feat(database,Jwt): relocate backups and Jwt-keys to config/backup and add Enterprise cleanup endpoints (#4225)

# Description of Changes

- **What was changed**
  - Centralized installation paths:
- Introduced `BACKUP_PATH`, `BACKUP_DB_PATH`, and
`BACKUP_PRIVATE_KEY_PATH` in `InstallationPathConfig`;
`getPrivateKeyPath()` now resolves to `backup/keys` and new
`getBackupPath()` returns `backup/db`.
- Removed old `PRIVATE_KEY_PATH` and switched all usages to the new
locations.
  - Database service enhancements:
- `DatabaseService` now uses `InstallationPathConfig.getBackupPath()`
and includes a one-time migration to move existing backups from
`config/db/backup` to `config/backup/db` (**@Deprecated(since = "2.0.0",
forRemoval = true)**).
- Added `deleteAllBackups()` and `deleteLastBackup()` methods and
exposed them via a new Enterprise controller.
  - New Enterprise-only API:
    - Added `DatabaseControllerEnterprise` with:
      - `DELETE /api/v1/database/deleteAll` — delete all backup files.
- `DELETE /api/v1/database/deleteLast` — delete the most recent backup.
- Endpoints gated by `@EnterpriseEndpoint` and
`@Conditional(H2SQLCondition.class)`.
  - Key persistence adjustments:
- `KeyPersistenceService` now migrates keys from `config/db/keys` to
`config/backup/keys` on startup (**@Deprecated(since = "2.0.0",
forRemoval = true)**).
  - Miscellaneous refactors/fixes:
- Switched driver resolution in `DatabaseConfig` to a switch expression.
    - Corrected HTTP status usage to `HttpStatus.SEE_OTHER`.
- Removed constructor `runningEE` flag from `AccountWebController` and
replaced EE checks with `@EnterpriseEndpoint`.
- Minor test and annotation improvements (e.g., `@Deprecated(since =
"0.45.0")`, method references, equals order).
  
- **Why the change was made**
- To standardize and future-proof storage locations for both backups and
keys under a clear `config/backup` hierarchy.
- To give Enterprise admins first-class, safe cleanup endpoints for
managing backup retention without manual file operations.
- To reduce conditional logic in controllers and rely on declarative EE
gating.
- To improve maintainability and correctness (status codes, switch
expression, null-safety patterns).

---

## Checklist

### General

- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings

### Documentation

- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)

### UI Changes (if applicable)

- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)

### Testing (if applicable)

- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

.claude/settings.local.json

@@ -5,7 +5,13 @@
       "Bash(mkdir:*)",
       "Bash(./gradlew:*)",
       "Bash(grep:*)",
-      "Bash(cat:*)"
+      "Bash(cat:*)",
+      "Bash(find:*)",
+      "Bash(grep:*)",
+      "Bash(rg:*)",
+      "Bash(strings:*)",
+      "Bash(pkill:*)",
+      "Bash(true)"
     ],
     "deny": []
   }

.devcontainer/devcontainer.json

@@ -49,7 +49,7 @@
                 "java.configuration.updateBuildConfiguration": "interactive",
                 "java.format.enabled": true,
                 "java.format.settings.profile": "GoogleStyle",
-                "java.format.settings.google.version": "1.26.0",
+                "java.format.settings.google.version": "1.28.0",
                 "java.format.settings.google.extra": "--aosp --skip-sorting-imports --skip-javadoc-formatting",
                 "java.saveActions.cleanup": true,
                 "java.cleanup.actions": [
@@ -79,9 +79,17 @@
                     ".venv*/",
                     ".vscode/",
                     "bin/",
+                    "app/core/bin/",
+                    "app/common/bin/",
+                    "app/proprietary/bin/",
                     "build/",
+                    "app/core/build/",
+                    "app/common/build/",
+                    "app/proprietary/build/",
                     "configs/",
+                    "app/core/configs/",
                     "customFiles/",
+                    "app/core/customFiles/",
                     "docs/",
                     "exampleYmlFiles",
                     "gradle/",
@@ -93,6 +101,9 @@
                     ".git-blame-ignore-revs",
                     ".gitattributes",
                     ".gitignore",
+                    "app/core/.gitignore",
+                    "app/common/.gitignore",
+                    "app/proprietary/.gitignore",
                     ".pre-commit-config.yaml"
                 ],
                 "java.signatureHelp.enabled": true,

.editorconfig

@@ -31,18 +31,12 @@ indent_size = 2
 # CSS files typically use an indent size of 2 spaces for better readability and alignment with community standards.
 indent_size = 2
 
-[*.yaml]
+[*.{yml,yaml}]
 # YAML files use an indent size of 2 spaces to maintain consistency with common YAML formatting practices.
 indent_size = 2
 insert_final_newline = false
 trim_trailing_whitespace = false
 
-[*.yml]
-# YML files follow the same conventions as YAML files, using an indent size of 2 spaces.
-indent_size = 2
-insert_final_newline = false
-trim_trailing_whitespace = false
-
 [*.json]
 # JSON files use an indent size of 2 spaces, which is the standard for JSON formatting.
 indent_size = 2

.github/CODEOWNERS

@@ -1,2 +1,21 @@
-# All PRs to V1 must be approved by Frooodle
-* @Frooodle @reecebrowne @Ludy87 @DarioGii @ConnorYoh @EthanHealy01
+# All PRs must be approved by Frooodle or Ludy87
+* @Frooodle @Ludy87 @jbrunton96 @ConnorYoh
+
+# Backend
+/app/** @DarioGii @Frooodle @Ludy87 @jbrunton96 @ConnorYoh
+
+#V1 frontend
+/app/core/src/main/resources/static/** @reecebrowne @ConnorYoh @EthanHealy01 @jbrunton96 @Frooodle @Ludy87
+/app/core/src/main/resources/templates/** @reecebrowne @ConnorYoh @EthanHealy01 @jbrunton96 @Frooodle @Ludy87
+
+#V2 frontend
+/frontend/** @reecebrowne @ConnorYoh @EthanHealy01 @jbrunton96 @Frooodle
+
+#V2 docker
+/docker/backend/** @Frooodle @Ludy87 @DarioGii @Ludy87
+/docker/frontend/** @reecebrowne @ConnorYoh @EthanHealy01 @jbrunton96 @Frooodle @Ludy87
+/docker/compose/** @reecebrowne @ConnorYoh @EthanHealy01 @DarioGii @jbrunton96 @Frooodle @Ludy87
+
+
+#GHA (All users)
+/.github/** @reecebrowne @ConnorYoh @EthanHealy01 @DarioGii @jbrunton96 @Frooodle @Ludy87

.github/config/.files.yaml

@@ -26,4 +26,7 @@ project: &project
   - gradlew
   - gradlew.bat
   - launch4jConfig.xml
-  - settings.gradle
+  - settings.gradle
+  - frontend/**
+  - docker/**
+  - testing/**

.github/labeler-config-srvaroa.yml

@@ -46,6 +46,9 @@ labels:
   - label: 'API'
     title: '.*openapi.*|.*swagger.*|.*api.*'
 
+  - label: 'v2'
+    base-branch: 'V2'
+
   - label: 'Translation'
     files:
       - 'app/core/src/main/resources/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}.properties'
@@ -62,6 +65,7 @@ labels:
       - 'app/core/src/main/java/stirling/software/SPDF/controller/web/.*'
       - 'app/core/src/main/java/stirling/software/SPDF/UI/.*'
       - 'app/proprietary/src/main/java/stirling/software/proprietary/security/controller/web/.*'
+      - 'frontend/**'
 
   - label: 'Java'
     files:
@@ -120,6 +124,7 @@ labels:
       - 'scripts/installFonts.sh'
       - 'test.sh'
       - 'test2.sh'
+      - 'docker/**'
 
   - label: 'Devtools'
     files:
@@ -131,7 +136,6 @@ labels:
       - '.github/workflows/pre_commit.yml'
       - 'devGuide/.*'
       - 'devTools/.*'
-      - 'devTools/.*'
 
   - label: 'Test'
     files:

.github/labels.yml

@@ -42,6 +42,7 @@
 - name: "Front End"
   color: "BBD2F1"
   description: "Issues or pull requests related to front-end development"
+  from_name: "frontend"
 - name: "github-actions"
   description: "Pull requests that update GitHub Actions code"
   color: "999999"
@@ -77,10 +78,12 @@
 - name: "Translation"
   color: "9FABF9"
   from_name: "translation"
+  description: "Issues or pull requests related to translation"
 - name: "upstream"
   color: "DEDEDE"
 - name: "v2"
   color: "FFFF00"
+  description: "Issues or pull requests related to the v2 branch"
 - name: "wontfix"
   description: "This will not be worked on"
   color: "FFFFFF"
@@ -178,3 +181,6 @@
 - name: "pr-deployed"
   color: "00FF00"
   description: "Pull request has been deployed to a test environment"
+- name: "codex"
+  color: "ededed"
+  description: "chatgpt AI generated code"

.github/scripts/requirements_dev.in

@@ -0,0 +1,8 @@
+pip
+setuptools
+WeasyPrint
+pdf2image
+pillow
+unoserver
+opencv-python-headless
+pre-commit

