_XC_UPDATECHECK "Include automatic update checks; disable for controlled distributions" ON)
+if(UNIX AND NOT APPLE)
+    option(WITH_XC_FDOSECRETS "Implement freedesktop.org Secret Storage Spec server side API." OFF)
+    set(WITH_XC_X11 ON CACHE BOOL "Enable building with X11 deps")
 endif()
-
-if(WITH_XC_ALL)
-    # Enable all options
-    set(WITH_XC_AUTOTYPE ON)
-    set(WITH_XC_NETWORKING ON)
-    set(WITH_XC_BROWSER ON)
-    set(WITH_XC_YUBIKEY ON)
-    set(WITH_XC_SSHAGENT ON)
-    set(WITH_XC_KEESHARE ON)
-    if(APPLE)
-        set(WITH_XC_TOUCHID ON)
+option(WITH_XC_DOCS "Enable building of documentation" ON)
+if(WIN32 OR APPLE)
+    set(WITH_XC_CODESIGN_IDENTITY "" CACHE STRING "Certificate to be used for signing binaries before packaging.")
+    if(WIN32)
+        set(WITH_XC_CODESIGN_TIMESTAMP_URL "http://timestamp.sectigo.com" CACHE STRING "Timestamp URL for Windows code signing.")
+    elseif(APPLE)
+        set(WITH_XC_NOTARY_KEYCHAIN_PROFILE "" CACHE STRING "Keychain profile name for stored Apple notarization credentials.")
    endif()
 endif()

-if(WITH_XC_KEESHARE_SECURE)
-    set(WITH_XC_KEESHARE ON)
+if(APPLE)
+    # Perform the platform checks before applying the stricter compiler flags.
+    # Otherwise the kSecAccessControlTouchIDCurrentSet deprecation warning will result in an error.
+    try_compile(XC_APPLE_COMPILER_SUPPORT_BIOMETRY
+       ${CMAKE_CURRENT_BINARY_DIR}/tiometry_test/
+       ${CMAKE_CURRENT_SOURCE_DIR}/cmake/compiler-checks/macos/control_biometry_support.mm)
+    message(STATUS "Biometry compiler support: ${XC_APPLE_COMPILER_SUPPORT_BIOMETRY}")
+
+    try_compile(XC_APPLE_COMPILER_SUPPORT_TOUCH_ID
+       ${CMAKE_CURRENT_BINARY_DIR}/touch_id_test/
+       ${CMAKE_CURRENT_SOURCE_DIR}/cmake/compiler-checks/macos/control_touch_id_support.mm)
+    message(STATUS "Touch ID compiler support: ${XC_APPLE_COMPILER_SUPPORT_TOUCH_ID}")
+
+    try_compile(XC_APPLE_COMPILER_SUPPORT_WATCH
+       ${CMAKE_CURRENT_BINARY_DIR}/tiometry_test/
+       ${CMAKE_CURRENT_SOURCE_DIR}/cmake/compiler-checks/macos/control_watch_support.mm)
+    message(STATUS "Apple watch compiler support: ${XC_APPLE_COMPILER_SUPPORT_WATCH}")
 endif()

-if(WITH_XC_SSHAGENT OR WITH_XC_KEESHARE)
-  set(WITH_XC_CRYPTO_SSH ON)
-else()
-  set(WITH_XC_CRYPTO_SSH OFF)
+if(WITH_CCACHE)
+    # Use the Compiler Cache (ccache) program
+    # (install with: sudo apt get ccache)
+    find_program(CCACHE_FOUND ccache)
+    if(NOT CCACHE_FOUND)
+        message(FATAL_ERROR "ccache requested but cannot be found.")
+    endif()
+    set_property(GLOBAL PROPERTY RULE_LAUNCH_COMPILE ${CCACHE_FOUND})
+endif()
+
+if(WITH_XC_ALL)
+    # Enable all options (except update check and docs)
+    set(WITH_XC_AUTOTYPE ON)
+    set(WITH_XC_NETWORKING ON)
+    set(WITH_XC_BROWSER ON)
+    set(WITH_XC_BROWSER_PASSKEYS ON)
+    set(WITH_XC_YUBIKEY ON)
+    set(WITH_XC_SSHAGENT ON)
+    set(WITH_XC_KEESHARE ON)
+    if(UNIX AND NOT APPLE)
+        set(WITH_XC_FDOSECRETS ON)
+    endif()
+endif()
+
+# Prefer WITH_XC_NETWORKING setting over WITH_XC_UPDATECHECK
+if(NOT WITH_XC_NETWORKING AND WITH_XC_UPDATECHECK)
+    message(STATUS "Disabling WITH_XC_UPDATECHECK because WITH_XC_NETWORKING is disabled")
+    set(WITH_XC_UPDATECHECK OFF)
+endif()
+
+if(UNIX AND NOT APPLE AND NOT WITH_XC_X11)
+    message(STATUS "Disabling WITH_XC_AUTOTYPE because WITH_XC_X11 is disabled")
+    set(WITH_XC_AUTOTYPE OFF)
 endif()

 set(KEEPASSXC_VERSION_MAJOR "2")
-set(KEEPASSXC_VERSION_MINOR "4")
-set(KEEPASSXC_VERSION_PATCH "0")
+set(KEEPASSXC_VERSION_MINOR "7")
+set(KEEPASSXC_VERSION_PATCH "11")
 set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION_MAJOR}.${KEEPASSXC_VERSION_MINOR}.${KEEPASSXC_VERSION_PATCH}")
+set(OVERRIDE_VERSION "" CACHE STRING "Override the KeePassXC Version for Snapshot builds")

 set(KEEPASSXC_BUILD_TYPE "Snapshot" CACHE STRING "Set KeePassXC build type to distinguish between stable releases and snapshots")
 set_property(CACHE KEEPASSXC_BUILD_TYPE PROPERTY STRINGS Snapshot Release PreRelease)
@@ -91,8 +142,10 @@ execute_process(COMMAND git rev-parse --short=7 HEAD
        OUTPUT_VARIABLE GIT_HEAD
        ERROR_QUIET)
 string(STRIP "${GIT_HEAD}" GIT_HEAD)
-if(GIT_HEAD STREQUAL "")
+if(GIT_HEAD STREQUAL "" AND NOT GIT_HEAD_OVERRIDE STREQUAL "")
    string(SUBSTRING "${GIT_HEAD_OVERRIDE}" 0 7 GIT_HEAD)
+elseif(EXISTS ${CMAKE_SOURCE_DIR}/.gitrev)
+    file(READ ${CMAKE_SOURCE_DIR}/.gitrev GIT_HEAD)
 endif()
 message(STATUS "Found Git HEAD Revision: ${GIT_HEAD}\n")

@@ -101,7 +154,8 @@ execute_process(COMMAND git tag --points-at HEAD
        WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
        OUTPUT_VARIABLE GIT_TAG
        ERROR_QUIET)
-if(GIT_TAG)
+string(REGEX REPLACE "latest" "" GIT_TAG "${GIT_TAG}")
+if(GIT_TAG MATCHES "[0-9]+\.[0-9]+\.[0-9]+")
    string(STRIP "${GIT_TAG}" GIT_TAG)
    set(OVERRIDE_VERSION ${GIT_TAG})
 elseif(EXISTS ${CMAKE_SOURCE_DIR}/.version)
@@ -110,19 +164,22 @@ endif()

 string(REGEX REPLACE "(\r?\n)+" "" OVERRIDE_VERSION "${OVERRIDE_VERSION}")
 if(OVERRIDE_VERSION)
-    if(OVERRIDE_VERSION MATCHES "^[\\.0-9]+-(alpha|beta)[0-9]+$")
-        set(KEEPASSXC_BUILD_TYPE PreRelease)
+    if(OVERRIDE_VERSION MATCHES "^[\\.0-9]+-beta[0-9]*")
+        set(KEEPASSXC_BUILD_TYPE "PreRelease")
        set(KEEPASSXC_VERSION ${OVERRIDE_VERSION})
    elseif(OVERRIDE_VERSION MATCHES "^[\\.0-9]+$")
-        set(KEEPASSXC_BUILD_TYPE Release)
+        set(KEEPASSXC_BUILD_TYPE "Release")
+        set(KEEPASSXC_VERSION ${OVERRIDE_VERSION})
+    else()
+        set(KEEPASSXC_BUILD_TYPE "Snapshot")
        set(KEEPASSXC_VERSION ${OVERRIDE_VERSION})
    endif()
-endif()
-
-if(KEEPASSXC_BUILD_TYPE STREQUAL "PreRelease" AND NOT OVERRIDE_VERSION)
-    set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION}-preview")
-elseif(KEEPASSXC_BUILD_TYPE STREQUAL "Snapshot")
-    set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION}-snapshot")
+else()
+    if(KEEPASSXC_BUILD_TYPE STREQUAL "PreRelease")
+        set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION}-preview")
+    elseif(KEEPASSXC_BUILD_TYPE STREQUAL "Snapshot")
+        set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION}-snapshot")
+    endif()
 endif()

 if(KEEPASSXC_BUILD_TYPE STREQUAL "Release")
@@ -138,25 +195,57 @@ message(STATUS "Setting up build for KeePassXC v${KEEPASSXC_VERSION}\n")
 # Distribution info
 set(KEEPASSXC_DIST ON)
 set(KEEPASSXC_DIST_TYPE "Other" CACHE STRING "KeePassXC Distribution Type")
-set_property(CACHE KEEPASSXC_DIST_TYPE PROPERTY STRINGS Snap AppImage Other)
+set_property(CACHE KEEPASSXC_DIST_TYPE PROPERTY STRINGS Snap AppImage Flatpak Other)
 if(KEEPASSXC_DIST_TYPE STREQUAL "Snap")
    set(KEEPASSXC_DIST_SNAP ON)
 elseif(KEEPASSXC_DIST_TYPE STREQUAL "AppImage")
    set(KEEPASSXC_DIST_APPIMAGE ON)
+elseif(KEEPASSXC_DIST_TYPE STREQUAL "Flatpak")
+    set(KEEPASSXC_DIST_FLATPAK ON)
 elseif(KEEPASSXC_DIST_TYPE STREQUAL "Other")
    unset(KEEPASSXC_DIST)
 endif()

+if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.14.0")
+    cmake_policy(SET CMP0083 NEW)
+    include(CheckPIESupported)
+    check_pie_supported()
+endif()
+
+# Find Botan early since the version affects subsequent compiler options
+find_package(Botan REQUIRED)
+if(BOTAN_VERSION VERSION_GREATER_EQUAL "3.0.0")
+    set(WITH_XC_BOTAN3 TRUE)
+elseif(BOTAN_VERSION VERSION_LESS "2.11.0")
+    # Check for minimum Botan version
+    message(FATAL_ERROR "Botan 2.11.0 or higher is required")   
+endif()
+include_directories(SYSTEM ${BOTAN_INCLUDE_DIR})
+
+# Create position independent code for shared libraries and executables
+set(CMAKE_POSITION_INDEPENDENT_CODE ON)
+
 if("${CMAKE_SIZEOF_VOID_P}" EQUAL "4")
    set(IS_32BIT TRUE)
 endif()

-if("${CMAKE_C_COMPILER}" MATCHES "clang$" OR "${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
-    set(CMAKE_COMPILER_IS_CLANG 1)
-endif()
+if("${CMAKE_CXX_COMPILER}" MATCHES "clang-cl(.exe)?$")
+    # clang-cl uses MSVC compiler flags
+    set(MSVC 1)
+    set(CMAKE_COMPILER_IS_CLANG_MSVC 1)
+else()
+    set(CLANG_COMPILER_ID_REGEX "^(Apple)?[Cc]lang$")
+    if("${CMAKE_C_COMPILER}" MATCHES "clang$"
+            OR "${CMAKE_EXTRA_GENERATOR_C_SYSTEM_DEFINED_MACROS}" MATCHES "__clang__"
+            OR "${CMAKE_C_COMPILER_ID}" MATCHES ${CLANG_COMPILER_ID_REGEX})
+        set(CMAKE_COMPILER_IS_CLANG 1)
+    endif()

-if("${CMAKE_CXX_COMPILER}" MATCHES "clang(\\+\\+)?$" OR "${CMAKE_CXX_COMPILER_ID}" STREQUAL "Clang")
-    set(CMAKE_COMPILER_IS_CLANGXX 1)
+    if("${CMAKE_CXX_COMPILER}" MATCHES "clang(\\+\\+)?$"
+            OR "${CMAKE_EXTRA_GENERATOR_CXX_SYSTEM_DEFINED_MACROS}" MATCHES "__clang__"
+            OR "${CMAKE_CXX_COMPILER_ID}" MATCHES ${CLANG_COMPILER_ID_REGEX})
+        set(CMAKE_COMPILER_IS_CLANGXX 1)
+    endif()
 endif()

 macro(add_gcc_compiler_cxxflags FLAGS)
@@ -176,29 +265,78 @@ macro(add_gcc_compiler_flags FLAGS)
    add_gcc_compiler_cflags("${FLAGS}")
 endmacro(add_gcc_compiler_flags)

+# Copies of above macros that first ensure the compiler understands a given flag
+# Because check_*_compiler_flag() sets -D with name, need to provide "safe" FLAGNAME
+macro(check_add_gcc_compiler_cxxflag FLAG FLAGNAME)
+    check_cxx_compiler_flag("${FLAG}" CXX_HAS${FLAGNAME})
+    if(CXX_HAS${FLAGNAME})
+        add_gcc_compiler_cxxflags("${FLAG}")
+    endif()
+endmacro(check_add_gcc_compiler_cxxflag)
+
+macro(check_add_gcc_compiler_cflag FLAG FLAGNAME)
+    check_c_compiler_flag("${FLAG}" CC_HAS${FLAGNAME})
+    if(CC_HAS${FLAGNAME})
+        add_gcc_compiler_cflags("${FLAG}")
+    endif()
+endmacro(check_add_gcc_compiler_cflag)
+
+# This is the "front-end" for the above macros
+# Optionally takes additional parameter(s) with language to check (currently "C" or "CXX")
+macro(check_add_gcc_compiler_flag FLAG)
+    string(REGEX REPLACE "[-=]" "_" FLAGNAME "${FLAG}")
+    set(check_lang_spec ${ARGN})
+    list(LENGTH check_lang_spec num_extra_args)
+    set(langs C CXX)
+    if(num_extra_args GREATER 0)
+        set(langs "${check_lang_spec}")
+    endif()
+    if("C" IN_LIST langs)
+        check_add_gcc_compiler_cflag("${FLAG}" "${FLAGNAME}")
+    endif()
+    if("CXX" IN_LIST langs)
+        check_add_gcc_compiler_cxxflag("${FLAG}" "${FLAGNAME}")
+    endif()
+endmacro(check_add_gcc_compiler_flag)
+
 add_definitions(-DQT_NO_EXCEPTIONS -DQT_STRICT_ITERATORS -DQT_NO_CAST_TO_ASCII)
+if(NOT IS_DEBUG_BUILD)
+    add_definitions(-DQT_NO_DEBUG_OUTPUT)
+endif()

 if(WITH_APP_BUNDLE)
    add_definitions(-DWITH_APP_BUNDLE)
 endif()

 add_gcc_compiler_flags("-fno-common")
+find_package(OpenMP)
+if(OpenMP_FOUND)
+    add_gcc_compiler_cflags(${OpenMP_C_FLAGS})
+    add_gcc_compiler_cxxflags(${OpenMP_CXX_FLAGS})
+endif()
 add_gcc_compiler_flags("-Wall -Wextra -Wundef -Wpointer-arith -Wno-long-long")
 add_gcc_compiler_flags("-Wformat=2 -Wmissing-format-attribute")
 add_gcc_compiler_flags("-fvisibility=hidden")
 add_gcc_compiler_cxxflags("-fvisibility-inlines-hidden")

-if(CMAKE_BUILD_TYPE STREQUAL "Debug")
+if(CMAKE_BUILD_TYPE_LOWER STREQUAL "debug")
+    check_add_gcc_compiler_flag("-Wshadow-compatible-local")
+    check_add_gcc_compiler_flag("-Wshadow-local")
    add_gcc_compiler_flags("-Werror")
+    # This is needed since compiling aginst Botan3 requires compiling against C++20
+    if(WITH_XC_BOTAN3)
+        add_gcc_compiler_cxxflags("-Wno-error=deprecated-enum-enum-conversion -Wno-error=deprecated")
+    endif()
 endif()

-if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.8.999) OR CMAKE_COMPILER_IS_CLANGXX)
-    add_gcc_compiler_flags("-fstack-protector-strong")
-else()
-    add_gcc_compiler_flags("-fstack-protector --param=ssp-buffer-size=4")
+if (NOT HAIKU)
+    if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.8.999) OR CMAKE_COMPILER_IS_CLANGXX)
+        add_gcc_compiler_flags("-fstack-protector-strong")
+    else()
+        add_gcc_compiler_flags("-fstack-protector --param=ssp-buffer-size=4")
+    endif()
 endif()

-add_gcc_compiler_cxxflags("-fno-exceptions -fno-rtti")
 add_gcc_compiler_cxxflags("-Wnon-virtual-dtor -Wold-style-cast -Woverloaded-virtual")
 add_gcc_compiler_cflags("-Wchar-subscripts -Wwrite-strings")

@@ -217,83 +355,117 @@ if(WITH_ASAN)

 endif()

-string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER)
 if(CMAKE_BUILD_TYPE_LOWER MATCHES "(release|relwithdebinfo|minsizerel)")
    add_gcc_compiler_flags("-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2")
 endif()

-check_c_compiler_flag("-Werror=format-security -Werror=implicit-function-declaration" WERROR_C_AVAILABLE)
-check_cxx_compiler_flag("-Werror=format-security" WERROR_CXX_AVAILABLE)
-if(WERROR_C_AVAILABLE AND WERROR_CXX_AVAILABLE)
-    add_gcc_compiler_flags("-Werror=format-security")
-    add_gcc_compiler_cflags("-Werror=implicit-function-declaration")
-endif()
+check_add_gcc_compiler_flag("-Werror=format-security")
+check_add_gcc_compiler_flag("-Werror=implicit-function-declaration" C)
+check_add_gcc_compiler_flag("-Wcast-align")

-if(CMAKE_COMPILER_IS_GNUCXX)
-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wcast-align")
-endif()
-
-if(CMAKE_COMPILER_IS_GNUCC)
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wcast-align")
-endif()
-
-if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
-    if(CMAKE_COMPILER_IS_CLANGXX)
-        add_gcc_compiler_flags("-Qunused-arguments")
-    endif()
-    add_gcc_compiler_flags("-pie -fPIE")
-    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--no-add-needed -Wl,--as-needed -Wl,--no-undefined")
-    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro,-z,now")
-    set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--no-add-needed -Wl,--as-needed")
+if(UNIX AND NOT APPLE)
+    check_add_gcc_compiler_flag("-Qunused-arguments")
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--as-needed -Wl,--no-undefined")
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro,-z,now -pie")
+    set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--as-needed")
    set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,-z,relro,-z,now")
 endif()

-add_gcc_compiler_cflags("-std=c99")
-add_gcc_compiler_cxxflags("-std=c++11")
+set(CMAKE_C_STANDARD 99)
+if(WITH_XC_BOTAN3)
+    set(CMAKE_CXX_STANDARD 20)
+else()
+    set(CMAKE_CXX_STANDARD 17)
+endif()
+set(CMAKE_CXX_STANDARD_REQUIRED ON)

-if(APPLE)
+check_cxx_compiler_flag("-fsized-deallocation" CXX_HAS_fsized_deallocation)
+if(CXX_HAS_fsized_deallocation)
+    # Do additional check: the deallocation functions must be there too.
+    set(CMAKE_REQUIRED_FLAGS "-fsized-deallocation")
+    check_cxx_source_compiles("#include <new>
+        int main() { void * ptr = nullptr; std::size_t size = 1; ::operator delete(ptr, size); }"
+        HAVE_DEALLOCATION_FUNCTIONS)
+    if(HAVE_DEALLOCATION_FUNCTIONS)
+        check_add_gcc_compiler_flag("-fsized-deallocation" CXX)
+    endif()
+    unset(CMAKE_REQUIRED_FLAGS)
+endif()
+
+if(APPLE AND CMAKE_COMPILER_IS_CLANGXX)
    add_gcc_compiler_cxxflags("-stdlib=libc++")
 endif()

 if(WITH_DEV_BUILD)
-    add_definitions(-DQT_DEPRECATED_WARNINGS -DGCRYPT_NO_DEPRECATED)
+    add_definitions(-DQT_DEPRECATED_WARNINGS)
+else()
+    add_definitions(-DQT_NO_DEPRECATED_WARNINGS)
+    add_gcc_compiler_cxxflags("-Wno-deprecated-declarations")
 endif()

-if(MINGW)
-    set(CMAKE_RC_COMPILER_INIT windres)
-    enable_language(RC)
-    set(CMAKE_RC_COMPILE_OBJECT "<CMAKE_RC_COMPILER> <FLAGS> -O coff <DEFINES> -i <SOURCE> -o <OBJECT>")
-    if(NOT (CMAKE_BUILD_TYPE STREQUAL "Debug" OR CMAKE_BUILD_TYPE STREQUAL "RelWithDebInfo"))
-        # Enable DEP and ASLR
-        set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
-        set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
-        # Enable high entropy ASLR for 64-bit builds
-        if(NOT IS_32BIT)
-            set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--high-entropy-va")
-            set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--high-entropy-va")
+# MSVC specific options
+if (MSVC)
+    if(MSVC_TOOLSET_VERSION LESS 141)
+        message(FATAL_ERROR "Only Microsoft Visual Studio 17 and newer are supported!")
+    endif()
+    add_compile_options(/permissive- /utf-8)
+    # Clang-cl does not support /MP, /Zf, or /fsanitize=address
+    if (NOT CMAKE_COMPILER_IS_CLANG_MSVC)
+        add_compile_options(/MP)
+        if(IS_DEBUG_BUILD)
+            add_compile_options(/Zf)
+            if(MSVC_TOOLSET_VERSION GREATER 141)
+                add_compile_definitions(/fsanitize=address)
+            endif()
        endif()
    endif()
 endif()

-if(APPLE AND WITH_APP_BUNDLE OR MINGW)
+if(WIN32)
+    set(CMAKE_RC_COMPILER_INIT windres)
+    enable_language(RC)
+    if(MINGW)
+        set(CMAKE_RC_COMPILE_OBJECT "<CMAKE_RC_COMPILER> <FLAGS> -O coff <DEFINES> -i <SOURCE> -o <OBJECT>")
+    endif()
+    if(NOT IS_DEBUG_BUILD)
+        if(MSVC)
+            # By default MSVC enables NXCOMPAT
+            add_compile_options(/guard:cf)
+            add_link_options(/DYNAMICBASE /HIGHENTROPYVA /GUARD:CF)
+        else()
+            set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
+            set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
+            # Enable high entropy ASLR for 64-bit builds
+            if(NOT IS_32BIT)
+                set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--high-entropy-va")
+                set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--high-entropy-va")
+            endif()
+        endif()
+    endif()
+    # Determine if we can link against the Windows SDK, used for Windows Hello support
+    find_library(WINSDK WindowsApp.lib)
+endif()
+
+if(APPLE AND WITH_APP_BUNDLE OR WIN32)
    set(PROGNAME KeePassXC)
 else()
    set(PROGNAME keepassxc)
 endif()

