From 90b1a645720aa9f86d65f38bc1111de113e1e2ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Sch=C3=A4fer?= <felix@thegcat.net>
Date: Wed, 2 Jul 2025 11:27:26 +0200
Subject: [PATCH 001/524] Make elasticsearch connection configurable
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Felix Schäfer <felix@thegcat.net>
---
 Containers/nextcloud/entrypoint.sh                          | 4 ++--
 manual-install/latest.yml                                   | 3 +++
 .../templates/nextcloud-aio-nextcloud-deployment.yaml       | 6 ++++++
 php/containers.json                                         | 3 +++
 4 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 4b6df98f..70e44984 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -809,7 +809,7 @@ fi
 
 # Fulltextsearch
 if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
-    while ! nc -z "$FULLTEXTSEARCH_HOST" 9200; do
+    while ! nc -z "$FULLTEXTSEARCH_HOST" "$FULLTEXTSEARCH_PORT"; do
         echo "waiting for Fulltextsearch to become available..."
         sleep 5
     done
@@ -835,7 +835,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:update files_fulltextsearch
     fi
     php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
-    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://elastic:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
+    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXT_PORT\",\"elastic_index\":\"$FULLTEXT_INDEX\"}"
     php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
 
     # Do the index
diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 04ac9193..84b113d3 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -165,6 +165,9 @@ services:
       - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
       - FULLTEXTSEARCH_ENABLED
       - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
+      - FULLTEXTSEARCH_PORT=9200
+      - FULLTEXTSEARCH_USER=elastic
+      - FULLTEXTSEARCH_INDEX=nextcloud-aio
       - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
       - TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR}
       - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 688ac9b4..ca6704d4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -110,6 +110,12 @@ spec:
               value: "{{ .Values.FULLTEXTSEARCH_ENABLED }}"
             - name: FULLTEXTSEARCH_HOST
               value: nextcloud-aio-fulltextsearch
+            - name: FULLTEXTSEARCH_PORT
+              value: 9200
+            - name: FULLTEXTSEARCH_USER
+              value: elastic
+            - name: FULLTEXTSEARCH_INDEX
+              value: nextcloud-aio
             - name: FULLTEXTSEARCH_PASSWORD
               value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}"
             - name: IMAGINARY_ENABLED
diff --git a/php/containers.json b/php/containers.json
index 38fdb09a..cead6d32 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -236,6 +236,9 @@
         "PHP_MEMORY_LIMIT=%NEXTCLOUD_MEMORY_LIMIT%",
         "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",
         "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch",
+        "FULLTEXTSEARCH_PORT=9200",
+        "FULLTEXTSEARCH_USER=elastic",
+        "FULLTEXTSEARCH_INDEX=nextcloud-aio",
         "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
         "TRUSTED_CACERTS_DIR=%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
         "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%",

From 4cf1a3839b5ac274938d3aff6d4c376303599f3b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 3 Jul 2025 15:12:00 +0200
Subject: [PATCH 002/524] collabora: change startup logs from trace to warning

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 38fdb09a..a03cee1a 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -377,7 +377,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",

From 4e25a56edcbc77c4c801bdfa1321c33643e8335a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 4 Jul 2025 04:42:43 +0000
Subject: [PATCH 003/524] build(deps): bump php in /Containers/mastercontainer

Bumps php from 8.4.8-fpm-alpine3.21 to 8.4.10-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.10-fpm-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index e5764d4c..8a8ac7ee 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:28.3.0-cli AS docker
 FROM caddy:2.10.0-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile
-FROM php:8.4.8-fpm-alpine3.21
+FROM php:8.4.10-fpm-alpine3.21
 
 ARG AIO_GIT_URL="https://github.com/nextcloud-releases/all-in-one.git"
 ARG AIO_GIT_BRANCH="main"

From b593f0388edeabeba80f6fbcd7d18017b7c4d052 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 4 Jul 2025 04:42:45 +0000
Subject: [PATCH 004/524] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.3.0-cli to 28.3.1-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.3.1-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index e5764d4c..3e8133c8 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.3.0-cli AS docker
+FROM docker:28.3.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.0-alpine AS caddy

From d0df45bf522368847e20ee37da169d4c2f028064 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 4 Jul 2025 04:43:06 +0000
Subject: [PATCH 005/524] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.22-fpm-alpine3.21 to 8.3.23-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.23-fpm-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index da201e06..9dbf231c 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.22-fpm-alpine3.21
+FROM php:8.3.23-fpm-alpine3.21
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From fc0d21cc49bca931ac84ee131abe428f588e965b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 4 Jul 2025 13:36:55 +0200
Subject: [PATCH 006/524] db-import: improve the import process by using the
 `smart` mode and a higher timeout

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/postgresql/start.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index dbb74196..551bb10e 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -128,7 +128,9 @@ EOSQL
     fi
 
     # Shut down the database to be able to start it again
-    pg_ctl stop -m fast
+    # The smart mode disallows new connections, then waits for all existing clients to disconnect and any online backup to finish
+    # Wait for 1800s to make sure that a checkpoint is completed successfully
+    pg_ctl stop -m smart -t 1800
 
     # Change database port back to default
     export PGPORT=5432

From b538bc7155bd82b6aebe5f7e76a8300672164606 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 4 Jul 2025 19:31:51 +0200
Subject: [PATCH 007/524] restore-instance: make hint more visible that backup
 needs to be restored two times if the backup contained any community
 container data

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig            | 4 ++--
 php/tests/tests/restore-instance.spec.js | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 6d50efd4..8f917380 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -163,7 +163,7 @@
                                             </form>
                                         {% endif %}
                                         <p>Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!</p>
-                                        <p><strong>Please note:</strong> If the backup that you want to restore contained any <a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">community container</a>, but you did not specify the same community containers via environmental variable while creating this new AIO instance, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.</p>
+                                        <p><strong>Important:</strong> If the backup that you want to restore contained any <a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">community container</a>, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.</p>
                                         <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -173,7 +173,7 @@
                                                 {% endfor %}
                                             </select><br>
                                             <input type="checkbox" id="restore-exclude-previews" name="restore-exclude-previews"><label for="restore-exclude-previews">Exclude previews from restore which will speed up the restore process but will trigger a scan of the preview folder as soon as the Nextcloud container starts the next time</label><br>
-                                            <input type="submit" value="Restore selected backup"/>
+                                            <input type="submit" value="Restore selected backup" onclick="return confirm('⚠️ Important: If the backup that you want to restore contained any community container, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.')"/>
                                         </form>
                                     {% endif %}
                                 {% elseif borg_backup_mode == 'restore' %}
diff --git a/php/tests/tests/restore-instance.spec.js b/php/tests/tests/restore-instance.spec.js
index 217218e5..c16f6700 100644
--- a/php/tests/tests/restore-instance.spec.js
+++ b/php/tests/tests/restore-instance.spec.js
@@ -59,6 +59,10 @@ test('Restore instance', async ({ page: setupPage }) => {
   // Check integrity and restore backup
   await containersPage.getByRole('button', { name: 'Check backup integrity' }).click();
   await expect(containersPage.getByRole('main')).toContainText('Last check successful!', { timeout: 5 * 60 * 1000 });
+  containersPage.once('dialog', dialog => {
+    console.log(`Dialog message: ${dialog.message()}`)
+    dialog.accept()
+  });
   await containersPage.getByRole('button', { name: 'Restore selected backup' }).click();
   await expect(containersPage.getByRole('main')).toContainText('Backup container is currently running:', { timeout: 1 * 60 * 1000 });
 

From 8d59472c3846e63f458b65e0fc78f90136abedd6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Jul 2025 05:16:09 +0000
Subject: [PATCH 008/524] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.3.1.1 to 25.04.3.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.3.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 5fd88186..d9086cb4 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.3.1.1
+FROM collabora/code:25.04.3.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 99b54546761f69b61c9d1236373afee8087c7934 Mon Sep 17 00:00:00 2001
From: Kai Biebel <38378574+seclution@users.noreply.github.com>
Date: Mon, 7 Jul 2025 09:59:34 +0200
Subject: [PATCH 009/524] Update reverse-proxy.md

Increase timeouts to prevent connection reset on uploads >100MB in clean Traefik setup

Signed-off-by: Kai Biebel <38378574+seclution@users.noreply.github.com>
---
 reverse-proxy.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 84aad3d1..785e9ace 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -765,6 +765,9 @@ The examples below define the dynamic configuration in YAML files. If you rather
     entryPoints:
       https:
         address: ":443" # Create an entrypoint called "https" that uses port 443
+          transport:
+            respondingTimeouts:
+              readTimeout: 30m # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links)
         # If you want to enable HTTP/3 support, uncomment the line below
         # http3: {}
     

From 80d23c01d6e44e77a22704e507d8d11246994264 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Jul 2025 05:35:29 +0000
Subject: [PATCH 010/524] build(deps): bump redis in /Containers/redis

Bumps redis from 7.2.9-alpine to 7.2.10-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-version: 7.2.10-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 92f2b17c..98f3d3f0 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
-FROM redis:7.2.9-alpine
+FROM redis:7.2.10-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From c288949b432163765c7f9a8b935e95aa073880dd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 8 Jul 2025 12:23:15 +0200
Subject: [PATCH 011/524] readme: add more explicit note that AIO is looking
 for contributors

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/readme.md b/readme.md
index 9338ea4a..81835401 100644
--- a/readme.md
+++ b/readme.md
@@ -1,4 +1,8 @@
 # Nextcloud All-in-One
+
+> [!NOTE]
+> Nextcloud AIO is actively looking for contributors. See [the forum post](https://help.nextcloud.com/t/nextcloud-aio-is-looking-for-contributors/205234).
+
 The official Nextcloud installation method. Nextcloud AIO provides easy deployment and maintenance with most features included in this one Nextcloud instance. 
 
 Included are:

From e07a27990a5d332d4d695d324c9a90eb4fd3b4da Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 8 Jul 2025 12:28:44 +0200
Subject: [PATCH 012/524] update config.yml and bug-report template

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 6 +++---
 .github/ISSUE_TEMPLATE/config.yml    | 5 +----
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index 66681d2e..f5dd328f 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -6,9 +6,9 @@ labels: 0. Needs triage
 
 <!---
 - Before submitting a bug report, please read through the documentation available at https://github.com/nextcloud/all-in-one#faq
-- If you use Cloudflare Tunnel or Cloudflare Proxy, see https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel for known issues/limitations and workarounds.
-- For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and makes it easier to help you.
-
+- Additional documentation is available here: https://github.com/nextcloud/all-in-one/discussions/categories/wiki
+- You should also read through existing questions and their answer here: https://github.com/nextcloud/all-in-one/discussions/categories/questions
+- Additional threads can be found here: https://help.nextcloud.com/tag/aio
 --->
 
 <!--- Please fill out the whole template below -->
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index bbeee846..0f14f48e 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -3,15 +3,12 @@ contact_links:
     - name: 📘 Documentation on Nextcloud AIO
       url: https://github.com/nextcloud/all-in-one#faq
       about: Please read the docs first before submitting any report or request!
-    - name: ⛑️ General questions and support
+    - name: ⛑️ Questions and support
       url: https://help.nextcloud.com/tag/aio
       about: For general questions, support and help
     - name: 💡 Suggest a new feature or discuss one
       url:  https://github.com/nextcloud/all-in-one/discussions/categories/ideas
       about: For new feature requests and discussion of existing ones
-    - name: ❓ Questions about Nextcloud AIO
-      url: https://github.com/nextcloud/all-in-one/discussions/categories/questions
-      about: For questions specifically about AIO
     - name: 💼 Nextcloud Enterprise
       url: https://portal.nextcloud.com/
       about: If you are a Nextcloud Enterprise customer, or need Professional support, so it can be resolved directly by our dedicated engineers more quickly

From 61ed785c7201e96a25a2ab8c498c1973c6a82f23 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 8 Jul 2025 12:31:03 +0200
Subject: [PATCH 013/524] fix detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index 0f14f48e..72ae238a 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -5,7 +5,7 @@ contact_links:
       about: Please read the docs first before submitting any report or request!
     - name: ⛑️ Questions and support
       url: https://help.nextcloud.com/tag/aio
-      about: For general questions, support and help
+      about: For questions, support and help
     - name: 💡 Suggest a new feature or discuss one
       url:  https://github.com/nextcloud/all-in-one/discussions/categories/ideas
       about: For new feature requests and discussion of existing ones

From 7961dc2fc50ec67e8ddbeeb59dc622e623554014 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 8 Jul 2025 12:03:32 +0000
Subject: [PATCH 014/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 73b56a53..825ff024 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4504,16 +4504,16 @@
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.12.0",
+            "version": "6.12.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "cf420941d061a57050b6c468ef2c778faf40aee2"
+                "reference": "e71404b0465be25cf7f8a631b298c01c5ddd864f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/cf420941d061a57050b6c468ef2c778faf40aee2",
-                "reference": "cf420941d061a57050b6c468ef2c778faf40aee2",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/e71404b0465be25cf7f8a631b298c01c5ddd864f",
+                "reference": "e71404b0465be25cf7f8a631b298c01c5ddd864f",
                 "shasum": ""
             },
             "require": {
@@ -4618,7 +4618,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-05-28T12:52:06+00:00"
+            "time": "2025-07-04T09:56:28+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",

From aeb133e86ca7e707d3e428fd9976deb8dcdb60bd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 8 Jul 2025 15:53:30 +0200
Subject: [PATCH 015/524] CreateContainer: Also add `diun.enable: false` to all
 managed containers

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index b3560968..206bc904 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -585,7 +585,8 @@ readonly class DockerActionManager {
         }
 
         // All AIO-managed containers should not be updated externally via watchtower but gracefully by AIO's backup and update feature.
-        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "org.label-schema.vendor" => "Nextcloud"];
+        // Also DIUN should not send update notifications. See https://crazymax.dev/diun/providers/docker/#docker-labels 
+        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud"];
 
         // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589
         $requestBody['Hostname'] = $container->GetIdentifier();

From 3270767272bf79707eb3d3dd2eea1d058262f081 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Jul 2025 04:44:55 +0000
Subject: [PATCH 016/524] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.24.4-alpine3.21 to 1.24.5-alpine3.21.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.24.5-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 08cabd2c..55e2a64a 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.4-alpine3.21 AS go
+FROM golang:1.24.5-alpine3.21 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From 1c41122d393c15020ff8713fe47c0c937d697182 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 9 Jul 2025 16:11:28 +0200
Subject: [PATCH 017/524] Bug-report-template: add link to existing feature
 requests

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index f5dd328f..691221d7 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -9,6 +9,7 @@ labels: 0. Needs triage
 - Additional documentation is available here: https://github.com/nextcloud/all-in-one/discussions/categories/wiki
 - You should also read through existing questions and their answer here: https://github.com/nextcloud/all-in-one/discussions/categories/questions
 - Additional threads can be found here: https://help.nextcloud.com/tag/aio
+- Existing feature requests are listed here: https://github.com/nextcloud/all-in-one/discussions/categories/ideas
 --->
 
 <!--- Please fill out the whole template below -->

From 0bab98fdec083a5aad0581885d425f805722fae6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 10 Jul 2025 04:34:58 +0000
Subject: [PATCH 018/524] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.2-alpine to 3.2.3-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.3-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index bcc7ac71..b14d553b 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.2-alpine
+FROM haproxy:3.2.3-alpine
 
 # hadolint ignore=DL3002
 USER root

From a328f56fd08498d57f1668c2dd88d85cfbf6f00e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Jul 2025 10:39:43 +0200
Subject: [PATCH 019/524] mastercontainer: add mountpoint check for
 `/var/www/docker-aio/php/containers.json`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 9b948776..adb91c39 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -43,6 +43,11 @@ elif ! mountpoint -q "/mnt/docker-aio-config"; then
     echo "Please make sure to mount the nextcloud_aio_mastercontainer docker volume into /mnt/docker-aio-config inside the container!"
     echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
     exit 1
+elif mountpoint -q /var/www/docker-aio/php/containers.json; then
+    print_red "/var/www/docker-aio/php/containers.json is a mountpoint. Cannot proceed!"
+    echo "This is a not-supported customization of the mastercontainer!"
+    echo "Please remove this bind-mount from the mastercontainer."
+    exit 1
 elif ! sudo -u www-data test -r /var/run/docker.sock; then
     echo "Trying to fix docker.sock permissions internally..."
     DOCKER_GROUP=$(stat -c '%G' /var/run/docker.sock)

From 1e868d4e5460ace4011a378156b9fcff7e4ef747 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 10 Jul 2025 08:49:09 +0000
Subject: [PATCH 020/524] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 9b9ef61e..1fd66dc9 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.2.1
+version: 11.3.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 5751c7bf..65bcef36 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-apache:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 6d2678f8..b40b4fd9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index ce2417e4..a58cc9a5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 450868ed..ee6fe5d3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 53180a99..49bf6fc6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index a452962e..6d35fd39 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 688ac9b4..af427008 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
           command:
             - chmod
             - "777"
@@ -182,7 +182,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250710_082355
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 480e046f..6c2f653b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 0b79be44..2ece813f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 4120a5f5..b461b489 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-redis:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 4424d662..c55f6ee2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-talk:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index e121f2e6..290d6436 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index e3734f10..7cf1b406 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250710_082355
           readinessProbe:
             exec:
               command:

From 22d27028d161466b063e9bc8453c2adc98368d0c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Jul 2025 10:51:10 +0200
Subject: [PATCH 021/524] fix detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/includes/optional-containers.twig | 2 --
 1 file changed, 2 deletions(-)

diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 5f5b2d97..572af5f1 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -98,7 +98,6 @@
         >
         <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs, currently <a target="_blank" href="https://github.com/nextcloud/nextcloud-talk-recording/issues/17">only works on x86_64</a>)</label>
     </p>
-    {% if is_onlyoffice_enabled == true %}
     <p>
         <input
             type="checkbox"
@@ -113,7 +112,6 @@
         >
         <label for="onlyoffice">OnlyOffice</label>
     </p>
-    {% endif %}
     <p>
         <input
             type="checkbox"

From 00348c2ee194dee5d65f021e11010fb0081f2d94 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Jul 2025 10:51:28 +0200
Subject: [PATCH 022/524] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 97587907..f23327cd 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.3.3.1
+FROM onlyoffice/documentserver:9.0.3.1
 
 # USER root is probably used
 

From 78ec604a4b05c22bb39a2289636702e2b6d0b71a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Jul 2025 11:26:09 +0200
Subject: [PATCH 023/524] increase to 11.4.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 8f917380..a7689126 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.3.0</h1>
+            <h1>Nextcloud AIO v11.4.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 6ddcd3b1167473da1509ada3786651a68cce0357 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 10 Jul 2025 11:47:59 +0000
Subject: [PATCH 024/524] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 9dbf231c..915f7239 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=31.0.6
+ENV NEXTCLOUD_VERSION=31.0.7
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 382108c971c64a971465f792fd98c675aca81f66 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 10 Jul 2025 12:03:56 +0000
Subject: [PATCH 025/524] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 04ac9193..9d62923c 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -253,7 +253,7 @@ services:
       - "9980"
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
       - server_name=${NC_DOMAIN}

From 754ab219a86a172d642e23baeb022f69b32829b6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Jul 2025 15:56:42 +0200
Subject: [PATCH 026/524] add advice to
 `/var/www/docker-aio/php/containers.json` mountpoint warning

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index adb91c39..46a0eef0 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -47,6 +47,8 @@ elif mountpoint -q /var/www/docker-aio/php/containers.json; then
     print_red "/var/www/docker-aio/php/containers.json is a mountpoint. Cannot proceed!"
     echo "This is a not-supported customization of the mastercontainer!"
     echo "Please remove this bind-mount from the mastercontainer."
+    echo "If you need to customize things, feel free to use https://github.com/nextcloud/all-in-one/tree/main/manual-install"
+    echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
     exit 1
 elif ! sudo -u www-data test -r /var/run/docker.sock; then
     echo "Trying to fix docker.sock permissions internally..."

From 34e82410cf9dccfb74ac4644ef4b1cf8147bd85a Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Fri, 11 Jul 2025 04:20:57 +0000
Subject: [PATCH 027/524] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index c2056b48..a954c812 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.12.0@cf420941d061a57050b6c468ef2c778faf40aee2">
+<files psalm-version="6.12.1@e71404b0465be25cf7f8a631b298c01c5ddd864f">
   <file src="src/ContainerDefinitionFetcher.php">
     <PossiblyFalseArgument>
       <code><![CDATA[file_get_contents($path)]]></code>

From 0350b9528f1c6e0cda83c919674a331088d7bc18 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Jul 2025 05:16:11 +0000
Subject: [PATCH 028/524] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.18.2 to 8.18.3.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.18.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index ae7eee63..1d1ca4b6 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.18.2
+FROM elasticsearch:8.18.3
 
 USER root
 

From a28f1b9c13d785e77d8f09ee8c96d8f0760a8118 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 11 Jul 2025 16:14:58 +0200
Subject: [PATCH 029/524] mastercontainer: add check for http proxy variables

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index adb91c39..b356f1c0 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -37,6 +37,7 @@ if ! [ -a "/var/run/docker.sock" ]; then
     print_red "Docker socket is not available. Cannot continue."
     echo "Please make sure to mount the docker socket into /var/run/docker.sock inside the container!"
     echo "If you did this by purpose because you don't want the container to have access to the docker socket, see https://github.com/nextcloud/all-in-one/tree/main/manual-install."
+    echo "And https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
     exit 1
 elif ! mountpoint -q "/mnt/docker-aio-config"; then
     print_red "/mnt/docker-aio-config is not a mountpoint. Cannot proceed!"
@@ -274,6 +275,7 @@ if ! curl --no-progress-meter https://ghcr.io/v2/ >/dev/null; then
     echo "Most likely is something blocking access to it."
     echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
     echo "Another solution is using https://github.com/nextcloud/all-in-one/tree/main/manual-install"
+    echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
     exit 1
 fi
 
@@ -284,6 +286,13 @@ if [ -n "$TZ" ]; then
     # Disable exit since it seems to be by default set on unraid and we dont want to break these instances
     # exit 1
 fi
+# Check that http proxy or no_proxy variable is not set which AIO does not support
+if [ -n "$HTTP_PROXY" ] || [ -n "$http_proxy" ] || [ -n "$HTTPS_PROXY" ] || [ -n "$https_proxy" ] || [ -n "$NO_PROXY" ] || [ -n "$no_proxy" ]; then
+    print_red "The environmental variable HTTP_PROXY, http_proxy, HTTPS_PROXY, https_proxy, NO_PROXY or no_proxy has been set which is not supported by AIO."
+    echo "If you need this, then you should use https://github.com/nextcloud/all-in-one/tree/main/manual-install"
+    echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
+    exit 1
+fi
 if mountpoint -q /etc/localtime; then
     print_red "/etc/localtime has been mounted into the container which is not allowed because AIO only supports running in the default Etc/UTC timezone!"
     echo "The correct timezone can be set in the AIO interface later on!"

From e6e93701c310d6826b00435e1ad3fac6d1715328 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Jul 2025 06:14:44 +0000
Subject: [PATCH 030/524] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.3.1-cli to 28.3.2-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.3.2-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 663b7a30..685d92d5 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.3.1-cli AS docker
+FROM docker:28.3.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.0-alpine AS caddy

From ccb06b3525a4ce1d0b94f706873e50e3f9690c83 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 14 Jul 2025 12:03:40 +0000
Subject: [PATCH 031/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 825ff024..98146e2f 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3563,16 +3563,16 @@
         },
         {
             "name": "phpstan/phpdoc-parser",
-            "version": "2.1.0",
+            "version": "2.2.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpdoc-parser.git",
-                "reference": "9b30d6fd026b2c132b3985ce6b23bec09ab3aa68"
+                "reference": "b9e61a61e39e02dd90944e9115241c7f7e76bfd8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/9b30d6fd026b2c132b3985ce6b23bec09ab3aa68",
-                "reference": "9b30d6fd026b2c132b3985ce6b23bec09ab3aa68",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/b9e61a61e39e02dd90944e9115241c7f7e76bfd8",
+                "reference": "b9e61a61e39e02dd90944e9115241c7f7e76bfd8",
                 "shasum": ""
             },
             "require": {
@@ -3604,9 +3604,9 @@
             "description": "PHPDoc parser with support for nullable, intersection and generic types",
             "support": {
                 "issues": "https://github.com/phpstan/phpdoc-parser/issues",
-                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.1.0"
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.2.0"
             },
-            "time": "2025-02-19T13:28:12+00:00"
+            "time": "2025-07-13T07:04:09+00:00"
         },
         {
             "name": "revolt/event-loop",
@@ -4504,16 +4504,16 @@
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.12.1",
+            "version": "6.13.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "e71404b0465be25cf7f8a631b298c01c5ddd864f"
+                "reference": "70cdf647255a1362b426bb0f522a85817b8c791c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/e71404b0465be25cf7f8a631b298c01c5ddd864f",
-                "reference": "e71404b0465be25cf7f8a631b298c01c5ddd864f",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/70cdf647255a1362b426bb0f522a85817b8c791c",
+                "reference": "70cdf647255a1362b426bb0f522a85817b8c791c",
                 "shasum": ""
             },
             "require": {
@@ -4618,7 +4618,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-07-04T09:56:28+00:00"
+            "time": "2025-07-14T09:59:17+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",

From e6ac9ad4f8b6cae1bfeddee2bccd8714574a31f6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 04:51:48 +0000
Subject: [PATCH 032/524] build(deps): bump alpine from 3.21.3 to 3.22.1 in
 /Containers/alpine

Bumps alpine from 3.21.3 to 3.22.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/alpine/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile
index 8d180272..429485b3 100644
--- a/Containers/alpine/Dockerfile
+++ b/Containers/alpine/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 
 RUN set -ex; \
     apk upgrade --no-cache -a

From 74ce18856fd3a5bc6eb8d43b29a12acbce3355dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 04:51:54 +0000
Subject: [PATCH 033/524] build(deps): bump alpine from 3.21.3 to 3.22.1 in
 /Containers/borgbackup

Bumps alpine from 3.21.3 to 3.22.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 70d2ea11..74d87f45 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 
 RUN set -ex; \
     \

From 3b3dc1dcce1a210f8b50356b71cd4deb555a9c86 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 04:51:57 +0000
Subject: [PATCH 034/524] build(deps): bump alpine from 3.21.3 to 3.22.1 in
 /Containers/clamav

Bumps alpine from 3.21.3 to 3.22.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 2b7bd30b..d00e34a7 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From cc8414250f7665c0780d842827e3d194a7354c82 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 04:52:03 +0000
Subject: [PATCH 035/524] build(deps): bump alpine in /Containers/domaincheck

Bumps alpine from 3.21.3 to 3.22.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 9b248e39..99ae1184 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \

From 93d3e9e601a7694e10f9c90755c6afc23716cfd3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 04:52:07 +0000
Subject: [PATCH 036/524] build(deps): bump alpine from 3.21.3 to 3.22.1 in
 /Containers/imaginary

Bumps alpine from 3.21.3 to 3.22.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 55e2a64a..4fd508e5 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -14,7 +14,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

From 235f190020b9255c971422ac79026971f84a7d20 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 04:52:39 +0000
Subject: [PATCH 037/524] build(deps): bump alpine in /Containers/notify-push

Bumps alpine from 3.21.3 to 3.22.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 18cbc0c4..8138582d 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 7da05ca65bb0691f103be5a2118b47d3f99334c9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 04:52:47 +0000
Subject: [PATCH 038/524] build(deps): bump alpine from 3.21.3 to 3.22.1 in
 /Containers/talk

Bumps alpine from 3.21.3 to 3.22.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 67bb7e61..00560697 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -2,7 +2,7 @@
 FROM nats:2.11.6-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
-FROM alpine:3.21.3 AS janus
+FROM alpine:3.22.1 AS janus
 
 ARG JANUS_VERSION=v1.3.1
 WORKDIR /src
@@ -35,7 +35,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 ENV ETURNAL_ETC_DIR="/conf"
 ENV SKIP_CERT_VERIFY=false
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local

From 2973eb7fc822732cf3738c3d83063580404c3935 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 04:53:03 +0000
Subject: [PATCH 039/524] build(deps): bump alpine from 3.21.3 to 3.22.1 in
 /Containers/watchtower

Bumps alpine from 3.21.3 to 3.22.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 76cfd60f..63ac8163 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM ghcr.io/nicholas-fedor/watchtower:1.11.5 AS watchtower
 
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 6463a2b04f63591993d0731f3c39a17a213b2e4a Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 17 Jul 2025 09:23:52 +0000
Subject: [PATCH 040/524] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 1fd66dc9..7bf3cdaa 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.3.0
+version: 11.4.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 65bcef36..1d60880b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-apache:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index b40b4fd9..df4d25d5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index a58cc9a5..ffb12a71 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -32,10 +32,10 @@ spec:
             - name: dictionaries
               value: "{{ .Values.COLLABORA_DICTIONARIES }}"
             - name: extra_params
-              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
+              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index ee6fe5d3..2fd6db2d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 49bf6fc6..8a46606f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 6d35fd39..8877f8c4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index af427008..bbb343e5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
           command:
             - chmod
             - "777"
@@ -182,7 +182,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250717_090710
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 6c2f653b..b1d771a1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 2ece813f..3ff8701a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index b461b489..334b1a5d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-redis:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index c55f6ee2..efb9dab4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-talk:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 290d6436..c4d09e8f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 7cf1b406..6d1f7d10 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250717_090710
           readinessProbe:
             exec:
               command:

From b2a839a209a27c95b68125433c0021fc3d511f46 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 17 Jul 2025 11:57:35 +0200
Subject: [PATCH 041/524] update remaining images and docs to alpine v3.22

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile          | 2 +-
 Containers/imaginary/Dockerfile       | 4 ++--
 Containers/mastercontainer/Dockerfile | 4 ++--
 Containers/nextcloud/Dockerfile       | 2 +-
 Containers/postgresql/Dockerfile      | 2 +-
 Containers/talk-recording/Dockerfile  | 2 +-
 readme.md                             | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 615aeca4..bf342dca 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -2,7 +2,7 @@
 FROM caddy:2.10.0-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.63-alpine3.21
+FROM httpd:2.4.63-alpine3.22
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 4fd508e5..ddbbe6d1 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.5-alpine3.21 AS go
+FROM golang:1.24.5-alpine3.22 AS go
 
-ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
+ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 685d92d5..852ea63d 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,8 +5,8 @@ FROM docker:28.3.2-cli AS docker
 # Caddy is a requirement
 FROM caddy:2.10.0-alpine AS caddy
 
-# From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile
-FROM php:8.4.10-fpm-alpine3.21
+# From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
+FROM php:8.4.10-fpm-alpine3.22
 
 ARG AIO_GIT_URL="https://github.com/nextcloud-releases/all-in-one.git"
 ARG AIO_GIT_BRANCH="main"
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 915f7239..10f3057d 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.23-fpm-alpine3.21
+FROM php:8.3.23-fpm-alpine3.22
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 36394b05..b29739d7 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-# From https://github.com/docker-library/postgres/blob/master/17/alpine3.21/Dockerfile
+# From https://github.com/docker-library/postgres/blob/master/17/alpine3.22/Dockerfile
 FROM postgres:17.5-alpine
 
 COPY --chmod=775 start.sh /start.sh
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 634a5de3..ea3f77f8 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.5-alpine3.21
+FROM python:3.13.5-alpine3.22
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
diff --git a/readme.md b/readme.md
index 81835401..9dc1aab5 100644
--- a/readme.md
+++ b/readme.md
@@ -449,7 +449,7 @@ You might want to adjust the Nextcloud apps that are installed upon the first st
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.21. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.22. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 

From e1408dc76ebb5d52a856a52b9c317bfef7b37af1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 17 Jul 2025 13:57:18 +0200
Subject: [PATCH 042/524] adjust the naming of variables

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 70e44984..1575fac1 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -835,7 +835,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:update files_fulltextsearch
     fi
     php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
-    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXT_PORT\",\"elastic_index\":\"$FULLTEXT_INDEX\"}"
+    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}"
     php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
 
     # Do the index

From 64539d5b5cd8da8f43136fc3b268780f04ac451f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 17 Jul 2025 12:03:42 +0000
Subject: [PATCH 043/524] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index ddbbe6d1..e53f1b02 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.24.5-alpine3.22 AS go
 
-ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
+ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 2792994cc48142b3b6b371b60abb49209675a2ee Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 17 Jul 2025 12:04:56 +0000
Subject: [PATCH 044/524] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 00560697..e34d9c1d 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -4,7 +4,7 @@ FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
 FROM alpine:3.22.1 AS janus
 
-ARG JANUS_VERSION=v1.3.1
+ARG JANUS_VERSION=v1.3.2
 WORKDIR /src
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From f5023ed88dd5e18c4de7e64d3c2c646c5b34ac18 Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Thu, 19 Jun 2025 18:12:36 -0700
Subject: [PATCH 045/524] Factor out getPlaceholderValue from CreateContainer

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 317 +++++++++++++------------
 1 file changed, 160 insertions(+), 157 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 206bc904..e3c7456f 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -253,163 +253,7 @@ readonly class DockerActionManager {
 
             if (preg_match($patterns[0], $env, $out) === 1) {
                 $replacements = array();
-
-                if ($out[1] === 'NC_DOMAIN') {
-                    $replacements[1] = $this->configurationManager->GetDomain();
-                } elseif ($out[1] === 'NC_BASE_DN') {
-                    $replacements[1] = $this->configurationManager->GetBaseDN();
-                } elseif ($out[1] === 'AIO_TOKEN') {
-                    $replacements[1] = $this->configurationManager->GetToken();
-                } elseif ($out[1] === 'BORGBACKUP_REMOTE_REPO') {
-                    $replacements[1] = $this->configurationManager->GetBorgRemoteRepo();
-                } elseif ($out[1] === 'BORGBACKUP_MODE') {
-                    $replacements[1] = $this->configurationManager->GetBackupMode();
-                } elseif ($out[1] === 'AIO_URL') {
-                    $replacements[1] = $this->configurationManager->GetAIOURL();
-                } elseif ($out[1] === 'SELECTED_RESTORE_TIME') {
-                    $replacements[1] = $this->configurationManager->GetSelectedRestoreTime();
-                } elseif ($out[1] === 'RESTORE_EXCLUDE_PREVIEWS') {
-                    $replacements[1] = $this->configurationManager->GetRestoreExcludePreviews();
-                } elseif ($out[1] === 'APACHE_PORT') {
-                    $replacements[1] = $this->configurationManager->GetApachePort();
-                } elseif ($out[1] === 'TALK_PORT') {
-                    $replacements[1] = $this->configurationManager->GetTalkPort();
-                } elseif ($out[1] === 'NEXTCLOUD_MOUNT') {
-                    $replacements[1] = $this->configurationManager->GetNextcloudMount();
-                } elseif ($out[1] === 'BACKUP_RESTORE_PASSWORD') {
-                    $replacements[1] = $this->configurationManager->GetBorgRestorePassword();
-                } elseif ($out[1] === 'CLAMAV_ENABLED') {
-                    if ($this->configurationManager->isClamavEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'TALK_RECORDING_ENABLED') {
-                    if ($this->configurationManager->isTalkRecordingEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'ONLYOFFICE_ENABLED') {
-                    if ($this->configurationManager->isOnlyofficeEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'COLLABORA_ENABLED') {
-                    if ($this->configurationManager->isCollaboraEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'TALK_ENABLED') {
-                    if ($this->configurationManager->isTalkEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'UPDATE_NEXTCLOUD_APPS') {
-                    if ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'TIMEZONE') {
-                    if ($this->configurationManager->GetTimezone() === '') {
-                        $replacements[1] = 'Etc/UTC';
-                    } else {
-                        $replacements[1] = $this->configurationManager->GetTimezone();
-                    }
-                } elseif ($out[1] === 'COLLABORA_DICTIONARIES') {
-                    if ($this->configurationManager->GetCollaboraDictionaries() === '') {
-                        $replacements[1] = 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru';
-                    } else {
-                        $replacements[1] = $this->configurationManager->GetCollaboraDictionaries();
-                    }
-                } elseif ($out[1] === 'IMAGINARY_ENABLED') {
-                    if ($this->configurationManager->isImaginaryEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'FULLTEXTSEARCH_ENABLED') {
-                    if ($this->configurationManager->isFulltextsearchEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'DOCKER_SOCKET_PROXY_ENABLED') {
-                    if ($this->configurationManager->isDockerSocketProxyEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'NEXTCLOUD_UPLOAD_LIMIT') {
-                    $replacements[1] = $this->configurationManager->GetNextcloudUploadLimit();
-                } elseif ($out[1] === 'NEXTCLOUD_MEMORY_LIMIT') {
-                    $replacements[1] = $this->configurationManager->GetNextcloudMemoryLimit();
-                } elseif ($out[1] === 'NEXTCLOUD_MAX_TIME') {
-                    $replacements[1] = $this->configurationManager->GetNextcloudMaxTime();
-                } elseif ($out[1] === 'BORG_RETENTION_POLICY') {
-                    $replacements[1] = $this->configurationManager->GetBorgRetentionPolicy();
-                } elseif ($out[1] === 'FULLTEXTSEARCH_JAVA_OPTIONS') {
-                    $replacements[1] = $this->configurationManager->GetFulltextsearchJavaOptions();
-                } elseif ($out[1] === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') {
-                    $replacements[1] = $this->configurationManager->GetTrustedCacertsDir();
-                } elseif ($out[1] === 'ADDITIONAL_DIRECTORIES_BACKUP') {
-                    if ($this->configurationManager->GetAdditionalBackupDirectoriesString() !== '') {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'BORGBACKUP_HOST_LOCATION') {
-                    $replacements[1] = $this->configurationManager->GetBorgBackupHostLocation();
-                } elseif ($out[1] === 'APACHE_MAX_SIZE') {
-                    $replacements[1] = $this->configurationManager->GetApacheMaxSize();
-                } elseif ($out[1] === 'COLLABORA_SECCOMP_POLICY') {
-                    $replacements[1] = $this->configurationManager->GetCollaboraSeccompPolicy();
-                } elseif ($out[1] === 'NEXTCLOUD_STARTUP_APPS') {
-                    $replacements[1] = $this->configurationManager->GetNextcloudStartupApps();
-                } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_APKS') {
-                    $replacements[1] = $this->configurationManager->GetNextcloudAdditionalApks();
-                } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
-                    $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
-                } elseif ($out[1] === 'INSTALL_LATEST_MAJOR') {
-                    if ($this->configurationManager->shouldLatestMajorGetInstalled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'REMOVE_DISABLED_APPS') {
-                    if ($this->configurationManager->shouldDisabledAppsGetRemoved()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                    // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
-                } elseif ($out[1] === 'AIO_DATABASE_HOST') {
-                    $replacements[1] = gethostbyname('nextcloud-aio-database');
-                    // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
-                } elseif ($out[1] === 'CADDY_IP_ADDRESS') {
-                    $replacements[1] = '';
-                    $communityContainers = $this->configurationManager->GetEnabledCommunityContainers();
-                    if (in_array('caddy', $communityContainers, true)) {
-                        $replacements[1] = gethostbyname('nextcloud-aio-caddy');
-                    }
-                } elseif ($out[1] === 'WHITEBOARD_ENABLED') {
-                    if ($this->configurationManager->isWhiteboardEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } else {
-                    $secret = $this->configurationManager->GetSecret($out[1]);
-                    if ($secret === "") {
-                        throw new \Exception("The secret " . $out[1] . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json.");
-                    }
-                    $replacements[1] = $secret;
-                }
-
+                $replacements[1] = $this->getPlaceholderValue($out[1]);
                 $envs[$key] = preg_replace($patterns, $replacements, $env);
             }
         }
@@ -644,6 +488,165 @@ readonly class DockerActionManager {
         }
     }
 
+    private function getPlaceholderValue($placeholder) {
+        if ($placeholder === 'NC_DOMAIN') {
+            return $this->configurationManager->GetDomain();
+        } elseif ($placeholder === 'NC_BASE_DN') {
+            return $this->configurationManager->GetBaseDN();
+        } elseif ($placeholder === 'AIO_TOKEN') {
+            return $this->configurationManager->GetToken();
+        } elseif ($placeholder === 'BORGBACKUP_REMOTE_REPO') {
+            return $this->configurationManager->GetBorgRemoteRepo();
+        } elseif ($placeholder === 'BORGBACKUP_MODE') {
+            return $this->configurationManager->GetBackupMode();
+        } elseif ($placeholder === 'AIO_URL') {
+            return $this->configurationManager->GetAIOURL();
+        } elseif ($placeholder === 'SELECTED_RESTORE_TIME') {
+            return $this->configurationManager->GetSelectedRestoreTime();
+        } elseif ($placeholder === 'RESTORE_EXCLUDE_PREVIEWS') {
+            return $this->configurationManager->GetRestoreExcludePreviews();
+        } elseif ($placeholder === 'APACHE_PORT') {
+            return $this->configurationManager->GetApachePort();
+        } elseif ($placeholder === 'TALK_PORT') {
+            return $this->configurationManager->GetTalkPort();
+        } elseif ($placeholder === 'NEXTCLOUD_MOUNT') {
+            return $this->configurationManager->GetNextcloudMount();
+        } elseif ($placeholder === 'BACKUP_RESTORE_PASSWORD') {
+            return $this->configurationManager->GetBorgRestorePassword();
+        } elseif ($placeholder === 'CLAMAV_ENABLED') {
+            if ($this->configurationManager->isClamavEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'TALK_RECORDING_ENABLED') {
+            if ($this->configurationManager->isTalkRecordingEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'ONLYOFFICE_ENABLED') {
+            if ($this->configurationManager->isOnlyofficeEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'COLLABORA_ENABLED') {
+            if ($this->configurationManager->isCollaboraEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'TALK_ENABLED') {
+            if ($this->configurationManager->isTalkEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'UPDATE_NEXTCLOUD_APPS') {
+            if ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'TIMEZONE') {
+            if ($this->configurationManager->GetTimezone() === '') {
+                return 'Etc/UTC';
+            } else {
+                return $this->configurationManager->GetTimezone();
+            }
+        } elseif ($placeholder === 'COLLABORA_DICTIONARIES') {
+            if ($this->configurationManager->GetCollaboraDictionaries() === '') {
+                return 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru';
+            } else {
+                return $this->configurationManager->GetCollaboraDictionaries();
+            }
+        } elseif ($placeholder === 'IMAGINARY_ENABLED') {
+            if ($this->configurationManager->isImaginaryEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'FULLTEXTSEARCH_ENABLED') {
+            if ($this->configurationManager->isFulltextsearchEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'DOCKER_SOCKET_PROXY_ENABLED') {
+            if ($this->configurationManager->isDockerSocketProxyEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'NEXTCLOUD_UPLOAD_LIMIT') {
+            return $this->configurationManager->GetNextcloudUploadLimit();
+        } elseif ($placeholder === 'NEXTCLOUD_MEMORY_LIMIT') {
+            return $this->configurationManager->GetNextcloudMemoryLimit();
+        } elseif ($placeholder === 'NEXTCLOUD_MAX_TIME') {
+            return $this->configurationManager->GetNextcloudMaxTime();
+        } elseif ($placeholder === 'BORG_RETENTION_POLICY') {
+            return $this->configurationManager->GetBorgRetentionPolicy();
+        } elseif ($placeholder === 'FULLTEXTSEARCH_JAVA_OPTIONS') {
+            return $this->configurationManager->GetFulltextsearchJavaOptions();
+        } elseif ($placeholder === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') {
+            return $this->configurationManager->GetTrustedCacertsDir();
+        } elseif ($placeholder === 'ADDITIONAL_DIRECTORIES_BACKUP') {
+            if ($this->configurationManager->GetAdditionalBackupDirectoriesString() !== '') {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'BORGBACKUP_HOST_LOCATION') {
+            return $this->configurationManager->GetBorgBackupHostLocation();
+        } elseif ($placeholder === 'APACHE_MAX_SIZE') {
+            return $this->configurationManager->GetApacheMaxSize();
+        } elseif ($placeholder === 'COLLABORA_SECCOMP_POLICY') {
+            return $this->configurationManager->GetCollaboraSeccompPolicy();
+        } elseif ($placeholder === 'NEXTCLOUD_STARTUP_APPS') {
+            return $this->configurationManager->GetNextcloudStartupApps();
+        } elseif ($placeholder === 'NEXTCLOUD_ADDITIONAL_APKS') {
+            return $this->configurationManager->GetNextcloudAdditionalApks();
+        } elseif ($placeholder === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
+            return $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
+        } elseif ($placeholder === 'INSTALL_LATEST_MAJOR') {
+            if ($this->configurationManager->shouldLatestMajorGetInstalled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'REMOVE_DISABLED_APPS') {
+            if ($this->configurationManager->shouldDisabledAppsGetRemoved()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+            // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
+        } elseif ($placeholder === 'AIO_DATABASE_HOST') {
+            return gethostbyname('nextcloud-aio-database');
+            // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
+        } elseif ($placeholder === 'CADDY_IP_ADDRESS') {
+            $communityContainers = $this->configurationManager->GetEnabledCommunityContainers();
+            if (in_array('caddy', $communityContainers, true)) {
+                return gethostbyname('nextcloud-aio-caddy');
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'WHITEBOARD_ENABLED') {
+            if ($this->configurationManager->isWhiteboardEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } else {
+            $secret = $this->configurationManager->GetSecret($placeholder);
+            if ($secret === "") {
+                throw new \Exception("The secret " . $placeholder . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json.");
+            }
+            return $secret;
+        }
+    }
+
     private function isContainerUpdateAvailable(string $id): string {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 

From 026707240f37568a614091f1d5d17f3822b48904 Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Thu, 19 Jun 2025 18:14:31 -0700
Subject: [PATCH 046/524] Support multiple placeholders in ENV values in
 containers.json

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 41 ++++++++++++++++----------
 1 file changed, 25 insertions(+), 16 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index e3c7456f..b43e7a8c 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -240,22 +240,7 @@ readonly class DockerActionManager {
             $envs[] = $this->GetAllNextcloudExecCommands();
         }
         foreach ($envs as $key => $env) {
-            // TODO: This whole block below is a hack and needs to get reworked in order to support multiple substitutions per line by default for all envs
-            if (str_starts_with($env, 'extra_params=')) {
-                $env = str_replace('%COLLABORA_SECCOMP_POLICY%', $this->configurationManager->GetCollaboraSeccompPolicy(), $env);
-                $env = str_replace('%NC_DOMAIN%', $this->configurationManager->GetDomain(), $env);
-                $envs[$key] = $env;
-                continue;
-            }
-
-            // Original implementation
-            $patterns = ['/%(.*)%/'];
-
-            if (preg_match($patterns[0], $env, $out) === 1) {
-                $replacements = array();
-                $replacements[1] = $this->getPlaceholderValue($out[1]);
-                $envs[$key] = preg_replace($patterns, $replacements, $env);
-            }
+            $envs[$key] = $this->replaceEnvPlaceholders($env);
         }
 
         if (count($envs) > 0) {
@@ -488,6 +473,30 @@ readonly class DockerActionManager {
         }
     }
 
+    // Replaces placeholders in $envValue with their values.
+    // E.g. "%NC_DOMAIN%:%APACHE_PORT" becomes "my.nextcloud.com:11000"
+    private function replaceEnvPlaceholders($envValue) {
+        // $pattern breaks down as:
+        // % - matches a literal percent sign
+        // ([^%]+) - capture group that matches one or more characters that are NOT percent signs
+        // % - matches the closing percent sign
+        //
+        // Assumes literal percent signs are always matched and there is no
+        // escaping.
+        $pattern = '/%([^%]+)%/';
+        $matchCount = preg_match_all($pattern, $envValue, $matches);
+        if ($matchCount > 0) {
+            $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...]
+            $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...]
+            $placeholderToPattern = fn($placeholder) => '/' . $placeholder . '/';
+            $placeholderPatterns = array_map($placeholderToPattern, $placeholders); // ["/%PLACEHOLDER1%/", ...]
+            $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"]
+            $result = preg_replace($placeholderPatterns, $placeholderValues, $envValue);
+            return $result;
+        }
+        return $envValue;
+    }
+
     private function getPlaceholderValue($placeholder) {
         if ($placeholder === 'NC_DOMAIN') {
             return $this->configurationManager->GetDomain();

From d374fd2c1c9788205e2d6b1635b9daa683e1f7b1 Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Thu, 19 Jun 2025 17:49:42 -0700
Subject: [PATCH 047/524] Refactor getPlaceholderValue to use `match`

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 204 +++++++------------------
 1 file changed, 51 insertions(+), 153 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index b43e7a8c..35da8663 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -498,162 +498,60 @@ readonly class DockerActionManager {
     }
 
     private function getPlaceholderValue($placeholder) {
-        if ($placeholder === 'NC_DOMAIN') {
-            return $this->configurationManager->GetDomain();
-        } elseif ($placeholder === 'NC_BASE_DN') {
-            return $this->configurationManager->GetBaseDN();
-        } elseif ($placeholder === 'AIO_TOKEN') {
-            return $this->configurationManager->GetToken();
-        } elseif ($placeholder === 'BORGBACKUP_REMOTE_REPO') {
-            return $this->configurationManager->GetBorgRemoteRepo();
-        } elseif ($placeholder === 'BORGBACKUP_MODE') {
-            return $this->configurationManager->GetBackupMode();
-        } elseif ($placeholder === 'AIO_URL') {
-            return $this->configurationManager->GetAIOURL();
-        } elseif ($placeholder === 'SELECTED_RESTORE_TIME') {
-            return $this->configurationManager->GetSelectedRestoreTime();
-        } elseif ($placeholder === 'RESTORE_EXCLUDE_PREVIEWS') {
-            return $this->configurationManager->GetRestoreExcludePreviews();
-        } elseif ($placeholder === 'APACHE_PORT') {
-            return $this->configurationManager->GetApachePort();
-        } elseif ($placeholder === 'TALK_PORT') {
-            return $this->configurationManager->GetTalkPort();
-        } elseif ($placeholder === 'NEXTCLOUD_MOUNT') {
-            return $this->configurationManager->GetNextcloudMount();
-        } elseif ($placeholder === 'BACKUP_RESTORE_PASSWORD') {
-            return $this->configurationManager->GetBorgRestorePassword();
-        } elseif ($placeholder === 'CLAMAV_ENABLED') {
-            if ($this->configurationManager->isClamavEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'TALK_RECORDING_ENABLED') {
-            if ($this->configurationManager->isTalkRecordingEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'ONLYOFFICE_ENABLED') {
-            if ($this->configurationManager->isOnlyofficeEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'COLLABORA_ENABLED') {
-            if ($this->configurationManager->isCollaboraEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'TALK_ENABLED') {
-            if ($this->configurationManager->isTalkEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'UPDATE_NEXTCLOUD_APPS') {
-            if ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'TIMEZONE') {
-            if ($this->configurationManager->GetTimezone() === '') {
-                return 'Etc/UTC';
-            } else {
-                return $this->configurationManager->GetTimezone();
-            }
-        } elseif ($placeholder === 'COLLABORA_DICTIONARIES') {
-            if ($this->configurationManager->GetCollaboraDictionaries() === '') {
-                return 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru';
-            } else {
-                return $this->configurationManager->GetCollaboraDictionaries();
-            }
-        } elseif ($placeholder === 'IMAGINARY_ENABLED') {
-            if ($this->configurationManager->isImaginaryEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'FULLTEXTSEARCH_ENABLED') {
-            if ($this->configurationManager->isFulltextsearchEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'DOCKER_SOCKET_PROXY_ENABLED') {
-            if ($this->configurationManager->isDockerSocketProxyEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'NEXTCLOUD_UPLOAD_LIMIT') {
-            return $this->configurationManager->GetNextcloudUploadLimit();
-        } elseif ($placeholder === 'NEXTCLOUD_MEMORY_LIMIT') {
-            return $this->configurationManager->GetNextcloudMemoryLimit();
-        } elseif ($placeholder === 'NEXTCLOUD_MAX_TIME') {
-            return $this->configurationManager->GetNextcloudMaxTime();
-        } elseif ($placeholder === 'BORG_RETENTION_POLICY') {
-            return $this->configurationManager->GetBorgRetentionPolicy();
-        } elseif ($placeholder === 'FULLTEXTSEARCH_JAVA_OPTIONS') {
-            return $this->configurationManager->GetFulltextsearchJavaOptions();
-        } elseif ($placeholder === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') {
-            return $this->configurationManager->GetTrustedCacertsDir();
-        } elseif ($placeholder === 'ADDITIONAL_DIRECTORIES_BACKUP') {
-            if ($this->configurationManager->GetAdditionalBackupDirectoriesString() !== '') {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'BORGBACKUP_HOST_LOCATION') {
-            return $this->configurationManager->GetBorgBackupHostLocation();
-        } elseif ($placeholder === 'APACHE_MAX_SIZE') {
-            return $this->configurationManager->GetApacheMaxSize();
-        } elseif ($placeholder === 'COLLABORA_SECCOMP_POLICY') {
-            return $this->configurationManager->GetCollaboraSeccompPolicy();
-        } elseif ($placeholder === 'NEXTCLOUD_STARTUP_APPS') {
-            return $this->configurationManager->GetNextcloudStartupApps();
-        } elseif ($placeholder === 'NEXTCLOUD_ADDITIONAL_APKS') {
-            return $this->configurationManager->GetNextcloudAdditionalApks();
-        } elseif ($placeholder === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
-            return $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
-        } elseif ($placeholder === 'INSTALL_LATEST_MAJOR') {
-            if ($this->configurationManager->shouldLatestMajorGetInstalled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'REMOVE_DISABLED_APPS') {
-            if ($this->configurationManager->shouldDisabledAppsGetRemoved()) {
-                return 'yes';
-            } else {
-                return '';
-            }
+        return match ($placeholder) {
+            'NC_DOMAIN' => $this->configurationManager->GetDomain(),
+            'NC_BASE_DN' => $this->configurationManager->GetBaseDN(),
+            'AIO_TOKEN' => $this->configurationManager->GetToken(),
+            'BORGBACKUP_REMOTE_REPO' => $this->configurationManager->GetBorgRemoteRepo(),
+            'BORGBACKUP_MODE' => $this->configurationManager->GetBackupMode(),
+            'AIO_URL' => $this->configurationManager->GetAIOURL(),
+            'SELECTED_RESTORE_TIME' => $this->configurationManager->GetSelectedRestoreTime(),
+            'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(),
+            'APACHE_PORT' => $this->configurationManager->GetApachePort(),
+            'TALK_PORT' => $this->configurationManager->GetTalkPort(),
+            'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(),
+            'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->GetBorgRestorePassword(),
+            'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled() ? 'yes' : '',
+            'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled() ? 'yes' : '',
+            'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled() ? 'yes' : '',
+            'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled() ? 'yes' : '',
+            'TALK_ENABLED' => $this->configurationManager->isTalkEnabled() ? 'yes' : '',
+            'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '',
+            'TIMEZONE' => $this->configurationManager->GetTimezone() === '' ? 'Etc/UTC' : $this->configurationManager->GetTimezone(),
+            'COLLABORA_DICTIONARIES' => $this->configurationManager->GetCollaboraDictionaries() === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->GetCollaboraDictionaries(),
+            'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled() ? 'yes' : '',
+            'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled() ? 'yes' : '',
+            'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled() ? 'yes' : '',
+            'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->GetNextcloudUploadLimit(),
+            'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->GetNextcloudMemoryLimit(),
+            'NEXTCLOUD_MAX_TIME' => $this->configurationManager->GetNextcloudMaxTime(),
+            'BORG_RETENTION_POLICY' => $this->configurationManager->GetBorgRetentionPolicy(),
+            'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->configurationManager->GetFulltextsearchJavaOptions(),
+            'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->configurationManager->GetTrustedCacertsDir(),
+            'ADDITIONAL_DIRECTORIES_BACKUP' => $this->configurationManager->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '',
+            'BORGBACKUP_HOST_LOCATION' => $this->configurationManager->GetBorgBackupHostLocation(),
+            'APACHE_MAX_SIZE' => $this->configurationManager->GetApacheMaxSize(),
+            'COLLABORA_SECCOMP_POLICY' => $this->configurationManager->GetCollaboraSeccompPolicy(),
+            'NEXTCLOUD_STARTUP_APPS' => $this->configurationManager->GetNextcloudStartupApps(),
+            'NEXTCLOUD_ADDITIONAL_APKS' => $this->configurationManager->GetNextcloudAdditionalApks(),
+            'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->configurationManager->GetNextcloudAdditionalPhpExtensions(),
+            'INSTALL_LATEST_MAJOR' => $this->configurationManager->shouldLatestMajorGetInstalled() ? 'yes' : '',
+            'REMOVE_DISABLED_APPS' => $this->configurationManager->shouldDisabledAppsGetRemoved() ? 'yes' : '',
             // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
-        } elseif ($placeholder === 'AIO_DATABASE_HOST') {
-            return gethostbyname('nextcloud-aio-database');
+            'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'),
             // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
-        } elseif ($placeholder === 'CADDY_IP_ADDRESS') {
-            $communityContainers = $this->configurationManager->GetEnabledCommunityContainers();
-            if (in_array('caddy', $communityContainers, true)) {
-                return gethostbyname('nextcloud-aio-caddy');
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'WHITEBOARD_ENABLED') {
-            if ($this->configurationManager->isWhiteboardEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } else {
-            $secret = $this->configurationManager->GetSecret($placeholder);
-            if ($secret === "") {
-                throw new \Exception("The secret " . $placeholder . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json.");
-            }
-            return $secret;
+            'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->GetEnabledCommunityContainers(), true) ? gethostbyname('nextcloud-aio-caddy') : '',
+            'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled() ? 'yes' : '',
+            default => $this->getSecretOrThrow($placeholder),
+        };
+    }
+
+    private function getSecretOrThrow($secretName) {
+        $secret = $this->configurationManager->GetSecret($secretName);
+        if ($secret === "") {
+            throw new \Exception("The secret " . $secretName . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json.");
         }
+        return $secret;
     }
 
     private function isContainerUpdateAvailable(string $id): string {

From 0f858dc3fe3738d5d5c0c93053197debb0cfc5c8 Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Fri, 20 Jun 2025 20:32:26 +0000
Subject: [PATCH 048/524] Fix psalm errors in DockerActionManager env handling
 code

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 35da8663..5e113072 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -475,7 +475,7 @@ readonly class DockerActionManager {
 
     // Replaces placeholders in $envValue with their values.
     // E.g. "%NC_DOMAIN%:%APACHE_PORT" becomes "my.nextcloud.com:11000"
-    private function replaceEnvPlaceholders($envValue) {
+    private function replaceEnvPlaceholders(string $envValue): string {
         // $pattern breaks down as:
         // % - matches a literal percent sign
         // ([^%]+) - capture group that matches one or more characters that are NOT percent signs
@@ -488,16 +488,17 @@ readonly class DockerActionManager {
         if ($matchCount > 0) {
             $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...]
             $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...]
-            $placeholderToPattern = fn($placeholder) => '/' . $placeholder . '/';
+            $placeholderToPattern = fn(string $p): string => '/' . $p . '/';
             $placeholderPatterns = array_map($placeholderToPattern, $placeholders); // ["/%PLACEHOLDER1%/", ...]
             $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"]
-            $result = preg_replace($placeholderPatterns, $placeholderValues, $envValue);
+            // Guaranteed to be non-null because we found the placeholders in the preg_match_all.
+            $result = (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue);
             return $result;
         }
         return $envValue;
     }
 
-    private function getPlaceholderValue($placeholder) {
+    private function getPlaceholderValue(string $placeholder) : string {
         return match ($placeholder) {
             'NC_DOMAIN' => $this->configurationManager->GetDomain(),
             'NC_BASE_DN' => $this->configurationManager->GetBaseDN(),
@@ -530,7 +531,7 @@ readonly class DockerActionManager {
             'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->configurationManager->GetTrustedCacertsDir(),
             'ADDITIONAL_DIRECTORIES_BACKUP' => $this->configurationManager->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '',
             'BORGBACKUP_HOST_LOCATION' => $this->configurationManager->GetBorgBackupHostLocation(),
-            'APACHE_MAX_SIZE' => $this->configurationManager->GetApacheMaxSize(),
+            'APACHE_MAX_SIZE' => (string)($this->configurationManager->GetApacheMaxSize()),
             'COLLABORA_SECCOMP_POLICY' => $this->configurationManager->GetCollaboraSeccompPolicy(),
             'NEXTCLOUD_STARTUP_APPS' => $this->configurationManager->GetNextcloudStartupApps(),
             'NEXTCLOUD_ADDITIONAL_APKS' => $this->configurationManager->GetNextcloudAdditionalApks(),
@@ -546,7 +547,7 @@ readonly class DockerActionManager {
         };
     }
 
-    private function getSecretOrThrow($secretName) {
+    private function getSecretOrThrow(string $secretName): string {
         $secret = $this->configurationManager->GetSecret($secretName);
         if ($secret === "") {
             throw new \Exception("The secret " . $secretName . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json.");

From 0b929d74de9b42ddc0c3e9ad1cd06ea8473aa3a0 Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Mon, 23 Jun 2025 14:57:34 +0000
Subject: [PATCH 049/524] Use guard clause in replaceEnvPlaceholders to reduce
 indentation

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 5e113072..3667294c 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -485,17 +485,18 @@ readonly class DockerActionManager {
         // escaping.
         $pattern = '/%([^%]+)%/';
         $matchCount = preg_match_all($pattern, $envValue, $matches);
-        if ($matchCount > 0) {
-            $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...]
-            $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...]
-            $placeholderToPattern = fn(string $p): string => '/' . $p . '/';
-            $placeholderPatterns = array_map($placeholderToPattern, $placeholders); // ["/%PLACEHOLDER1%/", ...]
-            $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"]
-            // Guaranteed to be non-null because we found the placeholders in the preg_match_all.
-            $result = (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue);
-            return $result;
+
+        if ($matchCount === 0) {
+            return $envValue;
         }
-        return $envValue;
+
+        $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...]
+        $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...]
+        $placeholderToPattern = fn(string $p): string => '/' . $p . '/';
+        $placeholderPatterns = array_map($placeholderToPattern, $placeholders); // ["/%PLACEHOLDER1%/", ...]
+        $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"]
+        // Guaranteed to be non-null because we found the placeholders in the preg_match_all.
+        return (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue);
     }
 
     private function getPlaceholderValue(string $placeholder) : string {

From f81d22cf930b5cc6bdf25b8dea9f608179912cc3 Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Mon, 23 Jun 2025 15:05:19 +0000
Subject: [PATCH 050/524] Inline placeholderToPattern and use preg_quote

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 3667294c..8072b2fc 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -492,8 +492,7 @@ readonly class DockerActionManager {
 
         $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...]
         $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...]
-        $placeholderToPattern = fn(string $p): string => '/' . $p . '/';
-        $placeholderPatterns = array_map($placeholderToPattern, $placeholders); // ["/%PLACEHOLDER1%/", ...]
+        $placeholderPatterns = array_map(static fn(string $p) => '/' . preg_quote($p) . '/', $placeholders); // ["/%PLACEHOLDER1%/", ...]
         $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"]
         // Guaranteed to be non-null because we found the placeholders in the preg_match_all.
         return (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue);

From f7d158c6322571116bd4d62d36b6706da1af560e Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Mon, 23 Jun 2025 15:05:43 +0000
Subject: [PATCH 051/524] Use modern callable syntax for $placeholderValues
 array_map

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 8072b2fc..0ccdcf58 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -493,7 +493,7 @@ readonly class DockerActionManager {
         $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...]
         $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...]
         $placeholderPatterns = array_map(static fn(string $p) => '/' . preg_quote($p) . '/', $placeholders); // ["/%PLACEHOLDER1%/", ...]
-        $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"]
+        $placeholderValues = array_map($this->getPlaceholderValue(...), $placeholderNames); // ["val1", "val2"]
         // Guaranteed to be non-null because we found the placeholders in the preg_match_all.
         return (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue);
     }

From 1ce5430f77f59097f78f2e7069e0d395085dada2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 17 Jul 2025 14:16:43 +0200
Subject: [PATCH 052/524] increase to 11.5.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a7689126..9eb25002 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.4.0</h1>
+            <h1>Nextcloud AIO v11.5.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From c8f76e067a4d6bf76169e43aa4ec0ed6c5142de9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 17 Jul 2025 15:04:57 +0200
Subject: [PATCH 053/524] fulltextsearch: adjust default log level to Warn

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index f83fa242..c9d57466 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -795,7 +795,7 @@
         "bootstrap.memory_lock=true",
         "cluster.name=nextcloud-aio",
         "discovery.type=single-node",
-        "logger.org.elasticsearch.discovery=WARN",
+        "logger.level=WARN",
         "http.port=9200",
         "xpack.license.self_generated.type=basic",
         "xpack.security.enabled=false",

From d6e5bcc0aca7c3a4ed46eb94d2f1cfc83110db5e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Jul 2025 04:49:37 +0000
Subject: [PATCH 054/524] build(deps): bump httpd in /Containers/apache

Bumps httpd from 2.4.63-alpine3.22 to 2.4.64-alpine3.22.

---
updated-dependencies:
- dependency-name: httpd
  dependency-version: 2.4.64-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index bf342dca..ad6bbd14 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -2,7 +2,7 @@
 FROM caddy:2.10.0-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.63-alpine3.22
+FROM httpd:2.4.64-alpine3.22
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 

From ed460405f234bc320774007707dd34ef5d63e0ce Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Jul 2025 04:49:45 +0000
Subject: [PATCH 055/524] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.3.2.1 to 25.04.4.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.4.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index d9086cb4..84e8a63f 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.3.2.1
+FROM collabora/code:25.04.4.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 5f0e63a752f58c08e40629965cbb4de3910ba5bf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Jul 2025 04:50:35 +0000
Subject: [PATCH 056/524] build(deps): bump nicholas-fedor/watchtower in
 /Containers/watchtower

---
updated-dependencies:
- dependency-name: nicholas-fedor/watchtower
  dependency-version: 1.11.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 63ac8163..da2af750 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM ghcr.io/nicholas-fedor/watchtower:1.11.5 AS watchtower
+FROM ghcr.io/nicholas-fedor/watchtower:1.11.6 AS watchtower
 
 FROM alpine:3.22.1
 

From 2757630c41021f78804014d8bee02de06b6c902b Mon Sep 17 00:00:00 2001
From: Felix Stupp <felix.stupp@banananet.work>
Date: Tue, 15 Jul 2025 09:12:04 +0000
Subject: [PATCH 057/524] add hint to UI about SSH pubkey for remote backups

Signed-off-by: Felix Stupp <felix.stupp@banananet.work>
---
 php/templates/containers.twig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 9eb25002..2c63f491 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -371,6 +371,7 @@
                                 <p>
                                 To store backups remotely instead, fill in the
                                 <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url and submit it</a>.
+                                You will be provided with an SSH public key for authorization at the remote afterwards.
                                 </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
                                     <label>Local backup location</label> <input type="text" id="borg_backup_host_location" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>

From 1adfac39fc57e724f8a4cb58bfd29ffe0eb52c8b Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 18 Jul 2025 12:04:09 +0000
Subject: [PATCH 058/524] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index f61f8c40..2ed51c59 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -440,7 +440,7 @@ services:
       - bootstrap.memory_lock=true
       - cluster.name=nextcloud-aio
       - discovery.type=single-node
-      - logger.org.elasticsearch.discovery=WARN
+      - logger.level=WARN
       - http.port=9200
       - xpack.license.self_generated.type=basic
       - xpack.security.enabled=false

From 78e9466877b29322ae511f913bf6c768b5295877 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Sat, 19 Jul 2025 04:16:11 +0000
Subject: [PATCH 059/524] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index a954c812..516a92aa 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.12.1@e71404b0465be25cf7f8a631b298c01c5ddd864f">
+<files psalm-version="6.13.0@70cdf647255a1362b426bb0f522a85817b8c791c">
   <file src="src/ContainerDefinitionFetcher.php">
     <PossiblyFalseArgument>
       <code><![CDATA[file_get_contents($path)]]></code>

From 834d3b36cdfb38aa1c78b4005f8679ae3c4590da Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Jul 2025 05:02:17 +0000
Subject: [PATCH 060/524] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.18.3 to 8.18.4.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.18.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 1d1ca4b6..71434410 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.18.3
+FROM elasticsearch:8.18.4
 
 USER root
 

From 7fffb1840f2f208401dcef83dc672363a229f5dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 24 Jul 2025 05:11:15 +0000
Subject: [PATCH 061/524] build(deps): bump httpd in /Containers/apache

Bumps httpd from 2.4.64-alpine3.22 to 2.4.65-alpine3.22.