.github/scripts/requirements_dev.txt

@@ -0,0 +1,638 @@
+#
+# This file is autogenerated by pip-compile with Python 3.10
+# by the following command:
+#
+#    pip-compile --allow-unsafe --generate-hashes --output-file='.github\scripts\requirements_dev.txt' --strip-extras '.github\scripts\requirements_dev.in'
+#
+brotli==1.1.0 \
+    --hash=sha256:03d20af184290887bdea3f0f78c4f737d126c74dc2f3ccadf07e54ceca3bf208 \
+    --hash=sha256:0541e747cce78e24ea12d69176f6a7ddb690e62c425e01d31cc065e69ce55b48 \
+    --hash=sha256:069a121ac97412d1fe506da790b3e69f52254b9df4eb665cd42460c837193354 \
+    --hash=sha256:0737ddb3068957cf1b054899b0883830bb1fec522ec76b1098f9b6e0f02d9419 \
+    --hash=sha256:0b63b949ff929fbc2d6d3ce0e924c9b93c9785d877a21a1b678877ffbbc4423a \
+    --hash=sha256:0c6244521dda65ea562d5a69b9a26120769b7a9fb3db2fe9545935ed6735b128 \
+    --hash=sha256:11d00ed0a83fa22d29bc6b64ef636c4552ebafcef57154b4ddd132f5638fbd1c \
+    --hash=sha256:141bd4d93984070e097521ed07e2575b46f817d08f9fa42b16b9b5f27b5ac088 \
+    --hash=sha256:19c116e796420b0cee3da1ccec3b764ed2952ccfcc298b55a10e5610ad7885f9 \
+    --hash=sha256:1ab4fbee0b2d9098c74f3057b2bc055a8bd92ccf02f65944a241b4349229185a \
+    --hash=sha256:1ae56aca0402a0f9a3431cddda62ad71666ca9d4dc3a10a142b9dce2e3c0cda3 \
+    --hash=sha256:1b2c248cd517c222d89e74669a4adfa5577e06ab68771a529060cf5a156e9757 \
+    --hash=sha256:1e9a65b5736232e7a7f91ff3d02277f11d339bf34099a56cdab6a8b3410a02b2 \
+    --hash=sha256:224e57f6eac61cc449f498cc5f0e1725ba2071a3d4f48d5d9dffba42db196438 \
+    --hash=sha256:22fc2a8549ffe699bfba2256ab2ed0421a7b8fadff114a3d201794e45a9ff578 \
+    --hash=sha256:23032ae55523cc7bccb4f6a0bf368cd25ad9bcdcc1990b64a647e7bbcce9cb5b \
+    --hash=sha256:2333e30a5e00fe0fe55903c8832e08ee9c3b1382aacf4db26664a16528d51b4b \
+    --hash=sha256:2954c1c23f81c2eaf0b0717d9380bd348578a94161a65b3a2afc62c86467dd68 \
+    --hash=sha256:2a24c50840d89ded6c9a8fdc7b6ed3692ed4e86f1c4a4a938e1e92def92933e0 \
+    --hash=sha256:2de9d02f5bda03d27ede52e8cfe7b865b066fa49258cbab568720aa5be80a47d \
+    --hash=sha256:2feb1d960f760a575dbc5ab3b1c00504b24caaf6986e2dc2b01c09c87866a943 \
+    --hash=sha256:30924eb4c57903d5a7526b08ef4a584acc22ab1ffa085faceb521521d2de32dd \
+    --hash=sha256:316cc9b17edf613ac76b1f1f305d2a748f1b976b033b049a6ecdfd5612c70409 \
+    --hash=sha256:32d95b80260d79926f5fab3c41701dbb818fde1c9da590e77e571eefd14abe28 \
+    --hash=sha256:38025d9f30cf4634f8309c6874ef871b841eb3c347e90b0851f63d1ded5212da \
+    --hash=sha256:39da8adedf6942d76dc3e46653e52df937a3c4d6d18fdc94a7c29d263b1f5b50 \
+    --hash=sha256:3c0ef38c7a7014ffac184db9e04debe495d317cc9c6fb10071f7fefd93100a4f \
+    --hash=sha256:3d7954194c36e304e1523f55d7042c59dc53ec20dd4e9ea9d151f1b62b4415c0 \
+    --hash=sha256:3ee8a80d67a4334482d9712b8e83ca6b1d9bc7e351931252ebef5d8f7335a547 \
+    --hash=sha256:4093c631e96fdd49e0377a9c167bfd75b6d0bad2ace734c6eb20b348bc3ea180 \
+    --hash=sha256:43395e90523f9c23a3d5bdf004733246fba087f2948f87ab28015f12359ca6a0 \
+    --hash=sha256:43ce1b9935bfa1ede40028054d7f48b5469cd02733a365eec8a329ffd342915d \
+    --hash=sha256:4410f84b33374409552ac9b6903507cdb31cd30d2501fc5ca13d18f73548444a \
+    --hash=sha256:494994f807ba0b92092a163a0a283961369a65f6cbe01e8891132b7a320e61eb \
+    --hash=sha256:4d4a848d1837973bf0f4b5e54e3bec977d99be36a7895c61abb659301b02c112 \
+    --hash=sha256:4ed11165dd45ce798d99a136808a794a748d5dc38511303239d4e2363c0695dc \
+    --hash=sha256:4f3607b129417e111e30637af1b56f24f7a49e64763253bbc275c75fa887d4b2 \
+    --hash=sha256:510b5b1bfbe20e1a7b3baf5fed9e9451873559a976c1a78eebaa3b86c57b4265 \
+    --hash=sha256:524f35912131cc2cabb00edfd8d573b07f2d9f21fa824bd3fb19725a9cf06327 \
+    --hash=sha256:587ca6d3cef6e4e868102672d3bd9dc9698c309ba56d41c2b9c85bbb903cdb95 \
+    --hash=sha256:58d4b711689366d4a03ac7957ab8c28890415e267f9b6589969e74b6e42225ec \
+    --hash=sha256:5b3cc074004d968722f51e550b41a27be656ec48f8afaeeb45ebf65b561481dd \
+    --hash=sha256:5dab0844f2cf82be357a0eb11a9087f70c5430b2c241493fc122bb6f2bb0917c \
+    --hash=sha256:5e55da2c8724191e5b557f8e18943b1b4839b8efc3ef60d65985bcf6f587dd38 \
+    --hash=sha256:5eeb539606f18a0b232d4ba45adccde4125592f3f636a6182b4a8a436548b914 \
+    --hash=sha256:5f4d5ea15c9382135076d2fb28dde923352fe02951e66935a9efaac8f10e81b0 \
+    --hash=sha256:5fb2ce4b8045c78ebbc7b8f3c15062e435d47e7393cc57c25115cfd49883747a \
+    --hash=sha256:6172447e1b368dcbc458925e5ddaf9113477b0ed542df258d84fa28fc45ceea7 \
+    --hash=sha256:6967ced6730aed543b8673008b5a391c3b1076d834ca438bbd70635c73775368 \
+    --hash=sha256:6974f52a02321b36847cd19d1b8e381bf39939c21efd6ee2fc13a28b0d99348c \
+    --hash=sha256:6c3020404e0b5eefd7c9485ccf8393cfb75ec38ce75586e046573c9dc29967a0 \
+    --hash=sha256:6c6e0c425f22c1c719c42670d561ad682f7bfeeef918edea971a79ac5252437f \
+    --hash=sha256:70051525001750221daa10907c77830bc889cb6d865cc0b813d9db7fefc21451 \
+    --hash=sha256:7905193081db9bfa73b1219140b3d315831cbff0d8941f22da695832f0dd188f \
+    --hash=sha256:7bc37c4d6b87fb1017ea28c9508b36bbcb0c3d18b4260fcdf08b200c74a6aee8 \
+    --hash=sha256:7c4855522edb2e6ae7fdb58e07c3ba9111e7621a8956f481c68d5d979c93032e \
+    --hash=sha256:7e4c4629ddad63006efa0ef968c8e4751c5868ff0b1c5c40f76524e894c50248 \
+    --hash=sha256:7eedaa5d036d9336c95915035fb57422054014ebdeb6f3b42eac809928e40d0c \
+    --hash=sha256:7f4bf76817c14aa98cc6697ac02f3972cb8c3da93e9ef16b9c66573a68014f91 \
+    --hash=sha256:81de08ac11bcb85841e440c13611c00b67d3bf82698314928d0b676362546724 \
+    --hash=sha256:832436e59afb93e1836081a20f324cb185836c617659b07b129141a8426973c7 \
+    --hash=sha256:861bf317735688269936f755fa136a99d1ed526883859f86e41a5d43c61d8966 \
+    --hash=sha256:87a3044c3a35055527ac75e419dfa9f4f3667a1e887ee80360589eb8c90aabb9 \
+    --hash=sha256:890b5a14ce214389b2cc36ce82f3093f96f4cc730c1cffdbefff77a7c71f2a97 \
+    --hash=sha256:89f4988c7203739d48c6f806f1e87a1d96e0806d44f0fba61dba81392c9e474d \
+    --hash=sha256:8bf32b98b75c13ec7cf774164172683d6e7891088f6316e54425fde1efc276d5 \
+    --hash=sha256:8dadd1314583ec0bf2d1379f7008ad627cd6336625d6679cf2f8e67081b83acf \
+    --hash=sha256:901032ff242d479a0efa956d853d16875d42157f98951c0230f69e69f9c09bac \
+    --hash=sha256:9011560a466d2eb3f5a6e4929cf4a09be405c64154e12df0dd72713f6500e32b \
+    --hash=sha256:906bc3a79de8c4ae5b86d3d75a8b77e44404b0f4261714306e3ad248d8ab0951 \
+    --hash=sha256:919e32f147ae93a09fe064d77d5ebf4e35502a8df75c29fb05788528e330fe74 \
+    --hash=sha256:91d7cc2a76b5567591d12c01f019dd7afce6ba8cba6571187e21e2fc418ae648 \
+    --hash=sha256:929811df5462e182b13920da56c6e0284af407d1de637d8e536c5cd00a7daf60 \
+    --hash=sha256:949f3b7c29912693cee0afcf09acd6ebc04c57af949d9bf77d6101ebb61e388c \
+    --hash=sha256:a090ca607cbb6a34b0391776f0cb48062081f5f60ddcce5d11838e67a01928d1 \
+    --hash=sha256:a1fd8a29719ccce974d523580987b7f8229aeace506952fa9ce1d53a033873c8 \
+    --hash=sha256:a37b8f0391212d29b3a91a799c8e4a2855e0576911cdfb2515487e30e322253d \
+    --hash=sha256:a3daabb76a78f829cafc365531c972016e4aa8d5b4bf60660ad8ecee19df7ccc \
+    --hash=sha256:a469274ad18dc0e4d316eefa616d1d0c2ff9da369af19fa6f3daa4f09671fd61 \
+    --hash=sha256:a599669fd7c47233438a56936988a2478685e74854088ef5293802123b5b2460 \
+    --hash=sha256:a743e5a28af5f70f9c080380a5f908d4d21d40e8f0e0c8901604d15cfa9ba751 \
+    --hash=sha256:a77def80806c421b4b0af06f45d65a136e7ac0bdca3c09d9e2ea4e515367c7e9 \
+    --hash=sha256:a7e53012d2853a07a4a79c00643832161a910674a893d296c9f1259859a289d2 \
+    --hash=sha256:a93dde851926f4f2678e704fadeb39e16c35d8baebd5252c9fd94ce8ce68c4a0 \
+    --hash=sha256:aac0411d20e345dc0920bdec5548e438e999ff68d77564d5e9463a7ca9d3e7b1 \
+    --hash=sha256:ae15b066e5ad21366600ebec29a7ccbc86812ed267e4b28e860b8ca16a2bc474 \
+    --hash=sha256:aea440a510e14e818e67bfc4027880e2fb500c2ccb20ab21c7a7c8b5b4703d75 \
+    --hash=sha256:af6fa6817889314555aede9a919612b23739395ce767fe7fcbea9a80bf140fe5 \
+    --hash=sha256:b760c65308ff1e462f65d69c12e4ae085cff3b332d894637f6273a12a482d09f \
+    --hash=sha256:be36e3d172dc816333f33520154d708a2657ea63762ec16b62ece02ab5e4daf2 \
+    --hash=sha256:c247dd99d39e0338a604f8c2b3bc7061d5c2e9e2ac7ba9cc1be5a69cb6cd832f \
+    --hash=sha256:c5529b34c1c9d937168297f2c1fde7ebe9ebdd5e121297ff9c043bdb2ae3d6fb \
+    --hash=sha256:c8146669223164fc87a7e3de9f81e9423c67a79d6b3447994dfb9c95da16e2d6 \
+    --hash=sha256:c8fd5270e906eef71d4a8d19b7c6a43760c6abcfcc10c9101d14eb2357418de9 \
+    --hash=sha256:ca63e1890ede90b2e4454f9a65135a4d387a4585ff8282bb72964fab893f2111 \
+    --hash=sha256:caf9ee9a5775f3111642d33b86237b05808dafcd6268faa492250e9b78046eb2 \
+    --hash=sha256:cb1dac1770878ade83f2ccdf7d25e494f05c9165f5246b46a621cc849341dc01 \
+    --hash=sha256:cdad5b9014d83ca68c25d2e9444e28e967ef16e80f6b436918c700c117a85467 \
+    --hash=sha256:cdbc1fc1bc0bff1cef838eafe581b55bfbffaed4ed0318b724d0b71d4d377619 \
+    --hash=sha256:ceb64bbc6eac5a140ca649003756940f8d6a7c444a68af170b3187623b43bebf \
+    --hash=sha256:d0c5516f0aed654134a2fc936325cc2e642f8a0e096d075209672eb321cff408 \
+    --hash=sha256:d143fd47fad1db3d7c27a1b1d66162e855b5d50a89666af46e1679c496e8e579 \
+    --hash=sha256:d192f0f30804e55db0d0e0a35d83a9fead0e9a359a9ed0285dbacea60cc10a84 \
+    --hash=sha256:d2b35ca2c7f81d173d2fadc2f4f31e88cc5f7a39ae5b6db5513cf3383b0e0ec7 \
+    --hash=sha256:d342778ef319e1026af243ed0a07c97acf3bad33b9f29e7ae6a1f68fd083e90c \
+    --hash=sha256:d487f5432bf35b60ed625d7e1b448e2dc855422e87469e3f450aa5552b0eb284 \
+    --hash=sha256:d7702622a8b40c49bffb46e1e3ba2e81268d5c04a34f460978c6b5517a34dd52 \
+    --hash=sha256:db85ecf4e609a48f4b29055f1e144231b90edc90af7481aa731ba2d059226b1b \
+    --hash=sha256:de6551e370ef19f8de1807d0a9aa2cdfdce2e85ce88b122fe9f6b2b076837e59 \
+    --hash=sha256:e1140c64812cb9b06c922e77f1c26a75ec5e3f0fb2bf92cc8c58720dec276752 \
+    --hash=sha256:e4fe605b917c70283db7dfe5ada75e04561479075761a0b3866c081d035b01c1 \
+    --hash=sha256:e6a904cb26bfefc2f0a6f240bdf5233be78cd2488900a2f846f3c3ac8489ab80 \
+    --hash=sha256:e79e6520141d792237c70bcd7a3b122d00f2613769ae0cb61c52e89fd3443839 \
+    --hash=sha256:e84799f09591700a4154154cab9787452925578841a94321d5ee8fb9a9a328f0 \
+    --hash=sha256:e93dfc1a1165e385cc8239fab7c036fb2cd8093728cbd85097b284d7b99249a2 \
+    --hash=sha256:efa8b278894b14d6da122a72fefcebc28445f2d3f880ac59d46c90f4c13be9a3 \
+    --hash=sha256:f0d8a7a6b5983c2496e364b969f0e526647a06b075d034f3297dc66f3b360c64 \
+    --hash=sha256:f0db75f47be8b8abc8d9e31bc7aad0547ca26f24a54e6fd10231d623f183d089 \
+    --hash=sha256:f296c40e23065d0d6650c4aefe7470d2a25fffda489bcc3eb66083f3ac9f6643 \
+    --hash=sha256:f31859074d57b4639318523d6ffdca586ace54271a73ad23ad021acd807eb14b \
+    --hash=sha256:f66b5337fa213f1da0d9000bc8dc0cb5b896b726eefd9c6046f699b169c41b9e \
+    --hash=sha256:f733d788519c7e3e71f0855c96618720f5d3d60c3cb829d8bbb722dddce37985 \
+    --hash=sha256:fce1473f3ccc4187f75b4690cfc922628aed4d3dd013d047f95a9b3919a86596 \
+    --hash=sha256:fd5f17ff8f14003595ab414e45fce13d073e0762394f957182e69035c9f3d7c2 \
+    --hash=sha256:fdc3ff3bfccdc6b9cc7c342c03aa2400683f0cb891d46e94b64a197910dc4064
+    # via fonttools
+cffi==1.17.1 \
+    --hash=sha256:045d61c734659cc045141be4bae381a41d89b741f795af1dd018bfb532fd0df8 \
+    --hash=sha256:0984a4925a435b1da406122d4d7968dd861c1385afe3b45ba82b750f229811e2 \
+    --hash=sha256:0e2b1fac190ae3ebfe37b979cc1ce69c81f4e4fe5746bb401dca63a9062cdaf1 \
+    --hash=sha256:0f048dcf80db46f0098ccac01132761580d28e28bc0f78ae0d58048063317e15 \
+    --hash=sha256:1257bdabf294dceb59f5e70c64a3e2f462c30c7ad68092d01bbbfb1c16b1ba36 \
+    --hash=sha256:1c39c6016c32bc48dd54561950ebd6836e1670f2ae46128f67cf49e789c52824 \
+    --hash=sha256:1d599671f396c4723d016dbddb72fe8e0397082b0a77a4fab8028923bec050e8 \
+    --hash=sha256:28b16024becceed8c6dfbc75629e27788d8a3f9030691a1dbf9821a128b22c36 \
+    --hash=sha256:2bb1a08b8008b281856e5971307cc386a8e9c5b625ac297e853d36da6efe9c17 \
+    --hash=sha256:30c5e0cb5ae493c04c8b42916e52ca38079f1b235c2f8ae5f4527b963c401caf \
+    --hash=sha256:31000ec67d4221a71bd3f67df918b1f88f676f1c3b535a7eb473255fdc0b83fc \
+    --hash=sha256:386c8bf53c502fff58903061338ce4f4950cbdcb23e2902d86c0f722b786bbe3 \
+    --hash=sha256:3edc8d958eb099c634dace3c7e16560ae474aa3803a5df240542b305d14e14ed \
+    --hash=sha256:45398b671ac6d70e67da8e4224a065cec6a93541bb7aebe1b198a61b58c7b702 \
+    --hash=sha256:46bf43160c1a35f7ec506d254e5c890f3c03648a4dbac12d624e4490a7046cd1 \
+    --hash=sha256:4ceb10419a9adf4460ea14cfd6bc43d08701f0835e979bf821052f1805850fe8 \
+    --hash=sha256:51392eae71afec0d0c8fb1a53b204dbb3bcabcb3c9b807eedf3e1e6ccf2de903 \
+    --hash=sha256:5da5719280082ac6bd9aa7becb3938dc9f9cbd57fac7d2871717b1feb0902ab6 \
+    --hash=sha256:610faea79c43e44c71e1ec53a554553fa22321b65fae24889706c0a84d4ad86d \
+    --hash=sha256:636062ea65bd0195bc012fea9321aca499c0504409f413dc88af450b57ffd03b \
+    --hash=sha256:6883e737d7d9e4899a8a695e00ec36bd4e5e4f18fabe0aca0efe0a4b44cdb13e \
+    --hash=sha256:6b8b4a92e1c65048ff98cfe1f735ef8f1ceb72e3d5f0c25fdb12087a23da22be \
+    --hash=sha256:6f17be4345073b0a7b8ea599688f692ac3ef23ce28e5df79c04de519dbc4912c \
+    --hash=sha256:706510fe141c86a69c8ddc029c7910003a17353970cff3b904ff0686a5927683 \
+    --hash=sha256:72e72408cad3d5419375fc87d289076ee319835bdfa2caad331e377589aebba9 \
+    --hash=sha256:733e99bc2df47476e3848417c5a4540522f234dfd4ef3ab7fafdf555b082ec0c \
+    --hash=sha256:7596d6620d3fa590f677e9ee430df2958d2d6d6de2feeae5b20e82c00b76fbf8 \
+    --hash=sha256:78122be759c3f8a014ce010908ae03364d00a1f81ab5c7f4a7a5120607ea56e1 \
+    --hash=sha256:805b4371bf7197c329fcb3ead37e710d1bca9da5d583f5073b799d5c5bd1eee4 \
+    --hash=sha256:85a950a4ac9c359340d5963966e3e0a94a676bd6245a4b55bc43949eee26a655 \
+    --hash=sha256:8f2cdc858323644ab277e9bb925ad72ae0e67f69e804f4898c070998d50b1a67 \
+    --hash=sha256:9755e4345d1ec879e3849e62222a18c7174d65a6a92d5b346b1863912168b595 \
+    --hash=sha256:98e3969bcff97cae1b2def8ba499ea3d6f31ddfdb7635374834cf89a1a08ecf0 \
+    --hash=sha256:a08d7e755f8ed21095a310a693525137cfe756ce62d066e53f502a83dc550f65 \
+    --hash=sha256:a1ed2dd2972641495a3ec98445e09766f077aee98a1c896dcb4ad0d303628e41 \
+    --hash=sha256:a24ed04c8ffd54b0729c07cee15a81d964e6fee0e3d4d342a27b020d22959dc6 \
+    --hash=sha256:a45e3c6913c5b87b3ff120dcdc03f6131fa0065027d0ed7ee6190736a74cd401 \
+    --hash=sha256:a9b15d491f3ad5d692e11f6b71f7857e7835eb677955c00cc0aefcd0669adaf6 \
+    --hash=sha256:ad9413ccdeda48c5afdae7e4fa2192157e991ff761e7ab8fdd8926f40b160cc3 \
+    --hash=sha256:b2ab587605f4ba0bf81dc0cb08a41bd1c0a5906bd59243d56bad7668a6fc6c16 \
+    --hash=sha256:b62ce867176a75d03a665bad002af8e6d54644fad99a3c70905c543130e39d93 \
+    --hash=sha256:c03e868a0b3bc35839ba98e74211ed2b05d2119be4e8a0f224fba9384f1fe02e \
+    --hash=sha256:c59d6e989d07460165cc5ad3c61f9fd8f1b4796eacbd81cee78957842b834af4 \
+    --hash=sha256:c7eac2ef9b63c79431bc4b25f1cd649d7f061a28808cbc6c47b534bd789ef964 \
+    --hash=sha256:c9c3d058ebabb74db66e431095118094d06abf53284d9c81f27300d0e0d8bc7c \
+    --hash=sha256:ca74b8dbe6e8e8263c0ffd60277de77dcee6c837a3d0881d8c1ead7268c9e576 \
+    --hash=sha256:caaf0640ef5f5517f49bc275eca1406b0ffa6aa184892812030f04c2abf589a0 \
+    --hash=sha256:cdf5ce3acdfd1661132f2a9c19cac174758dc2352bfe37d98aa7512c6b7178b3 \
+    --hash=sha256:d016c76bdd850f3c626af19b0542c9677ba156e4ee4fccfdd7848803533ef662 \
+    --hash=sha256:d01b12eeeb4427d3110de311e1774046ad344f5b1a7403101878976ecd7a10f3 \
+    --hash=sha256:d63afe322132c194cf832bfec0dc69a99fb9bb6bbd550f161a49e9e855cc78ff \
+    --hash=sha256:da95af8214998d77a98cc14e3a3bd00aa191526343078b530ceb0bd710fb48a5 \
+    --hash=sha256:dd398dbc6773384a17fe0d3e7eeb8d1a21c2200473ee6806bb5e6a8e62bb73dd \
+    --hash=sha256:de2ea4b5833625383e464549fec1bc395c1bdeeb5f25c4a3a82b5a8c756ec22f \
+    --hash=sha256:de55b766c7aa2e2a3092c51e0483d700341182f08e67c63630d5b6f200bb28e5 \
+    --hash=sha256:df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14 \
+    --hash=sha256:e03eab0a8677fa80d646b5ddece1cbeaf556c313dcfac435ba11f107ba117b5d \
+    --hash=sha256:e221cf152cff04059d011ee126477f0d9588303eb57e88923578ace7baad17f9 \
+    --hash=sha256:e31ae45bc2e29f6b2abd0de1cc3b9d5205aa847cafaecb8af1476a609a2f6eb7 \
+    --hash=sha256:edae79245293e15384b51f88b00613ba9f7198016a5948b5dddf4917d4d26382 \
+    --hash=sha256:f1e22e8c4419538cb197e4dd60acc919d7696e5ef98ee4da4e01d3f8cfa4cc5a \
+    --hash=sha256:f3a2b4222ce6b60e2e8b337bb9596923045681d71e5a082783484d845390938e \
+    --hash=sha256:f6a16c31041f09ead72d69f583767292f750d24913dadacf5756b966aacb3f1a \
+    --hash=sha256:f75c7ab1f9e4aca5414ed4d8e5c0e303a34f4421f8a0d47a4d019ceff0ab6af4 \
+    --hash=sha256:f79fc4fc25f1c8698ff97788206bb3c2598949bfe0fef03d299eb1b5356ada99 \
+    --hash=sha256:f7f5baafcc48261359e14bcd6d9bff6d4b28d9103847c9e136694cb0501aef87 \
+    --hash=sha256:fc48c783f9c87e60831201f2cce7f3b2e4846bf4d8728eabe54d60700b318a0b
+    # via weasyprint
+cfgv==3.4.0 \
+    --hash=sha256:b7265b1f29fd3316bfcd2b330d63d024f2bfd8bcb8b0272f8e19a504856c48f9 \
+    --hash=sha256:e52591d4c5f5dead8e0f673fb16db7949d2cfb3f7da4582893288f0ded8fe560
+    # via pre-commit
+cssselect2==0.8.0 \
+    --hash=sha256:46fc70ebc41ced7a32cd42d58b1884d72ade23d21e5a4eaaf022401c13f0e76e \
+    --hash=sha256:7674ffb954a3b46162392aee2a3a0aedb2e14ecf99fcc28644900f4e6e3e9d3a
+    # via weasyprint
+distlib==0.4.0 \
+    --hash=sha256:9659f7d87e46584a30b5780e43ac7a2143098441670ff0a49d5f9034c54a6c16 \
+    --hash=sha256:feec40075be03a04501a973d81f633735b4b69f98b05450592310c0f401a4e0d
+    # via virtualenv
+filelock==3.18.0 \
+    --hash=sha256:adbc88eabb99d2fec8c9c1b229b171f18afa655400173ddc653d5d01501fb9f2 \
+    --hash=sha256:c401f4f8377c4464e6db25fff06205fd89bdd83b65eb0488ed1b160f780e21de
+    # via virtualenv
+fonttools==4.59.0 \
+    --hash=sha256:052444a5d0151878e87e3e512a1aa1a0ab35ee4c28afde0a778e23b0ace4a7de \
+    --hash=sha256:169b99a2553a227f7b5fea8d9ecd673aa258617f466b2abc6091fe4512a0dcd0 \
+    --hash=sha256:209b75943d158f610b78320eacb5539aa9e920bee2c775445b2846c65d20e19d \
+    --hash=sha256:21e606b2d38fed938dde871c5736822dd6bda7a4631b92e509a1f5cd1b90c5df \
+    --hash=sha256:241313683afd3baacb32a6bd124d0bce7404bc5280e12e291bae1b9bba28711d \
+    --hash=sha256:26731739daa23b872643f0e4072d5939960237d540c35c14e6a06d47d71ca8fe \
+    --hash=sha256:2e7cf8044ce2598bb87e44ba1d2c6e45d7a8decf56055b92906dc53f67c76d64 \
+    --hash=sha256:31003b6a10f70742a63126b80863ab48175fb8272a18ca0846c0482968f0588e \
+    --hash=sha256:332bfe685d1ac58ca8d62b8d6c71c2e52a6c64bc218dc8f7825c9ea51385aa01 \
+    --hash=sha256:37c377f7cb2ab2eca8a0b319c68146d34a339792f9420fca6cd49cf28d370705 \
+    --hash=sha256:37e01c6ec0c98599778c2e688350d624fa4770fbd6144551bd5e032f1199171c \
+    --hash=sha256:401b1941ce37e78b8fd119b419b617277c65ae9417742a63282257434fd68ea2 \
+    --hash=sha256:4536f2695fe5c1ffb528d84a35a7d3967e5558d2af58b4775e7ab1449d65767b \
+    --hash=sha256:4c908a7036f0f3677f8afa577bcd973e3e20ddd2f7c42a33208d18bee95cdb6f \
+    --hash=sha256:51ab1ff33c19e336c02dee1e9fd1abd974a4ca3d8f7eef2a104d0816a241ce97 \
+    --hash=sha256:524133c1be38445c5c0575eacea42dbd44374b310b1ffc4b60ff01d881fabb96 \
+    --hash=sha256:57bb7e26928573ee7c6504f54c05860d867fd35e675769f3ce01b52af38d48e2 \
+    --hash=sha256:60f6665579e909b618282f3c14fa0b80570fbf1ee0e67678b9a9d43aa5d67a37 \
+    --hash=sha256:62224a9bb85b4b66d1b46d45cbe43d71cbf8f527d332b177e3b96191ffbc1e64 \
+    --hash=sha256:6770d7da00f358183d8fd5c4615436189e4f683bdb6affb02cad3d221d7bb757 \
+    --hash=sha256:6801aeddb6acb2c42eafa45bc1cb98ba236871ae6f33f31e984670b749a8e58e \
+    --hash=sha256:70d6b3ceaa9cc5a6ac52884f3b3d9544e8e231e95b23f138bdb78e6d4dc0eae3 \
+    --hash=sha256:78813b49d749e1bb4db1c57f2d4d7e6db22c253cb0a86ad819f5dc197710d4b2 \
+    --hash=sha256:841b2186adce48903c0fef235421ae21549020eca942c1da773ac380b056ab3c \
+    --hash=sha256:84fc186980231a287b28560d3123bd255d3c6b6659828c642b4cf961e2b923d0 \
+    --hash=sha256:885bde7d26e5b40e15c47bd5def48b38cbd50830a65f98122a8fb90962af7cd1 \
+    --hash=sha256:8b4309a2775e4feee7356e63b163969a215d663399cce1b3d3b65e7ec2d9680e \
+    --hash=sha256:8d77f92438daeaddc05682f0f3dac90c5b9829bcac75b57e8ce09cb67786073c \
+    --hash=sha256:902425f5afe28572d65d2bf9c33edd5265c612ff82c69e6f83ea13eafc0dcbea \
+    --hash=sha256:9bcc1e77fbd1609198966ded6b2a9897bd6c6bcbd2287a2fc7d75f1a254179c5 \
+    --hash=sha256:a408c3c51358c89b29cfa5317cf11518b7ce5de1717abb55c5ae2d2921027de6 \
+    --hash=sha256:a9bf8adc9e1f3012edc8f09b08336272aec0c55bc677422273e21280db748f7c \
+    --hash=sha256:b818db35879d2edf7f46c7e729c700a0bce03b61b9412f5a7118406687cb151d \
+    --hash=sha256:b8974b2a266b54c96709bd5e239979cddfd2dbceed331aa567ea1d7c4a2202db \
+    --hash=sha256:be392ec3529e2f57faa28709d60723a763904f71a2b63aabe14fee6648fe3b14 \
+    --hash=sha256:d3972b13148c1d1fbc092b27678a33b3080d1ac0ca305742b0119b75f9e87e38 \
+    --hash=sha256:d40dcf533ca481355aa7b682e9e079f766f35715defa4929aeb5597f9604272e \
+    --hash=sha256:e93df708c69a193fc7987192f94df250f83f3851fda49413f02ba5dded639482 \
+    --hash=sha256:efd7e6660674e234e29937bc1481dceb7e0336bfae75b856b4fb272b5093c5d4 \
+    --hash=sha256:f9b3a78f69dcbd803cf2fb3f972779875b244c1115481dfbdd567b2c22b31f6b \
+    --hash=sha256:fa39475eaccb98f9199eccfda4298abaf35ae0caec676ffc25b3a5e224044464 \
+    --hash=sha256:fbce6dae41b692a5973d0f2158f782b9ad05babc2c2019a970a1094a23909b1b
+    # via weasyprint
+identify==2.6.13 \
+    --hash=sha256:60381139b3ae39447482ecc406944190f690d4a2997f2584062089848361b33b \
+    --hash=sha256:da8d6c828e773620e13bfa86ea601c5a5310ba4bcd65edf378198b56a1f9fb32
+    # via pre-commit
+nodeenv==1.9.1 \
+    --hash=sha256:6ec12890a2dab7946721edbfbcd91f3319c6ccc9aec47be7c7e6b7011ee6645f \
+    --hash=sha256:ba11c9782d29c27c70ffbdda2d7415098754709be8a7056d79a737cd901155c9
+    # via pre-commit
+numpy==2.2.6 \
+    --hash=sha256:038613e9fb8c72b0a41f025a7e4c3f0b7a1b5d768ece4796b674c8f3fe13efff \
+    --hash=sha256:0678000bb9ac1475cd454c6b8c799206af8107e310843532b04d49649c717a47 \
+    --hash=sha256:0811bb762109d9708cca4d0b13c4f67146e3c3b7cf8d34018c722adb2d957c84 \
+    --hash=sha256:0b605b275d7bd0c640cad4e5d30fa701a8d59302e127e5f79138ad62762c3e3d \
+    --hash=sha256:0bca768cd85ae743b2affdc762d617eddf3bcf8724435498a1e80132d04879e6 \
+    --hash=sha256:1bc23a79bfabc5d056d106f9befb8d50c31ced2fbc70eedb8155aec74a45798f \
+    --hash=sha256:287cc3162b6f01463ccd86be154f284d0893d2b3ed7292439ea97eafa8170e0b \
+    --hash=sha256:37c0ca431f82cd5fa716eca9506aefcabc247fb27ba69c5062a6d3ade8cf8f49 \
+    --hash=sha256:37e990a01ae6ec7fe7fa1c26c55ecb672dd98b19c3d0e1d1f326fa13cb38d163 \
+    --hash=sha256:389d771b1623ec92636b0786bc4ae56abafad4a4c513d36a55dce14bd9ce8571 \
+    --hash=sha256:3d70692235e759f260c3d837193090014aebdf026dfd167834bcba43e30c2a42 \
+    --hash=sha256:41c5a21f4a04fa86436124d388f6ed60a9343a6f767fced1a8a71c3fbca038ff \
+    --hash=sha256:481b49095335f8eed42e39e8041327c05b0f6f4780488f61286ed3c01368d491 \
+    --hash=sha256:4eeaae00d789f66c7a25ac5f34b71a7035bb474e679f410e5e1a94deb24cf2d4 \
+    --hash=sha256:55a4d33fa519660d69614a9fad433be87e5252f4b03850642f88993f7b2ca566 \
+    --hash=sha256:5a6429d4be8ca66d889b7cf70f536a397dc45ba6faeb5f8c5427935d9592e9cf \
+    --hash=sha256:5bd4fc3ac8926b3819797a7c0e2631eb889b4118a9898c84f585a54d475b7e40 \
+    --hash=sha256:5beb72339d9d4fa36522fc63802f469b13cdbe4fdab4a288f0c441b74272ebfd \
+    --hash=sha256:6031dd6dfecc0cf9f668681a37648373bddd6421fff6c66ec1624eed0180ee06 \
+    --hash=sha256:71594f7c51a18e728451bb50cc60a3ce4e6538822731b2933209a1f3614e9282 \
+    --hash=sha256:74d4531beb257d2c3f4b261bfb0fc09e0f9ebb8842d82a7b4209415896adc680 \
+    --hash=sha256:7befc596a7dc9da8a337f79802ee8adb30a552a94f792b9c9d18c840055907db \
+    --hash=sha256:894b3a42502226a1cac872f840030665f33326fc3dac8e57c607905773cdcde3 \
+    --hash=sha256:8e41fd67c52b86603a91c1a505ebaef50b3314de0213461c7a6e99c9a3beff90 \
+    --hash=sha256:8e9ace4a37db23421249ed236fdcdd457d671e25146786dfc96835cd951aa7c1 \
+    --hash=sha256:8fc377d995680230e83241d8a96def29f204b5782f371c532579b4f20607a289 \
+    --hash=sha256:9551a499bf125c1d4f9e250377c1ee2eddd02e01eac6644c080162c0c51778ab \
+    --hash=sha256:b0544343a702fa80c95ad5d3d608ea3599dd54d4632df855e4c8d24eb6ecfa1c \
+    --hash=sha256:b093dd74e50a8cba3e873868d9e93a85b78e0daf2e98c6797566ad8044e8363d \
+    --hash=sha256:b412caa66f72040e6d268491a59f2c43bf03eb6c96dd8f0307829feb7fa2b6fb \
+    --hash=sha256:b4f13750ce79751586ae2eb824ba7e1e8dba64784086c98cdbbcc6a42112ce0d \
+    --hash=sha256:b64d8d4d17135e00c8e346e0a738deb17e754230d7e0810ac5012750bbd85a5a \
+    --hash=sha256:ba10f8411898fc418a521833e014a77d3ca01c15b0c6cdcce6a0d2897e6dbbdf \
+    --hash=sha256:bd48227a919f1bafbdda0583705e547892342c26fb127219d60a5c36882609d1 \
+    --hash=sha256:c1f9540be57940698ed329904db803cf7a402f3fc200bfe599334c9bd84a40b2 \
+    --hash=sha256:c820a93b0255bc360f53eca31a0e676fd1101f673dda8da93454a12e23fc5f7a \
+    --hash=sha256:ce47521a4754c8f4593837384bd3424880629f718d87c5d44f8ed763edd63543 \
+    --hash=sha256:d042d24c90c41b54fd506da306759e06e568864df8ec17ccc17e9e884634fd00 \
+    --hash=sha256:de749064336d37e340f640b05f24e9e3dd678c57318c7289d222a8a2f543e90c \
+    --hash=sha256:e1dda9c7e08dc141e0247a5b8f49cf05984955246a327d4c48bda16821947b2f \
+    --hash=sha256:e29554e2bef54a90aa5cc07da6ce955accb83f21ab5de01a62c8478897b264fd \
+    --hash=sha256:e3143e4451880bed956e706a3220b4e5cf6172ef05fcc397f6f36a550b1dd868 \
+    --hash=sha256:e8213002e427c69c45a52bbd94163084025f533a55a59d6f9c5b820774ef3303 \
+    --hash=sha256:efd28d4e9cd7d7a8d39074a4d44c63eda73401580c5c76acda2ce969e0a38e83 \
+    --hash=sha256:f0fd6321b839904e15c46e0d257fdd101dd7f530fe03fd6359c1ea63738703f3 \
+    --hash=sha256:f1372f041402e37e5e633e586f62aa53de2eac8d98cbfb822806ce4bbefcb74d \
+    --hash=sha256:f2618db89be1b4e05f7a1a847a9c1c0abd63e63a1607d892dd54668dd92faf87 \
+    --hash=sha256:f447e6acb680fd307f40d3da4852208af94afdfab89cf850986c3ca00562f4fa \
+    --hash=sha256:f92729c95468a2f4f15e9bb94c432a9229d0d50de67304399627a943201baa2f \
+    --hash=sha256:f9f1adb22318e121c5c69a09142811a201ef17ab257a1e66ca3025065b7f53ae \
+    --hash=sha256:fc0c5673685c508a142ca65209b4e79ed6740a4ed6b2267dbba90f34b0b3cfda \
+    --hash=sha256:fc7b73d02efb0e18c000e9ad8b83480dfcd5dfd11065997ed4c6747470ae8915 \
+    --hash=sha256:fd83c01228a688733f1ded5201c678f0c53ecc1006ffbc404db9f7a899ac6249 \
+    --hash=sha256:fe27749d33bb772c80dcd84ae7e8df2adc920ae8297400dabec45f0dedb3f6de \
+    --hash=sha256:fee4236c876c4e8369388054d02d0e9bb84821feb1a64dd59e137e6511a551f8
+    # via opencv-python-headless
+opencv-python-headless==4.12.0.88 \
+    --hash=sha256:1e58d664809b3350c1123484dd441e1667cd7bed3086db1b9ea1b6f6cb20b50e \
+    --hash=sha256:236c8df54a90f4d02076e6f9c1cc763d794542e886c576a6fee46ec8ff75a7a9 \
+    --hash=sha256:365bb2e486b50feffc2d07a405b953a8f3e8eaa63865bc650034e5c71e7a5154 \
+    --hash=sha256:86b413bdd6c6bf497832e346cd5371995de148e579b9774f8eba686dee3f5528 \
+    --hash=sha256:aeb4b13ecb8b4a0beb2668ea07928160ea7c2cd2d9b5ef571bbee6bafe9cc8d0 \
+    --hash=sha256:cfdc017ddf2e59b6c2f53bc12d74b6b0be7ded4ec59083ea70763921af2b6c09 \
+    --hash=sha256:fde2cf5c51e4def5f2132d78e0c08f9c14783cd67356922182c6845b9af87dbd
+    # via -r .github\scripts\requirements_dev.in
+pdf2image==1.17.0 \
+    --hash=sha256:eaa959bc116b420dd7ec415fcae49b98100dda3dd18cd2fdfa86d09f112f6d57 \
+    --hash=sha256:ecdd58d7afb810dffe21ef2b1bbc057ef434dabbac6c33778a38a3f7744a27e2
+    # via -r .github\scripts\requirements_dev.in
+pillow==11.3.0 \
+    --hash=sha256:023f6d2d11784a465f09fd09a34b150ea4672e85fb3d05931d89f373ab14abb2 \
+    --hash=sha256:02a723e6bf909e7cea0dac1b0e0310be9d7650cd66222a5f1c571455c0a45214 \
+    --hash=sha256:040a5b691b0713e1f6cbe222e0f4f74cd233421e105850ae3b3c0ceda520f42e \
+    --hash=sha256:05f6ecbeff5005399bb48d198f098a9b4b6bdf27b8487c7f38ca16eeb070cd59 \
+    --hash=sha256:068d9c39a2d1b358eb9f245ce7ab1b5c3246c7c8c7d9ba58cfa5b43146c06e50 \
+    --hash=sha256:0743841cabd3dba6a83f38a92672cccbd69af56e3e91777b0ee7f4dba4385632 \
+    --hash=sha256:092c80c76635f5ecb10f3f83d76716165c96f5229addbd1ec2bdbbda7d496e06 \
+    --hash=sha256:0b275ff9b04df7b640c59ec5a3cb113eefd3795a8df80bac69646ef699c6981a \
+    --hash=sha256:0bce5c4fd0921f99d2e858dc4d4d64193407e1b99478bc5cacecba2311abde51 \
+    --hash=sha256:1019b04af07fc0163e2810167918cb5add8d74674b6267616021ab558dc98ced \
+    --hash=sha256:106064daa23a745510dabce1d84f29137a37224831d88eb4ce94bb187b1d7e5f \
+    --hash=sha256:118ca10c0d60b06d006be10a501fd6bbdfef559251ed31b794668ed569c87e12 \
+    --hash=sha256:13f87d581e71d9189ab21fe0efb5a23e9f28552d5be6979e84001d3b8505abe8 \
+    --hash=sha256:155658efb5e044669c08896c0c44231c5e9abcaadbc5cd3648df2f7c0b96b9a6 \
+    --hash=sha256:1904e1264881f682f02b7f8167935cce37bc97db457f8e7849dc3a6a52b99580 \
+    --hash=sha256:19d2ff547c75b8e3ff46f4d9ef969a06c30ab2d4263a9e287733aa8b2429ce8f \
+    --hash=sha256:1a992e86b0dd7aeb1f053cd506508c0999d710a8f07b4c791c63843fc6a807ac \
+    --hash=sha256:1b9c17fd4ace828b3003dfd1e30bff24863e0eb59b535e8f80194d9cc7ecf860 \
+    --hash=sha256:1c627742b539bba4309df89171356fcb3cc5a9178355b2727d1b74a6cf155fbd \
+    --hash=sha256:1cd110edf822773368b396281a2293aeb91c90a2db00d78ea43e7e861631b722 \
+    --hash=sha256:1f85acb69adf2aaee8b7da124efebbdb959a104db34d3a2cb0f3793dbae422a8 \
+    --hash=sha256:23cff760a9049c502721bdb743a7cb3e03365fafcdfc2ef9784610714166e5a4 \
+    --hash=sha256:2465a69cf967b8b49ee1b96d76718cd98c4e925414ead59fdf75cf0fd07df673 \
+    --hash=sha256:2a3117c06b8fb646639dce83694f2f9eac405472713fcb1ae887469c0d4f6788 \
+    --hash=sha256:2aceea54f957dd4448264f9bf40875da0415c83eb85f55069d89c0ed436e3542 \
+    --hash=sha256:2d6fcc902a24ac74495df63faad1884282239265c6839a0a6416d33faedfae7e \
+    --hash=sha256:30807c931ff7c095620fe04448e2c2fc673fcbb1ffe2a7da3fb39613489b1ddd \
+    --hash=sha256:30b7c02f3899d10f13d7a48163c8969e4e653f8b43416d23d13d1bbfdc93b9f8 \
+    --hash=sha256:3828ee7586cd0b2091b6209e5ad53e20d0649bbe87164a459d0676e035e8f523 \
+    --hash=sha256:3cee80663f29e3843b68199b9d6f4f54bd1d4a6b59bdd91bceefc51238bcb967 \
+    --hash=sha256:3e184b2f26ff146363dd07bde8b711833d7b0202e27d13540bfe2e35a323a809 \
+    --hash=sha256:41342b64afeba938edb034d122b2dda5db2139b9a4af999729ba8818e0056477 \
+    --hash=sha256:41742638139424703b4d01665b807c6468e23e699e8e90cffefe291c5832b027 \
+    --hash=sha256:4445fa62e15936a028672fd48c4c11a66d641d2c05726c7ec1f8ba6a572036ae \
+    --hash=sha256:45dfc51ac5975b938e9809451c51734124e73b04d0f0ac621649821a63852e7b \
+    --hash=sha256:465b9e8844e3c3519a983d58b80be3f668e2a7a5db97f2784e7079fbc9f9822c \
+    --hash=sha256:48d254f8a4c776de343051023eb61ffe818299eeac478da55227d96e241de53f \
+    --hash=sha256:4c834a3921375c48ee6b9624061076bc0a32a60b5532b322cc0ea64e639dd50e \
+    --hash=sha256:4c96f993ab8c98460cd0c001447bff6194403e8b1d7e149ade5f00594918128b \
+    --hash=sha256:504b6f59505f08ae014f724b6207ff6222662aab5cc9542577fb084ed0676ac7 \
+    --hash=sha256:527b37216b6ac3a12d7838dc3bd75208ec57c1c6d11ef01902266a5a0c14fc27 \
+    --hash=sha256:5418b53c0d59b3824d05e029669efa023bbef0f3e92e75ec8428f3799487f361 \
+    --hash=sha256:59a03cdf019efbfeeed910bf79c7c93255c3d54bc45898ac2a4140071b02b4ae \
+    --hash=sha256:5e05688ccef30ea69b9317a9ead994b93975104a677a36a8ed8106be9260aa6d \
+    --hash=sha256:6359a3bc43f57d5b375d1ad54a0074318a0844d11b76abccf478c37c986d3cfc \
+    --hash=sha256:643f189248837533073c405ec2f0bb250ba54598cf80e8c1e043381a60632f58 \
+    --hash=sha256:65dc69160114cdd0ca0f35cb434633c75e8e7fad4cf855177a05bf38678f73ad \
+    --hash=sha256:67172f2944ebba3d4a7b54f2e95c786a3a50c21b88456329314caaa28cda70f6 \
+    --hash=sha256:676b2815362456b5b3216b4fd5bd89d362100dc6f4945154ff172e206a22c024 \
+    --hash=sha256:6a418691000f2a418c9135a7cf0d797c1bb7d9a485e61fe8e7722845b95ef978 \
+    --hash=sha256:6abdbfd3aea42be05702a8dd98832329c167ee84400a1d1f61ab11437f1717eb \
+    --hash=sha256:6be31e3fc9a621e071bc17bb7de63b85cbe0bfae91bb0363c893cbe67247780d \
+    --hash=sha256:7107195ddc914f656c7fc8e4a5e1c25f32e9236ea3ea860f257b0436011fddd0 \
+    --hash=sha256:71f511f6b3b91dd543282477be45a033e4845a40278fa8dcdbfdb07109bf18f9 \
+    --hash=sha256:7859a4cc7c9295f5838015d8cc0a9c215b77e43d07a25e460f35cf516df8626f \
+    --hash=sha256:7966e38dcd0fa11ca390aed7c6f20454443581d758242023cf36fcb319b1a874 \
+    --hash=sha256:79ea0d14d3ebad43ec77ad5272e6ff9bba5b679ef73375ea760261207fa8e0aa \
+    --hash=sha256:7aee118e30a4cf54fdd873bd3a29de51e29105ab11f9aad8c32123f58c8f8081 \
+    --hash=sha256:7b161756381f0918e05e7cb8a371fff367e807770f8fe92ecb20d905d0e1c149 \
+    --hash=sha256:7c8ec7a017ad1bd562f93dbd8505763e688d388cde6e4a010ae1486916e713e6 \
+    --hash=sha256:7d1aa4de119a0ecac0a34a9c8bde33f34022e2e8f99104e47a3ca392fd60e37d \
+    --hash=sha256:7db51d222548ccfd274e4572fdbf3e810a5e66b00608862f947b163e613b67dd \
+    --hash=sha256:819931d25e57b513242859ce1876c58c59dc31587847bf74cfe06b2e0cb22d2f \
+    --hash=sha256:83e1b0161c9d148125083a35c1c5a89db5b7054834fd4387499e06552035236c \
+    --hash=sha256:857844335c95bea93fb39e0fa2726b4d9d758850b34075a7e3ff4f4fa3aa3b31 \
+    --hash=sha256:8797edc41f3e8536ae4b10897ee2f637235c94f27404cac7297f7b607dd0716e \
+    --hash=sha256:8924748b688aa210d79883357d102cd64690e56b923a186f35a82cbc10f997db \
+    --hash=sha256:89bd777bc6624fe4115e9fac3352c79ed60f3bb18651420635f26e643e3dd1f6 \
+    --hash=sha256:8dc70ca24c110503e16918a658b869019126ecfe03109b754c402daff12b3d9f \
+    --hash=sha256:91da1d88226663594e3f6b4b8c3c8d85bd504117d043740a8e0ec449087cc494 \
+    --hash=sha256:921bd305b10e82b4d1f5e802b6850677f965d8394203d182f078873851dada69 \
+    --hash=sha256:932c754c2d51ad2b2271fd01c3d121daaa35e27efae2a616f77bf164bc0b3e94 \
+    --hash=sha256:93efb0b4de7e340d99057415c749175e24c8864302369e05914682ba642e5d77 \
+    --hash=sha256:97afb3a00b65cc0804d1c7abddbf090a81eaac02768af58cbdcaaa0a931e0b6d \
+    --hash=sha256:97f07ed9f56a3b9b5f49d3661dc9607484e85c67e27f3e8be2c7d28ca032fec7 \
+    --hash=sha256:98a9afa7b9007c67ed84c57c9e0ad86a6000da96eaa638e4f8abe5b65ff83f0a \
+    --hash=sha256:9ab6ae226de48019caa8074894544af5b53a117ccb9d3b3dcb2871464c829438 \
+    --hash=sha256:9c412fddd1b77a75aa904615ebaa6001f169b26fd467b4be93aded278266b288 \
+    --hash=sha256:a1bc6ba083b145187f648b667e05a2534ecc4b9f2784c2cbe3089e44868f2b9b \
+    --hash=sha256:a418486160228f64dd9e9efcd132679b7a02a5f22c982c78b6fc7dab3fefb635 \
+    --hash=sha256:a4d336baed65d50d37b88ca5b60c0fa9d81e3a87d4a7930d3880d1624d5b31f3 \
+    --hash=sha256:a6444696fce635783440b7f7a9fc24b3ad10a9ea3f0ab66c5905be1c19ccf17d \
+    --hash=sha256:a7bc6e6fd0395bc052f16b1a8670859964dbd7003bd0af2ff08342eb6e442cfe \
+    --hash=sha256:b4b8f3efc8d530a1544e5962bd6b403d5f7fe8b9e08227c6b255f98ad82b4ba0 \
+    --hash=sha256:b5f56c3f344f2ccaf0dd875d3e180f631dc60a51b314295a3e681fe8cf851fbe \
+    --hash=sha256:be5463ac478b623b9dd3937afd7fb7ab3d79dd290a28e2b6df292dc75063eb8a \
+    --hash=sha256:c37d8ba9411d6003bba9e518db0db0c58a680ab9fe5179f040b0463644bc9805 \
+    --hash=sha256:c84d689db21a1c397d001aa08241044aa2069e7587b398c8cc63020390b1c1b8 \
+    --hash=sha256:c96d333dcf42d01f47b37e0979b6bd73ec91eae18614864622d9b87bbd5bbf36 \
+    --hash=sha256:cadc9e0ea0a2431124cde7e1697106471fc4c1da01530e679b2391c37d3fbb3a \
+    --hash=sha256:cc3e831b563b3114baac7ec2ee86819eb03caa1a2cef0b481a5675b59c4fe23b \
+    --hash=sha256:cd8ff254faf15591e724dc7c4ddb6bf4793efcbe13802a4ae3e863cd300b493e \
+    --hash=sha256:d000f46e2917c705e9fb93a3606ee4a819d1e3aa7a9b442f6444f07e77cf5e25 \
+    --hash=sha256:d9da3df5f9ea2a89b81bb6087177fb1f4d1c7146d583a3fe5c672c0d94e55e12 \
+    --hash=sha256:e5c5858ad8ec655450a7c7df532e9842cf8df7cc349df7225c60d5d348c8aada \
+    --hash=sha256:e67d793d180c9df62f1f40aee3accca4829d3794c95098887edc18af4b8b780c \
+    --hash=sha256:ea944117a7974ae78059fcc1800e5d3295172bb97035c0c1d9345fca1419da71 \
+    --hash=sha256:eb76541cba2f958032d79d143b98a3a6b3ea87f0959bbe256c0b5e416599fd5d \
+    --hash=sha256:ec1ee50470b0d050984394423d96325b744d55c701a439d2bd66089bff963d3c \
+    --hash=sha256:ee92f2fd10f4adc4b43d07ec5e779932b4eb3dbfbc34790ada5a6669bc095aa6 \
+    --hash=sha256:f0f5d8f4a08090c6d6d578351a2b91acf519a54986c055af27e7a93feae6d3f1 \
+    --hash=sha256:f1f182ebd2303acf8c380a54f615ec883322593320a9b00438eb842c1f37ae50 \
+    --hash=sha256:f8a5827f84d973d8636e9dc5764af4f0cf2318d26744b3d902931701b0d46653 \
+    --hash=sha256:f944255db153ebb2b19c51fe85dd99ef0ce494123f21b9db4877ffdfc5590c7c \
+    --hash=sha256:fdae223722da47b024b867c1ea0be64e0df702c5e0a60e27daad39bf960dd1e4 \
+    --hash=sha256:fe27fb049cdcca11f11a7bfda64043c37b30e6b91f10cb5bab275806c32f6ab3
+    # via
+    #   -r .github\scripts\requirements_dev.in
+    #   pdf2image
+    #   weasyprint
+platformdirs==4.3.8 \
+    --hash=sha256:3d512d96e16bcb959a814c9f348431070822a6496326a4be0911c40b5a74c2bc \
+    --hash=sha256:ff7059bb7eb1179e2685604f4aaf157cfd9535242bd23742eadc3c13542139b4
+    # via virtualenv
+pre-commit==4.3.0 \
+    --hash=sha256:2b0747ad7e6e967169136edffee14c16e148a778a54e4f967921aa1ebf2308d8 \
+    --hash=sha256:499fe450cc9d42e9d58e606262795ecb64dd05438943c62b66f6a8673da30b16
+    # via -r .github\scripts\requirements_dev.in
+pycparser==2.22 \
+    --hash=sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6 \
+    --hash=sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
+    # via cffi
+pydyf==0.11.0 \
+    --hash=sha256:0aaf9e2ebbe786ec7a78ec3fbffa4cdcecde53fd6f563221d53c6bc1328848a3 \
+    --hash=sha256:394dddf619cca9d0c55715e3c55ea121a9bf9cbc780cdc1201a2427917b86b64
+    # via weasyprint
+pyphen==0.17.2 \
+    --hash=sha256:3a07fb017cb2341e1d9ff31b8634efb1ae4dc4b130468c7c39dd3d32e7c3affd \
+    --hash=sha256:f60647a9c9b30ec6c59910097af82bc5dd2d36576b918e44148d8b07ef3b4aa3
+    # via weasyprint
+pyyaml==6.0.2 \
+    --hash=sha256:01179a4a8559ab5de078078f37e5c1a30d76bb88519906844fd7bdea1b7729ff \
+    --hash=sha256:0833f8694549e586547b576dcfaba4a6b55b9e96098b36cdc7ebefe667dfed48 \
+    --hash=sha256:0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086 \
+    --hash=sha256:0b69e4ce7a131fe56b7e4d770c67429700908fc0752af059838b1cfb41960e4e \
+    --hash=sha256:0ffe8360bab4910ef1b9e87fb812d8bc0a308b0d0eef8c8f44e0254ab3b07133 \
+    --hash=sha256:11d8f3dd2b9c1207dcaf2ee0bbbfd5991f571186ec9cc78427ba5bd32afae4b5 \
+    --hash=sha256:17e311b6c678207928d649faa7cb0d7b4c26a0ba73d41e99c4fff6b6c3276484 \
+    --hash=sha256:1e2120ef853f59c7419231f3bf4e7021f1b936f6ebd222406c3b60212205d2ee \
+    --hash=sha256:1f71ea527786de97d1a0cc0eacd1defc0985dcf6b3f17bb77dcfc8c34bec4dc5 \
+    --hash=sha256:23502f431948090f597378482b4812b0caae32c22213aecf3b55325e049a6c68 \
+    --hash=sha256:24471b829b3bf607e04e88d79542a9d48bb037c2267d7927a874e6c205ca7e9a \
+    --hash=sha256:29717114e51c84ddfba879543fb232a6ed60086602313ca38cce623c1d62cfbf \
+    --hash=sha256:2e99c6826ffa974fe6e27cdb5ed0021786b03fc98e5ee3c5bfe1fd5015f42b99 \
+    --hash=sha256:39693e1f8320ae4f43943590b49779ffb98acb81f788220ea932a6b6c51004d8 \
+    --hash=sha256:3ad2a3decf9aaba3d29c8f537ac4b243e36bef957511b4766cb0057d32b0be85 \
+    --hash=sha256:3b1fdb9dc17f5a7677423d508ab4f243a726dea51fa5e70992e59a7411c89d19 \
+    --hash=sha256:41e4e3953a79407c794916fa277a82531dd93aad34e29c2a514c2c0c5fe971cc \
+    --hash=sha256:43fa96a3ca0d6b1812e01ced1044a003533c47f6ee8aca31724f78e93ccc089a \
+    --hash=sha256:50187695423ffe49e2deacb8cd10510bc361faac997de9efef88badc3bb9e2d1 \
+    --hash=sha256:5ac9328ec4831237bec75defaf839f7d4564be1e6b25ac710bd1a96321cc8317 \
+    --hash=sha256:5d225db5a45f21e78dd9358e58a98702a0302f2659a3c6cd320564b75b86f47c \
+    --hash=sha256:6395c297d42274772abc367baaa79683958044e5d3835486c16da75d2a694631 \
+    --hash=sha256:688ba32a1cffef67fd2e9398a2efebaea461578b0923624778664cc1c914db5d \
+    --hash=sha256:68ccc6023a3400877818152ad9a1033e3db8625d899c72eacb5a668902e4d652 \
+    --hash=sha256:70b189594dbe54f75ab3a1acec5f1e3faa7e8cf2f1e08d9b561cb41b845f69d5 \
+    --hash=sha256:797b4f722ffa07cc8d62053e4cff1486fa6dc094105d13fea7b1de7d8bf71c9e \
+    --hash=sha256:7c36280e6fb8385e520936c3cb3b8042851904eba0e58d277dca80a5cfed590b \
+    --hash=sha256:7e7401d0de89a9a855c839bc697c079a4af81cf878373abd7dc625847d25cbd8 \
+    --hash=sha256:80bab7bfc629882493af4aa31a4cfa43a4c57c83813253626916b8c7ada83476 \
+    --hash=sha256:82d09873e40955485746739bcb8b4586983670466c23382c19cffecbf1fd8706 \
+    --hash=sha256:8388ee1976c416731879ac16da0aff3f63b286ffdd57cdeb95f3f2e085687563 \
+    --hash=sha256:8824b5a04a04a047e72eea5cec3bc266db09e35de6bdfe34c9436ac5ee27d237 \
+    --hash=sha256:8b9c7197f7cb2738065c481a0461e50ad02f18c78cd75775628afb4d7137fb3b \
+    --hash=sha256:9056c1ecd25795207ad294bcf39f2db3d845767be0ea6e6a34d856f006006083 \
+    --hash=sha256:936d68689298c36b53b29f23c6dbb74de12b4ac12ca6cfe0e047bedceea56180 \
+    --hash=sha256:9b22676e8097e9e22e36d6b7bda33190d0d400f345f23d4065d48f4ca7ae0425 \
+    --hash=sha256:a4d3091415f010369ae4ed1fc6b79def9416358877534caf6a0fdd2146c87a3e \
+    --hash=sha256:a8786accb172bd8afb8be14490a16625cbc387036876ab6ba70912730faf8e1f \
+    --hash=sha256:a9f8c2e67970f13b16084e04f134610fd1d374bf477b17ec1599185cf611d725 \
+    --hash=sha256:bc2fa7c6b47d6bc618dd7fb02ef6fdedb1090ec036abab80d4681424b84c1183 \
+    --hash=sha256:c70c95198c015b85feafc136515252a261a84561b7b1d51e3384e0655ddf25ab \
+    --hash=sha256:cc1c1159b3d456576af7a3e4d1ba7e6924cb39de8f67111c735f6fc832082774 \
+    --hash=sha256:ce826d6ef20b1bc864f0a68340c8b3287705cae2f8b4b1d932177dcc76721725 \
+    --hash=sha256:d584d9ec91ad65861cc08d42e834324ef890a082e591037abe114850ff7bbc3e \
+    --hash=sha256:d7fded462629cfa4b685c5416b949ebad6cec74af5e2d42905d41e257e0869f5 \
+    --hash=sha256:d84a1718ee396f54f3a086ea0a66d8e552b2ab2017ef8b420e92edbc841c352d \
+    --hash=sha256:d8e03406cac8513435335dbab54c0d385e4a49e4945d2909a581c83647ca0290 \
+    --hash=sha256:e10ce637b18caea04431ce14fabcf5c64a1c61ec9c56b071a4b7ca131ca52d44 \
+    --hash=sha256:ec031d5d2feb36d1d1a24380e4db6d43695f3748343d99434e6f5f9156aaa2ed \
+    --hash=sha256:ef6107725bd54b262d6dedcc2af448a266975032bc85ef0172c5f059da6325b4 \
+    --hash=sha256:efdca5630322a10774e8e98e1af481aad470dd62c3170801852d752aa7a783ba \
+    --hash=sha256:f753120cb8181e736c57ef7636e83f31b9c0d1722c516f7e86cf15b7aa57ff12 \
+    --hash=sha256:ff3824dc5261f50c9b0dfb3be22b4567a6f938ccce4587b38952d85fd9e9afe4
+    # via pre-commit
+tinycss2==1.4.0 \
+    --hash=sha256:10c0972f6fc0fbee87c3edb76549357415e94548c1ae10ebccdea16fb404a9b7 \
+    --hash=sha256:3a49cf47b7675da0b15d0c6e1df8df4ebd96e9394bb905a5775adb0d884c5289
+    # via
+    #   cssselect2
+    #   weasyprint
+tinyhtml5==2.0.0 \
+    --hash=sha256:086f998833da24c300c414d9fe81d9b368fd04cb9d2596a008421cbc705fcfcc \
+    --hash=sha256:13683277c5b176d070f82d099d977194b7a1e26815b016114f581a74bbfbf47e
+    # via weasyprint
+unoserver==3.3.2 \
+    --hash=sha256:1eeb7467cf6b56b8eff3b576e2d1b2b2ff4e0eb2052e995ac80a1456de300639 \
+    --hash=sha256:87e144f903ee21951b2e06a97549450c13ed7eca5bcebad942d3352d4e882616
+    # via -r .github\scripts\requirements_dev.in
+virtualenv==20.33.1 \
+    --hash=sha256:07c19bc66c11acab6a5958b815cbcee30891cd1c2ccf53785a28651a0d8d8a67 \
+    --hash=sha256:1b44478d9e261b3fb8baa5e74a0ca3bc0e05f21aa36167bf9cbf850e542765b8
+    # via pre-commit
+weasyprint==66.0 \
+    --hash=sha256:82b0783b726fcd318e2c977dcdddca76515b30044bc7a830cc4fbe717582a6d0 \
+    --hash=sha256:da71dc87dc129ac9cffdc65e5477e90365ab9dbae45c744014ec1d06303dde40
+    # via -r .github\scripts\requirements_dev.in
+webencodings==0.5.1 \
+    --hash=sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 \
+    --hash=sha256:b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923
+    # via
+    #   cssselect2
+    #   tinycss2
+    #   tinyhtml5
+zopfli==0.2.3.post1 \
+    --hash=sha256:0aa5f90d6298bda02a95bc8dc8c3c19004d5a4e44bda00b67ca7431d857b4b54 \
+    --hash=sha256:0cc20b02a9531559945324c38302fd4ba763311632d0ec8a1a0aa9c10ea363e6 \
+    --hash=sha256:1d8cc06605519e82b16df090e17cb3990d1158861b2872c3117f1168777b81e4 \
+    --hash=sha256:1f990634fd5c5c8ced8edddd8bd45fab565123b4194d6841e01811292650acae \
+    --hash=sha256:2345e713260a350bea0b01a816a469ea356bc2d63d009a0d777691ecbbcf7493 \
+    --hash=sha256:2768c877f76c8a0e7519b1c86c93757f3c01492ddde55751e9988afb7eff64e1 \
+    --hash=sha256:29ea74e72ffa6e291b8c6f2504ce6c146b4fe990c724c1450eb8e4c27fd31431 \
+    --hash=sha256:34a99592f3d9eb6f737616b5bd74b48a589fdb3cb59a01a50d636ea81d6af272 \
+    --hash=sha256:3654bfc927bc478b1c3f3ff5056ed7b20a1a37fa108ca503256d0a699c03bbb1 \
+    --hash=sha256:3657e416ffb8f31d9d3424af12122bb251befae109f2e271d87d825c92fc5b7b \
+    --hash=sha256:37d011e92f7b9622742c905fdbed9920a1d0361df84142807ea2a528419dea7f \
+    --hash=sha256:3827170de28faf144992d3d4dcf8f3998fe3c8a6a6f4a08f1d42c2ec6119d2bb \
+    --hash=sha256:39e576f93576c5c223b41d9c780bbb91fd6db4babf3223d2a4fe7bf568e2b5a8 \
+    --hash=sha256:3a89277ed5f8c0fb2d0b46d669aa0633123aa7381f1f6118c12f15e0fb48f8ca \
+    --hash=sha256:3c163911f8bad94b3e1db0a572e7c28ba681a0c91d0002ea1e4fa9264c21ef17 \
+    --hash=sha256:3f0197b6aa6eb3086ae9e66d6dd86c4d502b6c68b0ec490496348ae8c05ecaef \
+    --hash=sha256:48dba9251060289101343110ab47c0756f66f809bb4d1ddbb6d5c7e7752115c5 \
+    --hash=sha256:4915a41375bdee4db749ecd07d985a0486eb688a6619f713b7bf6fbfd145e960 \
+    --hash=sha256:4c1226a7e2c7105ac31503a9bb97454743f55d88164d6d46bc138051b77f609b \
+    --hash=sha256:4e50ffac74842c1c1018b9b73875a0d0a877c066ab06bf7cccbaa84af97e754f \
+    --hash=sha256:518f1f4ed35dd69ce06b552f84e6d081f07c552b4c661c5312d950a0b764a58a \
+    --hash=sha256:5aad740b4d4fcbaaae4887823925166ffd062db3b248b3f432198fc287381d1a \
+    --hash=sha256:5f272186e03ad55e7af09ab78055535c201b1a0bcc2944edb1768298d9c483a4 \
+    --hash=sha256:5fcfc0dc2761e4fcc15ad5d273b4d58c2e8e059d3214a7390d4d3c8e2aee644e \
+    --hash=sha256:60db20f06c3d4c5934b16cfa62a2cc5c3f0686bffe0071ed7804d3c31ab1a04e \
+    --hash=sha256:615a8ac9dda265e9cc38b2a76c3142e4a9f30fea4a79c85f670850783bc6feb4 \
+    --hash=sha256:6482db9876c68faac2d20a96b566ffbf65ddaadd97b222e4e73641f4f8722fc4 \
+    --hash=sha256:6617fb10f9e4393b331941861d73afb119cd847e88e4974bdbe8068ceef3f73f \
+    --hash=sha256:676919fba7311125244eb0c4393679ac5fe856e5864a15d122bd815205369fa0 \
+    --hash=sha256:6c2d2bc8129707e34c51f9352c4636ca313b52350bbb7e04637c46c1818a2a70 \
+    --hash=sha256:71390dbd3fbf6ebea9a5d85ffed8c26ee1453ee09248e9b88486e30e0397b775 \
+    --hash=sha256:716cdbfc57bfd3d3e31a58e6246e8190e6849b7dbb7c4ce39ef8bbf0edb8f6d5 \
+    --hash=sha256:75a26a2307b10745a83b660c404416e984ee6fca515ec7f0765f69af3ce08072 \
+    --hash=sha256:7be5cc6732eb7b4df17305d8a7b293223f934a31783a874a01164703bc1be6cd \
+    --hash=sha256:7cce242b5df12b2b172489daf19c32e5577dd2fac659eb4b17f6a6efb446fd5c \
+    --hash=sha256:81c341d9bb87a6dbbb0d45d6e272aca80c7c97b4b210f9b6e233bf8b87242f29 \
+    --hash=sha256:89899641d4de97dbad8e0cde690040d078b6aea04066dacaab98e0b5a23573f2 \
+    --hash=sha256:8d5ab297d660b75c159190ce6d73035502310e40fd35170aed7d1a1aea7ddd65 \
+    --hash=sha256:8fbe5bcf10d01aab3513550f284c09fef32f342b36f56bfae2120a9c4d12c130 \
+    --hash=sha256:91a2327a4d7e77471fa4fbb26991c6de4a738c6fc6a33e09bb25f56a870a4b7b \
+    --hash=sha256:95a260cafd56b8fffa679918937401c80bb38e1681c448b988022e4c3610965d \
+    --hash=sha256:96484dc0f48be1c5d7ae9f38ed1ce41e3675fd506b27c11a6607f14b49101e99 \
+    --hash=sha256:9a6aec38a989bad7ddd1ef53f1265699e49e294d08231b5313d61293f3cd6237 \
+    --hash=sha256:9ba214f4f45bec195ee8559651154d3ac2932470b9d91c5715fc29c013349f8c \
+    --hash=sha256:9f4a7ec2770e6af05f5a02733fd3900f30a9cd58e5d6d3727e14c5bcd6e7d587 \
+    --hash=sha256:a1cf720896d2ce998bc8e051d4b4ce0d8bec007aab6243102e8e1d22a0b2fb3f \
+    --hash=sha256:a241a68581d34d67b40c425cce3d1fd211c092f99d9250947824ccba9f491949 \
+    --hash=sha256:a53b18797cdef27e019db595d66c4b077325afe2fd62145953275f53d84ce40c \
+    --hash=sha256:a82fc2dbebe6eb908b9c665e71496f8525c1bc4d2e3a7a7722ef2b128b6227c8 \
+    --hash=sha256:a86eb88e06bd87e1fff31dac878965c26b0c26db59ddcf78bb0379a954b120de \
+    --hash=sha256:aa588b21044f8a74e423d8c8a4c7fc9988501878aacced793467010039c50734 \
+    --hash=sha256:b05296e8bc88c92e2b21e0a9bae4740c1551ee613c1d93a51fd28a7a0b2b6fbb \
+    --hash=sha256:b0ec13f352ea5ae0fc91f98a48540512eed0767d0ec4f7f3cb92d92797983d18 \
+    --hash=sha256:b3df42f52502438ee973042cc551877d24619fa1cd38ef7b7e9ac74200daca8b \
+    --hash=sha256:b78008a69300d929ca2efeffec951b64a312e9a811e265ea4a907ab546d79fa6 \
+    --hash=sha256:b9026a21b6d41eb0e2e63f5bc1242c3fcc43ecb770963cda99a4307863dac12e \
+    --hash=sha256:bbe429fc50686bb2a2608a30843e36fbaa123462a5284f136c7d9e0145220bfd \
+    --hash=sha256:bfa1eb759e07d8b7aa7a310a2bc535e127ee70addf90dc8d4b946b593c3e51a8 \
+    --hash=sha256:c1e0ed5d84ffa2d677cc9582fc01e61dab2e7ef8b8996e055f0a76167b1b94df \
+    --hash=sha256:c4278d1873ce6e803e5d4f8d702fd3026bd67fca744aa98881324d1157ddf748 \
+    --hash=sha256:cac2b37ab21c2b36a10b685b1893ebd6b0f83ae26004838ac817680881576567 \
+    --hash=sha256:cbe6df25807227519debd1a57ab236f5f6bad441500e85b13903e51f93a43214 \
+    --hash=sha256:cd2c002f160502608dcc822ed2441a0f4509c52e86fcfd1a09e937278ed1ca14 \
+    --hash=sha256:e0137dd64a493ba6a4be37405cfd6febe650a98cc1e9dca8f6b8c63b1db11b41 \
+    --hash=sha256:e63d558847166543c2c9789e6f985400a520b7eacc4b99181668b2c3aeadd352 \
+    --hash=sha256:eb45a34f23da4f8bc712b6376ca5396914b0b7c09adbb001dad964eb7f3132f8 \
+    --hash=sha256:ecb7572df5372abce8073df078207d9d1749f20b8b136089916a4a0868d56051 \
+    --hash=sha256:f12000a6accdd4bf0a3fa6eaa1b1c7a7bc80af0a2edf3f89d770d3dcce1d0e22 \
+    --hash=sha256:f7d69c1a7168ad0e9cb864e8663acb232986a0c9c9cb9801f56bf6214f53a54d \
+    --hash=sha256:f815fcc2b2a457977724bad97fb4854022980f51ce7b136925e336b530545ae1 \
+    --hash=sha256:fc39f5c27f962ec8660d8d20c24762431131b5d8c672b44b0a54cf2b5bcde9b9
+    # via fonttools
+
+# The following packages are considered to be unsafe in a requirements file:
+pip==25.2 \
+    --hash=sha256:578283f006390f85bb6282dffb876454593d637f5d1be494b5202ce4877e71f2 \
+    --hash=sha256:6d67a2b4e7f14d8b31b8b52648866fa717f45a1eb70e83002f4331d07e953717
+    # via -r .github\scripts\requirements_dev.in
+setuptools==80.9.0 \
+    --hash=sha256:062d34222ad13e0cc312a4c02d73f059e86a4acbfbdea8f8f76b28c99f306922 \
+    --hash=sha256:f36b47402ecde768dbfafc46e8e4207b4360c654f1f3bb84475f0a28628fb19c
+    # via -r .github\scripts\requirements_dev.in

.github/scripts/requirements_pre_commit.txt

@@ -8,17 +8,17 @@ cfgv==3.4.0 \
     --hash=sha256:b7265b1f29fd3316bfcd2b330d63d024f2bfd8bcb8b0272f8e19a504856c48f9 \
     --hash=sha256:e52591d4c5f5dead8e0f673fb16db7949d2cfb3f7da4582893288f0ded8fe560
     # via pre-commit
-distlib==0.3.9 \
-    --hash=sha256:47f8c22fd27c27e25a65601af709b38e4f0a45ea4fc2e710f65755fa8caaaf87 \
-    --hash=sha256:a60f20dea646b8a33f3e7772f74dc0b2d0772d2837ee1342a00645c81edf9403
+distlib==0.4.0 \
+    --hash=sha256:9659f7d87e46584a30b5780e43ac7a2143098441670ff0a49d5f9034c54a6c16 \
+    --hash=sha256:feec40075be03a04501a973d81f633735b4b69f98b05450592310c0f401a4e0d
     # via virtualenv
 filelock==3.18.0 \
     --hash=sha256:adbc88eabb99d2fec8c9c1b229b171f18afa655400173ddc653d5d01501fb9f2 \
     --hash=sha256:c401f4f8377c4464e6db25fff06205fd89bdd83b65eb0488ed1b160f780e21de
     # via virtualenv
-identify==2.6.12 \
-    --hash=sha256:ad9672d5a72e0d2ff7c5c8809b62dfa60458626352fb0eb7b55e69bdc45334a2 \
-    --hash=sha256:d8de45749f1efb108badef65ee8386f0f7bb19a7f26185f74de6367bffbaf0e6
+identify==2.6.13 \
+    --hash=sha256:60381139b3ae39447482ecc406944190f690d4a2997f2584062089848361b33b \
+    --hash=sha256:da8d6c828e773620e13bfa86ea601c5a5310ba4bcd65edf378198b56a1f9fb32
     # via pre-commit
 nodeenv==1.9.1 \
     --hash=sha256:6ec12890a2dab7946721edbfbcd91f3319c6ccc9aec47be7c7e6b7011ee6645f \
@@ -28,9 +28,9 @@ platformdirs==4.3.8 \
     --hash=sha256:3d512d96e16bcb959a814c9f348431070822a6496326a4be0911c40b5a74c2bc \
     --hash=sha256:ff7059bb7eb1179e2685604f4aaf157cfd9535242bd23742eadc3c13542139b4
     # via virtualenv
-pre-commit==4.2.0 \
-    --hash=sha256:601283b9757afd87d40c4c4a9b2b5de9637a8ea02eaff7adc2d0fb4e04841146 \
-    --hash=sha256:a009ca7205f1eb497d10b845e52c838a98b6cdd2102a6c8e4540e94ee75c58bd
+pre-commit==4.3.0 \
+    --hash=sha256:2b0747ad7e6e967169136edffee14c16e148a778a54e4f967921aa1ebf2308d8 \
+    --hash=sha256:499fe450cc9d42e9d58e606262795ecb64dd05438943c62b66f6a8673da30b16
     # via -r .github\scripts\requirements_pre_commit.in
 pyyaml==6.0.2 \
     --hash=sha256:01179a4a8559ab5de078078f37e5c1a30d76bb88519906844fd7bdea1b7729ff \
@@ -87,7 +87,11 @@ pyyaml==6.0.2 \
     --hash=sha256:f753120cb8181e736c57ef7636e83f31b9c0d1722c516f7e86cf15b7aa57ff12 \
     --hash=sha256:ff3824dc5261f50c9b0dfb3be22b4567a6f938ccce4587b38952d85fd9e9afe4
     # via pre-commit
-virtualenv==20.31.2 \
-    --hash=sha256:36efd0d9650ee985f0cad72065001e66d49a6f24eb44d98980f630686243cf11 \
-    --hash=sha256:e10c0a9d02835e592521be48b332b6caee6887f332c111aa79a09b9e79efc2af
+typing-extensions==4.14.1 \
+    --hash=sha256:38b39f4aeeab64884ce9f74c94263ef78f3c22467c8724005483154c26648d36 \
+    --hash=sha256:d1e1e3b58374dc93031d6eda2420a48ea44a36c2b4766a4fdeb3710755731d76
+    # via virtualenv
+virtualenv==20.34.0 \
+    --hash=sha256:341f5afa7eee943e4984a9207c025feedd768baff6753cd660c857ceb3e36026 \
+    --hash=sha256:44815b2c9dee7ed86e387b842a84f20b93f7f417f95886ca1996a72a4138eb1a
     # via pre-commit

.github/workflows/PR-Demo-Comment-with-react.yml

@@ -33,8 +33,6 @@ jobs:
       )
     outputs:
       pr_number: ${{ steps.get-pr.outputs.pr_number }}
-      pr_repository: ${{ steps.get-pr-info.outputs.repository }}
-      pr_ref: ${{ steps.get-pr-info.outputs.ref }}
       comment_id: ${{ github.event.comment.id }}
       disable_security: ${{ steps.check-security-flag.outputs.disable_security }}
       enable_pro: ${{ steps.check-pro-flag.outputs.enable_pro }}
@@ -46,7 +44,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout PR
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Setup GitHub App Bot
         if: github.actor != 'dependabot[bot]'
@@ -66,29 +64,6 @@ jobs:
             console.log(`PR Number: ${prNumber}`);
             core.setOutput('pr_number', prNumber);
 