-if(MINGW)
+if(WIN32)
    set(CLI_INSTALL_DIR ".")
    set(PROXY_INSTALL_DIR ".")
    set(BIN_INSTALL_DIR ".")
    set(PLUGIN_INSTALL_DIR ".")
    set(DATA_INSTALL_DIR "share")
 elseif(APPLE AND WITH_APP_BUNDLE)
-    set(CMAKE_INSTALL_MANDIR "${PROGNAME}.app/Contents/Resources/man")
-    set(CLI_INSTALL_DIR "${PROGNAME}.app/Contents/MacOS")
-    set(PROXY_INSTALL_DIR "${PROGNAME}.app/Contents/MacOS")
-    set(BIN_INSTALL_DIR "${PROGNAME}.app/Contents/MacOS")
-    set(PLUGIN_INSTALL_DIR "${PROGNAME}.app/Contents/PlugIns")
-    set(DATA_INSTALL_DIR "${PROGNAME}.app/Contents/Resources")
+    set(BUNDLE_INSTALL_DIR "${PROGNAME}.app/Contents")
+    set(CMAKE_INSTALL_MANDIR "${BUNDLE_INSTALL_DIR}/Resources/man")
+    set(CLI_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/MacOS")
+    set(PROXY_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/MacOS")
+    set(BIN_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/MacOS")
+    set(PLUGIN_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/PlugIns")
+    set(DATA_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/Resources")
 else()
    include(GNUInstallDirs)

@@ -311,35 +483,63 @@ endif(WITH_TESTS)
 if(WITH_COVERAGE)
    # Include code coverage, use with -DCMAKE_BUILD_TYPE=Debug
    include(CodeCoverage)
-    set(COVERAGE_GCOVR_EXCLUDES
-            "\\(.+/\\)?tests/.\\*"
-            ".\\*/moc_\\[^/\\]+\\.cpp"
-            ".\\*/ui_\\[^/\\]+\\.h"
-            "\\(.+/\\)?zxcvbn/.\\*")
    append_coverage_compiler_flags()
-    setup_target_for_coverage_gcovr_html(
-            NAME coverage
-            EXECUTABLE $(MAKE) && $(MAKE) test
-    )
+
+    set(COVERAGE_EXCLUDES
+            "'^(.+/)?thirdparty/.*'"
+            "'^(.+/)?main\\.cpp$$'"
+            "'^(.+/)?cli/keepassxc-cli\\.cpp$$'"
+            "'^(.+/)?proxy/keepassxc-proxy\\.cpp$$'")
+    if(WITH_COVERAGE AND CMAKE_COMPILER_IS_CLANGXX)
+        set(MAIN_BINARIES
+                "$<TARGET_FILE:${PROGNAME}>"
+                "$<TARGET_FILE:keepassxc-cli>"
+                "$<TARGET_FILE:keepassxc-proxy>")
+        setup_target_for_coverage_llvm(
+                NAME coverage
+                BINARY ${MAIN_BINARIES}
+                SOURCES_ROOT ${CMAKE_SOURCE_DIR}/src
+        )
+    else()
+        setup_target_for_coverage_gcovr(
+                NAME coverage
+                SOURCES_ROOT ${CMAKE_SOURCE_DIR}/src
+        )
+    endif()
 endif()

 include(CLangFormat)

 set(QT_COMPONENTS Core Network Concurrent Gui Svg Widgets Test LinguistTools)
 if(UNIX AND NOT APPLE)
+    if(WITH_XC_X11)
+        list(APPEND QT_COMPONENTS X11Extras)
+    endif()
    find_package(Qt5 COMPONENTS ${QT_COMPONENTS} DBus REQUIRED)
 elseif(APPLE)
-    find_package(Qt5 COMPONENTS ${QT_COMPONENTS} REQUIRED HINTS /usr/local/opt/qt/lib/cmake /usr/local/Cellar/qt/*/lib/cmake ENV PATH)
-    find_package(Qt5 COMPONENTS MacExtras HINTS /usr/local/opt/qt/lib/cmake /usr/local/Cellar/qt/*/lib/cmake ENV PATH)
+    find_package(Qt5 COMPONENTS ${QT_COMPONENTS} REQUIRED HINTS
+            /usr/local/opt/qt@5/lib/cmake
+            /usr/local/Cellar/qt@5/*/lib/cmake
+            /opt/homebrew/opt/qt@5/lib/cmake
+            ENV PATH)
+    find_package(Qt5 COMPONENTS MacExtras HINTS
+            /usr/local/opt/qt@5/lib/cmake
+            /usr/local/Cellar/qt@5/*/lib/cmake
+            /opt/homebrew/opt/qt@5/lib/cmake
+            ENV PATH)
 else()
    find_package(Qt5 COMPONENTS ${QT_COMPONENTS} REQUIRED)
 endif()

-if(Qt5Core_VERSION VERSION_LESS "5.2.0")
-    message(FATAL_ERROR "Qt version 5.2.0 or higher is required")
+if(Qt5Core_VERSION VERSION_LESS "5.12.0")
+    message(FATAL_ERROR "Qt version 5.12.0 or higher is required")
 endif()

 get_filename_component(Qt5_PREFIX ${Qt5_DIR}/../../.. REALPATH)
+if(APPLE)
+    # Add includes under Qt5 Prefix in case Qt6 is also installed
+    include_directories(SYSTEM ${Qt5_PREFIX}/include)
+endif()

 # Process moc automatically
 set(CMAKE_AUTOMOC ON)
@@ -350,50 +550,48 @@ set(CMAKE_AUTORCC ON)

 if(APPLE)
    set(CMAKE_MACOSX_RPATH TRUE)
-    find_program(MACDEPLOYQT_EXE macdeployqt HINTS ${Qt5_PREFIX}/bin ENV PATH)
+    find_program(MACDEPLOYQT_EXE macdeployqt HINTS ${Qt5_PREFIX}/bin ${Qt5_PREFIX}/tools/qt5/bin ENV PATH)
    if(NOT MACDEPLOYQT_EXE)
-        message(FATAL_ERROR "macdeployqt is required to build in macOS")
-    else()
-        message(STATUS "Using macdeployqt: ${MACDEPLOYQT_EXE}")
+        message(FATAL_ERROR "macdeployqt is required to build on macOS")
    endif()
+    message(STATUS "Using macdeployqt: ${MACDEPLOYQT_EXE}")
+    set(MACDEPLOYQT_EXTRA_BINARIES "")
+elseif(WIN32)
+    find_program(WINDEPLOYQT_EXE windeployqt HINTS ${Qt5_PREFIX}/bin ${Qt5_PREFIX}/tools/qt5/bin ENV PATH)
+    if(NOT WINDEPLOYQT_EXE)
+        message(FATAL_ERROR "windeployqt is required to build on Windows")
+    endif()
+    message(STATUS "Using windeployqt: ${WINDEPLOYQT_EXE}")
 endif()

-# Debian sets the the build type to None for package builds.
+# Debian sets the build type to None for package builds.
 # Make sure we don't enable asserts there.
 set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS_NONE QT_NO_DEBUG)

-find_package(LibGPGError REQUIRED)
-find_package(Gcrypt 1.7.0 REQUIRED)
-find_package(Argon2 REQUIRED)
+# Find Argon2 -- Botan 2.18 and below does not support threaded Argon2
+find_library(ARGON2_LIBRARIES NAMES argon2)
+find_path(ARGON2_INCLUDE_DIR NAMES argon2.h PATH_SUFFIXES local/include)
+include_directories(SYSTEM ${ARGON2_INCLUDE_DIR})
+
+# Find zlib
 find_package(ZLIB REQUIRED)
-find_package(QREncode REQUIRED)
-
-set(CMAKE_REQUIRED_INCLUDES ${ZLIB_INCLUDE_DIR})
-
 if(ZLIB_VERSION_STRING VERSION_LESS "1.2.0")
    message(FATAL_ERROR "zlib 1.2.0 or higher is required to use the gzip format")
 endif()
+include_directories(SYSTEM ${ZLIB_INCLUDE_DIR})

-include_directories(SYSTEM ${ARGON2_INCLUDE_DIR})
+# Find Minizip
+find_package(Minizip REQUIRED)

-# Optional
-if(WITH_XC_KEESHARE)
-    set(WITH_XC_KEESHARE_INSECURE ON)
-    if(WITH_XC_KEESHARE_SECURE)
-        # ZLIB is needed and already required
-        find_package(QuaZip REQUIRED)
-        include_directories(SYSTEM ${QUAZIP_INCLUDE_DIR})
-    endif()
-else()
-    set(WITH_XC_KEESHARE_INSECURE OFF)
-    set(WITH_XC_KEESHARE_SECURE OFF)
-endif()
-
-# Optional
 if(WITH_XC_YUBIKEY)
-    find_package(YubiKey REQUIRED)
+    find_package(PCSC REQUIRED)
+    include_directories(SYSTEM ${PCSC_INCLUDE_DIRS})

-    include_directories(SYSTEM ${YUBIKEY_INCLUDE_DIRS})
+    if(UNIX AND NOT APPLE)
+        find_library(LIBUSB_LIBRARIES NAMES usb-1.0 REQUIRED)
+        find_path(LIBUSB_INCLUDE_DIR NAMES libusb.h PATH_SUFFIXES "libusb-1.0" "libusb" REQUIRED)
+        include_directories(SYSTEM ${LIBUSB_INCLUDE_DIR})
+    endif()
 endif()

 if(UNIX)
@@ -401,6 +599,14 @@ if(UNIX)
    int main() { prctl(PR_SET_DUMPABLE, 0); return 0; }"
            HAVE_PR_SET_DUMPABLE)

+    check_cxx_source_compiles("#include <malloc.h>
+    int main() { return 0; }"
+            HAVE_MALLOC_H)
+
+    check_cxx_source_compiles("#include <malloc.h>
+    int main() { malloc_usable_size(NULL); return 0; }"
+            HAVE_MALLOC_USABLE_SIZE)
+
    check_cxx_source_compiles("#include <sys/resource.h>
    int main() {
      struct rlimit limit;
@@ -418,9 +624,13 @@ if(UNIX)
    endif()
 endif()

-include_directories(SYSTEM ${GCRYPT_INCLUDE_DIR} ${ZLIB_INCLUDE_DIR})
+include_directories(SYSTEM ${ZLIB_INCLUDE_DIR})

-include(FeatureSummary)
+find_library(ZXCVBN_LIBRARIES zxcvbn)
+if(NOT ZXCVBN_LIBRARIES)
+    add_subdirectory(src/thirdparty/zxcvbn)
+    set(ZXCVBN_LIBRARIES zxcvbn)
+endif(NOT ZXCVBN_LIBRARIES)

 add_subdirectory(src)
 add_subdirectory(share)
@@ -428,6 +638,10 @@ if(WITH_TESTS)
    add_subdirectory(tests)
 endif(WITH_TESTS)

+if(WITH_XC_DOCS)
+    add_subdirectory(docs)
+endif()
+
 if(PRINT_SUMMARY)
    # This will print ENABLED, REQUIRED and DISABLED
    feature_summary(WHAT ALL)
--- a/CODE-OF-CONDUCT.md
+++ b/CODE-OF-CONDUCT.md
@@ -0,0 +1,20 @@
+# Contributor Code of Conduct
+
+KeePassXC is an open project that welcomes everybody no matter their ethnicity, sex,
+sexual identity or orientation, age, socio-economic status, nationality, or religion.
+Regardless of what background you come from, feel encouraged to participate in
+the project and express your views as long you are respectful to others.
+
+We value all members of our community and so in order to ensure a harassment-free
+experience for everyone and mutual respect among members of this community, we
+impose the following simple rules:
+
+- No bullying, no insults. Any form of harassment will not be tolerated.
+- No racism, no sexism, no homophobia, no hurtful extremist views of any kind.
+- Be mindful of what you say, be diligent in how you say it.
+- Show respect and, as always, be excellent to each other.
+
+Violations of these rules or any other form of abuse can be reported confidentially
+to conduct AT keepassxc DOT org. Members who do not adhere to our code of conduct
+will be banned either permanently or until they change their ways so as to be
+compatible with a friendly, open, and inclusive community.
--- a/388
+++ b/388
@@ -1,5 +1,5 @@
 KeePassXC - http://www.keepassxc.org/
-Copyright (C) 2016-2017 KeePassXC Team <team@keepassxc.org>
+Copyright (C) 2016-2023 KeePassXC Team <team@keepassxc.org>

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -27,196 +27,229 @@ Copyright: 2010-2012, Felix Geyer <debfx@fobos.de>
           2000-2008, Tom Sato <VEF00200@nifty.ne.jp>
           2013, Laszlo Papp <lpapp@kde.org>
           2013, David Faure <faure@kde.org>
-           2016-2018, KeePassXC Team <team@keepassxc.org>
+           2016-2023, KeePassXC Team <team@keepassxc.org>
 License: GPL-2 or GPL-3

 Comment: The "KeePassXC Team" in every copyright notice is formed by the following people:
           - droidmonkey
           - phoerious
-           - TheZ3ro <io@thezero.org>
+           - varjolintu
+           - hifi
           - louib
-           - weslly
         Every other contributor is listed on https://github.com/keepassxreboot/keepassxc/graphs/contributors

-Files: cmake/GNUInstallDirs.cmake
-Copyright: 2011 Nikita Krupen'ko <krnekit@gmail.com>
-           2011 Kitware, Inc.
-License: BSD-3-clause
-
 Files: cmake/CodeCoverage.cmake
 Copyright: 2012 - 2015, Lars Bilke
 License: BSD-3-clause

-Files: cmake/FindYubiKey.cmake
-Copyright: 2014 Kyle Manna <kyle@kylemanna.com>
-License: GPL-2 or GPL-3
+Files: cmake/FindBotan.cmake
+Copyright: none
+License: LGPL-2.1

 Files: cmake/GenerateProductVersion.cmake
 Copyright: 2015 halex2005 <akharlov@gmail.com>
 License: MIT

-Files: share/icons/application/*/apps/keepassxc.png
-       share/icons/application/scalable/apps/keepassxc.svg
-       share/icons/application/*/apps/keepassxc-dark.png
+Files: share/icons/application/scalable/apps/keepassxc.svg
       share/icons/application/scalable/apps/keepassxc-dark.svg
-       share/icons/application/*/apps/keepassxc-locked.png
       share/icons/application/scalable/apps/keepassxc-locked.svg
-       share/icons/application/*/apps/keepassxc-unlocked.png
       share/icons/application/scalable/apps/keepassxc-unlocked.svg
-       share/icons/application/*/mimetypes/application-x-keepassxc.png
       share/icons/application/scalable/mimetypes/application-x-keepassxc.svg
 Copyright: 2016, Lorenzo Stella <lorenzo.stl@gmail.com>
 License: LGPL-2

-Files: share/icons/application/*/actions/auto-type.png
-       share/icons/application/*/actions/database-change-key.png
-       share/icons/application/*/actions/entry-clone.png
-       share/icons/application/*/actions/entry-edit.png
-       share/icons/application/*/actions/entry-new.png
-       share/icons/application/*/actions/group-empty-trash.png
-       share/icons/application/*/actions/help-about.png
-       share/icons/application/*/actions/password-generate.png
-       share/icons/database/C00_Password.png
-       share/icons/database/C01_Package_Network.png
-       share/icons/database/C02_MessageBox_Warning.png
-       share/icons/database/C03_Server.png
-       share/icons/database/C04_Klipper.png
-       share/icons/database/C05_Edu_Languages.png
-       share/icons/database/C06_KCMDF.png
-       share/icons/database/C07_Kate.png
-       share/icons/database/C08_Socket.png
-       share/icons/database/C09_Identity.png
-       share/icons/database/C10_Kontact.png
-       share/icons/database/C11_Camera.png
-       share/icons/database/C12_IRKickFlash.png
-       share/icons/database/C13_KGPG_Key3.png
-       share/icons/database/C14_Laptop_Power.png
-       share/icons/database/C15_Scanner.png
-       share/icons/database/C16_Mozilla_Firebird.png
-       share/icons/database/C17_CDROM_Unmount.png
-       share/icons/database/C18_Display.png
-       share/icons/database/C19_Mail_Generic.png
-       share/icons/database/C20_Misc.png
-       share/icons/database/C21_KOrganizer.png
-       share/icons/database/C22_ASCII.png
-       share/icons/database/C23_Icons.png
-       share/icons/database/C24_Connect_Established.png
-       share/icons/database/C25_Folder_Mail.png
-       share/icons/database/C26_FileSave.png
-       share/icons/database/C27_NFS_Unmount.png
-       share/icons/database/C28_QuickTime.png
-       share/icons/database/C29_KGPG_Term.png
-       share/icons/database/C30_Konsole.png
-       share/icons/database/C31_FilePrint.png
-       share/icons/database/C32_FSView.png
-       share/icons/database/C33_Run.png
-       share/icons/database/C34_Configure.png
-       share/icons/database/C35_KRFB.png
-       share/icons/database/C36_Ark.png
-       share/icons/database/C37_KPercentage.png
-       share/icons/database/C38_Samba_Unmount.png
-       share/icons/database/C39_History.png
-       share/icons/database/C40_Mail_Find.png
-       share/icons/database/C41_VectorGfx.png
-       share/icons/database/C42_KCMMemory.png
-       share/icons/database/C43_EditTrash.png
-       share/icons/database/C44_KNotes.png
-       share/icons/database/C45_Cancel.png
-       share/icons/database/C46_Help.png
-       share/icons/database/C47_KPackage.png
-       share/icons/database/C48_Folder.png
-       share/icons/database/C49_Folder_Blue_Open.png
-       share/icons/database/C50_Folder_Tar.png
-       share/icons/database/C51_Decrypted.png
-       share/icons/database/C52_Encrypted.png
-       share/icons/database/C53_Apply.png
-       share/icons/database/C54_Signature.png
-       share/icons/database/C55_Thumbnail.png
-       share/icons/database/C56_KAddressBook.png
-       share/icons/database/C57_View_Text.png
-       share/icons/database/C58_KGPG.png
-       share/icons/database/C59_Package_Development.png
-       share/icons/database/C60_KFM_Home.png
-       share/icons/database/C61_Services.png
-Copyright: 2003-2004, David Vignoni <david@icon-king.com>
-License: LGPL-2.1
-Comment: from Nuvola icon theme
-
-Files: share/icons/application/*/actions/entry-delete.png
-       share/icons/application/*/actions/group-delete.png
-       share/icons/application/*/actions/group-edit.png
-       share/icons/application/*/actions/group-new.png
-Copyright: 2003-2004, David Vignoni <david@icon-king.com>
-           2012, Felix Geyer <debfx@fobos.de>
-License: LGPL-2.1
-Comment: based on Nuvola icon theme
-
-Files: share/icons/application/*/actions/favicon-download.png
-Copyright: 2003-2004, David Vignoni <david@icon-king.com>
-           2018, Kyle Kneitinger <kyle@kneit.in>
-License: LGPL-2.1
-Comment: based on Nuvola icon theme
-
-Files: share/icons/application/*/actions/application-exit.png
-       share/icons/application/*/actions/chronometer.png
-       share/icons/application/*/actions/configure.png
-       share/icons/application/*/actions/dialog-close.png
-       share/icons/application/*/actions/dialog-ok.png
-       share/icons/application/*/actions/document-close.png
-       share/icons/application/*/actions/document-edit.png
-       share/icons/application/*/actions/document-encrypt.png
-       share/icons/application/*/actions/document-new.png
-       share/icons/application/*/actions/document-open.png
-       share/icons/application/*/actions/document-properties.png
-       share/icons/application/*/actions/document-save.png
-       share/icons/application/*/actions/document-save-as.png
-       share/icons/application/*/actions/edit-clear-locationbar-ltr.png
-       share/icons/application/*/actions/edit-clear-locationbar-rtl.png
-       share/icons/application/*/actions/key-enter.png
-       share/icons/application/*/actions/password-generator.png
-       share/icons/application/*/actions/password-copy.png
-       share/icons/application/*/actions/password-show-*.png
-       share/icons/application/*/actions/system-search.png
-       share/icons/application/*/actions/username-copy.png
-       share/icons/application/*/actions/view-history.png
-       share/icons/application/*/apps/internet-web-browser.png
-       share/icons/application/*/apps/preferences-desktop-icons.png
-       share/icons/application/*/apps/utilities-terminal.png
-       share/icons/application/*/categories/preferences-other.png
-       share/icons/application/*/status/dialog-error.png
-       share/icons/application/*/status/dialog-information.png
-       share/icons/application/*/status/dialog-warning.png
-       share/icons/application/*/status/security-high.png
-       share/icons/svg/*.svg
-Copyright: 2007, Nuno Pinheiro <nuno@oxygen-icons.org>
-           2007, David Vignoni <david@icon-king.com>
-           2007, David Miller <miller@oxygen-icons.org>
-           2007, Johann Ollivier Lapeyre <johann@oxygen-icons.org>
-           2007, Kenneth Wimer <kwwii@bootsplash.org>
-           2007, Riccardo Iaconelli <riccardo@oxygen-icons.org>
-License: LGPL-3+
-Comment: from Oxygen icon theme (http://www.oxygen-icons.org/)
-
-Files: share/icons/database/C62_Tux.png
-       share/icons/database/C63_Feather.png
-       share/icons/database/C64_Apple.png
-       share/icons/database/C67_Certificate.png
-       share/icons/database/C68_BlackBerry.png
-Copyright: Mairin Duffy
-           Sarah Owens
-           James Birkett
-           Dominik Reichl
-License: CC0
-Comment: C62_Tux.png from https://openclipart.org/detail/103855
-         C63_Feather.png from http://openclipart.org/detail/122017
-         C64_Apple.png based on http://openclipart.org/detail/24319
-         C67_Certificate.png based on https://openclipart.org/detail/16729
-         C68_BlackBerry.png from https://openclipart.org/detail/4465
-
-Files: share/icons/database/C65_W.png
-       share/icons/database/C66_Money.png
+Files: share/icons/database/C00_Password.svg
+       share/icons/database/C01_Package_Network.svg
+       share/icons/database/C02_MessageBox_Warning.svg
+       share/icons/database/C03_Server.svg
+       share/icons/database/C04_Klipper.svg
+       share/icons/database/C05_Edu_Languages.svg
+       share/icons/database/C06_KCMDF.svg
+       share/icons/database/C08_Socket.svg
+       share/icons/database/C09_Identity.svg
+       share/icons/database/C10_Kontact.svg
+       share/icons/database/C11_Camera.svg
+       share/icons/database/C12_IRKickFlash.svg
+       share/icons/database/C13_KGPG_Key3.svg
+       share/icons/database/C14_Laptop_Power.svg
+       share/icons/database/C15_Scanner.svg
+       share/icons/database/C16_Mozilla_Firebird.svg
+       share/icons/database/C19_Mail_Generic.svg
+       share/icons/database/C20_Misc.svg
+       share/icons/database/C21_KOrganizer.svg
+       share/icons/database/C22_ASCII.svg
+       share/icons/database/C23_Icons.svg
+       share/icons/database/C24_Connect_Established.svg
+       share/icons/database/C25_Folder_Mail.svg
+       share/icons/database/C28_QuickTime.svg
+       share/icons/database/C29_KGPG_Term.svg
+       share/icons/database/C30_Konsole.svg
+       share/icons/database/C31_FilePrint.svg
+       share/icons/database/C32_FSView.svg
+       share/icons/database/C33_Run.svg
+       share/icons/database/C34_Configure.svg
+       share/icons/database/C36_Ark.svg
+       share/icons/database/C39_History.svg
+       share/icons/database/C40_Mail_Find.svg
+       share/icons/database/C41_VectorGfx.svg
+       share/icons/database/C42_KCMMemory.svg
+       share/icons/database/C43_EditTrash.svg
+       share/icons/database/C47_KPackage.svg
+       share/icons/database/C48_Folder.svg
+       share/icons/database/C49_Folder_Blue_Open.svg
+       share/icons/database/C50_Folder_Tar.svg
+       share/icons/database/C55_Thumbnail.svg
+       share/icons/database/C56_KAddressBook.svg
+       share/icons/database/C57_View_Text.svg
+       share/icons/database/C58_KGPG.svg
+       share/icons/database/C59_Package_Development.svg
+       share/icons/database/C60_KFM_Home.svg
+       share/icons/database/C62_Tux.svg
+       share/icons/database/C63_Feather.svg
+       share/icons/database/C65_W.svg
+       share/icons/database/C67_Certificate.svg
+       share/icons/database/C68_BlackBerry.svg
 Copyright: none
-License: public-domain
+License: MIT
+Comment: Taken from https://github.com/icons8/flat-color-icons
+
+Files: share/icons/badges/0_ShareActive.svg
+       share/icons/badges/1_ShareInactive.svg
+       share/icons/database/C07_Kate.svg
+       share/icons/database/C17_CDROM_Unmount.svg
+       share/icons/database/C18_Display.svg
+       share/icons/database/C26_FileSave.svg
+       share/icons/database/C27_NFS_Unmount.svg
+       share/icons/database/C35_KRFB.svg
+       share/icons/database/C38_Samba_Unmount.svg
+       share/icons/database/C44_KNotes.svg
+       share/icons/database/C51_Decrypted.svg
+       share/icons/database/C52_Encrypted.svg
+       share/icons/database/C54_Signature.svg
+       share/icons/database/C66_Money.svg
+Copyright: none
+License: CC0
+Comment: Taken from https://github.com/paomedia/small-n-flat
+
+Files: share/icons/badges/2_Expired.svg
+       share/icons/database/C37_KPercentage.svg
+       share/icons/database/C45_Cancel.svg
+       share/icons/database/C46_Help.svg
+       share/icons/database/C53_Apply.svg
+       share/icons/database/C61_Services.svg
+       share/icons/application/scalable/actions/proton.svg
+Copyright: 2022 KeePassXC Team <team@keepassxc.org>
+License: MIT
+
+Files: share/icons/application/scalable/actions/application-exit.svg
+       share/icons/application/scalable/actions/arrow-collapse-down.svg
+       share/icons/application/scalable/actions/attributes-copy.svg
+       share/icons/application/scalable/actions/auto-type.svg
+       share/icons/application/scalable/actions/bitwarden.svg
+       share/icons/application/scalable/actions/bugreport.svg
+       share/icons/application/scalable/actions/chevron-double-down.svg
+       share/icons/application/scalable/actions/chevron-double-right.svg
+       share/icons/application/scalable/actions/clipboard-text.svg
+       share/icons/application/scalable/actions/configure.svg
+       share/icons/application/scalable/actions/csv.svg
+       share/icons/application/scalable/actions/database-change-key.svg
+       share/icons/application/scalable/actions/database-lock.svg
+       share/icons/application/scalable/actions/database-lock-all.svg
+       share/icons/application/scalable/actions/database-merge.svg
+       share/icons/application/scalable/actions/database-search.svg
+       share/icons/application/scalable/actions/database-settings.svg
+       share/icons/application/scalable/actions/dialog-close.svg
+       share/icons/application/scalable/actions/dialog-ok.svg
+       share/icons/application/scalable/actions/document-close.svg
+       share/icons/application/scalable/actions/document-edit.svg
+       share/icons/application/scalable/actions/document-export.svg
+       share/icons/application/scalable/actions/document-import.svg
+       share/icons/application/scalable/actions/document-new.svg
+       share/icons/application/scalable/actions/document-open.svg
+       share/icons/application/scalable/actions/document-open-recent.svg
+       share/icons/application/scalable/actions/document-properties.svg
+       share/icons/application/scalable/actions/document-save.svg
+       share/icons/application/scalable/actions/document-save-as.svg
+       share/icons/application/scalable/actions/document-save-copy.svg
+       share/icons/application/scalable/actions/donate.svg
+       share/icons/application/scalable/actions/edit-clear-locationbar-ltr.svg
+       share/icons/application/scalable/actions/edit-clear-locationbar-rtl.svg
+       share/icons/application/scalable/actions/entry-clone.svg
+       share/icons/application/scalable/actions/entry-delete.svg
+       share/icons/application/scalable/actions/entry-restore.svg
+       share/icons/application/scalable/actions/entry-edit.svg
+       share/icons/application/scalable/actions/entry-expire.svg
+       share/icons/application/scalable/actions/entry-new.svg
+       share/icons/application/scalable/actions/favicon-download.svg
+       share/icons/application/scalable/actions/fingerprint.svg
+       share/icons/application/scalable/actions/getting-started.svg
+       share/icons/application/scalable/actions/group-delete.svg
+       share/icons/application/scalable/actions/group-edit.svg
+       share/icons/application/scalable/actions/group-clone.svg
+       share/icons/application/scalable/actions/group-empty-trash.svg
+       share/icons/application/scalable/actions/group-new.svg
+       share/icons/application/scalable/actions/hammer-wrench.svg
+       share/icons/application/scalable/actions/health.svg
+       share/icons/application/scalable/actions/help-about.svg
+       share/icons/application/scalable/actions/lock-question.svg
+       share/icons/application/scalable/actions/keyboard-shortcuts.svg
+       share/icons/application/scalable/actions/message-close.svg
+       share/icons/application/scalable/actions/move-down.svg
+       share/icons/application/scalable/actions/move-up.svg
+       share/icons/application/scalable/actions/object-locked.svg
+       share/icons/application/scalable/actions/object-unlocked.svg
+       share/icons/application/scalable/actions/onepassword.svg
+       share/icons/application/scalable/actions/paperclip.svg
+       share/icons/application/scalable/actions/password-copy.svg
+       share/icons/application/scalable/actions/passkey.svg
+       share/icons/application/scalable/actions/password-generator.svg
+       share/icons/application/scalable/actions/password-show-off.svg
+       share/icons/application/scalable/actions/password-show-on.svg
+       share/icons/application/scalable/actions/qrcode.svg
+       share/icons/application/scalable/actions/refresh.svg
+       share/icons/application/scalable/actions/reports.svg
+       share/icons/application/scalable/actions/reports-exclude.svg
+       share/icons/application/scalable/actions/sort-alphabetical-ascending.svg
+       share/icons/application/scalable/actions/sort-alphabetical-descending.svg
+       share/icons/application/scalable/actions/statistics.svg
+       share/icons/application/scalable/actions/system-help.svg
+       share/icons/application/scalable/actions/system-search.svg
+       share/icons/application/scalable/actions/system-software-update.svg
+       share/icons/application/scalable/actions/tag.svg
+       share/icons/application/scalable/actions/tag-multiple.svg
+       share/icons/application/scalable/actions/tag-search.svg
+       share/icons/application/scalable/actions/totp.svg
+       share/icons/application/scalable/actions/totp-copy.svg
+       share/icons/application/scalable/actions/totp-copy-password.svg
+       share/icons/application/scalable/actions/totp-edit.svg
+       share/icons/application/scalable/actions/totp-invalid.svg
+       share/icons/application/scalable/actions/trash.svg
+       share/icons/application/scalable/actions/url-copy.svg
+       share/icons/application/scalable/actions/user-guide.svg
+       share/icons/application/scalable/actions/username-copy.svg
+       share/icons/application/scalable/actions/view-history.svg
+       share/icons/application/scalable/actions/web.svg
+       share/icons/application/scalable/actions/yubikey-refresh.svg
+       share/icons/application/scalable/apps/internet-web-browser.svg
+       share/icons/application/scalable/apps/keepassxc.svg
+       share/icons/application/scalable/apps/keepassxc-dark.svg
+       share/icons/application/scalable/apps/keepassxc-locked.svg
+       share/icons/application/scalable/apps/keepassxc-unlocked.svg
+       share/icons/application/scalable/apps/preferences-desktop-icons.svg
+       share/icons/application/scalable/apps/preferences-system-network-sharing.svg
+       share/icons/application/scalable/apps/utilities-terminal.svg
+       share/icons/application/scalable/categories/preferences-other.svg
+       share/icons/application/scalable/mimetypes/application-x-keepassxc.svg
+       share/icons/application/scalable/status/dialog-error.svg
+       share/icons/application/scalable/status/dialog-information.svg
+       share/icons/application/scalable/status/dialog-warning.svg
+       share/icons/application/scalable/status/security-high.svg
+       share/icons/application/scalable/actions/lock-open-alert.svg
+       share/icons/application/scalable/actions/lock-open.svg
+       share/icons/application/scalable/actions/lock.svg
+Copyright: 2023 Pictogrammers <https://pictogrammers.com/docs/general/about/>
+License: Apache-2.0
+Comment: Some icons are modified to fit KeePassXC design (https://pictogrammers.com/library/mdi/)