---
updated-dependencies:
- dependency-name: httpd
  dependency-version: 2.4.65-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index ad6bbd14..58e2ae05 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -2,7 +2,7 @@
 FROM caddy:2.10.0-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.64-alpine3.22
+FROM httpd:2.4.65-alpine3.22
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 

From 99117072ce5b568d65df5aa7671f1e7c25f29661 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 24 Jul 2025 13:40:49 +0200
Subject: [PATCH 062/524] nextcloud: allow to configure custom appstoreurl

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/apps.config.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/nextcloud/config/apps.config.php b/Containers/nextcloud/config/apps.config.php
index c890e787..99bf5e40 100644
--- a/Containers/nextcloud/config/apps.config.php
+++ b/Containers/nextcloud/config/apps.config.php
@@ -16,3 +16,6 @@ $CONFIG = array (
 if (getenv('APPS_ALLOWLIST')) {
     $CONFIG['appsallowlist'] = explode(" ", getenv('APPS_ALLOWLIST'));
 }
+if (getenv('NEXTCLOUD_APP_STORE_URL')) {
+    $CONFIG['appstoreurl'] = getenv('NEXTCLOUD_APP_STORE_URL');
+}

From adeee71982a3686cb8441a8d5ea9d2b1fc0d488b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 24 Jul 2025 10:36:27 +0200
Subject: [PATCH 063/524] PerformRecursiveContainerStop: Fix the stop order

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json                     |  4 ++--
 php/src/Controller/DockerController.php | 15 +++++++++++----
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index c9d57466..5c15c079 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -8,9 +8,9 @@
         "nextcloud-aio-onlyoffice",
         "nextcloud-aio-collabora",
         "nextcloud-aio-talk",
-        "nextcloud-aio-nextcloud",
         "nextcloud-aio-notify-push",
-        "nextcloud-aio-whiteboard"
+        "nextcloud-aio-whiteboard",
+        "nextcloud-aio-nextcloud"
       ],
       "display_name": "Apache",
       "image": "ghcr.io/nextcloud-releases/aio-apache",
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 13e8bdda..e8f9d591 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -22,6 +22,7 @@ readonly class DockerController {
     private function PerformRecursiveContainerStart(string $id, bool $pullImage = true) : void {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
+        // Start all dependencies first and then itself
         foreach($container->GetDependsOn() as $dependency) {
             $this->PerformRecursiveContainerStart($dependency, $pullImage);
         }
@@ -227,13 +228,19 @@ readonly class DockerController {
     private function PerformRecursiveContainerStop(string $id) : void
     {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
+
+        // This is a hack but no better solution was found for the meantime
+        // Stop Collabora first to make sure it force-saves
+        // See https://github.com/nextcloud/richdocuments/issues/3799
+        if ($id === self::TOP_CONTAINER) {
+            $this->PerformRecursiveContainerStop('nextcloud-aio-collabora');
+        }
+
+        // Stop itself first and then all the dependencies
+        $this->dockerActionManager->StopContainer($container);
         foreach($container->GetDependsOn() as $dependency) {
             $this->PerformRecursiveContainerStop($dependency);
         }
-
-        // Disconnecting is not needed. This also allows to start the containers manually via docker-cli
-        //$this->dockerActionManager->DisconnectContainerFromNetwork($container);
-        $this->dockerActionManager->StopContainer($container);
     }
 
     public function StopContainer(Request $request, Response $response, array $args) : Response

From 001d0678ddedf212a407d813ca8a78759a99285e Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 25 Jul 2025 12:03:57 +0000
Subject: [PATCH 064/524] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 2ed51c59..867f848b 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -10,15 +10,15 @@ services:
       nextcloud-aio-talk:
         condition: service_started
         required: false
-      nextcloud-aio-nextcloud:
-        condition: service_started
-        required: false
       nextcloud-aio-notify-push:
         condition: service_started
         required: false
       nextcloud-aio-whiteboard:
         condition: service_started
         required: false
+      nextcloud-aio-nextcloud:
+        condition: service_started
+        required: false
     image: ghcr.io/nextcloud-releases/aio-apache:latest
     user: "33"
     init: true

From b4e4e736162540952daf889b3e2ad3daeddcdc9e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 25 Jul 2025 09:53:16 +0200
Subject: [PATCH 065/524] daily-backup: implement a dedicated imagepull before
 stopping containers which should reduce the downtime

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/daily-backup.sh |  6 ++++
 php/src/Controller/DockerController.php    | 39 +++++++++++-----------
 php/src/Cron/PullContainerImages.php       | 20 +++++++++++
 php/src/Docker/DockerActionManager.php     | 25 +++++++++++++-
 4 files changed, 69 insertions(+), 21 deletions(-)
 create mode 100644 php/src/Cron/PullContainerImages.php

diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index c68835ea..5c97c0ca 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -64,6 +64,12 @@ if [ "$AUTOMATIC_UPDATES" = 1 ]; then
     done
 fi
 
+# Update container images to reduce downtime later on
+if [ "$AUTOMATIC_UPDATES" = 1 ]; then
+    echo "Updating container images..."
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/PullContainerImages.php
+fi
+
 # Stop containers if required
 # shellcheck disable=SC2235
 if [ "$CHECK_BACKUP" != 1 ] && ([ "$DAILY_BACKUP" != 1 ] || [ "$STOP_CONTAINERS" = 1 ]); then
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index e8f9d591..378ddab6 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -34,33 +34,32 @@ readonly class DockerController {
             return;
         }
 
-        // Skip database image pull if the last shutdown was not clean
-        if ($id === 'nextcloud-aio-database') {
-            if ($this->dockerActionManager->GetDatabasecontainerExitCode() > 0) {
-                $pullImage = false;
-                error_log('Not pulling the latest database image because the container was not correctly shut down.');
-            }
-        }
-
-        // Check if registry is reachable in order to make sure that we do not try to pull an image if it is down
-        // and try to mitigate issues that are arising due to that
-        if ($pullImage) {
-            if (!$this->dockerActionManager->isRegistryReachable($container)) {
-                $pullImage = false;
-                error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because the registry does not seem to be reachable.');
-            }
-        }
-
         $this->dockerActionManager->DeleteContainer($container);
         $this->dockerActionManager->CreateVolumes($container);
-        if ($pullImage) {
-            $this->dockerActionManager->PullImage($container);
-        }
+        $this->dockerActionManager->PullImage($container, $pullImage);
         $this->dockerActionManager->CreateContainer($container);
         $this->dockerActionManager->StartContainer($container);
         $this->dockerActionManager->ConnectContainerToNetwork($container);
     }
 
+    private function PerformRecursiveImagePull(string $id) : void {
+        $container = $this->containerDefinitionFetcher->GetContainerById($id);
+
+        // Pull all dependencies first and then itself
+        foreach($container->GetDependsOn() as $dependency) {
+            $this->PerformRecursiveImagePull($dependency);
+        }
+
+        $this->dockerActionManager->PullImage($container, true);
+    }
+
+    public function PullAllContainerImages(): void {
+
+        $id = self::TOP_CONTAINER;
+
+        $this->PerformRecursiveImagePull($id);
+    }
+
     public function GetLogs(Request $request, Response $response, array $args) : Response
     {
         $requestParams = $request->getQueryParams();
diff --git a/php/src/Cron/PullContainerImages.php b/php/src/Cron/PullContainerImages.php
new file mode 100644
index 00000000..43c87d28
--- /dev/null
+++ b/php/src/Cron/PullContainerImages.php
@@ -0,0 +1,20 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+// Log whole log messages
+ini_set('log_errors_max_len', '0');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DockerController $dockerController */
+$dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+// Pull all containers
+$dockerController->PullAllContainerImages();
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 0ccdcf58..2c8e365e 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -450,7 +450,30 @@ readonly class DockerActionManager {
         }
     }
 
-    public function PullImage(Container $container): void {
+    public function PullImage(Container $container, bool $pullImage = true): void {
+
+        // Skip database image pull if the last shutdown was not clean
+        if ($container->GetIdentifier() === 'nextcloud-aio-database') {
+            if ($this->GetDatabasecontainerExitCode() > 0) {
+                $pullImage = false;
+                error_log('Not pulling the latest database image because the container was not correctly shut down.');
+            }
+        }
+
+        // Check if registry is reachable in order to make sure that we do not try to pull an image if it is down
+        // and try to mitigate issues that are arising due to that
+        if ($pullImage) {
+            if (!$this->isRegistryReachable($container)) {
+                $pullImage = false;
+                error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because the registry does not seem to be reachable.');
+            }
+        }
+
+        // Do not continue if $pullImage is false
+        if (!$pullImage) {
+            return;
+        }
+
         $imageName = $this->BuildImageName($container);
         $encodedImageName = urlencode($imageName);
         $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', $encodedImageName));

From e568ee91dfbc8b471dea5c197da997b2e348ba99 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 28 Jul 2025 12:03:49 +0000
Subject: [PATCH 066/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 98146e2f..b08a92c4 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3330,16 +3330,16 @@
         },
         {
             "name": "nikic/php-parser",
-            "version": "v5.5.0",
+            "version": "v5.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/nikic/PHP-Parser.git",
-                "reference": "ae59794362fe85e051a58ad36b289443f57be7a9"
+                "reference": "221b0d0fdf1369c71047ad1d18bb5880017bbc56"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/ae59794362fe85e051a58ad36b289443f57be7a9",
-                "reference": "ae59794362fe85e051a58ad36b289443f57be7a9",
+                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/221b0d0fdf1369c71047ad1d18bb5880017bbc56",
+                "reference": "221b0d0fdf1369c71047ad1d18bb5880017bbc56",
                 "shasum": ""
             },
             "require": {
@@ -3382,9 +3382,9 @@
             ],
             "support": {
                 "issues": "https://github.com/nikic/PHP-Parser/issues",
-                "source": "https://github.com/nikic/PHP-Parser/tree/v5.5.0"
+                "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.0"
             },
-            "time": "2025-05-31T08:24:38+00:00"
+            "time": "2025-07-27T20:03:57+00:00"
         },
         {
             "name": "phpdocumentor/reflection-common",

From 2a95bc25f9a6e3cf7e9bb9f90c570b6ab4c315c6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 28 Jul 2025 14:31:43 +0200
Subject: [PATCH 067/524] aio-interface: allow to force-stop Nextcloud
 container via API

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 22 +++++++++++++++-------
 php/src/Docker/DockerActionManager.php  |  9 +++++++--
 2 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 378ddab6..39befc63 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -83,17 +83,18 @@ readonly class DockerController {
     }
 
     public function StartBackupContainerBackup(Request $request, Response $response, array $args) : Response {
-        $this->startBackup();
+        $forceStopNextcloud = true;
+        $this->startBackup($forceStopNextcloud);
         return $response->withStatus(201)->withHeader('Location', '/');
     }
 
-    public function startBackup() : void {
+    public function startBackup(bool $forceStopNextcloud = false) : void {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'backup';
         $this->configurationManager->WriteConfig($config);
 
         $id = self::TOP_CONTAINER;
-        $this->PerformRecursiveContainerStop($id);
+        $this->PerformRecursiveContainerStop($id, $forceStopNextcloud);
 
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
@@ -125,7 +126,8 @@ readonly class DockerController {
         $this->configurationManager->WriteConfig($config);
 
         $id = self::TOP_CONTAINER;
-        $this->PerformRecursiveContainerStop($id);
+        $forceStopNextcloud = true;
+        $this->PerformRecursiveContainerStop($id, $forceStopNextcloud);
 
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
@@ -224,7 +226,7 @@ readonly class DockerController {
         $this->PerformRecursiveContainerStart($id);
     }
 
-    private function PerformRecursiveContainerStop(string $id) : void
+    private function PerformRecursiveContainerStop(string $id, bool $forceStopNextcloud = false) : void
     {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
@@ -236,7 +238,12 @@ readonly class DockerController {
         }
 
         // Stop itself first and then all the dependencies
-        $this->dockerActionManager->StopContainer($container);
+        if ($id !== 'nextcloud-aio-nextcloud') {
+            $this->dockerActionManager->StopContainer($container);
+        } else {
+            // We want to stop the Nextcloud container after 10s and not wait for the configured stop_grace_period
+            $this->dockerActionManager->StopContainer($container, $forceStopNextcloud);
+        }
         foreach($container->GetDependsOn() as $dependency) {
             $this->PerformRecursiveContainerStop($dependency);
         }
@@ -245,7 +252,8 @@ readonly class DockerController {
     public function StopContainer(Request $request, Response $response, array $args) : Response
     {
         $id = self::TOP_CONTAINER;
-        $this->PerformRecursiveContainerStop($id);
+        $forceStopNextcloud = true;
+        $this->PerformRecursiveContainerStop($id, $forceStopNextcloud);
 
         return $response->withStatus(201)->withHeader('Location', '/');
     }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 2c8e365e..f6ffbdc3 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -898,8 +898,13 @@ readonly class DockerActionManager {
         }
     }
 
-    public function StopContainer(Container $container): void {
-        $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->GetIdentifier()), $container->GetMaxShutdownTime()));
+    public function StopContainer(Container $container, bool $forceStopContainer = false): void {
+        if ($forceStopContainer) {
+            $maxShutDownTime = 10;
+        } else {
+            $maxShutDownTime = $container->GetMaxShutdownTime();
+        }
+        $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->GetIdentifier()), $maxShutDownTime));
         try {
             $this->guzzleClient->post($url);
         } catch (RequestException $e) {

From 5a31396e18edf534f3a3079974789f63b99144d6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 28 Jul 2025 15:54:56 +0200
Subject: [PATCH 068/524] fix PerformRecursiveContainerStop detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 39befc63..ac3e7e8f 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -245,7 +245,7 @@ readonly class DockerController {
             $this->dockerActionManager->StopContainer($container, $forceStopNextcloud);
         }
         foreach($container->GetDependsOn() as $dependency) {
-            $this->PerformRecursiveContainerStop($dependency);
+            $this->PerformRecursiveContainerStop($dependency, $forceStopNextcloud);
         }
     }
 

From f2ff7451b4813a026542c9c276ebea72a5d1d63c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 28 Jul 2025 16:31:19 +0200
Subject: [PATCH 069/524] initial-setup-test: adjust timeouts

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/tests/tests/initial-setup.spec.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/tests/tests/initial-setup.spec.js b/php/tests/tests/initial-setup.spec.js
index ca8bc077..c88cd8e3 100644
--- a/php/tests/tests/initial-setup.spec.js
+++ b/php/tests/tests/initial-setup.spec.js
@@ -60,8 +60,8 @@ test('Initial setup', async ({ page: setupPage }) => {
 
   // Start containers and wait for starting message
   await containersPage.getByRole('button', { name: 'Download and start containers' }).click();
-  await expect(containersPage.getByRole('main')).toContainText('Containers are currently starting.', { timeout: 3 * 60 * 1000 });
-  await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 2 * 60 * 1000 });
+  await expect(containersPage.getByRole('main')).toContainText('Containers are currently starting.', { timeout: 5 * 60 * 1000 });
+  await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 3 * 60 * 1000 });
   await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toHaveAttribute('href', 'https://example.com');
 
   // Extract initial nextcloud password

From 8f99db7bea6a996ea3798e06e31eb0d4c35aeefd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 28 Jul 2025 17:58:39 +0200
Subject: [PATCH 070/524] try to improve debugging of playwright.yml

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/playwright.yml | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 67653783..8ddc2712 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -45,7 +45,14 @@ jobs:
           sleep 10
 
       - name: Run Playwright tests for initial setup
-        run: cd php/tests && DEBUG=pw:api npx playwright test tests/initial-setup.spec.js
+        run: |
+          cd php/tests
+          export DEBUG=pw:api
+          if ! npx playwright test tests/initial-setup.spec.js; then
+            docker logs nextcloud-aio-mastercontainer
+            docker logs nextcloud-aio-borgbackup
+            exit 1
+          fi
 
       - name: Start fresh development server
         run: |
@@ -66,7 +73,14 @@ jobs:
           sleep 10
 
       - name: Run Playwright tests for backup restore
-        run: cd php/tests && DEBUG=pw:api npx playwright test tests/restore-instance.spec.js
+        run: |
+          cd php/tests 
+          export DEBUG=pw:api
+          if ! npx playwright test tests/restore-instance.spec.js; then
+            docker logs nextcloud-aio-mastercontainer
+            docker logs nextcloud-aio-borgbackup
+            exit 1
+          fi
 
       - uses: actions/upload-artifact@v4
         if: ${{ !cancelled() }}

From 4758f2d34102ea7fa418e3d3a8cc59055a0ab355 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 28 Jul 2025 18:22:09 +0200
Subject: [PATCH 071/524] PerformRecursiveContainerStop: fix error if collabora
 is not enabled

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index ac3e7e8f..f9aa6379 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -233,7 +233,7 @@ readonly class DockerController {
         // This is a hack but no better solution was found for the meantime
         // Stop Collabora first to make sure it force-saves
         // See https://github.com/nextcloud/richdocuments/issues/3799
-        if ($id === self::TOP_CONTAINER) {
+        if ($id === self::TOP_CONTAINER && $this->configurationManager->isCollaboraEnabled()) {
             $this->PerformRecursiveContainerStop('nextcloud-aio-collabora');
         }
 

From 27eac870643e13cad3103c77d6a6aaafd85537ab Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 28 Jul 2025 18:47:06 +0200
Subject: [PATCH 072/524] restore-instance: fix domain check?

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/tests/tests/restore-instance.spec.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/tests/tests/restore-instance.spec.js b/php/tests/tests/restore-instance.spec.js
index c16f6700..e93cf340 100644
--- a/php/tests/tests/restore-instance.spec.js
+++ b/php/tests/tests/restore-instance.spec.js
@@ -28,7 +28,7 @@ test('Restore instance', async ({ page: setupPage }) => {
   await containersPage.locator('#domain').click();
   await containersPage.locator('#domain').fill('example.com');
   await containersPage.getByRole('button', { name: 'Submit domain' }).click();
-  await expect(containersPage.locator('body')).toContainText('Domain does not point to this server or the reverse proxy is not configured correctly.');
+  await expect(containersPage.locator('body')).toContainText('Domain does not point to this server or the reverse proxy is not configured correctly.', { timeout: 15 * 1000 });
 
   // Reject invalid backup location
   await containersPage.locator('#borg_restore_host_location').click();

From 7c65bf1942f166e7e75d4c74f9cdf9859ee22943 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 29 Jul 2025 13:09:50 +0000
Subject: [PATCH 073/524] build(deps): bump shivammathur/setup-php in
 /.github/workflows

Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.34.1 to 2.35.1.
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](https://github.com/shivammathur/setup-php/compare/0f7f1d08e3e32076e51cae65eb0b0c871405b16e...2282b6a082fc605c8320908a4cca3a5d1ca6c6fe)

---
updated-dependencies:
- dependency-name: shivammathur/setup-php
  dependency-version: 2.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index a7b0c5ff..9515ed3a 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
+    - uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
       with:
         php-version: 8.4
         extensions: apcu
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 005af782..91746681 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
+        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index 2bfe200e..c2800e7c 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up php
-        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
+        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 304f9393..16da7620 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up php
-        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
+        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 4e168ab7..1f72f849 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
+        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 2c40b1ce..9750f25d 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
+        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
         with:
           php-version: 8.4
           extensions: apcu

From aa6c8882343d035c654c7d53d1967b75d7d53240 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 30 Jul 2025 04:27:25 +0000
Subject: [PATCH 074/524] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.3.2-cli to 28.3.3-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.3.3-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 852ea63d..de283469 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.3.2-cli AS docker
+FROM docker:28.3.3-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.0-alpine AS caddy

From 5604c2bbe257f08e9ac50a3ded844dff78f4a0bb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 30 Jul 2025 13:02:19 +0000
Subject: [PATCH 075/524] build(deps): bump shivammathur/setup-php in
 /.github/workflows

Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.1 to 2.35.2.
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](https://github.com/shivammathur/setup-php/compare/2282b6a082fc605c8320908a4cca3a5d1ca6c6fe...ccf2c627fe61b1b4d924adfcbd19d661a18133a0)

---
updated-dependencies:
- dependency-name: shivammathur/setup-php
  dependency-version: 2.35.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 9515ed3a..7ac407c4 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
+    - uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
       with:
         php-version: 8.4
         extensions: apcu
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 91746681..54bc0eb0 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
+        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index c2800e7c..d579b529 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up php
-        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
+        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 16da7620..926c6195 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up php
-        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
+        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 1f72f849..185a2410 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
+        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 9750f25d..dad5b0c6 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
+        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
         with:
           php-version: 8.4
           extensions: apcu

From 1e8efbcacaf58e3d41b09cc01fd55d37ea512a20 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Aug 2025 05:07:30 +0000
Subject: [PATCH 076/524] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.4.1.1 to 25.04.4.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.4.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 84e8a63f..b6088f30 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.4.1.1
+FROM collabora/code:25.04.4.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From c07d66f0eea89420b97654bb0067f54f1d13b906 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Aug 2025 05:07:35 +0000
Subject: [PATCH 077/524] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.18.4 to 8.19.0.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 71434410..4ada3ea2 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.18.4
+FROM elasticsearch:8.19.0
 
 USER root
 

From be73586fa17b3f8b0c2f9407292b3bdc33976881 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Aug 2025 10:17:31 +0000
Subject: [PATCH 078/524] build(deps): bump php in /Containers/mastercontainer

Bumps php from 8.4.10-fpm-alpine3.22 to 8.4.11-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.11-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 852ea63d..8bf33d13 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:28.3.2-cli AS docker
 FROM caddy:2.10.0-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
-FROM php:8.4.10-fpm-alpine3.22
+FROM php:8.4.11-fpm-alpine3.22
 
 ARG AIO_GIT_URL="https://github.com/nextcloud-releases/all-in-one.git"
 ARG AIO_GIT_BRANCH="main"

From 667e191371d2e654b28430989bde96ad188b26f9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Aug 2025 11:27:21 +0000
Subject: [PATCH 079/524] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.23-fpm-alpine3.22 to 8.3.24-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.24-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 10f3057d..82a3ba1b 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.23-fpm-alpine3.22
+FROM php:8.3.24-fpm-alpine3.22
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From 2e44343e446e0921e626b7b307cfb1b3e00dfd77 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Aug 2025 12:50:28 +0000
Subject: [PATCH 080/524] build(deps): bump nats in /Containers/talk

Bumps nats from 2.11.6-scratch to 2.11.7-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.11.7-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index e34d9c1d..adc1fb2b 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.6-scratch AS nats
+FROM nats:2.11.7-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
 FROM alpine:3.22.1 AS janus

From 041508ca5768f989b1e680bdc5567da3dc8ae959 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Aug 2025 04:28:30 +0000
Subject: [PATCH 081/524] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.24.5-alpine3.22 to 1.24.6-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.24.6-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index e53f1b02..2e39d5ee 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.5-alpine3.22 AS go
+FROM golang:1.24.6-alpine3.22 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From 6b13db8be6dbf8bc801322079a7f6f1c63e0a63d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Aug 2025 05:15:36 +0000
Subject: [PATCH 082/524] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.13.5-alpine3.22 to 3.13.6-alpine3.22.

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.13.6-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index ea3f77f8..0c2b78ed 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.5-alpine3.22
+FROM python:3.13.6-alpine3.22
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 10b1ec5c6697d28ad0530e775ee423ada8643e49 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 11 Aug 2025 10:36:52 +0200
Subject: [PATCH 083/524] clamav: print out version during startup of container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/start.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh
index fa10d0e5..bda4add5 100644
--- a/Containers/clamav/start.sh
+++ b/Containers/clamav/start.sh
@@ -2,6 +2,9 @@
 
 sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf
 
+# Print out clamav version for compliance reasons
+clamscan --version
+
 echo "Clamav started"
 
 exec "$@"

From 1c08ae5c31fb6e14cbe7d3938a34293f8d30913a Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 11 Aug 2025 12:01:50 +0000
Subject: [PATCH 084/524] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                  |  2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml   |  2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml   |  4 ++--
 .../nextcloud-aio-collabora-deployment.yaml          |  2 +-
 .../templates/nextcloud-aio-database-deployment.yaml |  4 ++--
 .../nextcloud-aio-fulltextsearch-deployment.yaml     |  6 +++---
 .../nextcloud-aio-imaginary-deployment.yaml          |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml          | 12 ++++++------
 .../nextcloud-aio-notify-push-deployment.yaml        |  2 +-
 .../nextcloud-aio-onlyoffice-deployment.yaml         |  4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml    |  2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml     |  2 +-
 .../nextcloud-aio-talk-recording-deployment.yaml     |  2 +-
 .../nextcloud-aio-whiteboard-deployment.yaml         |  2 +-
 14 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 7bf3cdaa..8e013c81 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.4.0
+version: 11.5.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 1d60880b..4375d0bb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-apache:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index df4d25d5..73f8dd8e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index ffb12a71..57f07917 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 2fd6db2d..0b32650c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 8a46606f..512f3f28 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
           command:
             - chmod
             - "777"
@@ -48,13 +48,13 @@ spec:
               value: single-node
             - name: http.port
               value: "9200"
-            - name: logger.org.elasticsearch.discovery
+            - name: logger.level
               value: WARN
             - name: xpack.license.self_generated.type
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 8877f8c4..48b88216 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 92decf2e..54879be4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
           command:
             - chmod
             - "777"
@@ -110,14 +110,14 @@ spec:
               value: "{{ .Values.FULLTEXTSEARCH_ENABLED }}"
             - name: FULLTEXTSEARCH_HOST
               value: nextcloud-aio-fulltextsearch
-            - name: FULLTEXTSEARCH_PORT
-              value: 9200
-            - name: FULLTEXTSEARCH_USER
-              value: elastic
             - name: FULLTEXTSEARCH_INDEX
               value: nextcloud-aio
             - name: FULLTEXTSEARCH_PASSWORD
               value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}"
+            - name: FULLTEXTSEARCH_PORT
+              value: "9200"
+            - name: FULLTEXTSEARCH_USER
+              value: elastic
             - name: IMAGINARY_ENABLED
               value: "{{ .Values.IMAGINARY_ENABLED }}"
             - name: IMAGINARY_HOST
@@ -188,7 +188,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250811_115851
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index b1d771a1..e4b4a88f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 3ff8701a..19a56a42 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 334b1a5d..4a5fa0df 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-redis:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index efb9dab4..837665ce 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-talk:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index c4d09e8f..4408d64f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 6d1f7d10..cf25046d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250811_115851
           readinessProbe:
             exec:
               command:

From 5775a3a9165f0eb7c302eaa2837bd5b892c57686 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 11 Aug 2025 12:03:39 +0000
Subject: [PATCH 085/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/mastercontainer/Dockerfile |  2 +-
 php/composer.lock                     | 74 ++++++++++++++++-----------
 2 files changed, 46 insertions(+), 30 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 852ea63d..e339fe5a 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -45,7 +45,7 @@ RUN set -ex; \
     apk add --no-cache --virtual .build-deps \
         autoconf \
         build-base; \
-    pecl install APCu-5.1.24; \
+    pecl install APCu-5.1.26; \
     docker-php-ext-enable apcu; \
     rm -r /tmp/pear; \
     runDeps="$( \
diff --git a/php/composer.lock b/php/composer.lock
index b08a92c4..69161cfa 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3875,16 +3875,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.23",
+            "version": "v6.4.24",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "9056771b8eca08d026cd3280deeec3cfd99c4d93"
+                "reference": "59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/9056771b8eca08d026cd3280deeec3cfd99c4d93",
-                "reference": "9056771b8eca08d026cd3280deeec3cfd99c4d93",
+                "url": "https://api.github.com/repos/symfony/console/zipball/59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350",
+                "reference": "59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350",
                 "shasum": ""
             },
             "require": {
@@ -3949,7 +3949,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.23"
+                "source": "https://github.com/symfony/console/tree/v6.4.24"
             },
             "funding": [
                 {
@@ -3960,25 +3960,29 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-06-27T19:37:22+00:00"
+            "time": "2025-07-30T10:38:54+00:00"
         },
         {
             "name": "symfony/filesystem",
-            "version": "v7.3.0",
+            "version": "v7.3.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "b8dce482de9d7c9fe2891155035a7248ab5c7fdb"
+                "reference": "edcbb768a186b5c3f25d0643159a787d3e63b7fd"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/b8dce482de9d7c9fe2891155035a7248ab5c7fdb",
-                "reference": "b8dce482de9d7c9fe2891155035a7248ab5c7fdb",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/edcbb768a186b5c3f25d0643159a787d3e63b7fd",
+                "reference": "edcbb768a186b5c3f25d0643159a787d3e63b7fd",
                 "shasum": ""
             },
             "require": {
@@ -4015,7 +4019,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v7.3.0"
+                "source": "https://github.com/symfony/filesystem/tree/v7.3.2"
             },
             "funding": [
                 {
@@ -4026,25 +4030,29 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-10-25T15:15:23+00:00"
+            "time": "2025-07-07T08:17:47+00:00"
         },
         {
             "name": "symfony/finder",
-            "version": "v6.4.17",
+            "version": "v6.4.24",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/finder.git",
-                "reference": "1d0e8266248c5d9ab6a87e3789e6dc482af3c9c7"
+                "reference": "73089124388c8510efb8d2d1689285d285937b08"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/finder/zipball/1d0e8266248c5d9ab6a87e3789e6dc482af3c9c7",
-                "reference": "1d0e8266248c5d9ab6a87e3789e6dc482af3c9c7",
+                "url": "https://api.github.com/repos/symfony/finder/zipball/73089124388c8510efb8d2d1689285d285937b08",
+                "reference": "73089124388c8510efb8d2d1689285d285937b08",
                 "shasum": ""
             },
             "require": {
@@ -4079,7 +4087,7 @@
             "description": "Finds files and directories via an intuitive fluent interface",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/finder/tree/v6.4.17"
+                "source": "https://github.com/symfony/finder/tree/v6.4.24"
             },
             "funding": [
                 {
@@ -4090,12 +4098,16 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-12-29T13:51:37+00:00"
+            "time": "2025-07-15T12:02:45+00:00"
         },
         {
             "name": "symfony/polyfill-intl-grapheme",
@@ -4417,16 +4429,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.3.0",
+            "version": "v7.3.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "f3570b8c61ca887a9e2938e85cb6458515d2b125"
+                "reference": "42f505aff654e62ac7ac2ce21033818297ca89ca"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/f3570b8c61ca887a9e2938e85cb6458515d2b125",
-                "reference": "f3570b8c61ca887a9e2938e85cb6458515d2b125",
+                "url": "https://api.github.com/repos/symfony/string/zipball/42f505aff654e62ac7ac2ce21033818297ca89ca",
+                "reference": "42f505aff654e62ac7ac2ce21033818297ca89ca",
                 "shasum": ""
             },
             "require": {
@@ -4484,7 +4496,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.3.0"
+                "source": "https://github.com/symfony/string/tree/v7.3.2"
             },
             "funding": [
                 {
@@ -4495,25 +4507,29 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-04-20T20:19:01+00:00"
+            "time": "2025-07-10T08:47:49+00:00"
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.13.0",
+            "version": "6.13.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "70cdf647255a1362b426bb0f522a85817b8c791c"
+                "reference": "1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/70cdf647255a1362b426bb0f522a85817b8c791c",
-                "reference": "70cdf647255a1362b426bb0f522a85817b8c791c",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51",
+                "reference": "1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51",
                 "shasum": ""
             },
             "require": {
@@ -4618,7 +4634,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-07-14T09:59:17+00:00"
+            "time": "2025-08-06T10:10:28+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",

From 3b05cfd60936690ec23b31b6bdeb8b2a49792863 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 11 Aug 2025 12:14:36 +0000
Subject: [PATCH 086/524] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 10f3057d..69bd46dd 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -79,7 +79,7 @@ RUN set -ex; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install -o igbinary-3.2.16; \
-    pecl install APCu-5.1.24; \
+    pecl install APCu-5.1.26; \
     pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \
     pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \
    pecl install -o imagick-3.8.0; \

From 29a189ac299a32bf00279281714aa1dcf92c7928 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 11 Aug 2025 14:18:11 +0200
Subject: [PATCH 087/524] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index f23327cd..42c72e5f 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:9.0.3.1
+FROM onlyoffice/documentserver:9.0.4.1
 
 # USER root is probably used
 

From 5ce5d8cf9ca39468fa30d40d2dc81fd181452abc Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 11 Aug 2025 14:28:12 +0200
Subject: [PATCH 088/524] fix shellcheck

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 +-
 Containers/nextcloud/entrypoint.sh  | 1 +
 Containers/watchtower/start.sh      | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index dba54e12..0882ebd7 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -33,7 +33,7 @@ if [ "$*" != "" ]; then
 fi
 
 # Check if socket is available and readable
-if ! [ -a "/var/run/docker.sock" ]; then
+if ! [ -e "/var/run/docker.sock" ]; then
     print_red "Docker socket is not available. Cannot continue."
     echo "Please make sure to mount the docker socket into /var/run/docker.sock inside the container!"
     echo "If you did this by purpose because you don't want the container to have access to the docker socket, see https://github.com/nextcloud/all-in-one/tree/main/manual-install."
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 1575fac1..433a4ea7 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -234,6 +234,7 @@ DATADIR_PERMISSION_CONF
             if [ -z "$POSTGRES_PORT" ]; then
               POSTGRES_PORT=5432
             fi
+            # shellcheck disable=SC2153
             INSTALL_OPTIONS+=(--database "$DATABASE_TYPE" --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST" --database-port "$POSTGRES_PORT")
 
             echo "Starting Nextcloud installation..."
diff --git a/Containers/watchtower/start.sh b/Containers/watchtower/start.sh
index bec4d3a2..cf16e7a4 100644
--- a/Containers/watchtower/start.sh
+++ b/Containers/watchtower/start.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Check if socket is available and readable
-if ! [ -a "/var/run/docker.sock" ]; then
+if ! [ -e "/var/run/docker.sock" ]; then
     echo "Docker socket is not available. Cannot continue."
     exit 1
 elif ! test -r /var/run/docker.sock; then

From 7a12d5343e500e04ecb0ec12c05b77c792547f75 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 29 Jul 2025 16:05:18 +0200
Subject: [PATCH 089/524] nextcloud: allow to add  custom certs to Nextcloud's
 trusted cert store

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 433a4ea7..c37630e6 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -578,6 +578,24 @@ else
 fi
 # AIO app end # Do not remove or change this line!
 
+# Allow to add custom certs to Nextcloud's trusted cert store
+if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
+    set -x
+    TRUSTED_CERTIFICATES="$(env | grep NEXTCLOUD_TRUSTED_CERTIFICATES_ | grep -oP '^[A-Z_a-z0-9]+')"
+    mapfile -t TRUSTED_CERTIFICATES <<< "$TRUSTED_CERTIFICATES"
+    CERTIFICATES_ROOT_DIR="/var/www/html/data/certificates"
+    mkdir -p "$CERTIFICATES_ROOT_DIR"
+    for certificate in "${TRUSTED_CERTIFICATES[@]}"; do
+        # shellcheck disable=SC2001
+        CERTIFICATE_NAME="$(echo "$certificate" | sed 's|^NEXTCLOUD_TRUSTED_CERTIFICATES_||')"
+        if ! [ -f "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME" ]; then
+            echo "${!certificate}" > "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME"
+            php /var/www/html/occ security:certificates:import "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME"
+        fi
+    done
+    set +x
+fi
+
 # Notify push
 if ! [ -d "/var/www/html/custom_apps/notify_push" ]; then
     php /var/www/html/occ app:install notify_push

From b3d550b09fcf6e0a905329c169dc46cad8e5dff9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Aug 2025 17:14:37 +0000
Subject: [PATCH 090/524] build(deps): bump shivammathur/setup-php in
 /.github/workflows

Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.2 to 2.35.3.
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](https://github.com/shivammathur/setup-php/compare/ccf2c627fe61b1b4d924adfcbd19d661a18133a0...20529878ed81ef8e78ddf08b480401e6101a850f)

---
updated-dependencies:
- dependency-name: shivammathur/setup-php
  dependency-version: 2.35.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 7ac407c4..b5b60b77 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
+    - uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
       with:
         php-version: 8.4
         extensions: apcu
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 54bc0eb0..0b1708c9 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
+        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index d579b529..fdb771cc 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up php
-        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
+        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 926c6195..ebccf3a3 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up php
-        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
+        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 185a2410..e51f9065 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
+        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index dad5b0c6..b49dd152 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
+        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
         with:
           php-version: 8.4
           extensions: apcu

From 14a169068cea1d5c38dc4633cb01e6a76c82613e Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Tue, 12 Aug 2025 04:14:35 +0000
Subject: [PATCH 091/524] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 516a92aa..93ddb312 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.13.0@70cdf647255a1362b426bb0f522a85817b8c791c">
+<files psalm-version="6.13.1@1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51">
   <file src="src/ContainerDefinitionFetcher.php">
     <PossiblyFalseArgument>
       <code><![CDATA[file_get_contents($path)]]></code>

From 45a4e9b1e2bb32a8042eca8cce15676590214904 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 12 Aug 2025 10:40:04 +0200
Subject: [PATCH 092/524] nextcloud: update link to opcache settings docs

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 33cabc39..e03dacb7 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -107,7 +107,7 @@ RUN set -ex; \
     } >> /usr/local/etc/php/conf.d/docker-php-ext-igbinary.ini; \
     \
 # set recommended PHP.ini settings
-# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
+# see https://docs.nextcloud.com/server/stable/admin_manual/installation/server_tuning.html#enable-php-opcache and below
     { \
         echo 'opcache.max_accelerated_files=10000'; \
         echo 'opcache.memory_consumption=256'; \

From 981bff08e6338060a9c5b060c17c3f1c0287f738 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Aug 2025 11:29:26 +0000
Subject: [PATCH 093/524] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.0 to 8.19.1.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 4ada3ea2..3ab1971d 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.0
+FROM elasticsearch:8.19.1
 
 USER root
 

From 005544b308cf36259b52cf8973475b093537db65 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Aug 2025 05:34:30 +0000
Subject: [PATCH 094/524] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.1 to 8.19.2.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 3ab1971d..b8a39213 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.1
+FROM elasticsearch:8.19.2
 
 USER root
 

From 78c4d56fcfd06ca7bbd97b3d4d2282ef82924b06 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Aug 2025 05:35:22 +0000
Subject: [PATCH 095/524] build(deps): bump nicholas-fedor/watchtower in
 /Containers/watchtower

Bumps [nicholas-fedor/watchtower](https://github.com/nicholas-fedor/watchtower) from 1.11.6 to v1.11.7.
- [Release notes](https://github.com/nicholas-fedor/watchtower/releases)
- [Commits](https://github.com/nicholas-fedor/watchtower/compare/v1.11.6...v1.11.7)

---
updated-dependencies:
- dependency-name: nicholas-fedor/watchtower
  dependency-version: v1.11.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index da2af750..aabb1978 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM ghcr.io/nicholas-fedor/watchtower:1.11.6 AS watchtower
+FROM ghcr.io/nicholas-fedor/watchtower:v1.11.7 AS watchtower
 
 FROM alpine:3.22.1
 

From 4f07118a37be6b36ea73eac4b3d213bdecf8ed22 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 13 Aug 2025 14:05:31 +0200
Subject: [PATCH 096/524] nextcloud-entrypoint: do not wait indefinitely if FTS
 is not reachable

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 79 +++++++++++++++++-------------
 1 file changed, 44 insertions(+), 35 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index c37630e6..ca28f684 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -828,45 +828,54 @@ fi
 
 # Fulltextsearch
 if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
-    while ! nc -z "$FULLTEXTSEARCH_HOST" "$FULLTEXTSEARCH_PORT"; do
+    count=0
+    while ! nc -z "$FULLTEXTSEARCH_HOST" "$FULLTEXTSEARCH_PORT" && [ "$count" -lt 90 ]; do
         echo "waiting for Fulltextsearch to become available..."
+        count=$((count+5))
         sleep 5
     done
-    if ! [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
-        php /var/www/html/occ app:install fulltextsearch
-    elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" != "yes" ]; then
-        php /var/www/html/occ app:enable fulltextsearch
-    elif [ "$SKIP_UPDATE" != 1 ]; then
-        php /var/www/html/occ app:update fulltextsearch
-    fi    
-    if ! [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
-        php /var/www/html/occ app:install fulltextsearch_elasticsearch
-    elif [ "$(php /var/www/html/occ config:app:get fulltextsearch_elasticsearch enabled)" != "yes" ]; then
-        php /var/www/html/occ app:enable fulltextsearch_elasticsearch
-    elif [ "$SKIP_UPDATE" != 1 ]; then
-        php /var/www/html/occ app:update fulltextsearch_elasticsearch
-    fi    
-    if ! [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
-        php /var/www/html/occ app:install files_fulltextsearch
-    elif [ "$(php /var/www/html/occ config:app:get files_fulltextsearch enabled)" != "yes" ]; then
-        php /var/www/html/occ app:enable files_fulltextsearch
-    elif [ "$SKIP_UPDATE" != 1 ]; then
-        php /var/www/html/occ app:update files_fulltextsearch
-    fi
-    php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
-    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}"
-    php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
+    if [ "$count" -ge 90 ]; then
+        echo "Fulltextsearch did not start in time. Skipping initialization and disabling fulltextsearch apps."
+        php /var/www/html/occ app:disable fulltextsearch
+        php /var/www/html/occ app:disable fulltextsearch_elasticsearch
+        php /var/www/html/occ app:disable files_fulltextsearch
+    else
+        if ! [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
+            php /var/www/html/occ app:install fulltextsearch
+        elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" != "yes" ]; then
+            php /var/www/html/occ app:enable fulltextsearch
+        elif [ "$SKIP_UPDATE" != 1 ]; then
+            php /var/www/html/occ app:update fulltextsearch
+        fi    
+        if ! [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
+            php /var/www/html/occ app:install fulltextsearch_elasticsearch
+        elif [ "$(php /var/www/html/occ config:app:get fulltextsearch_elasticsearch enabled)" != "yes" ]; then
+            php /var/www/html/occ app:enable fulltextsearch_elasticsearch
+        elif [ "$SKIP_UPDATE" != 1 ]; then
+            php /var/www/html/occ app:update fulltextsearch_elasticsearch
+        fi    
+        if ! [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
+            php /var/www/html/occ app:install files_fulltextsearch
+        elif [ "$(php /var/www/html/occ config:app:get files_fulltextsearch enabled)" != "yes" ]; then
+            php /var/www/html/occ app:enable files_fulltextsearch
+        elif [ "$SKIP_UPDATE" != 1 ]; then
+            php /var/www/html/occ app:update files_fulltextsearch
+        fi
+        php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
+        php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}"
+        php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
 
-    # Do the index
-    if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then
-        echo "Waiting 10s before activating FTS..."
-        sleep 10
-        echo "Activating fulltextsearch..."
-        if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index "{\"errors\": \"reset\"}" --no-readline; then
-            touch "$NEXTCLOUD_DATA_DIR/fts-index.done"
-        else
-            echo "Fulltextsearch failed. Could not index."
-            echo "Feel free to follow https://github.com/nextcloud/all-in-one/discussions/1709 if you want to skip the indexing in the future."
+        # Do the index
+        if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then
+            echo "Waiting 10s before activating FTS..."
+            sleep 10
+            echo "Activating fulltextsearch..."
+            if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index "{\"errors\": \"reset\"}" --no-readline; then
+                touch "$NEXTCLOUD_DATA_DIR/fts-index.done"
+            else
+                echo "Fulltextsearch failed. Could not index."
+                echo "Feel free to follow https://github.com/nextcloud/all-in-one/discussions/1709 if you want to skip the indexing in the future."
+            fi
         fi
     fi
 else

From a429bf7b0f2cff8edbb7e5b0e55cc811823f8853 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Aug 2025 05:12:21 +0000
Subject: [PATCH 097/524] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.3-alpine to 3.2.4-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.4-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index b14d553b..094d3fd5 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.3-alpine
+FROM haproxy:3.2.4-alpine
 
 # hadolint ignore=DL3002
 USER root

From d6c20a3ea3905b663e04df9302f00744dab6dec5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Aug 2025 05:13:40 +0000
Subject: [PATCH 098/524] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.24.6-alpine3.22 to 1.25.0-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.0-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 2e39d5ee..3b70e229 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.6-alpine3.22 AS go
+FROM golang:1.25.0-alpine3.22 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From c665bdf6365fcdb5e6888cf6963ff5ec0ca09b99 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 14 Aug 2025 08:36:10 +0000
Subject: [PATCH 099/524] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index e03dacb7..76bb2aa1 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=31.0.7
+ENV NEXTCLOUD_VERSION=31.0.8
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 1ba5cca0c5b49160837178f2870c85554294f6e5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 14 Aug 2025 11:16:31 +0200
Subject: [PATCH 100/524] increase to 11.6.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2c63f491..596db85f 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.5.0</h1>
+            <h1>Nextcloud AIO v11.6.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From b9e52fef5cb5f6980844b2caaf82d8ea983f1617 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Aug 2025 04:44:01 +0000
Subject: [PATCH 101/524] build(deps): bump postgres in /Containers/postgresql

Bumps postgres from 17.5-alpine to 17.6-alpine.

---
updated-dependencies:
- dependency-name: postgres
  dependency-version: 17.6-alpine
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index b29739d7..2533a5d1 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/17/alpine3.22/Dockerfile
-FROM postgres:17.5-alpine
+FROM postgres:17.6-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From de2dfcc7ed5cb3ceaa17f89f64ccfef185e83f7b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Aug 2025 04:44:08 +0000
Subject: [PATCH 102/524] build(deps): bump nats in /Containers/talk

Bumps nats from 2.11.7-scratch to 2.11.8-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.11.8-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index adc1fb2b..c2be580b 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.7-scratch AS nats
+FROM nats:2.11.8-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
 FROM alpine:3.22.1 AS janus

From 149febb8d3b72400c6e7ae8c82e21aa0598c953b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Aug 2025 07:51:58 +0000
Subject: [PATCH 103/524] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.13.6-alpine3.22 to 3.13.7-alpine3.22.

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.13.7-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 0c2b78ed..40b01470 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.6-alpine3.22
+FROM python:3.13.7-alpine3.22
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 25f0021a812df86ead48e6926eedf8c02f845fae Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Aug 2025 14:25:49 +0000
Subject: [PATCH 104/524] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.1.2 to v1.1.3.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.1.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index bbf0cc6e..02e9344f 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.1.2
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.1.3
 
 USER root
 RUN set -ex; \

From 01dc07e8f1a0fa93043056f5122778fb6b3c51a4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Aug 2025 16:10:27 +0000
Subject: [PATCH 105/524] build(deps): bump
 strukturag/nextcloud-spreed-signaling

Bumps strukturag/nextcloud-spreed-signaling from 2.0.3 to 2.0.4.

---
updated-dependencies:
- dependency-name: strukturag/nextcloud-spreed-signaling
  dependency-version: 2.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index adc1fb2b..9149e6bb 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM nats:2.11.7-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
+FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.1 AS janus
 
 ARG JANUS_VERSION=v1.3.2

From 74b8363f9d535ca09579b5164596fba78f12dc99 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Aug 2025 13:17:33 +0000
Subject: [PATCH 106/524] build(deps): bump azure/setup-helm in
 /.github/workflows

Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/azure/setup-helm/releases)
- [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md)
- [Commits](https://github.com/azure/setup-helm/compare/b9e51907a09c216f16ebe8536097933489208112...1a275c3b69536ee54be43f2070a358922e12c8d4)

---
updated-dependencies:
- dependency-name: azure/setup-helm
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 .github/workflows/lint-helm.yml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 50b161ea..15248c33 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -32,7 +32,7 @@ jobs:
 
       # See https://github.com/helm/chart-releaser-action/issues/6
       - name: Set up Helm
-        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
         with:
           version: v3.6.3
 
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 476c1925..d24c75d2 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -16,7 +16,7 @@ jobs:
           fetch-depth: 0
 
       - name: Install Helm
-        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
         with:
           version: v3.11.1
 

From 9ffb91bd04196ccbac5fd72e56389bb5645858a1 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Wed, 20 Aug 2025 22:23:09 +0200
Subject: [PATCH 107/524] Update stalwart.json

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/stalwart/stalwart.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json
index e2061688..b9a48091 100644
--- a/community-containers/stalwart/stalwart.json
+++ b/community-containers/stalwart/stalwart.json
@@ -48,7 +48,8 @@
             "environment": [
                 "TZ=%TIMEZONE%",
                 "NC_DOMAIN=%NC_DOMAIN%",
-                "STALWART_USER_PASS=%STALWART_USER_PASS%"
+                "STALWART_USER_PASS=%STALWART_USER_PASS%",
+                "CLAMAV_ENABLED=%CLAMAV_ENABLED%"
             ],
             "secrets": [
                 "STALWART_USER_PASS"

From 0eb6bceb6fa15cd074ca35905c9dfb9661c0b05e Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 21 Aug 2025 12:03:50 +0000
Subject: [PATCH 108/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 138 ++++++++++++++++++++++++++--------------------
 1 file changed, 79 insertions(+), 59 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 69161cfa..ea0361a5 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -557,16 +557,16 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "7.0.11",
+            "version": "7.1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "32f111a6d214564520a57831d397263e8946c1d2"
+                "reference": "f88054cc052e40dbe7b383c8817c19442d480352"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/32f111a6d214564520a57831d397263e8946c1d2",
-                "reference": "32f111a6d214564520a57831d397263e8946c1d2",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/f88054cc052e40dbe7b383c8817c19442d480352",
+                "reference": "f88054cc052e40dbe7b383c8817c19442d480352",
                 "shasum": ""
             },
             "require": {
@@ -614,7 +614,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.11"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.1.1"
             },
             "funding": [
                 {
@@ -626,7 +626,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-06-03T07:45:57+00:00"
+            "time": "2025-08-16T11:10:48+00:00"
         },
         {
             "name": "php-di/slim-bridge",
@@ -1398,7 +1398,7 @@
         },
         {
             "name": "symfony/polyfill-ctype",
-            "version": "v1.32.0",
+            "version": "v1.33.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-ctype.git",
@@ -1457,7 +1457,7 @@
                 "portable"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.32.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.33.0"
             },
             "funding": [
                 {
@@ -1468,6 +1468,10 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
@@ -1477,7 +1481,7 @@
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.32.0",
+            "version": "v1.33.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
@@ -1538,7 +1542,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.32.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.33.0"
             },
             "funding": [
                 {
@@ -1549,6 +1553,10 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
@@ -1558,7 +1566,7 @@
         },
         {
             "name": "symfony/polyfill-php81",
-            "version": "v1.32.0",
+            "version": "v1.33.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php81.git",
@@ -1614,7 +1622,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.32.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.33.0"
             },
             "funding": [
                 {
@@ -1625,6 +1633,10 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
@@ -2602,16 +2614,16 @@
         },
         {
             "name": "composer/semver",
-            "version": "3.4.3",
+            "version": "3.4.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/composer/semver.git",
-                "reference": "4313d26ada5e0c4edfbd1dc481a92ff7bff91f12"
+                "reference": "198166618906cb2de69b95d7d47e5fa8aa1b2b95"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/composer/semver/zipball/4313d26ada5e0c4edfbd1dc481a92ff7bff91f12",
-                "reference": "4313d26ada5e0c4edfbd1dc481a92ff7bff91f12",
+                "url": "https://api.github.com/repos/composer/semver/zipball/198166618906cb2de69b95d7d47e5fa8aa1b2b95",
+                "reference": "198166618906cb2de69b95d7d47e5fa8aa1b2b95",
                 "shasum": ""
             },
             "require": {
@@ -2663,7 +2675,7 @@
             "support": {
                 "irc": "ircs://irc.libera.chat:6697/composer",
                 "issues": "https://github.com/composer/semver/issues",
-                "source": "https://github.com/composer/semver/tree/3.4.3"
+                "source": "https://github.com/composer/semver/tree/3.4.4"
             },
             "funding": [
                 {
@@ -2673,13 +2685,9 @@
                 {
                     "url": "https://github.com/composer",
                     "type": "github"
-                },
-                {
-                    "url": "https://tidelift.com/funding/github/packagist/composer/composer",
-                    "type": "tidelift"
                 }
             ],
-            "time": "2024-09-19T14:15:21+00:00"
+            "time": "2025-08-20T19:15:30+00:00"
         },
         {
             "name": "composer/xdebug-handler",
@@ -2986,16 +2994,16 @@
         },
         {
             "name": "fidry/cpu-core-counter",
-            "version": "1.2.0",
+            "version": "1.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/theofidry/cpu-core-counter.git",
-                "reference": "8520451a140d3f46ac33042715115e290cf5785f"
+                "reference": "db9508f7b1474469d9d3c53b86f817e344732678"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/theofidry/cpu-core-counter/zipball/8520451a140d3f46ac33042715115e290cf5785f",
-                "reference": "8520451a140d3f46ac33042715115e290cf5785f",
+                "url": "https://api.github.com/repos/theofidry/cpu-core-counter/zipball/db9508f7b1474469d9d3c53b86f817e344732678",
+                "reference": "db9508f7b1474469d9d3c53b86f817e344732678",
                 "shasum": ""
             },
             "require": {
@@ -3005,10 +3013,10 @@
                 "fidry/makefile": "^0.2.0",
                 "fidry/php-cs-fixer-config": "^1.1.2",
                 "phpstan/extension-installer": "^1.2.0",
-                "phpstan/phpstan": "^1.9.2",
-                "phpstan/phpstan-deprecation-rules": "^1.0.0",
-                "phpstan/phpstan-phpunit": "^1.2.2",
-                "phpstan/phpstan-strict-rules": "^1.4.4",
+                "phpstan/phpstan": "^2.0",
+                "phpstan/phpstan-deprecation-rules": "^2.0.0",
+                "phpstan/phpstan-phpunit": "^2.0",
+                "phpstan/phpstan-strict-rules": "^2.0",
                 "phpunit/phpunit": "^8.5.31 || ^9.5.26",
                 "webmozarts/strict-phpunit": "^7.5"
             },
@@ -3035,7 +3043,7 @@
             ],
             "support": {
                 "issues": "https://github.com/theofidry/cpu-core-counter/issues",
-                "source": "https://github.com/theofidry/cpu-core-counter/tree/1.2.0"
+                "source": "https://github.com/theofidry/cpu-core-counter/tree/1.3.0"
             },
             "funding": [
                 {
@@ -3043,7 +3051,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-08-06T10:04:20+00:00"
+            "time": "2025-08-14T07:29:31+00:00"
         },
         {
             "name": "kelunik/certificate",
@@ -3330,16 +3338,16 @@
         },
         {
             "name": "nikic/php-parser",
-            "version": "v5.6.0",
+            "version": "v5.6.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/nikic/PHP-Parser.git",
-                "reference": "221b0d0fdf1369c71047ad1d18bb5880017bbc56"
+                "reference": "f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/221b0d0fdf1369c71047ad1d18bb5880017bbc56",
-                "reference": "221b0d0fdf1369c71047ad1d18bb5880017bbc56",
+                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2",
+                "reference": "f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2",
                 "shasum": ""
             },
             "require": {
@@ -3358,7 +3366,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "5.0-dev"
+                    "dev-master": "5.x-dev"
                 }
             },
             "autoload": {
@@ -3382,9 +3390,9 @@
             ],
             "support": {
                 "issues": "https://github.com/nikic/PHP-Parser/issues",
-                "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.0"
+                "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.1"
             },
-            "time": "2025-07-27T20:03:57+00:00"
+            "time": "2025-08-13T20:13:15+00:00"
         },
         {
             "name": "phpdocumentor/reflection-common",
@@ -3441,16 +3449,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "5.6.2",
+            "version": "5.6.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "92dde6a5919e34835c506ac8c523ef095a95ed62"
+                "reference": "94f8051919d1b0369a6bcc7931d679a511c03fe9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/92dde6a5919e34835c506ac8c523ef095a95ed62",
-                "reference": "92dde6a5919e34835c506ac8c523ef095a95ed62",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/94f8051919d1b0369a6bcc7931d679a511c03fe9",
+                "reference": "94f8051919d1b0369a6bcc7931d679a511c03fe9",
                 "shasum": ""
             },
             "require": {
@@ -3499,9 +3507,9 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.2"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.3"
             },
-            "time": "2025-04-13T19:20:35+00:00"
+            "time": "2025-08-01T19:43:32+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",
@@ -4111,16 +4119,16 @@
         },
         {
             "name": "symfony/polyfill-intl-grapheme",
-            "version": "v1.32.0",
+            "version": "v1.33.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-intl-grapheme.git",
-                "reference": "b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe"
+                "reference": "380872130d3a5dd3ace2f4010d95125fde5d5c70"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe",
-                "reference": "b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe",
+                "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/380872130d3a5dd3ace2f4010d95125fde5d5c70",
+                "reference": "380872130d3a5dd3ace2f4010d95125fde5d5c70",
                 "shasum": ""
             },
             "require": {
@@ -4169,7 +4177,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.32.0"
+                "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.33.0"
             },
             "funding": [
                 {
@@ -4180,16 +4188,20 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-09-09T11:45:10+00:00"
+            "time": "2025-06-27T09:58:17+00:00"
         },
         {
             "name": "symfony/polyfill-intl-normalizer",
-            "version": "v1.32.0",
+            "version": "v1.33.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-intl-normalizer.git",
@@ -4250,7 +4262,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.32.0"
+                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.33.0"
             },
             "funding": [
                 {
@@ -4261,6 +4273,10 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
@@ -4270,16 +4286,16 @@
         },
         {
             "name": "symfony/polyfill-php84",
-            "version": "v1.32.0",
+            "version": "v1.33.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php84.git",
-                "reference": "000df7860439609837bbe28670b0be15783b7fbf"
+                "reference": "d8ced4d875142b6a7426000426b8abc631d6b191"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/000df7860439609837bbe28670b0be15783b7fbf",
-                "reference": "000df7860439609837bbe28670b0be15783b7fbf",
+                "url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/d8ced4d875142b6a7426000426b8abc631d6b191",
+                "reference": "d8ced4d875142b6a7426000426b8abc631d6b191",
                 "shasum": ""
             },
             "require": {
@@ -4326,7 +4342,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php84/tree/v1.32.0"
+                "source": "https://github.com/symfony/polyfill-php84/tree/v1.33.0"
             },
             "funding": [
                 {
@@ -4337,12 +4353,16 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-02-20T12:04:08+00:00"
+            "time": "2025-06-24T13:30:11+00:00"
         },
         {
             "name": "symfony/service-contracts",

From 3e71a789e123ac7c6c2b67293bba39837f763041 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 21 Aug 2025 12:04:43 +0000
Subject: [PATCH 109/524] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk/server.conf.in | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/Containers/talk/server.conf.in b/Containers/talk/server.conf.in
index 85630d5a..8f437e30 100644
--- a/Containers/talk/server.conf.in
+++ b/Containers/talk/server.conf.in
@@ -84,7 +84,8 @@ internalsecret = the-shared-secret-for-internal-clients
 # For backend type "etcd":
 # Key prefix of backend entries. All keys below will be watched and assumed to
 # contain a JSON document with the following entries:
-# - "url": Url of the Nextcloud instance.
+# - "urls": List of urls of the Nextcloud instance.
+# - "url": Url of the Nextcloud instance (deprecated).
 # - "secret": Shared secret for requests from and to the backend servers.
 #
 # Additional optional entries:
@@ -93,8 +94,8 @@ internalsecret = the-shared-secret-for-internal-clients
 # - "sessionlimit": Number of sessions that are allowed to connect.
 #
 # Example:
-# "/signaling/backend/one" -> {"url": "https://nextcloud.domain1.invalid", ...}
-# "/signaling/backend/two" -> {"url": "https://domain2.invalid/nextcloud", ...}
+# "/signaling/backend/one" -> {"urls": ["https://nextcloud.domain1.invalid"], ...}
+# "/signaling/backend/two" -> {"urls": ["https://domain2.invalid/nextcloud"], ...}
 #backendprefix = /signaling/backend
 
 # Allow any hostname as backend endpoint. This is extremely insecure and should
@@ -122,8 +123,8 @@ connectionsperhost = 8
 # Backend configurations as defined in the "[backend]" section above. The
 # section names must match the ids used in "backends" above.
 #[backend-id]
-# URL of the Nextcloud instance
-#url = https://cloud.domain.invalid
+# Comma-separated list of urls of the Nextcloud instance
+#urls = https://cloud.domain.invalid
 
 # Shared secret for requests from and to the backend servers. Leave empty to use
 # the common shared secret from above.
@@ -143,8 +144,8 @@ connectionsperhost = 8
 #maxscreenbitrate = 2097152
 
 #[another-backend]
-# URL of the Nextcloud instance
-#url = https://cloud.otherdomain.invalid
+# Comma-separated list of urls of the Nextcloud instance
+#urls = https://cloud.otherdomain.invalid
 
 # Shared secret for requests from and to the backend servers. Leave empty to use
 # the common shared secret from above.
@@ -179,6 +180,13 @@ connectionsperhost = 8
 # proxy server that is used.
 #maxscreenbitrate = 2097152
 
+# List of IP addresses / subnets that are allowed to be used by clients in
+# candidates. The allowed list has preference over the blocked list below.
+#allowedcandidates = 10.0.0.0/8
+
+# List of IP addresses / subnets to filter from candidates received by clients.
+#blockedcandidates = 1.2.3.0/24
+
 # For type "proxy": timeout in seconds for requests to the proxy server.
 #proxytimeout = 2
 

From 1e750fdcf61020eaf88d8a6c84328a444abbbbc9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 21 Aug 2025 15:05:59 +0200
Subject: [PATCH 110/524] collabora: add further caps

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/php/containers.json b/php/containers.json
index 5c15c079..87746514 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -397,6 +397,8 @@
       "cap_add": [
         "MKNOD",
         "SYS_ADMIN",
+        "SYS_CHROOT",
+        "FOWNER",
         "CHOWN"
       ],
       "cap_drop": [

From afde995ac6fe6dab6c00bd43620bf2729bbd7b44 Mon Sep 17 00:00:00 2001
From: Thomas Lavocat <tlavocat@redhat.com>
Date: Thu, 21 Aug 2025 16:00:43 +0200
Subject: [PATCH 111/524] documentation: use force to prune docker resources

In the documentation there is reference of a manipulation to perform in
case the collabora container is missing some permissions to access the
filesystem, however `docker system prune` might not clean what's needed.
Adding `-a` is very broad however but will most definitely clean the
image.

Fixes #6776

Signed-off-by: Thomas Lavocat <tlavocat@redhat.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 9dc1aab5..9321f4fb 100644
--- a/readme.md
+++ b/readme.md
@@ -409,7 +409,7 @@ You can move the whole docker library and all its files including all Nextcloud
 
 1. Stop all the containers from the AIO Interface.
 2. Go to your terminal and delete the Collabora container (`docker rm nextcloud-aio-collabora`) AND the Collabora image (`docker image rm nextcloud/aio-collabora`).
-3. You might also want to prune your Docker (`docker system prune`) (no data will be lost).
+3. You might also want to prune your Docker (`docker system prune -a`) (no data will be lost).
 4. Restart your containers from the AIO Interface.
 
 This should solve the problem.

From c3d1d96d1905909f397fe17d768ab2a47039306e Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 22 Aug 2025 11:32:53 +0000
Subject: [PATCH 112/524] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                       | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml        | 6 +++---
 .../templates/nextcloud-aio-apache-service.yaml           | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml        | 8 ++++----
 .../templates/nextcloud-aio-clamav-service.yaml           | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml     | 6 +++---
 .../templates/nextcloud-aio-collabora-service.yaml        | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml      | 8 ++++----
 .../templates/nextcloud-aio-database-service.yaml         | 2 +-
 .../nextcloud-aio-fulltextsearch-deployment.yaml          | 8 ++++----
 .../templates/nextcloud-aio-fulltextsearch-service.yaml   | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml     | 6 +++---
 .../templates/nextcloud-aio-imaginary-service.yaml        | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml     | 8 ++++----
 .../templates/nextcloud-aio-nextcloud-service.yaml        | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml   | 6 +++---
 .../templates/nextcloud-aio-notify-push-service.yaml      | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml    | 8 ++++----
 .../templates/nextcloud-aio-onlyoffice-service.yaml       | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml         | 6 +++---
 .../templates/nextcloud-aio-redis-service.yaml            | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml          | 6 +++---
 .../nextcloud-aio-talk-recording-deployment.yaml          | 6 +++---
 .../templates/nextcloud-aio-talk-recording-service.yaml   | 2 +-
 .../templates/nextcloud-aio-talk-service.yaml             | 4 ++--
 .../templates/nextcloud-aio-whiteboard-deployment.yaml    | 6 +++---
 .../templates/nextcloud-aio-whiteboard-service.yaml       | 2 +-
 27 files changed, 59 insertions(+), 59 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 8e013c81..ac1e2abb 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.5.0
+version: 11.6.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 4375d0bb..0ad86edc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-apache
     spec:
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-apache:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index f496a3f8..404ee626 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 73f8dd8e..e34de43f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
@@ -18,7 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-clamav
     spec:
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
index 67a05650..8dc8597d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 57f07917..830a9a9f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-collabora
     spec:
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
index 081a8131..ebe7bf3f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 0b32650c..c550779f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-database
     spec:
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
index e0abad63..9451d908 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 512f3f28..79c5b8f0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
@@ -18,13 +18,13 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-fulltextsearch
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
index 29dc4871..ae759475 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 48b88216..206ac177 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-imaginary
     spec:
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
index 28bc08be..a5fb3266 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 54879be4..84e79629 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
           command:
             - chmod
             - "777"
@@ -188,7 +188,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250822_112758
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
index 6394b6fc..18cf84d8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index e4b4a88f..fda97c0e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-notify-push
     spec:
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
index 58bc411b..2b7bfccd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 19a56a42..0ceebe1f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
@@ -18,13 +18,13 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-onlyoffice
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
index 08ea4965..6ff9afa1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 4a5fa0df..f12da040 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-redis
     spec:
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-redis:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
index 3deae463..af82a0bb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 837665ce..2432c09f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-talk
     spec:
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-talk:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 4408d64f..49401e8a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
@@ -18,7 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-talk-recording
     spec:
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
index 9fe10d57..4410ed72 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 1b7f1a05..675a2729 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -4,7 +4,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk-public
@@ -28,7 +28,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index cf25046d..14c42eb8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-whiteboard
   name: nextcloud-aio-whiteboard
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-whiteboard
     spec:
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
index 29232bee..8c8cb5aa 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-whiteboard
   name: nextcloud-aio-whiteboard

From 49aa732ec5fb41a2e54888422387a8534e72c518 Mon Sep 17 00:00:00 2001
From: Alan Savage <asavageiv@users.noreply.github.com>
Date: Fri, 22 Aug 2025 04:43:55 -0700
Subject: [PATCH 113/524] add CGNAT range to Caddy and document support for
 additional trusted proxies to rp docs (#6703)

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Signed-off-by: Alan Savage <asavageiv@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Co-authored-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Co-authored-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/start.sh            |  4 ++-
 php/src/Data/ConfigurationManager.php |  2 +-
 php/templates/containers.twig         |  2 +-
 reverse-proxy.md                      | 36 ++++++++++++++++++++++-----
 4 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 9d69eb47..5a85aa08 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -46,7 +46,9 @@ echo "$CADDYFILE" > /tmp/Caddyfile
 
 # Change the trusted_proxies in case of reverse proxies
 if [ "$APACHE_PORT" != '443' ]; then
-    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /tmp/Caddyfile)"
+    # Here the 100.64.0.0/10 range gets added which is the CGNAT range used by Tailscale nodes
+    # See https://github.com/nextcloud/all-in-one/pull/6703 for reference
+    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges 100.64.0.0/10|' /tmp/Caddyfile)"
 else
     CADDYFILE="$(sed "s|# trusted_proxies placeholder|trusted_proxies static $IPv4_ADDRESS|" /tmp/Caddyfile)"
 fi
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index bfc59f7c..257e69d0 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -389,7 +389,7 @@ class ConfigurationManager
                 if ($port === '443') {
                     $notice .= " If you should be using Cloudflare, make sure to disable the Cloudflare Proxy feature as it might block the domain validation. Same for any other firewall or service that blocks unencrypted access on port 443.";
                 } else {
-                    error_log('Please follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things in order to debug things!');
+                    error_log('Please follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#how-to-debug in order to debug things!');
                 }
                 throw new InvalidSettingConfigurationException($notice);
             }
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 596db85f..dbb37208 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -123,7 +123,7 @@
                                     <p>If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a target="_blank" href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.</p>
                                     <p>If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.</p>
                                     {% if apache_port != '443' %}
-                                        <p>If you run into issues with your domain being accepted, see <a target="_blank" href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things.</p>
+                                        <p>If you run into issues with your domain being accepted, see <a target="_blank" href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#how-to-debug">these steps</a> for how to debug things.</p>
                                     {% endif %}
                                     <p><strong>Hint:</strong> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.</p>
                                 </details>
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 84aad3d1..7ad5e97b 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -42,7 +42,7 @@ ghcr.io/nextcloud-releases/all-in-one:latest
 - `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at.
 - `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container)
 - `--env APACHE_ADDITIONAL_NETWORK=""` This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. [See this documentation](#adapting-the-sample-web-server-configurations-below)
-- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#6-how-to-debug-things).
+- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#7-how-to-debug-things).
 - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
 - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
 - `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used.
@@ -51,7 +51,7 @@ ghcr.io/nextcloud-releases/all-in-one:latest
 </details>
 
 > [!Note] 
-> If you run into troubles, see [the debug section](#6-how-to-debug-things).
+> If you run into troubles, see [the debug section](#7-how-to-debug-things).
 