-      - name: Get PR repository and ref
-        id: get-pr-info
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          script: |
-            const { owner, repo } = context.repo;
-            const prNumber = context.payload.issue.number;
-
-            const { data: pr } = await github.rest.pulls.get({
-              owner,
-              repo,
-              pull_number: prNumber,
-            });
-
-            // For forks, use the full repository name, for internal PRs use the current repo
-            const repository = pr.head.repo.fork ? pr.head.repo.full_name : `${owner}/${repo}`;
-
-            console.log(`PR Repository: ${repository}`);
-            console.log(`PR Branch: ${pr.head.ref}`);
-
-            core.setOutput('repository', repository);
-            core.setOutput('ref', pr.head.ref);
-
       - name: Check for security/login flag
         id: check-security-flag
         env:
@@ -157,7 +132,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout PR
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Setup GitHub App Bot
         if: github.actor != 'dependabot[bot]'
@@ -169,10 +144,9 @@ jobs:
           private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
 
       - name: Checkout PR
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
         with:
-          repository: ${{ needs.check-comment.outputs.pr_repository }}
-          ref: ${{ needs.check-comment.outputs.pr_ref }}
+          ref: refs/pull/${{ needs.check-comment.outputs.pr_number }}/merge
           token: ${{ steps.setup-bot.outputs.token }}
 
       - name: Set up JDK
@@ -196,7 +170,7 @@ jobs:
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
 
       - name: Login to Docker Hub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_API }}

.github/workflows/PR-Demo-cleanup.yml

@@ -26,7 +26,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout PR
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Setup GitHub App Bot
         if: github.actor != 'dependabot[bot]'

.github/workflows/ai_pr_title_review.yml

@@ -23,7 +23,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
         with:
           fetch-depth: 0
 
@@ -87,7 +87,7 @@ jobs:
       - name: AI PR Title Analysis
         if: steps.actor.outputs.is_repo_dev == 'true'
         id: ai-title-analysis
-        uses: actions/ai-inference@d645f067d89ee1d5d736a5990e327e504d1c5a4a # v1.1.0
+        uses: actions/ai-inference@b81b2afb8390ee6839b494a404766bef6493c7d9 # v1.2.8
         with:
           model: openai/gpt-4o
           system-prompt-file: ".github/config/system-prompt.txt"

.github/workflows/auto-labelerV2.yml

@@ -17,7 +17,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Setup GitHub App Bot
         id: setup-bot

.github/workflows/build.yml

@@ -16,7 +16,7 @@ on:
 # This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
 # in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref_name || github.ref }}
   cancel-in-progress: true
 
 permissions:
@@ -34,7 +34,7 @@ jobs:
       project: ${{ steps.changes.outputs.project }}
       openapi: ${{ steps.changes.outputs.openapi }}
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Check for file changes
         uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
@@ -61,7 +61,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Set up JDK ${{ matrix.jdk-version }}
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@@ -70,7 +70,7 @@ jobs:
           distribution: "temurin"
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
         with:
           gradle-version: 8.14
 
@@ -134,7 +134,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Set up JDK 17
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@@ -143,10 +143,12 @@ jobs:
           distribution: "temurin"
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
 
       - name: Generate OpenAPI documentation
         run: ./gradlew :stirling-pdf:generateOpenApiDocs
+        env:
+          DISABLE_ADDITIONAL_FEATURES: true
       
       - name: Upload OpenAPI Documentation
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
@@ -165,7 +167,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Set up JDK 17
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@@ -173,10 +175,13 @@ jobs:
           java-version: "17"
           distribution: "temurin"
 
-      - name: check the licenses for compatibility
+      - name: Check licenses for compatibility
         run: ./gradlew clean checkLicense
+        env:
+          DISABLE_ADDITIONAL_FEATURES: false
+          STIRLING_PDF_DESKTOP_UI: true
 
-      - name: FAILED - check the licenses for compatibility
+      - name: FAILED - Check licenses for compatibility
         if: failure()
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
@@ -211,7 +216,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout Repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Set up Java 17
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@@ -260,7 +265,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout Repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Set up JDK 17
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@@ -269,7 +274,7 @@ jobs:
           distribution: "temurin"
 
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
         with:
           gradle-version: 8.14
 

.github/workflows/check_properties.yml

@@ -15,7 +15,7 @@ on:
 # This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
 # in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref_name || github.ref }}
   cancel-in-progress: true
 
 permissions:
@@ -35,7 +35,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout main branch first
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Setup GitHub App Bot
         id: setup-bot
@@ -127,7 +127,7 @@ jobs:
 
             // Filter for relevant files based on the PR changes
             const changedFiles = files
-              .filter(file => 
+              .filter(file =>
                 file.status !== "removed" &&
                 /^app\/core\/src\/main\/resources\/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$/.test(file.filename)
               )
@@ -289,4 +289,4 @@ jobs:
           rm -rf pr-branch
           rm -f pr-branch-messages_en_GB.properties main-branch-messages_en_GB.properties changed_files.txt result.txt
           echo "Cleanup complete."
-        continue-on-error: true # Ensure cleanup runs even if previous steps fail
+        continue-on-error: true # Ensure cleanup runs even if previous steps fail

.github/workflows/dependency-review.yml

@@ -22,6 +22,6 @@ jobs:
           egress-policy: audit
 
       - name: "Checkout Repository"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
       - name: "Dependency Review"
-        uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1
+        uses: actions/dependency-review-action@bc41886e18ea39df68b1b1245f4184881938e050 # v4.7.2

.github/workflows/licenses-update.yml

@@ -36,7 +36,7 @@ jobs:
           egress-policy: audit
 
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
         with:
           fetch-depth: 0
 
@@ -54,10 +54,13 @@ jobs:
           distribution: "temurin"
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
 
       - name: Check licenses for compatibility
         run: ./gradlew clean checkLicense
+        env:
+          DISABLE_ADDITIONAL_FEATURES: false
+          STIRLING_PDF_DESKTOP_UI: true
 
       - name: Upload artifact on failure
         if: failure()

.github/workflows/manage-label.yml

@@ -20,7 +20,7 @@ jobs:
           egress-policy: audit
 
       - name: Check out the repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Run Labeler
         uses: crazy-max/ghaction-github-labeler@24d110aa46a59976b8a7f35518cb7f14f434c916 # v5.3.0

.github/workflows/multiOSReleases.yml

@@ -25,7 +25,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Set up JDK
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@@ -64,7 +64,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Set up JDK 21
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@@ -72,7 +72,7 @@ jobs:
           java-version: "21"
           distribution: "temurin"
 
-      - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+      - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
         with:
           gradle-version: 8.14
 
@@ -115,7 +115,7 @@ jobs:
           egress-policy: audit
 
       - name: Download build artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
         with:
           name: stirling-${{ matrix.file_suffix }}binaries
 
@@ -152,7 +152,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Set up JDK 21
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@@ -160,7 +160,7 @@ jobs:
           java-version: "21"
           distribution: "temurin"
 
-      - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+      - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
         with:
           gradle-version: 8.14
 
@@ -243,7 +243,7 @@ jobs:
           egress-policy: audit
 
       - name: Download build artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
         with:
           name: ${{ matrix.platform }}binaries
 
@@ -306,7 +306,7 @@ jobs:
           egress-policy: audit
 
       - name: Download signed artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
       - name: Display structure of downloaded files
         run: ls -R
       - name: Upload binaries, attestations and signatures to Release and create GitHub Release

.github/workflows/pre_commit.yml

@@ -2,8 +2,9 @@ name: Pre-commit
 
 on:
   workflow_dispatch:
-  schedule:
-    - cron: "0 0 * * 1"
+  push:
+    branches:
+      - main
 
 permissions:
   contents: read
@@ -21,7 +22,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
         with:
           fetch-depth: 0
 
@@ -46,6 +47,15 @@ jobs:
       - run: pre-commit run --all-files -c .pre-commit-config.yaml
         continue-on-error: true
 
+      - name: Set up JDK
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        with:
+          java-version: 17
+          distribution: "temurin"
+
+      - name: Build with Gradle
+        run: ./gradlew clean build
+
       - name: git add
         run: |
           git add .

.github/workflows/push-docker.yml

@@ -34,7 +34,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Set up JDK 17
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@@ -42,7 +42,7 @@ jobs:
           java-version: "17"
           distribution: "temurin"
 
-      - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+      - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
         with:
           gradle-version: 8.14
 
@@ -67,13 +67,13 @@ jobs:
         run: echo "versionNumber=$(./gradlew printVersion --quiet | tail -1)" >> $GITHUB_OUTPUT
 
       - name: Login to Docker Hub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_API }}
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -88,7 +88,7 @@ jobs:
 
       - name: Generate tags
         id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
         if: github.ref != 'refs/heads/main'
         with:
           images: |
@@ -134,7 +134,7 @@ jobs:
 
       - name: Generate tags ultra-lite
         id: meta2
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
         if: github.ref != 'refs/heads/main'
         with:
           images: |
@@ -165,7 +165,7 @@ jobs:
 
       - name: Generate tags fat
         id: meta3
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
         with:
           images: |
             ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf

.github/workflows/releaseArtifacts.yml

@@ -27,7 +27,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Set up JDK 17
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@@ -35,7 +35,7 @@ jobs:
           java-version: "17"
           distribution: "temurin"
 
-      - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+      - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
         with:
           gradle-version: 8.14
 
@@ -88,7 +88,7 @@ jobs:
           egress-policy: audit
 
       - name: Download build artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
         with:
           name: binaries${{ matrix.file_suffix }}
       - name: Display structure of downloaded files
@@ -166,7 +166,7 @@ jobs:
           egress-policy: audit
 
       - name: Download signed artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
         with:
           name: signed${{ matrix.file_suffix }}
 

.github/workflows/scorecards.yml

@@ -39,7 +39,7 @@ jobs:
           egress-policy: audit
 
       - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
         with:
           persist-credentials: false
 
@@ -74,6 +74,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3
+        uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5
         with:
           sarif_file: results.sarif

.github/workflows/sonarqube.yml

@@ -18,7 +18,7 @@ on:
 # This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
 # in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref_name || github.ref }}
   cancel-in-progress: true
 
 permissions:
@@ -34,12 +34,12 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
         with:
           fetch-depth: 0
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
 
       - name: Build and analyze with Gradle
         env:

.github/workflows/swagger.yml

@@ -30,7 +30,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Set up JDK 17
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@@ -38,7 +38,7 @@ jobs:
           java-version: "17"
           distribution: "temurin"
 
-      - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+      - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
 
       - name: Generate Swagger documentation
         run: ./gradlew :stirling-pdf:generateOpenApiDocs

.github/workflows/sync_files.yml

@@ -36,7 +36,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Setup GitHub App Bot
         id: setup-bot

.github/workflows/testdriver.yml

@@ -29,7 +29,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Set up JDK
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
@@ -38,7 +38,7 @@ jobs:
           distribution: 'temurin'
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
         with:
           gradle-version: 8.14
 
@@ -57,7 +57,7 @@ jobs:
           echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT
 
       - name: Login to Docker Hub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_API }}
@@ -126,7 +126,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Set up Node
         uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.12.0
+    rev: v0.12.7
     hooks:
       - id: ruff
         args:
@@ -22,7 +22,7 @@ repos:
         files: \.(html|css|js|py|md)$
         exclude: (.vscode|.devcontainer|app/core/src/main/resources|app/proprietary/src/main/resources|Dockerfile|.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js)
   - repo: https://github.com/gitleaks/gitleaks
-    rev: v8.27.2
+    rev: v8.28.0
     hooks:
       - id: gitleaks
   - repo: https://github.com/pre-commit/pre-commit-hooks
@@ -43,4 +43,4 @@ repos:
   #         - stylelint-config-standard@38.0.0
   #         - "@stylistic/stylelint-plugin@3.1.3"
   #       files: \.(css)$
-  #       args: [--fix]
+  #       args: [--fix]

.vscode/settings.json

@@ -2,6 +2,7 @@
   "editor.wordSegmenterLocales": "",
   "editor.guides.bracketPairs": "active",
   "editor.guides.bracketPairsHorizontal": "active",
+  "editor.defaultFormatter": "EditorConfig.EditorConfig",
   "cSpell.enabled": false,
   "[feature]": {
     "editor.defaultFormatter": "alexkrechik.cucumberautocomplete"
@@ -40,7 +41,7 @@
   "java.configuration.updateBuildConfiguration": "interactive",
   "java.format.enabled": true,
   "java.format.settings.profile": "GoogleStyle",
-  "java.format.settings.google.version": "1.27.0",
+  "java.format.settings.google.version": "1.28.0",
   "java.format.settings.google.extra": "--aosp --skip-sorting-imports --skip-javadoc-formatting",
   // (DE) Aktiviert Kommentare im Java-Format.
   // (EN) Enables comments in Java formatting.

Dockerfile

@@ -78,7 +78,7 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a
     # URW Base 35 fonts for better PDF rendering
     font-urw-base35 && \
     python3 -m venv /opt/venv && \
-    /opt/venv/bin/pip install --upgrade pip setuptools && \
+    /opt/venv/bin/pip install --no-cache-dir --upgrade pip setuptools && \
     /opt/venv/bin/pip install --no-cache-dir --upgrade unoserver weasyprint && \
     ln -s /usr/lib/libreoffice/program/uno.py /opt/venv/lib/python3.12/site-packages/ && \
     ln -s /usr/lib/libreoffice/program/unohelper.py /opt/venv/lib/python3.12/site-packages/ && \
@@ -89,7 +89,6 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a
     ln -s /usr/share/fontconfig/conf.avail/69-urw-*.conf /etc/fonts/conf.d/ && \
     fc-cache -f -v && \
     chmod +x /scripts/* && \
-    chmod +x /scripts/init.sh && \
     # User permissions
     addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
     chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline /tmp/stirling-pdf && \

Dockerfile.dev

@@ -34,10 +34,10 @@ ENV SETUPTOOLS_USE_DISTUTILS=local \
     TMP=/tmp/stirling-pdf
 
 # Installation der benötigten Python-Pakete
+COPY .github/scripts/requirements_dev.txt /tmp/requirements_dev.txt
 RUN python3 -m venv --system-site-packages /opt/venv \
   && . /opt/venv/bin/activate \
-  && pip install --upgrade pip setuptools \
-  && pip install --no-cache-dir WeasyPrint pdf2image pillow unoserver opencv-python-headless pre-commit
+  && pip install --no-cache-dir --require-hashes -r /tmp/requirements_dev.txt
 
 # Füge den venv-Pfad zur globalen PATH-Variable hinzu, damit die Tools verfügbar sind
 ENV PATH="/opt/venv/bin:$PATH"
@@ -54,8 +54,7 @@ RUN echo "devuser ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/devuser \
 # Setze das Arbeitsverzeichnis (wird später per Bind-Mount überschrieben)
 WORKDIR /workspace
 
-RUN chmod +x /workspace/.devcontainer/git-init.sh
-RUN sudo chmod +x /workspace/.devcontainer/init-setup.sh
+RUN chmod +x /workspace/.devcontainer/git-init.sh /workspace/.devcontainer/init-setup.sh
 
 # Wechsel zum Nicht‑Root Benutzer
 USER devuser

Dockerfile.fat

@@ -91,7 +91,7 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a
     py3-pillow@testing \
     py3-pdf2image@testing && \
     python3 -m venv /opt/venv && \
-    /opt/venv/bin/pip install --upgrade pip setuptools && \
+    /opt/venv/bin/pip install --no-cache-dir --upgrade pip setuptools && \
     /opt/venv/bin/pip install --no-cache-dir --upgrade unoserver weasyprint && \
     ln -s /usr/lib/libreoffice/program/uno.py /opt/venv/lib/python3.12/site-packages/ && \
     ln -s /usr/lib/libreoffice/program/unohelper.py /opt/venv/lib/python3.12/site-packages/ && \
@@ -102,7 +102,6 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a
     ln -s /usr/share/fontconfig/conf.avail/69-urw-*.conf /etc/fonts/conf.d/ && \
     fc-cache -f -v && \
     chmod +x /scripts/* && \
-    chmod +x /scripts/init.sh && \
     # User permissions
     addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
     chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline /tmp/stirling-pdf && \

README.md

@@ -116,47 +116,47 @@ Stirling-PDF currently supports 40 languages!
 
 | Language                                     | Progress                               |
 | -------------------------------------------- | -------------------------------------- |
-| Arabic (العربية) (ar_AR)                        | ![63%](https://geps.dev/progress/63)   |
-| Azerbaijani (Azərbaycan Dili) (az_AZ)        | ![63%](https://geps.dev/progress/63)   |
-| Basque (Euskara) (eu_ES)                     | ![37%](https://geps.dev/progress/37)   |
-| Bulgarian (Български) (bg_BG)                | ![70%](https://geps.dev/progress/70)   |
-| Catalan (Català) (ca_CA)                     | ![69%](https://geps.dev/progress/69)   |
-| Croatian (Hrvatski) (hr_HR)                  | ![62%](https://geps.dev/progress/62)   |
-| Czech (Česky) (cs_CZ)                        | ![71%](https://geps.dev/progress/71)   |
-| Danish (Dansk) (da_DK)                       | ![63%](https://geps.dev/progress/63)   |
-| Dutch (Nederlands) (nl_NL)                   | ![61%](https://geps.dev/progress/61)   |
+| Arabic (العربية) (ar_AR)                        | ![61%](https://geps.dev/progress/61)   |
+| Azerbaijani (Azərbaycan Dili) (az_AZ)        | ![62%](https://geps.dev/progress/62)   |
+| Basque (Euskara) (eu_ES)                     | ![36%](https://geps.dev/progress/36)   |
+| Bulgarian (Български) (bg_BG)                | ![68%](https://geps.dev/progress/68)   |
+| Catalan (Català) (ca_CA)                     | ![68%](https://geps.dev/progress/68)   |
+| Croatian (Hrvatski) (hr_HR)                  | ![60%](https://geps.dev/progress/60)   |
+| Czech (Česky) (cs_CZ)                        | ![70%](https://geps.dev/progress/70)   |
+| Danish (Dansk) (da_DK)                       | ![61%](https://geps.dev/progress/61)   |
+| Dutch (Nederlands) (nl_NL)                   | ![60%](https://geps.dev/progress/60)   |
 | English (English) (en_GB)                    | ![100%](https://geps.dev/progress/100) |
 | English (US) (en_US)                         | ![100%](https://geps.dev/progress/100) |
-| French (Français) (fr_FR)                    | ![91%](https://geps.dev/progress/91)   |
-| German (Deutsch) (de_DE)                     | ![100%](https://geps.dev/progress/100)   |
-| Greek (Ελληνικά) (el_GR)                     | ![69%](https://geps.dev/progress/69)   |
-| Hindi (हिंदी) (hi_IN)                          | ![68%](https://geps.dev/progress/68)   |
+| French (Français) (fr_FR)                    | ![89%](https://geps.dev/progress/89)   |
+| German (Deutsch) (de_DE)                     | ![98%](https://geps.dev/progress/98)   |
+| Greek (Ελληνικά) (el_GR)                     | ![67%](https://geps.dev/progress/67)   |
+| Hindi (हिंदी) (hi_IN)                          | ![67%](https://geps.dev/progress/67)   |
 | Hungarian (Magyar) (hu_HU)                   | ![99%](https://geps.dev/progress/99)   |
-| Indonesian (Bahasa Indonesia) (id_ID)        | ![63%](https://geps.dev/progress/63)   |
-| Irish (Gaeilge) (ga_IE)                      | ![70%](https://geps.dev/progress/70)   |
+| Indonesian (Bahasa Indonesia) (id_ID)        | ![62%](https://geps.dev/progress/62)   |
+| Irish (Gaeilge) (ga_IE)                      | ![68%](https://geps.dev/progress/68)   |
 | Italian (Italiano) (it_IT)                   | ![98%](https://geps.dev/progress/98)   |
-| Japanese (日本語) (ja_JP)                    | ![95%](https://geps.dev/progress/95)   |
-| Korean (한국어) (ko_KR)                      | ![69%](https://geps.dev/progress/69)   |
-| Norwegian (Norsk) (no_NB)                    | ![67%](https://geps.dev/progress/67)   |
-| Persian (فارسی) (fa_IR)                      | ![66%](https://geps.dev/progress/66)   |
-| Polish (Polski) (pl_PL)                      | ![73%](https://geps.dev/progress/73)   |
-| Portuguese (Português) (pt_PT)               | ![70%](https://geps.dev/progress/70)   |
-| Portuguese Brazilian (Português) (pt_BR)     | ![77%](https://geps.dev/progress/77)   |
-| Romanian (Română) (ro_RO)                    | ![59%](https://geps.dev/progress/59)   |
-| Russian (Русский) (ru_RU)                    | ![90%](https://geps.dev/progress/90)   |
-| Serbian Latin alphabet (Srpski) (sr_LATN_RS) | ![97%](https://geps.dev/progress/97)   |
-| Simplified Chinese (简体中文) (zh_CN)         | ![95%](https://geps.dev/progress/95)   |
-| Slovakian (Slovensky) (sk_SK)                | ![53%](https://geps.dev/progress/53)   |
-| Slovenian (Slovenščina) (sl_SI)              | ![73%](https://geps.dev/progress/73)   |
-| Spanish (Español) (es_ES)                    | ![75%](https://geps.dev/progress/75)   |
-| Swedish (Svenska) (sv_SE)                    | ![67%](https://geps.dev/progress/67)   |
-| Thai (ไทย) (th_TH)                           | ![60%](https://geps.dev/progress/60)   |
-| Tibetan (བོད་ཡིག་) (bo_CN)                     | ![66%](https://geps.dev/progress/66) |
-| Traditional Chinese (繁體中文) (zh_TW)        | ![77%](https://geps.dev/progress/77)   |
-| Turkish (Türkçe) (tr_TR)                     | ![82%](https://geps.dev/progress/82)   |
-| Ukrainian (Українська) (uk_UA)               | ![72%](https://geps.dev/progress/72)   |
-| Vietnamese (Tiếng Việt) (vi_VN)              | ![58%](https://geps.dev/progress/58)   |
-| Malayalam (മലയാളം) (ml_IN)              | ![75%](https://geps.dev/progress/75)   |
+| Japanese (日本語) (ja_JP)                    | ![93%](https://geps.dev/progress/93)   |
+| Korean (한국어) (ko_KR)                      | ![67%](https://geps.dev/progress/67)   |
+| Norwegian (Norsk) (no_NB)                    | ![66%](https://geps.dev/progress/66)   |
+| Persian (فارسی) (fa_IR)                      | ![64%](https://geps.dev/progress/64)   |
+| Polish (Polski) (pl_PL)                      | ![72%](https://geps.dev/progress/72)   |
+| Portuguese (Português) (pt_PT)               | ![69%](https://geps.dev/progress/69)   |
+| Portuguese Brazilian (Português) (pt_BR)     | ![76%](https://geps.dev/progress/76)   |
+| Romanian (Română) (ro_RO)                    | ![57%](https://geps.dev/progress/57)   |
+| Russian (Русский) (ru_RU)                    | ![88%](https://geps.dev/progress/88)   |
+| Serbian Latin alphabet (Srpski) (sr_LATN_RS) | ![95%](https://geps.dev/progress/95)   |
+| Simplified Chinese (简体中文) (zh_CN)         | ![93%](https://geps.dev/progress/93)   |
+| Slovakian (Slovensky) (sk_SK)                | ![51%](https://geps.dev/progress/51)   |
+| Slovenian (Slovenščina) (sl_SI)              | ![71%](https://geps.dev/progress/71)   |
+| Spanish (Español) (es_ES)                    | ![74%](https://geps.dev/progress/74)   |
+| Swedish (Svenska) (sv_SE)                    | ![65%](https://geps.dev/progress/65)   |
+| Thai (ไทย) (th_TH)                           | ![59%](https://geps.dev/progress/59)   |
+| Tibetan (བོད་ཡིག་) (bo_CN)                     | ![65%](https://geps.dev/progress/65) |
+| Traditional Chinese (繁體中文) (zh_TW)        | ![97%](https://geps.dev/progress/97)   |
+| Turkish (Türkçe) (tr_TR)                     | ![80%](https://geps.dev/progress/80)   |
+| Ukrainian (Українська) (uk_UA)               | ![71%](https://geps.dev/progress/71)   |
+| Vietnamese (Tiếng Việt) (vi_VN)              | ![57%](https://geps.dev/progress/57)   |
+| Malayalam (മലയാളം) (ml_IN)              | ![73%](https://geps.dev/progress/73)   |
 
 ## Stirling PDF Enterprise
 

app/common/build.gradle

@@ -4,7 +4,7 @@ bootRun {
 }
 spotless {
     java {
-        target sourceSets.main.allJava
+        target 'src/**/java/**/*.java'
         googleJavaFormat(googleJavaFormatVersion).aosp().reorderImports(false)
 
         importOrder("java", "javax", "org", "com", "net", "io", "jakarta", "lombok", "me", "stirling")
@@ -13,6 +13,18 @@ spotless {
         leadingTabsToSpaces()
         endWithNewline()
     }
+    yaml {
+        target '**/*.yml', '**/*.yaml'
+        trimTrailingWhitespace()
+        leadingTabsToSpaces()
+        endWithNewline()
+    }
+    format 'gradle', {
+        target '**/gradle/*.gradle', '**/*.gradle'
+        trimTrailingWhitespace()
+        leadingTabsToSpaces()
+        endWithNewline()
+    }
 }
 dependencies {
     api 'org.springframework.boot:spring-boot-starter-web'
@@ -27,7 +39,7 @@ dependencies {
     api "org.apache.pdfbox:pdfbox:$pdfboxVersion"
     api 'jakarta.servlet:jakarta.servlet-api:6.1.0'
     api 'org.snakeyaml:snakeyaml-engine:2.10'
-    api "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.9"
+    api "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.11"
     api 'jakarta.mail:jakarta.mail-api:2.1.3'
-    runtimeOnly 'org.eclipse.angus:angus-mail:2.0.3'
+    runtimeOnly 'org.eclipse.angus:angus-mail:2.0.4'
 }

app/common/src/main/java/stirling/software/common/aop/AutoJobAspect.java

@@ -19,7 +19,6 @@ import lombok.extern.slf4j.Slf4j;
 
 import stirling.software.common.annotations.AutoJobPostMapping;
 import stirling.software.common.model.api.PDFFile;
-import stirling.software.common.service.FileOrUploadService;
 import stirling.software.common.service.FileStorage;
 import stirling.software.common.service.JobExecutorService;
 
@@ -34,7 +33,6 @@ public class AutoJobAspect {
 
     private final JobExecutorService jobExecutorService;
     private final HttpServletRequest request;
-    private final FileOrUploadService fileOrUploadService;
     private final FileStorage fileStorage;
 
     @Around("@annotation(autoJobPostMapping)")
@@ -53,7 +51,8 @@ public class AutoJobAspect {
         boolean trackProgress = autoJobPostMapping.trackProgress();
 
         log.debug(
-                "AutoJobPostMapping execution with async={}, timeout={}, retryCount={}, trackProgress={}",
+                "AutoJobPostMapping execution with async={}, timeout={}, retryCount={},"
+                        + " trackProgress={}",
                 async,
                 timeout > 0 ? timeout : "default",
                 retryCount,
@@ -148,7 +147,8 @@ public class AutoJobAspect {
                         } catch (Throwable ex) {
                             lastException = ex;
                             log.error(
-                                    "AutoJobAspect caught exception during job execution (attempt {}/{}): {}",
+                                    "AutoJobAspect caught exception during job execution (attempt"
+                                            + " {}/{}): {}",
                                     currentAttempt,
                                     maxRetries,
                                     ex.getMessage(),

app/common/src/main/java/stirling/software/common/configuration/AppConfig.java

@@ -8,6 +8,7 @@ import java.util.List;
 import java.util.Locale;
 import java.util.Properties;
 import java.util.function.Predicate;
+import java.util.stream.Stream;
 
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -51,6 +52,14 @@ public class AppConfig {
     @Value("${server.port:8080}")
     private String serverPort;
 
+    @Value("${v2}")
+    public boolean v2Enabled;
+
+    @Bean
+    public boolean v2Enabled() {
+        return v2Enabled;
+    }
+
     @Bean
     @ConditionalOnProperty(name = "system.customHTMLFiles", havingValue = "true")
     public SpringTemplateEngine templateEngine(ResourceLoader resourceLoader) {
@@ -120,7 +129,7 @@ public class AppConfig {
     public boolean rateLimit() {
         String rateLimit = System.getProperty("rateLimit");
         if (rateLimit == null) rateLimit = System.getenv("rateLimit");
-        return (rateLimit != null) ? Boolean.valueOf(rateLimit) : false;
+        return Boolean.parseBoolean(rateLimit);
     }
 
     @Bean(name = "RunningInDocker")
@@ -140,8 +149,8 @@ public class AppConfig {
         if (!Files.exists(mountInfo)) {
             return true;
         }
-        try {
-            return Files.lines(mountInfo).anyMatch(line -> line.contains(" /configs "));
+        try (Stream<String> lines = Files.lines(mountInfo)) {
+            return lines.anyMatch(line -> line.contains(" /configs "));
         } catch (IOException e) {
             return false;
         }

app/common/src/main/java/stirling/software/common/configuration/ConfigInitializer.java

@@ -23,10 +23,30 @@ import stirling.software.common.util.YamlHelper;
 @Slf4j
 public class ConfigInitializer {
 
+    private static final int MIN_SETTINGS_FILE_LINES = 31;
+
     public void ensureConfigExists() throws IOException, URISyntaxException {
         // 1) If settings file doesn't exist, create from template
         Path destPath = Paths.get(InstallationPathConfig.getSettingsPath());
-        if (Files.notExists(destPath)) {
+
+        boolean settingsFileExists = Files.exists(destPath);
+
+        long lineCount = settingsFileExists ? Files.readAllLines(destPath).size() : 0;
+
+        log.info("Current settings file line count: {}", lineCount);
+
+        if (!settingsFileExists || lineCount < MIN_SETTINGS_FILE_LINES) {
+            if (settingsFileExists) {
+                // move settings.yml to settings.yml.{timestamp}.bak
+                Path backupPath =
+                        Paths.get(
+                                InstallationPathConfig.getSettingsPath()
+                                        + "."
+                                        + System.currentTimeMillis()
+                                        + ".bak");
+                Files.move(destPath, backupPath, StandardCopyOption.REPLACE_EXISTING);
+                log.info("Moved existing settings file to backup: {}", backupPath);
+            }
             Files.createDirectories(destPath.getParent());
             try (InputStream in =
                     getClass().getClassLoader().getResourceAsStream("settings.yml.template")) {

app/common/src/main/java/stirling/software/common/configuration/InstallationPathConfig.java

@@ -14,12 +14,17 @@ public class InstallationPathConfig {
     private static final String CONFIG_PATH;
     private static final String CUSTOM_FILES_PATH;
     private static final String CLIENT_WEBUI_PATH;
-    private static final String SCRIPTS_PATH;
     private static final String PIPELINE_PATH;
 
     // Config paths
     private static final String SETTINGS_PATH;
     private static final String CUSTOM_SETTINGS_PATH;
+    private static final String SCRIPTS_PATH;
+    private static final String BACKUP_PATH;
+
+    // Backup paths
+    private static final String BACKUP_DB_PATH;
+    private static final String BACKUP_PRIVATE_KEY_PATH;
 
     // Custom file paths
     private static final String STATIC_PATH;
@@ -40,6 +45,11 @@ public class InstallationPathConfig {
         SETTINGS_PATH = CONFIG_PATH + "settings.yml";
         CUSTOM_SETTINGS_PATH = CONFIG_PATH + "custom_settings.yml";
         SCRIPTS_PATH = CONFIG_PATH + "scripts" + File.separator;
+        BACKUP_PATH = CONFIG_PATH + "backup" + File.separator;
+
+        // Initialize backup paths
+        BACKUP_DB_PATH = BACKUP_PATH + "db" + File.separator;
+        BACKUP_PRIVATE_KEY_PATH = BACKUP_PATH + "keys" + File.separator;
 
         // Initialize custom file paths
         STATIC_PATH = CUSTOM_FILES_PATH + "static" + File.separator;
@@ -120,4 +130,12 @@ public class InstallationPathConfig {
     public static String getSignaturesPath() {
         return SIGNATURES_PATH;
     }
+
+    public static String getPrivateKeyPath() {
+        return BACKUP_PRIVATE_KEY_PATH;
+    }
+
+    public static String getBackupPath() {
+        return BACKUP_DB_PATH;
+    }
 }

app/common/src/main/java/stirling/software/common/model/ApplicationProperties.java

@@ -119,6 +119,7 @@ public class ApplicationProperties {
         private long loginResetTimeMinutes;
         private String loginMethod = "all";
         private String customGlobalAPIKey;
+        private Jwt jwt = new Jwt();
 
         public Boolean isAltLogin() {
             return saml2.getEnabled() || oauth2.getEnabled();
@@ -197,7 +198,7 @@ public class ApplicationProperties {
             @JsonIgnore
             public InputStream getIdpMetadataUri() throws IOException {
                 if (idpMetadataUri.startsWith("classpath:")) {
-                    return new ClassPathResource(idpMetadataUri.substring("classpath".length()))
+                    return new ClassPathResource(idpMetadataUri.substring("classpath:".length()))
                             .getInputStream();
                 }
                 try {
@@ -233,6 +234,7 @@ public class ApplicationProperties {
 
             @JsonIgnore
             public Resource getPrivateKey() {
+                if (privateKey == null) return null;
                 if (privateKey.startsWith("classpath:")) {
                     return new ClassPathResource(privateKey.substring("classpath:".length()));
                 } else {
@@ -297,6 +299,15 @@ public class ApplicationProperties {
                 }
             }
         }
+
+        @Data
+        public static class Jwt {
+            private boolean enableKeystore = true;
+            private boolean enableKeyRotation = false;
+            private boolean enableKeyCleanup = true;
+            private int keyRetentionDays = 7;
+            private boolean secureCookie;
+        }
     }
 
     @Data
@@ -311,6 +322,7 @@ public class ApplicationProperties {
         private Boolean enableAnalytics;
         private Datasource datasource;
         private Boolean disableSanitize;
+        private int maxDPI;
         private Boolean enableUrlToPDF;
         private Html html = new Html();
         private CustomPaths customPaths = new CustomPaths();

app/common/src/main/java/stirling/software/common/model/FileInfo.java

@@ -8,9 +8,11 @@ import java.util.Locale;
 
 import lombok.AllArgsConstructor;
 import lombok.Data;
+import lombok.NoArgsConstructor;
 
-@AllArgsConstructor
 @Data
+@NoArgsConstructor
+@AllArgsConstructor
 public class FileInfo {
     private static final DateTimeFormatter DATE_FORMATTER =
             DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");

app/common/src/main/java/stirling/software/common/model/PdfMetadata.java

@@ -2,11 +2,15 @@ package stirling.software.common.model;
 
 import java.util.Calendar;
 
+import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
+import lombok.NoArgsConstructor;
 
 @Data
 @Builder
+@NoArgsConstructor
+@AllArgsConstructor
 public class PdfMetadata {
     private String author;
     private String producer;

app/common/src/main/java/stirling/software/common/service/JobExecutorService.java

@@ -252,8 +252,10 @@ public class JobExecutorService {
                         }
                     }
 
-                    if (response.getHeaders().getContentType() != null) {
-                        contentType = response.getHeaders().getContentType().toString();
+                    MediaType mediaType = response.getHeaders().getContentType();
+
+                    if (mediaType != null) {
+                        contentType = mediaType.toString();
                     }
 
                     // Store byte array directly to disk

app/common/src/main/java/stirling/software/common/service/SsrfProtectionService.java

@@ -1,5 +1,7 @@
 package stirling.software.common.service;
 
+import java.net.Inet4Address;
+import java.net.Inet6Address;
 import java.net.InetAddress;
 import java.net.URI;
 import java.net.UnknownHostException;
@@ -51,16 +53,12 @@ public class SsrfProtectionService {
 
         SsrfProtectionLevel level = parseProtectionLevel(config.getLevel());
 
-        switch (level) {
-            case OFF:
-                return true;
-            case MAX:
-                return isMaxSecurityAllowed(trimmedUrl, config);
-            case MEDIUM:
-                return isMediumSecurityAllowed(trimmedUrl, config);
-            default:
-                return false;
-        }
+        return switch (level) {
+            case OFF -> true;
+            case MAX -> isMaxSecurityAllowed(trimmedUrl, config);
+            case MEDIUM -> isMediumSecurityAllowed(trimmedUrl, config);
+            default -> false;
+        };
     }
 
     private SsrfProtectionLevel parseProtectionLevel(String level) {
@@ -172,15 +170,61 @@ public class SsrfProtectionService {
     }
 
     private boolean isPrivateAddress(InetAddress address) {
-        return address.isSiteLocalAddress()
-                || address.isAnyLocalAddress()
-                || isPrivateIPv4Range(address.getHostAddress());
+        if (address.isAnyLocalAddress() || address.isLoopbackAddress()) {
+            return true;
+        }
+
+        if (address instanceof Inet4Address) {
+            return isPrivateIPv4Range(address.getHostAddress());
+        }
+
+        if (address instanceof Inet6Address addr6) {
+            if (addr6.isLinkLocalAddress() || addr6.isSiteLocalAddress()) {
+                return true;
+            }
+
+            byte[] bytes = addr6.getAddress();
+            if (isIpv4MappedAddress(bytes)) {
+                String ipv4 =
+                        (bytes[12] & 0xff)
+                                + "."
+                                + (bytes[13] & 0xff)
+                                + "."
+                                + (bytes[14] & 0xff)
+                                + "."
+                                + (bytes[15] & 0xff);
+                return isPrivateIPv4Range(ipv4);
+            }
+
+            int firstByte = bytes[0] & 0xff;
+            // Check for IPv6 unique local addresses (fc00::/7)
+            if ((firstByte & 0xfe) == 0xfc) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    private boolean isIpv4MappedAddress(byte[] addr) {
+        if (addr.length != 16) {
+            return false;
+        }
+        for (int i = 0; i < 10; i++) {
+            if (addr[i] != 0) {
+                return false;
+            }
+        }
+        // For IPv4-mapped IPv6 addresses, bytes 10 and 11 must be 0xff (i.e., address is ::ffff:w.x.y.z)
+        return addr[10] == (byte) 0xff && addr[11] == (byte) 0xff;
     }
 
     private boolean isPrivateIPv4Range(String ip) {
+        // Includes RFC1918, loopback, link-local, and unspecified addresses
         return ip.startsWith("10.")
                 || ip.startsWith("192.168.")
                 || (ip.startsWith("172.") && isInRange172(ip))
+                || ip.startsWith("169.254.")
                 || ip.startsWith("127.")
                 || "0.0.0.0".equals(ip);
     }
@@ -192,17 +236,31 @@ public class SsrfProtectionService {
                 int secondOctet = Integer.parseInt(parts[1]);
                 return secondOctet >= 16 && secondOctet <= 31;
             } catch (NumberFormatException e) {
-                return false;
             }
         }
         return false;
     }
 
     private boolean isCloudMetadataAddress(String ip) {
+        String normalizedIp = normalizeIpv4MappedAddress(ip);
         // Cloud metadata endpoints for AWS, GCP, Azure, Oracle Cloud, and IBM Cloud
-        return ip.startsWith("169.254.169.254") // AWS/GCP/Azure
-                || ip.startsWith("fd00:ec2::254") // AWS IPv6
-                || ip.startsWith("169.254.169.253") // Oracle Cloud
-                || ip.startsWith("169.254.169.250"); // IBM Cloud
+        return normalizedIp.startsWith("169.254.169.254") // AWS/GCP/Azure
+                || normalizedIp.startsWith("fd00:ec2::254") // AWS IPv6
+                || normalizedIp.startsWith("169.254.169.253") // Oracle Cloud
+                || normalizedIp.startsWith("169.254.169.250"); // IBM Cloud
+    }
+
+    private String normalizeIpv4MappedAddress(String ip) {
+        if (ip == null) {
+            return "";
+        }
+        if (ip.startsWith("::ffff:")) {
+            return ip.substring(7);
+        }
+        int lastColon = ip.lastIndexOf(':');
+        if (lastColon >= 0 && ip.indexOf('.') > lastColon) {
+            return ip.substring(lastColon + 1);
+        }
+        return ip;
     }
 }

app/common/src/main/java/stirling/software/common/util/CustomHtmlSanitizer.java

@@ -4,7 +4,6 @@ import org.owasp.html.AttributePolicy;
 import org.owasp.html.HtmlPolicyBuilder;
 import org.owasp.html.PolicyFactory;
 import org.owasp.html.Sanitizers;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import stirling.software.common.model.ApplicationProperties;
@@ -16,7 +15,6 @@ public class CustomHtmlSanitizer {
     private final SsrfProtectionService ssrfProtectionService;
     private final ApplicationProperties applicationProperties;
 