 Files: src/streams/qtiocompressor.*
       src/streams/QtIOCompressor
@@ -224,11 +257,7 @@ Files: src/streams/qtiocompressor.*
 Copyright: 2009-2012, Nokia Corporation and/or its subsidiary(-ies)
 License: LGPL-2.1 or GPL-3

-Files: cmake/GetGitRevisionDescription.cmake*
-Copyright: 2009-2010, Iowa State University
-License: Boost-1.0
-
-Files: src/zxcvbn/zxcvbn.*
+Files: src/thirdparty/zxcvbn/zxcvbn.*
 Copyright: 2015-2017, Tony Evans
 License: MIT

@@ -238,6 +267,21 @@ Copyright: 2011 Aurélien Gâteau <agateau@kde.org>
           2014 Dominik Haumann <dhaumann@kde.org>
 License: LGPL-2.1

-Files: share/macosx/dmg-background.tiff
+Files: share/macosx/background.tiff
 Copyright: 2008-2014, Andrey Tarantsov
 License: MIT
+
+Files: share/icons/application/scalable/apps/freedesktop.svg
+Copyright: GPL-2+
+Comment: from Freedesktop.org website
+
+Files: share/icons/application/scalable/actions/hibp.svg
+       share/icons/database/C64_Apple.svg
+Copyright: GPL-2+
+Comment: from the Simple Icons repo (https://github.com/simple-icons/simple-icons/)
+
+Files: src/thirdparty/ykcore/yk*
+       src/thirdparty/ykcore/yubikey.h
+Copyright: 2006-2015, Yubico AB
+License: BSD-2-Clause
+Comment: from the yubikey-personalization repo (https://github.com/Yubico/yubikey-personalization)
--- a/97
+++ b/97
@@ -1,97 +0,0 @@
-# KeePassXC Linux Release Build Dockerfile
-# Copyright (C) 2017-2018 KeePassXC team <https://keepassxc.org/>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 2 or (at your option)
-# version 3 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-FROM ubuntu:14.04
-
-ENV REBUILD_COUNTER=10
-
-ENV QT5_VERSION=qt510
-ENV QT5_PPA_VERSION=qt-5.10.1
-ENV TERM=xterm-256color
-
-RUN set -x \
-    && apt-get update -y \
-    && apt-get -y install software-properties-common
-
-RUN set -x \
-    && add-apt-repository ppa:beineri/opt-${QT5_PPA_VERSION}-trusty \
-    && add-apt-repository ppa:phoerious/keepassxc
-
-RUN set -x \
-    && apt-get update -y \
-    && apt-get upgrade -y
-
-# build and runtime dependencies
-RUN set -x \
-    && apt-get install -y \
-        cmake3 \
-        curl \
-        g++ \
-        git \
-        libgcrypt20-18-dev \
-        libargon2-0-dev \
-        libsodium-dev \
-        libcurl-no-gcrypt-dev \
-        ${QT5_VERSION}base \
-        ${QT5_VERSION}tools \
-        ${QT5_VERSION}x11extras \
-        ${QT5_VERSION}translations \
-        ${QT5_VERSION}imageformats \
-        ${QT5_VERSION}svg \
-        zlib1g-dev \
-        libxi-dev \
-        libxtst-dev \
-        # ubuntu:14.04 has no quazip (it's optional)
-        # libquazip5-dev \
-        mesa-common-dev \
-        libyubikey-dev \
-        libykpers-1-dev \
-        libqrencode-dev \
-        xclip \
-        xvfb
-
-ENV PATH="/opt/${QT5_VERSION}/bin:${PATH}"
-ENV CMAKE_PREFIX_PATH="/opt/${QT5_VERSION}/lib/cmake"
-ENV CMAKE_INCLUDE_PATH="/opt/keepassxc-libs/include"
-ENV CMAKE_LIBRARY_PATH="/opt/keepassxc-libs/lib/x86_64-linux-gnu"
-ENV CPATH="${CMAKE_INCLUDE_PATH}"
-ENV LD_LIBRARY_PATH="${CMAKE_LIBRARY_PATH}:/opt/${QT5_VERSION}/lib"
-
-RUN set -x \
-    && echo "/opt/${QT5_VERSION}/lib" > /etc/ld.so.conf.d/${QT5_VERSION}.conf \
-    && echo "/opt/keepassxc-libs/lib/x86_64-linux-gnu" > /etc/ld.so.conf.d/keepassxc.conf
-
-# AppImage dependencies
-RUN set -x \
-    && apt-get install -y \
-        curl \
-        libfuse2
-
-RUN set -x \
-    && curl -L "https://github.com/linuxdeploy/linuxdeploy/releases/download/continuous/linuxdeploy-x86_64.AppImage" > /usr/bin/linuxdeploy \
-    && curl -L "https://github.com/linuxdeploy/linuxdeploy-plugin-qt/releases/download/continuous/linuxdeploy-plugin-qt-x86_64.AppImage" > /usr/bin/linuxdeploy-plugin-qt \
-    && curl -L "https://github.com/AppImage/AppImageKit/releases/download/continuous/appimagetool-x86_64.AppImage" > /usr/bin/appimagetool \
-    && chmod +x /usr/bin/linuxdeploy \
-    && chmod +x /usr/bin/linuxdeploy-plugin-qt \
-    && chmod +x /usr/bin/appimagetool
-
-RUN set -x \
-    && apt-get autoremove --purge \
-    && rm -rf /var/lib/apt/lists/*
-
-VOLUME /keepassxc/src
-VOLUME /keepassxc/out
-WORKDIR /keepassxc
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -2,149 +2,154 @@ Build and Install KeePassXC
 =================

 This document will guide you through the steps to build and install KeePassXC from source.
-You can visit the online version of this document at the following link:
+For more information, see also the [_Building KeePassXC_](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC) page on the wiki.

-https://github.com/keepassxreboot/keepassx/wiki/Install-Instruction-from-Source
+The [QuickStart Guide](https://keepassxc.org/docs/KeePassXC_GettingStarted.html) gets you started using KeePassXC on your Windows, macOS, or Linux computer using pre-compiled binaries from the [downloads page](https://keepassxc.org/download).

-The [KeePassXC QuickStart](./docs/QUICKSTART.md) gets you started using KeePassXC on your
-Windows, Mac, or Linux computer using the pre-built binaries.
-
-Build Dependencies
-==================
-
-The following tools must exist within your PATH:
-
-* make
-* cmake (>= 2.8.12)
-* g++ (>= 4.7) or clang++ (>= 3.0)
-
-The following libraries are required:
-
-* Qt 5 (>= 5.2): qtbase and qttools5
-* libgcrypt (>= 1.6)
-* zlib
-* libmicrohttpd
-* libxi, libxtst, qtx11extras (optional for auto-type on X11)
-* libsodium (>= 1.0.12, optional for KeePassXC-Browser support)
-* libargon2
-
-Prepare the Building Environment
+Toolchain and Build Dependencies
 ================================

-* [Building Environment on Linux](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Linux)
-* [Building Environment on Windows](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Windows)
-* [Building Environment on MacOS](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-OS-X)
+The following build tools must exist within your PATH:
+
+* cmake (>= 3.10.0)
+* make (>= 4.2) or ninja (>= 1.10)
+* g++ (>= 4.9) or clang++ (>= 6.0)
+* asciidoctor (>= 2.0)
+
+* Besides a working C++ toolchain, KeePassXC also has a number of direct build and runtime dependencies. For detailed information about how to install them, please refer to the GitHub wiki:
+
+* [Set up Build Environment on Linux](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Linux)
+* [Set up Build Environment on Windows](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Windows)
+* [Set up Build Environment on macOS](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-macOS)

 Build Steps
 ===========
 We recommend using the release tool to perform builds, please read up-to-date instructions [on our wiki](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC#building-using-the-release-tool).

-To compile from source, open a **Terminal (on Linux/MacOS)** or a **MSYS2-MinGW shell (on Windows)**<br/>
-**Note:** on Windows make sure you are using a **MINGW shell** by checking the label before the current path
+To compile from source, open a **Terminal (Linux/MacOS)**, the **MSVC Tools Command Prompt (Windows)**, or **MSYS2-MinGW shell (Windows)**. For code development on Windows, you can use Visual Studio 2022, Visual Studio Code, or CLion.

-First, download the KeePassXC [source tarball](https://keepassxc.org/download#source)
-or check out the latest version from our [Git repository](https://github.com/keepassxreboot/keepassxc).
+1. Download the KeePassXC [source tarball](https://keepassxc.org/download#source) or check out the latest version from our [Git repository](https://github.com/keepassxreboot/keepassxc).

-To clone the project from Git, `cd` to a suitable location and run
+   To clone the project from Git, `cd` to a suitable location and run

-```bash
-git clone https://github.com/keepassxreboot/keepassxc.git
-```
+   ```
+   git clone https://github.com/keepassxreboot/keepassxc.git
+   ```

-This will clone the entire contents of the repository and check out the current `develop` branch.
+   This will clone the entire contents of the repository and check out the current `develop` branch.

-To update the project from within the project's folder, you can run the following command:
+   To update the project from within the project's folder, you can run the following command:

-```bash
-git pull
-```
+   ```
+   git pull
+   ```

-For a stable build, it is recommended to checkout the master branch.
+   For a stable build, it is recommended to check out the `latest` tag.

-```bash
-git checkout master
-```
+   ```
+   git checkout latest
+   ```

-Navigate to the directory where you have downloaded KeePassXC and type these commands:
+2. Navigate to the directory where you have downloaded KeePassXC and run:
+
+   ```
+   mkdir build
+   cd build
+   cmake -DWITH_XC_ALL=ON ..
+   make
+   ```
+      
+If you have `vcpkg` installed, add `-DCMAKE_TOOLCHAIN_FILE=${VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake` to the `cmake` command to automatically download and install all required build and runtime dependencies locally to your build directory before compiling KeePassXC. Using `vcpkg` is the preferred way to install dependencies on macOS and required on Windows if using the MSVC toolchain.
+
+For more detailed build instructions for each platform, please refer to the [GitHub wiki](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC).
+
+Note: These steps place the compiled KeePassXC binary inside the `./build/src/` directory (`src/KeePassXC.app/Contents/MacOS` on macOS).
+
+## MacOS Build Notes
+
+If you installed Qt5 via Homebrew and CMake fails to find your Qt installation, you can specify it manually by adding the following parameter:
+
+`-DCMAKE_PREFIX_PATH=$(brew --prefix qt5)/lib/cmake`
+
+When building with ASAN support on macOS, you need to use `export ASAN_OPTIONS=detect_leaks=0` before running the tests (LSAN is no supported on macOS).
+
+## Windows Build Notes
+
+If you are using MSYS2, you have to add ```-G "MSYS Makefiles"``` at the beginning of the cmake command.
+
+CMake Configuration Options
+==========================
+
+## Recommended CMake Build Parameters

 ```
-cd directory-where-sources-live
-mkdir build
-cd build
-cmake -DWITH_XC_ALL=ON ..
-make
+-DCMAKE_VERBOSE_MAKEFILE=ON
+-DCMAKE_BUILD_TYPE=<RelWithDebInfo/Debug/Release>
+-DWITH_GUI_TESTS=ON
 ```

-If you are on Windows, you may have to add ```-G "MSYS Makefiles"``` to the beginning of the cmake command. See the [Windows Build Instructions](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC#windows) for more information.
+## Additional CMake Parameters

-These steps place the compiled KeePassXC binary inside the `./build/src/` directory.
-(Note the cmake notes/options below.)
+KeePassXC comes with a variety of build options that can turn on/off features. Most notably, we allow you to build the application with all TCP/IP networking code disabled. Please note that we still require and link against Qt5's network library in order to use local named pipes on all operating systems. Each of these build options are supplied at the time of calling cmake:

-**Cmake Notes:**
+```
+-DWITH_XC_AUTOTYPE=[ON|OFF] Enable/Disable Auto-Type (default: ON)
+-DWITH_XC_YUBIKEY=[ON|OFF] Enable/Disable YubiKey HMAC-SHA1 authentication support (default: OFF)
+-DWITH_XC_BROWSER=[ON|OFF] Enable/Disable KeePassXC-Browser extension support (default: OFF)
+-DWITH_XC_BROWSER_PASSKEYS=[ON|OFF] Enable/Disable Passkeys support for browser integration (default: OFF)
+-DWITH_XC_NETWORKING=[ON|OFF] Enable/Disable Networking support (e.g., favicon downloading) (default: OFF)
+-DWITH_XC_SSHAGENT=[ON|OFF] Enable/Disable SSHAgent support (default: OFF)
+-DWITH_XC_FDOSECRETS=[ON|OFF] (Linux Only) Enable/Disable Freedesktop.org Secrets Service support (default:OFF)
+-DWITH_XC_KEESHARE=[ON|OFF] Enable/Disable KeeShare group synchronization extension (default: OFF)
+-DWITH_XC_ALL=[ON|OFF] Enable/Disable compiling all plugins above (default: OFF)

-* Common cmake parameters
+-DWITH_XC_UPDATECHECK=[ON|OFF] Enable/Disable automatic updating checking (requires WITH_XC_NETWORKING) (default: ON)

-	```
-	-DCMAKE_INSTALL_PREFIX=/usr/local
-	-DCMAKE_VERBOSE_MAKEFILE=ON
-	-DCMAKE_BUILD_TYPE=<RelWithDebInfo/Debug/Release>
-	-DWITH_GUI_TESTS=ON
-	```
+-DWITH_TESTS=[ON|OFF] Enable/Disable building of unit tests (default: ON)
+-DWITH_GUI_TESTS=[ON|OFF] Enable/Disable building of GUI tests (default: OFF)
+-DWITH_DEV_BUILD=[ON|OFF] Enable/Disable deprecated method warnings (default: OFF)
+-DWITH_ASAN=[ON|OFF] Enable/Disable address sanitizer checks (Linux / macOS only) (default: OFF)
+-DWITH_COVERAGE=[ON|OFF] Enable/Disable coverage tests (GCC only) (default: OFF)
+-DWITH_APP_BUNDLE=[ON|OFF] Enable Application Bundle for macOS (default: ON)

-* cmake accepts the following options:
-
-	```
-	  -DWITH_XC_AUTOTYPE=[ON|OFF] Enable/Disable Auto-Type (default: ON)
-	  -DWITH_XC_YUBIKEY=[ON|OFF] Enable/Disable YubiKey HMAC-SHA1 authentication support (default: OFF)
-	  -DWITH_XC_BROWSER=[ON|OFF] Enable/Disable KeePassXC-Browser extension support (default: OFF)
-	  -DWITH_XC_NETWORKING=[ON|OFF] Enable/Disable Networking support (favicon download) (default: OFF)
-	  -DWITH_XC_SSHAGENT=[ON|OFF] Enable/Disable SSHAgent support (default: OFF)
-	  -DWITH_XC_KEESHARE=[ON|OFF] Enable/Disable KeeShare group syncronization extension (default: OFF)
-	  -DWITH_XC_TOUCHID=[ON|OFF] (macOS Only) Enable/Disable Touch ID unlock (default:OFF)
-	  -DWITH_XC_ALL=[ON|OFF] Enable/Disable compiling all plugins above (default: OFF)
-	  -DWITH_XC_KEESHARE_SECURE=[ON|OFF] Enable/Disable KeeShare secure containers, requires libquazip5 (default: OFF)
-	  -DWITH_TESTS=[ON|OFF] Enable/Disable building of unit tests (default: ON)
-	  -DWITH_GUI_TESTS=[ON|OFF] Enable/Disable building of GUI tests (default: OFF)
-	  -DWITH_DEV_BUILD=[ON|OFF] Enable/Disable deprecated method warnings (default: OFF)
-	  -DWITH_ASAN=[ON|OFF] Enable/Disable address sanitizer checks (Linux / macOS only) (default: OFF)
-	  -DWITH_COVERAGE=[ON|OFF] Enable/Disable coverage tests (GCC only) (default: OFF)
-	  -DWITH_APP_BUNDLE=[ON|OFF] Enable Application Bundle for macOS (default: ON)
-	```
-
-* If you are on MacOS you must add this parameter to **Cmake**, with the Qt version you have installed<br/> `-DCMAKE_PREFIX_PATH=/usr/local/Cellar/qt5/5.6.2/lib/cmake/`
-
-:exclamation: When building with ASan support on macOS, you need to use `export ASAN_OPTIONS=detect_leaks=0` before running the tests (no LSan support in macOS).
+-DKEEPASSXC_BUILD_TYPE=[Snapshot|PreRelease|Release] Set the build type to show/hide stability warnings (default: "Snapshot")
+-DKEEPASSXC_DIST_TYPE=[Snap|AppImage|Other] Specify the distribution method (default: "Other")
+-DOVERRIDE_VERSION=[X.X.X] Specify a version number when building. Used with snapshot builds (default: "")
+-DGIT_HEAD_OVERRIDE=[XXXXXXX] Specify the 7 digit git commit ref for this build. Used with distribution builds (default: "")
+```

