Update translations

Bump version to 2.7.2
Fix typos in docs (#8612 )
2025-12-04 15:39:34 +01:00 · 2022-10-22 17:37:47 -04:00 · 2022-10-22 17:19:01 -04:00 · 2022-10-22 17:18:49 -04:00 · 2022-10-19 20:51:54 -04:00 · 2022-10-19 10:16:17 -04:00
785 changed files with 235028 additions and 117412 deletions
--- a/.clang-format
+++ b/.clang-format
@@ -19,7 +19,7 @@ AlwaysBreakBeforeMultilineStrings: false
 AlwaysBreakTemplateDeclarations: false
 BinPackArguments: false
 BinPackParameters: false
-BraceWrapping:   
+BraceWrapping:
  AfterClass:      true
  AfterFunction:   true
  AfterControlStatement: false
@@ -44,7 +44,7 @@ DerivePointerAlignment: false
 DisableFormat:   false
 ExperimentalAutoDetectBinPacking: false
 ForEachMacros:   [ foreach, Q_FOREACH, BOOST_FOREACH ]
-IncludeCategories: 
+IncludeCategories:
  - Regex:           '^"(llvm|llvm-c|clang|clang-c)/'
    Priority:        2
  - Regex:           '^(<|"(gtest|isl|json)/)'
@@ -85,4 +85,3 @@ Standard:        Cpp11
 TabWidth:        4
 UseTab:          Never
 ...
--- a/.gitattributes
+++ b/.gitattributes
@@ -14,3 +14,6 @@ AppImage-Recipe.sh export-ignore
 # binary files
 *.ai binary
 # Line endings harmony
 * text=auto
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -63,7 +63,7 @@ Before submitting a bug report, check if the problem has already been reported.
 ### Discuss with the team
-As with feature requests, you can talk to the KeePassXC team about bugs, new features, other issues and pull requests on the dedicated issue tracker, or in the IRC channel on Freenode (`#keepassxc-dev` on `irc.freenode.net`, or use a [webchat link](https://webchat.freenode.net/?channels=%23keepassxc-dev)).
+As with feature requests, you can talk to the KeePassXC team about bugs, new features, other issues and pull requests on the dedicated issue tracker, on the [Matrix development channel](https://matrix.to/#/!RhJPJPGwQIFVQeXqZa:matrix.org?via=matrix.org), or in the IRC channel on Libera.Chat (`#keepassxc-dev` on `irc.libera.chat`, or use a [webchat link](https://web.libera.chat/#keepassxc-dev)).
 ### Your first code contribution
@@ -85,16 +85,23 @@ All pull requests must comply with the above requirements and with the [stylegui
 Translations are managed on [Transifex](https://www.transifex.com/keepassxc/keepassxc/) which offers a web interface.
 Please join an existing language team or request a new one if there is none.
 If you open a Pull Request with new strings that require translations, you will need to run the following:
 ```
 ./release-tool i18n lupdate
 ```
 This will make the new strings available for translation in Transifex.
 ## Styleguides
 ### Git branch strategy
 The Branch Strategy is based on [git-flow-lite](http://nvie.com/posts/a-successful-git-branching-model/).
 * **master** – points to the latest public release
 * **develop** – points to the development of the next release, contains tested and reviewed code
 * **feature/**[name] – points to a branch with a new feature, one which is candidate for merge into develop (subject to rebase)
-* **hotfix/**[name] – points to a branch with a fix for a particular issue ID
+* **fix/**[name] – points to a branch with a fix for a particular issue ID
 Note: The **latest** tag is used to point to the most recent stable release.
 ### Git commit messages
--- a/.github/pull.yml
+++ b/.github/pull.yml
@@ -3,10 +3,6 @@
 # pull from: https://github.com/keepassxreboot/keepassxc
 version: "1"
 rules:
  - base: master
    upstream:  keepassxreboot:master
    mergeMethod: hardreset
  - base: develop
    upstream:  keepassxreboot:develop
    mergeMethod: rebase
--- a/.gitignore
+++ b/.gitignore
@@ -21,3 +21,8 @@ desktop.ini
 /*.snap
 /*_source.tar.bz2
 # MSVC Files
 CMakeSettings.json
 CMakePresets.json
 .vs/
 out/
--- a/.tx/config
+++ b/.tx/config
@@ -1,8 +1,14 @@
 [main]
 host = https://www.transifex.com
-[keepassxc.keepassxc]
+[keepassxc.share-translations-keepassxc-en-ts--develop]
-source_file = share/translations/keepassx_en.ts
+source_file = share/translations/keepassxc_en.ts
-file_filter = share/translations/keepassx_<lang>.ts
+file_filter = share/translations/keepassxc_<lang>.ts
 source_lang = en
 type = QT
 [keepassxc.share-translations-keepassxc-en-ts--master]
 source_file = share/translations/keepassxc_en.ts
 file_filter = share/translations/keepassxc_<lang>.ts
 source_lang = en
 type = QT
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,216 @@
 # Changelog
 ## 2.7.2 (2022-10-22)
 ### Changes
 - Enhance Tags Support and Add Saved Searches [#8435, #8607]
 - Significant improvements to entry preview panel [#7993]
 - Add password strength indicator to all password fields [#7885]
 - Limit zxcvbn entropy estimation length to 128 characters [#7748]
 - Try full URL path when fetching favicon [#8565]
 - Hide usernames in preview panel when hidden in entry view [#8608]
 - Enable dark title bar on windows when accent color is not used [#8498]
 - Add option to display passwords in color in preview panel [#7097]
 - Add XML Export option to GUI [#8524]
 - Increase entropy required for a "good" password rating to 75 [#8523]
 - Add shortcut to copy password with TOTP appended [#8443]
 - Show entry count in status bar [#8435]
 - Allow KeePassXC to be built without X11 [#8147]
 - Enable use of VivoKey Apex and Dangerous Things FlexSecure tokens [#8332]
 - Add setting for number of recent files [#8239]
 - Add Ctrl+Tab shortcut to cycle databases in unlock dialog [#8168]
 - Replace offensive words in eff_large.wordlist [#7968]
 - Auto-Type: PICKCHARS can specify attribute and ignore BEEP [#8118]
 - Linux: Add isHardwareKeySupported and refreshHardwareKeys to DBus methods [#8055]
 - Add config variable to specify default database file name [#8042]
 - Support numeric aware sorting on Windows and macOS [#8363]
 - CLI: Add `db-edit` command [#8400]
 - CLI: Add option to display all attributes with `show` command [#8256]
 - CLI: Show UUID and tags with `show` and `clip` commands [#8241]
 - Browser: Move socket into separate directory on Linux [#8030]
 - Browser: Add group setting to omit WWW subdomain when matching URLs [#7988]
 - FdoSecrets: Ask to unlock the database when creating items [#8022, #8028]
 - FdoSecrets: Skip entries in recycle bin when searching [#8021]
 ### Fixes
 - Fix potential deadlock in UI when saving [#8606]
 - Fix newlines when copying notes from preview panel [#8542]
 - Fix dark mode detection on Linux [#8477]
 - Fix crash when deleting items in recycle bin while searching [#8117]
 - Fix crash when trying to close database during unlock [#8144]
 - Fix tabbing around the interface [#8435, #8520]
 - Fix OPVault import when there are multiple OTP fields [#8436]
 - Fix various Windows Hello bugs [#8354]
 - Fix use of Apple Watch for Quick Unlock [#8311]
 - Better handling of "Lock on Minimize" setting [#8202]
 - Check for write permission before entering portable mode [#8447]
 - Correct regex escape logic to prevent parse errors [#7778]
 - Normalize slashes and file case for last used databases [#7864, #7214]
 - Link ykcore against pthread [#7807]
 - Auto-Type: Fix menu entries in selection dialog on Windows [#7987]
 - Auto-Type: Fix use of modifiers under macOS [#8111]
 - CLI: Fix output when using clip with the -t flag [#8271]
 - Browser: Use asynchronous access confirm dialog [#8273]
 - Browser: Always send database locked/unlocked status [#8114]
 ## 2.7.1 (2022-04-05)
 ### Changes
 - Show when tags are changed in entry history [#7638]
 - Improve tags editing and allow spaces in tags [#7708]
 - Improve layout of entry preview panel [#7767]
 - Incorporate patches to support Flatpak distribution [#7728]
 - Add expiration presets for 12 and 24 hours [#7738]
 ### Fixes
 - Fix crash when building history change list [#7638]
 - Fix hiding password on database unlock [#7725]
 - Fix AES KDF slow transform speed [#7755]
 - Auto-Type: Correct timing issue on macOS and Linux that prevented typing [#7588]
 - Auto-Type: Fix use of Ctrl/Alt/Shift/Win modifiers on Windows [#7629]
 - Auto-Type: Reduce/eliminate delay when searching for entries [#7598]
 - Auto-Type: Map ASCII dead keys on Linux for international keyboards [#7614]
 - CLI: Fix detection of hardware keys (YubiKey) [#7593]
 - CLI: Add missing parameter `-c` to add/edit entries command [#7594]
 - Secret Service: Fix crash when multiple prompts are shown [#7786]
 - SSH Agent: Fix default agent selection on Windows [#7764]
 - Fix database unlock dialog not being the top window on Linux [#7771]
 - Fix drag/drop entries between tabs on Wayland [#7628]
 - Fix compiling with minizip-ng [#7638]
 ## 2.7.0 (2022-03-21)
 ### Major Additions
 - Implement KDBX 4.1 [#7114]
 - Add direct write save option for cloud storage and GVFS [#6594]
 - Prevent screen capture on Windows and macOS [#6030]
 - Support quick unlock using Windows Hello [#7384]
 - Support quick unlock using Apple Watch [#5526]
 - Allow specifying database backup paths [#7035]
 - Add tag functionality [#6487][#7436][#7446]
 - Add password rating column to entry view [#4797]
 - Add group clone action [#6124]
 - Show modifications between entry history items [#6789]
 - Ability to bulk-delete and purge unused custom icons [#5970]
 - Support adding custom passphrase wordlists [#6799]
 - Support passphrase wordlists in numbered and PGP-signed formats [#6791]
 - Implement support for hardware keys via wireless NFC [#6895]
 - SSH Agent: Add support for OpenSSH 8.2 FIDO/U2F keys [#6371]
 - CLI: Implement attachment handling [#5538]
 - CLI: Add support for okon in offline HIBP checks [#5478]
 - CLI: Implement `search` command and remove `locate` [#6805]
 - CLI: Add db statistic output to `db-info` command [#7032]
 - CLI: Add -i/--include option to `generate` command. [#7112]
 - CLI: Add a -n (--notes) option to `add` and `edit` commands [#4646]
 - CLI: Add keyfile option to `import` command [#5402]
 - CLI: Adding a best option to clip to copy a password of the best match [#4489]
 - Browser: Add Microsoft Edge support on Linux [#7100]
 - Browser: Support native password generator from the extension [#6529]
 - Browser: Add group settings [#4180]
 - Browser: Add feature to ignore entries for HTTP-Auth Logins [#5394]
 - Browser: Support triggering Auto-Type from browser extension [#6272]
 - Browser: Add delete-entry command to API [#6899]
 - Browser: Add search 'by-path' url to API [#5535]
 - Browser: search for entries by UUID to API [#4763]
 - Browser: Support auto-download of favicon on entry addition [#7179]
 - Auto-Type: Major improvements to Auto-Type [#5864][#7463][#7435][#7391][#7129][#6400][#6364][#6361][#5283][#7507]
 - Auto-Type: Fix typing to virtual machines on Windows [#7366]
 - Auto-Type: Re-implement X11 keysym emulation [#7098]
 - Auto-Type: Support multiple Xkb layouts [#6247]
 - Auto-Type: Abort keystroke if modifiers held on X11 [#6351][#6357]
 - Auto-Type: Add TOTP option to entry level Auto-Type menu [#6675]
 - FdoSecrets: Major Refactor and Code Consolidation [#5747][#5660][#7043][#6915]
 - FdoSecrets: Implement unlock before search [#6943]
 - Reports: Add browser statistics report [#7197]
 ### Major Changes
 - Port crypto backend to [Botan](https://github.com/randombit/botan) [#6209]
 - Improve attachment handling and security [#6606][#5034][#7083]
 - Allow selecting any open database in unlock dialog [#5427]
 - KeeShare: Remove checking signed container and QuaZip dependency [#7223]
 - Introduce security option to enable copy on double click (default off) [#6433]
 - Add 'delete entry without confirm' functionality [#5812]
 - Improve macOS and Windows platform integration [#5851]
 - Lock only the current database by default [#6652]
 - Show expired entries on DB unlock [#7290]
 - Update D-Bus adaptor interface class name to match definition file [#7523]
 ### Other Changes and Fixes
 - Add countdown progress bar to TOTP preview [#6930]
 - Enter favicon url directly on icons page [#6614]
 - Set C++17 as standard in the build system [#7180]
 - Internalize ykcore into code base [#6654]
 - Transition to Visual Studio builds on Windows [#5874]
 - Ability to delete entries from health check reports [#6537]
 - Enhance remembering last-used directories [#6711]
 - Implement org.freedesktop.appearance.color-scheme support on Linux [#7422]
 - Support sorting HTML export [#7011]
 - Add display number of characters in passphrases [#5449]
 - Use Alt+Tab on macOS to switch between databases [#5407]
 - Add feature to sort groups using shortcut keys [#6999]
 - Add CTRL+Enter to apply password generator changes [#6414]
 - Display `Database created` timestamp on statistics report [#6876]
 - Browser: Improve best matching credentials setting [#6893]
 - SSH Agent: Use both Pageant and OpenSSH agent simultaneously on Windows [#6288]
 - SSH Agent: Allow using database path to resolve keys [#6365]
 - SSH Agent: Show correct error messages in main window [#7166]
 - Multiple fixes for MSI installer [#6630]
 - Fix tab order for CSV import dialog to match screen order [#7315]
 - Don't mark kdbx:// urls as invalid [#7221]
 - Make selected text copyable instead of copying password [#7209]
 - Detect timestamp resolution for CSV files [#7196]
 - Fix crash while downloading favicon [#7104]
 - Correct naming of newly generated keyx files [#7010]
 - Place the 'Recycle Bin' at the bottom of the list when groups are sorted [#7004]
 - Handle tilde with custom browser paths [#6659]
 - Don't scroll up when deleting an entry [#6833]
 - Set the MIME-Type to text/plain when using wl-copy on wayland [#6832]
 - Fix adaptive icon painting [#5989][#6033]
 - Fix favicon download from URL with non-standard port [#5509]
 - Ignore recycle bin on KeePassHTTP migration [#5481]
 - Fix keepassxc-cr-recovery utility [#7521]
 - Fix Auto-Type not working when audio recording indicator is active on macOS 12.2+ [#7526]
 ## 2.6.6 (2021-06-12)
 ### Fixed
 - Fix focusing search when pressing hotkey [#6603]
 - Trim whitespace from TOTP key input prior to processing [#6604]
 - Fix building on macOS [#6598]
 - Resolve compiler warnings for unused return values [#6607]
 ## 2.6.5 (2021-06-08)
 ### Added
 - Show search bar when toolbar is hidden or in overflow [#6279]
 - Show countdown for clipboard clearing in status bar [#6333]
 - Command line option to lock all open databases [#6511]
 - Allow CSV import of bare TOTP secrets [#6211]
 - Retain file creation time when saving database [#6576]
 - Set permissions of saved attachments to be private to the current user [#6363]
 - OPVault: Use Text instead of Name for attribute names [#6334]
 ### Changed
 - Reports: Allow resizing of reports columns [#6435]
 - Reports: Toggle showing expired entries [#6534]
 - Save Always on Top setting [#6236]
 - Password generator can exclude additional lookalike characters (6/G, 8/B) [#6196]
 ### Fixed
 - Allow setting MSI properties in unattended install [#6196]
 - Update MainWindow minimum size to enable smaller verticle space [#6196]
 - Use application font size when setting default or monospace fonts [#6332]
 - Fix notes not clearing in entry preview panel in some cases [#6481]
 - macOS: Correct window activation when restoring from tray [#6575]
 - macOS: Better handling of minimize after unlock when using browser integration [#6338]
 - Linux: Start after the system tray is available on LXQt [#6216]
 - Linux: Allow selection of modal dialogs on X11 in Auto-Type [#6204]
 - KeeShare: prevent crash when file extension is missing [#6174]
 ## 2.6.4 (2021-01-31)
 ### Added
@@ -223,7 +434,7 @@
 - Return keyboard focus after saving database edits [#4287]
 - Windows: Use bare minimum settings in portable version [#4131]
 - Windows: Use SHA256 code signing [#4129]
- macOS: Fix code signing incompatibility in latest macOS release [#4564] 
+- macOS: Fix code signing incompatibility in latest macOS release [#4564]
 ## 2.5.3 (2020-01-19)
@@ -355,8 +566,8 @@
 - Redesign database unlock dialog [ #3287]
 - Rework the entry preview panel [ #3306]
 - Move notes to General tab on Group Preview Panel [#3336]
- Enable entry actions when editing an entry and cleanup entry context menu  [#3641]
+- Enable entry actions when editing an entry and cleanup entry context menu [#3641]
- Improve detection of external database changes  [#2389]
+- Improve detection of external database changes [#2389]
 - Warn if user is trying to use a KDBX file as a key file [#3625]
 - Add option to disable KeePassHTTP settings migrations prompt [#3349, #3344]
 - Re-enabled Wayland support (no Auto-Type yet) [#3520, #3341]
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -17,6 +17,7 @@
 cmake_minimum_required(VERSION 3.3.0)
 project(KeePassXC)
 set(APP_ID "org.keepassxc.${PROJECT_NAME}")
 if(NOT CMAKE_BUILD_TYPE)
    set(CMAKE_BUILD_TYPE "RelWithDebInfo" CACHE STRING
@@ -24,12 +25,16 @@ if(NOT CMAKE_BUILD_TYPE)
            FORCE)
 endif()
 string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER)
 if(CMAKE_BUILD_TYPE_LOWER STREQUAL "debug" OR CMAKE_BUILD_TYPE_LOWER STREQUAL "relwithdebinfo")
    set(IS_DEBUG_BUILD TRUE)
 endif()
 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_SOURCE_DIR}/cmake)
 # Support Visual Studio Code
 include(CMakeToolsHelpers OPTIONAL)
 include(FeatureSummary)
 include(KPXCMacDeployHelpers)
 include(CheckCCompilerFlag)
 include(CheckCXXCompilerFlag)
@@ -50,16 +55,34 @@ option(WITH_XC_NETWORKING "Include networking code (e.g. for downloading website
 option(WITH_XC_BROWSER "Include browser integration with keepassxc-browser." OFF)
 option(WITH_XC_YUBIKEY "Include YubiKey support." OFF)
 option(WITH_XC_SSHAGENT "Include SSH agent support." OFF)
-option(WITH_XC_KEESHARE "Sharing integration with KeeShare (requires quazip5 for secure containers)" OFF)
+option(WITH_XC_KEESHARE "Sharing integration with KeeShare" OFF)
 option(WITH_XC_UPDATECHECK "Include automatic update checks; disable for controlled distributions" ON)
 if(UNIX AND NOT APPLE)
    option(WITH_XC_FDOSECRETS "Implement freedesktop.org Secret Storage Spec server side API." OFF)
 endif()
 if(APPLE)
    option(WITH_XC_TOUCHID "Include TouchID support for macOS." OFF)
 endif()
 option(WITH_XC_DOCS "Enable building of documentation" ON)
 set(WITH_XC_X11 ON CACHE BOOL "Enable building with X11 deps")
 if(APPLE)
    # Perform the platform checks before applying the stricter compiler flags.
    # Otherwise the kSecAccessControlTouchIDCurrentSet deprecation warning will result in an error.
    try_compile(XC_APPLE_COMPILER_SUPPORT_BIOMETRY
       ${CMAKE_CURRENT_BINARY_DIR}/tiometry_test/
       ${CMAKE_CURRENT_SOURCE_DIR}/cmake/compiler-checks/macos/control_biometry_support.mm)
    message(STATUS "Biometry compiler support: ${XC_APPLE_COMPILER_SUPPORT_BIOMETRY}")
    try_compile(XC_APPLE_COMPILER_SUPPORT_TOUCH_ID
       ${CMAKE_CURRENT_BINARY_DIR}/touch_id_test/
       ${CMAKE_CURRENT_SOURCE_DIR}/cmake/compiler-checks/macos/control_touch_id_support.mm)
    message(STATUS "Touch ID compiler support: ${XC_APPLE_COMPILER_SUPPORT_TOUCH_ID}")
    try_compile(XC_APPLE_COMPILER_SUPPORT_WATCH
       ${CMAKE_CURRENT_BINARY_DIR}/tiometry_test/
       ${CMAKE_CURRENT_SOURCE_DIR}/cmake/compiler-checks/macos/control_watch_support.mm)
    message(STATUS "Apple watch compiler support: ${XC_APPLE_COMPILER_SUPPORT_WATCH}")
 endif()
 if(WITH_CCACHE)
    # Use the Compiler Cache (ccache) program
    # (install with: sudo apt get ccache)
@@ -78,9 +101,6 @@ if(WITH_XC_ALL)
    set(WITH_XC_YUBIKEY ON)
    set(WITH_XC_SSHAGENT ON)
    set(WITH_XC_KEESHARE ON)
    if(APPLE)
        set(WITH_XC_TOUCHID ON)
    endif()
    if(UNIX AND NOT APPLE)
        set(WITH_XC_FDOSECRETS ON)
    endif()
@@ -92,9 +112,14 @@ if(NOT WITH_XC_NETWORKING AND WITH_XC_UPDATECHECK)
    set(WITH_XC_UPDATECHECK OFF)
 endif()
 if(UNIX AND NOT APPLE AND NOT WITH_XC_X11)
    message(STATUS "Disabling WITH_XC_AUTOTYPE because WITH_XC_X11 is disabled")
    set(WITH_XC_AUTOTYPE OFF)
 endif()
 set(KEEPASSXC_VERSION_MAJOR "2")
 set(KEEPASSXC_VERSION_MINOR "7")
-set(KEEPASSXC_VERSION_PATCH "0")
+set(KEEPASSXC_VERSION_PATCH "2")
 set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION_MAJOR}.${KEEPASSXC_VERSION_MINOR}.${KEEPASSXC_VERSION_PATCH}")
 set(OVERRIDE_VERSION "" CACHE STRING "Override the KeePassXC Version for Snapshot builds")
@@ -120,7 +145,8 @@ execute_process(COMMAND git tag --points-at HEAD
        WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
        OUTPUT_VARIABLE GIT_TAG
        ERROR_QUIET)
-if(GIT_TAG)
+string(REGEX REPLACE "latest" "" GIT_TAG "${GIT_TAG}")
 if(GIT_TAG MATCHES "[0-9]+\.[0-9]+\.[0-9]+")
    string(STRIP "${GIT_TAG}" GIT_TAG)
    set(OVERRIDE_VERSION ${GIT_TAG})
 elseif(EXISTS ${CMAKE_SOURCE_DIR}/.version)
@@ -129,14 +155,14 @@ endif()
 string(REGEX REPLACE "(\r?\n)+" "" OVERRIDE_VERSION "${OVERRIDE_VERSION}")
 if(OVERRIDE_VERSION)
-    if(OVERRIDE_VERSION MATCHES "^[\\.0-9]+-(alpha|beta)[0-9]+$")
+    if(OVERRIDE_VERSION MATCHES "^[\\.0-9]+-beta[0-9]*")
-        set(KEEPASSXC_BUILD_TYPE PreRelease)
+        set(KEEPASSXC_BUILD_TYPE "PreRelease")
        set(KEEPASSXC_VERSION ${OVERRIDE_VERSION})
    elseif(OVERRIDE_VERSION MATCHES "^[\\.0-9]+$")
-        set(KEEPASSXC_BUILD_TYPE Release)
+        set(KEEPASSXC_BUILD_TYPE "Release")
        set(KEEPASSXC_VERSION ${OVERRIDE_VERSION})
    else()
-        set(KEEPASSXC_BUILD_TYPE Snapshot)
+        set(KEEPASSXC_BUILD_TYPE "Snapshot")
        set(KEEPASSXC_VERSION ${OVERRIDE_VERSION})
    endif()
 else()
@@ -160,15 +186,26 @@ message(STATUS "Setting up build for KeePassXC v${KEEPASSXC_VERSION}\n")
 # Distribution info
 set(KEEPASSXC_DIST ON)
 set(KEEPASSXC_DIST_TYPE "Other" CACHE STRING "KeePassXC Distribution Type")
-set_property(CACHE KEEPASSXC_DIST_TYPE PROPERTY STRINGS Snap AppImage Other)
+set_property(CACHE KEEPASSXC_DIST_TYPE PROPERTY STRINGS Snap AppImage Flatpak Other)
 if(KEEPASSXC_DIST_TYPE STREQUAL "Snap")
    set(KEEPASSXC_DIST_SNAP ON)
 elseif(KEEPASSXC_DIST_TYPE STREQUAL "AppImage")
    set(KEEPASSXC_DIST_APPIMAGE ON)
 elseif(KEEPASSXC_DIST_TYPE STREQUAL "Flatpak")
    set(KEEPASSXC_DIST_FLATPAK ON)
 elseif(KEEPASSXC_DIST_TYPE STREQUAL "Other")
    unset(KEEPASSXC_DIST)
 endif()
 if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.14.0")
    cmake_policy(SET CMP0083 NEW)
    include(CheckPIESupported)
    check_pie_supported()
 endif()
 # Create position independent code for shared libraries and executables
 set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 if("${CMAKE_SIZEOF_VOID_P}" EQUAL "4")
    set(IS_32BIT TRUE)
 endif()
@@ -238,13 +275,20 @@ macro(check_add_gcc_compiler_flag FLAG)
 endmacro(check_add_gcc_compiler_flag)
 add_definitions(-DQT_NO_EXCEPTIONS -DQT_STRICT_ITERATORS -DQT_NO_CAST_TO_ASCII)
 if(NOT IS_DEBUG_BUILD)
    add_definitions(-DQT_NO_DEBUG_OUTPUT)
 endif()
 if(WITH_APP_BUNDLE)
    add_definitions(-DWITH_APP_BUNDLE)
 endif()
 add_gcc_compiler_flags("-fno-common")
-check_add_gcc_compiler_flag("-fopenmp")
+find_package(OpenMP)
 if(OpenMP_FOUND)
    add_gcc_compiler_cflags(${OpenMP_C_FLAGS})
    add_gcc_compiler_cxxflags(${OpenMP_CXX_FLAGS})
 endif()
 add_gcc_compiler_flags("-Wall -Wextra -Wundef -Wpointer-arith -Wno-long-long")
 add_gcc_compiler_flags("-Wformat=2 -Wmissing-format-attribute")
 add_gcc_compiler_flags("-fvisibility=hidden")
@@ -257,11 +301,11 @@ if(CMAKE_BUILD_TYPE_LOWER STREQUAL "debug")
 endif()
 if (NOT HAIKU)
-if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.8.999) OR CMAKE_COMPILER_IS_CLANGXX)
+    if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.8.999) OR CMAKE_COMPILER_IS_CLANGXX)
-    add_gcc_compiler_flags("-fstack-protector-strong")
+        add_gcc_compiler_flags("-fstack-protector-strong")
-else()
+    else()
-    add_gcc_compiler_flags("-fstack-protector --param=ssp-buffer-size=4")
+        add_gcc_compiler_flags("-fstack-protector --param=ssp-buffer-size=4")
-endif()
+    endif()
 endif()
 add_gcc_compiler_cxxflags("-Wnon-virtual-dtor -Wold-style-cast -Woverloaded-virtual")
@@ -290,28 +334,30 @@ check_add_gcc_compiler_flag("-Werror=format-security")
 check_add_gcc_compiler_flag("-Werror=implicit-function-declaration" C)
 check_add_gcc_compiler_flag("-Wcast-align")
 if(WITH_COVERAGE AND CMAKE_COMPILER_IS_CLANGXX)
  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fprofile-instr-generate -fcoverage-mapping")
  # then:
  # $ llvm-profdata merge -sparse default.profraw -o default.profdata
  # $ llvm-cov show ./tests/${the_test_binary} \
  #      -format=html -instr-profile=default.profdata -output-dir=./coverages \
  #      `find src -iname '*.h' -or -iname '*.cpp'`
 endif()
 if(UNIX AND NOT APPLE)
    check_add_gcc_compiler_flag("-Qunused-arguments")
-    check_add_gcc_compiler_flag("-fPIC")
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--as-needed -Wl,--no-undefined")
    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--no-add-needed -Wl,--as-needed -Wl,--no-undefined")
    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro,-z,now -pie")
-    set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--no-add-needed -Wl,--as-needed")
+    set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--as-needed")
    set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,-z,relro,-z,now")
 endif()
-add_gcc_compiler_cflags("-std=c99")
+set(CMAKE_C_STANDARD 99)
-add_gcc_compiler_cxxflags("-std=c++11")
+set(CMAKE_CXX_STANDARD 17)
 set(CMAKE_CXX_STANDARD_REQUIRED ON)
-check_add_gcc_compiler_flag("-fsized-deallocation" CXX)
+check_cxx_compiler_flag("-fsized-deallocation" CXX_HAS_fsized_deallocation)
 if(CXX_HAS_fsized_deallocation)
    # Do additional check: the deallocation functions must be there too.
    set(CMAKE_REQUIRED_FLAGS "-fsized-deallocation")
    check_cxx_source_compiles("#include <new>
        int main() { void * ptr = nullptr; std::size_t size = 1; ::operator delete(ptr, size); }"
        HAVE_DEALLOCATION_FUNCTIONS)
    if(HAVE_DEALLOCATION_FUNCTIONS)
        check_add_gcc_compiler_flag("-fsized-deallocation" CXX)
    endif()
    unset(CMAKE_REQUIRED_FLAGS)
 endif()
 if(APPLE AND CMAKE_COMPILER_IS_CLANGXX)
    add_gcc_compiler_cxxflags("-stdlib=libc++")
@@ -324,29 +370,50 @@ else()
    add_gcc_compiler_cxxflags("-Wno-deprecated-declarations")
 endif()
-if(MINGW)
+# MSVC specific options
-    set(CMAKE_RC_COMPILER_INIT windres)
+if (MSVC)
-    enable_language(RC)
+    if(MSVC_TOOLSET_VERSION LESS 141)
-    set(CMAKE_RC_COMPILE_OBJECT "<CMAKE_RC_COMPILER> <FLAGS> -O coff <DEFINES> -i <SOURCE> -o <OBJECT>")
+        message(FATAL_ERROR "Only Microsoft Visual Studio 17 and newer are supported!")
-    if(NOT (CMAKE_BUILD_TYPE_LOWER STREQUAL "debug" OR CMAKE_BUILD_TYPE_LOWER STREQUAL "relwithdebinfo"))
+    endif()
-        # Enable DEP and ASLR
+    add_compile_options(/permissive- /utf-8)
-        set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
+    if(IS_DEBUG_BUILD)
-        set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
+        add_compile_options(/Zf)
-        # Enable high entropy ASLR for 64-bit builds
+        if(MSVC_TOOLSET_VERSION GREATER 141)
-        if(NOT IS_32BIT)
+            add_compile_definitions(/fsanitize=address)
            set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--high-entropy-va")
            set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--high-entropy-va")
        endif()
    endif()
 endif()
-if(APPLE AND WITH_APP_BUNDLE OR MINGW)
+if(WIN32)
    set(CMAKE_RC_COMPILER_INIT windres)
    enable_language(RC)
    if(MINGW)
        set(CMAKE_RC_COMPILE_OBJECT "<CMAKE_RC_COMPILER> <FLAGS> -O coff <DEFINES> -i <SOURCE> -o <OBJECT>")
    endif()
    if(NOT IS_DEBUG_BUILD)
        if(MSVC)
            # By default MSVC enables NXCOMPAT
            add_compile_options(/guard:cf)
            add_link_options(/DYNAMICBASE /HIGHENTROPYVA /GUARD:CF)
        else(MINGW)
            set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
            set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
            # Enable high entropy ASLR for 64-bit builds
            if(NOT IS_32BIT)
                set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--high-entropy-va")
                set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--high-entropy-va")
            endif()
        endif()
    endif()
 endif()
 if(APPLE AND WITH_APP_BUNDLE OR WIN32)
    set(PROGNAME KeePassXC)
 else()
    set(PROGNAME keepassxc)
 endif()
-if(MINGW)
+if(WIN32)
    set(CLI_INSTALL_DIR ".")
    set(PROXY_INSTALL_DIR ".")
    set(BIN_INSTALL_DIR ".")
@@ -377,33 +444,49 @@ endif(WITH_TESTS)
 if(WITH_COVERAGE)
    # Include code coverage, use with -DCMAKE_BUILD_TYPE=Debug
    include(CodeCoverage)
    set(COVERAGE_GCOVR_EXCLUDES
            "\\(.+/\\)?tests/.\\*"
            ".\\*/moc_\\[^/\\]+\\.cpp"
            ".\\*/ui_\\[^/\\]+\\.h"
            "\\(.+/\\)?zxcvbn/.\\*")
    append_coverage_compiler_flags()
-    setup_target_for_coverage_gcovr_html(
+
-            NAME coverage
+    set(COVERAGE_EXCLUDES
-            EXECUTABLE $(MAKE) && $(MAKE) test
+            "'^(.+/)?(thirdparty|zxcvbn)/.*'"
-    )
+            "'^(.+/)?main\\.cpp$$'"
            "'^(.+/)?cli/keepassxc-cli\\.cpp$$'"
            "'^(.+/)?proxy/keepassxc-proxy\\.cpp$$'")
    if(WITH_COVERAGE AND CMAKE_COMPILER_IS_CLANGXX)
        set(MAIN_BINARIES
                "$<TARGET_FILE:${PROGNAME}>"
                "$<TARGET_FILE:keepassxc-cli>"
                "$<TARGET_FILE:keepassxc-proxy>")
        setup_target_for_coverage_llvm(
                NAME coverage
                BINARY ${MAIN_BINARIES}
                SOURCES_ROOT ${CMAKE_SOURCE_DIR}/src
        )
    else()
        setup_target_for_coverage_gcovr(
                NAME coverage
                SOURCES_ROOT ${CMAKE_SOURCE_DIR}/src
        )
    endif()
 endif()
 include(CLangFormat)
 set(QT_COMPONENTS Core Network Concurrent Gui Svg Widgets Test LinguistTools)
 if(UNIX AND NOT APPLE)
-    find_package(Qt5 COMPONENTS ${QT_COMPONENTS} DBus X11Extras REQUIRED)
+    if(WITH_XC_X11)
        list(APPEND QT_COMPONENTS X11Extras)
    endif()
    find_package(Qt5 COMPONENTS ${QT_COMPONENTS} DBus REQUIRED)
 elseif(APPLE)
    find_package(Qt5 COMPONENTS ${QT_COMPONENTS} REQUIRED HINTS
-            /usr/local/opt/qt/lib/cmake
+            /usr/local/opt/qt@5/lib/cmake
-            /usr/local/Cellar/qt/*/lib/cmake
+            /usr/local/Cellar/qt@5/*/lib/cmake
-            /opt/homebrew/opt/qt/lib/cmake
+            /opt/homebrew/opt/qt@5/lib/cmake
            ENV PATH)
    find_package(Qt5 COMPONENTS MacExtras HINTS
-            /usr/local/opt/qt/lib/cmake
+            /usr/local/opt/qt@5/lib/cmake
-            /usr/local/Cellar/qt/*/lib/cmake
+            /usr/local/Cellar/qt@5/*/lib/cmake
-            /opt/homebrew/opt/qt/lib/cmake
+            /opt/homebrew/opt/qt@5/lib/cmake
            ENV PATH)
 else()
    find_package(Qt5 COMPONENTS ${QT_COMPONENTS} REQUIRED)
@@ -414,6 +497,10 @@ if(Qt5Core_VERSION VERSION_LESS "5.2.0")
 endif()
 get_filename_component(Qt5_PREFIX ${Qt5_DIR}/../../.. REALPATH)
 if(APPLE)
    # Add includes under Qt5 Prefix in case Qt6 is also installed
    include_directories(SYSTEM ${Qt5_PREFIX}/include)
 endif()
 # Process moc automatically
 set(CMAKE_AUTOMOC ON)
@@ -424,20 +511,21 @@ set(CMAKE_AUTORCC ON)
 if(APPLE)
    set(CMAKE_MACOSX_RPATH TRUE)
-    find_program(MACDEPLOYQT_EXE macdeployqt HINTS ${Qt5_PREFIX}/bin ENV PATH)
+    find_program(MACDEPLOYQT_EXE macdeployqt HINTS ${Qt5_PREFIX}/bin ${Qt5_PREFIX}/tools/qt5/bin ENV PATH)
    if(NOT MACDEPLOYQT_EXE)
        message(FATAL_ERROR "macdeployqt is required to build on macOS")
    endif()
    message(STATUS "Using macdeployqt: ${MACDEPLOYQT_EXE}")
-elseif(MINGW)
+    set(MACDEPLOYQT_EXTRA_BINARIES "")
-    find_program(WINDEPLOYQT_EXE windeployqt HINTS ${Qt5_PREFIX}/bin ENV PATH)
+elseif(WIN32)
    find_program(WINDEPLOYQT_EXE windeployqt HINTS ${Qt5_PREFIX}/bin ${Qt5_PREFIX}/tools/qt5/bin ENV PATH)
    if(NOT WINDEPLOYQT_EXE)
        message(FATAL_ERROR "windeployqt is required to build on Windows")
    endif()
    message(STATUS "Using windeployqt: ${WINDEPLOYQT_EXE}")
 endif()
-# Debian sets the the build type to None for package builds.