-    @Autowired
     public CustomHtmlSanitizer(
             SsrfProtectionService ssrfProtectionService,
             ApplicationProperties applicationProperties) {

app/common/src/main/java/stirling/software/common/util/EmlParser.java

@@ -0,0 +1,652 @@
+package stirling.software.common.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Method;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Properties;
+import java.util.regex.Pattern;
+
+import lombok.Data;
+import lombok.experimental.UtilityClass;
+
+import stirling.software.common.model.api.converters.EmlToPdfRequest;
+
+@UtilityClass
+public class EmlParser {
+
+    private static volatile Boolean jakartaMailAvailable = null;
+    private static volatile Method mimeUtilityDecodeTextMethod = null;
+    private static volatile boolean mimeUtilityChecked = false;
+
+    private static final Pattern MIME_ENCODED_PATTERN =
+            Pattern.compile("=\\?([^?]+)\\?([BbQq])\\?([^?]*)\\?=");
+
+    private static final String DISPOSITION_ATTACHMENT = "attachment";
+    private static final String TEXT_PLAIN = "text/plain";
+    private static final String TEXT_HTML = "text/html";
+    private static final String MULTIPART_PREFIX = "multipart/";
+
+    private static final String HEADER_CONTENT_TYPE = "content-type:";
+    private static final String HEADER_CONTENT_DISPOSITION = "content-disposition:";
+    private static final String HEADER_CONTENT_TRANSFER_ENCODING = "content-transfer-encoding:";
+    private static final String HEADER_CONTENT_ID = "Content-ID";
+    private static final String HEADER_SUBJECT = "Subject:";
+    private static final String HEADER_FROM = "From:";
+    private static final String HEADER_TO = "To:";
+    private static final String HEADER_CC = "Cc:";
+    private static final String HEADER_BCC = "Bcc:";
+    private static final String HEADER_DATE = "Date:";
+
+    private static synchronized boolean isJakartaMailAvailable() {
+        if (jakartaMailAvailable == null) {
+            try {
+                Class.forName("jakarta.mail.internet.MimeMessage");
+                Class.forName("jakarta.mail.Session");
+                Class.forName("jakarta.mail.internet.MimeUtility");
+                Class.forName("jakarta.mail.internet.MimePart");
+                Class.forName("jakarta.mail.internet.MimeMultipart");
+                Class.forName("jakarta.mail.Multipart");
+                Class.forName("jakarta.mail.Part");
+                jakartaMailAvailable = true;
+            } catch (ClassNotFoundException e) {
+                jakartaMailAvailable = false;
+            }
+        }
+        return jakartaMailAvailable;
+    }
+
+    public static EmailContent extractEmailContent(
+            byte[] emlBytes, EmlToPdfRequest request, CustomHtmlSanitizer customHtmlSanitizer)
+            throws IOException {
+        EmlProcessingUtils.validateEmlInput(emlBytes);
+
+        if (isJakartaMailAvailable()) {
+            return extractEmailContentAdvanced(emlBytes, request, customHtmlSanitizer);
+        } else {
+            return extractEmailContentBasic(emlBytes, request, customHtmlSanitizer);
+        }
+    }
+
+    private static EmailContent extractEmailContentBasic(
+            byte[] emlBytes, EmlToPdfRequest request, CustomHtmlSanitizer customHtmlSanitizer) {
+        String emlContent = new String(emlBytes, StandardCharsets.UTF_8);
+        EmailContent content = new EmailContent();
+
+        content.setSubject(extractBasicHeader(emlContent, HEADER_SUBJECT));
+        content.setFrom(extractBasicHeader(emlContent, HEADER_FROM));
+        content.setTo(extractBasicHeader(emlContent, HEADER_TO));
+        content.setCc(extractBasicHeader(emlContent, HEADER_CC));
+        content.setBcc(extractBasicHeader(emlContent, HEADER_BCC));
+
+        String dateStr = extractBasicHeader(emlContent, HEADER_DATE);
+        if (!dateStr.isEmpty()) {
+            content.setDateString(dateStr);
+        }
+
+        String htmlBody = extractHtmlBody(emlContent);
+        if (htmlBody != null) {
+            content.setHtmlBody(htmlBody);
+        } else {
+            String textBody = extractTextBody(emlContent);
+            content.setTextBody(textBody != null ? textBody : "Email content could not be parsed");
+        }
+
+        content.getAttachments().addAll(extractAttachmentsBasic(emlContent));
+
+        return content;
+    }
+
+    private static EmailContent extractEmailContentAdvanced(
+            byte[] emlBytes, EmlToPdfRequest request, CustomHtmlSanitizer customHtmlSanitizer) {
+        try {
+            Class<?> sessionClass = Class.forName("jakarta.mail.Session");
+            Class<?> mimeMessageClass = Class.forName("jakarta.mail.internet.MimeMessage");
+
+            Method getDefaultInstance =
+                    sessionClass.getMethod("getDefaultInstance", Properties.class);
+            Object session = getDefaultInstance.invoke(null, new Properties());
+
+            Class<?>[] constructorArgs = new Class<?>[] {sessionClass, InputStream.class};
+            Constructor<?> mimeMessageConstructor =
+                    mimeMessageClass.getConstructor(constructorArgs);
+            Object message =
+                    mimeMessageConstructor.newInstance(session, new ByteArrayInputStream(emlBytes));
+
+            return extractFromMimeMessage(message, request, customHtmlSanitizer);
+
+        } catch (ReflectiveOperationException e) {
+            return extractEmailContentBasic(emlBytes, request, customHtmlSanitizer);
+        }
+    }
+
+    private static EmailContent extractFromMimeMessage(
+            Object message, EmlToPdfRequest request, CustomHtmlSanitizer customHtmlSanitizer) {
+        EmailContent content = new EmailContent();
+
+        try {
+            Class<?> messageClass = message.getClass();
+
+            Method getSubject = messageClass.getMethod("getSubject");
+            String subject = (String) getSubject.invoke(message);
+            content.setSubject(subject != null ? safeMimeDecode(subject) : "No Subject");
+
+            Method getFrom = messageClass.getMethod("getFrom");
+            Object[] fromAddresses = (Object[]) getFrom.invoke(message);
+            content.setFrom(buildAddressString(fromAddresses));
+
+            extractRecipients(message, messageClass, content);
+
+            Method getSentDate = messageClass.getMethod("getSentDate");
+            content.setDate((Date) getSentDate.invoke(message));
+
+            Method getContent = messageClass.getMethod("getContent");
+            Object messageContent = getContent.invoke(message);
+
+            processMessageContent(message, messageContent, content, request, customHtmlSanitizer);
+
+        } catch (ReflectiveOperationException | RuntimeException e) {
+            content.setSubject("Email Conversion");
+            content.setFrom("Unknown");
+            content.setTo("Unknown");
+            content.setCc("");
+            content.setBcc("");
+            content.setTextBody("Email content could not be parsed with advanced processing");
+        }
+
+        return content;
+    }
+
+    private static void extractRecipients(
+            Object message, Class<?> messageClass, EmailContent content) {
+        try {
+            Method getRecipients =
+                    messageClass.getMethod(
+                            "getRecipients", Class.forName("jakarta.mail.Message$RecipientType"));
+            Class<?> recipientTypeClass = Class.forName("jakarta.mail.Message$RecipientType");
+
+            Object toType = recipientTypeClass.getField("TO").get(null);
+            Object[] toRecipients = (Object[]) getRecipients.invoke(message, toType);
+            content.setTo(buildAddressString(toRecipients));
+
+            Object ccType = recipientTypeClass.getField("CC").get(null);
+            Object[] ccRecipients = (Object[]) getRecipients.invoke(message, ccType);
+            content.setCc(buildAddressString(ccRecipients));
+
+            Object bccType = recipientTypeClass.getField("BCC").get(null);
+            Object[] bccRecipients = (Object[]) getRecipients.invoke(message, bccType);
+            content.setBcc(buildAddressString(bccRecipients));
+
+        } catch (ReflectiveOperationException e) {
+            try {
+                Method getAllRecipients = messageClass.getMethod("getAllRecipients");
+                Object[] recipients = (Object[]) getAllRecipients.invoke(message);
+                content.setTo(buildAddressString(recipients));
+                content.setCc("");
+                content.setBcc("");
+            } catch (ReflectiveOperationException ex) {
+                content.setTo("");
+                content.setCc("");
+                content.setBcc("");
+            }
+        }
+    }
+
+    private static String buildAddressString(Object[] addresses) {
+        if (addresses == null || addresses.length == 0) {
+            return "";
+        }
+
+        StringBuilder builder = new StringBuilder();
+        for (int i = 0; i < addresses.length; i++) {
+            if (i > 0) builder.append(", ");
+            builder.append(safeMimeDecode(addresses[i].toString()));
+        }
+        return builder.toString();
+    }
+
+    private static void processMessageContent(
+            Object message,
+            Object messageContent,
+            EmailContent content,
+            EmlToPdfRequest request,
+            CustomHtmlSanitizer customHtmlSanitizer) {
+        try {
+            if (messageContent instanceof String stringContent) {
+                Method getContentType = message.getClass().getMethod("getContentType");
+                String contentType = (String) getContentType.invoke(message);
+
+                if (contentType != null && contentType.toLowerCase().contains(TEXT_HTML)) {
+                    content.setHtmlBody(stringContent);
+                } else {
+                    content.setTextBody(stringContent);
+                }
+            } else {
+                Class<?> multipartClass = Class.forName("jakarta.mail.Multipart");
+                if (multipartClass.isInstance(messageContent)) {
+                    processMultipart(messageContent, content, request, customHtmlSanitizer, 0);
+                }
+            }
+        } catch (ReflectiveOperationException | ClassCastException e) {
+            content.setTextBody("Email content could not be parsed with advanced processing");
+        }
+    }
+
+    private static void processMultipart(
+            Object multipart,
+            EmailContent content,
+            EmlToPdfRequest request,
+            CustomHtmlSanitizer customHtmlSanitizer,
+            int depth) {
+
+        final int MAX_MULTIPART_DEPTH = 10;
+        if (depth > MAX_MULTIPART_DEPTH) {
+            content.setHtmlBody("<div class=\"error\">Maximum multipart depth exceeded</div>");
+            return;
+        }
+
+        try {
+            Class<?> multipartClass = multipart.getClass();
+            Method getCount = multipartClass.getMethod("getCount");
+            int count = (Integer) getCount.invoke(multipart);
+
+            Method getBodyPart = multipartClass.getMethod("getBodyPart", int.class);
+
+            for (int i = 0; i < count; i++) {
+                Object part = getBodyPart.invoke(multipart, i);
+                processPart(part, content, request, customHtmlSanitizer, depth + 1);
+            }
+
+        } catch (ReflectiveOperationException | ClassCastException e) {
+            content.setHtmlBody("<div class=\"error\">Error processing multipart content</div>");
+        }
+    }
+
+    private static void processPart(
+            Object part,
+            EmailContent content,
+            EmlToPdfRequest request,
+            CustomHtmlSanitizer customHtmlSanitizer,
+            int depth) {
+        try {
+            Class<?> partClass = part.getClass();
+
+            Method isMimeType = partClass.getMethod("isMimeType", String.class);
+            Method getContent = partClass.getMethod("getContent");
+            Method getDisposition = partClass.getMethod("getDisposition");
+            Method getFileName = partClass.getMethod("getFileName");
+            Method getContentType = partClass.getMethod("getContentType");
+            Method getHeader = partClass.getMethod("getHeader", String.class);
+
+            Object disposition = getDisposition.invoke(part);
+            String filename = (String) getFileName.invoke(part);
+            String contentType = (String) getContentType.invoke(part);
+
+            String normalizedDisposition =
+                    disposition != null ? ((String) disposition).toLowerCase() : null;
+
+            if ((Boolean) isMimeType.invoke(part, TEXT_PLAIN) && normalizedDisposition == null) {
+                Object partContent = getContent.invoke(part);
+                if (partContent instanceof String stringContent) {
+                    content.setTextBody(stringContent);
+                }
+            } else if ((Boolean) isMimeType.invoke(part, TEXT_HTML)
+                    && normalizedDisposition == null) {
+                Object partContent = getContent.invoke(part);
+                if (partContent instanceof String stringContent) {
+                    String htmlBody =
+                            customHtmlSanitizer != null
+                                    ? customHtmlSanitizer.sanitize(stringContent)
+                                    : stringContent;
+                    content.setHtmlBody(htmlBody);
+                }
+            } else if ((normalizedDisposition != null
+                            && normalizedDisposition.contains(DISPOSITION_ATTACHMENT))
+                    || (filename != null && !filename.trim().isEmpty())) {
+
+                processAttachment(
+                        part, content, request, getHeader, getContent, filename, contentType);
+            } else if ((Boolean) isMimeType.invoke(part, "multipart/*")) {
+                Object multipartContent = getContent.invoke(part);
+                if (multipartContent != null) {
+                    Class<?> multipartClass = Class.forName("jakarta.mail.Multipart");
+                    if (multipartClass.isInstance(multipartContent)) {
+                        processMultipart(
+                                multipartContent, content, request, customHtmlSanitizer, depth + 1);
+                    }
+                }
+            }
+
+        } catch (ReflectiveOperationException | RuntimeException e) {
+            // Continue processing other parts if one fails
+        }
+    }
+
+    private static void processAttachment(
+            Object part,
+            EmailContent content,
+            EmlToPdfRequest request,
+            Method getHeader,
+            Method getContent,
+            String filename,
+            String contentType) {
+
+        content.setAttachmentCount(content.getAttachmentCount() + 1);
+
+        if (filename != null && !filename.trim().isEmpty()) {
+            EmailAttachment attachment = new EmailAttachment();
+            attachment.setFilename(safeMimeDecode(filename));
+            attachment.setContentType(contentType);
+
+            try {
+                String[] contentIdHeaders = (String[]) getHeader.invoke(part, HEADER_CONTENT_ID);
+                if (contentIdHeaders != null) {
+                    for (String contentIdHeader : contentIdHeaders) {
+                        if (contentIdHeader != null && !contentIdHeader.trim().isEmpty()) {
+                            attachment.setEmbedded(true);
+                            String contentId = contentIdHeader.trim().replaceAll("[<>]", "");
+                            attachment.setContentId(contentId);
+                            break;
+                        }
+                    }
+                }
+            } catch (ReflectiveOperationException e) {
+            }
+
+            if ((request != null && request.isIncludeAttachments()) || attachment.isEmbedded()) {
+                extractAttachmentData(part, attachment, getContent, request);
+            }
+
+            content.getAttachments().add(attachment);
+        }
+    }
+
+    private static void extractAttachmentData(
+            Object part, EmailAttachment attachment, Method getContent, EmlToPdfRequest request) {
+        try {
+            Object attachmentContent = getContent.invoke(part);
+            byte[] attachmentData = null;
+
+            if (attachmentContent instanceof InputStream inputStream) {
+                try (InputStream stream = inputStream) {
+                    attachmentData = stream.readAllBytes();
+                } catch (IOException e) {
+                    if (attachment.isEmbedded()) {
+                        attachmentData = new byte[0];
+                    } else {
+                        throw new RuntimeException(e);
+                    }
+                }
+            } else if (attachmentContent instanceof byte[] byteArray) {
+                attachmentData = byteArray;
+            } else if (attachmentContent instanceof String stringContent) {
+                attachmentData = stringContent.getBytes(StandardCharsets.UTF_8);
+            }
+
+            if (attachmentData != null) {
+                long maxSizeMB = request != null ? request.getMaxAttachmentSizeMB() : 10L;
+                long maxSizeBytes = maxSizeMB * 1024 * 1024;
+
+                if (attachmentData.length <= maxSizeBytes || attachment.isEmbedded()) {
+                    attachment.setData(attachmentData);
+                    attachment.setSizeBytes(attachmentData.length);
+                } else {
+                    attachment.setSizeBytes(attachmentData.length);
+                }
+            }
+        } catch (ReflectiveOperationException | RuntimeException e) {
+            // Continue without attachment data
+        }
+    }
+
+    private static String extractBasicHeader(String emlContent, String headerName) {
+        try {
+            String[] lines = emlContent.split("\r?\n");
+            for (int i = 0; i < lines.length; i++) {
+                String line = lines[i];
+                if (line.toLowerCase().startsWith(headerName.toLowerCase())) {
+                    StringBuilder value =
+                            new StringBuilder(line.substring(headerName.length()).trim());
+                    for (int j = i + 1; j < lines.length; j++) {
+                        if (lines[j].startsWith(" ") || lines[j].startsWith("\t")) {
+                            value.append(" ").append(lines[j].trim());
+                        } else {
+                            break;
+                        }
+                    }
+                    return safeMimeDecode(value.toString());
+                }
+                if (line.trim().isEmpty()) break;
+            }
+        } catch (RuntimeException e) {
+            // Ignore errors in header extraction
+        }
+        return "";
+    }
+
+    private static String extractHtmlBody(String emlContent) {
+        try {
+            String lowerContent = emlContent.toLowerCase();
+            int htmlStart = lowerContent.indexOf(HEADER_CONTENT_TYPE + " " + TEXT_HTML);
+            if (htmlStart == -1) return null;
+
+            int bodyStart = emlContent.indexOf("\r\n\r\n", htmlStart);
+            if (bodyStart == -1) bodyStart = emlContent.indexOf("\n\n", htmlStart);
+            if (bodyStart == -1) return null;
+
+            bodyStart += (emlContent.charAt(bodyStart + 1) == '\r') ? 4 : 2;
+            int bodyEnd = findPartEnd(emlContent, bodyStart);
+
+            return emlContent.substring(bodyStart, bodyEnd).trim();
+        } catch (Exception e) {
+            return null;
+        }
+    }
+
+    private static String extractTextBody(String emlContent) {
+        try {
+            String lowerContent = emlContent.toLowerCase();
+            int textStart = lowerContent.indexOf(HEADER_CONTENT_TYPE + " " + TEXT_PLAIN);
+            if (textStart == -1) {
+                int bodyStart = emlContent.indexOf("\r\n\r\n");
+                if (bodyStart == -1) bodyStart = emlContent.indexOf("\n\n");
+                if (bodyStart != -1) {
+                    bodyStart += (emlContent.charAt(bodyStart + 1) == '\r') ? 4 : 2;
+                    int bodyEnd = findPartEnd(emlContent, bodyStart);
+                    return emlContent.substring(bodyStart, bodyEnd).trim();
+                }
+                return null;
+            }
+
+            int bodyStart = emlContent.indexOf("\r\n\r\n", textStart);
+            if (bodyStart == -1) bodyStart = emlContent.indexOf("\n\n", textStart);
+            if (bodyStart == -1) return null;
+
+            bodyStart += (emlContent.charAt(bodyStart + 1) == '\r') ? 4 : 2;
+            int bodyEnd = findPartEnd(emlContent, bodyStart);
+
+            return emlContent.substring(bodyStart, bodyEnd).trim();
+        } catch (RuntimeException e) {
+            return null;
+        }
+    }
+
+    private static int findPartEnd(String content, int start) {
+        String[] lines = content.substring(start).split("\r?\n");
+        StringBuilder result = new StringBuilder();
+
+        for (String line : lines) {
+            if (line.startsWith("--") && line.length() > 10) break;
+            result.append(line).append("\n");
+        }
+
+        return start + result.length();
+    }
+
+    private static List<EmailAttachment> extractAttachmentsBasic(String emlContent) {
+        List<EmailAttachment> attachments = new ArrayList<>();
+        try {
+            String[] lines = emlContent.split("\r?\n");
+            boolean inHeaders = true;
+            String currentContentType = "";
+            String currentDisposition = "";
+            String currentFilename = "";
+            String currentEncoding = "";
+
+            for (String line : lines) {
+                String lowerLine = line.toLowerCase().trim();
+
+                if (line.trim().isEmpty()) {
+                    inHeaders = false;
+                    if (isAttachment(currentDisposition, currentFilename, currentContentType)) {
+                        EmailAttachment attachment = new EmailAttachment();
+                        attachment.setFilename(currentFilename);
+                        attachment.setContentType(currentContentType);
+                        attachment.setTransferEncoding(currentEncoding);
+                        attachments.add(attachment);
+                    }
+                    currentContentType = "";
+                    currentDisposition = "";
+                    currentFilename = "";
+                    currentEncoding = "";
+                    inHeaders = true;
+                    continue;
+                }
+
+                if (!inHeaders) continue;
+
+                if (lowerLine.startsWith(HEADER_CONTENT_TYPE)) {
+                    currentContentType = line.substring(HEADER_CONTENT_TYPE.length()).trim();
+                } else if (lowerLine.startsWith(HEADER_CONTENT_DISPOSITION)) {
+                    currentDisposition = line.substring(HEADER_CONTENT_DISPOSITION.length()).trim();
+                    currentFilename = extractFilenameFromDisposition(currentDisposition);
+                } else if (lowerLine.startsWith(HEADER_CONTENT_TRANSFER_ENCODING)) {
+                    currentEncoding =
+                            line.substring(HEADER_CONTENT_TRANSFER_ENCODING.length()).trim();
+                }
+            }
+        } catch (RuntimeException e) {
+            // Continue with empty list
+        }
+        return attachments;
+    }
+
+    private static boolean isAttachment(String disposition, String filename, String contentType) {
+        return (disposition.toLowerCase().contains(DISPOSITION_ATTACHMENT) && !filename.isEmpty())
+                || (!filename.isEmpty() && !contentType.toLowerCase().startsWith("text/"))
+                || (contentType.toLowerCase().contains("application/") && !filename.isEmpty());
+    }
+
+    private static String extractFilenameFromDisposition(String disposition) {
+        if (disposition == null || !disposition.contains("filename=")) {
+            return "";
+        }
+
+        // Handle filename*= (RFC 2231 encoded filename)
+        if (disposition.toLowerCase().contains("filename*=")) {
+            int filenameStarStart = disposition.toLowerCase().indexOf("filename*=") + 10;
+            int filenameStarEnd = disposition.indexOf(";", filenameStarStart);
+            if (filenameStarEnd == -1) filenameStarEnd = disposition.length();
+            String extendedFilename =
+                    disposition.substring(filenameStarStart, filenameStarEnd).trim();
+            extendedFilename = extendedFilename.replaceAll("^\"|\"$", "");
+
+            if (extendedFilename.contains("'")) {
+                String[] parts = extendedFilename.split("'", 3);
+                if (parts.length == 3) {
+                    return EmlProcessingUtils.decodeUrlEncoded(parts[2]);
+                }
+            }
+        }
+
+        // Handle regular filename=
+        int filenameStart = disposition.toLowerCase().indexOf("filename=") + 9;
+        int filenameEnd = disposition.indexOf(";", filenameStart);
+        if (filenameEnd == -1) filenameEnd = disposition.length();
+        String filename = disposition.substring(filenameStart, filenameEnd).trim();
+        filename = filename.replaceAll("^\"|\"$", "");
+        return safeMimeDecode(filename);
+    }
+
+    public static String safeMimeDecode(String headerValue) {
+        if (headerValue == null || headerValue.trim().isEmpty()) {
+            return "";
+        }
+
+        if (!mimeUtilityChecked) {
+            synchronized (EmlParser.class) {
+                if (!mimeUtilityChecked) {
+                    initializeMimeUtilityDecoding();
+                }
+            }
+        }
+
+        if (mimeUtilityDecodeTextMethod != null) {
+            try {
+                return (String) mimeUtilityDecodeTextMethod.invoke(null, headerValue.trim());
+            } catch (ReflectiveOperationException | RuntimeException e) {
+                // Fall through to custom implementation
+            }
+        }
+
+        return EmlProcessingUtils.decodeMimeHeader(headerValue.trim());
+    }
+
+    private static void initializeMimeUtilityDecoding() {
+        try {
+            Class<?> mimeUtilityClass = Class.forName("jakarta.mail.internet.MimeUtility");
+            mimeUtilityDecodeTextMethod = mimeUtilityClass.getMethod("decodeText", String.class);
+        } catch (ClassNotFoundException | NoSuchMethodException e) {
+            mimeUtilityDecodeTextMethod = null;
+        }
+        mimeUtilityChecked = true;
+    }
+
+    @Data
+    public static class EmailContent {
+        private String subject;
+        private String from;
+        private String to;
+        private String cc;
+        private String bcc;
+        private Date date;
+        private String dateString; // For basic parsing fallback
+        private String htmlBody;
+        private String textBody;
+        private int attachmentCount;
+        private List<EmailAttachment> attachments = new ArrayList<>();
+
+        public void setHtmlBody(String htmlBody) {
+            this.htmlBody = htmlBody != null ? htmlBody.replaceAll("\r", "") : null;
+        }
+
+        public void setTextBody(String textBody) {
+            this.textBody = textBody != null ? textBody.replaceAll("\r", "") : null;
+        }
+    }
+
+    @Data
+    public static class EmailAttachment {
+        private String filename;
+        private String contentType;
+        private byte[] data;
+        private boolean embedded;
+        private String embeddedFilename;
+        private long sizeBytes;
+        private String contentId;
+        private String disposition;
+        private String transferEncoding;
+
+        public void setData(byte[] data) {
+            this.data = data;
+            if (data != null) {
+                this.sizeBytes = data.length;
+            }
+        }
+    }
+}

app/common/src/main/java/stirling/software/common/util/EmlProcessingUtils.java

@@ -0,0 +1,601 @@
+package stirling.software.common.util;
+
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.Locale;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import lombok.experimental.UtilityClass;
+
+import stirling.software.common.model.api.converters.EmlToPdfRequest;
+import stirling.software.common.model.api.converters.HTMLToPdfRequest;
+
+@UtilityClass
+public class EmlProcessingUtils {
+
+    // Style constants
+    private static final int DEFAULT_FONT_SIZE = 12;
+    private static final String DEFAULT_FONT_FAMILY = "Helvetica, sans-serif";
+    private static final float DEFAULT_LINE_HEIGHT = 1.4f;
+    private static final String DEFAULT_ZOOM = "1.0";
+    private static final String DEFAULT_TEXT_COLOR = "#202124";
+    private static final String DEFAULT_BACKGROUND_COLOR = "#ffffff";
+    private static final String DEFAULT_BORDER_COLOR = "#e8eaed";
+    private static final String ATTACHMENT_BACKGROUND_COLOR = "#f9f9f9";
+    private static final String ATTACHMENT_BORDER_COLOR = "#eeeeee";
+
+    private static final int EML_CHECK_LENGTH = 8192;
+    private static final int MIN_HEADER_COUNT_FOR_VALID_EML = 2;
+
+    // MIME type detection
+    private static final Map<String, String> EXTENSION_TO_MIME_TYPE =
+            Map.of(
+                    ".png", "image/png",
+                    ".jpg", "image/jpeg",
+                    ".jpeg", "image/jpeg",
+                    ".gif", "image/gif",
+                    ".bmp", "image/bmp",
+                    ".webp", "image/webp",
+                    ".svg", "image/svg+xml",
+                    ".ico", "image/x-icon",
+                    ".tiff", "image/tiff",
+                    ".tif", "image/tiff");
+
+    public static void validateEmlInput(byte[] emlBytes) {
+        if (emlBytes == null || emlBytes.length == 0) {
+            throw new IllegalArgumentException("EML file is empty or null");
+        }
+
+        if (isInvalidEmlFormat(emlBytes)) {
+            throw new IllegalArgumentException("Invalid EML file format");
+        }
+    }
+
+    private static boolean isInvalidEmlFormat(byte[] emlBytes) {
+        try {
+            int checkLength = Math.min(emlBytes.length, EML_CHECK_LENGTH);
+            String content;
+
+            try {
+                content = new String(emlBytes, 0, checkLength, StandardCharsets.UTF_8);
+                if (content.contains("\uFFFD")) {
+                    content = new String(emlBytes, 0, checkLength, StandardCharsets.ISO_8859_1);
+                }
+            } catch (Exception e) {
+                content = new String(emlBytes, 0, checkLength, StandardCharsets.ISO_8859_1);
+            }
+
+            String lowerContent = content.toLowerCase(Locale.ROOT);
+
+            boolean hasFrom =
+                    lowerContent.contains("from:") || lowerContent.contains("return-path:");
+            boolean hasSubject = lowerContent.contains("subject:");
+            boolean hasMessageId = lowerContent.contains("message-id:");
+            boolean hasDate = lowerContent.contains("date:");
+            boolean hasTo =
+                    lowerContent.contains("to:")
+                            || lowerContent.contains("cc:")
+                            || lowerContent.contains("bcc:");
+            boolean hasMimeStructure =
+                    lowerContent.contains("multipart/")
+                            || lowerContent.contains("text/plain")
+                            || lowerContent.contains("text/html")
+                            || lowerContent.contains("boundary=");
+
+            int headerCount = 0;
+            if (hasFrom) headerCount++;
+            if (hasSubject) headerCount++;
+            if (hasMessageId) headerCount++;
+            if (hasDate) headerCount++;
+            if (hasTo) headerCount++;
+
+            return headerCount < MIN_HEADER_COUNT_FOR_VALID_EML && !hasMimeStructure;
+
+        } catch (RuntimeException e) {
+            return false;
+        }
+    }
+
+    public static String generateEnhancedEmailHtml(
+            EmlParser.EmailContent content,
+            EmlToPdfRequest request,
+            CustomHtmlSanitizer customHtmlSanitizer) {
+        StringBuilder html = new StringBuilder();
+
+        html.append(
+                String.format(
+                        """
+                <!DOCTYPE html>
+                <html lang="en"><head><meta charset="UTF-8">
+                <title>%s</title>
+                <style>
+                """,
+                        sanitizeText(content.getSubject(), customHtmlSanitizer)));
+
+        appendEnhancedStyles(html);
+
+        html.append(
+                """
+                </style>
+                </head><body>
+                """);
+
+        html.append(
+                String.format(
+                        """
+                <div class="email-container">
+                <div class="email-header">
+                <h1>%s</h1>
+                <div class="email-meta">
+                <div><strong>From:</strong> %s</div>
+                <div><strong>To:</strong> %s</div>
+                """,
+                        sanitizeText(content.getSubject(), customHtmlSanitizer),
+                        sanitizeText(content.getFrom(), customHtmlSanitizer),
+                        sanitizeText(content.getTo(), customHtmlSanitizer)));
+
+        if (content.getCc() != null && !content.getCc().trim().isEmpty()) {
+            html.append(
+                    String.format(
+                            "<div><strong>CC:</strong> %s</div>\n",
+                            sanitizeText(content.getCc(), customHtmlSanitizer)));
+        }
+
+        if (content.getBcc() != null && !content.getBcc().trim().isEmpty()) {
+            html.append(
+                    String.format(
+                            "<div><strong>BCC:</strong> %s</div>\n",
+                            sanitizeText(content.getBcc(), customHtmlSanitizer)));
+        }
+
+        if (content.getDate() != null) {
+            html.append(
+                    String.format(
+                            "<div><strong>Date:</strong> %s</div>\n",
+                            PdfAttachmentHandler.formatEmailDate(content.getDate())));
+        } else if (content.getDateString() != null && !content.getDateString().trim().isEmpty()) {
+            html.append(
+                    String.format(
+                            "<div><strong>Date:</strong> %s</div>\n",
+                            sanitizeText(content.getDateString(), customHtmlSanitizer)));
+        }
+
+        html.append("</div></div>\n");
+
+        html.append("<div class=\"email-body\">\n");
+        if (content.getHtmlBody() != null && !content.getHtmlBody().trim().isEmpty()) {
+            String processedHtml =
+                    processEmailHtmlBody(content.getHtmlBody(), content, customHtmlSanitizer);
+            html.append(processedHtml);
+        } else if (content.getTextBody() != null && !content.getTextBody().trim().isEmpty()) {
+            html.append(
+                    String.format(
+                            "<div class=\"text-body\">%s</div>",
+                            convertTextToHtml(content.getTextBody(), customHtmlSanitizer)));
+        } else {
+            html.append("<div class=\"no-content\"><p><em>No content available</em></p></div>");
+        }
+        html.append("</div>\n");
+
+        if (content.getAttachmentCount() > 0 || !content.getAttachments().isEmpty()) {
+            appendAttachmentsSection(html, content, request, customHtmlSanitizer);
+        }
+
+        html.append("</div>\n</body></html>");
+        return html.toString();
+    }
+
+    public static String processEmailHtmlBody(
+            String htmlBody,
+            EmlParser.EmailContent emailContent,
+            CustomHtmlSanitizer customHtmlSanitizer) {
+        if (htmlBody == null) return "";
+
+        String processed =
+                customHtmlSanitizer != null ? customHtmlSanitizer.sanitize(htmlBody) : htmlBody;
+
+        processed = processed.replaceAll("(?i)\\s*position\\s*:\\s*fixed[^;]*;?", "");
+        processed = processed.replaceAll("(?i)\\s*position\\s*:\\s*absolute[^;]*;?", "");
+
+        if (emailContent != null && !emailContent.getAttachments().isEmpty()) {
+            processed = PdfAttachmentHandler.processInlineImages(processed, emailContent);
+        }
+
+        return processed;
+    }
+
+    public static String convertTextToHtml(
+            String textBody, CustomHtmlSanitizer customHtmlSanitizer) {
+        if (textBody == null) return "";
+
+        String html =
+                customHtmlSanitizer != null
+                        ? customHtmlSanitizer.sanitize(textBody)
+                        : escapeHtml(textBody);
+
+        html = html.replace("\r\n", "\n").replace("\r", "\n");
+        html = html.replace("\n", "<br>\n");
+
+        html =
+                html.replaceAll(
+                        "(https?://[\\w\\-._~:/?#\\[\\]@!$&'()*+,;=%]+)",
+                        "<a href=\"$1\" style=\"color: #1a73e8; text-decoration: underline;\">$1</a>");
+
+        html =
+                html.replaceAll(
+                        "([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,63})",
+                        "<a href=\"mailto:$1\" style=\"color: #1a73e8; text-decoration: underline;\">$1</a>");
+
+        return html;
+    }
+
+    private static void appendEnhancedStyles(StringBuilder html) {
+        String css =
+                String.format(
+                        """
+                body {
+                  font-family: %s;
+                  font-size: %dpx;
+                  line-height: %s;
+                  color: %s;
+                  margin: 0;
+                  padding: 16px;
+                  background-color: %s;
+                }
+
+                .email-container {
+                  width: 100%%;
+                  max-width: 100%%;
+                  margin: 0 auto;
+                }
+
+                .email-header {
+                  padding-bottom: 10px;
+                  border-bottom: 1px solid %s;
+                  margin-bottom: 10px;
+                }
+
+                .email-header h1 {
+                  margin: 0 0 10px 0;
+                  font-size: %dpx;
+                  font-weight: bold;
+                }
+
+                .email-meta div {
+                  margin-bottom: 2px;
+                  font-size: %dpx;
+                }
+
+                .email-body {
+                  word-wrap: break-word;
+                }
+
+                .attachment-section {
+                  margin-top: 15px;
+                  padding: 10px;
+                  background-color: %s;
+                  border: 1px solid %s;
+                  border-radius: 3px;
+                }
+
+                .attachment-section h3 {
+                  margin: 0 0 8px 0;
+                  font-size: %dpx;
+                }
+
+                .attachment-item {
+                  padding: 5px 0;
+                }
+
+                .attachment-icon {
+                  margin-right: 5px;
+                }
+
+                .attachment-details, .attachment-type {
+                  font-size: %dpx;
+                  color: #555555;
+                }
+
+                .attachment-inclusion-note, .attachment-info-note {
+                  margin-top: 8px;
+                  padding: 6px;
+                  font-size: %dpx;
+                  border-radius: 3px;
+                }
+
+                .attachment-inclusion-note {
+                  background-color: #e6ffed;
+                  border: 1px solid #d4f7dc;
+                  color: #006420;
+                }
+
+                .attachment-info-note {
+                  background-color: #fff9e6;
+                  border: 1px solid #fff0c2;
+                  color: #664d00;
+                }
+
+                .attachment-link-container {
+                  display: flex;
+                  align-items: center;
+                  padding: 8px;
+                  background-color: #f8f9fa;
+                  border: 1px solid #dee2e6;
+                  border-radius: 4px;
+                  margin: 4px 0;
+                }
+
+                .attachment-link-container:hover {
+                  background-color: #e9ecef;
+                }
+
+                .attachment-note {
+                  font-size: %dpx;
+                  color: #6c757d;
+                  font-style: italic;
+                  margin-left: 8px;
+                }
+
+                .no-content {
+                  padding: 20px;
+                  text-align: center;
+                  color: #666;
+                  font-style: italic;
+                }
+
+                .text-body {
+                  white-space: pre-wrap;
+                }
+
+                img {
+                  max-width: 100%%;
+                  height: auto;
+                  display: block;
+                }
+                """,
+                        DEFAULT_FONT_FAMILY,
+                        DEFAULT_FONT_SIZE,
+                        DEFAULT_LINE_HEIGHT,
+                        DEFAULT_TEXT_COLOR,
+                        DEFAULT_BACKGROUND_COLOR,
+                        DEFAULT_BORDER_COLOR,
+                        DEFAULT_FONT_SIZE + 4,
+                        DEFAULT_FONT_SIZE - 1,
+                        ATTACHMENT_BACKGROUND_COLOR,
+                        ATTACHMENT_BORDER_COLOR,
+                        DEFAULT_FONT_SIZE + 1,
+                        DEFAULT_FONT_SIZE - 2,
+                        DEFAULT_FONT_SIZE - 2,
+                        DEFAULT_FONT_SIZE - 3);
+
+        html.append(css);
+    }
+
+    private static void appendAttachmentsSection(
+            StringBuilder html,
+            EmlParser.EmailContent content,
+            EmlToPdfRequest request,
+            CustomHtmlSanitizer customHtmlSanitizer) {
+        html.append("<div class=\"attachment-section\">\n");
+        int displayedAttachmentCount =
+                content.getAttachmentCount() > 0
+                        ? content.getAttachmentCount()
+                        : content.getAttachments().size();
+        html.append("<h3>Attachments (").append(displayedAttachmentCount).append(")</h3>\n");
+
+        if (!content.getAttachments().isEmpty()) {
+            for (int i = 0; i < content.getAttachments().size(); i++) {
+                EmlParser.EmailAttachment attachment = content.getAttachments().get(i);
+
+                String embeddedFilename =
+                        attachment.getFilename() != null
+                                ? attachment.getFilename()
+                                : ("attachment_" + i);
+                attachment.setEmbeddedFilename(embeddedFilename);
+
+                String sizeStr = GeneralUtils.formatBytes(attachment.getSizeBytes());
+                String contentType =
+                        attachment.getContentType() != null
+                                        && !attachment.getContentType().isEmpty()
+                                ? ", " + escapeHtml(attachment.getContentType())
+                                : "";
+
+                String attachmentId = "attachment_" + i;
+                html.append(
+                        String.format(
+                                """
+                        <div class="attachment-item" id="%s">
+                        <span class="attachment-icon" data-filename="%s">@</span>
+                        <span class="attachment-name">%s</span>
+                        <span class="attachment-details">(%s%s)</span>
+                        </div>
+                        """,
+                                attachmentId,
+                                escapeHtml(embeddedFilename),
+                                escapeHtml(EmlParser.safeMimeDecode(attachment.getFilename())),
+                                sizeStr,
+                                contentType));
+            }
+        }
+
+        if (request != null && request.isIncludeAttachments()) {
+            html.append(
+                    """
+                    <div class="attachment-info-note">
+                    <p><em>Attachments are embedded in the file.</em></p>
+                    </div>
+                    """);
+        } else {
+            html.append(
+                    """
+                    <div class="attachment-info-note">
+                    <p><em>Attachment information displayed - files not included in PDF.</em></p>
+                    </div>
+                    """);
+        }
+        html.append("</div>\n");
+    }
+
+    public static HTMLToPdfRequest createHtmlRequest(EmlToPdfRequest request) {
+        HTMLToPdfRequest htmlRequest = new HTMLToPdfRequest();
+
+        if (request != null) {
+            htmlRequest.setFileInput(request.getFileInput());
+        }
+
+        htmlRequest.setZoom(Float.parseFloat(DEFAULT_ZOOM));
+        return htmlRequest;
+    }
+
+    public static String detectMimeType(String filename, String existingMimeType) {
+        if (existingMimeType != null && !existingMimeType.isEmpty()) {
+            return existingMimeType;
+        }
+
+        if (filename != null) {
+            String lowerFilename = filename.toLowerCase();
+            for (Map.Entry<String, String> entry : EXTENSION_TO_MIME_TYPE.entrySet()) {
+                if (lowerFilename.endsWith(entry.getKey())) {
+                    return entry.getValue();
+                }
+            }
+        }
+
+        return "image/png";
+    }
+
+    public static String decodeUrlEncoded(String encoded) {
+        try {
+            return java.net.URLDecoder.decode(encoded, StandardCharsets.UTF_8);
+        } catch (Exception e) {
+            return encoded; // Return original if decoding fails
+        }
+    }
+
+    public static String decodeMimeHeader(String encodedText) {
+        if (encodedText == null || encodedText.trim().isEmpty()) {
+            return encodedText;
+        }
+
+        try {
+            StringBuilder result = new StringBuilder();
+            Pattern concatenatedPattern =
+                    Pattern.compile(
+                            "(=\\?[^?]+\\?[BbQq]\\?[^?]*\\?=)(\\s*=\\?[^?]+\\?[BbQq]\\?[^?]*\\?=)+");
+            Matcher concatenatedMatcher = concatenatedPattern.matcher(encodedText);
+            String processedText =
+                    concatenatedMatcher.replaceAll(
+                            match -> match.group().replaceAll("\\s+(?==\\?)", ""));
+
+            Pattern mimePattern = Pattern.compile("=\\?([^?]+)\\?([BbQq])\\?([^?]*)\\?=");
+            Matcher matcher = mimePattern.matcher(processedText);
+            int lastEnd = 0;
+
+            while (matcher.find()) {
+                result.append(processedText, lastEnd, matcher.start());
+
+                String charset = matcher.group(1);
+                String encoding = matcher.group(2).toUpperCase();
+                String encodedValue = matcher.group(3);
+
+                try {
+                    String decodedValue =
+                            switch (encoding) {
+                                case "B" -> {
+                                    String cleanBase64 = encodedValue.replaceAll("\\s", "");
+                                    byte[] decodedBytes = Base64.getDecoder().decode(cleanBase64);
+                                    Charset targetCharset;
+                                    try {
+                                        targetCharset = Charset.forName(charset);
+                                    } catch (Exception e) {
+                                        targetCharset = StandardCharsets.UTF_8;
+                                    }
+                                    yield new String(decodedBytes, targetCharset);
+                                }
+                                case "Q" -> decodeQuotedPrintable(encodedValue, charset);
+                                default -> matcher.group(0); // Return original if unknown encoding
+                            };
+                    result.append(decodedValue);
+                } catch (RuntimeException e) {
+                    result.append(matcher.group(0)); // Keep original on decode error
+                }
+
+                lastEnd = matcher.end();
+            }
+
+            result.append(processedText.substring(lastEnd));
+            return result.toString();
+        } catch (Exception e) {
+            return encodedText; // Return original on any parsing error
+        }
+    }
+
+    private static String decodeQuotedPrintable(String encodedText, String charset) {
+        StringBuilder result = new StringBuilder();
+        for (int i = 0; i < encodedText.length(); i++) {
+            char c = encodedText.charAt(i);
+            switch (c) {
+                case '=' -> {
+                    if (i + 2 < encodedText.length()) {
+                        String hex = encodedText.substring(i + 1, i + 3);
+                        try {
+                            int value = Integer.parseInt(hex, 16);
+                            result.append((char) value);
+                            i += 2;
+                        } catch (NumberFormatException e) {
+                            result.append(c);
+                        }
+                    } else if (i + 1 == encodedText.length()
+                            || (i + 2 == encodedText.length()
+                                    && encodedText.charAt(i + 1) == '\n')) {
+                        if (i + 1 < encodedText.length() && encodedText.charAt(i + 1) == '\n') {
+                            i++; // Skip the newline too
+                        }
+                    } else {
+                        result.append(c);
+                    }
+                }
+                case '_' -> result.append(' '); // Space encoding in Q encoding
+                default -> result.append(c);
+            }
+        }
+
+        byte[] bytes = result.toString().getBytes(StandardCharsets.ISO_8859_1);
+        try {
+            Charset targetCharset = Charset.forName(charset);
+            return new String(bytes, targetCharset);
+        } catch (Exception e) {
+            try {
+                return new String(bytes, StandardCharsets.UTF_8);
+            } catch (Exception fallbackException) {
+                return new String(bytes, StandardCharsets.ISO_8859_1);
+            }
+        }
+    }
+
+    public static String escapeHtml(String text) {
+        if (text == null) return "";
+        return text.replace("&", "&amp;")
+                .replace("<", "&lt;")
+                .replace(">", "&gt;")
+                .replace("\"", "&quot;")
+                .replace("'", "&#39;");
+    }
+
+    public static String sanitizeText(String text, CustomHtmlSanitizer customHtmlSanitizer) {
+        if (customHtmlSanitizer != null) {
+            return customHtmlSanitizer.sanitize(text);
+        } else {
+            return escapeHtml(text);
+        }
+    }
+
+    public static String simplifyHtmlContent(String htmlContent) {
+        String simplified = htmlContent.replaceAll("(?i)<script[^>]*>.*?</script>", "");
+        simplified = simplified.replaceAll("(?i)<style[^>]*>.*?</style>", "");
+        return simplified;
+    }
+}

app/common/src/main/java/stirling/software/common/util/ImageProcessingUtils.java

@@ -5,8 +5,11 @@ import java.awt.image.*;
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.ByteBuffer;
+import java.util.Iterator;
 
 import javax.imageio.ImageIO;
+import javax.imageio.ImageReader;
+import javax.imageio.stream.ImageInputStream;
 
 import org.springframework.web.multipart.MultipartFile;
 