 Installation
 ============

 After you have successfully built KeePassXC, install the binary by executing the following:

-```bash
+```
 sudo make install
 ```

-You can specify the destination dir with
-```
-DESTDIR=X
-```
-
-
 Packaging
 =========

-You can create a package to redistribute KeePassXC (zip, deb, rpm, dmg, etc..)
-```
-make package
-```
+You can create a package to redistribute KeePassXC (zip, deb, rpm, dmg, etc..). Refer to [keepassxc-packaging](https://github.com/keepassxreboot/keepassxc-packaging) for packaging scripts.

+To package using CMake, run the following command using whichever [generators](https://cmake.org/cmake/help/latest/manual/cpack-generators.7.html) you would like to package with.
+
+```
+cpack -G "ZIP;WIX"
+```

 Testing
 =======

-You can perform test on the executable
+You can perform tests on the built executables with:
 ```
-make test
+make test ARGS+="--output-on-failure"
+```
+
+On Linux, if you are not currently running on an X Server or Wayland, run the tests as follows:
+```
+make test ARGS+="-E test\(cli\|gui\) --output-on-failure"
+xvfb-run -e errors -a --server-args="-screen 0 1024x768x24" make test ARGS+="-R test\(cli\|gui\) --output-on-failure"
 ```

 Common parameters:
--- a/LICENSE.BOOST-1.0
+++ b/LICENSE.BOOST-1.0
@@ -1,23 +0,0 @@
-Boost Software License - Version 1.0 - August 17th, 2003
-
-Permission is hereby granted, free of charge, to any person or organization
-obtaining a copy of the software and accompanying documentation covered by
-this license (the "Software") to use, reproduce, display, distribute,
-execute, and transmit the Software, and to prepare derivative works of the
-Software, and to permit third-parties to whom the Software is furnished to
-do so, all subject to the following:
-
-The copyright notices in the Software and this entire statement, including
-the above license grant, this restriction and the following disclaimer,
-must be included in all copies of the Software, in whole or in part, and
-all derivative works of the Software, unless such copies or derivative
-works are solely in the form of machine-executable object code generated by
-a source language processor.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
-SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
-FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-DEALINGS IN THE SOFTWARE.
--- a/LICENSE.GPL-2
+++ b/LICENSE.GPL-2
@@ -1,12 +1,12 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991

 Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

-			    Preamble
+                            Preamble

  The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
@@ -56,7 +56,7 @@ patent must be licensed for everyone's free use or not licensed at all.
  The precise terms and conditions for copying, distribution and
 modification follow.

-		    GNU GENERAL PUBLIC LICENSE
+                    GNU GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

  0. This License applies to any program or other work which contains
@@ -255,7 +255,7 @@ make exceptions for this.  Our decision will be guided by the two goals
 of preserving the free status of all derivatives of our free software and
 of promoting the sharing and reuse of software generally.

-			    NO WARRANTY
+                            NO WARRANTY

  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
@@ -277,9 +277,9 @@ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.

-		     END OF TERMS AND CONDITIONS
+                     END OF TERMS AND CONDITIONS

-	    How to Apply These Terms to Your New Programs
+            How to Apply These Terms to Your New Programs

  If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
--- a/LICENSE.GPL-3
+++ b/LICENSE.GPL-3
@@ -1,12 +1,11 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007

-		    GNU GENERAL PUBLIC LICENSE
-		       Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

-			    Preamble
+                            Preamble

  The GNU General Public License is a free, copyleft license for
 software and other kinds of works.
@@ -69,7 +68,7 @@ patents cannot be used to render the program non-free.
  The precise terms and conditions for copying, distribution and
 modification follow.

-		       TERMS AND CONDITIONS
+                       TERMS AND CONDITIONS

  0. Definitions.

@@ -77,7 +76,7 @@ modification follow.

  "Copyright" also means copyright-like laws that apply to other kinds of
 works, such as semiconductor masks.
- 
+
  "The Program" refers to any copyrightable work licensed under this
 License.  Each licensee is addressed as "you".  "Licensees" and
 "recipients" may be individuals or organizations.
@@ -510,7 +509,7 @@ actual knowledge that, but for the patent license, your conveying the
 covered work in a country, or your recipient's use of the covered work
 in a country, would infringe one or more identifiable patents in that
 country that you have reason to believe are valid.
-  
+
  If, pursuant to or in connection with a single transaction or
 arrangement, you convey, or propagate by procuring conveyance of, a
 covered work, and grant a patent license to some of the parties
@@ -619,9 +618,9 @@ an absolute waiver of all civil liability in connection with the
 Program, unless a warranty or assumption of liability accompanies a
 copy of the Program in return for a fee.

-		     END OF TERMS AND CONDITIONS
+                     END OF TERMS AND CONDITIONS

-	    How to Apply These Terms to Your New Programs
+            How to Apply These Terms to Your New Programs

  If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
@@ -646,7 +645,7 @@ the "copyright" line and a pointer to where the full notice is found.
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.

 Also add information on how to contact you by electronic and paper mail.

@@ -665,12 +664,11 @@ might be different; for a GUI interface, you would use an "about box".
  You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
 For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
+<https://www.gnu.org/licenses/>.

  The GNU General Public License does not permit incorporating your program
 into proprietary programs.  If your program is a subroutine library, you
 may consider it more useful to permit linking proprietary applications with
 the library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.  But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.
-
+<https://www.gnu.org/licenses/why-not-lgpl.html>.
--- a/LICENSE.LGPL-2.1
+++ b/LICENSE.LGPL-2.1
@@ -55,7 +55,7 @@ modified by someone else and passed on, the recipients should know
 that what they have is not the original version, so that the original
 author's reputation will not be affected by problems that might be
 introduced by others.
-
+
  Finally, software patents pose a constant threat to the existence of
 any free program.  We wish to make sure that a company cannot
 effectively restrict the users of a free program by obtaining a
@@ -111,7 +111,7 @@ modification follow.  Pay close attention to the difference between a
 "work based on the library" and a "work that uses the library".  The
 former contains code derived from the library, whereas the latter must
 be combined with the library in order to run.
-
+
                  GNU LESSER GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

@@ -158,7 +158,7 @@ Library.
  You may charge a fee for the physical act of transferring a copy,
 and you may at your option offer warranty protection in exchange for a
 fee.
-
+
  2. You may modify your copy or copies of the Library or any portion
 of it, thus forming a work based on the Library, and copy and
 distribute such modifications or work under the terms of Section 1
@@ -216,7 +216,7 @@ instead of to this License.  (If a newer version than version 2 of the
 ordinary GNU General Public License has appeared, then you can specify
 that version instead if you wish.)  Do not make any other change in
 these notices.
-
+
  Once this change is made in a given copy, it is irreversible for
 that copy, so the ordinary GNU General Public License applies to all
 subsequent copies and derivative works made from that copy.
@@ -267,7 +267,7 @@ Library will still fall under Section 6.)
 distribute the object code for the work under the terms of Section 6.
 Any executables containing that work also fall under Section 6,
 whether or not they are linked directly with the Library itself.
-
+
  6. As an exception to the Sections above, you may also combine or
 link a "work that uses the Library" with the Library to produce a
 work containing portions of the Library, and distribute that work
@@ -329,7 +329,7 @@ restrictions of other proprietary libraries that do not normally
 accompany the operating system.  Such a contradiction means you cannot
 use both them and the Library together in an executable that you
 distribute.
-
+
  7. You may place library facilities that are a work based on the
 Library side-by-side in a single library together with other library
 facilities not covered by this License, and distribute such a combined
@@ -370,7 +370,7 @@ subject to these terms and conditions.  You may not impose any further
 restrictions on the recipients' exercise of the rights granted herein.
 You are not responsible for enforcing compliance by third parties with
 this License.
-
+
  11. If, as a consequence of a court judgment or allegation of patent
 infringement or for any other reason (not limited to patent issues),
 conditions are imposed on you (whether by court order, agreement or
@@ -422,7 +422,7 @@ conditions either of that version or of any later version published by
 the Free Software Foundation.  If the Library does not specify a
 license version number, you may choose any version ever published by
 the Free Software Foundation.
-
+
  14. If you wish to incorporate parts of the Library into other free
 programs whose distribution conditions are incompatible with these,
 write to the author to ask for permission.  For software which is
@@ -456,7 +456,7 @@ SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.

                     END OF TERMS AND CONDITIONS
-
+
           How to Apply These Terms to Your New Libraries

  If you develop a new library, and you want it to be of the greatest
--- a/LICENSE.LGPL-3
+++ b/LICENSE.LGPL-3
@@ -1,7 +1,7 @@
                   GNU LESSER GENERAL PUBLIC LICENSE
                       Version 3, 29 June 2007

- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

--- a/LICENSE.OFL
+++ b/LICENSE.OFL
@@ -0,0 +1,96 @@
+Copyright (c) 2014, Austin Andrews (http://materialdesignicons.com/),
+with Reserved Font Name Material Design Icons.
+Copyright (c) 2014, Google (http://www.google.com/design/)
+uses the license at https://github.com/google/material-design-icons/blob/master/LICENSE
+
+This Font Software is licensed under the SIL Open Font License, Version 1.1.
+This license is copied below, and is also available with a FAQ at:
+http://scripts.sil.org/OFL
+
+
+-----------------------------------------------------------
+SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
+-----------------------------------------------------------
+
+PREAMBLE
+The goals of the Open Font License (OFL) are to stimulate worldwide
+development of collaborative font projects, to support the font creation
+efforts of academic and linguistic communities, and to provide a free and
+open framework in which fonts may be shared and improved in partnership
+with others.
+
+The OFL allows the licensed fonts to be used, studied, modified and
+redistributed freely as long as they are not sold by themselves. The
+fonts, including any derivative works, can be bundled, embedded, 
+redistributed and/or sold with any software provided that any reserved
+names are not used by derivative works. The fonts and derivatives,
+however, cannot be released under any other type of license. The
+requirement for fonts to remain under this license does not apply
+to any document created using the fonts or their derivatives.
+
+DEFINITIONS
+"Font Software" refers to the set of files released by the Copyright
+Holder(s) under this license and clearly marked as such. This may
+include source files, build scripts and documentation.
+
+"Reserved Font Name" refers to any names specified as such after the
+copyright statement(s).
+
+"Original Version" refers to the collection of Font Software components as
+distributed by the Copyright Holder(s).
+
+"Modified Version" refers to any derivative made by adding to, deleting,
+or substituting -- in part or in whole -- any of the components of the
+Original Version, by changing formats or by porting the Font Software to a
+new environment.
+
+"Author" refers to any designer, engineer, programmer, technical
+writer or other person who contributed to the Font Software.
+
+PERMISSION & CONDITIONS
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of the Font Software, to use, study, copy, merge, embed, modify,
+redistribute, and sell modified and unmodified copies of the Font
+Software, subject to the following conditions:
+
+1) Neither the Font Software nor any of its individual components,
+in Original or Modified Versions, may be sold by itself.
+
+2) Original or Modified Versions of the Font Software may be bundled,
+redistributed and/or sold with any software, provided that each copy
+contains the above copyright notice and this license. These can be
+included either as stand-alone text files, human-readable headers or
+in the appropriate machine-readable metadata fields within text or
+binary files as long as those fields can be easily viewed by the user.
+
+3) No Modified Version of the Font Software may use the Reserved Font
+Name(s) unless explicit written permission is granted by the corresponding
+Copyright Holder. This restriction only applies to the primary font name as
+presented to the users.
+
+4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
+Software shall not be used to promote, endorse or advertise any
+Modified Version, except to acknowledge the contribution(s) of the
+Copyright Holder(s) and the Author(s) or with their explicit written
+permission.
+
+5) The Font Software, modified or unmodified, in part or in whole,
+must be distributed entirely under this license, and must not be
+distributed under any other license. The requirement for fonts to
+remain under this license does not apply to any document created
+using the Font Software.
+
+TERMINATION
+This license becomes null and void if any of the above conditions are
+not met.
+
+DISCLAIMER
+THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
+DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
+OTHER DEALINGS IN THE FONT SOFTWARE.
--- a/README.md
+++ b/README.md
@@ -1,56 +1,61 @@
-# <img src="https://keepassxc.org/logo.png" width="40" height="40"/> KeePassXC
-[![TeamCity Build Status](https://ci.keepassxc.org/app/rest/builds/buildType:\(project:KeepassXC\)/statusIcon)](https://ci.keepassxc.org/?guest=1) [![codecov](https://codecov.io/gh/keepassxreboot/keepassxc/branch/develop/graph/badge.svg)](https://codecov.io/gh/keepassxreboot/keepassxc)
+# <img src="https://keepassxc.org/assets/img/keepassxc.svg" width="40" height="40"/> KeePassXC
+[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/6326/badge)](https://bestpractices.coreinfrastructure.org/projects/6326)
+[![TeamCity Build Status](https://ci.keepassxc.org/app/rest/builds/buildType:\(project:KeepassXC\)/statusIcon)](https://ci.keepassxc.org/?guest=1)
+[![codecov](https://codecov.io/gh/keepassxreboot/keepassxc/branch/develop/graph/badge.svg)](https://codecov.io/gh/keepassxreboot/keepassxc)
+[![GitHub release](https://img.shields.io/github/release/keepassxreboot/keepassxc)](https://github.com/keepassxreboot/keepassxc/releases/)

-## About KeePassXC
-[KeePassXC](https://keepassxc.org) is a cross-platform community fork of
-[KeePassX](https://www.keepassx.org/).
-Our goal is to extend and improve it with new features and bugfixes
-to provide a feature-rich, fully cross-platform and modern
-open-source password manager.
+[![Matrix community channel](https://img.shields.io/matrix/keepassxc:matrix.org?label=Community%20channel)](https://app.element.io/#/room/#keepassxc:mozilla.org)
+[![Matrix development channel](https://img.shields.io/matrix/keepassxc-dev:matrix.org?label=Development%20channel)](https://app.element.io/#/room/#keepassxc-dev:mozilla.org)

-## Installation
-The [KeePassXC QuickStart](./docs/QUICKSTART.md) gets you started using
-KeePassXC on your Windows, Mac, or Linux computer using pre-compiled binaries
-from the [downloads page](https://keepassxc.org/download).
+[KeePassXC](https://keepassxc.org) is a modern, secure, and open-source password manager that stores and manages your most sensitive information. You can run KeePassXC on Windows, macOS, and Linux systems. KeePassXC is for people with extremely high demands of secure personal data management. It saves many different types of information, such as usernames, passwords, URLs, attachments, and notes in an offline, encrypted file that can be stored in any location, including private and public cloud solutions. For easy identification and management, user-defined titles and icons can be specified for entries. In addition, entries are sorted into customizable groups. An integrated search function allows you to use advanced patterns to easily find any entry in your database. A customizable, fast, and easy-to-use password generator utility allows you to create passwords with any combination of characters or easy to remember passphrases.

-Additionally, individual Linux distributions may ship their own versions,
-so please check out your distribution's package list to see if KeePassXC is available.
+## Quick Start
+The [QuickStart Guide](https://keepassxc.org/docs/KeePassXC_GettingStarted.html) gets you started using KeePassXC on your Windows, macOS, or Linux computer using pre-compiled binaries from the [downloads page](https://keepassxc.org/download). Additionally, individual Linux distributions may ship their own versions, so please check your distribution's package list to see if KeePassXC is available. Detailed documentation is available in the [User Guide](https://keepassxc.org/docs/KeePassXC_UserGuide.html).

-## Additional features compared to KeePassX
- Auto-Type on all three major platforms (Linux, Windows, macOS)
- Twofish encryption
- YubiKey challenge-response support
- TOTP generation
- CSV import
- Command line interface
- DEP and ASLR hardening
- Stand-alone password and passphrase generator
- Password strength meter
- Using website favicons as entry icons
- Merging of databases
- Automatic reload when the database changed on disk
- Browser integration with KeePassXC-Browser using [native messaging](https://developer.chrome.com/extensions/nativeMessaging) for [Mozilla Firefox](https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser/) and [Google Chrome or Chromium](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk)
- Synchronize passwords using KeeShare. See [Using Sharing](./docs/QUICKSTART.md#using-sharing) for more details.
- Many bug fixes
+## Features List
+KeePassXC has numerous features for novice and power users alike. Our goal is to create an application that can be used by anyone while still offering advanced features to those that need them.

-For a full list of features and changes, read the [CHANGELOG](CHANGELOG) document.
+### Basic
+* Create, open, and save databases in the KDBX format (KeePass-compatible with KDBX4 and KDBX3)
+* Store sensitive information in entries that are organized by groups
+* Search for entries
+* Password generator
+* Auto-Type passwords into applications
+* Browser integration with Google Chrome, Mozilla Firefox, Microsoft Edge, Chromium, Vivaldi, Brave, and Tor-Browser
+* Support for passkeys using the browser integration
+* Entry icon download
+* Import databases from CSV, 1Password, Bitwarden, Proton Pass, and KeePass1 formats
+
+### Advanced
+* Database reports (password health, HIBP, and statistics)
+* Database export to CSV, XML, and HTML formats
+* TOTP storage and generation
+* Field references between entries
+* File attachments and custom attributes
+* Entry history and data restoration
+* YubiKey/OnlyKey challenge-response support
+* Command line interface (keepassxc-cli)
+* Auto-Open databases
+* KeeShare shared databases (import, export, and synchronize)
+* SSH Agent integration
+* FreeDesktop.org Secret Service (replace Gnome keyring, etc.)