 ---
 
@@ -68,8 +68,9 @@ The process to run Nextcloud behind a reverse proxy consists of at least steps 1
 1. **Use this startup command! See [point 2](#2-use-this-startup-command)**
 1. Optional: if the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container)
 1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
-1. Optional: get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
-1. Optional: how to debug things? See [point 6](#6-how-to-debug-things)
+1. Optional: if the reverse proxy is outside the host network, configure AIO to trust it. See [point 5](#5-optional-configure-aio-for-reverse-proxies-that-connect-to-nextcloud-using-an-ip-address-and-not-localhost-nor-127001)
+1. Optional: get a valid certificate for the AIO interface! See [point 6](#6-optional-get-a-valid-certificate-for-the-aio-interface)
+1. Optional: how to debug things? See [point 7](#7-how-to-debug-things)
 
 ## 1. Configure the reverse proxy
 
@@ -990,7 +991,28 @@ After starting AIO, you should be able to access the AIO Interface via `https://
 ⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)<br>
 Enter your domain in the AIO interface that you've used in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
 
-## 5. Optional: get a valid certificate for the AIO interface
+## 5. Optional: Configure AIO for reverse proxies that connect to nextcloud using an ip-address and not localhost nor 127.0.0.1
+If your reverse proxy connects to nextcloud using an ip-address and not localhost or 127.0.0.1<sup>*</sup> you must make the following configuration changes
+
+<small>*: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1`</small>
+
+### Nextcloud trusted proxies
+Add the IP it uses connect to AIO to the Nextcloud trusted_proxies like this:
+
+```
+sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 2 --value=ip.address.of.proxy
+```
+
+### Collabora WOPI allow list
+If your reverse proxy connects to Nextcloud with an IP address that is different from the one for your domain<sup>*</sup> and you are using the Collabora server then you must also add the IP to the WOPI request allow list via `Administration Settings > Administration > Office > Allow list for WOPI requests`.
+
+<small>*: For example, the reverse proxy has a public globally routable IP and connects to your AIO instance via Tailscale with an IP in the `100.64.0.0/10` range, or you are using a Cloudflare tunnel ([cloudflare notes](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#notes-on-cloudflare-proxytunnel): You must add all [Cloudflare IP-Ranges](https://www.cloudflare.com/ips/) to the WOPI allowlist.)</small>
+
+### External reverse proxies connecting via VPN (e.g. Tailscale)
+
+If your reverse proxy is outside your LAN and connecting via VPN such as Tailscale, you may want to set `APACHE_IP_BINDING=AIO.VPN.host.IP` to ensure only traffic coming from the VPN can connect.
+
+## 6. Optional: get a valid certificate for the AIO interface
 
 If you want to also access your AIO interface publicly with a valid certificate, you can add e.g. the following config to your Caddyfile:
 
@@ -1007,7 +1029,9 @@ https://<your-nc-domain>:8443 {
 
 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
 
-## 6. How to debug things?
+## 7. How to debug things?
+<a id="how-to-debug"></a> <!-- for external linking -->
+<a id="6-how-to-debug-things"></a> <!-- For backwards compatibility-->
 
 If something does not work, follow the steps below:
 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!

From dd495d76a175814cb4cdc9682efb2eacdebfbc53 Mon Sep 17 00:00:00 2001
From: Alan Savage <asavageiv@users.noreply.github.com>
Date: Fri, 22 Aug 2025 04:47:29 -0700
Subject: [PATCH 114/524] Add support for bypass_container_update param for
 easier local build and testing (#6702)

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Alan Savage <asavageiv@users.noreply.github.com>
Co-authored-by: Alan Savage <asavage@ifrit.internal>
Co-authored-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Co-authored-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile   | 17 +++++++----------
 Containers/nextcloud/Dockerfile         | 24 ++++++++++--------------
 develop.md                              | 25 +++++++++++++++++++------
 php/public/index.php                    |  2 ++
 php/src/Controller/DockerController.php |  8 +++++++-
 php/templates/containers.twig           |  1 +
 6 files changed, 46 insertions(+), 31 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c6b7cafa..395fa645 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -8,9 +8,6 @@ FROM caddy:2.10.0-alpine AS caddy
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
 FROM php:8.4.11-fpm-alpine3.22
 
-ARG AIO_GIT_URL="https://github.com/nextcloud-releases/all-in-one.git"
-ARG AIO_GIT_BRANCH="main"
-
 EXPOSE 80
 EXPOSE 8080
 EXPOSE 8443
@@ -18,6 +15,13 @@ EXPOSE 8443
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
 
+COPY community-containers /var/www/docker-aio/community-containers
+COPY php /var/www/docker-aio/php
+COPY --chmod=775 Containers/mastercontainer/*.sh /
+COPY --chmod=664 Containers/mastercontainer/Caddyfile /Caddyfile
+COPY --chmod=664 Containers/mastercontainer/supervisord.conf /supervisord.conf
+COPY Containers/mastercontainer/mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
+
 WORKDIR /var/www/docker-aio
 
 # hadolint ignore=SC2086,DL3047,DL3003,DL3004
@@ -67,8 +71,6 @@ RUN set -ex; \
     wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \
     chmod +x /usr/local/bin/composer; \
     cd /var/www/docker-aio; \
-    git clone "$AIO_GIT_URL" --depth 1 --single-branch --branch "$AIO_GIT_BRANCH" .; \
-    find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \
     rm -r ./php/tests; \
     chown www-data:www-data -R /var/www/docker-aio; \
     cd php; \
@@ -120,11 +122,6 @@ RUN set -ex; \
     mkdir /var/log/supervisord; \
     mkdir /var/run/supervisord;
 
-COPY --chmod=775 *.sh /
-COPY --chmod=664 Caddyfile /Caddyfile
-COPY --chmod=664 supervisord.conf /supervisord.conf
-COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
-
 LABEL org.label-schema.vendor="Nextcloud"
 
 # hadolint ignore=DL3002
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 76bb2aa1..a46f649c 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -13,11 +13,15 @@ ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
 
-COPY --chmod=775 *.sh /
-COPY --chmod=774 upgrade.exclude /upgrade.exclude
-COPY config/*.php /
-COPY supervisord.conf /supervisord.conf
-COPY root.motd /root.motd
+COPY --chmod=775 Containers/nextcloud/*.sh /
+COPY --chmod=774 Containers/nextcloud/upgrade.exclude /upgrade.exclude
+COPY Containers/nextcloud/config/*.php /
+COPY Containers/nextcloud/supervisord.conf /supervisord.conf
+
+# AIO cloning start # Do not remove or change this line!
+COPY app /usr/src/nextcloud/apps/nextcloud-aio
+COPY Containers/nextcloud/root.motd /root.motd
+# AIO cloning end # Do not remove or change this line!
 
 VOLUME /mnt/ncdata
 VOLUME /var/www/html
@@ -242,15 +246,7 @@ RUN set -ex; \
     sed -i 's/^pm.max_children =.*/pm.max_children = 5000/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
     \
-# AIO cloning start # Do not remove or change this line!
-    rm -rf /tmp/nextcloud-aio && \
-    mkdir -p /tmp/nextcloud-aio && \
-    cd /tmp/nextcloud-aio && \
-    git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
-    mkdir -p /usr/src/nextcloud/apps/nextcloud-aio; \
-    cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/; \
-    echo "[ -n \"\$TERM\" ] && cat /root.motd" >> /root/.bashrc; \
-# AIO cloning end # Do not remove or change this line!
+    echo "[ -n \"\$TERM\" ] && [ -f /root.motd ] && cat /root.motd" >> /root/.bashrc; \
     \
     chown www-data:root -R /usr/src && \
     chmod 777 -R /usr/local/etc/php/conf.d && \
diff --git a/develop.md b/develop.md
index abf52208..6c5faf2d 100644
--- a/develop.md
+++ b/develop.md
@@ -26,7 +26,7 @@ Simply use https://github.com/nextcloud/all-in-one/issues/6198 as template.
 Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/repo-sync.yml and run the workflow that will first sync the repo and then build new container that automatically get published to `develop` and `develop-arm64`.
 
 ## How to test things correctly?
-Before testing, make sure that at least the amd64 containers are built successfully by checking the last workflow here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml. 
+Before testing, make sure that at least the amd64 containers are built successfully by checking the last workflow here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml.
 
 There is a testing-VM available for the maintainer of AIO that allows for some final testing before releasing new version. See [this](https://cloud.nextcloud.com/apps/collectives/Nextcloud%20Handbook/Technical/AIO%20testing%20VM?fileId=6350152) for details.
 
@@ -48,12 +48,25 @@ This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/m
 ## How to connect to the database?
 Simply run `sudo docker exec -it nextcloud-aio-database psql -U oc_nextcloud nextcloud_database` and you should be in.
 
-## How to locally build and test changes to mastercontainer?
-1. Push changes to your own git fork and branch.
-1. Use below commands to build mastercontainer image for a custom git url and branch:
+## How to locally build and test changes to mastercontainer
+1. Ensure you are on the developer channel per the instructions above.
+1. Use the commands below from the project root to build the mastercontainer image:
 ```
-cd Containers/mastercontainer
-docker buildx build -t ghcr.io/nextcloud-releases/all-in-one:latest --build-arg AIO_GIT_URL="https://github.com/my-fork-repo/all-in-one.git" --build-arg AIO_GIT_BRANCH="my-feature-branch" --load .
+docker buildx build --file Containers/mastercontainer/Dockerfile --tag ghcr.io/nextcloud-releases/all-in-one:develop --load .
 ```
 1. Start a container with above built image.
 1. Since the hash of a locally built image doesn't match the latest release mastercontainer, it prompts for a mandatory update. To temporarily bypass the update suffix `?bypass_mastercontainer_update` to the URL. Eg: `https://localhost:8080/containers?bypass_mastercontainer_update`
+
+## How to locally build and test changes to other containers using the bypass_container_update param
+1. Ensure you are on the developer channel per the instructions above.
+1. Use the commands below from the project root to build the container image:
+```
+# For the "nextcloud" container
+docker buildx build --file Containers/nextcloud/Dockerfile --tag ghcr.io/nextcloud-releases/aio-nextcloud:develop --load .
+
+# For all other containers
+docker buildx build --file Containers/{container}/Dockerfile --tag ghcr.io/nextcloud-releases/aio-{container}:develop --load Containers/{container}
+```
+1. Stop the containers using the AIO admin interface.
+1. Reload the AIO admin interface with the param `bypass_container_update` to avoid overwriting your local changes, e.g. `https://localhost:8080/containers?bypass_container_update`.
+1. Click "Start and update containers" and test your changes. Containers will not be updated, despite the button text.
diff --git a/php/public/index.php b/php/public/index.php
index 712f1463..aac83826 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -86,6 +86,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
     // Check if bypass_mastercontainer_update is provided on the URL, a special developer mode to bypass a mastercontainer update and use local image.
     $params = $request->getQueryParams();
     $bypass_mastercontainer_update = isset($params['bypass_mastercontainer_update']);
+    $bypass_container_update = isset($params['bypass_container_update']);
 
     return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->GetDomain(),
@@ -136,6 +137,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled(),
         'community_containers' => $configurationManager->listAvailableCommunityContainers(),
         'community_containers_enabled' => $configurationManager->GetEnabledCommunityContainers(),
+        'bypass_container_update' => $bypass_container_update,
     ]);
 })->setName('profile');
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index f9aa6379..8c45e5a6 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -191,8 +191,14 @@ readonly class DockerController {
         $config['install_latest_major'] = $installLatestMajor;
         $this->configurationManager->WriteConfig($config);
 
+        // Do not pull container images in case 'bypass_container_update' is set via url params
+        // Needed for local testing
+        $pullImage = !isset($request->getParsedBody()['bypass_container_update']);
+        if ($pullImage === false) {
+            error_log('WARNING: Not pulling container images. Instead, using local ones.');
+        }
         // Start container
-        $this->startTopContainer(true);
+        $this->startTopContainer($pullImage);
 
         // Clear apcu cache in order to check if container updates are available
         // Temporarily disabled as it leads much faster to docker rate limits
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index dbb37208..2c9e4cd5 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -352,6 +352,7 @@
                                     <form method="POST" action="/api/docker/start" class="xhr">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        <input type="hidden" name="bypass_container_update" value="{{bypass_container_update}}">
                                         <input class="button " type="submit" value="Start and update containers" onclick="return confirm('Start and update containers? You should consider creating a backup first.')" />
                                     </form>
                                 {% endif %}

From 423ba1cc3c34269abbb09192bc3e3ccd2e374f76 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 22 Aug 2025 13:51:35 +0200
Subject: [PATCH 115/524] talk: update script to use the new urls syntax

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index b07f5bc9..f89949f3 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -98,7 +98,7 @@ connectionsperhost = 8
 skipverify = ${SKIP_CERT_VERIFY}
 
 [backend-1]
-url = https://${NC_DOMAIN}
+urls = https://${NC_DOMAIN}
 secret = ${SIGNALING_SECRET}
 maxstreambitrate = ${TALK_MAX_STREAM_BITRATE}
 maxscreenbitrate = ${TALK_MAX_SCREEN_BITRATE}

From 13b09e2497cde1a57a073d8b7597cf89d7443600 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 22 Aug 2025 12:03:41 +0000
Subject: [PATCH 116/524] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 867f848b..236ab444 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -267,6 +267,8 @@ services:
     cap_add:
       - MKNOD
       - SYS_ADMIN
+      - SYS_CHROOT
+      - FOWNER
       - CHOWN
     cap_drop:
       - NET_RAW

From 52975f35ee86b898706d8ca3c5609d32950b4653 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 23 Aug 2025 12:02:56 +0000
Subject: [PATCH 117/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index ea0361a5..889b34f4 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -134,16 +134,16 @@
         },
         {
             "name": "guzzlehttp/promises",
-            "version": "2.2.0",
+            "version": "2.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/promises.git",
-                "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c"
+                "reference": "481557b130ef3790cf82b713667b43030dc9c957"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/7c69f28996b0a6920945dd20b3857e499d9ca96c",
-                "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/481557b130ef3790cf82b713667b43030dc9c957",
+                "reference": "481557b130ef3790cf82b713667b43030dc9c957",
                 "shasum": ""
             },
             "require": {
@@ -151,7 +151,7 @@
             },
             "require-dev": {
                 "bamarni/composer-bin-plugin": "^1.8.2",
-                "phpunit/phpunit": "^8.5.39 || ^9.6.20"
+                "phpunit/phpunit": "^8.5.44 || ^9.6.25"
             },
             "type": "library",
             "extra": {
@@ -197,7 +197,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/2.2.0"
+                "source": "https://github.com/guzzle/promises/tree/2.3.0"
             },
             "funding": [
                 {
@@ -213,7 +213,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-03-27T13:27:01+00:00"
+            "time": "2025-08-22T14:34:08+00:00"
         },
         {
             "name": "guzzlehttp/psr7",

From 676398f3af6d8376a52422a4d21b6e8494eef4f1 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sun, 24 Aug 2025 12:02:49 +0000
Subject: [PATCH 118/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 889b34f4..36729b94 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,22 +8,22 @@
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.9.3",
+            "version": "7.10.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77"
+                "reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
-                "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b51ac707cfa420b7bfd4e4d5e510ba8008e822b4",
+                "reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4",
                 "shasum": ""
             },
             "require": {
                 "ext-json": "*",
-                "guzzlehttp/promises": "^1.5.3 || ^2.0.3",
-                "guzzlehttp/psr7": "^2.7.0",
+                "guzzlehttp/promises": "^2.3",
+                "guzzlehttp/psr7": "^2.8",
                 "php": "^7.2.5 || ^8.0",
                 "psr/http-client": "^1.0",
                 "symfony/deprecation-contracts": "^2.2 || ^3.0"
@@ -114,7 +114,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.9.3"
+                "source": "https://github.com/guzzle/guzzle/tree/7.10.0"
             },
             "funding": [
                 {
@@ -130,7 +130,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-03-27T13:37:11+00:00"
+            "time": "2025-08-23T22:36:01+00:00"
         },
         {
             "name": "guzzlehttp/promises",
@@ -217,16 +217,16 @@
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.7.1",
+            "version": "2.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16"
+                "reference": "21dc724a0583619cd1652f673303492272778051"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/c2270caaabe631b3b44c85f99e5a04bbb8060d16",
-                "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/21dc724a0583619cd1652f673303492272778051",
+                "reference": "21dc724a0583619cd1652f673303492272778051",
                 "shasum": ""
             },
             "require": {
@@ -242,7 +242,7 @@
             "require-dev": {
                 "bamarni/composer-bin-plugin": "^1.8.2",
                 "http-interop/http-factory-tests": "0.9.0",
-                "phpunit/phpunit": "^8.5.39 || ^9.6.20"
+                "phpunit/phpunit": "^8.5.44 || ^9.6.25"
             },
             "suggest": {
                 "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
@@ -313,7 +313,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.7.1"
+                "source": "https://github.com/guzzle/psr7/tree/2.8.0"
             },
             "funding": [
                 {
@@ -329,7 +329,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-03-27T12:30:47+00:00"
+            "time": "2025-08-23T21:21:41+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",

From 0ddc2d4ea90d1cf000ef3962f26fd13da028dd18 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Aug 2025 06:43:28 +0000
Subject: [PATCH 119/524] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.4.2.1 to 25.04.4.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.4.3.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index b6088f30..ac8ed4b9 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.4.2.1
+FROM collabora/code:25.04.4.3.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 913179c7a697f161fdac425eaff51d7a3845917d Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 25 Aug 2025 12:13:50 +0000
Subject: [PATCH 120/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 36729b94..578378e4 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1150,22 +1150,22 @@
         },
         {
             "name": "slim/slim",
-            "version": "4.14.0",
+            "version": "4.15.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim.git",
-                "reference": "5943393b88716eb9e82c4161caa956af63423913"
+                "reference": "17eba5182975878a0ab9b27982cd2e2cfcb67ea2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim/zipball/5943393b88716eb9e82c4161caa956af63423913",
-                "reference": "5943393b88716eb9e82c4161caa956af63423913",
+                "url": "https://api.github.com/repos/slimphp/Slim/zipball/17eba5182975878a0ab9b27982cd2e2cfcb67ea2",
+                "reference": "17eba5182975878a0ab9b27982cd2e2cfcb67ea2",
                 "shasum": ""
             },
             "require": {
                 "ext-json": "*",
                 "nikic/fast-route": "^1.3",
-                "php": "^7.4 || ^8.0",
+                "php": "~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0",
                 "psr/container": "^1.0 || ^2.0",
                 "psr/http-factory": "^1.1",
                 "psr/http-message": "^1.1 || ^2.0",
@@ -1174,7 +1174,7 @@
                 "psr/log": "^1.1 || ^2.0 || ^3.0"
             },
             "require-dev": {
-                "adriansuter/php-autoload-override": "^1.4",
+                "adriansuter/php-autoload-override": "^1.4 || ^2",
                 "ext-simplexml": "*",
                 "guzzlehttp/psr7": "^2.6",
                 "httpsoft/http-message": "^1.1",
@@ -1184,12 +1184,12 @@
                 "nyholm/psr7-server": "^1.1",
                 "phpspec/prophecy": "^1.19",
                 "phpspec/prophecy-phpunit": "^2.1",
-                "phpstan/phpstan": "^1.11",
+                "phpstan/phpstan": "^1 || ^2",
                 "phpunit/phpunit": "^9.6",
                 "slim/http": "^1.3",
                 "slim/psr7": "^1.6",
                 "squizlabs/php_codesniffer": "^3.10",
-                "vimeo/psalm": "^5.24"
+                "vimeo/psalm": "^5 || ^6"
             },
             "suggest": {
                 "ext-simplexml": "Needed to support XML format in BodyParsingMiddleware",
@@ -1216,17 +1216,17 @@
                 {
                     "name": "Andrew Smith",
                     "email": "a.smith@silentworks.co.uk",
-                    "homepage": "http://silentworks.co.uk"
+                    "homepage": "https://silentworks.co.uk"
                 },
                 {
                     "name": "Rob Allen",
                     "email": "rob@akrabat.com",
-                    "homepage": "http://akrabat.com"
+                    "homepage": "https://akrabat.com"
                 },
                 {
                     "name": "Pierre Berube",
                     "email": "pierre@lgse.com",
-                    "homepage": "http://www.lgse.com"
+                    "homepage": "https://www.lgse.com"
                 },
                 {
                     "name": "Gabriel Manricks",
@@ -1262,7 +1262,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-06-13T08:54:48+00:00"
+            "time": "2025-08-20T18:16:16+00:00"
         },
         {
             "name": "slim/twig-view",

From 6d44c1d47784a105998dba9baa3745f982032d79 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 26 Aug 2025 01:05:44 +0000
Subject: [PATCH 121/524] build(deps): bump shivammathur/setup-php in
 /.github/workflows

Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.3 to 2.35.4.
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](https://github.com/shivammathur/setup-php/compare/20529878ed81ef8e78ddf08b480401e6101a850f...ec406be512d7077f68eed36e63f4d91bc006edc4)

---
updated-dependencies:
- dependency-name: shivammathur/setup-php
  dependency-version: 2.35.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index b5b60b77..14efd520 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
+    - uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
       with:
         php-version: 8.4
         extensions: apcu
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 0b1708c9..30f6831b 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
+        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index fdb771cc..4022272f 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up php
-        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
+        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index ebccf3a3..ba33886b 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up php
-        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
+        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index e51f9065..2e12971d 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
+        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index b49dd152..e02ccb5b 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
+        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
         with:
           php-version: 8.4
           extensions: apcu

From 84f92cd0ac95924de62c47bf25e0065eaebf3f76 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 27 Aug 2025 12:53:34 +0000
Subject: [PATCH 122/524] build(deps): bump actions/checkout from 4 to 5 in
 /.github/workflows

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codespell.yml                | 2 +-
 .github/workflows/community-containers.yml     | 2 +-
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/docker-lint.yml              | 2 +-
 .github/workflows/helm-release.yml             | 2 +-
 .github/workflows/imaginary-update.yml         | 2 +-
 .github/workflows/json-validator.yml           | 2 +-
 .github/workflows/lint-helm.yml                | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/nextcloud-update.yml         | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/playwright.yml               | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/shellcheck.yml               | 2 +-
 .github/workflows/talk.yml                     | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 .github/workflows/update-copyright.yml         | 2 +-
 .github/workflows/update-helm.yml              | 2 +-
 .github/workflows/update-yaml.yml              | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 51548e24..9104a88d 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Check spelling
         uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2
         with:
diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml
index 2df5173d..eddc2be1 100644
--- a/.github/workflows/community-containers.yml
+++ b/.github/workflows/community-containers.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Validate structure
         run: |
           CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 14efd520..cb3eb33d 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -10,7 +10,7 @@ jobs:
     name: Run dependency update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
       with:
         php-version: 8.4
diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index b1a2cd87..1551c48a 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Install hadolint
         run: |
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 15248c33..ec4eec6a 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Turnstyle
         uses: softprops/turnstyle@807f6009e7cee5c2c9faa41ccef03a8bb24b06ab # v2
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 707a4d7d..4b7fe096 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update to latest imaginary commit on master branch
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Run imaginary-update
       run: |
         # Imaginary
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index 3db0032d..e22ca689 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Validate Json
         run: |
           sudo apt-get update
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index d24c75d2..650ae709 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 30f6831b..1beac885 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -33,7 +33,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 96ecef69..7d153d7b 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -11,7 +11,7 @@ jobs:
     name: Run nextcloud-update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Run nextcloud-update script
       run: |
         # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index 4022272f..62aea81e 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -16,7 +16,7 @@ jobs:
     name: PHP Deprecation Detector
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Set up php
         uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
         with:
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 8ddc2712..d93fd5e7 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - uses: actions/setup-node@v4
         with:
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index ba33886b..a35394aa 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Set up php
         uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 2e12971d..ea70f8e8 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -26,7 +26,7 @@ jobs:
     name: static-psalm-analysis
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1
 
       - name: Set up php
         uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index d474d95f..4924d9bc 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -15,7 +15,7 @@ jobs:
     name: Check Shell
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Run Shellcheck
       uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
       with:
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index 1b541dd4..ed04851a 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -10,7 +10,7 @@ jobs:
     name: update talk
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Run talk-container-update
       run: |
         # Recording
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index e02ccb5b..93c4b572 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml
index fa00f9b1..364b3aae 100644
--- a/.github/workflows/update-copyright.yml
+++ b/.github/workflows/update-copyright.yml
@@ -8,4 +8,4 @@ jobs:
     name: update copyright
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 9b261a78..b10fb430 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: update helm chart
         run: |
           set -x
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index dca81879..d8c6c6e0 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: update yaml files
         run: |
           sudo bash manual-install/update-yaml.sh

From 681cd2cb17519abb9f5c93492a8a9453d07108a1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 27 Aug 2025 13:55:56 +0000
Subject: [PATCH 123/524] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.4.3.1 to 25.04.5.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.5.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index ac8ed4b9..f86d2f61 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.4.3.1
+FROM collabora/code:25.04.5.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From bc04ee6aeae6a469976b78c26984e0d22be5500f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Aug 2025 05:49:58 +0000
Subject: [PATCH 124/524] build(deps): bump caddy in
 /Containers/mastercontainer

Bumps caddy from 2.10.0-alpine to 2.10.2-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-version: 2.10.2-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 395fa645..19b621cb 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -3,7 +3,7 @@
 FROM docker:28.3.3-cli AS docker
 
 # Caddy is a requirement
-FROM caddy:2.10.0-alpine AS caddy
+FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
 FROM php:8.4.11-fpm-alpine3.22

From 1e579b049e2104101747e3303f4541605852da04 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Aug 2025 05:55:45 +0000
Subject: [PATCH 125/524] build(deps): bump caddy in /Containers/apache

Bumps caddy from 2.10.0-alpine to 2.10.2-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-version: 2.10.2-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 58e2ae05..d9602864 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.10.0-alpine AS caddy
+FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
 FROM httpd:2.4.65-alpine3.22

From a2394e4621c0871a9cbbb9d8b67a96dd4579f407 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 27 Aug 2025 19:22:28 +0200
Subject: [PATCH 126/524] clamav: set permissions for `/var/lib/clamav`
 correctly

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index d00e34a7..c7353629 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -4,8 +4,9 @@ FROM alpine:3.22.1
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache tzdata clamav supervisor bash; \
-    mkdir -p /run/clamav /var/log/supervisord /var/run/supervisord; \
+    mkdir -p /var/lib/clamav /run/clamav /var/log/supervisord /var/run/supervisord; \
     chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
+    chown -R 100:100 /var/lib/clamav; \
     sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \

From 3badbf2d05754f7d6c18bc6e62a341bfac18a94c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 28 Aug 2025 15:59:37 +0200
Subject: [PATCH 127/524] compose.yaml: move the security_opt setting up for
 easier discovery

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 compose.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compose.yaml b/compose.yaml
index 93a6b7af..361c8a3f 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -12,6 +12,7 @@ services:
       - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       - 8080:8080
       - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+    # security_opt: ["label:disable"] # Is needed when using SELinux
     # environment: # Is needed when using any of the options below
       # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
       # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
@@ -35,7 +36,6 @@ services:
       # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation
       # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
       # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
-    # security_opt: ["label:disable"] # Is needed when using SELinux
 
 #   # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575
 #   # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/5439

From e2518d93a8fe395b6a2d7d80737b9a8108c9210e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 29 Aug 2025 04:20:22 +0000
Subject: [PATCH 128/524] build(deps): bump php in /Containers/mastercontainer

Bumps php from 8.4.11-fpm-alpine3.22 to 8.4.12-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.12-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 19b621cb..223d2b92 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:28.3.3-cli AS docker
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
-FROM php:8.4.11-fpm-alpine3.22
+FROM php:8.4.12-fpm-alpine3.22
 
 EXPOSE 80
 EXPOSE 8080

From b9a840904795eafaeff2717377e4cbe327a0215c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 29 Aug 2025 04:20:39 +0000
Subject: [PATCH 129/524] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.24-fpm-alpine3.22 to 8.3.25-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.25-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index a46f649c..68902f33 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.24-fpm-alpine3.22
+FROM php:8.3.25-fpm-alpine3.22
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From 2e54b15544490f6d1cd4112cd6758bcf32929e30 Mon Sep 17 00:00:00 2001
From: Lorenzo Moscati <lo.mosca.ti@gmail.com>
Date: Fri, 29 Aug 2025 10:16:13 +0200
Subject: [PATCH 130/524] Add docs how to adjust MTU size of the docker network
 (#6779)

Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
---
 compose.yaml | 10 +++++++++-
 readme.md    | 10 ++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/compose.yaml b/compose.yaml
index 361c8a3f..dae365c6 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -7,7 +7,8 @@ services:
     volumes:
       - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
       - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
-    network_mode: bridge # add to the same network as docker run would do
+    network_mode: bridge # This adds the container to the same network as docker run would do. Comment this line and uncomment the line below and the networks section at the end of the file if you want to define a custom MTU size for the docker network
+    # networks: ["nextcloud-aio"]
     ports:
       - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       - 8080:8080
@@ -69,3 +70,10 @@ volumes: # If you want to store the data on a different drive, see https://githu
   # caddy_config:
   # caddy_data:
   # caddy_sites:
+
+# # Adjust the MTU size of the docker network. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-mtu-size-of-the-docker-network
+# networks:
+#   nextcloud-aio:
+#     name: nextcloud-aio
+#     driver_opts:
+#       com.docker.network.driver.mtu: 1440
diff --git a/readme.md b/readme.md
index 9321f4fb..47bb1e50 100644
--- a/readme.md
+++ b/readme.md
@@ -171,6 +171,7 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma
     - [How to skip the domain validation?](#how-to-skip-the-domain-validation)
     - [How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?](#how-to-resolve-firewall-problems-with-fedora-linux-rhel-os-centos-suse-linux-and-others)
     - [What can I do to fix the internal or reserved ip-address error?](#what-can-i-do-to-fix-the-internal-or-reserved-ip-address-error)
+    - [How to adjust the MTU size of the docker network](#how-to-adjust-the-mtu-size-of-the-docker-network)
 - [Infrastructure](#infrastructure)
     - [Which CPU architectures are supported?](#which-cpu-architectures-are-supported)
     - [Disrecommended VPS providers](#disrecommended-vps-providers)
@@ -353,6 +354,15 @@ See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue-
 ### What can I do to fix the internal or reserved ip-address error?
 If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:<public-ip-address>` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation.
 
+### How to adjust the MTU size of the docker network
+You can adjust the MTU size of the docker network by creating it beforehand with the custom MTU:
+```
+docker network create --driver bridge --opt com.docker.network.driver.mtu=1440 nextcloud-aio
+```
+When you open the AIO interface for the first time after you execute the `docker run` command, it will automatically connect to the `aio-nextcloud` network with the custom MTU. Keep in mind that if you previously started the mastercontainer without creating the network with the extra options, you will need to remove the old `aio-nextcloud` network and recreate it with the new configuration.
+
+If you want to use docker compose, you can check out the comments in the `compose.yaml` file for more details.
+
 ## Infrastructure
 
 ### Which CPU architectures are supported?

From 78bbb8a1111eeca83e05933ad1d00d7afdedcfc4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 28 Aug 2025 16:08:33 +0200
Subject: [PATCH 131/524] compose.yaml: add some more explanation and links to
 docs

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 compose.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index dae365c6..e916d85a 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,8 +1,8 @@
 services:
   nextcloud-aio-mastercontainer:
-    image: ghcr.io/nextcloud-releases/all-in-one:latest
-    init: true
-    restart: always
+    image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel
+    init: true # This setting makes sure that signals from main process inside the container are correctly forwarded to children. See https://docs.docker.com/reference/compose-file/services/#init
+    restart: always # This makes sure that the container starts always together with the host OS. See https://docs.docker.com/reference/compose-file/services/#restart
     container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
     volumes:
       - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
@@ -11,9 +11,9 @@ services:
     # networks: ["nextcloud-aio"]
     ports:
       - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-      - 8080:8080
+      - 8080:8080 # This is the AIO interface, served via https and self-signed certificate. See https://github.com/nextcloud/all-in-one#explanation-of-used-ports
       - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-    # security_opt: ["label:disable"] # Is needed when using SELinux
+    # security_opt: ["label:disable"] # Is needed when using SELinux. See https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled
     # environment: # Is needed when using any of the options below
       # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
       # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md

From 76be50d42d7b1aa24184e5a8fec8bbab212c25af Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 29 Aug 2025 10:52:06 +0200
Subject: [PATCH 132/524] increase to 11.7.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2c9e4cd5..61eed40d 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.6.0</h1>
+            <h1>Nextcloud AIO v11.7.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 5f067cc03ef4b2bda838b31417722c082319b60f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 29 Aug 2025 11:00:37 +0200
Subject: [PATCH 133/524] clamav: fix initial freshclam update

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index c7353629..216ea1c9 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -12,14 +12,15 @@ RUN set -ex; \
     sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
-    sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \
-    freshclam --foreground --stdout
+    sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 COPY --chmod=664 supervisord.conf /supervisord.conf
 
 USER 100
+RUN set -ex; \
+    freshclam --foreground --stdout
 VOLUME /var/lib/clamav
 ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

From 0f84872fbf8e2ead9c464ad8ee77e06705ea320f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 29 Aug 2025 11:21:42 +0200
Subject: [PATCH 134/524] fix start and update of containers after #6702

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 61eed40d..e9b7ce7c 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -352,7 +352,9 @@
                                     <form method="POST" action="/api/docker/start" class="xhr">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                        <input type="hidden" name="bypass_container_update" value="{{bypass_container_update}}">
+                                        {% if bypass_container_update == true %}
+                                            <input type="hidden" name="bypass_container_update" value="{{bypass_container_update}}">
+                                        {% endif %}
                                         <input class="button " type="submit" value="Start and update containers" onclick="return confirm('Start and update containers? You should consider creating a backup first.')" />
                                     </form>
                                 {% endif %}

From 1f7ccba5c8a782a0d3711516c6712f164fecb17f Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Thu, 19 Jun 2025 19:18:49 -0700
Subject: [PATCH 135/524] Configure WOPI requests to remain within the Docker
 network

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 Containers/apache/Caddyfile | 1 +
 php/containers.json         | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index 64fb5f93..bda4c44c 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -15,6 +15,7 @@
 }
 
 https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
+http://${APACHE_HOST}:{$APACHE_PORT}, # For Collabora callback
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
     header -Server
     header -X-Powered-By
diff --git a/php/containers.json b/php/containers.json
index c9d57466..d71c085f 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -379,7 +379,7 @@
       ],
       "internal_port": "9980",
       "environment": [
-        "aliasgroup1=https://%NC_DOMAIN%:443",
+        "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:%APACHE_PORT%",
         "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
@@ -389,7 +389,7 @@
       "restart": "unless-stopped",
       "nextcloud_exec_commands": [
         "echo 'Activating Collabora config...'",
-        "php /var/www/html/occ richdocuments:activate-config"
+        "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-collabora:9980' --callback-url='http://nextcloud-aio-apache:%APACHE_PORT%'"
       ],
       "profiles": [
         "collabora"

From b26b2b440028031c7aa3d1df7abe94343607982b Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Sat, 30 Aug 2025 10:24:45 -0700
Subject: [PATCH 136/524] Use nextcloud-aio-apache for the wopi-url

This makes all the WOPI requests go through a single point
making debugging easier.

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/containers.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index d71c085f..8de22b0f 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -389,7 +389,7 @@
       "restart": "unless-stopped",
       "nextcloud_exec_commands": [
         "echo 'Activating Collabora config...'",
-        "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-collabora:9980' --callback-url='http://nextcloud-aio-apache:%APACHE_PORT%'"
+        "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache:%APACHE_PORT%' --callback-url='http://nextcloud-aio-apache:%APACHE_PORT%'"
       ],
       "profiles": [
         "collabora"

From 43b04b36f5445799be8a04e04bc42600a9018fd0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 3 Sep 2025 21:04:22 +0200
Subject: [PATCH 137/524] update docs with new tailscale guide

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 compose.yaml                  |  2 +-
 local-instance.md             |  2 +-
 php/templates/containers.twig |  2 +-
 readme.md                     | 14 +++++++-------
 reverse-proxy.md              |  4 ++--
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index e916d85a..f2026388 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -39,7 +39,7 @@ services:
       # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
 
 #   # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575
-#   # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/5439
+#   # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/6817
 #   # Hint: You need to uncomment APACHE_PORT: 11000 above, adjust cloud.example.com to your domain and uncomment the necessary docker volumes at the bottom of this file in order to make it work
 #   # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
 #   caddy:
diff --git a/local-instance.md b/local-instance.md
index 4633bc08..1da26280 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -9,7 +9,7 @@ It is possible due to several reasons that you do not want or cannot open Nextcl
 - [5. Buy a certificate and use that](#5-buy-a-certificate-and-use-that)
 
 ## 1. Tailscale
-This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439
+This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
 
 ## 2. The normal way
 The normal way is the following:
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e9b7ce7c..50c1de88 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -118,7 +118,7 @@
                                 <p>Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record is, of course, also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.</p>
                                 <details>
                                     <summary>Click here for further hints</summary>
-                                    <p>If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use <a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/5439">Tailscale</a></p>
+                                    <p>If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use <a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/6817">Tailscale</a></p>
                                     <p>If you have a dynamic public IP-address, you can use e.g. <a target="_blank" href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.</p>
                                     <p>If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a target="_blank" href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.</p>
                                     <p>If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.</p>
diff --git a/readme.md b/readme.md
index 47bb1e50..4c0712aa 100644
--- a/readme.md
+++ b/readme.md
@@ -32,7 +32,7 @@ Included are:
 - A+ security in Nextcloud security scan
 - Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 - Can be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel)
-- Can be used via [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439)
+- Can be used via [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817)
 - Ready for big file uploads up to 10 GB on public links, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud) (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case)
 - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads)
 - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud)
@@ -282,7 +282,7 @@ Only those (if you access the Mastercontainer Interface internally via port 8080
 - `3478/TCP` and `3478/UDP`: will be used by the Turnserver inside the Talk container and needs to be open/forwarded in your firewall/router
 
 ### Notes on Cloudflare (proxy/tunnel)
-Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed below, it is rather recommended to switch to [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if possible.
+Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed below, it is rather recommended to switch to [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817) if possible.
 - Cloudflare Proxy and Cloudflare Tunnel both require Cloudflare to perform TLS termination on their side and thus decrypt all the traffic on their infrastructure. This is a privacy concern and you will need to look for other solutions if it's unacceptable for you.
 - Using Cloudflare Tunnel might potentially slow down Nextcloud since local access via the configured domain is not possible because TLS termination is in that case offloaded to Cloudflare's infrastructure. There is no way to disable this behavior in Cloudflare Tunnel.
 - It is known that the domain validation may not work correctly behind Cloudflare since Cloudflare might block the validation attempt. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
@@ -300,7 +300,7 @@ Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed b
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. However please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding.
 
 ### How to run Nextcloud via Tailscale?
-For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439
+For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
 
 ### How to get Nextcloud running using the ACME DNS-challenge?
 You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic.
@@ -309,22 +309,22 @@ You can install AIO in reverse proxy mode where is also documented how to get it
 If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation on how to set it up locally: [local-instance.md](./local-instance.md), but keep in mind you're still required to have https working properly.
 
 ### Can I use an ip-address for Nextcloud instead of a domain?
-No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439).
+No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817).
 
 ### Can I run AIO offline or in an airgapped system?
 No. This is not possible and will not be added due to multiple reasons: update checks, app installs via app-store, downloading additional docker images on demand and more.
 
 ### Are self-signed certificates supported for Nextcloud?
-No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439).
+No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817).
 
 ### Can I use AIO with multiple domains?
 No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create multiple AIO instances, one for each domain.
 
 ### Are other ports than the default 443 for Nextcloud supported?
-No and they will not be. If port 443 and/or 80 is blocked for you, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online. If you already run a different service on port 443, please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). However in all cases the Nextcloud interface will redirect you to port 443.
+No and they will not be. If port 443 and/or 80 is blocked for you, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817) if you want to publish it online. If you already run a different service on port 443, please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). However in all cases the Nextcloud interface will redirect you to port 443.
 
 ### Can I run Nextcloud in a subdirectory on my domain?
-No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). Alternatively, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online.
+No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). Alternatively, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817) if you want to publish it online.
 
 ### How can I access Nextcloud locally?
 Please note that local access is not possible if you are running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work.
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 7ad5e97b..e07a54c8 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -4,7 +4,7 @@
 > Please note that AIO comes secured with TLS out-of-the-box. So you don't need to necessarily set up your own reverse proxy if you only want to run Nextcloud AIO which is much easier. See [the normal readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) in that case. However if port 443 should already be used because you already run a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to follow this reverse proxy documentation to set up Nextcloud AIO.
 
 > [!TIP]
-> If you don't have a domain yet, [Tailscale is recommended](https://github.com/nextcloud/all-in-one/discussions/5439). If you don't have a reverse proxy yet, [Caddy is recommended](https://github.com/nextcloud/all-in-one/discussions/575).
+> If you don't have a domain yet, [Tailscale is recommended](https://github.com/nextcloud/all-in-one/discussions/6817). If you don't have a reverse proxy yet, [Caddy is recommended](https://github.com/nextcloud/all-in-one/discussions/575).
 
 ## Introduction
 In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to:
@@ -905,7 +905,7 @@ Add the following `web.config` file to the root of the site you created as the r
 
 <summary>click here to expand</summary>
 
-For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439
+For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
 
 </details>
 

From e255f298188ca731e5ce1be96259a8af28581ebb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Sep 2025 20:59:02 +0000
Subject: [PATCH 138/524] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.2 to 8.19.3.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index b8a39213..ff683d33 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.2
+FROM elasticsearch:8.19.3
 
 USER root
 

From 213388b65d3690e8c435dcd3da6a653d91028764 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 4 Sep 2025 12:16:12 +0000
Subject: [PATCH 139/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/mastercontainer/Dockerfile |  2 +-
 php/composer.lock                     | 74 +++++++++++++--------------
 2 files changed, 38 insertions(+), 38 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 223d2b92..99b199e3 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -49,7 +49,7 @@ RUN set -ex; \
     apk add --no-cache --virtual .build-deps \
         autoconf \
         build-base; \
-    pecl install APCu-5.1.26; \
+    pecl install APCu-5.1.27; \
     docker-php-ext-enable apcu; \
     rm -r /tmp/pear; \
     runDeps="$( \
diff --git a/php/composer.lock b/php/composer.lock
index 578378e4..34e3534b 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -502,16 +502,16 @@
         },
         {
             "name": "php-di/invoker",
-            "version": "2.3.6",
+            "version": "2.3.7",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/Invoker.git",
-                "reference": "59f15608528d8a8838d69b422a919fd6b16aa576"
+                "reference": "3c1ddfdef181431fbc4be83378f6d036d59e81e1"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/Invoker/zipball/59f15608528d8a8838d69b422a919fd6b16aa576",
-                "reference": "59f15608528d8a8838d69b422a919fd6b16aa576",
+                "url": "https://api.github.com/repos/PHP-DI/Invoker/zipball/3c1ddfdef181431fbc4be83378f6d036d59e81e1",
+                "reference": "3c1ddfdef181431fbc4be83378f6d036d59e81e1",
                 "shasum": ""
             },
             "require": {
@@ -521,7 +521,7 @@
             "require-dev": {
                 "athletic/athletic": "~0.1.8",
                 "mnapoli/hard-mode": "~0.3.0",
-                "phpunit/phpunit": "^9.0"
+                "phpunit/phpunit": "^9.0 || ^10 || ^11 || ^12"
             },
             "type": "library",
             "autoload": {
@@ -545,7 +545,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/Invoker/issues",
-                "source": "https://github.com/PHP-DI/Invoker/tree/2.3.6"
+                "source": "https://github.com/PHP-DI/Invoker/tree/2.3.7"
             },
             "funding": [
                 {
@@ -553,7 +553,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-01-17T12:49:27+00:00"
+            "time": "2025-08-30T10:22:22+00:00"
         },
         {
             "name": "php-di/php-di",
@@ -1727,16 +1727,16 @@
     "packages-dev": [
         {
             "name": "amphp/amp",
-            "version": "v3.1.0",
+            "version": "v3.1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/amphp/amp.git",
-                "reference": "7cf7fef3d667bfe4b2560bc87e67d5387a7bcde9"
+                "reference": "fa0ab33a6f47a82929c38d03ca47ebb71086a93f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/amphp/amp/zipball/7cf7fef3d667bfe4b2560bc87e67d5387a7bcde9",
-                "reference": "7cf7fef3d667bfe4b2560bc87e67d5387a7bcde9",
+                "url": "https://api.github.com/repos/amphp/amp/zipball/fa0ab33a6f47a82929c38d03ca47ebb71086a93f",
+                "reference": "fa0ab33a6f47a82929c38d03ca47ebb71086a93f",
                 "shasum": ""
             },
             "require": {
@@ -1796,7 +1796,7 @@
             ],
             "support": {
                 "issues": "https://github.com/amphp/amp/issues",
-                "source": "https://github.com/amphp/amp/tree/v3.1.0"
+                "source": "https://github.com/amphp/amp/tree/v3.1.1"
             },
             "funding": [
                 {
@@ -1804,7 +1804,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-01-26T16:07:39+00:00"
+            "time": "2025-08-27T21:42:00+00:00"
         },
         {
             "name": "amphp/byte-stream",
@@ -2037,16 +2037,16 @@
         },
         {
             "name": "amphp/parallel",
-            "version": "v2.3.1",
+            "version": "v2.3.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/amphp/parallel.git",
-                "reference": "5113111de02796a782f5d90767455e7391cca190"
+                "reference": "321b45ae771d9c33a068186b24117e3cd1c48dce"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/amphp/parallel/zipball/5113111de02796a782f5d90767455e7391cca190",
-                "reference": "5113111de02796a782f5d90767455e7391cca190",
+                "url": "https://api.github.com/repos/amphp/parallel/zipball/321b45ae771d9c33a068186b24117e3cd1c48dce",
+                "reference": "321b45ae771d9c33a068186b24117e3cd1c48dce",
                 "shasum": ""
             },
             "require": {
@@ -2109,7 +2109,7 @@
             ],
             "support": {
                 "issues": "https://github.com/amphp/parallel/issues",
-                "source": "https://github.com/amphp/parallel/tree/v2.3.1"
+                "source": "https://github.com/amphp/parallel/tree/v2.3.2"
             },
             "funding": [
                 {
@@ -2117,7 +2117,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-12-21T01:56:09+00:00"
+            "time": "2025-08-27T21:55:40+00:00"
         },
         {
             "name": "amphp/parser",
@@ -3571,16 +3571,16 @@
         },
         {
             "name": "phpstan/phpdoc-parser",
-            "version": "2.2.0",
+            "version": "2.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpdoc-parser.git",
-                "reference": "b9e61a61e39e02dd90944e9115241c7f7e76bfd8"
+                "reference": "1e0cd5370df5dd2e556a36b9c62f62e555870495"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/b9e61a61e39e02dd90944e9115241c7f7e76bfd8",
-                "reference": "b9e61a61e39e02dd90944e9115241c7f7e76bfd8",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/1e0cd5370df5dd2e556a36b9c62f62e555870495",
+                "reference": "1e0cd5370df5dd2e556a36b9c62f62e555870495",
                 "shasum": ""
             },
             "require": {
@@ -3612,9 +3612,9 @@
             "description": "PHPDoc parser with support for nullable, intersection and generic types",
             "support": {
                 "issues": "https://github.com/phpstan/phpdoc-parser/issues",
-                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.2.0"
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.3.0"
             },
-            "time": "2025-07-13T07:04:09+00:00"
+            "time": "2025-08-30T15:50:23+00:00"
         },
         {
             "name": "revolt/event-loop",
@@ -3883,16 +3883,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.24",
+            "version": "v6.4.25",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350"
+                "reference": "273fd29ff30ba0a88ca5fb83f7cf1ab69306adae"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350",
-                "reference": "59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350",
+                "url": "https://api.github.com/repos/symfony/console/zipball/273fd29ff30ba0a88ca5fb83f7cf1ab69306adae",
+                "reference": "273fd29ff30ba0a88ca5fb83f7cf1ab69306adae",
                 "shasum": ""
             },
             "require": {
@@ -3957,7 +3957,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.24"
+                "source": "https://github.com/symfony/console/tree/v6.4.25"
             },
             "funding": [
                 {
@@ -3977,7 +3977,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-07-30T10:38:54+00:00"
+            "time": "2025-08-22T10:21:53+00:00"
         },
         {
             "name": "symfony/filesystem",
@@ -4449,16 +4449,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.3.2",
+            "version": "v7.3.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "42f505aff654e62ac7ac2ce21033818297ca89ca"
+                "reference": "17a426cce5fd1f0901fefa9b2a490d0038fd3c9c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/42f505aff654e62ac7ac2ce21033818297ca89ca",
-                "reference": "42f505aff654e62ac7ac2ce21033818297ca89ca",
+                "url": "https://api.github.com/repos/symfony/string/zipball/17a426cce5fd1f0901fefa9b2a490d0038fd3c9c",
+                "reference": "17a426cce5fd1f0901fefa9b2a490d0038fd3c9c",
                 "shasum": ""
             },
             "require": {
@@ -4516,7 +4516,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.3.2"
+                "source": "https://github.com/symfony/string/tree/v7.3.3"
             },
             "funding": [
                 {
@@ -4536,7 +4536,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-07-10T08:47:49+00:00"
+            "time": "2025-08-25T06:35:40+00:00"
         },
         {
             "name": "vimeo/psalm",

From b65ee977027c25f6fae875e5cd44a27bd9945c5b Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 4 Sep 2025 12:18:45 +0000
Subject: [PATCH 140/524] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 68902f33..554a101b 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -83,7 +83,7 @@ RUN set -ex; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install -o igbinary-3.2.16; \
-    pecl install APCu-5.1.26; \
+    pecl install APCu-5.1.27; \
     pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \
     pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \
    pecl install -o imagick-3.8.0; \

From 8d5726af7c7d8428b3e6217f7b0f057f250349ac Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Sep 2025 14:18:48 +0000
Subject: [PATCH 141/524] build(deps): bump actions/setup-node from 4 to 5 in
 /.github/workflows

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 5.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/playwright.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 8ddc2712..2f2a4363 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -15,7 +15,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version: lts/*
 

From 5f4fae140acedf2099b076b3c659abfe8cc3ae70 Mon Sep 17 00:00:00 2001
From: Alan Savage <asavageiv@users.noreply.github.com>
Date: Thu, 4 Sep 2025 08:57:40 -0700
Subject: [PATCH 142/524] Make APACHE_HOST an optional param in
 apache/Caddyfile

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Alan Savage <asavageiv@users.noreply.github.com>
---
 Containers/apache/Caddyfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index bda4c44c..9b5362b1 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -15,7 +15,7 @@
 }
 
 https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
-http://${APACHE_HOST}:{$APACHE_PORT}, # For Collabora callback
+http://{$APACHE_HOST}:{$APACHE_PORT}, # For Collabora callback
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
     header -Server
     header -X-Powered-By

From bccdb62e80b970da327d043cd7335e8e11751c3c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 5 Sep 2025 04:21:14 +0000
Subject: [PATCH 143/524] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.3.3-cli to 28.4.0-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.4.0-cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 223d2b92..a4b93ad8 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.3.3-cli AS docker
+FROM docker:28.4.0-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From f5dfa3193c6168214c9e0ce4b9046cbfce1993de Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 5 Sep 2025 04:21:52 +0000
Subject: [PATCH 144/524] build(deps): bump nicholas-fedor/watchtower in
 /Containers/watchtower

Bumps [nicholas-fedor/watchtower](https://github.com/nicholas-fedor/watchtower) from v1.11.7 to 1.11.8.
- [Release notes](https://github.com/nicholas-fedor/watchtower/releases)
- [Commits](https://github.com/nicholas-fedor/watchtower/compare/v1.11.7...v1.11.8)

---
updated-dependencies:
- dependency-name: nicholas-fedor/watchtower
  dependency-version: 1.11.8
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index aabb1978..82472ec7 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM ghcr.io/nicholas-fedor/watchtower:v1.11.7 AS watchtower
+FROM ghcr.io/nicholas-fedor/watchtower:1.11.8 AS watchtower
 
 FROM alpine:3.22.1
 

From 1e9afb833ce344fdf79b9abe9b5ebed04f5379b8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 5 Sep 2025 12:12:33 +0200
Subject: [PATCH 145/524] fix update-helm script detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index d3a84a9c..80882854 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -27,7 +27,7 @@ cp latest.yml latest.yml.backup
 
 # Additional config
 # shellcheck disable=SC1083
-sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN|CHOWN)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
+sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN|CHOWN|SYS_CHROOT|FOWNER)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
 cp sample.conf /tmp/
 sed -i 's|^|export |' /tmp/sample.conf
 # shellcheck disable=SC1091

From d50e1d2dfcc1f22685371997c06e7c65427b5431 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 5 Sep 2025 10:14:26 +0000
Subject: [PATCH 146/524] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 4 +++-
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index ac1e2abb..e406a494 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.6.0
+version: 11.7.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 0ad86edc..7a103567 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-apache:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index e34de43f..c3e022fa 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 830a9a9f..f49da097 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250905_100617
           readinessProbe:
             exec:
               command:
@@ -61,5 +61,7 @@ spec:
               add:
                 - MKNOD
                 - CAP_SYS_ADMIN
+                - SYS_CHROOT
+                - FOWNER
                 - CHOWN
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index c550779f..5edd6701 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 79c5b8f0..663e3438 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 206ac177..61ad3e5c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 84e79629..6d93dd7d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
           command:
             - chmod
             - "777"
@@ -188,7 +188,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250905_100617
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index fda97c0e..eabd0372 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 0ceebe1f..e94a1a93 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index f12da040..8cb961ed 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-redis:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 2432c09f..d3b8ee2a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-talk:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 49401e8a..d54a6376 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 14c42eb8..9729c473 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250905_100617
           readinessProbe:
             exec:
               command:

From ca0e7980b3b5732d82320d05debc956c1025e92c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 5 Sep 2025 12:57:57 +0200
Subject: [PATCH 147/524] increase to 11.8.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 50c1de88..e686e3a8 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.7.0</h1>
+            <h1>Nextcloud AIO v11.8.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From d2e944f7dc0ae461497bd385ec233e1012dddabd Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Fri, 5 Sep 2025 06:18:18 -0700
Subject: [PATCH 148/524] Use a fixed port for internal WOPI requests and
 callbacks

This fixes the issue where Caddy fails to start when APACHE_PORT
was 443.

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 Containers/apache/Caddyfile | 2 +-
 php/containers.json         | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index 9b5362b1..4b92d807 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -15,7 +15,7 @@
 }
 
 https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
-http://{$APACHE_HOST}:{$APACHE_PORT}, # For Collabora callback
+http://{$APACHE_HOST}:23973, # For Collabora callback and WOPI requests, see containers.json
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
     header -Server
     header -X-Powered-By
diff --git a/php/containers.json b/php/containers.json
index 998adc5e..4506c09e 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -379,7 +379,7 @@
       ],
       "internal_port": "9980",
       "environment": [
-        "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:%APACHE_PORT%",
+        "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
         "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
@@ -389,7 +389,7 @@
       "restart": "unless-stopped",
       "nextcloud_exec_commands": [
         "echo 'Activating Collabora config...'",
-        "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache:%APACHE_PORT%' --callback-url='http://nextcloud-aio-apache:%APACHE_PORT%'"
+        "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache:23973' --callback-url='http://nextcloud-aio-apache:23973'"
       ],
       "profiles": [
         "collabora"

From f37d857b7b29c785edc2063117f7d64dd2996bb6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 04:30:50 +0000
Subject: [PATCH 149/524] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.25.0-alpine3.22 to 1.25.1-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.1-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 3b70e229..afeb69a4 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.0-alpine3.22 AS go
+FROM golang:1.25.1-alpine3.22 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From bb342bc64ac6d7ff0dddd8594ba253d3268c25a4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 8 Sep 2025 11:10:02 +0200
Subject: [PATCH 150/524] facerecognition-cc: update json to use actual secret
 for api key

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/facerecognition/facerecognition.json | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/community-containers/facerecognition/facerecognition.json b/community-containers/facerecognition/facerecognition.json
index 4078bada..d97d5c08 100644
--- a/community-containers/facerecognition/facerecognition.json
+++ b/community-containers/facerecognition/facerecognition.json
@@ -10,18 +10,21 @@
             "restart": "unless-stopped",
             "environment": [
                 "TZ=%TIMEZONE%",
-                "API_KEY=some-super-secret-api-key",
+                "API_KEY=%FACERECOGNITION_API_KEY%",
                 "FACE_MODEL=3"
             ],
             "aio_variables": [
                 "nextcloud_memory_limit=2048M"
             ],
+            "secrets": [
+                "FACERECOGNITION_API_KEY"
+            ],
             "enable_nvidia_gpu": false,
             "nextcloud_exec_commands": [
                 "php /var/www/html/occ app:install facerecognition",
                 "php /var/www/html/occ app:enable facerecognition", 
                 "php /var/www/html/occ config:system:set facerecognition.external_model_url --value nextcloud-aio-facerecognition:5000",
-                "php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value some-super-secret-api-key",
+                "php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value %FACERECOGNITION_API_KEY%",
                 "php /var/www/html/occ face:setup -m 5",
                 "php /var/www/html/occ face:setup -M 1G",
                 "php /var/www/html/occ config:app:set facerecognition analysis_image_area --value 4320000",

From 6648cfbd65a98225aa1171c90c2a14bdfd45ab56 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 12:35:20 +0000
Subject: [PATCH 151/524] build(deps): bump softprops/turnstyle in
 /.github/workflows

Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 2.4.0 to 3.0.0.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/807f6009e7cee5c2c9faa41ccef03a8bb24b06ab...bff843227669a0c34c7f791ebd53a4b7c2a3febd)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 15248c33..ce40e195 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Turnstyle
-        uses: softprops/turnstyle@807f6009e7cee5c2c9faa41ccef03a8bb24b06ab # v2
+        uses: softprops/turnstyle@bff843227669a0c34c7f791ebd53a4b7c2a3febd # v2
         with:
           continue-after-seconds: 180
         env:

From ee2f1fa262ca9014da31c88ca1dfa313c8789259 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 9 Sep 2025 20:46:40 +0200
Subject: [PATCH 152/524] aio-interface setup page: fall back to system fonts
 if monospace does not exist

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/style.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/public/style.css b/php/public/style.css
index 107463b5..e3b24700 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -220,7 +220,7 @@ svg:not(:has(use)) .fallback-text {
 }
 
 .login > .monospace {
-    font-family: monospace;
+    font-family: monospace, monospace, system-ui, -apple-system, 'Segoe UI', Roboto, Oxygen-Sans, Cantarell, Ubuntu, 'Helvetica Neue', 'Noto Sans', 'Liberation Sans', Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol', 'Noto Color Emoji';
     font-size: 17px;
 }
 

From 29c093afaec391e8eee896222aa733b9a7a9c9ae Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Tue, 9 Sep 2025 14:44:23 -0700
Subject: [PATCH 153/524] Make secrets global and init on first use.

This allows all containers to use any secret declared anywhere
in their placeholders but they will not be generated and
written to the configuration until they are used.