@@ -115,7 +118,36 @@ public class ImageProcessingUtils {
 
     public static BufferedImage loadImageWithExifOrientation(MultipartFile file)
             throws IOException {
-        BufferedImage image = ImageIO.read(file.getInputStream());
+        BufferedImage image = null;
+        String filename = file.getOriginalFilename();
+
+        if (filename != null && filename.toLowerCase().endsWith(".psd")) {
+            // For PSD files, try explicit ImageReader
+            Iterator<ImageReader> readers = ImageIO.getImageReadersByFormatName("PSD");
+            if (readers.hasNext()) {
+                ImageReader reader = readers.next();
+                try (ImageInputStream iis = ImageIO.createImageInputStream(file.getInputStream())) {
+                    reader.setInput(iis);
+                    image = reader.read(0);
+                } finally {
+                    reader.dispose();
+                }
+            }
+            if (image == null) {
+                throw new IOException(
+                        "Unable to read image from file: "
+                                + filename
+                                + ". Supported PSD formats: RGB/CMYK/Gray 8-32 bit, RLE/ZIP compression");
+            }
+        } else {
+            // For non-PSD files, use standard ImageIO
+            image = ImageIO.read(file.getInputStream());
+        }
+
+        if (image == null) {
+            throw new IOException("Unable to read image from file: " + filename);
+        }
+
         double orientation = extractImageOrientation(file.getInputStream());
         return applyOrientation(image, orientation);
     }

app/common/src/main/java/stirling/software/common/util/PdfAttachmentHandler.java

@@ -0,0 +1,680 @@
+package stirling.software.common.util;
+
+import static stirling.software.common.util.AttachmentUtils.setCatalogViewerPreferences;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Set;
+import java.util.TimeZone;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.pdmodel.PDDocumentCatalog;
+import org.apache.pdfbox.pdmodel.PDDocumentNameDictionary;
+import org.apache.pdfbox.pdmodel.PDEmbeddedFilesNameTreeNode;
+import org.apache.pdfbox.pdmodel.PDPage;
+import org.apache.pdfbox.pdmodel.PageMode;
+import org.apache.pdfbox.pdmodel.common.PDRectangle;
+import org.apache.pdfbox.pdmodel.common.filespecification.PDComplexFileSpecification;
+import org.apache.pdfbox.pdmodel.common.filespecification.PDEmbeddedFile;
+import org.apache.pdfbox.pdmodel.interactive.annotation.PDAnnotationFileAttachment;
+import org.apache.pdfbox.pdmodel.interactive.annotation.PDAppearanceDictionary;
+import org.apache.pdfbox.pdmodel.interactive.annotation.PDAppearanceStream;
+import org.apache.pdfbox.text.PDFTextStripper;
+import org.apache.pdfbox.text.TextPosition;
+import org.jetbrains.annotations.NotNull;
+import org.springframework.web.multipart.MultipartFile;
+
+import lombok.Data;
+import lombok.Getter;
+import lombok.experimental.UtilityClass;
+
+import stirling.software.common.service.CustomPDFDocumentFactory;
+
+@UtilityClass
+public class PdfAttachmentHandler {
+    // Note: This class is designed for EML attachments, not general PDF attachments.
+
+    private static final String ATTACHMENT_MARKER = "@";
+    private static final float ATTACHMENT_ICON_WIDTH = 12f;
+    private static final float ATTACHMENT_ICON_HEIGHT = 14f;
+    private static final float ANNOTATION_X_OFFSET = 2f;
+    private static final float ANNOTATION_Y_OFFSET = 10f;
+
+    public static byte[] attachFilesToPdf(
+            byte[] pdfBytes,
+            List<EmlParser.EmailAttachment> attachments,
+            CustomPDFDocumentFactory pdfDocumentFactory)
+            throws IOException {
+
+        if (attachments == null || attachments.isEmpty()) {
+            return pdfBytes;
+        }
+
+        try (PDDocument document = pdfDocumentFactory.load(pdfBytes);
+                ByteArrayOutputStream outputStream = new ByteArrayOutputStream()) {
+
+            List<MultipartFile> multipartAttachments = new ArrayList<>(attachments.size());
+            for (int i = 0; i < attachments.size(); i++) {
+                EmlParser.EmailAttachment attachment = attachments.get(i);
+                if (attachment.getData() != null && attachment.getData().length > 0) {
+                    String embeddedFilename =
+                            attachment.getFilename() != null
+                                    ? attachment.getFilename()
+                                    : ("attachment_" + i);
+                    attachment.setEmbeddedFilename(embeddedFilename);
+                    multipartAttachments.add(createMultipartFile(attachment));
+                }
+            }
+
+            if (!multipartAttachments.isEmpty()) {
+                Map<Integer, String> indexToFilenameMap =
+                        addAttachmentsToDocumentWithMapping(
+                                document, multipartAttachments, attachments);
+                setCatalogViewerPreferences(document, PageMode.USE_ATTACHMENTS);
+                addAttachmentAnnotationsToDocumentWithMapping(
+                        document, attachments, indexToFilenameMap);
+            }
+
+            document.save(outputStream);
+            return outputStream.toByteArray();
+        } catch (RuntimeException e) {
+            throw new IOException(
+                    "Invalid PDF structure or processing error: " + e.getMessage(), e);
+        } catch (Exception e) {
+            throw new IOException("Error attaching files to PDF: " + e.getMessage(), e);
+        }
+    }
+
+    private static MultipartFile createMultipartFile(EmlParser.EmailAttachment attachment) {
+        return new MultipartFile() {
+            @Override
+            public @NotNull String getName() {
+                return "attachment";
+            }
+
+            @Override
+            public String getOriginalFilename() {
+                return attachment.getFilename() != null
+                        ? attachment.getFilename()
+                        : "attachment_" + System.currentTimeMillis();
+            }
+
+            @Override
+            public String getContentType() {
+                return attachment.getContentType() != null
+                        ? attachment.getContentType()
+                        : "application/octet-stream";
+            }
+
+            @Override
+            public boolean isEmpty() {
+                return attachment.getData() == null || attachment.getData().length == 0;
+            }
+
+            @Override
+            public long getSize() {
+                return attachment.getData() != null ? attachment.getData().length : 0;
+            }
+
+            @Override
+            public byte @NotNull [] getBytes() {
+                return attachment.getData() != null ? attachment.getData() : new byte[0];
+            }
+
+            @Override
+            public @NotNull InputStream getInputStream() {
+                byte[] data = attachment.getData();
+                return new ByteArrayInputStream(data != null ? data : new byte[0]);
+            }
+
+            @Override
+            public void transferTo(@NotNull File dest) throws IOException, IllegalStateException {
+                try (FileOutputStream fos = new FileOutputStream(dest)) {
+                    byte[] data = attachment.getData();
+                    if (data != null) {
+                        fos.write(data);
+                    }
+                }
+            }
+        };
+    }
+
+    private static String ensureUniqueFilename(String filename, Set<String> existingNames) {
+        if (!existingNames.contains(filename)) {
+            return filename;
+        }
+
+        String baseName;
+        String extension = "";
+        int lastDot = filename.lastIndexOf('.');
+        if (lastDot > 0) {
+            baseName = filename.substring(0, lastDot);
+            extension = filename.substring(lastDot);
+        } else {
+            baseName = filename;
+        }
+
+        int counter = 1;
+        String uniqueName;
+        do {
+            uniqueName = baseName + "_" + counter + extension;
+            counter++;
+        } while (existingNames.contains(uniqueName));
+
+        return uniqueName;
+    }
+
+    private static @NotNull PDRectangle calculateAnnotationRectangle(
+            PDPage page, float x, float y) {
+        PDRectangle cropBox = page.getCropBox();
+
+        // ISO 32000-1:2008 Section 8.3: PDF coordinate system transforms
+        int rotation = page.getRotation();
+        float pdfX = x;
+        float pdfY = cropBox.getHeight() - y;
+
+        switch (rotation) {
+            case 90 -> {
+                float temp = pdfX;
+                pdfX = pdfY;
+                pdfY = cropBox.getWidth() - temp;
+            }
+            case 180 -> {
+                pdfX = cropBox.getWidth() - pdfX;
+                pdfY = y;
+            }
+            case 270 -> {
+                float temp = pdfX;
+                pdfX = cropBox.getHeight() - pdfY;
+                pdfY = temp;
+            }
+            default -> {}
+        }
+
+        float iconHeight = ATTACHMENT_ICON_HEIGHT;
+        float paddingX = 2.0f;
+        float paddingY = 2.0f;
+
+        PDRectangle rect =
+                new PDRectangle(
+                        pdfX + ANNOTATION_X_OFFSET + paddingX,
+                        pdfY - iconHeight + ANNOTATION_Y_OFFSET + paddingY,
+                        ATTACHMENT_ICON_WIDTH,
+                        iconHeight);
+
+        PDRectangle mediaBox = page.getMediaBox();
+        if (rect.getLowerLeftX() < mediaBox.getLowerLeftX()
+                || rect.getLowerLeftY() < mediaBox.getLowerLeftY()
+                || rect.getUpperRightX() > mediaBox.getUpperRightX()
+                || rect.getUpperRightY() > mediaBox.getUpperRightY()) {
+
+            float adjustedX =
+                    Math.max(
+                            mediaBox.getLowerLeftX(),
+                            Math.min(
+                                    rect.getLowerLeftX(),
+                                    mediaBox.getUpperRightX() - rect.getWidth()));
+            float adjustedY =
+                    Math.max(
+                            mediaBox.getLowerLeftY(),
+                            Math.min(
+                                    rect.getLowerLeftY(),
+                                    mediaBox.getUpperRightY() - rect.getHeight()));
+            rect = new PDRectangle(adjustedX, adjustedY, rect.getWidth(), rect.getHeight());
+        }
+
+        return rect;
+    }
+
+    public static String processInlineImages(
+            String htmlContent, EmlParser.EmailContent emailContent) {
+        if (htmlContent == null || emailContent == null) return htmlContent;
+
+        Map<String, EmlParser.EmailAttachment> contentIdMap = new HashMap<>();
+        for (EmlParser.EmailAttachment attachment : emailContent.getAttachments()) {
+            if (attachment.isEmbedded()
+                    && attachment.getContentId() != null
+                    && attachment.getData() != null) {
+                contentIdMap.put(attachment.getContentId(), attachment);
+            }
+        }
+
+        if (contentIdMap.isEmpty()) return htmlContent;
+
+        Pattern cidPattern =
+                Pattern.compile(
+                        "(?i)<img[^>]*\\ssrc\\s*=\\s*['\"]cid:([^'\"]+)['\"][^>]*>",
+                        Pattern.CASE_INSENSITIVE);
+        Matcher matcher = cidPattern.matcher(htmlContent);
+
+        StringBuilder result = new StringBuilder();
+        while (matcher.find()) {
+            String contentId = matcher.group(1);
+            EmlParser.EmailAttachment attachment = contentIdMap.get(contentId);
+
+            if (attachment != null && attachment.getData() != null) {
+                String mimeType =
+                        EmlProcessingUtils.detectMimeType(
+                                attachment.getFilename(), attachment.getContentType());
+
+                String base64Data = Base64.getEncoder().encodeToString(attachment.getData());
+                String dataUri = "data:" + mimeType + ";base64," + base64Data;
+
+                String replacement =
+                        matcher.group(0).replaceFirst("cid:" + Pattern.quote(contentId), dataUri);
+                matcher.appendReplacement(result, Matcher.quoteReplacement(replacement));
+            } else {
+                matcher.appendReplacement(result, Matcher.quoteReplacement(matcher.group(0)));
+            }
+        }
+        matcher.appendTail(result);
+
+        return result.toString();
+    }
+
+    public static String formatEmailDate(Date date) {
+        if (date == null) return "";
+
+        SimpleDateFormat formatter =
+                new SimpleDateFormat("EEE, MMM d, yyyy 'at' h:mm a z", Locale.ENGLISH);
+        formatter.setTimeZone(TimeZone.getTimeZone("UTC"));
+        return formatter.format(date);
+    }
+
+    @Data
+    public static class MarkerPosition {
+        private int pageIndex;
+        private float x;
+        private float y;
+        private String character;
+        private String filename;
+
+        public MarkerPosition(int pageIndex, float x, float y, String character, String filename) {
+            this.pageIndex = pageIndex;
+            this.x = x;
+            this.y = y;
+            this.character = character;
+            this.filename = filename;
+        }
+    }
+
+    public static class AttachmentMarkerPositionFinder extends PDFTextStripper {
+        @Getter private final List<MarkerPosition> positions = new ArrayList<>();
+        private int currentPageIndex;
+        protected boolean sortByPosition;
+        private boolean isInAttachmentSection;
+        private boolean attachmentSectionFound;
+        private final StringBuilder currentText = new StringBuilder();
+
+        private static final Pattern ATTACHMENT_SECTION_PATTERN =
+                Pattern.compile("attachments\\s*\\(\\d+\\)", Pattern.CASE_INSENSITIVE);
+
+        private static final Pattern FILENAME_PATTERN =
+                Pattern.compile("@\\s*([^\\s\\(]+(?:\\.[a-zA-Z0-9]+)?)");
+
+        public AttachmentMarkerPositionFinder() {
+            super();
+            this.currentPageIndex = 0;
+            this.sortByPosition = false; // Disable sorting to preserve document order
+            this.isInAttachmentSection = false;
+            this.attachmentSectionFound = false;
+        }
+
+        @Override
+        public String getText(PDDocument document) throws IOException {
+            super.getText(document);
+
+            if (sortByPosition) {
+                positions.sort(
+                        (a, b) -> {
+                            int pageCompare = Integer.compare(a.getPageIndex(), b.getPageIndex());
+                            if (pageCompare != 0) return pageCompare;
+                            return Float.compare(
+                                    b.getY(), a.getY()); // Descending Y per PDF coordinate system
+                        });
+            }
+
+            return ""; // Return empty string as we only need positions
+        }
+
+        @Override
+        protected void startPage(PDPage page) throws IOException {
+            super.startPage(page);
+        }
+
+        @Override
+        protected void endPage(PDPage page) throws IOException {
+            currentPageIndex++;
+            super.endPage(page);
+        }
+
+        @Override
+        protected void writeString(String string, List<TextPosition> textPositions)
+                throws IOException {
+            String lowerString = string.toLowerCase();
+
+            if (ATTACHMENT_SECTION_PATTERN.matcher(lowerString).find()) {
+                isInAttachmentSection = true;
+                attachmentSectionFound = true;
+            }
+
+            if (isInAttachmentSection
+                    && (lowerString.contains("</body>")
+                            || lowerString.contains("</html>")
+                            || (attachmentSectionFound
+                                    && lowerString.trim().isEmpty()
+                                    && string.length() > 50))) {
+                isInAttachmentSection = false;
+            }
+
+            if (isInAttachmentSection) {
+                currentText.append(string);
+
+                for (int i = 0; (i = string.indexOf(ATTACHMENT_MARKER, i)) != -1; i++) {
+                    if (i < textPositions.size()) {
+                        TextPosition textPosition = textPositions.get(i);
+
+                        String filename = extractFilenameAfterMarker(string, i);
+
+                        MarkerPosition position =
+                                new MarkerPosition(
+                                        currentPageIndex,
+                                        textPosition.getXDirAdj(),
+                                        textPosition.getYDirAdj(),
+                                        ATTACHMENT_MARKER,
+                                        filename);
+                        positions.add(position);
+                    }
+                }
+            }
+            super.writeString(string, textPositions);
+        }
+
+        @Override
+        public void setSortByPosition(boolean sortByPosition) {
+            this.sortByPosition = sortByPosition;
+        }
+
+        private String extractFilenameAfterMarker(String text, int markerIndex) {
+            String afterMarker = text.substring(markerIndex + 1);
+
+            Matcher matcher = FILENAME_PATTERN.matcher("@" + afterMarker);
+            if (matcher.find()) {
+                return matcher.group(1);
+            }
+
+            String[] parts = afterMarker.split("[\\s\\(\\)]+");
+            for (String part : parts) {
+                part = part.trim();
+                if (part.length() > 3 && part.contains(".")) {
+                    return part;
+                }
+            }
+
+            return null;
+        }
+    }
+
+    private static Map<Integer, String> addAttachmentsToDocumentWithMapping(
+            PDDocument document,
+            List<MultipartFile> attachments,
+            List<EmlParser.EmailAttachment> originalAttachments)
+            throws IOException {
+
+        PDDocumentCatalog catalog = document.getDocumentCatalog();
+
+        if (catalog == null) {
+            throw new IOException("PDF document catalog is not accessible");
+        }
+
+        PDDocumentNameDictionary documentNames = catalog.getNames();
+        if (documentNames == null) {
+            documentNames = new PDDocumentNameDictionary(catalog);
+            catalog.setNames(documentNames);
+        }
+
+        PDEmbeddedFilesNameTreeNode embeddedFilesTree = documentNames.getEmbeddedFiles();
+        if (embeddedFilesTree == null) {
+            embeddedFilesTree = new PDEmbeddedFilesNameTreeNode();
+            documentNames.setEmbeddedFiles(embeddedFilesTree);
+        }
+
+        Map<String, PDComplexFileSpecification> existingNames = embeddedFilesTree.getNames();
+        if (existingNames == null) {
+            existingNames = new HashMap<>();
+        }
+
+        Map<Integer, String> indexToFilenameMap = new HashMap<>();
+
+        for (int i = 0; i < attachments.size(); i++) {
+            MultipartFile attachment = attachments.get(i);
+            String filename = attachment.getOriginalFilename();
+            if (filename == null || filename.trim().isEmpty()) {
+                filename = "attachment_" + i;
+            }
+
+            String normalizedFilename =
+                    isAscii(filename)
+                            ? filename
+                            : java.text.Normalizer.normalize(
+                                    filename, java.text.Normalizer.Form.NFC);
+            String uniqueFilename =
+                    ensureUniqueFilename(normalizedFilename, existingNames.keySet());
+
+            indexToFilenameMap.put(i, uniqueFilename);
+
+            PDEmbeddedFile embeddedFile = new PDEmbeddedFile(document, attachment.getInputStream());
+            embeddedFile.setSize((int) attachment.getSize());
+
+            GregorianCalendar currentTime = new GregorianCalendar();
+            embeddedFile.setCreationDate(currentTime);
+            embeddedFile.setModDate(currentTime);
+
+            String contentType = attachment.getContentType();
+            if (contentType != null && !contentType.trim().isEmpty()) {
+                embeddedFile.setSubtype(contentType);
+            }
+
+            PDComplexFileSpecification fileSpecification = new PDComplexFileSpecification();
+            fileSpecification.setFile(uniqueFilename);
+            fileSpecification.setFileUnicode(uniqueFilename);
+            fileSpecification.setEmbeddedFile(embeddedFile);
+            fileSpecification.setEmbeddedFileUnicode(embeddedFile);
+
+            existingNames.put(uniqueFilename, fileSpecification);
+        }
+
+        embeddedFilesTree.setNames(existingNames);
+        documentNames.setEmbeddedFiles(embeddedFilesTree);
+        catalog.setNames(documentNames);
+
+        return indexToFilenameMap;
+    }
+
+    private static void addAttachmentAnnotationsToDocumentWithMapping(
+            PDDocument document,
+            List<EmlParser.EmailAttachment> attachments,
+            Map<Integer, String> indexToFilenameMap)
+            throws IOException {
+
+        if (document.getNumberOfPages() == 0 || attachments == null || attachments.isEmpty()) {
+            return;
+        }
+
+        AttachmentMarkerPositionFinder finder = new AttachmentMarkerPositionFinder();
+        finder.setSortByPosition(false); // Keep document order to maintain pairing
+        finder.getText(document);
+        List<MarkerPosition> markerPositions = finder.getPositions();
+
+        int annotationsToAdd = Math.min(markerPositions.size(), attachments.size());
+
+        for (int i = 0; i < annotationsToAdd; i++) {
+            MarkerPosition position = markerPositions.get(i);
+
+            String filenameNearMarker = position.getFilename();
+
+            EmlParser.EmailAttachment matchingAttachment =
+                    findAttachmentByFilename(attachments, filenameNearMarker);
+
+            if (matchingAttachment != null) {
+                String embeddedFilename =
+                        findEmbeddedFilenameForAttachment(matchingAttachment, indexToFilenameMap);
+
+                if (embeddedFilename != null) {
+                    PDPage page = document.getPage(position.getPageIndex());
+                    addAttachmentAnnotationToPageWithMapping(
+                            document,
+                            page,
+                            matchingAttachment,
+                            embeddedFilename,
+                            position.getX(),
+                            position.getY(),
+                            i);
+                } else {
+                    // No embedded filename found for attachment
+                }
+            } else {
+                // No matching attachment found for filename near marker
+            }
+        }
+    }
+
+    private static EmlParser.EmailAttachment findAttachmentByFilename(
+            List<EmlParser.EmailAttachment> attachments, String targetFilename) {
+        if (targetFilename == null || targetFilename.trim().isEmpty()) {
+            return null;
+        }
+
+        String normalizedTarget = normalizeFilename(targetFilename);
+
+        // First try exact match
+        for (EmlParser.EmailAttachment attachment : attachments) {
+            if (attachment.getFilename() != null) {
+                String normalizedAttachment = normalizeFilename(attachment.getFilename());
+                if (normalizedAttachment.equals(normalizedTarget)) {
+                    return attachment;
+                }
+            }
+        }
+
+        // Then try contains match
+        for (EmlParser.EmailAttachment attachment : attachments) {
+            if (attachment.getFilename() != null) {
+                String normalizedAttachment = normalizeFilename(attachment.getFilename());
+                if (normalizedAttachment.contains(normalizedTarget)
+                        || normalizedTarget.contains(normalizedAttachment)) {
+                    return attachment;
+                }
+            }
+        }
+
+        return null;
+    }
+
+    private static String findEmbeddedFilenameForAttachment(
+            EmlParser.EmailAttachment attachment, Map<Integer, String> indexToFilenameMap) {
+
+        String attachmentFilename = attachment.getFilename();
+        if (attachmentFilename == null) {
+            return null;
+        }
+
+        for (Map.Entry<Integer, String> entry : indexToFilenameMap.entrySet()) {
+            String embeddedFilename = entry.getValue();
+            if (embeddedFilename != null
+                    && (embeddedFilename.equals(attachmentFilename)
+                            || embeddedFilename.contains(attachmentFilename)
+                            || attachmentFilename.contains(embeddedFilename))) {
+                return embeddedFilename;
+            }
+        }
+
+        return null;
+    }
+
+    private static String normalizeFilename(String filename) {
+        if (filename == null) return "";
+        return filename.toLowerCase()
+                .trim()
+                .replaceAll("\\s+", " ")
+                .replaceAll("[^a-zA-Z0-9._-]", "");
+    }
+
+    private static void addAttachmentAnnotationToPageWithMapping(
+            PDDocument document,
+            PDPage page,
+            EmlParser.EmailAttachment attachment,
+            String embeddedFilename,
+            float x,
+            float y,
+            int attachmentIndex)
+            throws IOException {
+
+        PDAnnotationFileAttachment fileAnnotation = new PDAnnotationFileAttachment();
+
+        PDRectangle rect = calculateAnnotationRectangle(page, x, y);
+        fileAnnotation.setRectangle(rect);
+
+        fileAnnotation.setPrinted(false);
+        fileAnnotation.setHidden(false);
+        fileAnnotation.setNoView(false);
+        fileAnnotation.setNoZoom(true);
+        fileAnnotation.setNoRotate(true);
+
+        try {
+            PDAppearanceDictionary appearance = new PDAppearanceDictionary();
+            PDAppearanceStream normalAppearance = new PDAppearanceStream(document);
+            normalAppearance.setBBox(new PDRectangle(0, 0, rect.getWidth(), rect.getHeight()));
+            appearance.setNormalAppearance(normalAppearance);
+            fileAnnotation.setAppearance(appearance);
+        } catch (RuntimeException e) {
+            fileAnnotation.setAppearance(null);
+        }
+
+        PDEmbeddedFilesNameTreeNode efTree =
+                document.getDocumentCatalog().getNames().getEmbeddedFiles();
+        if (efTree != null) {
+            Map<String, PDComplexFileSpecification> efMap = efTree.getNames();
+            if (efMap != null) {
+                PDComplexFileSpecification fileSpec = efMap.get(embeddedFilename);
+                if (fileSpec != null) {
+                    fileAnnotation.setFile(fileSpec);
+                } else {
+                    // Could not find embedded file
+                }
+            }
+        }
+
+        fileAnnotation.setContents(
+                "Attachment " + (attachmentIndex + 1) + ": " + attachment.getFilename());
+        fileAnnotation.setAnnotationName(
+                "EmbeddedFile_" + attachmentIndex + "_" + embeddedFilename);
+
+        page.getAnnotations().add(fileAnnotation);
+    }
+
+    private static boolean isAscii(String str) {
+        if (str == null) return true;
+        for (int i = 0; i < str.length(); i++) {
+            if (str.charAt(i) > 127) {
+                return false;
+            }
+        }
+        return true;
+    }
+}

app/common/src/main/java/stirling/software/common/util/PdfUtils.java

@@ -35,6 +35,7 @@ import io.github.pixee.security.Filenames;
 
 import lombok.extern.slf4j.Slf4j;
 
+import stirling.software.common.model.ApplicationProperties;
 import stirling.software.common.service.CustomPDFDocumentFactory;
 
 @Slf4j
@@ -145,13 +146,18 @@ public class PdfUtils {
             throws IOException, Exception {
 
         // Validate and limit DPI to prevent excessive memory usage
-        final int MAX_SAFE_DPI = 500; // Maximum safe DPI to prevent memory issues
-        if (DPI > MAX_SAFE_DPI) {
+        int maxSafeDpi = 500; // Default maximum safe DPI
+        ApplicationProperties properties =
+                ApplicationContextProvider.getBean(ApplicationProperties.class);
+        if (properties != null && properties.getSystem() != null) {
+            maxSafeDpi = properties.getSystem().getMaxDPI();
+        }
+        if (DPI > maxSafeDpi) {
             throw ExceptionUtils.createIllegalArgumentException(
                     "error.dpiExceedsLimit",
                     "DPI value {0} exceeds maximum safe limit of {1}. High DPI values can cause memory issues and crashes. Please use a lower DPI value.",
                     DPI,
-                    MAX_SAFE_DPI);
+                    maxSafeDpi);
         }
 
         try (PDDocument document = pdfDocumentFactory.load(inputStream)) {

app/common/src/main/java/stirling/software/common/util/RequestUriUtils.java

@@ -14,8 +14,10 @@ public class RequestUriUtils {
                 || requestURI.startsWith(contextPath + "/images/")
                 || requestURI.startsWith(contextPath + "/public/")
                 || requestURI.startsWith(contextPath + "/pdfjs/")
+                || requestURI.startsWith(contextPath + "/pdfjs-legacy/")
                 || requestURI.startsWith(contextPath + "/login")
                 || requestURI.startsWith(contextPath + "/error")
+                || requestURI.startsWith(contextPath + "/favicon")
                 || requestURI.endsWith(".svg")
                 || requestURI.endsWith(".png")
                 || requestURI.endsWith(".ico")

app/common/src/test/java/stirling/software/common/annotations/AutoJobPostMappingIntegrationTest.java

@@ -7,24 +7,19 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyBoolean;
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.ArgumentMatchers.anyLong;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
-import org.junit.jupiter.api.BeforeEach;
-
-import java.util.Arrays;
 import java.util.function.Supplier;
 
 import org.aspectj.lang.ProceedingJoinPoint;
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
-import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.springframework.http.ResponseEntity;
@@ -34,7 +29,6 @@ import jakarta.servlet.http.HttpServletRequest;
 
 import stirling.software.common.aop.AutoJobAspect;
 import stirling.software.common.model.api.PDFFile;
-import stirling.software.common.service.FileOrUploadService;
 import stirling.software.common.service.FileStorage;
 import stirling.software.common.service.JobExecutorService;
 import stirling.software.common.service.JobQueue;
@@ -45,62 +39,41 @@ class AutoJobPostMappingIntegrationTest {
 
     private AutoJobAspect autoJobAspect;
 
-    @Mock
-    private JobExecutorService jobExecutorService;
+    @Mock private JobExecutorService jobExecutorService;
 
-    @Mock
-    private HttpServletRequest request;
+    @Mock private HttpServletRequest request;
 
-    @Mock
-    private FileOrUploadService fileOrUploadService;
+    @Mock private FileStorage fileStorage;
 
-    @Mock
-    private FileStorage fileStorage;
+    @Mock private ResourceMonitor resourceMonitor;
 
-
-    @Mock
-    private ResourceMonitor resourceMonitor;
-
-    @Mock
-    private JobQueue jobQueue;
+    @Mock private JobQueue jobQueue;
 
     @BeforeEach
     void setUp() {
-        autoJobAspect = new AutoJobAspect(
-            jobExecutorService,
-            request,
-            fileOrUploadService,
-            fileStorage
-        );
+        autoJobAspect = new AutoJobAspect(jobExecutorService, request, fileStorage);
     }
 
-    @Mock
-    private ProceedingJoinPoint joinPoint;
+    @Mock private ProceedingJoinPoint joinPoint;
 
-    @Mock
-    private AutoJobPostMapping autoJobPostMapping;
+    @Mock private AutoJobPostMapping autoJobPostMapping;
 
-    @Captor
-    private ArgumentCaptor<Supplier<Object>> workCaptor;
+    @Captor private ArgumentCaptor<Supplier<Object>> workCaptor;
 
-    @Captor
-    private ArgumentCaptor<Boolean> asyncCaptor;
+    @Captor private ArgumentCaptor<Boolean> asyncCaptor;
 
-    @Captor
-    private ArgumentCaptor<Long> timeoutCaptor;
+    @Captor private ArgumentCaptor<Long> timeoutCaptor;
 
-    @Captor
-    private ArgumentCaptor<Boolean> queueableCaptor;
+    @Captor private ArgumentCaptor<Boolean> queueableCaptor;
 
-    @Captor
-    private ArgumentCaptor<Integer> resourceWeightCaptor;
+    @Captor private ArgumentCaptor<Integer> resourceWeightCaptor;
 
     @Test
     void shouldExecuteWithCustomParameters() throws Throwable {
         // Given
         PDFFile pdfFile = new PDFFile();
         pdfFile.setFileId("test-file-id");
-        Object[] args = new Object[] { pdfFile };
+        Object[] args = new Object[] {pdfFile};
 
         when(joinPoint.getArgs()).thenReturn(args);
         when(request.getParameter("async")).thenReturn("true");
@@ -113,9 +86,8 @@ class AutoJobPostMappingIntegrationTest {
         MultipartFile mockFile = mock(MultipartFile.class);
         when(fileStorage.retrieveFile("test-file-id")).thenReturn(mockFile);
 
-
         when(jobExecutorService.runJobGeneric(
-                anyBoolean(), any(Supplier.class), anyLong(), anyBoolean(), anyInt()))
+                        anyBoolean(), any(Supplier.class), anyLong(), anyBoolean(), anyInt()))
                 .thenReturn(ResponseEntity.ok("success"));
 
         // When
@@ -124,12 +96,13 @@ class AutoJobPostMappingIntegrationTest {
         // Then
         assertEquals(ResponseEntity.ok("success"), result);
 
-        verify(jobExecutorService).runJobGeneric(
-                asyncCaptor.capture(),
-                workCaptor.capture(),
-                timeoutCaptor.capture(),
-                queueableCaptor.capture(),
-                resourceWeightCaptor.capture());
+        verify(jobExecutorService)
+                .runJobGeneric(
+                        asyncCaptor.capture(),
+                        workCaptor.capture(),
+                        timeoutCaptor.capture(),
+                        queueableCaptor.capture(),
+                        resourceWeightCaptor.capture());
 
         assertTrue(asyncCaptor.getValue(), "Async should be true");
         assertEquals(60000L, timeoutCaptor.getValue(), "Timeout should be 60000ms");
@@ -158,11 +131,12 @@ class AutoJobPostMappingIntegrationTest {
 
         // Mock jobExecutorService to execute the work immediately
         when(jobExecutorService.runJobGeneric(
-                anyBoolean(), any(Supplier.class), anyLong(), anyBoolean(), anyInt()))
-                .thenAnswer(invocation -> {
-                    Supplier<Object> work = invocation.getArgument(1);
-                    return work.get();
-                });
+                        anyBoolean(), any(Supplier.class), anyLong(), anyBoolean(), anyInt()))
+                .thenAnswer(
+                        invocation -> {
+                            Supplier<Object> work = invocation.getArgument(1);
+                            return work.get();
+                        });
 
         // When
         Object result = autoJobAspect.wrapWithJobExecution(joinPoint, autoJobPostMapping);
@@ -179,7 +153,7 @@ class AutoJobPostMappingIntegrationTest {
         // Given
         PDFFile pdfFile = new PDFFile();
         pdfFile.setFileInput(mock(MultipartFile.class));
-        Object[] args = new Object[] { pdfFile };
+        Object[] args = new Object[] {pdfFile};
 
         when(joinPoint.getArgs()).thenReturn(args);
         when(request.getParameter("async")).thenReturn("true");
@@ -190,14 +164,16 @@ class AutoJobPostMappingIntegrationTest {
 
         // Mock job executor to return a successful response
         when(jobExecutorService.runJobGeneric(
-                anyBoolean(), any(Supplier.class), anyLong(), anyBoolean(), anyInt()))
+                        anyBoolean(), any(Supplier.class), anyLong(), anyBoolean(), anyInt()))
                 .thenReturn(ResponseEntity.ok("success"));
 
         // When
         autoJobAspect.wrapWithJobExecution(joinPoint, autoJobPostMapping);
 
         // Then
-        assertEquals("stored-file-id", pdfFile.getFileId(),
+        assertEquals(
+                "stored-file-id",
+                pdfFile.getFileId(),
                 "FileId should be set to the stored file id");
         assertNotNull(pdfFile.getFileInput(), "FileInput should be replaced with persistent file");
 

app/common/src/test/java/stirling/software/common/model/ApplicationPropertiesDynamicYamlPropertySourceTest.java

@@ -0,0 +1,59 @@
+package stirling.software.common.model;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+import org.junit.jupiter.api.Test;
+import org.mockito.MockedStatic;
+import org.mockito.Mockito;
+import org.springframework.core.env.ConfigurableEnvironment;
+import org.springframework.core.env.StandardEnvironment;
+
+import stirling.software.common.configuration.InstallationPathConfig;
+
+class ApplicationPropertiesDynamicYamlPropertySourceTest {
+
+    @Test
+    void loads_yaml_into_environment() throws Exception {
+        // YAML-Config in Temp-Datei schreiben
+        String yaml =
+                ""
+                        + "ui:\n"
+                        + "  appName: \"My App\"\n"
+                        + "system:\n"
+                        + "  enableAnalytics: true\n";
+        Path tmp = Files.createTempFile("spdf-settings-", ".yml");
+        Files.writeString(tmp, yaml);
+
+        // Pfad per statischem Mock liefern
+        try (MockedStatic<InstallationPathConfig> mocked =
+                Mockito.mockStatic(InstallationPathConfig.class)) {
+            mocked.when(InstallationPathConfig::getSettingsPath).thenReturn(tmp.toString());
+
+            ConfigurableEnvironment env = new StandardEnvironment();
+            ApplicationProperties props = new ApplicationProperties();
+
+            props.dynamicYamlPropertySource(env); // fügt PropertySource an erster Stelle ein
+
+            assertEquals("My App", env.getProperty("ui.appName"));
+            assertEquals("true", env.getProperty("system.enableAnalytics"));
+        }
+    }
+
+    @Test
+    void throws_when_settings_file_missing() throws Exception {
+        String missing = "/path/does/not/exist/spdf.yml";
+        try (MockedStatic<InstallationPathConfig> mocked =
+                Mockito.mockStatic(InstallationPathConfig.class)) {
+            mocked.when(InstallationPathConfig::getSettingsPath).thenReturn(missing);
+
+            ConfigurableEnvironment env = new StandardEnvironment();
+            ApplicationProperties props = new ApplicationProperties();
+
+            assertThrows(IOException.class, () -> props.dynamicYamlPropertySource(env));
+        }
+    }
+}

app/common/src/test/java/stirling/software/common/model/ApplicationPropertiesLogicTest.java

@@ -0,0 +1,248 @@
+package stirling.software.common.model;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import org.junit.jupiter.api.Test;
+
+import stirling.software.common.model.ApplicationProperties.Driver;
+import stirling.software.common.model.ApplicationProperties.Premium;
+import stirling.software.common.model.ApplicationProperties.Security;
+import stirling.software.common.model.exception.UnsupportedProviderException;
+
+class ApplicationPropertiesLogicTest {
+
+    @Test
+    void system_isAnalyticsEnabled_null_false_true() {
+        ApplicationProperties.System sys = new ApplicationProperties.System();
+
+        sys.setEnableAnalytics(null);
+        assertFalse(sys.isAnalyticsEnabled());
+
+        sys.setEnableAnalytics(Boolean.FALSE);
+        assertFalse(sys.isAnalyticsEnabled());
+
+        sys.setEnableAnalytics(Boolean.TRUE);
+        assertTrue(sys.isAnalyticsEnabled());
+    }
+
+    @Test
+    void tempFileManagement_defaults_and_overrides() {
+        ApplicationProperties.TempFileManagement tfm =
+                new ApplicationProperties.TempFileManagement();
+
+        String expectedBase =
+                java.lang.System.getProperty("java.io.tmpdir").replaceAll("/+$", "")
+                        + "/stirling-pdf";
+        assertEquals(expectedBase, tfm.getBaseTmpDir());
+
+        String expectedLibre = expectedBase + "/libreoffice";
+        assertEquals(expectedLibre, tfm.getLibreofficeDir());
+
+        tfm.setBaseTmpDir("/custom/base");
+        assertEquals("/custom/base", tfm.getBaseTmpDir());
+
+        tfm.setLibreofficeDir("/opt/libre");
+        assertEquals("/opt/libre", tfm.getLibreofficeDir());
+    }
+
+    @Test
+    void oauth2_scope_parsing_and_validity() {
+        Security.OAUTH2 oauth2 = new Security.OAUTH2();
+        oauth2.setIssuer("https://issuer");
+        oauth2.setClientId("client");
+        oauth2.setClientSecret("secret");
+        oauth2.setUseAsUsername("email");
+        oauth2.setScopes("openid, profile ,email");
+        assertTrue(oauth2.isSettingsValid());
+    }
+
+    @Test
+    void security_login_method_flags() {
+        Security sec = new Security();
+
+        sec.getOauth2().setEnabled(true);
+        sec.getSaml2().setEnabled(true);
+
+        assertTrue(sec.isUserPass());
+        assertTrue(sec.isOauth2Active());
+        assertTrue(sec.isSaml2Active());
+
+        sec.setLoginMethod(Security.LoginMethods.NORMAL.toString());
+        assertTrue(sec.isUserPass());
+        assertFalse(sec.isOauth2Active());
+        assertFalse(sec.isSaml2Active());
+    }
+
+    @Test
+    void security_isAltLogin_reflects_oauth2_or_saml2() {
+        Security sec = new Security();
+
+        assertFalse(sec.isAltLogin());
+
+        sec.getOauth2().setEnabled(true);
+        sec.getSaml2().setEnabled(false);
+        assertTrue(sec.isAltLogin());
+
+        sec.getOauth2().setEnabled(false);
+        sec.getSaml2().setEnabled(true);
+        assertTrue(sec.isAltLogin());
+
+        sec.getOauth2().setEnabled(true);
+        sec.getSaml2().setEnabled(true);
+        assertTrue(sec.isAltLogin());
+    }
+
+    @Test
+    void oauth2_client_provider_mapping_and_unsupported() throws UnsupportedProviderException {
+        Security.OAUTH2.Client client = new Security.OAUTH2.Client();
+
+        assertNotNull(client.get("google"));
+        assertNotNull(client.get("github"));
+        assertNotNull(client.get("keycloak"));
+
+        UnsupportedProviderException ex =
+                assertThrows(UnsupportedProviderException.class, () -> client.get("unknown"));
+        assertTrue(ex.getMessage().toLowerCase().contains("not supported"));
+    }
+
+    @Test
+    void premium_google_drive_getters_return_empty_string_on_null_or_blank() {
+        Premium.ProFeatures.GoogleDrive gd = new Premium.ProFeatures.GoogleDrive();
+
+        assertEquals("", gd.getClientId());
+        assertEquals("", gd.getApiKey());
+        assertEquals("", gd.getAppId());
+
+        gd.setClientId(" id ");
+        gd.setApiKey(" key ");
+        gd.setAppId(" app ");
+        assertEquals(" id ", gd.getClientId());
+        assertEquals(" key ", gd.getApiKey());
+        assertEquals(" app ", gd.getAppId());
+    }
+
+    @Test
+    void ui_getters_return_null_for_blank() {
+        ApplicationProperties.Ui ui = new ApplicationProperties.Ui();
+        ui.setAppName("   ");
+        ui.setHomeDescription("");
+        ui.setAppNameNavbar(null);
+
+        assertNull(ui.getAppName());
+        assertNull(ui.getHomeDescription());
+        assertNull(ui.getAppNameNavbar());
+
+        ui.setAppName("Stirling-PDF");
+        ui.setHomeDescription("Home");
+        ui.setAppNameNavbar("Nav");
+        assertEquals("Stirling-PDF", ui.getAppName());
+        assertEquals("Home", ui.getHomeDescription());
+        assertEquals("Nav", ui.getAppNameNavbar());
+    }
+
+    @Test
+    void driver_toString_contains_driver_name() {
+        assertTrue(Driver.H2.toString().contains("h2"));
+        assertTrue(Driver.POSTGRESQL.toString().contains("postgresql"));
+    }
+
+    @Test
+    void session_limits_and_timeouts_have_reasonable_defaults() {
+        ApplicationProperties.ProcessExecutor pe = new ApplicationProperties.ProcessExecutor();
+
+        ApplicationProperties.ProcessExecutor.SessionLimit s = pe.getSessionLimit();
+        assertEquals(2, s.getQpdfSessionLimit());
+        assertEquals(1, s.getTesseractSessionLimit());
+        assertEquals(1, s.getLibreOfficeSessionLimit());
+        assertEquals(1, s.getPdfToHtmlSessionLimit());
+        assertEquals(8, s.getPythonOpenCvSessionLimit());
+        assertEquals(16, s.getWeasyPrintSessionLimit());
+        assertEquals(1, s.getInstallAppSessionLimit());
+        assertEquals(1, s.getCalibreSessionLimit());
+        assertEquals(8, s.getGhostscriptSessionLimit());
+        assertEquals(2, s.getOcrMyPdfSessionLimit());
+
+        ApplicationProperties.ProcessExecutor.TimeoutMinutes t = pe.getTimeoutMinutes();
+        assertEquals(30, t.getTesseractTimeoutMinutes());
+        assertEquals(30, t.getQpdfTimeoutMinutes());
+        assertEquals(30, t.getLibreOfficeTimeoutMinutes());
+        assertEquals(20, t.getPdfToHtmlTimeoutMinutes());
+        assertEquals(30, t.getPythonOpenCvTimeoutMinutes());
+        assertEquals(30, t.getWeasyPrintTimeoutMinutes());
+        assertEquals(60, t.getInstallAppTimeoutMinutes());
+        assertEquals(30, t.getCalibreTimeoutMinutes());
+        assertEquals(30, t.getGhostscriptTimeoutMinutes());
+        assertEquals(30, t.getOcrMyPdfTimeoutMinutes());
+    }
+
+    @Deprecated(since = "0.45.0")
+    @Test
+    void enterprise_metadata_defaults() {
+        ApplicationProperties.EnterpriseEdition ee = new ApplicationProperties.EnterpriseEdition();
+        ApplicationProperties.EnterpriseEdition.CustomMetadata eMeta = ee.getCustomMetadata();
+        eMeta.setCreator("  ");
+        eMeta.setProducer(null);
+        assertEquals("Stirling-PDF", eMeta.getCreator());
+        assertEquals("Stirling-PDF", eMeta.getProducer());
+    }
+
+    @Test
+    void premium_metadata_defaults() {
+        Premium.ProFeatures pf = new Premium.ProFeatures();
+        Premium.ProFeatures.CustomMetadata pMeta = pf.getCustomMetadata();
+        pMeta.setCreator("");
+        pMeta.setProducer("");
+        assertEquals("Stirling-PDF", pMeta.getCreator());
+        assertEquals("Stirling-PDF", pMeta.getProducer());
+    }
+
+    @Test
+    void premium_metadata_awesome() {
+        Premium.ProFeatures pf = new Premium.ProFeatures();
+        Premium.ProFeatures.CustomMetadata pMeta = pf.getCustomMetadata();
+        pMeta.setCreator("Awesome PDF Tool");
+        pMeta.setProducer("Awesome PDF Tool");
+        assertEquals("Awesome PDF Tool", pMeta.getCreator());
+        assertEquals("Awesome PDF Tool", pMeta.getProducer());
+    }
+
+    @Test
+    void string_isValid_handles_null_empty_blank_and_trimmed() {
+        ApplicationProperties.Security.OAUTH2 oauth2 = new ApplicationProperties.Security.OAUTH2();
+
+        assertFalse(oauth2.isValid((String) null, "issuer"));
+        assertFalse(oauth2.isValid("", "issuer"));
+        assertFalse(oauth2.isValid("   ", "issuer"));
+
+        assertTrue(oauth2.isValid("x", "issuer"));
+        assertTrue(oauth2.isValid("  x  ", "issuer")); // trimmt intern
+    }
+
+    @Test
+    void collection_isValid_handles_null_and_empty() {
+        ApplicationProperties.Security.OAUTH2 oauth2 = new ApplicationProperties.Security.OAUTH2();
+
+        Collection<String> nullColl = null;
+        Collection<String> empty = List.of();
+
+        assertFalse(oauth2.isValid(nullColl, "scopes"));
+        assertFalse(oauth2.isValid(empty, "scopes"));
+    }
+
+    @Test
+    void collection_isValid_true_when_non_empty_even_if_element_is_blank() {
+        ApplicationProperties.Security.OAUTH2 oauth2 = new ApplicationProperties.Security.OAUTH2();
+
+        // Aktuelles Verhalten: prüft NUR !isEmpty(), nicht Inhalt
+        Collection<String> oneBlank = new ArrayList<>();
+        oneBlank.add("   ");
+
+        assertTrue(
+                oauth2.isValid(oneBlank, "scopes"),
+                "Dokumentiert aktuelles Verhalten: nicht-leere Liste gilt als gültig, auch wenn Element leer/blank ist");
+    }
+}

app/common/src/test/java/stirling/software/common/model/ApplicationPropertiesSaml2HttpTest.java