+* Additional encryption choices: Twofish and ChaCha20
+
+For a full list of changes, read the [CHANGELOG](CHANGELOG.md) document. \
+For a full list of keyboard shortcuts, see [KeyboardShortcuts.adoc](./docs/topics/KeyboardShortcuts.adoc)

 ## Building KeePassXC

-Detailed instructions are available in the [Build and Install](./INSTALL.md)
-page or on the [Wiki page](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC).
+Detailed instructions are available in the [Build and Install](./INSTALL.md) page and in the [Wiki](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC).

 ## Contributing

-We are always looking for suggestions how to improve our application.
-If you find any bugs or have an idea for a new feature, please let us know by
-opening a report in our [issue tracker](https://github.com/keepassxreboot/keepassxc/issues)
-on GitHub or join us on IRC on freenode channels #keepassxc or #keepassxc-dev.
+We are always looking for suggestions on how to improve KeePassXC. If you find any bugs or have an idea for a new feature, please let us know by opening a report in the [issue tracker](https://github.com/keepassxreboot/keepassxc/issues) on GitHub, or join us on [Matrix community channel](https://matrix.to/#/!zUxwGnFkUyycpxeHeM:matrix.org?via=matrix.org) or [Matrix development channel](https://matrix.to/#/!RhJPJPGwQIFVQeXqZa:matrix.org?via=matrix.org), or on IRC in [Libera.Chat](https://web.libera.chat/) channels #keepassxc and #keepassxc-dev.

-You can of course also directly contribute your own code. We are happy to accept your pull requests.
+You may directly contribute your own code by submitting a pull request. Please read the [CONTRIBUTING](.github/CONTRIBUTING.md) document for further information.

-Please read the [CONTRIBUTING document](.github/CONTRIBUTING.md) for further information.
+Contributors are required to adhere to the project's [Code of Conduct](CODE-OF-CONDUCT.md).

 ## License

-GPL-2 or GPL-3
+KeePassXC code is licensed under GPL-2 or GPL-3. Additional licensing for third-party files is detailed in [COPYING](./COPYING).
--- a/ci/trusty/Dockerfile
+++ b/ci/trusty/Dockerfile
@@ -1,95 +0,0 @@
-# KeePassXC Linux Release Build Dockerfile
-# Copyright (C) 2017 KeePassXC team <https://keepassxc.org/>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 2 or (at your option)
-# version 3 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-# TIP: check this Dockerfile using this online tool: https://www.fromlatest.io
-
-FROM ubuntu:14.04
-
-ENV REBUILD_COUNTER=5
-
-ENV QT5_VERSION=qt53
-ENV QT5_PPA_VERSION=${QT5_VERSION}2
-ENV TERM=xterm-256color
-
-RUN set -x \
-     && apt-get update -y \
-     && apt-get -y install software-properties-common
-
-RUN set -x \
-    && add-apt-repository ppa:beineri/opt-${QT5_PPA_VERSION}-trusty \
-    && add-apt-repository ppa:phoerious/keepassxc
-
-RUN set -x \
-    && apt-get -y update \
-    && apt-get -y --no-install-recommends install \
-        build-essential \
-        clang-3.6 \
-        libclang-common-3.6-dev \
-        clang-format-3.6 \
-        llvm-3.6 \
-        cmake3 \
-        make \
-        libgcrypt20-18-dev \
-        libargon2-0-dev \
-        libsodium-dev \
-        libcurl-no-gcrypt-dev \
-        ${QT5_VERSION}base \
-        ${QT5_VERSION}tools \
-        ${QT5_VERSION}x11extras \
-        ${QT5_VERSION}translations \
-        ${QT5_VERSION}svg \
-        zlib1g-dev \
-        libyubikey-dev \
-        libykpers-1-dev \
-        # ubuntu:14.04 has no quazip (it's optional)
-        # libquazip5-dev \
-        libxi-dev \
-        libxtst-dev \
-        libqrencode-dev \
-        xclip \
-        xvfb
-
-ENV PATH="/opt/${QT5_VERSION}/bin:${PATH}"
-ENV CMAKE_PREFIX_PATH="/opt/${QT5_VERSION}/lib/cmake"
-ENV CMAKE_INCLUDE_PATH="/opt/keepassxc-libs/include"
-ENV CMAKE_LIBRARY_PATH="/opt/keepassxc-libs/lib/x86_64-linux-gnu"
-ENV CPATH="${CMAKE_INCLUDE_PATH}"
-ENV LD_LIBRARY_PATH="${CMAKE_LIBRARY_PATH}:/opt/${QT5_VERSION}/lib"
-
-RUN set -x \
-    && echo "/opt/${QT5_VERSION}/lib" > /etc/ld.so.conf.d/${QT5_VERSION}.conf \
-    && echo "/opt/keepassxc-libs/lib/x86_64-linux-gnu" > /etc/ld.so.conf.d/keepassxc.conf
-
-# AppImage dependencies
-RUN set -x \
-    && apt-get install -y \
-        curl \
-        libfuse2
-
-RUN set -x \
-    && curl -L "https://github.com/linuxdeploy/linuxdeploy/releases/download/continuous/linuxdeploy-x86_64.AppImage" > /usr/bin/linuxdeploy \
-    && curl -L "https://github.com/linuxdeploy/linuxdeploy-plugin-qt/releases/download/continuous/linuxdeploy-plugin-qt-x86_64.AppImage" > /usr/bin/linuxdeploy-plugin-qt \
-    && curl -L "https://github.com/AppImage/AppImageKit/releases/download/continuous/appimagetool-x86_64.AppImage" > /usr/bin/appimagetool \
-    && chmod +x /usr/bin/linuxdeploy \
-    && chmod +x /usr/bin/linuxdeploy-plugin-qt \
-    && chmod +x /usr/bin/appimagetool
-
-RUN set -x \
-    && apt-get autoremove --purge \
-    && rm -rf /var/lib/apt/lists/*
-
-VOLUME ["/keepassxc"]
-WORKDIR /keepassxc
--- a/cmake/CLangFormat.cmake
+++ b/cmake/CLangFormat.cmake
@@ -15,50 +15,45 @@

 set(EXCLUDED_DIRS
        # third-party directories
-        src/zxcvbn/
+        src/thirdparty
        # objective-c directories
-        src/touchid/
-        src/autotype/mac/
-        src/gui/macutils/)
+        src/touchid
+        src/autotype/mac
+        src/gui/osutils/macutils)

 set(EXCLUDED_FILES
        # third-party files
-        streams/qtiocompressor.cpp
-        streams/qtiocompressor.h
-        gui/KMessageWidget.h
-        gui/KMessageWidget.cpp
-        gui/MainWindowAdaptor.h
-        gui/MainWindowAdaptor.cpp
-        crypto/ssh/bcrypt_pbkdf.cpp
-        crypto/ssh/blf.h
-        crypto/ssh/blowfish.c
-        tests/modeltest.cpp
-        tests/modeltest.h
+        src/streams/qtiocompressor.\\*
+        src/gui/KMessageWidget.\\*
+        src/gui/MainWindowAdaptor.\\*
+        src/gui/tag/TagsEdit.\\*
+        tests/modeltest.\\*
        # objective-c files
-        core/ScreenLockListenerMac.h
-        core/ScreenLockListenerMac.cpp)
+        src/core/ScreenLockListenerMac.\\*)

-file(GLOB_RECURSE ALL_SOURCE_FILES RELATIVE ${CMAKE_SOURCE_DIR} src/*.cpp src/*.h tests/*.cpp tests/*.h)
-foreach(SOURCE_FILE ${ALL_SOURCE_FILES})
-    foreach(EXCLUDED_DIR ${EXCLUDED_DIRS})
-        string(FIND ${SOURCE_FILE} ${EXCLUDED_DIR} SOURCE_FILE_EXCLUDED)
-        if(NOT ${SOURCE_FILE_EXCLUDED} EQUAL -1)
-            list(REMOVE_ITEM ALL_SOURCE_FILES ${SOURCE_FILE})
-        endif()
-    endforeach()
-    foreach(EXCLUDED_FILE ${EXCLUDED_FILES})
-        if(${SOURCE_FILE} MATCHES ".*${EXCLUDED_FILE}$")
-            list(REMOVE_ITEM ALL_SOURCE_FILES ${SOURCE_FILE})
-        endif()
-    endforeach()
+set(FIND_EXCLUDE_DIR_EXPR "")
+foreach(EXCLUDE ${EXCLUDED_DIRS})
+    list(APPEND FIND_EXCLUDE_DIR_EXPR -o -path "${EXCLUDE}" -prune)
 endforeach()

+set(FIND_EXCLUDE_FILE_EXPR "")
+foreach(EXCLUDE ${EXCLUDED_FILES})
+    if(FIND_EXCLUDE_FILE_EXPR)
+        list(APPEND FIND_EXCLUDE_FILE_EXPR -o)
+    endif()
+    list(APPEND FIND_EXCLUDE_FILE_EXPR -path "${EXCLUDE}")
+endforeach()
+if(FIND_EXCLUDE_FILE_EXPR)
+    set(FIND_EXCLUDE_FILE_EXPR -a -not "\\(" ${FIND_EXCLUDE_FILE_EXPR} "\\)")
+endif()
+
 add_custom_target(format)
-foreach(SOURCE_FILE ${ALL_SOURCE_FILES})
-    add_custom_command(
-            TARGET format
-            PRE_BUILD
-            COMMAND echo Formatting ${SOURCE_FILE}
-            COMMAND clang-format -style=file -i \"${SOURCE_FILE}\"
-            WORKING_DIRECTORY ${CMAKE_SOURCE_DIR})
-endforeach()
+
+add_custom_command(
+        TARGET format
+        PRE_BUILD
+        COMMAND find src tests "\\(" -name "\\*.h" -o -name "\\*.cpp" ${FIND_EXCLUDE_DIR_EXPR} "\\)"
+            ${FIND_EXCLUDE_FILE_EXPR} -type f -print0 | xargs -0 -P0 -n10 clang-format -style=file -i
+
+        COMMENT "Formatting source files..."
+        WORKING_DIRECTORY ${CMAKE_SOURCE_DIR})
--- a/cmake/CodeCoverage.cmake
+++ b/cmake/CodeCoverage.cmake
@@ -1,4 +1,5 @@
 # Copyright (c) 2012 - 2017, Lars Bilke
+# Copyright (c) 2021 KeePassXC Team
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without modification,
@@ -25,279 +26,218 @@
 # ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-# CHANGES:
-#
-# 2012-01-31, Lars Bilke
-# - Enable Code Coverage
-#
-# 2013-09-17, Joakim Söderberg
-# - Added support for Clang.
-# - Some additional usage instructions.
-#
-# 2016-02-03, Lars Bilke
-# - Refactored functions to use named parameters
-#
-# 2017-06-02, Lars Bilke
-# - Merged with modified version from github.com/ufz/ogs
-#
-#
-# USAGE:
-#
-# 1. Copy this file into your cmake modules path.
-#
-# 2. Add the following line to your CMakeLists.txt:
-#      include(CodeCoverage)
-#
-# 3. Append necessary compiler flags:
-#      APPEND_COVERAGE_COMPILER_FLAGS()
-#
-# 4. If you need to exclude additional directories from the report, specify them
-#    using the COVERAGE_LCOV_EXCLUDES variable before calling SETUP_TARGET_FOR_COVERAGE_LCOV.
-#    Example:
-#      set(COVERAGE_LCOV_EXCLUDES 'dir1/*' 'dir2/*')
-#
-# 5. Use the functions described below to create a custom make target which
-#    runs your test executable and produces a code coverage report.
-#
-# 6. Build a Debug build:
-#      cmake -DCMAKE_BUILD_TYPE=Debug ..
-#      make
-#      make my_coverage_target
-#

 include(CMakeParseArguments)

 # Check prereqs
-find_program( GCOV_PATH gcov )
-find_program( LCOV_PATH  NAMES lcov lcov.bat lcov.exe lcov.perl)
-find_program( GENHTML_PATH NAMES genhtml genhtml.perl genhtml.bat )
-find_program( GCOVR_PATH gcovr PATHS ${CMAKE_SOURCE_DIR}/scripts/test)
-find_program( SIMPLE_PYTHON_EXECUTABLE python )
+find_program(GCOV_PATH gcov)
+find_program(LLVM_COV_PATH llvm-cov)
+find_program(LLVM_PROFDATA_PATH llvm-profdata)
+find_program(XCRUN_PATH xcrun)
+find_program(GENHTML_PATH NAMES genhtml genhtml.perl genhtml.bat)
+find_program(GCOVR_PATH gcovr PATHS ${CMAKE_SOURCE_DIR}/scripts/test)

-if(NOT GCOV_PATH)
-    message(FATAL_ERROR "gcov not found! Aborting...")
-endif() # NOT GCOV_PATH
-
-if("${CMAKE_CXX_COMPILER_ID}" MATCHES "(Apple)?[Cc]lang")
-    if("${CMAKE_CXX_COMPILER_VERSION}" VERSION_LESS 3)
-        message(FATAL_ERROR "Clang version must be 3.0.0 or greater! Aborting...")
-    endif()
-elseif(NOT CMAKE_COMPILER_IS_GNUCXX)
-    message(FATAL_ERROR "Compiler is not GNU gcc! Aborting...")
+set(COVERAGE_COMPILER_FLAGS "-g -O0" CACHE INTERNAL "")
+if(CMAKE_COMPILER_IS_GNUCXX)
+    set(COVERAGE_COMPILER_FLAGS "${COVERAGE_COMPILER_FLAGS} --coverage -fprofile-arcs -ftest-coverage")
+elseif(CMAKE_COMPILER_IS_CLANGXX)
+    set(COVERAGE_COMPILER_FLAGS "${COVERAGE_COMPILER_FLAGS} -fprofile-instr-generate -fcoverage-mapping")
 endif()

-set(COVERAGE_COMPILER_FLAGS "-g -O0 --coverage -fprofile-arcs -ftest-coverage"
-    CACHE INTERNAL "")
+set(CMAKE_COVERAGE_FORMAT
+    "html" "xml"
+    CACHE STRING "Coverage report output format.")
+set_property(CACHE CMAKE_COVERAGE_FORMAT PROPERTY STRINGS "html" "txt")

 set(CMAKE_CXX_FLAGS_COVERAGE
    ${COVERAGE_COMPILER_FLAGS}
-    CACHE STRING "Flags used by the C++ compiler during coverage builds."
-    FORCE )
+    CACHE STRING "Flags used by the C++ compiler during coverage builds.")
 set(CMAKE_C_FLAGS_COVERAGE
    ${COVERAGE_COMPILER_FLAGS}
-    CACHE STRING "Flags used by the C compiler during coverage builds."
-    FORCE )
+    CACHE STRING "Flags used by the C compiler during coverage builds.")
 set(CMAKE_EXE_LINKER_FLAGS_COVERAGE
    ""
-    CACHE STRING "Flags used for linking binaries during coverage builds."
-    FORCE )
+    CACHE STRING "Flags used for linking binaries during coverage builds.")
 set(CMAKE_SHARED_LINKER_FLAGS_COVERAGE
    ""
-    CACHE STRING "Flags used by the shared libraries linker during coverage builds."
-    FORCE )
+    CACHE STRING "Flags used by the shared libraries linker during coverage builds.")
 mark_as_advanced(
+    CMAKE_COVERAGE_FORMAT
    CMAKE_CXX_FLAGS_COVERAGE
    CMAKE_C_FLAGS_COVERAGE
    CMAKE_EXE_LINKER_FLAGS_COVERAGE
-    CMAKE_SHARED_LINKER_FLAGS_COVERAGE )
+    CMAKE_SHARED_LINKER_FLAGS_COVERAGE)

-if(NOT CMAKE_BUILD_TYPE STREQUAL "Debug")
+if(NOT CMAKE_BUILD_TYPE_LOWER STREQUAL "debug")
    message(WARNING "Code coverage results with an optimised (non-Debug) build may be misleading")
 endif() # NOT CMAKE_BUILD_TYPE STREQUAL "Debug"

-if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
+if(CMAKE_COMPILER_IS_GNUCXX)
+    if(NOT GCOV_PATH)
+        message(FATAL_ERROR "gcov not found! Aborting...")
+    endif() # NOT GCOV_PATH
    link_libraries(gcov)
-else()
-    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} --coverage")
 endif()

-# Defines a target for running and collection code coverage information
-# Builds dependencies, runs the given executable and outputs reports.
-# NOTE! The executable should always have a ZERO as exit code otherwise
-# the coverage generation will not complete.
-#
-# SETUP_TARGET_FOR_COVERAGE_LCOV(
-#     NAME testrunner_coverage                    # New target name
-#     EXECUTABLE testrunner -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
-#     DEPENDENCIES testrunner                     # Dependencies to build first
-# )
-function(SETUP_TARGET_FOR_COVERAGE_LCOV)
-
-    set(options NONE)
-    set(oneValueArgs NAME)
-    set(multiValueArgs EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES)
-    cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
-
-    if(NOT LCOV_PATH)
-        message(FATAL_ERROR "lcov not found! Aborting...")
-    endif() # NOT LCOV_PATH
-
-    if(NOT GENHTML_PATH)
-        message(FATAL_ERROR "genhtml not found! Aborting...")
-    endif() # NOT GENHTML_PATH
-
-    # Setup target
-    add_custom_target(${Coverage_NAME}
-
-        # Cleanup lcov
-        COMMAND ${LCOV_PATH} --gcov-tool ${GCOV_PATH} -directory . --zerocounters
-        # Create baseline to make sure untouched files show up in the report
-        COMMAND ${LCOV_PATH} --gcov-tool ${GCOV_PATH} -c -i -d . -o ${Coverage_NAME}.base
-
-        # Run tests
-        COMMAND ${Coverage_EXECUTABLE}
-
-        # Capturing lcov counters and generating report
-        COMMAND ${LCOV_PATH} --gcov-tool ${GCOV_PATH} --directory . --capture --output-file ${Coverage_NAME}.info
-        # add baseline counters
-        COMMAND ${LCOV_PATH} --gcov-tool ${GCOV_PATH} -a ${Coverage_NAME}.base -a ${Coverage_NAME}.info --output-file ${Coverage_NAME}.total
-        COMMAND ${LCOV_PATH} --gcov-tool ${GCOV_PATH} --remove ${Coverage_NAME}.total ${COVERAGE_LCOV_EXCLUDES} --output-file ${PROJECT_BINARY_DIR}/${Coverage_NAME}.info.cleaned
-        COMMAND ${GENHTML_PATH} -o ${Coverage_NAME} ${PROJECT_BINARY_DIR}/${Coverage_NAME}.info.cleaned
-        COMMAND ${CMAKE_COMMAND} -E remove ${Coverage_NAME}.base ${Coverage_NAME}.total ${PROJECT_BINARY_DIR}/${Coverage_NAME}.info.cleaned
-
-        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
-        DEPENDS ${Coverage_DEPENDENCIES}
-        COMMENT "Resetting code coverage counters to zero.\nProcessing code coverage counters and generating report."
-    )
-
-    # Show where to find the lcov info report
-    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
-        COMMAND ;
-        COMMENT "Lcov code coverage info report saved in ${Coverage_NAME}.info."
-    )
-
-    # Show info where to find the report
-    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
-        COMMAND ;
-        COMMENT "Open ./${Coverage_NAME}/index.html in your browser to view the coverage report."
-    )
-
-endfunction() # SETUP_TARGET_FOR_COVERAGE_LCOV

 # Defines a target for running and collection code coverage information
 # Builds dependencies, runs the given executable and outputs reports.
 # NOTE! The executable should always have a ZERO as exit code otherwise
 # the coverage generation will not complete.
 #
-# SETUP_TARGET_FOR_COVERAGE_GCOVR_XML(
+# SETUP_TARGET_FOR_COVERAGE_GCOVR(
 #     NAME ctest_coverage                    # New target name
 #     EXECUTABLE ctest -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
 #     DEPENDENCIES executable_target         # Dependencies to build first
 # )
-function(SETUP_TARGET_FOR_COVERAGE_GCOVR_XML)
+function(SETUP_TARGET_FOR_COVERAGE_GCOVR)

    set(options NONE)
-    set(oneValueArgs NAME)
+    set(oneValueArgs NAME SOURCES_ROOT)
    set(multiValueArgs EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES)
    cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})

-    if(NOT SIMPLE_PYTHON_EXECUTABLE)
-        message(FATAL_ERROR "python not found! Aborting...")
-    endif() # NOT SIMPLE_PYTHON_EXECUTABLE
-
    if(NOT GCOVR_PATH)
        message(FATAL_ERROR "gcovr not found! Aborting...")
    endif() # NOT GCOVR_PATH

    # Combine excludes to several -e arguments
    set(GCOVR_EXCLUDES "")
-    foreach(EXCLUDE ${COVERAGE_GCOVR_EXCLUDES})
+    foreach(EXCLUDE ${COVERAGE_EXCLUDES})
        list(APPEND GCOVR_EXCLUDES "-e")
        list(APPEND GCOVR_EXCLUDES "${EXCLUDE}")
    endforeach()

    add_custom_target(${Coverage_NAME}
        # Run tests
-        ${Coverage_EXECUTABLE}
+        COMMAND ctest -C $<CONFIG> $ENV{ARGS} $$ARGS

-        # Running gcovr
-        COMMAND ${GCOVR_PATH} --xml
-            -r ${PROJECT_SOURCE_DIR} ${GCOVR_EXCLUDES}
-            --object-directory=${PROJECT_BINARY_DIR}
-            -o ${Coverage_NAME}.xml
        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
        DEPENDS ${Coverage_DEPENDENCIES}
-        COMMENT "Running gcovr to produce Cobertura code coverage report."
    )

-    # Show info where to find the report
-    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
-        COMMAND ;
-        COMMENT "Cobertura code coverage report saved in ${Coverage_NAME}.xml."
-    )
+    if("html" IN_LIST CMAKE_COVERAGE_FORMAT)
+        add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+            # Create folder
+            COMMAND ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/${Coverage_NAME}-html

-endfunction() # SETUP_TARGET_FOR_COVERAGE_GCOVR_XML
+            # Running gcovr HTML
+            COMMAND ${GCOVR_PATH} --html --html-details
+                -r ${Coverage_SOURCES_ROOT} ${GCOVR_EXCLUDES}
+                --object-directory=${PROJECT_BINARY_DIR}
+                --exclude-unreachable-branches --exclude-throw-branches
+                -o ${Coverage_NAME}-html/index.html
+            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+            COMMENT "Running gcovr to produce HTML code coverage report ${Coverage_NAME}-html."
+        )
+    endif()
+
+    if("xml" IN_LIST CMAKE_COVERAGE_FORMAT)
+        add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+            # Running gcovr TXT
+            COMMAND ${GCOVR_PATH} --xml
+                -r ${Coverage_SOURCES_ROOT} ${GCOVR_EXCLUDES}
+                --object-directory=${PROJECT_BINARY_DIR}
+                --exclude-unreachable-branches --exclude-throw-branches
+                -o ${Coverage_NAME}.xml
+            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+            COMMENT "Running gcovr to produce XML code coverage report ${Coverage_NAME}.xml."
+        )
+    endif()
+
+    if("txt" IN_LIST CMAKE_COVERAGE_FORMAT)
+        add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+            # Running gcovr TXT
+            COMMAND ${GCOVR_PATH}
+                -r ${Coverage_SOURCES_ROOT} ${GCOVR_EXCLUDES}
+                --object-directory=${PROJECT_BINARY_DIR}
+                --exclude-unreachable-branches --exclude-throw-branches
+                -o ${Coverage_NAME}.txt
+            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+            COMMENT "Running gcovr to produce TXT code coverage report ${Coverage_NAME}.txt."
+        )
+    endif()
+
+endfunction() # SETUP_TARGET_FOR_COVERAGE_GCOVR

 # Defines a target for running and collection code coverage information
 # Builds dependencies, runs the given executable and outputs reports.
 # NOTE! The executable should always have a ZERO as exit code otherwise
 # the coverage generation will not complete.
 #
-# SETUP_TARGET_FOR_COVERAGE_GCOVR_HTML(
+# SETUP_TARGET_FOR_COVERAGE_LLVM(
 #     NAME ctest_coverage                    # New target name
 #     EXECUTABLE ctest -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
 #     DEPENDENCIES executable_target         # Dependencies to build first
 # )
-function(SETUP_TARGET_FOR_COVERAGE_GCOVR_HTML)
+function(SETUP_TARGET_FOR_COVERAGE_LLVM)