+# Debian sets the build type to None for package builds.
 # Make sure we don't enable asserts there.
 set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS_NONE QT_NO_DEBUG)
@@ -447,6 +535,10 @@ if(BOTAN2_VERSION VERSION_LESS "2.11.0")
    message(FATAL_ERROR "Botan2 2.11.0 or higher is required")
 endif()
 include_directories(SYSTEM ${BOTAN2_INCLUDE_DIR})
 # Find Argon2 -- Botan 2.18 and below does not support threaded Argon2
 find_library(ARGON2_LIBRARIES NAMES argon2)
 find_path(ARGON2_INCLUDE_DIR NAMES argon2.h PATH_SUFFIXES local/include)
 include_directories(SYSTEM ${ARGON2_INCLUDE_DIR})
 # Find zlib
 find_package(ZLIB REQUIRED)
@@ -455,14 +547,9 @@ if(ZLIB_VERSION_STRING VERSION_LESS "1.2.0")
 endif()
 include_directories(SYSTEM ${ZLIB_INCLUDE_DIR})
 # QREncode required for TOTP
 find_package(QREncode REQUIRED)
 # Optional
 if(WITH_XC_YUBIKEY)
-    find_package(YubiKey REQUIRED)
+    find_package(PCSC REQUIRED)
-
+    include_directories(SYSTEM ${PCSC_INCLUDE_DIRS})
    include_directories(SYSTEM ${YUBIKEY_INCLUDE_DIRS})
 endif()
 if(UNIX)
@@ -475,7 +562,7 @@ if(UNIX)
            HAVE_MALLOC_H)
    check_cxx_source_compiles("#include <malloc.h>
-    int main() { malloc_usable_size(NULL, 0); return 0; }"
+    int main() { malloc_usable_size(NULL); return 0; }"
            HAVE_MALLOC_USABLE_SIZE)
    check_cxx_source_compiles("#include <sys/resource.h>
--- a/47
+++ b/47
@@ -141,11 +141,24 @@ Files: share/icons/badges/2_Expired.svg
       share/icons/database/C46_Help.svg
       share/icons/database/C53_Apply.svg
       share/icons/database/C61_Services.svg
-Copyright: 2020 KeePassXC Team <team@keepassxc.org>
+Copyright: 2022 KeePassXC Team <team@keepassxc.org>
 License: MIT
-Files: share/icons/application/scalable/actions/chevron-double-down.svg
+Files: share/icons/application/scalable/actions/application-exit.svg
       share/icons/application/scalable/actions/attributes-copy.svg
       share/icons/application/scalable/actions/auto-type.svg
       share/icons/application/scalable/actions/bugreport.svg
       share/icons/application/scalable/actions/chevron-double-down.svg
       share/icons/application/scalable/actions/chevron-double-right.svg
       share/icons/application/scalable/actions/clipboard-text.svg
       share/icons/application/scalable/actions/configure.svg
       share/icons/application/scalable/actions/database-change-key.svg
       share/icons/application/scalable/actions/database-lock.svg
       share/icons/application/scalable/actions/database-lock-all.svg
       share/icons/application/scalable/actions/database-merge.svg
       share/icons/application/scalable/actions/database-search.svg
       share/icons/application/scalable/actions/dialog-close.svg
       share/icons/application/scalable/actions/dialog-ok.svg
       share/icons/application/scalable/actions/document-close.svg
       share/icons/application/scalable/actions/document-edit.svg
       share/icons/application/scalable/actions/document-export.svg
@@ -157,40 +170,60 @@ Files: share/icons/application/scalable/actions/chevron-double-down.svg
       share/icons/application/scalable/actions/document-save.svg
       share/icons/application/scalable/actions/document-save-as.svg
       share/icons/application/scalable/actions/document-save-copy.svg
       share/icons/application/scalable/actions/donate.svg
       share/icons/application/scalable/actions/edit-clear-locationbar-ltr.svg
       share/icons/application/scalable/actions/edit-clear-locationbar-rtl.svg
       share/icons/application/scalable/actions/entry-clone.svg
       share/icons/application/scalable/actions/entry-delete.svg
       share/icons/application/scalable/actions/entry-restore.svg
       share/icons/application/scalable/actions/entry-edit.svg
       share/icons/application/scalable/actions/entry-new.svg
       share/icons/application/scalable/actions/favicon-download.svg
       share/icons/application/scalable/actions/fingerprint.svg
       share/icons/application/scalable/actions/getting-started.svg
       share/icons/application/scalable/actions/group-delete.svg
       share/icons/application/scalable/actions/group-edit.svg
       share/icons/application/scalable/actions/group-clone.svg
       share/icons/application/scalable/actions/group-empty-trash.svg
       share/icons/application/scalable/actions/group-new.svg
       share/icons/application/scalable/actions/hammer-wrench.svg
       share/icons/application/scalable/actions/health.svg
       share/icons/application/scalable/actions/help-about.svg
       share/icons/application/scalable/actions/key-enter.svg
       share/icons/application/scalable/actions/lock-question.svg
       share/icons/application/scalable/actions/keyboard-shortcuts.svg
       share/icons/application/scalable/actions/message-close.svg
       share/icons/application/scalable/actions/move-down.svg
       share/icons/application/scalable/actions/move-up.svg
       share/icons/application/scalable/actions/object-locked.svg
       share/icons/application/scalable/actions/object-unlocked.svg
       share/icons/application/scalable/actions/paperclip.svg
       share/icons/application/scalable/actions/password-copy.svg
       share/icons/application/scalable/actions/password-generate.svg
       share/icons/application/scalable/actions/password-generator.svg
       share/icons/application/scalable/actions/password-show-off.svg
       share/icons/application/scalable/actions/password-show-on.svg
       share/icons/application/scalable/actions/qrcode.svg
       share/icons/application/scalable/actions/refresh.svg
       share/icons/application/scalable/actions/reports.svg
       share/icons/application/scalable/actions/reports-exclude.svg
       share/icons/application/scalable/actions/sort-alphabetical-ascending.svg
       share/icons/application/scalable/actions/sort-alphabetical-descending.svg
       share/icons/application/scalable/actions/statistics.svg
       share/icons/application/scalable/actions/system-help.svg
       share/icons/application/scalable/actions/system-search.svg
       share/icons/application/scalable/actions/system-software-update.svg
       share/icons/application/scalable/actions/tag.svg
       share/icons/application/scalable/actions/tag-multiple.svg
       share/icons/application/scalable/actions/tag-search.svg
       share/icons/application/scalable/actions/totp.svg
       share/icons/application/scalable/actions/totp-copy.svg
       share/icons/application/scalable/actions/totp-copy-password.svg
       share/icons/application/scalable/actions/totp-edit.svg
       share/icons/application/scalable/actions/trash.svg
       share/icons/application/scalable/actions/url-copy.svg
       share/icons/application/scalable/actions/user-guide.svg
       share/icons/application/scalable/actions/username-copy.svg
       share/icons/application/scalable/actions/view-history.svg
       share/icons/application/scalable/actions/web.svg
       share/icons/application/scalable/apps/internet-web-browser.svg
       share/icons/application/scalable/apps/keepassxc.svg
       share/icons/application/scalable/apps/keepassxc-dark.svg
@@ -237,3 +270,9 @@ Files: share/icons/application/scalable/actions/hibp.svg
       share/icons/database/C64_Apple.svg
 Copyright: GPL-2+
 Comment: from the Simple Icons repo (https://github.com/simple-icons/simple-icons/)
 Files: src/thirdparty/ykcore/yk*
       src/thirdparty/ykcore/yubikey.h
 Copyright: 2006-2015, Yubico AB
 License: BSD-2-Clause
 Comment: from the yubikey-personalization repo (https://github.com/Yubico/yubikey-personalization)
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -12,21 +12,21 @@ Build Dependencies
 The following tools must exist within your PATH:
 * make
-* cmake (>= 2.8.12)
+* cmake (>= 3.3.0)
-* g++ (>= 4.7) or clang++ (>= 3.0)
+* g++ (>= 4.7) or clang++ (>= 6.0)
-* asciidoctor (on Linux/MacOS)
+* asciidoctor (>= 2.0)
 The following libraries are required:
-* Qt 5 (>= 5.2): qtbase and qttools5
+* Qt 5 (>= 5.9.5): qtbase5, qtbase5-private, libqt5svg5, qttools5, qt5-image-formats-plugins
-* libgcrypt (>= 1.6)
+* botan (>= 2.12)
 * zlib
 * libmicrohttpd
 * libxi, libxtst, qtx11extras (optional for auto-type on X11)
 * libsodium (>= 1.0.12)
 * libargon2
 * zlib
 * minizip
 * readline (for completion in cli)
 * qtx11extras, libxi, and libxtst (for auto-type on X11)
 * qrencode
-* yubikey ykpers (optional to support YubiKey)
+* libusb-1.0, pcsc-lite (for Yubikey support on Linux)
 Prepare the Building Environment
 ================================
@@ -39,110 +39,119 @@ Build Steps
 ===========
 We recommend using the release tool to perform builds, please read up-to-date instructions [on our wiki](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC#building-using-the-release-tool).
-To compile from source, open a **Terminal (on Linux/MacOS)** or a **MSYS2-MinGW shell (on Windows)**<br/>
+To compile from source, open a **Terminal (Linux/MacOS)**, the **MSVC Tools Command Prompt (Windows)**, or **MSYS2-MinGW shell (Windows)**. For code development on Windows, you can use Visual Studio 2022, Visual Studio Code, or CLion.
 **Note:** on Windows make sure you are using a **MINGW shell** by checking the label before the current path
-First, download the KeePassXC [source tarball](https://keepassxc.org/download#source)
+1. Download the KeePassXC [source tarball](https://keepassxc.org/download#source) or check out the latest version from our [Git repository](https://github.com/keepassxreboot/keepassxc).
 or check out the latest version from our [Git repository](https://github.com/keepassxreboot/keepassxc).
-To clone the project from Git, `cd` to a suitable location and run
+   To clone the project from Git, `cd` to a suitable location and run
-```bash
+   ```
-git clone https://github.com/keepassxreboot/keepassxc.git
+   git clone https://github.com/keepassxreboot/keepassxc.git
-```
+   ```
-This will clone the entire contents of the repository and check out the current `develop` branch.
+   This will clone the entire contents of the repository and check out the current `develop` branch.
-To update the project from within the project's folder, you can run the following command:
+   To update the project from within the project's folder, you can run the following command:
-```bash
+   ```
-git pull
+   git pull
-```
+   ```
-For a stable build, it is recommended to checkout the master branch.
+   For a stable build, it is recommended to check out the `latest` branch.
-```bash
+   ```
-git checkout master
+   git checkout latest
-```
+   ```
-Navigate to the directory where you have downloaded KeePassXC and type these commands:
+2. Navigate to the directory where you have downloaded KeePassXC and type these commands:
   ```
   mkdir build
   cd build
   cmake -DWITH_XC_ALL=ON ..
   make
   ```
 Note: These steps place the compiled KeePassXC binary inside the `./build/src/` directory.
 ## MacOS Build Notes
 If you installed Qt5 via Homebrew, you should be able to compile KeePassXC without any changes. If CMake fails to find your Qt installation, you can specify it manually by adding the following parameter:
 `-DCMAKE_PREFIX_PATH=$(brew --prefix qt5)/lib/cmake`
 (or whatever your Qt installation path is)
 When building with ASAN support on macOS, you need to use `export ASAN_OPTIONS=detect_leaks=0` before running the tests (LSAN is no supported on macOS).
 ## Windows Build Notes
 For detailed build steps see the [Windows Build Instructions](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC#windows).
 If you are using MSVC, you may have to specify your Vcpkg toolchain by adding the following CMake parameter: `-DCMAKE_TOOLCHAIN_FILE=C:\vcpkg\scripts\buildsystems\vcpkg.cmake`
 If you are using MSYS2, you have to add ```-G "MSYS Makefiles"``` at the beginning of the cmake command.
 CMake Configuration Options
 ==========================
 ## Common Parameters
 ```
-mkdir build
+-DCMAKE_INSTALL_PREFIX=$(brew --prefix)
-cd build
+-DCMAKE_VERBOSE_MAKEFILE=ON
-cmake -DWITH_XC_ALL=ON ..
+-DCMAKE_BUILD_TYPE=<RelWithDebInfo/Debug/Release>
-make
+-DWITH_GUI_TESTS=ON
 ```
-If you are on Windows, you may have to add ```-G "MSYS Makefiles"``` to the beginning of the cmake command. See the [Windows Build Instructions](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC#windows) for more information.
+## KeePassXC Parameters
-These steps place the compiled KeePassXC binary inside the `./build/src/` directory.
+KeePassXC comes with a variety of build options that can turn on/off features. Most notably, we allow you to build the application with all TCP/IP networking code disabled. Please note that we still require and link against Qt5's network library in order to use local named pipes on all operating systems. Each of these build options are supplied at the time of calling cmake:
 (Note the cmake notes/options below.)
-**Cmake Notes:**
+```
 -DWITH_XC_AUTOTYPE=[ON|OFF] Enable/Disable Auto-Type (default: ON)
 -DWITH_XC_YUBIKEY=[ON|OFF] Enable/Disable YubiKey HMAC-SHA1 authentication support (default: OFF)
 -DWITH_XC_BROWSER=[ON|OFF] Enable/Disable KeePassXC-Browser extension support (default: OFF)
 -DWITH_XC_NETWORKING=[ON|OFF] Enable/Disable Networking support (e.g., favicon downloading) (default: OFF)
 -DWITH_XC_SSHAGENT=[ON|OFF] Enable/Disable SSHAgent support (default: OFF)
 -DWITH_XC_FDOSECRETS=[ON|OFF] (Linux Only) Enable/Disable Freedesktop.org Secrets Service support (default:OFF)
 -DWITH_XC_KEESHARE=[ON|OFF] Enable/Disable KeeShare group synchronization extension (default: OFF)
 -DWITH_XC_ALL=[ON|OFF] Enable/Disable compiling all plugins above (default: OFF)
-* Common cmake parameters
+-DWITH_XC_UPDATECHECK=[ON|OFF] Enable/Disable automatic updating checking (requires WITH_XC_NETWORKING) (default: ON)
-	```
+-DWITH_TESTS=[ON|OFF] Enable/Disable building of unit tests (default: ON)
-	-DCMAKE_INSTALL_PREFIX=/usr/local
+-DWITH_GUI_TESTS=[ON|OFF] Enable/Disable building of GUI tests (default: OFF)
-	-DCMAKE_VERBOSE_MAKEFILE=ON
+-DWITH_DEV_BUILD=[ON|OFF] Enable/Disable deprecated method warnings (default: OFF)
-	-DCMAKE_BUILD_TYPE=<RelWithDebInfo/Debug/Release>
+-DWITH_ASAN=[ON|OFF] Enable/Disable address sanitizer checks (Linux / macOS only) (default: OFF)
-	-DWITH_GUI_TESTS=ON
+-DWITH_COVERAGE=[ON|OFF] Enable/Disable coverage tests (GCC only) (default: OFF)
-	```
+-DWITH_APP_BUNDLE=[ON|OFF] Enable Application Bundle for macOS (default: ON)
-* cmake accepts the following options:
+-DKEEPASSXC_BUILD_TYPE=[Snapshot|PreRelease|Release] Set the build type to show/hide stability warnings (default: "Snapshot")
-
+-DKEEPASSXC_DIST_TYPE=[Snap|AppImage|Other] Specify the distribution method (default: "Other")
-	```
+-DOVERRIDE_VERSION=[X.X.X] Specify a version number when building. Used with snapshot builds (default: "")
-	  -DWITH_XC_AUTOTYPE=[ON|OFF] Enable/Disable Auto-Type (default: ON)
+-DGIT_HEAD_OVERRIDE=[XXXXXXX] Specify the 7 digit git commit ref for this build. Used with distribution builds (default: "")
-	  -DWITH_XC_YUBIKEY=[ON|OFF] Enable/Disable YubiKey HMAC-SHA1 authentication support (default: OFF)
+```
 	  -DWITH_XC_BROWSER=[ON|OFF] Enable/Disable KeePassXC-Browser extension support (default: OFF)
 	  -DWITH_XC_NETWORKING=[ON|OFF] Enable/Disable Networking support (e.g., favicon downloading) (default: OFF)
 	  -DWITH_XC_SSHAGENT=[ON|OFF] Enable/Disable SSHAgent support (default: OFF)
 	  -DWITH_XC_TOUCHID=[ON|OFF] (macOS Only) Enable/Disable Touch ID unlock (default:OFF)
 	  -DWITH_XC_FDOSECRETS=[ON|OFF] (Linux Only) Enable/Disable Freedesktop.org Secrets Service support (default:OFF)
 	  -DWITH_XC_KEESHARE=[ON|OFF] Enable/Disable KeeShare group synchronization extension (default: OFF)
 	  -DWITH_XC_KEESHARE_SECURE=[ON|OFF] Enable/Disable KeeShare signed containers, requires libquazip5 (default: OFF)
 	  -DWITH_XC_ALL=[ON|OFF] Enable/Disable compiling all plugins above (default: OFF)
 	  -DWITH_XC_UPDATECHECK=[ON|OFF] Enable/Disable automatic updating checking (requires WITH_XC_NETWORKING) (default: ON)
 	  -DWITH_TESTS=[ON|OFF] Enable/Disable building of unit tests (default: ON)
 	  -DWITH_GUI_TESTS=[ON|OFF] Enable/Disable building of GUI tests (default: OFF)
 	  -DWITH_DEV_BUILD=[ON|OFF] Enable/Disable deprecated method warnings (default: OFF)
 	  -DWITH_ASAN=[ON|OFF] Enable/Disable address sanitizer checks (Linux / macOS only) (default: OFF)
 	  -DWITH_COVERAGE=[ON|OFF] Enable/Disable coverage tests (GCC only) (default: OFF)
 	  -DWITH_APP_BUNDLE=[ON|OFF] Enable Application Bundle for macOS (default: ON)
 	  -DKEEPASSXC_BUILD_TYPE=[Snapshot|PreRelease|Release] Set the build type to show/hide stability warnings (default: "Snapshot")
 	  -DKEEPASSXC_DIST_TYPE=[Snap|AppImage|Other] Specify the distribution method (default: "Other")
 	  -DOVERRIDE_VERSION=[X.X.X] Specify a version number when building. Used with snapshot builds (default: "")
 	  -DGIT_HEAD_OVERRIDE=[XXXXXXX] Specify the 7 digit git commit ref for this build. Used with distribution builds (default: "")
 	```
 * If you are on MacOS you must add this parameter to **Cmake**, with the Qt version you have installed<br/> `-DCMAKE_PREFIX_PATH=/usr/local/Cellar/qt5/5.6.2/lib/cmake/`
 :exclamation: When building with ASan support on macOS, you need to use `export ASAN_OPTIONS=detect_leaks=0` before running the tests (no LSan support in macOS).
 Installation
 ============
 After you have successfully built KeePassXC, install the binary by executing the following:
-```bash
+```
 sudo make install
 ```
 You can specify the destination dir with
 ```
 DESTDIR=X
 ```
 Packaging
 =========
-You can create a package to redistribute KeePassXC (zip, deb, rpm, dmg, etc..). Refer to [keepassxc-packaging](https://github.com/keepassxreboot/keepassxc-packaging)
+You can create a package to redistribute KeePassXC (zip, deb, rpm, dmg, etc..). Refer to [keepassxc-packaging](https://github.com/keepassxreboot/keepassxc-packaging) for packaging scripts.
 To package using CMake, run the following command using whichever [generators](https://cmake.org/cmake/help/latest/manual/cpack-generators.7.html) you would like to package with.
 ```
 cpack -G "ZIP;WIX"
 ```
 Testing
 =======
@@ -152,7 +161,7 @@ You can perform tests on the built executables with:
 make test ARGS+="--output-on-failure"
 ```
-If you are not currently running on an X Server or Wayland, run the tests as follows:
+On Linux, if you are not currently running on an X Server or Wayland, run the tests as follows:
 ```
 make test ARGS+="-E test\(cli\|gui\) --output-on-failure"
 xvfb-run -e errors -a --server-args="-screen 0 1024x768x24" make test ARGS+="-R test\(cli\|gui\) --output-on-failure"
--- a/LICENSE.GPL-2
+++ b/LICENSE.GPL-2
@@ -1,12 +1,12 @@
-		    GNU GENERAL PUBLIC LICENSE
+                    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
+                       Version 2, June 1991
 Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.
-			    Preamble
+                            Preamble
  The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
@@ -56,7 +56,7 @@ patent must be licensed for everyone's free use or not licensed at all.
  The precise terms and conditions for copying, distribution and
 modification follow.
-		    GNU GENERAL PUBLIC LICENSE
+                    GNU GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
  0. This License applies to any program or other work which contains
@@ -255,7 +255,7 @@ make exceptions for this.  Our decision will be guided by the two goals
 of preserving the free status of all derivatives of our free software and
 of promoting the sharing and reuse of software generally.
-			    NO WARRANTY
+                            NO WARRANTY
  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
@@ -277,9 +277,9 @@ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
-		     END OF TERMS AND CONDITIONS
+                     END OF TERMS AND CONDITIONS
-	    How to Apply These Terms to Your New Programs
+            How to Apply These Terms to Your New Programs
  If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
--- a/LICENSE.GPL-3
+++ b/LICENSE.GPL-3
@@ -1,12 +1,11 @@
                    GNU GENERAL PUBLIC LICENSE
                       Version 3, 29 June 2007
-		    GNU GENERAL PUBLIC LICENSE
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
 		       Version 3, 29 June 2007
 Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.
-			    Preamble
+                            Preamble
  The GNU General Public License is a free, copyleft license for
 software and other kinds of works.
@@ -69,7 +68,7 @@ patents cannot be used to render the program non-free.
  The precise terms and conditions for copying, distribution and
 modification follow.
-		       TERMS AND CONDITIONS
+                       TERMS AND CONDITIONS
  0. Definitions.
@@ -77,7 +76,7 @@ modification follow.
  "Copyright" also means copyright-like laws that apply to other kinds of
 works, such as semiconductor masks.
- 
+
  "The Program" refers to any copyrightable work licensed under this
 License.  Each licensee is addressed as "you".  "Licensees" and
 "recipients" may be individuals or organizations.
@@ -510,7 +509,7 @@ actual knowledge that, but for the patent license, your conveying the
 covered work in a country, or your recipient's use of the covered work
 in a country, would infringe one or more identifiable patents in that
 country that you have reason to believe are valid.
-  
+
  If, pursuant to or in connection with a single transaction or
 arrangement, you convey, or propagate by procuring conveyance of, a
 covered work, and grant a patent license to some of the parties
@@ -619,9 +618,9 @@ an absolute waiver of all civil liability in connection with the
 Program, unless a warranty or assumption of liability accompanies a
 copy of the Program in return for a fee.
-		     END OF TERMS AND CONDITIONS
+                     END OF TERMS AND CONDITIONS
-	    How to Apply These Terms to Your New Programs
+            How to Apply These Terms to Your New Programs
  If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
@@ -646,7 +645,7 @@ the "copyright" line and a pointer to where the full notice is found.
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 Also add information on how to contact you by electronic and paper mail.
@@ -665,12 +664,11 @@ might be different; for a GUI interface, you would use an "about box".
  You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
 For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
+<https://www.gnu.org/licenses/>.
  The GNU General Public License does not permit incorporating your program
 into proprietary programs.  If your program is a subroutine library, you
 may consider it more useful to permit linking proprietary applications with
 the library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.  But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.
+<https://www.gnu.org/licenses/why-not-lgpl.html>.
--- a/LICENSE.LGPL-2.1
+++ b/LICENSE.LGPL-2.1
@@ -55,7 +55,7 @@ modified by someone else and passed on, the recipients should know
 that what they have is not the original version, so that the original
 author's reputation will not be affected by problems that might be
 introduced by others.
-
+
  Finally, software patents pose a constant threat to the existence of
 any free program.  We wish to make sure that a company cannot
 effectively restrict the users of a free program by obtaining a
@@ -111,7 +111,7 @@ modification follow.  Pay close attention to the difference between a
 "work based on the library" and a "work that uses the library".  The
 former contains code derived from the library, whereas the latter must
 be combined with the library in order to run.
-
+
                  GNU LESSER GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
@@ -158,7 +158,7 @@ Library.
  You may charge a fee for the physical act of transferring a copy,
 and you may at your option offer warranty protection in exchange for a
 fee.
-
+
  2. You may modify your copy or copies of the Library or any portion
 of it, thus forming a work based on the Library, and copy and
 distribute such modifications or work under the terms of Section 1
@@ -216,7 +216,7 @@ instead of to this License.  (If a newer version than version 2 of the
 ordinary GNU General Public License has appeared, then you can specify
 that version instead if you wish.)  Do not make any other change in
 these notices.
-
+
  Once this change is made in a given copy, it is irreversible for
 that copy, so the ordinary GNU General Public License applies to all
 subsequent copies and derivative works made from that copy.
@@ -267,7 +267,7 @@ Library will still fall under Section 6.)
 distribute the object code for the work under the terms of Section 6.
 Any executables containing that work also fall under Section 6,
 whether or not they are linked directly with the Library itself.
-
+
  6. As an exception to the Sections above, you may also combine or
 link a "work that uses the Library" with the Library to produce a
 work containing portions of the Library, and distribute that work
@@ -329,7 +329,7 @@ restrictions of other proprietary libraries that do not normally
 accompany the operating system.  Such a contradiction means you cannot
 use both them and the Library together in an executable that you
 distribute.
-
+
  7. You may place library facilities that are a work based on the
 Library side-by-side in a single library together with other library
 facilities not covered by this License, and distribute such a combined
@@ -370,7 +370,7 @@ subject to these terms and conditions.  You may not impose any further
 restrictions on the recipients' exercise of the rights granted herein.
 You are not responsible for enforcing compliance by third parties with
 this License.
-
+
  11. If, as a consequence of a court judgment or allegation of patent
 infringement or for any other reason (not limited to patent issues),
 conditions are imposed on you (whether by court order, agreement or
@@ -422,7 +422,7 @@ conditions either of that version or of any later version published by
 the Free Software Foundation.  If the Library does not specify a
 license version number, you may choose any version ever published by
 the Free Software Foundation.
-
+
  14. If you wish to incorporate parts of the Library into other free
 programs whose distribution conditions are incompatible with these,
 write to the author to ask for permission.  For software which is
@@ -456,7 +456,7 @@ SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.
                     END OF TERMS AND CONDITIONS
-
+
           How to Apply These Terms to Your New Libraries
  If you develop a new library, and you want it to be of the greatest
--- a/LICENSE.LGPL-3
+++ b/LICENSE.LGPL-3
@@ -1,7 +1,7 @@
                   GNU LESSER GENERAL PUBLIC LICENSE
                       Version 3, 29 June 2007
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.
--- a/README.md
+++ b/README.md
@@ -3,10 +3,10 @@
 [![codecov](https://codecov.io/gh/keepassxreboot/keepassxc/branch/develop/graph/badge.svg)](https://codecov.io/gh/keepassxreboot/keepassxc)
 [![GitHub release](https://img.shields.io/github/release/keepassxreboot/keepassxc)](https://github.com/keepassxreboot/keepassxc/releases/)
-[![Matrix community channel](https://img.shields.io/matrix/keepassxc:matrix.org?label=Community%20channel&style=for-the-badge)](https://matrix.to/#/!zUxwGnFkUyycpxeHeM:matrix.org?via=matrix.org)
+[![Matrix community channel](https://img.shields.io/matrix/keepassxc:matrix.org?label=Community%20channel)](https://app.element.io/#/room/#keepassxc:mozilla.org)
-[![Matrix development channel](https://img.shields.io/matrix/keepassxc-dev:matrix.org?label=Development%20channel&style=for-the-badge)](https://matrix.to/#/!RhJPJPGwQIFVQeXqZa:matrix.org?via=matrix.org)
+[![Matrix development channel](https://img.shields.io/matrix/keepassxc-dev:matrix.org?label=Development%20channel)](https://app.element.io/#/room/#keepassxc-dev:mozilla.org)
-[KeePassXC](https://keepassxc.org) is a modern, secure, and open-source password manager that stores and manages your most sensitive information. You can run KeePassXC on Windows, macOS, and Linux systems. KeePassXC is for people with extremely high demands of secure personal data management. It saves many different types of information, such as usernames, passwords, URLs, attachments, and notes in an offline, encrypted file that can be stored in any location, including private and public cloud solutions. For easy identification and management, user-defined titles and icons can be specified for entries. In addition, entries are sorted in customizable groups. An integrated search function allows you to use advanced patterns to easily find any entry in your database. A customizable, fast, and easy-to-use password generator utility allows you to create passwords with any combination of characters or easy to remember passphrases.
+[KeePassXC](https://keepassxc.org) is a modern, secure, and open-source password manager that stores and manages your most sensitive information. You can run KeePassXC on Windows, macOS, and Linux systems. KeePassXC is for people with extremely high demands of secure personal data management. It saves many different types of information, such as usernames, passwords, URLs, attachments, and notes in an offline, encrypted file that can be stored in any location, including private and public cloud solutions. For easy identification and management, user-defined titles and icons can be specified for entries. In addition, entries are sorted into customizable groups. An integrated search function allows you to use advanced patterns to easily find any entry in your database. A customizable, fast, and easy-to-use password generator utility allows you to create passwords with any combination of characters or easy to remember passphrases.
 ## Quick Start
 The [QuickStart Guide](https://keepassxc.org/docs/KeePassXC_GettingStarted.html) gets you started using KeePassXC on your Windows, macOS, or Linux computer using pre-compiled binaries from the [downloads page](https://keepassxc.org/download). Additionally, individual Linux distributions may ship their own versions, so please check your distribution's package list to see if KeePassXC is available. Detailed documentation is available in the [User Guide](https://keepassxc.org/docs/KeePassXC_UserGuide.html).
@@ -15,7 +15,7 @@ The [QuickStart Guide](https://keepassxc.org/docs/KeePassXC_GettingStarted.html)
 KeePassXC has numerous features for novice and power users alike. Our goal is to create an application that can be used by anyone while still offering advanced features to those that need them.
 ### Basic
-* Create, open, and save databases in the KDBX format (KeePass compatible to KDBX4 and KDBX3)
+* Create, open, and save databases in the KDBX format (KeePass-compatible with KDBX4 and KDBX3)
 * Store sensitive information in entries that are organized by groups
 * Search for entries
 * Password generator
@@ -35,7 +35,7 @@ KeePassXC has numerous features for novice and power users alike. Our goal is to
 * Command line interface (keepassxc-cli)
 * Auto-Open databases
 * KeeShare shared databases (import, export, and synchronize)
-* SSH Agent
+* SSH Agent integration
 * FreeDesktop.org Secret Service (replace Gnome keyring, etc.)
 * Additional encryption choices: Twofish and ChaCha20
@@ -48,7 +48,7 @@ Detailed instructions are available in the [Build and Install](./INSTALL.md) pag
 ## Contributing
-We are always looking for suggestions on how to improve KeePassXC. If you find any bugs or have an idea for a new feature, please let us know by opening a report in the [issue tracker](https://github.com/keepassxreboot/keepassxc/issues) on GitHub or join us on IRC in [freenode](https://webchat.freenode.net/) channels #keepassxc and #keepassxc-dev.
+We are always looking for suggestions on how to improve KeePassXC. If you find any bugs or have an idea for a new feature, please let us know by opening a report in the [issue tracker](https://github.com/keepassxreboot/keepassxc/issues) on GitHub, or join us on [Matrix community channel](https://matrix.to/#/!zUxwGnFkUyycpxeHeM:matrix.org?via=matrix.org) or [Matrix development channel](https://matrix.to/#/!RhJPJPGwQIFVQeXqZa:matrix.org?via=matrix.org), or on IRC in [Libera.Chat](https://web.libera.chat/) channels #keepassxc and #keepassxc-dev.
 You may directly contribute your own code by submitting a pull request. Please read the [CONTRIBUTING](.github/CONTRIBUTING.md) document for further information.
--- a/cmake/CLangFormat.cmake
+++ b/cmake/CLangFormat.cmake
@@ -15,50 +15,46 @@
 set(EXCLUDED_DIRS
        # third-party directories
-        src/zxcvbn/
+        src/thirdparty
        src/zxcvbn
        # objective-c directories
-        src/touchid/
+        src/touchid
-        src/autotype/mac/
+        src/autotype/mac
-        src/gui/osutils/macutils/)
+        src/gui/osutils/macutils)
 set(EXCLUDED_FILES
        # third-party files
-        streams/qtiocompressor.cpp
+        src/streams/qtiocompressor.\\*
-        streams/qtiocompressor.h
+        src/gui/KMessageWidget.\\*
-        gui/KMessageWidget.h
+        src/gui/MainWindowAdaptor.\\*
-        gui/KMessageWidget.cpp
+        src/gui/tag/TagsEdit.\\*
-        gui/MainWindowAdaptor.h
+        tests/modeltest.\\*
        gui/MainWindowAdaptor.cpp
        crypto/ssh/bcrypt_pbkdf.cpp
        crypto/ssh/blf.h
        crypto/ssh/blowfish.c
        tests/modeltest.cpp
        tests/modeltest.h
        # objective-c files
-        core/ScreenLockListenerMac.h
+        src/core/ScreenLockListenerMac.\\*)
        core/ScreenLockListenerMac.cpp)
-file(GLOB_RECURSE ALL_SOURCE_FILES RELATIVE ${CMAKE_SOURCE_DIR} src/*.cpp src/*.h tests/*.cpp tests/*.h)
+set(FIND_EXCLUDE_DIR_EXPR "")
-foreach(SOURCE_FILE ${ALL_SOURCE_FILES})
+foreach(EXCLUDE ${EXCLUDED_DIRS})
-    foreach(EXCLUDED_DIR ${EXCLUDED_DIRS})
+    list(APPEND FIND_EXCLUDE_DIR_EXPR -o -path "${EXCLUDE}" -prune)
        string(FIND ${SOURCE_FILE} ${EXCLUDED_DIR} SOURCE_FILE_EXCLUDED)
        if(NOT ${SOURCE_FILE_EXCLUDED} EQUAL -1)
            list(REMOVE_ITEM ALL_SOURCE_FILES ${SOURCE_FILE})
        endif()
    endforeach()
    foreach(EXCLUDED_FILE ${EXCLUDED_FILES})
        if(${SOURCE_FILE} MATCHES ".*${EXCLUDED_FILE}$")
            list(REMOVE_ITEM ALL_SOURCE_FILES ${SOURCE_FILE})
        endif()
    endforeach()
 endforeach()
 set(FIND_EXCLUDE_FILE_EXPR "")
 foreach(EXCLUDE ${EXCLUDED_FILES})
    if(FIND_EXCLUDE_FILE_EXPR)
        list(APPEND FIND_EXCLUDE_FILE_EXPR -o)
    endif()
    list(APPEND FIND_EXCLUDE_FILE_EXPR -path "${EXCLUDE}")
 endforeach()
 if(FIND_EXCLUDE_FILE_EXPR)
    set(FIND_EXCLUDE_FILE_EXPR -a -not "\\(" ${FIND_EXCLUDE_FILE_EXPR} "\\)")
 endif()
 add_custom_target(format)
-foreach(SOURCE_FILE ${ALL_SOURCE_FILES})
+
-    add_custom_command(
+add_custom_command(
-            TARGET format
+        TARGET format
-            PRE_BUILD
+        PRE_BUILD
-            COMMAND echo Formatting ${SOURCE_FILE}
+        COMMAND find src tests "\\(" -name "\\*.h" -o -name "\\*.cpp" ${FIND_EXCLUDE_DIR_EXPR} "\\)"
-            COMMAND clang-format -style=file -i \"${SOURCE_FILE}\"
+            ${FIND_EXCLUDE_FILE_EXPR} -type f -print0 | xargs -0 -P0 -n10 clang-format -style=file -i
-            WORKING_DIRECTORY ${CMAKE_SOURCE_DIR})
+
-endforeach()
+        COMMENT "Formatting source files..."