@@ -0,0 +1,80 @@
+package stirling.software.common.model;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.core.io.FileSystemResource;
+import org.springframework.core.io.Resource;
+
+import okhttp3.mockwebserver.MockResponse;
+import okhttp3.mockwebserver.MockWebServer;
+
+class ApplicationPropertiesSaml2HttpTest {
+
+    @Test
+    void idpMetadataUri_http_is_resolved_via_mockwebserver() throws Exception {
+        try (MockWebServer server = new MockWebServer()) {
+            server.enqueue(
+                    new MockResponse()
+                            .setResponseCode(200)
+                            .addHeader("Content-Type", "application/xml")
+                            .setBody("<EntityDescriptor/>"));
+            server.start();
+
+            String url = server.url("/meta").toString();
+
+            var s = new ApplicationProperties.Security.SAML2();
+            s.setIdpMetadataUri(url);
+
+            try (InputStream in = s.getIdpMetadataUri()) {
+                String body = new String(in.readAllBytes(), StandardCharsets.UTF_8);
+                assertTrue(body.contains("EntityDescriptor"));
+            }
+        }
+    }
+
+    @Test
+    void idpMetadataUri_invalidUri_triggers_catch_and_throwsIOException() {
+        // Ungültige URI -> new URI(...) wirft URISyntaxException -> catch -> IOException
+        var s = new ApplicationProperties.Security.SAML2();
+        s.setIdpMetadataUri("http:##invalid uri"); // absichtlich kaputt (Leerzeichen + ##)
+
+        assertThrows(IOException.class, s::getIdpMetadataUri);
+    }
+
+    @Test
+    void spCert_else_branch_returns_FileSystemResource_for_filesystem_path() throws Exception {
+        var s = new ApplicationProperties.Security.SAML2();
+
+        // temporäre Datei simuliert "Filesystem"-Pfad (-> else-Zweig)
+        Path tmp = Files.createTempFile("spdf-spcert-", ".crt");
+        Files.writeString(tmp, "CERT");
+
+        s.setSpCert(tmp.toString());
+        Resource r = s.getSpCert();
+
+        assertNotNull(r);
+        assertTrue(r instanceof FileSystemResource, "Expected FileSystemResource for FS path");
+        assertTrue(r.exists(), "Temp file should exist");
+    }
+
+    @Test
+    void idpCert_else_branch_returns_FileSystemResource_even_if_missing() {
+        var s = new ApplicationProperties.Security.SAML2();
+
+        // bewusst nicht existierender Pfad -> else-Zweig wird trotzdem genommen
+        String missing = "/this/path/does/not/exist/idp.crt";
+        s.setIdpCert(missing);
+        Resource r = s.getIdpCert();
+
+        assertNotNull(r);
+        assertTrue(r instanceof FileSystemResource, "Expected FileSystemResource for FS path");
+        assertFalse(r.exists(), "Resource should not exist for missing file");
+    }
+}

app/common/src/test/java/stirling/software/common/model/ApplicationPropertiesSaml2ResourceTest.java

@@ -0,0 +1,55 @@
+package stirling.software.common.model;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.core.io.Resource;
+
+class ApplicationPropertiesSaml2ResourceTest {
+
+    @Test
+    void idpMetadataUri_classpath_is_resolved() throws Exception {
+        var s = new ApplicationProperties.Security.SAML2();
+        s.setIdpMetadataUri("classpath:saml/dummy.txt");
+
+        try (InputStream in = s.getIdpMetadataUri()) {
+            assertNotNull(in, "Classpath InputStream should not be null");
+            String txt = new String(in.readAllBytes(), StandardCharsets.UTF_8);
+            assertTrue(txt.contains("ok"));
+        }
+    }
+
+    @Test
+    void spCert_idpCert_privateKey_null_classpath_and_filesystem() throws Exception {
+        var s = new ApplicationProperties.Security.SAML2();
+
+        s.setSpCert(null);
+        s.setIdpCert(null);
+        s.setPrivateKey(null);
+        assertNull(s.getSpCert());
+        assertNull(s.getIdpCert());
+        assertNull(s.getPrivateKey());
+
+        s.setSpCert("classpath:saml/dummy.txt");
+        s.setIdpCert("classpath:saml/dummy.txt");
+        s.setPrivateKey("classpath:saml/dummy.txt");
+        Resource sp = s.getSpCert();
+        Resource idp = s.getIdpCert();
+        Resource pk = s.getPrivateKey();
+        assertTrue(sp.exists());
+        assertTrue(idp.exists());
+        assertTrue(pk.exists());
+
+        Path tmp = Files.createTempFile("spdf-key-", ".pem");
+        Files.writeString(tmp, "KEY");
+        s.setPrivateKey(tmp.toString());
+        Resource pkFs = s.getPrivateKey();
+        assertNotNull(pkFs);
+        assertTrue(pkFs.exists());
+    }
+}

app/common/src/test/java/stirling/software/common/service/FileStorageTest.java

@@ -1,10 +1,9 @@
 package stirling.software.common.service;
 
 import static org.junit.jupiter.api.Assertions.*;
-import static org.mockito.Mockito.*;
 import static org.mockito.AdditionalAnswers.*;
+import static org.mockito.Mockito.*;
 
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
@@ -21,14 +20,11 @@ import org.springframework.web.multipart.MultipartFile;
 
 class FileStorageTest {
 
-    @TempDir
-    Path tempDir;
+    @TempDir Path tempDir;
 
-    @Mock
-    private FileOrUploadService fileOrUploadService;
+    @Mock private FileOrUploadService fileOrUploadService;
 
-    @InjectMocks
-    private FileStorage fileStorage;
+    @InjectMocks private FileStorage fileStorage;
 
     private MultipartFile mockFile;
 
@@ -50,11 +46,14 @@ class FileStorageTest {
         when(mockFile.getBytes()).thenReturn(fileContent);
 
         // Set up mock to handle transferTo by writing the file
-        doAnswer(invocation -> {
-            java.io.File file = invocation.getArgument(0);
-            Files.write(file.toPath(), fileContent);
-            return null;
-        }).when(mockFile).transferTo(any(java.io.File.class));
+        doAnswer(
+                        invocation -> {
+                            java.io.File file = invocation.getArgument(0);
+                            Files.write(file.toPath(), fileContent);
+                            return null;
+                        })
+                .when(mockFile)
+                .transferTo(any(java.io.File.class));
 
         // Act
         String fileId = fileStorage.storeFile(mockFile);
@@ -90,7 +89,7 @@ class FileStorageTest {
 
         MultipartFile expectedFile = mock(MultipartFile.class);
         when(fileOrUploadService.toMockMultipartFile(eq(fileId), eq(fileContent)))
-            .thenReturn(expectedFile);
+                .thenReturn(expectedFile);
 
         // Act
         MultipartFile result = fileStorage.retrieveFile(fileId);

app/common/src/test/java/stirling/software/common/service/JobExecutorServiceTest.java

@@ -4,14 +4,9 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.ArgumentMatchers.anyLong;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.doAnswer;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
@@ -30,11 +25,9 @@ import org.mockito.Mockito;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.test.util.ReflectionTestUtils;
 
 import jakarta.servlet.http.HttpServletRequest;
 
-import stirling.software.common.model.job.JobProgress;
 import stirling.software.common.model.job.JobResponse;
 
 @ExtendWith(MockitoExtension.class)
@@ -42,36 +35,31 @@ class JobExecutorServiceTest {
 
     private JobExecutorService jobExecutorService;
 
-    @Mock
-    private TaskManager taskManager;
+    @Mock private TaskManager taskManager;
 
-    @Mock
-    private FileStorage fileStorage;
+    @Mock private FileStorage fileStorage;
 
-    @Mock
-    private HttpServletRequest request;
+    @Mock private HttpServletRequest request;
 
-    @Mock
-    private ResourceMonitor resourceMonitor;
+    @Mock private ResourceMonitor resourceMonitor;
 
-    @Mock
-    private JobQueue jobQueue;
+    @Mock private JobQueue jobQueue;
 
-    @Captor
-    private ArgumentCaptor<String> jobIdCaptor;
+    @Captor private ArgumentCaptor<String> jobIdCaptor;
 
     @BeforeEach
     void setUp() {
         // Initialize the service manually with all its dependencies
-        jobExecutorService = new JobExecutorService(
-                taskManager,
-                fileStorage,
-                request,
-                resourceMonitor,
-                jobQueue,
-                30000L, // asyncRequestTimeoutMs
-                "30m"   // sessionTimeout
-        );
+        jobExecutorService =
+                new JobExecutorService(
+                        taskManager,
+                        fileStorage,
+                        request,
+                        resourceMonitor,
+                        jobQueue,
+                        30000L, // asyncRequestTimeoutMs
+                        "30m" // sessionTimeout
+                        );
     }
 
     @Test
@@ -109,13 +97,13 @@ class JobExecutorServiceTest {
         verify(taskManager).createTask(jobIdCaptor.capture());
     }
 
-
     @Test
     void shouldHandleSyncJobError() {
         // Given
-        Supplier<Object> work = () -> {
-            throw new RuntimeException("Test error");
-        };
+        Supplier<Object> work =
+                () -> {
+                    throw new RuntimeException("Test error");
+                };
 
         // When
         ResponseEntity<?> response = jobExecutorService.runJobGeneric(false, work);
@@ -141,8 +129,7 @@ class JobExecutorServiceTest {
         when(jobQueue.queueJob(anyString(), eq(80), any(), anyLong())).thenReturn(future);
 
         // When
-        ResponseEntity<?> response = jobExecutorService.runJobGeneric(
-                true, work, 5000, true, 80);
+        ResponseEntity<?> response = jobExecutorService.runJobGeneric(true, work, 5000, true, 80);
 
         // Then
         assertEquals(HttpStatus.OK, response.getStatusCode());
@@ -160,8 +147,9 @@ class JobExecutorServiceTest {
         long customTimeout = 60000L;
 
         // Use reflection to access the private executeWithTimeout method
-        java.lang.reflect.Method executeMethod = JobExecutorService.class
-                .getDeclaredMethod("executeWithTimeout", Supplier.class, long.class);
+        java.lang.reflect.Method executeMethod =
+                JobExecutorService.class.getDeclaredMethod(
+                        "executeWithTimeout", Supplier.class, long.class);
         executeMethod.setAccessible(true);
 
         // Create a spy on the JobExecutorService to verify method calls
@@ -177,19 +165,21 @@ class JobExecutorServiceTest {
     @Test
     void shouldHandleTimeout() throws Exception {
         // Given
-        Supplier<Object> work = () -> {
-            try {
-                Thread.sleep(100); // Simulate long-running job
-                return "test-result";
-            } catch (InterruptedException e) {
-                Thread.currentThread().interrupt();
-                throw new RuntimeException(e);
-            }
-        };
+        Supplier<Object> work =
+                () -> {
+                    try {
+                        Thread.sleep(100); // Simulate long-running job
+                        return "test-result";
+                    } catch (InterruptedException e) {
+                        Thread.currentThread().interrupt();
+                        throw new RuntimeException(e);
+                    }
+                };
 
         // Use reflection to access the private executeWithTimeout method
-        java.lang.reflect.Method executeMethod = JobExecutorService.class
-                .getDeclaredMethod("executeWithTimeout", Supplier.class, long.class);
+        java.lang.reflect.Method executeMethod =
+                JobExecutorService.class.getDeclaredMethod(
+                        "executeWithTimeout", Supplier.class, long.class);
         executeMethod.setAccessible(true);
 
         // When/Then

app/common/src/test/java/stirling/software/common/service/JobQueueTest.java

@@ -1,10 +1,8 @@
 package stirling.software.common.service;
 
 import static org.junit.jupiter.api.Assertions.*;
-import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.Mockito.lenient;
-import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 import java.util.Map;
@@ -17,7 +15,6 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 
-import stirling.software.common.model.job.JobProgress;
 import stirling.software.common.service.ResourceMonitor.ResourceStatus;
 
 @ExtendWith(MockitoExtension.class)
@@ -25,16 +22,17 @@ class JobQueueTest {
 
     private JobQueue jobQueue;
 
-    @Mock
-    private ResourceMonitor resourceMonitor;
+    @Mock private ResourceMonitor resourceMonitor;
 
-
-    private final AtomicReference<ResourceStatus> statusRef = new AtomicReference<>(ResourceStatus.OK);
+    private final AtomicReference<ResourceStatus> statusRef =
+            new AtomicReference<>(ResourceStatus.OK);
 
     @BeforeEach
     void setUp() {
         // Mark stubbing as lenient to avoid UnnecessaryStubbingException
-        lenient().when(resourceMonitor.calculateDynamicQueueCapacity(anyInt(), anyInt())).thenReturn(10);
+        lenient()
+                .when(resourceMonitor.calculateDynamicQueueCapacity(anyInt(), anyInt()))
+                .thenReturn(10);
         lenient().when(resourceMonitor.getCurrentStatus()).thenReturn(statusRef);
 
         // Initialize JobQueue with mocked ResourceMonitor
@@ -50,7 +48,6 @@ class JobQueueTest {
 
         jobQueue.queueJob(jobId, resourceWeight, work, timeoutMs);
 
-
         assertTrue(jobQueue.isJobQueued(jobId));
         assertEquals(1, jobQueue.getTotalQueuedJobs());
     }

app/common/src/test/java/stirling/software/common/service/ResourceMonitorTest.java

@@ -1,14 +1,10 @@
 package stirling.software.common.service;
 
-import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 import java.lang.management.MemoryMXBean;
-import java.lang.management.MemoryUsage;
 import java.lang.management.OperatingSystemMXBean;
 import java.time.Instant;
 import java.util.concurrent.atomic.AtomicReference;
@@ -30,20 +26,19 @@ import stirling.software.common.service.ResourceMonitor.ResourceStatus;
 @ExtendWith(MockitoExtension.class)
 class ResourceMonitorTest {
 
-    @InjectMocks
-    private ResourceMonitor resourceMonitor;
+    @InjectMocks private ResourceMonitor resourceMonitor;
 
-    @Mock
-    private OperatingSystemMXBean osMXBean;
+    @Mock private OperatingSystemMXBean osMXBean;
 
-    @Mock
-    private MemoryMXBean memoryMXBean;
+    @Mock private MemoryMXBean memoryMXBean;
 
     @Spy
-    private AtomicReference<ResourceStatus> currentStatus = new AtomicReference<>(ResourceStatus.OK);
+    private AtomicReference<ResourceStatus> currentStatus =
+            new AtomicReference<>(ResourceStatus.OK);
 
     @Spy
-    private AtomicReference<ResourceMetrics> latestMetrics = new AtomicReference<>(new ResourceMetrics());
+    private AtomicReference<ResourceMetrics> latestMetrics =
+            new AtomicReference<>(new ResourceMetrics());
 
     @BeforeEach
     void setUp() {
@@ -92,23 +87,26 @@ class ResourceMonitorTest {
         assertEquals(3, capacity, "With CRITICAL status, capacity should be reduced to 30%");
 
         // Test minimum capacity enforcement
-        assertEquals(minCapacity, resourceMonitor.calculateDynamicQueueCapacity(1, minCapacity),
+        assertEquals(
+                minCapacity,
+                resourceMonitor.calculateDynamicQueueCapacity(1, minCapacity),
                 "Should never go below minimum capacity");
     }
 
     @ParameterizedTest
     @CsvSource({
-        "10, OK, false",      // Light job, OK status
+        "10, OK, false", // Light job, OK status
         "10, WARNING, false", // Light job, WARNING status
         "10, CRITICAL, true", // Light job, CRITICAL status
-        "30, OK, false",      // Medium job, OK status
-        "30, WARNING, true",  // Medium job, WARNING status
+        "30, OK, false", // Medium job, OK status
+        "30, WARNING, true", // Medium job, WARNING status
         "30, CRITICAL, true", // Medium job, CRITICAL status
-        "80, OK, true",       // Heavy job, OK status
-        "80, WARNING, true",  // Heavy job, WARNING status
-        "80, CRITICAL, true"  // Heavy job, CRITICAL status
+        "80, OK, true", // Heavy job, OK status
+        "80, WARNING, true", // Heavy job, WARNING status
+        "80, CRITICAL, true" // Heavy job, CRITICAL status
     })
-    void shouldQueueJobBasedOnWeightAndStatus(int weight, ResourceStatus status, boolean shouldQueue) {
+    void shouldQueueJobBasedOnWeightAndStatus(
+            int weight, ResourceStatus status, boolean shouldQueue) {
         // Given
         currentStatus.set(status);
 
@@ -116,8 +114,11 @@ class ResourceMonitorTest {
         boolean result = resourceMonitor.shouldQueueJob(weight);
 
         // Then
-        assertEquals(shouldQueue, result,
-                String.format("For weight %d and status %s, shouldQueue should be %s",
+        assertEquals(
+                shouldQueue,
+                result,
+                String.format(
+                        "For weight %d and status %s, shouldQueue should be %s",
                         weight, status, shouldQueue));
     }
 
@@ -131,7 +132,9 @@ class ResourceMonitorTest {
         ResourceMetrics freshMetrics = new ResourceMetrics(0.5, 0.5, 1024, 2048, 4096, now);
 
         // When/Then
-        assertTrue(staleMetrics.isStale(5000), "Metrics from 6 seconds ago should be stale with 5s threshold");
+        assertTrue(
+                staleMetrics.isStale(5000),
+                "Metrics from 6 seconds ago should be stale with 5s threshold");
         assertFalse(freshMetrics.isStale(5000), "Fresh metrics should not be stale");
     }
 }

app/common/src/test/java/stirling/software/common/service/TaskManagerTest.java

@@ -6,7 +6,6 @@ import static org.mockito.Mockito.*;
 import java.time.LocalDateTime;
 import java.util.Map;
 import java.util.UUID;
-import java.util.concurrent.TimeUnit;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
@@ -22,11 +21,9 @@ import stirling.software.common.model.job.ResultFile;
 
 class TaskManagerTest {
 
-    @Mock
-    private FileStorage fileStorage;
+    @Mock private FileStorage fileStorage;
 
-    @InjectMocks
-    private TaskManager taskManager;
+    @InjectMocks private TaskManager taskManager;
 
     private AutoCloseable closeable;
 
@@ -234,18 +231,20 @@ class TaskManagerTest {
         ReflectionTestUtils.setField(oldJob, "complete", true);
 
         // Create a ResultFile and set it using the new approach
-        ResultFile resultFile = ResultFile.builder()
-                .fileId("file-id")
-                .fileName("test.pdf")
-                .contentType("application/pdf")
-                .fileSize(1024L)
-                .build();
+        ResultFile resultFile =
+                ResultFile.builder()
+                        .fileId("file-id")
+                        .fileName("test.pdf")
+                        .contentType("application/pdf")
+                        .fileSize(1024L)
+                        .build();
         ReflectionTestUtils.setField(oldJob, "resultFiles", java.util.List.of(resultFile));
 
         when(fileStorage.deleteFile("file-id")).thenReturn(true);
 
         // Obtain access to the private jobResults map
-        Map<String, JobResult> jobResultsMap = (Map<String, JobResult>) ReflectionTestUtils.getField(taskManager, "jobResults");
+        Map<String, JobResult> jobResultsMap =
+                (Map<String, JobResult>) ReflectionTestUtils.getField(taskManager, "jobResults");
 
         // 3. Create an active job
         String activeJobId = "active-job";

app/common/src/test/java/stirling/software/common/service/TempFileCleanupServiceTest.java

@@ -12,7 +12,6 @@ import java.nio.file.Path;
 import java.nio.file.attribute.FileTime;
 import java.util.HashSet;
 import java.util.Set;
-import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.function.Consumer;
 import java.util.stream.Stream;
@@ -30,31 +29,22 @@ import stirling.software.common.model.ApplicationProperties;
 import stirling.software.common.util.TempFileManager;
 import stirling.software.common.util.TempFileRegistry;
 
-/**
- * Tests for the TempFileCleanupService, focusing on its pattern-matching and cleanup logic.
- */
+/** Tests for the TempFileCleanupService, focusing on its pattern-matching and cleanup logic. */
 public class TempFileCleanupServiceTest {
 
-    @TempDir
-    Path tempDir;
+    @TempDir Path tempDir;
 
-    @Mock
-    private TempFileRegistry registry;
+    @Mock private TempFileRegistry registry;
 
-    @Mock
-    private TempFileManager tempFileManager;
+    @Mock private TempFileManager tempFileManager;
 
-    @Mock
-    private ApplicationProperties applicationProperties;
+    @Mock private ApplicationProperties applicationProperties;
 
-    @Mock
-    private ApplicationProperties.System system;
+    @Mock private ApplicationProperties.System system;
 
-    @Mock
-    private ApplicationProperties.TempFileManagement tempFileManagement;
+    @Mock private ApplicationProperties.TempFileManagement tempFileManagement;
 
-    @InjectMocks
-    private TempFileCleanupService cleanupService;
+    @InjectMocks private TempFileCleanupService cleanupService;
 
     private Path systemTempDir;
     private Path customTempDir;
@@ -124,7 +114,8 @@ public class TempFileCleanupServiceTest {
 
         // Files that should be preserved
         Path jettyFile1 = Files.createFile(systemTempDir.resolve("jetty-123.tmp"));
-        Path jettyFile2 = Files.createFile(systemTempDir.resolve("something-with-jetty-inside.tmp"));
+        Path jettyFile2 =
+                Files.createFile(systemTempDir.resolve("something-with-jetty-inside.tmp"));
         Path regularFile = Files.createFile(systemTempDir.resolve("important.txt"));
 
         // Create a nested directory with temp files
@@ -143,19 +134,29 @@ public class TempFileCleanupServiceTest {
         // Use MockedStatic to mock Files operations
         try (MockedStatic<Files> mockedFiles = mockStatic(Files.class)) {
             // Mock Files.list for each directory we'll process
-            mockedFiles.when(() -> Files.list(eq(systemTempDir)))
-                    .thenReturn(Stream.of(
-                            ourTempFile1, ourTempFile2, oldTempFile, sysTempFile1,
-                            jettyFile1, jettyFile2, regularFile, emptyFile, nestedDir));
+            mockedFiles
+                    .when(() -> Files.list(eq(systemTempDir)))
+                    .thenReturn(
+                            Stream.of(
+                                    ourTempFile1,
+                                    ourTempFile2,
+                                    oldTempFile,
+                                    sysTempFile1,
+                                    jettyFile1,
+                                    jettyFile2,
+                                    regularFile,
+                                    emptyFile,
+                                    nestedDir));
 
-            mockedFiles.when(() -> Files.list(eq(customTempDir)))
+            mockedFiles
+                    .when(() -> Files.list(eq(customTempDir)))
                     .thenReturn(Stream.of(ourTempFile3, ourTempFile4, sysTempFile2, sysTempFile3));
 
-            mockedFiles.when(() -> Files.list(eq(libreOfficeTempDir)))
+            mockedFiles
+                    .when(() -> Files.list(eq(libreOfficeTempDir)))
                     .thenReturn(Stream.of(ourTempFile5));
 
-            mockedFiles.when(() -> Files.list(eq(nestedDir)))
-                    .thenReturn(Stream.of(nestedTempFile));
+            mockedFiles.when(() -> Files.list(eq(nestedDir))).thenReturn(Stream.of(nestedTempFile));
 
             // Configure Files.isDirectory for each path
             mockedFiles.when(() -> Files.isDirectory(eq(nestedDir))).thenReturn(true);
@@ -165,48 +166,59 @@ public class TempFileCleanupServiceTest {
             mockedFiles.when(() -> Files.exists(any(Path.class))).thenReturn(true);
 
             // Configure Files.getLastModifiedTime to return different times based on file names
-            mockedFiles.when(() -> Files.getLastModifiedTime(any(Path.class)))
-                    .thenAnswer(invocation -> {
-                        Path path = invocation.getArgument(0);
-                        String fileName = path.getFileName().toString();
+            mockedFiles
+                    .when(() -> Files.getLastModifiedTime(any(Path.class)))
+                    .thenAnswer(
+                            invocation -> {
+                                Path path = invocation.getArgument(0);
+                                String fileName = path.getFileName().toString();
 
-                        // For files with "old" in the name, return a timestamp older than maxAgeMillis
-                        if (fileName.contains("old")) {
-                            return FileTime.fromMillis(System.currentTimeMillis() - 5000000);
-                        }
-                        // For empty.tmp file, return a timestamp older than 5 minutes (for empty file test)
-                        else if (fileName.equals("empty.tmp")) {
-                            return FileTime.fromMillis(System.currentTimeMillis() - 6 * 60 * 1000);
-                        }
-                        // For all other files, return a recent timestamp
-                        else {
-                            return FileTime.fromMillis(System.currentTimeMillis() - 60000); // 1 minute ago
-                        }
-                    });
+                                // For files with "old" in the name, return a timestamp older than
+                                // maxAgeMillis
+                                if (fileName.contains("old")) {
+                                    return FileTime.fromMillis(
+                                            System.currentTimeMillis() - 5000000);
+                                }
+                                // For empty.tmp file, return a timestamp older than 5 minutes (for
+                                // empty file test)
+                                else if (fileName.equals("empty.tmp")) {
+                                    return FileTime.fromMillis(
+                                            System.currentTimeMillis() - 6 * 60 * 1000);
+                                }
+                                // For all other files, return a recent timestamp
+                                else {
+                                    return FileTime.fromMillis(
+                                            System.currentTimeMillis() - 60000); // 1 minute ago
+                                }
+                            });
 
             // Configure Files.size to return different sizes based on file names
-            mockedFiles.when(() -> Files.size(any(Path.class)))
-                    .thenAnswer(invocation -> {
-                        Path path = invocation.getArgument(0);
-                        String fileName = path.getFileName().toString();
+            mockedFiles
+                    .when(() -> Files.size(any(Path.class)))
+                    .thenAnswer(
+                            invocation -> {
+                                Path path = invocation.getArgument(0);
+                                String fileName = path.getFileName().toString();
 
-                        // Return 0 bytes for the empty file
-                        if (fileName.equals("empty.tmp")) {
-                            return 0L;
-                        }
-                        // Return normal size for all other files
-                        else {
-                            return 1024L; // 1 KB
-                        }
-                    });
+                                // Return 0 bytes for the empty file
+                                if (fileName.equals("empty.tmp")) {
+                                    return 0L;
+                                }
+                                // Return normal size for all other files
+                                else {
+                                    return 1024L; // 1 KB
+                                }
+                            });
 
             // For deleteIfExists, track which files would be deleted
-            mockedFiles.when(() -> Files.deleteIfExists(any(Path.class)))
-                    .thenAnswer(invocation -> {
-                        Path path = invocation.getArgument(0);
-                        deletedFiles.add(path);
-                        return true;
-                    });
+            mockedFiles
+                    .when(() -> Files.deleteIfExists(any(Path.class)))
+                    .thenAnswer(
+                            invocation -> {
+                                Path path = invocation.getArgument(0);
+                                deletedFiles.add(path);
+                                return true;
+                            });
 
             // Act - set containerMode to false for this test
             invokeCleanupDirectoryStreaming(systemTempDir, false, 0, 3600000);
@@ -218,20 +230,33 @@ public class TempFileCleanupServiceTest {
             assertTrue(deletedFiles.contains(emptyFile), "Empty file should be deleted");
 
             // Regular temp files should not be deleted because they're too new
-            assertFalse(deletedFiles.contains(ourTempFile1), "Recent temp file should be preserved");
-            assertFalse(deletedFiles.contains(ourTempFile2), "Recent temp file should be preserved");
-            assertFalse(deletedFiles.contains(ourTempFile3), "Recent temp file should be preserved");
-            assertFalse(deletedFiles.contains(ourTempFile4), "Recent temp file should be preserved");
-            assertFalse(deletedFiles.contains(ourTempFile5), "Recent temp file should be preserved");
+            assertFalse(
+                    deletedFiles.contains(ourTempFile1), "Recent temp file should be preserved");
+            assertFalse(
+                    deletedFiles.contains(ourTempFile2), "Recent temp file should be preserved");
+            assertFalse(
+                    deletedFiles.contains(ourTempFile3), "Recent temp file should be preserved");
+            assertFalse(
+                    deletedFiles.contains(ourTempFile4), "Recent temp file should be preserved");
+            assertFalse(
+                    deletedFiles.contains(ourTempFile5), "Recent temp file should be preserved");
 
             // System temp files should not be deleted in non-container mode
-            assertFalse(deletedFiles.contains(sysTempFile1), "System temp file should be preserved in non-container mode");
-            assertFalse(deletedFiles.contains(sysTempFile2), "System temp file should be preserved in non-container mode");
-            assertFalse(deletedFiles.contains(sysTempFile3), "System temp file should be preserved in non-container mode");
+            assertFalse(
+                    deletedFiles.contains(sysTempFile1),
+                    "System temp file should be preserved in non-container mode");
+            assertFalse(
+                    deletedFiles.contains(sysTempFile2),
+                    "System temp file should be preserved in non-container mode");
+            assertFalse(
+                    deletedFiles.contains(sysTempFile3),
+                    "System temp file should be preserved in non-container mode");
 
             // Jetty files and regular files should never be deleted
             assertFalse(deletedFiles.contains(jettyFile1), "Jetty file should be preserved");
-            assertFalse(deletedFiles.contains(jettyFile2), "File with jetty in name should be preserved");
+            assertFalse(
+                    deletedFiles.contains(jettyFile2),
+                    "File with jetty in name should be preserved");
             assertFalse(deletedFiles.contains(regularFile), "Regular file should be preserved");
         }
     }
@@ -252,7 +277,8 @@ public class TempFileCleanupServiceTest {
         // Use MockedStatic to mock Files operations
         try (MockedStatic<Files> mockedFiles = mockStatic(Files.class)) {
             // Mock Files.list for systemTempDir
-            mockedFiles.when(() -> Files.list(eq(systemTempDir)))
+            mockedFiles
+                    .when(() -> Files.list(eq(systemTempDir)))
                     .thenReturn(Stream.of(ourTempFile, sysTempFile, regularFile));
 
             // Configure Files.isDirectory
@@ -262,28 +288,37 @@ public class TempFileCleanupServiceTest {
             mockedFiles.when(() -> Files.exists(any(Path.class))).thenReturn(true);
 
             // Configure Files.getLastModifiedTime to return recent timestamps
-            mockedFiles.when(() -> Files.getLastModifiedTime(any(Path.class)))
-                    .thenReturn(FileTime.fromMillis(System.currentTimeMillis() - 60000)); // 1 minute ago
+            mockedFiles
+                    .when(() -> Files.getLastModifiedTime(any(Path.class)))
+                    .thenReturn(
+                            FileTime.fromMillis(
+                                    System.currentTimeMillis() - 60000)); // 1 minute ago
 
             // Configure Files.size to return normal size
-            mockedFiles.when(() -> Files.size(any(Path.class)))
-                    .thenReturn(1024L); // 1 KB
+            mockedFiles.when(() -> Files.size(any(Path.class))).thenReturn(1024L); // 1 KB
 
             // For deleteIfExists, track which files would be deleted
-            mockedFiles.when(() -> Files.deleteIfExists(any(Path.class)))
-                    .thenAnswer(invocation -> {
-                        Path path = invocation.getArgument(0);
-                        deletedFiles.add(path);
-                        return true;
-                    });
+            mockedFiles
+                    .when(() -> Files.deleteIfExists(any(Path.class)))
+                    .thenAnswer(
+                            invocation -> {
+                                Path path = invocation.getArgument(0);
+                                deletedFiles.add(path);
+                                return true;
+                            });
 
             // Act - set containerMode to true and maxAgeMillis to 0 for container startup cleanup
             invokeCleanupDirectoryStreaming(systemTempDir, true, 0, 0);
 
-            // Assert - In container mode, both our temp files and system temp files should be deleted
+            // Assert - In container mode, both our temp files and system temp files should be
+            // deleted
             // regardless of age (when maxAgeMillis is 0)
-            assertTrue(deletedFiles.contains(ourTempFile), "Our temp file should be deleted in container mode");
-            assertTrue(deletedFiles.contains(sysTempFile), "System temp file should be deleted in container mode");
+            assertTrue(
+                    deletedFiles.contains(ourTempFile),
+                    "Our temp file should be deleted in container mode");
+            assertTrue(
+                    deletedFiles.contains(sysTempFile),
+                    "System temp file should be deleted in container mode");
             assertFalse(deletedFiles.contains(regularFile), "Regular file should be preserved");
         }
     }
@@ -303,7 +338,8 @@ public class TempFileCleanupServiceTest {
         // Use MockedStatic to mock Files operations
         try (MockedStatic<Files> mockedFiles = mockStatic(Files.class)) {
             // Mock Files.list for systemTempDir
-            mockedFiles.when(() -> Files.list(eq(systemTempDir)))
+            mockedFiles
+                    .when(() -> Files.list(eq(systemTempDir)))
                     .thenReturn(Stream.of(emptyFile, recentEmptyFile));
 
             // Configure Files.isDirectory
@@ -313,39 +349,46 @@ public class TempFileCleanupServiceTest {
             mockedFiles.when(() -> Files.exists(any(Path.class))).thenReturn(true);
 
             // Configure Files.getLastModifiedTime to return different times based on file names
-            mockedFiles.when(() -> Files.getLastModifiedTime(any(Path.class)))
-                    .thenAnswer(invocation -> {
-                        Path path = invocation.getArgument(0);
-                        String fileName = path.getFileName().toString();
+            mockedFiles
+                    .when(() -> Files.getLastModifiedTime(any(Path.class)))
+                    .thenAnswer(
+                            invocation -> {
+                                Path path = invocation.getArgument(0);
+                                String fileName = path.getFileName().toString();
 
-                        if (fileName.equals("empty.tmp")) {
-                            // More than 5 minutes old
-                            return FileTime.fromMillis(System.currentTimeMillis() - 6 * 60 * 1000);
-                        } else {
-                            // Less than 5 minutes old
-                            return FileTime.fromMillis(System.currentTimeMillis() - 2 * 60 * 1000);
-                        }
-                    });
+                                if (fileName.equals("empty.tmp")) {
+                                    // More than 5 minutes old
+                                    return FileTime.fromMillis(
+                                            System.currentTimeMillis() - 6 * 60 * 1000);
+                                } else {
+                                    // Less than 5 minutes old
+                                    return FileTime.fromMillis(
+                                            System.currentTimeMillis() - 2 * 60 * 1000);
+                                }
+                            });
 
             // Configure Files.size to return 0 for empty files
-            mockedFiles.when(() -> Files.size(any(Path.class)))
-                    .thenReturn(0L);
+            mockedFiles.when(() -> Files.size(any(Path.class))).thenReturn(0L);
 
             // For deleteIfExists, track which files would be deleted
-            mockedFiles.when(() -> Files.deleteIfExists(any(Path.class)))
-                    .thenAnswer(invocation -> {
-                        Path path = invocation.getArgument(0);
-                        deletedFiles.add(path);
-                        return true;
-                    });
+            mockedFiles
+                    .when(() -> Files.deleteIfExists(any(Path.class)))
+                    .thenAnswer(
+                            invocation -> {
+                                Path path = invocation.getArgument(0);
+                                deletedFiles.add(path);
+                                return true;
+                            });
 
             // Act
             invokeCleanupDirectoryStreaming(systemTempDir, false, 0, 3600000);
 
             // Assert
-            assertTrue(deletedFiles.contains(emptyFile),
+            assertTrue(
+                    deletedFiles.contains(emptyFile),
                     "Empty file older than 5 minutes should be deleted");
-            assertFalse(deletedFiles.contains(recentEmptyFile),
+            assertFalse(
+                    deletedFiles.contains(recentEmptyFile),
                     "Empty file newer than 5 minutes should not be deleted");
         }
     }
@@ -370,17 +413,13 @@ public class TempFileCleanupServiceTest {
         // Use MockedStatic to mock Files operations
         try (MockedStatic<Files> mockedFiles = mockStatic(Files.class)) {
             // Mock Files.list for each directory
-            mockedFiles.when(() -> Files.list(eq(systemTempDir)))
-                    .thenReturn(Stream.of(dir1));
+            mockedFiles.when(() -> Files.list(eq(systemTempDir))).thenReturn(Stream.of(dir1));
 
-            mockedFiles.when(() -> Files.list(eq(dir1)))
-                    .thenReturn(Stream.of(tempFile1, dir2));
+            mockedFiles.when(() -> Files.list(eq(dir1))).thenReturn(Stream.of(tempFile1, dir2));
 
-            mockedFiles.when(() -> Files.list(eq(dir2)))
-                    .thenReturn(Stream.of(tempFile2, dir3));
+            mockedFiles.when(() -> Files.list(eq(dir2))).thenReturn(Stream.of(tempFile2, dir3));
 
-            mockedFiles.when(() -> Files.list(eq(dir3)))
-                    .thenReturn(Stream.of(tempFile3));
+            mockedFiles.when(() -> Files.list(eq(dir3))).thenReturn(Stream.of(tempFile3));
 
             // Configure Files.isDirectory for each path
             mockedFiles.when(() -> Files.isDirectory(eq(dir1))).thenReturn(true);
@@ -394,31 +433,35 @@ public class TempFileCleanupServiceTest {
             mockedFiles.when(() -> Files.exists(any(Path.class))).thenReturn(true);
 
             // Configure Files.getLastModifiedTime to return different times based on file names
-            mockedFiles.when(() -> Files.getLastModifiedTime(any(Path.class)))
-                    .thenAnswer(invocation -> {
-                        Path path = invocation.getArgument(0);
-                        String fileName = path.getFileName().toString();
+            mockedFiles
+                    .when(() -> Files.getLastModifiedTime(any(Path.class)))
+                    .thenAnswer(
+                            invocation -> {
+                                Path path = invocation.getArgument(0);
+                                String fileName = path.getFileName().toString();
 
-                        if (fileName.contains("old")) {
-                            // Old file
-                            return FileTime.fromMillis(System.currentTimeMillis() - 5000000);
-                        } else {
-                            // Recent file
-                            return FileTime.fromMillis(System.currentTimeMillis() - 60000);
-                        }
-                    });
+                                if (fileName.contains("old")) {
+                                    // Old file
+                                    return FileTime.fromMillis(
+                                            System.currentTimeMillis() - 5000000);
+                                } else {
+                                    // Recent file
+                                    return FileTime.fromMillis(System.currentTimeMillis() - 60000);
+                                }
+                            });
 
             // Configure Files.size to return normal size
-            mockedFiles.when(() -> Files.size(any(Path.class)))
-                    .thenReturn(1024L);
+            mockedFiles.when(() -> Files.size(any(Path.class))).thenReturn(1024L);
 
             // For deleteIfExists, track which files would be deleted
-            mockedFiles.when(() -> Files.deleteIfExists(any(Path.class)))
-                    .thenAnswer(invocation -> {
-                        Path path = invocation.getArgument(0);
-                        deletedFiles.add(path);
-                        return true;
-                    });
+            mockedFiles
+                    .when(() -> Files.deleteIfExists(any(Path.class)))
+                    .thenAnswer(
+                            invocation -> {
+                                Path path = invocation.getArgument(0);
+                                deletedFiles.add(path);
+                                return true;
+                            });
 
             // Act
             invokeCleanupDirectoryStreaming(systemTempDir, false, 0, 3600000);
@@ -430,14 +473,15 @@ public class TempFileCleanupServiceTest {
             // Assert
             assertFalse(deletedFiles.contains(tempFile1), "Recent temp file should be preserved");
             assertFalse(deletedFiles.contains(tempFile2), "Recent temp file should be preserved");
-            assertTrue(deletedFiles.contains(tempFile3), "Old temp file in nested directory should be deleted");
+            assertTrue(
+                    deletedFiles.contains(tempFile3),
+                    "Old temp file in nested directory should be deleted");
         }
     }
 
-    /**
-     * Helper method to invoke the private cleanupDirectoryStreaming method using reflection
-     */
-    private void invokeCleanupDirectoryStreaming(Path directory, boolean containerMode, int depth, long maxAgeMillis)
+    /** Helper method to invoke the private cleanupDirectoryStreaming method using reflection */
+    private void invokeCleanupDirectoryStreaming(
+            Path directory, boolean containerMode, int depth, long maxAgeMillis)
             throws IOException {
         try {
             // Create a consumer that tracks deleted files
@@ -445,13 +489,26 @@ public class TempFileCleanupServiceTest {
             Consumer<Path> deleteCallback = path -> deleteCount.incrementAndGet();
 
             // Get the method with updated signature
-            var method = TempFileCleanupService.class.getDeclaredMethod(
-                    "cleanupDirectoryStreaming",
-                    Path.class, boolean.class, int.class, long.class, boolean.class, Consumer.class);
+            var method =
+                    TempFileCleanupService.class.getDeclaredMethod(
+                            "cleanupDirectoryStreaming",
+                            Path.class,
+                            boolean.class,
+                            int.class,
+                            long.class,
+                            boolean.class,
+                            Consumer.class);
             method.setAccessible(true);
 
             // Invoke the method with appropriate parameters
-            method.invoke(cleanupService, directory, containerMode, depth, maxAgeMillis, false, deleteCallback);
+            method.invoke(
+                    cleanupService,
+                    directory,
+                    containerMode,
+                    depth,
+                    maxAgeMillis,
+                    false,
+                    deleteCallback);
         } catch (Exception e) {
             throw new RuntimeException("Error invoking cleanupDirectoryStreaming", e);
         }

app/common/src/test/java/stirling/software/common/util/CheckProgramInstallTest.java

@@ -1,14 +1,5 @@
 package stirling.software.common.util;
 
-import java.io.IOException;
-import java.lang.reflect.Field;
-import java.util.Arrays;
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.mockito.MockedStatic;
-import org.mockito.Mockito;
-import stirling.software.common.util.ProcessExecutor.ProcessExecutorResult;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertNull;
@@ -19,6 +10,18 @@ import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.util.Arrays;
+
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.MockedStatic;
+import org.mockito.Mockito;
+
+import stirling.software.common.util.ProcessExecutor.ProcessExecutorResult;
+
 class CheckProgramInstallTest {
 
     private MockedStatic<ProcessExecutor> mockProcessExecutor;

app/common/src/test/java/stirling/software/common/util/CustomHtmlSanitizerTest.java

@@ -23,15 +23,19 @@ class CustomHtmlSanitizerTest {
     @BeforeEach
     void setUp() {
         SsrfProtectionService mockSsrfProtectionService = mock(SsrfProtectionService.class);
-        stirling.software.common.model.ApplicationProperties mockApplicationProperties = mock(stirling.software.common.model.ApplicationProperties.class);
-        stirling.software.common.model.ApplicationProperties.System mockSystem = mock(stirling.software.common.model.ApplicationProperties.System.class);
+        stirling.software.common.model.ApplicationProperties mockApplicationProperties =
+                mock(stirling.software.common.model.ApplicationProperties.class);
+        stirling.software.common.model.ApplicationProperties.System mockSystem =
+                mock(stirling.software.common.model.ApplicationProperties.System.class);
 
         // Allow all URLs by default for basic tests
-        when(mockSsrfProtectionService.isUrlAllowed(org.mockito.ArgumentMatchers.anyString())).thenReturn(true);
+        when(mockSsrfProtectionService.isUrlAllowed(org.mockito.ArgumentMatchers.anyString()))
+                .thenReturn(true);
         when(mockApplicationProperties.getSystem()).thenReturn(mockSystem);
         when(mockSystem.getDisableSanitize()).thenReturn(false); // Enable sanitization for tests
 
-        customHtmlSanitizer = new CustomHtmlSanitizer(mockSsrfProtectionService, mockApplicationProperties);
+        customHtmlSanitizer =
+                new CustomHtmlSanitizer(mockSsrfProtectionService, mockApplicationProperties);
     }
 
     @ParameterizedTest

app/common/src/test/java/stirling/software/common/util/FileMonitorTest.java

@@ -19,6 +19,7 @@ import org.junit.jupiter.api.io.TempDir;
 import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.mockito.junit.jupiter.MockitoExtension;
+
 import stirling.software.common.configuration.RuntimePathConfig;
 
 @ExtendWith(MockitoExtension.class)

app/common/src/test/java/stirling/software/common/util/FileToPdfTest.java

@@ -1,15 +1,14 @@
 package stirling.software.common.util;
 
-import java.nio.file.Files;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
-import static org.mockito.ArgumentMatchers.anyString;
 
-import java.io.File;
 import java.io.IOException;
+import java.nio.file.Files;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -24,14 +23,18 @@ public class FileToPdfTest {
     @BeforeEach
     void setUp() {
         SsrfProtectionService mockSsrfProtectionService = mock(SsrfProtectionService.class);
-        stirling.software.common.model.ApplicationProperties mockApplicationProperties = mock(stirling.software.common.model.ApplicationProperties.class);
-        stirling.software.common.model.ApplicationProperties.System mockSystem = mock(stirling.software.common.model.ApplicationProperties.System.class);
+        stirling.software.common.model.ApplicationProperties mockApplicationProperties =
+                mock(stirling.software.common.model.ApplicationProperties.class);
+        stirling.software.common.model.ApplicationProperties.System mockSystem =
+                mock(stirling.software.common.model.ApplicationProperties.System.class);
 
-        when(mockSsrfProtectionService.isUrlAllowed(org.mockito.ArgumentMatchers.anyString())).thenReturn(true);
+        when(mockSsrfProtectionService.isUrlAllowed(org.mockito.ArgumentMatchers.anyString()))
+                .thenReturn(true);
         when(mockApplicationProperties.getSystem()).thenReturn(mockSystem);
         when(mockSystem.getDisableSanitize()).thenReturn(false);
 
-        customHtmlSanitizer = new CustomHtmlSanitizer(mockSsrfProtectionService, mockApplicationProperties);
+        customHtmlSanitizer =
+                new CustomHtmlSanitizer(mockSsrfProtectionService, mockApplicationProperties);
     }
 