    set(options NONE)
-    set(oneValueArgs NAME)
-    set(multiValueArgs EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES)
+    set(oneValueArgs NAME SOURCES_ROOT PROF_FILE)
+    set(multiValueArgs EXECUTABLE BINARY EXECUTABLE_ARGS DEPENDENCIES)
    cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})

-    if(NOT SIMPLE_PYTHON_EXECUTABLE)
-        message(FATAL_ERROR "python not found! Aborting...")
-    endif() # NOT SIMPLE_PYTHON_EXECUTABLE
+    if(XCRUN_PATH)
+        set(LLVM_COV_PATH ${XCRUN_PATH} llvm-cov)
+        set(LLVM_PROFDATA_PATH ${XCRUN_PATH} llvm-profdata)
+    else()
+        if(NOT LLVM_COV_PATH)
+            message(FATAL_ERROR "llvm-cov not found! Aborting...")
+        endif() # NOT LLVM_COV_PATH
+        if(NOT LLVM_PROFDATA_PATH)
+            message(FATAL_ERROR "llvm-profdata not found! Aborting...")
+        endif() # NOT LLVM_PROFDATA_PATH
+    endif() # XCRUN_PATH

-    if(NOT GCOVR_PATH)
-        message(FATAL_ERROR "gcovr not found! Aborting...")
-    endif() # NOT GCOVR_PATH
+    set(LLVM_PROFILE_DIR ${PROJECT_BINARY_DIR}/llvm_profile)
+    file(REMOVE_RECURSE ${LLVM_PROFILE_DIR})

-    # Combine excludes to several -e arguments
-    set(GCOVR_EXCLUDES "")
-    foreach(EXCLUDE ${COVERAGE_GCOVR_EXCLUDES})
-        list(APPEND GCOVR_EXCLUDES "-e")
-        list(APPEND GCOVR_EXCLUDES "${EXCLUDE}")
+    set(COV_EXCLUDES "")
+    foreach(EXCLUDE ${COVERAGE_EXCLUDES})
+        list(APPEND COV_EXCLUDES "-ignore-filename-regex=${EXCLUDE}")
    endforeach()

+    list(GET Coverage_BINARY 0 COV_BINARY)
+    if(Coverage_BINARY)
+        list(REMOVE_AT Coverage_BINARY 0)
+        foreach(BIN ${Coverage_BINARY})
+            list(APPEND COV_BINARY -object ${BIN})
+        endforeach()
+    endif()
+
    add_custom_target(${Coverage_NAME}
-        # Run tests
-        ${Coverage_EXECUTABLE}
+        COMMAND ${CMAKE_COMMAND} -E env LLVM_PROFILE_FILE=${LLVM_PROFILE_DIR}/profile-%p.profraw ctest -C $<CONFIG> $$ARGS

-        # Create folder
-        COMMAND ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/${Coverage_NAME}
+        COMMAND ${LLVM_PROFDATA_PATH} merge -sparse ${LLVM_PROFILE_DIR}/* -o coverage.profdata
+            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+            DEPENDS ${Coverage_DEPENDENCIES})

-        # Running gcovr
-        COMMAND ${GCOVR_PATH} --html --html-details
-            -r ${PROJECT_SOURCE_DIR} ${GCOVR_EXCLUDES}
-            --object-directory=${PROJECT_BINARY_DIR}
-            -o ${Coverage_NAME}/index.html
-        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
-        DEPENDS ${Coverage_DEPENDENCIES}
-        COMMENT "Running gcovr to produce HTML code coverage report."
-    )
+    if("html" IN_LIST CMAKE_COVERAGE_FORMAT)
+        add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+            COMMAND ${LLVM_COV_PATH} show -instr-profile=coverage.profdata ${COV_BINARY}
+                --format=html --output-dir=${Coverage_NAME}-html ${COV_EXCLUDES} ${Coverage_SOURCES_ROOT}
+            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+            COMMENT "Running llvm-cov to produce HTML code coverage report ${Coverage_NAME}-html")
+    endif()

-    # Show info where to find the report
-    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
-        COMMAND ;
-        COMMENT "Open ./${Coverage_NAME}/index.html in your browser to view the coverage report."
-    )
+    if("xml" IN_LIST CMAKE_COVERAGE_FORMAT)
+        message(WARNING "XML coverage report format not supported for llvm-cov")
+    endif()
+
+    if("txt" IN_LIST CMAKE_COVERAGE_FORMAT)
+        add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+            COMMAND ${LLVM_COV_PATH} show -instr-profile=coverage.profdata ${COV_BINARY}
+                --format=text ${COV_EXCLUDES} ${Coverage_SOURCES_ROOT} > ${Coverage_NAME}.txt
+
+            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+            COMMENT "Running llvm-cov to produce TXT code coverage report ${Coverage_NAME}.txt.")
+    endif()
+
+endfunction() # SETUP_TARGET_FOR_COVERAGE_LLVM

-endfunction() # SETUP_TARGET_FOR_COVERAGE_GCOVR_HTML

 function(APPEND_COVERAGE_COMPILER_FLAGS)
+    message(STATUS "Appending code coverage compiler flags: ${COVERAGE_COMPILER_FLAGS}")
    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${COVERAGE_COMPILER_FLAGS}" PARENT_SCOPE)
    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${COVERAGE_COMPILER_FLAGS}" PARENT_SCOPE)
-    message(STATUS "Appending code coverage compiler flags: ${COVERAGE_COMPILER_FLAGS}")
-endfunction() # APPEND_COVERAGE_COMPILER_FLAGS
+endfunction() # APPEND_COVERAGE_COMPILER_FLAGS
--- a/cmake/FindArgon2.cmake
+++ b/cmake/FindArgon2.cmake
@@ -1,36 +0,0 @@
-#  Copyright (C) 2017 KeePassXC Team
-#
-#  This program is free software: you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation, either version 2 or (at your option)
-#  version 3 of the License.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-find_path(ARGON2_INCLUDE_DIR argon2.h)
-if(MINGW)
-    # find static library on Windows, and redefine used symbols to
-    # avoid definition name conflicts with libsodium
-    find_library(ARGON2_SYS_LIBRARIES libargon2.a)
-    message(STATUS "Patching libargon2...\n")
-    execute_process(COMMAND objcopy
-            --redefine-sym argon2_hash=libargon2_argon2_hash
-            --redefine-sym _argon2_hash=_libargon2_argon2_hash
-            --redefine-sym argon2_error_message=libargon2_argon2_error_message
-            --redefine-sym _argon2_error_message=_libargon2_argon2_error_message
-            ${ARGON2_SYS_LIBRARIES} ${CMAKE_BINARY_DIR}/libargon2_patched.a
-            WORKING_DIRECTORY ${CMAKE_BINARY_DIR})
-    find_library(ARGON2_LIBRARIES libargon2_patched.a PATHS ${CMAKE_BINARY_DIR} NO_DEFAULT_PATH)
-else()
-    find_library(ARGON2_LIBRARIES argon2)
-endif()
-mark_as_advanced(ARGON2_LIBRARIES ARGON2_INCLUDE_DIR)
-
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(Argon2 DEFAULT_MSG ARGON2_LIBRARIES ARGON2_INCLUDE_DIR)
--- a/cmake/FindBotan.cmake
+++ b/cmake/FindBotan.cmake
@@ -0,0 +1,65 @@
+# - Find botan
+# Find the botan cryptographic library
+#
+# This module defines the following variables:
+#   BOTAN_FOUND  -  True if library and include directory are found
+# If set to TRUE, the following are also defined:
+#   BOTAN_INCLUDE_DIRS  -  The directory where to find the header file
+#   BOTAN_LIBRARIES  -  Where to find the library files
+#
+# This file is in the public domain (https://github.com/vistle/vistle/blob/master/cmake/Modules/FindBOTAN.cmake)
+
+include(FindPackageHandleStandardArgs)
+
+set(BOTAN_VERSIONS botan-3 botan-2)
+set(BOTAN_NAMES botan-3 botan-2 botan)
+set(BOTAN_NAMES_DEBUG botand-3 botand-2 botand botan botan-3)
+
+find_path(
+    BOTAN_INCLUDE_DIR
+    NAMES botan/build.h
+    PATH_SUFFIXES ${BOTAN_VERSIONS}
+    DOC "The Botan include directory")
+if(BOTAN_INCLUDE_DIR)
+    file(READ "${BOTAN_INCLUDE_DIR}/botan/build.h" build)
+    string(REGEX MATCH "BOTAN_VERSION_MAJOR ([0-9]*)" _ ${build})
+    set(BOTAN_VERSION_MAJOR ${CMAKE_MATCH_1})
+    string(REGEX MATCH "BOTAN_VERSION_MINOR ([0-9]*)" _ ${build})
+    set(BOTAN_VERSION_MINOR ${CMAKE_MATCH_1})
+    string(REGEX MATCH "BOTAN_VERSION_PATCH ([0-9]*)" _ ${build})
+    set(BOTAN_VERSION_PATCH ${CMAKE_MATCH_1})
+    set(BOTAN_VERSION "${BOTAN_VERSION_MAJOR}.${BOTAN_VERSION_MINOR}.${BOTAN_VERSION_PATCH}")
+endif()
+
+find_library(
+    BOTAN_LIBRARY
+    NAMES ${BOTAN_NAMES}
+    PATH_SUFFIXES release/lib lib
+    DOC "The Botan (release) library")
+if(WIN32 AND NOT MINGW)
+    find_library(
+        BOTAN_LIBRARY_DEBUG
+        NAMES ${BOTAN_NAMES_DEBUG}
+        PATH_SUFFIXES debug/lib lib
+        DOC "The Botan debug library")
+    find_package_handle_standard_args(
+        Botan
+        REQUIRED_VARS BOTAN_LIBRARY BOTAN_LIBRARY_DEBUG BOTAN_INCLUDE_DIR
+        VERSION_VAR BOTAN_VERSION)
+else()
+    find_package_handle_standard_args(
+        Botan
+        REQUIRED_VARS BOTAN_LIBRARY BOTAN_INCLUDE_DIR
+        VERSION_VAR BOTAN_VERSION)
+endif()
+
+if(BOTAN_FOUND)
+    set(BOTAN_INCLUDE_DIRS ${BOTAN_INCLUDE_DIR})
+    if(WIN32 AND NOT MINGW)
+        set(BOTAN_LIBRARIES optimized ${BOTAN_LIBRARY} debug ${BOTAN_LIBRARY_DEBUG})
+    else()
+        set(BOTAN_LIBRARIES ${BOTAN_LIBRARY})
+    endif()
+endif()
+
+mark_as_advanced(BOTAN_INCLUDE_DIR BOTAN_LIBRARY BOTAN_LIBRARY_DEBUG)
--- a/cmake/FindGcrypt.cmake
+++ b/cmake/FindGcrypt.cmake
@@ -1,31 +0,0 @@
-#  Copyright (C) 2011 Felix Geyer <debfx@fobos.de>
-#
-#  This program is free software: you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation, either version 2 or (at your option)
-#  version 3 of the License.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-find_path(GCRYPT_INCLUDE_DIR gcrypt.h)
-
-find_library(GCRYPT_LIBRARIES gcrypt)
-
-mark_as_advanced(GCRYPT_LIBRARIES GCRYPT_INCLUDE_DIR)
-
-if(GCRYPT_INCLUDE_DIR AND EXISTS "${GCRYPT_INCLUDE_DIR}/gcrypt.h")
-    file(STRINGS "${GCRYPT_INCLUDE_DIR}/gcrypt.h" GCRYPT_H REGEX "^#define GCRYPT_VERSION \"[^\"]*\"$")
-    string(REGEX REPLACE "^.*GCRYPT_VERSION \"([0-9]+).*$" "\\1" GCRYPT_VERSION_MAJOR "${GCRYPT_H}")
-    string(REGEX REPLACE "^.*GCRYPT_VERSION \"[0-9]+\\.([0-9]+).*$" "\\1" GCRYPT_VERSION_MINOR "${GCRYPT_H}")
-    string(REGEX REPLACE "^.*GCRYPT_VERSION \"[0-9]+\\.[0-9]+\\.([0-9]+).*$" "\\1" GCRYPT_VERSION_PATCH "${GCRYPT_H}")
-    set(GCRYPT_VERSION_STRING "${GCRYPT_VERSION_MAJOR}.${GCRYPT_VERSION_MINOR}.${GCRYPT_VERSION_PATCH}")
-endif()
-
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(Gcrypt DEFAULT_MSG GCRYPT_LIBRARIES GCRYPT_INCLUDE_DIR)
--- a/cmake/FindMinizip.cmake
+++ b/cmake/FindMinizip.cmake
@@ -0,0 +1,9 @@
+# MINIZIP_FOUND                   - Minizip library was found
+# MINIZIP_INCLUDE_DIR             - Path to Minizip include dir
+# MINIZIP_LIBRARIES               - List of Minizip libraries
+
+find_library(MINIZIP_LIBRARIES NAMES minizip libminizip)
+find_path(MINIZIP_INCLUDE_DIR zip.h PATH_SUFFIXES minizip)
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(Minizip DEFAULT_MSG MINIZIP_LIBRARIES MINIZIP_INCLUDE_DIR)
--- a/cmake/FindPCSC.cmake
+++ b/cmake/FindPCSC.cmake
@@ -0,0 +1,61 @@
+#  Copyright (C) 2021 KeePassXC Team <team@keepassxc.org>
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 or (at your option)
+#  version 3 of the License.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Use pkgconfig on Linux
+if(NOT WIN32)
+   find_package(PkgConfig QUIET)
+   pkg_check_modules(PCSC libpcsclite)
+endif()
+
+if(NOT PCSC_FOUND)
+   # Search for PC/SC headers on Mac and Windows
+
+   # Additional search paths for Windows if not running in Visual Studio environment
+   if (WIN32) 
+      # Resolve the ambiguity of using two names for one architecture
+      if(CMAKE_SYSTEM_PROCESSOR STREQUAL "AMD64" OR CMAKE_SYSTEM_PROCESSOR STREQUAL "x64")
+         set(ARCH_DIR "x64")
+      else()
+         set(ARCH_DIR "${CMAKE_SYSTEM_PROCESSOR}")
+      endif()
+
+      # Locate Windows SDK Paths
+      if (CMAKE_WINDOWS_KITS_10_DIR)
+         set(WINSDKROOTC_INCLUDE "${CMAKE_WINDOWS_KITS_10_DIR}/Include/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um")
+         set(WINSDKROOTC_LIB     "${CMAKE_WINDOWS_KITS_10_DIR}/LIB/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um/${ARCH_DIR}")
+      else()
+         set(WINSDKROOTC_INCLUDE "$ENV{ProgramFiles\(x86\)}/Windows Kits/10/Include/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um")
+         set(WINSDKROOTC_LIB     "$ENV{ProgramFiles\(x86\)}/Windows Kits/10/LIB/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um/${ARCH_DIR}")
+      endif()
+   endif()
+
+   find_path(PCSC_INCLUDE_DIRS winscard.h
+      HINTS
+         ${CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES}
+         /usr/include/PCSC
+         ${WINSDKROOTC_INCLUDE}
+      PATH_SUFFIXES PCSC)
+
+   # MAC library is PCSC, Windows library is WinSCard
+   find_library(PCSC_LIBRARIES NAMES pcsclite libpcsclite WinSCard PCSC
+      HINTS   
+         ${CMAKE_C_IMPLICIT_LINK_DIRECTORIES}
+         ${WINSDKROOTC_LIB})
+endif()
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(PCSC DEFAULT_MSG PCSC_LIBRARIES PCSC_INCLUDE_DIRS)
+
+mark_as_advanced(PCSC_LIBRARIES PCSC_INCLUDE_DIRS)
--- a/cmake/FindQREncode.cmake
+++ b/cmake/FindQREncode.cmake
@@ -13,8 +13,15 @@
 #  You should have received a copy of the GNU General Public License
 #  along with this program.  If not, see <http://www.gnu.org/licenses/>.

-find_path(QRENCODE_INCLUDE_DIR qrencode.h)
-find_library(QRENCODE_LIBRARY qrencode)
+find_path(QRENCODE_INCLUDE_DIR NAMES qrencode.h)
+
+if(WIN32 AND NOT MINGW)
+	find_library(QRENCODE_LIBRARY_RELEASE qrencode)
+	find_library(QRENCODE_LIBRARY_DEBUG qrencoded)
+	set(QRENCODE_LIBRARY optimized ${QRENCODE_LIBRARY_RELEASE} debug ${QRENCODE_LIBRARY_DEBUG})
+else()
+	find_library(QRENCODE_LIBRARY qrencode)
+endif()

 mark_as_advanced(QRENCODE_LIBRARY QRENCODE_INCLUDE_DIR)

--- a/cmake/FindQuaZip.cmake
+++ b/cmake/FindQuaZip.cmake
@@ -1,41 +0,0 @@
-# QUAZIP_FOUND               - QuaZip library was found
-# QUAZIP_INCLUDE_DIR         - Path to QuaZip include dir
-# QUAZIP_INCLUDE_DIRS        - Path to QuaZip and zlib include dir (combined from QUAZIP_INCLUDE_DIR + ZLIB_INCLUDE_DIR)
-# QUAZIP_LIBRARIES           - List of QuaZip libraries
-# QUAZIP_ZLIB_INCLUDE_DIR    - The include dir of zlib headers
-
-IF(QUAZIP_INCLUDE_DIRS AND QUAZIP_LIBRARIES)
-  # in cache already
-  SET(QUAZIP_FOUND TRUE)
-ELSE(QUAZIP_INCLUDE_DIRS AND QUAZIP_LIBRARIES)
-    IF(Qt5Core_FOUND)
-        set(QUAZIP_LIB_VERSION_SUFFIX 5)
-    ENDIF()
-  IF(WIN32)
-    FIND_PATH(QUAZIP_LIBRARY_DIR
-      WIN32_DEBUG_POSTFIX d
-      NAMES libquazip${QUAZIP_LIB_VERSION_SUFFIX}.dll
-      HINTS "C:/Programme/" "C:/Program Files"
-      PATH_SUFFIXES QuaZip/lib
-    )
-    FIND_LIBRARY(QUAZIP_LIBRARIES NAMES libquazip${QUAZIP_LIB_VERSION_SUFFIX}.dll HINTS ${QUAZIP_LIBRARY_DIR})
-    FIND_PATH(QUAZIP_INCLUDE_DIR NAMES quazip.h HINTS ${QUAZIP_LIBRARY_DIR}/../ PATH_SUFFIXES include/quazip5)
-    FIND_PATH(QUAZIP_ZLIB_INCLUDE_DIR NAMES zlib.h)
-  ELSE(WIN32)
-    FIND_PACKAGE(PkgConfig)
-    pkg_check_modules(PC_QUAZIP quazip)
-    FIND_LIBRARY(QUAZIP_LIBRARIES
-      WIN32_DEBUG_POSTFIX d
-      NAMES quazip${QUAZIP_LIB_VERSION_SUFFIX}
-      HINTS /usr/lib /usr/lib64
-    )
-    FIND_PATH(QUAZIP_INCLUDE_DIR quazip.h
-      HINTS /usr/include /usr/local/include
-      PATH_SUFFIXES quazip${QUAZIP_LIB_VERSION_SUFFIX}
-    )
-    FIND_PATH(QUAZIP_ZLIB_INCLUDE_DIR zlib.h HINTS /usr/include /usr/local/include)
-  ENDIF(WIN32)
-  INCLUDE(FindPackageHandleStandardArgs)
-  SET(QUAZIP_INCLUDE_DIRS ${QUAZIP_INCLUDE_DIR} ${QUAZIP_ZLIB_INCLUDE_DIR})
-  find_package_handle_standard_args(QUAZIP DEFAULT_MSG  QUAZIP_LIBRARIES QUAZIP_INCLUDE_DIR QUAZIP_ZLIB_INCLUDE_DIR QUAZIP_INCLUDE_DIRS)
-ENDIF(QUAZIP_INCLUDE_DIRS AND QUAZIP_LIBRARIES)
--- a/cmake/FindReadline.cmake
+++ b/cmake/FindReadline.cmake
@@ -0,0 +1,49 @@
+# Code copied from sethhall@github
+#
+# - Try to find readline include dirs and libraries
+#
+# Usage of this module as follows:
+#
+#     find_package(Readline)
+#
+# Variables used by this module, they can change the default behaviour and need
+# to be set before calling find_package:
+#
+#  Readline_ROOT_DIR         Set this variable to the root installation of
+#                            readline if the module has problems finding the
+#                            proper installation path.
+#
+# Variables defined by this module:
+#
+#  READLINE_FOUND            System has readline, include and lib dirs found
+#  Readline_INCLUDE_DIR      The readline include directories.
+#  Readline_LIBRARY          The readline library.
+
+find_path(Readline_ROOT_DIR
+    NAMES include/readline/readline.h
+)
+
+find_path(Readline_INCLUDE_DIR
+    NAMES readline/readline.h
+    HINTS ${Readline_ROOT_DIR}/include
+)
+
+find_library(Readline_LIBRARY
+    NAMES readline
+    HINTS ${Readline_ROOT_DIR}/lib
+)
+
+if(Readline_INCLUDE_DIR AND Readline_LIBRARY AND Ncurses_LIBRARY)
+  set(READLINE_FOUND TRUE)
+else(Readline_INCLUDE_DIR AND Readline_LIBRARY AND Ncurses_LIBRARY)
+  find_library(Readline_LIBRARY NAMES readline)
+  include(FindPackageHandleStandardArgs)
+  find_package_handle_standard_args(Readline DEFAULT_MSG Readline_INCLUDE_DIR Readline_LIBRARY )
+  mark_as_advanced(Readline_INCLUDE_DIR Readline_LIBRARY)
+endif(Readline_INCLUDE_DIR AND Readline_LIBRARY AND Ncurses_LIBRARY)
+
+mark_as_advanced(
+    Readline_ROOT_DIR
+    Readline_INCLUDE_DIR
+    Readline_LIBRARY
+)
--- a/cmake/FindYubiKey.cmake
+++ b/cmake/FindYubiKey.cmake
@@ -1,27 +0,0 @@
-#  Copyright (C) 2014 Kyle Manna <kyle@kylemanna.com>
-#
-#  This program is free software: you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation, either version 2 or (at your option)
-#  version 3 of the License.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-find_path(YUBIKEY_CORE_INCLUDE_DIR yubikey.h)
-find_path(YUBIKEY_PERS_INCLUDE_DIR ykcore.h PATH_SUFFIXES ykpers-1)
-set(YUBIKEY_INCLUDE_DIRS ${YUBIKEY_CORE_INCLUDE_DIR} ${YUBIKEY_PERS_INCLUDE_DIR})
-
-find_library(YUBIKEY_CORE_LIBRARY NAMES yubikey.dll libyubikey.so yubikey)
-find_library(YUBIKEY_PERS_LIBRARY NAMES ykpers-1.dll libykpers-1.so ykpers-1)
-set(YUBIKEY_LIBRARIES ${YUBIKEY_CORE_LIBRARY} ${YUBIKEY_PERS_LIBRARY})
-
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(YubiKey DEFAULT_MSG YUBIKEY_LIBRARIES YUBIKEY_INCLUDE_DIRS)
-
-mark_as_advanced(YUBIKEY_LIBRARIES YUBIKEY_INCLUDE_DIRS)
--- a/cmake/Findsodium.cmake
+++ b/cmake/Findsodium.cmake
@@ -1,267 +0,0 @@
-# Written in 2016 by Henrik Steffen Gaßmann <henrik@gassmann.onl>
-#
-# To the extent possible under law, the author(s) have dedicated all
-# copyright and related and neighboring rights to this software to the
-# public domain worldwide. This software is distributed without any warranty.
-#
-# You should have received a copy of the CC0 Public Domain Dedication
-# along with this software. If not, see
-#
-#     http://creativecommons.org/publicdomain/zero/1.0/
-#
-########################################################################
-# Tries to find the local libsodium installation.
-#
-# On Windows the sodium_DIR environment variable is used as a default
-# hint which can be overridden by setting the corresponding cmake variable.
-#
-# Once done the following variables will be defined:
-#
-#   sodium_FOUND
-#   sodium_INCLUDE_DIR
-#   sodium_LIBRARY_DEBUG
-#   sodium_LIBRARY_RELEASE
-#
-#
-# Furthermore an imported "sodium" target is created.
-#
-
-if (CMAKE_C_COMPILER_ID STREQUAL "GNU"
-    OR CMAKE_C_COMPILER_ID STREQUAL "Clang")
-    set(_GCC_COMPATIBLE 1)
-endif()
-
-# static library option
-option(sodium_USE_STATIC_LIBS "enable to statically link against sodium")
-if(NOT (sodium_USE_STATIC_LIBS EQUAL sodium_USE_STATIC_LIBS_LAST))
-    unset(sodium_LIBRARY CACHE)
-    unset(sodium_LIBRARY_DEBUG CACHE)
-    unset(sodium_LIBRARY_RELEASE CACHE)
-    unset(sodium_DLL_DEBUG CACHE)
-    unset(sodium_DLL_RELEASE CACHE)
-    set(sodium_USE_STATIC_LIBS_LAST ${sodium_USE_STATIC_LIBS} CACHE INTERNAL "internal change tracking variable")
-endif()
-
-
-########################################################################
-# UNIX
-if (UNIX)
-    # import pkg-config
-    find_package(PkgConfig QUIET)
-    if (PKG_CONFIG_FOUND)
-        pkg_check_modules(sodium_PKG QUIET libsodium)
-    endif()
-
-    if(sodium_USE_STATIC_LIBS)
-        set(XPREFIX sodium_PKG_STATIC)
-    else()
-        set(XPREFIX sodium_PKG)
-    endif()
-
-    find_path(sodium_INCLUDE_DIR sodium.h
-        HINTS ${${XPREFIX}_INCLUDE_DIRS}
-    )
-    find_library(sodium_LIBRARY_DEBUG NAMES ${${XPREFIX}_LIBRARIES} sodium
-        HINTS ${${XPREFIX}_LIBRARY_DIRS}
-    )
-    find_library(sodium_LIBRARY_RELEASE NAMES ${${XPREFIX}_LIBRARIES} sodium
-        HINTS ${${XPREFIX}_LIBRARY_DIRS}
-    )
-
-
-########################################################################
-# Windows
-elseif (WIN32)
-    set(sodium_DIR "$ENV{sodium_DIR}" CACHE FILEPATH "sodium install directory")
-    mark_as_advanced(sodium_DIR)
-
-    find_path(sodium_INCLUDE_DIR sodium.h
-        HINTS ${sodium_DIR}
-        PATH_SUFFIXES include
-    )
-
-    if (MSVC)
-        # detect target architecture
-        file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/arch.c" [=[
-            #if defined _M_IX86
-            #error ARCH_VALUE x86_32
-            #elif defined _M_X64