        WORKING_DIRECTORY ${CMAKE_SOURCE_DIR})
--- a/cmake/CodeCoverage.cmake
+++ b/cmake/CodeCoverage.cmake
@@ -1,4 +1,5 @@
 # Copyright (c) 2012 - 2017, Lars Bilke
 # Copyright (c) 2021 KeePassXC Team
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without modification,
@@ -25,279 +26,218 @@
 # ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 # CHANGES:
 #
 # 2012-01-31, Lars Bilke
 # - Enable Code Coverage
 #
 # 2013-09-17, Joakim Söderberg
 # - Added support for Clang.
 # - Some additional usage instructions.
 #
 # 2016-02-03, Lars Bilke
 # - Refactored functions to use named parameters
 #
 # 2017-06-02, Lars Bilke
 # - Merged with modified version from github.com/ufz/ogs
 #
 #
 # USAGE:
 #
 # 1. Copy this file into your cmake modules path.
 #
 # 2. Add the following line to your CMakeLists.txt:
 #      include(CodeCoverage)
 #
 # 3. Append necessary compiler flags:
 #      APPEND_COVERAGE_COMPILER_FLAGS()
 #
 # 4. If you need to exclude additional directories from the report, specify them
 #    using the COVERAGE_LCOV_EXCLUDES variable before calling SETUP_TARGET_FOR_COVERAGE_LCOV.
 #    Example:
 #      set(COVERAGE_LCOV_EXCLUDES 'dir1/*' 'dir2/*')
 #
 # 5. Use the functions described below to create a custom make target which
 #    runs your test executable and produces a code coverage report.
 #
 # 6. Build a Debug build:
 #      cmake -DCMAKE_BUILD_TYPE=Debug ..
 #      make
 #      make my_coverage_target
 #
 include(CMakeParseArguments)
 # Check prereqs
-find_program( GCOV_PATH gcov )
+find_program(GCOV_PATH gcov)
-find_program( LCOV_PATH  NAMES lcov lcov.bat lcov.exe lcov.perl)
+find_program(LLVM_COV_PATH llvm-cov)
-find_program( GENHTML_PATH NAMES genhtml genhtml.perl genhtml.bat )
+find_program(LLVM_PROFDATA_PATH llvm-profdata)
-find_program( GCOVR_PATH gcovr PATHS ${CMAKE_SOURCE_DIR}/scripts/test)
+find_program(XCRUN_PATH xcrun)
-find_program( SIMPLE_PYTHON_EXECUTABLE python )
+find_program(GENHTML_PATH NAMES genhtml genhtml.perl genhtml.bat)
 find_program(GCOVR_PATH gcovr PATHS ${CMAKE_SOURCE_DIR}/scripts/test)
-if(NOT GCOV_PATH)
+set(COVERAGE_COMPILER_FLAGS "-g -O0" CACHE INTERNAL "")
-    message(FATAL_ERROR "gcov not found! Aborting...")
+if(CMAKE_COMPILER_IS_GNUCXX)
-endif() # NOT GCOV_PATH
+    set(COVERAGE_COMPILER_FLAGS "${COVERAGE_COMPILER_FLAGS} --coverage -fprofile-arcs -ftest-coverage")
-
+elseif(CMAKE_COMPILER_IS_CLANGXX)
-if("${CMAKE_CXX_COMPILER_ID}" MATCHES "(Apple)?[Cc]lang")
+    set(COVERAGE_COMPILER_FLAGS "${COVERAGE_COMPILER_FLAGS} -fprofile-instr-generate -fcoverage-mapping")
    if("${CMAKE_CXX_COMPILER_VERSION}" VERSION_LESS 3)
        message(FATAL_ERROR "Clang version must be 3.0.0 or greater! Aborting...")
    endif()
 elseif(NOT CMAKE_COMPILER_IS_GNUCXX)
    message(FATAL_ERROR "Compiler is not GNU gcc! Aborting...")
 endif()
-set(COVERAGE_COMPILER_FLAGS "-g -O0 --coverage -fprofile-arcs -ftest-coverage"
+set(CMAKE_COVERAGE_FORMAT
-    CACHE INTERNAL "")
+    "html" "xml"
    CACHE STRING "Coverage report output format.")
 set_property(CACHE CMAKE_COVERAGE_FORMAT PROPERTY STRINGS "html" "txt")
 set(CMAKE_CXX_FLAGS_COVERAGE
    ${COVERAGE_COMPILER_FLAGS}
-    CACHE STRING "Flags used by the C++ compiler during coverage builds."
+    CACHE STRING "Flags used by the C++ compiler during coverage builds.")
    FORCE )
 set(CMAKE_C_FLAGS_COVERAGE
    ${COVERAGE_COMPILER_FLAGS}
-    CACHE STRING "Flags used by the C compiler during coverage builds."
+    CACHE STRING "Flags used by the C compiler during coverage builds.")
    FORCE )
 set(CMAKE_EXE_LINKER_FLAGS_COVERAGE
    ""
-    CACHE STRING "Flags used for linking binaries during coverage builds."
+    CACHE STRING "Flags used for linking binaries during coverage builds.")
    FORCE )
 set(CMAKE_SHARED_LINKER_FLAGS_COVERAGE
    ""
-    CACHE STRING "Flags used by the shared libraries linker during coverage builds."
+    CACHE STRING "Flags used by the shared libraries linker during coverage builds.")
    FORCE )
 mark_as_advanced(
    CMAKE_COVERAGE_FORMAT
    CMAKE_CXX_FLAGS_COVERAGE
    CMAKE_C_FLAGS_COVERAGE
    CMAKE_EXE_LINKER_FLAGS_COVERAGE
-    CMAKE_SHARED_LINKER_FLAGS_COVERAGE )
+    CMAKE_SHARED_LINKER_FLAGS_COVERAGE)
 if(NOT CMAKE_BUILD_TYPE_LOWER STREQUAL "debug")
    message(WARNING "Code coverage results with an optimised (non-Debug) build may be misleading")
 endif() # NOT CMAKE_BUILD_TYPE STREQUAL "Debug"
-if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
+if(CMAKE_COMPILER_IS_GNUCXX)
    if(NOT GCOV_PATH)
        message(FATAL_ERROR "gcov not found! Aborting...")
    endif() # NOT GCOV_PATH
    link_libraries(gcov)
 else()
    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} --coverage")
 endif()
 # Defines a target for running and collection code coverage information
 # Builds dependencies, runs the given executable and outputs reports.
 # NOTE! The executable should always have a ZERO as exit code otherwise
 # the coverage generation will not complete.
 #
 # SETUP_TARGET_FOR_COVERAGE_LCOV(
 #     NAME testrunner_coverage                    # New target name
 #     EXECUTABLE testrunner -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
 #     DEPENDENCIES testrunner                     # Dependencies to build first
 # )
 function(SETUP_TARGET_FOR_COVERAGE_LCOV)
    set(options NONE)
    set(oneValueArgs NAME)
    set(multiValueArgs EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES)
    cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
    if(NOT LCOV_PATH)
        message(FATAL_ERROR "lcov not found! Aborting...")
    endif() # NOT LCOV_PATH
    if(NOT GENHTML_PATH)
        message(FATAL_ERROR "genhtml not found! Aborting...")
    endif() # NOT GENHTML_PATH
    # Setup target
    add_custom_target(${Coverage_NAME}
        # Cleanup lcov
        COMMAND ${LCOV_PATH} --gcov-tool ${GCOV_PATH} -directory . --zerocounters
        # Create baseline to make sure untouched files show up in the report
        COMMAND ${LCOV_PATH} --gcov-tool ${GCOV_PATH} -c -i -d . -o ${Coverage_NAME}.base
        # Run tests
        COMMAND ${Coverage_EXECUTABLE}
        # Capturing lcov counters and generating report
        COMMAND ${LCOV_PATH} --gcov-tool ${GCOV_PATH} --directory . --capture --output-file ${Coverage_NAME}.info
        # add baseline counters
        COMMAND ${LCOV_PATH} --gcov-tool ${GCOV_PATH} -a ${Coverage_NAME}.base -a ${Coverage_NAME}.info --output-file ${Coverage_NAME}.total
        COMMAND ${LCOV_PATH} --gcov-tool ${GCOV_PATH} --remove ${Coverage_NAME}.total ${COVERAGE_LCOV_EXCLUDES} --output-file ${PROJECT_BINARY_DIR}/${Coverage_NAME}.info.cleaned
        COMMAND ${GENHTML_PATH} -o ${Coverage_NAME} ${PROJECT_BINARY_DIR}/${Coverage_NAME}.info.cleaned
        COMMAND ${CMAKE_COMMAND} -E remove ${Coverage_NAME}.base ${Coverage_NAME}.total ${PROJECT_BINARY_DIR}/${Coverage_NAME}.info.cleaned
        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
        DEPENDS ${Coverage_DEPENDENCIES}
        COMMENT "Resetting code coverage counters to zero.\nProcessing code coverage counters and generating report."
    )
    # Show where to find the lcov info report
    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
        COMMAND ;
        COMMENT "Lcov code coverage info report saved in ${Coverage_NAME}.info."
    )
    # Show info where to find the report
    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
        COMMAND ;
        COMMENT "Open ./${Coverage_NAME}/index.html in your browser to view the coverage report."
    )
 endfunction() # SETUP_TARGET_FOR_COVERAGE_LCOV
 # Defines a target for running and collection code coverage information
 # Builds dependencies, runs the given executable and outputs reports.
 # NOTE! The executable should always have a ZERO as exit code otherwise
 # the coverage generation will not complete.
 #
-# SETUP_TARGET_FOR_COVERAGE_GCOVR_XML(
+# SETUP_TARGET_FOR_COVERAGE_GCOVR(
 #     NAME ctest_coverage                    # New target name
 #     EXECUTABLE ctest -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
 #     DEPENDENCIES executable_target         # Dependencies to build first
 # )
-function(SETUP_TARGET_FOR_COVERAGE_GCOVR_XML)
+function(SETUP_TARGET_FOR_COVERAGE_GCOVR)
    set(options NONE)
-    set(oneValueArgs NAME)
+    set(oneValueArgs NAME SOURCES_ROOT)
    set(multiValueArgs EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES)
    cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
    if(NOT SIMPLE_PYTHON_EXECUTABLE)
        message(FATAL_ERROR "python not found! Aborting...")
    endif() # NOT SIMPLE_PYTHON_EXECUTABLE
    if(NOT GCOVR_PATH)
        message(FATAL_ERROR "gcovr not found! Aborting...")
    endif() # NOT GCOVR_PATH
    # Combine excludes to several -e arguments
    set(GCOVR_EXCLUDES "")
-    foreach(EXCLUDE ${COVERAGE_GCOVR_EXCLUDES})
+    foreach(EXCLUDE ${COVERAGE_EXCLUDES})
        list(APPEND GCOVR_EXCLUDES "-e")
        list(APPEND GCOVR_EXCLUDES "${EXCLUDE}")
    endforeach()
    add_custom_target(${Coverage_NAME}
        # Run tests
-        ${Coverage_EXECUTABLE}
+        COMMAND ctest -C $<CONFIG> $ENV{ARGS} $$ARGS
        # Running gcovr
        COMMAND ${GCOVR_PATH} --xml
            -r ${PROJECT_SOURCE_DIR} ${GCOVR_EXCLUDES}
            --object-directory=${PROJECT_BINARY_DIR}
            -o ${Coverage_NAME}.xml
        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
        DEPENDS ${Coverage_DEPENDENCIES}
        COMMENT "Running gcovr to produce Cobertura code coverage report."
    )
-    # Show info where to find the report
+    if("html" IN_LIST CMAKE_COVERAGE_FORMAT)
-    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+        add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
-        COMMAND ;
+            # Create folder
-        COMMENT "Cobertura code coverage report saved in ${Coverage_NAME}.xml."
+            COMMAND ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/${Coverage_NAME}-html
    )
-endfunction() # SETUP_TARGET_FOR_COVERAGE_GCOVR_XML
+            # Running gcovr HTML
            COMMAND ${GCOVR_PATH} --html --html-details
                -r ${Coverage_SOURCES_ROOT} ${GCOVR_EXCLUDES}
                --object-directory=${PROJECT_BINARY_DIR}
                --exclude-unreachable-branches --exclude-throw-branches
                -o ${Coverage_NAME}-html/index.html
            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
            COMMENT "Running gcovr to produce HTML code coverage report ${Coverage_NAME}-html."
        )
    endif()
    if("xml" IN_LIST CMAKE_COVERAGE_FORMAT)
        add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
            # Running gcovr TXT
            COMMAND ${GCOVR_PATH} --xml
                -r ${Coverage_SOURCES_ROOT} ${GCOVR_EXCLUDES}
                --object-directory=${PROJECT_BINARY_DIR}
                --exclude-unreachable-branches --exclude-throw-branches
                -o ${Coverage_NAME}.xml
            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
            COMMENT "Running gcovr to produce XML code coverage report ${Coverage_NAME}.xml."
        )
    endif()
    if("txt" IN_LIST CMAKE_COVERAGE_FORMAT)
        add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
            # Running gcovr TXT
            COMMAND ${GCOVR_PATH}
                -r ${Coverage_SOURCES_ROOT} ${GCOVR_EXCLUDES}
                --object-directory=${PROJECT_BINARY_DIR}
                --exclude-unreachable-branches --exclude-throw-branches
                -o ${Coverage_NAME}.txt
            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
            COMMENT "Running gcovr to produce TXT code coverage report ${Coverage_NAME}.txt."
        )
    endif()
 endfunction() # SETUP_TARGET_FOR_COVERAGE_GCOVR
 # Defines a target for running and collection code coverage information
 # Builds dependencies, runs the given executable and outputs reports.
 # NOTE! The executable should always have a ZERO as exit code otherwise
 # the coverage generation will not complete.
 #
-# SETUP_TARGET_FOR_COVERAGE_GCOVR_HTML(
+# SETUP_TARGET_FOR_COVERAGE_LLVM(
 #     NAME ctest_coverage                    # New target name
 #     EXECUTABLE ctest -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
 #     DEPENDENCIES executable_target         # Dependencies to build first
 # )
-function(SETUP_TARGET_FOR_COVERAGE_GCOVR_HTML)
+function(SETUP_TARGET_FOR_COVERAGE_LLVM)
    set(options NONE)
-    set(oneValueArgs NAME)
+    set(oneValueArgs NAME SOURCES_ROOT PROF_FILE)
-    set(multiValueArgs EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES)
+    set(multiValueArgs EXECUTABLE BINARY EXECUTABLE_ARGS DEPENDENCIES)
    cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
-    if(NOT SIMPLE_PYTHON_EXECUTABLE)
+    if(XCRUN_PATH)
-        message(FATAL_ERROR "python not found! Aborting...")
+        set(LLVM_COV_PATH ${XCRUN_PATH} llvm-cov)
-    endif() # NOT SIMPLE_PYTHON_EXECUTABLE
+        set(LLVM_PROFDATA_PATH ${XCRUN_PATH} llvm-profdata)
    else()
        if(NOT LLVM_COV_PATH)
            message(FATAL_ERROR "llvm-cov not found! Aborting...")
        endif() # NOT LLVM_COV_PATH
        if(NOT LLVM_PROFDATA_PATH)
            message(FATAL_ERROR "llvm-profdata not found! Aborting...")
        endif() # NOT LLVM_PROFDATA_PATH
    endif() # XCRUN_PATH
-    if(NOT GCOVR_PATH)
+    set(LLVM_PROFILE_DIR ${PROJECT_BINARY_DIR}/llvm_profile)
-        message(FATAL_ERROR "gcovr not found! Aborting...")
+    file(REMOVE_RECURSE ${LLVM_PROFILE_DIR})
    endif() # NOT GCOVR_PATH
-    # Combine excludes to several -e arguments
+    set(COV_EXCLUDES "")
-    set(GCOVR_EXCLUDES "")
+    foreach(EXCLUDE ${COVERAGE_EXCLUDES})
-    foreach(EXCLUDE ${COVERAGE_GCOVR_EXCLUDES})
+        list(APPEND COV_EXCLUDES "-ignore-filename-regex=${EXCLUDE}")
        list(APPEND GCOVR_EXCLUDES "-e")
        list(APPEND GCOVR_EXCLUDES "${EXCLUDE}")
    endforeach()
    list(GET Coverage_BINARY 0 COV_BINARY)
    if(Coverage_BINARY)
        list(REMOVE_AT Coverage_BINARY 0)
        foreach(BIN ${Coverage_BINARY})
            list(APPEND COV_BINARY -object ${BIN})
        endforeach()
    endif()
    add_custom_target(${Coverage_NAME}
-        # Run tests
+        COMMAND ${CMAKE_COMMAND} -E env LLVM_PROFILE_FILE=${LLVM_PROFILE_DIR}/profile-%p.profraw ctest -C $<CONFIG> $$ARGS
        ${Coverage_EXECUTABLE}
-        # Create folder
+        COMMAND ${LLVM_PROFDATA_PATH} merge -sparse ${LLVM_PROFILE_DIR}/* -o coverage.profdata
-        COMMAND ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/${Coverage_NAME}
+            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
            DEPENDS ${Coverage_DEPENDENCIES})
-        # Running gcovr
+    if("html" IN_LIST CMAKE_COVERAGE_FORMAT)
-        COMMAND ${GCOVR_PATH} --html --html-details
+        add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
-            -r ${PROJECT_SOURCE_DIR} ${GCOVR_EXCLUDES}
+            COMMAND ${LLVM_COV_PATH} show -instr-profile=coverage.profdata ${COV_BINARY}
-            --object-directory=${PROJECT_BINARY_DIR}
+                --format=html --output-dir=${Coverage_NAME}-html ${COV_EXCLUDES} ${Coverage_SOURCES_ROOT}
-            -o ${Coverage_NAME}/index.html
+            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
-        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+            COMMENT "Running llvm-cov to produce HTML code coverage report ${Coverage_NAME}-html")
-        DEPENDS ${Coverage_DEPENDENCIES}
+    endif()
        COMMENT "Running gcovr to produce HTML code coverage report."
    )
-    # Show info where to find the report
+    if("xml" IN_LIST CMAKE_COVERAGE_FORMAT)
-    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+        message(WARNING "XML coverage report format not supported for llvm-cov")
-        COMMAND ;
+    endif()
-        COMMENT "Open ./${Coverage_NAME}/index.html in your browser to view the coverage report."
+
-    )
+    if("txt" IN_LIST CMAKE_COVERAGE_FORMAT)
        add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
            COMMAND ${LLVM_COV_PATH} show -instr-profile=coverage.profdata ${COV_BINARY}
                --format=text ${COV_EXCLUDES} ${Coverage_SOURCES_ROOT} > ${Coverage_NAME}.txt
            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
            COMMENT "Running llvm-cov to produce TXT code coverage report ${Coverage_NAME}.txt.")
    endif()
 endfunction() # SETUP_TARGET_FOR_COVERAGE_LLVM
 endfunction() # SETUP_TARGET_FOR_COVERAGE_GCOVR_HTML
 function(APPEND_COVERAGE_COMPILER_FLAGS)
    message(STATUS "Appending code coverage compiler flags: ${COVERAGE_COMPILER_FLAGS}")
    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${COVERAGE_COMPILER_FLAGS}" PARENT_SCOPE)
    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${COVERAGE_COMPILER_FLAGS}" PARENT_SCOPE)
-    message(STATUS "Appending code coverage compiler flags: ${COVERAGE_COMPILER_FLAGS}")
+endfunction() # APPEND_COVERAGE_COMPILER_FLAGS
 endfunction() # APPEND_COVERAGE_COMPILER_FLAGS
--- a/cmake/FindBotan2.cmake
+++ b/cmake/FindBotan2.cmake
@@ -48,32 +48,17 @@
 #   BOTAN2_LIBRARIES      - list of libraries to link
 #   BOTAN2_VERSION        - library version that was found, if any
 # use pkg-config to get the directories and then use these values
 # in the find_path() and find_library() calls
 find_package(PkgConfig QUIET)
 pkg_check_modules(PC_BOTAN2 QUIET botan-2)
 # find the headers
 find_path(BOTAN2_INCLUDE_DIR
  NAMES botan/version.h
  HINTS
    ${PC_BOTAN2_INCLUDEDIR}
    ${PC_BOTAN2_INCLUDE_DIRS}
  PATH_SUFFIXES botan-2
 )
 # find the library
-find_library(BOTAN2_LIBRARY
+find_library(BOTAN2_LIBRARY NAMES botan-2 libbotan-2 botan)
  NAMES botan-2 libbotan-2
  HINTS
    ${PC_BOTAN2_LIBDIR}
    ${PC_BOTAN2_LIBRARY_DIRS}
 )
 # determine the version
-if(PC_BOTAN2_VERSION)
+if(BOTAN2_INCLUDE_DIR AND EXISTS "${BOTAN2_INCLUDE_DIR}/botan/build.h")
    set(BOTAN2_VERSION ${PC_BOTAN2_VERSION})
 elseif(BOTAN2_INCLUDE_DIR AND EXISTS "${BOTAN2_INCLUDE_DIR}/botan/build.h")
    file(STRINGS "${BOTAN2_INCLUDE_DIR}/botan/build.h" botan2_version_str
      REGEX "^#define[\t ]+(BOTAN_VERSION_[A-Z]+)[\t ]+[0-9]+")
@@ -93,23 +78,23 @@ find_package_handle_standard_args(Botan2
  VERSION_VAR BOTAN2_VERSION
 )
-if (BOTAN2_FOUND)
+if(BOTAN2_FOUND)
  set(BOTAN2_INCLUDE_DIRS ${BOTAN2_INCLUDE_DIR} ${PC_BOTAN2_INCLUDE_DIRS})
  set(BOTAN2_LIBRARIES ${BOTAN2_LIBRARY})
 endif()
-if (BOTAN2_FOUND AND NOT TARGET Botan2::Botan2)
+if(BOTAN2_FOUND AND NOT TARGET Botan2::Botan2)
  # create the new library target
  add_library(Botan2::Botan2 UNKNOWN IMPORTED)
  # set the required include dirs for the target
-  if (BOTAN2_INCLUDE_DIRS)
+  if(BOTAN2_INCLUDE_DIRS)
    set_target_properties(Botan2::Botan2
      PROPERTIES
        INTERFACE_INCLUDE_DIRECTORIES "${BOTAN2_INCLUDE_DIRS}"
    )
  endif()
  # set the required libraries for the target
-  if (EXISTS "${BOTAN2_LIBRARY}")
+  if(EXISTS "${BOTAN2_LIBRARY}")
    set_target_properties(Botan2::Botan2
      PROPERTIES
        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
--- a/cmake/FindMinizip.cmake
+++ b/cmake/FindMinizip.cmake
@@ -0,0 +1,9 @@
 # MINIZIP_FOUND                   - Minizip library was found
 # MINIZIP_INCLUDE_DIR             - Path to Minizip include dir
 # MINIZIP_LIBRARIES               - List of Minizip libraries
 find_library(MINIZIP_LIBRARIES NAMES minizip libminizip)
 find_path(MINIZIP_INCLUDE_DIR zip.h PATH_SUFFIXES minizip)
 include(FindPackageHandleStandardArgs)
 find_package_handle_standard_args(Minizip DEFAULT_MSG MINIZIP_LIBRARIES MINIZIP_INCLUDE_DIR)
--- a/cmake/FindPCSC.cmake
+++ b/cmake/FindPCSC.cmake
@@ -0,0 +1,39 @@
 #  Copyright (C) 2021 KeePassXC Team <team@keepassxc.org>
 #
 #  This program is free software: you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
 #  the Free Software Foundation, either version 2 or (at your option)
 #  version 3 of the License.
 #
 #  This program is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 #  GNU General Public License for more details.
 #
 #  You should have received a copy of the GNU General Public License
 #  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 # Use pkgconfig on Linux
 if(NOT WIN32)
   find_package(PkgConfig QUIET)
   pkg_check_modules(PCSC libpcsclite)
 endif()
 if(NOT PCSC_FOUND)
   # Search for PC/SC headers on Mac and Windows
   find_path(PCSC_INCLUDE_DIRS winscard.h
      HINTS
      ${CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES}
      /usr/include/PCSC
      PATH_SUFFIXES PCSC)
   # MAC library is PCSC, Windows library is WinSCard
   find_library(PCSC_LIBRARIES NAMES pcsclite libpcsclite WinSCard PCSC
      HINTS   
      ${CMAKE_C_IMPLICIT_LINK_DIRECTORIES})
 endif()
 include(FindPackageHandleStandardArgs)
 find_package_handle_standard_args(PCSC DEFAULT_MSG PCSC_LIBRARIES PCSC_INCLUDE_DIRS)
 mark_as_advanced(PCSC_LIBRARIES PCSC_INCLUDE_DIRS)
--- a/cmake/FindQREncode.cmake
+++ b/cmake/FindQREncode.cmake
@@ -13,8 +13,15 @@
 #  You should have received a copy of the GNU General Public License
 #  along with this program.  If not, see <http://www.gnu.org/licenses/>.
-find_path(QRENCODE_INCLUDE_DIR qrencode.h)
+find_path(QRENCODE_INCLUDE_DIR NAMES qrencode.h)
-find_library(QRENCODE_LIBRARY qrencode)
+
 if (VCPKG_INSTALLED_DIR)
    find_library(QRENCODE_LIBRARY_RELEASE qrencode)
    find_library(QRENCODE_LIBRARY_DEBUG qrencoded)
    set(QRENCODE_LIBRARY optimized ${QRENCODE_LIBRARY_RELEASE} debug ${QRENCODE_LIBRARY_DEBUG})
 else()
    find_library(QRENCODE_LIBRARY qrencode)
 endif()
 mark_as_advanced(QRENCODE_LIBRARY QRENCODE_INCLUDE_DIR)
--- a/cmake/FindQuaZip.cmake
+++ b/cmake/FindQuaZip.cmake
@@ -1,24 +0,0 @@
 # QUAZIP_FOUND                   - QuaZip library was found
 # QUAZIP_INCLUDE_DIR             - Path to QuaZip include dir
 # QUAZIP_INCLUDE_DIRS            - Path to QuaZip and zlib include dir (combined from QUAZIP_INCLUDE_DIR + ZLIB_INCLUDE_DIR)
 # QUAZIP_LIBRARIES               - List of QuaZip libraries
 # QUAZIP_ZLIB_INCLUDE_DIR        - The include dir of zlib headers
 if(MINGW)
    find_library(QUAZIP_LIBRARIES libquazip5)
    find_path(QUAZIP_INCLUDE_DIR quazip.h PATH_SUFFIXES quazip5)
    find_path(QUAZIP_ZLIB_INCLUDE_DIR zlib.h)
 else()
    find_library(QUAZIP_LIBRARIES
        NAMES quazip5 quazip
 	PATHS /usr/lib /usr/lib64 /usr/local/lib
    )
    find_path(QUAZIP_INCLUDE_DIR quazip.h
 	PATHS /usr/include /usr/local/include
        PATH_SUFFIXES quazip5 quazip
    )
    find_path(QUAZIP_ZLIB_INCLUDE_DIR zlib.h PATHS /usr/include /usr/local/include)
 endif()
 include(FindPackageHandleStandardArgs)
 set(QUAZIP_INCLUDE_DIRS ${QUAZIP_INCLUDE_DIR} ${QUAZIP_ZLIB_INCLUDE_DIR})
 find_package_handle_standard_args(QUAZIP DEFAULT_MSG QUAZIP_LIBRARIES QUAZIP_INCLUDE_DIR QUAZIP_ZLIB_INCLUDE_DIR QUAZIP_INCLUDE_DIRS)
--- a/cmake/FindReadline.cmake
+++ b/cmake/FindReadline.cmake
@@ -47,4 +47,3 @@ mark_as_advanced(
    Readline_INCLUDE_DIR
    Readline_LIBRARY
 )
--- a/cmake/FindYubiKey.cmake
+++ b/cmake/FindYubiKey.cmake
@@ -1,27 +0,0 @@
 #  Copyright (C) 2014 Kyle Manna <kyle@kylemanna.com>
 #
 #  This program is free software: you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
 #  the Free Software Foundation, either version 2 or (at your option)
 #  version 3 of the License.
 #
 #  This program is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 #  GNU General Public License for more details.
 #
 #  You should have received a copy of the GNU General Public License
 #  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 find_path(YUBIKEY_CORE_INCLUDE_DIR yubikey.h)
 find_path(YUBIKEY_PERS_INCLUDE_DIR ykcore.h PATH_SUFFIXES ykpers-1)
 set(YUBIKEY_INCLUDE_DIRS ${YUBIKEY_CORE_INCLUDE_DIR} ${YUBIKEY_PERS_INCLUDE_DIR})
 find_library(YUBIKEY_CORE_LIBRARY NAMES yubikey.dll libyubikey.so yubikey)
 find_library(YUBIKEY_PERS_LIBRARY NAMES ykpers-1.dll libykpers-1.so ykpers-1)
 set(YUBIKEY_LIBRARIES ${YUBIKEY_CORE_LIBRARY} ${YUBIKEY_PERS_LIBRARY})
 include(FindPackageHandleStandardArgs)
 find_package_handle_standard_args(YubiKey DEFAULT_MSG YUBIKEY_LIBRARIES YUBIKEY_INCLUDE_DIRS)
 mark_as_advanced(YUBIKEY_LIBRARIES YUBIKEY_INCLUDE_DIRS)
--- a/cmake/KPXCMacDeployHelpers.cmake
+++ b/cmake/KPXCMacDeployHelpers.cmake
@@ -0,0 +1,61 @@
 # Running macdeployqt on a POST_BUILD copied binaries is pointless when using CPack because
 # the copied binaries will be overriden by the corresponding install(TARGETS) commands.
 # That's why we run macdeployqt using install(CODE) on the already installed binaries.
 # The precondition is that all install(TARGETS) calls have to be called before this function is
 # called.
 # macdeloyqt is called only once, but it is given all executables that should be processed.
 function(kpxc_run_macdeployqt_at_install_time)
    set(NO_VALUE_OPTIONS)
    set(SINGLE_VALUE_OPTIONS
        APP_NAME
    )
    set(MULTI_VALUE_OPTIONS
        EXTRA_BINARIES
    )
    cmake_parse_arguments(PARSE_ARGV 0 ARG
        "${NO_VALUE_OPTIONS}" "${SINGLE_VALUE_OPTIONS}" "${MULTI_VALUE_OPTIONS}"
    )
    set(ESCAPED_PREFIX "\${CMAKE_INSTALL_PREFIX}")
    set(APP_BUNDLE_NAME "${ARG_APP_NAME}.app")
    set(APP_BUNDLE_PATH "${ESCAPED_PREFIX}/${APP_BUNDLE_NAME}")
    # Collect extra binaries and plugins that should be handled by macdpeloyqt.
    set(EXTRA_BINARIES "")
    foreach(EXTRA_BINARY ${ARG_EXTRA_BINARIES})
        set(INSTALLED_BINARY_PATH "${ESCAPED_PREFIX}/${EXTRA_BINARY}")
        list(APPEND EXTRA_BINARIES "-executable=${INSTALLED_BINARY_PATH}")
    endforeach()
    list(JOIN EXTRA_BINARIES " " EXTRA_BINARIES_STR)
    if(CMAKE_VERSION VERSION_GREATER "3.14")
        set(COMMAND_ECHO "COMMAND_ECHO STDOUT")
    else()
        set(COMMAND_ECHO "")
    endif()
    set(COMMAND_ARGS
        ${MACDEPLOYQT_EXE}
        ${APP_BUNDLE_PATH}
        # Adjusts dependency rpaths of extra binaries
        ${EXTRA_BINARIES_STR}
        # Silences warnings on subsequent re-installations
        -always-overwrite
    )
    install(CODE
    "
 execute_process(
    COMMAND ${COMMAND_ARGS}
    ${COMMAND_ECHO}
    RESULT_VARIABLE EXIT_CODE
 )
 if(NOT EXIT_CODE EQUAL 0)
    message(FATAL_ERROR
        \"Running ${COMMAND_ARGS} failed with exit code \${EXIT_CODE}.\")
 endif()
 ")
 endfunction()
--- a/cmake/MakePortableZip.cmake
+++ b/cmake/MakePortableZip.cmake
@@ -0,0 +1,3 @@
 if (CMAKE_INSTALL_PREFIX MATCHES "/ZIP/")
  file(TOUCH "${CMAKE_INSTALL_PREFIX}/.portable")
 endif()
--- a/cmake/compiler-checks/macos/control_biometry_support.mm
+++ b/cmake/compiler-checks/macos/control_biometry_support.mm
@@ -0,0 +1,5 @@
 #include <Security/Security.h>
 int main() {
   return static_cast<int>(kSecAccessControlBiometryCurrentSet);
 }
--- a/cmake/compiler-checks/macos/control_touch_id_support.mm
+++ b/cmake/compiler-checks/macos/control_touch_id_support.mm
@@ -0,0 +1,5 @@
 #include <Security/Security.h>
 int main() {
   return static_cast<int>(kSecAccessControlTouchIDCurrentSet);
 }
--- a/cmake/compiler-checks/macos/control_watch_support.mm
+++ b/cmake/compiler-checks/macos/control_watch_support.mm
@@ -0,0 +1,5 @@
 #include <Security/Security.h>
 int main() {
   return static_cast<int>(kSecAccessControlWatch);
 }
--- a/codecov.yaml
+++ b/codecov.yaml
@@ -0,0 +1,8 @@
 coverage:
  range: 60..80
  round: nearest
  precision: 2
 fixes:
  - "*/src/::"
 comment:
  require_changes: true
--- a/docs/CMakeLists.txt
+++ b/docs/CMakeLists.txt
@@ -24,43 +24,36 @@ set(OUT_DIR ${CMAKE_CURRENT_BINARY_DIR})
 set(REV -a revnumber=${KEEPASSXC_VERSION})
 # Build html documentation on all platforms
-file(GLOB html_depends ${DOC_DIR}/topics/* ${DOC_DIR}/styles/* ${DOC_DIR}/images/*)
+# NOTE: Combine into one long command to prevent MSVC from failing to build all docs
-add_custom_command(OUTPUT KeePassXC_GettingStarted.html
+file(GLOB doc_depends ${DOC_DIR}/*.adoc ${DOC_DIR}/topics/* ${DOC_DIR}/styles/* ${DOC_DIR}/images/*)
-    COMMAND ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -o KeePassXC_GettingStarted.html ${REV} ${DOC_DIR}/GettingStarted.adoc
+add_custom_command(
-    DEPENDS ${html_depends} ${DOC_DIR}/GettingStarted.adoc
+    OUTPUT KeePassXC_GettingStarted.html KeePassXC_UserGuide.html KeePassXC_KeyboardShortcuts.html
-    VERBATIM)
+    COMMAND
-add_custom_command(OUTPUT KeePassXC_UserGuide.html
+        ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -o KeePassXC_GettingStarted.html ${REV} ${DOC_DIR}/GettingStarted.adoc &&
-    COMMAND ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -o KeePassXC_UserGuide.html ${REV} ${DOC_DIR}/UserGuide.adoc
+        ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -o KeePassXC_UserGuide.html ${REV} ${DOC_DIR}/UserGuide.adoc &&
-    DEPENDS ${html_depends} ${DOC_DIR}/UserGuide.adoc
+        ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -o KeePassXC_KeyboardShortcuts.html ${REV} ${DOC_DIR}/topics/KeyboardShortcuts.adoc
-    WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+    DEPENDS ${doc_depends}
    VERBATIM)
 file(GLOB styles_depends ${DOC_DIR}/styles/*)
 add_custom_command(OUTPUT KeePassXC_KeyboardShortcuts.html
    COMMAND ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -o KeePassXC_KeyboardShortcuts.html ${REV} ${DOC_DIR}/topics/KeyboardShortcuts.adoc
    DEPENDS ${DOC_DIR}/topics/KeyboardShortcuts.adoc ${styles_depends}
    VERBATIM)
 add_custom_target(docs ALL DEPENDS KeePassXC_GettingStarted.html KeePassXC_UserGuide.html KeePassXC_KeyboardShortcuts.html)
 install(FILES
-    ${OUT_DIR}/KeePassXC_GettingStarted.html
+        ${OUT_DIR}/KeePassXC_GettingStarted.html
-    ${OUT_DIR}/KeePassXC_UserGuide.html
+        ${OUT_DIR}/KeePassXC_UserGuide.html
-    ${OUT_DIR}/KeePassXC_KeyboardShortcuts.html
+        ${OUT_DIR}/KeePassXC_KeyboardShortcuts.html
-    DESTINATION ${DATA_INSTALL_DIR}/docs)
+        DESTINATION ${DATA_INSTALL_DIR}/docs)
 # Build Man Pages on Linux and macOS
 if(UNIX)
-    add_custom_command(OUTPUT keepassxc.1
+    add_custom_command(OUTPUT keepassxc.1 keepassxc-cli.1
-        COMMAND ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -b manpage ${REV} ${DOC_DIR}/man/keepassxc.1.adoc
+        COMMAND ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -b manpage ${REV} ./man/keepassxc.1.adoc
-        DEPENDS ${DOC_DIR}/man/keepassxc.1.adoc
+        COMMAND ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -b manpage ${REV} ./man/keepassxc-cli.1.adoc
-        VERBATIM)
+        DEPENDS ${DOC_DIR}/man/keepassxc.1.adoc ${DOC_DIR}/man/keepassxc-cli.1.adoc
-    add_custom_command(OUTPUT keepassxc-cli.1
+        WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
        COMMAND ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -b manpage ${REV} ${DOC_DIR}/man/keepassxc-cli.1.adoc
        DEPENDS ${DOC_DIR}/man/keepassxc-cli.1.adoc
        VERBATIM)
    add_custom_target(manpages ALL DEPENDS keepassxc.1 keepassxc-cli.1)
-    install(FILES 
+    install(FILES
        ${OUT_DIR}/keepassxc.1
        ${OUT_DIR}/keepassxc-cli.1
        DESTINATION ${CMAKE_INSTALL_MANDIR}/man1/)
--- a/docs/FuzzTest.md
+++ b/docs/FuzzTest.md
@@ -19,7 +19,7 @@ Optionally, build AFL from source:
 ## Building KeePassXC For Fuzzing
-A special "instrumented build" is used that allows the fuzzer to look into the program as it executes. We place it in its own build directory so it doesn't confused with the production build.