     /**
@@ -48,8 +51,8 @@ public class FileToPdfTest {
         // Mock the temp file creation to return real temp files
         try {
             when(tempFileManager.createTempFile(anyString()))
-                .thenReturn(Files.createTempFile("test", ".pdf").toFile())
-                .thenReturn(Files.createTempFile("test", ".html").toFile());
+                    .thenReturn(Files.createTempFile("test", ".pdf").toFile())
+                    .thenReturn(Files.createTempFile("test", ".html").toFile());
         } catch (IOException e) {
             throw new RuntimeException(e);
         }
@@ -60,7 +63,12 @@ public class FileToPdfTest {
                         Exception.class,
                         () ->
                                 FileToPdf.convertHtmlToPdf(
-                                        "/path/", request, fileBytes, fileName, tempFileManager, customHtmlSanitizer));
+                                        "/path/",
+                                        request,
+                                        fileBytes,
+                                        fileName,
+                                        tempFileManager,
+                                        customHtmlSanitizer));
         assertNotNull(thrown);
     }
 

app/common/src/test/java/stirling/software/common/util/ProviderUtilsTest.java

@@ -1,21 +1,23 @@
 package stirling.software.common.util;
 
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 import java.util.List;
 import java.util.stream.Stream;
-import org.junit.jupiter.api.Assertions;
+
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.mockito.junit.jupiter.MockitoExtension;
+
 import stirling.software.common.model.enumeration.UsernameAttribute;
 import stirling.software.common.model.oauth2.GitHubProvider;
 import stirling.software.common.model.oauth2.GoogleProvider;
 import stirling.software.common.model.oauth2.Provider;
-import static org.junit.jupiter.api.Assertions.*;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 @ExtendWith(MockitoExtension.class)
 class ProviderUtilsTest {
@@ -40,7 +42,7 @@ class ProviderUtilsTest {
     public static Stream<Arguments> providerParams() {
         Provider generic = null;
         var google =
-            new GoogleProvider(null, "clientSecret", List.of("scope"), UsernameAttribute.EMAIL);
+                new GoogleProvider(null, "clientSecret", List.of("scope"), UsernameAttribute.EMAIL);
         var github = new GitHubProvider("clientId", "", List.of("scope"), UsernameAttribute.LOGIN);
 
         return Stream.of(Arguments.of(generic), Arguments.of(google), Arguments.of(github));

app/common/src/test/java/stirling/software/common/util/SpringContextHolderTest.java

@@ -42,7 +42,6 @@ class SpringContextHolderTest {
         verify(mockApplicationContext).getBean(TestBean.class);
     }
 
-
     @Test
     void testGetBean_ApplicationContextNotSet() {
         // Don't set application context
@@ -58,7 +57,8 @@ class SpringContextHolderTest {
     void testGetBean_BeanNotFound() {
         // Arrange
         contextHolder.setApplicationContext(mockApplicationContext);
-        when(mockApplicationContext.getBean(TestBean.class)).thenThrow(new org.springframework.beans.BeansException("Bean not found") {});
+        when(mockApplicationContext.getBean(TestBean.class))
+                .thenThrow(new org.springframework.beans.BeansException("Bean not found") {});
 
         // Act
         TestBean result = SpringContextHolder.getBean(TestBean.class);
@@ -68,6 +68,5 @@ class SpringContextHolderTest {
     }
 
     // Simple test class
-    private static class TestBean {
-    }
+    private static class TestBean {}
 }

app/common/src/test/java/stirling/software/common/util/misc/HighContrastColorReplaceDeciderTest.java

@@ -1,11 +1,13 @@
 package stirling.software.common.util.misc;
 
-import org.junit.jupiter.api.Test;
-import stirling.software.common.model.api.misc.HighContrastColorCombination;
-import stirling.software.common.model.api.misc.ReplaceAndInvert;
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 
+import org.junit.jupiter.api.Test;
+
+import stirling.software.common.model.api.misc.HighContrastColorCombination;
+import stirling.software.common.model.api.misc.ReplaceAndInvert;
+
 class HighContrastColorReplaceDeciderTest {
 
     @Test

app/common/src/test/java/stirling/software/common/util/misc/InvertFullColorStrategyTest.java

@@ -26,6 +26,7 @@ import org.junit.jupiter.api.Test;
 import org.springframework.core.io.InputStreamResource;
 import org.springframework.mock.web.MockMultipartFile;
 import org.springframework.web.multipart.MultipartFile;
+
 import stirling.software.common.model.api.misc.ReplaceAndInvert;
 
 class InvertFullColorStrategyTest {

app/common/src/test/java/stirling/software/common/util/misc/ReplaceAndInvertColorStrategyTest.java

@@ -9,6 +9,7 @@ import org.junit.jupiter.api.Test;
 import org.springframework.core.io.InputStreamResource;
 import org.springframework.mock.web.MockMultipartFile;
 import org.springframework.web.multipart.MultipartFile;
+
 import stirling.software.common.model.api.misc.ReplaceAndInvert;
 
 class ReplaceAndInvertColorStrategyTest {

app/common/src/test/java/stirling/software/common/util/propertyeditor/StringToArrayListPropertyEditorTest.java

@@ -1,14 +1,17 @@
 package stirling.software.common.util.propertyeditor;
 
-import java.util.List;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import stirling.software.common.model.api.security.RedactionArea;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
+import java.util.List;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import stirling.software.common.model.api.security.RedactionArea;
+
 class StringToArrayListPropertyEditorTest {
 
     private StringToArrayListPropertyEditor editor;

app/common/src/test/resources/saml/dummy.txt

@@ -0,0 +1 @@
+ok

app/core/build.gradle

@@ -14,7 +14,7 @@ configurations {
 
 spotless {
     java {
-        target sourceSets.main.allJava
+        target 'src/**/java/**/*.java'
         googleJavaFormat(googleJavaFormatVersion).aosp().reorderImports(false)
 
         importOrder("java", "javax", "org", "com", "net", "io", "jakarta", "lombok", "me", "stirling")
@@ -23,6 +23,18 @@ spotless {
         leadingTabsToSpaces()
         endWithNewline()
     }
+    yaml {
+        target '**/*.yml', '**/*.yaml'
+        trimTrailingWhitespace()
+        leadingTabsToSpaces()
+        endWithNewline()
+    }
+    format 'gradle', {
+        target '**/gradle/*.gradle', '**/*.gradle'
+        trimTrailingWhitespace()
+        leadingTabsToSpaces()
+        endWithNewline()
+    }
 }
 
 dependencies {
@@ -46,7 +58,7 @@ dependencies {
     implementation 'commons-io:commons-io:2.20.0'
     implementation "org.bouncycastle:bcprov-jdk18on:$bouncycastleVersion"
     implementation "org.bouncycastle:bcpkix-jdk18on:$bouncycastleVersion"
-    implementation 'io.micrometer:micrometer-core:1.15.2'
+    implementation 'io.micrometer:micrometer-core:1.15.3'
     implementation 'com.google.zxing:core:3.5.3'
     implementation "org.commonmark:commonmark:$commonmarkVersion" // https://mvnrepository.com/artifact/org.commonmark/commonmark
     implementation "org.commonmark:commonmark-ext-gfm-tables:$commonmarkVersion"
@@ -62,7 +74,7 @@ dependencies {
         exclude group: 'com.google.code.gson', module: 'gson'
     }
     implementation 'org.apache.pdfbox:jbig2-imageio:3.0.4'
-    implementation 'com.opencsv:opencsv:5.11.2' // https://mvnrepository.com/artifact/com.opencsv/opencsv
+    implementation 'com.opencsv:opencsv:5.12.0' // https://mvnrepository.com/artifact/com.opencsv/opencsv
 
     // Batik
     implementation 'org.apache.xmlgraphics:batik-all:1.19'
@@ -79,7 +91,7 @@ dependencies {
     // runtimeOnly "com.twelvemonkeys.imageio:imageio-pcx:$imageioVersion@
     // runtimeOnly "com.twelvemonkeys.imageio:imageio-pict:$imageioVersion"
     // runtimeOnly "com.twelvemonkeys.imageio:imageio-pnm:$imageioVersion"
-    // runtimeOnly "com.twelvemonkeys.imageio:imageio-psd:$imageioVersion"
+    runtimeOnly "com.twelvemonkeys.imageio:imageio-psd:$imageioVersion"
     // runtimeOnly "com.twelvemonkeys.imageio:imageio-sgi:$imageioVersion"
     // runtimeOnly "com.twelvemonkeys.imageio:imageio-tga:$imageioVersion"
     // runtimeOnly "com.twelvemonkeys.imageio:imageio-thumbsdb:$imageioVersion"
@@ -102,11 +114,6 @@ sourceSets {
     }
     test {
         java {
-            if (System.getenv('DOCKER_ENABLE_SECURITY') == 'false' || System.getenv('DISABLE_ADDITIONAL_FEATURES') == 'true'
-                || (project.hasProperty('DISABLE_ADDITIONAL_FEATURES')
-                && System.getProperty('DISABLE_ADDITIONAL_FEATURES') == 'true')) {
-                exclude 'stirling/software/proprietary/security/**'
-            }
             if (System.getenv('STIRLING_PDF_DESKTOP_UI') == 'false') {
                 exclude 'stirling/software/SPDF/UI/impl/**'
             }

app/core/src/main/java/stirling/software/SPDF/SPDFApplication.java

@@ -27,7 +27,6 @@ import stirling.software.SPDF.UI.WebBrowser;
 import stirling.software.common.configuration.AppConfig;
 import stirling.software.common.configuration.ConfigInitializer;
 import stirling.software.common.configuration.InstallationPathConfig;
-import stirling.software.common.model.ApplicationProperties;
 import stirling.software.common.util.UrlUtils;
 
 @Slf4j
@@ -46,17 +45,14 @@ public class SPDFApplication {
 
     private final AppConfig appConfig;
     private final Environment env;
-    private final ApplicationProperties applicationProperties;
     private final WebBrowser webBrowser;
 
     public SPDFApplication(
             AppConfig appConfig,
             Environment env,
-            ApplicationProperties applicationProperties,
             @Autowired(required = false) WebBrowser webBrowser) {
         this.appConfig = appConfig;
         this.env = env;
-        this.applicationProperties = applicationProperties;
         this.webBrowser = webBrowser;
     }
 

app/core/src/main/java/stirling/software/SPDF/config/CleanUrlInterceptor.java

@@ -20,6 +20,8 @@ public class CleanUrlInterceptor implements HandlerInterceptor {
                     "endpoints",
                     "logout",
                     "error",
+                    "days",
+                    "date",
                     "errorOAuth",
                     "file",
                     "messageType",

app/core/src/main/java/stirling/software/SPDF/config/EndpointInspector.java

@@ -6,8 +6,6 @@ import java.util.Map;
 import java.util.Set;
 import java.util.TreeSet;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationListener;
 import org.springframework.context.event.ContextRefreshedEvent;
@@ -18,11 +16,12 @@ import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
 import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
 
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 
 @Component
 @RequiredArgsConstructor
+@Slf4j
 public class EndpointInspector implements ApplicationListener<ContextRefreshedEvent> {
-    private static final Logger logger = LoggerFactory.getLogger(EndpointInspector.class);
 
     private final ApplicationContext applicationContext;
     private final Set<String> validGetEndpoints = new HashSet<>();
@@ -71,13 +70,13 @@ public class EndpointInspector implements ApplicationListener<ContextRefreshedEv
             }
 
             if (validGetEndpoints.isEmpty()) {
-                logger.warn("No endpoints discovered. Adding common endpoints as fallback.");
+                log.warn("No endpoints discovered. Adding common endpoints as fallback.");
                 validGetEndpoints.add("/");
                 validGetEndpoints.add("/api/**");
                 validGetEndpoints.add("/**");
             }
         } catch (Exception e) {
-            logger.error("Error discovering endpoints", e);
+            log.error("Error discovering endpoints", e);
         }
     }
 
@@ -203,10 +202,10 @@ public class EndpointInspector implements ApplicationListener<ContextRefreshedEv
     private void logAllEndpoints() {
         Set<String> sortedEndpoints = new TreeSet<>(validGetEndpoints);
 
-        logger.info("=== BEGIN: All discovered GET endpoints ===");
+        log.info("=== BEGIN: All discovered GET endpoints ===");
         for (String endpoint : sortedEndpoints) {
-            logger.info("Endpoint: {}", endpoint);
+            log.info("Endpoint: {}", endpoint);
         }
-        logger.info("=== END: All discovered GET endpoints ===");
+        log.info("=== END: All discovered GET endpoints ===");
     }
 }

app/core/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java

@@ -70,9 +70,17 @@ public class StampController {
         String stampType = request.getStampType();
         String stampText = request.getStampText();
         MultipartFile stampImage = request.getStampImage();
-        String stampImageName = stampImage.getOriginalFilename();
-        if (stampImageName.contains("..") || stampImageName.startsWith("/")) {
-            throw new IllegalArgumentException("Invalid stamp image file path");
+        if ("image".equalsIgnoreCase(stampType)) {
+            if (stampImage == null) {
+                throw new IllegalArgumentException(
+                        "Stamp image file must be provided when stamp type is 'image'");
+            }
+            String stampImageName = stampImage.getOriginalFilename();
+            if (stampImageName == null
+                    || stampImageName.contains("..")
+                    || stampImageName.startsWith("/")) {
+                throw new IllegalArgumentException("Invalid stamp image file path");
+            }
         }
         String alphabet = request.getAlphabet();
         float fontSize = request.getFontSize();

app/core/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java

@@ -108,9 +108,13 @@ public class PipelineProcessor {
             if (inputFileTypes == null) {
                 inputFileTypes = new ArrayList<String>(Arrays.asList("ALL"));
             }
-            if (!operation.matches("^[a-zA-Z0-9_-]+$")) {
-                throw new IllegalArgumentException("Invalid operation value received.");
+
+            if (!apiDocService.isValidOperation(operation, parameters)) {
+                log.error("Invalid operation or parameters: o:{} p:{}", operation, parameters);
+                throw new IllegalArgumentException(
+                        "Invalid operation: " + operation + " with parameters: " + parameters);
             }
+
             String url = getBaseUrl() + operation;
             List<Resource> newOutputFiles = new ArrayList<>();
             if (!isMultiInputOperation) {
@@ -136,7 +140,7 @@ public class PipelineProcessor {
                             // skip
                             // this
                             // file
-                            if (operation.startsWith("filter-")
+                            if (operation.startsWith("/api/v1/filter/filter-")
                                     && (response.getBody() == null
                                             || response.getBody().length == 0)) {
                                 filtersApplied = true;

app/core/src/main/java/stirling/software/SPDF/controller/web/ConverterWebController.java

@@ -8,6 +8,8 @@ import org.springframework.web.servlet.ModelAndView;
 import io.swagger.v3.oas.annotations.Hidden;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
+import stirling.software.common.model.ApplicationProperties;
+import stirling.software.common.util.ApplicationContextProvider;
 import stirling.software.common.util.CheckProgramInstall;
 
 @Controller
@@ -62,6 +64,13 @@ public class ConverterWebController {
     @Hidden
     public String pdfToimgForm(Model model) {
         boolean isPython = CheckProgramInstall.isPythonAvailable();
+        ApplicationProperties properties =
+                ApplicationContextProvider.getBean(ApplicationProperties.class);
+        if (properties != null && properties.getSystem() != null) {
+            model.addAttribute("maxDPI", properties.getSystem().getMaxDPI());
+        } else {
+            model.addAttribute("maxDPI", 500); // Default value if not set
+        }
         model.addAttribute("isPython", isPython);
         model.addAttribute("currentPage", "pdf-to-img");
         return "convert/pdf-to-img";

app/core/src/main/java/stirling/software/SPDF/model/SignatureFile.java

@@ -2,8 +2,10 @@ package stirling.software.SPDF.model;
 
 import lombok.AllArgsConstructor;
 import lombok.Data;
+import lombok.NoArgsConstructor;
 
 @Data
+@NoArgsConstructor
 @AllArgsConstructor
 public class SignatureFile {
     private String fileName;

app/core/src/main/java/stirling/software/SPDF/pdf/TextFinder.java

@@ -6,7 +6,7 @@ import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.pdmodel.PDPage;
 import org.apache.pdfbox.text.PDFTextStripper;
 import org.apache.pdfbox.text.TextPosition;
 
@@ -17,91 +17,203 @@ import stirling.software.SPDF.model.PDFText;
 @Slf4j
 public class TextFinder extends PDFTextStripper {
 
-    private final String searchText;
+    private final String searchTerm;
     private final boolean useRegex;
     private final boolean wholeWordSearch;
-    private final List<PDFText> textOccurrences = new ArrayList<>();
+    private final List<PDFText> foundTexts = new ArrayList<>();
 
-    public TextFinder(String searchText, boolean useRegex, boolean wholeWordSearch)
+    private final List<TextPosition> pageTextPositions = new ArrayList<>();
+    private final StringBuilder pageTextBuilder = new StringBuilder();
+
+    public TextFinder(String searchTerm, boolean useRegex, boolean wholeWordSearch)
             throws IOException {
-        this.searchText = searchText.toLowerCase();
+        this.searchTerm = searchTerm;
         this.useRegex = useRegex;
         this.wholeWordSearch = wholeWordSearch;
-        setSortByPosition(true);
+        this.setWordSeparator(" ");
     }
 
-    private List<MatchInfo> findOccurrencesInText(String searchText, String content) {
-        List<MatchInfo> matches = new ArrayList<>();
-
-        Pattern pattern;
-
-        if (useRegex) {
-            // Use regex-based search
-            pattern =
-                    wholeWordSearch
-                            ? Pattern.compile("\\b" + searchText + "\\b")
-                            : Pattern.compile(searchText);
-        } else {
-            // Use normal text search
-            pattern =
-                    wholeWordSearch
-                            ? Pattern.compile("\\b" + Pattern.quote(searchText) + "\\b")
-                            : Pattern.compile(Pattern.quote(searchText));
-        }
-
-        Matcher matcher = pattern.matcher(content);
-        while (matcher.find()) {
-            matches.add(new MatchInfo(matcher.start(), matcher.end() - matcher.start()));
-        }
-        return matches;
+    @Override
+    protected void startPage(PDPage page) throws IOException {
+        super.startPage(page);
+        pageTextPositions.clear();
+        pageTextBuilder.setLength(0);
     }
 
     @Override
     protected void writeString(String text, List<TextPosition> textPositions) {
-        for (MatchInfo match : findOccurrencesInText(searchText, text.toLowerCase())) {
-            int index = match.startIndex;
-            if (index + match.matchLength <= textPositions.size()) {
-                // Initial values based on the first character
-                TextPosition first = textPositions.get(index);
-                float minX = first.getX();
-                float minY = first.getY();
-                float maxX = first.getX() + first.getWidth();
-                float maxY = first.getY() + first.getHeight();
+        pageTextBuilder.append(text);
+        pageTextPositions.addAll(textPositions);
+    }
 
-                // Loop over the rest of the characters and adjust bounding box values
-                for (int i = index; i < index + match.matchLength; i++) {
-                    TextPosition position = textPositions.get(i);
-                    minX = Math.min(minX, position.getX());
-                    minY = Math.min(minY, position.getY());
-                    maxX = Math.max(maxX, position.getX() + position.getWidth());
-                    maxY = Math.max(maxY, position.getY() + position.getHeight());
-                }
+    @Override
+    protected void writeWordSeparator() {
+        pageTextBuilder.append(getWordSeparator());
+        pageTextPositions.add(null); // Placeholder for separator
+    }
 
-                textOccurrences.add(
-                        new PDFText(getCurrentPageNo() - 1, minX, minY, maxX, maxY, text));
+    @Override
+    protected void writeLineSeparator() {
+        pageTextBuilder.append(getLineSeparator());
+        pageTextPositions.add(null); // Placeholder for separator
+    }
+
+    @Override
+    protected void endPage(PDPage page) throws IOException {
+        String text = pageTextBuilder.toString();
+        if (text.isEmpty() || this.searchTerm == null || this.searchTerm.isEmpty()) {
+            super.endPage(page);
+            return;
+        }
+
+        String processedSearchTerm = this.searchTerm.trim();
+        if (processedSearchTerm.isEmpty()) {
+            super.endPage(page);
+            return;
+        }
+        String regex = this.useRegex ? processedSearchTerm : "\\Q" + processedSearchTerm + "\\E";
+        if (this.wholeWordSearch) {
+            if (processedSearchTerm.length() == 1
+                    && Character.isDigit(processedSearchTerm.charAt(0))) {
+                regex = "(?<![\\w])(?<!\\d[\\.,])" + regex + "(?![\\w])(?![\\.,]\\d)";
+            } else if (processedSearchTerm.length() == 1) {
+                regex = "(?<![\\w])" + regex + "(?![\\w])";
+            } else {
+                regex = "\\b" + regex + "\\b";
             }
         }
-    }
 
-    public List<PDFText> getTextLocations(PDDocument document) throws Exception {
-        this.getText(document);
+        Pattern pattern = Pattern.compile(regex, Pattern.CASE_INSENSITIVE | Pattern.UNICODE_CASE);
+        Matcher matcher = pattern.matcher(text);
+
         log.debug(
-                "Found "
-                        + textOccurrences.size()
-                        + " occurrences of '"
-                        + searchText
-                        + "' in the document.");
+                "Searching for '{}' in page {} with regex '{}' (wholeWord: {}, useRegex: {})",
+                processedSearchTerm,
+                getCurrentPageNo(),
+                regex,
+                wholeWordSearch,
+                useRegex);
 
-        return textOccurrences;
+        int matchCount = 0;
+        while (matcher.find()) {
+            matchCount++;
+            int matchStart = matcher.start();
+            int matchEnd = matcher.end();
+
+            log.debug(
+                    "Found match #{} at positions {}-{}: '{}'",
+                    matchCount,
+                    matchStart,
+                    matchEnd,
+                    matcher.group());
+
+            float minX = Float.MAX_VALUE;
+            float minY = Float.MAX_VALUE;
+            float maxX = Float.MIN_VALUE;
+            float maxY = Float.MIN_VALUE;
+            boolean foundPosition = false;
+
+            for (int i = matchStart; i < matchEnd; i++) {
+                if (i >= pageTextPositions.size()) {
+                    log.debug(
+                            "Position index {} exceeds available positions ({})",
+                            i,
+                            pageTextPositions.size());
+                    continue;
+                }
+                TextPosition pos = pageTextPositions.get(i);
+                if (pos != null) {
+                    foundPosition = true;
+                    minX = Math.min(minX, pos.getX());
+                    maxX = Math.max(maxX, pos.getX() + pos.getWidth());
+                    minY = Math.min(minY, pos.getY() - pos.getHeight());
+                    maxY = Math.max(maxY, pos.getY());
+                }
+            }
+
+            if (!foundPosition && matchStart < pageTextPositions.size()) {
+                log.debug(
+                        "Attempting to find nearby positions for match at {}-{}",
+                        matchStart,
+                        matchEnd);
+
+                for (int i = Math.max(0, matchStart - 5);
+                        i < Math.min(pageTextPositions.size(), matchEnd + 5);
+                        i++) {
+                    TextPosition pos = pageTextPositions.get(i);
+                    if (pos != null) {
+                        foundPosition = true;
+                        minX = Math.min(minX, pos.getX());
+                        maxX = Math.max(maxX, pos.getX() + pos.getWidth());
+                        minY = Math.min(minY, pos.getY() - pos.getHeight());
+                        maxY = Math.max(maxY, pos.getY());
+                        break;
+                    }
+                }
+            }
+
+            if (foundPosition) {
+                foundTexts.add(
+                        new PDFText(
+                                this.getCurrentPageNo() - 1,
+                                minX,
+                                minY,
+                                maxX,
+                                maxY,
+                                matcher.group()));
+                log.debug(
+                        "Added PDFText for match: page={}, bounds=({},{},{},{}), text='{}'",
+                        getCurrentPageNo() - 1,
+                        minX,
+                        minY,
+                        maxX,
+                        maxY,
+                        matcher.group());
+            } else {
+                log.warn(
+                        "Found text match '{}' but no valid position data at {}-{}",
+                        matcher.group(),
+                        matchStart,
+                        matchEnd);
+            }
+        }
+
+        log.debug(
+                "Page {} search complete: found {} matches for '{}'",
+                getCurrentPageNo(),
+                matchCount,
+                processedSearchTerm);
+
+        super.endPage(page);
     }
 
-    private class MatchInfo {
-        int startIndex;
-        int matchLength;
+    public List<PDFText> getFoundTexts() {
+        return foundTexts;
+    }
 
-        MatchInfo(int startIndex, int matchLength) {
-            this.startIndex = startIndex;
-            this.matchLength = matchLength;
+    public String getDebugInfo() {
+        StringBuilder debug = new StringBuilder();
+        debug.append("Extracted text length: ").append(pageTextBuilder.length()).append("\n");
+        debug.append("Position count: ").append(pageTextPositions.size()).append("\n");
+        debug.append("Text content: '")
+                .append(pageTextBuilder.toString().replace("\n", "\\n").replace("\r", "\\r"))
+                .append("'\n");
+
+        String text = pageTextBuilder.toString();
+        for (int i = 0; i < Math.min(text.length(), 50); i++) {
+            char c = text.charAt(i);
+            TextPosition pos = i < pageTextPositions.size() ? pageTextPositions.get(i) : null;
+            debug.append(
+                    String.format(
+                            "  [%d] '%c' (0x%02X) -> %s\n",
+                            i,
+                            c,
+                            (int) c,
+                            pos != null
+                                    ? String.format("(%.1f,%.1f)", pos.getX(), pos.getY())
+                                    : "null"));
         }
+
+        return debug.toString();
     }
 }

app/core/src/main/java/stirling/software/SPDF/service/MetricsAggregatorService.java

@@ -4,8 +4,6 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Service;
 
@@ -13,15 +11,15 @@ import io.micrometer.core.instrument.MeterRegistry;
 import io.micrometer.core.instrument.search.Search;
 
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 
 import stirling.software.SPDF.config.EndpointInspector;
 import stirling.software.common.service.PostHogService;
 
 @Service
 @RequiredArgsConstructor
+@Slf4j
 public class MetricsAggregatorService {
-    private static final Logger logger = LoggerFactory.getLogger(MetricsAggregatorService.class);
-
     private final MeterRegistry meterRegistry;
     private final PostHogService postHogService;
     private final EndpointInspector endpointInspector;
@@ -66,7 +64,7 @@ public class MetricsAggregatorService {
                             if ("GET".equals(method)
                                     && validateGetEndpoints
                                     && !endpointInspector.isValidGetEndpoint(uri)) {
-                                logger.debug("Skipping invalid GET endpoint: {}", uri);
+                                log.debug("Skipping invalid GET endpoint: {}", uri);
                                 return;
                             }
 
@@ -77,7 +75,7 @@ public class MetricsAggregatorService {
                             double lastCount = lastSentMetrics.getOrDefault(key, 0.0);
                             double difference = currentCount - lastCount;
                             if (difference > 0) {
-                                logger.debug("{}, {}", key, difference);
+                                log.debug("{}, {}", key, difference);
                                 metrics.put(key, difference);
                                 lastSentMetrics.put(key, currentCount);
                             }

app/core/src/main/java/stirling/software/SPDF/utils/text/TextEncodingHelper.java

@@ -0,0 +1,351 @@
+package stirling.software.SPDF.utils.text;
+
+import java.io.IOException;
+
+import org.apache.pdfbox.pdmodel.font.PDFont;
+import org.apache.pdfbox.pdmodel.font.PDSimpleFont;
+import org.apache.pdfbox.pdmodel.font.encoding.DictionaryEncoding;
+import org.apache.pdfbox.pdmodel.font.encoding.Encoding;
+
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class TextEncodingHelper {
+
+    public static boolean canEncodeCharacters(PDFont font, String text) {
+        if (font == null || text == null || text.isEmpty()) {
+            return false;
+        }
+
+        try {
+            // Step 1: Primary check - full-string encoding (permissive for "good" cases)
+            byte[] encoded = font.encode(text);
+            if (encoded.length > 0) {
+                log.debug(
+                        "Text '{}' has good full-string encoding for font {} - permissively allowing",
+                        text,
+                        font.getName() != null ? font.getName() : "Unknown");
+                return true;
+            }
+
+            // Step 2: Smart array-based fallback for TJ operator-style text
+            log.debug(
+                    "Full encoding failed for '{}' - using array-based fallback for font {}",
+                    text,
+                    font.getName() != null ? font.getName() : "Unknown");
+
+            return validateAsCodePointArray(font, text);
+
+        } catch (IOException | IllegalArgumentException e) {
+            log.debug(
+                    "Encoding exception for text '{}' with font {} - trying array fallback: {}",
+                    text,
+                    font.getName() != null ? font.getName() : "Unknown",
+                    e.getMessage());
+
+            if (isFontSubset(font.getName()) || hasCustomEncoding(font)) {
+                return validateAsCodePointArray(font, text);
+            }
+
+            return false; // Non-subset fonts with encoding exceptions are likely problematic
+        }
+    }
+
+    private static boolean validateAsCodePointArray(PDFont font, String text) {
+        int totalCodePoints = 0;
+        int successfulCodePoints = 0;
+
+        // Iterate through code points (handles surrogates correctly per Unicode docs)
+        for (int i = 0; i < text.length(); ) {
+            int codePoint = text.codePointAt(i);
+            String charStr = new String(Character.toChars(codePoint));
+            totalCodePoints++;
+
+            try {
+                // Test encoding for this code point
+                byte[] charEncoded = font.encode(charStr);
+                if (charEncoded.length > 0) {
+                    float charWidth = font.getStringWidth(charStr);
+
+                    if (charWidth >= 0) {
+                        successfulCodePoints++;
+                        log.debug(
+                                "Code point '{}' (U+{}) encoded successfully",
+                                charStr,
+                                Integer.toHexString(codePoint).toUpperCase());
+                    } else {
+                        log.debug(
+                                "Code point '{}' (U+{}) has invalid width: {}",
+                                charStr,
+                                Integer.toHexString(codePoint).toUpperCase(),
+                                charWidth);
+                    }
+                } else {
+                    log.debug(
+                            "Code point '{}' (U+{}) encoding failed - empty result",
+                            charStr,
+                            Integer.toHexString(codePoint).toUpperCase());
+                }
+            } catch (IOException | IllegalArgumentException e) {
+                log.debug(
+                        "Code point '{}' (U+{}) validation failed: {}",
+                        charStr,
+                        Integer.toHexString(codePoint).toUpperCase(),
+                        e.getMessage());
+            }
+
+            i += Character.charCount(codePoint); // Handle surrogates properly
+        }
+
+        double successRate =
+                totalCodePoints > 0 ? (double) successfulCodePoints / totalCodePoints : 0;
+        boolean isAcceptable = successRate >= 0.95;
+
+        log.debug(
+                "Array validation for '{}': {}/{} code points successful ({:.1f}%) - {}",
+                text,
+                successfulCodePoints,
+                totalCodePoints,
+                successRate * 100,
+                isAcceptable ? "ALLOWING" : "rejecting");
+
+        return isAcceptable;
+    }
+
+    public static boolean isTextSegmentRemovable(PDFont font, String text) {
+        if (font == null || text == null || text.isEmpty()) {
+            return false;
+        }
+
+        // Log the attempt
+        log.debug(
+                "Evaluating text segment for removal: '{}' with font {}",
+                text,
+                font.getName() != null ? font.getName() : "Unknown Font");
+
+        if (isSimpleCharacter(text)) {
+            try {
+                font.encode(text);
+                font.getStringWidth(text);
+                log.debug(
+                        "Text '{}' is a simple character and passed validation - allowing removal",
+                        text);
+                return true;
+            } catch (Exception e) {
+                log.debug(
+                        "Simple character '{}' failed basic validation with font {}: {}",
+                        text,
+                        font.getName() != null ? font.getName() : "Unknown",
+                        e.getMessage());
+                return false;
+            }
+        }
+
+        // For complex text, require comprehensive validation
+        return isTextFullyRemovable(font, text);
+    }
+
+    public static boolean isTextFullyRemovable(PDFont font, String text) {
+        if (font == null || text == null || text.isEmpty()) {
+            return false;
+        }
+
+        try {
+            // Check 1: Verify encoding capability using new smart approach
+            if (!canEncodeCharacters(font, text)) {
+                log.debug(
+                        "Text '{}' failed encoding validation for font {}",
+                        text,
+                        font.getName() != null ? font.getName() : "Unknown");
+                return false;
+            }
+
+            // Check 2: Validate width calculation capability
+            float width = font.getStringWidth(text);
+            if (width < 0) { // Allow zero width (invisible chars) but reject negative (invalid)
+                log.debug(
+                        "Text '{}' has invalid width {} for font {}",
+                        text,
+                        width,
+                        font.getName() != null ? font.getName() : "Unknown");
+                return false; // Invalid metrics prevent accurate removal
+            }
+
+            // Check 3: Verify font descriptor completeness for redaction area calculation
+            if (font.getFontDescriptor() == null) {
+                log.debug(
+                        "Missing font descriptor for font {}",
+                        font.getName() != null ? font.getName() : "Unknown");
+                return false;
+            }
+
+            // Check 4: Test bounding box calculation for redaction area
+            try {
+                font.getFontDescriptor().getFontBoundingBox();
+            } catch (IllegalArgumentException e) {
+                log.debug(
+                        "Font bounding box unavailable for font {}: {}",
+                        font.getName() != null ? font.getName() : "Unknown",
+                        e.getMessage());
+                return false;
+            }
+
+            log.debug(
+                    "Text '{}' passed comprehensive validation for font {}",
+                    text,
+                    font.getName() != null ? font.getName() : "Unknown");
+            return true;
+
+        } catch (IOException e) {
+            log.debug(
+                    "Text '{}' failed validation for font {} due to IO error: {}",
+                    text,
+                    font.getName() != null ? font.getName() : "Unknown",
+                    e.getMessage());
+            return false;
+        } catch (IllegalArgumentException e) {
+            log.debug(
+                    "Text '{}' failed validation for font {} due to argument error: {}",
+                    text,
+                    font.getName() != null ? font.getName() : "Unknown",
+                    e.getMessage());
+            return false;
+        }
+    }
+
+    private static boolean isSimpleCharacter(String text) {
+        if (text == null || text.isEmpty()) {
+            return false;
+        }
+
+        if (text.length() > 20) {
+            return false;
+        }
+
+        for (int i = 0; i < text.length(); i++) {
+            char c = text.charAt(i);
+
+            // Allow letters, digits, and whitespace (most common cases)
+            if (Character.isLetterOrDigit(c) || Character.isWhitespace(c)) {
+                continue;
+            }
+
+            // Allow common ASCII punctuation
+            if (c >= 32 && c <= 126 && ".,!?;:()-[]{}\"'/@#$%&*+=<>|\\~`".indexOf(c) >= 0) {
+                continue;
+            }
+
+            return false;
+        }
+
+        return true;
+    }
+
+    public static boolean hasCustomEncoding(PDFont font) {
+        try {
+            if (font instanceof PDSimpleFont simpleFont) {
+                try {
+                    Encoding encoding = simpleFont.getEncoding();
+                    if (encoding != null) {
+                        // Check for dictionary-based custom encodings
+                        if (encoding instanceof DictionaryEncoding) {
+                            log.debug("Font {} uses DictionaryEncoding (custom)", font.getName());
+                            return true;
+                        }
+
+                        String encodingName = encoding.getClass().getSimpleName();
+                        if (encodingName.contains("Custom")
+                                || encodingName.contains("Dictionary")) {
+                            log.debug(
+                                    "Font {} uses custom encoding: {}",
+                                    font.getName(),
+                                    encodingName);
+                            return true;
+                        }
+                    }
+                } catch (Exception e) {
+                    log.debug(
+                            "Encoding detection failed for font {}: {}",
+                            font.getName(),
+                            e.getMessage());
+                    return true; // Assume custom if detection fails
+                }
+            }
+
+            if (font instanceof org.apache.pdfbox.pdmodel.font.PDType0Font) {
+                log.debug(
+                        "Font {} is Type0 (CID) - generally uses standard CMaps",
+                        font.getName() != null ? font.getName() : "Unknown");
+                return false;
+            }
+
+            log.debug(
+                    "Font {} type {} - assuming standard encoding",
+                    font.getName() != null ? font.getName() : "Unknown",
+                    font.getClass().getSimpleName());
+            return false;
+
+        } catch (IllegalArgumentException e) {
+            log.debug(
+                    "Custom encoding detection failed for font {}: {}",
+                    font.getName() != null ? font.getName() : "Unknown",
+                    e.getMessage());
+            return false; // Be forgiving on detection failure
+        }
+    }
+
+    public static boolean fontSupportsCharacter(PDFont font, String character) {
+        if (font == null || character == null || character.isEmpty()) {
+            return false;
+        }
+
+        try {
+            byte[] encoded = font.encode(character);
+            if (encoded.length == 0) {
+                return false;
+            }
+
+            float width = font.getStringWidth(character);
+            return width > 0;
+
+        } catch (IOException | IllegalArgumentException e) {
+            log.debug(
+                    "Character '{}' not supported by font {}: {}",
+                    character,
+                    font.getName() != null ? font.getName() : "Unknown",
+                    e.getMessage());
+            return false;
+        }
+    }
+
+    public static boolean isFontSubset(String fontName) {
+        if (fontName == null) {
+            return false;
+        }
+        return fontName.matches("^[A-Z]{6}\\+.*");
+    }
+
+    public static boolean canCalculateBasicWidths(PDFont font) {
+        try {
+            float spaceWidth = font.getStringWidth(" ");
+            if (spaceWidth <= 0) {
+                return false;
+            }
+
+            String[] testChars = {"a", "A", "0", ".", "e", "!"};
+            for (String ch : testChars) {
+                try {
+                    float width = font.getStringWidth(ch);
+                    if (width > 0) {
+                        return true;
+                    }
+                } catch (IOException | IllegalArgumentException e) {
+                }
+            }
+
+            return false; // Can't calculate width for any test characters
+        } catch (IOException | IllegalArgumentException e) {
+            return false; // Font failed basic width calculation
+        }
+    }
+}

app/core/src/main/java/stirling/software/SPDF/utils/text/TextFinderUtils.java

@@ -0,0 +1,140 @@
+package stirling.software.SPDF.utils.text;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+import org.apache.pdfbox.pdmodel.PDPage;
+import org.apache.pdfbox.pdmodel.PDResources;
+
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class TextFinderUtils {
+
+    public static boolean validateFontReliability(org.apache.pdfbox.pdmodel.font.PDFont font) {
+        if (font == null) {
+            return false;
+        }
+
+        if (font.isDamaged()) {
+            log.debug(
+                    "Font {} is marked as damaged - using TextEncodingHelper validation",
+                    font.getName());
+        }
+
+        if (TextEncodingHelper.canCalculateBasicWidths(font)) {
+            log.debug(
+                    "Font {} passed basic width calculations - considering reliable",
+                    font.getName());
+            return true;
+        }
+
+        String[] basicTests = {"1", "2", "3", "a", "A", "e", "E", " "};
+
+        int workingChars = 0;
+        for (String testChar : basicTests) {
+            if (TextEncodingHelper.canEncodeCharacters(font, testChar)) {
+                workingChars++;
+            }
+        }
+
+        if (workingChars > 0) {
+            log.debug(
+                    "Font {} can process {}/{} basic characters - considering reliable",
+                    font.getName(),
+                    workingChars,
+                    basicTests.length);
+            return true;
+        }
+
+        log.debug("Font {} failed all basic tests - considering unreliable", font.getName());
+        return false;
+    }
+
+    public static List<Pattern> createOptimizedSearchPatterns(
+            Set<String> searchTerms, boolean useRegex, boolean wholeWordSearch) {
+        List<Pattern> patterns = new ArrayList<>();
+
+        for (String term : searchTerms) {
+            if (term == null || term.trim().isEmpty()) {
+                continue;
+            }
+
+            try {
+                String patternString = useRegex ? term.trim() : Pattern.quote(term.trim());
+
+                if (wholeWordSearch) {
+                    patternString = applyWordBoundaries(term.trim(), patternString);
+                }
+
+                Pattern pattern =
+                        Pattern.compile(
+                                patternString, Pattern.CASE_INSENSITIVE | Pattern.UNICODE_CASE);
+                patterns.add(pattern);
+
+                log.debug("Created search pattern: '{}' -> '{}'", term.trim(), patternString);
+
+            } catch (Exception e) {
+                log.warn("Failed to create pattern for term '{}': {}", term, e.getMessage());
+            }
+        }
+
+        return patterns;
+    }
+
+    private static String applyWordBoundaries(String originalTerm, String patternString) {
+        if (originalTerm.length() == 1 && Character.isDigit(originalTerm.charAt(0))) {
+            return "(?<![\\w])" + patternString + "(?![\\w])";
+        } else if (originalTerm.length() == 1) {
+            return "(?<![\\w])" + patternString + "(?![\\w])";
+        } else {
+            return "\\b" + patternString + "\\b";
+        }
+    }
+
+    public static boolean hasProblematicFonts(PDPage page) {
+        if (page == null) {
+            return false;
+        }
+
+        try {
+            PDResources resources = page.getResources();
+            if (resources == null) {
+                return false;
+            }
+
+            int totalFonts = 0;
+            int completelyUnusableFonts = 0;
+
+            for (org.apache.pdfbox.cos.COSName fontName : resources.getFontNames()) {
+                try {
+                    org.apache.pdfbox.pdmodel.font.PDFont font = resources.getFont(fontName);
+                    if (font != null) {
+                        totalFonts++;
+                        if (!validateFontReliability(font)) {
+                            completelyUnusableFonts++;
+                        }
+                    }
+                } catch (Exception e) {
+                    log.debug("Font loading failed for {}: {}", fontName.getName(), e.getMessage());
+                    totalFonts++;
+                }
+            }
+
+            boolean hasProblems = totalFonts > 0 && (completelyUnusableFonts * 2 > totalFonts);
+            log.debug(
+                    "Page font analysis: {}/{} fonts are completely unusable - page {} problematic",
+                    completelyUnusableFonts,
+                    totalFonts,
+                    hasProblems ? "IS" : "is NOT");
+
+            return hasProblems;
+
+        } catch (Exception e) {
+            log.warn("Font analysis failed for page: {}", e.getMessage());
+            return false; // Be permissive if analysis fails
+        }
+    }
+}

app/core/src/main/java/stirling/software/SPDF/utils/text/WidthCalculator.java

@@ -0,0 +1,136 @@
+package stirling.software.SPDF.utils.text;
+
+import org.apache.pdfbox.pdmodel.common.PDRectangle;
+import org.apache.pdfbox.pdmodel.font.PDFont;
+
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class WidthCalculator {
+
+    private static final int FONT_SCALE_FACTOR = 1000;
+
+    public static float calculateAccurateWidth(PDFont font, String text, float fontSize) {
+        if (font == null || text == null || text.isEmpty() || fontSize <= 0) {
+            return 0;
+        }
+
+        if (!TextEncodingHelper.canEncodeCharacters(font, text)) {
+            log.debug(
+                    "Text cannot be encoded by font {}, using fallback width calculation",
+                    font.getName());
+            return calculateFallbackWidth(font, text, fontSize);
+        }
+
+        try {
+            float rawWidth = font.getStringWidth(text);
+            float scaledWidth = (rawWidth / FONT_SCALE_FACTOR) * fontSize;
+
+            log.debug(
+                    "Direct width calculation successful for font {}: {} -> {}",
+                    font.getName(),
+                    rawWidth,
+                    scaledWidth);
+            return scaledWidth;
+
+        } catch (Exception e) {
+            log.debug(
+                    "Direct width calculation failed for font {}: {}",
+                    font.getName(),
+                    e.getMessage());
+            return calculateWidthWithCharacterIteration(font, text, fontSize);
+        }
+    }
+
+    private static float calculateWidthWithCharacterIteration(
+            PDFont font, String text, float fontSize) {
+        try {
+            float totalWidth = 0;
+
+            for (int i = 0; i < text.length(); i++) {
+                String character = text.substring(i, i + 1);
+                try {
+                    byte[] encoded = font.encode(character);
+                    if (encoded.length > 0) {
+                        int glyphCode = encoded[0] & 0xFF;
+                        float glyphWidth = font.getWidth(glyphCode);
+
+                        if (glyphWidth == 0) {
+                            try {
+                                glyphWidth = font.getWidthFromFont(glyphCode);
+                            } catch (Exception e2) {
+                                glyphWidth = font.getAverageFontWidth();
+                            }
+                        }
+
+                        totalWidth += (glyphWidth / FONT_SCALE_FACTOR) * fontSize;
+                    } else {
+                        totalWidth += (font.getAverageFontWidth() / FONT_SCALE_FACTOR) * fontSize;
+                    }
+                } catch (Exception e2) {
+                    totalWidth += (font.getAverageFontWidth() / FONT_SCALE_FACTOR) * fontSize;
+                }
+            }
+
+            log.debug("Character iteration width calculation: {}", totalWidth);
+            return totalWidth;
+
+        } catch (Exception e) {
+            log.debug("Character iteration failed: {}", e.getMessage());
+            return calculateFallbackWidth(font, text, fontSize);
+        }
+    }
+
+    private static float calculateFallbackWidth(PDFont font, String text, float fontSize) {
+        try {
+            if (font.getFontDescriptor() != null
+                    && font.getFontDescriptor().getFontBoundingBox() != null) {
+
+                PDRectangle bbox = font.getFontDescriptor().getFontBoundingBox();
+                float avgCharWidth =
+                        bbox.getWidth() / FONT_SCALE_FACTOR * 0.6f; // Conservative estimate
+                float fallbackWidth = text.length() * avgCharWidth * fontSize;
+
+                log.debug("Bounding box fallback width: {}", fallbackWidth);
+                return fallbackWidth;
+            }
+
+            float avgWidth = font.getAverageFontWidth();
+            float fallbackWidth = (text.length() * avgWidth / FONT_SCALE_FACTOR) * fontSize;
+
+            log.debug("Average width fallback: {}", fallbackWidth);
+            return fallbackWidth;
+
+        } catch (Exception e) {
+            float conservativeWidth = text.length() * 0.5f * fontSize;
+            log.debug(
+                    "Conservative fallback width for font {}: {}",
+                    font.getName(),
+                    conservativeWidth);
+            return conservativeWidth;
+        }
+    }
+
+    public static boolean isWidthCalculationReliable(PDFont font) {
+        if (font == null) {
+            return false;
+        }
+
+        if (font.isDamaged()) {
+            log.debug("Font {} is damaged", font.getName());
+            return false;
+        }
+
+        if (!TextEncodingHelper.canCalculateBasicWidths(font)) {
+            log.debug("Font {} cannot perform basic width calculations", font.getName());
+            return false;
+        }
+
+        if (TextEncodingHelper.hasCustomEncoding(font)) {
+            log.debug("Font {} has custom encoding", font.getName());
+            return false;
+        }
+
+        return true;
+    }
+}

app/core/src/main/java/stirling/software/common/controller/JobController.java

@@ -10,8 +10,12 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
 import jakarta.servlet.http.HttpServletRequest;
 
 import lombok.RequiredArgsConstructor;
@@ -27,6 +31,8 @@ import stirling.software.common.service.TaskManager;
 @RestController
 @RequiredArgsConstructor
 @Slf4j
+@RequestMapping("/api/v1/general")
+@Tag(name = "Job Management", description = "Job Management API")
 public class JobController {
 
     private final TaskManager taskManager;
@@ -40,7 +46,8 @@ public class JobController {
      * @param jobId The job ID
      * @return The job result
      */
-    @GetMapping("/api/v1/general/job/{jobId}")
+    @GetMapping("/job/{jobId}")
+    @Operation(summary = "Get job status")
     public ResponseEntity<?> getJobStatus(@PathVariable("jobId") String jobId) {
         JobResult result = taskManager.getJobResult(jobId);
         if (result == null) {
@@ -68,7 +75,8 @@ public class JobController {
      * @param jobId The job ID
      * @return The job result
      */
-    @GetMapping("/api/v1/general/job/{jobId}/result")
+    @GetMapping("/job/{jobId}/result")
+    @Operation(summary = "Get job result")
     public ResponseEntity<?> getJobResult(@PathVariable("jobId") String jobId) {
         JobResult result = taskManager.getJobResult(jobId);
         if (result == null) {
@@ -130,7 +138,8 @@ public class JobController {
      * @param jobId The job ID
      * @return Response indicating whether the job was cancelled
      */
-    @DeleteMapping("/api/v1/general/job/{jobId}")
+    @DeleteMapping("/job/{jobId}")
+    @Operation(summary = "Cancel a job")
     public ResponseEntity<?> cancelJob(@PathVariable("jobId") String jobId) {
         log.debug("Request to cancel job: {}", jobId);
 