-            #error ARCH_VALUE x86_64
-            #endif
-            #error ARCH_VALUE unknown
-        ]=])
-        try_compile(_UNUSED_VAR "${CMAKE_CURRENT_BINARY_DIR}" "${CMAKE_CURRENT_BINARY_DIR}/arch.c"
-            OUTPUT_VARIABLE _COMPILATION_LOG
-        )
-        string(REGEX REPLACE ".*ARCH_VALUE ([a-zA-Z0-9_]+).*" "\\1" _TARGET_ARCH "${_COMPILATION_LOG}")
-
-        # construct library path
-        if (_TARGET_ARCH STREQUAL "x86_32")
-            string(APPEND _PLATFORM_PATH "Win32")
-        elseif(_TARGET_ARCH STREQUAL "x86_64")
-            string(APPEND _PLATFORM_PATH "x64")
-        else()
-            message(FATAL_ERROR "the ${_TARGET_ARCH} architecture is not supported by Findsodium.cmake.")
-        endif()
-        string(APPEND _PLATFORM_PATH "/$$CONFIG$$")
-
-        if (MSVC_VERSION LESS 1900)
-            math(EXPR _VS_VERSION "${MSVC_VERSION} / 10 - 60")
-        else()
-            math(EXPR _VS_VERSION "${MSVC_VERSION} / 10 - 50")
-        endif()
-        string(APPEND _PLATFORM_PATH "/v${_VS_VERSION}")
-
-        if (sodium_USE_STATIC_LIBS)
-            string(APPEND _PLATFORM_PATH "/static")
-        else()
-            string(APPEND _PLATFORM_PATH "/dynamic")
-        endif()
-
-        string(REPLACE "$$CONFIG$$" "Debug" _DEBUG_PATH_SUFFIX "${_PLATFORM_PATH}")
-        string(REPLACE "$$CONFIG$$" "Release" _RELEASE_PATH_SUFFIX "${_PLATFORM_PATH}")
-
-        find_library(sodium_LIBRARY_DEBUG libsodium.lib
-            HINTS ${sodium_DIR}
-            PATH_SUFFIXES ${_DEBUG_PATH_SUFFIX}
-        )
-        find_library(sodium_LIBRARY_RELEASE libsodium.lib
-            HINTS ${sodium_DIR}
-            PATH_SUFFIXES ${_RELEASE_PATH_SUFFIX}
-        )
-        if (NOT sodium_USE_STATIC_LIBS)
-            set(CMAKE_FIND_LIBRARY_SUFFIXES ".dll")
-            find_library(sodium_DLL_DEBUG libsodium
-                HINTS ${sodium_DIR}
-                PATH_SUFFIXES ${_DEBUG_PATH_SUFFIX}
-            )
-            find_library(sodium_DLL_RELEASE libsodium
-                HINTS ${sodium_DIR}
-                PATH_SUFFIXES ${_RELEASE_PATH_SUFFIX}
-            )
-        endif()
-
-    elseif(_GCC_COMPATIBLE)
-        if (sodium_USE_STATIC_LIBS)
-            find_library(sodium_LIBRARY_DEBUG libsodium.a
-                HINTS ${sodium_DIR}
-                PATH_SUFFIXES lib
-            )
-            find_library(sodium_LIBRARY_RELEASE libsodium.a
-                HINTS ${sodium_DIR}
-                PATH_SUFFIXES lib
-            )
-        else()
-            find_library(sodium_LIBRARY_DEBUG libsodium.dll.a
-                HINTS ${sodium_DIR}
-                PATH_SUFFIXES lib
-            )
-            find_library(sodium_LIBRARY_RELEASE libsodium.dll.a
-                HINTS ${sodium_DIR}
-                PATH_SUFFIXES lib
-            )
-
-            file(GLOB _DLL
-                LIST_DIRECTORIES false
-                RELATIVE "${sodium_DIR}/bin"
-                "${sodium_DIR}/bin/libsodium*.dll"
-            )
-            find_library(sodium_DLL_DEBUG ${_DLL} libsodium
-                HINTS ${sodium_DIR}
-                PATH_SUFFIXES bin
-            )
-            find_library(sodium_DLL_RELEASE ${_DLL} libsodium
-                HINTS ${sodium_DIR}
-                PATH_SUFFIXES bin
-            )
-        endif()
-    else()
-        message(FATAL_ERROR "this platform is not supported by FindSodium.cmake")
-    endif()
-
-
-########################################################################
-# unsupported
-else()
-    message(FATAL_ERROR "this platform is not supported by FindSodium.cmake")
-endif()
-
-
-########################################################################
-# common stuff
-
-# extract sodium version
-if (sodium_INCLUDE_DIR)
-    set(_VERSION_HEADER "${_INCLUDE_DIR}/sodium/version.h")
-    if (EXISTS _VERSION_HEADER)
-        file(READ "${_VERSION_HEADER}" _VERSION_HEADER_CONTENT)
-        string(REGEX REPLACE ".*#[ \t]*define[ \t]*SODIUM_VERSION_STRING[ \t]*\"([^\n]*)\".*" "\\1"
-            sodium_VERSION "${_VERSION_HEADER_CONTENT}")
-        set(sodium_VERSION "${sodium_VERSION}" PARENT_SCOPE)
-    endif()
-endif()
-
-# communicate results
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(sodium
-    REQUIRED_VARS
-        sodium_LIBRARY_RELEASE
-        sodium_LIBRARY_DEBUG
-        sodium_INCLUDE_DIR
-    VERSION_VAR
-        sodium_VERSION
-)
-
-# mark file paths as advanced
-mark_as_advanced(sodium_INCLUDE_DIR)
-mark_as_advanced(sodium_LIBRARY_DEBUG)
-mark_as_advanced(sodium_LIBRARY_RELEASE)
-if (WIN32)
-    mark_as_advanced(sodium_DLL_DEBUG)
-    mark_as_advanced(sodium_DLL_RELEASE)
-endif()
-
-# create imported target
-if(sodium_USE_STATIC_LIBS)
-    set(_LIB_TYPE STATIC)
-else()
-    set(_LIB_TYPE SHARED)
-endif()
-add_library(sodium ${_LIB_TYPE} IMPORTED)
-
-set_target_properties(sodium PROPERTIES
-    INTERFACE_INCLUDE_DIRECTORIES "${sodium_INCLUDE_DIR}"
-    IMPORTED_LINK_INTERFACE_LANGUAGES "C"
-)
-
-if (sodium_USE_STATIC_LIBS)
-    set_target_properties(sodium PROPERTIES
-        INTERFACE_COMPILE_DEFINITIONS "SODIUM_STATIC"
-        IMPORTED_LOCATION "${sodium_LIBRARY_RELEASE}"
-        IMPORTED_LOCATION_DEBUG "${sodium_LIBRARY_DEBUG}"
-    )
-else()
-    if (UNIX)
-        set_target_properties(sodium PROPERTIES
-            IMPORTED_LOCATION "${sodium_LIBRARY_RELEASE}"
-            IMPORTED_LOCATION_DEBUG "${sodium_LIBRARY_DEBUG}"
-        )
-    elseif (WIN32)
-        set_target_properties(sodium PROPERTIES
-            IMPORTED_IMPLIB "${sodium_LIBRARY_RELEASE}"
-            IMPORTED_IMPLIB_DEBUG "${sodium_LIBRARY_DEBUG}"
-        )
-        if (NOT (sodium_DLL_DEBUG MATCHES ".*-NOTFOUND"))
-            set_target_properties(sodium PROPERTIES
-                IMPORTED_LOCATION_DEBUG "${sodium_DLL_DEBUG}"
-            )
-        endif()
-        if (NOT (sodium_DLL_RELEASE MATCHES ".*-NOTFOUND"))
-            set_target_properties(sodium PROPERTIES
-                IMPORTED_LOCATION_RELWITHDEBINFO "${sodium_DLL_RELEASE}"
-                IMPORTED_LOCATION_MINSIZEREL "${sodium_DLL_RELEASE}"
-                IMPORTED_LOCATION_RELEASE "${sodium_DLL_RELEASE}"
-            )
-        endif()
-    endif()
-endif()
--- a/cmake/GNUInstallDirs.cmake
+++ b/cmake/GNUInstallDirs.cmake
@@ -1,188 +0,0 @@
-# - Define GNU standard installation directories
-# Provides install directory variables as defined for GNU software:
-#  http://www.gnu.org/prep/standards/html_node/Directory-Variables.html
-# Inclusion of this module defines the following variables:
-#  CMAKE_INSTALL_<dir>      - destination for files of a given type
-#  CMAKE_INSTALL_FULL_<dir> - corresponding absolute path
-# where <dir> is one of:
-#  BINDIR           - user executables (bin)
-#  SBINDIR          - system admin executables (sbin)
-#  LIBEXECDIR       - program executables (libexec)
-#  SYSCONFDIR       - read-only single-machine data (etc)
-#  SHAREDSTATEDIR   - modifiable architecture-independent data (com)
-#  LOCALSTATEDIR    - modifiable single-machine data (var)
-#  LIBDIR           - object code libraries (lib or lib64 or lib/<multiarch-tuple> on Debian)
-#  INCLUDEDIR       - C header files (include)
-#  OLDINCLUDEDIR    - C header files for non-gcc (/usr/include)
-#  DATAROOTDIR      - read-only architecture-independent data root (share)
-#  DATADIR          - read-only architecture-independent data (DATAROOTDIR)
-#  INFODIR          - info documentation (DATAROOTDIR/info)
-#  LOCALEDIR        - locale-dependent data (DATAROOTDIR/locale)
-#  MANDIR           - man documentation (DATAROOTDIR/man)
-#  DOCDIR           - documentation root (DATAROOTDIR/doc/PROJECT_NAME)
-# Each CMAKE_INSTALL_<dir> value may be passed to the DESTINATION options of
-# install() commands for the corresponding file type.  If the includer does
-# not define a value the above-shown default will be used and the value will
-# appear in the cache for editing by the user.
-# Each CMAKE_INSTALL_FULL_<dir> value contains an absolute path constructed
-# from the corresponding destination by prepending (if necessary) the value
-# of CMAKE_INSTALL_PREFIX.
-
-#=============================================================================
-# Copyright 2011 Nikita Krupen'ko <krnekit@gmail.com>
-# Copyright 2011 Kitware, Inc.
-#
-# Distributed under the OSI-approved BSD License (the "License");
-# see accompanying file Copyright.txt for details.
-#
-# This software is distributed WITHOUT ANY WARRANTY; without even the
-# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-# See the License for more information.
-#=============================================================================
-# (To distribute this file outside of CMake, substitute the full
-#  License text for the above reference.)
-
-# Installation directories
-#
-if(NOT DEFINED CMAKE_INSTALL_BINDIR)
-  set(CMAKE_INSTALL_BINDIR "bin" CACHE PATH "user executables (bin)")
-endif()
-
-if(NOT DEFINED CMAKE_INSTALL_SBINDIR)
-  set(CMAKE_INSTALL_SBINDIR "sbin" CACHE PATH "system admin executables (sbin)")
-endif()
-
-if(NOT DEFINED CMAKE_INSTALL_LIBEXECDIR)
-  set(CMAKE_INSTALL_LIBEXECDIR "libexec" CACHE PATH "program executables (libexec)")
-endif()
-
-if(NOT DEFINED CMAKE_INSTALL_SYSCONFDIR)
-  set(CMAKE_INSTALL_SYSCONFDIR "etc" CACHE PATH "read-only single-machine data (etc)")
-endif()
-
-if(NOT DEFINED CMAKE_INSTALL_SHAREDSTATEDIR)
-  set(CMAKE_INSTALL_SHAREDSTATEDIR "com" CACHE PATH "modifiable architecture-independent data (com)")
-endif()
-
-if(NOT DEFINED CMAKE_INSTALL_LOCALSTATEDIR)
-  set(CMAKE_INSTALL_LOCALSTATEDIR "var" CACHE PATH "modifiable single-machine data (var)")
-endif()
-
-if(NOT DEFINED CMAKE_INSTALL_LIBDIR)
-  set(_LIBDIR_DEFAULT "lib")
-  # Override this default 'lib' with 'lib64' iff:
-  #  - we are on Linux system but NOT cross-compiling
-  #  - we are NOT on debian
-  #  - we are on a 64 bits system
-  # reason is: amd64 ABI: http://www.x86-64.org/documentation/abi.pdf
-  # For Debian with multiarch, use 'lib/${CMAKE_LIBRARY_ARCHITECTURE}' if
-  # CMAKE_LIBRARY_ARCHITECTURE is set (which contains e.g. "i386-linux-gnu"
-  # See http://wiki.debian.org/Multiarch
-  if((CMAKE_SYSTEM_NAME MATCHES "Linux|kFreeBSD" OR CMAKE_SYSTEM_NAME STREQUAL "GNU")
-      AND NOT CMAKE_CROSSCOMPILING)
-    if (EXISTS "/etc/debian_version") # is this a debian system ?
-       if(CMAKE_LIBRARY_ARCHITECTURE)
-         set(_LIBDIR_DEFAULT "lib/${CMAKE_LIBRARY_ARCHITECTURE}")
-       endif()
-    else() # not debian, rely on CMAKE_SIZEOF_VOID_P:
-      if(NOT DEFINED CMAKE_SIZEOF_VOID_P)
-        message(AUTHOR_WARNING
-          "Unable to determine default CMAKE_INSTALL_LIBDIR directory because no target architecture is known. "
-          "Please enable at least one language before including GNUInstallDirs.")
-      else()
-        if("${CMAKE_SIZEOF_VOID_P}" EQUAL "8")
-          set(_LIBDIR_DEFAULT "lib64")
-        endif()
-      endif()
-    endif()
-  endif()
-  set(CMAKE_INSTALL_LIBDIR "${_LIBDIR_DEFAULT}" CACHE PATH "object code libraries (${_LIBDIR_DEFAULT})")
-endif()
-
-if(NOT DEFINED CMAKE_INSTALL_INCLUDEDIR)
-  set(CMAKE_INSTALL_INCLUDEDIR "include" CACHE PATH "C header files (include)")
-endif()
-
-if(NOT DEFINED CMAKE_INSTALL_OLDINCLUDEDIR)
-  set(CMAKE_INSTALL_OLDINCLUDEDIR "/usr/include" CACHE PATH "C header files for non-gcc (/usr/include)")
-endif()
-
-if(NOT DEFINED CMAKE_INSTALL_DATAROOTDIR)
-  set(CMAKE_INSTALL_DATAROOTDIR "share" CACHE PATH "read-only architecture-independent data root (share)")
-endif()
-
-#-----------------------------------------------------------------------------
-# Values whose defaults are relative to DATAROOTDIR.  Store empty values in
-# the cache and store the defaults in local variables if the cache values are
-# not set explicitly.  This auto-updates the defaults as DATAROOTDIR changes.
-
-if(NOT CMAKE_INSTALL_DATADIR)
-  set(CMAKE_INSTALL_DATADIR "" CACHE PATH "read-only architecture-independent data (DATAROOTDIR)")
-  set(CMAKE_INSTALL_DATADIR "${CMAKE_INSTALL_DATAROOTDIR}")
-endif()
-
-if(NOT CMAKE_INSTALL_INFODIR)
-  set(CMAKE_INSTALL_INFODIR "" CACHE PATH "info documentation (DATAROOTDIR/info)")
-  set(CMAKE_INSTALL_INFODIR "${CMAKE_INSTALL_DATAROOTDIR}/info")
-endif()
-
-if(NOT CMAKE_INSTALL_LOCALEDIR)
-  set(CMAKE_INSTALL_LOCALEDIR "" CACHE PATH "locale-dependent data (DATAROOTDIR/locale)")
-  set(CMAKE_INSTALL_LOCALEDIR "${CMAKE_INSTALL_DATAROOTDIR}/locale")
-endif()
-
-if(NOT CMAKE_INSTALL_MANDIR)
-  set(CMAKE_INSTALL_MANDIR "" CACHE PATH "man documentation (DATAROOTDIR/man)")
-  set(CMAKE_INSTALL_MANDIR "${CMAKE_INSTALL_DATAROOTDIR}/man")
-endif()
-
-if(NOT CMAKE_INSTALL_DOCDIR)
-  set(CMAKE_INSTALL_DOCDIR "" CACHE PATH "documentation root (DATAROOTDIR/doc/PROJECT_NAME)")
-  set(CMAKE_INSTALL_DOCDIR "${CMAKE_INSTALL_DATAROOTDIR}/doc/${PROJECT_NAME}")
-endif()
-
-#-----------------------------------------------------------------------------
-
-mark_as_advanced(
-  CMAKE_INSTALL_BINDIR
-  CMAKE_INSTALL_SBINDIR
-  CMAKE_INSTALL_LIBEXECDIR
-  CMAKE_INSTALL_SYSCONFDIR
-  CMAKE_INSTALL_SHAREDSTATEDIR
-  CMAKE_INSTALL_LOCALSTATEDIR
-  CMAKE_INSTALL_LIBDIR
-  CMAKE_INSTALL_INCLUDEDIR
-  CMAKE_INSTALL_OLDINCLUDEDIR
-  CMAKE_INSTALL_DATAROOTDIR
-  CMAKE_INSTALL_DATADIR
-  CMAKE_INSTALL_INFODIR
-  CMAKE_INSTALL_LOCALEDIR
-  CMAKE_INSTALL_MANDIR
-  CMAKE_INSTALL_DOCDIR
-  )
-
-# Result directories
-#
-foreach(dir
-    BINDIR
-    SBINDIR
-    LIBEXECDIR
-    SYSCONFDIR
-    SHAREDSTATEDIR
-    LOCALSTATEDIR
-    LIBDIR
-    INCLUDEDIR
-    OLDINCLUDEDIR
-    DATAROOTDIR
-    DATADIR
-    INFODIR
-    LOCALEDIR
-    MANDIR
-    DOCDIR
-    )
-  if(NOT IS_ABSOLUTE ${CMAKE_INSTALL_${dir}})
-    set(CMAKE_INSTALL_FULL_${dir} "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_${dir}}")
-  else()
-    set(CMAKE_INSTALL_FULL_${dir} "${CMAKE_INSTALL_${dir}}")
-  endif()
-endforeach()
--- a/cmake/KPXCMacDeployHelpers.cmake
+++ b/cmake/KPXCMacDeployHelpers.cmake
@@ -0,0 +1,61 @@
+# Running macdeployqt on a POST_BUILD copied binaries is pointless when using CPack because
+# the copied binaries will be overriden by the corresponding install(TARGETS) commands.
+# That's why we run macdeployqt using install(CODE) on the already installed binaries.
+# The precondition is that all install(TARGETS) calls have to be called before this function is
+# called.
+# macdeloyqt is called only once, but it is given all executables that should be processed.
+function(kpxc_run_macdeployqt_at_install_time)
+    set(NO_VALUE_OPTIONS)
+    set(SINGLE_VALUE_OPTIONS
+        APP_NAME
+    )
+    set(MULTI_VALUE_OPTIONS
+        EXTRA_BINARIES
+    )
+    cmake_parse_arguments(PARSE_ARGV 0 ARG
+        "${NO_VALUE_OPTIONS}" "${SINGLE_VALUE_OPTIONS}" "${MULTI_VALUE_OPTIONS}"
+    )
+
+    set(ESCAPED_PREFIX "\${CMAKE_INSTALL_PREFIX}")
+    set(APP_BUNDLE_NAME "${ARG_APP_NAME}.app")
+    set(APP_BUNDLE_PATH "${ESCAPED_PREFIX}/${APP_BUNDLE_NAME}")
+
+    # Collect extra binaries and plugins that should be handled by macdpeloyqt.
+    set(EXTRA_BINARIES "")
+    foreach(EXTRA_BINARY ${ARG_EXTRA_BINARIES})
+        set(INSTALLED_BINARY_PATH "${ESCAPED_PREFIX}/${EXTRA_BINARY}")
+        list(APPEND EXTRA_BINARIES "-executable=${INSTALLED_BINARY_PATH}")
+    endforeach()
+
+    list(JOIN EXTRA_BINARIES " " EXTRA_BINARIES_STR)
+
+    if(CMAKE_VERSION VERSION_GREATER "3.14")
+        set(COMMAND_ECHO "COMMAND_ECHO STDOUT")
+    else()
+        set(COMMAND_ECHO "")
+    endif()
+
+    set(COMMAND_ARGS
+        ${MACDEPLOYQT_EXE}
+        ${APP_BUNDLE_PATH}
+
+        # Adjusts dependency rpaths of extra binaries
+        ${EXTRA_BINARIES_STR}
+
+        # Silences warnings on subsequent re-installations
+        -always-overwrite
+    )
+
+    install(CODE
+    "
+execute_process(
+    COMMAND ${COMMAND_ARGS}
+    ${COMMAND_ECHO}
+    RESULT_VARIABLE EXIT_CODE
+)
+if(NOT EXIT_CODE EQUAL 0)
+    message(FATAL_ERROR
+        \"Running ${COMMAND_ARGS} failed with exit code \${EXIT_CODE}.\")
+endif()
+")
+endfunction()
--- a/cmake/MacOSCodesign.cmake.in
+++ b/cmake/MacOSCodesign.cmake.in
@@ -0,0 +1,102 @@
+#  Copyright (C) 2025 KeePassXC Team <team@keepassxc.org>
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 or (at your option)
+#  version 3 of the License.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+# CPACK_PACKAGE_FILES is set only during POST_BUILD
+if(NOT CPACK_PACKAGE_FILES)     # PRE_BUILD: Sign binaries
+
+    set(PROGNAME "@PROGNAME@")
+    set(CODESIGN_IDENTITY "@WITH_XC_CODESIGN_IDENTITY@")
+    set(ENTITLEMENTS @MACOSX_BUNDLE_APPLE_ENTITLEMENTS@)
+    set(APP_DIR "${CPACK_TEMPORARY_INSTALL_DIRECTORY}/ALL_IN_ONE/${PROGNAME}.app")
+
+    if(NOT CODESIGN_IDENTITY)
+        message(FATAL_ERROR "No codesign identity specified.")
+    endif()
+
+    message(STATUS "Codesign identity used: ${CODESIGN_IDENTITY}")
+    message(STATUS "Signing ${PROGNAME}.app, this may take while...")
+
+    # Sign all binaries
+    execute_process(
+        COMMAND xcrun codesign --sign=${CODESIGN_IDENTITY} --force --options=runtime --deep ${APP_DIR}
+        RESULT_VARIABLE SIGN_RESULT
+        OUTPUT_VARIABLE SIGN_OUTPUT
+        ERROR_VARIABLE SIGN_ERROR
+        OUTPUT_STRIP_TRAILING_WHITESPACE
+        ERROR_STRIP_TRAILING_WHITESPACE
+        ECHO_OUTPUT_VARIABLE
+    )
+    if (NOT SIGN_RESULT EQUAL 0)
+        message(FATAL_ERROR "Signing binaries failed: ${SIGN_ERROR}")
+    endif()
+
+    # (Re-)Sign main executable with --entitlements
+    execute_process(
+        COMMAND xcrun codesign --sign=${CODESIGN_IDENTITY} --force --options=runtime --deep --entitlements=${ENTITLEMENTS} ${APP_DIR}
+        RESULT_VARIABLE SIGN_RESULT
+        OUTPUT_VARIABLE SIGN_OUTPUT
+        ERROR_VARIABLE SIGN_ERROR
+        OUTPUT_STRIP_TRAILING_WHITESPACE
+        ERROR_STRIP_TRAILING_WHITESPACE
+        ECHO_OUTPUT_VARIABLE
+    )
+    if (NOT SIGN_RESULT EQUAL 0)
+        message(FATAL_ERROR "Signing main binary failed: ${SIGN_ERROR}")
+    endif()
+
+    message(STATUS "${PROGNAME}.app signed successfully.")
+
+else()       # POST_BUILD: Notarize DMG
+    set(KEYCHAIN_PROFILE "@WITH_XC_NOTARY_KEYCHAIN_PROFILE@")
+    file(GLOB_RECURSE DMG_FILE "${CPACK_PACKAGE_DIRECTORY}/${CPACK_PACKAGE_FILE_NAME}.dmg")
+
+    if(NOT KEYCHAIN_PROFILE)
+        message(FATAL_ERROR "No notarization credentials keychain profile specified.")
+    endif()
+
+    # Submit for notarization
+    message(STATUS "Submitting DMG bundle for notarization, this may take while...")
+    execute_process(
+            COMMAND xcrun notarytool submit --keychain-profile=${KEYCHAIN_PROFILE} --wait ${DMG_FILE}
+            RESULT_VARIABLE NOTARIZE_RESULT
+            OUTPUT_VARIABLE NOTARIZE_OUTPUT
+            ERROR_VARIABLE NOTARIZE_ERROR
+            OUTPUT_STRIP_TRAILING_WHITESPACE
+            ERROR_STRIP_TRAILING_WHITESPACE
+            ECHO_OUTPUT_VARIABLE
+    )
+    if (NOT NOTARIZE_RESULT EQUAL 0)
+        message(FATAL_ERROR "Notarization failed: ${NOTARIZE_ERROR}")
+    endif()
+    message(STATUS "DMG bundle notarized successfully.")
+
+    # Staple tickets
+    message(STATUS "Stapling notarization ticket...")
+    execute_process(
+            COMMAND xcrun stapler staple ${DMG_FILE} && xcrun stapler validate ${DMG_FILE}
+            RESULT_VARIABLE STAPLE_RESULT
+            OUTPUT_VARIABLE STAPLE_OUTPUT
+            ERROR_VARIABLE STAPLE_ERROR
+            OUTPUT_STRIP_TRAILING_WHITESPACE
+            ERROR_STRIP_TRAILING_WHITESPACE
+            ECHO_OUTPUT_VARIABLE
+    )
+    if (NOT STAPLE_RESULT EQUAL 0)
+        message(FATAL_ERROR "Stapling failed: ${STAPLE_ERROR}")
+    endif()
+    message(STATUS "DMG bundle notarization ticket stapled successfully.")
+
+endif()
--- a/cmake/WindowsCodesign.cmake.in
+++ b/cmake/WindowsCodesign.cmake.in
@@ -0,0 +1,79 @@
+#  Copyright (C) 2025 KeePassXC Team <team@keepassxc.org>
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 or (at your option)
+#  version 3 of the License.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+set(INSTALL_DIR ${CPACK_TEMPORARY_INSTALL_DIRECTORY})
+set(CODESIGN_IDENTITY @WITH_XC_CODESIGN_IDENTITY@)
+set(TIMESTAMP_URL @WITH_XC_CODESIGN_TIMESTAMP_URL@)
+
+if(CPACK_PACKAGE_FILES) 
+    # This variable is set only during POST_BUILD, reset SIGN_FILES first
+    set(SIGN_FILES "")
+    foreach(PACKAGE_FILE ${CPACK_PACKAGE_FILES})
+        # Check each package file to see if it can be signed
+        if(PACKAGE_FILE MATCHES "\\.msix?$" OR PACKAGE_FILE MATCHES "\\.exe$")