+A special "instrumented build" is used that allows the fuzzer to look into the program as it executes. We place it in its own build directory so it doesn't get confused with the production build.
    $ cd your_keepassxc_source_directory
    $ mkdir buildafl
--- a/docs/images/autotype_entry_sequences.png
+++ b/docs/images/autotype_entry_sequences.png
--- a/docs/images/autotype_selection_dialog_type_menu.png
+++ b/docs/images/autotype_selection_dialog_type_menu.png
--- a/docs/images/autotype_settings.png
+++ b/docs/images/autotype_settings.png
--- a/docs/images/browser_database_settings.png
+++ b/docs/images/browser_database_settings.png
--- a/docs/images/browser_group_settings.png
+++ b/docs/images/browser_group_settings.png
--- a/docs/images/browser_settings.png
+++ b/docs/images/browser_settings.png
--- a/docs/images/browser_statistics.png
+++ b/docs/images/browser_statistics.png
--- a/docs/images/compact_mode_comparison.png
+++ b/docs/images/compact_mode_comparison.png
--- a/docs/images/csv_import.png
+++ b/docs/images/csv_import.png
--- a/docs/images/database_maintenance.png
+++ b/docs/images/database_maintenance.png
--- a/docs/images/database_settings.png
+++ b/docs/images/database_settings.png
--- a/docs/images/database_view.png
+++ b/docs/images/database_view.png
--- a/docs/images/edit_entry.png
+++ b/docs/images/edit_entry.png
--- a/docs/images/edit_entry_history.png
+++ b/docs/images/edit_entry_history.png
--- a/docs/images/edit_entry_icons.png
+++ b/docs/images/edit_entry_icons.png
--- a/docs/images/enable_copy_dc.png
+++ b/docs/images/enable_copy_dc.png
--- a/docs/images/export_database.png
+++ b/docs/images/export_database.png
--- a/docs/images/keeshare_application_settings.png
+++ b/docs/images/keeshare_application_settings.png
--- a/docs/images/main_interface.png
+++ b/docs/images/main_interface.png
--- a/docs/images/open_database.png
+++ b/docs/images/open_database.png
--- a/docs/images/passphrase_generator.png
+++ b/docs/images/passphrase_generator.png
--- a/docs/images/password_generator.png
+++ b/docs/images/password_generator.png
--- a/docs/images/password_generator_advanced.png
+++ b/docs/images/password_generator_advanced.png
--- a/docs/images/quick_unlock.png
+++ b/docs/images/quick_unlock.png
--- a/docs/images/quick_unlock_windows_hello.png
+++ b/docs/images/quick_unlock_windows_hello.png
--- a/docs/images/save_options.png
+++ b/docs/images/save_options.png
--- a/docs/images/sshagent_application_settings.png
+++ b/docs/images/sshagent_application_settings.png
--- a/docs/images/sshagent_puttygen.png
+++ b/docs/images/sshagent_puttygen.png
--- a/docs/images/theme_selection.png
+++ b/docs/images/theme_selection.png
--- a/docs/images/toolbar.png
+++ b/docs/images/toolbar.png
--- a/docs/images/totp_code_example.png
+++ b/docs/images/totp_code_example.png
--- a/docs/images/totp_setup.png
+++ b/docs/images/totp_setup.png
--- a/docs/images/totp_usage_examples.png
+++ b/docs/images/totp_usage_examples.png
--- a/docs/images/welcome_screen.png
+++ b/docs/images/welcome_screen.png
--- a/docs/man/keepassxc-cli.1.adoc
+++ b/docs/man/keepassxc-cli.1.adoc
@@ -16,7 +16,7 @@
 = keepassxc-cli(1)
 KeePassXC Team <team@keepassxc.org>
-:docdate: 2020-08-31
+:docdate: 2022-08-20
 :doctype: manpage
 :mansource: KeePassXC {revnumber}
 :manmanual: General Commands Manual
@@ -40,6 +40,17 @@ It provides the ability to query and modify the entries of a KeePass database, d
 *analyze* [_options_] <__database__>::
  Analyzes passwords in a database for weaknesses using offline HIBP SHA-1 hash lookup.
 *attachment-export* [_options_] <__database__> <__entry__> <__attachment_name__> <__export_file__>::
  Exports the content of an attachment to a specified file.
  Use *--stdout* option to instead output the contents of the attachment to stdout.
 *attachment-import* [_options_] <__database__> <__entry__> <__attachment_name__> <__import_file__>::
  Imports the attachment into an entry.
  An existing attachment with the same name may be overwritten if the *-f* option is specified.
 *attachment-rm* <__database__> <__entry__> <__attachment_name__>::
  Removes the named attachment from an entry.
 *clip* [_options_] <__database__> <__entry__> [_timeout_]::
  Copies an attribute or the current TOTP (if the *-t* option is specified) of a database entry to the clipboard.
  If no attribute name is specified using the *-a* option, the password is copied.
@@ -55,6 +66,11 @@ It provides the ability to query and modify the entries of a KeePass database, d
  The key file will be created if the file that is referred to does not exist.
  If both the key file and password are empty, no database will be created.
 *db-edit* [_options_] <__database__>::
  Edits a database.
  When setting a key file, the key file will be created if the file that is referred to
  does not exist.
 *db-info* [_options_] <__database__>::
  Show a database's information.
@@ -90,10 +106,6 @@ It provides the ability to query and modify the entries of a KeePass database, d
  If both the key file and password are empty, no database will be created.
  The new database will be in kdbx 4 format.
 *locate* [_options_] <__database__> <__term__>::
  Locates all the entries that match a specific search term in a database.
 *ls* [_options_] <__database__> [_group_]::
  Lists the contents of a group in a database.
  If no group is specified, it will default to the root group.
@@ -127,6 +139,9 @@ It provides the ability to query and modify the entries of a KeePass database, d
  If the database has a recycle bin, the group will be moved there.
  If the group is already in the recycle bin, it will be removed permanently.
 *search* [_options_] <__database__> <__term__>::
  Searches all entries that match a specific search term in a database.
 *show* [_options_] <__database__> <__entry__>::
  Shows the title, username, password, URL and notes of a database entry.
  Can also show the current TOTP.
@@ -144,7 +159,7 @@ It provides the ability to query and modify the entries of a KeePass database, d
 *--no-password*::
  Deactivates the password key for the database.
-*-y*, *--yubikey* <__slot__>::
+*-y*, *--yubikey* <__slot[:serial]__>::
  Specifies a yubikey slot for unlocking the database.
  In a merge operation this option is used to specify the YubiKey slot for the first database.
@@ -167,7 +182,7 @@ It provides the ability to query and modify the entries of a KeePass database, d
 *--no-password-from*::
  Deactivates password key for the database to merge from.
-*--yubikey-from* <__slot__>::
+*--yubikey-from* <__slot[:serial]__>::
  YubiKey slot for the second database.
 *-s*, *--same-credentials*::
@@ -221,20 +236,28 @@ The same password generation options as documented for the generate command can
  Will report an error if no TOTP is configured for the entry.
 *-b*, *--best*::
-  Try to find and copy to clipboard a unique entry matching the input (similar to *-locate*)
+  Try to find and copy to clipboard a unique entry matching the input
  If a unique matching entry is found it will be copied to the clipboard.
  If multiple entries are found they will be listed to refine the search. (no clip performed)
-=== Create and Import options
+=== Db-create, Db-edit and Import options
-*-k*, *--set-key-file* <__path__>::
+*--set-key-file* <__path__>::
  Set the key file for the database.
 *-p*, *--set-password*::
  Set a password for the database.
 === Db-create, Import options
 *-t*, *--decryption-time* <__time__>::
  Target decryption time in MS for the database.
 === Db-edit options
 *--unset-password* <__path__>::
  Removes the password for the database.
 *--unset-key-file* <__path__>::
  Removes the key file for the database.
 === Show options
 *-a*, *--attributes* <__attribute__>...::
  Shows the named attributes.
@@ -242,9 +265,15 @@ The same password generation options as documented for the generate command can
  If no attributes are specified and *-t* is not specified, a summary of the default attributes is given.
  Protected attributes will be displayed in clear text if specified explicitly by this option.
 *--all*::
  Show all the attributes of the entry.
 *-s*, *--show-protected*::
  Shows the protected attributes in clear text.
 *--show-attachments*::
  Shows the attachment names along with the size of the attachments.
 *-t*, *--totp*::
  Also shows the current TOTP, reporting an error if no TOTP is configured for the entry.
@@ -257,6 +286,7 @@ The same password generation options as documented for the generate command can
  Sets the Path of the wordlist for the diceware generator.
  The wordlist must have > 1000 words, otherwise the program will fail.
  If the wordlist has < 4000 words a warning will be printed to STDERR.
  Any *diceware*-compatible wordlist can be used. Note however that *KeePassXC* will NOT verify the PGP signature of signed wordlists.
 === Export options
 *-f*, *--format*::
@@ -317,3 +347,6 @@ This manual page was originally written by Manolis Agkopian <m.agkopian@gmail.co
 include::includes/section-reporting-bugs.adoc[]
 include::includes/section-copyright.adoc[]
 == SEE ALSO
 *keepassxc*(1)
--- a/docs/man/keepassxc.1.adoc
+++ b/docs/man/keepassxc.1.adoc
@@ -49,9 +49,6 @@ Your wallet works offline and requires no Internet connection.
 *--pw-stdin*::
  Read password of the database from stdin.
 *--pw*, *--parent-window* <__handle__>::
  Parent window handle.
 *--debug-info*::
  Displays debugging information.
@@ -63,3 +60,6 @@ This manual page was originally written by Janek Bevendorff <janek@jbev.net>.
 include::includes/section-reporting-bugs.adoc[]
 include::includes/section-copyright.adoc[]
 == SEE ALSO
 *keepassxc-cli*(1)
--- a/docs/topics/AutoType.adoc
+++ b/docs/topics/AutoType.adoc
@@ -12,21 +12,27 @@ WARNING: Auto-Type will be disabled when run with a Wayland compositor on Linux.
 === Configure Global Auto-Type
 You can define a global Auto-Type hotkey that starts the Auto-Type process. To configure the hotkey, perform the following steps:
-1. Navigate to _Tools_ -> _Settings_ -> Auto-Type tab *(1)*. Click into the _Global Auto-Type shortcut_ box and press the desired key combination that will trigger the Auto-Type process *(2)*.
+Navigate to _Tools_ -> _Settings_ -> Auto-Type tab *(1)*. Click into the _Global Auto-Type shortcut_ box and press the desired key combination that will trigger the Auto-Type process *(2)*.
-+
+
 .Auto-Type settings
 image::autotype_settings.png[]
-+
+
 You can configure additional Auto-Type settings in this window such as start delay, inter-key typing delay, and matching options. If Auto-Type is not working well for you, try adjusting the default delays.
 You can also set the time to remember the last used entry between presses of the global Auto-Type hotkey. This is useful for typing parts of a sequence during complex login workflows without having to find the specific each time.
 === Configure Auto-Type Sequences
 Each entry in your database can have multiple Auto-Type sequences associated with various window titles. Simulated key presses can be sent to any other currently open window of your choice (web browser windows, login dialogs boxes, and so on). When the Global Auto-Type hotkey is pressed, KeePassXC will search your database for entries matching the current selected window title.
 NOTE: The default Auto-Type sequence is `{USERNAME}{TAB}{PASSWORD}{ENTER}`. This means that it first types the username of the selected entry, then presses the `Tab` key, then types the password of the entry and finally presses the `Enter` key.
 TIP: To change the default Auto-Type sequence for all entries of your database, edit the root (top-most) group of your database and set a specific sequence. Child groups and entries will inherit this sequence by default.
 To configure Auto-Type sequences for your entries, perform the following steps:
-1.	Navigate to the entries list and open the desired entry for editing. Click the _Auto-Type_ item from the left-hand menu bar *(1)*. Press the `+` button *(2)* to add a new sequence entry. Select the desired window using the drop-down menu, or simply type a window title in the box *(3)*. You can use wildcard `*` to match any value (e.g., when a window title contains a filename or website name).
+1.	Navigate to the entries list and open the desired entry for editing. Click the _Auto-Type_ item from the left-hand menu bar *(1)*. Press the `+` button *(2)* to add a new sequence entry. Select the desired window using the drop-down menu, or simply type a window title in the box *(3)*.
 +
 TIP: You can use an asterisk (`\*`) to match any value (e.g., when a window title contains a dynamic filename or website name). Set the window title to `*` to match all windows. Leave the window title blank to offer additional default Auto-Type sequences, such as custom attributes.
 +
 .Auto-Type entry sequences
 image::autotype_entry_sequences.png[]
@@ -43,7 +49,7 @@ image::autotype_entry_sequences.png[]
 |{URL}      |URL
 |{NOTES}    |Notes
 |{TOTP}     |Current TOTP value (if configured)
-|{S:<ATTRIBUTE_NAME>}   |Value for the given attribute name
+|{S:ATTRIBUTE_NAME}   |Value for the given attribute name (e.g., {S:Address})
 |===
 +
 [grid=rows, frame=none, width=90%]
@@ -55,17 +61,30 @@ image::autotype_entry_sequences.png[]
 |{UP}, {DOWN}, {LEFT}, {RIGHT}  |Press the corresponding arrow key
 |{LEFTBRACE}, {RIGHTBRACE}      |Press `{` or `}`, respectively
-|{<KEY> X}     |Repeat <KEY> X times (e.g., {SPACE 5} inserts five spaces)
+|{&lt;KEY&gt; X}     |Repeat &lt;KEY&gt; X times (e.g., {SPACE 5} inserts five spaces)
 |{DELAY=X}     |Set delay between key presses to X milliseconds
 |{DELAY X}     |Pause typing for X milliseconds
 |{CLEARFIELD}  |Clear the input field
 |{PICKCHARS}   |Pick specific password characters from a dialog
 |{MODE=VIRTUAL} |(Experimental) Use virtual key presses on Windows, useful for virtual machines
 |===
 +
 [grid=rows, frame=none, width=90%]
 |===
 |Modifier |Description
 |+        |SHIFT
 |^        |CTRL
 |%        |ALT
 |#        |WIN/CMD
 |===
 TIP: Use modifiers to hold down special keys before typing the next character. For example, to type *CTRL+SHIFT+D* use: `^+d`. This is useful if you need to activate certain actions in a program or on your desktop.
 === Performing Global Auto-Type
 The global Auto-Type keyboard shortcut is used when you have focus on the window you want to type into. To make use of this feature, you must have previously configured an Auto-Type hotkey.
-When you press the global Auto-Type hotkey, KeePassXC searches all unlocked databases for entries that match the focused window title. The Auto-Type selection dialog will appear in the following circumstances: there are no matches found, there are multiple matches found, or the setting "Always ask before performing Auto-Type" is enabled.
+When you press the global Auto-Type hotkey, KeePassXC searches all unlocked databases for entries that match the focused window title. The Auto-Type selection dialog will appear in the following circumstances: there are no matches found, there are multiple matches found, or the setting "Always ask before performing Auto-Type" is enabled. The selection is remembered for a short while to help retype with the same entry in quick succession.
 .Auto-Type sequence selection
 image::autotype_selection_dialog.png[,70%]
@@ -80,7 +99,9 @@ Search the unlocked databases by activating Search Database radio button. Use th
 .Additional Auto-Type choices
 image::autotype_selection_dialog_type_menu.png[,70%]
-The option to type just the username, password, or current TOTP value is available by right clicking the desired row or expanding the Type Sequence button options. 
+The option to type just the username, password, or current TOTP value is available by right-clicking the desired row or expanding the Type Sequence button options. You can also copy these values to the clipboard.
 TIP: On Windows, you will see an option to use a virtual keyboard in this sub-menu. This is an experimental feature that allows you to type into virtual machines by simulating actual keyboard presses. Some international keyboards may be unsupported due to limitations in the Windows API.
 === Performing Entry-Level Auto-Type
 You can quickly activate the default Auto-Type sequence for a particular entry using Entry-Level Auto-Type. For this operation, the KeePassXC window will be minimized and the Auto-Type sequence occurs in the previously selected window. You can perform Entry-Level Auto-Type from the toolbar icon *(A)*, entry context menu *(B)*, or by pressing `Ctrl+Shift+V`.
@@ -89,4 +110,4 @@ WARNING: Be careful when using Entry-Level Auto-Type as you can inadvertently ty
 .Entry-Level Auto-Type
 image::autotype_entrylevel.png[]
-// end::content[]
+// end::content[]
--- a/docs/topics/BrowserPlugin.adoc
+++ b/docs/topics/BrowserPlugin.adoc
@@ -23,6 +23,8 @@ You can download the KeePassXC-Browser extension from your web browser. To downl
 2. Click the button to install/add the extension to the browser. Accept any confirmation dialogs.
 TIP: For the most up-to-date troubleshooting advice on all platforms, please read our https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide[Troubleshooting Guide].
 // tag::advanced[]
 NOTE: When Microsoft Edge is installed as a managed application, system administrators are required to deploy a custom native messaging configuration. Instructions for this are found in the advanced section below.
 // end::advanced[]
@@ -48,7 +50,7 @@ image::browser_settings.png[]
 .Connect Extension to KeePassXC
 image::browser_extension_connect.png[,80%]
-6. Click the _Connect_ button *(B)* in the pop-up window to complete integrating the KeePassXC-Browser extension with your KeePassXC desktop application. 
+6. Click the _Connect_ button *(B)* in the pop-up window to complete integrating the KeePassXC-Browser extension with your KeePassXC desktop application.
 7. You are now prompted to enter a unique name to identify the connection between this browser and your database. Enter a unique name in the field (e.g., firefox-laptop) and click the _Save and allow access_ button.
 +
@@ -62,7 +64,7 @@ The KeePassXC-Browser extension lets you automatically populate the entries from
 1. Open your KeePassXC desktop application and unlock your database.
-2. Open your web browser. The KeePassXC-Browser extension icon in your browser window will change based on its connection state. The figure below shows the different states. 
+2. Open your web browser. The KeePassXC-Browser extension icon in your browser window will change based on its connection state. The figure below shows the different states.
 +
 *(A)* KeePassXC is not running or is disconnected +
 *(B)* Connected to KeePassXC, but database is locked +
@@ -81,7 +83,7 @@ image::browser_extension_reload.png[,80%]
 .Confirm Access Dialog
 image::browser_confirm_access_dialog.png[,80%]
-5. Ensure the credentials you want use are checked, then click *(A)* Remember _(optional)_, then click _Allow Selected_ *(B)*.
+5. Ensure the credentials you want to use are checked, then click *(A)* Remember _(optional)_, then click _Allow Selected_ *(B)*.
 6. In your website, the KeePassXC icon will appear in the username field of the login form *(A)*. Click the icon to populate the field with your stored credentials. If you have more than one credential for this website, a dropdown will appear to choose the one to use.
 +
@@ -89,6 +91,12 @@ image::browser_confirm_access_dialog.png[,80%]
 image::browser_fill_credentials.png[,80%]
 // tag::advanced[]
 === Browser statistics
 You can see a cross-section of all browser-related settings applied to entries within a database through the Browser Statistics report. To access these, use the _Database_ -> _Database reports..._ menu option then click on _Browser Statistics_ on the left-hand menu. From here you can see all entries with URLs applied to them, explicitly allowed and denied URLs, and any entries with custom browser settings.
 .Browser statistics
 image::browser_statistics.png[]
 === Advanced Usage
 You can configure unique browser integration behavior for each entry. This allows you to add multiple URLs to an entry, hide an entry from the browser integration, and more. To access these settings, open an entry for editing then click on _Browser Integration_ option in the left-hand menu *(1)*.
@@ -97,6 +105,11 @@ After opening the settings you can add any number of additional URLs by clicking
 .Entry browser settings
 image::browser_entry_settings.png[]
 To set options for all entries within a group, edit the group and go to the browser integration section *(1)*. Here you can explicitly disable access to all entries under a group hierarchy to the browser extension. You can set other useful options for groups of entries as well.
 .Group browser settings
 image::browser_group_settings.png[]
 Database-wide operations are available in the database settings. To access these use the _Database_ -> _Database settings..._ menu option. Click on _Browser Integration_ on the left-hand menu. From here you can disconnect all browsers, convert legacy KeePass-HTTP settings, reset all entry-level settings, and refresh the database root group ID (useful when making copies of your database file).
 .Database browser settings
--- a/docs/topics/DatabaseOperations.adoc
+++ b/docs/topics/DatabaseOperations.adoc
@@ -19,7 +19,7 @@ image::welcome_screen.png[]
 .Create database - General information
 image::new_db_wizard_1.png[,80%]
-3. Click Continue. The Encryption Settings screen appears, we don't recommend making any changes besides increasing or decreasing the decryption time using the slider. Setting the Decryption Time slider at a higher values means that the database will have higher level of protection but the time taken by the database to open will increase.
+3. Click Continue. The Encryption Settings screen appears, we don't recommend making any changes besides increasing or decreasing the decryption time using the slider. Setting the Decryption Time slider at higher values means that the database will have higher level of protection but the time taken by the database to open will increase.
 +
 .Create database - Encryption settings
 image::new_db_wizard_2.png[,80%]
@@ -44,7 +44,7 @@ To open an existing database, perform the following steps:
 .Open an existing database
 image::open_database.png[]
-2. Navigate to the location of the your database on your computer and open the database file. The database unlock screen will appear:
+2. Navigate to the location of the database on your computer and open the database file. The database unlock screen will appear:
 +
 .Database unlock screen
 image::unlock_database.png[]
@@ -58,6 +58,37 @@ image::unlock_database.png[]
 .Unlocked database
 image::database_view.png[]
 === Quick Unlock
 On Windows and macOS, subject to hardware availability, your credentials can be securely stored to enable subsequent unlocking of your database through biometric authentication. This is enabled by default on Windows using _Windows Hello_ and on macOS using _Touch ID or Apple Watch_ services. You can disable this feature in the Application Settings under the Security section.
 NOTE: On Windows you will be prompted to authenticate to Windows Hello on the initial database unlock. This is required to access the hardware certificate store that encrypts your credentials.
 .Windows Hello example
 image::quick_unlock_windows_hello.png[]
 When your database is locked, you will see the following unlock dialog. Simply press _Enter_ or click on _Unlock Database_ to initiate the biometric authentication process. If you are using a hardware key (e.g. Yubikey), it must be connected to your computer to complete the unlock.
 .Quick Unlock
 image::quick_unlock.png[]
 // tag::advanced[]
 === Expired Entries
 By default, KeePassXC will show entries that are expired or will be expiring within 3 days after unlocking the database. This feature allows you to change your passwords before they expire and be aware of passwords that are no longer valid. You can disable or change this feature in the Application Settings.
 === Advanced Save Options
 There are three ways that KeePassXC can handle database files. This behavior is set in the Application Settings under _File Operations_.
 1. _(Default)_ *Safe saves* create a temporary database file alongside the existing one and atomically move it into place when all writing is complete. This prevents database corruption in the case of application crashes, loss of power, or other interruptions.
 2. *Temporary file saves* create a database in the temporary files folder. This database is then moved into place overtop of the existing file. Although rare, interruptions in this move process could leave your database in an unknown state. This option is useful for overcoming poorly behaved cloud sync tools.
 3. *Direct-write saves* write directly to the existing database file. This is an unsafe operation since any interruption can leave your entire database inaccessible. We only recommend using this option when interfacing with Linux GVFS services (e.g. Google Cloud on Gnome) and other types of storage services that host a virtual drive system.
 In addition to these save options, KeePassXC can create a backup of your existing database file just prior to saving. This backup will be saved at the path specified in the *Backup destination* field. This path can be absolute or relative. The latter will be resolved according to the databases path. It is possible to specify a custom naming scheme with placeholders. See xref:UserGuide.adoc#_backup_path_placeholders[Backup Path Placeholders] for available placeholders and examples.
 image::save_options.png[]
 // end::advanced[]
 === Adding an Entry
 All the details such as usernames, passwords, URLs, attachments, notes, and so on are stored in database entries. You can create as many entries as you want in the database.
@@ -69,10 +100,17 @@ To add an entry, perform the following step:
 image::edit_entry.png[]
 2. Enter a desired title for the entry, username, password, URL, and notes on this screen.
   a. Your most frequently used usernames will automatically be available in the username drop-down menu. They will also auto-complete for you when typing.
-3. _(Optional)_ Select the Expires check-box to set the expiry date for the password. You can manually enter the date and time or click the Presets button to select a expiry date and time for your password.
+   b. You can generate a secure random password by clicking the dice icon in the password field to launch the password generator. Reveal the password by clicking the eye icon.
-4. Click *OK* to add the entry to your database.
+   c. After you add a URL to an entry you can press the download button to automatically download the website's icon for this entry.
 3. _(Optional)_ Add tags to the entry to quickly search for it using the tags panel on the main database view. You can easily add new tags or select existing ones from the drop-down list.
 4. _(Optional)_ Select the _Expires_ check-box to set the expiry date for the password. You can manually enter the date and time or click the _Presets_ button to select an expiry date and time for your password.
 5. Click *OK* to add the entry to your database.
 === Editing an Entry
 To edit the details in an entry, perform the following steps:
@@ -85,6 +123,28 @@ To edit the details in an entry, perform the following steps:
 4. Click *OK*.
 === Adding TOTP to an Entry
 Timed One-Time Passwords (TOTP) are a popular choice for two-factor authentication methods. These codes are typically six digits long and change every 30 seconds. They are derived from a shared secret value and the current time. Once set up, KeePassXC can calculate TOTP codes like any authenticator app, such as Google Authenticator. The codes can be used with copy/paste, browser extension, and Auto-Type.
 TIP: Your computer time must be synchronized with an internet time source to generate valid TOTP codes, https://www.nist.gov/pml/time-and-frequency-division/time-distribution/internet-time-service-its[read more here].
 WARNING: Storing TOTP codes in the same database as the password will eliminate the advantages of two-factor authentication. If you desire maximum security, we recommend keeping TOTP codes in a separate database that you only unlock when needed.
 To add TOTP to a database entry, you must first retrieve the secret string from the website or application you are authenticating to. Often this secret is accompanied with a QR code and can be copy/pasted below. Example:
 .Example TOTP Secret
 image::totp_code_example.png[,40%]
 Once obtained, right-click the desired entry *(1)*, choose _TOTP_ -> _Set up TOTP..._ *(2)*, and the setup dialog will appear. In that dialog, paste the secret code from the website *(3)*, setup any custom settings (rare) *(4)*, then press OK to save the settings.
 .TOTP Setup Process
 image::totp_setup.png[]
 After an entry is configured with TOTP, you will see a clock icon in that entry's row and have the ability to reveal the current code in the preview pane. Additionally, you can navigate to the entry's _TOTP_ menu to show the code in a separate window. You can also view the secret and configuration as a QR code for exporting to a mobile device. TOTP codes can be entered into forms with the browser extension, with Auto-Type by using the `{TOTP}` placeholder, or via menu options in the Auto-Type selection dialog.
 .TOTP Usage
 image::totp_usage_examples.png[]
 === Deleting an Entry
 To delete an entry, perform the following steps:
@@ -110,7 +170,7 @@ image::clone_entry.png[]
 2. The clone dialog will appear.
 +
 .Clone entry dialog
-image::clone_entry_dialog.png[,70%]
+image::clone_entry_dialog.png[,50%]
  * Select the Append ‘ - Clone’ to title check-box to create a new entry with the word Clone as the suffix to the name of the new entry.
  * Select the Replace username and password with references check-box to create the new entry where the username and the password fields contain the references to the username and password to the master entry.
  * Select the Copy history checkbox to copy the history of the master entry to the clone.
@@ -136,16 +196,17 @@ KeePassXC provides an enhanced and granular search features the enables you to s
 |*	        |Term is handled as a regular expression
 |===
-The following fields can be searched along with their abbreviated name in parenthesis:
+The following fields can be searched along with their abbreviated name in parentheses:
 * Title (t)
 * Username (u)
 * Password (p, pw)
 * URL
 * Notes (n)
-* Attribute (attr)
+* Attribute names and values (attr)
 * Attachment (attach)
 * Group (g)
 * Entry State (is:expired, is:weak)
 === Wild Card Characters and Logical Operators
 [grid=rows, frame=none, width=70%]
@@ -173,12 +234,15 @@ The following tables lists a few samples search queries for your reference:
 |Search the username field for exactly johnsmith, the URL must not contain www.google.com, and notes contains secret note [digit].
 |`+attr:mystring123`
-|Searches all Additional Attributes for any name OR value equal to mystring123.
+|Searches all additional attributes for any name OR value equal to mystring123.
 |`is:expired is:weak`
 |Searches for all expired entries with weak passwords.
 |===
 == Advanced Entry Options
 === Additional Attributes
-A lot of applications and web sites now require to provide additional information when you create accounts. The additional information is used to block hackers if any suspicious activity is detected. In addition, the additional information you provide can be used to reset passwords if you forget them. You can also store arbitrary information here that can be copied to the clipboard or Auto-Typed using the `{S:<ATTR_NAME}` action code.
+A lot of applications and web sites now require providing additional information when you create accounts. The additional information is used to block hackers if any suspicious activity is detected. In addition, the additional information you provide can be used to reset passwords if you forget them. You can also store arbitrary information here that can be copied to the clipboard or Auto-Typed using the `{S:<ATTR_NAME>}` action code.
 To protect an attribute from being displayed by default, activate the _Protect_ checkbox *(A)*. To show the contents of the attribute while keeping it protected, press the _Reveal_ button *(B)*.
@@ -202,7 +266,7 @@ image::edit_entry_colors.png[]
 === Icons
 You can select an icon to be displayed with each entry for easy identification. KeePassXC comes with a set of default icons that you can use or you can use your own custom icons. If you defined a URL with an entry, you can also download the favorite icon for that particular website.
-NOTE: To delete a custom icon, select the item to be deleted and click the _Delete custom icon_ button.
+NOTE: To delete a custom icon, go to xref:UserGuide.adoc#_database_maintenance[Database Maintenance] where you can purge unused icons and delete one or more icons at a time.
 .Entry icon selection
 image::edit_entry_icons.png[]
@@ -216,7 +280,7 @@ KeePassXC lets you view the basic properties such as date and time of creation,
 image::edit_entry_properties.png[]
 === History
-KeePassXC maintains a history of changes you make to your entries. Each time you change an entry, KeePassXC automatically creates a backup copy of the current, non-modified entry before saving the new values. You can view the changes you made previously, restore, and delete the history of changes you made.
+KeePassXC maintains a history of changes you make to your entries. Each time you change an entry, KeePassXC automatically creates a backup copy of the current, non-modified entry before saving the new values. You can view the changes you made previously, restore, and delete the history of changes you made. The age of the history item, the changes that were made, and the entry's size are shown in the table view.
 * Show: Display this history item for review, a read-only copy of the entry will be shown.
 * Restore: Reinstate the selected history item as the active entry details.
@@ -231,7 +295,7 @@ NOTE: Restoring an old history item will store the current entry settings as a n
 == Automatic Database Opening
 You can setup one or more databases to open automatically when you unlock a single database. This is done by *(1)* defining a special group named `AutoOpen` with *(2)* entries that contain the file path and credentials for each database that should be opened. There is no limit to the number of databases that can be opened.
-TIP: Case matters with auto open, the group name must be exactly `AutoOpen`.
+TIP: Case matters with auto open, the group name must be exactly `AutoOpen` and it must be a child of the root group.