@@ -197,7 +206,8 @@ public class JobController {
      * @param jobId The job ID
      * @return List of files for the job
      */
-    @GetMapping("/api/v1/general/job/{jobId}/result/files")
+    @GetMapping("/job/{jobId}/result/files")
+    @Operation(summary = "Get job result files")
     public ResponseEntity<?> getJobFiles(@PathVariable("jobId") String jobId) {
         JobResult result = taskManager.getJobResult(jobId);
         if (result == null) {
@@ -226,7 +236,8 @@ public class JobController {
      * @param fileId The file ID
      * @return The file metadata
      */
-    @GetMapping("/api/v1/general/files/{fileId}/metadata")
+    @GetMapping("/files/{fileId}/metadata")
+    @Operation(summary = "Get file metadata")
     public ResponseEntity<?> getFileMetadata(@PathVariable("fileId") String fileId) {
         try {
             // Verify file exists
@@ -266,7 +277,8 @@ public class JobController {
      * @param fileId The file ID
      * @return The file content
      */
-    @GetMapping("/api/v1/general/files/{fileId}")
+    @GetMapping("/files/{fileId}")
+    @Operation(summary = "Download a file")
     public ResponseEntity<?> downloadFile(@PathVariable("fileId") String fileId) {
         try {
             // Verify file exists

app/core/src/main/resources/application.properties

@@ -5,7 +5,7 @@ logging.level.org.eclipse.jetty=WARN
 #logging.level.org.springframework.security.saml2=TRACE
 #logging.level.org.springframework.security=DEBUG
 #logging.level.org.opensaml=DEBUG
-#logging.level.stirling.software.SPDF.config.security: DEBUG
+#logging.level.stirling.software.proprietary.security=DEBUG
 logging.level.com.zaxxer.hikari=WARN
 spring.jpa.open-in-view=false
 server.forward-headers-strategy=NATIVE
@@ -47,4 +47,7 @@ posthog.host=https://eu.i.posthog.com
 spring.main.allow-bean-definition-overriding=true
 
 # Set up a consistent temporary directory location
-java.io.tmpdir=${stirling.tempfiles.directory:${java.io.tmpdir}/stirling-pdf}
+java.io.tmpdir=${stirling.tempfiles.directory:${java.io.tmpdir}/stirling-pdf}
+
+# V2 features
+v2=false

app/core/src/main/resources/messages_ar_AR.properties

@@ -366,6 +366,38 @@ navbar.sections.popular=المفضل
 settings.title=الإعدادات
 settings.update=التحديث متاح
 settings.updateAvailable={0} هو الإصدار المثبت حاليًا. إصدار جديد ({1}) متاح.
+
+# Update modal and notification strings
+update.urgentUpdateAvailable=🚨 Update Available
+update.updateAvailable=Update Available
+update.modalTitle=Update Available
+update.current=Current
+update.latest=Latest
+update.latestStable=Latest Stable
+update.priority=Priority
+update.recommendedAction=Recommended Action
+update.breakingChangesDetected=⚠️ Breaking Changes Detected
+update.breakingChangesMessage=This update contains breaking changes. Please review the migration guides below.
+update.migrationGuides=Migration Guides:
+update.viewGuide=View Guide
+update.loadingDetailedInfo=Loading detailed version information...
+update.close=Close
+update.viewAllReleases=View All Releases
+update.downloadLatest=Download Latest
+update.availableUpdates=Available Updates:
+update.unableToLoadDetails=Unable to load detailed version information.
+update.version=Version
+
+# Update priority levels
+update.priority.urgent=URGENT
+update.priority.normal=NORMAL
+update.priority.minor=MINOR
+update.priority.low=LOW
+
+# Breaking changes text
+update.breakingChanges=Breaking Changes:
+update.breakingChangesDefault=This version contains breaking changes
+update.migrationGuide=Migration Guide
 settings.appVersion=إصدار التطبيق:
 settings.downloadOption.title=تحديد خيار التنزيل (للتنزيلات ذات الملف الواحد غير المضغوط):
 settings.downloadOption.1=فتح في نفس النافذة
@@ -876,6 +908,7 @@ login.alreadyLoggedIn=لقد تسجل دخولًا إلى
 login.alreadyLoggedIn2=أجهزة أخرى. يرجى تسجيل الخروج من الأجهزة وحاول مرة أخرى.
 login.toManySessions=لديك عدة جلسات نشطة
 login.logoutMessage=You have been logged out.
+login.invalidInResponseTo=The requested SAML response is invalid or has expired. Please contact the administrator.
 
 #auto-redact
 autoRedact.title=حجب تلقائي
@@ -1048,7 +1081,7 @@ addPageNumbers.selectText.5=الصفحات المراد ترقيمها
 addPageNumbers.selectText.6=نص مخصص
 addPageNumbers.customTextDesc=نص مخصص
 addPageNumbers.numberPagesDesc=أي الصفحات المراد ترقيمها، الافتراضي 'الكل'، يقبل أيضًا 1-5 أو 2,5,9 إلخ
-addPageNumbers.customNumberDesc=الافتراضي هو {n}، يقبل أيضًا 'الصفحة {n} من {total}'، 'نص-{n}'، '{filename}-{n}
+addPageNumbers.customNumberDesc=الافتراضي هو {n}، يقبل أيضًا 'الصفحة {n} من {total}'، 'نص-{n}'، '{filename}-{n}'
 addPageNumbers.submit=إضافة أرقام الصفحات
 
 
@@ -1402,6 +1435,7 @@ pdfToImage.colorType=نوع اللون
 pdfToImage.color=اللون
 pdfToImage.grey=تدرج الرمادي
 pdfToImage.blackwhite=أبيض وأسود (قد يفقد البيانات!)
+pdfToImage.dpi=DPI (The server limit is {0} dpi)
 pdfToImage.submit=تحويل
 pdfToImage.info=Python غير مثبت. مطلوب لتحويل WebP.
 pdfToImage.placeholder=(مثال: 1,2,8 أو 4,7,12-16 أو 2n-1)
@@ -1859,6 +1893,12 @@ editTableOfContents.replaceExisting=Replace existing bookmarks (uncheck to appen
 editTableOfContents.editorTitle=Bookmark Editor
 editTableOfContents.editorDesc=Add and arrange bookmarks below. Click + to add child bookmarks.
 editTableOfContents.addBookmark=Add New Bookmark
+editTableOfContents.importBookmarksDefault=Import
+editTableOfContents.importBookmarksFromJsonFile=Upload JSON file
+editTableOfContents.importBookmarksFromClipboard=Paste from clipboard
+editTableOfContents.exportBookmarksDefault=Export
+editTableOfContents.exportBookmarksAsJson=Download as JSON
+editTableOfContents.exportBookmarksAsText=Copy as text
 editTableOfContents.desc.1=This tool allows you to add or edit the table of contents (bookmarks) in a PDF document.
 editTableOfContents.desc.2=You can create a hierarchical structure by adding child bookmarks to parent bookmarks.
 editTableOfContents.desc.3=Each bookmark requires a title and target page number.

app/core/src/main/resources/messages_az_AZ.properties

@@ -366,6 +366,38 @@ navbar.sections.popular=Populyar
 settings.title=Parametrlər
 settings.update=Yeniləmə mövcuddur
 settings.updateAvailable={0} cari quraşdırılmış versiyadır. Yeni ({1}) versiyası mövcuddur.
+
+# Update modal and notification strings
+update.urgentUpdateAvailable=🚨 Update Available
+update.updateAvailable=Update Available
+update.modalTitle=Update Available
+update.current=Current
+update.latest=Latest
+update.latestStable=Latest Stable
+update.priority=Priority
+update.recommendedAction=Recommended Action
+update.breakingChangesDetected=⚠️ Breaking Changes Detected
+update.breakingChangesMessage=This update contains breaking changes. Please review the migration guides below.
+update.migrationGuides=Migration Guides:
+update.viewGuide=View Guide
+update.loadingDetailedInfo=Loading detailed version information...
+update.close=Close
+update.viewAllReleases=View All Releases
+update.downloadLatest=Download Latest
+update.availableUpdates=Available Updates:
+update.unableToLoadDetails=Unable to load detailed version information.
+update.version=Version
+
+# Update priority levels
+update.priority.urgent=URGENT
+update.priority.normal=NORMAL
+update.priority.minor=MINOR
+update.priority.low=LOW
+
+# Breaking changes text
+update.breakingChanges=Breaking Changes:
+update.breakingChangesDefault=This version contains breaking changes
+update.migrationGuide=Migration Guide
 settings.appVersion=Proqram Versiyası:
 settings.downloadOption.title=Yükləmə versiyasını seçin (Tək fayllı zip olmayan yükləmələr üçün):
 settings.downloadOption.1=Eyni pəncərədə açın
@@ -876,6 +908,7 @@ login.alreadyLoggedIn=Siz artıq daxil olmusunuz
 login.alreadyLoggedIn2=cihazlar. Zəhmət olmasa, cihazlardan çıxış edin və yenidən cəhd edin.
 login.toManySessions=Həddindən artıq aktiv sessiyanız var
 login.logoutMessage=You have been logged out.
+login.invalidInResponseTo=The requested SAML response is invalid or has expired. Please contact the administrator.
 
 #auto-redact
 autoRedact.title=Avtomatik Gizlətmə
@@ -1048,7 +1081,7 @@ addPageNumbers.selectText.5=Səhifələrə nömrə əlavə edin
 addPageNumbers.selectText.6=Fərdi Mətn
 addPageNumbers.customTextDesc=Fərdi Mətn
 addPageNumbers.numberPagesDesc=Hansı səhifələrin nömrələnəcəyini seçin, default 'all', və ya 1-5, 2,5,9 kimi yazılış qəbul olunur
-addPageNumbers.customNumberDesc=Defolt olaraq {n}, və ya 'Page {n} of {total}', 'Text-{n}', '{filename}-{n}
+addPageNumbers.customNumberDesc=Defolt olaraq {n}, və ya 'Page {n} of {total}', 'Text-{n}', '{filename}-{n}'
 addPageNumbers.submit=Səhifə Nömrələri əlavə edin
 
 
@@ -1402,6 +1435,7 @@ pdfToImage.colorType=Rəng Tipi
 pdfToImage.color=Rəng
 pdfToImage.grey=Boz Tonlama
 pdfToImage.blackwhite=Qara və Ağ (Data İtə Bilər)
+pdfToImage.dpi=DPI (The server limit is {0} dpi)
 pdfToImage.submit=Çevir
 pdfToImage.info=Python Yüklü Deyil.WebP Çevirməsi Üçün Vacibdir
 pdfToImage.placeholder=(məsələn, 1,2,8 və ya 4,7,12-16 və ya 2n-1)
@@ -1859,6 +1893,12 @@ editTableOfContents.replaceExisting=Replace existing bookmarks (uncheck to appen
 editTableOfContents.editorTitle=Bookmark Editor
 editTableOfContents.editorDesc=Add and arrange bookmarks below. Click + to add child bookmarks.
 editTableOfContents.addBookmark=Add New Bookmark
+editTableOfContents.importBookmarksDefault=Import
+editTableOfContents.importBookmarksFromJsonFile=Upload JSON file
+editTableOfContents.importBookmarksFromClipboard=Paste from clipboard
+editTableOfContents.exportBookmarksDefault=Export
+editTableOfContents.exportBookmarksAsJson=Download as JSON
+editTableOfContents.exportBookmarksAsText=Copy as text
 editTableOfContents.desc.1=This tool allows you to add or edit the table of contents (bookmarks) in a PDF document.
 editTableOfContents.desc.2=You can create a hierarchical structure by adding child bookmarks to parent bookmarks.
 editTableOfContents.desc.3=Each bookmark requires a title and target page number.

app/core/src/main/resources/messages_bg_BG.properties

@@ -366,6 +366,38 @@ navbar.sections.popular=Популярни
 settings.title=Настройки
 settings.update=Налична актуализация
 settings.updateAvailable={0} е текущата инсталирана версия. Налична е нова версия ({1}).
+
+# Update modal and notification strings
+update.urgentUpdateAvailable=🚨 Update Available
+update.updateAvailable=Update Available
+update.modalTitle=Update Available
+update.current=Current
+update.latest=Latest
+update.latestStable=Latest Stable
+update.priority=Priority
+update.recommendedAction=Recommended Action
+update.breakingChangesDetected=⚠️ Breaking Changes Detected
+update.breakingChangesMessage=This update contains breaking changes. Please review the migration guides below.
+update.migrationGuides=Migration Guides:
+update.viewGuide=View Guide
+update.loadingDetailedInfo=Loading detailed version information...
+update.close=Close
+update.viewAllReleases=View All Releases
+update.downloadLatest=Download Latest
+update.availableUpdates=Available Updates:
+update.unableToLoadDetails=Unable to load detailed version information.
+update.version=Version
+
+# Update priority levels
+update.priority.urgent=URGENT
+update.priority.normal=NORMAL
+update.priority.minor=MINOR
+update.priority.low=LOW
+
+# Breaking changes text
+update.breakingChanges=Breaking Changes:
+update.breakingChangesDefault=This version contains breaking changes
+update.migrationGuide=Migration Guide
 settings.appVersion=Версия на приложението:
 settings.downloadOption.title=Изберете опция за изтегляне (за изтегляния на един файл без да е архивиран):
 settings.downloadOption.1=Отваряне в същия прозорец
@@ -876,6 +908,7 @@ login.alreadyLoggedIn=Вече сте влезли в
 login.alreadyLoggedIn2=устройства. Моля, излезте от устройствата и опитайте отново.
 login.toManySessions=Имате твърде много активни сесии
 login.logoutMessage=You have been logged out.
+login.invalidInResponseTo=The requested SAML response is invalid or has expired. Please contact the administrator.
 
 #auto-redact
 autoRedact.title=Автоматично редактиране
@@ -1048,7 +1081,7 @@ addPageNumbers.selectText.5=Страници към номер
 addPageNumbers.selectText.6=Персонализиран текст
 addPageNumbers.customTextDesc=Персонализиран текст
 addPageNumbers.numberPagesDesc=Кои страници да номерирате, по подразбиране 'всички', също приема 1-5 или 2,5,9 и т.н.
-addPageNumbers.customNumberDesc=По подразбиране е {n}, също приема 'Страница {n} от {total}', 'Текст-{n}', '{filename}-{n}
+addPageNumbers.customNumberDesc=По подразбиране е {n}, също приема 'Страница {n} от {total}', 'Текст-{n}', '{filename}-{n}'
 addPageNumbers.submit=Добавяне на номера на страници
 
 
@@ -1402,6 +1435,7 @@ pdfToImage.colorType=Тип цвят
 pdfToImage.color=Цвят
 pdfToImage.grey=Скала на сивото
 pdfToImage.blackwhite=Черно и бяло (може да загубите данни!)
+pdfToImage.dpi=DPI (The server limit is {0} dpi)
 pdfToImage.submit=Преобразуване
 pdfToImage.info=Python не е инсталиран. Изисква се за конвертиране на WebP.
 pdfToImage.placeholder=(e.g. 1,2,8 or 4,7,12-16 or 2n-1)
@@ -1859,6 +1893,12 @@ editTableOfContents.replaceExisting=Replace existing bookmarks (uncheck to appen
 editTableOfContents.editorTitle=Bookmark Editor
 editTableOfContents.editorDesc=Add and arrange bookmarks below. Click + to add child bookmarks.
 editTableOfContents.addBookmark=Add New Bookmark
+editTableOfContents.importBookmarksDefault=Import
+editTableOfContents.importBookmarksFromJsonFile=Upload JSON file
+editTableOfContents.importBookmarksFromClipboard=Paste from clipboard
+editTableOfContents.exportBookmarksDefault=Export
+editTableOfContents.exportBookmarksAsJson=Download as JSON
+editTableOfContents.exportBookmarksAsText=Copy as text
 editTableOfContents.desc.1=This tool allows you to add or edit the table of contents (bookmarks) in a PDF document.
 editTableOfContents.desc.2=You can create a hierarchical structure by adding child bookmarks to parent bookmarks.
 editTableOfContents.desc.3=Each bookmark requires a title and target page number.

app/core/src/main/resources/messages_bo_CN.properties

@@ -366,6 +366,38 @@ navbar.sections.popular=སྤྱི་མོས།
 settings.title=སྒྲིག་འགོད།
 settings.update=གསར་སྒྱུར་ཡོད།
 settings.updateAvailable={0} ནི་ད་ལྟ་སྒྲིག་འཇུག་བྱས་པའི་པར་གཞི་ཡིན། པར་གཞི་གསར་པ་ ({1}) ཡོད།
+
+# Update modal and notification strings
+update.urgentUpdateAvailable=🚨 Update Available
+update.updateAvailable=Update Available
+update.modalTitle=Update Available
+update.current=Current
+update.latest=Latest
+update.latestStable=Latest Stable
+update.priority=Priority
+update.recommendedAction=Recommended Action
+update.breakingChangesDetected=⚠️ Breaking Changes Detected
+update.breakingChangesMessage=This update contains breaking changes. Please review the migration guides below.
+update.migrationGuides=Migration Guides:
+update.viewGuide=View Guide
+update.loadingDetailedInfo=Loading detailed version information...
+update.close=Close
+update.viewAllReleases=View All Releases
+update.downloadLatest=Download Latest
+update.availableUpdates=Available Updates:
+update.unableToLoadDetails=Unable to load detailed version information.
+update.version=Version
+
+# Update priority levels
+update.priority.urgent=URGENT
+update.priority.normal=NORMAL
+update.priority.minor=MINOR
+update.priority.low=LOW
+
+# Breaking changes text
+update.breakingChanges=Breaking Changes:
+update.breakingChangesDefault=This version contains breaking changes
+update.migrationGuide=Migration Guide
 settings.appVersion=མཉེན་ཆས་པར་གཞི།
 settings.downloadOption.title=ཕབ་ལེན་གདམ་ག་འདེམས་རོགས། (ཡིག་ཆ་རྐྱང་པ་ zip མིན་པའི་ཕབ་ལེན་ཆེད།)：
 settings.downloadOption.1=སྒེའུ་ཁུང་གཅིག་པའི་ནང་ཁ་ཕྱེ།
@@ -876,6 +908,7 @@ login.alreadyLoggedIn=ཁྱེད་རང་
 login.alreadyLoggedIn2=སྒྲིག་ཆས་ནང་ནང་འཛུལ་བྱས་ཟིན། སྒྲིག་ཆས་ནས་ཕྱིར་འཐེན་བྱས་ནས་ཡང་བསྐྱར་ཚོད་ལྟ་བྱེད་རོགས།
 login.toManySessions=ཁྱེད་ལ་འཛུལ་ཞུགས་བྱས་པའི་གནས་སྐབས་མང་དྲགས་འདུག
 login.logoutMessage=You have been logged out.
+login.invalidInResponseTo=The requested SAML response is invalid or has expired. Please contact the administrator.
 
 #auto-redact
 autoRedact.title=རང་འགུལ་སྒྲིབ་སྲུང་།
@@ -1402,6 +1435,7 @@ pdfToImage.colorType=ཚོས་མདོག་གི་རིགས།
 pdfToImage.color=ཚོས་མདོག
 pdfToImage.grey=སྐྱ་མདོག
 pdfToImage.blackwhite=དཀར་ནག (གནས་ཚུལ་བརླག་སྲིད།)
+pdfToImage.dpi=DPI (The server limit is {0} dpi)
 pdfToImage.submit=བསྒྱུར་བ།
 pdfToImage.info=Python སྒྲིག་འཇུག་བྱས་མི་འདུག WebP བསྒྱུར་བར་དགོས་མཁོ་ཡིན།
 pdfToImage.placeholder=(དཔེར་ན། 1,2,8 ཡང་ན་ 4,7,12-16 ཡང་ན་ 2n-1)
@@ -1859,6 +1893,12 @@ editTableOfContents.replaceExisting=Replace existing bookmarks (uncheck to appen
 editTableOfContents.editorTitle=Bookmark Editor
 editTableOfContents.editorDesc=Add and arrange bookmarks below. Click + to add child bookmarks.
 editTableOfContents.addBookmark=Add New Bookmark
+editTableOfContents.importBookmarksDefault=Import
+editTableOfContents.importBookmarksFromJsonFile=Upload JSON file
+editTableOfContents.importBookmarksFromClipboard=Paste from clipboard
+editTableOfContents.exportBookmarksDefault=Export
+editTableOfContents.exportBookmarksAsJson=Download as JSON
+editTableOfContents.exportBookmarksAsText=Copy as text
 editTableOfContents.desc.1=This tool allows you to add or edit the table of contents (bookmarks) in a PDF document.
 editTableOfContents.desc.2=You can create a hierarchical structure by adding child bookmarks to parent bookmarks.
 editTableOfContents.desc.3=Each bookmark requires a title and target page number.

app/core/src/main/resources/messages_ca_CA.properties

@@ -366,6 +366,38 @@ navbar.sections.popular=Popular
 settings.title=Opcions
 settings.update=Actualització Disponible
 settings.updateAvailable=La versió actual instal·lada és {0}. Una nova versió ({1}) està disponible.
+
+# Update modal and notification strings
+update.urgentUpdateAvailable=🚨 Update Available
+update.updateAvailable=Update Available
+update.modalTitle=Update Available
+update.current=Current
+update.latest=Latest
+update.latestStable=Latest Stable
+update.priority=Priority
+update.recommendedAction=Recommended Action
+update.breakingChangesDetected=⚠️ Breaking Changes Detected
+update.breakingChangesMessage=This update contains breaking changes. Please review the migration guides below.
+update.migrationGuides=Migration Guides:
+update.viewGuide=View Guide
+update.loadingDetailedInfo=Loading detailed version information...
+update.close=Close
+update.viewAllReleases=View All Releases
+update.downloadLatest=Download Latest
+update.availableUpdates=Available Updates:
+update.unableToLoadDetails=Unable to load detailed version information.
+update.version=Version
+
+# Update priority levels
+update.priority.urgent=URGENT
+update.priority.normal=NORMAL
+update.priority.minor=MINOR
+update.priority.low=LOW
+
+# Breaking changes text
+update.breakingChanges=Breaking Changes:
+update.breakingChangesDefault=This version contains breaking changes
+update.migrationGuide=Migration Guide
 settings.appVersion=Versió de l'App:
 settings.downloadOption.title=Trieu l'opció de descàrrega (per a descàrregues d'un sol fitxer no comprimit):
 settings.downloadOption.1=Obre en la mateixa finestra
@@ -876,6 +908,7 @@ login.alreadyLoggedIn=Ja has iniciat sessió a
 login.alreadyLoggedIn2=dispositius. Si us plau, tanca la sessió en els dispositius i torna-ho a intentar.
 login.toManySessions=Tens massa sessions actives
 login.logoutMessage=You have been logged out.
+login.invalidInResponseTo=The requested SAML response is invalid or has expired. Please contact the administrator.
 
 #auto-redact
 autoRedact.title=Redacció Automàtica
@@ -1402,6 +1435,7 @@ pdfToImage.colorType=Tipus de Color
 pdfToImage.color=Color
 pdfToImage.grey=Escala de Grisos
 pdfToImage.blackwhite=Blanc i Negre (Pot perdre dades!)
+pdfToImage.dpi=DPI (The server limit is {0} dpi)
 pdfToImage.submit=Converteix
 pdfToImage.info=Python no està instal·lat. És necessari per a la conversió a WebP.
 pdfToImage.placeholder=(p. ex. 1,2,8 o 4,7,12-16 o 2n-1)
@@ -1859,6 +1893,12 @@ editTableOfContents.replaceExisting=Replace existing bookmarks (uncheck to appen
 editTableOfContents.editorTitle=Bookmark Editor
 editTableOfContents.editorDesc=Add and arrange bookmarks below. Click + to add child bookmarks.
 editTableOfContents.addBookmark=Add New Bookmark
+editTableOfContents.importBookmarksDefault=Import
+editTableOfContents.importBookmarksFromJsonFile=Upload JSON file
+editTableOfContents.importBookmarksFromClipboard=Paste from clipboard
+editTableOfContents.exportBookmarksDefault=Export
+editTableOfContents.exportBookmarksAsJson=Download as JSON
+editTableOfContents.exportBookmarksAsText=Copy as text
 editTableOfContents.desc.1=This tool allows you to add or edit the table of contents (bookmarks) in a PDF document.
 editTableOfContents.desc.2=You can create a hierarchical structure by adding child bookmarks to parent bookmarks.
 editTableOfContents.desc.3=Each bookmark requires a title and target page number.

app/core/src/main/resources/messages_cs_CZ.properties

@@ -366,6 +366,38 @@ navbar.sections.popular=Oblíbené
 settings.title=Nastavení
 settings.update=K dispozici je aktualizace
 settings.updateAvailable={0} je aktuálně nainstalovaná verze. Je k dispozici nová verze ({1}).
+
+# Update modal and notification strings
+update.urgentUpdateAvailable=🚨 Update Available
+update.updateAvailable=Update Available
+update.modalTitle=Update Available
+update.current=Current
+update.latest=Latest
+update.latestStable=Latest Stable
+update.priority=Priority
+update.recommendedAction=Recommended Action
+update.breakingChangesDetected=⚠️ Breaking Changes Detected
+update.breakingChangesMessage=This update contains breaking changes. Please review the migration guides below.
+update.migrationGuides=Migration Guides:
+update.viewGuide=View Guide
+update.loadingDetailedInfo=Loading detailed version information...
+update.close=Close
+update.viewAllReleases=View All Releases
+update.downloadLatest=Download Latest
+update.availableUpdates=Available Updates:
+update.unableToLoadDetails=Unable to load detailed version information.
+update.version=Version
+
+# Update priority levels
+update.priority.urgent=URGENT
+update.priority.normal=NORMAL
+update.priority.minor=MINOR
+update.priority.low=LOW
+
+# Breaking changes text
+update.breakingChanges=Breaking Changes:
+update.breakingChangesDefault=This version contains breaking changes
+update.migrationGuide=Migration Guide
 settings.appVersion=Verze aplikace:
 settings.downloadOption.title=Vyberte možnost stahování (Pro stahování jednoho souboru bez zipu):
 settings.downloadOption.1=Otevřít ve stejném okně
@@ -876,6 +908,7 @@ login.alreadyLoggedIn=Již jste přihlášeni na
 login.alreadyLoggedIn2=zařízeních. Odhlaste se prosím z těchto zařízení a zkuste to znovu.
 login.toManySessions=Máte příliš mnoho aktivních relací
 login.logoutMessage=You have been logged out.
+login.invalidInResponseTo=The requested SAML response is invalid or has expired. Please contact the administrator.
 
 #auto-redact
 autoRedact.title=Automatické začernění
@@ -1402,6 +1435,7 @@ pdfToImage.colorType=Typ barev
 pdfToImage.color=Barevný
 pdfToImage.grey=Stupně šedi
 pdfToImage.blackwhite=Černobílý (Může dojít ke ztrátě dat!)
+pdfToImage.dpi=DPI (The server limit is {0} dpi)
 pdfToImage.submit=Převést
 pdfToImage.info=Python není nainstalován. Vyžadován pro konverzi do WebP.
 pdfToImage.placeholder=(např. 1,2,8 nebo 4,7,12-16 nebo 2n-1)
@@ -1859,6 +1893,12 @@ editTableOfContents.replaceExisting=Replace existing bookmarks (uncheck to appen
 editTableOfContents.editorTitle=Bookmark Editor
 editTableOfContents.editorDesc=Add and arrange bookmarks below. Click + to add child bookmarks.
 editTableOfContents.addBookmark=Add New Bookmark
+editTableOfContents.importBookmarksDefault=Import
+editTableOfContents.importBookmarksFromJsonFile=Upload JSON file
+editTableOfContents.importBookmarksFromClipboard=Paste from clipboard
+editTableOfContents.exportBookmarksDefault=Export
+editTableOfContents.exportBookmarksAsJson=Download as JSON
+editTableOfContents.exportBookmarksAsText=Copy as text
 editTableOfContents.desc.1=This tool allows you to add or edit the table of contents (bookmarks) in a PDF document.
 editTableOfContents.desc.2=You can create a hierarchical structure by adding child bookmarks to parent bookmarks.
 editTableOfContents.desc.3=Each bookmark requires a title and target page number.

app/core/src/main/resources/messages_da_DK.properties

@@ -366,6 +366,38 @@ navbar.sections.popular=Populære
 settings.title=Indstillinger
 settings.update=Opdatering tilgængelig
 settings.updateAvailable={0} er den aktuelt installerede version. En ny version ({1}) er tilgængelig.
+
+# Update modal and notification strings
+update.urgentUpdateAvailable=🚨 Update Available
+update.updateAvailable=Update Available
+update.modalTitle=Update Available
+update.current=Current
+update.latest=Latest
+update.latestStable=Latest Stable
+update.priority=Priority
+update.recommendedAction=Recommended Action
+update.breakingChangesDetected=⚠️ Breaking Changes Detected
+update.breakingChangesMessage=This update contains breaking changes. Please review the migration guides below.
+update.migrationGuides=Migration Guides:
+update.viewGuide=View Guide
+update.loadingDetailedInfo=Loading detailed version information...
+update.close=Close
+update.viewAllReleases=View All Releases
+update.downloadLatest=Download Latest
+update.availableUpdates=Available Updates:
+update.unableToLoadDetails=Unable to load detailed version information.
+update.version=Version
+
+# Update priority levels
+update.priority.urgent=URGENT
+update.priority.normal=NORMAL
+update.priority.minor=MINOR
+update.priority.low=LOW
+
+# Breaking changes text
+update.breakingChanges=Breaking Changes:
+update.breakingChangesDefault=This version contains breaking changes
+update.migrationGuide=Migration Guide
 settings.appVersion=App Version:
 settings.downloadOption.title=Vælg download mulighed (For enkelt fil ikke-zip downloads):
 settings.downloadOption.1=Åbn i samme vindue
@@ -876,6 +908,7 @@ login.alreadyLoggedIn=Du er allerede logget ind på
 login.alreadyLoggedIn2=enheder. Log ud af disse enheder og prøv igen.
 login.toManySessions=Du har for mange aktive sessoner
 login.logoutMessage=You have been logged out.
+login.invalidInResponseTo=The requested SAML response is invalid or has expired. Please contact the administrator.
 
 #auto-redact
 autoRedact.title=Auto Rediger
@@ -1048,7 +1081,7 @@ addPageNumbers.selectText.5=Sider at nummerere
 addPageNumbers.selectText.6=Brugerdefineret Tekst
 addPageNumbers.customTextDesc=Brugerdefineret Tekst
 addPageNumbers.numberPagesDesc=Hvilke sider der skal nummereres, standard 'alle', accepterer også 1-5 eller 2,5,9 osv.
-addPageNumbers.customNumberDesc=Standard er {n}, accepterer også 'Side {n} af {total}', 'Tekst-{n}', '{filnavn}-{n}
+addPageNumbers.customNumberDesc=Standard er {n}, accepterer også 'Side {n} af {total}', 'Tekst-{n}', '{filename}-{n}'
 addPageNumbers.submit=Tilføj Sidenumre
 
 
@@ -1402,6 +1435,7 @@ pdfToImage.colorType=Farvetype
 pdfToImage.color=Farve
 pdfToImage.grey=Gråtone
 pdfToImage.blackwhite=Sort og Hvid (Kan miste data!)
+pdfToImage.dpi=DPI (The server limit is {0} dpi)
 pdfToImage.submit=Konvertér
 pdfToImage.info=Python er ikke installeret. Påkrævet for WebP-konvertering.
 pdfToImage.placeholder=(f.eks. 1,2,8 eller 4,7,12-16 eller 2n-1)
@@ -1859,6 +1893,12 @@ editTableOfContents.replaceExisting=Replace existing bookmarks (uncheck to appen
 editTableOfContents.editorTitle=Bookmark Editor
 editTableOfContents.editorDesc=Add and arrange bookmarks below. Click + to add child bookmarks.
 editTableOfContents.addBookmark=Add New Bookmark
+editTableOfContents.importBookmarksDefault=Import
+editTableOfContents.importBookmarksFromJsonFile=Upload JSON file
+editTableOfContents.importBookmarksFromClipboard=Paste from clipboard
+editTableOfContents.exportBookmarksDefault=Export
+editTableOfContents.exportBookmarksAsJson=Download as JSON
+editTableOfContents.exportBookmarksAsText=Copy as text
 editTableOfContents.desc.1=This tool allows you to add or edit the table of contents (bookmarks) in a PDF document.
 editTableOfContents.desc.2=You can create a hierarchical structure by adding child bookmarks to parent bookmarks.
 editTableOfContents.desc.3=Each bookmark requires a title and target page number.

app/core/src/main/resources/messages_de_DE.properties

@@ -366,6 +366,38 @@ navbar.sections.popular=Beliebt
 settings.title=Einstellungen
 settings.update=Update verfügbar
 settings.updateAvailable={0} ist die aktuelle installierte Version. Eine neue Version ({1}) ist verfügbar.
+
+# Update modal and notification strings
+update.urgentUpdateAvailable=🚨 Update Available
+update.updateAvailable=Update Available
+update.modalTitle=Update Available
+update.current=Current
+update.latest=Latest
+update.latestStable=Latest Stable
+update.priority=Priority
+update.recommendedAction=Recommended Action
+update.breakingChangesDetected=⚠️ Breaking Changes Detected
+update.breakingChangesMessage=This update contains breaking changes. Please review the migration guides below.
+update.migrationGuides=Migration Guides:
+update.viewGuide=View Guide
+update.loadingDetailedInfo=Loading detailed version information...
+update.close=Close
+update.viewAllReleases=View All Releases
+update.downloadLatest=Download Latest
+update.availableUpdates=Available Updates:
+update.unableToLoadDetails=Unable to load detailed version information.
+update.version=Version
+
+# Update priority levels
+update.priority.urgent=URGENT
+update.priority.normal=NORMAL
+update.priority.minor=MINOR
+update.priority.low=LOW
+
+# Breaking changes text
+update.breakingChanges=Breaking Changes:
+update.breakingChangesDefault=This version contains breaking changes
+update.migrationGuide=Migration Guide
 settings.appVersion=App-Version:
 settings.downloadOption.title=Download-Option wählen (für einzelne Dateien, die keine Zip-Downloads sind):
 settings.downloadOption.1=Im selben Fenster öffnen
@@ -876,6 +908,7 @@ login.alreadyLoggedIn=Sie sind bereits an
 login.alreadyLoggedIn2=Geräten angemeldet. Bitte melden Sie sich dort ab und versuchen es dann erneut.
 login.toManySessions=Sie haben zu viele aktive Sitzungen
 login.logoutMessage=Sie wurden erfolgreich abgemeldet.
+login.invalidInResponseTo=The requested SAML response is invalid or has expired. Please contact the administrator.
 
 #auto-redact
 autoRedact.title=Automatisch zensieren/schwärzen
@@ -1402,6 +1435,7 @@ pdfToImage.colorType=Farbtyp
 pdfToImage.color=Farbe
 pdfToImage.grey=Graustufen
 pdfToImage.blackwhite=Schwarzweiß (Datenverlust möglich!)
+pdfToImage.dpi=DPI (The server limit is {0} dpi)
 pdfToImage.submit=Umwandeln
 pdfToImage.info=Python ist nicht installiert. Erforderlich für die WebP-Konvertierung.
 pdfToImage.placeholder=(z.B. 1,2,8 oder 4,7,12-16 oder 2n-1)
@@ -1859,6 +1893,12 @@ editTableOfContents.replaceExisting=Vorhandene Lesezeichen ersetzen (deaktiviere
 editTableOfContents.editorTitle=Lesezeichen-Editor
 editTableOfContents.editorDesc=Fügen unten Lesezeichen hinzu und ordne sie an. Klicke auf +, um das untergeordnete Lesezeichen hinzuzufügen.
 editTableOfContents.addBookmark=Neues Lesezeichen hinzufügen
+editTableOfContents.importBookmarksDefault=Importieren
+editTableOfContents.importBookmarksFromJsonFile=JSON-Datei hochladen
+editTableOfContents.importBookmarksFromClipboard=Aus Zwischenablage einfügen
+editTableOfContents.exportBookmarksDefault=Exportieren
+editTableOfContents.exportBookmarksAsJson=Als JSON herunterladen
+editTableOfContents.exportBookmarksAsText=Als Text kopieren
 editTableOfContents.desc.1=Mit diesem Werkzeug können Sie das Inhaltsverzeichnis (Lesezeichen) eines PDF-Dokuments hinzufügen oder bearbeiten.
 editTableOfContents.desc.2=Sie können eine hierarchische Struktur erstellen, indem Sie untergeordnete Lesezeichen zu übergeordneten hinzufügen.
 editTableOfContents.desc.3=Jedes Lesezeichen benötigt einen Titel und eine Seitenzahl.

app/core/src/main/resources/messages_el_GR.properties

@@ -366,6 +366,38 @@ navbar.sections.popular=Δημοφιλή
 settings.title=Ρυθμίσεις
 settings.update=Διαθέσιμη ενημέρωση
 settings.updateAvailable={0} είναι η τρέχουσα εγκατεστημένη έκδοση. Μια νέα έκδοση ({1}) είναι διαθέσιμη.
+
+# Update modal and notification strings
+update.urgentUpdateAvailable=🚨 Update Available
+update.updateAvailable=Update Available
+update.modalTitle=Update Available
+update.current=Current
+update.latest=Latest
+update.latestStable=Latest Stable
+update.priority=Priority
+update.recommendedAction=Recommended Action
+update.breakingChangesDetected=⚠️ Breaking Changes Detected
+update.breakingChangesMessage=This update contains breaking changes. Please review the migration guides below.
+update.migrationGuides=Migration Guides:
+update.viewGuide=View Guide
+update.loadingDetailedInfo=Loading detailed version information...
+update.close=Close
+update.viewAllReleases=View All Releases
+update.downloadLatest=Download Latest
+update.availableUpdates=Available Updates:
+update.unableToLoadDetails=Unable to load detailed version information.
+update.version=Version
+
+# Update priority levels
+update.priority.urgent=URGENT
+update.priority.normal=NORMAL
+update.priority.minor=MINOR
+update.priority.low=LOW
+
+# Breaking changes text
+update.breakingChanges=Breaking Changes:
+update.breakingChangesDefault=This version contains breaking changes
+update.migrationGuide=Migration Guide
 settings.appVersion=Έκδοση εφαρμογής:
 settings.downloadOption.title=Επιλογή λήψης (Για μεμονωμένη λήψη αρχείων χωρίς συμπίεση):
 settings.downloadOption.1=Άνοιγμα στο ίδιο παράθυρο
@@ -876,6 +908,7 @@ login.alreadyLoggedIn=Είστε ήδη συνδεδεμένοι σε
 login.alreadyLoggedIn2=συσκευές. Παρακαλώ αποσυνδεθείτε από τις συσκευές και προσπαθήστε ξανά.
 login.toManySessions=Έχετε πάρα πολλές ενεργές συνεδρίες
 login.logoutMessage=You have been logged out.
+login.invalidInResponseTo=The requested SAML response is invalid or has expired. Please contact the administrator.
 
 #auto-redact
 autoRedact.title=Αυτόματη απόκρυψη
@@ -1048,7 +1081,7 @@ addPageNumbers.selectText.5=Σελίδες προς αρίθμηση
 addPageNumbers.selectText.6=Προσαρμοσμένο κείμενο
 addPageNumbers.customTextDesc=Προσαρμοσμένο κείμενο
 addPageNumbers.numberPagesDesc=Ποιες σελίδες να αριθμηθούν, προεπιλογή 'all', δέχεται επίσης 1-5 ή 2,5,9 κλπ
-addPageNumbers.customNumberDesc=Προεπιλογή σε {n}, δέχεται επίσης 'Σελίδα {n} από {total}', 'Κείμενο-{n}', '{filename}-{n}
+addPageNumbers.customNumberDesc=Προεπιλογή σε {n}, δέχεται επίσης 'Σελίδα {n} από {total}', 'Κείμενο-{n}', '{filename}-{n}'
 addPageNumbers.submit=Προσθήκη αριθμών σελίδων
 
 
@@ -1402,6 +1435,7 @@ pdfToImage.colorType=Τύπος χρώματος
 pdfToImage.color=Έγχρωμο
 pdfToImage.grey=Κλίμακα του γκρι
 pdfToImage.blackwhite=Ασπρόμαυρο (Μπορεί να χαθούν δεδομένα!)
+pdfToImage.dpi=DPI (The server limit is {0} dpi)
 pdfToImage.submit=Μετατροπή
 pdfToImage.info=Η Python δεν είναι εγκατεστημένη. Απαιτείται για μετατροπή WebP.
 pdfToImage.placeholder=(π.χ. 1,2,8 ή 4,7,12-16 ή 2n-1)
@@ -1859,6 +1893,12 @@ editTableOfContents.replaceExisting=Replace existing bookmarks (uncheck to appen
 editTableOfContents.editorTitle=Bookmark Editor
 editTableOfContents.editorDesc=Add and arrange bookmarks below. Click + to add child bookmarks.
 editTableOfContents.addBookmark=Add New Bookmark
+editTableOfContents.importBookmarksDefault=Import
+editTableOfContents.importBookmarksFromJsonFile=Upload JSON file
+editTableOfContents.importBookmarksFromClipboard=Paste from clipboard
+editTableOfContents.exportBookmarksDefault=Export
+editTableOfContents.exportBookmarksAsJson=Download as JSON
+editTableOfContents.exportBookmarksAsText=Copy as text
 editTableOfContents.desc.1=This tool allows you to add or edit the table of contents (bookmarks) in a PDF document.
 editTableOfContents.desc.2=You can create a hierarchical structure by adding child bookmarks to parent bookmarks.
 editTableOfContents.desc.3=Each bookmark requires a title and target page number.