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/src/Container/Container.php        |  6 ------
 php/src/ContainerDefinitionFetcher.php |  8 +++++---
 php/src/Data/ConfigurationManager.php  | 14 +++++++++-----
 php/src/Docker/DockerActionManager.php | 14 +-------------
 4 files changed, 15 insertions(+), 27 deletions(-)

diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index 77858283..baee1c00 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -19,8 +19,6 @@ readonly class Container {
         private ContainerEnvironmentVariables $containerEnvironmentVariables,
         /** @var string[] */
         private array                         $dependsOn,
-        /** @var string[] */
-        private array                         $secrets,
         private string                        $uiSecret,
         /** @var string[] */
         private array                         $devices,
@@ -82,10 +80,6 @@ readonly class Container {
         return $this->maxShutdownTime;
     }
 
-    public function GetSecrets() : array {
-        return $this->secrets;
-    }
-
     public function GetUiSecret() : string {
         return $this->dockerActionManager->GetAndGenerateSecretWrapper($this->uiSecret);
     }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 6809650c..a404e3a3 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -239,9 +239,12 @@ readonly class ContainerDefinitionFetcher {
                 $internalPort = $entry['internal_port'];
             }
 
-            $secrets = [];
             if (isset($entry['secrets'])) {
-                $secrets = $entry['secrets'];
+                // All secrets are registered with the configuration when they 
+                // are discovered so they can be later generated at time-of-use.
+                foreach ($entry['secrets'] as $secret) {
+                    $this->configurationManager->RegisterSecret($secret);
+                }
             }
 
             $uiSecret = '';
@@ -320,7 +323,6 @@ readonly class ContainerDefinitionFetcher {
                 $volumes,
                 $variables,
                 $dependsOn,
-                $secrets,
                 $uiSecret,
                 $devices,
                 $enableNvidiaGpu,
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 257e69d0..ceae13d0 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -7,6 +7,8 @@ use AIO\Controller\DockerController;
 
 class ConfigurationManager
 {
+    private array $secrets = [];
+
     public function GetConfig() : array
     {
         if(file_exists(DataConst::GetConfigFile()))
@@ -50,13 +52,15 @@ class ConfigurationManager
         return $config['secrets'][$secretId];
     }
 
-    public function GetSecret(string $secretId) : string {
-        $config = $this->GetConfig();
-        if(!isset($config['secrets'][$secretId])) {
-            $config['secrets'][$secretId] = "";
+    public function GetRegisteredSecret(string $secretId) : string {
+        if ($this->secrets[$secretId]) {
+            return $this->GetAndGenerateSecret($secretId);
         }
+        throw new \Exception("The secret " . $secretId . " was not registered. Please check if it is defined in secrets of containers.json.");
+    }
 
-        return $config['secrets'][$secretId];
+    public function RegisterSecret(string $secretId) : void {
+        $this->secrets[$secretId] = true;
     }
 
     private function DoubleSafeBackupSecret(string $borgBackupPassword) : void {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index f6ffbdc3..d46bc5c9 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -221,10 +221,6 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['Binds'] = $volumes;
         }
 
-        foreach ($container->GetSecrets() as $secret) {
-            $this->configurationManager->GetAndGenerateSecret($secret);
-        }
-
         $aioVariables = $container->GetAioVariables()->GetVariables();
         foreach ($aioVariables as $variable) {
             $config = $this->configurationManager->GetConfig();
@@ -566,18 +562,10 @@ readonly class DockerActionManager {
             // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
             'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->GetEnabledCommunityContainers(), true) ? gethostbyname('nextcloud-aio-caddy') : '',
             'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled() ? 'yes' : '',
-            default => $this->getSecretOrThrow($placeholder),
+            default => $this->configurationManager->GetRegisteredSecret($placeholder),
         };
     }
 
-    private function getSecretOrThrow(string $secretName): string {
-        $secret = $this->configurationManager->GetSecret($secretName);
-        if ($secret === "") {
-            throw new \Exception("The secret " . $secretName . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json.");
-        }
-        return $secret;
-    }
-
     private function isContainerUpdateAvailable(string $id): string {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 

From f87bd7ae450785e909ccbe65f2b2b55d24a4d600 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Sep 2025 04:21:22 +0000
Subject: [PATCH 154/524] build(deps): bump nats in /Containers/talk

Bumps nats from 2.11.8-scratch to 2.11.9-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.11.9-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index abe8dd7a..88a9cd1e 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.8-scratch AS nats
+FROM nats:2.11.9-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.1 AS janus

From 0b30904c91f4ed06acd1bb8573465e30957e236f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 11 Sep 2025 04:22:25 +0000
Subject: [PATCH 155/524] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.5.1.1 to 25.04.5.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.5.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index f86d2f61..6438a186 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.5.1.1
+FROM collabora/code:25.04.5.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 3c8b6a0f3f7e670ab2ab0221925ffdb1b6e1d143 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 11 Sep 2025 12:03:40 +0000
Subject: [PATCH 156/524] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 236ab444..83bc1ef1 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -255,7 +255,7 @@ services:
     expose:
       - "9980"
     environment:
-      - aliasgroup1=https://${NC_DOMAIN}:443
+      - aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache:23973
       - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}

From b95ff056e0cfd6448f0f2151640beb6c7b3a043f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Sep 2025 16:18:32 +0200
Subject: [PATCH 157/524] nextcloud-entrypoint: adjust some details

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index ca28f684..fc047105 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -198,7 +198,19 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
         echo "Initializing nextcloud $image_version ..."
         rsync -rlD --delete --exclude-from=/upgrade.exclude "$SOURCE_LOCATION/" /var/www/html/
 
-        for dir in config data custom_apps themes; do
+        # Copy custom_apps from Nextcloud archive
+        if ! directory_empty "$SOURCE_LOCATION/custom_apps"; then
+            set -x
+            for app in "$SOURCE_LOCATION/custom_apps"/*; do
+                app_id="$(basename "$app")"
+                mkdir -p "/var/www/html/custom_apps/$app_id"
+                rsync -rlD --delete --include "/$app_id/" --exclude '/*' "$SOURCE_LOCATION/custom_apps/" /var/www/html/custom_apps/
+            done
+            set +x
+        fi
+
+        # Copy over initial data from Nextcloud archive
+        for dir in config data themes; do
             if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
                 rsync -rlD --include "/$dir/" --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/
             fi
@@ -356,7 +368,7 @@ DATADIR_PERMISSION_CONF
                 read -ra STARTUP_APPS_ARRAY <<< "$STARTUP_APPS"
                 for app in "${STARTUP_APPS_ARRAY[@]}"; do
                     if ! echo "$app" | grep -q '^-'; then 
-                        if [ -z "$(find /var/www/html/apps -type d -maxdepth 1 -mindepth 1 -name "$app" )" ]; then
+                        if [ -z "$(find /var/www/html/apps /var/www/html/custom_apps -type d -maxdepth 1 -mindepth 1 -name "$app" )" ]; then
                             # If not shipped, install and enable the app
                             php /var/www/html/occ app:install "$app"
                         else

From 1e77ea27f0aea39f4795459b4ab55e8bd1768641 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 Sep 2025 04:19:40 +0000
Subject: [PATCH 158/524] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.1.3 to v1.2.0.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.2.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 02e9344f..43f1ad90 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.1.3
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.2.0
 
 USER root
 RUN set -ex; \

From 29ff04f5e6c21ba85b36e83f7c196fe09cfe2cd3 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 12 Sep 2025 08:36:44 +0000
Subject: [PATCH 159/524] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 554a101b..1955ab2f 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=31.0.8
+ENV NEXTCLOUD_VERSION=31.0.9
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 7b23b48cf866294fac3db8a06f863c2af0dceba3 Mon Sep 17 00:00:00 2001
From: Benjamin Brahmer <info@b-brahmer.de>
Date: Fri, 5 Sep 2025 12:11:54 +0200
Subject: [PATCH 160/524] feat: add community container nextcloud-exporter

- allows monitoring your nextcloud with prometheus
- listens on localhost only, but caddy integration is available
- You can create a Dashboard in Grafana to visualize the collected data

Signed-off-by: Benjamin Brahmer <info@b-brahmer.de>
Co-Authored-By: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/caddy.json         |  6 +-
 community-containers/caddy/readme.md          |  3 +-
 .../nextcloud-exporter.json                   | 35 +++++++++
 .../nextcloud-exporter/readme.md              | 72 +++++++++++++++++++
 php/containers-schema.json                    |  2 +-
 5 files changed, 115 insertions(+), 3 deletions(-)
 create mode 100644 community-containers/nextcloud-exporter/nextcloud-exporter.json
 create mode 100644 community-containers/nextcloud-exporter/readme.md

diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index d5f72cb8..0e78175d 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -23,7 +23,8 @@
             "environment": [
                 "TZ=%TIMEZONE%",
                 "NC_DOMAIN=%NC_DOMAIN%",
-                "APACHE_PORT=%APACHE_PORT%"
+                "APACHE_PORT=%APACHE_PORT%",
+                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%"
             ],
             "volumes": [
                 {
@@ -37,6 +38,9 @@
                     "writeable": false
                 }
             ],
+            "secrets": [
+                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD"
+            ],
             "aio_variables": [
                 "apache_ip_binding=@INTERNAL",
                 "apache_port=11000"
diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index f9b5a020..56984d59 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -1,5 +1,5 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
@@ -10,6 +10,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 - If you want to use this with [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap), make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for lldap.
 - If you want to use this with [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb), make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb.
 - If you want to use this with [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyseerr.
+- If you want to use this with [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter), make sure that you point `metrics.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nextcloud-exporter.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
diff --git a/community-containers/nextcloud-exporter/nextcloud-exporter.json b/community-containers/nextcloud-exporter/nextcloud-exporter.json
new file mode 100644
index 00000000..f9159a36
--- /dev/null
+++ b/community-containers/nextcloud-exporter/nextcloud-exporter.json
@@ -0,0 +1,35 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-nextcloud-exporter",
+            "display_name": "Prometheus Nextcloud Exporter",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter",
+            "image": "ghcr.io/xperimental/nextcloud-exporter",
+            "image_tag": "0.8.0",
+            "internal_port": "9205",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                  "ip_binding": "127.0.0.1",
+                  "port_number": "9205",
+                  "protocol": "tcp"
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "NEXTCLOUD_SERVER=https://%NC_DOMAIN%",
+                "NEXTCLOUD_AUTH_TOKEN=%NEXTCLOUD_EXPORTER_TOKEN%",
+                "NEXTCLOUD_LISTEN_ADDRESS=0.0.0.0:9205",
+                "NEXTCLOUD_TIMEOUT=5s"
+            ],
+            "ui_secret": "NEXTCLOUD_EXPORTER_CADDY_PASSWORD",
+            "secrets": [
+                "NEXTCLOUD_EXPORTER_TOKEN",
+                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD"
+            ],
+            "nextcloud_exec_commands": [
+                "php /var/www/html/occ config:app:set serverinfo token --value %NEXTCLOUD_EXPORTER_TOKEN%"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/nextcloud-exporter/readme.md b/community-containers/nextcloud-exporter/readme.md
new file mode 100644
index 00000000..3efa6257
--- /dev/null
+++ b/community-containers/nextcloud-exporter/readme.md
@@ -0,0 +1,72 @@
+## Prometheus Nextcloud Exporter
+
+A Prometheus exporter that collects metrics from your Nextcloud instance for monitoring and alerting.
+
+### How to install
+
+See the [Community Containers documentation](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) for instructions on how to install this in your Nextcloud All-in-One setup.
+
+### Security & Access
+
+**Important:** This container is configured to bind only to `127.0.0.1` (localhost) for security reasons. Prometheus exporters typically don't include authentication, so direct network exposure is not recommended.
+
+#### Access Options
+
+1. **With Caddy Container (Recommended)**: If you also install the [Caddy community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy), it will automatically configure secure HTTPS access to your metrics with authentication at `metrics.your-domain.com`
+
+   **Getting Authentication Credentials**: 
+   - **Username**: Always `metrics`
+   - **Password**: After deploying the nextcloud-exporter container, the automatically generated password will be displayed in the AIO interface. Look for it in the container section below the container name "Prometheus Nextcloud Exporter". 
+
+2. **Custom Reverse Proxy**: Set up your own reverse proxy (nginx, Apache, etc.) to provide HTTPS and authentication. See configuration guides:
+   - [NGINX Authentication](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html) + [Reverse Proxy](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/)
+   - [Apache Authentication](https://httpd.apache.org/docs/2.4/howto/auth.html) + [Reverse Proxy](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html)
+   - [Traefik BasicAuth](https://doc.traefik.io/traefik/middlewares/http/basicauth/)
+   - [Prometheus Security Best Practices](https://prometheus.io/docs/operating/security/)
+
+3. **Direct Local Access**: Access metrics directly from the server at `http://127.0.0.1:9205/metrics` (no authentication)
+
+### What it monitors
+- User activity (active users hourly, daily)
+- File counts and storage usage
+- System health and database size
+- App statistics and update availability
+- Nextcloud performance metrics
+
+### Prometheus Configuration
+
+For **local server access** (if Prometheus runs on the same server):
+```yaml
+scrape_configs:
+  - job_name: 'nextcloud'
+    scrape_interval: 90s
+    static_configs:
+      - targets: ['127.0.0.1:9205']
+    metrics_path: /metrics
+    scheme: http
+```
+
+For **Caddy integration** (secure external access):
+```yaml
+scrape_configs:
+  - job_name: 'nextcloud'
+    scrape_interval: 90s
+    static_configs:
+      - targets: ['metrics.your-domain.com']
+    metrics_path: /
+    scheme: https
+    basic_auth:
+      username: 'metrics'
+      password: 'your-generated-password'
+```
+
+### Visualization
+
+Compatible with Grafana for creating monitoring dashboards:
+- Pre-built dashboard available: [Grafana Dashboard #20716](https://grafana.com/grafana/dashboards/20716-nextcloud/)
+
+### Repository
+https://github.com/xperimental/nextcloud-exporter
+
+### Maintainer
+https://github.com/grotax
diff --git a/php/containers-schema.json b/php/containers-schema.json
index cd746ebf..5ed57e34 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -81,7 +81,7 @@
 							"properties": {
 								"ip_binding": {
 									"type": "string",
-									"pattern": "^(%[A-Z_]+%)?$"
+									"pattern": "^((%[A-Z_]+%)|127\\.0\\.0\\.1)?$"
 								},
 								"port_number": {
 									"type": "string",

From 2ec1a7173b379706fafaaa119e91eae31d68a976 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 12 Sep 2025 12:48:45 +0200
Subject: [PATCH 161/524] fix detail with initializing Nextcloud

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index fc047105..25d549e0 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -210,7 +210,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
         fi
 
         # Copy over initial data from Nextcloud archive
-        for dir in config data themes; do
+        for dir in config data custom_apps themes; do
             if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
                 rsync -rlD --include "/$dir/" --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/
             fi

From 150ed0840a288fdb8d03b57678cd9a46a6b9c93e Mon Sep 17 00:00:00 2001
From: Verhoeckx <64807887+Verhoeckx@users.noreply.github.com>
Date: Fri, 12 Sep 2025 14:48:56 +0200
Subject: [PATCH 162/524] Added the section Removing the reverse proxy. (#6854)

* Added the section Removing the reverse proxy.
Signed-off-by: Verhoeckx <j.verhoeckx@protonmail.com>
Co-authored-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index e07a54c8..68d56e6c 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1048,3 +1048,22 @@ If something does not work, follow the steps below:
 1. [Enable Hairpin NAT in your router](https://github.com/nextcloud/all-in-one/discussions/5849) or [set up a local DNS server and add a custom dns-record](https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally) that allows the server to reach itself locally
 1. Try to configure everything from scratch - if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance.
 1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!
+
+## 8. Removing the reverse proxy
+If you, at some point, want to remove the reverse proxy, here are some general steps:
+1. Stop all running containers in the AIO Interface.
+2. Stop and remove the mastercontainer.
+    ```
+    sudo docker stop nextcloud-aio-mastercontainer
+    sudo docker rm nextcloud-aio-mastercontainer  
+    ```
+3. Remove the software and configuration file that you used for the reverse proxy (see section 1).
+4. Restart the mastercontainer with the [docker run command from the main readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) but add the two options:
+   ```
+   --env APACHE_IP_BINDING=0.0.0.0 \
+   --env APACHE_PORT=443 \   
+    ```
+    Do this *before* the last line of the run command!  
+
+    *The first command ensures that the Apache container is listening on all available network interfaces and the second command configures it to listen to port 443.*
+5. Restart all other containers in the AIO interface. 

From c241ff57fb1e7e00ddea44ae76fff63dc5207388 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 16 Sep 2025 10:49:57 +0200
Subject: [PATCH 163/524] adjust traefik docs

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 785e9ace..fa4ea563 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -678,6 +678,9 @@ The examples below define the dynamic configuration in YAML files. If you rather
     entryPoints:
       https:
         address: ":443" # Create an entrypoint called "https" that uses port 443
+        transport:
+          respondingTimeouts:
+            readTimeout: 24h # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links)
         # If you want to enable HTTP/3 support, uncomment the line below
         # http3: {}
     
@@ -765,9 +768,9 @@ The examples below define the dynamic configuration in YAML files. If you rather
     entryPoints:
       https:
         address: ":443" # Create an entrypoint called "https" that uses port 443
-          transport:
-            respondingTimeouts:
-              readTimeout: 30m # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links)
+        transport:
+          respondingTimeouts:
+            readTimeout: 24h # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links)
         # If you want to enable HTTP/3 support, uncomment the line below
         # http3: {}
     

From c6911a228d294522cff0da4cc70d4ec65a164076 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 16 Sep 2025 11:27:32 +0200
Subject: [PATCH 164/524] add LanguageTool for Collabora community container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../languagetool/languagetool.json               | 16 ++++++++++++++++
 community-containers/languagetool/readme.md      | 13 +++++++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 community-containers/languagetool/languagetool.json
 create mode 100644 community-containers/languagetool/readme.md

diff --git a/community-containers/languagetool/languagetool.json b/community-containers/languagetool/languagetool.json
new file mode 100644
index 00000000..03eb6b39
--- /dev/null
+++ b/community-containers/languagetool/languagetool.json
@@ -0,0 +1,16 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-languagetool",
+            "display_name": "LanguageTool for Collabora",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/languagetool",
+            "image": "erikvl87/languagetool",
+            "image_tag": "latest",
+            "internal_port": "8010",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/languagetool/readme.md b/community-containers/languagetool/readme.md
new file mode 100644
index 00000000..4c2ca98c
--- /dev/null
+++ b/community-containers/languagetool/readme.md
@@ -0,0 +1,13 @@
+## LanguageTool for Collabora
+This container bundles a LanguageTool for Collabora which adds spell checking functionality to Collabora.
+
+### Notes
+- Make sure to have collabora enabled via the AIO interface
+- After adding this container via the AIO Interface, while all containers are still stopped, you need to scroll down to the `Additional Collabora options` section and enter `--o:languagetool.enabled=true --o:languagetool.base_url=http://nextcloud-aio-languagetool:8010/v2`.
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/Erikvl87/docker-languagetool
+
+### Maintainer
+https://github.com/szaimen

From fae93b685b6fda4ec3b8a7c3d0d82ad6fa838ce0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 16 Sep 2025 12:10:15 +0200
Subject: [PATCH 165/524] update AIO interface to allow to install the latest
 hub version

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php |  2 +-
 php/templates/containers.twig           | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 8c45e5a6..678bbdc9 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -177,7 +177,7 @@ readonly class DockerController {
         }
 
         if (isset($request->getParsedBody()['install_latest_major'])) {
-            $installLatestMajor = 31;
+            $installLatestMajor = 32;
         } else {
             $installLatestMajor = "";
         }
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e686e3a8..f0a72883 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -36,7 +36,7 @@
             {% set isBackupOrRestoreRunning = false %}
             {% set isApacheStarting = false %}
             {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-            {% set newMajorVersion = '' %}
+            {% set newMajorVersionString = '25 Autumn' %}
 
             {% if is_backup_container_running == true %}
                 {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
@@ -290,10 +290,10 @@
                         {% else %}
                             {% if is_mastercontainer_update_available == false %}
                                 <p>Your containers are up-to-date.</p>
-                                {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
+                                {% if newMajorVersionString != '' and isAnyRunning == true and isApacheStarting != true %}
                                     <details>
-                                    <summary>Note about <strong>Nextcloud Hub {{ newMajorVersion - 21 }}</strong></summary>
-                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/6053">this documentation</a></strong></p>
+                                    <summary>Note about <strong>Nextcloud Hub {{ newMajorVersionString }}</strong></summary>
+                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersionString }} yet and want to do that now, feel free to follow <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/6865">this documentation</a></strong></p>
                                     </details>
                                 {% endif %}
                             {% endif %}
@@ -337,8 +337,8 @@
                                     <form method="POST" action="/api/docker/start" class="xhr">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                        {% if newMajorVersion != '' %}
-                                            <input type="checkbox" id="install_latest_major" name="install_latest_major"><label for="install_latest_major">Install Nextcloud Hub {{ newMajorVersion - 21 }} (if unchecked, Nextcloud Hub {{ newMajorVersion - 22 }} will get installed)</label><br>
+                                        {% if newMajorVersionString != '' %}
+                                            <input type="checkbox" id="install_latest_major" name="install_latest_major"><label for="install_latest_major">Install Nextcloud Hub {{ newMajorVersionString }} (if unchecked, Nextcloud Hub 10 will get installed)</label><br>
                                         {% endif %}
                                         <input type="submit" value="Download and start containers" />
                                     </form>

From c694177e277ea4ec1379c0cf779f4b3254fabb95 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 16 Sep 2025 13:32:20 +0200
Subject: [PATCH 166/524] aio-interface: add new background for hub 25 Autumn

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/img/jenna-kim-the-globe-dark.webp | Bin 180762 -> 0 bytes
 php/public/img/jenna-kim-the-globe.webp      | Bin 98876 -> 0 bytes
 php/public/img/jo-myoung-hee-fluid-dark.webp | Bin 0 -> 97010 bytes
 php/public/img/jo-myoung-hee-fluid.webp      | Bin 0 -> 101012 bytes
 php/public/style.css                         |   4 ++--
 php/templates/layout.twig                    |   2 +-
 6 files changed, 3 insertions(+), 3 deletions(-)
 delete mode 100644 php/public/img/jenna-kim-the-globe-dark.webp
 delete mode 100644 php/public/img/jenna-kim-the-globe.webp
 create mode 100644 php/public/img/jo-myoung-hee-fluid-dark.webp
 create mode 100644 php/public/img/jo-myoung-hee-fluid.webp