 .AutoOpen Group and Entries
 image::autoopen.png[]
@@ -268,7 +332,7 @@ image::database_settings.png[]
 * *Max history items:* This is the maximum number of history items that are stored for each entry. When you set this to 0, no history will be saved. Set this value to a low value to prevent the database from getting too large (we recommend no more than 10).
 * *Max. history size:* When the history of an entry gets above this size, it is truncated. For example, this happens when entries have large attachments. Set this value small to prevent the database from getting too large (we recommend 6 MiB).
 * *Use recycle bin:* Select this check-box if you want deleted entries to move to the recycle bin instead of being permanently removed. The recycle bin will be created if it does not already exist after your first deletion. To delete entries permanently, you must empty the recycle bin manually.
- * *Enable compression:* KeePassXC databases can be compressed before being encrypted. Compression reduces the size of the database and does not have any appreciable affect on speed. It is  recommended to always save databases with compression.
+ * *Enable compression:* KeePassXC databases can be compressed before being encrypted. Compression reduces the size of the database and does not have any appreciable affect on speed. It is recommended to always save databases with compression.
 3. Click the Security button in the left-hand menu bar to change your database credentials and change encryption settings.
 +
@@ -282,7 +346,7 @@ image::database_security_credentials.png[]
 +
 WARNING: Consider creating a backup of your YubiKey. Please refer to <<Creating a YubiKey backup>>
-5. Encryption settings allows you to change the average time it takes to encrypt and decrypt the database. The longer time that is chosen, the harder it will be to brute force attack your database. *We recommend a setting of one second.*
+5. Encryption settings allow you to change the average time it takes to encrypt and decrypt the database. The longer time that is chosen, the harder it will be to brute force attack your database. *We recommend a setting of one second.*
 +
 .Database encryption
 image::database_security_encryption.png[]
@@ -298,7 +362,12 @@ The following key derivation functions are supported:
 * AES-KDF (KDBX 4 and KDBX 3.1): This key derivation function is based on iterating AES. Users can change the number of iterations. The more iterations, the harder are dictionary and guessing attacks, but also database loading/saving takes more time (linearly). KDBX 3.1 only supports AES-KDF; any other key derivation function, like for instance Argon2, requires KDBX 4.
- * Argon2 (KDBX 4 - recommended): KDBX 4, the Argon2 key derivation function can be used for transforming the composite master key (as protection against dictionary attacks). The main advantage of Argon2 over AES-KDF is that it provides a better resistance against GPU/ASIC attacks (due to being a memory-hard function). The number of iterations scales linearly with the required time. By increasing the memory parameter, GPU/ASIC attacks become harder (and the required time increases). The parallelism parameter can be used to specify how many threads should be used.
+ * Argon2 (KDBX 4 - recommended): KDBX 4, the Argon2 key derivation function can be used for transforming the composite master key (as protection against dictionary attacks). The main advantage of Argon2 over AES-KDF is that it provides a better resistance against GPU/ASIC attacks (due to being a memory-hard function). The number of iterations scales linearly with the required time. By increasing the memory parameter, GPU/ASIC attacks become harder and the required time increases. The parallelism parameter can be used to specify how many threads should be used. We recommend using Argon2id to prevent against timing-based attacks. Argon2d offers maximum compatibility with other KeePass-based apps, the default settings provide sufficient protection against any known attacks.
 == Database Maintenance
 KeePassXC offers some maintenance features that can be applied to clean up your database. Navigate to _Database_ -> _Database settings_ then click on _Maintenance_ on the left hand panel. The following screen appears. On this screen you can delete multiple icons at once and purge any unused icons in your database.
 image::database_maintenance.png[]
 === Creating a YubiKey backup
 It is advisable to have a backup replica YubiKey In case your main YubiKey gets damaged, lost, or stolen. The same HMAC key will need to be written to both keys. To do this you can either use the YubiKey Personalization Tool GUI or the ykpersonalize CLI tool. The steps for the CLI tool are shown:
@@ -315,19 +384,22 @@ dd status=none if=/dev/random bs=20 count=1 | xxd -p -c 40
 ykpersonalize -2 -a -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible -oallow-update
 ```
-You will be asked to enter the HMAC key you created earlier, copy/paste they key output in the first step. Repeat both steps for your second YubiKey. We recommend storing your HMAC key in a safe place (e.g., printed on paper) in case you need to recreate another key.
+You will be asked to enter the HMAC key you created earlier, copy/paste they key output in the first step. Repeat step 2 for your second YubiKey using the same HMAC key from before. We recommend storing your HMAC key in a safe place (e.g., printed on paper) in case you need to recreate another key.
 == Command Line Tool
 KeePassXC comes with the command line tool *keepassxc-cli* to access, view, and manipulate your database directly from a terminal window. The tool is documented through a separate man page, which can be shown using `man keepassxc-cli`, or through the on-demand help using `keepassxc-cli [command] -h`. An online version of the man page is https://github.com/keepassxreboot/keepassxc/blob/master/docs/man/keepassxc-cli.1.adoc[available on GitHub].
 // end::advanced[]
 == Storing a Database File
 The database file that you create might contain highly sensitive data and must be stored in a very secure way. You must make sure that the database is always protected with a strong and long password. The database file that is protected with a strong and long password is secure and encrypted while stored on your computer or cloud storage service.
-Make sure that the database file is stored in a folder that is secure. Make sure that you or someone else does not accidentally delete the database file. Deletion of the database file will result in the total loss of your information and a lot of inconvenience to manually retrieve your logins for  various web applications. You must not share your database file with anyone unless absolutely necessary.
+Make sure that you or someone else does not accidentally delete the database file. Deletion of the database file will result in the total loss of all your information (including all your passwords!) and a lot of inconvenience to manually retrieve your logins for various web applications. Do not share the credentials to access your database file with anyone unless you absolutely trust them (spouse, child, etc.).
 TIP: You can safely store your database file in the cloud (e.g., OneDrive, Dropbox, Google Drive, Nextcloud, Syncthing, etc). The database file is always fully encrypted; unencrypted data is never written to disk and is never accessible to your cloud storage provider. We recommend using a storage service that keeps automatic backups (version history) of your database file in the event of corruption or accidental deletion.
 ==  Backing up a Database File
 It is a good practice to create copies of your database file and store the copies of your database on a different computer, smart phone, or cloud storage space such a Google Drive or Microsoft OneDrive. Backups can be created automatically by selecting the _Backup database file before saving_ option in the application settings. Additionally, you can create a backup on-demand using the _Database_ -> _Save Database Backup..._ menu feature.
 .Saving a database backup
 image::save_database_backup.png[,40%]
 Creating backups for your database give you a peace of mind should you lose one copy of your database. You can quickly retrieve the copy of your database and start using it.
 // end::content[]
--- a/docs/topics/DownloadInstall.adoc
+++ b/docs/topics/DownloadInstall.adoc
@@ -43,6 +43,14 @@ image::install_wizard_1.png[,80%]
 .Install wizard (cont)
 image::install_wizard_2.png[,80%]
 The following options can be set when running the MSI in an unattended installation:
 * *LAUNCHAPPONEXIT* - Launch KeePassXC after install (default ON)
 * *AUTOSTARTPROGRAM* - KeePassXC will auto-start on login (default ON)
 * *INSTALLDESKTOPSHORTCUT* - A desktop icon will be installed (default OFF)
 Example: `msiexec.exe /q /i KeePassXC-Y.Y.Y-WinZZ.msi AUTOSTARTPROGRAM=0`
 === Linux
 You can easily download the KeePassXC installer for Linux. When you search for KeePassXC, multiple options are displayed as shown in the following screen:
--- a/docs/topics/ImportExport.adoc
+++ b/docs/topics/ImportExport.adoc
@@ -4,7 +4,7 @@ include::.sharedheader[]
 // tag::content[]
 == Importing External Databases
-KeePassXC allows your to import external databases from the following options:
+KeePassXC allows you to import external databases from the following options:
 * Comma-Separated Values (CSV) file
 * 1Password OPVault
@@ -21,10 +21,10 @@ To open the CSV file, perform the following steps:
 3. Navigate to the location of the your CSV file on your computer and open the file. The new database wizard will appear. Follow the steps of creating a new database in Chapter 1.
-4. After saving your new database file, the CSV import wizard will appear:
+4. After saving your new database file, the CSV import wizard will appear. On this dialog you can choose the various options for properly importing the data. You may need to select the _First line has field names_ checkbox before starting. Analyze the output in the preview at the bottom to determine the correct import settings.
 +
 .CSV Import Wizard
-image::csv_import.png[,80%]
+image::csv_import.png[]
 Your CSV file gets imported to KeePassXC and the data is converted to the KeePassXC format for further usage and maintenance. The new database file is saved on to your computer with the default `.kdbx` extension.
@@ -55,9 +55,9 @@ To import a KeePass 1 database file in KeePassXC, perform the following steps:
 6. The data from the `.kdb` file gets imported and converted to the new format, which is compatible with KeePassXC. You can now start using the new database file (`.kdbx`) in KeePassXC.
 == Exporting Databases
-KeePassXC supports multiple ways to export your database for transfer to another program or to print out and archive. To export your database into the KDB XML format, you must use the KeePassXC Command Line Interface program: `keepassxc-cli export <database.kdbx>`.
+KeePassXC supports multiple ways to export your database for transfer to another program or to print out and archive.
-WARNING: Exporting your database will result in all of your passwords and sensitive information being stored unencrypted. We do not recommend saving your exported database for long periods of time as that can cause compromise.
+WARNING: Exporting your database will result in all of your passwords and sensitive information being stored in an unencrypted format. We do not recommend saving your exported database for long periods of time as that can cause a compromise of sensitive information.
 .Database export menu
 image::export_database.png[,80%]
--- a/docs/topics/KeeShare.adoc
+++ b/docs/topics/KeeShare.adoc
@@ -11,13 +11,13 @@ To use sharing, you need to enable it for the application.
 1. Go to _Tools_ -> _Settings_. Select the KeeShare category on the left sidebar *(1)*.
 2. Check _Allow import_ if you want to import shared credentials. Check _Allow export_ if you want to share credentials. *(2)*
-3. (Optional) Click _Generate_ *(3)* to create your own certificate or _Import_ to select an existing one. The certificate allows you to sign shared databases. This ensures the integrity of the share and prevent import of untrusted information.
+3. (Optional) Click _Generate_ *(3)* to create your own signing certificate. If you are using signed shares then your signing certificate will be used to generate the signature. *_This feature is deprecated and will be removed in a future version._*
 .KeeShare Application Settings
 image::keeshare_application_settings.png[]
 === Sharing Credentials
-If you checked _Allow export_ in the Sharing settings you can now share a group of passwords. Sharing is always is defined on a particular group. If you enable sharing on a group, every entry under this group, and its children, are shared. If you enable sharing on the root node, **every password** inside your database gets shared!
+If you checked _Allow export_ in the Sharing settings you can now share a group of passwords. Sharing is always defined on a particular group. If you enable sharing on a group, every entry under this group, and its children, are shared. If you enable sharing on the root node, **every password** inside your database gets shared!
 NOTE: KeeShare does not synchronize group structure after the initial share is created. At this time, KeeShare operates at the entry level; shared entries moved outside of a shared group are still synchronized.
@@ -45,7 +45,7 @@ A shared group shows a cloud icon badge over the group icon *(A)* and a banner i
 image::keeshare_shared_group.png[]
 === Technical Details and Limitations of Sharing
-Sharing relies on the combination of file exports and imports as well as the synchronization mechanism provided by KeePassXC. Since the merge algorithm uses the history of entries to prevent data loss, this history must be enabled and have a sufficient size. Furthermore, the merge algorithm is location independent, therefore it does not matter if entries are moved outside of an import group. These entries will be updated none the less. Moving entries outside of export groups will prevent a further export of the entry, but it will not ensure that the already shared data will be removed from any client.
+Sharing relies on the combination of file exports and imports as well as the synchronization mechanism provided by KeePassXC. Since the merge algorithm uses the history of entries to prevent data loss, this history must be enabled and have a sufficient size. Furthermore, the merge algorithm is location independent, therefore it does not matter if entries are moved outside of an import group. These entries will be updated nonetheless. Moving entries outside of export groups will prevent a further export of the entry, but it will not ensure that the already shared data will be removed from any client.
 KeeShare uses a custom certification mechanism to ensure that the source of the data is the expected one. This ensures that the data was exported by the signer but it is not possible to detect if someone replaced the data with an older version from a valid signer. To prevent this, the container could be placed at a location which is only writeable for valid signers.
 // end::content[]
--- a/docs/topics/KeyboardShortcuts.adoc
+++ b/docs/topics/KeyboardShortcuts.adoc
@@ -25,6 +25,7 @@ NOTE: On macOS please substitute `Ctrl` with `Cmd` (aka `⌘`).
 |Copy URL                     | Ctrl + U
 |Open URL                     | Ctrl + Shift + U
 |Copy TOTP                    | Ctrl + T
 |Copy Password and TOTP       | Ctrl + Y
 |Show TOTP                    | Ctrl + Shift + T
 |Trigger AutoType             | Ctrl + Shift + V
 |Add key to SSH Agent         | Ctrl + H
--- a/docs/topics/PasswordGenerator.adoc
+++ b/docs/topics/PasswordGenerator.adoc
@@ -26,10 +26,9 @@ image::password_generator.png[]
 +
 .Advanced Password Generator Options
 image::password_generator_advanced.png[]
 8. When generating a password for an entry, click the Apply Password button (Ctrl + S or Ctrl + Enter) to close the window and apply your changes.
 === Generating Passphrases
-A passphrase is a sequence of words or other text used to control access to your applications and data. A passphrase is similar to a password in usage, but is generally longer for added security. To generate the random passphrase using Password Generator, perform the following steps:
+A passphrase is a sequence of words or other text used to control access to your applications and data. A passphrase is specifically designed to be simple to remember but hard to guess. For this reason, we do not recommend making passphrases too complex; if you require something that is more complex than you could easily remember, it is better to use a randomly generated password instead.
 1. From the password generator, click the Passphrase tab. The following screen appears:
 +
@@ -38,9 +37,10 @@ image::passphrase_generator.png[]
 2. Select the number of words you want to be included in your passphrase by dragging the
 Word Count slider.
-3. In the Word Separator field, enter a character, word, number, or space that you want to use a separator between the words in your passphrase.
+3. In the Word Separator field, enter a character, word, number, or space that you want to use as a separator between the words in your passphrase.
-4. Click the Regenerate button (Ctrl + R) to generate a new random passphrase.
+4. _(Optional)_ You can choose a word case between lower, upper, and title case options.
-5. Click the Clipboard button (Ctrl + C) to copy the passphrase to the clipboard.
+5. _(Optional)_ You can also load your own custom word lists. Click the plus sign button to the right of the wordlist selection dialog to choose a custom word list. You can download alternative lists from the https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases[EFF's Website] or from https://github.com/redacted/XKCD-password-generator#additional-languages[GitHub].
-6. When generating a password for an entry, click the Apply Password button (Ctrl + S or Ctrl + Enter) to close the window and apply your changes.
+6. Click the Regenerate button (Ctrl + R) to generate a new random passphrase.
 7. Click the Clipboard button (Ctrl + C) to copy the passphrase to the clipboard.
 // end::advanced[]
 // end::content[]
--- a/docs/topics/Reference.adoc
+++ b/docs/topics/Reference.adoc
@@ -17,7 +17,7 @@ This section contains full details on advanced features available in KeePassXC.
 |{URL}           |URL
 |{NOTES}         |Notes
 |{TOTP}          |Current TOTP value (if configured)
-|{S:<ATTRIBUTE_NAME>}   |Value for the given attribute (case sensitive)
+|{S:&lt;ATTRIBUTE_NAME&gt;}   |Value for the given attribute (case sensitive)
 |{URL:RMVSCM}	        |URL without scheme (e.g., https)
 |{URL:WITHOUTSCHEME}	|URL without scheme
 |{URL:SCM}	     |URL Scheme
@@ -48,10 +48,10 @@ This section contains full details on advanced features available in KeePassXC.
 |===
 === Entry Cross-Reference
-A reference to another entry's field is possible using the short-hand syntax:  
+A reference to another entry's field is possible using the shorthand syntax:
-`{REF:<FIELD>@<SEARCH_IN>:<SEARCH_TEXT>}`
+`{REF:&lt;FIELD&gt;@&lt;SEARCH_IN&gt;:&lt;SEARCH_TEXT&gt;}`
-`<FIELD>` and `<SEARCH_IN>` can be one of following:
+`&lt;FIELD&gt;` and `&lt;SEARCH_IN&gt;` can be one of following:
 * T - Title
 * U - Username
@@ -77,18 +77,52 @@ Examples: +
 |{UP}, {DOWN}, {LEFT}, {RIGHT}  |Press the corresponding arrow key
 |{F1}, {F2}, ..., {F16}         |Press F1, F2, etc.
 |{LEFTBRACE}, {RIGHTBRACE}      |Press `{` or `}`, respectively
-|{<KEY> X}  |Repeat <KEY> X times (e.g., {SPACE 5} inserts five spaces)
+|{&lt;KEY&gt; X}  |Repeat &lt;KEY&gt; X times (e.g., {SPACE 5} inserts five spaces)
 |{DELAY=X}     |Set delay between key presses to X milliseconds
 |{DELAY X}     |Pause typing for X milliseconds
 |{CLEARFIELD}  |Clear the input field
 |{PICKCHARS}   |Pick specific password characters from a dialog
 |===
 [grid=rows, frame=none, width=90%]
 |===
 |Modifier |Description
 |+        |SHIFT
 |^        |CTRL
 |%        |ALT
 |#        |WIN/CMD
 |===
 *Text Conversions:*
-*{T-CONV:/<PLACEHOLDER>/<METHOD>/}* +
+`{T-CONV:/&lt;PLACEHOLDER&gt;/&lt;METHOD&gt;/}` +
 Convert resolved placeholder (e.g., {USERNAME}, {PASSWORD}, etc.) using the following methods: UPPER, LOWER, BASE64, HEX, URI, URI-DEC.
-*{T-REPLACE-RX:/<PLACEHOLDER>/<SEARCH>/<REPLACE>/}* +
+`{T-REPLACE-RX:/&lt;PLACEHOLDER&gt;/&lt;SEARCH&gt;/&lt;REPLACE&gt;/}` +
 Use regular expressions to find and replace data from a resolved placeholder. Refer to match groups using $1, $2, etc.
 === Backup Path Placeholders
 [grid=rows, frame=none, width=90%]
 |===
 |Database Backup Path Placeholder |Description
 |{DB_FILENAME}  |The database's filename without extension
 |{TIME}        |The current time formatted as dd_MM_yyyy_hh-mm-ss.
 |{TIME:<format>}        |The current time formatted according to the format string specified by <format>. See https://doc.qt.io/qt-5/qtime.html#toString for a list of available placeholders.
 |===
 [grid=rows, frame=none, width=90%]
 |===
 |Backup path example |Location of backup(s)
 |`{DB_FILENAME}-{TIME}.bak.kdbx` |`C:\Users\MyUsername\MyDatabase-02_01_2022_03-04-05.bak.kdbx` +
 `C:\Users\MyUsername\MyDatabase-05_01_2022_12-10-00.bak.kdbx`
 |`backups\\{DB_FILENAME}.bak.kdbx` |`C:\Users\MyUsername\backups\MyDatabase.bak.kdbx`
 |`C:\Backups\{TIME:dd.MM.yyyy}\\{DB_FILENAME}.kdbx` |`C:\Backups\02.01.2022\MyDatabase.kdbx` +
 `C:\Backups\05.01.2022\MyDatabase.kdbx`
 |`C:\Backups\\{DB_FILENAME}\{TIME:MM-dd-yyyy}.kdbx` |`C:\Backups\MyDatabase\01-02-2022.kdbx` +
 `C:\Backups\MyDatabase\01-05-2022.kdbx`
 |===
 // end::content[]
--- a/docs/topics/SSHAgent.adoc
+++ b/docs/topics/SSHAgent.adoc
@@ -1,10 +1,10 @@
-= KeePassXC - SSH Agent
+= KeePassXC - SSH Agent integration
 include::.sharedheader[]
 :imagesdir: ../images
 // tag::content[]
-== SSH Agent
+== SSH Agent integration
-SSH (Secure Shell) is a widely used remote secure shell protocol and is considered an industry standard for secure remote access to UNIX-like systems including Linux, BSDs, MacOS and more recently even Windows received native support. SSH supports multiple types of authentication and the most widely used ones are either interactive keyboard input with a password or a public-key cryptography pair of keys.
+SSH (Secure Shell) is a widely used remote secure shell protocol and is considered an industry standard for secure remote access to UNIX-like systems including Linux, BSDs, macOS and more recently even Windows received native support. SSH supports multiple types of authentication and the most widely used ones are either interactive keyboard input with a password or a public-key cryptography pair of keys.
 KeePassXC SSH Agent integration is built to manage SSH keys in a secure manner by either storing them completely within your KeePassXC database or by having only the decryption key of a key file that is stored elsewhere. SSH Agent integration _does not_ provide an agent itself but works as a client for any agent implementation that is OpenSSH compatible.
@@ -32,18 +32,35 @@ WARNING: _GNOME Keyring_ prior to release 3.27.92 had its own custom implementat
 It does not support any constraints you may want to configure for an added key.
 If you are running a modern distribution the custom agent has been removed and replaced with the stock OpenSSH agent which is feature complete.
-=== OpenSSH agent on MacOS
+=== OpenSSH agent on macOS
-Apple has made OpenSSH an integrated part of MacOS with automatic agent startup when it is first used. No further configuration is needed.
+Apple has made OpenSSH an integrated part of macOS with automatic agent startup when it is first used. No further configuration is needed.
-=== Pageant agent on Windows
+=== OpenSSH agent and Pageant on Windows
 The SSH Agent integration on Windows supports both _PuTTY Pageant_ and _OpenSSH for Windows 10_.
-Since Pageant is currently still the most widely used implementation and is easily installable on any version of Windows we focus on that.
+Since Pageant is currently still the most widely used implementation and is easily installable on any version of Windows, it is the default on KeePassXC.
-It is also the default on KeePassXC.
+However, Microsoft includes a native OpenSSH client implementation with Windows 10 since autumn 2018 that can be used instead. If you would like to self-manage your OpenSSH version you can use the builds offered via their official https://github.com/powershell/Win32-OpenSSH[GitHub repository].
 ==== Pageant
 Download Pageant from the official PuTTY home page at https://www.chiark.greenend.org.uk/~sgtatham/putty/
 To use Pageant with KeePassXC, simply start it and it will minimize into the system tray and is ready to use. PuTTY and compatible tools will use Pageant automatically.
 ==== OpenSSH
 Make sure your Windows version has at least update 1809 installed. For more details consult the https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview[official documentation].
 To use Windows OpenSSH the _OpenSSH Authentication Agent_ service has to be enabled first:
 1. Open the Services application via the _Start Menu_, it is located in the _Windows Administrative Tools_ section
 2. Select the _OpenSSH Authentication Agent_ and open its _Properties_
 3. Set the _Startup type_ to _Automatic_ and start the service
 Alternatively, you can use a _Windows PowerShell_ running as _Administrator_ to enable and start the service:
    PS C:\Users\user> Get-Service ssh-agent | Set-Service -StartupType Automatic
    PS C:\Users\user> Start-Service ssh-agent
 KeePassXC and other compatible tools can now use the Windows OpenSSH agent. To use it with KeePassXC, update the settings explained in <<Setting up SSH Agent integration>>.
 === Setting up SSH Agent integration
 By default the SSH Agent integration plugin is disabled.
 To enable integration, follow the steps below to access the settings:
@@ -57,21 +74,20 @@ image::sshagent_application_settings.png[]
 On the settings page you can enable the integration by checking _Enable SSH Agent integration_.
 When the integration is enabled coming back to the settings page also shows if connection to the agent is working.
-On Windows you have the option to select between _Pageant_ and _OpenSSH for Windows_ and on other platforms the settings page shows the current value of _SSH_AUTH_SOCK_ environment variable which is used to connect to the running agent and an option to manually override the automatically detected path.
+On Windows, you have the option to select _Pageant_ and/or _OpenSSH for Windows_. On macOS and Linux, the system ssh-agent will be used automatically and the settings page shows the current value of _SSH_AUTH_SOCK_ environment variable which is used to connect to the running agent and an option to manually override the automatically detected path.
 If the value of _SSH_AUTH_SOCK_ is empty it means the agent is not properly configured and KeePassXC will be unable to connect to it unless you provide a static override path to the socket.
 === Generating a key to use with KeePassXC
 KeePassXC only supports keys in the _OpenSSH_ format. On Windows, _PuTTYgen_ saves keys in its own format by default and you will need to convert them to OpenSSH format before being used. In this guide we are going to generate a standard RSA key in the default size.
-==== Generating a key on Linux or MacOS with _ssh-keygen_
+==== Generating a key on Linux or macOS with _ssh-keygen_
 Open a terminal window and type the following command to generate a key:
    $ ssh-keygen -o -f keepassxc -C johndoe@example
    Generating public/private rsa key pair.
-    Enter passphrase (empty for no passphrase): 
+    Enter passphrase (empty for no passphrase):
-    Enter same passphrase again: 
+    Enter same passphrase again:
    Your identification has been saved in keepassxc
    Your public key has been saved in keepassxc.pub
    The key fingerprint is:
@@ -89,7 +105,6 @@ Open a terminal window and type the following command to generate a key:
    |. ..++ooo        |
    +----[SHA256]-----+
 Now we can see two files were generated:
    $ ls -l keepassxc*
@@ -98,19 +113,59 @@ Now we can see two files were generated:
 With KeePassXC you only need the first file listed.
-==== Generating a key on Windows with PuTTYgen
+==== Generating a key on Windows
-Please read the manual on how to use PuTTYgen for details on generate a key: https://the.earth.li/~sgtatham/putty/0.74/htmldoc/Chapter8.html#pubkey-puttygen. Once generated, you must save the key in OpenSSH format, follow the image below.
+On Windows you can generate key pairs with _PuTTYgen_ and with _ssh-keygen_, depending on whether you installed PuTTY and your Windows version.
-.Generating a key with PuTTYgen
+===== Using _PuTTYgen_
 Please read the manual on how to use _PuTTYgen_ for details on generate a key: https://the.earth.li/~sgtatham/putty/0.74/htmldoc/Chapter8.html#pubkey-puttygen. Once generated, you must save the key in the new OpenSSH format, see image below.
 .Generating a key with _PuTTYgen_
 image::sshagent_puttygen.png[,70%]
 ===== Using _ssh-keygen_
 Open _Command Prompt_ or _Windows PowerShell_ and type the following command to generate a key:
    PS C:\Users\user> ssh-keygen.exe -o -f keepassxc -C johndoe@example
    Generating public/private rsa key pair.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in keepassxc
    Your public key has been saved in keepassxc.pub
    The key fingerprint is:
    SHA256:pN+o5AqUmijYBDUrFV/caMus9oIR61+MiWLa8fcsVYI johndoe@example
    The key's randomart image is:
    +---[RSA 3072]----+
    |  =. ..o         |
    | o + .+ .        |
    |o . .+ o.        |
    | o..  Eo. .      |
    |  +o .. So       |
    |o*o.o+ ..o       |
    |Bo=+o.+.o .      |
    |+oo+.++o         |
    |. ..++ooo        |
    +----[SHA256]-----+
 Now we can see two files were generated:
    PS C:\Users\user> dir keepassxc*
    Directory C:\Users\user
    Mode                 LastWriteTime         Length Name
    ----                 -------------         ------ ----
    -a----         9/19/2021  12:08 PM           2655 keepassxc
    -a----         9/19/2021  12:08 PM            570 keepassxc.pub
 With KeePassXC you only need the first file listed.
 === Configuring an entry to use SSH Agent
 The last step is to setup an entry to contain the SSH Agent settings and key file you generated.
 1. Create a new entry, or open an existing entry in edit mode.
 2. Set the password you used for the key file in the password field.
 3. Go to the advanced category and attach the key file you generated previously.
-4. Go to the SSH Agent category *(1)* and select the attachment from the list *(2)*. 
+4. Go to the SSH Agent category *(1)* and select the attachment from the list *(2)*.
 5. Alternatively, you can load an external file dynamically using the file selection.
 6. Choose the options for this key.
 7. Press *OK* to accept the entry. Depending on the options you chose, KeePassXC will load the key and present it for use.
@@ -118,7 +173,7 @@ The last step is to setup an entry to contain the SSH Agent settings and key fil
 .SSH Agent Entry Settings Page
 image::sshagent_entry_settings.png[]
-If you chose to not auto-load the key on database unlock, you can manually make the key available by using the context menu from the entry list.
+If you chose to not autoload the key on database unlock, you can manually make the key available by using the context menu from the entry list.
 .SSH Agent Load Key from Context Menu
 image::sshagent_context_menu.png[]
--- a/docs/topics/UserInterface.adoc
+++ b/docs/topics/UserInterface.adoc
@@ -12,11 +12,13 @@ image::main_interface.png[]
 *(A) Groups* - Organize your entries into discrete groups to bring order to all of your sensitive information. Groups can be nested under each other to create a hierarchy. Settings from parent groups get applied to their children. You can hide this panel on the View menu.
-*(B) Entries* - Entries contain all the information for each website or application you are storing in KeePassXC. This view shows all the entries in the selected group. Each column can be resized, reordered, and shown or hidden based on your preference. Right click the header row to see all available options.
+*(B) Tags* - Dynamic groups of entries that can be quickly displayed with one click. Any number of custom tags can be added when editing an entry. This panel also includes useful pre-defined searches, such as finding expired and weak passwords.
-*\(C) Preview* - Shows a preview of the selected group or entry. You can temporarily hide this preview using the close button on the right hand side or completely disabled in the application settings.
+*\(C) Entries* - Entries contain all the information you want to store for a website or application you are storing in KeePassXC. This view shows all the entries in the selected group. Each column can be resized, reordered, and shown or hidden based on your preference. Right-click the header row to see all available options.
-TIP: Double clicking on the text in the entries list copies that field to the clipboard. Double clicking the entry title will open the entry for editing.
+*(D) Preview* - Shows a preview of the selected group or entry. You can temporarily hide this preview using the close button on the right hand side or completely disabled in the application settings.
 TIP: You can enable double-click copying of entry username and password in the Application Security Settings. This is turned off by default starting with version 2.7.0.
 === Toolbar
 The toolbar provides a quick way to perform common tasks with your database. Some entries in the toolbar are dynamically disabled based on the information contained in the selected entry. Every common action in KeePassXC can be controlled with a keyboard shortcut as well.
@@ -24,12 +26,11 @@ The toolbar provides a quick way to perform common tasks with your database. Som
 .Toolbar overview
 image::toolbar.png[]
-*(A) Database* - Open Database, Save Database +
+*(A) Database* - Open Database, Save Database, Lock Database +
-*(B) Entries* - Create Entry, Edit Selected Entry, Delete Selected Entry +
+*(B) Entries* - Create Entry, Edit Entry, Delete Selected Entries +
 *\(C) Entry Data* - Copy Username, Copy Password, Copy URL, Perform Auto-Type +
-*(D) Lock All Databases* +
+*(D) Tools* - Password Generator, Application Settings +
-*(E) Tools* - Password Generator, Application Settings +
+*(E) Search*
 *(F) Search*
 === Application Settings
 Users can configure KeePassXC to their personal tastes with a wide variety of general and security settings that apply to the whole application. These settings are accessible from _Tools_ -> _Settings_ or the cog wheel icon from the toolbar. Settings include: startup options, file management, entry management, user interface, language, security timeouts, and convenience.
@@ -46,13 +47,8 @@ For users with smaller screens or those who desire seeing more entries at once,
 .Compact mode comparison
 image::compact_mode_comparison.png[]
-==== Copy entry Columns on Double Click
+=== Screenshot Security
-KeePassXC offers the possibility of copying certain entry columns, such as username and password, into your clipboard on double click, for a limited period of time.
+By default, KeePassXC prevents recordings and screenshots of the application window on Windows and macOS. This prevents inadvertent spillage of information during meetings and disallows other applications to capture the window contents. If you would like to enable screen capture, you must start the application with the `--allow-screencapture` command line flag.
 This feature can be enabled by checking the box "Enable double click to copy some entry columns" in the security settings:
 .Enable copying on double click
 image::enable_copy_dc.png[]
 === Keyboard Shortcuts
 include::KeyboardShortcuts.adoc[tag=content, leveloffset=+1]
@@ -71,9 +67,11 @@ Options:
  -v, --version                Displays version information.
  --config <config>            path to a custom config file
  --localconfig <localconfig>  path to a custom local config file
  --lock                       lock all open databases
  --keyfile <keyfile>          key file of the database
  --pw-stdin                   read password of the database from stdin
  --debug-info                 Displays debugging information.
  --allow-screencapture        Allow screen recording and screenshots
 Arguments:
  filename(s)                  filenames of the password databases to open (*.kdbx)
--- a/412
+++ b/412
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 #
 # KeePassXC Release Preparation Helper
-# Copyright (C) 2017 KeePassXC team <https://keepassxc.org/>
+# Copyright (C) 2021 KeePassXC team <https://keepassxc.org/>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,8 +17,17 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 printf "\e[1m\e[32mKeePassXC\e[0m Release Preparation Helper\n"
-printf "Copyright (C) 2017 KeePassXC Team <https://keepassxc.org/>\n\n"
+printf "Copyright (C) 2021 KeePassXC Team <https://keepassxc.org/>\n\n"
 set -eE -o pipefail
 if [ "$(uname -s)" == "Linux" ]; then
    OS_LINUX="1"
 elif [ "$(uname -s)" == "Darwin" ]; then
    OS_MACOS="1"
 elif [ "$(uname -o)" == "Msys" ]; then
    OS_WINDOWS="1"
 fi
 # -----------------------------------------------------------------------
 #                        global default values
@@ -30,10 +39,10 @@ GPG_KEY="CFB4C2166397D0D2"
 GPG_GIT_KEY=""
 OUTPUT_DIR="release"
 SOURCE_BRANCH=""
 TARGET_BRANCH="master"
 TAG_NAME=""
 DOCKER_IMAGE=""
 DOCKER_CONTAINER_NAME="keepassxc-build-container"
 CMAKE_GENERATOR="Unix Makefiles"
 CMAKE_OPTIONS=""
 CPACK_GENERATORS="WIX;ZIP"
 COMPILER="g++"
@@ -43,7 +52,6 @@ INSTALL_PREFIX="/usr/local"
 ORIG_BRANCH=""
 ORIG_CWD="$(pwd)"
 MACOSX_DEPLOYMENT_TARGET=10.13
 GREP="grep"
 TIMESTAMP_SERVER="http://timestamp.sectigo.com"
 # -----------------------------------------------------------------------
@@ -51,17 +59,17 @@ TIMESTAMP_SERVER="http://timestamp.sectigo.com"
 # -----------------------------------------------------------------------
 printUsage() {
    local cmd
-    if [ "" == "$1" ] || [ "help" == "$1" ]; then
+    if [ -z "$1" ] || [ "help" == "$1" ]; then
        cmd="COMMAND"
-    elif [ "check" == "$1" ] || [ "merge" == "$1" ] || [ "build" == "$1" ] \
+    elif [ "check" == "$1" ] || [ "merge" == "$1" ] || [ "build" == "$1" ] || [ "gpgsign" == "$1" ] || \
-        || [ "gpgsign" == "$1" ] || [ "appsign" == "$1" ] || [ "notarize" == "$1" ] || [ "appimage" == "$1" ]; then
+        [ "appsign" == "$1" ] || [ "notarize" == "$1" ] || [ "appimage" == "$1" ] || [ "i18n" == "$1" ]; then
        cmd="$1"
    else
        logError "Unknown command: '$1'\n"
        cmd="COMMAND"
    fi
-    printf "\e[1mUsage:\e[0m $(basename $0) $cmd [options]\n"
+    printf "\e[1mUsage:\e[0m $(basename "$0") $cmd [OPTIONS, ...]\n"
    if [ "COMMAND" == "$cmd" ]; then
        cat << EOF
@@ -74,6 +82,7 @@ Commands:
  appsign    Sign binaries with code signing certificates on Windows and macOS
  notarize   Submit macOS application DMG for notarization
  help       Show help for the given command
  i18n       Update translation files and pull from or push to Transifex
 EOF
    elif [ "merge" == "$cmd" ]; then
        cat << EOF
@@ -88,7 +97,6 @@ Options:
                       leave empty to let Git choose your default key
                       (default: '${GPG_GIT_KEY}')
  -r, --release-branch Source release branch to merge from (default: 'release/VERSION')
      --target-branch  Target branch to merge to (default: '${TARGET_BRANCH}')
  -t, --tag-name       Override release tag name (defaults to version number)
  -h, --help           Show this help
 EOF
@@ -116,7 +124,9 @@ Options:
                          If this option is set, --install-prefix has no effect
      --appsign           Perform platform specific App Signing before packaging
      --timestamp         Explicitly set the timestamp server to use for appsign (default: '${TIMESTAMP_SERVER}')
      --vcpkg             Specify VCPKG toolchain file (example: ~/vcpkg/scripts/buildsystems/vcpkg.cmake)
  -k, --key               Specify the App Signing Key/Identity
      --cmake-generator   Override the default CMake generator (Default: Ninja)
  -c, --cmake-options     Additional CMake options for compiling the sources
      --compiler          Compiler to use (default: '${COMPILER}')
  -m, --make-options      Make options for compiling sources (default: '${MAKE_OPTIONS}')
@@ -181,6 +191,16 @@ Options:
  -k, --key            The PGP Signing Key
      --verbosity      linuxdeploy verbosity (default: 3)
  -h, --help           Show this help
 EOF
    elif [ "i18n" == "$cmd" ]; then
        cat << EOF
 Update translation files and pull from or push to Transifex
 Subcommands:
  tx-push      Push source translation file to Transifex
  tx-pull      Pull updated translations from Transifex
  lupdate      Update source translation file from C++ sources
 EOF
    fi
 }
@@ -198,17 +218,17 @@ logError() {
 }
 init() {
-    if [ "" == "$RELEASE_NAME" ]; then
+    if [ -z "$RELEASE_NAME" ]; then
        logError "Missing arguments, --version is required!\n"
        printUsage "check"
        exit 1
    fi
-    if [ "" == "$TAG_NAME" ]; then
+    if [ -z "$TAG_NAME" ]; then
        TAG_NAME="$RELEASE_NAME"
    fi
-    if [ "" == "$SOURCE_BRANCH" ]; then
+    if [ -z "$SOURCE_BRANCH" ]; then
        SOURCE_BRANCH="release/${RELEASE_NAME}"
    fi
@@ -229,29 +249,15 @@ cleanup() {
 }
 exitError() {
    logError "$1"
    cleanup
    logError "$1"
    exit 1
 }
 exitTrap() {
    exitError "Existing upon user request..."