+            message(STATUS "Adding ${PACKAGE_FILE} for signature")
+            list(APPEND SIGN_FILES "${PACKAGE_FILE}")
+        endif()
+    endforeach()
+else()
+    # Setup portable zip file if building one
+    if(INSTALL_DIR MATCHES "/ZIP/")
+        file(TOUCH "${INSTALL_DIR}/.portable")
+        message(STATUS "Injected portable marker into ZIP file.")
+    endif()
+
+    # Find all dll and exe files in the install directory
+    file(GLOB_RECURSE SIGN_FILES
+            RELATIVE "${INSTALL_DIR}"
+            "${INSTALL_DIR}/*.dll"
+            "${INSTALL_DIR}/*.exe"
+    )
+endif()
+
+# Sign relevant binaries if requested
+if(CODESIGN_IDENTITY AND SIGN_FILES)
+    # Find signtool in PATH or error out
+    find_program(SIGNTOOL signtool.exe QUIET)
+    if(NOT SIGNTOOL)
+        message(FATAL_ERROR "signtool.exe not found in PATH, correct or unset WITH_XC_CODESIGN_IDENTITY")
+    endif()
+
+    # Check that a certificate thumbprint was provided or error out
+    if(CODESIGN_IDENTITY STREQUAL "auto")
+        message(STATUS "Signing using best available certificate.")
+        set(CERT_OPTS /a)
+    else ()
+        message(STATUS "Signing using certificate with fingerprint ${CODESIGN_IDENTITY}.")
+        set(CERT_OPTS /sha1 ${CODESIGN_IDENTITY})
+    endif()
+
+    message(STATUS "Signing binary files, this may take a while...")
+    # Use cmd /c to enable pop-up for pin entry if needed
+    execute_process(
+            COMMAND cmd /c ${SIGNTOOL} sign /fd SHA256 ${CERT_OPTS} /tr ${TIMESTAMP_URL} /td SHA256 /d ${CPACK_PACKAGE_FILE_NAME} ${SIGN_FILES}
+            WORKING_DIRECTORY "${INSTALL_DIR}"
+            RESULT_VARIABLE SIGN_RESULT
+            OUTPUT_VARIABLE SIGN_OUTPUT
+            ERROR_VARIABLE SIGN_ERROR
+            OUTPUT_STRIP_TRAILING_WHITESPACE
+            ERROR_STRIP_TRAILING_WHITESPACE
+            ECHO_OUTPUT_VARIABLE
+    )
+    if(NOT SIGN_RESULT EQUAL 0)
+        message(FATAL_ERROR "Signing binary files failed: ${SIGN_ERROR}")
+    endif()
+
+    message(STATUS "Binary files signed successfully.")
+endif()
--- a/cmake/compiler-checks/macos/control_biometry_support.mm
+++ b/cmake/compiler-checks/macos/control_biometry_support.mm
@@ -0,0 +1,5 @@
+#include <Security/Security.h>
+
+int main() {
+   return static_cast<int>(kSecAccessControlBiometryCurrentSet);
+}
--- a/cmake/compiler-checks/macos/control_touch_id_support.mm
+++ b/cmake/compiler-checks/macos/control_touch_id_support.mm
@@ -0,0 +1,5 @@
+#include <Security/Security.h>
+
+int main() {
+   return static_cast<int>(kSecAccessControlTouchIDCurrentSet);
+}
--- a/cmake/compiler-checks/macos/control_watch_support.mm
+++ b/cmake/compiler-checks/macos/control_watch_support.mm
@@ -0,0 +1,5 @@
+#include <Security/Security.h>
+
+int main() {
+   return static_cast<int>(kSecAccessControlWatch);
+}
--- a/codecov.yaml
+++ b/codecov.yaml
@@ -0,0 +1,27 @@
+codecov:
+  require_ci_to_pass: false
+coverage:
+  range: 60..80
+  round: nearest
+  precision: 2
+  status:
+    project:
+      default:
+        target: auto
+        threshold: 0.5%
+        paths:
+          - "src"
+    patch:
+      default:
+        target: 50%
+        threshold: 0%
+        informational: true
+        paths:
+          - "src"
+fixes:
+  - "*/src/::"
+ignore:
+  - "src/gui/styles/**"
+  - "src/thirdparty/**"
+comment:
+  require_changes: true
--- a/docs/CMakeLists.txt
+++ b/docs/CMakeLists.txt
@@ -0,0 +1,60 @@
+#  Copyright (C) 2020 KeePassXC Team <team@keepassxc.org>
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 or (at your option)
+#  version 3 of the License.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+find_program(ASCIIDOCTOR_EXE asciidoctor)
+if(NOT ASCIIDOCTOR_EXE)
+    message(FATAL_ERROR "asciidoctor is required to build documentation")
+endif()
+message(STATUS "Using asciidoctor: ${ASCIIDOCTOR_EXE}")
+
+set(DOC_DIR ${CMAKE_CURRENT_SOURCE_DIR})
+set(OUT_DIR ${CMAKE_CURRENT_BINARY_DIR})
+set(REV -a revnumber=${KEEPASSXC_VERSION})
+
+# Build html documentation on all platforms
+# NOTE: Combine into one long command to prevent MSVC from failing to build all docs
+file(GLOB doc_depends ${DOC_DIR}/*.adoc ${DOC_DIR}/topics/* ${DOC_DIR}/styles/* ${DOC_DIR}/images/*)
+add_custom_command(
+    OUTPUT KeePassXC_GettingStarted.html KeePassXC_UserGuide.html KeePassXC_KeyboardShortcuts.html
+    COMMAND
+        ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -o KeePassXC_GettingStarted.html ${REV} ${DOC_DIR}/GettingStarted.adoc &&
+        ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -o KeePassXC_UserGuide.html ${REV} ${DOC_DIR}/UserGuide.adoc &&
+        ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -o KeePassXC_KeyboardShortcuts.html ${REV} ${DOC_DIR}/topics/KeyboardShortcuts.adoc
+    DEPENDS ${doc_depends}
+    VERBATIM)
+
+add_custom_target(docs ALL DEPENDS KeePassXC_GettingStarted.html KeePassXC_UserGuide.html KeePassXC_KeyboardShortcuts.html)
+
+install(FILES
+        ${OUT_DIR}/KeePassXC_GettingStarted.html
+        ${OUT_DIR}/KeePassXC_UserGuide.html
+        ${OUT_DIR}/KeePassXC_KeyboardShortcuts.html
+        DESTINATION ${DATA_INSTALL_DIR}/docs)
+
+# Build Man Pages on Linux and macOS
+if(UNIX)
+    add_custom_command(OUTPUT keepassxc.1 keepassxc-cli.1
+        COMMAND ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -b manpage ${REV} ./man/keepassxc.1.adoc
+        COMMAND ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -b manpage ${REV} ./man/keepassxc-cli.1.adoc
+        DEPENDS ${DOC_DIR}/man/keepassxc.1.adoc ${DOC_DIR}/man/keepassxc-cli.1.adoc
+        WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+        VERBATIM)
+    add_custom_target(manpages ALL DEPENDS keepassxc.1 keepassxc-cli.1)
+
+    install(FILES
+        ${OUT_DIR}/keepassxc.1
+        ${OUT_DIR}/keepassxc-cli.1
+        DESTINATION ${CMAKE_INSTALL_MANDIR}/man1/)
+endif()
--- a/docs/GettingStarted.adoc
+++ b/docs/GettingStarted.adoc
@@ -0,0 +1,34 @@
+= KeePassXC: Getting Started Guide
+KeePassXC Team <team@keepassxc.org>
+:data-uri:
+:linkcss!:
+:homepage: https://keepassxc.org
+:icons: font
+:imagesdir: images
+:stylesheet: styles/dark.css
+:toc: left
+:experimental:
+ifdef::backend-pdf[]
+:title-page:
+:title-logo-image: {imagesdir}/kpxc_logo.png
+:pdf-theme: styles/pdf_theme.yml
+:compress:
+endif::[]
+
+include::topics/Disclaimers.adoc[]
+
+<<<
+
+// Include various topics, excluding advanced sections
+
+include::topics/Welcome.adoc[tags=*;!advanced]
+
+include::topics/DownloadInstall.adoc[tags=*;!advanced]
+
+include::topics/UserInterface.adoc[tags=*;!advanced]
+
+include::topics/DatabaseOperations.adoc[tags=*;!advanced]
+
+include::topics/PasswordGenerator.adoc[tags=*;!advanced]
+
+include::topics/BrowserIntegration.adoc[tags=*;!advanced]
--- a/docs/KeePassHTTP/KeePassXC-Accept-Button.png
+++ b/docs/KeePassHTTP/KeePassXC-Accept-Button.png
--- a/docs/KeePassHTTP/KeePassXC-Confirm.png
+++ b/docs/KeePassHTTP/KeePassXC-Confirm.png
--- a/docs/KeePassHTTP/KeePassXC-Connect.png
+++ b/docs/KeePassHTTP/KeePassXC-Connect.png
--- a/docs/KeeShare/AppSettings.png
+++ b/docs/KeeShare/AppSettings.png
--- a/docs/KeeShare/DatabaseSettings.png
+++ b/docs/KeeShare/DatabaseSettings.png
--- a/docs/KeeShare/GroupSettings_Export.png
+++ b/docs/KeeShare/GroupSettings_Export.png
--- a/docs/KeeShare/GroupSettings_Import.png
+++ b/docs/KeeShare/GroupSettings_Import.png
--- a/docs/KeeShare/GroupSettings_Sync.png
+++ b/docs/KeeShare/GroupSettings_Sync.png
--- a/docs/QUICKSTART.md
+++ b/docs/QUICKSTART.md
@@ -1,131 +0,0 @@
-# Quick Start for KeePassXC
-
-This procedure gets KeePassXC running on your computer with browser integration, 
-using the pre-built binaries available for [download](https://keepassxc.org/download) 
-from [KeePassXC site](https://keepassxc.org).
-
-**TL;DR** KeePassXC saves your passwords securely.
-When you double-click a URL in KeePassXC, it launches your default browser to that URL.
-With browser integration configured, KeePassXC automatically enters 
-username/password credentials into web page fields.
-
-## Installing and Starting KeePassXC
-
-* [Download the native installer](https://keepassxc.org/download) and install 
-KeePassXC for your  Windows, macOS, or Linux computer in the usual way for your platform.
-* Open the KeePassXC application.
-* Create a new database and give it a master key that's used to unlock the database file. 
-This database holds entries (usernames, passwords, account numbers, notes) 
-for all your websites, programs, etc.
-* Create a few entries - enter the username, password, URL, and optionally notes about the entry.
-* KeePassXC securely stores those entries in the database.
-
-
-## Setting up Browser Integration with KeePassXC
-
-* *Within KeePassXC*, go to **Tools->Settings** (on macOS, go to **KeePassXC->Preferences**.) 
-* In **Browser Integration**, check **Enable KeePassXC browser integration**
-* Right below that, click the checkbox for the browser(s) you use
-Leave the other options at their defaults.
-* *In your default web browser,* install the KeePassXC Browser extension/add-on. Instructions for [Firefox or Tor Browser](https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser/) or [Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk)
-* Click the KeePassXC icon in the upper-right corner. You'll see the dialog below. 
-* Click the blue Connect button to make the browser extension connect to the KeePassXC application. 
-<img src="./KeePassHTTP/KeePassXC-Connect.png" height="200" alt="KeePassXC Connect dialog">
-
-* *Switch back to KeePassXC.* You'll see a dialog (below) indicating that a request to connect has arrived. 
-* Give the connection a name (perhaps *Keepass-Browsername*, any unique name will suffice) and click OK to accept it.
-* This one-time operation connects KeePassXC and your browser.
-<img src="./KeePassHTTP/KeePassXC-Accept-Button.png" height="200" alt="KeePassXC accept connection dialog">
-
-## Using Browser Integration
-
-* *Within KeePassXC,* double-click the URL of an entry,
-or select it and type Ctrl+U (Cmd+U on macOS).
-* Your browser opens to that URL.
-* If there are username/password fields on that page, you will see the dialog below.
-Click *Allow* to confirm that KeePassXC may access the credentials to auto-fill the fields. 
-* Check *Remember this decision* to allow this each time you visit the page.
-<img src="./KeePassHTTP/KeePassXC-Confirm.png" height="200" alt="KeePassCX Confirm Access dialog">
-
-## Using Sharing
-
-Sharing allows you to share a subset of your credentials with others and vice versa.
-
-### Enable Sharing
-
-To use sharing, you need to enable for the application.
-
-1. Go to Tools &rarr; Settings
-2. Select the category KeeShare
-3. Check _Allow import_ if you want to import shared credentials
-4. Check _Allow export_ if you want to share credentials
-
-To make sure that your data is valid when im imported by another client, please _generate_ (or _import_) a public/private key pair and enter your _signer_ name. This way your client may verify that the imported data is valid. When Importing, you'll see the known sources with names and fingerprint in the list at the bottom. This is the place to _trust_ or _untrust_ signers. It is only possible to trust someone on application level.
-
-<img src="./KeeShare/AppSettings.png" height="600" width="800" alt="KeeShare Application Settings">
-
-### Sharing Credentials
-
-If you checked _Allow export_ in the Sharing settings you now are good to go to share some passwords with others. Sharing always is defined on a group. If you enable sharing on a group, every entry under this group or it's children is shared. If you enable sharing on the root node, **every password** inside your database gets shared!
-
-1. Open the edit sheet on a group you want to share
-1. Select the sharing section
-1. Choose _Export to path_ as the sharing method
-1. Choose a path to store the shared credentials to
-1. Generate a password for this share container
-
-The export file will not be generated automatically. Instead, each time the database is saved, the file gets written (so please deactivate the autosafe feature). If an old file is present, the old file will be overwritten! The file should be written to a location that is accessible by others. An easy setup is a network share or storing the file inside the cloud. 
-
-<img src="./KeeShare/GroupSettings_Export.png" height="600" width="800" alt="KeeShare Group Sharing Settings">
-
-### Using Shared Credentials
-
-Checking _Allow import_ in the Sharing settings of the database enables you to receive credentials from others. KeePass will watch sharing sources and import any changes immediately into your database using the synchronization feature.
-
-1. Create a group for import
-1. Open the edit sheet on that group
-1. Select the sharing section
-1. Choose _Import from path_ as the sharing method
-1. Choose a share container that is shared with you
-1. Enter the password for the shared container
-
-KeeShare observes the container for changes and merges them into your database when necessary. Importing merges in time order, so older data is moved to the history, which should have a sufficient size to prevent loss of needed data. 
-
-Please note, that the import currently is not restricted to the configured group. Every entry which was imported and moved outside the import group will be updated regardless of it's location!
-
-<img src="./KeeShare/GroupSettings_Import.png" height="600" width="800" alt="KeeShare Group Import Settings">
-
-### Using Synchronized Credentials
-
-Instead of using different groups for sharing and importing you can use a single group that acts as both. This way you can synchronize a number of credentials easily across many users without a lot of hassle.
-
-1. Open the edit sheet on a group you want to synchronize
-1. Select the sharing section
-1. Choose _Synchronize with path_ as the sharing method
-1. Choose a database that you want to use a synchronization file
-1. Enter the password for the database
-
-<img src="./KeeShare/GroupSettings_Sync.png" height="600" width="800" alt="KeeShare Group Synchronization Settings">
-
-### Disable Sharing for Credentials
-
-In case you don't want to share (import or export) some credentials, it is possible to you can 
-* use the application settings and uncheck the options or 
-* instead of selecting _Import from path_, _Export to path_ or _Synchronize with path_ you'll select _Inactive_ while leaving the path and the password untouched
-
-### Sharing overview
-
-There is a simple overview of shared groups to keep track of your data.
-
-1. Open the Database Settings
-1. Select the KeeShare category
-
-<img src="./KeeShare/DatabaseSettings.png" height="600" width="800" alt="KeeShare Group Sharing Ovewview">
-
-## Technical Details and Limitations of Sharing
-
-Sharing relies on the combination of file exports and imports as well as the synchronization mechanism provided by KeePassXC. Since the merge algorithm uses the history of entries to prevent data loss, this history must be enabled and have a sufficient size. Furthermore, the merge algorithm is location independend, therefore it does not matter if entries are moved outside of an import group. These entries will be updated none the less. Moving entries outside of export groups will prevent a further export of the entry, but it will not ensure that the already shared data will be removed from any client.
-
-KeeShare uses a custom certification mechanism to ensure that the source of the data is the expected one. This ensures that the data was exported by the signer but it is not possible to detect if someone replaced the data with an older version from a valid signer. To prevent this, the container could be placed at a location which is only writeable for valid signers.
-
-
--- a/docs/UserGuide.adoc
+++ b/docs/UserGuide.adoc
@@ -0,0 +1,44 @@
+= KeePassXC: User Guide
+KeePassXC Team <team@keepassxc.org>
+:data-uri:
+:homepage: https://keepassxc.org
+:icons: font
+:imagesdir: images
+:stylesheet: styles/dark.css
+:toc: left
+:sectanchors:
+:experimental:
+ifdef::backend-pdf[]
+:title-page:
+:title-logo-image: {imagesdir}/kpxc_logo.png
+:pdf-theme: styles/pdf_theme.yml
+:compress:
+endif::[]
+
+include::topics/Disclaimers.adoc[]
+
+<<<
+
+// Include feature topics and advanced sections
+
+include::topics/UserInterface.adoc[tags=*]
+
+include::topics/DatabaseOperations.adoc[tags=*]
+
+include::topics/PasswordGenerator.adoc[tags=*]
+
+include::topics/ImportExport.adoc[tags=*]
+
+include::topics/KeeShare.adoc[tags=*]
+
+include::topics/BrowserIntegration.adoc[tags=*]
+
+include::topics/Passkeys.adoc[tags=*]
+
+include::topics/AutoType.adoc[tags=*]
+
+include::topics/SecretService.adoc[tags=*]
+
+include::topics/SSHAgent.adoc[tags=*]
+
+include::topics/Reference.adoc[tags=*]
--- a/docs/images/autoopen.png
+++ b/docs/images/autoopen.png
--- a/docs/images/autoopen_ifdevice.png
+++ b/docs/images/autoopen_ifdevice.png
--- a/docs/images/autotype_entry_sequences.png
+++ b/docs/images/autotype_entry_sequences.png
--- a/docs/images/autotype_entrylevel.png
+++ b/docs/images/autotype_entrylevel.png
--- a/docs/images/autotype_selection_dialog.png
+++ b/docs/images/autotype_selection_dialog.png
--- a/docs/images/autotype_selection_dialog_search.png
+++ b/docs/images/autotype_selection_dialog_search.png
--- a/docs/images/autotype_selection_dialog_type_menu.png
+++ b/docs/images/autotype_selection_dialog_type_menu.png
--- a/docs/images/autotype_settings.png
+++ b/docs/images/autotype_settings.png
--- a/docs/images/browser_advanced_settings.png
+++ b/docs/images/browser_advanced_settings.png
--- a/docs/images/browser_confirm_access_dialog.png
+++ b/docs/images/browser_confirm_access_dialog.png
--- a/docs/images/browser_custom_browser_configuration.png
+++ b/docs/images/browser_custom_browser_configuration.png
--- a/docs/images/browser_database_settings.png
+++ b/docs/images/browser_database_settings.png
--- a/docs/images/browser_entry_settings.png
+++ b/docs/images/browser_entry_settings.png
--- a/docs/images/browser_extension_association.png
+++ b/docs/images/browser_extension_association.png
--- a/docs/images/browser_extension_connect.png
+++ b/docs/images/browser_extension_connect.png
--- a/docs/images/browser_extension_icons.png
+++ b/docs/images/browser_extension_icons.png
--- a/docs/images/browser_extension_reload.png
+++ b/docs/images/browser_extension_reload.png
--- a/docs/images/browser_fill_credentials.png
+++ b/docs/images/browser_fill_credentials.png
--- a/docs/images/browser_group_settings.png
+++ b/docs/images/browser_group_settings.png
--- a/docs/images/browser_integration_additional_attribute.png
+++ b/docs/images/browser_integration_additional_attribute.png
--- a/docs/images/browser_integration_clear_sites.png
+++ b/docs/images/browser_integration_clear_sites.png
--- a/docs/images/browser_settings.png
+++ b/docs/images/browser_settings.png
--- a/docs/images/browser_statistics.png
+++ b/docs/images/browser_statistics.png
--- a/docs/images/clone_entry.png
+++ b/docs/images/clone_entry.png
--- a/docs/images/clone_entry_dialog.png
+++ b/docs/images/clone_entry_dialog.png
--- a/docs/images/clone_entry_references.png
+++ b/docs/images/clone_entry_references.png
--- a/docs/images/compact_mode_comparison.png
+++ b/docs/images/compact_mode_comparison.png
--- a/docs/images/csv_import.png
+++ b/docs/images/csv_import.png
--- a/docs/images/database_maintenance.png
+++ b/docs/images/database_maintenance.png
--- a/docs/images/database_security.png
+++ b/docs/images/database_security.png
--- a/docs/images/database_security_credentials.png
+++ b/docs/images/database_security_credentials.png
--- a/docs/images/database_security_encryption.png
+++ b/docs/images/database_security_encryption.png
--- a/docs/images/database_security_encryption_advanced.png
+++ b/docs/images/database_security_encryption_advanced.png
--- a/docs/images/database_settings.png
+++ b/docs/images/database_settings.png
--- a/docs/images/database_view.png
+++ b/docs/images/database_view.png
--- a/docs/images/edit_entry.png
+++ b/docs/images/edit_entry.png
--- a/docs/images/edit_entry_attachments.png
+++ b/docs/images/edit_entry_attachments.png
--- a/docs/images/edit_entry_attributes.png
+++ b/docs/images/edit_entry_attributes.png
--- a/docs/images/edit_entry_colors.png
+++ b/docs/images/edit_entry_colors.png
--- a/docs/images/edit_entry_history.png
+++ b/docs/images/edit_entry_history.png
--- a/Show More
+++ b/Show More