diff --git a/php/public/img/jenna-kim-the-globe-dark.webp b/php/public/img/jenna-kim-the-globe-dark.webp
deleted file mode 100644
index bd3b0dafa2cda761110a7f8e1827f57d94b14bf3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 180762
zcmeFYbx<Ykl0JyLyEpFc?#=-k_r@I>x^ZaS-Q5~@hsNC<8h3Yhhdup$GqZam?wyJG
zZN%>UF%fl6RTOn9voiC|=gG`MSw>P4tp^N5Lqhbk`e$xUI1msJ6yWCr3B(QtL<I0z
z+6w^$1k|2<*m-94BkPN=IFz|ZqC*@nDJAik)N@wwx9APBkE>7r1GWvqjqCs4_1LI7
zj{10v{ui4f1m*jV(7$h;CQ}*z;=+G*ga0_s6g%eqI{2@*WU98!{}A*K2Z%cVwUzWs
zUHkv_z5lt`JnMgdu742sZzo4lH!lB6=K#fy{&&Uxxt^zw??03Me_Q;YX}072e(=BB
z|61UGE%3h<_#bP5kJB5%|4$*-Gy3b(e}K*ZgaalQx8DB~Z1~SW@}C3QKS~J>{b#uL
zLc98Z&Uy4{zx_MRr3%yicaW=d^y|Om7XRTSCbhQxe+qPepX?;Knv45y(hfzb<bSYZ
zGK%IuMe}xS?0>j!(EB4`|KH9eL-HT|Cu;q_`BSIMdEfuTYsm;i|0H%VMh&+AQOFA!
z`+rS^{!7yGzZd)~3+VIOsSh3qX7B`|Y+r2=;%+R?IcRN|IDGfSPG6{g3tn9P;W4}~
zxG-sRhcLip;)*p|)ImLBO+RAJ$3Jy#)w|{D$SpYF4h5`Bh`%;~flM8tWP;LyAlt(T
z62b+DqACyRt}^&+yX!OxrTKr{^nEA<2z^j>v>d&BGPJ(k_*l<R*%<eJ`p}PBfqnnj
zd6wAHKWWPBEZMwx`GS(w_yJx3{*DaSG5+Dbggv42LZtrs?8!u9{J~Z9>Dm+UG4k<|
zaJArFwefY02l;X1_2cY?@4R(L$mYZNRsU9K#oPBe`{TghyY=H{?&aiN)Wi1U>9p<{
z`nBq{GyCK5z3U_NgY<pljqGLN<YM+h*L%;Cz?<p)<3;I1e`jz$`Az?`&_h<1VAIF5
zr!fCzC$Av4P>1)@Tj%4acc*v!kA-vOF6fUByQ<AkAJ3hy*dGrs`WE_d9}Dj;rJb?f
zpC+p0ywf*>?>?s8azCniI){Z4ZsA|UpP`@Zc$Z~vwLc5Bx|>YGUl0;JJ8W&bM#Jeh
zK6Ux%Q@~+Rf6fsNgu|e^wF`}JTB@_#@_~a^F@Ct%loey0F<P?1qSvf3v%+paX7sc9
z`%>z6li`*;$2ue6&zPP~3x#~CYD7QoL=Vku6M{^J<0<8Y+%m%c+*s^QW8sa<MUIo{
zL-lVtT!tKFI{A!2@}<}!oPSOQyi&z5ra&#`=$cq6n>C^74$V&;1l~^C2q~ZF1;EH2
zm!l91_j30)SkBa4qfD_U!JvFnK{~~k;;xJ)-EIj)uZu`!1quy95rw#9wm0bZhk}0$
z^ee3v2T3TCa5LU}P3`z7=vpmnEf4tg>EY5hNI@xFK1{ym&qM#E69TlYLO1o#j9y76
z2sjillrS%1w;IdoIYOX*Q8jPK&K25?d1<0pf#F#6h_ik0IgCL#pYuNff6K)zYy$e{
z9${-}n3}}GYS9gb2#d4FHMAINc0^LIE04myU=SP!XITdsySG4{3_*Cf?`<xLhf?Dy
z<&9%RL3foUq0Ye(-GZY+@p8xUfA^Q?vlMPeFeTRF?MG8#PN_OB0!`%1!^OUt&gbdx
zAoc=5w=c};SH2JU^VD&ekFk557jb)}L0Er13mk@ikx-$$aWoOX8+bHEINPB~U$&0V
zwuZX0W@6}|E1KOB!AD$6xe$9i05O$dv(|Qp5_l)ma+5>KhHP*A^GyQ4#X$U8I93U+
zdfipH)e~!<j~%2~((lqfpd$psl^1`1woFXlHkOlZk0Rm<YuK@4G3p0eMzh9fRP7C<
z#*;l@_1yGgqtol{6;{w&%@K(zozvzRA+OsP^x!qo53SmKOP+@ExuOBD!J2O{!|0vg
z4jM;%-O@jm7K6HUT@V9kNMBful3jKz*l=#LZN#b|`Kf(P-zBW)kHVn{YieeLPED>Q
z?a9x~oI*YZe@S|I__KTAGc+*;TSDf12Zqca!$0j~9o6`pm8n<gY&+HC^ZMIusc9zq
zK~OkDM&1?4o^qH{EIh(!+_GSuF$?!y8JReYO#*dY&JH^1K1POKzx}q6svdv{0UGgB
z*cbGU!p1jC`nap?S0|ICboaCw^O!Kn{?_AH@$!qqp?alBNJS^YBxukzZ_;-_8yGo!
zDqrI=fiuq2TwbyIv6>sk2d+UE30ACnb8`u5JrRp&AiO4HPJIfi;hGckX-Tk~b*w3*
znVk{rp6*vF3@0xfYX*ZVDFULrb2KNc_%QB8Ki6f2i+%!QUc2#^c2u)c8(4arLO|}P
z6nsdCSB2&xaNnTGnEj<>r6(lYbm(S>2vQ`fR|oL^KXIOSrg@2p@iYn8#1*Fxc1ARg
z%G0pfG-+iKD0C|UKUN(;C8o8JfbFgtuJN9sRI}A}SAo2fXJawK`wCh7IY*Mx6X-5}
zo?kXgb!Ov0hc3<HbJ{*opW5Njx*IDa5ifmyz+{`LyBdsE)XJm+P4?3BAN$$V+~9wx
zTvUxuGE42%?*j>=RP=mo4AUPD9zZXBWX~g>95mPwlB@93FM%P_>AA@BQ5K7Jw?n8d
z<4JE-!oh>t(eY?a$RfRB_j8}q-9A)XFTl8Pkp2gYX!z3&WiUrQpTb{@IJfKv9t@^h
zq&o+;o8!?;348m?!}S#*T#hV0Yp5A(Eg&+%+3YwF4*lf}Lz5O~sgjth{pS>mco{ME
z=V13S_IGoXYGF@+p^x2wi|IBDX_g57O{OZj>R@bX+(8#H<LSxAwl?zvd?c!Y32gR#
zD{G_{;m@T6VAycV+NNd=Uu=Pz1A|Pv!D`+mnn)~5(HpKj3C8*=9E(#tlQ)Rleyy~Z
z6#uNyeF*bJlz*}FP4SYos-PaPT?hUA%k0Id`UzASg0)}|-VL}jxHpt&)Lj4R2WWaj
z{=*ugm9f0eGd{V@-5_Meq!SSnEiZF_Z)iz8CFyD!f<8z^a;$#C%`B^z11i$VSZF$T
zh_H_v(EUIU{hOoe%+tUi;7Yr}AYlG13pH-G@<ttD`c<aW2zR-&s}vCvBw3r}F;3Fh
zf`}w5W|<s^!O%tqzR0+;jyPk?9c4sGq3-rN@eR9NJ=NnejxzNIMU`)`bmMQr&Iwy9
zoi^t$&m<0OGVWKb@T#6KZjod}G5TBN<cBVRgm1F8--T}lXv*n8bX#1Km2;qo{?g&!
zRDrD<(^vYFI%*>{>)ZAJ1{VhQ2e^j_Q57Bg?mbm<8!NgnFyXKJPSWvL-)k%e8_;;y
zg?5^EGY~$h_V-++8qT{U530eZ<{xD*^rd|bX6MuBPI^SmQZ;=82x%*}!#F3x%@Hju
zM%bfVGzZ(=9xpWyhf-`9cBydlwoBK+c+CCfH#?cf;eN_Q_5aY0qzahT?u`GWHCvJF
zD0_kxPMaGp3}Y^HOr?_n$^tbbY0&+b%aTC$5J!DSlN({dqIg;WDtsw7#B$;gSi)}6
zH}`nIwMA!5?R0hDsGAp?N75Gh(ni!LArg>e=T*ZK?E=wp_G}n|S2Hx6g|ps!G-6j+
zkBv@mFvUNx3QXqSGYm@q2AUYuO0BSe!fT9qaW_V>nx&m*b;^O}c%@zKK?f$8=qKoD
z#Bv(Ne%G=Dl;;^B#r`BJ@RX>TK!l~&Ypn}#nY#?Yw`J}xs1#+oJa4)7U*E&h{^<vr
zhkzATV|mO0!Yw&ogHs<$$%UC5VmKaL-x{m~*MgfWmRvPQt?>2n+VSsv3WKtcQUgr(
zG_{n$jG6oqb43c7ywS_3U7sY*NV<`hIX~YcHcDdjEH{Dm#6inBFE`y)$V#}b2~I_5
zl0BDV@F#Cs_5eO-2^vS1*hCE7uBzECK4QP}vXPYX1tQy@PjIdCyWV&c@w;L=<oty6
zUai#sl*oMNc$64Mp(EYCP5$5^cb|J;frKW+zryJRHOc-bq}9~_kObLowYo7aNrp-R
zUZ+oE2!yX-o7;6LvUd%-GJ3<a2W|47yNpnaad{-Z<;$Nsf%PyP+rPm`R%p7%YMe<F
zZ?GCcrE1E;$>yxsYi!4^$&zPj4<jVr#AUD9Ur=Z5lK_G356VGI2Z`$@vf?ceW%5<;
zY0Rl0&9HRjzC3?_BYuw&4k*Ww!1aehz+ncm5R<>C$lu4QKuGi1^saMiP6d)1N~Yj2
z{?gK;VHf0X^F{g_wQ;XS=cZw~H)#YNz0?(u-%C&5LxTkANQqm&lDrT9{Dec*Y{cyx
ze+T!PQw7*Zuu<42OvxFRCoZU~V8LOxT(`UghH3xlSdFJZ^&J7GHE%qd-S$xADLxoE
z?A6X-Occ%T(k!He+`(UzXN`Wbegzm&Ue#mirGEm=5#1=@^~R}ozjxbRj^wb7dv!Vf
zdr681(n!7yqUO-_2Bw#!G|1HlWWl&SeJ-q+wwW4HKRN?j;U&A|QWu=0L8Unc<MQ)<
z8}oNoTnW&0@MBsdLMP@6xvU&BuH-?i<$%|1>o#z<^3BucV}pj;(`pjv$jf;B!DtA1
zURDniXP=xOgl(=sO{@NVMH2xj07;c35&};|o699xOX~IL2Hk3_ERISXH~wV6N;NTs
zIz?4HF(2#giRpR!CNcQg45e(QpZq)V<HmujGo@-I*{)PHVN2$Z)e+-u*0yuQ6oL-4
z<9JtRO&ae$P{Pp?)>cN7mf&+GDN?;rP5>ZAHJn^_ijD=T=g2)xVU!r8CG+88rxKb(
z{Tlk@lo{0OkC}kR6E=?K`eRTrNuYzFS*wK`LQz-l=*4_hy~_y54ow(_h-bECI<SYm
ztt+=0->*2`&RbG^#V(GqvNt~WBBZ5wjEB#gE=+Rljo&zRuOl^`sI@sC8!kDZ?h)+6
zsD%a*FKL8>PJ~yTLo3&t@<DegfqFXSMnh}@<DBxk7wNPZA~O09v-+FwyuHLZesw%r
z8u*(FK6{7`Y~+hju;j3b1#dr7sdaXxvTp@$1!CNONF=2`FPioCR-`p>^D!DL2P86|
zc3JY$dqm}Kf{*_e2Gwmm2W8(%(Y8QlOjaHHoFnmUqu5JXpl~4(Av3%Y!TTKn6BK8F
z8!p9Nb0D^q&Ox|0qa||>$hw~JNb=%=kp33~{A<@8GP<)LhY*8I#P5d!{Bpf?&EV`w
zS}b8V3e*mmI-?IXh;7$NJWq8tB$tVHpQ8!=D!#XD+s~wse!(~~=4u(QS_4PImpf=i
zrS0=mjJmlnGc<slG4p38QyU)Fv<leq&fAq?LfUyrSOy0(=+2-Y()CjajBv6kL7xCP
z6eVep%E|0V>ha&H-RiI1#MJ@lI%1|somnqK=i<EQqr41G5kRAQku~-Hdt<kv(mYfg
z3?<M<AbRINs1n)+WDi12PUZR%tpQ^7`U{^8;p@XNaG5Wd?uO`soi|WhXmCY`$BLMH
z!PLH^P9M9mhFT8Q%|#)ZDqs;*uLZ4BN)u2tWuiU?vNMaS1<ett-M9=tke7rKY3<V+
zLmPTDNPAoTsg(ZmTp^S`p{kmlzj!$c39Z=)SexR~@lZ(%PEe?o6_o<=1@nlmZYWwY
zC3x*VS#kg3_%}KGKARRQ&@Tu0MGFlR&i-Z-KS!tIJ$LU2reS|lE}V*I0TRUcC031r
z>;Wzb$HibCx^R%CmI1@!hp(H*>FJnGTW6osY;UJYcLhbNS{-ANo5v#*(qCcK#q0tM
z{Ub9VYa}aJYl@+D=WGWE59iMXroDc<Z!OX5&iYk1MhBU*<bV&>LpUL+x>0QCB7Cv>
zIPeocZR{FFCk7ywh#UHK*bO2YQyYU=LHF>q)Tj^o_0&hY^tUvqnB6!3;0=fw|9KFp
z1wDW%=p6@OqYa-`wYMo|>|1$DKI}%=&}MIv=uX`qd;#(~;BN2Vzp7KZO9EZw1=4Y(
z2qCn1tpiJLwzFy49zd5wxvU!n<_Ht-lG3;@i8bm+2~LysozNoml2wQTz=2sgC3+=4
z5Fj>r{~&b>tRhL8BOA-;K10;*lPst-ISHw@2^~Dm+N%*rxumO`u_+n|A~>G1uUo)a
zAM;5)#E4FH<Y6(D;rxXI^gzDC&D#wvu7D@9FPrK6!xb@6wYduBSFPl>CpSdrRJ?Hs
zv=v<)1W67+$jRPtS&WjoWc;M62oP~JBG~pmN6&oTa@8E-4FF#^o$amNg%E8~S2!GK
zPAwEC)-WTc+6p#RI6MODY?aHW2J>AucT*2zE8!$wW?X?COTGDH7iR}Ra_C=0EC+8s
zbPPE`xv>!5VtgDSt9ZHXYQFjC#isq4-Mh__xfw=d>n%4Wo!E~FU3%|YoVNk$`7F}p
zAO34jw*&j)q;S9lgmO|6yOkzZyWJdRQhwoQ+1+z24sNNSP?&D!%}Tfs&BFc^IcE90
z7gt#0UL{9VqD6czSD>mbK3`Y*XOEa90%kD%n=4}`UoklJpJqVxzM8FegQZ|yVUCcy
zo<hcA>+VwArmwg_qT;V4!bAm!xsthKuAcQqr<5_VDOwjjfIt%;BM>#DPH@*9sUA!h
z5U05SOo)?W!D%CAXRg&2&Rt6?G(IR{m?x}lOHQ!KX5J<bWh(xS^U#t?Bqub6d#}88
zvT=d$tr+{L6<k7vfV4qi=J^9BgcLN*9uF6<dgd_UuHNI7-&vDQOrViysa_NU;nTp@
zLgE-+yP6{lPD(9WjG&gBT?J}B8?K29$cL-}&7AKEEYn^qi0lhd&ifUAbAqiH%}ABN
zg>k(QF-p>Pnjt*MmCS@Hu%4J43lw!~4+$e*S!{f1nP7@UY4W4jJS|7)_(C~)3#{S;
z8M%N}d4?HL+Dfy9ro4-3^U3Dq`5Y=m3R|I=q@JkY8a#V8mVd}m=FX!(BtwLsWpy9i
zX)D1=nQsXAr>}NF)k8;H96eGSpsUn?jZzlx7Q&iY+)MffJ!hN&Mtyk1`Js)`CB+NP
zp!K$)6c?oq;<N2xNz($Dvb?<6i*IzZe`6RLXb?WW*+dF>3QGTy4afF}RBRB|I_t%{
z+7ho1Z1C4*B|^f~FNK7AYXu`zLJyx?@=KYWt?wK}a9UE)qm!*^Ft4>JtFpen<g?xq
zIKk(DKKuGTh?;Ko0;EMm!2<z#oGiailU0zP-u*&cz56e1CpPsq0w}+mngs}5O8+8|
zTCBb0V>CsRPlp~-GOOBR5aLc<jj&;0A98KY?t?X_Zv4j3)Z<d0Q&&i`X&B$))dfPV
zef@Azt(|QAaCQ>3&x5HSo_J#BcER(u<lB|xDnkXZyPypn)LXP*Mi%+Od`234hPufI
z3{%oVZI0Swa!;q(0YYkuEM$UX!<Fo{q_o;D<IkCJ5pSe*?3U#vA@mDU04FKR?hBrG
zsKJZ6*lIB3;fB758wkr@_`L9?Cs6Qt;TNCC+931};){*01gVU2pgZN>6};74q=CGk
z;^>N8xN?Dtm<T@NO_5St2f6F_Z(em1X$6W67eDPa0B(!om>xY^_3CXZtB44Ooj3iW
z`w(3DgkgG(>U0=}H<Q@h3<KP}wuK;sUy6H+EXTy}r~(~ba`luib<|MO2+sM*Sm@po
zUJ3Xa!7A6v%Dcl)T|~7`yFO!vI5aw~+##0yN3-5cz=n&{=lr8T42s{a83r4BK3RnT
zH2`)}eTlZ`aD9*Hv}>$Ot9=D~$~i)m9EFiyaT4&=h#%T%5toTbIk)W3YKd!;NhSCx
zNZTL(5utyF*CR69P5M|}UJ}X5VpX%*^9fvsDkU@Zv&5CKPZTm_jAuu1_|&=3lH&Pj
zaRlzb3LQrjzguUtq*k4o28-|)U@;6&IhKU6o#J9Dq)PwP+kih#jMOQQd%EbXdhg>=
zEyh@CDmluQTS!<ym?)0X`&TZ;rC%jXNm663Av^oM2jG)0a{{%M7Y%G_q+JvA2Pt23
z0R=!2X(Dp1-cR$AvB)0H@VGU)_kh0og8N0bedprQoCnxlStowfFG2GSY4Nnop!h^Z
zCQO48bJ9@)TNiFWnTPuWcgX%GER)WwSbOljx=~I;^UKNK5*oAgVO<x$JXjcK`RFQY
zaQ)Pe9cl?oIJ7_grEA+nYl`5jSH#4s6|cF=^UDc9Fnx$bOHuAvW7Co%g{wOaYq;8Y
zoWM^mkU{`kMn<1xE?N9U@rC{#>M(6xagPHtDZ8C!cfiz~<+rbT-eP-Z;defvn(^d6
z9&^3AwCBJ6tFJO#oHn}^va++zoUW|a8YoIXqPVsYa-J+7Y%wTJ6Ko-vkb}Wa5lQ($
z8^7!WZM&v4<w%4SLbG9~$KLuw>{$Pv7Axv?Q7bn#l9*&d56fP$+yz@o+$vXItwmXW
z0hZvzQ3@=~IoI7+rAAU8mB~*OHfpRpqXOYUe4`^jAe;qhq>YMmAM2zV8QPG>e1hL-
zyfX-wyT+5(PvcbocAoocC)5;SXtv59XL_~*q7JGWiZBUgI2W06ER~Gm<tn8$o?xtS
zZsGgKkHOjJ6nB$Ssjcw^)n9yH52D}@3h#5Dno7C#1lto?0@8JS*T9ej<jJp>BxG4z
zncxYG0@gNJ+payG7U3(W+MzS)g5(!f2NX+!y@s8?8=PneAlsnZJr!qS>I_CxiD3R+
zY$fg$pBDUZj)w?FJnCpU`*}WYK~Y@lygz`18*v3%i>NBrj-CB0{z8ddCh9Hj*l_t5
zy->I-{V($xux{=Oaxl!y#+2)fHk8!)p``>Ax9EGqrKHhDW7gf>*M#zwa#4YkwLOKd
zN<x;A-;FG(xzaR3gGQHPg7$T&E-eHh?)=iOxG8Wmj41;-mcOV!7aYg^=_7cW04Eb2
zk6C%z?v2{p;E-iS*ty2sx`S>mRt#IqOiTK+W^}UzPPoCQ)4YZ5;vyT(H6NeUtHhg3
zA#9?NN*7OeKDLY!jI=1gVJmzl@w-vBBVc&+Suv7<U`c>AmvtNkDo~}I=@hF{!GaWF
zJg$Bd)l!gom8DEJ_DdK|98_$*A*CgyhnY)HJ|e_N^2^&RMrb@`&0zWy1p0771Cj7X
z;S0Al28xIMa4+~554Dw@*xfMPLSBfLt>zFQIb2V$4*j|;nGY~F=PT6td0G-dvxc@7
zcWiJz)}>eVg)|!KTrcrcOUxZDK?+|(=DJxcGaHA2J6S8DE-9;S^W$dXlB<{2LM2-(
z%}`Z3uDtAR2!QYRT;1nYuR9v=+kxxTH&DLHdsaSR3iU6xW5lVk^o|RJR}jpIEqN(6
z)9WX7MRKtTRagpH$v)p&|4wVTlU|(@r#h^^%(UXRag+OS8|9D0ls})6;;cq5y4ji4
zDQ;Tl2#e~Msj0ImkSUoraAE0I+abB<_#g>p7wWu<pihCkw&u8aEzA?hwzZ^!EMTMB
zU{CBG2|cy-8|RAxTgps2t#S?-bOW*m;HNEVARx>@%1XpJ=+9W8mO~JfSoMPa5h9fV
zgMrvE$)DoK2_&I_Y>GRRTanX3`|QaIfjY7C9W$1LT1qD0*CnHJ=JQs^0=o2IL>7{U
zEmUJO)!yMroR)E%owe~q$V1BBV~^I-FR0-(lE#<)-frijy0m%q-Y70C?mlq8#cJQL
zi}C~g>Zg;Cmb!j$2kH`X7G#hBM=&}yf$1bcZrpK31An!4vxA+ty|K!cyu(t_F`8zq
z#JHKddNN0H!bl--L#~n`_U~5e8(NK%4}y<*FAi9cMvaPt9ih!ZKYeUY7rxsR8i#q>
z93C>d))!1a_B^T}jm6Rz+&*J+CzM{H;y)i7_FQS0zVToCp6wCNn<1WjTQJn)WUkhh
zBqSf!?;~<w)2J~w9aCx(>f03^Y&Sjn4D3_QkvEkcW6(uSATz6PejVq*ym1R&ufF8a
zU388aK92sR=OnPDr$U(gkSHNK<f1p9Zj=xe0IjEzzMzT>;(*Vm1GV&n#Rci4Bsj#;
zbWE%=RO@X?CGJq{{t_nLB9Zhx;cIK*b;_@h7>6R#+c0!ve1`}0w)c5*g=yK;^&Lq@
zs~k&~^b%m3dnoTHy(A)A1rONIEA)5<;Sc5<PdAx~Zn(VQjjK+Kyd7n5L|9WKe#Mj8
zr?~1)rCML&AI;{kEhJn}snQz(wu5xdDQJW3J==r5#}k>)JCotjAKuN)d3jXP4DX;#
zYpIEMBj0yyavF|HqSbK{=OjZ)=G)_XolPML3uq2YH6lc@D0^!PpB`QdLBB6Gi=E?{
z?#WZXzSW74-#Hjh$Y+YA$5Y~pjz4|6F&k@%4m#>ZUH;_@ut2Ly$NA07afo23L~yEC
zu%1R(?DtaJlZqO*AOf}l5PD_B1lpyLfO|;=<)qZX+v9m~CQLv?SRunG#96gBXK}^0
zTLtCG;Apk2fQf{8Z#yEP1*O$eF{LQ9kMMwpd|)neY#6f-x24EnU5{`<)fj@rd|+Hf
zDIYG2dM>{B16dlZv)Y4`fwM1HnX(8KS-z`v#CuNQndxky-p2<A$M|i{oUw#<J|&{C
z5YSc{#QvrzoNR)rXCL(GW>x@vwXxkKw#mx!Q)EyeG}Vs5d7VFD&yG0%`!lvVW!;>M
zKus}WSMO^}=G}ctqo}36>pVvF0LDRQTg#|$aZAO7KRsK+@d(lO((fd#HX)X<{6aFC
zhWOv#QoCI-d@t1N+FGHdfz51L$1?fyg<|sxyw+MVB@a#}<SsQec!81V23+~W)u+AO
z4_)>_nFp;_N*L1(I$>Dony5o9vDz^(9sYi07-9SA;&~y@pS!NCImE>x3sF_=Q^5$C
z<{ZdeAR8504yfOfamN~g$>kDfiAalHfYm@u5}VAW(X37{1=dZXmm~v$mbkMi>L_?I
z!R!8`fZTD{vw_LwSSXcA7HPS`EF)ir7&d(J^1~^{2X~{mIs2l};>J_G(+njk1#wa_
zX&Xe0vWp)RxKc@$R7C)umg3*L^w9p4V-RUq_gZ;;Uinr2W1Ki>FJ8kfbVAQHMV_l}
zt}`;A;lU#r{^ECtdnc*Wmx|_81vqU^HByzc*KvC+*m`ue*{9uEr)GMiTcCSgz3Z0V
zK}3083*D<?JORKaCgwc=`N}HEMw-J@2&sv${kzd9XL!ap#(r%Ud|5u7GwkOIrou<~
z+GDcu<>h%N_(nk9%ScM>wEIaZ`S2R^o!2B1CM$7o+H^)sinFHwJe-L?(px+&mczJZ
zeYQeGe@hWha`*hKf}MYc(|yNPbpnU1mcE;0QF}Vo*(vRP<D#GlFEiU*l%;msM!}xI
zgZ|2;yu)P{h*|2;8EGKm?4No+Bk%0@snFB8Q>q#tH`SNlRln%*=F;?*wT_JOo@xu3
zOOA))3HR22mjs&@s-`@PwHzA{0V$>mgF(uD7fjUmW7C<~?2UJeI^_e<sMB(jHaXGn
zeSD|v`Tf@oylz3FqG)9tU{Ez1Yfc$KZc1y=PTP7e(^iDl*6+Y>{#db3%Lk=2S(eB{
z$wJ*}Cq-Jrc~a_{za^*9M<F0pt-)&c>|08g>UT6szG)GX&7nqtq}LgGGH6qU6ZPL#
zkA_S7x()L!4?}a^L4^Bo67|Fv>2(O#M27$r3IBT#ccjs<eUj_O>(_2Jen5fKMiDsN
z6;hXcs-%_*DOxX8JOTzQyX>StI^Ek|>eP2A*PwAZ`%0H^BN)SZ_LcI)bMnlQ6pyfI
zzKoP68&n)3jHIumIY%*G3=n?bK)W-=fA$E2*A)Nw^)2rH<>6{z#NItf(Cq6E$zu(H
zCNB>iG*^R#m<HZElzW(GNUaT++q(8S1iOp8`tK!NA;dHxPQOoo)+m#EdOU@txa(QQ
zf(1Yy^Nu6cT6ozN(VveF88;^@As6$WEFvbWd|N+|lDy9ENyb|_mt`xXeM6PXoY923
zI-*%Pnf`uK_$bALaCoP#%?c56Ml2Ylo-Q7GfTJoLd{$E~6MNXcDEen81<!x|EU$2Q
ztIq3-HC54SUi;grX$O5t^U8kX;L=i%@H-}H9CBEC0gbj=1q&(oHxYs%6g_4Cxk1Ey
ztBUKusiusPXdxoZwCS#%62Wh(N@v&6aKF$n!BN_sIhRzcha+CWe)82WjnFI~>+tFg
z^E=4U?+&;O4N;0#9y{qCYoLU#?)LXuw_~@Qd{snoE)kp~4xAP#KFlbZO3<ZKZJ5yk
zQ4cvD*ykK*>kk8@1N&4HT`Rj^4JLI77v%S-#y+pi*|V%UpY(W1bwHt~E-L})i9KOW
z&?@&Y#*q|YYlDwA8Dz7@W~AN6HX6bQFum3?R2WUJnem8<|0~(sxLS1>0j(G7-GAuw
zx!A*v>E>u8oio6KYwnbF+*-9i%?Z+RdrN#=Ob<)!Cof;X`hZ=eS}d{1D~|dFFY%Zy
zo4tE&03u1tJo~^(PLmwbpD_i@`@;3imjl_QUV(U`F6r$b-!5NXarn>c2a5T{R?4Al
zhz{AL`iVa^v1s=PEAUK1o+K7nP$a7$0rds0BBB@-Bw7X-z#UZrrVJT+6|(7TVFrBa
z7R3HQBj^uOke}4BULuFol{O8|%RZ(a5nol1MpMNw5`pcbzW0O1%R6|@S*RS0kqp=6
zE%A37i||}qCB%DoP4|?@C3T08Jmjx@mkg%vktoX&e<oc?{l6D?2-b}bmcAdo&j$Jh
z5XIn8Tsq+?PU;$kq_z|Q_~g!tGJ*i=1ehVYY-+|-qbcz;BOt(``9*Bd1_ulZtOPeF
z{k>m3+v-a+Ot7hPFLDRCjq342v^J)@EFfNC)IYl7oU6l}XF&z&qyoxupqU&`Sq=GV
z0IG^Y=R>cAc1w7oJ)f-nx==}+?$yc)_r&vSU&{HAOT|LXDbvK|8O{;>2IiD}7zR0*
zR$ja39hI|fUvw_ix003LBWwgu%$5=u-RV^xz-%-L2@u;q+*6LC?=BoPowSiCNJjU%
zX`wy#4mDR<2${hV_wOxH>e_}j4A*mFzERB!`!b<e$)mzCsby7gL|pimaS&07LykG7
zTat{Xp4?kI{J=P>kYjA(y4q)eWRsWLw1n)>`%z%u&*mU<fQ#@^oMlYu{Egp#gAl|I
z0tW6L*38wOkf;kr80`y`{79mE!w3|tnl4*cwYz-<(nvuN;UY=(y`J?Nt7e%HXg-DT
zG?}qhLSZcdwe+~No?Jh;Y#^wzl>u#}-xM>y<5+>e2k+=Ndv?=l<Y>m4ittG|8;0uP
z7DFS_j<IWs>L5n9sEc5GvdZzW0DdmkQmk-MhheORz@$yl1ign6vY7lOi+P0x6{K5C
zh4yZw?5oNZDQtyl@5)cvFmC;?!LDpguyYrZJ!^T$5*Or8PD=q-x)hwtAdp*+KYHJ|
zyUa{Y7`OiTc{RM+hOg>AdKUZ0XY>~**(E0>bG|qcT9Tk8c-kXc05m*0`BG1U7~nge
z$yX9I_*60F;v%DCquTGJc=OA4=O{3uuFU3h3h#^CvH+Fi1pyU=ZX2SM*+;aKea9*A
z=U%!s&LR!E_pke|KBgvs%>;DoRbr%F?$0i`ay@WvbE1Lx1(3-(XHw)k6Oaqqu3>I%
zv6%%1_$;m?YM%6NNRRE@M$_mL*SfcE7)WDLMf8xfV=T|ZA8NiBH7KeR=Q#;)FEWt{
zgv&4hdjfSJZ_CyW9sc#xs&mOC!DPUX5wA3IT6-r4C#`nfGS1`@S$vXY-GE&W;Bn^i
zbp}$|3uzzBK+n8<Ra+gD;ppeRST%=5CWftQAdi*GN9gasFSk*VWs%I=hs=dUcff&%
zN|lY2g?STujq5l2$S)h~3xtRD%Gxebps@6%zki@BAdTjJH4%wOJShqL+Hzl4D!<ot
zMtxcm!X;WhZ>|D8Of0ww6(KIkWwZk9$u=&BzN~5BYi~G>*(ADPjw`Ny_I5K<6w_&A
zPq2um)w{MfU<)8b7i&=-ry%+0Oh)pc4Q<0WnxhY|ZuXV)%1_JGNZIOWI)~bj8;{f{
zGwCu>S|y8zvRi;uT5Dgqs}?7c=*X_(=-R#lF3%eZh6^ksmf(5j4sy!S6Fy~i2Wo9@
z0j9r(JG{rKOr$+Uer+OABV$3ZO~}hou(*fC#tIqEssmY~DWDS-Ry-Y3B_Zit<DK8_
ze-QvoXPN}E6IOa$nSLZ3K0BLAQa+OYmV%o6LF&8YFwB07+18CLU9I7J=s?R>Nd3F^
z9zG%e;e8EO?DsenDXA%EgG2X6fa*h_zdjaYd~)j=(dwD&dokWys_H;S?|OxHor1S>
zMs-_d3-qb}JCTaLqGss)4@@w%g&Oa*h@sISD*BgC#yBeJ_;5)*r=PGjb>uZF)kEIk
z*$-KoyiI2uoN|37e}?<mq=-hJ<EK%9M4F<nYO~;~%xXxL%^y~-s`k~@gxQc!l_a(%
z{dP$}#x9(WUCU=X*qX*&Fw5hml9S@ZaRUT~<sQ+Y6=KyVB)@q~hz~=++QujE@ICY3
zIkaq&TMs(m1F-D0(^w9t-eHbi@D_a-aZdYcTfhCV^te4j=Yu_8@iWG}6yBZ~kYYlJ
zi#^shDM&i`tptPO)p>F(F@P~Z#=nBvGoWGw{$pzVd?o0xe!91EGj3Fti^B&U08IO#
zDs+KE9f7k2pKoy29Ggo(CeYscvQ~2}c@)8!Arev7cGr5WcrGF(ed)iVkhHIU;bW}R
z6BijvXD)Gf?46=mXj$9&epTx{)`_a}Bk!}^0G~^M_*@>RrqWUbqO*7H4%eBG58DJw
z*NP8<ji(FUGUpgxo$(Ka_Q+U(-T)3L3JJ3u8^mE1cy8sdLjAe%gZKcrZ2u2;mX8f!
zmIcmWomJ0u?qqt@>HFL$dB%zWLN6zkg=A)Ix$y@Sx+i5JexzsU9%&%{B@~D<NHt(h
z(q#hv`)d9z?s_mpxmC4Om+4N-FLd)I!mBCClmXYDIlmVhT-GDN*<co=<pN9+5NcZX
zWQ`&x1{`#l1RxP)CtKhOoA_FHE!;oc7Pi_91iFhUQId#i5v0j_0SrtA6IY%6bTl)M
zzX-|C9cQ!1P`Xnds_D?>N_Hc}W?Vh($5mybjQJ+0kB-t7qDFW^ycwKWz&g^{MZ&O9
zSFnQ!6O{<B8}G8oB0!Z(0;C^df`ZJAlr6Gm)xQpC4KGapGRAFSfS=$t{UWBHMtVyf
zZcBD~kKReLmeWG97YyBzz3^$zRNGU-{-L|$sm<;vys0PeqOEfhV9#gl%1zk59D`-&
zsE-f=OV%7Qbu}cS(A7RFz}ztBJ5*ofS;y0=>A8O9s$EbErWfRN;sRx_Ay|vRw?qJ%
zl=LRm%mr!GX@fBI{H}c*!gY?2l#BE}qc1y5FiV^Q82-^UfVNzob5yZ?)53te82JO4
zVxz$mwqweVDq>-*6pv<C7&oP>jhToQLD+lT&y-SRZ^K(&jcnxTf_#zIh#u-40p=CT
z;Zc`Qu^;8Syxke^4T0-Nwu7s}DX|X(bC-}CY}B--Sz$;m14~U?>tYtRFO>rN1j`}Q
zl6@nz>AM<ZC_!Y3%u>NEhXBt#LBziLO1%hgeD+zg${@G#T&Q6<p_J(kPl(eBs0wBf
zunF*o64?yz<J>JMs8e4i|KOmSnWltN;_C8%)`hrdA$|x8*G=53dgDNbTrx^_@A#Z*
zpeOIqwGr8|8^lU_NZ};a_N{t420kN5xxbLg8>FRWv!sA7{}^>2&`!k~+TxMxg^RFh
zF|43r#+a0rN+Jin<;3oDd)YWj@Tt5HvUqSuYxS%IAg(2SlNV(8qM5H1Yeu?7&+^^}
zONeIZtMq12Y?M&072+w(tfZt{WVuRcXg?*jq{pEw{j4>+I1WjK9~f}!5HdWd)8J45
z_Jv7?&E{_Fp0EX7jX=dW*914xPt({KWXMR9MCeehITpRyN3J%}=8N!WM$uHSrZp|e
z(DWDn7*paa8C;JMa+8FeXg}7w$1wi#y*u*3l4HVV)a%`c^Op6`6&|(1V9hF6fymT|
z#&LD67zi-M#V$W}Vp*J6GU`WCc0x$cRePeGPMoIgzyIRn<63+|?e~s6&n-8=q2;<#
zLXKBbA`-0qH0DT1V-Ik7)<900iW#t34<TJ7-Yk(dA#+n|rL`&kZm2;XWOe89fDx{-
zO7ddWD?{NE(Irf+5UPwF|Cq0B9WA+-S4vxL8!3JeLYYPTcr_e9PkajE_)4k>-cDyS
zZw!%DAB4FL(|PFMQ-~aWPA4r+KV^bhMe82wRv`2=;$obPLH9EKlZkQNit2j@I%U^J
zoaTJ43*X{+&9Ws`%+YxLp36nazUE*yRGYJMHV+|axtVDgP8;a0Fu4*YR^irCB-%&T
zpVvALl3GGJ>v6-ka|sw17lUUvwma*eVxWV*owznCEf>8|;{<X~P16yFd~>yTw{}O*
z;Z=iFHe9=<DiC4VtiTr6yw4i6k->pfL+VU2UTi>A3Qirfl^9SPJsNp&RS0uYqux&b
zsgO2tOvqf%TA;q{s$*>pa_vV1P^Hr$opwf3x8|W83`39pV)0s6dDMwC>+DxZ;dqEE
z;aW)@b0*W7$XSTOXkv|oLx9cq1=`AFz{R}`OMlKpX%ZE*wfUe+pWcbGiliua$$AfF
zeDPXPpi2d5u~(xw*c8B5S;8JwOTG1YtSP7F+>xjB!_ig+agOlek@IxAj5L_y2M6)M
z6PL#6rIg*?G2oiq9`6(mmA|nV>Z;zl1Qbd!^!G`45qkqjbIY9s0KIAcif4C5ntj$n
z)8(|H`34ePY<N5%zgi4!Wq0_K-U4bo<v@d|hl;yDPfPguPpdrtR-R9qs+D7+a+T=K
z=9T;LNrAO!{J%NBfgFk=PpDpY+#7kJRXOS2mo|+TnUCF$SRYG5&1Q(&bdA&4A7|bc
zSDFmS;my?5Hz?EM;)5NWxo&L7RJ9#FUC-z~i$U_A-c>k##Xm35%CRZ{JDX*2f`if%
zkGV|I=nivggZ1ACLeXTqv2l=Lwb}jVuuP~rI;zw|)5Ecse0$kq@pCSWk$@6|V<1}t
zZj$(&qj@g!5Pe>2avjTm(}bYX+9sR&gd#<YB=&~m=7Z%!`b~lZ1U}V9_es!ZHr;+O
z34)(r4rVIzo+ZYLIqq~6Rza171wkc`ykHMC`aH`m+NgrR$2`T4NE+j9nj_Zq@S&wy
zo{HAf=rLL&Lyo@HNkt#pEZz04yzCR{LT%NGJj61TPEg@`MH^{VJ82!NpWk%U()78o
z04yo|)FkY(Esqn6Q$Go6)cgwrYmv`+EB9GsDCvp)SVzAzHT4%PxLg{&oI3WgFvNFI
z4vC`v+e#-&*W?}q7yC3(=)53WherLvO<rMVj%PyUAC0{+bypuR$Drylcj4i1?$<a5
z!FlF!Vsf3zJmjK*Y1oqybw62iGfFY4JbPv^^;tA-u&X|3*ekt!B5!+aM<SpL!qgDp
z4o#4lg$6c%PqI-bTB?CF+<l+E2uJh*?J%%ww*9hgx($ZxB}`Db7AU$dNIhz(OX5a~
z!Dp8Pa*pkfz(5gP!UT&L+0>#^hY+nXXCw8>yX+Bdw#VF0Jp82xrzY?aTZV=f@Vt0z
zEcZ0L1k-LX09))(rWEH_j|!6@TW6s~NYvkVss|P|j@NQ*cwyTY^2Wr!mDe2CIi2qa
z(`QxoQZOpoSx0*}+j|P+`=2mWdX(K9{aXC#VJc~3L7*bY12Vd%M##KYV$zrEKfJ@5
z4iFxK*p$|s1%{KckCaOfyoG2e{D|0549vX>aB_zEFNBWL1n40?D8!3b`Q<_U3%}dS
zJ76HNGDs+Wl87slQEv<~SrD&y?DK6040w`oevQ;#@Igfi)rEe{I6xaA5dcvzy`nrR
zMPcqNQ5#gqex@R#A`aj-&_Ik_p?$Xq^Dr|db}DyPzxv54*waWI(2WlA!YX}PfuU8i
zu>@GGaCgg_jZiedOsBo1LTod%v2*RIL>HE~m-4STX7DFbn4Ly_dC0V<;6ZNM{KA%z
z*mi9o0;<GA%rzayKflufcE_n7AK^P1zZt=XWzGB6;O>S?x5y19gMRXg5wzpZh;Vqn
zd3WysT6qh_3~U&eEb5aOoRbdPl8KuHVGO>Iz(JT`0tdjqpwmvhcu_d9h`?q~?1VQW
zVFwG=;%g%f-m1U2Zq^UDsh^TdHWB9D)V}JKy_Ek-4p%`GI%JPbqIlI$HSY!R1;>7e
zAyI_v@}z}@XN4VIfob2@sKzc`DD7tz_FmS=tf??@I1l9060|3AKqKJ5ezD~;a0)<Y
z>$<R8uZ2&Z+|O^S=1-bAqW26~AqR!kVtN1M`BUs9XD&IZXSL%Kv)&IJ_%r)s9yTy^
ze_ea!y1EI`@G#_@DTWZK8hH-!K;nKvPfX%EYJBd8r-e*K^a&IN7VpDQ$9HLQ*Dl&X
zsc$q?n<Ll|2m_bj<Vm3NVRyXT0nfVD+G^lFhvyqhQ(WHH(A2E_BnYajx$V~7^`Wa0
zit~({Gn2xx+WuwkVo=9ox#kqHNqaouR$L;ZDe}e=>*FZ&D=u#8mTL!}6%nhH1cFkY
zrxFhipeSow8!(aZ?vqF4)j>!MJ`e;p5ivPN*~0ptTldhUOlPkZyU<wz3Q3mG>&T?1
zK~#GYMX&{FNl<1K&6znjT@H1?ah}p45UAM)WT1Q-P4+U|ec$(dblN&>`MWx7vn;rW
zUFInjYOm$@$(yj(PX^YP)fLr#KXcB^SOg*zvM!{0!@21gO*p8ac`fJ^{A5;`1BLO#
zWH3i1+3F6=LToeA2^J8~IjQEz2PH1X4K`a*V<C4{?lXf7j@_(Jf>1RzmBm*i0R4XU
zVdmuJ!k9#pc?yT@T8#Jmx5Al;Cz9W$aM$x~z)@2{<n3w#Z7oFrs3Cf%kuD*wm6(=^
zxY1Fife<njxWK-gRuKG5W@4qhx|u57l@9hcr-860p3@9s`>r<9+%9MQC%H9q^v2aX
zU&h@mG32LgD78K?_W;Rct8q0gvARV(vMBy<>~2J13by)DYAD4CQonoGY%GhiZ;r@a
z=AmaHRinx&$NWx^V)grPibQ+Sq(gwOsxZN@&0DLC6Tn(<P6q_A;nPxioN>oDpt{!Z
zJYaf<(62yoMC0)!7b+Qkt_|J>izkcS9WA`KDR}M@fn!)I)3@ouR8TlpIGyp3C<@I+
z)%$VO0C_=~wWuWXUfguSWjVTUwaQSnQN*{pe{Y*^ua!JSESWE)7k;<ihtON%5{hRS
z8dGl;FJ;*y?ZD1$WBfG^|JA3Vb`<PG@Y84QDwHdO-8|naB1ym9O(B&*1WVltUbWE)
zjX2j6qz1b}>;|iwrs1;M`e<GG$c12-L7x-}{F_w<415h0@X*Ed#1J7q>*J@!4)_MJ
z;c|8j3aWbB4pe_J@7}yHPhPD3Ao_K6r@=eKdE{oKjl8%(d6E^_0qmql!O8+qFpbX_
z=C2f(NTezSmUJT8h6R1DSrw(|Fc!B0y~XoeZU|WOb5NOWb(5{NUz5fT>XIGg%WREK
zR7{8`Q5t<t3MZPJbt#X&-;!LiZoLhDyh#8iEjVs;RAVJR?49;1n^Fi1BfW|X5!Px&
z&Oe&aF21oTT%VqH$@VF0rg8ZO_&4(qcu1abGX6dv-IFBiazBNDrH`p+vi?%r@qYNt
z<%V{;rX-xM*`oX{WOrj29g)NZTYV|D=iobYa6~!9K(Y;qH3lZZm$So!2|59YpZIU_
z!n>OM*o^B57UPP#R#KwJpUl^Yl`*0jL7}q_LM7dX;L_1smTHDx+?8Cka1zw_^3TIs
z9W>WIqHtJu2zeOBJ3Z)_UKJ^AJ-4hoQ)BHQ$~S(vLkB$UOcPVgbpC)HFZVvh>uvNN
zy3xsU7U1Oh$S_W4TJ3r0JBpZ#>Y>S7U;(9IJ2`I}B$VP<+w|Y^fI3J<<<c6DxZLfP
zUwN*W!(2+LAUN|Rm6HRN*&GHAHbh*wC=2FrAq$RNcp54!4SF5J%xi7g6j|SqY4*)#
zy1r@#^cLJbh~AfWwKIp6#^$<(BtJiT_Qo~L1!&v)oQw@RVNQeBNmzOlu$W&@Dm}x8
zxe8-Q|E7g3M{^;;G(-7nw+vk>5N$6Slv;Spi2D5HV3=i!_IjrQAM_iktc;AjF+r;c
zy_^hj{~0n9-%!mLP<6W$?u<7v($fKFIDfH$>m~xTL7YJB?`mVK3W6LPIHx2x4vBhP
zLS;`eo;d7)C*=B7gO^B2%U{rCq{$hM3`dUgR&HTj$>zC7Hqmhr(C6m%F;uwa5_*g@
zOyiJe_%`~ko51pEv6f^lu$FD8wT+A7RbAO3^~dP>>&#kRpeq&ED0{hwz%$;(Vdt3e
zz-I?x6Q>Zto6=ss+_~(#t5oeRj>ks9{%Hgp1mO@ein`=!8+CNw6TOge<??$wE}d57
z8Ntn__q#d*IKr?Qt)Y)7jnQ%WH0n1?R9QkYIZaRw6iY}G{;#=ls}Lm4RNj^$I}V*3
zY<J#97A;ZTq*2+pUOk5fVv{@1qP-fqP-(UI$EHxjsq)hp1~h%xm1HO8`ax3ui9@(Q
zz0cF8x)3kU<AwubV0RD=k)=Ywni!fBDo{X~Ld<QQexMr1y}VuM-Y~MOEg8U{Pze2I
z#P)h~fJk`e;e1ilA2ZKIq{);h@;&kMTf3KWoL#gSPIzXfG%Mspx(MSfAh37*F_FH6
z&GULuxrwj?r+3||iUXf<dYfyffjxm5L++PVRP1en;0#7KJs_n=BQ{hZ^Jyr-aB;IO
zzjw-fjz(Hp`zsje@mAN5$bO>H@k@v4w0qYX@kC7YDS>Pp9@ieWSlHHH_<1~xPLU}7
zm{dsN33asnX1W-kCt~?Srv2U=id6M;uawxSooM8UCbn*mP?~|dGG|V-WEnWIV9KU5
z+vZxw;ak!RM|mkPLsgR$y>Lh`y(om<U%#la2&Z;wy_Vv)d_Z3tW(P3(s(V{bcZyRC
zj3Iy4*afS=^kmGo%nX)lRU`39I{!M3Lln53+0fDE*pnVXo6#0>bM`S!HNZbC9$DMj
zvkOH#G>%O!tE|_M#N4S~4DxPW%HEAF=R$LXl&-P`ahev7DT}iH?s^4i6sSPh`_WGT
z16x0?06Uxj(G*D-T}~vgEAHTwgqF%JUV%Kt4G;an_!uGMZFL!F`#ko`^Mw`rQM}4;
z8C1=;HHneELI_38UDYvqlyV&~A68Nswy(0;U5)qqoWRV;Ex|G1u!KlZddNb>g**Ih
ze7-9QKH1h~!eeZOXxt(9GrYm3zx8n;sbocJTF73sYR||(>_D2^j@w$}@rjM*%XbU=
z`%bUnC$tVv5Or77OiCAgrXvc7x3sgqa7%|!cl25fii5N01k^<LNiBrLNff{G^;eu&
zt7(ZZ9ghpKuQq^ixe++_lqE_Rk%$70vc_+khy$?^n*|<$3~TSP_O=@3$_NNCuV%sX
ztVJSU8V=L(Dn^>Hfv+m;@AK{WGoRtHd~392<=uyO=ANveBE{P((q|YYxIpY4^RG>x
z-1@@gXh&4o!0*523@U0-q^a9~6?W9!Te(D+6zFZEZ{rz~A;%u((rL~T$@40w7=zm2
z_$DwyOrA?|D&Xo8|L{X%<k5YjeIl%U9$Nim47Ki*kj!(WYhX_^5((_o7x=%nfx~y{
zc5@&DUL6z086~L=CF`gmrl{B-*QEhW1y>11oyE|2Oj34J{c!qXrM)1iq$f$q)(q?~
zUi1+f3_ZayyqosljW9PNpWTO5MH7FT%B!4F{QPz#{JDL0_rp)?o5wYB3Tv4th`~~X
zmPn8oG*R@vl(jWo#b7QJu?)fiu^my+8>(99dWy?D_q$yFw%ji^p(yk~--?O#=2^cg
zq>vsX$05@*j}r@&v!Pzjj_GV${hAl6G&|-zjx~xq4H6n!gJWXpV<}L0BJQxKhce?#
z(xIVXX_=~Im4Vh(tW>}nw)5ous>l3C6iXi{ZD)PV$r*)2;q{JatqY~lO!P&ShMTn@
znk-CxY?nV3#BYCPVMFO6ID2zF|E{oA7_(@(<1S99xUeJd99P%j%ZyQmJrGb$s;1&b
zyc#9N3)OCADt%%Il|t7NW7Gq+4ixs9ui*0LPD3U7Ru}9vHD24IeIq<wE|;Rel8`F{
z&2}xYZ_>X+&3K0-Tnq0VRdX1fETMwfT6D=sN2NWL3wGP2Ie)2rk-5np5sL5wR8pa+
zr&pl)4JI*hrIs)wy8C~MP7O&+Xgm7g!5xXjN>Y7X8HOWo|27*gp(iPh<D%DMN_bkp
zwz*k~vAez4r!I2dN$MD{Zq8^%M4|<H)QAFAZ86EelhNYOW?-B7&5ge6QE=wjn*dV*
zV}{HJ!EspW7c$enu|kJLzz=z4F3AL%PK-dt93mLxM*ZcEj+Zv5dG~EsK2s-R9hu|O
zd#J|3(Qnj(cUikmdI@}xaMKgd_WY`@8?bJ9!;B$)td{>509Zh$zZ}l0mRt&>guLdq
ziXMg9u3d6ChqJ=3f2E)n3oV8LoJlFa)6UB!%OFRIgIPg|O$Fk8h!V(uRrpE86_ZIo
zzP(&fvCYJxY84J6=?N)s2)lH5Bw5(71Rk}l-ZC1yBD@=`_Wt-PI;U^PPpwwWhNf`o
z(|c%qr#q{kQ0#e+*T9G2x3^Plb{l^^L!UVLk89MtbqsuI0^>`1=!AEQ)Ogb9yFY0F
zqk4j-zTwxg@0bbyTU56`^wgNz;<Qe^Fa5LRvWL_zUf&l259Gq~tkZaO`7H=?WhsQA
zGR&wMarW3d_qQxvmTpe7LPyZ>te11!B4GHmHpd|aBI3kTACyIK#NNJ+nZdG7O4jSi
zh%Xn(q9!WLa}s_zSnvNB;h*rLeCYCejMJB$%@)tMAn)#%5H8rCxuZ~?IFzf9lvCg6
z?3qg88c(eP+Hw%t-|a$%50ov&WlEdw^~n9-g*ya*glnqb@{Y-kv0MJkDx^|?ctx`j
zKoX69Xf_|Whd+p9(cTa3n4h2$*^|-#=+*JiL@Z`UQ)?=8`)_z>E~XuoLf~#FW49!)
znS@#j`(<u}^xvGqR5QCnTG<!TDk!qS+m4{p^%#xa^5Q>X@)ehMJI(}A!Ged(>aS+r
z<2w$!AW^Fc>i*7;Xo2uEa|dQ<B6m~Lw(ff%SlPNVOwhB7?AzXJUi&9YV6r`AmmX%^
zD0bl_tq&Tt#CBV0&+CiT^hzSAF~oJM=&dI~pFrj^uw$Pq2|Z5TH#~@$x!Cc!$^J<9
zO3&+y>yS^*K1dB+bj(hZb%$dAcq`oZjtVUkdptD=@Q*1lw0?k`^m8B)4VZ>t&ZaN|
zL-9*78Q3Bnfto|_hD^r*)au656GA5+@;S6+PPL&Zi_C#!ZDHG~unk&izG}4Yab`4?
zL`K#cQ6S!OsH>LFr^c_@AZ=0LAY&~v5aEb8;CCb}O>Tp598sh{vD~P~3-M%K>X7=^
z0YBuwZn#@^>TP{aH4@k%20mrN1R}+#%t7zKyq+$#SJ97(8gfb4Tx0E_#IevJL@;o^
zBatA;1Ty}AbFPF6Te)Qxt^fq9Lb+DD(QsDh9m{8~L(7Y9nLF4moaKo5d9J|(B!n7{
zzS1W-`sn-bbI^yxpC??JZ+B?6Y34r8L!IXXkrPZQhYH2@@ne$2a~j!*33l+2n0AvX
zS1z9%`#i0=4N5ey0IIy&IHJ?7J-A18@kOJYsoidc_v*$QD;lSa+q7q5gg#OtzUYK{
zJcoAqD%CRtc#SJ*%D%EI3ZpRkqsg$+GU+o^(QB;FRFA_y8>Ce=NlnXNsus+!WIyrs
zFz)aMA%31W^$ePf$ecU5opBzG(efv1DHVaj?O;S{hUim4<WQg*JI<wLt0&X04WIT$
zgbLEn3G2qqVJnv5|8QH?;zq-mjp2#k*7zQI8Rs(6)CxLOD1NQdjgiiuUyBN2jXm_!
zdqwonfY?O&dRynGi}{AqQMm}1d$=dz$Muo1J)>&qBPw1)P`<kkW}j3zou~{ol|;FB
zkbsg%PypX{iCr$`^|I(Y>K>sjd<xa$k*&m!{KG;e(u%|6KCVqnk|^~VlYkEGD^W_4
zanGk7Gn|imx%+YGGy6<VZqGTmC(JOwcbve>F9SM<PNGtTd3Zi8kfTYf`qAhq)*uP*
z837`F0B9iUJFur)H6bS_Q&#UV^A_nLK4sRSs|$>W(^<<TzFS7_+~ZyquVHiVS~@^K
zoV7s>zwy?<^|cD5uJ&t3N`1h>$B{FW^FX$3d?bzmnmF7=om(_pPYJ2fs*U%rBE+!Q
z4qz+_(~;7VdWfcDkeT_ZFB_WR(#9k~rAQcBIAWJo#Jf>YDsX)5Y$uD%D4D$BIN(`B
zmJaw-j0wnka~i3UU;gStwl$B+lJX6H`T?Q7TZ5s02juUaUj^$J>wq5Q?YyPs+2Go=
zZ^BBZ*q;&uo_WDzPeLdh`jDiZjOh^<3?n0^a!PGJZ6p{RxW0MVznPTx%`H>|JAU$e
zJG+|zbr@?{@5om2eah`<pW47Q;?BlSc<Upj!!WiPOZ`~Sfx(pOua|K^mdtuECx9~<
z1U)&7hYl_aP>1Pd9<)b<Xc5^7FGUW@n2Q}^#IX=l)gcFE#dK3;iH8eSqynT$>+S~l
z8wna$B1ZFU;CGS<vrO%HzzCy!1#zlu;<Y(u7eNPK3v-USB4<#hP{fV7kZn(?ELPrO
zrjCs_v|r1QtT}zsTNCc@Q-IT(keL_SCLAw?2#bB4TznA-&04P-U3|3(o1;{{?YLzO
zbUpVBMRA1&Y6oqQNHY+DBf5gboS54DEFqm#9%F)eB_CBDpL8)4+jyK`dBik9k(16z
zyq3P4C=iPL$YOQOc7aI%q=Q8GKYtke+A}vv^DkX&t{hF^(IUUQe;+<bAf0@S+SN5r
zSI89@eZ{S2)tQa7Z{tchxxc+2-rwCaU6MY?uZ`IKx+2lt)iwX{z6a0fW)(V9a9Nv%
zA>CuaTEkpgwlxgf_jH0w&P|!1jAl6zC@w{Z!3Kg8*jfCHGCXQ3J~~l=NVCpmBHM+0
z1Bjv`>gZJpLb`=cGsMpznKhLc3r$wDA}8V|-QzJ<+s8ad>ScG5y)S@(l)5e-ro<aF
zblxtx_npm_B59B@0a+xB*86WNig%T@?bBZwHXOb)jimyX&7U&8m=b*S#|}@C<X+Na
zOq@9v$%YetTtW)84hS*Q-sr6R6|>!GRm$fY&fgFm;kh{Ym3!h~60lRAVtUZ81o&sV
zd~8-EiX5Ujtv(Zq8wTPyO+9hjk|e9~duN$U=x1c>6E#MwPO?78I<Ynm55Vb1;j4a8
zRUbXwxnrae``%+IkMkfG?_C4?!Y6I&v%|wPK+JqVwqf0E7ws5#4*0uvOQ|LpQ4?4j
zf)3Z&wt~s5D}`ynruNJ!E^89iSyh9-ExkV3p7qF*mR_e<(V4mzr$(qaGN++I2JtkN
zt8{cv|HIEX;oXfrv5>UCj?zb_fEntmu;Z+W%wVdDEa*T~rOQzp?2d!}@_LIupVm31
zB8V4miy1B(d~!svLRJ-`!2K_zS)D%<=9Lp<IhcG(Y2c7Q3Wt<hW^`RZCCS6#KRy@i
zlgceL#i#Z6ncWmHWW?Doxz9>1+1h6C9`k8bQ}gT59~6rJWfy%j_cIXEE~x`<!KKQ$
zVTv=(UkRG)RJh}v@+}m+*Z5`+Wxjtc=FY5@x}#bXwQ(v|t*zO}WH2Wiuv4Fhf$S+(
zZKRm$9Ahk&H1}B+IRI90HT}8RHrVK?`2LC&^ki!<577;a8S41rK@82~;CYXPk_>f>
zNCIBYf4uZ%rox0Hc0JBj_Rk=fRn9s3*4BIg8;s2#yx(-Dph*<m&yo#kaGlcZ{&>o9
zpTN0S6B4Y_Z+7nWzSn1Q&Nl47!P6k1=<96SD?k8*)AYZWd%v}F#T_x3xRVmQ)Zx0Z
zglQZFwKPDk7LzzNXuy1NQ&!b!0@TzN^{X?ZAs6=hfDWu~V@H<dak|js=Njw8{8Y3%
z*v~hYxu^V{mBW8P@e-xfao${#FS~2kR<JS%%&3)w1B|EAKxa*eLQ9nmfjIl#g?pK#
zv`A&m4g6-@sR2aX6LfE(qdLxH0(~ILjPA<uz8S#ulF(61Kekn;MYX5)Fqn40>NP{|
zna*fTx}9m6`;N<~p?wo1szQ)BOmJjNBpm$~c+4J-wf4_%Kr&%=?g~#_S*Psey_A)^
z&cNotb8*5NZ#F~pL$3DYb7HWvFj?<>f1Y();uWFL+(K%mQ%;d)dz<My_6+iwRUr<Y
z2z&#BUX-yLg}ZSKWo+CkvMBEITMy+2_?%xrB(qtN0vJUh>h|68o<$%yKEq8827@T!
zdBkcsK%Jr3|8eE25R(rtcibz(x&rvQONV?NQe77TK7KJc+Ocqu;GePY`fwGdxDeMt
z${=odWrZi&gxH>RtbJ4uZdGR|?mJCq<n&@#baO)MdjLk7jSh*Y-b{wFjDsgO0;h<Z
z6S%7%r4+tA%*NsvwQ<0QPgNP}y0}KP)5^}gb<x<ix?(8_yH+m3M$9ahbg`)kmYFx`
zoQ$j-(M;N<>^&5Eq+!Vu*bv$gF(%CaLX(gh^@&Lru;^%BBJ&~={@YFqx-5SOuk+j1
zO<tvJM9BOd@b0NNdxu!u(Rq<8rA_WZ$ogzLj&W-xf}Ey+5;Mg*;?=Q8b?`{7&hDq7
zhS{3s5t6#-#njxY%A@7bZK7tYBxzBd8w*PJ{EnZvME@EFNQF~`KK72mC<+iM0PjwE
z@xHw`<_U24$VSf&x{uheseJDseM}51Wl4LSBTnWkB6<?=QO5#~Y}}<r&T#BVk3$pX
zZ1W*H&TRRi^#@&mQywjf;J*+T_o`@AuAUVV6P#VZe+XgF&|*>Z|B~ykgrW^KW^}`{
zrc9$i=YCtgG11KT_xLlc)XA2P0G)rIC?i=B8qkAtF-5eA@(m4lh`5^+N+`kHK*Z6R
zx^S6tcJ)2`IIR2vEZL|-cjJbZ&Kte6BTo>m@eiUa4?f^COas~36Jw-hVX(&V;G`OF
zs!ibTjLN*tM|>^P%?Yl{|ISZuXzo*Bh3EKzC01l=1U<~PEX^8`%+|cPv&n@*Olz@n
zvxG6k_SAkC-JFll?_&ewt8;8_a!=9jkJd1<&4ju->uA3t(7WIr^NBz-Ynejj>|}Z8
z>4Qd=m&+K(hB@L7<n%l#wtvD=C*n8uXus$}CL;5G10;JthNBt#E?MNs^SKi}VxV`y
zX2rtikzv^iCTTNlbS{Ff+aJS1M`^d^HEb0*py8qh@0IHl)>SeflfUJ4Q_;cuBlsOU
z_rtw4wa34|fviHCJ952=(9P0}`?g|#a{8%RBIXt8E}ydKtH%q4G#8I>%D+Vcv?U@<
zV;As3rD{h1yz6E)>kMTwr~%utbCr%{;Nv_c5;sb_zPP9sNVcQ%)CMs5g;QiKGY@Wz
zFb|dEF4~I1)n1e<w@<}+CiNtbCa|05=FT&cFB!~mP}$F7IVylx@ZU0fHZ~%$H|H=0
zbTty5OG8`{yX=-@6^2aC<4q+(dkj0Zob$V2BwT<_=|Y~+6fHx-{9z8l#ei&hnwA$+
zi%vu3f4g|DG~n#IE{0u9NQ7^MK6BeAY`Tutm@;i?$tj;u7ya^G?d$nz>QibRcJ&HH
zurdVkW8LSGYk}~`xZ+uFxZ5c6M!WSMb>e%y@R8q_a!}`sWJ-?L&A{#!I%h(>O-Ju$
zrc3j*=vD*;B!#&4^j$nRN!948ujw=US+X$S-^0j#o%*&veOe+L62$r#khlN)<SS8B
zW-}4QU?}U(e_DIShS!^K1H!uTrrf%Lqhw#Rnv;iQz{IJSGvjc%(KWAR)bMQ+h6dwW
z2Zurtd3I<fEBT9(W^Yk7uNX84j;f0GQCDJ%e4=}^y>tX)25n_CEFF>`o`C#4&74OD
zH6#)a$Tm?bCQ{42c@C3~sI|%aa%Rw&?R-2tCCuH(FJPFT8&ncbKl8+DuNstS7}pk$
zC?pM~XlKjX&R-ECgFQrTt->#-bYbL0g>uQQ(DS3;ns-k+adkd5jBBId{_FWDY;d2u
zyMV(F-{6J)k;2zsoJ!4JG8fh!$A}w^!RNV&Z>G{-L%Md1d<Er&tBUyAqz;L3HO&X>
z;kzcPnzgO!K|}2F+4L-XCN|b9;36r<MMUd(v#TN}>9qKvkQp1@UrGT=tKu@MivnAp
zH~I9d0J&FPB<!%h?Igj^#k=5%?1V*UyppdGc~gDH#5=?fw>*ZtSZIFJc57S3eo)lK
zacuk|f9GluaP%*d9pQ(|jB4)N4u?=mc6pa`_#7v7)Wm;jd_5R?@t*QdNV3q|<D%+e
z>0#MnuzLJ_iVTRr0ul_B`@?9zNLd70r_OaaZvn#Ymrm||lkJPu@5>14Z5&HUTb?Z}
z+4i!ZVgF*c16BdQ57v?Z*KO^sqc4w5XPlV)=Zq3To*L0T_7rG8dqsUEH9FuRd2xw}
zeQam7Py28ki^fLqDLK4Bm1hjZS|GHYw2P#!#j<5zA{KCoh%}j6VVeK=F<ZnA$iQ$k
z*hTRJnB8~tY*Vta{k_g>IL(S>_%HxFn<W!nL@*Qx$0vWPpX#q1RysCffJ}ippK`*Z
zpb6y!1uKC5P<%DS@L%JFJPA2#E<On>n7^nCtGw+wdp^T=rbT6zAHMgBq$!H377iih
zkj2fcZvi%W3~w&G{nc4`0%bVF@mU0$5R`;yqnO^i-)F%-cVw;Un(>RmpOJ>VII5|A
zqT+LA8=%*@e^AO~HY~m5Rx*O8xARCoTMk+W^)(mB*_X;zL<`-3Gs?m$o+39uA2PYg
zN@uX6$s~@lz`qNH`j+>{?b${}+VCHQApkr^m>NQ0Zx=Zn8x?mSw2gV6nWh_O`Zt7r
z$}~<f$iStIc)q{4XVC7lxK%)3_dZuq12kKURv5S9_AiTJC$+oCzAO8;kWp(PqvN*v
z9&R9Hg1UBFJN~mrh)A`sJ-WXEb4eWxvQ`KM^?yYNU<UQydfJZZS8gTXDTis!k*T~-
zPd@>g+5Da;xE$`PZJL5+V?b^GuyEM9_{hoo<2znxly(3oqo{}Rd!b1IBmCKNU@jKD
z64?yBet_V=)68bErTdtFBnmG)85AAOw?c-Y_&5~3I8NGP9hEd#PYIv7M8m8Kae14Q
z{nftYxykz=qH!$)4i>t)jxlvSi0-BC851W3;|}N-+OIy}YH@2jh@#QK69in~LN<~N
z5>}Z3Kgx)djk%0P?czx9Mx6$milr6-?7R=0$SZQ+XU(}6oGU;h7}&S043)P2RHzt9
zul(nt5z&#S^^J|xPCmBh6d_7x)|J{SbV>C<CvSD&oeao*vw*rW*dauk!tqM*h|0sb
zlReCP0v?VxJ~>SB*%`HI?2}X4%k+(K!Q_)l5m|Aaw|u-0Tk(f~I@<fmbfgaJY*s=U
z)C~8^+=;-%#tw?$U_0>}0i0Y+#{i?mA#}CC+{cJJ`cpaGF+-+Z+p)DEJmu%sE7V%2
zB^^iXVW9G8l%+fUHSCbt&sC_(l$nX#Rf6+WoT)1u0S0-=+(yvK{oYWejGS@zvz=Vi
znY3#m2onaBI%_J!RqU{TGtT8w!NZKV*9Gentog`qGRv|dGg5sO0j0EQ9(u_6iU<eq
zguP@Pvu`37PD0PCLgP=csAC`q9mnc5;2XG#37`l190>+ruv*|=IM^oO`h@S3V8M&F
zn!nmlmWh<#)<9Vq4!nzwr2TU|OD!M2e6Mu0`2ocbFUq#NbNA>Tt1jXJL={@DQ{y9-
zuLhm+$)8|I3^z(-G=u2X^|e6TGI0*D?MHHU4LoHTV~t@ib(@|TD(+(4#`Tk#faMtu
zzDIlV;mGYe?T{{gI{SFo*K{-|F8MOFog1O2NF<@lsmCzxyLNN1`h-xjA1)FjRmZuq
zp-Km#s54SEuJU%0;;Cu!WaQU|0`e|T;`8?d0=PFZH0@no@QG-c#BY=@r~FdjNmJ=$
zd6^HfmwRRnn>8i$C<fN}!aIAjp&C86b++scm@D>PzEsT~YcgFyv9s@V+0!+QJ{-^a
z5B*RSNJdZY+<8ja^V@Fj0H!UYj1HlhS_C}+>I93Mpsr1c^<xb@kHcUt4+cSVuZ|0K
z#X6?F@rf=ZVZY053uA*9<8rBfW8=Kjw>-!xnLqMIhT*gM2&pe3dVEg(ylA8rN<2jE
z1P(?D+GjTaNdTt)){{$5L2kcv(?gVc?Q^#jsYSEcv$bM_(?t+^`_FjjlTwdAqVTXo
z>0>VsN_Lm-<VsXdm+XYq`eoPY&k^kJ-DjfRT=p%IdMQ)8-Q&aHa&>&LWh%7p8|k#H
zD0&tdU#rpqK3a`jB+nD2qP)165vc?`nY1EC499B~oYryL<Z3AtIf@5=%g=9FZ@R{b
z7bWG+ryht&N`A9o2#HVO5UIsu2ID{x%OOvzVF!#9s`@gc%%`u{p2L8--PyFo*zdD)
zE^u#X7zwknjhYkSQ*M!LL9T9mM7+A4VXm!ZikMoBF3pd5@kS0&*m`(Y%3zFLK`i75
z%0<76F(MDE)58Z|()b)&0I7o$5c;356y*h}d(#Fk;P~E5Sp>_ZyjtrBq2Pn@z-3Ri
z5NlZPzF9jjZR9Z*k0;BI5}|`!>9`KEZ#<bobe@c1F)f)0*^|EmNgi^bxOZNAv}vZJ
z66PL@-__0Yp6sf#K(4%ix>_HodYgiVj{D3GqRT>`o`bzym!*P|y;U(bG&9s$Hj|~A
z#O6Tp1`jB_QN5m9-7l<ATHeLG@dBF!Tk>>~WC&vlX{c|dZ8w8qSzhz5)~Jo8l6Dob
z;R15)DM_jv^;UI&n@JTAp~Rl_u7~v1ldZnb_ABeb)YhbG)m@M=DGVo^`41Dc)$=HS
zYx$Y;vYkT>|6q!`9sypoNxRN|uVd(Tn`D%v?c4&$xhJAKneF9eVQrN^Mo7Kgc(1xO
zd*!vLaBS*3eC%Q|V}&aTJrW#3UMEIIz9pW*Dtm?>2L_kI@SVPCt-xY@a0ye5^T{O2
z+7mP)FT&hxN}yZ6xb0+W`O2NL{l|7;K5TWiNKl;1<xwbKtO~QzKgdFeSg;3oju=6*
zT&#>E=t>C%n~*t5>bq<0m9znEr+?=^YX+!>&c?BBc4xZCgBo4HtyOTJ@cYJnZ;E<e
zx30C|+X>H}z)Kz}m?yKziWT$q;PY%G$8^?iru7{;A1Q(>&#fLZ$D#Y0K;^93!K)2D
zUBIZ7-DTb8{<FzYjpv^^seARWiOX*8HDKA=)3+RAX!dRxe;=!8w}S<zRyhEPzE;d1
zU1%w9nfOcP7dXE`@Oh})+r)7rerM#!XHp7V0;17CykXUXs>7TNz#e08QQy^{IOR?!
z?y8vC{dPK%Qj~RhmnCH527t-@T6ocR2SkHLb6UIjpG~10f^kz+1Z7h5Rc8&=g#UMG
z;(dol#l<4skaxu47M*}WN4x+kl_mNcG}?}>w*)t*M){%Wb=oEnYo*B5=CJ?>uC)Pd
zu_X~?-YcclL|NK-Q*S23k(4E)vs~p@)?~5@J{)QCN=Q5Y%a3moZ99ys`nDj`aW!cr
zwn+7v!Sebt#&@LJ(bGD27Igd`-agP-r7}WeOcW`HxM;JhO{Dg4V10)F-y{T2&%wSV
z#A}NdygxpVYqPp<^)z(TkmRG}2D?k}c;CEWY2!f7{WbO{;{l}gFjBe>7J3xpS>`?c
zW!t9QgtjcO!%=6Iy1V$&uGlbca<?nTkquCno4Wxwl%CT(PwK>V55KUyjuh~RBKAig
zXZ{PFxdj=3;-mUo_k=E>42VRC5D|yin{@OI!;;aed->!Rf;PV-8Im_Jvx(!uDJ|AS
z#*D*3V^nNy6}_G=wO-)F*c=l;5=A4mp{B8q74{k4=0Tzk)2xknlS5-nG#nXx>Xj{^
zP7xbk2YOH`JRy;h2owV682i@DtFq`1arst$c~Y@HAuLry@(H=xLWoBm6up>krT4CM
zD|YhR=G-{~2Oa_*+FxU(>ykf9Stn-;RAjC?jOdD+=t%@NJ(8v_^F;CdA28R2udCkA
znS8}78mORLilGG5V~J5GEXjc|u}5~DGtOde+mv64Bm@vj<^+QGx>%qxQl$OmV{0`1
zcL~`hS{`VC<43+~%NG|vRR<9WSIWLjs8%@lsi7B+(Qhrg3W#_#8@0&FF^_lxB&wJl
z*@o_9W+60Z&tkgC<WDg>G)WQ0{0l;93$ZgsEdhVn5bBH!*dC=%022=Fq*5FZtFo=O
zyt+Nz#JinYQU1v)&_INUFMhQJhg>7BeMgqZp06zHf-6Kt9m$cXXBO~%whI0U`^Rm;
z`CV>w9V4QYQs)4`cBk>bTv>DTkxiFDX8%&0IDz%!_)m6=@PFL^yM3vIuGl5vZ80oS
z+ryhb>!<mXGbnmg3)OTBM*g4F<Gd#N^tG>38vnuwrEn_O`j!_w-3AgnMVX+RzqI|n
z;~p~>sJ923`C*u}K<<h8#Z4oqMY**5=o(=P1%0*9-|ff?jz>u)b9Pfc_-w^szux%G
zVqCvJD+_1ewq+J{tS$eo{5vTXy_3KjVaOd6y));~evec3tO9=FjR4i1oHQ<O4jI9u
z)+yFWH~<w9?i2*K9o}4o*;;L*5&u{sI^Sy_O3WHNqyMn|b!rtUNpyYkV@EMjQ6z6X
z6-^r^0)eV~W}W@Br&RB18$dw5sK@I)<;BSuF<YT(HYcNSMT_F$#+D&<CCaVAUgoC7
zT9@Tuk=@;=0Oi82g+(snhrc{PyICw)dcO+lRxV6Zh<*)N@QuazPzeUluP+>a@@~&?
z7u&42A~`}`>vy-{H(R6hith*bZ9s=8_7vzN=af8aJuB*I^+O~RUE^2`w@LTkjd<fH
z+E@<<oL%;t2L=)I>I2kDv<n2D0Lx<;I+DzW!s6aKT^cgW=jXoPB?Y_n?)#ea-!L%k
zSNYa?SpxYk75Crs_K+LJKg&Z^H4YRY0MpM;fyXgb35??S*mhYY%D=vLxxVO~j`c`)
zY|P!;I6LZNbCyAi&YcX_@Vcq1@r7NN#SN({pF8U7KB49cp2f09I=xfg#%(Aky;{2s
zzyHO~3BUay7rn5sz@d*MW!by(O?b=sM6dGb5Gjr`!N}~wuZZ3A0Z@iRdeP8+`ic+i
zZkAX^!?tQ0JsbU`k6cJZQhG=1cp;QN&M!&#x=^%M5|ad4Y~{#j^vnmj?=<1?H59F!
z&%c{1`G!j#^~E$86`R*)FBN#;bxjVcO!P_|bpW{0jgGzs)LMsHqkb(*%WNL_BUaYP
zOat&EJ?-dYe)VU6XZw7j+PP0-cfV+g0vilxJy3?gagfdDYqnDF)jC<-rHF2ZZt-OM
zJ?LLt>&Ksa2d|ibO2W~6`4)mEyA3T_zhK3E?EbHIAU61oN);1p9!3wN-`d<E?;pba
zW*TwZjbsp9Ykww0qNXDPYfQ`?--8Y8wr`cv(26PY=q(Bvo0lrv$D-e6!FBZ@^ls;z
zcC2X2l}K$zRy({D=3Af)YDO9=A!@kJ6co364l?eT!q6<D)m5RK#I8POHDe|uAr%=E
z$$oww*6Z1N<NGg+T4L^f<dk<y#JF-S4;FkZd@A2+iizr*mNzDfVUFX9sJ!G#!4<VO
zI0l(`%DLGQZ1JW5|8fHoHNEZ4<x8+4navN7hUT`?IdrE;wJ|HOa!Nz@M^zmyv`BOw
z!9F5|NdlOMU8Fsd<~}*u@J-sTrc7wGl$dvq$YnsUc|5l974(V7%dsMhctjz8hhrM!
z05d;R3st1y@gA(<U`!&{MdN}V;<;5&3RFdm!~U2(OM<at^5sS-cmK2O)mlIN+}?9%
zlARAPsxN_0pUFrx?ta=I{rl`dcIhi<*E-U#4wkLO^e3Unz0Ri_!8VUdTju3RI}gy(
z+zRKxDXj)&341XA%l)1;K7axu8q2W6&DbeRF0W~5I7VS}bk+l~CYFN^@6R!-x^trB
z8N9XGK>T?>LrB)v^jUs|_;t|{6lBUyJrT%(ufD74m{MoL^3N8z^z~=GRg?w@vMf%&
zWt0~)`&q;>2${Pf2Uowb-ztB)e&Hq%7ncGUSs?o+G3QiGn&7x^P2Xp)-R$x|mjL<T
z?*j(!1Ma&{_lhy()GHPQbR&K!l5n2jy$8D~oAgGS2&?({>gG<TmUf+}QeE=jfnTVH
z+T4z*RC^D-pWJ6%tA4=vdQ$*VyFdZC3Q`Xpyhd~-V9ozVGpWWpc(ds^?AorVI1CVM
z4QOhTtt070JUuqZE~*s^uBt4OkRZRMyhIaQT#o#iSg3PTjb8t<L3Yqs;d%q8JSqE@
zSC#{-**F^=2&4UF+#ZsS|8!3+p5m7`IaHg*V!b<pOhOaXH(gTEPYY2GD73(ZaG~rr
z9Gwbgn}!QncULDeOk`fT;iL~%Haxji(L-f-Wn=4u??es*pd*X{kI4=H|MVq>?1!HX
zXujY3zx&PUtu(1_Eo_7q;Txp(obzIXUMMbArsznOd72Dd-yPr~s~yU4{%0cBORai{
zL+!Xz;kA>TU29*I&vTm(gUSZ9QH;&we^ocR{l*VDg|k3#L0bM#sJqKQW4;(-rSs!S
zk78KsBhCfbd0p(~Z2#$n8SPyV`-+Ge{{t`p5qsEI0EXvmj;YL7cr0q{^fe(R^&Aq~
zMdF3P5J-#cDcW>?t}>;C&!1G7gn_VUw@+E7HX@X*0mqwXLctNLB-*GR5D0v>mITe-
zY%%z)WDAb7VB=e37=rOx+lvv>)h97udrsH6bf-F2=vx(>EPVrL$Zn|`Lb%%VvveDS
z_g<96u-)Zz=LFE8^N%U;+?on23kfyhYk@C5!#eJ+FZT}33R^~j@HR#5^bHBB#?4Nw
zr1{M_Ba8<@gsb&uv7_ngoXNZZ<a8_rB)>+i{Wh}qwXKS9t6PQ=-s`WqAMiy1qA2yO
z2i#5<0mvLvmXo?T8$O33OMi9H8Z!x?$;_vOpMppAf}x{>Aw=sOD6asX{RG-!6F7Ox
zeyKN(&g-95p=+;|O|bTdrw6=}kz3bR4^ycoFX!%R9)TYLDE3rSgEgY&PA8E7@PFNw