 }
 cmdExists() {
    command -v "$1" &> /dev/null
 }
 checkGrepCompat() {
    if ! grep -qPzo test <(echo test) 2> /dev/null; then
        if [ -e /usr/local/opt/grep/libexec/gnubin/grep ]; then
            GREP="/usr/local/opt/grep/libexec/gnubin/grep"
        else
            exitError "Incompatible grep implementation! If on macOS, please run 'brew install grep'."
        fi
    fi
 }
 checkSourceDirExists() {
    if [ ! -d "$SRC_DIR" ]; then
        exitError "Source directory '${SRC_DIR}' does not exist!"
@@ -271,51 +277,38 @@ checkGitRepository() {
 }
 checkReleaseDoesNotExist() {
-    git tag | $GREP -q "^$TAG_NAME$"
+    if [ $(git tag -l $TAG_NAME) ]; then
    if [ $? -eq 0 ]; then
        exitError "Release '$RELEASE_NAME' (tag: '$TAG_NAME') already exists!"
    fi
 }
 checkWorkingTreeClean() {
-    git diff-index --quiet HEAD --
+    if ! git diff-index --quiet HEAD --; then
    if [ $? -ne 0 ]; then
        exitError "Current working tree is not clean! Please commit or unstage any changes."
    fi
 }
 checkSourceBranchExists() {
-    git rev-parse "$SOURCE_BRANCH" > /dev/null 2>&1
+    if ! git rev-parse "$SOURCE_BRANCH" > /dev/null 2>&1; then
    if [ $? -ne 0 ]; then
        exitError "Source branch '$SOURCE_BRANCH' does not exist!"
    fi
 }
 checkTargetBranchExists() {
    git rev-parse "$TARGET_BRANCH" > /dev/null 2>&1
    if [ $? -ne 0 ]; then
        exitError "Target branch '$TARGET_BRANCH' does not exist!"
    fi
 }
 checkVersionInCMake() {
    local app_name_upper="$(echo "$APP_NAME" | tr '[:lower:]' '[:upper:]')"
    local major_num="$(echo ${RELEASE_NAME} | cut -f1 -d.)"
    local minor_num="$(echo ${RELEASE_NAME} | cut -f2 -d.)"
    local patch_num="$(echo ${RELEASE_NAME} | cut -f3 -d. | cut -f1 -d-)"
-    $GREP -q "${app_name_upper}_VERSION_MAJOR \"${major_num}\"" CMakeLists.txt
+    if ! grep -q "${app_name_upper}_VERSION_MAJOR \"${major_num}\"" CMakeLists.txt; then
    if [ $? -ne 0 ]; then
        exitError "${app_name_upper}_VERSION_MAJOR not updated to '${major_num}' in CMakeLists.txt!"
    fi
-    $GREP -q "${app_name_upper}_VERSION_MINOR \"${minor_num}\"" CMakeLists.txt
+    if ! grep -q "${app_name_upper}_VERSION_MINOR \"${minor_num}\"" CMakeLists.txt; then
    if [ $? -ne 0 ]; then
        exitError "${app_name_upper}_VERSION_MINOR not updated to '${minor_num}' in CMakeLists.txt!"
    fi
-    $GREP -q "${app_name_upper}_VERSION_PATCH \"${patch_num}\"" CMakeLists.txt
+    if ! grep -q "${app_name_upper}_VERSION_PATCH \"${patch_num}\"" CMakeLists.txt; then
    if [ $? -ne 0 ]; then
        exitError "${app_name_upper}_VERSION_PATCH not updated to '${patch_num}' in CMakeLists.txt!"
    fi
 }
@@ -325,8 +318,7 @@ checkChangeLog() {
        exitError "No CHANGELOG file found!"
    fi
-    $GREP -qPzo "## ${RELEASE_NAME} \(\d{4}-\d{2}-\d{2}\)\n" CHANGELOG.md
+    if ! grep -qEzo "## ${RELEASE_NAME} \([0-9]{4}-[0-9]{2}-[0-9]{2}\)" CHANGELOG.md; then
    if [ $? -ne 0 ]; then
        exitError "'CHANGELOG.md' has not been updated to the '${RELEASE_NAME}' release!"
    fi
 }
@@ -336,29 +328,11 @@ checkAppStreamInfo() {
        exitError "No AppStream info file found!"
    fi
-    $GREP -qPzo "<release version=\"${RELEASE_NAME}\" date=\"\d{4}-\d{2}-\d{2}\">" share/linux/org.keepassxc.KeePassXC.appdata.xml
+    if ! grep -qEzo "<release version=\"${RELEASE_NAME}\" date=\"[0-9]{4}-[0-9]{2}-[0-9]{2}\">" share/linux/org.keepassxc.KeePassXC.appdata.xml; then
    if [ $? -ne 0 ]; then
        exitError "'share/linux/org.keepassxc.KeePassXC.appdata.xml' has not been updated to the '${RELEASE_NAME}' release!"
    fi
 }
 checkSnapcraft() {
    if [ ! -f snap/snapcraft.yaml ]; then
        echo "Could not find snap/snapcraft.yaml!"
        return
    fi
    $GREP -qPzo "version: ${RELEASE_NAME}" snap/snapcraft.yaml
    if [ $? -ne 0 ]; then
        exitError "'snapcraft.yaml' has not been updated to the '${RELEASE_NAME}' release!"
    fi
    $GREP -qPzo "KEEPASSXC_BUILD_TYPE=Release" snap/snapcraft.yaml
    if [ $? -ne 0 ]; then
        exitError "'snapcraft.yaml' is not set for a release build!"
    fi
 }
 checkTransifexCommandExists() {
    if ! cmdExists tx; then
        exitError "Transifex tool 'tx' not installed! Please install it using 'pip install transifex-client'."
@@ -387,7 +361,7 @@ checkXcodeSetup() {
 }
 checkQt5LUpdateExists() {
-    if cmdExists lupdate && ! $(lupdate -version | $GREP -q "lupdate version 5\."); then
+    if cmdExists lupdate && ! $(lupdate -version | grep -q "lupdate version 5\."); then
        if ! cmdExists lupdate-qt5; then
            exitError "Qt Linguist tool (lupdate-qt5) is not installed! Please install using 'apt install qttools5-dev-tools'"
        fi
@@ -397,8 +371,6 @@ checkQt5LUpdateExists() {
 performChecks() {
    logInfo "Performing basic checks..."
    checkGrepCompat
    checkSourceDirExists
    logInfo "Changing to source directory..."
@@ -412,7 +384,6 @@ performChecks() {
    checkReleaseDoesNotExist
    checkWorkingTreeClean
    checkSourceBranchExists
    checkTargetBranchExists
    logInfo "Checking out '${SOURCE_BRANCH}'..."
    git checkout "$SOURCE_BRANCH" > /dev/null 2>&1
@@ -422,7 +393,6 @@ performChecks() {
    checkVersionInCMake
    checkChangeLog
    checkAppStreamInfo
    checkSnapcraft
    logInfo "\e[1m\e[32mAll checks passed!\e[0m"
 }
@@ -450,7 +420,9 @@ if ! cmdExists realpath; then
 fi
-trap exitTrap SIGINT SIGTERM
+trap 'exitError "Exited upon user request."' SIGINT SIGTERM
 trap 'exitError "Error occurred!"' ERR
 # -----------------------------------------------------------------------
 #                             check command
@@ -506,10 +478,6 @@ merge() {
                SOURCE_BRANCH="$2"
                shift ;;
            --target-branch)
                TARGET_BRANCH="$2"
                shift ;;
            -t|--tag-name)
                TAG_NAME="$2"
                shift ;;
@@ -530,46 +498,49 @@ merge() {
    performChecks
-    logInfo "Updating language files..."
+    # Update translations
-    ./share/translations/update.sh update
+    i18n lupdate
-    ./share/translations/update.sh pull
+    i18n tx-pull
    if [ 0 -ne $? ]; then
        exitError "Updating translations failed!"
    fi
-    git diff-index --quiet HEAD --
+    if ! git diff-index --quiet HEAD --; then
    if [ $? -ne 0 ]; then
        git add -A ./share/translations/
        logInfo "Committing changes..."
-        if [ "" == "$GPG_GIT_KEY" ]; then
+        if [ -z "$GPG_GIT_KEY" ]; then
            git commit -m "Update translations"
        else
            git commit -m "Update translations" -S"$GPG_GIT_KEY"
        fi
    fi
-    CHANGELOG=$($GREP -Pzo "(?<=${RELEASE_NAME} \(\d{4}-\d{2}-\d{2}\)\n\n)\n?(?:.|\n)+?\n(?=## )" CHANGELOG.md \
+    local flags="-Pzo"
-                  | sed 's/^### //' | tr -d \\0)
+    if [ -n "$OS_MACOS" ]; then
        flags="-Ezo"
    fi
    CHANGELOG=$(grep ${flags} "## ${RELEASE_NAME} \([0-9]{4}-[0-9]{2}-[0-9]{2}\)\n\n(.|\n)+?\n\n## " CHANGELOG.md \
                | tail -n+3 | sed '$d' | sed 's/^### //')
    COMMIT_MSG="Release ${RELEASE_NAME}"
    logInfo "Checking out target branch '${TARGET_BRANCH}'..."
    git checkout "$TARGET_BRANCH" > /dev/null 2>&1
    logInfo "Merging '${SOURCE_BRANCH}' into '${TARGET_BRANCH}'..."
    git merge "$SOURCE_BRANCH" --no-ff -m "$COMMIT_MSG" -m "${CHANGELOG}" "$SOURCE_BRANCH" -S"$GPG_GIT_KEY"
    logInfo "Creating tag '${TAG_NAME}'..."
-    if [ "" == "$GPG_GIT_KEY" ]; then
+    if [ -z  "$GPG_GIT_KEY" ]; then
        git tag -a "$TAG_NAME" -m "$COMMIT_MSG" -m "${CHANGELOG}" -s
    else
        git tag -a "$TAG_NAME" -m "$COMMIT_MSG" -m "${CHANGELOG}" -s -u "$GPG_GIT_KEY"
    fi
    logInfo "Advancing 'latest' tag..."
    if [ -z  "$GPG_GIT_KEY" ]; then
        git tag -sf -a "latest" -m "Latest stable release"
    else
        git tag -sf -u "$GPG_GIT_KEY" -a "latest" -m "Latest stable release"
    fi
    cleanup
    logInfo "All done!"
-    logInfo "Please merge the release branch back into the develop branch now and then push your changes."
+    logInfo "Don't forget to push the tags using \e[1mgit push --tags\e[0m."
    logInfo "Don't forget to also push the tags using \e[1mgit push --tags\e[0m."
 }
 # -----------------------------------------------------------------------
@@ -642,7 +613,7 @@ appimage() {
    appdir="$(realpath "$appdir")"
    local out="${OUTPUT_DIR}"
-    if [ "" == "$out" ]; then
+    if [ -z "$out" ]; then
        out="."
    fi
    mkdir -p "$out"
@@ -659,12 +630,12 @@ appimage() {
    logInfo "Testing for AppImage tools..."
    local docker_test_cmd
    if [ "" != "$DOCKER_IMAGE" ]; then
-        docker_test_cmd="docker run --rm ${DOCKER_IMAGE}"
+        docker_test_cmd="docker run -it --user $(id -u):$(id -g) --rm ${DOCKER_IMAGE}"
    fi
    # Test if linuxdeploy and linuxdeploy-plugin-qt are installed
    # on the system or inside the Docker container
-    if ! ${docker_test_cmd} which ${linuxdeploy} &> /dev/null; then
+    if ! ${docker_test_cmd} which ${linuxdeploy} > /dev/null; then
        logInfo "Downloading linuxdeploy..."
        linuxdeploy="./linuxdeploy"
        linuxdeploy_cleanup="rm -f ${linuxdeploy}"
@@ -673,7 +644,7 @@ appimage() {
        fi
        chmod +x "$linuxdeploy"
    fi
-    if ! ${docker_test_cmd} which ${linuxdeploy_plugin_qt} &> /dev/null; then
+    if ! ${docker_test_cmd} which ${linuxdeploy_plugin_qt} > /dev/null; then
        logInfo "Downloading linuxdeploy-plugin-qt..."
        linuxdeploy_plugin_qt="./linuxdeploy-plugin-qt"
        linuxdeploy_plugin_qt_cleanup="rm -f ${linuxdeploy_plugin_qt}"
@@ -695,49 +666,46 @@ appimage() {
    fi
    # Create custom AppRun wrapper
-    cat << EOF > "${out_real}/KeePassXC-AppRun"
+    cat << 'EOF' > "${out_real}/KeePassXC-AppRun"
 #!/usr/bin/env bash
-export PATH="\$(dirname \$0)/usr/bin:\${PATH}"
+export PATH="$(dirname $0)/usr/bin:${PATH}"
-export LD_LIBRARY_PATH="\$(dirname \$0)/usr/lib:\${LD_LIBRARY_PATH}"
+export LD_LIBRARY_PATH="$(dirname $0)/usr/lib:${LD_LIBRARY_PATH}"
-if [ "\${1}" == "cli" ]; then
+if [ "$1" == "cli" ]; then
    shift
-    exec keepassxc-cli "\$@"
+    exec keepassxc-cli "$@"
-elif [ "\${1}" == "proxy" ]; then
+elif [ "$1" == "proxy" ]; then
    shift
-    exec keepassxc-proxy "\$@"
+    exec keepassxc-proxy "$@"
 elif [ -v CHROME_WRAPPER ] || [ -v MOZ_LAUNCHED_CHILD ]; then
-    exec keepassxc-proxy "\$@"
+    exec keepassxc-proxy "$@"
 else
-    exec keepassxc "\$@"
+    exec keepassxc "$@"
 fi
 EOF
    chmod +x "${out_real}/KeePassXC-AppRun"
    # Find .desktop files, icons, and binaries to deploy
    local desktop_file="$(find "$appdir" -name "org.keepassxc.KeePassXC.desktop" | head -n1)"
-    local icon="$(find "$appdir" -name 'keepassxc.png' | $GREP -P 'application/256x256/apps/keepassxc.png$' | head -n1)"
+    local icon="$(find "$appdir" -path '*/application/256x256/apps/keepassxc.png' | head -n1)"
-    local executables="$(IFS=$'\n' find "$appdir" | $GREP -P '/usr/bin/keepassxc[^/]*$' | xargs -i printf " --executable={}")"
+    local executables="$(find "$appdir" -type f -executable -path '*/bin/keepassxc*' -print0 | xargs -0 -i printf " --executable={}")"
    logInfo "Collecting libs and patching binaries..."
-    if [ "" == "$DOCKER_IMAGE" ]; then
+    if [ -z "$DOCKER_IMAGE" ]; then
        "$linuxdeploy" --verbosity=${verbosity} --plugin=qt --appdir="$appdir" --desktop-file="$desktop_file" \
-        --custom-apprun="${out_real}/KeePassXC-AppRun" --icon-file="$icon" ${executables} \
+        --custom-apprun="${out_real}/KeePassXC-AppRun" --icon-file="$icon" ${executables}
        --library=$(ldconfig -p | $GREP x86-64 | $GREP -oP '/[^\s]+/libgpg-error\.so\.\d+$' | head -n1)
    else
        desktop_file="${desktop_file//${appdir}/\/keepassxc\/AppDir}"
        icon="${icon//${appdir}/\/keepassxc\/AppDir}"
        executables="${executables//${appdir}/\/keepassxc\/AppDir}"
        docker run --name "$DOCKER_CONTAINER_NAME" --rm \
-            --cap-add SYS_ADMIN --security-opt apparmor:unconfined --device /dev/fuse \
+            --cap-add SYS_ADMIN --security-opt apparmor:unconfined --device /dev/fuse -it \
-            -v "${appdir}:/keepassxc/AppDir:rw" \
+            -v "${out_real}:${out_real}:rw" \
-            -v "${out_real}:/keepassxc/out:rw" \
+            -v "${appdir}:${appdir}:rw" \
            -w "$out_real" \
            --user $(id -u):$(id -g) \
            "$DOCKER_IMAGE" \
-            bash -c "cd /keepassxc/out && ${linuxdeploy} --verbosity=${verbosity} --plugin=qt --appdir=/keepassxc/AppDir \
+            bash -c "${linuxdeploy} --verbosity=${verbosity} --plugin=qt \
-            --custom-apprun="/keepassxc/out/KeePassXC-AppRun" --desktop-file=${desktop_file} --icon-file=${icon} ${executables} \
+            --appdir='${appdir}' --custom-apprun='${out_real}/KeePassXC-AppRun' \
-            --library=\$(ldconfig -p | grep x86-64 | grep -oP '/[^\s]+/libgpg-error\.so\.\d+$' | head -n1)"
+            --desktop-file='${desktop_file}' --icon-file='${icon}' ${executables}"
    fi
    if [ $? -ne 0 ]; then
@@ -783,6 +751,7 @@ build() {
    local build_generators=""
    local build_appsign=false
    local build_key=""
    local build_vcpkg=""
    while [ $# -ge 1 ]; do
        local arg="$1"
@@ -832,6 +801,10 @@ build() {
            --appimage)
                build_appimage=true ;;
            --cmake-generator)
                CMAKE_GENERATOR="$2"
                shift ;;
            -c|--cmake-options)
                CMAKE_OPTIONS="$2"
                shift ;;
@@ -840,6 +813,10 @@ build() {
                COMPILER="$2"
                shift ;;
            --vcpkg)
                build_vcpkg="$2"
                shift ;;
            -m|--make-options)
                MAKE_OPTIONS="$2"
                shift ;;
@@ -876,12 +853,15 @@ build() {
    init
    OUTPUT_DIR="$(realpath "$OUTPUT_DIR")"
    # Resolve appsign key to absolute path if under Windows
-    if [[ "${build_key}" && "$(uname -o)" == "Msys" ]]; then
+    if [[ "${build_key}" && -n "$OS_WINDOWS" ]]; then
        build_key="$(realpath "${build_key}")"
    fi
    if [[ -f ${build_vcpkg} ]]; then
        CMAKE_OPTIONS="${CMAKE_OPTIONS} -DCMAKE_TOOLCHAIN_FILE=${build_vcpkg} -DX_VCPKG_APPLOCAL_DEPS_INSTALL=ON"
    fi
    if ${build_snapshot}; then
        TAG_NAME="HEAD"
        local branch=`git rev-parse --abbrev-ref HEAD`
@@ -889,23 +869,27 @@ build() {
        RELEASE_NAME="${RELEASE_NAME}-snapshot"
        CMAKE_OPTIONS="${CMAKE_OPTIONS} -DKEEPASSXC_BUILD_TYPE=Snapshot -DOVERRIDE_VERSION=${RELEASE_NAME}"
    else
        checkGrepCompat
        checkWorkingTreeClean
-
+        if echo "$TAG_NAME" | grep -qE '\-(alpha|beta)[0-9]+$'; then
        if $(echo "$TAG_NAME" | $GREP -qP "\-(alpha|beta)\\d+\$"); then
            CMAKE_OPTIONS="${CMAKE_OPTIONS} -DKEEPASSXC_BUILD_TYPE=PreRelease"
            logInfo "Checking out pre-release tag '${TAG_NAME}'..."
        else
            CMAKE_OPTIONS="${CMAKE_OPTIONS} -DKEEPASSXC_BUILD_TYPE=Release"
            logInfo "Checking out release tag '${TAG_NAME}'..."
        fi
-        git checkout "$TAG_NAME" > /dev/null 2>&1
+
        if ! git checkout "$TAG_NAME" > /dev/null 2>&1; then
            exitError "Failed to check out target branch."
        fi
    fi
    OUTPUT_DIR="$(realpath "$OUTPUT_DIR")"
    if  ! ${build_snapshot} && [ -d "$OUTPUT_DIR" ]; then
        exitError "Output dir '${OUTPUT_DIR}' already exists."
    fi
    logInfo "Creating output directory..."
-    mkdir -p "$OUTPUT_DIR"
+    if ! mkdir -p "$OUTPUT_DIR"; then
    if [ $? -ne 0 ]; then
        exitError "Failed to create output directory!"
    fi
@@ -930,15 +914,7 @@ build() {
            logWarn "xz not installed. Falling back to bz2..."
            xz="bzip2"
        fi
-        $xz -6 "${OUTPUT_DIR}/${tarball_name}"
+        $xz -6 -f "${OUTPUT_DIR}/${tarball_name}"
    fi
    if ! ${build_snapshot} && [ -e "${OUTPUT_DIR}/build-release" ]; then
        logInfo "Cleaning existing build directory..."
        rm -rf "${OUTPUT_DIR}/build-release" 2> /dev/null
        if [ $? -ne 0 ]; then
            exitError "Failed to clean existing build directory, please do it manually."
        fi
    fi
    logInfo "Creating build directory..."
@@ -949,11 +925,18 @@ build() {
    for p in ${BUILD_PLUGINS}; do
        CMAKE_OPTIONS="${CMAKE_OPTIONS} -DWITH_XC_$(echo $p | tr '[:lower:]' '[:upper:]')=On"
    done
-    if [ "$(uname -o 2> /dev/null)" == "GNU/Linux" ] && ${build_appimage}; then
+    if [ -n "$OS_LINUX" ] && ${build_appimage}; then
        CMAKE_OPTIONS="${CMAKE_OPTIONS} -DKEEPASSXC_DIST_TYPE=AppImage"
        # linuxdeploy requires /usr as install prefix
        INSTALL_PREFIX="/usr"
    fi
    if [ -n "$OS_MACOS" ]; then
      type brew &> /dev/null 2>&1
      if [ $? -eq 0 ]; then
        INSTALL_PREFIX=$(brew --prefix)
      fi
    fi
    # Do not build tests cases
    CMAKE_OPTIONS="${CMAKE_OPTIONS} -DWITH_TESTS=OFF"
@@ -961,22 +944,23 @@ build() {
        export CC=gcc
    elif [ "$COMPILER" == "clang++" ]; then
        export CC=clang
    else
        export CC="$COMPILER"
    fi
    export CXX="$COMPILER"
-    if [ "" == "$DOCKER_IMAGE" ]; then
+    if [ -z "$DOCKER_IMAGE" ]; then
-        if [ "$(uname -s)" == "Darwin" ]; then
+        if [ -n "$OS_MACOS" ]; then
            # Building on macOS
            export MACOSX_DEPLOYMENT_TARGET
            logInfo "Configuring build..."
-            cmake -DCMAKE_BUILD_TYPE=Release \
+            cmake -G "${CMAKE_GENERATOR}" -DCMAKE_BUILD_TYPE=Release -DCMAKE_OSX_ARCHITECTURES="$(uname -m)" \
-              -DCMAKE_OSX_ARCHITECTURES="$(uname -m)" -DCMAKE_INSTALL_PREFIX="${INSTALL_PREFIX}" \
+            -DCMAKE_INSTALL_PREFIX="${INSTALL_PREFIX}" ${CMAKE_OPTIONS} "$SRC_DIR"
              -DCMAKE_PREFIX_PATH="/opt/homebrew/opt/qt/lib/cmake;/usr/local/opt/qt/lib/cmake" \
              ${CMAKE_OPTIONS} "$SRC_DIR"
            logInfo "Compiling and packaging sources..."
-            make ${MAKE_OPTIONS} package
+            cmake --build . -- ${MAKE_OPTIONS}
            cpack -G "DragNDrop"
            # Appsign the executables if desired
            if ${build_appsign}; then
@@ -985,19 +969,19 @@ build() {
            fi
            mv "./${APP_NAME}-${RELEASE_NAME}.dmg" "../${APP_NAME}-${RELEASE_NAME}-$(uname -m).dmg"
-        elif [ "$(uname -o)" == "Msys" ]; then
+        elif [ -n "$OS_WINDOWS" ]; then
            # Building on Windows with Msys2
            logInfo "Configuring build..."
-            cmake -DCMAKE_BUILD_TYPE=Release -G"MSYS Makefiles" \
+            cmake -DCMAKE_BUILD_TYPE=Release -G "${CMAKE_GENERATOR}" -DCMAKE_INSTALL_PREFIX="${INSTALL_PREFIX}" \
-                -DCMAKE_INSTALL_PREFIX="${INSTALL_PREFIX}" ${CMAKE_OPTIONS} "$SRC_DIR"
+                ${CMAKE_OPTIONS} "$SRC_DIR"
            logInfo "Compiling and packaging sources..."
-            mingw32-make ${MAKE_OPTIONS} preinstall
+            cmake --build . --config "Release" -- ${MAKE_OPTIONS}
            # Appsign the executables if desired
            if ${build_appsign} && [ -f "${build_key}" ]; then
                logInfo "Signing executable files"
-                appsign "-f" $(find src | $GREP -P '\.exe$|\.dll$') "-k" "${build_key}"
+                appsign "-f" $(find src | grep -Ei 'keepassxc.*(\.exe|\.dll)$') "-k" "${build_key}"
            fi
            # Call cpack directly instead of calling make package.
@@ -1005,17 +989,6 @@ build() {
            # release.
            cpack -G "${CPACK_GENERATORS};${build_generators}"
            # Inject the portable config into the zip build and rename
            touch .portable
            for filename in ${APP_NAME}-*.zip; do
                logInfo "Creating portable zip file"
                local folder=$(echo ${filename} | sed -r 's/(.*)\.zip/\1/')
                python -c 'import zipfile,sys ; zipfile.ZipFile(sys.argv[1],"a").write(sys.argv[2],sys.argv[3])' \
                    ${filename} .portable ${folder}/.portable
                mv ${filename} ${folder}-portable.zip
            done
            rm .portable
            mv "${APP_NAME}-"*.* ../
        else
            mkdir -p "${OUTPUT_DIR}/KeePassXC.AppDir"
@@ -1039,7 +1012,7 @@ build() {
            logInfo "Launching Docker contain to compile snapcraft..."
-            sudo docker run --name "$DOCKER_CONTAINER_NAME" --rm \
+            sudo docker run --name "$DOCKER_CONTAINER_NAME" --rm -it --user $(id -u):$(id -g) \
                -v "$(realpath "$SRC_DIR"):/keepassxc" -w "/keepassxc" \
                "$DOCKER_IMAGE" snapcraft
        else
@@ -1049,7 +1022,8 @@ build() {
            docker run --name "$DOCKER_CONTAINER_NAME" --rm \
                --cap-add SYS_ADMIN --security-opt apparmor:unconfined --device /dev/fuse \
-                -e "CC=${CC}" -e "CXX=${CXX}" \
+                --user $(id -u):$(id -g) \
                -e "CC=${CC}" -e "CXX=${CXX}" -it  \
                -v "$(realpath "$SRC_DIR"):/keepassxc/src:ro" \
                -v "$(realpath "$OUTPUT_DIR"):/keepassxc/out:rw" \
                "$DOCKER_IMAGE" \
@@ -1066,7 +1040,7 @@ build() {
        logInfo "Build finished, Docker container terminated."
    fi
-    if [ "$(uname -o 2> /dev/null)" == "GNU/Linux" ] && ${build_appimage}; then
+    if [ -n "$OS_LINUX" ] && ${build_appimage}; then
        local appsign_flag=""
        local appsign_key_flag=""
        local docker_image_flag=""
@@ -1079,7 +1053,7 @@ build() {
            docker_image_flag="-d ${DOCKER_IMAGE}"
            docker_container_name_flag="--container-name ${DOCKER_CONTAINER_NAME}"
        fi
-        appimage "-a" "${OUTPUT_DIR}/KeePassXC.AppDir" "-o" "${OUTPUT_DIR}" \
+        appimage -a "${OUTPUT_DIR}/KeePassXC.AppDir" -o "${OUTPUT_DIR}" \
            ${appsign_flag} ${appsign_key_flag} ${docker_image_flag} ${docker_container_name_flag}
    fi
@@ -1196,9 +1170,8 @@ appsign() {
        fi
    done
-    if [ "$(uname -s)" == "Darwin" ]; then
+    if [ -n "$OS_MACOS" ]; then
        checkXcodeSetup
        checkGrepCompat
        local orig_dir="$(pwd)"
        local real_src_dir="$(realpath "${SRC_DIR}")"
@@ -1264,12 +1237,13 @@ appsign() {
            logInfo "File '${f}' successfully signed."
        done
-    elif [ "$(uname -o)" == "Msys" ]; then
+    elif [ -n "$OS_WINDOWS" ]; then
        if [[ ! -f "${key}" ]]; then
-            exitError "Key file was not found!"
+            exitError "Appsign key file was not found! (${key})"
        fi
-        read -s -p "Key password: " password
+        logInfo "Using appsign key ${key}."
        IFS=$'\n' read -s -r -p "Key password: " password
        echo
        for f in "${sign_files[@]}"; do
@@ -1336,7 +1310,7 @@ notarize() {
        shift
    done
-    if [ "$(uname -s)" != "Darwin" ]; then
+    if [ -z "$OS_MACOS" ]; then
        exitError "Notarization is only supported on macOS!"
    fi
@@ -1346,7 +1320,7 @@ notarize() {
        exit 1
    fi
-    if [ "$ac_username" == "" ]; then
+    if [ -z "$ac_username" ]; then
        logError "Missing arguments, --username is required!"
        printUsage "notarize"
        exit 1
@@ -1364,14 +1338,14 @@ notarize() {
            --primary-bundle-id "org.keepassxc.keepassxc" \
            --username "${ac_username}" \
            --password "@keychain:${ac_keychain}" \
-            --file "${f}" 2> /dev/null)"
+            --file "${f}")"
        if [ 0 -ne $? ]; then
            logError "Submission failed!"
            exitError "Error message:\n${status}"
        fi
-        local ticket="$(echo "${status}" | $GREP -oP "[a-f0-9-]+$")"
+        local ticket="$(echo "${status}" | grep -oE '[a-f0-9-]+$')"
        logInfo "Submission successful. Ticket ID: ${ticket}."
        logInfo "Waiting for notarization to finish (this may take a while)..."
@@ -1382,10 +1356,10 @@ notarize() {
                --username "${ac_username}" \
                --password "@keychain:${ac_keychain}" 2> /dev/null)"
-            if echo "$status" | $GREP -q "Status Code: 0"; then
+            if echo "$status" | grep -q "Status Code: 0"; then
                logInfo "\nNotarization successful."
                break
-            elif echo "$status" | $GREP -q "Status Code"; then
+            elif echo "$status" | grep -q "Status Code"; then
                logError "\nNotarization failed!"
                exitError "Error message:\n${status}"
            fi
@@ -1404,12 +1378,84 @@ notarize() {
    done
 }
 # -----------------------------------------------------------------------
 #                              i18n command
 # -----------------------------------------------------------------------
 i18n() {
    local cmd="$1"
    if [ -z "$cmd" ]; then
        logError "No subcommand specified.\n"
        printUsage i18n
        exit 1
    elif [ "$cmd" != "tx-push" ] && [ "$cmd" != "tx-pull" ] && [ "$cmd" != "lupdate" ]; then
        logError "Unknown subcommand: '${cmd}'\n"
        printUsage i18n
        exit 1
    fi
    shift
    checkGitRepository
    if [ "$cmd" == "lupdate" ]; then
        if [ ! -d share/translations ]; then
            logError "Command must be called from repository root directory."
            exit 1
        fi
        checkQt5LUpdateExists
        logInfo "Updating source translation file..."