zEYa`}vDy;dMUbRwgJiIjU>PCByk9pDL(|$OL$O6)Px?IcV^LrM8Pb}f(Zut;HIaPf
zU`@)dYOS(x+0|y%?!WdXvOyc9?fCg8-L|`vy-D%bft9_?S~IX3go7;RGP)&>4Qs9y
z22p7y7D|V;N|RWZz`7~qQ<~smo!lUCh)p)6!spB^s@Td$IEnaPQi-|SJ^z#!NLzr2
zU!5|ZD9&ZW>eq{E(_D-Y{`I$kbS6tjd_4E?1oSSu%;Ln|0e31wihE!oZQ}SNOHl`0
zh@EEUHkzL@3O_bNOWi4zHdHVkz06e@azr2-EkDl9{NrA-4Bl)|z+N>=w=r&@alap@
z{ARxduw@^<+V8JX3PoCqiAldQ<P*(K(=heT1-Y44EnGy0F*uj&mYea=H0lk_l<sz)
ze4M@R!a$qO;6WZhjV}J#*?`6tu~HUVE%rdz^H>HA{L6=OsH^n<v^%X4Ee-xzpzKsx
z!u;p=ES){}j&4O0oOVG-53+WNh$o8V${p8fZ4`T|9DLfihh}2okco;t;99Ys0i;0_
zy^v(B^;<-(U7*g2$P#9odJX;mRG3j-blG+&4o%Xy0n{V>OdPQPY_Juv`}oO{I%|_^
z4)9~7UXGdOi>8U`d&?}1Rfll^|9nx03jUme_^m~EQ(2zBNlz4KzpBh49<lm2n!p&^
zRO0=>R@np9*TE{&#by52o`NU(Kl&b5u;0&N@43#REp0)aZkEQRDhyY3qvQNN3Kbk1
zI(cGgCd+?TR#2DuyGr$!n(}H+L1ET=@d$`#!o9-WxnDBNicmegeW+Hu6Hjgysn^gt
z$d50ycxA+oQ4p>Jp7eh!)3`e!@!B?$FNP6se)JVR^2LU>H)F;+8})Ge)WaK;LFn($
zRuoo?rGQv<+K?Ld^QM0VaW*Y&F#o$6ia1cK!Y-Yno0v!ez8OWhKQB0HiC#tUSDF?T
zxd9E*ppkt2eUipLnIEcSgaY%WeSdl*WgM|4E|wkE%3#cCZT9qU%`~}XzvF{HnX#$U
zYqO*{)@+f%AqXT1)Ge(x4W2Er?W;E4f;ypCg;{P8r4+SUb}Vm~Rc=n7W{{rZdE5Tl
zL9pwm1O|wnpPZV?e@xZ9#8XiFkfxc@L#FDx+w3aDs`Y1aW8y4un`-{hP<R#0cX`OF
z7Gg)_JgQs^=lJ7kMRYaZ9pV%-^K4j0Zsb>gTbu%OvHxO{9ngWHsudkaCk9l-AwVGi
z`%qA2|Ni%s*~X6O)pajcKe@2kL_?<@-Wo-t?9&Gc3;eSvnRv#dHYPy#L_Ma2gzo#E
ze{@N>61&Yl|7r_qKmfR^n=&X%e@c?#(?p5uftS<px8gm0Cua~pbi;-$ckK`yje+5L
za#w*ipvd+KymPoS7CP~F0?5@2i20Q0l{g4o*?gg>m~h-QK8&X%V9MPrlPO}{bBw=B
z^N~ckeLhIqcI<@fe2E)n!k4rUGdI)*BH#*?w_Eg#T|6%XpvSwr#FU#)s9~~O3&l*1
zDB72l-b6K+k!UqdE*g5h#2ylE+{R<yJBcPal+czGyNY$==;mZi6~}{lw~`G>ZFO^*
z?{PG>r4J<%Ha~RXmtR!x>sIsf-!M!ENwABZ43V1du^c2#)_X>ZyUe!6>a{+PM%PVr
zM{ye5vH6X_v{HH)D!nd|W$Yrija_3)9u2E>1nOR|!Qn_$$|AV(!51WE9l;?Zjp<@+
z;6do33}zUl?(FZ8UZt*(Qe?)Mt#z(^k&Nq;vrd3#TqP*T(FJFQwBmAS9AjbHQQL4-
z#up2PuOh>nKb|io8qX5nQ#7GBN;_IIH1Sk=?Ws-FPq`Qz2z_<vO{0bSK5s-=-~Vd=
z+ru_a&<=J9-taU24A)Vd&8X?wHr3fhAQz3g31Gg_NM^3e2=H;y6KE-H1c~`j`RW}Z
zq6s@x_3d`2^uBs0M&8q;K1rSLN@^hCIwF>A<erkBo$sjs+v@-3UvMbOyM1k)+Ma)z
zR}*oNtR=u$@UzV1*4g8KN@LUSMNNPO(W2r}p;_IP<74)8L={sP<hWj=(bwUG4~}*k
zJYqun6u_-mQT$I_`2w!c%(p0uVY?_~W23C^(KlMk*<P3+Qw?-Dr+uQGh2E!7EiQE7
z_Ib*H@jHI;cN8fyt?&}DgLTqWS5J=c*<^Umn^#=Ie~Ml>Rj%4wTY#TPrvNVR4(yAX
z^to#5_95TW#4DAF9h!l@pHyAk+He?9UvSkJy6E|K_l|ogb4x!sjaW?BEr{RL(SRND
zB{-Z%F9c|Z4tDxDA7T3LUvUnaJ))c@1wRDplr+6L-JS-s<K7X4DT7S#$WCo!rbcFV
zG)_n+rfj+)qjZ@6M1&>`iqm}EPFfE|@<hx*)6fJlJ_=L6VlQ?~G8nArcEHaw=1Skp
z@DknSXVGT%ceJds{J-WUJ_I?##rRB+apE~8Y)F=sBMqnS5|{9VT@U~Jbkig8C>U8r
zjT|Yvl0SzK)hCh(Y}c_Mv&isj>0%p#!vRwEYY{M4T#7<*q%%1Ad|mDl;X`v@b6FJ}
zG6A4Ota~LY+`JRv;!(9AnTVH>HxmYX_5y3elm8=Xn^)8#4-P&_`!cV#`=dUbYi`=n
zjElyK4({-mh2oiZQjFeP4o=TLSK63luX<PCu-E$p|E%!A$NK`~m6hOpMYwG?8Js{H
zqak2hD;fn&&&=oxAxb@sUe6Ux2>syhFA>|?cnbm>3#h$dn6yg=^6X8EgWsn7h<T6K
zz2tteWL^S^e!{_W-W2+a9q4h11Mg5T1wT0Vhug{_p32WgeA57*$84_uDg&UwXUiL)
z_D=*6IEHp@2kfJnI9Ton+RR6Gw|;l2TDqyy9Vj-*lLd^3cfOP_K$0HQp9Z9YZP_2l
zffflQo}w|zH!v0ioQNidQJrNJ$p-l87*$Atd6%JTqz2bM`Nv*g=op61Qdp@xOp93P
zj&E$&*e)PNn^<JKN||o)&z<cM66|?jP?G|>8sjP%6>SllOoRzT>o1v}Z`gbFfjzPK
zWDouO9+{FJs}eKQ_J{Iu;Ewh~a5*AAAyi_8%}RfHmuad)r9JQu<mNwz9^tAMEji-T
zX()@FitojPvQl&-gity%&hmTKljbTyse6Uib>0sK(0ySdA?qH$@(ok)GA?toA*WYU
zPb*__W5DkVjtVe{`AmrgpWk_xcY}+fW=A7G2wK~X4#1T|E$xiDddcLz)07m9;Y(`t
zE{PxxC&ES(TYLwTk6yDf!GW-JfO0?tazreUigVe=XM5FVU_q3BzW=5R@3J2_^<|n-
zJE2mL?k2znHpbiUe3w4{xOHaGI}Rf-q?|OzJ6pev3(0I=&ymWlxC1necAw*q9$nnp
z8XiO$Q_(w$8m*JvcQ#Q*(02S?s{FAhmpWi9Ks^bqsvL&7o%ZlHZ*PJv{I{&}6`zQc
z5dIPo&@}@vgQT7<?mo9dYuEEY(A8>L-fSBI0!rmbAAm6TiN-sYA`{Tcys}V%ZMT&5
zdZQLOa$?%fBc(N6G3qM9e%?Ci|C>W^ejeX0fh6VKR`8$O`gTm{ijCcv2K#O>W;Njd
z^~f2Mo)OX^QNX=k5Ds2U|GNg>TNcEqomD;%2JAzzl10c4XtTM1K%25jqvzQItVjGa
z0PT^Cnu;oG4}J7e%6Q)24DvZsAJ=u}ZI&>~dn95a;|ODSynaW7SaF*bgIDVatReb+
zY#n&wrSypoI=xO;pKe;7lH-1&wm@mt%nR96&e>4$EdU(4P`&s_t*kG8(ya$>-52Yr
zQDQCNvjORkusdsLJY`#6i@(^B$pxdMmO|Q;A@4`YI}z$G&maeMQQ>k)o0#qM3zjgt
z)NnS7)%DdeTCiZYP4{fwF_#qZkP(@7sT53|o~o-+R=%=iIi~6Xb#A&Fq#fOH2NR$b
zl?;gMC`<AtklW*|7<zRbHRSTx6GIfJ^Hdlh>NbL)CR$LZJ%ZG9Aq3K!S(N?qMvFLY
zBy7&XKnU!i-pF@&u@zLEQG)5LHVI|vp&Ckn<<OGs!9(^<C|+oYYJsL9ipKok01)~d
z{FSoYU(!6L6uK0TeO&#doy4?s!fk&hhkXgS716<MIP`{E9Vk$ZQ|A9)#R+(<y+06l
zK^|6T{0454Obj3o&<@u6-L$Wpm(|Dar>%b_?^r}`iIA)uJitHim!j&9@NgrO1O!-{
zlRTM6+#SVFUcWop0SzrDx#0SmB+9YE*Uq4$r1e{XO`2BacbZ)tmWc>*aF4g;uCB*N
zeTMeTvSGm{{;yE3)F}^J*!m)U%H-JjIqf~1WrezQq{d41j5lFKg@^p;s^@iy+^)Y*
zR_Ba8Z$^`}3d^$fAw1&`TD3bouXbdvw&*K*0)9XWhagp$%Q38^!rQS)&SFX?mabOC
z`=v<B8<ZdW3vj9gw}2S=5ltXgxm)pPeYF&~cM((1^St~>A|5QpP}LeU=)l~jKJ8E6
z?)thC_~`V86W*&>w9cE-20m(ui(|rH^MDL(owV*5dKnB2G7>r%MI`I_%&+a*t!w;C
z$s@(vj=FffB^=g$88=+@2R%953!U6>+(-aS;-Lqq5YY+4BjFfv<cc@0L{TXmiB>k|
zuD@r?WpQLR<M92B?QE^wuhZxoBiWXK)*38)PC^)ozs+s3a7l^;@HkLQsGY+V7|gWE
zww!4s8H3v12{dJ}cCtSz(MBI}MZ_2&tu4s_qG_K0IMQ!w#Qfy}8V@{Tp#FTtAX>Ki
zT2kUqgi`I?OxnF^1N7|+V6S7eBG#L`$S9{>_QsVt{{sB&IAX^*Ne7A~wr~Y28o?Ul
zbXJrSh79S4ZPJ7;q+eRKJHp%}ZQj;fwuPv<p0CMD6es5+IUbANfr6)&*myYG`ur-i
zsHK^NuUt+N`+QlJAbmPKHB%G*V-(|k49LqUM*SZUZrHb$+*1|RgC%wItxiX+RF!_N
zngaYktrZ}%?1}R!O|yltsoNSQw0me{FBNW5-j7C#XgARwG9ZP!U&sJj`Lrzh(ran^
zSI2o0B&1-DcJvJQ;77N@L7f-bv~kdq%CH^V->6L%esXP>n)A7sHc#A@VWj}gT`*KA
zxVo~(XyL%WVm&iC$zqCviLw!}{SiFt-{M1dcW(Oy?NfrfH7P(7_(w)!9RY3N`8*+`
zdAl<bCcw{prkk7MyXHy3PF7xvPLkX)v<4b{@DW*-#<V<gAt}Hih#5U#V>ZLz1#$#_
zbRz1iJ4ofK@xRT1b1RnT=4iC(qU`I>sZTk)+*Eomsz6`wFZG)jYF#Jguti4(u9N~Y
z@PeK8_XJ&GD6w!$c1{r?X$L;TV>`};3KVX_Y5KanDGGvi^=Pieru$R1@BMAjJuM&x
z0&4|899jdYCdGY0N;aftGXZ>~F~;GfXWrloqnDRaqw%GsLlbq74*-w=8WQ2Pqio;U
z^D}DZU=Dy3Sp=615kc%3u>x;i_?9x4A@29kB0hFKcPntpInora(hioO0yIbnpo(|)
zFEy7%NMonlxDmemX6`O_Zlu(g^v-m5bF=$vKGP5H-8gt0L|?R1aY1!8f9gxT#Bu-s
z{jUItMt5pB{H}O}`|FSHKG($b$Yp68U5SA+EQLH7UX`?GGkD%XLx8k<{x|g_H7jGM
zS=Oe=72`PFK=By@iMeZ)^u_gAMQqq_pKj$ybUP|#Cp>f<Gr3>yI)jLfVFrGn91v5#
zE2c{0@1R&;2f~NE%d@ZwT=TzqIS!A>0}LA@c_K#=#=jQ?dh&*N+<ppI>ybPj&fnT@
z1uYi=BTCc-O7xh?h7AC@4bb>__O4sAiWA})>UFK+5sbibPLpsLad}F|SWdt+1@Iwi
zghFwb8vB&UQiK;{*Id+YTS?ldOiGb(k9AVe-NKy@e40Zkt{0n5m~V&Y&+&9HJgGLb
zC$8DX`?<J76;BqJFvj|<*@miBy2}&j`Yf{c`jE1`5>Nm9-u^ay{9(2VV1VW!3O_;a
z-k%`5gLNG%X0}yZ7XTH#vz6!t!unL|uT~KYKl@m$U#^$CoeO0YL<Nzlx^sKo3ltPh
zeCigidTWVmx8cs{Fs4AoQTXsd)rf8LW4iTY=1GKCnY(zy*vQ;>8n>O+sZhYtv6W91
zSQYc3LWKzxz=XuzWE9yG@&?J;ZA07sIi7Ao@-2!ezK&g(*dl05$0MWi{;^vQ-pkf|
zGmMT*R;TMTH)~Re-v-?<8$l@qwrEEc8|-C2SYEdsoTO$y-QZ!Vz56IK1jV+2B+nR3
z_pc5BRKb@-M+p)%g6lyViH&?*>%)Q9yph6&u6Z;E0$Lji$f|_ok~kyN+a6+C?K~s$
z+>1s}nd2n)*QOECcxM9e?UNC$;)})aZzN9pdwg*XAorm*(Bi1u-`P2|0HJcMGwx7k
zYZcf>XIS1Y1b3EN?!yrhP!0a4EtA@i5u`E63Q|u!XO#L~Geo8b$$H92*c=EfSoON5
zqcKKJJ5H~8b@GpJY7zm;5w!YQNa1E!xR}Eq^Se&dM1$<~aBOO5cBBLazWQ@w?jT&~
zS)Fg+zks@~7<o)4p|<lU)OG{~5vppb<;P0^N{~5)I}+B|NwYRDvEy-_Y%34#dKHjI
zzsxvngDQXS4Ug9I$SSMJcYQC#%8BDS34@NsxI3ET9+YJDMzGHXd7~p0O@i7$hyB%c
z`3@c+l*S90NvK*OE5%WhvrZzNI&5iFpx}N<Jm%m2_jYJ_zc^ozwCdah{AAq9`8guV
zL^&vq?|=RzBCW6gxNgl8wnoxS`$FEkt<_=M(knY)m6ZzUzcE|8A_XYNa>W#m#eWQN
z1TcK1t$jv-gkUNv)Hgi-Bcw{jwL3s6(ohYgg@t9a4@<`NoY5*J9khs>1bzO;<;UsU
zV>1KQ<)oaL$@Ma3CQ6unt`6R!Ga<o({ucBL`9xQ$V38e*--Jw%eqy&!Q)xn>g83s+
zNwJow^l4?y&qNe(fOHPTF|jPGI*M(bD_Lwu-rGEp&67Xw&b+^l-+m<l_A{z&&2kAH
zw;6gD`97;e2au}_8tBF;W{e~D$ju8z%9W)mLTTU6#7sT8PBdO_zG@y~rzkf%LFB|5
znt%E>T$oFKg`a2v*eIW_aGz)9hJ#~PgHXhBzkTO%{QjEzRUz7qKu?E#7nNFCSGcy6
zq_lTd!~*RXLUb9o-AW$Fx}=-xP4@&_Q18dRMMB7(m?Lcs+HfRZ!Y_1uc8e6c!1WrP
z{JNP~ChsQBpxA2FBtfcVi6b1=EW}|LiO2T6575*@f_tdFXIRsu*7>RebUM9p^ReYW
zpb$~U1q(lGDF^#0X@wOAMbpwfaE$!a_c6;VSR-&AsXHOrBBw@hhVs{3>yp2RErBXJ
zKfrbG{Dv`b88h+qc|`sRGoKL4AkSEXIK+~AQNJqz1O;E3k@8-*To~{FRXMTLm*qPn
zp$YNi8V%#}DcPBX7E1`7zcDWcQKa+EuWG7S(uk|cxj`aWmf&)!K|9!z)l}$0L$c~M
zu!Y~(P$2ZMjK3}6-G!%3y`7gm4j!0Z?Tvn2IsjQL*8CYvQSPzOVtQs7#EO`Dg|MLk
z4)AQ*lCOiW%czHCPbSqD?bxPf5tx|m2|_Yc%l%`(o8Cw?P`~!ZI`c&$&9!ju)An4P
zu<)W%5j;oLVTd}!IkDIUqn^lfz5*4N;T#cf4|q!_=xK4h7%(!s4pG|Ef!5x?q8mjw
zDlbTdVQe7%>EBYQiT+xK>gIUS%p19}U#Xk!?bS7J9@Sm>?6Y=t$@aC<5eMs?!+07&
zrbmJH0p;nbE#1-56YYC24s`dZZD`uIMGzENoxl2R8lIvZl}kJ2b^fa&Bdto4Y{9uU
zSrHHCMVgHO{lLIALPbnFNSpRpBE^dqELQ^xVcrIq`Hok{!|Hws0H6G*_=Qi<OJ_vA
zol1LH6h&5)3U=C!j*V|_jd~1>5iZMY9yRM{q~L9spM9ed`4C`ACan!65&Oly^!er2
zN<kz8k@YR9ps{t4E_G@~5I1k%3}3atwME#>6e{V&GlE{{P=Syb%etb3a9U%CtcR(R
zj-etgUT~XS3Pxlj2+9Rie)nF{y4L855dDwGrSXC-s4UB`8~e)yp$^g-2(erT#dy;9
z@_zO>>!&wrjvk!D-nSdH+thB`;fK^8iVPT;$V7qr9@+MXrW+q6Q1C)0=ZTpUhU;lJ
zAS)&lXpCG4?HGpXZi+=<8*2bo?xNjYFceFxj%u9m-%WNBznm*CPE5zg{V|;AeceP=
zV3mF5?C4G$aFwmM^Mx5jUSPX7OQiAH{u;u&W>lIS$r-T;)roKVWZ>&nJGqu@^Em{M
zwqpLVx{tk$-t(=xnn=<g2lE~Ac3n(e&J@cH*?^7oSmT()0pNr6pRjQ@Fp5;jYN^9W
z!b|g-G82r*&S&ehDapl(LIwp%?K!c8Wd)TnsEOMk0d+EySD^VBYY(a1vRX-R3V{I+
z&vR`DAB&=^u|aCEJ}v_WXK^&>1p)tcm^5yESm=#-e%!p@Qh%ma*`B%eyOv(?lViSw
zxZztc+K?ZuD0)5^(FxOHl58II6-;7&9p^06>W*Vl0-2UGS=7U`0a|6O6{guxBy{P>
z{ez4OK=4*K2oM;HEEV+%5wy<ou2qGbA(9m_9s}F8#$yQjYn-$*G;O}wykWps$8vtk
ziQ7RkUH4m7%Nk7$vLJO7j8sNcio=QcK~=Dhcgg!_w77;0R#8{&6^PNO$g9g@Who+<
zyWT$(ogwkFkn4rPPXfQT<!4i`Q4dD|#!#{9c?aX9ZEFuGGPBVT(iY<Lr|S{J1WUv#
z*a#f$m^YWI7MotwC@>m5?%*9DfV19>TAf~`ZCOHo7<Pm(BN**(w2joP@R8G}O!_Jq
zv0~aFa~oaFxF~02yPz{`7s)gm^~^-B^Vq5%$r)e9xOOZlr&l@e@`s5WyB0&BJAa4n
zyNb0Dq;OW7PP~O4i~`1liZOnPh{2p8OV?AaK5-^?nOTUyv16TPos|kYVeB5*Ml-xe
zr0|D_YB3@mA*CA;31hZp*V7yeuJZp&zfFkQa}k9Rdb)FDKuJkr&sl*0AsmO{I^e^>
z#sa>fb56^ZQDVT|v@mE@+;TgSP7@r7kc%_i1+%(S{WBzfR%e0K&@9#fKj1-j-?`47
z(*Xn+4n|8m8LLYCT<w|J3pe6q7+cLduBWNvWB|xOH^2M|bZ*yaoSBeXo=v}m1$zdp
z*tE@&?hz%JLji2Tt2QU+91ov%_V_wLuU&lD@*er_wv`!H5*N2<9Zv@%JojLRZdv>H
z@x_DS+O=w(1r9yWNecyiMd8@Zgsc=X)3ONRi;E}eZoTHyUZJO+<P{G5y_wcVfYn$}
z<q(hezI%#=<qg#CaYna&h#8VtqKv6B`5CfVu^nA8$j*6%3Gl&IwpH&ysojJu5Fc<I
zCok#AqWFffR1L1VMrloN#8qMDD2HW;BJ|Gdv!1;RsE;`^RLM0&Lw^N2bnL#LG;`7p
z0nzGrDtFz3cSs?xBo{(h@#Drztg5Q@e{fgz3Jq+`Sl(lutMLEZetj*wVL$x0Lvc(m
zU%ooP_}a*NIt@#vJ8V684hw2NcQC3Q%dLt_B+TU6NX&IPRCz)5%L@oKW@c_Z4R1R&
z8?p~m$Y0od%}e#X$jw8OC4YD_H%!mU*ShQj!DW-eqB<box9kDoJ9M6uTIKPjsNCOZ
z7HuVh%^8CQS%Ko$!R7O?XA~&JWEnbi#^<ETlrA%;d2?4PatIHvh~Do{%)2!-i7d-m
zj?^)w03=4{18(quu3K1udhh0W3BE&VU4}kG4!IH@!pAb+b{UJQ*g1`n9xifU4ePAr
zk$gJS5bUYs^ELgmgR}$_L))YU)C@1v7(|yUhXldNcJd6JI%9xvHBv1Tn_9<G2Jt@-
zv()L3H{np-EkBF4bvkt)wg8ru3e^j4V{8y0KB~h>)0+=b!Ll_z1&b+S!_Cq?X^b7*
zDGz0q0_fve3`frNE)hq%NQ%VWh8`6`*^GN0pwkDTyuH9`$L)5&^$#)EYSh{fdECs#
z5sM;RukRi_in5}rrPDq<Cl2f?W=vKcnNSVq=uoS6VFNWY6QjlplM)=V=ib?kc?5lW
z(*tb54T^-*`ZCU`SXd&nSo;p_(559qP2$+8n%u=6ryyXe0Y?MWso5MjRYgG;$F8NV
z$jZaG<6d28di;xYnj(~J%Ezo5-K^mo|FRjn`=N*JxHKCrL3J^NVvw%FLDa@d_6+IX
zU7eWd`ZaQ8f%QC{TR={SdwQYmTR^6WhI|3Si*Dw}X-p$B+hWqnnB226kR+OL(bX#q
zK(5%POiQX6H5-f_mpvv-nrQ+b#_1<cY(MsLY}vCW0y`4xtX`Te?zr2%SJU{RAkpj0
zn;gf4@0^NJIZNz0AbFRt?xdX+rX__xd>t{Wlq!D#?=uNQ(9ctpK9i?6eY=+Jgi}<s
z2ag9~hjtYZ?q|<xvycQH1A3Ev<?q}EZhv}?3--W2VedD&#l!~8;H2k}A7)eoR%}Mg
zs0l_RrQLKkK>`Ep2n<uZR;^HpA_e;6sNP=tr|$x2ELbk3NUj@;WjyU}h<2%+eRRVJ
z&^*13ovBUEf`eqz8m#scO9Z)kbmwq|*>p|M3$s%6qQ|pJA>S3n6L(BIEweE7EW#{9
zvZgSnm)=|RXE+(oY_$HU`qJsJ`RW4lrZ1dt??~y?L#eUw`O~IFNUe}N#dPOBp+bfG
zIXM6{7x4#m*V7xAhjZk<Jb)9@?Cph<MAKc;&6{8Oqg@73DNwct@^ooyA0?(e`?VP5
zWyDmiGOBQRz@g~&j_X#Z2ab-2ssvcvNh>kLIfuN>sNwHZgVoL60{p9FZlbhiGnNMg
zbxco)CB379lwW#L4$+5wpxLmtG-o&%n1urnBuvc)Z>bb0Ps15dzi6UVMvy{Q2oNwu
z<FI7A99$6Gq*JMqY1)XknSiY_@8BdF-i@}IAwEqyT0=B^@u~1xL=;ul&C3ap9Gxep
zLwUOY?}gXUP|a&@-f@W&+tQl(Tbo%|>{4#eT3V?M8r3)7<j}vi{iExCz4wVSRmoex
z-jvj{K%qp@(4^hV@tV{*5N#UszV$-fKa6*LE_83qy*fBiwJl_==}viZ)&AlA?(8b9
zOIa(cZzyDutdkN#`5x12T!qPu;+pI#uFl*9t(gN21IaO-JbT4gXLxSDNxMDYik(m4
zO2bY2{2&Ksw{L%F{24YH2V3>AcGLK#L?xl0_;zrydbaXC=V-T&9|&9S{{*G6Nxkmu
z5Eg|KM?#6Cp-0W6`8&x8AZ1Q~j7x7n0wCOUQ&p^)^Fu)bLAXC?PQSZgP|ao)Y10B3
z{qSivcj}-sh9Us||Hf=T|In!a;HdxLsQE;H`0tx1+O4D@0000000002Djsv{-SOZ7
z{2;UpE~=^Xf8#eMT<KfCyUr9rUuOF*61h5|NM1g#>^%dU{n)qYof#R=9t7U7@>iK>
zP@2Tg*HQd?@vCT9bzNm0u&0&FBCeK<FC0DF%)33?H$h=r!BZGch;`Qe)O3@g&OoMU
zRur;$^UIs)l?K085I4b=_NzWp%QNK7I%8Sz#)a`TP3>_3DAE+5At}D(t<^K<2L^lN
zi&Ji^I@kOF87~b9DZGVah1e!?v-!I=04`C#I`YUB`^-#4fy@OzRT#e&`lbs-bE>Yj
zTmtUQz!*Aty$fRgZ+<I`&obkUVH{+O9uDAg1QO?Dd-u=V_kn?FFO1srD%%N)U`D^6
zLY(2dc3xiWIgrdKV>|mx@f(qRbS%BYW-=w&a#vTj$hi+@zcZs(|FGUOHE$d8Ov;9F
z(Z3uNC$MuOW{8S~$3Vufnn?dxFpEp(B@N7GNfSG)hg2O8bV5+>K(o|8sCctnPSU?S
zNa5;M>{0*#001KiQi3llEJBV%Y%~A~+$weBwBD^vZq1UMJT{Nl?$tG`HLJFu=OgM8
z@r-?ihgIDi1EenKwIGE|x%3DP3H#8^{0Uzxc^jFVQl17+VB;tgkNht*k)lI)3z34w
zeDTBK=Aly%Bri^)*0v&9nE7pozp&38UHo_NydIOAc6po-<Vw!p^Np$PF-y<mw!rb8
zgWfY~PkRa>VWizu&Z6J_h9(o(Q#QEwRt&%IeCMpJGEAzA?K0UM)8zzs>Qw|lGj~y<
zP5#&grX<BoRyne(ek2wFI5WO%pX%MPpf3LeFphq!aK?!uy*wJ^cuR5ET%`7Ji}Xp#
zWMSSg+=u`G00000j~>A9rtwkgl4E37UrPK|)`+}y!j(>d4+FhMkwE(0Tr65@W;0ov
zv*7t|r)WK_)85j@%Vc*N^UAXoAvzTKrC}>Mxp-|}dEZ0Fl0nd1MZ7atU<~kdM*l$w
zQIEH9{&@&?zI2@$)eb64Efiw$5lF3!Oz<l%;{fd9S9m(nLWAarBFX^_a<k={1<}@<
zi%ez@K_P(jjTC35Fh86^{zJ*5@zY4OT^4)qH#hwuUuHe%Z^qdP`=8c;02#+ybibo+
zf=vF5t7Y8d(zTcvV8>y#fB*$83GcAXLjIse;Y-Eo6JfFAtOQbfr}6bbfB+QN4D@LE
zFn@}Rr5B%(c#>3ye~&RryVZ(PB$pbRN_@(`^ObchrX8?9zJnCyVQZ~qRK(XjIhhPO
zArE2=6!5Hcu}2aH5V+0&001t)^-c_ML7GH{mgLYl*?_pjUqYzTSsE%sqp?llK*`r2
z000002Y>Q!7h!SzJm=)&&f45pTD>PZLGv})7AIOsz=X;Ock#P6&MTd(aI}@$aVDj$
z=b0ZexNo#F)^`iY?`of^-e_zQ`1PkUBqqa95<ukM-Y@U)a@{&(TRkmis{i{*kvdJ9
zrLJ(6D6uzD)0Bf5Q^IoA^a+4J(kN9=Nc9+1eEV9R-L&O9zdQ8r(uF?~vTeMfh~LpX
z=Q4~oxDM}ObTqhJgHgwP2j4YB3o_qTYJhvQvn&d|0l0zmmaa+v?*2v~n%?p8&v;r5
z+GGmbH-^o)sKbxDKdQmp`rOhl=WH>y!_=SB5RGUwMpEeq=d#AgVcxfhlv9BK00000
z7B!+VQszT{qPl#V(QRt4qASfRmgs5`U(xfI;cZ<zI+m0LraeP};*Iy6lk{hPpj9fg
z33giI?M5O&|IItb5N5U^_A8jPI)T+vV)CqV{q4N%{7{`;2uVx2+x_f*0~v!0bFYEq
zxSQd|BO(v&-^)42Aq`7ernB&w=xf^f^j?lpoGC2HV%7H0wL!~vTQA4}03KC%M_Qxv
zVX94jxzg#xteTC>OCOq=$YVi!KR3v?3?Tpjj0}NgjsAQBgg3h#qIO%)000000xGg^
z3gj2CYhNgZqmV5svX7oD=O*M+IW-F2L@h88VG-Lx6Nt!?G#qHV61(O|2H*ey0Ppmn
zKYJ+@^YR443-3MtZa0P15#sva?@<dU-u!X^06YgPVqn^3nNrGmE0B$7je(LKIVcBy
z84O*V003u8NnF9nRN)kCIOvw{1BYdozyMkh5MQ)L1N<{@$VpE}cPMbL^(*ogp|E(C
zg8-M$=+?8!QOl*^2?hFn^rz>1b%wA7aW;oeBj63nNN3U;q1>w)ei7K)7GoLY*SmmT
z&;ELJqyuouW$})?0XUqouh3XLC&bbS)4zi_s^LlWIPjHp634<X3BqyV^X0E@t94t9
zAgOR~V$Cx4uodm22>~a->wEe{NIycNi~|RlF6*s9U^YM+nl$HETaIF{irQ}c86Z&G
zbA5P7q;3lae`$<(-^YS`=<ecM54zZ9!0r+hH@bKBT*icak!TrJpjslR)%-xxU9%D)
zLv6|UIVB@^;D3fP&0%n*A{g!_(?i6sYYVzfl#MRAUcCeW4JOdi^9y^%Amd2DTCesW
za*B9&p5woGN-FOnhxc%*PFSYMh?rstq7N5z@t_$HU!gDg8Y@1%nE{Qy#JyF!=AbCh
zUrz9)`L`DPE+aVJIMlXNGex(sUQMp#p|*;Fbfa$B07?b?to9DH+Syhuqb^qxmuk!K
zb!Yz9VEU?`pKG`VmPnthbzyF^;5^GFTgre<3A;0KH_5EdF~Wv^9SV0wCOq5`)DtO!
zCvTmpwfrD6sHnU}&0N|>LQkFdqVtZ8AkLVYU&O!SskLRW0B1t4uodIR#e0zE3F=f>
zahlH!>0k5!01~8AwB|N1o#wx5qAGwAs(q>xRJgg6ZI!yJM!s6-(CXFiSY80*&9EV^
zAM&DUm=X%`bo!?DyHk2v?@*W!MICi>I8$I90pY4<x`IriC%0b1iSAYeI<@<(@Mzif
zhFrisj69n;se=&k_3v0u+3o;_$f>W;)gtr&00000000fFvPy(?MX-*SOCkzj)66&s
z#wf}0%s0v(Wf$QXBIu27*c<o*d^>R}1VFWz8!6*4Hl_do000002XlIZEI{|EU>;qI
zPEEUGAWwUbXaE2JB=1>$uPyE-AIS824G9z}_n1v&E7Jt;`fh=arNw=$B#i2a3wJVB
z%4-rRCZbw|yvsQNo?v!Z%WbeKUt$f)xO8*#hNX`{g-s|F8cm)98H(I(@vqe3clc$9
z%k@;Z56YXpF#V5#DzEJ!rzXA}dF`JsxmAKV56!i&RI%IE-EN%7=;)H5pg06)v%B2S
zMSDmv$`h_RC>3Lhlz5K?TBoSD`g64yQYd(HMEY|4tsuuczZ`bpp^YoGN{0^VMCwaH
zI;erR!EXFUeQf_AWn`!t8tBGEmglEg8^WezS-*;^f+C2%?)&oDYjnb#LkRP7P&O6M
z%aI_)jQei&$6|#9Mk+v10is99Z`HeF>mhaYzbx%L+F(SX<+kTF$5fNl6IXP6OXBma
z>L+siXk6_5jC?+ep9d1My}XH@Hx~1el<_v}j-f@6?5{^4!l3x*+jJd(0Y1u;6ayJ(
zyzCDjs>AXT+`XrO`TM_0AV>ANU^u(?<nn^pNjn~)twI;=$#k0t0^4%O%;{u$WeP53
zkM+JQqK)Y$IWCaNglfdyh)$i4%vk?QBRSPzzBEsR@W=ate_}HoM6oZdGhW$O)*Jm%
zP+$S0j{Pk5hCfno8?4EAFhEtuTJeO7mSK5gsMg*M`_TC9zuol;OO%MzjU7^0f3q^I
z(Zpscnpjt<T6v{qJNA!ubxts+e1hqZjw%ye-m+w3=B@`7Y;jwmh$$9~g@trGUvyIi
z<C*}p<G=s_0000000Bx7r_0AOmX{3k&6C6!y4v|k!!PE-X-X!=BsYJvWQv?SBB*V$
zFv=jH00000004KrNMk@l0DkSfO1!9aCFmYW2mk;BxAbGGqlRf7ca3(<he@9Vq&$`w
z#V8|f(!0UdYQ1JUm^~TCS98+mRiyVVWkMR9@3CB!I=+4Z*Yl*sAv?+hz;vzE9MN;)
z<q*O&YzDCXh3_^yq4CfH-k0OqW2hT{fcCdg?Rj}B%)Bb|og=}}zg>V!Sb%7QFMbn&
zJ_mUi9eoH|OCSr7;X`L-4k){N>}f-Sn*9Mk{NuE1h;;yXgZGKhJuN*{YNj>n<|);F
zIp%gip^>`PRK0_BQ}wHee?s77-L?JjZ;!Qz4kr2hY**sKFJH}(Uka6){}+jE>t8L~
zoO&`gmF?5ItdE%OuU}ZR?lH&vI(<VzuF?R4IF@|z|Jygm4m=zv(dq@CIQD9g4(+W9
zlOTF3r5IS13IFlbb9#L&S^XOc^)JvvM`(t&I6imv-#L)Xi3<s=Q+~a`vmaJc;F+{&
zecWglm=0Lg_TbGvwd$xHd)i7Fs2$baCTX5=;=i{5E}NzcyF<oyidJJQ>PB?R%1(H4
z0su5a%d9s{)t*%heoIx0?Pm_S2oLmj-er}~Tsk|Ny!d%AJsQPfAXw-%()LU5=da-E
z)&yy?K8%!^@P5?AWA6^J3#As28N2O3p7XGb9yWng059O#b3~9LvQdf8uM;O0_moUL
zwpHG_u)KDH!5g!2It0IK#gROe)h+Ujou~@#7_p78=-r}6003!|r~m)}000!qvH+hz
zAFtKHX$WL4-*Vt9$fy#~&ymf*joI>788HVqJV`b!;#90`<vGKA<-Py_0002(Dqvr+
z*oW$(CL?8<q~_jh`P+dcu?58d05wptl-5Uk7@SEGhz@@q5hf#N%Eg7Hsg-9l&~Crr
znGU-9lAFzKWwF=#y^tQL>UPxdA|~*J+OSHK2vSn<29@0Z&K8*ikt#|oJ-Xeb@C8pU
zpOT@E3_ZhvqC*xm0CD-YiltyWz!)Q^`uJqpDvK}(veC3)=#G=;<BVi2%*>S=mY^hA
zGthsCIs*J}41D?M1WC8qwgU7dT8L8Y-Ym4@S6#3)*6s-l5mT0wb*8Ql^0hOT#zIby
z4sP7g*_u`Mp^`@vtd3P|HLu7u;Zp1&UWj7)x*hc|9ni5m&0Q5V1EE_M3pq!Vt!`cQ
zV1s5b#I|;QFH1}!=&PcY`$ixQTj|$+U_WCSZRH2HKzdn>$@BG_NEMT{u94Lvggf8g
zono>^{eZ!`vG3W9#@fp~>Ze~#b!X#g?{>m2Y}&bIhKT!-2-_W+?v``gW-Y^+Frcu!
z#?-P#o34VWJgU~{TV_4&Aj-`SCNbzbRV9*-D&Q0{XiU0|Als@$y?W|4t-Y77%`+Wp
z%l$a$suFZ^jw=^{nP>|6No@%ndeyT}@xw8|&R}Ih-`2)$-%K-%qq=);I-rN$@myMU
zus30w2``;8hbF(6w={$*`H1SuCSRgUM`{f+yn2T!UT=N4TTp*iaDK26=HB+0OjUXo
z*kKAq60X*J5)1KCiQ0o+cz|1@JhG^xWcI&*aqJ;A;*@Q_Vce2Zp~G+zZtBbM7<K`#
zQI1QlCsh-SsFN^ER)NT8M5`r^?W?-~oR}Xw9dZc>4UNWHENZGwjQ8Zh)iuJk2?xc(
zeo1ubfGVEguK!>6?s(iZpP*wmJE<`$6x<zP1_-tBouzQ%&RHGN)8=#Z`WVzQxg^R8
zEcGYhQbSQ&j^vPRC@ZE|1|$qD^ruAkFMXAiuGmQ~zrQqIL+A^haD0w9g2(RKz4s<y
zu5>Kjq0l__w4OvW#@xf}4<hI@s-V!{G(`D;XDU*b9hA=pa*#FuGX%(OT5dJOB=G~3
zKS2Be<hxCR#YEij3^^X~`5kzH|Ez^YnAwocN`xx5S3vUi<nGK!(XeBJ%s8S*!%|dy
zsgnS6_5jjpJ0+8T)FrrQc-{sfAuQWYCb69P)zC-=>KzfTmK{5xTw0$Lul01A*~)g6
z&)|}(u9Y@5xiPhs0+=!Z%E;nFYNjpO*vZZBhdBTYypJs@MC__6cA{K0+3L4UZ#(W<
zq#wut000000000000F^)`3YhX(7=u{q*Bmyut`Lo{&=0|!&1B;r*u#}o(&w0M@%;L
zMFj6P<}RF2CP^+`k)9(stv*o663zir;JK8|jY`}$tRvKEY$D~)J)b9mNk{0)4C$;&
zDynyaUgQQ@E#je|g1|GfenwgC_$K3CYudeavQl-o(=&1a%=r1_guf2!qR9uY{XoMM
zHsn}%=ae#XUbW-0?pa{cnY5k-JU*aR^JCwqUj8iF(T{cOD($fhsJBGfyTP!RkXI;$
zGIxmtaCbX4tc75&SxVy~^??ojT>pj|WJy*^AD{Kk%9N)0;OzK(1pQ=WA{`2n!<TA1
zciSAvA^^p-`X37ml?ayLT?LV=(2nrxzfbZp5`bJttBR+dFQL-;`2KP2S^22>p?*nE
zdmV~IoihubT_5l55lK3M&%D9}%@Th>5*H@((a>-F--l6m&Psp)0z|KhwlJr9N1VI2
zcmlqiDvy+fdp>jxMzur(IKft_Z%8ZNeQuuTfH@$Z8gHT#7s1(vQ-KM6xPJqL<B>1s
zDjKTX>E}yl!-=_Mgc6N6yGW|NogqGxuq>*jgF?9~c;Z!D>fOV&LfT*ESf+@w-bW(9
z9jWDnzSJKSa}dnXxTEh+&z&%#3AYSQgMvT>fID{H2&?W*RZtLtjAR;wjK|V|gRS!t
zTnfEc#cSMy6-kOiv@Gr4_*R$m1q~1(z==%hK*qP(`INwZ#9#Y>f~tLlu1J%<Oh`-r
zJ3<+B*aRw`BVj{6G=TZ)jK-P8D5c2~OElaj2EbEK>rp8w*%)@APMM7UxcmLJ;&9tV
ztlw0Y)gHEp3vt?Q@r`Kh{h*=&63RT9j!Gi-2_}$rNs_<JSnRKghBVIghzXR2RyJzT
z)B@~A7G#JvED$G`jkC!#`@)DF*YDq#cL;^dKmd4BEo{Xl_{3ucXJQYWuWQJC00JM1
z&nO})aB{FhO)tTI&d9CPXd{A!aEleoa1xcI%^>fi(bC3xbU&}cp?&}}iI4yQsmK5Y
zk4`Ims1&nws1-Q!n+)VmJ5uTuu!{@wH5uOr65S?BU*l@g%M^Qe<$l!Wq5iX-F)bvR
z7rib94yrj9obM%72iB(=w;S$8TdI?)wn$9HDr+x$i1C=LCllg93zGGe0Dqa2;cv?p
zc#h1O;Wj;ApuRy-6TRm*l4Dc${1l2#h=RSAqq4ctm3P4mX$ms+WxWzcO@&<^-1f7}
zG;){n-2?N?kYt)E-4cO(w`>p_j#%T^h2SVm`UKP<XZceJUQO2$X|Tp}%>m}&N79oP
zSDIw=Vsm5_(_3Q}?afzz8Z{sMzk$o0`$WG~J~3vD-bosgXj)56fopEh|0G(~QANhv
zv<l-=d<U$oryQmYtdR)cn5<(3Dthj6F>ZUmZ2dHl%vlwM-mVz)QJ)*~CBCky1HFP@
z(i{D^jS-kqwi1^FHl|X^3#5raMvuMV+qqNypmgvE)x*p%$Nq@N!Vax|iDztOKS(1F
z`;@@^p3fT>ZSuR+I}x-#W}w3YnGZl`Jhr8&n@viZ5)c)0vr;ABD%*N~K`VvzKmR+*
zJRj_mB%dogPSOYPy?QsWXXHt40|IiBtZ<NES1ouWn-@&ObROpydSN-H;6#ku(67o4
zdeYavIK|E?x-|_oMzq+f{^W$;6TKwEYR7|%eVlB1bl)f<5Og{(%wex(BGF#BLwuJ%
z-Ydb?R_l}yM|aHt9hU`1X&dy32cvrnej;fjE;FeEw-UG_kR6Cf5}}zefr-!M5C<hv
zWsrZaEoH_)#`2`X@{3K9%}V2a56>MT+?`dFeSB0PGYYVg15P8NqExE`d*D<cR|=+h
z?#{VJ)Xa10rr4P0t@y*>#><j3>lv4Do|Dd%H^D-yGt~&6`jue){{^L4UP%*Zb^agu
zY2U8G>v>J=@>y<T=k;+}eMEO;*YH}D%%?=Ad?h_Es@~T5r%mrlW5wrLSFL|x7DLx)
zsUdD*;Nr+}CigZA`joLS5jRLvD{8#}Im+GAEFSdzU9;JCdE`rCIg=RG&Sdz5hl^$#
z>_VUD%66NMibRdT0P0@Z__<R3N&{4*VTDkyMMSzH#Xtp>f`z+qyvKe2H-$(gf{vgX
z-{1fM000006+Ejf#ef+A#AX4em~njFmQ}Hz2~j84QnTU0gh{%!KZ&CLn4l(H9}GI3
z7!^-cB)HK%-r8wpGi8F{bwR;&WIG1<rlz)V5KO4ML}B-!P?#1Ie1~TjA(Y#<6M7e0
z)7#V9{a4ODJ7VG}+h%7}TA`%lyfa8Icq=h>iyHI5?Y0beI4=p-2q(K%rFEJMjX6aA
z5#3M{L5zUEe^SdpqN=DlSAqsl+V7=9Zg@Ynui)^*wxO}3QaW5Db3P1|bYSEg7CDD7
z5mPxaiBDg0riBlkS~I4Ff-rTyOQmybBSQ7LpjMcujBBbhcdst1H8-Hwz3|%<jwb3=
zEW^<b`9ia!d=CZQ7iF1Sraqu;NZ3!ZU<dP3XA>goEN~Qn>H|<#!S@X|m|nAW=9gS}
zpX&i&r1tI1CPfj4mY{Sg<p8wV#W}2FY9{b-pbvZ%TyExE{28s}8|07#@VqrF@?h~&
z#GExk`BIxm8K8!{7%g&_n7giI`Gfo?GV#}^ST}?{l{yp|csDVimIv-h5@C#y@NVYE
z)rg#Sop12G3#wdA1h}*K8{u^+t031CmaRT|T5c3;xnuXFl|*?e*^8IF`UcVGtT&0{
zW+ZI}%Jr}E{;aa2Ig5Fz<XAic-AE}zvsUMwLCFtOcD<dO?s<?t5s0oFj4weYM6b~D
z_x-s{YdKZI0>6LDv7Q(<ez@~uca^dGqM8kI<*BK_+862q7}F{{O)XQ1)j%o6)I6S)
zC{d+a&>oE3KPfDKi{8dJ@0Ojli!Jak%&)?irSr_{bswD^WlE1jtQoURGF>fNmS(gS
zN%pqgiX(4bC2}uCE%8WHSSsp@LbOuHm(GC)Wy83F{2u^5w0=`LhzN#gBn24b?v&*g
z5*yi`5s90YY8S56Put^DCvlE0CVWLC8}X9*&U-o;#NFV$s5X1$olR{3o8eQTA}sI-
z8R}?r2+1z$kS0E`25{I)Vy*|MzP8sEdc8_W-84J|HX1kMUIqeu1Ya%2We`F6$V%kF
z#Pz@c000000Vv4SS!XkTknMRu_7OzTgJB+l2$Ta6mGT5T2#=r;&YoJF9Oro!#pym!
zr!r+;)YfPUrgXlk$NDJ6dvZ?LFeDw!&0y*KNE^SIzDjC2t4-^Tla7%FrTuYNhr(3#
zfUtmRkr<UASoQK<1#%(h`m8`Ssc)dd7X#8vM>J(Hp5@6>q5%uWe(i0D+9B_J!i6%?
znW#J+GeHd#SQt1{2~4yyQAsvAaQ{d;EQQL^S#A^Ek9jAQ;C_GP3a8N7p&j0pKidj+
zPW57r|J{g1Lq#H7^tZX!3{5-!b-BZHr1nWj@%*=g4;&iO^x`b=7L&n27nfdGv7sIp
zvQIe&jAJkQ&QDcA-P}O$$hfY_dpaqOSu`F5)Lf~fN_~afBP;t0CKUC@6)u<sU<QV1
zl=Mj0;tbcuSS<^rcns?7Tt#q;<&i4tn4|I_%hMYH5T9nv)e{qY+Q|~&tcny1J72DY
zzz2uMI6R4QQP>x9I`Lv0ON|*NDlFVP3*tiW7z3+qwjHfzAEE#?834^o)>F_Of4~(Q
zeaEnc`p=%?zv_0uBrdKwB_sbj%ODh1CqeAkePk0$O7tq4XCbulrNiD3z)F@rmb3Ms
zMn^|<^D39&+}#O!4bu+XVGs~R1ty3Zrsa9_8hEOuw8x^=`m$n*u!9=|PolWBHI_^e
zH}i?+F?6_VN+RiSaP=HGsZN}ZdS@S-_rn7<eG9V8z0hcj0aGMgndYclh%aLd-#po;
zortHExyiikwQ5bbbTO1Os%7g;MG-j6kRFLH8kAQ0;of3=_=B9mScOU^a8_TLv%+Oa
zLB%VER-6-+fqyS<4j>81apc<ibzKh$LLOu3hIT`|A}%QgItrHjzMu->lBWIsvD&F9
zM}d2~Bn2z;%yOhc=`05_2bEWJjt7{L5qRI#B*^Rs6rtn*00boq#v&f*&q$QI@qVFo
z;F;f4XA{$4xM2ByypmbRE!8FpZ3fgmDNNpPMCbqj000NjTNdjQk(D+)hB5rC%9Lh|
zUPe(mfGc~(+n5iNro?QrDLHVn+Tp1{_x)JS3xE>N1&_-;^?(1Mw||*Op;+y9Cj75l
z@SVqA%Q~l|ejYQzg;Ys`iC8S+V~r(i1JjCc5Z2R81oZUFt<IFA1PVW@){qgosGiQo
zgR&>Vw|;YPE#Zf-;vgT^J6aAh$i5lyVWJNBu!(Q*TVnhRP6-Xlro~E)LHSWjT<N+_
z7H7+$WJ0(9q9NeLcNPtPV3`Ob4iWeGO65EP2V3jH_BE%J;$L|cO`LlZ0jTOwF_#&G
zCaK-Lu|MI`dmbTkV@XvSKP{h!;mz*XojXSs5dsG+edk?#P#yI2N&&2m27eqLLA2Be
ziX`IS`5eX|xdh2*1{m)i_XOwmJ4IIjn0dA3QdN2X5^r7zLxFVaL|nXNk!IkFja8VU
zlv4A@oue*?$8@VH2?#e^kKExr*_vo|=5OxE`8puj=*_jv8>)zY0Mn#3gurPUa{eL|
z0z{13BV0Xb(v!rBqWeSOE&I>HyVpIrtOsw{PH8B~UQ^QU&VM7T1BcY`?J6VYfn?B6
z)nvRdX~K7=aK#}j7DV9(bJlaKP{vKddR}aen5@QVI{SN=>(905q>hW};Fm8k3FYE(
z=P`n!T@@bV4*<}ln-fc6VUj4Z`<%Wd)Zxr5VYxI@ECRD~Iv)`5cuMa2Op}j3s;fnC
zX-FG|;PSrGVAQKK&oxUlMpbKdD*fkbtLaA?`SgK`=4XwSyLECq-eCjaVWQ`ixK_Ky
zRh8IqizoJO0_092r*N0Y!T<*5WztJ{;RdH*HyEd3SGK9zJ)yXO&U+i?jUq)R^lv~6
zt7qw6ntgKWC)huh8X2jYDJ=1dTy-kz4va^4aJ1Iei`<R+zw^tRE*KG}*atDjReP0j
zh)+(u7h+G&)2Ak=LGX8OgZEoDX2W}g9GC&vVY0~OqldC{lzrJ)*COMX#6+2n?rf(o
zRKInqJ?B$r&oI58Q=Wc?XU<wrUyD!IbAmx*%$eYdx*8;YIY((m!FZpG^BVY$Ou+Lw
zyA9FZ8sG~(&^<2n6%AVfJdKCZ>;6=%|HoJ1Jef+xhLyATrjr<4!rLj2yix|>K~lHf
z@9d?Qd7o12$Zf>n000000x!P!Yb4BEtSqn=>&v6$RRp4xLzfWn45b!>ebUQa5p73@
z1W_;%py-POzHIA1*EorDlg&DGC;bqa%A%R#xT~^o9PwWC4vIs@v2tMImX7O-LE>I1
z0Jy$!zQvk7&?{iv9v{gA@Bd*2zMj|@HVSWL#Yc=eJ(P$v)&j<S`csq6y_8l1_1Ldo
zo)yzRI!XUfNQ(mT80&*Cf;0nHL;(t-V@L=qzfxfz^Sspy0l~8PVI0zmSKCO5V?o7@
zYGVT$VzDVu_<p4^`o4{bj7Q(4aH7jM%~=Ni7XZLNXi%;3jBf_U$9DHME0-PD?wP&&
zm=W-vJ9Moeugs0bJ5(kLmKuASW7Cu@_f>v*yL5O+52_oM5YyiJ!wS67NH;=HD|Tb2
z0I>G$SMk$OQagA2jM2F3vJRQd<r}y252~;zS^@q$YHsd6p|$o=fKnOM3uBkRBddF_
zI7V=r2Y0v4P?p{yM9g%^inS15X>KZdNNAZuvs{tE({lh=7>%B#&?V~OC9=FQ3I{)Z
zd#+lw_6%cTI#IBM3%U$hVJHD~iJ?dJw0HT+%g5C_E}8Jk8&Gt^g>UxyEwt>>?XdU&
zAEQh<$;2$P%+nq0DdlvX|1A^WgyLotwX=&Fi%Xer&0zR$L`N$MaXk@B533O72b#i;
zQ?G#zl6js>ecd}^aAjT4-8rOI3dOerQpDP*exeI1e;%c(V!SHui&a7G=HA{xGSb#s
zEvK^7#I(nC@0t^hh0&2<iJ_IlCJFs)VzEBOIQ8ul6o%aU2}UwBVnZQ$>%D11jRr{H
zQOn(Lzk>#M5bNuTmBx6Y(JR(#Zh{>;H-+7AkI0E^&b2=?aQO5r916{EnV&X0o&(c%
zCo?Tp9WAnO{RzaW@)I{TNhPF$hNl=+?os?1Ijx8eOVeHRCn6Jh*{!{wC53qgyw3>+
z0Vy=ULG9#D6FN8D4<@WRXzDRzXGCjcSRy*Di7wzCpV1g_sXkDBwjCXK2D*hgxl{+f
z>*P}zt##7mdgt3~g+ncv>E`gIuDPZxdtV@?&c27dXvfe_pC=J|lBt;)JLF-?s-hp3
zk7I`vu5;wz^gH}Q&|@N#)=1`V5Iu+~^491$CaT5J@Hy$g2S=jf3y;6{YX}V2;!K$V
zvfOTNS|!iorfc`0QQw7EIsR%G#8&18v-J2d@)pe;<PND)5q|}l8x>dp0005x9kT7D
zDIh);R|$GikFbrLWU*BW^t&(+GJ<ZJOMssYj37}cJJ-m|+g6b;Zw&o#s$M%0{3_@W
z3a3K;p|c#nAtZxb>GVOdYl>{uRZE&9p-dMO)LD-;Tz*RUgNNN??ly&bv}U?S+e~Yg
z7Mc8pB(vMEwg+IYnTxVbyBe!d+`kK3Vys1g3a?ZVZmm-C!8t{6i8aNG%^BQ+Vz={g
zL+59$ty>*&wn7DTO*#W68_vlS_i(m>btuU6Y62NwjtsJ0TLN9@T!oAs{ky8ikZUS1
zb(#lhQs`BLG?l?739a6S+8f0w9)E&TRV0WEylDCLs?D&WDz1R_2ONaf{(|zwx}rt*
z+hj?d6GCO!ewgUuH3XZg7#f}{hll}!LBZU3?~-pO6p?9=4kEPC?G5+GJv>8pgu=RE
z<|U&0l$k`=>HBI$wG>f{*sq<@hfTc=F7E`W6Z;bBIp>EH6Hp-i4bE{?DS+V5se%u+
zY=j0Rnw@qp#HprWnMLY1q47XJQ2+K2936t+YOn<hIbU>gd;oM94bix?RPUTQ?*5`2
zE+(N*e;oS>g2l;pzlL^NOB`U#WQnTR^CHy{?MHIAfdxa!q2mSf#2irn`U^}K)?0G7
zodoiMXF)9udC|=sH59A890a{;RHCuDzPGV`3XN{=#&qQDDqmYKhrujpeioNfmh1q8
z$Sf}x@7lr&w|ZKB!RX)t(_cfb$iYy)c;>9wP5Iv>-HfLR1LzjS`+*_kKap$c18#lV
zYyc*ePA<g~A`8R?*C!61p~|B$(TeFsf|BH&QWq(aJ0SHkh?>}f=f~?&kWnd7=Z(Ft
z@p=brwX~Dq(a>o$P2xn%9mNks{Z#3JQI;V4NQw{qo1`c;bV7M%)X=WWVqYzmL>i{b
zwr+Yv)_HnB^F)?Hs~@~Q!*n7jQKZ$!+RLWiU2OGflcYl=2WgqPy-7A0z2gba-AQf%
zrE4oM$v)C%C@M5^U1?ikxc~hFV~efLk>?Qk-Nj>H|3I|Nr1R%P98mp#pw6g{wIHKR
z9Znx@(n4S9*_(tl0?^PP0000Sy6Pg~GA@1G#Dr$fv2TJd?lLQgqfI?v1>PhLuu+an
zzw#iw9k{~P1-TGo%cT^lMK0CaWAPOYO%z=JK(Tt2UWN?Sr%>Q(k*V8<+2f~CL6lF}
zxDauJzzzbZu6Aht6mwuSkyMabZYd5#sQwdK5XhEo$K@zGfX@J&AyMZhYnVxAIoT$~
zHXE6dBucTgLqRj8HOJx-Qg*#?v(-7=ufg-xg75dX(wvlq5yj8kQHZQVvN_|PtVs}R
zm$~6<=(2oYPkkpl06+*4RGTd(O$U^e2=@A#l+XUiK8d~l-YNK_TSF~CSFk38bPa=N
zb=%VGcj`__Q5>OoBZSlalYFmU4;QLC(G?YxT{vf;YEM{vfeq(aa}5rVrc2-m*|nLn
z|3+zn`n5@cUS!$!wLm+xxx>}NZ0SC&9Cfi17uuI0rfAiFqQzwge%-;Ij_?Dy*`-WH
zC-n99kmhj$H0ml@3r@}br1*9l|7Iu%Fp=n8ZcUML*Iegh5k>K>j`x`m2Rwe^TY5-U
z#kOrMu0(8iITQF4%**~C3P~-!-fssw`D5$eYil7R{d;N){2nQ5-YtY>&S@_5SK|d)
zMv|7j%aGM7+VN={kx;+sFtrFzC~Bh7?qeSvkp-qTol{9)QL`{>8KG_nQv?pip0RGc
z>i*(zK=|J5ILPRn|310Grm<yshzIfQrH@AgKX?^ciNuUysowucJU`J7_+|K08^eIE
zSpbVZY@q-mjcG?yJQmRf`l#q06LL)`BC`;XhriN>;s4C(2x>c{JbeQAWm6|<ee#lF
zjY-~HxMaY%&LA1vVi0l2>uGWZ#z*w>%~Bf=$2Gc3Tif^cnKCk%0p_Y0t(h`|OUxEJ
zDcm~HDstH{f10^0X+xNM&>A75(AW>#kAq1>OLZ@RukaSy13%p;;rowDWT00U;IwS~
zzj-U^^o=k~YQGfgEiJ+^wA|W>RSdgmxL&3>6-7BZiG7!kHq8rTtGgxB<=+n`oja>=
zDwq6ttk9r&R&n8PO_|Hxq}%HsXZN0KEXUYkQU<DH^an2h9*~HLWS+Xt)xx-C!)*0}
z=2?3?+<wxq|BGb1npiV}vG-G)1PRdH%V1QksTs1dLOmbB#|!B|9<NyZ+Ft3orSVhE
zf<a&P!LKfEu}Klwu+8<d00000{o-+^1KL#LL2d96MInkO<BD#s64(rhGo`x{N91vf
z%0(YLjwt)u+E~ecyXGeW4tc~&Z)lBeK{Ha!<33gB(@6Nb=+X6;`4t4k?%^j;9{!Q1
z1JTohe@jL%$woUbnH(J$U!vboL3+(wCa;^F@BRfS^hGm5bLggab;uU}$Dcu-IC7BW
zAm#A!gl)=K2%Hl_HpRfl^Y-9TXzS25biucaiznB<{ln5fI9+C$y+_SES;~hTI*GNi
zqNe$yz+vh9<nzG>+c?Irm4}743s4rctVEKH%v#nlt{fl2#8<i{nN-$hjy<c62sA9T
zgv3m>_EGP4MY1k8qctewyJhqs|82kUpabBPLV^I|DYaU-9{<N|Rh#dpKs!DIGRw3_
zQE@EfJ~l;|c;_W3dN`9$1W$69s~vF$as+dVMUEspzliGc*~9898y0phrVby?u(A-D
zIXnr5+Pr?{!%l+#;8KqKq+Wk7R`xjaYqz%jv0g;w4^U`LAanktLE>v!CGe6i=xF79
zBNBmSTsDlyI{R3C>dU1jf1bxv!L3)J<HOqw95do82~xj6b_ryKYNHPOaoA-Q-t~If
z|B*122LusEFnWv;V!S7o;vb6Ei2sp|TPtiR-ZTP{-7tQB0-r{m$VttWeX`*>A(WkQ
zn=m$if~(+YI*Mk6QR9NPvt`dYGm+q5cdHgSMezSj*K6!##6uS8nJsrZV!#?AfYD9M
z^&9L?6I0Qt>R>D$%X*jK8rpzJi@1$LJq=CMgiCHVl#DV$@N|R<wM9$#COA<WM1XKD
z{;^U;hO4P(cJCv*Apl(f00R;aegj{;i}Rv2yO)BBj%%~>ObpQ!H+Y1*PR5E1!WO<Z
zq3c^MsT-z@#Yr@R9X^~{5g}<^ku^AP<N`H3tXjBP-0>qS=>|^SFQLj*J1=g@b9gtp
z@-i?TT`hsLW~e1P`D%fFm8r6~B;l9|qEfI9x)_sYC$qjRUFfoHM8JDw-Wr*O`~GTT
z4p*YFqMuf;MRxoCP#c=EosT(Sm$;+;C45T1D`pdO({XKhH14Uo(624B!33ZH002SZ
zO^~EEL55+SS2Qn3I!*lm+j)Lj#Q;oUwmeeXht-66;JPnLUBHo7`<$QhKxVnR8S!;f
zCu)azxHAC)TpiSCQtK8khM-ABG<n;ES(mMARUI3BfEVj8{gBovrHvOx>K8gqIXsh0
zHqvNh$ff*2X5N68D~>1|xQ#6chU^mSSpC+&ejfy|NKQVue?-ERTy4@tb6S(XJD(vN
zCU6xNHY9Rp;%Fm|vJic~i6(lIIgiAZ)$`}UOE00~9tL#R<BVj#Z!@ril6;QV8_sPM
zG3OM_`Kq|ch5&daR<hZ0iz!+vW<?)0{zj`HaRNA0o0~DjEiRIC#I=k1C`*`f{{zf`
zaRZ3qUE@#Ve$$pH`v1X;^l-mUV#u;}tkCZHm?-f5(fNe$oNe??K<reU_~v%C=RWJ1
zQ=dVjUTRT$2E;|Q5C6$!#QXmIfv@?T>fntY{FpoLF=E;n)dr&p5|L-`{2zzg&p2{K
zQl|pAlWi~b95{5tOs_H#R18rt(X#tZLD?Y197!%A>znn!{<;}>v6DHM0izxOPTDfX
zD)98~y@;3_vcwLHZdYlY@5ZnTR2SZ)?x_Q+JtKqQt1XF$qtF*#lz_iNS!E3#_3Ocf
z#3$<(jWjj}-m5Ha?QJNYODw8D@jA5tKlXW}J?wOC7AVZD&TjeAGZIXBU&?JNXA~cT
zz89z%gj<Rb=l6ZBqBHU)bOtCX!T<+Ow>ufbWF4R?6WIKq=S{r^Fa>Ow0M?=c*Uk_S
zT@4s5%Ec6|`ws)TVZN7&{Tw?pO1g{Z|J%K4bitWbP<k?+y&agdf)7n{-AIl%m%HcU
z{|2e1$<<rAiyw-Dxh&Hs>Cw(kKWO)W_cR^M{XVZ&I*zWcpEue-e3s_qRy4<+%%Nx_
zisrflz>$rPl$({T(mSGZu%x-bi22)e?%fds-%BZlkG56p)M7Y<P6p2{3ojD51TmdU
z1~3)j0UQ$djuQ)8>Wd9VnjA<1(f|Me0#-h>XMNL1{;x>7t*SaFU(2akwV_rqUn^pV
zsr#WEfA=sQV-CZSeqR^Zf7T###V||*fN+C@yXLj0iIH4mf98OxN_WWkdQj|y;{U>1
zeQ$H|s)z7K8vF1NwMKi~7+HBv1cgmna!p#y&}6mjsyfc!ptHWO?c4o8tESIRGHMDS
z*hNCAMh(5`(SDp@TC;y8Co?x9+I>jmbvT-O+?W6^!Y_f9SN*4q?dtx5|L9rAj$@;2
z$mkWFI`np1B~p1%y97xrDb*}i7CGAa;=SHPZ2so>?Cc#ea}V5hoK0*I7kS!;Krf6n
zi4$BDeylAWbk@JTpZ8sQTdF~L0Yv=)a#WQ;1UaZpyvUPCg<xv)Hg(0m%kS(ghnvJH
z+jKNr;4fVyq`bih-7wE63F*(NCuc(_XF-7Xz^F8fd};>d6T?u@kET`EUB^QFV-I9J
z!E_?(MS2%=fYiaI)f^B#w+<I1uj`laP9Co#f>;tf3qeIkpLRdFT&6<Wl9*pBN&cWU
ztnLZMLFfS+Y+$FGD`Fmr+X1KBf@X+<4OJzX3;>A4w>A)91c-Stol?U2J1!8-&ctJp
z*T_40*^6Hrat~=!Nb%j4U*SPrp;2i9w`qMZntMJUJ+n&RKBVE$Kq5O~MH5Oy=2*yK
z>f@hL>`h3>lxWyl>Y+>=@gHO(IQn5W;vhY9$aMV!8xAIU&LUAOTVSHN-refH1E8iA
zDJaIwg{1Xg6C%njci&F)XNg`2gGLEj+_idrI|9EdW@Ld<cqZ*4Mhvmlmlz^Jm|p#D
z_|E)P1^Lj(*i;?yR&LC9#f<Y=Jd|jGT?ip3c$&lf0v$^2l#w5?Cps@t@o+;OyNhha
zzEYO(F>V3@oX3qVV<QgC{bwzRARfHI-RMbJ3X54O?@5svggn4l*cOGj65!L@&jbmh
zWHkt{1n{+I!>rZHB4s#489o3423n;e3<PlsQzvo+G~U6^$PXOlh0wbT9ws-)(K2Y8
zB~ZiRP>6CwG@Tn`-~a#?b(7^9FgoH`i^lqnWAbea4V5~uU<qI~m`==n;u*??CXPR7
z{)HFT(muBFBgvuZ2*@W>7jYOKaXMzyYT)F!ZSmTU(Eb0{8xYfB`)Qe9^(vkE3B}NT
zpxzuQij0KQw0meAuC<z5pC;~U(M%U-I5v2(>H*Aco&dI)c|ny2lT)RO%;yx3fNAh^
zKA(SMS1oXRCX#*nHzHMQvGR}r0<}7z(FOGoJq7bHoKIQ|lsR{*E9A1GO~0*=r+UXh
zq2teVW2)IWctYVYDf42=sZH7Sp=7sQ?r|4{qIdClD`+dLrGz)KLk;5TBCBlQwqCc(
z!Bh-5WJ>2G(0j?Om;)?{P@DnzWX(c}o`{QKx#jZQg$3^kEg={ZrmkVmZqZWsPR7Y~
z$-*#27{Hc5a%GA}<s;EHOmtg7B@zTOTRU8N*8b8F@KEA7apWPWD2K7gn;Ib-c`_9v
zM@Aa21h&hXc}@M{H1Sa%8;KlvU-0u5Dq}qj-!sDskSZn|%c9u<3{`hVya$z)_|Ffo
zOND#MSgYv0Is>{Cz*v_oB{Mj^Nh&w**J+~B{(|W%08Kmh!OFB-H8cLcCjDSLaq<Mf
z(t@scOkcRdazuDxn`YvFI20kPf72tUyYzIGFkQ+3_yBr*`!E$wt5jL&T`mNYI^;aV
zk)^Cm7(9Axtp_VE{ci4T<rKGkdV>R^(lT-`=cKvJy?4E^cf~)l+vh;j_#%=s44?NB
zQ3u7nZJYoyj8Y#Q73Gl6;|ttMNfD^w`l=1h*8Bh8J<miO^;lQFAs>Q`ZvsvD4MpOy
zc`-#=Qa+yzk5R^*Uvmbda-&eMV`gI8pJ>}yqv>>wtECm_Rs3Y+1y_R-hxv$*Pv#&o
z!=}I);5bT)k@0cmb6wqhQu*x~OOVzObz=QY?*MhPe3I(mqx7cdhQI{2BLVD&5Ac2c
zuBH~qL12(1Ep~;l8f4%!aE@wE3f(Jg_6h`bt%A+s&-|{_I}!X|1B$K^xh4J8$Amf^
z0dlVUqR!!c!f`JJGu?2P4^jF6Xonc>nv2oU!xeLq(PGmVjHWhtP`Q^*H9S9!;(c}M
zZEr9XRox6WF8h<-E(nVFz+s92000ELHH5^w`hQ;2<_Dkg))0`{`iG(+#_3RbsU*o8
zB|`vJ`_|US(Hc{c?EqrCp3g*eoU+;v*XpJ0WE*n=Jad-*uy2k}*F<IYwIX|>PE%a5
zk4~9{c$6nS(4Pn&1iWJf=6vfGl#r)KRV5Jy*nx38d<@q-SFjx>wJ9QYrO6OJr!#ck
zI2MMvnKIA-z4KoV4gJ)W<-mAGDS%&FAVSTWJ8DMqHSYC(mzF~}Giz64Ep?XGuBxp-
z;`zhkF^(`~RQl%CYcys1Qs<IN@l`p<rXBYW)DLx@7|z|KUWfqAe0GRce(K?>d#Y6I
z3=IcP)#mn>wwt7ee)ZD<rg3RgScFA5U`3Y%a87(F-!wChc3{?c<RUe1p!MzBlr*oV
z0{hv&II}0mjXqR$^8I=eGx+6ju~c;4GBJ5SVdKc6I$Njcwd{x3f|Y8k-cxs_?I9sz
zDy^&7ai;V)$WD#kpm!$>0F41*l+qs=;)lO3H|Il$rhpUHrgZvWrl1V4>$T`MA89fg
z*ne9o+R4}ihMO2(@y3q^7vqE9#=(}t$ZR8f7dY57w))=`9YD!yYHknM-CR5A95ANs
zA+vx8X0cN~CKrZWPDWL=&42~#$!!jQbCYMYPZFnQdO@BR2np9>arH;I+-38aIQ*>t
ziK4+R#cv*QP;2WxQlV;Ku4f7xR5dG_^F)2ilqNTqhuc`fxHrs%bvjQ%&XT?H1{8^K
zqwvy_@KRl4K2}h&SoFM?Mt>DJAvx+KWk3uC(%L#)4D@{jwg*zlbjTRln*sBRrVD3*
zcqJqfBLSYhkH$u$5c{evbcR0dyP(QyN^5SqeggnTK)JuCf$<A58E~&^%9xw1)L^RD
z1ccO}r-}VUvJOB3ed0v#=*u{n!mMOO5+P7FGrEv@t1(Qqn0N0DTbH|Nq57~2EBo*D
z2E3}-nkLyC+mW9M&ji{oumq5@YdHXL8#LztA_4;WioLG@IWepvC8Th|yi?~Rr%mqg
zc1*bKU@O<0l8(V*+Iq3zXD9?Zu;abIeV!NG{c|_j<Ny~Ok*)9D0X~O;w5jd0G0f@E
z1{Jji9m>J(KR0w*#sZoT%j#-H)rP|t%^5fMklALJArQ(luaBCZv0VTF04Yz(zqhAm
z){8=(Uy`-=^O6KN@OB&LIXM1Z2SXUO4Y=gKZee&x8^GJ6{MAfnJ4jvfx@PEtTi}DU
zRNgzg^o2Dsj2?zS<gKW&d)0k3Q5uj%2Wnm1A(4nxz}4QU@LkrxN9MKD-L4DJB11@;
z2e`iQdK|lZAU1L%r_}k|Zj|R3bN}VKeEzfer3+4*MUP|+-3$YpOJ5nSFLgmd_D98`
z;~O0<P;VD=52|X1dcC!hV`4lN<qHh6RkN~{V%(=|GsWN^OZ!OCss$+EMa_7KQ+1T}
zg)2Yr1KO`D@-zGkpu;4WB?oV7PI_VcMK*x5*N$OQS}}R$n)|i_9<W<$p64e5k?Y2S
zdv+ANd-J^BH6@mg`j_UeK2A-M*XeV5<<g=Iw#lYnESG_XGhS1S1km~+PtQB7Nk2Xz
z%`PkyRXgiUE1=7B+S#`iMDG7Ieap@6A}y5mH#a)rKc8x{Efp<}U~ssFg1wpF_IJ6Y
zK45(bKwGE3S@5U$xD!Qt3>sbe*8P^&s87lOEdq4Xj5_xKg@qcXzRlzANJw!$b@Llo
zlInY5WPXFJcie1dwqS%I!+Wx!xXExQnY;wgT{U_k3^%om)ie!DblV#e7U7*K(z7g1
zi6Z-z#dS2IHegO_1B|Ke3XS0O+#9N;)ZY-jG!WEC!w;wx=W8SHX{n{1LZ-r<f?7Uz
zSD0;)T^Lw>Z=8{G&n1AcS_ATh33|JnfBuz<$O%t9{#+CG9pKc}A;A<0widoGFWP8a
zt0RnRwGLkaxw;tx<uOg{7VfO@Ducb6Z}{f&BfXGW4cEk3QSjrUSHLo0b3}*yw0=FD
zJ1voKhd<<T&cp;%ydg<Pt-CkO2SLGNW_k>~bO|_?5o6{5Lg3KRqR1qx8Dzo~eW822
zuxKg(vPX-5dM=7q1jlUhh>wDI3-fX8Fc*Xk^5fJgOEVG3cZ<KbSFwf7{rhMaC>&Gi
zN<LKH9n$kk_UEvh5qt*`Mm9KYRU~1^07Qvj6k)qX>}t(ROJq&tIEqTaE>Bp4i5!fm
ziPQy;ZE(v(Ld!VxXTq(#7*gFkX`xO403~IhB`xyfGsdITak=eKeri`b(!dq6z7Q$k
zxSh>zyVI6W)fj}!0G$$TbtUhieL)u>2GK4d2m&F+-JY;Hm5k;W{usivcW~FSXkkBF
zIq;%OQTF&`CF?AoFo38sJ^=+WZK1S=5;tn+j|GS}W>=!n(nj2w{Bi+si}RNg#CG@P
zh|{l!rp0E()1_0k-m%M>kA{<J=yjv*5~=MtvNmR|`r4KQA$X0x`2ID*RiBCY*9LQT
zb1UBwQ3vLa>pN=VNWha&#Uads;TzH+DN><(4;eOCPnRTrv-jUs^iXd--E04KlG1RY
zF^ehuJCGVuHxIk^8<@HPh9+n)ngK&FsYUl&uAf{06vM@li;(ya-%Oin_<WQeAJg@k
zb9ODE{hJMes!N*P$20SxrI@4&{}YT1l*X1Hn(Y*l1$x-G>!@O#Br)hQda<wJopT>;
zVJq{HM~d%&ghgWKQlm2_v7duVS*Vec?KB>ZUu9$#F|Po1-AW0@;;BAo8_)oLDiLw&
zX=d8EE{cQetVv1c)m)p)oW&sK!;olz>T9@zTKw>sS(Mka(X;|d9THR|_3>ilw!hQE
z0hXa-v)+A#bip9J{P@lDa=6^dK%)Z)_3un<`~zmApBDai>JjYU6gt4y0A<uy$|2Q*
zkqt))(&6iqioP%QIsRC7F#iaFbDT#_=@O9tSs?}&@+^?B#=<TREL|dedB=}=g7~eH
zi1bTj0QQocElatwvmU^fT~zSv#1YoCL08FX&2A?dqyhU>S)hXV0u<?s2_cC+B_UGH
zzQ|hK`j-K&32$SN>~2EX$W7l~%X?}g_4-yh*Lp6{SvxvU=Wzsm4_g_xbq^3lTrNag
zhNEakMhJV=0WRqY$(OS~As+Nd6cY*h!3Sb?o`Mg@00}0C<`GU{3uIuCae9pAFTJ#u
zC;x{Ouk`Dk_(YrlZfa|gfJCS|0ZoEFX#WbO19a9G*MY%$b2k;7EW7-U(0MVw0)=51
zNausUD!jXwy)?4SpirqZbB$?TGW20%a>I=%001J`<-VZ)>)@}9?7of%QeXOQ97?)!
z4vZyNisLLumoJqr&xeIvqSZ;mvV(S{XRv_LkoU9pXEgT-H6E6{Niy2T0kvCG!|^0P
zZiRDB)y}i0;b|kQzBbzK{<8ck{}_r*fJ-9vWunT702gSvBv0ic95)^gb_NASl|saZ
z(CDqiqOUH`VZ1ws{5&8E%51upXX>nX9(Uh@aKA%Qb_RR>ed-wbJG-v2wI}$Yq9T2E
z*2C?pTaW$C?sMMXib(_bVO5nG7RsX^n)b-trd9{@?WBzxEFuDLQSmbPk<23TFI<t+
z4NxvGH|i^0@-Ms9OdG|eAQ~CJZ!wzF!Kg~|x{WJ{=RzYl$?+Z@F4_!awt_-51+oYM
zwE@7OKPahfNbl!>#A;ot5JWN|W#bRkH6Bq`P)dk0jNt9J{2W#x1Pwb%OGlMfs$JS_
z%P{1ed;&$!B}`cvsOxzP{p;#PxL5D4F(@zb!&wVOzLl7gJ4+?|fCs1?wvP0B=d#-2
zgd~~+4mZ28G+hsTq=V+<Z19LVnsA}8ChR=+yTkyW?IOJJ&|O(lU^M~7M%ai|0Gf5c
zl%7f%e#mQNrJs%x;0`R9oZC5dRJWJK>MebB62?t-LT}4zog)e^ZEm~39Bg<#_dw9|
zsY<3n*okR?qsRb!==v^_k=0oqUl#<jK2lJTdf)qBS};2up3y(fE-pFLI~985mNB*Q
zBatIXF7exav<MNiA}%=3io0dRNH6dDv#FTri=x)dw1=&{UGiG!jTm!0<W}thL6cko
z3)W)zdi{hsg~wnC%kp8M;(!5V>WHw|2K5O?3FDqIF?a(ei+v?Ka#Ee0S!c_j=KGqq
z6xl_LUFA(11<XnVhe;Fsr>t2^{8OA*J586T1Oy^6aX37S`fKa35fU<{vCn>G0&DyY
z8~^}pt|Sbraff_DVnpLSbIw0bpu-qNsPG%sQbz)RYFBKTH1%iz)nXbOY;U}<=7gB{
z3cqY>abQ&rp=RtzpqKmF04dcY)Sh++25-Kpt*}El(;saElZuemqGWYSp#86b3zqhv
znZJNyZlC}hIEE?(Iz7w-zqHtFTG#Nuy-Vma=1rsZ!s%z(-{B8b*D4`D(3G<XPt_t0
zl$#$-=V4}};49WuPKrN#vK=K=Ze&&n&Y`?)v7$Ze<k1bA*fsXT?7VSmXq~ydDKH$Q
zqyTB2pF6-LMot<<9E2$O7&Y`5{(b1tI`ncBMITEXzN`=8w&?1Ak&<yPUdvw$Y2BQa
zrdVA%&;a52jK&==RIB2d$L|K<n(S&fgaOv`{HC`q0$xGs8|Igiv#B|g;0l^yN&yZ(
z`F|3N4?hsnNkekPkOfPofE#=;`~k8jnMnPqHgbd$#<*ddhS|FFITpqiB(Wc~y9gV(
zFu7}u{U_8VVj+kc5m2tJKCx%I(7z6*#xD*7vr|C)&<G&e|A{iOjz#a%3%ekD%fM(3
z$M{8o7zV<FTEt(09@q0j6Q*$_ozz|oNke7gA}-jLoL2YEe^yWwoL?$M$%?6Znz3}o
zef;jO%7U%YXl;BTGE3j$Frb@bxX*mMx>8sOl+0S-8YkoW_}pDdo|ddl#4qV8Of<MN
z=pm)z=Wb}}LqLl0C~w&x$9UPXU_|}|fsgsj43r0<JevY&5dOAvyG0VMGpnC4!s64@
zhn2qeuin~Vm1M-!(=OBa8QS3rCphFT6L47Qw1jp3f8e99ZHo+>eijCDhS<+%3AGDc
zD!`lB;QzZDtxZEhKG$^5Gi>1k)&j<`08r+>*u@}#2ebLH9X8Gb`i9S*U-9M*zO|%>
z7ZneOSTq2608Q19Bi3owdrLq77dt@TAqCIzr6vbWcvP-OF}sI#9zT)@>EC%+lKUM2
z+w^Gua%8u{+<|evzlS#g>;1NtLHX_dy0863Dm-dX2@p~s=Jyc{$XD7-TU1-2f(KM?
z!{{4R8CQOww=?=;IJZwmM^h>u3@rdQ{~e`+|Fu=ZGX6WEHN&Ty?5_FS33|9<`t(Z&
z!!?V1A-INy2XFL|nedK#e-IU5+R^jw0#7Pg6+Cbd#I$N(IANR#u>QPoZtl%e-NOcV
zX%YUAK9%o2s(*+M=iUJ%GV^;pQ7`y!KgV9TEm?2?03uAWmNaZ**&H4U>Y|{Dk6u*R
zgP|YLsMit>354x@_oQS*2drvN=dwE$h~yh4_FZnxWiphR_pJojmMFJ&%5o5vOn4{$
zplHUN4kMoW^-MwMZH4Hr%J8`ql+TDf_e1bSXl{v$R63`15>Z<q3x!BA3^;SB;nbe*
zn31+i1VT@1Jc(5)UHlEHv>>^$r>3jx=xXK*<HpT075(3Z=!o{ae;4Lu_aQ5h31ePB
z$~75~tKy~E#oq#>?30Q4$}F%60`Vau`xfjo%wqZGQ*&RHodF$m?e&@Ql#Pa&%IjR+
zWtT0@kjS9*ej)(S&AKFG6*{BAG%l~+o?pxZlg;&1K)b8&cp+y#o*BKA31zM7IY&^^
zX7&5ihcX?W-N?PzZmaw~31F*}CUI@4Gv3<D_BT~fTa6@K{m0r4)bh1bue5sj%n=*)
zZe}gs!tx7!2A&o)r?s^Xcd#1k&&D4!Z`Y&jS<(unTHh&UICa93R#5?)T;{{seZApR
z?cIr)qiDgc3cJcBXoOiYOd!I1SD~+6xpNDeNVpHOW-GI}vsbekJ8_c4$+VAvo`Q!D
z2yZ=kzkG5u^aWe@`C$k+RXbg(LDQy}8Y^2i$#(M!nHYL_N>OBs*TB6k{TT}OP^f-}
zxc;n=4y1>gTOKGAni+RFm;zomO>U{ic;Ft|+GipnC`Q~J?hO!Nn1(}&o)6A{PzO9*
zzFw>mGq76r1ppR>VQ$PJZc(_X6Kroo%P?YSOp!LvKN3skhjb?=jF1#bVPF-0pBtk=
zBPU*&6|b5Ej^P6UdN*CGZr-0cP64_MXvq^=tJ*<o^}0&%y@X^dbuSO`-}UDvl6n9V
zA#&hLGG?RO2VNj0Nz2O^fr}1yI2^PRr1orRSK!YPht&A^Vf{^i07H&GeTgL_6=c5I
zll{O#0}NKn8s~Hc+6`<;nUFimKZ_B(<UPwZw_IOKpXfJ>8@7@z|5zmc!*z|9Uwn99
zO(?};&4#n>hI)WsY^5uM+XfZ#)RZ_&=1I^KILrs?CgAHi@9{weu%1a@*I|k<zD&~q
z1r;#xTZ;3R#c&u~quZc(TqvYPkjsK(vRVW!;fWGyk}FCYlld<00`a_~Hhozo+^Zi@
zA92I4j)91Nxc~qzc3;#p95pFNlS0tG`gVu6rtYZy<}R2sf+pcK<z<>>+E+ng%!aq|
zfx#xi$f?0XwPE92DSZvyEHR9l4TWj_O`Jyzc=v92c#>Iz72z%HhbDmP{Z`~z){@>w
zQAzX$5PqsWa{*vdT3+>Z<Qpd^^QCTrfYSC;o4pXlPzyvKNAi!Tyf1(@aFWHgHE697
z4NAJ)8W;>-R=GjHcX{k^e<zXZAX4k%=HC*)S6a9{&iyC)W!DC~QSBm8wLCsm&=qu4
z0y(bu%NG$|5jqW&&lDyWljXX=?Y@UPO19~K@5&_ER9exjoI5I;sUFh^YVH5*%jG>}
z=XqtaRNvil)HDkev+><hh)JT1VyB8DgXd-7oV4cCbsz-`Hvm98)LjUX-?m)+;#KF5
z{ClZmhFx!%KPK)NkcT;R(^pI^4RC1CJ5>omQd*jIMA$4cal+eo{GsxLMDd)RcsY9a
z^LzsOsTxFsp8$zBA3@$-E&AUVmi~>u(VP}L+KtGz!UR(qUlDMF(yq<35OgIZA~<tk
zUc<f&BuIsvN0Hu6zNV;0^OmVz!m2N>#sizVg88b;+@1vN70J$gNr!IxKML8S$*W<g
z$vGghv>5**zU)AqiNpKI;U+Ig*@`o#y}aFeq?l8R>j)xL`ugz;du6YZa-8u`M2j$@
z0gA%{;XFPD51y*9n6_r{%N#De?#JmTF_(=$+#b+s54fGowz;46s2QwWykYN(tAO@v
zCz!j92f5cI;`uy#eSfSN{7gU@ke2lF1sp$qvWQLu-sy~{C&#0LDJ`b+nak?!u>i#*
z;xeLN9O$zif%E_XIB)<|fR@YGtB#4P<2xSeAFdwKEQP3dE}&smUN}vv4N$yOU?co+
z0FNnsgJPy`J}T2(@^?@!)t@RRDdN={YRb?K@wafJ!iCP%u+-dPofrt59(4d4{G}c8
z!kl6a9zKf}T6(#NR4H7`|C-hLVj^Dpb4BywhJZD_;T>%*d-in!V+;_)yiYRb@Tbl~
z2rjC98RD1|vM&W6g^R>m4DBXIb~_R~AgPI$@`Me6wW}AodkzIO0F|Kac2Nnhzzn3l
zVdr<SS%1XaxahDC94y-p%Nt8yY;<s`5v3Ym3EE_KPD{$dXw4eK*<@x&1R0_r>$gad
zdoVQ!>lLD$-%c<R5;G7kTBc=$ZD)<_4y!GBw+!NInRn=I?wS}AXrZkc<)>iB4lUtS
zz!8Of)5^rhz}V~?(LG7y-XGENZ{Xw+(V{OU@MRh0{N)<+)HaP+tSj+$Nn5Ih@V<_H
z-oX*=ywiAgpYaezM_>#b8dWp0NSZ^4Gv9W_pRGeWA{QG!hf9suuu?bs`G0RAQOWBa
z5U};g2Sr!`aTboO^$%o<w8ikQly{v6!vMN58fbF+S}vTnuuhugC7Wx-|2Ixy(Jc=$
zJV8EUIP|s|xK+v`Km!Xtorv5c6t<Z!PhS>$T)2VaYgTAVkz7>En`yCZ#*$k(OllxA
zLYZlCzE2>W#<ul|js}0<*uBz!u!Q_yD95*`6*P4VoZokW0MoEIp;wEd10HZXl#&fx
zI(yUFkiB+J*p6e8^jT{r|8}!hk}}HMTk(}`TT~DE6*$(fByEjr%L~M1nU6}ZXRdG5
zNA?W4BcR8h!J?LVVOf=?ri@9kz9qgiDny>L?kK0nNQ8E59c-%8^d_oMB<<3-JkAPM
zGHq~q`MiZYlSB}<znw+EEtYD0ax#)zoM6pdp)_xf&q&5Th)kjFq(XSJ0mEX};zwGq
z2GzR7;ri;ZGRvaI-ka?B1fbV$6q&5#IxB1kVFR|!&JV!KZzuo&Ba1fC&Uof+&7{@K
zdwHYaQ5)1!4R;ldBWeJ>EKGDFY9n0JVfS5~bg-2MmVLZ{-H^Zd2MFdcO-hAf^pJP~
z2GTXe?C3WB<*~p}DB|Z0o0L>6FVDNIPd-)Y2kj$ObfX%$9s1s*UPW&t1&|KXg=v}l
zq)eH&oy>-rx~`VWep;>2k(wih{u5TZR>-#sOXQ_pAGLtP_~**$-M0}v*A6DmZ+HTT
zAdiG@XPmGWqODc23zYcj7oCgXUa*W(C(mC1ayVI!@|%xo;Fte`FKDSR{gvAl)A0P$
zcUvz~p0gh=)$_TbTMzV~407slbviE9mZsD6@o`+~skJXZVHD14a|I{il-MI?9clJd
zm~$vmzsej4=2Ja3$r{(_O3f*rYaak#d7Vk%U+Juk<wj2V`QqyLV5Uw&#!S+c*TD{v
z=FD*Zj2S*kYh70_@Y9{id(i;-jXn3@ZI02fZdN!fIDemETQvFNOHeqzvfI$920qjP
zPHz|?`4<%7ZJ}DRPT5re9o%-pubai@8rhPgWfQ;GnKB!)Q$Kbi1c*E=WFEF1#?zHa
zg}>~vu>Q&@)?EJai;s%B|E-tvYlra)<+Gry;9}0xfo{`fo$H}`1&0o&(%kCAlXOC5
zR@YdN{;)p^wR$5p?gV%i&lBQ~?)*C*78jPo-15_;9D-8&ACUNf9eHi2K~@@Z=vgME
z49-ZDX?PIF2{Jy>>p>amdR(r<BlMMidr&R8ubCqEK`?G!6>U9@JD|O`rrLkOV#Y1+
zkb^j3>SzIVD*^vsgQPgCL;IwgN`=lOojfJv*Iq?4s2zn<#>3z=*<|(^sPF`163Y~Z
zd5{I70V83HOx<Cq;^4gt<_3fZRhp7laTg^flF(ya5vCz4V`?wy{@ZeGKdv4uNzVT=
zwH5?fLF;AOtywneILdn2_TY(x9itfN08V=1<hi(%1(|K^M4hF<<o{&$0vk_7fC&6$
zqxp^h?44~+3k0twqZvI*L?}!GqHz~0rLSSmTd^(~+6nih<Axy+8-S^Oykqwdrupvf
z+yDirN6hy4xoQJ)^?>PiN0CevW97d^_Y4AhRr}-Ks=)L9=7d+SclU)|!5{)gMC!l?
zb--HUvQRG^vi||n{SS2Q3Fo;^lU{2q>G|+@4<bOnynS%X*+opARM(-OKCdz=w{?#E
zMsQJ`L!J8|VwQf{m--<gDNN$N<os7DmIUHmbnM#5W=y)_gJgWv>qL*)tCxn8@I^BH
zz@zT7$iT6KIS7e(W@Djb!)wf_EfX<XAuM{7VsIpl%_8EC5$az=m)Rp>koBNa(mPo2
znh1Hbc{=W%cdsJoJ5B1-OXMcYs{Pj5)1^#52>c5CfCe8thLELZz+7iRW4o;s5STwd
zjlT1PT)y8<TEePeItWdZT`@3}9P4UvdSFU2GLzT@#dhI%oj_&Gwf_wFJ;AFv$)yA>
zS}DOTR^$|G7rJ>KmmgdUYL`q@Aj><t$_%%N=V^CF#%#JiMt6S?Ol^0UvD;-R4GO65
z2Jv%PPx?NvuY7GakU;2^75%*XJz!Fu>+pv7D;Nb;DB@|y=^9V;G?^@5{1LG-!|VZ_
zCVJkko?nlaDm*N0;94dDK34TBK>9EYD@4C9hmz&LSpz`Wh-V#rXegwBNod?KVE^il
zSk0fd2aLDZ(4Yl|(3}}LzH=D26WcZ`tvK6;vI{)oritI#CZdbpLdY@SP^e~HYHFd%
z_5rgp21Qz}hg-7m^nvRbK+p{$%l%kisOEWV3jVv!=8|i+?X^$vH_2=Ahj+be{2&0B
z{xU$Sadb&IMMU6OEWZD;IBwpCW{%D=HU50@CMvl_007=V2P#IApp&LoY-h|U2|Qjy
zWq3_t7fW^yB{w&!IfX#->|g#re(9FFD`+kz9hb1UeJ*kem-c>M=qF0@PPHui3f9aw
za{<~>)svFz(EAyVih&nU_RJGbK@K_eSPY|AP((XRk=cKptI~MU&E0H04*;DaCBa}H
z-kcsyWu^-0RqAQ`G6NA&S=?C(Vx^rdCWQh5CiP9*d>;7ru0OGH+Q7^EhCJh)mcb@r
zTuOT7ghZ}dY${VOxz1$u<$y2Q|H19>5z#L`AEE^#X1IlELKDix&&(0S`)fnDm?5Sh
z5e<m8_75$6pM%Q9LNpiLJfaIIkJDW~o?&*MHug{?{9Nxsbp-K3|J+MP-+V!~^p=pR
z^(mY-try1!)=zJ3csLOZ7ellu#gpBrD$5W^zwt`tmM;n!etme-w7SK?Fm+AS`eWW2
zbV1xs#(uBoO|v|UrE5=*<XORq%BOULXzO%&>S2%FG<2*i5^}#)a}h1HgT}MLf37gd
zowf)mtXUUw3}PxP1iDWSAchBfull1A4TmXa7W2-zxKyb!A{OH}XN@Eoxs}k8LVLo1
zvO=N2yPp)@;^rreWmIMMnSI?>#mMp-(Dy^dSk$aDh*&Z$OH>mW8l%Tc$!|~4D0O3-
zNSY9r_xKO{go4%mz=!X8Jk7n$oY_{GyTJgo*<X4F&<7}4v~=?zttPQ%MwEn!6N|0~
zN;R0G!|L1?0ttC7dD&f2)jMhKEsnmyj3f(qe55(S#iNG|iT!<v;o&H(5FN<eDc$ag
z(gFr>_27O`)3ZGh*NGG1wC?f}gkcsyS&BOKvxokKkPyaQ(P6~Rz^cV(7M)!fR{90|
z`BFE6dW*#ahH~cT6hZVbF7BU^0}eT(DBZJ=0P9(6dRv1h=-fLrz!cq?Jw3N3{&6>s
z`&cogdIBT=fr!J71qgWlRf(dJdkI>~6M#$=khgJAXcp8ztZOzFso!dI1t|x-WhnJ#
z>Vq^D8x`CL)HLMkkI>Wmx|^D=m&0XEQ$(t`K%E#hS|5aAfKL5*<{(P%GaosgUL#hB
z4p1q@{@C1QeD4tN95bbd$%Q1#-i9zZO>I%7`T$<6kSl0{@Oc;FPz(U1XeM3<T(q&d
z9h#|8fIka5niWJXmU38B;FNm<diP}YkzRcum}HpB8j^lvhJ*^@Vg>{h)ltrLR4wHZ
zQk%%xAAYs(GV4dQ)LU9wOzeYQ@?D>uM;s?x#K*P}BqLC(^5Iip`W)jk*TZy*sFMti
z1J`n^xGi>47#m#QRAlJ+uScqH<X;bW4Rs>)>-Pbp6YwY*Gd#OB*WDn%4;pw<9@Rn5
ztF=TP)B##}G1%z~x`$wPGB%nHuJRs`F2p#~qG5?VvPzK~McjV~PLt*V4CW_CQ}ou1
zogg%&hSqW&ov1J{kB+xEaVZAgzJSA^KpBDDoQY`{K=Kg-+ZgIcaix++O^*59LEalz
z2a!$p<FAV;VISzh$aUBiczRROiVi?7rd61f9esLemTj7h!g_}#_`Y9`!puxNXR(o3
zm<-wj1@osDMP3g|{@Y^1yBrwZbJrlK%U^B}s1SqFN`>V~SloNgiQgFHN^D&zdc}Z;
zk!+y&Fdv#{i`P(1BbVFDYMoPEhh-a2PG(or@$Q|RwT-1WBEQve4Y-45c=5#_Obd_`
zuX0`g`^Faul(@3xp43t%WeqH8?y$I|K2HXa+KnT{ty^)vt;T$-jsLXt>(kp&zmJd$
zLuP^!ZZnFLNp7p+_i1sbqZF)O!GoB#diT`keR(sS)+c%71ld=2{4K?3JfK38aeL5}
zEJeCb|9U)Rf{&*LLlj2hj<g3Yn5?%AIl$8e<!lT%*hPtj1!AXH?K?(ufgb!-o{j^1
z(n15t45_B{Xd2?T)-L&2S=bh=(xp|32#E841+-XOPvogQ@Kw4k*gfm=h55oo-0<-Q
zK&>HjNUyH3N(9OIA;lPY4`-Ol?`XN2iZ}J4Dp7I}vV&$nl#F_MGmfHEU|CkLdnX)z
ze}$KneR+g79C#ze1!;Xbtz;CM;QPULQTnXA3(^lWp(-vwYn-S|r;UPVN~3`r<l#P_
zWr_M9lZsJ7;TH(rhZL0f6j<loj)-fG3E%6ddzQ1bB@D~MV5-9r0uFxANC|qLh0$N{
za|SB?BR{j(g_}7?M)*Rw>SP=B6(nXpuyLcyQ=URLbI?yMvCTaOETsm~e#^vvE<3Zr
z|Imcrx~{Cy$`m&oG|;Qe=6d@j*R>GotY2kU-}!4e<d(?bivZV&C=5+71ev*Q5P3%I
z2h5e@?aTq~Zd9RGT|tIWy{zwjgRW)W6~TH@P|NC$;8hZJ_e(rlZ}t@{<V<_l0f*+X
zBAzFmeHaq@4}%rAO2SW?lM&B!0iy1trHJ?NbRi(8=mo!x%U&HZNOazyP_NLMOB<|w
zCsrTwX-(}^@+{X=B$=ey5h{Ndd&G_9_e%-+AxL%4hn2J}v-T@ct}~dXqe{yy30e(F
zmhS}H4=(Cgq?IB(8gy}{e7|ZL2m>29GD42>1oFZ6jn_}T3W3&t&<kFuB4N8ERZ?M<
zx~!IVSQj`VD4q-*IP+-ymTPDf6`InK!{sUV@Qg>U)2CSrV;O9505h0i19o4t&R*R^
zPiUXAm2(dk$$G#E+G7H)3J}q@AQxukF_d(K)IeDN%Zq=fYqS$%<!#v-dU{N^5}qC!
zKRlj#5{VA$)NE0#6?YwfJ|=#42u~bpkMcLFh6giXImO1XY}1MX351e`ZN33>iD0hi
zHjOc>o+zYK<8K*?jl!`hOFGYl{!BS;aWo#XSMv<X-(83N?S)nx&pO+D!;GM`^of{L
z$6{~Z{5yi!k1YG7{UkJ>Kbt$Ul-+z}vunvMNpnggM%|s<1`yv1R_{5#{u7J(#!J$A
z*%@kxw=(J`uFL%RthC@R{2<B)8e2vqltaAiC)72{mcQ%teOk1%=iv%fX8ncnPwyTM
zYAb22TT4;RMvQb!=sVj<tIEqp%9QWLRwAZ`MbobcKh-CWDWB5R+D~c_C{vi|r=`r`
z(#r2<Q_D`>46TezBa0Q8QP%PzQ0=uUOcW56CN{y%wytIIf*mOv$wd}jrJ2vk53KY4
zYhKQEW+zfnJ{)wo8*^$46Ig^meZ@?3RCI4xMyBsM<s_8hg;E@rMTm*~mL%+|b7RU3
zX}0kE);%hdt<wP(Vm-tH%)b_zWnZNl%Vz@&YNOh}`>rc@E)iNS;U&Z(9%XG(@{m#*
z;?iGZbwVvCl!VG8uGER~(HAgL?F<C&<{CB$#X`SyrT598Pj6JI^8deb;IMjxxh}>M
zK*g1S%dOKmx^?r~A)it^PXK(}3sx#|48kSq^&+?4f|E#;y9Qrdw~r1Z7j?@91aF<;
z<8z@xSN+a(olX!Sq^%7Ma2eiC)w6!z50`9M#xPoklHZ=-zl<KID4lK50-x5$sum|%
zyYuzV($`ns*6ZY67e5EqUx(sZN@{8OX#7pg7YJ>XLJGUQ?3K%CTltPzVK{0JWOF*)
zpg-UK<p<YMx}CL>(W#hh(uJZ0q|hvFM+5&AG#ODtg8owOtdZlXL~oQHZmlM0b3(WV
zrS&obh)%7W52hV}I@nYd-=^R%eFanIOT8SiKAy%JW<^<H5&4mfsSy{4=KyK>i8trs
z*ye5ynXfy|h(QI#niJF3HjkhpL)_I@j)A*FKeYVTvmNr3^Xx^j8Ap-`7eyf#tEHMh
z(g>uJgAGpS>j<jN(iau6T_R;Ii1xI3rm5v9LZtwVhI1Cm68MSrslL|}AU<Y@u;Ziw
zqq{B_<PkjX0PNxnqK65z+gCU(_{d3dLIz1F<dr`>^ylVcqa~(6Rytki(;@sInJFiT
zBZhFV>KYGjU%L<SEtJpWiz`TFd@UbcPi5Jk#!3-Zc?VSufqGmk#6+*h;|XKeDJ1!B
zl%sE_wfOqi$tM#xpdt?;%j!tscW(&qE;eh&MLH|P&4j22l~^e*flU|k?TJm51I|`!
zoU4B1st$}B;gMUkv4#Mg)v++k&r~B0C;vk}Q-X1c<CI<+!iq#$Dg|9Z_W1|1GK9{+
z{^xT%sQ}zcy$n4NgCkOurck;35iZcf3?y^CowKNG-H=jqjV|sUtr>}nVhYTEk)fog
zrI$5xjIByMc3fZcJKTHjwV&WV+WugREgr5)?%76m<{$vhYVF|L6rVfFn1@lB+oeht
zzMOyr{0&*_y7|Y$wj!Gu{e2#k3oY_0P1m#(mc(g>^Zth*LMc34S|>W)$NtHzh4D5=
ze5vStK=Q~Of9h-jVbzuzyi(p#x5F*|{%0|-<6w&R7pg=#p%)~q!8ot|5lVNUS6VZ{
z{)&vYyQirnt&2iAiiC`N+#Di@=yB<mmV3>fy`AX;p?hCG3hdBpOE~>0llDbZm9J4B
z7e3eFJlB{_Su97j(po9aAaNv8Yp*%B3`5;`MwlKMs~6gRq6*XE|JNlDbx_HMg>qJe
zXO=3J=>|26)KBNG_NrMOQ3f}!ebfg`VNRe9rYxv(%F_Oz?ugm=3H)vYBVjjA3r2h|
z-jQVno|`Qq2!K_ZE^k5wm`|g;Sv*tK0S_03d2qS}M=1l~G;@9idG6L`-;oTs3glJ4
zZt(GmfVn?Il(UoxOhX6u2clLs{x5y9CxooM_5#0w?slvB!Rfp1oVL@)s>GJ*BHQG&
zw`w7Nj~t0In-7mvFFu2(nP5-<7|9g}%Uv`;6_#)cxPHvFfeTEA5TJhmh62lsuWjL$
zX|4;94?ftoIM*KySj*i}XAjX3B`tVPZ_m86;ZdxrWfxXT{V#)MtR7mWGYTgukNX~;
ziU{ejjkaqWyUilOQy%x}?ZR!=ub;-1Zw|F?GPQLk7y?%~yJt4!1=7xbKSji0^y*yZ
z?&-XS)EI!C?r{o1orT$mQ~=Lp^|yEVS^0^}Wafd>7Y+r9d_Xa&Upe|v7zNWdnEJ)|
z33SU*9(P079F#MTBk|0jfX%%4`8wF|mvA+vmi5#uM*#1GJSiQQb7(e!fAm&`09og!
zAKV;_0W)7faWkK*Xvns&NS4}!PqdiR9ueseOH8+300*|#NSF;D0ea6tW)3jk5FeD>
zuwTK_uEO3=SxVA!0cx-ZD+Xqr*=Ir^=Zs(?<4&pa)JDM4Ew*FFmC~BAwDT?-RW8}M
z(lg+q)h{7RedV9-)#@!1-6q04D+KP&WWo)eF{g>bTU;<QTEtRQ4f+cZ(D}W03TF{=
z5|->E6PWJDPTJk1;ES9>A7W$~<L13}z7$E*%N32XSZ8igumGz}8L59Iz_$Z|!0Pjl
zlZy6lJF>X%Tohj6yvaHi-_uDt$3}^}#UVIe#Tr+Ds^zVe(Jtr%k0R(*-A*8?)1J>_
zGs&2%Cs0Yzz<NZGcwj&PSxw%)2>UI`78P3ekr+m9DHa#~X-hdZ>^ZVm)`sq3l=P9B
zFk`6+fr30s%!7@jG3Ct3tE6fM8G6h#E8KCLdU8vj&6>%YsCSglsuRIx@eiq9EcL~$
z5mx!|K@d|$mckgikwc%3#M#aeVxf%Zo`c7s1uhaMV3xN-3(fDSjVrH~Buy{eB<jp!
z&vpRj-6I~Voyyh@?%9t1Ub}3%%GUvM-WCweN;l*&faZ5#I$*z>7TG~`vl4w8eUjJ$
za<fuYRUpj}3>6$!ML0rRvnVE&_*kRnN$(h~%b5AV)ttD_%bs<WSqtL!RzPm^Nn25q
zt3_$bm>N+9*`V4TtOU;0)7g;6E>_mqZT+MCzOA^%nUe*H?{_YLr0tQalw+%UY#eyl
zqO57gXSYD(&B4J5pIv`!aa1lNbuEi2sZHr*=O=-@_m~A%1D@^mHN3$r;k#x<!@SDm
znTLPI6*T>?yY3Eo+w7r%2=_O$)*DUiG<n)XD@eaz2fWsC4dz*<V{U-F=ZdQx>$!q|
zNO1iiIeqZ_n-{nf{f+eSm2H)<zXg(t-tXvGlMlVaBMJt`z8v@0v*eH@hK^>%G6!HZ
z6hrE#^TGWt{ZX5^92ry|e6J14Tx=*Au40=0b9Eg=AxW3K`qJ`y^)?4}?y{$$$|D3Z
z5EqSzqHL1Q<4ve|SP&g==P75~v|#*C@K;qdSr=*{eul!Cbauzz6#rv@n8Yctdl4i9
z11PORK-nadsG5X31U5%*2DAijL8v`og;2Re2ot(uivyuqaVT>%m8S9fl`sXP!H%G1
z_%hle@|Gw4?53SpaK(l!xg)GPAMW<j`~*W|RP;_XS7+P$@IC+_o}2v={48*f9+$Ni
ze1qitfki~VQQUQt`^nHw3pCd<DfNP86Y}jBHWn0ZU6c*NmpHprH&z<m)ic${_LOON
zLJiC4aT2?@D(MKws+ZVPIUv>yXsZzs$3|7p9P6rX@(g7xQ`6h3<1n9o+JG*>^BoM=
zuBvA8{y;^7LaWtLT|fp#5md+*#s?2VHy$JXu?)Y%&RM)eY%L`vpA@eOc#D7lr|<FD
z5x2pND_5X~W(DXdojZ1iUJ-`0KgxKu-hxnb3;Fk!Sh>ElS{2!1q>@5Qj1heRHPftD
zh{<QPmK?!+)R!11-$UI9_%40LuEQPC>DZ>pns$-&<)|-4*}`L!-S>>ivPJ>UZg3fX
zrhuvD*o>^(#nPbay8u-&t4+fzJ~??&kkaSihsHOcXpRiWdg<(;Jp^{oJ*|59L}Bb0
zkE(U-!jT{w3uVv<WU2@kOu*)E2i-X!rUVux#;*;Bn`RMHwDf4`;XwJs0wIrT{Z#-@
zedquOM~8DXC3qwdwL~*iaF=_m_Djen#uq33j$}P<Eqfi-VTGzYdiwUk+2CLOJ(Y3|
z;;#q<ma9X0@I*h2tmeK<&Xl+qKZ?6z>9l<Slk2r}vNaaCT^?xNZIP=@fG8#T-)$V@
zhQ7YF9x3}P=y~jgB%oYl%%&h_6bu9H;@QOr%tnjmsF8E>x;%lnpVNf{5T_VNj_R_5
zcBWbM^@18e=#t6(G!^#f?E8{$jI!Nm7_Mb`vv7TbdQEz>g0|t&S+9b2_T-haghTcv
zCPAD)kmP3S^;wSM#v*3L8AcuTY#r_Mv|RVkv&Z!hpCVkWF}i|VSx<*M#(}8@hmB+5
zA?blXA?-+QRjdc#izJhSEF_lQ)Q-irJ)Z2BXBei29oFJHS#~eSWaGDX2VgsHlf6OM
zM>@0kpqJz?-+624uj9kDrB=fvQO8<UvbOq$G_PwoPc!Ud`<<~`rp6`v+$5ogM?B%3
zB2IFaqF17^huxkmk;tI(V3?p>y&>;=UA#2Z5tJA<?ShOnlo%<!F{=)m>`MuoC<&99
zv+6fa?j><4WD`0cGKNOHsoeIL5x6ite^vQ!VW9Mb+CsZD_Ifmm2W!e=KgVC;_-1Ev
zZPL3beLy&5kY#Uq3JP@=+fpjs-2mw(crmU79+GQBB&PxQaWgI|8j@>=7w}^e@TG~C
zk8xyNja7$+oE-}VVjz*#PDTskZkln)Y_({SHk=0}_Rl&VDFHb0^~e$j;x5O2YC^}D
zsra~EA^9nq_rmcAQvO<#Z4xJnY`Mxr7sHrTIVm)gr|Pl!ZLvkCRqt?{&x{i!ZYyjQ
zo5M4!$cokYpCtt~aM&)^Xh%i9_!vt$47|m<E9E7rCr8rXP)8kai2DUWY{+qgp@4KV
zv~B1Eh6UOO7{j9*PLIP}l{j0L{4DgL%M4<!zw|Q_9g`+H+$#V8^>!CkgrEu427+66
zBrH7GKSCK<6zLWTnTU1TKMYjp0^A-z6Mx<%v<a7Nhf5Z8*|x|Q??f{p!qQdDHN;%a
z2`*--dp3R$HIB?bzw!WB=gxUlHotF~b`27zs^&JsdTYvj&x%cy#Uc}#1dBp{@od#;
z+3PaMcuIK}!1(+^2#LFQN7`)i&3&c0D(X~y0|h^y639k~6b)P$K{L^X4>H`jlcx<E
zni@M5ZnYhesyu1aVYvrmU<eZ8x2%dc!qczQXlpW_VU=7Wcf0KZv3z21bT0P%^Y>z2
zH2$7rW3>&m`RYT%>}JdJ6}|e>T($+}9;S%ZfKBf;HPB4g35p;Z%y%%jG9DM86<un5
zyf>4omn!BX+gg4ibfWM)eAtrLvsqv^%VKd|Aj>bNI=^PahUbIdO;v!#rx4&*{;qy3
zWBGzlN9~AF-!E%hc?RKag>Oig<0>}5I0;16Gfj~U91}da1jcHh0D6<&^C&sM>)xQ|
zY8@5j4>rEcmMo%F6gmlABLN6WJ$*|VhtTu(9opE;^VLc`Pri5r7PUlhwe76t^-v&q
zAL>ZlvAfzbtuf~f9_Oe}z~efac14ylCffiSHYjRTL&yS29IRH5U<-~m_8s?7CO|PF
z)f#(97MVCq42{fUGqea{#6W-oUX_~;^X)$X0007c0xF^s<4gn6Sv1&^?^p^iQVX?d
z4}ztTIFP5^ICQ8f{tWIQj3YSHr+(bCL<ifx4Hro!-=PRH8WHpK1yS1WI~$8fObqqW
zYC=qe1~eSOPmkwc+*`!m({fb^r^7qYvyyXPr2MQ4eb(khRoncMIi|C87?1OVW|-(k
zWrQ6FA6MGFNOo{L^w_L0L%<r2+@ESKK14?i${aKC^znDaMy8;prwr($IicVct+zVk
z<X3bQ;2~-@u6Ms>U{-qD?^NzHGL3t>Z>kM~`KXfqvp1c%)1re_;7~pNOSua<LCb2_
zP9Mm^8}=lb>%WH9;M<NSjR;y2KKCjL^7%??hWW93@rR2iJFH)Q-^FyVx1au^0nHJ9
ziX@W=mM@gvvhOp&{?>Ev`g39+j=d%D52?y6i}!lcV~Ul&Mlx%#|Jb`l676kh<?AKv
z)ct#jm)OuS00B?xUT=&Q_DN7zmET3+Gz-<6;))LL^t?Dg>13EHtf+)MN{|3J!%5Ya
z?XN{?e@CixVn&a2t?%sW!{C#+v|JG{A*|9F-H1WIlUw$!p-+g`(s()hmJ_UkaUQ#i
zsiPvQ$qf%8`Y<&@$?zN-jDt>WfL!RH_~I}=Qb;Wg^~Rs-?xxo*L07EUu#lpm^)Ov1
zOV5eJfKEjkL@4_oW%PI#Eo-8@c$mNUPrhAFS4|!TTNM2u=m*JRn)rDXl7WD9Wk7AS
zb*_?Uw%=EeD`@+V68sc=t=1ZnJA$yrMEAx8;4L-oe%8TpRNi#_u>caCz6;l|l7j^e
zG5NYCk?lsTqad?}gwkwPP4uCFAwUR$R)SUQvc#NUEh64?$S_MlKa%=-x=8XV5Ud%B
zGf+z#iHL0UOX<28=a}nc<&1UkB#yk#?OGY-4wn({Ku)4q5;ZGg<UOU=1r(ut4izEB
zmho<}1~kC$3Uj_{KTz6=l3q3z_cJy@vIt;0e4+vll4GIK+ywg_emL=D<2Ee<pxm}_
zh`IRA`T7|_@?g?LBelXWWI`_6irhd1Akb1|24rxUzx9n!81dB+%1M%0dT-E8jM}C_
zAh-IT+XGvik&@0)uPLiFzc~XAFpHAcZj7l{Io7ij0dPxy`9hF&#!gT{nRyIDHW4ka
zutiws)NQh^22|<rKuYSuLpm$7S~S{3%wp*7Ii(2m+Rx;i;yEszc6<0E`+h@tE~*=)
z>-_2+@-@p_Q{kSO8m9$b5ZmY?N8}iMxtiYQ1nsP6L%=7!OB4c?O_6AENjkG0?P;>r
z&j~$(gNKgwq)Nkm*5O^)D-3%{9%J#{OQGs|djk2D5jC7c7JN-QM`r83{kC%4F_M*_
zDR1zSv4=<~TYDZr6sKZe;)9jlsg;ARRt35s?SG2*+;b1}C9I65ct|G0^MnJyIW~D4
zanZ7zz`gJ+r8qh|q?Bgsqq1)<&d&MaFx)!mKxhUZS{1s(Hh=lR^W<=qJ0n_K&?>%M
zb*x=W$iP2&umH2F!f)07!|`(VM%NuF=%#kS03=JdFHByXukl`sgp<-DG(3-#qBHiB
z;m~q}YsyFI4zHom054Havn=Ksam<9swMd7LrgPr*4QHnj%5+)*yZ{;nnKI$#JZNzS
z3Li}i(-L9#ZNt{}%oQgLGf<pc{rh0jt{W4ASn?&(FoGr84~@#G*2ZHVqy#!k-S6~n
zB?%$%e00IeS@1I?TpllT>MR8n4=n$jMLofDGJw9&I6DWvzKiUL%^;Koj4glBHm&)f
zPv%@%1i9PI_%06Zxv3sB!{_b=v^$FwcJi>%Csj$_@(TQHR=X-y4Y5_nQ`zb+7J39K
zyLMwu(O?yS;BgoXnRJ?{J<nc!X-Q!Uv*ixMH6lkdWzMu$l(&4LA~x_8DDE63uuSd=
zN3Pw)F6a8W(FT)QKmmi*VB#w~jvh*)YmpjdvT{RQGvl7|@XG_WZ1-4;Haf2qHDVF~
zLh^>nhpQ&KfB;~He2*3s)Fm%jk`^V$&;I6VbpO|fg&$QXJc<xCvkJHseqqq$<g*S*
zG!eBT7t%Wr=rl&$8)-wfpwDM%TIwEXy8t4DF<#Dl9gIkeMK_wYP9QR2ZKobV9J-JN
zPy&y_p(w^+0h~d_FOpBMRUNNUDk7W={p?~*Vm$CENYszU-;J-!ACLe631pZNRV;!D
zb~@%fCm#18&eiNoy!9BEqIl(!=)#3AUUyL8ZG;UFB>7(Cf=7SQ$rKeQKbzJ>8PDYW
z$EsGh+D^Vxm_By4EK?R=$$xK9LW9IMNKtKm+Tt{vfG_2WL+zkW`Pwf(S(i!W{kPgd
z@P)kUnR()znDmsKIl|Xm#>TzKZ07oq0=)J<x469ELOM_12&-$9gTx>(h90JztLdRT
z#n$pvB#y~NAHP5V0Hb4p<|K@MMm$hyS(a6?s1R?%U*N`AA8I6YSVl;!04+qTpE<xM
zLsx<_ax)D8pSr+`sj(5oRL}xgJC;lo%FK%DO>|i%=W|L6PgUBaw*n4edkv9sk!6ir
ztPk54V-Xc@h}p_poG|<tSY6K-Hsej8*KXltcbU7FF8YRE_^T1<-}p<3goyVjeM#fh
z>vxKe|5I(E-WQ(N`oE|*g{Y*^oz8qa$<zQH<c(Xj-cUi?L~`^<64?W_VJ`FZ#vR5d
zG7o(=F#$(E^z|FC$o9F)xIi!ynsoN*DiC%2_H8S`0@v`jfbd5@sH(Q22|{B^2LxC5
zVf$HWatKZq*yVaAjtwoaBb;;^*N@F<6R-)7#VtaF4b&}422G0kWNIUtCjV7h9a#OH
zkx&CHH`*J@gPu3%H*Jfs&)rA(rpO`-fA5bg)Sxhfb_KHB007isSix74KToB&7b4%y
zJQ29M#br=lf9wHM%S%u#`wLx6Qs@WNLOne;ulZxVE9=wDhEZLi6mjaq;q)-{Rww~u
zeO`vu-_i^0L(8;RlDNa-EFgkgdApQ7888atMd51jSa+FX>~#I1twK4jg1b!Z2lS>l
zs-WwLm7q+DC#<&$a1y6+Cz}t4bZO%CN*Gr~=2jkPr?2Xr&Zz?8!pKX*OhOI%aB}EP
zpa65Mr@4I?rsEy1gLU$R(}Fs4+pS&lvCyvXlFO-Zc0sdXfpy_}3<SB~*Owj5G*5PZ
z$S=oOLe)|F2<hf3Dn0=_auc6rA6jIKLJOI$F@vr}OZ)ymDN5O4U-#)ZWO;QyEi5mj
z*hxO7?J_w)b$uMJceLhqQE@Eey%_lon|yhRQXq5u%#<d`Ye#Ps(Xoliqk^*%HJhyd
zZz^dYmbku}A_;BM%`-}<E94iNqtEz?9xRXS+YAbq7bsDN<-PZm=TH;5<d<|*{aY&V
z00B>ut(e4<!X+MMgN5BChVBc+w1lTtkQ^-qKz;eiQXF!X-^XE`r4>yFeaHp}3Pxxm
z@k7dypG;0bMM=f5{pbLS*-A-A<Q7oKt{+Ip;!)zE&adhz+sv2%Z>%*w3*56IVObCP
zIgHnwmNMxbju}Xkd8bmJTgr*NVMfr~-~of<Td(Q~vL++@xj}%ECjAU-P!c`4B-3VQ
zw1<7-slx}zo3%v6<w>EAc&pGZV~(gOK)zsu)^BasH_4+eCD3B`!O(3qoNMkJJs4)}
zfS6v7M090*PcNE2C9QuL$OP;zUS0~hCj8OcB=M~3#3$eY2@GqfvFC%dRdQf?eIt>s
zOOm7<BXww;PfH^tQ$@z4<;-RBxPakmFoJ3`Dw7XGj{pEEOczl`%LVeiwAt{$FIALt
z`h=(*=0#U30}e70Vyf;22$@A~R!}S<qoI*6;cj9>I?G?HiF-i@<Zmti4%*b`nWjnt
ztYj;1+L^sT1?v&XZ9*n}NQ*rM=1Ub;KEMI%*f;U&d+?exImdw*CcsHcxTM5A28QpX
z;n`p3l9jTbtZ3E0BePeuNL%eF@RC^}V>&1*Ffc4gYZk7<)b2O(zs2xa^qfqMI82Ep
zI@62Z)cjmmWM}_(e4W+j8M1qiK5$W&%G#B=0spUsX8&{yD;w&-WQkTMMv2>zTQ_P-
zVI<ATH~=_6$G?6w(VeEHq$_umtY~%O15y|Njz7w{5O>aer(gI#sB5y_td&_)cb&&9
zhttl5Ao)E@xaV+_8H<Rg3drX-R8QAL-cp-a1<2N=@%dzXkliT@Li`S&{%PI|A<;Qb
z3;7`!d}$78zytu$NV7Sw>TqCZEhx`hVdmUr=8@bl@z()|EW|KOn4(D|m?Ep8W~*LC
zauTN}d}sT7-1FtWXik`H_-+;V`<-yuFD-nPcd?(lK>thQZL2c!sKW^$roN0F9!^HF
zhgHAya%mZdThfL7>*NvNryZ#p7KdDqr(j(0wUKm0v9^zZ&&^V%nx<$*!YbI?GxN=O
z09*y*nG)wpTQHln-K{rJ-5gh7*!fGVoBa`Mde;3dU{{PeUbERazk~CTOdGZ53xShr
z97+RfBk|y6sW|U=LJ@5k&HJk7f<D<g`gqGBbDuo21(^sSOw*WnSl&&P>y5^~(57LF
z_Ac)rX#e$@vA$_(>wc5~01=oZ3xLj%8evV{x&cr`Fkj$sFrkdHR}bR}(8w$T%z6hN
zU?@6xn%Z$oQqtkwpT<wJJimJtXKrVK&tj`h{2JAlYa)g#|C92w)n6fN+VYueK1<uj
zkvNEBO|3I7wQ{wVZU6|t6^=Yma5@j=iz>|5!Cw<tXW5pIPRf$%qQwi}<LP^u$sa8M
zE%il6ghu8;zBqQ*RMLPit!mEQd*{*5xrR<sqWnMehw`+OV`Oi#41H4EexwqVVFj^Y
zc{b@3{l?Uc9?jS$HYW&f-j;B+6Y$q%z^q^<Tt+}ER!%F|LL~MTNB{?U+<H!M=n^W9
zBO+nRRZzPaW2h8Jh3AZ2S_9hK&!?B7k<$f3BU2*>^52{uRV6;O#t^8%ON!^gl5!#<
zQ6Z*np?5y(pav}5K6zdx?~k1MXaddyt-m0VS5KIdx$#)8a%F|cxP*+_8vCWItU4vg
zB?2R@))c3e5J-t3mE#fMDNtfjg-{}Y>tbm1?E}O%Hb?y?P&{MRW1SZCIVh;+JxeEI
zFEF~@KGoO4%4h$}4Z}BUYhf@?dV;GAYvV>z>eESKlz>b-&~k#>q~rHpVFdNgvif8p
zYoJDd@d>o!FcijTU{t81DS`{f?2#mOR5w&PpTs>a<hKf7%{%?xcQLpC!SkC72r5IN
z;*dOjt~~gx44mzX>|1q-0e}%SCVG2zQ!0ryMB1p~BeU769v~iM*=M#jnri|xjzeNZ
z1_JbCMdIu&V%SAke8xtM8Lh(e!=l11B$hbNN$~xoGs6|SSb&lVXqKCKv6om|;aLoG
zG<pG;@u)|m81~kKG?YjHCHa@ZK$07wuG~BK=WB!!M7g1Q!oZY<c>ew1x3Z!wqi1SB
z1x_lZjS*iQFh-IJN%X4c$sn>|0+6M%+ywV@MXlGrSDBIMykr8R+O}S%y8^`LvhK<`
z2KM+51odXKgTb<`uHS6w`L}wzE=lgfUSgr*_;3LmNdRz1Dh|N<qjV<BPVfi%VxWE_
zoT~bcJAcX}Yv7@_mrr*bKyU@Zy_GN8ylAgB;SPUBFpKuLl*4+gq-uMO15m9WrX>TO
z8`^&A<3wtOvknkT?J$dBMkb0eH`B=^%nsLx67$oNU3`gZ4c;s%ip2L_Z+|cUJR3WC
z-`Fi%a(W4Ke0pBA)gss>Hq}Bg+7Ik`!^*pi6GXsd-LlS|%4ePc%65)1l&U176@~@m
zP%oHIk#OX;Q86DdO)0cKi^T~kg{MkV{ONA#q*Fk$j%Mf#p~ALe7RVTACrcfS_v5Ac
zsOuP^Aw!Xr0}Ae9;e#O3bOdKNp?N}YeEg>68zzr4H>d9Cv5CBnVLJN+HqTv${Tsc(
z6x^Y>1e=>pasfTs#@u_Q#Yfcp11<(uq`QYjK{fd_i$XYn$FO_4*NO_SJdhm}Uajai
zC3NjT?wcS0VR=>|TF+1ZcaN`lcwJ$CV!`+8vV$Q1E+K}H0v^G<5y*u=CHf(Ap*nr+
zV&lGtWx@^Lq&W9$y>|bWTgk-q`ZD@Cz%pB;QtWSooz1!Vg3#IF&+)MP@w)_Rf{U9K
zF>8fF>(7eslK(PCl0c03+>|ps$r{*-ckzx`{3S17ALvRd@>VuJFne~I50<A)1Ehjb
z`W*Usr%g+VjyZUt&zW0i(CNbOt}f1i&lW_7_6k%V=Vq8owqH))5f`7BO5vPe!+dRC
zN5AN_-`i8P41NSnT!bbJ65cS91&rY`-LJGIbCVkZZYDO0z0lz<*zf~z=~<C*t=pqX
zm<^_5n;o(Dt9L%?02I`HA+W%7&_RxZ|DeX$Y9b02ykEoB=-RV?Sdfqvc5V)#AD00W
zv#T=GmBkJ%7FB{c4`w9IR##}*QlCyI^y_1bH3YzCgBvIq^n>R9587!~Lrn4dS@RvC
z@mtI8NB{s2#YJL(vF#N|1+L1A()(jBy2)|^N%wu?Pnd*K@JE@s#G#Yh=CRn%nHVJ?
zfo%M{dmeiwgu~-R@w4n^_ij}KN={<3eaMY}4}JJg#(J1zAwpzq%Lj(S@l#eCxwzLI
z(;#S3{<?p2KLP`fpK>hAwG|?9t_P}t=q%+OjcXa=pJBb^EursI-~Uu751&tNE@#m^
z*&k;~GlNXYcyKEs$fgILOsK7&NHgT#$SR&|{Ye~s)i#>X+869sZ&p778bAop2FC$c
zcZf|hHEJ`XnjLyN6CywsR~1Kg!RXo@CfUlk5yb;G5F0I&!u~`=o+|ZG{l1W|Nx7vJ
zfm>-SeRc}S(AaRp@0-BhG2sz(5U5H~%;wf3p;CW)l#B#p-gtcl;#pCT7r5tBhLfRm
zp*2l+!Z#tRfVg&!N_;9U(kNE@K@UP^XCeL93^-6Pc0_O!5lmc4Nastw=|>fdSX6&u
zLxY4l;<-bbe}k#Z+@Kv`+IfJifhg<!sN6-VMI!nUI(ta{vXG|b#KLP!Zw{ptgR;@w
z_*1r1-@qU)2oMn~G#jo93vb6ew@fnhp{Ae@E0@KbaZ*`t_NQ$g#{e-Asp2#KBy;&v
z?wCfzr1iDtee;sA#&5+Ai)g>Zio66kUNZd2YI`ElKUpmw4GbY@&Vj+O6bx_b%Hmld
z3)Ny*5_`1q){nSFBy#5$k7?9rPbT<9;?J-`ttl$H;291^Sg8!BR6_kOGOU7_g^7R}
z*}af&=I2=Md5u1jrt1&BDK*IwI^Y%ZH1Kwl7N^(cIQ&}(;(b}_lsBzzoX?Q&E{%Pl
zD9H@FhU^HXE_G`V7@$-Wf(uKzkS)hotBMC!^v4}GL2078k_rlG<W?@iZ|7a+R*x8L
zt?lW5&_&_^a|P~<wP>~ojC1fomO=Lm9pNAKVx}zRmbuQnUUs96>KlWaV{^=Ah^eSA
zLOLY(7Hp(a?SZ%7w5##3_`ivGJ%~Scm)$SG!RNrvI!ROvqsK>b6dB^?d8QejxjREl
z#2OS)1VTsXTStWB)kva!TvPn+7bG%fKM;__zR{bZK&nQ@W`eVtZ4AkUBKC<8uZE?h
zRdm~73h4j??7fYPB?eZT6F1KnP$-kIUXl9;mR7IJBHWL|^(pj&cK3a-Z<cwM7<PUz
zDMdgU6aip?I4L-&+xbcvF~sT<U<Q7OZQV5o6n#F7h*<K579M4Bn^*E1&!Z8xss*5X
z<55j<4^vG8r7m}|dtl67bOtdp!q3t$gT{I^xZC5gIG4EBA5SsbR(3u+?K}S>BM`b?
z@N^^0qmeD)B(Q%6bw)ux1s2tY3_>02%L@i1W|rxX{}iAzt}E2oU&nPlx1(8f>0I)k
zU^dz|&Y9U|H9w|+L5T?s1F}HD(8I3D4VX)9o&F5Zgf1zp(5ZpI3sl`~jd}0m>j*-R
zhbBKB=_0NwX%sN9URF-rcZ8(NtZ~T0yX<oHZX~{eROn}c0Awy!^qs>>Ky;xVG;xX+
zV4jw)JB42|5?To?8E*3Ip)_z6n38-3v!sOCBO#J+uu&)t1S(%97z{Nd6MQT)x$a8k
zVoXdOJnDv3ESra33`0^hKjd6)IxU5SsD^{EN3`8Mt2069o=op+Y@^kFnP{@b%Y~k$
zs)MhKMQ0nZ7MQ)o6ND>XcVV`-i$CRBXqnt^M{SRQrX2@{4?N=MQY}EIJKYAu1NQtO
zOAb*}$(yoWdxx_QVEKXM$BP~)ju$4g^8h#;=(J9YR=-hAeBLgXw1mmH3I^Op&8Qer
zX+dGD{|*y8Vp4Y>c8L$!@d}_^)0Rz$1QuO@<z$M~d2bE3golC-;&v0L07maKYT?MR
zORqjRWfH}^wA)JaPuEqji2+dl^b3jDI)IGy0WKpa0PH7?jHKONU#hEptgNMo59n9D
z8Dj=SaxL6`I`-X3b+j+fBnUP(4&B0n!j3;R^t+4l{1o>rmH-n5+OyP6-5(&`Q5YaA
zX#DR+izmeep}dJ=!pL{$hk4Lgd}P4B8lr?4^Or6E=H5ovz17%P@Zfq%YLs#5>M>ti
zhLaL>qlN$(msX?ucxlLOl5yYy_}^DeWX7Ik8fH#^hEET;p^w*)MIRyQEB_Qd3e93m
zC*xKATi^yYp;}gh)M?2ID+w|*5f<8Gz47R1aNsG>H(M5kwVo-H6}Ma<Hoacs+>w@T
zzIy=qY#a_7sDyN>=B{E|I>ZjwS%MegWsjP_#UxBqO4)tmp|eib8D1sN(l2F(3<l%m
zzf)u?wIn_z*2<Ji8g?2Bz>m+<>p4pH+^uw+K!))WfydenD^7bnHVm5RAiw|!(Qp|e
zPEV-jNB3@p0E7$L=@nF2R<p?k$!ZSBP;U0*k?-g$oOL)rq8RFnJ#9y}4?S8003tM{
zSU7eG+Gf<;kO1ARXOtTAEGU>tc3l4H#KX0M^o`=X+R(+6V{3Q#x&kHV!GrUAAhl7w
zl4-dP0CFHebt=Lo%;uKxwSZP>2uV0*8G7**K$n~ZI-!$WzBEw~CkO^&&<%Yk<8pZ@
z?;_T1We(|<Rg1QW@ulU`8tEvv)o6xMFh7z6o7sxGvuJaPMr~IOWRK3>Yb&<wpCz2=
z%zmf$+^{Xj3L0cTn^)FHQMX!`wkXD`K+myGSv1=k4$7(c)0}rd{~XvLm8UQV0xCHh
zeN%X;v{E3_1nsJ~^fRJ60PQ!hP5@n53tbGUYglSu^A7NCVv{T5T7F2sl|U`L1sWeY
z_^}%5StyUzF@{Jr2r1aIM^UWUZ(xDT%PvU5|7;9L&d_2;?T5`19_pd4X6Z_zGqxR)
zh@H?YXhLf77bSb`KE^(CXGT8Y^?(DC0=vx7=#X_waVS9fCy+@!?7x~iCALf@E@7L1
znQk*c07-eJh~GG+%p_T<AK3Xn#7Ri;{c;mT*%+y!>oiPT3J3ZK6X%EMc4>Y5`h6m8
zg$S1t>?ui=B3?Xm!=R$}$fOhSdQHg$g{>7NTm_iCNK186<6&0J#+?b?5B7N7S>T9@
z)?f{Q04A9$t|j*Mi&}&6mWrOvcn9Z1Bh&>_+}><$sXQb=0YounM!bMR{eVR>K5$Ct
z0VgLYh<|W`)&3yH=T5&RG62DRQrYycDJju$k!AN%!)Q&af=3Vp-*$ExiuTYxDJ)kx
z3iK^fAUA3;go3(nrBev`^cdv<_oB<t<gXs{`tU0$6yvJQH&6Ru_Q;i!#@mGMgOdLy
zE?i4F`ZE_m3@?@;IA+FR4y=$_T|NmR2OsF*w_{v-Ip2JjthHKgyvudv`IJ?iu^Z`s
z;Cfrjn=2+8p$pLfq4{)0Dus@57zBDm_mq4{&CvK5Y`*dXEfQ!}Fy}2zm=7R*J{tv_
zo`zbR00poqt*mRmcFKj<Z?*~wSa!s1UXpY;yIExL=M1s7A6le?=Jf8h90zRtpM4#l
zf>zN;sUd}sYS1pWpc(j?IhF7S=~Nz{$Wd@zOV$cBY_xtr61u;b><k)ZPhn3xMX%`q
zJIO4ly2M9(7<j{H0>BFDXaH#SM^A%F65nryX_G$-dLJ|vs$9DH0^vTjG72bCSRn)m
z)K#0Y0t_*e6VIdYb(`LvgFcY_it&Ev@PeRft6o<Cf2zwH@-3bD?ve~u1tc)|H29YI
zh=M<qn?tB8=)Xe~%J+XXQ!3iHva0Pj(P;ppZdW<bF&&SGgl&_?{~!o>7V0r|HNcoa
zjzeX2y#@x@^)N|9nblPmGVM<=@>F)WSvUVJE{pd%l~d;MmjnaR)g`$sXM?8Hj!BVd
zPQ5chnd!HNRkzRCub>=QfQ6J8ZbrEpSKp2m6QV&*?_D4ZBlJY;^AvO0G@U>I3&!V2
zq?c%nGEJ?WWhd%H3Xn^Ogo2BH?R=RQ)CS}NC(n7bC%uofJV7rT(!so(1KfstI7i{0
zdlldfQ^zwC=!*$|fuwxk`$Jk94^*winxH{R5${2M(j)^CD$kYM#}vl$I(VbR7h(}T
z5(wMEnU%4q=$8}pWpU8Sth9bZidFy<YP<GkeC-!{TtI{0-wocT%>_#fqG$jE$Re94
zy;<wfR)h$}qyVcWu{|zYp4G_9=cvWxNoOgCr*2O=TFJw?_n|6d#xBSN(-sLQCpX+c
z-wz!?<~i^UPQH-yN}nWr8rB3!Q<72~S{eyZBbr|ii<ls*NJRM$e$&s4pbwE|!>fIi
zuugr@yNVyYH26eA7{fgUNL7OY==Ux@R6o#*1kN@hB--wP@1YsVM|?}0DkP6agW0xC
zt{Ql`5CDL|GvWHwl6VM0M|@$Q_+{8LTra6^uFDfnW$)=WW7P;XoU>_w2swA8F)LDO
z_|w3el%VidDt#t=<fDsN>78B9UV787A@vmZU@867BY`|_#?A#0kRQyi#MvWbB+oAw
z5>munpp_7K^oJN!TkFm46ea*eh)MHXXC(P^v0^f**kk?{a^var;EFU{!rpYu52ifG
zf{cV6PgiK}l$M_GQN%JZKmATC90N0m*>XJ++7!LyQGgJ%#>5r?=y&<q<C*O+W35er
z0BvuXl~3zTX%pdu0)bsRYvjN_iwfn0+`jsK;bPVE^7EzL&#BLhmv;xT({%OrHZX7c
zBEQLaW%mhf3BoEAfZG6I-syl-o=s0zatNdrOOo|HcR37it`!bkp3vi7Y+E?oRj=#?
zk8+Z_CC{eC>#swR)3v4YTn?n~a7iyH8uv=TYJ_`(;W{3W7q5zt+XSLyK%Bic$Xd9T
zo9+pXUfvX+&#0weU1p|A&mYL_2h+5sQ4WG$3S>|yK&%rCwrJ1IXl>61%NYziUrq;*
z*eJ6&nQZ<P00es;ryn*HV2!I*%m@|r?BSTGcbu1>DP;eDId*;hTSx?<MVof>%^@HB
zq3J&)`Wq`8mAP;7=Xbn)RpVzAIv^UrL184AUfj*L+i2WTvCv@gIeNw#ixIpON<VSQ
zyW~ixgtCDkuq3;}Vrp%|XEs)Df2*x8@4iY6zA1uJ2;fe5lUi13Fr-ONe`RSeLG`3m
zGNh4yl4?SWcFCN2p2{*38Orwu4D5_ZTLA}*$1@~^A)E#Ev?8kKI7vZS$BvtoZP5tq
zICkvH$HTyr3RzoLd%{wx0W=lMQ%BeWoYWVsCzklF5rc#j9|Bj1#95QQ0$J}GBBN!t
zkO6geXQss+Y5=}MwSlo_f`}#16FYv`TS@eW`lE=4S5fcL=Yu1#6oFd~av&W}Pd4o-
zzO;7>cM)=Vga?@Mlu{_}yf?WGiJktN-b;p{Ov2*}#~W)qMJYjz9Gi)k_AEWD`g^hP
z8Z90L=p+F6t}xESN5$73=fJGZDIWF&65|TajvoZJ$&FIn0#O?5s)8G){zK*&@-t^m
zcC33Q%h6R}C3T>f#WJ+jBp0g}KI+Y%pRaz;t$WPrRN-~Dwpp*Z<QG`N7j(Nqm0b)S
zq{H4qF2IyRQlXlf_)PH{8;`n1<TiBIGDDXqAZ2fYusiVn1!!N~Mb0Z}^ks-BIBE?S
zGUW9iGI={ccia7Ji})iovpm{X;L!dh-TP%gJOrn=BW)3fW%Oj(52K$NM+$;AKcl$<
z0?(RwjX(a#l({-oj2wY>^4j+08GnweS*V0{FYaO@olse*YAHm`Q;ye#(J#>lK0u1e
z?FXY|TH4zbj@PgyXbub^$q<%+NXiv!NHf{`P&v}p09HzPfQRUukRCBckjruB?6$TL
zd)oj84*@7C=e3UeA~9b`dbX#UA=eWk{#@wGshuwB-~xfwL1*xvf-C4yS2V|8`F8gV
z>&e0LCH;ER*&@UO`SegLYzvlKft;%;-bocyBc^nQ8)#*ybz)CguHqI3a-}ua=~K<)
zfa8z-D!3<5fhV|p=2DD4IZ(lWcm?KQr9mS=?$BkuRSv_Td}$cmji?=5jo;OI2sDk|
z1Ielg0S!U*TLsG|EMx4!4&fV}i!pc~xkSKH7lg!$p`fwh_*xyYz9h$MskVmZ+c%0Z
z01DwBd+QJeqL9}GO^(0>b{@g*l!Ckgcmh}uca-qv=rLKUD?z)};ftcA9#`6mm87XT
zBB7ZsQ}c?lXIHF109m{YBL+LKd=?Hope!818RI4)FK@Y}BY;qu5yN@MQRdi$UUt<p
z{t9U|BZp~}4)Rp})j}@H+LM<5y~R9g8)3?)FUe!@wI$f|sPMhQfhAe;`Gj_A$a#Ye
z({j3IqDclY3J*p}%yMcr^|f(t65NU|Oluj6lp;+$wP?!d3Nfi#IbKwyBmoxYDU+WC
zB=(eF8GQyy+;|Re>2I;4(^id|^j56q9*n!Mmf^7EI$05!OVj;dZk|4q7{r5B74qb$
zdxe;@s|nlo5cAhkNpLO5*vV8JSH+u!qO1L%2T7f<nB8dU1>sZ<K)>Lrl0JVy?MIcX
z{Q1L%#l-dDv*i?h#gvjn#FCeXy}dwVfB+3iT|9#RVA#gnkjz-TMc4aj^^KH5)d$za
zCv$6K&<A}Epl*RY!KMHJ_+h{$<$vIY{SZpr_Y5>wi3X6xXL+gz(h}2@`?~0(RSev?
zq3+Q;j1`<90Y~%IV75aq^#eHCx<4lt^s80nE-sX3<??Q!r)9~asTOe(*X5wk-@quA
zVUk1**j-y_PA*#a-l(r0E)qW@)GQI_Fi36z)L?>D=TOL~pnM0ds<^43+T|4Y76gbF
zN5DgB=a-9@HlpV>ks{k1j)<C?&i(;7Lu-fP9LZtIMF?R*k{GZ=F~t{JjFFh$j@<5s
z2S!F|Z{D7#edMlu!4()*$>h(^pZTjhnkAsr;|gg%KwcD4;zx7a><L*eW(mi2%v9Vy
zvl%_(Wx69LA}eXaKwbaY3MCSt;EadZkth34P~fRF>84`tL<Q}okSuT+-LW;KmQ$(K
z5jF5C>PMIFCd;a7VshZIc-Ptl?JJ_*Z)<NwLup5?oc8A<v+zZH7ge3K4vD+=sN-Ii
zMvxckIJ>M%Iu$=w2M=;g@65MP_Zk3K_T6)p#8-%&0_)hEU9`bpkBK;yfd_bh=DD{*
z#h3}tq~5Tw{WQW&g6QzwJcShDx%?Hc-$k<4r-CYZ{Duoj=UYbvH@S`0-188iYz!$a
zPX7<GtK~5W1N4n@5}vD-VTq5GtYNT)ZfJUfVohwtTu-yV=*4yiBu;U0)cbv|2;w?T
z_+}lqV({@>EdN{j3ERR1SfOA@sMx4VlUeTINW0tuJM$xIBxNFi)9TegMliUb67+j(
zhB7#?L+{j!$Fm}{;iT`BGaF-H%+FU8E$-St^!*UB#p{(mVDZzXj=V1`r-otqf$a=T
z_^>m5_#JPopwJvy=PMZ%%;J=^l}##SMT+gwv_;Lb`!90V_vA!%5xus{yjd<9-}a0e
z(Ik4cTz^^20AUv6T-?i_J#^KYN6gJ37k&Ir2u|V+UrkmBFm<QL#kvZ<9EGeP<)VlG
zac<#8;DJpRDTID~tWJ$W>ABqgVLh+~S0j0KmrgW4a&6_}Rc2>`<Bx_>Njo>jW`?r$
z(HRFQ2uyT&w5W#jH_sr^Rrdvn7`5*o{n1bq+VRl!!Bv=Qhw~6n0RKhszJp8)Y)5>S
z&8VA^KKB@Zre=xa4bUyaa1l$MqHUpbEh%~6OUUaDbFOqZpHu}Va|t)@s}dyd&B{~8
zp5Qy%|B0*MOvYkTgm1Y@Z73FU?io0y_|}UmCnU^UtH!<{2`|lFL>%W~hUvpE%%w{S
z0B*=MSAqNcARpn=+)oU#?st^!0t{7;L5P+sqWZ|=L2Yx%f6_2hDnU~?{~WWL&}j`x
zp8+=kcj&4yFh!MX{GphV&BRi^rzoUoLM-{z3F(Q{x|`<JlOtS~Z}O+ain0Zf#=W*&
z$-W2}7|HyOjK%=GN$CV~IcPs4Z=K|8ziN$opz;a{WdI8BVZJDdbg18ZxspsM^`Bd3
zH)@0_f7J|>J^?*lYak6x3j0sp)dN}&4u0rmC`r1uwpe*&?aec&#m?2<7X4QR4Xe3X
zWz_%+`^vxgOInr3;UIl?ng@5tf?;2f=#IgtZfZ+L4vZ6RRrc_?Z7sDr%QUX_@}`hM
zSz1HCV400RcHDEDO#cC)LhNvn`Dz-3;4H=%)?@IwcAZ=8fT$)DutqwZ5XZ4){Gej}
z#kpZlLL6<_D0Zo&HGp-@W}x}WAouO*d0skb*tkv5^!ic5fF!c|Ps-7BP`0*p^h_ui
zUxfoy9+HBUbCe^nA&@0QYDFBw2H1Re`ixTM2K^s69-cA5B1)_sd#%G<r#^O5s2$>h
zEo2*3shZ)Z^7e3+<;F~BZV|<_;PB-|yHlb_h`P1WCF4uv#S=13U<cFX=>uL5QHB1S
zpp`u_z}&N$<+X>gu)X&5W`kC^Ak%E>3yDy4Mi`!O8OZ^)lmCR|hU^Uzv@IA8ip<pP
z+l(09aQE^!RSMBLcP0}zj{~a2T3eC8{(&RH)c=3Hi5$!WTo;OPXh-G&|CA5#(p`bB
zCLKQcfQmSAWu#TqdArwjgoZM8UDX+IG3oGAokGuubbVEcL<@pB3c2_kk_QX=lZXbC
zd!0Gf<bik7%)C%QGb^T6lzR5Mw&@n*Ui)>)^x$X&z~VE@DDm;MU8<yqhHyqRgUGA?
zXwU@_lFV(Fs1s<)3_?hz?%g4PJl;C2CRw)7a}l5b{ur%y2gn#K?r^fSNM-#YDEPrA
z+!yBb!KtQQVwNys4Zs#iVl>kQ8|X|;$aXY&me76l>%?E!?%jQ8&`RmKysUQWhyqs9
zEl9G1NF8R(o3-(uolx8EGSFVMJm{JmNWa_U4_Z_Y*rX+OcQ&$1K1$}MhvA)`@#OFU
zhfSXz8r}#1L{`mEsMP)zPFsC?pXC4>aj+Kh+4+tEAg*kOOe7Y@wO9;g$tqx3+l@vW
zpTayB)0Po>8*rq|$zKmo{wDX%6vY1kDKWub=oGMC?kB#&(!_*e2C0#31y^{2l<-$Y
z{5X3_xy_r}*es*vB9XVrz`~g;{{XMHB;uxI_*XwpnSMVV%n;LE8SCWo2nqgVF#}f{
zVsUTakj)e}fyl2Ex@)FLUyUCXe!3T6!UPE6HH<MLzp%ZUmyNe;W#sw+C}T6m4&D4f
zz&&Gv=v^au>;)8@X#Ox1Da2X$_gq&=R@s$)8uYt(fr38oN&{&&*EB-pclxkp)V=%B
zvD~X$Lk`8^3ZWbk&)@Y1xrK^2bObeKO#IoOhzjOAhuqy_dfi*PLxvU0P+Ad^Jgr0)
z;ZS=`a=7t9vHCwbD2xtyAVV-(Sc6W<emmsN0-N?4QZB|aJ-`vEgEe>Je;KRVvMh6+
zpRnwfOShZ{(meTD5;{Rf)fD3UN*3Bi^Qwzl6QU6IVCQER5}p#S##y!HOu+<E<Ucg7
z!a7EwN|&!EmPI-RjNkIWaq}(^m`uSkD>PWs1!x)Eyn{`;&-9pWX587lq+)|&9O~-C
zPdH31M<$RH+6g;*jGiF-!7xmMe5N1y#Hv4DfY3OY7fHLb*dy^E17f#g<0PMoUf8Zu
z;4ZA7yq-Jnd=y&sN{wh8vaOwqL+7ld%C|9n6*&7uAhiYbXeF=QsgDXA)HPbB^RM+*
zjWfiDdF^lLNKJ+p{cothHPcBjgL@tDlX`C>|44VnJ3YbGgr%#(@LxvcJOpOFTHFKS
zwsUMAI71Y)dCW169j;`;C3q2F+iRbF1E%00kfVZuNPPG#Qv7ha^j3LiQ8Z_6{Fh)6
zFT|+$?$3YW>jS~&o@>sg0M2CyWr4VaD`6G+%#R{FqjI5yLofaPQB79e*xrxh3Q}is
z?U*(O&t^kHdONmC?5;zteLT^RPnniLbW?e#!k<&oD)T(5wpvsmWP$^DNZBF(Nt?69
ze-%*&)I1>HG(r#^UAuM>7hi*ob;@goW9tjxm8?6NKNi630Wh*7NWI42N{A6Cz0r2Q
znF^<_0`P1=9$US%`<0JtK9Pr*5la9^JYP-ZB=_$gs?IPx!XWY1*fwABTuTDv)JL9`
zK#Z`2WoAcAxpK1QJXYh;tXm}^R~`~x)Ba*vyK_OIkZ_cZeK8q`01AZLBwgM?9-gko
zhm2&jdG|Rk2tpbOoJ}~%NYZHgs!OH=Yw{~&_jT~%B|sMOm7UEi0#FI)FHkfKD$%+r
zd!dFVUTWMTSDxa-E?j;Sp+&8Oz{9Q}M?es8sZC9XEmx|D2on#!FX9M|rn=6Hnm-Xz
ztAlcfYP_)|hOfkp?e%&n)$+@oo&|>@E*`W5U7y#;689qr3@|6_75P3)F4quNBV!w7
zid2>PzQE4G)SChSceyp-E$cqwp1{!)V+EfT<vxCC2bv)in%AO8-h~h~hb3LNT!iXm
zZMD&Z=kb+D5D=Z000B>AV)c$)A+0wCT;vG2SpxE&JA@%<>LHmbdZ&OW&AN|XOCRpP
zA0G00sAz`)_EQ9sxsWl6!m5#ApZGzQFl+2y{~xLSm--t)6=A?BV*ueztABhEr)Qwx
zM}#n(`K$qIrl4tU=5k%AuZ9E5!IKI!BZEkohMz%S$=4=qZJWyTKxE+nx$VR7=WD8h
zgTt>f`oOB&6?gS^Lq}?LJ;POp`B+<=m{bc+N5@Wj$<<XA24wzHs8$9DtUXYT7mf;W
zifGOpbgtk_;a%0yZw1N%ddMFtMbf%S-19+QS4KZHEUwOkn6g%TY|%nsvoF1G{SZ}4
zhycidF9Dqi41(HUKddBcT^#CT3u+vM@1%jp(6&{BR{XH5oj({Nek@ZnaF5H=be|Pb
zZO>1+8RxGIEp<)=qkkG{6pdfE3ZWt<=#G7bB|n&pu);~Gzic9Lmi?$VrlQ_u!yize
z$h|QMDkWC)b6mGjGrLLjedNaogf9KC@Xx6?<7V6u8%)~)F?eee-Wq&5VC)KKrB5|P
zu&(giv(qHk&3g`pVm0<~3Rw4%PNw!4Pp`jrS<8IPtPB+p3Oc0hJf1_q!9jU|j%i)W
z{41KrB_4FsKsvp>#b{U|JkWR+#sCN87c?&^akiDp6hjno**}-=lE8j^%xyA>?)r&`
z#;wSAuj(?Sdf>`7vEJ+<G@^H}Wl7*-f&^m=Js;3CET1FW3`YyirmcAeQ=*(vofTws
zWS?(~08cN4C;7f$Yrp<uVPSEHh>C5Ji8-QfFRNElz-?R3JDKhl#(_c@Ldv^trn&GX
z#D-)G%ZJcK?f6FDg`Ae5<P$Ixz@Duj3D>_O3Lmcrk{gLZ$YMxRj+`L)kVEli0Qf1Y
zcAFg?QUFES3wAjVGetK5Kzc`!0j5>rq=*DwJ+o?UjGs*DnyCIY0C%8>U?+>h0w$T4
z9dr#aon6?G+I5Q+qg0NuD33Qlc-eiUyF3|=lqQZSBUOy;DgmArv0Si4<^w;rU~RU9
zO()Wah%h@n5cA4VZViJfpJ!=(tzm?5KmuHX#cMCX!@($se4uEOIqKn^S-lWNUTIcY
z^yX;AMX&Zq;_;ks(1Vyl^zOYyYbRaUYe9=gfC7H_9x~jELaKs_>w~`3lAf1(J{!8r
zXxOvfbZ%17F(jg^i9xve#oV;}96IR;4hbfVbq`(TUe%J#fMI;R5HG(3w-w)`XY+R+
zX-{kI!Dq}S+@I&K2wKr5j-KB??ffX)7es*e*IhIYM)GG65K0|g<YmIg?a{@U*K4(h
zrZxb*nWz_^>OoD*j6pi-(phbDz~UkYkS_$|#;=JKB~TS^-dB|(S^S(;mZv})KBw{U
z0=pd5HI&@Cmbp1$8Ry}Fl=B~<&grQsrcHjp73`_A&0POGh@vG`Y8r29ho7CNY7cm4
zfKCE{W9x-wqFu_N_n2ML{YRa@!v*8$r={p*f7jt?Kj$NjGhBT_ecU^`r3O2;Y?z=5
zf(CMHbc!tYeE9^{l~6Sm#Wx>caA7!rB0tpbraf?D%xA}LgI*dgL;tC40MD)TQbtiU
zh8HYo{%54<Vtd30G-=yR562ya;FNE7t!JT%$R&K-Y`_?H57NEJ`18;rof|;d<2OMB
zc)x~`fdv<`aLkx#A3vQ|o!wgDkNZ8etzgMq=!Glj6!&1?!lM3OSAuVCRN`P}9S3>O
z;)DZHkY>j|um}-Mh(Xbz$)0C7H)lBA!T(VOqT@g2sQ}j%DLibvodn^GvrIIEcv^><
z-lN3&@kI1+5X&7i>3y(lg>LX+8>MVTCxb`d?I1nqT4JEnRL3;=pghX~zyL~I<cLl;
zqjoWjT)Aw4^7d1FYYD9;Cz+zjt8R8}*7Ole*N*KDH3D&KEsuCO^q)XSWim0D%Fdqn
zE|G*bJrr0>0q#R$iAL0EBbPbViTpvW!!G&;w}QA_-~C|NFf+K5y7aCHo?1vLi`l#s
z)))CR+y;AG_sXUy(uq`6Orf3Cu&Eu2PsP!JSi4O#riVjABN!jYVlA{5<d|eW(Vs?{
z{9rJ|;ox9*%oska46eh4o_c#^(yii$0m<4h*1x9*hat5<=n{`hwnDs<F_4|Y#`_)C
zUhtBjNqF;a9Rhi2PQL*If3lnWo$}&N=6Bbz-$1whVmxXNb>fy(vwc>S=wRB6iA~Hg
zD(M1C(2v5cb5?h^tRLCQ+`@ScNHClBj=f9SVY8n>&ikY**4UYWi_Qt)CW-a#*O@%M
zAfgGFQRQ{22o^(&_rwhLg2JMTY%>%J>kj2(5=X4)@Bjb<cpZ02M_n;T)fUAOtPZHR
z%sT;x>v9~~tpE=o4C^SY-l=B9IuLka><9AvG&nX7hLvz_%;iR1zDuGl5Pi5k@ELXH
z-{6L?jGxds?68oVvs=H40cN}6$eyyww`C!nZA);e9C;aMg0ss9iI`@?F*rvrWX3%X
zad-b_I+U`1rdpRAiX9RSZ_n&EiUqWSPU7Cg7(OD73v~{PA>%M>ZibXP^6KK{N<=!h
zO+g|WZFM~8-d50jSo^0(EDDDd$zA8ed2B#-k~q1Xy%S`beh0uYjcwHz@T?fvd6D?H
zab&ytH<Ow3ZKQ=2Zzs#BHISoa3S2WKzu+sT5Jzk%U#us*lJ0b%nR!9;!43;uc_4_B
zlQ@JgqnGcX=J(k`{sS3aw2$34bFURNNwIA<;>3aW0<A7w7#f*|BCG{3X^lH_(l0vo
z@tR{Dq=XOw%~sqD=WKL&@_?3O<m|Q?<k&QHA6J75yC>%y2<(}e<iArK!)tyP6e84V
z;xK15V_3rzG0dqCj&Wovl#_@HmHr^Z1ViqWRYUNMghZ$cXSM*~0012d4ZAZ@gH?)F
zaGgOPXh+N0AlL+$Zk?js)#}oLS8|^rCLkvdZ5`4kl?B}^y)8E}U|0E6^h!)ABXwlI
zvM$-?3mnt%$~82)G^kWpTY;PBv8bP*48>>(=`v0QPI^azgE|$aQBXtzIN;yQU~awt
z{OuMO01T=bsSrpMn(4Jy8CzEgfuBCGR28Xs%sb5G=#F2ws`#Zt5=x^u13vRUYOdZS
zFuLgxp<H+{51~i>5Sxl1m06{p;k;eHUi(Xb!~PgjWaMzvnR9YaIo2~N03b>oi-dU4
zE6yD8SRje?ZxQrui_zL|0{7bJ%+>e;U&K8{6CO<!z{`~uvJ=@$cRioXVke$}K91J@
z&GLK~{^HEzKRWjskjet<%@q<+Jq-<G&}CCcB*AC+ThuKQqPu{sTXlwk05}vO3eKl4
zJ+hTDdV<cWWlWOcokS(Sh7<CCE@AMr6pxbQ35T3oT$(EQi;bNb1}tkN^}^~|xbW#;
zZ>E}NK{YasyL-(vjs?cX5(s-DD-xTQdIH|?(%3PUfoKO2U0Hp~Puq7DD{8lllwr$e
z(pn;dwj4TX@~b*ldUPnGFae%Cq}KYA7PeTLxKS@-^BBd-0o+wH4Y*HG0^{n4(Je0F
z(gLLx_A+-rImYx}K*VUK$b5%XcmC2EI4^|k+1pq$%*bei<4>|lo&J`lV|9B7Pq><1
zUl{*n*APhoWI&jMqp`AxV*~FqCqh5qsF5JC7Ra;eEN#q^)o`~;W#;W&J+m3mi1l-l
zUJ%ATMQRb`rQfTVROt_WWlh^pRbi#bQSg(HkK{5d8=2570>M`H+Ri}G<$s!vE7PWK
zMjz%Zh2@Bhdo~uAwcNPFyM})lAB14doF1`h#QqtU%Q?Z%_~}kqL|0(ti<47*CxrRF
zd~S@j;YOvim9R)?LiO0ktR!i-BkW@fh*`5qw|Iw<H(ok}y#@mIc9yi%?m3X1CBMO$
zk35SbpXRDZDyL<_215t}kn!JY`bulSLqJwL^iX8B<Uh&Q`wXiL<?Q01#m$o;vz4e{
zSqevNp4I=47E$*Q^f9bREY!M@p<Z|Wg(MZ>t)ktT$XN+#&r^-KLI41kn5>fMk{bB;
zv+@$>hItO6(xl3%kqj1sOylJ$6y#PmRl{VEElyTjQ30(z3%ng5k{MEIcFe_Y^GLyS
zg9jDJF=u#tlzZMNmdcWh`R?^6Q=Gt*s)a55^XNSy=ZA2O`5T7zIbhNQl#p&ejSuh)
z(VZ=I$fv(7MiYmvT%eBLSREz36em(#{ul|Q&jj#b5Kc`b7F~~9mA!@(<BNZNhFJgk
zT!)wUq1k%%nA-P1xV8Nr9pNM>4z>L0$T||AwAFa?c30$3MvjXEAvR;|mh!r&nL61c
zT+s56KufE@2VUAa%tmISZU+Sduzp&pDrf&Pt|6}^=CIr+7{nvGysO%0cZ`J<sJl+5
zy`~>KpMX5Ne1`s4dh8^s0dSC^sC`gR8s)bmhSX-tdipsc+!F+_6r<oJ<tsk}^y#wh
zwglCUbkY^Prp`zKu!t!czobImL#lCEGZ_RdJw9(#r}G^Wl!xy=hCdVzXmN*G-4dM+
zL>SbWXj3TqUf_eDTR|hCgRq19A9s@>#=z?<q@U0B#U8XbFgDOFKDOw#yqaKCabF2a
z10_;l`ITq7X0i`z(b90HBqd@51y%^HO26pNQQ-M&@n2qJrnUt;{z`ER2$(TwQj3Fu
zYjzCe^aAiSi@mFza*zVHVirqbLQ|>pujI#Jw$gti?{8~qGX@Hg=z#?$vBqQp8yNH}