        LUPDATE=lupdate-qt5
        if ! command -v $LUPDATE > /dev/null; then
            LUPDATE=lupdate
        fi
        $LUPDATE -no-ui-lines -disable-heuristic similartext -locations none -no-obsolete src \
            -ts share/translations/keepassxc_en.ts $@
        return 0
    fi
    checkTransifexCommandExists
    local branch="$(git branch --show-current 2>&1)"
    local real_branch="$branch"
    if [[ "$branch" =~ ^release/ ]]; then
        logInfo "Release branch, setting language resource to master branch."
        branch="master"
    elif [ "$branch" != "develop" ] && [ "$branch" != "master" ]; then
        logError "Must be on master or develop branch!"
        exit 1
    fi
    local resource="keepassxc.share-translations-keepassxc-en-ts--${branch}"
    if [ "$cmd" == "tx-push" ]; then
        echo -e "This will push the \e[1m'en'\e[0m source file from the current branch to Transifex:\n" >&2
        echo -e "   \e[1m${real_branch}\e[0m -> \e[1m${resource}\e[0m\n" >&2
        echo -n "Continue? [y/N] " >&2
        read -r yesno
        if [ "$yesno" != "y" ] && [ "$yesno" != "Y" ]; then
            logError "Push aborted."
            exit 1
        fi
        logInfo "Pushing source translation file to Transifex..."
        tx push -s --use-git-timestamps -r "$resource" $@
    elif [ "$cmd" == "tx-pull" ]; then
        logInfo "Pulling updated translations from Transifex..."
        tx pull -af --minimum-perc=45 --parallel -r "$resource" $@
    fi
 }
 # -----------------------------------------------------------------------
 #                       parse global command line
 # -----------------------------------------------------------------------
 MODE="$1"
-shift
+shift || true
-if [ "" == "$MODE" ]; then
+if [ -z "$MODE" ]; then
    logError "Missing arguments!\n"
    printUsage
    exit 1
@@ -1418,7 +1464,7 @@ elif [ "help" == "$MODE" ]; then
    exit
 elif [ "check" == "$MODE" ] || [ "merge" == "$MODE" ] || [ "build" == "$MODE" ] \
    || [ "gpgsign" == "$MODE" ] || [ "appsign" == "$MODE" ]|| [ "notarize" == "$MODE" ] \
-    || [ "appimage" == "$MODE" ]; then
+    || [ "appimage" == "$MODE" ]|| [ "i18n" == "$MODE" ]; then
    ${MODE} "$@"
 else
    printUsage "$MODE"
--- a/release-tool.ps1
+++ b/release-tool.ps1
@@ -0,0 +1,624 @@
 <#
 .SYNOPSIS
 KeePassXC Release Tool
 .DESCRIPTION
 Commands:
  merge      Merge release branch into main branch and create release tags
  build      Build and package binary release from sources
  sign       Sign previously compiled release packages
 .NOTES
 The following are descriptions of certain parameters:
  -Vcpkg           Specify VCPKG toolchain location (example: C:\vcpkg)
  -Tag             Release tag to check out (defaults to version number)
  -Snapshot        Build current HEAD without checkout out Tag
  -CMakeGenerator  Override the default CMake generator
  -CMakeOptions    Additional CMake options for compiling the sources
  -CPackGenerators Set CPack generators (default: WIX;ZIP)
  -Compiler        Compiler to use (example: g++, clang, msbuild)
  -MakeOptions     Options to pass to the make program
  -SignBuild       Perform platform specific App Signing before packaging
  -SignKey         Specify the App Signing Key/Identity
  -TimeStamp       Explicitly set the timestamp server to use for appsign
  -SourceBranch    Source branch to merge from (default: 'release/$Version')
  -TargetBranch    Target branch to merge to (default: master)
  -VSToolChain     Specify Visual Studio Toolchain by name if more than one is available
 #>
 param(
    [Parameter(ParameterSetName = "merge", Mandatory, Position = 0)]
    [switch] $Merge,
    [Parameter(ParameterSetName = "build", Mandatory, Position = 0)]
    [switch] $Build,
    [Parameter(ParameterSetName = "sign", Mandatory, Position = 0)]
    [switch] $Sign,
    [Parameter(ParameterSetName = "merge", Mandatory, Position = 1)]
    [Parameter(ParameterSetName = "build", Mandatory, Position = 1)]
    [Parameter(ParameterSetName = "sign", Mandatory, Position = 1)]
    [string] $Version,
    [Parameter(ParameterSetName = "build", Mandatory)]
    [string] $Vcpkg,
    [Parameter(ParameterSetName = "sign", Mandatory)]
    [SupportsWildcards()]
    [string[]] $SignFiles,
    # [Parameter(ParameterSetName = "build")]
    # [switch] $DryRun,
    [Parameter(ParameterSetName = "build")]
    [switch] $Snapshot,
    [Parameter(ParameterSetName = "build")]
    [switch] $SignBuild,
    [Parameter(ParameterSetName = "build")]
    [string] $CMakeGenerator = "Ninja",
    [Parameter(ParameterSetName = "build")]
    [string] $CMakeOptions,
    [Parameter(ParameterSetName = "build")]
    [string] $CPackGenerators = "WIX;ZIP",
    [Parameter(ParameterSetName = "build")]
    [string] $Compiler,
    [Parameter(ParameterSetName = "build")]
    [string] $MakeOptions,
    [Parameter(ParameterSetName = "build")]
    [Parameter(ParameterSetName = "sign")]
    [string] $SignKey,
    [Parameter(ParameterSetName = "build")]
    [Parameter(ParameterSetName = "sign")]
    [string] $Timestamp = "http://timestamp.sectigo.com",
    [Parameter(ParameterSetName = "merge")]
    [Parameter(ParameterSetName = "build")]
    [Parameter(ParameterSetName = "sign")]
    [string] $GpgKey = "CFB4C2166397D0D2",
    [Parameter(ParameterSetName = "merge")]
    [Parameter(ParameterSetName = "build")]
    [string] $SourceDir = ".",
    [Parameter(ParameterSetName = "build")]
    [string] $OutDir = ".\release",
    [Parameter(ParameterSetName = "merge")]
    [Parameter(ParameterSetName = "build")]
    [string] $Tag,
    [Parameter(ParameterSetName = "merge")]
    [string] $SourceBranch,
    [Parameter(ParameterSetName = "build")]
    [string] $VSToolChain,
    [Parameter(ParameterSetName = "merge")]
    [Parameter(ParameterSetName = "build")]
    [Parameter(ParameterSetName = "sign")]
    [string] $ExtraPath
 )
 # Helper function definitions
 function Test-RequiredPrograms {
    # If any of these fail they will throw an exception terminating the script
    if ($Build) {
        Get-Command git | Out-Null
        Get-Command cmake | Out-Null
    }
    if ($Merge) {
        Get-Command git | Out-Null
        Get-Command tx | Out-Null
        Get-Command lupdate | Out-Null
    }
    if ($Sign -or $SignBuild) {
        if ($SignKey.Length) {
            Get-Command signtool | Out-Null
        }
        Get-Command gpg | Out-Null
    }
 }
 function Test-VersionInFiles {
    # Check CMakeLists.txt
    $Major, $Minor, $Patch = $Version.split(".", 3)
    if (!(Select-String "$SourceDir\CMakeLists.txt" -pattern "KEEPASSXC_VERSION_MAJOR `"$Major`"" -Quiet) `
            -or !(Select-String "$SourceDir\CMakeLists.txt" -pattern "KEEPASSXC_VERSION_MINOR `"$Minor`"" -Quiet) `
            -or !(Select-String "$SourceDir\CMakeLists.txt" -pattern "KEEPASSXC_VERSION_PATCH `"$Patch`"" -Quiet)) {
        throw "CMakeLists.txt has not been updated to $Version."
    }
    # Check Changelog
    if (!(Select-String "$SourceDir\CHANGELOG.md" -pattern "^## $Version \(\d{4}-\d{2}-\d{2}\)$" -Quiet)) {
        throw "CHANGELOG.md does not contain a section for $Version."
    }
    # Check AppStreamInfo
    if (!(Select-String "$SourceDir\share\linux\org.keepassxc.KeePassXC.appdata.xml" `
                -pattern "<release version=`"$Version`" date=`"\d{4}-\d{2}-\d{2}`">" -Quiet)) {
        throw "share/linux/org.keepassxc.KeePassXC.appdata.xml does not contain a section for $Version."
    }
 }
 function Test-WorkingTreeClean {
    & git diff-index --quiet HEAD --
    if ($LASTEXITCODE) {
        throw "Current working tree is not clean! Please commit or unstage any changes."
    }
 }
 function Invoke-VSToolchain([String] $Toolchain, [String] $Path, [String] $Arch) {
    # Find Visual Studio installations
    $vs = Get-CimInstance MSFT_VSInstance
    if ($vs.count -eq 0) {
        $err = "No Visual Studio installations found, download one from https://visualstudio.com/downloads."
        $err = "$err`nIf Visual Studio is installed, you may need to repair the install then restart."
        throw $err
    }
    $VSBaseDir = $vs[0].InstallLocation
    if ($Toolchain) {
        # Try to find the specified toolchain by name
        foreach ($_ in $vs) {
            if ($_.Name -eq $Toolchain) {
                $VSBaseDir = $_.InstallLocation
                break
            }
        }
    } elseif ($vs.count -gt 1) {
        # Ask the user which install to use
        $i = 0
        foreach ($_ in $vs) {
            $i = $i + 1
            $i.ToString() + ") " + $_.Name | Write-Host
        }
        $i = Read-Host -Prompt "Which Visual Studio installation do you want to use?"
        $i = [Convert]::ToInt32($i, 10) - 1
        if ($i -lt 0 -or $i -ge $vs.count) {
            throw "Invalid selection made"
        }
        $VSBaseDir = $vs[$i].InstallLocation
    }
    # Bootstrap the specified VS Toolchain
    Import-Module "$VSBaseDir\Common7\Tools\Microsoft.VisualStudio.DevShell.dll"
    Enter-VsDevShell -VsInstallPath $VSBaseDir -Arch $Arch -StartInPath $Path | Write-Host
    Write-Host # Newline after command output
 }
 function Invoke-Cmd([string] $command, [string[]] $options = @(), [switch] $maskargs, [switch] $quiet) {
    $call = ('{0} {1}' -f $command, ($options -Join ' '))
    if ($maskargs) {
        Write-Host "$command <masked>" -ForegroundColor DarkGray
    }
    else {
        Write-Host $call -ForegroundColor DarkGray
    }
    if ($quiet) {
        Invoke-Expression $call > $null
    } else {
        Invoke-Expression $call
    }
    if ($LASTEXITCODE -ne 0) {
        throw "Failed to run command: {0}" -f $command
    }
    Write-Host #insert newline after command output
 }
 function Invoke-SignFiles([string[]] $files, [string] $key, [string] $time) {
    if (!(Test-Path -Path "$key" -PathType leaf)) {
        throw "Appsign key file was not found! ($key)"
    }
    if ($files.Length -eq 0) {
        return
    }
    Write-Host "Signing files using $key" -ForegroundColor Cyan
    $KeyPassword = Read-Host "Key password: " -MaskInput
    foreach ($_ in $files) {
        Write-Host "Signing file '$_' using Microsoft signtool..."
        Invoke-Cmd "signtool" "sign -f `"$key`" -p `"$KeyPassword`" -d `"KeePassXC`" -td sha256 -fd sha256 -tr `"$time`" `"$_`"" -maskargs
    }
 }
 function Invoke-GpgSignFiles([string[]] $files, [string] $key) {
    if ($files.Length -eq 0) {
        return
    }
    Write-Host "Signing files using GPG key $key" -ForegroundColor Cyan
    foreach ($_ in $files) {
        Write-Host "Signing file '$_' and creating DIGEST..."
        if (Test-Path "$_.sig") {
            Remove-Item "$_.sig"
        }
        Invoke-Cmd "gpg" "--output `"$_.sig`" --armor --local-user `"$key`" --detach-sig `"$_`""
        $FileName = (Get-Item $_).Name
        (Get-FileHash "$_" SHA256).Hash + " *$FileName" | Out-File "$_.DIGEST" -NoNewline
    }
 }
 # Handle errors and restore state
 $OrigDir = (Get-Location).Path
 $OrigBranch = & git rev-parse --abbrev-ref HEAD
 $ErrorActionPreference = 'Stop'
 trap {
    Write-Host "Restoring state..." -ForegroundColor Yellow
    & git checkout $OrigBranch
    Set-Location "$OrigDir"
 }
 Write-Host "KeePassXC Release Preparation Helper" -ForegroundColor Green
 Write-Host "Copyright (C) 2022 KeePassXC Team <https://keepassxc.org/>`n" -ForegroundColor Green
 # Prepend extra PATH locations as specified
 if ($ExtraPath) {
    $env:Path = "$ExtraPath;$env:Path"
 }
 # Resolve absolute directory for paths
 $SourceDir = (Resolve-Path $SourceDir).Path
 # Check format of -Version
 if ($Version -notmatch "^\d+\.\d+\.\d+(-Beta\d*)?$") {
    throw "Invalid format for -Version input"
 }
 # Check platform
 if (!$IsWindows) {
    throw "The PowerShell release tool is not available for Linux or macOS at this time."
 }
 if ($Merge) {
    Test-RequiredPrograms
    # Change to SourceDir
    Set-Location "$SourceDir"
    Test-VersionInFiles
    Test-WorkingTreeClean
    if (!$SourceBranch.Length) {
        $SourceBranch = & git branch --show-current
    }
    if ($SourceBranch -notmatch "^release/.*$") {
        throw "Must be on a release/* branch to continue."
    }
    # Update translation files
    Write-Host "Updating source translation file..."
    Invoke-Cmd "lupdate" "-no-ui-lines -disable-heuristic similartext -locations none", `
        "-no-obsolete ./src -ts share/translations/keepassxc_en.ts"
    Write-Host "Pulling updated translations from Transifex..."
    Invoke-Cmd "tx" "pull -af --minimum-perc=60 --parallel -r keepassxc.share-translations-keepassxc-en-ts--develop"
    # Only commit if there are changes
    & git diff-index --quiet HEAD --
    if ($LASTEXITCODE) {
        Write-Host "Committing translation updates..."
        Invoke-Cmd "git" "add -A ./share/translations/" -quiet
        Invoke-Cmd "git" "commit -m `"Update translations`"" -quiet
    }
    # Read the version release notes from CHANGELOG
    $Changelog = ""
    $ReadLine = $false
    Get-Content "CHANGELOG.md" | ForEach-Object {
        if ($ReadLine) {
            if ($_ -match "^## ") {
                $ReadLine = $false
            } else {
                $Changelog += $_ + "`n"
            }
        } elseif ($_ -match "$Version \(\d{4}-\d{2}-\d{2}\)") {
            $ReadLine = $true
        }
    }
    Write-Host "Creating tag for '$Version'..."
    Invoke-Cmd "git" "tag -a `"$Version`" -m `"Release $Version`" -m `"$Changelog`" -s" -quiet
    Write-Host "Moving latest tag..."
    Invoke-Cmd "git" "tag -f -a `"latest`" -m `"Latest stable release`" -s" -quiet
    Write-Host "All done!"
    Write-Host "Please merge the release branch back into the develop branch now and then push your changes."
    Write-Host "Don't forget to also push the tags using 'git push --tags'."
 } elseif ($Build) {
    $Vcpkg = (Resolve-Path "$Vcpkg/scripts/buildsystems/vcpkg.cmake").Path
    # Find Visual Studio and establish build environment
    Invoke-VSToolchain $VSToolChain $SourceDir -Arch "amd64"
    Test-RequiredPrograms
    if ($Snapshot) {
        $Tag = "HEAD"
        $SourceBranch = & git rev-parse --abbrev-ref HEAD
        $ReleaseName = "$Version-snapshot"
        $CMakeOptions = "-DKEEPASSXC_BUILD_TYPE=Snapshot -DOVERRIDE_VERSION=`"$ReleaseName`" $CMakeOptions"
        Write-Host "Using current branch '$SourceBranch' to build." -ForegroundColor Cyan
    } else {
        Test-WorkingTreeClean
        # Clear output directory
        if (Test-Path $OutDir) {
            Remove-Item $OutDir -Recurse
        }
        if ($Version -match "-beta\d*$") {
            $CMakeOptions = "-DKEEPASSXC_BUILD_TYPE=PreRelease $CMakeOptions"
        } else {
            $CMakeOptions = "-DKEEPASSXC_BUILD_TYPE=Release $CMakeOptions"
        }
        # Setup Tag if not defined then checkout tag
        if ($Tag -eq "" -or $Tag -eq $null) {
            $Tag = $Version
        }
        Write-Host "Checking out tag 'tags/$Tag' to build." -ForegroundColor Cyan
        Invoke-Cmd "git" "checkout `"tags/$Tag`""
    }
    # Create directories
    New-Item "$OutDir" -ItemType Directory -Force | Out-Null
    $OutDir = (Resolve-Path $OutDir).Path
    $BuildDir = "$OutDir\build-release"
    New-Item "$BuildDir" -ItemType Directory -Force | Out-Null
    # Enter build directory
    Set-Location "$BuildDir"
    # Setup CMake options
    $CMakeOptions = "-DWITH_XC_ALL=ON -DWITH_TESTS=OFF -DCMAKE_BUILD_TYPE=Release $CMakeOptions"
    $CMakeOptions = "-DCMAKE_TOOLCHAIN_FILE:FILEPATH=`"$Vcpkg`" -DX_VCPKG_APPLOCAL_DEPS_INSTALL=ON $CMakeOptions"
    Write-Host "Configuring build..." -ForegroundColor Cyan
    Invoke-Cmd "cmake" "-G `"$CMakeGenerator`" $CMakeOptions `"$SourceDir`""
    Write-Host "Compiling sources..." -ForegroundColor Cyan
    Invoke-Cmd "cmake" "--build . --config Release -- $MakeOptions"
    if ($SignBuild) {
        $files = Get-ChildItem "$BuildDir\src" -Include "*keepassxc*.exe", "*keepassxc*.dll" -Recurse -File | ForEach-Object { $_.FullName }
        Invoke-SignFiles $files $SignKey $Timestamp
    }
    Write-Host "Create deployment packages..." -ForegroundColor Cyan
    Invoke-Cmd "cpack" "-G `"$CPackGenerators`""
    Move-Item "$BuildDir\keepassxc-*" -Destination "$OutDir" -Force
    if ($SignBuild) {
        # Enter output directory
        Set-Location -Path "$OutDir"
        # Sign MSI files using AppSign key
        $files = Get-ChildItem $OutDir -Include "*.msi" -Name
        Invoke-SignFiles $files $SignKey $Timestamp
        # Sign all output files using the GPG key then hash them
        $files = Get-ChildItem $OutDir -Include "*.msi", "*.zip" -Name
        Invoke-GpgSignFiles $files $GpgKey
    }
    # Restore state
    Invoke-Command {git checkout $OrigBranch}
    Set-Location "$OrigDir"
 } elseif ($Sign) {
    if (Test-Path $SignKey) {
        # Need to include path to signtool program
        Invoke-VSToolchain $VSToolChain $SourceDir -Arch "amd64"
    }
    Test-RequiredPrograms
    # Resolve wildcard paths
    $ResolvedFiles = @()
    foreach ($_ in $SignFiles) {
        $ResolvedFiles += (Get-ChildItem $_ -File | ForEach-Object { $_.FullName })
    }
    $AppSignFiles = $ResolvedFiles.Where({ $_ -match "\.(msi|exe|dll)$" })
    Invoke-SignFiles $AppSignFiles $SignKey $Timestamp
    $GpgSignFiles = $ResolvedFiles.Where({ $_ -match "\.(msi|zip|gz|xz|dmg|appimage)$" })
    Invoke-GpgSignFiles $GpgSignFiles $GpgKey
 }
 # SIG # Begin signature block
 # MIIkvgYJKoZIhvcNAQcCoIIkrzCCJKsCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
 # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR
 # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUnpid/gstN4AYrCj6S7yIdM81
 # ooyggh6mMIIFOjCCBCKgAwIBAgIQWKLXLYzA/YnM/yHg1O3HSjANBgkqhkiG9w0B
 # AQsFADB8MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy
 # MRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxJDAi
 # BgNVBAMTG1NlY3RpZ28gUlNBIENvZGUgU2lnbmluZyBDQTAeFw0yMTAzMTUwMDAw
 # MDBaFw0yNDAzMTQyMzU5NTlaMIGhMQswCQYDVQQGEwJVUzEOMAwGA1UEEQwFMjIz
 # MTUxETAPBgNVBAgMCFZpcmdpbmlhMRIwEAYDVQQHDAlGcmFuY29uaWExGzAZBgNV
 # BAkMEjY2NTMgQXVkcmV5IEtheSBDdDEeMBwGA1UECgwVRHJvaWRNb25rZXkgQXBw
 # cywgTExDMR4wHAYDVQQDDBVEcm9pZE1vbmtleSBBcHBzLCBMTEMwggEiMA0GCSqG
 # SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwB9L/+1zlcXOQLoYvdrYAWS9B5ui+7E9c
 # XCn6wcB4NdmaRbNM3kdWc8nbjOOHeOct2jVzVu/pJR1SagI+V1R1BfzgfzuW55Yy
 # iHrqXQGfL9xhqJAWSvdQRinvlkZ+WY3QxnOhzcQk+BTLYdUwq04O3jMv7vnH6fuL
 # q/HXEsgDObZC7EyKEtVbWVo4nqY0tUTviJXvRI/sFDN8DvULefwZWIvF7G11NFeK
 # It24+hDCzvVBKtEn7DNmFGO1CJAB7Sz4jFewV4MP1gviMAfGbSBqavyRDBOG7eda
 # SVb1Zq482yoHNAs+mpIQK2SGvUKKAJK2wCDbzgpvu5sfzwStpc0hAgMBAAGjggGQ
 # MIIBjDAfBgNVHSMEGDAWgBQO4TqoUzox1Yq+wbutZxoDha00DjAdBgNVHQ4EFgQU
 # 7u2WZ7fqJiaM3u9SlzAwGBhoWH0wDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQC
 # MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwEQYJYIZIAYb4QgEBBAQDAgQQMEoGA1Ud
 # IARDMEEwNQYMKwYBBAGyMQECAQMCMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2Vj
 # dGlnby5jb20vQ1BTMAgGBmeBDAEEATBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8v
 # Y3JsLnNlY3RpZ28uY29tL1NlY3RpZ29SU0FDb2RlU2lnbmluZ0NBLmNybDBzBggr
 # BgEFBQcBAQRnMGUwPgYIKwYBBQUHMAKGMmh0dHA6Ly9jcnQuc2VjdGlnby5jb20v
 # U2VjdGlnb1JTQUNvZGVTaWduaW5nQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8v
 # b2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAD2w/Tt5KyPbX2M+h
 # WVwgqpKm42nk6aN2HvSp+KWlrB2t+ziL+1IRXwq7S0V7p2e1ZK8uXLzBjUDVGjBc
 # ugh5hGG95MGVltxCJrr/bk1He62L7MwVxfH5b5MrE/vC/cHcSxEB1AZwZxYKjDPf
 # R81biDVch++XeKmvUxfT4XGo7McJqT4K/TcLwijSb/AWsXR+r2BXEAqgsoG37kk/
 # fbPKimpJ07hxd/RNYVpE33E93zCQ1Tjc1tP3DaLq8cpS6jGUY5NNOzRgp2mGcGHy
 # lv6Q/xf45qNvHiqFVctdvY9of0QFjg5eYDr4rLDa+mks9f1Jd8aDWKcsfCBnlohT
 # KIffbTCCBYEwggRpoAMCAQICEDlyRDr5IrdR19NsEN0xNZUwDQYJKoZIhvcNAQEM
 # BQAwezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQ
 # MA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAf
 # BgNVBAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0xOTAzMTIwMDAwMDBa
 # Fw0yODEyMzEyMzU5NTlaMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEpl
 # cnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJV
 # U1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9u
 # IEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIASZRc2
 # DsPbCLPQrFcNdu3NJ9NMrVCDYeKqIE0JLWQJ3M6Jn8w9qez2z8Hc8dOx1ns3KBEr
 # R9o5xrw6GbRfpr19naNjQrZ28qk7K5H44m/Q7BYgkAk+4uh0yRi0kdRiZNt/owbx
 # iBhqkCI8vP4T8IcUe/bkH47U5FHGEWdGCFHLhhRUP7wz/n5snP8WnRi9UY41pqdm
 # yHJn2yFmsdSbeAPAUDrozPDcvJ5M/q8FljUfV1q3/875PbcstvZU3cjnEjpNrkyK
 # t1yatLcgPcp/IjSufjtoZgFE5wFORlObM2D3lL5TN5BzQ/Myw1Pv26r+dE5px2uM
 # YJPexMcM3+EyrsyTO1F4lWeL7j1W/gzQaQ8bD/MlJmszbfduR/pzQ+V+DqVmsSl8
 # MoRjVYnEDcGTVDAZE6zTfTen6106bDVc20HXEtqpSQvf2ICKCZNijrVmzyWIzYS4
 # sT+kOQ/ZAp7rEkyVfPNrBaleFoPMuGfi6BOdzFuC00yz7Vv/3uVzrCM7LQC/NVV0
 # CUnYSVgaf5I25lGSDvMmfRxNF7zJ7EMm0L9BX0CpRET0medXh55QH1dUqD79dGMv
 # sVBlCeZYQi5DGky08CVHWfoEHpPUJkZKUIGy3r54t/xnFeHJV4QeD2PW6WK61l9V
 # LupcxigIBCU5uA4rqfJMlxwHPw1S9e3vL4IPAgMBAAGjgfIwge8wHwYDVR0jBBgw
 # FoAUoBEKIz6W8Qfs4q8p74Klf9AwpLQwHQYDVR0OBBYEFFN5v1qqK0rPVIDh2JvA
 # nfKyA2bLMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MBEGA1UdIAQK
 # MAgwBgYEVR0gADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLmNvbW9kb2Nh
 # LmNvbS9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDA0BggrBgEFBQcBAQQoMCYw
 # JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTANBgkqhkiG9w0B
 # AQwFAAOCAQEAGIdR3HQhPZyK4Ce3M9AuzOzw5steEd4ib5t1jp5y/uTW/qofnJYt
 # 7wNKfq70jW9yPEM7wD/ruN9cqqnGrvL82O6je0P2hjZ8FODN9Pc//t64tIrwkZb+
 # /UNkfv3M0gGhfX34GRnJQisTv1iLuqSiZgR2iJFODIkUzqJNyTKzuugUGrxx8Vvw
 # QQuYAAoiAxDlDLH5zZI3Ge078eQ6tvlFEyZ1r7uq7z97dzvSxAKRPRkA0xdcOds/
 # exgNRc2ThZYvXd9ZFk8/Ub3VRRg/7UqO6AZhdCMWtQ1QcydER38QXYkqa4UxFMTo
 # qWpMgLxqeM+4f452cpkMnf7XkQgWoaNflTCCBfUwggPdoAMCAQICEB2iSDBvmyYY
 # 0ILgln0z02owDQYJKoZIhvcNAQEMBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 # EwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhl
 # IFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRp
 # ZmljYXRpb24gQXV0aG9yaXR5MB4XDTE4MTEwMjAwMDAwMFoXDTMwMTIzMTIzNTk1
 # OVowfDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQ
 # MA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSQwIgYD
 # VQQDExtTZWN0aWdvIFJTQSBDb2RlIFNpZ25pbmcgQ0EwggEiMA0GCSqGSIb3DQEB
 # AQUAA4IBDwAwggEKAoIBAQCGIo0yhXoYn0nwli9jCB4t3HyfFM/jJrYlZilAhlRG
 # dDFixRDtsocnppnLlTDAVvWkdcapDlBipVGREGrgS2Ku/fD4GKyn/+4uMyD6DBmJ
 # qGx7rQDDYaHcaWVtH24nlteXUYam9CflfGqLlR5bYNV+1xaSnAAvaPeX7Wpyvjg7
 # Y96Pv25MQV0SIAhZ6DnNj9LWzwa0VwW2TqE+V2sfmLzEYtYbC43HZhtKn52BxHJA
 # teJf7wtF/6POF6YtVbC3sLxUap28jVZTxvC6eVBJLPcDuf4vZTXyIuosB69G2flG
 # HNyMfHEo8/6nxhTdVZFuihEN3wYklX0Pp6F8OtqGNWHTAgMBAAGjggFkMIIBYDAf
 # BgNVHSMEGDAWgBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQUDuE6qFM6
 # MdWKvsG7rWcaA4WtNA4wDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8C
 # AQAwHQYDVR0lBBYwFAYIKwYBBQUHAwMGCCsGAQUFBwMIMBEGA1UdIAQKMAgwBgYE
 # VR0gADBQBgNVHR8ESTBHMEWgQ6BBhj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20v
 # VVNFUlRydXN0UlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUH
 # AQEEajBoMD8GCCsGAQUFBzAChjNodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNF
 # UlRydXN0UlNBQWRkVHJ1c3RDQS5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3Nw
 # LnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggIBAE1jUO1HNEphpNveaiqM
 # m/EAAB4dYns61zLC9rPgY7P7YQCImhttEAcET7646ol4IusPRuzzRl5ARokS9At3
 # WpwqQTr81vTr5/cVlTPDoYMot94v5JT3hTODLUpASL+awk9KsY8k9LOBN9O3ZLCm
 # I2pZaFJCX/8E6+F0ZXkI9amT3mtxQJmWunjxucjiwwgWsatjWsgVgG10Xkp1fqW4
 # w2y1z99KeYdcx0BNYzX2MNPPtQoOCwR/oEuuu6Ol0IQAkz5TXTSlADVpbL6fICUQ
 # DRn7UJBhvjmPeo5N9p8OHv4HURJmgyYZSJXOSsnBf/M6BZv5b9+If8AjntIeQ3pF
 # McGcTanwWbJZGehqjSkEAnd8S0vNcL46slVaeD68u28DECV3FTSK+TbMQ5Lkuk/x
 # YpMoJVcp+1EZx6ElQGqEV8aynbG8HArafGd+fS7pKEwYfsR7MUFxmksp7As9V1DS
 # yt39ngVR5UR43QHesXWYDVQk/fBO4+L4g71yuss9Ou7wXheSaG3IYfmm8SoKC6W5
 # 9J7umDIFhZ7r+YMp08Ysfb06dy6LN0KgaoLtO0qqlBCk4Q34F8W2WnkzGJLjtXX4
 # oemOCiUe5B7xn1qHI/+fpFGe+zmAEc3btcSnqIBv5VPU4OOiwtJbGvoyJi1qV3Ac
 # PKRYLqPzW0sH3DJZ84enGm1YMIIG7DCCBNSgAwIBAgIQMA9vrN1mmHR8qUY2p3gt
 # uTANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBK
 # ZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRS
 # VVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlv
 # biBBdXRob3JpdHkwHhcNMTkwNTAyMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjB9MQsw
 # CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQH
 # EwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxJTAjBgNVBAMTHFNl
 # Y3RpZ28gUlNBIFRpbWUgU3RhbXBpbmcgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC
 # DwAwggIKAoICAQDIGwGv2Sx+iJl9AZg/IJC9nIAhVJO5z6A+U++zWsB21hoEpc5H
 # g7XrxMxJNMvzRWW5+adkFiYJ+9UyUnkuyWPCE5u2hj8BBZJmbyGr1XEQeYf0RirN
 # xFrJ29ddSU1yVg/cyeNTmDoqHvzOWEnTv/M5u7mkI0Ks0BXDf56iXNc48RaycNOj
 # xN+zxXKsLgp3/A2UUrf8H5VzJD0BKLwPDU+zkQGObp0ndVXRFzs0IXuXAZSvf4DP
 # 0REKV4TJf1bgvUacgr6Unb+0ILBgfrhN9Q0/29DqhYyKVnHRLZRMyIw80xSinL0m
 # /9NTIMdgaZtYClT0Bef9Maz5yIUXx7gpGaQpL0bj3duRX58/Nj4OMGcrRrc1r5a+
 # 2kxgzKi7nw0U1BjEMJh0giHPYla1IXMSHv2qyghYh3ekFesZVf/QOVQtJu5FGjpv
 # zdeE8NfwKMVPZIMC1Pvi3vG8Aij0bdonigbSlofe6GsO8Ft96XZpkyAcSpcsdxkr
 # k5WYnJee647BeFbGRCXfBhKaBi2fA179g6JTZ8qx+o2hZMmIklnLqEbAyfKm/31X
 # 2xJ2+opBJNQb/HKlFKLUrUMcpEmLQTkUAx4p+hulIq6lw02C0I3aa7fb9xhAV3Pw
 # caP7Sn1FNsH3jYL6uckNU4B9+rY5WDLvbxhQiddPnTO9GrWdod6VQXqngwIDAQAB
 # o4IBWjCCAVYwHwYDVR0jBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0O
 # BBYEFBqh+GEZIA/DQXdFKI7RNV8GEgRVMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMB
 # Af8ECDAGAQH/AgEAMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBEGA1UdIAQKMAgwBgYE
 # VR0gADBQBgNVHR8ESTBHMEWgQ6BBhj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20v
 # VVNFUlRydXN0UlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUH
 # AQEEajBoMD8GCCsGAQUFBzAChjNodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNF
 # UlRydXN0UlNBQWRkVHJ1c3RDQS5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3Nw
 # LnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggIBAG1UgaUzXRbhtVOBkXXf
 # A3oyCy0lhBGysNsqfSoF9bw7J/RaoLlJWZApbGHLtVDb4n35nwDvQMOt0+LkVvlY
 # Qc/xQuUQff+wdB+PxlwJ+TNe6qAcJlhc87QRD9XVw+K81Vh4v0h24URnbY+wQxAP
 # jeT5OGK/EwHFhaNMxcyyUzCVpNb0llYIuM1cfwGWvnJSajtCN3wWeDmTk5Sbsdyy
 # bUFtZ83Jb5A9f0VywRsj1sJVhGbks8VmBvbz1kteraMrQoohkv6ob1olcGKBc2Ne
 # oLvY3NdK0z2vgwY4Eh0khy3k/ALWPncEvAQ2ted3y5wujSMYuaPCRx3wXdahc1cF
 # aJqnyTdlHb7qvNhCg0MFpYumCf/RoZSmTqo9CfUFbLfSZFrYKiLCS53xOV5M3kg9
 # mzSWmglfjv33sVKRzj+J9hyhtal1H3G/W0NdZT1QgW6r8NDT/LKzH7aZlib0PHmL
 # XGTMze4nmuWgwAxyh8FuTVrTHurwROYybxzrF06Uw3hlIDsPQaof6aFBnf6xuKBl
 # KjTg3qj5PObBMLvAoGMs/FwWAKjQxH/qEZ0eBsambTJdtDgJK0kHqv3sMNrxpy/P
 # t/360KOE2See+wFmd7lWEOEgbsausfm2usg1XTN2jvF8IAwqd661ogKGuinutFoA
 # sYyr4/kKyVRd1LlqdJ69SK6YMIIG9jCCBN6gAwIBAgIRAJA5f5rSSjoT8r2RXwg4
 # qUMwDQYJKoZIhvcNAQEMBQAwfTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0
 # ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGln
 # byBMaW1pdGVkMSUwIwYDVQQDExxTZWN0aWdvIFJTQSBUaW1lIFN0YW1waW5nIENB
 # MB4XDTIyMDUxMTAwMDAwMFoXDTMzMDgxMDIzNTk1OVowajELMAkGA1UEBhMCR0Ix
 # EzARBgNVBAgTCk1hbmNoZXN0ZXIxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDEs
 # MCoGA1UEAwwjU2VjdGlnbyBSU0EgVGltZSBTdGFtcGluZyBTaWduZXIgIzMwggIi
 # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCQsnE/eeHUuYoXzMOXwpCUcu1a
 # Om8BQ39zWiifJHygNUAG+pSvCqGDthPkSxUGXmqKIDRxe7slrT9bCqQfL2x9LmFR
 # 0IxZNz6mXfEeXYC22B9g480Saogfxv4Yy5NDVnrHzgPWAGQoViKxSxnS8JbJRB85
 # XZywlu1aSY1+cuRDa3/JoD9sSq3VAE+9CriDxb2YLAd2AXBF3sPwQmnq/ybMA0Qf
 # FijhanS2nEX6tjrOlNEfvYxlqv38wzzoDZw4ZtX8fR6bWYyRWkJXVVAWDUt0cu6g
 # KjH8JgI0+WQbWf3jOtTouEEpdAE/DeATdysRPPs9zdDn4ZdbVfcqA23VzWLazpwe
 # /OpwfeZ9S2jOWilh06BcJbOlJ2ijWP31LWvKX2THaygM2qx4Qd6S7w/F7KvfLW8a
 # VFFsM7ONWWDn3+gXIqN5QWLP/Hvzktqu4DxPD1rMbt8fvCKvtzgQmjSnC//+HV6k
 # 8+4WOCs/rHaUQZ1kHfqA/QDh/vg61MNeu2lNcpnl8TItUfphrU3qJo5t/KlImD7y
 # Rg1psbdu9AXbQQXGGMBQ5Pit/qxjYUeRvEa1RlNsxfThhieThDlsdeAdDHpZiy7L
 # 9GQsQkf0VFiFN+XHaafSJYuWv8at4L2xN/cf30J7qusc6es9Wt340pDVSZo6HYMa
 # V38cAcLOHH3M+5YVxQIDAQABo4IBgjCCAX4wHwYDVR0jBBgwFoAUGqH4YRkgD8NB
 # d0UojtE1XwYSBFUwHQYDVR0OBBYEFCUuaDxrmiskFKkfot8mOs8UpvHgMA4GA1Ud
 # DwEB/wQEAwIGwDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMI
 # MEoGA1UdIARDMEEwNQYMKwYBBAGyMQECAQMIMCUwIwYIKwYBBQUHAgEWF2h0dHBz
 # Oi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAEEAjBEBgNVHR8EPTA7MDmgN6A1hjNo
 # dHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29SU0FUaW1lU3RhbXBpbmdDQS5j
 # cmwwdAYIKwYBBQUHAQEEaDBmMD8GCCsGAQUFBzAChjNodHRwOi8vY3J0LnNlY3Rp
 # Z28uY29tL1NlY3RpZ29SU0FUaW1lU3RhbXBpbmdDQS5jcnQwIwYIKwYBBQUHMAGG
 # F2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBz2u1o
 # csvCuUChMbu0A6MtFHsk57RbFX2o6f2t0ZINfD02oGnZ85ow2qxp1nRXJD9+DzzZ
 # 9cN5JWwm6I1ok87xd4k5f6gEBdo0wxTqnwhUq//EfpZsK9OU67Rs4EVNLLL3Ozta
 # tcH714l1bZhycvb3Byjz07LQ6xm+FSx4781FoADk+AR2u1fFkL53VJB0ngtPTcSq
 # E4+XrwE1K8ubEXjp8vmJBDxO44ISYuu0RAx1QcIPNLiIncgi8RNq2xgvbnitxAW0
 # 6IQIkwf5fYP+aJg05Hflsc6MlGzbA20oBUd+my7wZPvbpAMxEHwa+zwZgNELcLlV
 # X0e+OWTOt9ojVDLjRrIy2NIphskVXYCVrwL7tNEunTh8NeAPHO0bR0icImpVgtny
 # ughlA+XxKfNIigkBTKZ58qK2GpmU65co4b59G6F87VaApvQiM5DkhFP8KvrAp5eo
 # 6rWNes7k4EuhM6sLdqDVaRa3jma/X/ofxKh/p6FIFJENgvy9TZntyeZsNv53Q5m4
 # aS18YS/to7BJ/lu+aSSR/5P8V2mSS9kFP22GctOi0MBk0jpCwRoD+9DtmiG4P6+m
 # slFU1UzFyh8SjVfGOe1c/+yfJnatZGZn6Kow4NKtt32xakEnbgOKo3TgigmCbr/j
 # 9re8ngspGGiBoZw/bhZZSxQJCZrmrr9gFd2G9TGCBYIwggV+AgEBMIGQMHwxCzAJ
 # BgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcT
 # B1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDEkMCIGA1UEAxMbU2Vj
 # dGlnbyBSU0EgQ29kZSBTaWduaW5nIENBAhBYotctjMD9icz/IeDU7cdKMAkGBSsO
 # AwIaBQCgeDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3DQEJAzEM
 # BgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMCMGCSqG
 # SIb3DQEJBDEWBBSZJ80qMlLk4Zhy/gTyz1Eiqy6OwTANBgkqhkiG9w0BAQEFAASC
 # AQB+oJYmsNbzil5lp3gzcbEM1xPjk2TZW2ScDiE7Fnlj6rK974qG3WSivwDDVdIV
 # zr0kwgufXZ5KxwMV2nBBVQj2rmaVLOV0HpbYgOna+o3VFGCaxK+XI0ZqP2SaIOAZ
 # fDLjyuTXaz3VG1iZyjQnjX7TLCdU8eOVMLpxJ5yL8GuCf9uGbdFC4f33oixrSebw
 # cNjl/8sDaW6wPepQZ/xoN4PM+eEYPlA9sww4VMl7nYc2dYWPdAMpHknquLjncXJQ
 # EJNs5z3un+TOKeD3zBZyAuLIAR5GoxojQXw7us0Cak5+bbL40CfS6xbvKuJoJt87
 # eJqrFFMOwP1hy/wZLIr7Ahh7oYIDTDCCA0gGCSqGSIb3DQEJBjGCAzkwggM1AgEB
 # MIGSMH0xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIx
 # EDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDElMCMG
 # A1UEAxMcU2VjdGlnbyBSU0EgVGltZSBTdGFtcGluZyBDQQIRAJA5f5rSSjoT8r2R
 # Xwg4qUMwDQYJYIZIAWUDBAICBQCgeTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
 # MBwGCSqGSIb3DQEJBTEPFw0yMjA5MzAxNDE0MzJaMD8GCSqGSIb3DQEJBDEyBDCc
 # JZ3ePkhATE2oLTys2mumH7O56gR5wtTAf/eMLF0Ms+v7xF2NqM+c2Cl5hRtpzQww
 # DQYJKoZIhvcNAQEBBQAEggIAY2G7lysggDTjF92DNnsp5pSnS3tjP4rUC9kv1+Ob
 # Ji1gxFqP2MO59TB6T/PVmjDWZtKNL4hJYcycIE6lNkhcajzrQ7siVTMzUVs/4JOi
 # NRWVDyCOjOu2lUIzXP1nHGo4Y51/TtH70JqtjNz7nrZR/T7IviNO/d4d/BKnG83V
 # IZttYsOVEp44ix3bBal7jRbL+axiHHfCe0vf1n8CVoxUIBjXt45Ul3nKW6oYKVwh
 # FPPm59k2DcnWinUtyIJrp19dzA0DVI3zZGwyDSVQ+yRyUkdxDfpN/mOkVqpUYrgd
 # Hh62D/2a4Zfi5nOkO6qsVuu7qrsbZOGIYKkRsFYDcQqU06TuTrfrwiqD/mo5ZdcE
 # L+vgOfYmZ1qjTLtOqsibX9Md/GbZlDF5GCkU5cGOHHYw3a7nZ8bSt/lD8KjCQ2j1
 # YcFF4+gOCBUc2IhrKzirFaM3GrZCDvP4WxTUnVun5uObockXAJiTw0trfNLulZsM
 # iuEguGBqfTuEO1VO0+UnTQEypTG4z38Asu9Pb+M9T4nQWXb1L2C5flg5hVRe/Yrp
 # skXf5zJ6Ml7VmmsxfS8cEZWaSeAmoLhpafDOpcubi4Mm8s13naOBe8Kyu+FUt+d9
 # dBrC6BZUwXbhdbJIbpHfdF55iT3nzZ9Wsim6284NcnM9Ca3kZ+/SogSO+/Tjl5Ak
 # hfc=
 # SIG # End signature block
--- a/share/CMakeLists.txt
+++ b/share/CMakeLists.txt
@@ -23,21 +23,53 @@ install(FILES ${wordlists_files} DESTINATION ${DATA_INSTALL_DIR}/wordlists)
 file(COPY "wordlists" DESTINATION ${CMAKE_CURRENT_BINARY_DIR})
 if(UNIX AND NOT APPLE AND NOT HAIKU)
-    install(DIRECTORY icons/application/ DESTINATION ${CMAKE_INSTALL_DATADIR}/icons/hicolor
+    # Flatpak requires all host accessible files to use filenames based upon the app id
-            FILES_MATCHING PATTERN "keepassx*.png" PATTERN "keepassx*.svg"
+    if(KEEPASSXC_DIST_FLATPAK)
-            PATTERN "status" EXCLUDE PATTERN "actions" EXCLUDE PATTERN "categories" EXCLUDE)
+        set(APP_ICON_NAME "${APP_ID}")
-    install(DIRECTORY icons/application/ DESTINATION ${CMAKE_INSTALL_DATADIR}/icons/hicolor
+        set(MIME_ICON "${APP_ID}-application-x-keepassxc")
-            FILES_MATCHING PATTERN "application-x-keepassxc.png" PATTERN "application-x-keepassxc.svg"
+        configure_file(linux/keepassxc.xml.in ${CMAKE_CURRENT_BINARY_DIR}/linux/${APP_ID}.xml @ONLY)
-            PATTERN "status" EXCLUDE PATTERN "actions" EXCLUDE PATTERN "categories" EXCLUDE)
+        install(FILES ${CMAKE_CURRENT_BINARY_DIR}/linux/${APP_ID}.xml DESTINATION ${CMAKE_INSTALL_DATADIR}/mime/packages)
-    install(FILES linux/org.keepassxc.KeePassXC.desktop DESTINATION ${CMAKE_INSTALL_DATADIR}/applications)
+
-    install(FILES linux/org.keepassxc.KeePassXC.appdata.xml DESTINATION ${CMAKE_INSTALL_DATADIR}/metainfo)
+        file(GLOB_RECURSE ICON_FILES LIST_DIRECTORIES false
-    install(FILES linux/keepassxc.xml DESTINATION ${CMAKE_INSTALL_DATADIR}/mime/packages)
+             "icons/application/*/keepassxc*.png"
             "icons/application/*/*keepassxc*.svg")
        foreach(icon_match ${ICON_FILES})
            get_filename_component(icon_name ${icon_match} NAME)
            get_filename_component(icon_dir ${icon_match} DIRECTORY)
            # Prefix all icons with application id: "org.keepassxc.KeePassXC"
            string(REGEX REPLACE "^keepassxc(.*)?(\\.png|\\.svg)$" "${APP_ID}\\1\\2" icon_name ${icon_name})
            string(REGEX REPLACE "^(application-x-keepassxc\\.svg)$" "${APP_ID}-\\1" icon_name ${icon_name})
            # Find icon sub dir ex. "scalable/mimetypes/"
            file(RELATIVE_PATH icon_subdir ${CMAKE_CURRENT_SOURCE_DIR}/icons/application ${icon_dir})
            install(FILES ${icon_match} DESTINATION ${CMAKE_INSTALL_DATADIR}/icons/hicolor/${icon_subdir}
                    RENAME ${icon_name})
        endforeach()
    else()
        set(APP_ICON_NAME "keepassxc")
        set(MIME_ICON "application-x-keepassxc")
        configure_file(linux/keepassxc.xml.in ${CMAKE_CURRENT_BINARY_DIR}/linux/keepassxc.xml @ONLY)
        install(FILES ${CMAKE_CURRENT_BINARY_DIR}/linux/keepassxc.xml DESTINATION ${CMAKE_INSTALL_DATADIR}/mime/packages)
        install(DIRECTORY icons/application/ DESTINATION ${CMAKE_INSTALL_DATADIR}/icons/hicolor
                FILES_MATCHING PATTERN "keepassx*.png" PATTERN "keepassx*.svg"
                PATTERN "status" EXCLUDE PATTERN "actions" EXCLUDE PATTERN "categories" EXCLUDE)
        install(DIRECTORY icons/application/ DESTINATION ${CMAKE_INSTALL_DATADIR}/icons/hicolor
                FILES_MATCHING PATTERN "application-x-keepassxc.svg" PATTERN "status"
                EXCLUDE PATTERN "actions" EXCLUDE PATTERN "categories" EXCLUDE)
    endif(KEEPASSXC_DIST_FLATPAK)
    configure_file(linux/${APP_ID}.desktop.in ${CMAKE_CURRENT_BINARY_DIR}/linux/${APP_ID}.desktop @ONLY)
    install(FILES ${CMAKE_CURRENT_BINARY_DIR}/linux/${APP_ID}.desktop DESTINATION ${CMAKE_INSTALL_DATADIR}/applications)
    install(FILES linux/${APP_ID}.appdata.xml DESTINATION ${CMAKE_INSTALL_DATADIR}/metainfo)
 endif(UNIX AND NOT APPLE AND NOT HAIKU)
 if(APPLE)
  install(FILES macosx/keepassxc.icns DESTINATION ${DATA_INSTALL_DIR})
 endif()
 if(WIN32)
  install(FILES windows/qt.conf DESTINATION ${BIN_INSTALL_DIR})
 endif()
 install(FILES icons/application/256x256/apps/keepassxc.png DESTINATION ${DATA_INSTALL_DIR}/icons/application/256x256/apps)
 add_custom_target(icons)
--- a/share/demo.kdbx
+++ b/share/demo.kdbx
--- a/share/demo.old.kdbx
+++ b/share/demo.old.kdbx
--- a/share/icons/application/scalable/actions/attributes-copy.svg
+++ b/share/icons/application/scalable/actions/attributes-copy.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" /></svg>
--- a/share/icons/application/scalable/actions/database-lock-all.svg
+++ b/share/icons/application/scalable/actions/database-lock-all.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path style="stroke-width:.65502" d="M7.275.645a2.949 2.949 0 0 0-1.404.298c-1.34.571-2.058 2.064-1.918 3.475-.085.269.215.925-.248.816-.77-.119-1.655.327-1.71 1.176-.016 2.092-.004 4.183-.009 6.276-.119.769.329 1.654 1.176 1.712 1.855.012 3.711.006 5.567.004v-1.308H3.297v-6.55h7.861v4.106h1.301c0-1.252.002-2.504.008-3.755.137-.804-.444-1.689-1.309-1.66h-.656c-.021-.693.062-1.395-.09-2.077C10.112 1.7 8.71.688 7.275.645zm-.048 1.314c.465-.001.929.17 1.28.475.869.681.665 1.836.686 2.8H5.32c-.139-.22-.017-.701-.058-1.02-.153-1.14.789-2.292 1.965-2.255zm.097 6.559c-.37-.04-.752.069-1.025.373-.834.75-.195 2.3.928 2.238.736.016 1.37-.659 1.308-1.393-.008-.676-.594-1.153-1.21-1.218z" transform="translate(-.218 .136) scale(1.04251)"/><path style="fill:#000;fill-opacity:1;fill-rule:evenodd;stroke-width:.857645" d="M11.773 18.34c-1.322.064-2.213-1.618-1.424-2.677.676-1.116 2.527-.937 2.994.27.513 1.094-.357 2.434-1.57 2.406zm5.146 2.572v-8.576H6.627v8.576h10.292zm0-10.292c1.038-.032 1.855.99 1.715 1.993-.01 2.84.019 5.68-.014 8.519-.096.979-1.095 1.626-2.034 1.495-3.378-.006-6.757.012-10.135-.009-1.032-.072-1.677-1.125-1.54-2.094.007-2.788-.01-5.577.01-8.365.068-1.003 1.084-1.67 2.038-1.539.432.09.635-.048.526-.498-.025-1.262-.04-2.616.77-3.67 1.263-1.913 4.126-2.424 5.971-1.064 1.326.884 1.959 2.516 1.835 4.071v1.161h.858zm-5.146-4.288c-1.49-.044-2.739 1.385-2.573 2.85v1.438h5.146c-.053-1.126.231-2.4-.575-3.336a2.578 2.578 0 0 0-1.998-.952z" transform="matrix(.99434 0 0 .99434 3.623 .679)"/></svg>
--- a/share/icons/application/scalable/actions/database-lock.svg
+++ b/share/icons/application/scalable/actions/database-lock.svg
@@ -1 +1 @@
-<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" id="mdi-lock-outline" width="24" height="24" viewBox="0 0 24 24"><path d="M12,17C10.89,17 10,16.1 10,15C10,13.89 10.89,13 12,13A2,2 0 0,1 14,15A2,2 0 0,1 12,17M18,20V10H6V20H18M18,8A2,2 0 0,1 20,10V20A2,2 0 0,1 18,22H6C4.89,22 4,21.1 4,20V10C4,8.89 4.89,8 6,8H7V6A5,5 0 0,1 12,1A5,5 0 0,1 17,6V8H18M12,3A3,3 0 0,0 9,6V8H15V6A3,3 0 0,0 12,3Z" /></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M12 17a2 2 0 0 1-2-2c0-1.11.89-2 2-2a2 2 0 0 1 2 2 2 2 0 0 1-2 2m6 3V10H6v10h12m0-12a2 2 0 0 1 2 2v10a2 2 0 0 1-2 2H6a2 2 0 0 1-2-2V10c0-1.11.89-2 2-2h1V6a5 5 0 0 1 5-5 5 5 0 0 1 5 5v2h1m-6-5a3 3 0 0 0-3 3v2h6V6a3 3 0 0 0-3-3z"/></svg>
--- a/share/icons/application/scalable/actions/database-search.svg
+++ b/share/icons/application/scalable/actions/database-search.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M11 18.95C7.77 18.72 6 17.45 6 17V14.77C7.13 15.32 8.5 15.69 10 15.87C10 15.21 10.04 14.54 10.21 13.89C8.5 13.67 6.97 13.16 6 12.45V9.64C7.43 10.45 9.5 10.97 11.82 11C11.85 10.97 11.87 10.93 11.9 10.9C14.1 8.71 17.5 8.41 20 10.03V7C20 4.79 16.42 3 12 3S4 4.79 4 7V17C4 19.21 7.59 21 12 21C12.34 21 12.68 21 13 20.97C12.62 20.72 12.24 20.44 11.9 20.1C11.55 19.74 11.25 19.36 11 18.95M12 5C15.87 5 18 6.5 18 7S15.87 9 12 9 6 7.5 6 7 8.13 5 12 5M20.31 17.9C20.75 17.21 21 16.38 21 15.5C21 13 19 11 16.5 11S12 13 12 15.5 14 20 16.5 20C17.37 20 18.19 19.75 18.88 19.32L22 22.39L23.39 21L20.31 17.9M16.5 18C15.12 18 14 16.88 14 15.5S15.12 13 16.5 13 19 14.12 19 15.5 17.88 18 16.5 18Z" /></svg>
--- a/share/icons/application/scalable/actions/entry-restore.svg
+++ b/share/icons/application/scalable/actions/entry-restore.svg
@@ -0,0 +1 @@
 <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="24" height="24" viewBox="0 0 24 24"><path d="M12,3A9,9 0 0,0 3,12H0L4,16L8,12H5A7,7 0 0,1 12,5A7,7 0 0,1 19,12A7,7 0 0,1 12,19C10.5,19 9.09,18.5 7.94,17.7L6.5,19.14C8.04,20.3 9.94,21 12,21A9,9 0 0,0 21,12A9,9 0 0,0 12,3M14,12A2,2 0 0,0 12,10A2,2 0 0,0 10,12A2,2 0 0,0 12,14A2,2 0 0,0 14,12Z" /></svg>
--- a/share/icons/application/scalable/actions/fingerprint.svg
+++ b/share/icons/application/scalable/actions/fingerprint.svg
@@ -0,0 +1 @@
 <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="24" height="24" viewBox="0 0 24 24"><path d="M17.81,4.47C17.73,4.47 17.65,4.45 17.58,4.41C15.66,3.42 14,3 12,3C10.03,3 8.15,3.47 6.44,4.41C6.2,4.54 5.9,4.45 5.76,4.21C5.63,3.97 5.72,3.66 5.96,3.53C7.82,2.5 9.86,2 12,2C14.14,2 16,2.47 18.04,3.5C18.29,3.65 18.38,3.95 18.25,4.19C18.16,4.37 18,4.47 17.81,4.47M3.5,9.72C3.4,9.72 3.3,9.69 3.21,9.63C3,9.47 2.93,9.16 3.09,8.93C4.08,7.53 5.34,6.43 6.84,5.66C10,4.04 14,4.03 17.15,5.65C18.65,6.42 19.91,7.5 20.9,8.9C21.06,9.12 21,9.44 20.78,9.6C20.55,9.76 20.24,9.71 20.08,9.5C19.18,8.22 18.04,7.23 16.69,6.54C13.82,5.07 10.15,5.07 7.29,6.55C5.93,7.25 4.79,8.25 3.89,9.5C3.81,9.65 3.66,9.72 3.5,9.72M9.75,21.79C9.62,21.79 9.5,21.74 9.4,21.64C8.53,20.77 8.06,20.21 7.39,19C6.7,17.77 6.34,16.27 6.34,14.66C6.34,11.69 8.88,9.27 12,9.27C15.12,9.27 17.66,11.69 17.66,14.66A0.5,0.5 0 0,1 17.16,15.16A0.5,0.5 0 0,1 16.66,14.66C16.66,12.24 14.57,10.27 12,10.27C9.43,10.27 7.34,12.24 7.34,14.66C7.34,16.1 7.66,17.43 8.27,18.5C8.91,19.66 9.35,20.15 10.12,20.93C10.31,21.13 10.31,21.44 10.12,21.64C10,21.74 9.88,21.79 9.75,21.79M16.92,19.94C15.73,19.94 14.68,19.64 13.82,19.05C12.33,18.04 11.44,16.4 11.44,14.66A0.5,0.5 0 0,1 11.94,14.16A0.5,0.5 0 0,1 12.44,14.66C12.44,16.07 13.16,17.4 14.38,18.22C15.09,18.7 15.92,18.93 16.92,18.93C17.16,18.93 17.56,18.9 17.96,18.83C18.23,18.78 18.5,18.96 18.54,19.24C18.59,19.5 18.41,19.77 18.13,19.82C17.56,19.93 17.06,19.94 16.92,19.94M14.91,22C14.87,22 14.82,22 14.78,22C13.19,21.54 12.15,20.95 11.06,19.88C9.66,18.5 8.89,16.64 8.89,14.66C8.89,13.04 10.27,11.72 11.97,11.72C13.67,11.72 15.05,13.04 15.05,14.66C15.05,15.73 16,16.6 17.13,16.6C18.28,16.6 19.21,15.73 19.21,14.66C19.21,10.89 15.96,7.83 11.96,7.83C9.12,7.83 6.5,9.41 5.35,11.86C4.96,12.67 4.76,13.62 4.76,14.66C4.76,15.44 4.83,16.67 5.43,18.27C5.53,18.53 5.4,18.82 5.14,18.91C4.88,19 4.59,18.87 4.5,18.62C4,17.31 3.77,16 3.77,14.66C3.77,13.46 4,12.37 4.45,11.42C5.78,8.63 8.73,6.82 11.96,6.82C16.5,6.82 20.21,10.33 20.21,14.65C20.21,16.27 18.83,17.59 17.13,17.59C15.43,17.59 14.05,16.27 14.05,14.65C14.05,13.58 13.12,12.71 11.97,12.71C10.82,12.71 9.89,13.58 9.89,14.65C9.89,16.36 10.55,17.96 11.76,19.16C12.71,20.1 13.62,20.62 15.03,21C15.3,21.08 15.45,21.36 15.38,21.62C15.33,21.85 15.12,22 14.91,22Z" /></svg>
--- a/share/icons/application/scalable/actions/group-clone.svg
+++ b/share/icons/application/scalable/actions/group-clone.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M6 2.58c-1.11 0-2 .89-2 2v1.572l-1.951-.007a1.99 1.99 0 0 0-2 2v12c0 1.11.89 2 2 2h16a1.99 1.99 0 0 0 2-2l-.01-1.565H22c1.11 0 2-.89 2-2v-10c0-1.11-.89-2-2-2h-8l-2-2H6zm0 4h16v10H6v-10zm10 2v2h-2v2h2v2h2v-2h2v-2h-2v-2h-2zM2.049 10.145 4 10.158v6.422c0 1.11.89 2 2 2h12.053l-.004 1.565h-16v-10z"/></svg>
--- a/share/icons/application/scalable/actions/key-enter.svg
+++ b/share/icons/application/scalable/actions/key-enter.svg
@@ -1 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" id="mdi-keyboard-variant" width="24" height="24" viewBox="0 0 24 24"><path d="M6,16H18V18H6V16M6,13V15H2V13H6M7,15V13H10V15H7M11,15V13H13V15H11M14,15V13H17V15H14M18,15V13H22V15H18M2,10H5V12H2V10M19,12V10H22V12H19M18,12H16V10H18V12M8,12H6V10H8V12M12,12H9V10H12V12M15,12H13V10H15V12M2,9V7H4V9H2M5,9V7H7V9H5M8,9V7H10V9H8M11,9V7H13V9H11M14,9V7H16V9H14M17,9V7H22V9H17Z" /></svg>
--- a/share/icons/application/scalable/actions/password-generate.svg
+++ b/share/icons/application/scalable/actions/password-generate.svg
@@ -1 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" id="mdi-dice-3-outline" width="24" height="24" viewBox="0 0 24 24"><path d="M19 5V19H5V5H19M19 3H5C3.9 3 3 3.9 3 5V19C3 20.1 3.9 21 5 21H19C20.1 21 21 20.1 21 19V5C21 3.9 20.1 3 19 3M12 10.5C11.2 10.5 10.5 11.2 10.5 12S11.2 13.5 12 13.5 13.5 12.8 13.5 12 12.8 10.5 12 10.5M7.5 6C6.7 6 6 6.7 6 7.5S6.7 9 7.5 9 9 8.3 9 7.5 8.3 6 7.5 6M16.5 15C15.7 15 15 15.7 15 16.5C15 17.3 15.7 18 16.5 18C17.3 18 18 17.3 18 16.5C18 15.7 17.3 15 16.5 15Z" /></svg>
--- a/share/icons/application/scalable/actions/qrcode.svg
+++ b/share/icons/application/scalable/actions/qrcode.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3,11H5V13H3V11M11,5H13V9H11V5M9,11H13V15H11V13H9V11M15,11H17V13H19V11H21V13H19V15H21V19H19V21H17V19H13V21H11V17H15V15H17V13H15V11M19,19V15H17V19H19M15,3H21V9H15V3M17,5V7H19V5H17M3,3H9V9H3V3M5,5V7H7V5H5M3,15H9V21H3V15M5,17V19H7V17H5Z" /></svg>
--- a/share/icons/application/scalable/actions/tag-multiple.svg
+++ b/share/icons/application/scalable/actions/tag-multiple.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M6.5 10C7.3 10 8 9.3 8 8.5S7.3 7 6.5 7 5 7.7 5 8.5 5.7 10 6.5 10M9 6L16 13L11 18L4 11V6H9M9 4H4C2.9 4 2 4.9 2 6V11C2 11.6 2.2 12.1 2.6 12.4L9.6 19.4C9.9 19.8 10.4 20 11 20S12.1 19.8 12.4 19.4L17.4 14.4C17.8 14 18 13.5 18 13C18 12.4 17.8 11.9 17.4 11.6L10.4 4.6C10.1 4.2 9.6 4 9 4M13.5 5.7L14.5 4.7L21.4 11.6C21.8 12 22 12.5 22 13S21.8 14.1 21.4 14.4L16 19.8L15 18.8L20.7 13L13.5 5.7Z" /></svg>
--- a/share/icons/application/scalable/actions/tag-search.svg
+++ b/share/icons/application/scalable/actions/tag-search.svg
@@ -0,0 +1 @@
 <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="24" height="24" viewBox="0 0 24 24"><path d="M22 13C22 13.53 21.79 14.04 21.41 14.41L21 14.83C20.91 11.97 18.84 9.62 16.11 9.11L11 4H4V11L9.11 16.11C9.62 18.84 11.97 20.91 14.83 21L14.41 21.41C14.04 21.79 13.53 22 13 22C12.47 22 11.97 21.79 11.59 21.42L2.59 12.42C2.21 12.04 2 11.53 2 11V4C2 2.9 2.9 2 4 2H11C11.53 2 12.04 2.21 12.41 2.58L21.41 11.58C21.79 11.96 22 12.47 22 13M5 6.5C5 7.33 5.67 8 6.5 8S8 7.33 8 6.5 7.33 5 6.5 5 5 5.67 5 6.5M15.11 10.61C12.61 10.61 10.61 12.61 10.61 15.11S12.61 19.61 15.11 19.61C16 19.61 16.8 19.36 17.5 18.93L20.61 22L22 20.61L18.92 17.5C19.36 16.82 19.61 16 19.61 15.11C19.61 12.61 17.61 10.61 15.11 10.61M15.11 12.61C16.5 12.61 17.61 13.73 17.61 15.11S16.5 17.61 15.11 17.61 12.61 16.5 12.61 15.11 13.73 12.61 15.11 12.61" /></svg>
--- a/share/icons/application/scalable/actions/tag.svg
+++ b/share/icons/application/scalable/actions/tag.svg
@@ -0,0 +1 @@
 <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="24" height="24" viewBox="0 0 24 24"><path d="M21.41 11.58L12.41 2.58A2 2 0 0 0 11 2H4A2 2 0 0 0 2 4V11A2 2 0 0 0 2.59 12.42L11.59 21.42A2 2 0 0 0 13 22A2 2 0 0 0 14.41 21.41L21.41 14.41A2 2 0 0 0 22 13A2 2 0 0 0 21.41 11.58M13 20L4 11V4H11L20 13M6.5 5A1.5 1.5 0 1 1 5 6.5A1.5 1.5 0 0 1 6.5 5Z" /></svg>
--- a/share/icons/application/scalable/actions/totp-copy-password.svg
+++ b/share/icons/application/scalable/actions/totp-copy-password.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 11.11V5C21 3.9 20.11 3 19 3H14.82C14.4 1.84 13.3 1 12 1S9.6 1.84 9.18 3H5C3.9 3 3 3.9 3 5V19C3 20.11 3.9 21 5 21H11.11C12.37 22.24 14.09 23 16 23C19.87 23 23 19.87 23 16C23 14.09 22.24 12.37 21 11.11M12 3C12.55 3 13 3.45 13 4S12.55 5 12 5 11 4.55 11 4 11.45 3 12 3M5 19V5H7V7H17V5H19V9.68C18.09 9.25 17.08 9 16 9H7V11H11.1C10.5 11.57 10.04 12.25 9.68 13H7V15H9.08C9.03 15.33 9 15.66 9 16C9 17.08 9.25 18.09 9.68 19H5M16 21C13.24 21 11 18.76 11 16S13.24 11 16 11 21 13.24 21 16 18.76 21 16 21M16.5 16.25L19.36 17.94L18.61 19.16L15 17V12H16.5V16.25Z" /></svg>
--- a/share/icons/application/scalable/actions/totp-copy.svg
+++ b/share/icons/application/scalable/actions/totp-copy.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 11.11V5C21 3.9 20.11 3 19 3H14.82C14.4 1.84 13.3 1 12 1S9.6 1.84 9.18 3H5C3.9 3 3 3.9 3 5V19C3 20.11 3.9 21 5 21H11.11C12.37 22.24 14.09 23 16 23C19.87 23 23 19.87 23 16C23 14.09 22.24 12.37 21 11.11M12 3C12.55 3 13 3.45 13 4S12.55 5 12 5 11 4.55 11 4 11.45 3 12 3M5 19V5H7V7H17V5H19V9.68C18.09 9.25 17.08 9 16 9C12.13 9 9 12.13 9 16C9 17.08 9.25 18.09 9.68 19H5M16 21C13.24 21 11 18.76 11 16S13.24 11 16 11 21 13.24 21 16 18.76 21 16 21M16.5 16.25L19.36 17.94L18.61 19.16L15 17V12H16.5V16.25Z" /></svg>
--- a/share/icons/application/scalable/actions/totp-edit.svg
+++ b/share/icons/application/scalable/actions/totp-edit.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1C20.9 13.1 20.7 13.2 20.6 13.3L19.6 14.3L21.7 16.4L22.7 15.4C22.9 15.2 22.9 14.8 22.7 14.6L21.4 13.3C21.3 13.2 21.2 13.1 21 13.1M19.1 14.9L13 20.9V23H15.1L21.2 16.9L19.1 14.9M12.5 7V12.2L16.5 14.6L15.5 15.6L11 13V7H12.5M11 21.9C5.9 21.4 2 17.1 2 12C2 6.5 6.5 2 12 2C17.3 2 21.6 6.1 22 11.3C21.7 11.2 21.4 11.1 21 11.1C20.6 11.1 20.3 11.2 20 11.3C19.6 7.2 16.2 4 12 4C7.6 4 4 7.6 4 12C4 16.1 7.1 19.5 11.1 19.9L11 20.1V21.9Z" /></svg>
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1 @@`
							`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" /></svg>`
		`@@ -0,0 +1 @@`
							<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path style="stroke-width:.65502" d="M7.275.645a2.949 2.949 0 0 0-1.404.298c-1.34.571-2.058 2.064-1.918 3.475-.085.269.215.925-.248.816-.77-.119-1.655.327-1.71 1.176-.016 2.092-.004 4.183-.009 6.276-.119.769.329 1.654 1.176 1.712 1.855.012 3.711.006 5.567.004v-1.308H3.297v-6.55h7.861v4.106h1.301c0-1.252.002-2.504.008-3.755.137-.804-.444-1.689-1.309-1.66h-.656c-.021-.693.062-1.395-.09-2.077C10.112 1.7 8.71.688 7.275.645zm-.048 1.314c.465-.001.929.17 1.28.475.869.681.665 1.836.686 2.8H5.32c-.139-.22-.017-.701-.058-1.02-.153-1.14.789-2.292 1.965-2.255zm.097 6.559c-.37-.04-.752.069-1.025.373-.834.75-.195 2.3.928 2.238.736.016 1.37-.659 1.308-1.393-.008-.676-.594-1.153-1.21-1.218z" transform="translate(-.218 .136) scale(1.04251)"/><path style="fill:#000;fill-opacity:1;fill-rule:evenodd;stroke-width:.857645" d="M11.773 18.34c-1.322.064-2.213-1.618-1.424-2.677.676-1.116 2.527-.937 2.994.27.513 1.094-.357 2.434-1.57 2.406zm5.146 2.572v-8.576H6.627v8.576h10.292zm0-10.292c1.038-.032 1.855.99 1.715 1.993-.01 2.84.019 5.68-.014 8.519-.096.979-1.095 1.626-2.034 1.495-3.378-.006-6.757.012-10.135-.009-1.032-.072-1.677-1.125-1.54-2.094.007-2.788-.01-5.577.01-8.365.068-1.003 1.084-1.67 2.038-1.539.432.09.635-.048.526-.498-.025-1.262-.04-2.616.77-3.67 1.263-1.913 4.126-2.424 5.971-1.064 1.326.884 1.959 2.516 1.835 4.071v1.161h.858zm-5.146-4.288c-1.49-.044-2.739 1.385-2.573 2.85v1.438h5.146c-.053-1.126.231-2.4-.575-3.336a2.578 2.578 0 0 0-1.998-.952z" transform="matrix(.99434 0 0 .99434 3.623 .679)"/></svg>
		`@@ -1 +1 @@`
			<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" id="mdi-lock-outline" width="24" height="24" viewBox="0 0 24 24"><path d="M12,17C10.89,17 10,16.1 10,15C10,13.89 10.89,13 12,13A2,2 0 0,1 14,15A2,2 0 0,1 12,17M18,20V10H6V20H18M18,8A2,2 0 0,1 20,10V20A2,2 0 0,1 18,22H6C4.89,22 4,21.1 4,20V10C4,8.89 4.89,8 6,8H7V6A5,5 0 0,1 12,1A5,5 0 0,1 17,6V8H18M12,3A3,3 0 0,0 9,6V8H15V6A3,3 0 0,0 12,3Z" /></svg>				`<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M12 17a2 2 0 0 1-2-2c0-1.11.89-2 2-2a2 2 0 0 1 2 2 2 2 0 0 1-2 2m6 3V10H6v10h12m0-12a2 2 0 0 1 2 2v10a2 2 0 0 1-2 2H6a2 2 0 0 1-2-2V10c0-1.11.89-2 2-2h1V6a5 5 0 0 1 5-5 5 5 0 0 1 5 5v2h1m-6-5a3 3 0 0 0-3 3v2h6V6a3 3 0 0 0-3-3z"/></svg>`
		`@@ -1 +0,0 @@`
			<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" id="mdi-keyboard-variant" width="24" height="24" viewBox="0 0 24 24"><path d="M6,16H18V18H6V16M6,13V15H2V13H6M7,15V13H10V15H7M11,15V13H13V15H11M14,15V13H17V15H14M18,15V13H22V15H18M2,10H5V12H2V10M19,12V10H22V12H19M18,12H16V10H18V12M8,12H6V10H8V12M12,12H9V10H12V12M15,12H13V10H15V12M2,9V7H4V9H2M5,9V7H7V9H5M8,9V7H10V9H8M11,9V7H13V9H11M14,9V7H16V9H14M17,9V7H22V9H17Z" /></svg>