z1wp>RA;Tz7tuAcXTURHUWy&|ek`%RMLEJ~*jZaC%ml9!&z*Qr!lDwFr^mQx89Q5o&
zp&3w#nwHbV&|=n|E~|~IwULt*@QJ{$Fgm8VkyUs5<>!gXc{PXrrj;rV%jV!I)jZ8#
z<J;`)>%{2bBWpc@YWMvg%8}reNvpW<FTTVfM!tcosODvVvi!}yw|gY{u_iZG@|^*o
z@zF+j1V&|22R{t!Sab*SRJq#A@8#TT-=sqC`hoL85HF%ed;X;9&}yG1RY*0OzruAx
z_f|tx5M)$9)m-mMU%fLcm-vWOWALH=aiBC68Avb<E+z-p9l*?6!S@5fv9#O^j-|W`
zNp<b^59BLw04v<LEj)aJK1W_T^maD1*=P-2Nw6U_^4gutEa_oZ03oZ(0HS}95pzDs
zYQ~80T8luSc7l=l&iKC#L;pG4ILQPw=N9nGfP4oCzFQzwyn0OJC*=NPO<}GaKQ8`V
zR@2as2ioC85C?vMY(i3va0Cm+ofF;@a0z-dj5ODX&iW-FnnANjK=RUHKO=6A2fRLb
z5C$X15;4O&*O32<X_AvR6gzcYFz7`hbVk&*N0Yf*pb({_cv9r2Dto{5B!-QS!6BOw
z=46+{`xyYNbiSMb-j86hHj?=Z7Sv7kZV2QcwVlJR7Rp6l<jt(GlngEOgCq!y*~$qf
zq)xtgq3x#t2P06Jsit)51EI(qhT#FYq5uV)f4_XWneVUrL4V@~A~;#yWGuR#d!Fv1
zyI`TSHP?dPkN+jV(1>t~RswS$L_%aI^ib$5YCQ2@@|>)&->`08hBOeZFa+#f0q|BV
zS_f64V#e^cRnvX${rhc*=pIG)x@}tL`B5VTP3b8e@R4X|l8-)q9MM>~y&^Z1e}B#(
z+5QM^W|OH4alETpD5D~+>VhlIs>#FydWMXryRN-Tehf|^yh)6N;(`ArAf@T4J;H~n
ztKtJCQ8-a%ZvLvz_RMe~ycb!Oz2SZt3g#~OWDyy_0U9Nf|0<?Mgmh&?HZi{Iao*Zk
zeKp8P6Qai7k*iLoJ9)qqpjPqkh&jLXX)xw6-mFF{%vV9{=}HCGEG57VI0TGU(~+ZP
zON_%2{o?#|+xtGBLak(CbRNWkk^lqs{t^*{r}T8ArbCU>hR<1nfNj+!l^IibuSyO-
zVE5vd>mNeU3L&{ook?}7=sh9WRg?rBwZ%q4xExfwzNQmWV2-*)szZFVm$H@gneY|0
z#hj`fyd1+ff60Dq93b(PM$a#WFB)R8%~3%Gi!ZDZ2B1|WA*IP6m&=VI2^|!;^X%u$
z`yHv`-?F6K?3WlXMORl*x^c^T%FAw=jLj`Uu|%fT-mDwLDU9^{fR9+S93Pi1^Re_9
z5z0vo%;|9sBmfkcw==-&k2_o=>ksiPNKY;x$)Erk4-~I{6ij*`ANk2^)0ui9DL=HX
z$j9c|fPKu0Nd}3xCt}YywC1Z-m;n-(3C@ZDjO3tsAp=4Kv)O<nvFss2D*#<fs}a)q
zv#DO%@l${zTN8kfSXTGmA#dl%5y|k{_noSRCf7xrOc-gTPn1w42VPC}s`h~kDdd#I
zJq1ctbH8W+v_f6ALHhVpT!SrBzXce5-x>2?jp+vjV`X36nCEn~PQVicHjUL7-Tr-F
zk|w_+e>ct|h#N%PWXJhUqxoTMAX!JMO+hZuF8$L~+XGsxRGwsTIr?kD`uH$+!V*%*
zh~}ssB54W9_^2hcgBWY%2OGiQW^6ZEnZcIVd{;}o99cGq^WL%Rq-6{zuE|cZN^)g$
zx2&;EA;;RngHeHk>BD&t?pIy!%|R+%V^2~f*@H$pWx!(yCZW&?sD+{~_w0~;h_Xn4
zKE+Hov5TexVQgk=3lDc9ubr!6j3-thAU9u{2A8ZuzK~mg+lLAj)HzWF*0V9>9WBM-
z-~a{@^XqLQJz*>S1beMQTAi`#pvfkY?A>c%C0YS^d0I0P4UU7eI&8F<4&E{@$C+SY
zdvVAd-zK%DR+hc=6A?;MVOLKeJ}b|rbepUg3$D%aE2z&uXmVWZ{0+IB|CfW^>_C~_
zS#6VH{tV`mg$U@KAlt^|5{4iI3Ft7#?#!`0FM3a*+vJ4L16i?#bh0e@*_YJKplDI_
zCVh=Ai?YuS!6jvcb}G&is3Aoe%G=in6hOi%Ed#!*xR2o-kVZKC3PgdBTyS~Yi=PjO
z_o`TOGL$IWj9Yn~=I|<j%uiR+ic3GcIH*aB)kiBwU?DRH05YMhf`*<btx<kyTN8o}
zz{?#>h%LHxK#<C~&Q$&g2&}6Fk}IBMk=$S8)r5+xy2^K*bU!HYhLfB6*6g<8cH;9R
z0@44N$weYNhGVyQ_aUDs8!@w^4(Na+IFA5kD2ym83@!F2>88=0DT)i`M6NCnP;Cfe
z6z~LFVrMx@S@uKSr^DKpTMCeWoB%$u!~$B40xbT-?pv&0(kvs`F!!bond>yp)m=O=
z_9IlLoR0?;Zm0Mm$D+^x1WDvWT)y<bf}GWX8`>T|LrgH$HCFyQJ7Lz;5no6nT_S6I
zl8nqyFa4|4^H2jgUJ#DW*0v-6U;qGrWw}g4pg&RIK2;td{Lr4T0+v3?YIvTSUXKuo
zp?y^ORgn(>6n-6IPw#xGtWKqmU1EN}kHIkyh_<a))7wZqlA|5Pq+RA4tVSMzhb!M!
zEUZ^}F^KrKK0UR<oZ1{$36K1SQTcawq9>#<$>Hnfksh)A00a`*(EUDRCKGJbA-&zO
z#{-HjU5-cx`+*)C1Dt`{v60usT#P&u?raAIp9)30wZ0Uz?UMu5BG*C6aHY4WM6~kx
zhBtF0jM)k|T|lNS#&57_$inJL+YI6UwecbaCsv`sm(OQi{8RS3Jr!V0d7xPWP#+px
z6zl<b0viz2tIuJaH@>8Z+Bw`qV(b7Pm&7&sNI`_AbEsCLZf$%#WM*k-HVD@W1&72m
zHkD#xI^}2~UfrO}<6s{~yJPD?8qPe?#jn#I2XzZ#t*OsnjbIRXrA(+4$JRd&O3bep
zBTo$AZO!A~Zps*S#cXrSZKN5Sx_D{xZ<Q3}5uZ2Xy{Q^~|2!da3@9{BU$iF$B#ugp
z!D83A@V<nE7vQe0^GnJH284;t<r+PJHW|=OW^9QdGcSsOe&nKm_Rc9gK-vFX5D}D@
zH}z^L=GgN|BoKgYhKrq8L4op;(eMU+hHL~{zv(>vq^*e$nfMTnm}o1;@g6Tz!9qud
z=koF?1e=qSj;m*#f`aovigZKWpfzv8Krf;q>Fqh%o1xK9a7Ey@<w&)K)Pfd_{d(!d
z^4v<R(gAw0`PIPJvf5x)0J&)qxBN0dpM52Ntn-W(M2{(hk~L(CrF?$J6>!u0;eOVw
z=J{zw7t5t4<Rb47V{Y|zv18P>sj@6rn@gwk(NB3H9UL+e%+R|tI<Q|Wmm<hA${$B*
z(Qpc&Bjx!=WZaN#`Oi1W*X5~7e}H$VQ91TYh}Thx9yT{{k!cd?w)RqH?e-K`%Gcer
zjU&j8Ep=}#jFT%R3P?0CGFQiFkvbTfH4(!%lBU*=z7eeA<te-RWLLaK<bVwSEN-I*
z{NHme4fLM##$FzQ$*X_Gf3u*R_O2Z4w$Xsm4xIrdj+AzngAsV?B=IfMcC)0*Pa^L1
zvu{WbUho^>3qk7&;mPFWn92ap2jbO%uH}FL1;P4<(*V;=pa)^hQ!oLqZ{ty+K~9yH
z?3m8Kd3XaLJPf?4dx~>X-lQ2`_1mdYAF@7ruRY?~koQ!$@3Jb`QhFUS7bkX~g(w~%
zZ84y;+N04*pZ-6LCBhG9nEFc>AMy?Cx3?i=D4Au#b0J7WFvRRm9gqw>az#Ejwl7f!
zpbwbfe;^>|`cE@<U{U4zVjk5sU!*}e5d!aLXqW0SHIs%&q7t*hexS{^6TpuE4SBgb
zZ!h`hF~1Jyrh+r0OX-wM_mcwSm1|5+qHA1G=un1MbV(Z2jCL=y+0QShX&-KLkSP{c
ztlUpF_YGHJhpR)(b~E-iq#mW)X!J0ZzKrf`-SNu)$t2m#u5yW4zH9&<o}^#D28y<z
z2;~n4DFsxc1Jg`T@Q{5U>E~z`|0rJ(jb_OZ7!4i}I@D4Ir-LNHz0PpE0W*FgB(7BU
z>#)wU3k64*G|M1{;t(+41VlCQ0wvz4`4TsJruEKRPLi(*ry8hUbwb5Zx2Uf5sIDrn
zzq1T%ANM^vO@D;=mR9dsYwo8k&KPSahRRy@lg(}FAXPP~QcQ~x<SHcV!XZ?O*NPZ9
zTfW2mu3Y!glD;F~4H_cF%ZWm&v}NuCl~Sk;BJ7VRedZu%<OYqVm}wm!qHI8z=54br
z?w?^tn6x2*SX@<_-C=*_H9P<}K*+z(-6j>tTI<NB=41(s25EK7a2HX8E(<v&J}}(Z
zjiML`BV8&Cf&8r5>lRJWqH9e(*L))*?(pE1)JlI2HUyMqwoyU5+j&;!_j=%r@%!4T
zGvjHa7chJ2!pf_psX5pzN9{E!&7}@lz99v1LO5qIrN)PEd_D8qaOiU*8gDMC7N*Gz
zyFp(kOo3t;XuqJT)j7;TCn(Gul?Ley*gL=$HZNcjKowrBI;S?33?N$}F)c6sjr!A+
z!7KO&g9P{js9+s@3Np!jhl6PkHQ4xTg1^B8QW<&e0=t;T?4tK!x5A!?nJxxeq(SnW
zFLb-ej<1P<+8{=d(VbKdLJ^|sKM3TNeelo4e$?hTRSJ<<C`=!XyJoO$(tMFNW;gp>
zW-nUl(g=L@n+t{Op1GcLW#W*=ZWF#nD&jvA@i-j4{_XbR1$R<#*)!e3L-R2#;08uo
z!SOWdcY3KA`kG^9+!l-p8FAnsSwI#*TI#@U%*)5yjr=V;ls}*AfzH56fGCL;3l^3g
z$4;D<bMO{3ZIrl9lE>}Wc=+)Y9mAp(e&ZGH2js*u5{Mr*s7vm4AJ>#n?eUOy*cA#O
zgm`zOixvL`>~03=MI9zQ9e%NN*%Pchh>~Bla}utbx>@k$>HxXzug#=ThhWJI4+jGH
ztfewL+X{zZhT_{LBk%wm<AlB*Bg>7Q8%g?raiM~T3Z!{qjUNc@wg1rxyrkBBTP^=}
z{U32A!e+`LQa#A9q34<h0=Q?49c#=VAmM;+t6_73*Cu3h=jU?(AX)*ZpqCmW#e|5l
zSA7c|=PYWZxq4&{5tufqZdw!&{xhmObo%>s!_+z`fB*<&u)i@LGY9@_i>5F^EjtbK
zZoW~VB6x_d_!`cb$IT*k5HNBB-Y>PXZhPE9t*38ZA`qZ9;Z7Etndg{)Socci3SOe$
z0^|)Xw>duhQJT>N1RViyU)O8b-dt4a>~cLZOvPEOqB_d4zctdy@#`Y1nr6Q&Z)=41
z9<L-gx%2*ik6GCriB3dBM9XEJDS7kl*GqTq$>!KTx(;}rgsW8mVK^=_g5AFHIuaxK
zlfPjF(E$eV2(v&V$t%6>{m;~y?@cyZxz>fvK6aXs5I`1NbLEis8uxmqeg(ceXOn(i
z&NUBMe0KP^L@8;gMd(rc))%Wz&Xutmhr}kH+W73gMsKH&RX3NA!7Lx(oo)y)$MrVw
z=!7HH$~DJ9_F|}J*%H+?N;QzAQ}A7C1TcfW3Bk{)PAF_(;Vx&4&dkudfQaW55;Q*R
zj8?Qc&p%EsllxJ#fj-*{H6+{=RmX^nl-Ow<pJmWMInBv=+5ndI5jVEJLD#`p2VkNZ
zvF`BM-gE1ExM0dmdlo4g>>BLiNl%cZVitT51L1t$I4pr%0L@yfLiiVKgFSkH^kqo>
zu$XzJKH(*8SRrboVS_NeA1mK}u=k_ZoVRF)UR7OfbQDOeoPIvLgdw^v=)?RmMG#}E
z`PPhUcSt5-;BS?T8^MEbxBTULU}sa!5OxMY3cii3_l7TQyOHPzxAsp8Dr$o2?n2+o
zFm&7QY35lX;Rc01sJXgHG(!UXl(8wK7ws6m=^ZG)Km#ub5j8VVd+rK#b`a#WV&ue1
zln9?(5{%ub>kUk>){2HvHvg$5xPWsR&0ER&DHe>FXN53*lvb68G=k7rkr&Fr4){t{
z3w&IAxR=IM=2e(%eT$3GJUA6SwzllBJXE8&4rNV|!<fR*PfAv^l_%Y(sv3r*za1Eo
zn@Z*$>Kpfy!g@Ul$^@~-3-QqY0$a?9ODCjTq$_3PQ8ef&@*+z<UQ-bxOf1;QL-ty2
z;FnDekF{nt=s@4y7s)GgW{m3>UmjZ}8fQv-T&T;CR*mD<Vp91HPA=sT6TiC-^w2%~
zrEH)uuO)^YinGqp>62D6j_1C#Nj`$D#+r;zzM@pXlLBdHmNKpNb+1n5RS5AIcK&T^
zYEH&tu2l~Ahpv~pt4I!NP_~-Psk|Q_M`Y6#W@?xV(LvVzk2FXZQl~V9yuJP!A4BiQ
zI&pmiUfDztkX>_t{>okz@N7-dnC6a3<+|V~xd}!_PzE!8F`2ggqDZIxKtVR2O7Pm0
z?R5CxJ?3lYYVl?>bt<FfAayB0M*{T)hg4k?oYLUrS%eI)jMor6QoJlo#hlH!AWwy~
zm^e8Tnc;2EHnFCCV$<-ZmNO6DpU0%+p`>%i8*u&K&7=x=XjmTIMYyq3tVC>e!lW3K
zsU1o8Lt~CIqTZTQ$78CuAC+tGQeJR7w^xRHfyZV@6|Z!>H%k@n6)kx&kSEW|CU}?h
zKq+0s5a#AR>lSFnY4p{rKB!6K83G}(TcAArAF`G^O=szNs2Fy!Y3cg|?}M#8bZ>?G
z<$iGKKRcG`c)jF-o1ab;4}d{)KfHl!YXHv5;o1NPsx@5TGeyWqw;5Lo;BRhDe`Z&t
zXq#xt{HX6SPpv4loX?mI?M2=Np;eUQ70eF`#WuiElcMantVdKT1jR7owHx)ns7r`a
z_JkGi?$`09Xg3E3R;<sRdFhZ+%J?VqRMpKG#B>02m)X-d%1Vul1gX({JEWr3&}&Qj
zYK{~U`~syKkOxvE*2MT&+;2FL<)6FI!}tgZ%<uup#KGE1V|i1&5<%^B3n|gs9r>L%
z5p<6Z#i2&SZ}6|Pyzk~-!1r~R%f*|Z0tb8ff1ZWM8g4^6U9ak~tn<Z|k<=My03$%@
zd2nM~w+@LZkY1oKE3r=+l(4SxLE}X@2I}Cz^8Y+B{U^F{(r~1Jw3g4hy(jcC7}_p<
zjAD25!hQ6*KOotlHlVbN&b<~Hl89SB80FTi8a!poU#*wsT4laEVlfQ~NXq9fTQ78K
z(0fXhTr2{E4hXy%j@8YuB(d>}-Pzn!PiSbQCkFq}zf5bRB1cSs!PFvO^n~F|ke~UU
zWKeru+;Iq~I@$0fq5)Q0Nt4$SYM7kEQuxhCj*-`ddL|a}$p!S7Qqyk+gl1(*6kIFk
zk@t;u&DsU31~0~;Idw-i6hhjCx7eLLS3vN${xVx3Q?>D@mcJMQpC|gC6O!@h{Szx8
zb?n^qDl0!&wAC)~K;8tDeh(E*sgW6aI{5I8d`~9Gwy=9N(%Q@gC0VidphNrRMtC)v
zZ0-UI;>-dRnvU)bQEx%P9LLQBlg~U-f(nbmCTQ>h3ow4ff~7#G9>q$t(&E9%ClbIg
z4I9aQoV}}y%}~e*u<lR88T=9TiJFgF_+XH&6{n-W|Br&WHX9Vn#BPghFhKA9z9g%9
zy{yess7b;VgPpI+g`%j{l#8hIB0uwL7aC@B{MIBEELG`1&Pv)gfMt1qQY!j7NRhK=
z6BGvW&8-__F*aJ>UD;u(4EaIx)mItHGD2TJI?WF-O;0Ov1;7UsFZND!cs6(MZuf~{
zBp7VlfE1?S5u&>SEWocvUa$O@gsvsp6vg5Jel{|24P!5^Ty@%nix%Y)fCzqUWpDw?
zl*ET`E*r8|PUvrwf{wtRin`BtQ7}a?%kYzqzqF{#zXr`t=z0J^Q!k3LL_wgAa9v5E
zzKWJ&ZR~SG`}2oWufR)&1iOF%;b<$Vetbbb*D=*%L+RM=fCwN&-_=Z7a^tN{QZ2AP
zW+Mw|$|a@-V!i0s4&-bq{pm)7Tn8w}?xwWoRKXOASX7J}9}~IXnW!XeU;FfeN6<25
z!JTEs?@fICk}-yn!HW^k?Qf2l1obv!ur`<)!gdieU+f5)(>yrarHi3mDkw0kA#Zj0
zva}fo{K2Arwt3Xsp<n~uD4;ZlSJ2+bk!|8}=t>@Rv8qG?&UXB8-}m!UCcgv$HyHB?
zILU7LLzK0{PdJNf8-eTpC-h77v?C6$q;kOS-p;1hF66&{KKWw+qMW;6n`?^V!~VEi
zV6>6N7X}MO;vL4QJ1s<Gi?n|uo@XleTY73RI0kFSJ2Zfxdg{gDMZN&xeIl4TJhaSS
zi$<a*AsR%93&!|I=KuHK2AlO`l5%2r0Ko2NClpv#CEAls9m`#oXW%^j$6&z6`g(!e
zP_<^p4A`5mXpQVz2^GIY{LP(>`iCfS#|+3}wUNyVkd+K*n>oL~DcJP0<Tu|<aUQ}N
zJBR#dCg#F?{ih`rSsaVh%90wVLa|L#3U)%0;S`o`AjP0S^Kg$v5;3%anc_);wbua0
zOHpF)PZbpAR~DVddI`%6T`g1GaGswEcr4F3)T@wUKlaGb?hqz?CcV^trx=A)Dn#{7
z+cSG5n@i0dmms-11^*FQr;|Gt{~5od@)82zS}}8YM*sUrGHF(=Y0$%(cwKn^*x2L7
zl+P6=th8fYl?%SDICnpWo5VO*3<WKXt5lT!piEf@BQTDE&{i!2=C}jJF$aZ;l6bOh
z7jtgS=NOq4JP$Rf*W0e$solt5C}!oOC=4}IlrUl7_RP>r{I2Dia3ef5lvgDywv4-9
zH=VX@$$sR>p$G0p4Z3nbOT0R`b0KKJcuW(OWiRz9C#CZ+4btaiPN75U^0CJRuJN2D
z5wIw0@n0Js-K9E*br9*YG%Y+P`OhZ&`B(tnZQU=3&h2vatNF&ka!tS=^1vN3%Hf&s
zgR6Smw1RD-5ExQ-hq`@(P3P&=Ta`Tcftwj_mH-MSd0fA(V`!7QC`5y69YTl)K`1UV
z(PhFGIw*9NG_fvTu^sG7@duPF<kWfDPXP8qzw<n3V*kqB#|@wn9`Qm8uu>j>m~aY$
zqs#Sw9hHF*J*#4?wk0kRa38`n8o9xgrUVZb^NA#3BfMW=%*6!<Fu}D*rSNFA37Mp{
z*-870ekonQ?X8%B=#5KZ*m_}883Aqd7T|gWc5<WSDgo{0G-%p?c#7|fe#dU30YXj3
zl{-nxI<t)Qd<Vn^+boJM>YKHm1x7%0`x(n7O=&rFGgeOi-3eHsq|J>KiOQ6%zywPd
zcKc3_*!M=m5Az^FvG5|>D-G{~zUMnQ4I-03ackse;}NP1z!I5u?+XP)I$0V#H89y5
z!o{B=$GruaRuPM9X-k5AQ_3pQW0QXE>p0m5Er-;Ga}gy(6%gW4lTLFgXfTM}>8fOs
z@&Mi%e$B($qnB@k|E8o{WFn+qXjNNmIq5g_et7S9_$H|1wd6O8MQLmut6E3h&s9*%
zX||>-+Q*Rkru8YSV6yviU_M#J7N49s2#|hb67~=LX{5wri>6;487e?i$5}|_Wl^MK
zEvKdzI<4<`c&OeE9P&TjVE|j0N3nDRs&D17*f|2Bm!}?cW|3hzUWVwp$HoLyFG_or
zuxOc%!7wGlA9L}c*^N>cuant*PBCFLai$AjN;FZTpXx(1tb(}nJB{;Ja%6@n>zYMC
z-0s*;ovrp?_tEibxoT!!J}D^2hROo6xle@Y4+kTNyP<TYDE|?z7UF-Mpj`ze5XI;t
z64+hJP?8f#P_P+K{68;P54t8?ERL}JtP+7@8#VdAK#ZFw_zf1aztnw!LsmnecJc+I
z<_DETh|DmDAVZ2YI}Zbj(cQ0b!qC5Nx{jEVK1;(`*7d<M?<M=XaUN~slXA4%cM;o1
z`?ORf(^IW~3&3|fJPT*rhcQm+46#k)gfLn&(=q)esc&7i9ecr)^Q<l>%)g}!iB8B?
z;#gRGal$(pBb*V;DLtK@=7#=_;{P0GAZDruKjJu!hW!${=5=IF)^(|<?5y1<LMyN-
zvrXHyv1nh|Rsio`Ii!08Vg(~P`jVq?b@1q|0N;HNn_mIf-XY35w|RGBMz*GR*jrDN
z2TaKolHV9PowQwOMLYli$_J?z<94G0Nj0sUaq~H&(~8Bjb-VzVrBC*goWfqXmyy5z
z(gKK=3_|;idN`x}yIqt|!Mp(`n{}43gy8H#!T!7xXwA>wSuvA^(t4N7TIT>IjeXs8
z#hIAh*qO(cQn(H<T#LP2wxflq85yt#KzV3K3t5TX{}>ZtI9!aF@9K0Bc0~OP&NwLY
z9tkO|+=C7m>vAp8)Z++om|=YQk*y9iyIQ+yD@n3K>0%5R!!oj-W5##P{GKA_Ojr%0
zibhEf!=7VY_TC?{DLF+IN0A}DoW5)0%N8gs5|9e}cw~fQ+R#)^TrE1Jse3#*rDNfk
z0Y*jU;L+s>CnNpJ49-oh_gEa;5^AHAr(%>}m6i?`S}v~lg=xdIjp#wvs}aVswfFeh
zZ_uXja3o`R*II2@nBUlE&aPZqZZ`c`L|p^Q;AJyIvvx=i)yP16smG?J1euPsK|RpT
zJg!+P6woSbe=ZFlnZQ`@mBZ!oDtPDFV<xRqlW2$JiTybZ^x|jIBR;u(QK^-=nHO%{
z*&$M><e_I3QP(#7`RDl;zvyt5pwJldHDDl{iaMR_r|PKDoL<l$?u7vX@QxHNey;2)
zWM&FC-xQFPb<*yZ0PgFYOUx}j2@<&@x~PfH^a7kZ+<;pG8>^x9Rzg`DBHC(FxoZP1
zBWJoE=y^X^gQGBxD0TFWL{h~UXZnk~bz+o4{vVWKzQHh>Tl29=z#II_rS26(egInT
z_1lV65Pmmmuv>ocXgyjiz+e<u=J^N??9}jiES^W_7MUA=v7%tptp2-*BT8#L3by!M
z3>P>5;l<Fvk3lQ6(05;GnIDrk6{bE^sm>n1nD_|juF3)~h>e}k@94f<5@FBDK`!H|
z%g0r({>SANH*T(RKcQvyAcA;;%E^bJH9K23>s7)vlEIQhtElob-@OPt_;)tAM;5Ep
zg60vQFD7D%vlg=WSB#|~Q8_9))QL)?<VbN@cbrd^5eWG%e5m%`P)<@fAZ#sj87@dG
zck*48-m#huuG8OP201^IGQsu~6p)r^DMS>jL{M>)OaB8drR$MZPz~)0!GjIIAFtH+
zu}nqt2V>a3b14QLnx`Edh)teK;o&klQoH4bmvYg!20uOFIf+z)AOVsO>6B(>rL?MB
zFry;9+nOC(_u^a;$fi#jE#$nAZEqQ?YqFy0YN!Cm_(=Bzqsj&DU(D32CO_vqgxz-O
z0cEULSgn#Kii_@~>z;R;WZ*X02{yo2`T(g9pV^uD_+p0CMpC-K;$hI7;KkRJ3x1ed
z%{pnz1NmVGw`T?+HO|R_5{|D_Y3?B3<Jj4V#_%pf3nM3&5Zw2B<{sqeb^)J@+_`|{
zgxA`?ryjah2_MNXj>sSz`zO+}WCzmdCkQZBF0bz(lx2Cj@I>2{9kHlbbUip8LdtqE
zW%Mow(>6f~0;d|i(>h6tM>b>1)x8Ks%^%SG4Et~yo~zB+W)bVF<7ChM6%JSO$(8ru
zVz*lwR4+3LtmSt#e9EP2f26Dd>@Q<&`kAtB42PUFh1iR4RF#@dllTEXqRJ4*H}n@z
zOQL=^TI#>Go>lrhN2<Y$WND@FO*M*DlR|#$bPdTX3}*K}n=}&-)MyB112w)kWOETL
zMxA(+V>AQi+Nhw|;`wX)5pudp7qi3DoRv1+225R~@Q1+X0J;|8fmz+RI1grOFw95b
z&#tJJ#D?UhU;yvz$xxSlcIDJ4PodA9W?bRHMI8tv7i0GU55Gi(ufT0yd>JA5;Gr|d
zDi1Dgg3+Luo_*|xL&bvc%eMEhkcK^Ptugt~6mJg?4@leebjk?#T`~m@C)OwXO&wW*
zxVtu}2l&%dQ81O~9F;$j(g^*<enhGbWQB$?R6-wg?{(U#!2-}*NduS{+>RfXfPKMy
z(Y*_97g|@Kt4+8ZiP0d|`h~ydjG75?+vyLq1rd!f%>V!qfaJa45T5h^WvtZ~b$0z>
z!(Zw44wwTg(R)g!7ZMj0^{=8T2+ZD^XvY=6P-HljAOp+)y^Y1_wZ(Uxv_1@Sq^S*0
zV4?m#Fnd@pC8$%UwI#f@j|jmE9O3E$Bc3^b+?L-;)QP-%B#`-8fby<DlTkTOH0uDh
zD-72zd2cZUuA+J>N3#Wd!#~HptQY49F@0}CeZPbO;BBO(sif1jTf`7VzD@XixeWRQ
z69ZPV2V4%l1g_AL<v@sp8Za@T@|j5*bx5HapJXb*9tEm0(!88a@w9pr-%7wK2Y9`_
z!lZmb<N-i4x@3w&>}iJLmW4B**DYdj?fggC@6-ST#=4nu;g;jmgEnKXOV`Y-pEZh@
z*M4@X%Ar6e|J~}x*TmZhWWvWg6JPbg0An~qD*9cjH|1gwhcXlMq4&7}kpBz5B(x{j
z|9(InS+f*`A!Gd**mqC!=AE%Ie*&VA9A;Ib6F4D8Zjc6G;wuT0d$ZIM6zidd;IhJm
zZ-m5PC(Zj{QNe`qF<#pN0tKlbr?1*63Esf%F_A;;5Q7$FXXnCo_#rP;Vi#$BNiGC-
zWS2$oH;14VNLc8Cwn3(dK==o3xmJw|rjA5`Kw)ClhiZ#c8D1X{Dnk`elQ*QcgZPK?
zp9m*Y2_(ob++*{#p^A1Q^rRcs0XZ>u|8U&#AL$mZ_ct9TlbnIKhR>iWimj7W0ft>g
z_DxT@{a%Ra{;HxFZxNlmTw9AUIEjx=w3|mSZ<X~M!(u%N6y2bD1fezA9_B?67oZSH
zE$RMUePc;tLbQDw`&k=WeHuf$sn)W~$UZD}hwLJ12oVn9Y(75F^XD;WkK|G`6bFnZ
z2%tMMzV$4n_gJ2p^*&#*Kf@lYI{v2)9Ug6f0wP3?#3yM3sX@{jum+>Hre+;^JYC!P
z(uAN8exK$a?93o^Mj}))l;`jlG&5em0v-VWZ`#0}Jr7+`632c1Lmc}@jNFP}aF`F|
zHi#MEOJOYKVg^z0vRgn#vYK0{Q8J#_f?l7b2{1BIK<wT_=x(n4fFZWw9QRa#B?-b|
z#{!DjDS4GQTgQO=RN3cWkhpT%H=`OjRwnbuad1b&(5ngrv&}++_Va<iQ=G^E75An{
zYVWFX?m*QVPV|K89g|=$V%ZPS7S_<iK<p(#o<QgQt!Q%q!G6{AhIuNhQVxq=KV0wF
z`Z<-m>;rr>f2-Dh`On~!eCWg~=Tqw^0e{o?lUjy6BI6(~_>Z7q`9ZhjSP7-VY^)1n
zn*Lsn{Fyp~gK5t-MKM{k-H?kpg-kx4E;ffn$IEn@3{kBq|MDUX1|lkANwV}l9Xp-!
zUI<2gL+eSXZKyadak4eAzM=NOv!)op*pCu(CE_GOV-p1pZ6M2Am$lI|+o10czzhP{
zv?8M$gS^V5n0nf<X11c)SQE|)b1tc9{?u68(q14LbA<B;&vEb)%vdfxrkP0NN%I2i
zdudrf00D<TR!=)EDK#(KfL)BWdv^vTr?p(}eMgJXZ(3@*yhY)qG<BGDAO;U`X7lip
zBQgcN=KV;#R?VXBgV3PKtCk+lf)iXD1gjgv5oLEmF2SFSv}x>B0xzpCyip&O>rPpF
z2LUojZ9Q0pv9bHOH+7{g${w1_1r*@(Ds<}^lD-w(46lY&L$(0beL-uY08Mz&AXZ_5
zU=~2jXzC}(!(!K=)ok6Cc$R#a!#x;pQ$o4QGkrp6W$Nb)N)(!hgvKl?BC{O_2*pM*
zU8(`NO_t!Hyzl~R1YJ#hk*07Mbbgyc3^`9k9f3Uqj@#6uu5N!fi?;NdMFonqox@J3
z8~dn=ffyna4JtCY*+u@cT#d?oT=5ebE(v+P)@?CWm5c6X&au!@Hhqr5`b+hpC59Fr
z+BzK6YO)ljW1G0}v5-)kjp09lgu1PhEic27Ga0!Y61Q`=mpU#ORxr`|tTUmnp6@zI
zl#f69w545<?qT^Cqy35;%SwCApjWojpylakVyP<l*rY4OYnpgbcvALvyzRHDQgXq@
zUp-*oORQZ?XV}uSF*ui2pI~sdTb`i%t})|;<xCJ2_kFeKBpIOfr9u`<({%){7EEsY
zGp90#S!`W2=&pK?0QfYLcDgZB#NZ49{`{Lk%GL_tE5!LN`)(vr2TQkNYnKgHCsyU&
z{*W|wLkpuAw1`i#Z={xq6EBLw{hGjBinU2U%qsYstK+R(%5-kYC5wAg;+#lTftX4&
zJNU6noZQ-i>_R<&?Oeq|7D-p+G@+*zzSZ}>1jdfiPXVRN#;AvUAVhxkX<0RWFeB}z
zWfN)R=$b*Khf8>p>P9q12(D7|4a*C4Su{i6uv$lF@PPFBZ6IMf*|Ef#U7T%bW3@=#
zm|jdcro(G5u=dwb>C|cidXHfD+;VhS=q^6gEs8*{WVpF(j9vFPHdSCV58`HT^z0e*
zo>l07j#>FQJ<$80IUAkyvMAwzrJsziM)49E@ot^h1qk|VsT@Wm;?(i-BYEh?FddF}
zq6AKwd%2XglY7_L&^j?PEHx{)XQhTaY5rmiYkC!+$qAl!F~~PD(s}{lh?n0CT&^+3
zey=qu?S2ceR`EV)bK4Hc?kbw?x)0j2Hnj(QFO|-b3W`wA{Jvzri(M^3P;K~++YJ@R
zBP)lT<trtC5P`q99u_R>$Y~;s6qxlS!?O}R0@2D12U>{om~yAo3JNX8+0uVk=V+Ow
z=y%4kYJgt>2JP1<60sa=L-$I4PDE7upRT7*!~*f)hwDYUt0(M)P#9_zJ9In9=Q@uY
zdaG-?9r#qW1R(;&`C=SlJEB8eQ$y#WW&$$8#}j6qMWeiFtZL^)uz%V4%J?V>rME`5
zR7t^KPAfzb7G*7Bjj(6=;+R+K1C|y4%UGz6MJ%7na938R;}H7m+eqB-ctIk>sMY4%
zFGBL~F(aaaNnZ{x{s#nhpJR<rqp^9!nFc*TO}?o(WhXk5ho~ZcXhj0x?<(zJ7Rc5;
z1il%fAmV9!a>#DN4kkgwL%pdHz?%7{$tpuA=|uBaQ!iubbAMF42%S)nSX21WwDPBQ
zS_>F$d0X!Y8R;nu>_;POE`gJkogS<vQa_t3`cTg3-oqn`Bv+8p%%F4@&MMDAm04tQ
zgFGF0L7Zx6u^IlHAF34E??8KGM&HJN%XZXmuG7Wm8Fv8O9>hX{B?CJt_!4f=RTwVZ
z?T}ORl4<6`hV2a10vVPZmcEOG9G}$bBy3J)zV3((X(nCQ<wAla1QGKt9W$xab?!A8
zTqt(I9Zw;s57@Q#x+VB5;}HHGfSdsD4BuV2<k6lB+KS=<mOgsH1W8_6Q{6+~Ure*n
zK$v13j<A?PuJO2yAp)|QWj9Ny$4rj$Z>5k{Ko^BiK=aff44Ak~BgxFovicO#%aWJM
z{+}eMph`f{`Y9>Na;3TpeyIMf<eYIkYX!{tL|+7er5BRgqHebwngx^5?^BpKx_1W(
zt{uZ;OdI$KcNKa~iO_7n_pJu2CKbzAU|G{+nX+MCC-VeG*}-LG9kFb4l{a7Rp(&+O
z4J9dcvF-v+rMk9$4aNYZHhuAypK$R}_0uglklRKGQ1SAe$|C2Qcq)S98sl3O=uJZI
z#22n=Sb_`PBHWOLW7$HrY}G=&JZux>`AK+8C=^9u{j~v|*a}jq5wZ7PYTrZ5Gfija
z<T8+>tT`k-`xP%$PC7`kXTTM$e$c32$ZrP?muW-}VrQ_4#8_A81)?-v%dnsoK(|PV
z4vQ46mh-QR>N%x4Q<(Kh*z~{h*i%{yEhPLLyR!S0%@Uodrdk?X5RC2sSKk-4jmDNy
z5-MRFQ~Tk$&-)Uu#A>S2DzLu*2{{99$<CjrZM~UrFaZp!s^?`dLootb8fyveIc+^K
zjMwe<;vjG2Tn3vU4x-Yj(dgzb002V?+q0%+$ICWb(z>ad@dDrKeB$)cjP~sqXE#r3
zD(cU5Vc-sb8s<ICPIHXM2Zc=g*g(XkQ(5L}R@+QPgCBhB?Q7n5?~op6=)lA&wH@J-
z>-6MB5iozqi$m{FloPrLOUo^hj-cY`3DaoS$k@y<Us4E73`4mlLLo{SfG=$F52zrd
z5*rv2YJu=!5z#?H+oPD7;0|vwFGkGwb~evUhYi-o+(dqwJkB;y_|ppk;RJ2GI4HMy
zDzDu0M@~5CfX-b?1wj4ae{qbN0Cy#Kz{RghdbVCmss8h(8O^Nb^6I1gvYx@e6Qw2y
zJJlp?Hy~b~l|ldk!zfJAhQbkAu_NPE3FX6yf*zP^!wPIl6p5YS#XjF(sUfcaQK||{
zN8zj=at}w4e~*L<ID_riP?`p~iUIcxS1x)cZi33qNzs#At%s~7uN&?9_734-vIrOi
zpaXxQw}(QIzrWmD<#uV#7+rKCw+SFl*!)n0yFC-wYM^c7O4?FBv7fN0yD%#F1q_zq
zZyEwZBrgSF;04r<3}oP5s9hx!@##h*A_vrF`PHW$pji?i#ZSd}avYH-^Ob$cga47D
zhoesO7!Qr{kg7rnyprV`C=PgCU{p$~mx8o4Dh>U6^Kfn#WECz9*R9R-aj~mVF>x$9
zf<7&(utb<YAu^~S8u9Y6mpO#6FR!)v;dk8MhjTGkaR#Vw^rg!61zsZ+TJFYXqoF68
zI0>4K$nH&!mcTBNW$ME+Yh@wAv0%|^T|($*noQiN*2@3~74#d2Tfi#2zN>q-E)=px
zcrE4*Eo7KqbPlVYZVibkeK`EPtxNSje+k82QMxfXMy0p<N$z!>7h@Y5(OA%&ssu~;
zEY)Gz>2X}kpzcmOg)Lk?N6|yj9zGgDDlk+HHEZR({$>u1W{S4kN_00X2jU3@H*o-(
ziw2~OCZC(|2TrenU-ZTav^^L;RKo5N3Hc8_bi=$A5ERfIpRu}ZH>a8_TfLq=p5fss
zS89qg<Vl(*;!OQIU&XS}cVdmlS%vn(rb)4N)VEQHpY;MdAb3-N<rSgt`U2OpKcJfC
ze@tUClqCwk*G`Y5B`nW7Bv+>$j2oXu#I@S(o!k^46+?4X4lR+}=>fq|t6S<N;k-0I
zG2uVLc_ZPpE+0CI;0?01y>z)G3NhDUn+ibggge?egmUGdI+n6vRnT`7nZ)oK1es)L
zd7lsr`P2R^!@wS_08;HKJ7#dRV0DkEwZAA^44Qu5`brG|j2#c$&N7#TBO&n0MNnkj
z8lwe{Lf;!K%jZC3XSKuo4D_UM1*4tft3)~}bX+5QdRfIjhx`~rC1XY)a^m--BOISg
zB^bb71dG)e30&0u2a<sK{7|0v6uVnWKQcb=<dzAvs$_9g5|dN%K(Voxz3bOvU>X84
z(IGguJu5(9EuG5FKn=9ql)4nVMre@HFF_Tc$PlPQwt%~g0Au*asWg66ID(vCD00rz
zM&eQymr^AC9$eiNfRw-<FOkyhxFR0#6GAR?SFK_?7S&^Tx~`j}0(+EX-fJq>Q!b&>
zIh_>X$_k^|xY=OkHU(gj4=o0AN#(=E=Mz{5^@OKWa86#Df2;S)A9lSIXof1Io<RbY
zzPrC0^*k7ymI99%baA1>Pnr&dEDRcCe|*+eO<E7rGH81j;|o0_-+4DrD}0;mAGvnZ
z&Rv2h$lu8Eo{q{BW;e5~GZh2vUQlvp@@7RyB<k+J_zW!EKu!KHuZA^Xl}--?tatXJ
zk=66rPC6mGrG3bBR3AJ7!b4B2OSFpHM*-zKe|umw38}x+U(MED=vE&yV|Wf=32ZnM
zUx}(o2H(tCAxIt>WMO=-Fi9RsCaN*n5LySWZSVd|>Z0&tM9>q&S^^F>c~6}7EuJTM
z-=IiLbs>uU@5C;pB?}Ud`sn91b8vdW4WR3<V>P)Qoh0n?>mNEb!R^6Xf;rW8BV!)F
za3XS2W@Gkl%Q%tQgHH`un6P1q?x0I%V`j{uz$5@x*=qXCfNqa<TB-#7H1ZFS&m6bn
zg|_dWeZcoCLZYlDm9wr?R|HD(3i$Yy3iHI)bIb9~C;)X}EHO<)$o?6Ht=4sjtHR%=
z8ww>5F$Mx$UqwfKE&BbfKNwsDd6@R{Ax_})DR+U_EVR84SaWQ022$u0Nc*<E9TqAU
z*1X6vtX6>TM!kD-9(~ZBJs`1a3j-7eQhV2f-?^FLRPDQX^w+D(mtFaIwuYMY7p22$
zKB!fHMB2)ckH!Fksvl8R{cphugCKNJr7Le<oyGr!Z2}O`Zl=}@TJKhW69@9`ZS#qX
z7A-XNM7=R3kKTJJ;kC=`vBhV#9MTnvL<xofLACYOHG;5(I6U;&iP9ih83Q28Y63ss
zTO(XdS5r9?bG;>}bY=gwt}&_L<TS!`oy+y5NvQodL)#B;G6?T!_Fq{vu3;HhimsnP
z2UVud?52WSinhs`E4@*yA@mQ^3rzTP$vK>_Y<=~lMo@?!agnmk6tWQ47PKk(ziE{$
z00IE)Ogs|b=rhR9rb;(QgDhN-Bf%qlK+F?ozmGXt5t%XvwZi9bSG(<)fdAD33Ytmw
zl2%LACe@v@RLpCse&dbG;3N?BiTfg<U?vE!npWX1vkIohTXN7-bPGV(2mtJRWQRz<
zOY-rodm;F)f!>%D4-E_;NqO(Z4gjSuN%~ZBc)u8DkrkIeA#nU{LzUE(BRXm9XgO2^
zv04$RY_Y+L5ezgu7*D6FLQi>qYpR~mErOFU44t`+=K2|j(bWn-?Zd0UJ&l<=gnDl$
zsSeW9MfiswSZ~Qq&?*dykcau#QJE0n39Rzpw%JwV6xU|GcK0iH<t#Es^|#$h4Q8Wx
zHsxW}J=FkvBY6Ovp678yq@K@V7<ri+^rny$ks9~}tVxkD#gQ~F%c4k<`8;OwJc9n2
zuhs*Xmi%O=3<03I-g}r0mzQv-AwNJEy%X397(p=+v1Hak(isnq!Go{wYw&Zsfq2+a
z`o3V-aZIjEY#nEkS3`H&Aia^QZtk^&X=`u%s;K-R6{<olPHMB?htFQDEu%zfum@ZG
z+GyW7bz#0=_0lRS3%>5-^%Guy%$O5RUnRt?1nyR!q8gPUI<ci(bkqPf_viyIu}@VI
zj6D6BB8u&!k=_s6nHUN`i|;qy(9G@Cpx@isB&v8*4EYpZdr)nQ+g+p^NR_0w=N5|s
za!J?hC7Ry(Yut;e#GV^dAzl8-#~W}$N>j0kK&Um20sjFFAXI51XuH|XqIF#4dFs)N
ztNpHfXemYdrLB9#rDdcar==qR5Ay|d%!A4N4Fy+TE5O^Hgucc}TJD83xn$zDA*!*n
zHZ~)6&>P9%@(|5vuV%;^0wU7egBY7&SG1d%^a$>?;N?{<pDAI~!hqOPNY#W=3VJMt
zCjk6U`Mz3)ag2SO#iN4#A*Bm87=AoVJekoPv2aYBw_0BE^Ae_XF+TQI{uZT~>4E*=
zlm&Z>W{;)?w`%5kTJ7MA+>X5c(_rv+0w<jh#1I^YXsD0QkM8-w-HBM!))c*(ss14;
zK3pg*%GetmZU`I}=&RP8V6!kFW+W}ky030M+ceAoJ|m+ej2x2&0QYuz`DOg!4~Q{^
z7)LJ`A90yF_5pj9jXv{3)iGZ{oW{@~s$){h$GN;u=0>SZX(x*26`;GCrR|pDY&uD>
zuFbfp;QU3fm>nNhRB{(xbbupFEx`7qbiaWbiZ2il-tGi+k~hig+<K+dX-@E90gYE$
z5(LKz-d<vt#2AhsRWSzYJfQ{qRwDXqEIx~C1Y++8nO!`*6O3iEAM>A(D)3E5tat#b
zCoNGiLsBcKzBP{{|LuZ#c#TH)#g^U=Sn1W%@9O9o;Yc;x4ao2+XJB_rVk67k1W$4{
z-L1GrDBMYMz~$ovQMs)Y4JbCc-@HQgZ7i8B(Tl)4{Uly#NFS>}XDE;5@j@wOO<=$~
zuK}rK*~Fa&PrF#3h6t#{pkoA@B$36ai2srm2eS$}?uOP1t{vPQ@Ii{P)@1F6ZZWtl
zpjggbh9c}G@oq^hWX6jZOAot4#{v<1xC<dG?CpH5(YNWi{pKn|+j73DAO_1li;&#J
z2gmgmimuD8J-eLWn$Bx<4Cw0(EN30?CqNuSy<qs`S9KPYHDxCetVP#5s@xn1mUs4f
zSWzPgmE}o;Fu=~;aZ(un?218|L<Y}}!N=AuS8qIa?v+KY$@*j4uKiKvjwhli+(|XK
z+kOBkUod=kfOXGDe}-t-dq;zkq7cFTlUmAEv(}X1R%9abNnIZ7n4$|7`uSz!M;twd
z@BL=?2E7DCiHQS=7UV~WnZy-#&aPy{FVikT*3dRyEv9p!c?eI}0XvACSD{vO7f5*B
z1|GJvM4mX~rgg>_#{py)dkWs@bhUl%G5l1don#yqyLVoTV?#qjN_1;YRt4=)K(;pR
zou+-j5U;62bvRO<(qaK_2SdBihetge^)3<!VckeO=T7%VJL+y-K}rxdpc$bIxwu4V
zQ5X?+bbqWF?Md{rXV_a$D|Z@8Elq}ynL<H=&UcShyxUj6s!YlqF>J`#^Y@kPlF2K~
z>=N`D>YQF@Al=gN?U|HqXM;X?wtwap(MdqI>!Q|rQxYKpGjz*}g?^_$I#|0OH-);@
z6h&;kVF{q?Wyd&QzI$MQi4rmW065r?t4P7srJwPphI594tsZ!FjB;~@wq9k(d~xdI
z*dR&&B4)U~O8r+Ot)2{`maYzA<DXhsuQF~qyjri#9cV#6>g59P!U@w`__(gl@j~!*
zHifSy?5#WzJ|Cpvz;8}$s&4-IR7QRpyqd18KqO8~p^C$z$J=7gI&$#x_$hmj@`ymD
z;XwIJv<d7%zmd*bY^E^lxuaXHz#g8nD-@xIIYj&(!S<lZu9XL7usDDh9)YH%I30Xb
z8!aG`)dCKvis%LoL#xW+`z$uEQ<CtO`FcQ?0Y^~y5u8kMBsUcXr4VQ`#4;kb3wp_0
zSc^B8yD^2lN#V=V;mBIGeGLdOo}3Ew<%3b?HTy&ZyH9JGhz*O}#ql`Oyohq}$q<N0
zZ@fj6U_x1i-a*l8_9+MHL3Ui`Sal{u4+Yw43lI-t4P<#xQKb5F$+wxeNuit>C;9%1
zwg#Qth9@*`!|&)2yZ}nKkvGRy_a{{#0iX<{*INN&tysgBHQ0YA=*C}K%&GkZZa(4l
z@8GmT1BQ`Lc+>_-)PdU(tB_yT-My0oQc&bRpKoP>*doowd<3^k&&_0&Xd|5q*yUo-
z17bF~QW!yQ|6QDBxZ~mH2q$tSRbQ^|&K!zL9KY3@23C+*C-*_r^rmU<ae1R=b+|bo
z)?jr>L?0j6Ss>}kRHz<#0?E*;8US~l4+zJ}HYS<-c9FiSD^yI+E_ErAK$4W-K5LyB
z6!^?v0KU)VKBNgso{&)<1V6wT)G-T5jVZ`%(@H26pw!twK#t~Iq=ySRnF3%=#q9(%
z)_{p9{DFaXRxrG?$lFlJcaqDWu*1DQ&D@k096<G1dK}8jSa~k)R>FFsZ<syo=P~8i
zh@Ct)$C@m&#1KP#$Ht77a<dYt_Jf+SCS&bjkE@-P`<O-!l?kTJrv_zq{bX5eE5PWs
z2Zq4OX=RDeCj#1>##eBehnHrufszRZ=QLL~Y)UW{Bm-*7k0Uk$?vwt`dfN#eJ31$y
zX&8?cK8{*g+3@dg7o0`_{Wcg1!&M|AjIW>mDW0Lw3H@RQL~YRB3Sj+!PB4L`8Fw_0
z0b4)#bB=P<v?FcV5BJ`iAE((4yp6EK(x+L@asdKdAdcnfFp<AT0@yk}AO~p)<el+~
z^xJ6;Nr9!m8dm%I>t~zy>aj!rS5Sd1F?#EYAqP$>6*sTeIG}3~cXV5EZNl3Elkqg4
zA52hyhg*Pk<7ie^&FdKJmsTfEF^_z7#=JrLK)1zorVRE7BC0JZ0@SK=RHc+wxb>AR
zrQtshIcz*0<)$|0XJ2lb*~VnkX(!L#tje)wej^Yr0EjN$NdGSb;5qI#fG{>C5OYjE
zM$!7H^Ko)y<`g?wpVj_IPJxp3<&2G8wprvvR(0LmPZ*R15nGZ$zj<!Y%j2E4KwU21
zD4!<fBKMISe1SC}-1oEEq^B%v{Wr*~OhMX>--X$yv!Qg1J;GaQ?uo?vLmIVNOHCU=
zk7Y|(p6up>Zqo_|{NmHuqjVKCYoNCSK*H}=yvt<f>BlQQro@t}E7d4W<DoEPKeWli
zP{0SC9(t&PCW>D&-f%5H2rzb|<>Uv60OJSoe>t<f{))DOUQpQs^wYH1;_M2D{4Ao=
z^Cjo*Wzng$EZzo!Z7b*Y%2=ea$OOo?cl5_O6LNv=HcSWu{g`uL-7F~HcJCz6?ar&u
zR&T)dN>ktXlZ*D06eV-_vDXF{mW5+?J-}awJn={kW8UP)q5(z_hlP-4b)LGNl-J^S
z9{^&8s$NL5hfby$()?QieXAw56vc!$k^(gtHz|K87@wnLyWc6r!iP%Q9@9x&$>ztU
z@Mq9(0dg|^x*MfG-T<3U$1;s0v5^r`26O!p?)7)8Zg8|EC^_cFM0X}yIM=U4bp4`;
zWyqeOjR^YgcZ7N1HyTMZ^PK6Z=~CgC9+~F^Db(_VuP&6SASclJ$`bG^XD^FdDEx17
z5V&K+h-Yl)bm8t|K>xJ_@C%HJQ!b50DOHW9ZM%7EHpLH+jOZN3I=yA(g#fH=m6~w7
zc7FAy^O%i6a_3$DLfzyW+btLH_?6{!&$8|)NgB1LH&M(tc^&U>Z*<;zcKOK=m5^%j
zS@dnkkz~@L#Lt$wwvs6|a`Q^${d66!``eIjSuY>G8&`=2wZ&4j!9839<TaK<r*7Q$
zXxrMmnJ?)ADNpg$mNFw!dAva}v|o`;1nFqY!Jv3%`Uze`Hyx}p=!;3+`A$L5Sn-%7
zT}xPxlC`-@vw&F2*eqGs;v6gt-Nbyyfj6U4Wu!rT|7XFGs;q*9eufAPTZh*t^e`Bq
zRe-)77uw7y)}BMO^EXIBQv2sU&?NFHkpo1DAQcC!echd3#W|j=L5fGZb0^X)_XU36
z`q^^`5vi0O%9~o4Ga}QJ0NqlRAEW)rIJuOz_PxG@jBX}FVQ0*$N5xi!`UNMfCnTMJ
zm;cJrSC%kr*F8K5e3*5Fe81t87sahUgC%d%f>Q0OY5~fd+%wpd|I{E^lvfA0CkKRO
zm_TGO=Q*n?D`xcsTXVU!tKO7p0ghNjJ@J>mN(CX92r@%y#yMW(rb#!|Bsb8w<RS`f
z5uGVVJyik(>vS+)f)A(5PIy{PZl4kOixAX=upu%8K-aaiCT(lI+yXuk!veD&B0H@9
zuV(9rQ>Vn8pf3|B6TxxItvjI@nhP5Kj_tgidVvr;l_RM0wvv6$c>m8eyxRZwvc7>=
zQ;lrKT1=ZSTt#k-TZy;iy3;#XYq98-#+ij~aOm0zrIU`#Hm*A;5T5aNmfJ54KN<B_
zsi|0|ArBnT2v3@CB}zh+CUN4Sf2#_w2xosi6jJMos$VRYO-G^~6)sNpxzRMX{;J&Y
zZ`o!+n3WD_C}TyKWrYL1AAI#yN}SBM+5MDt3iBCSqBwBeCOOsy-*&kjEgoJ}Mp`$I
zqpEjJ>QT|z=3q=&dEZIyF{zq}Qa!6Rv3Y^<7;%WaI0TjcLC9CF@>pFi#uan{@4W;D
zTq1So7FDA2r_P)XKK`i*_IhU>*LPF?ZEJ9aHr%UH1yYfRr=&!7v96>`W7WLDq$os4
z2Y<BZxC=>Ik3g9U6r*7c!1ewFhXxM&;<6qcVx^HSgj1>jX&_vBs}pD6w8^cub4{#G
z_#02&HSUkKzUIQufcp8MwhMUQGnr^*I&adEo$wSLd>SW6#pBhV+waMr0=nQ#^3b`^
zsCd@=zOf4?n7aW@!i53m7sGQ#gKa<s|8TN7H}^`cAH_{Jxp^+8CWOE{(i>d!$Yhal
z0_zam0J|Ct5k0T~3?)J%HW8s>1blFA!4^<+=3prnR}N?D3xc-x*Pg?{%gIF)pmW^T
z52Q}3h9*fOQZ@PCmG+E;^umCDFh-H`q|?l2o6Kwz`3Eu0KUD=RBPh}(%T6iy&MV;w
z7Z>^gTl|9oYPH2%9NJSOuv%LIg%}U%WEWuzaY&<Q%2xg3Rv@o^oVg&pD5WqDjVoJ%
z<~>Wrix(ho3o(@tVgEd3t`tJfVj-A%k&;3^^x`0S))<gE!gmq7-%=R3*ZTl6;*RuD
zbJqXtmSR=Cu}sVleszzR!)6(s(UX8@x}TkV8B=`WDqZW2>+WCRj~g`mpRG#<OP*US
zd5rVieLTq4D)*CFBDyg`09Iw+kGYcOjC;G04ditLQzYGV8VhIDt#~bJh4ywD%|GM1
zKl-EYF=aGX1DLDX0|&ioa8oNq{Qn=kHVasa<DLlvQ~>G+2Uk1)g75dS5|5Qv^F1bd
z!|(xFAKf0f2V{diP`^3DOb7W^O&<&O9XaXuG#C>}L7Y^XxE^Cy^fX7iNg3)VD!g!@
z%Z=*=$pdMl^fA@=^D4>olDZz4bT$l(K<49ZC5e+LSkOVx>l#Bb9piT|$8cKDGP2m)
zdt=BRG)(9eMuIPN<q_ijgayi6;3^`=zt@4lIoVHWAApEnw+m&IF{=my%I6+n*z8xz
zJ2gP!z7@7qV2mpT-h+!hynumQ`**TmT7PTnuc0mUmfg&t+AG4JwzJi0hHM?SV%_$u
zDY8(LOzNy<So&qJi^6@}?DoOJ!5u<8hZWK@dqQfI%D~nI3kMBsssvt7>p1sUmT}ao
zhUl^8cKq~G1VArfXGCj8PBg9699pl$zp%5RgT7ZIbnUXWzP`A1VV-)f7XFzyJFFX{
ztDg)|pc<os>aM#O1FdI+<oL|9487XGkn>s=k6II6VFcLB#M>bK2I3S!uv*9?iQZNQ
zVZ$3JFnxzF+>Tp6h;B@L?HLxap$*@ZaSioqNH4`nr?DNW8IfH)I{*Az@jgx6kpq#H
zxkpQS^CtYyfNrn^@6x;EyGGj-A*~T?4Uz=heK))OJRZH<m(!*?$hTW85Jkp-5Ub{m
zmMcXgj@!6xa0|AReWrf3s(J^w|LAqEzJH`oM@K%DOU8}xU#6_;S)&IV;(8Mm5jLJ$
z%B<cz*-!(Zh8-EZfWkP3;vt7@Q#?c5dpYa(0A<qNVT5j%iVl}q_zi-)7&JT);+=?w
z0po7hR?7fX`;$P4JkP@qm909@aybM8kdC``!okw)?mYO@uI+@IDwDm^P5E7=+#|RL
zEfRd{HHoJcgjteIPOA7o$y2%YlH`%Hw1NGWH^6Bkq(`WB#An%BL$tAj!p#+yYW8LY
z2O5f>rq~}WUx_i$6hT_fDBe!G+2%O^yk{43;U(j}dz4lLs#L$?Cd#L|guW=1SH>kU
z1H+T9*Im-!WR6Mb2l?s(c92YwtVP>KdQ9lzOH?kFppz?lzuZqh?1MU79)kKB`qo$r
z0tAx8{476dhB$Bl0LNgjH7EmyQ~;OixKnozR;NQ=OtiMhd9bqcF-U2XdXn-PLS&fL
z2X|772yAa;J*EG2P^cIYh3VHtC5IMOZE<i+uZmmR-1}$PCT~gevT184)jl4}vcImW
zMMULZ?Ah#mA@*nU?=+!q2AUQh)d+Psgo+{ug|}zj;4DGL@H7gvF%9WH%MOKvUJgzy
z6-qUWwg7g=RL$1zY)6|~ZRrxfkH_c5{wb|rEvcwDz2{L2?A9Gf2`H)3UY?QGB?cu~
zUI>PbeW2m+@jx8GJSa7_Q-=%`QsAwX$}F85J0wc^jypgT2>u>$&Elj^C|0dvRk7I`
z=bV^&imLn&P(HA*{OZai_!S;s3Ox>-Mq%$;YYqqxQ*IZmk~!y#-T74~D7qG--@{`b
z0bo%I)IeWtB+TfhQ9wW_OD%g{tx`%Lz{%uTrvFS+r|Vb|pYldwZ}lAHzsPfn=AmD}
z2c1B5P)~niz0-`Gk0u4rBK;lU@thz;aIn-B^c$<P%3N*@LH--Y$4zz3vA-Vf)$WD^
z{Z0$=x!WGtSn?AJ<~`9CSWWBV1Rhh#r%t*MZEx5jpBEY-uBhl~xF#y<y4y9(-!X{J
z%%r%6ipHIC8#ZgKT*X^dw6Jeu=P?E+GV+!CId1?#K)$~;LL4@;!LYt~QJ(V($^9d<
z_EbSe*+nfaqBI3RbtjbS)mTG#fyly>FGZY`ta?h<4dKk^-rp_?V7+e_a6|7|T^>Bb
zr0<Mo*YU~H6sDKL{t1%j)4;-|HYX)0%Jim7dhF81A0snQ2!_}iaM>=yA=0~|u#8aQ
zSRfE5<aTn=GK-=BES_k2ZOM{Zv|;ixu8WP|+4CaYFPDB<5KUxCWB)A2)ux`>gJV-Z
z0=CtD5^fR<6Ds=12y}t3{Oy6ero%x;aWd+Ut9X)rQBXB)B%29G_1J1VSwO09TDBq~
z&Vs=#Bx^N16xlb=>Fi_kfGYimQW;0T=*AnvdIM}8uGpb%NBPn4Si3{t2K&)h{F~x-
z#6_9}ig~N$d<Ab=uq$SdTwZLF*$(me>lN`~%3%nXKgg?M`zVE3HF_)t>aOBmZ^ntS
zS1bhR3Hspt7|Iz#9$<2XxmN(Tpi*i-P#~*CuQfkOfi23Xz*~%U&VeK)kA?@a6Z2Dz
z+-?+rZAY$#C<k1F!-{^>QzpG?&37e6@KJfIi?cbQ*!yIx_@^gsLOEsCMV|5imSKp7
z7}i3>`{V7PlV)y1)BTWpc!``3%JKA<d?yKb7-~$mBJIjjzwp94<(=#<8r(RlK-3)?
zrh<Lzm2ki<Xxx$XY6TrHvoAVAhF#$tTJ9$@#oMl_XQKJ7tt!g2x~CXWREm=3bY(8)
z@o`muiF7wAW<UW4uohvqqPKFm|NKE8o?H=5(EkHolFEQc%EfU(!oLF2P|^k4qha}x
z9>IOZLt<TU)(T*;1G=Y5d>oXAn$gFHK|4{s)H)pzMj!)SHq`A&HFRT%Wx^_e&Xsh^
ze!D5lr6d>hQ-_eT&1&B+vc<Nb*RZ%;0016v&M#YJh$lWzEeO275>eg$@xJVxOCUsr
zjT}r_3qFg6aNtJswYLNGc#(-Q^-QJ!80SrS^P23M-xh~~(DQr}76~!#QR?TC%z?|c
zsE<QQF=$%dyublgMBCUr9!j=-J?oMNVCYpCJxenJiY7X$F~qUju(t>QLgl@S5;#nA
zSp|<o?`qWVtKS$(E~sf(w_;nJ>P%~#f+S8WmW=UJUFn#P{}xuwfk~`hS+T(%MQ+<4
zImo0PQq}y*T$1jgDRuS3&li)X2jy-SQW+oG9F>gLS18QKhVh`bg*rJPZCl7*z3>({
zb>FC~SDqm68a&^ujg1_c|10Vyei>hjrM$$V*6$pNJDxe%y+wVgFrxT$u})Llgw)w`
z*>TS1z}2tEF5HcL-f7WH5Z`D>QZ>Hbou4uM3jDnA`J1m&bTzS%J%n~fX^Lb_Z&gI>
zVejVi9jL~yp`ARwclbOkYm8(lEO?;qQCZ57dC?ZynrHIw!g1vZZ$jR~pZZuN@1G>O
ze9{|RE=>dRXJY%!G<v)D1Uaw~gNQjrM~6O&dTsO=ZF1C3y59u7B|W|3AU?U+PpyLY
zI$|OR!wdz8Ea(wZav-Dj`=VqveniIDJM%&rp=TCX8&bOSHz&o<a0I3ZW>N6~n9nJk
zQR#f;DduT99M=4hJfZC}lSR8a-9|o&n*Y2yGJiotztexUQb*TCW?L)3Fbs?CelW-+
zHsExqHY6MlyjqX2XC&UO(;+xv0;m4^NiPl9c`1K*qp*;8Z9{WQdbyv)2`*Fgnlgj)
zIHzXB3cYR}v%=-zbwR=bSCwB5{iQi0hwJ?#DcLmtvThoLPvK5_OP}rnU!#K@g6mbq
z0)ga=mE}9B6?igVji=amqOo;u0~D+?C9r_O?IwRIf_2RF;{B=T6F-xL#hPIbZLg`I
zD$aRakyH9q&hA2ujXYgMFM)o)2w<j+0~oY-Q@mCJ7J1_p<bym3Z>A!R0~574rx3JR
zA&XFZdS+%L8N5lC({v<GfdG&6$nfBh>d~^PUu7u`YHYfB@ZWSEOx`um17y@rOZ_#y
zEnY`9E5<Oukv69%1fso6p|`yH#07^EoA+18f8x#-49z2JS)7yCHXWGjxskB#{<GWl
zDWT(E#q}9xm&O0BZXOa1gTZIbpNW(s7yy`$;6^j78y_nfMpi32akFHe-h6+Y`aNp;
zKK&p53<{aVd)F11-LC_;St8K4;i?d|g>B-k={tZm853=*w3;aDcc4xCmW7##yk{~}
zhRKImIIy6I_TvIk4g5d6?oIE%WU*82SAAgBEMgL2*FW3w!hm8>rvvxuJNEteLiRh_
z9*f$WEkp+R)124aY7YGjM=LbO4huj<Z4BO6)R{R0R3z3c00jq*rhzY~8X|qR_R$zA
znvTR2uZzZoxAXeIL${@V*sib*S`?xGeyd`~OG&5Yj%elwgOG*9WUPowFPw9{Jf&G2
zoA$J4B)TAppF-#h36hE2IjWnWB{5&R$*pg3<4aopJv4j{y7>=5oj_m{1jsD%MdRS=
z24<*w{(@iIkP=Q=U7yE+_-b^B@R*JO02yuvufpCSR-C&XVeqOn9(FhXYg=d@4F=8w
z;{w(K!oIOTL*i6-iRf+s2w-F<?qr4fs)Ht5$P0J;DukME-4m+epiAVz@ZHlc0uLL#
ziw9)3{oxN_YOC<(tsh&O+bC$lv5R-yi(v}QhP<{3ykdbRoG{?k!yXGWh!$%y3y|#q
zb>)H-nmlcBt8xp+y2ON$wvzK2P!sa2Xfei+tx?=5Jd>A8!-xZ>p!nZi5Ship$M3G9
zW*e*AesqkH)7|Som#03Cnd7bVj8%fu=SdvOWU(HJMDjQDXv#dM_mYhW^22nj4*Z+^
z1WyYKl7dj+ZoJgOUBsX%)snLTVFcp$qGi(f9%M|<Fk@k}S5Dh27c|jv2Cuv<x;VX{
zzRuJLK4_s5R39G+3!~sA9A=O!TP`G&Wn)hoM6l`1Pn`PQ2r4ZLde_hlCf|XV*jGFl
zJ4uJZlKoWLy*B`UFelNF6d6ix6@ssHMr1z@8slJpc`U8pp0ZxMj(fE&Zr6qx?A*=)
zmVfljX^Sn5_oxP1>e<<WDi;ko{<lt3*(Rtsp<FrRT=aicLpt!V{4EZ@m4d4_08tg4
z;FjV6<Io@%tIAw=`+g-aaDyR*;ckuspd{kz2TCn1xW9Koy1Q!W#G1Pzyn$fkI5v~g
z4u)K|oQ|WNrJHkp=*ANjs?;;I3F)`k(1Q#*TN8vphGSwx0<lPP5Xo^duEqV*1T{u1
zmq%=Y=&P{gc>g&|7b)9n#)2Ch&ruR%<@4}0wHPZ(H5||xN<1vwj#W+2N~b$!EvG&5
z{cEbnYx1SO;n|gGk}29<r;|g>1s`JS>1S7dxz~DsG=fOcnK?|7ziimsLpkx&PdZ&G
zpzp5fBk(2|<Z0_(U5Bz$3>lVzn<0JJNE^|Uqtkp@-LguYf5K8|1sEy{<3!Dtq>Vj}
zO;Y0S`l$Wva`?uRnNrd8Jkx0<l)yX8^G)vodXXOxs`Y;wi}$GK=?5%Qm#pvTl)y94
ze?L8>C(+jiL4*KLyj2;f7+^&MGa=;o?JATbHne_Uu@Qy7!=w0P3i-1GCGQ8d4piDF
z(V^!a<p(`#f`@bj?CCevk$5%Ja`g=kSi0{3J|&%gV21+>!Vz|Jw`(3cm-j^C@zRVH
zZCNnJ6J3|;)l<{^p%50Lw!3!Q*c`Qc?i3>fLu9p+8(Jh`V;dZdOsA^s>QV>l$M!ZX
z(}Zt-#z<;IbTDzvMMpLwi}yd{r~Ot)FJ{Lc`@uT~XumqB;J9jj;9g3cZCizyEC?_E
zq9QNkT%hqFA3Bx6*1oq5tj0ndd0YNgb80k!n4u)6pcq$THZ`%dU_zA(n+{49y0&EZ
z`TqhfyZVcZ+M?0~7qXRMg9VrOI1(tJ_e+HYSOzGyqlf#gp&o1tdiUl4ufP>5Y9P8|
z5BdIze4hzVV$sRt>3hhETb6A;G!g)G6}UrkcDq~#TAl%5r-DC_G@F2^28F!2a@yoO
zfT&acvK{FoMd{I>xfAwcxVtX18tY4$qNMI>9ph0=#PGW$NCGSXDy5}8Dd)6vjvF3p
zd^)}8@+gJadc-7MlFew-qTnYGcH7%aqF2H}_bQ*-qP!%x*cG0{QPR=(r2JkAiCJiI
zl#NrOr9FzL*aacdu?RgUKs`inlQSY~>H)SO@?|@U%?s+d4FO>?Eg<O9nB}nLd3_)H
zrKHFg+FAU)_`;)rD#1LM3Q+k#wIhKWG>={V$W1XCSiF5Hgkid3%2bUl^xqJ+iID0&
zrmp=9y^+zcN#RJ;O}QYNeBb4gsLOnXjbTS*k(qA-!V*>_sEdLihXmPp`HViN&etH(
zswFK|DyqOn5)^J6Uj15yr*R;r9zQYs=Ugf$Vo(VQ1J76Iu>!(I{j&()L$ED`W!w24
z>I=QnDJWJ%TD-~3m*-KDdyF@tPqIS&U)8s$?~FP02;4}*EDgLB65Rewp9Do!_zdA=
z6Q2}px!)iPwRr{<1b0)a7dCeqQX++F&{67>cb1VX<eyGhhxe6<)YQALuqM=r*A*mr
zc4#vo5bjwlIFnZJo1xT_D*X>yim^|V{jV!2hgmoQ)X{x>tfh9{-9C8B9)QOEDr4`6
zwoZs2<PNk82d(0XEZv^7_O%O?B6XehUrgV6zbquXgNo}GTP^XH<{2g2ODf!JJ~MK`
z*wck#{%`NZxZK{oRuk81_%5YcZQfRH;_g=STj~$He&Ko^V8Hh?Ei-;czJ>dWm?Bpn
z=@tZL3F_@iz9#CRTeC1+?`3BhkC=xKf}$FQDoUx@MjNo=si?z|^}N|BAhh3~nZGID
z4+J<}Zc)NhaG-Jx<Xs82L7rW?RPwgCUDrl1R-{CPBZi{P&;q<l%Vo0Q1S0azxXT!-
z<Dz9P81jOts>+-w^JH?Qd%7Cul7S@Q`U1;(&NFOZ=%>5ydxM*GH>oNjjFl4#1df*q
z2ra(}1O9q>_*9=e|ILl8O1H{Pi?(*)U;qw|P=OD|m`Ec@liR%7hr$f=L031Fmui+}
z<1)hVxpu32dGpnTk#dtZ)D=QlQQuZ_k*fY27a;0_q$*3U*%}Me+e<4bBWu6xzc}j0
z5V<I+Df%T<0@=(e1y4-?3zh;lJFwLanS~;sk?&YQyJ`uLxTl#`w!}s%$R5fV_~E=h
zCs6xTYFI23CqV!=rfeHNBgrTG4=GUk<Xir>S->lF6Ehi2Sb#0i+kNS&XZqEZVcmbU
zth`XzHG5fWnRP;Pr@bIg%dYqx^_S=m7nW>B&?q?;1HAO7HHcVRU9qA}3QQ|w&QIe)
zkBCcmQcn3R*-1%U??dreQ>G3qLW(`jO#O#cgICVUaERCxoIIdwU`^RMDW*WU<sYgQ
z7UhX_@yEpY$;ImIHy4)-^6i#nJ`IDQ3Rl91N)SIcC0}Oer*-)1wM3#whYw9F@MQe1
zt~<;gC4EX?-)p>PzYuqHNU*T`W6S}GsIlpx$@+?(D9x*)Q~tZ1yoj!~Nfh3M{zMH1
zA)@atsI|j$x^0QS!681bX+?s>RAmwkR*l&wXBOHE32;_Tczrx}`glWbSx$eLk(=?8
zt}$mGaqqbw!-+~?8$d9dnH=Pk5ol+;v>ZNc|G0wiUQ$C2v%o0NI5ZE*Kg-+ZU2sW~
z<JH}t`UiLtOBII{{G5N!p`4@ipO<1QEQAnks7WB<k>!Glc~!fuZ9a8pb@&EFMOWeZ
zzo?h)O9qW}=Z{H*>nu|Pb5v(zE?+QA!+d+aG^E#n!~zl$+iV(9@5_6Xy)#KewRZP{
zKe?F0I99yF2!}@KHI+^J`W)zmEgrX38IaNVqiE2$AhQx&{#NHODuNN_>?d9}v^rU_
zKnN({BjhWKH9KyhuB6>VUM)l;(nZOs18FmmJYSFiMae)h{gVy@p+-nboZ)4%sQ55S
zio>kaCeC*UT{{e`0@l}IpdE}5aDGZz9|EcPQa?9U{$$qG?k;sQX0qC!u#|O+v84&l
zsr9Ub#zVes!5{lDMA9$yFt1Eg>j{3Ki>2^tJQbfmQknp+>tJoCsH5y22&{&6qQH7=
zFU7;MtmVruyzwbmKJHF7F64KdIM%OCx^EePEDCK`<9*PPjVf(ze<b?-KTX7?r=i2B
zt2L(_2<Zr1am{Y}Tq5d`!C~+_MNOXk8CAPVuMep8FQF^P2dMqn;u>oO;^nB)gb`46
zV1^Mq;o|dVZ%=^{Sa_2;oJDeAjRp%Jai0CbTU9S#kNGx=*W96C#ZI!+E$gxkhgYKs
zKtixfj8RDFp3k-gplTJawMCpieIiG}ovSfytMo~-7zBh=gT>3r#X_tqry2@UlV3>$
zA6FGg!}*!xReYnVhy2mSUc8iWJE2Z#jDli{T^zBx>3qnA%G`?lkq<+6(*Htu9Y`ws
z$z(NM1Q@%Ht;@WW_hG|J+lCaZ1)w>6EUQ<nqv#n#(^&zE8MPTjJ{~%qg|4&^-ZK@h
z{2E(Z<VVs(2`S8E+rNn8NS-YO>LB<R-j4^`d-M>#^AFfa+{l6fq=g)?tM63cM3FM6
z?s$ByDiVybRfLATR6LXidWGBWKsMy91!#6qjNhWo5USY|TwWoZ%czPOJ8$PKTSwqV
zD2ZFRRpcJ>YMZ9O;vAS4fe0m<d3D6BGm5XvPZK=QosX<Ktby3qFmCV^aR3PAf3K|J
z2e3NHK^SNuH)OHZJQO9vBZ7X2EmTr_Aq6S$t7K;z*K90rUQ{rS<YYR)AnaBwudCW_
zx#6IplU36mj123nY9JjuBf&zy(a#sO6uNg37U8_aWXUr~925;e6iev6l!;kUtv+qV
zz$XmO?yJuT1m@bJJDFzJmwil@Tf7Y}Eva%Q^MC%pUZZOn+#Y~7)+*1c0p>GH4INL)
zlb1^a*JKLIoZHu>nH4)>Ke56fkdG*_X&yd0l5P+P><le^uO{uw{FQ=!wTFV<UYgOl
z<Xo+QUJ>}f_9B7RS*)fn|9Vgznt=ubF&HZif24vTe`;JO;HHqPv!3b`iDkS+5V38y
z(#V?wmH=@#Yetlv(-tHjM{v7OAW39T1to|o_v*ltP98+tcI)q7g*>~OgD<!C_A@*h
zyIPpVY88Yihlt07Wgf^U%30{c=d@}jHJ+G<gs73fb=?suAig(}onabN++rfwb0CPU
zI*8HdeJe!?mCA9PXDK9!MtPpnMMzk&x;ms4F74^u<i7{(?gyU2nu(yC^{F^(^B3$u
zPQGuQTLv%S@4zCL;hLJ#l+Y~Vd*m_uL=52N#y5tF_ffm8I$Am$>bA-y4vq;Kuxc^j
zjK^hO+QQLTx=QBmfFirwxn-b3&Dcxhsh9zR;>!jvWp^^FNUrsB++1-xzrYA<Qo>|S
z?=A<W2zW8I5G7K@3$-qkEn4^25=WL;b9JDyMO7`$&MaZFU#J}~)pIV;M_1MVpUD=5
zJSEiT^~^p%aBq*mOJ&mOc4huk$LfP}mQ`|~C;cVJ%nGEWIPVHOd$h{q8F#d_qC-9e
z*x_YW{ldEh%LOQjCRrKo5rM>=f#_3}iqbA&=%u~Tw(h@>P;5OA-gT+WpvAuq8l47x
zw2%XooV_}C74YhJvAvEmh(v>%q79;>fZS~|s1|$RQ3CBFAi#SUh|aoKmRUd_*`n*K
ziR!aiY??<iuI>(*zWxz0ZfLlwH`0Z~*o`Scwg|Y!<GMBFEtJyfjPzCvg1{PA4ANF7
zVSYxg2s^RWD_Mn?O^H4mPK|2Qa0<zfiqp6;Po<B=W{%&pT%cGHc5lS6i4vf|msCQ!
z4nPNuvfvz*;9H4rGG%#jfeirvNp`|AJAQB;R?e$d0*6J#P%$!+pC5niKs|r@|NK`w
z{eEmqZ}=LxuXzvt8v6<`Vn>Zt=?-$G$(NrTn9VKaO_X_2K<_-V-K2QXeC$L2ps5;@
z^b?n`3M3@xvZ{X+n73gTqm`VydG|i)J#6=wDw!aU@lD;Oh^rLBEiE~K#t0yeVh>9;
z6l++tX{BYf2CoHmPa+UlOWGp+`z4FHMb<m1VD-?&L!(_CaY|hgjWm*lnpAG;cbSPv
zdD}~;w3Yx%D?X)s^D8UROzO@KdHX~)1EgOY&msr#t&z*qeTMG-CQ(|rZ=>Wb=#9rN
zIPTwrBZww^PfpIM4P|BH#X6b<9vq&wnOpJOH{SL!MMt3W+89og%-gyz1NbLemH=*)
zt+>c0nG)~n1qx8xf*+;l9%>pxF{nf>ZoOZiD1yHbNB+bfUL`lIkGnGjanb2ARn7wO
zFwvqL{;<%3O0nG5j_GluVD@j6_HaffzrvxZ#|PiE7CkR&YIyc5x&AeydZr?CADZyN
z2%H*y>tN}|i+2k|ssGk%w_bR`p($G8+M;CW?5iG+j?z2LY>UHD$vSb1DBq32y<n}5
zuu**9R&ehb@UD4PE#7YvgOSZ7u3$s&Bckb#<^lsEs6OP{fD<@k`cwi~YEfmS5);O{
zjIps?xsmiX+A2gm*VS>6TvhD@NA4ZteCK6%Z&_QJu$6G5Sc~OEF?dfPM64X-p&wWb
zPKnO#<%&qE1&Kyhh6AxpIQR4jITZ40VM=N#uqTV+mrkK_A`udXgB;W%K?OuJatJhW
z6sdw+0HA0RVN0U62{ZQm(M@;fUqvg*#6Z9Az|(M^8DDe7^P3D?0hYhRc$@!VKaw<8
z4i$|g@z$wiBt+CZ7juFIn{rfj-F#DE1ERpJ*mD{rb>0FMsPT~h$5%>D!-P<FNAeTR
zP&{Vs<2PTM-79KHCK00I6I)cTUu0XsZ23L|kUP_ANamW^^53WN*h>AQ6L+-6sin)}
z+s$2uygTc&x|~N2^PmDr+6f|9(vb{eMN^^h^;=CsMj|C`zhPs*XEB_-hHRkz3l6{B
zE??Mn=CGoRteC03qCCSd<A-xr2(*b15#CV?M~41!7vGYp#YOZCsb!5*r!R~_#egs7
zP3Rud@H|Ckg8&>&fkes&)+II>?@6*8D~QGrze4Tg!}-1vg4N0)c@n@Z_1TYEJlu)D
z0>2w3wV(Kt1=5hS$3agv%;}cd?seGM+r9uM5PvL)3!&8XkU`h&jbX#Flv)mYuq&$<
zeZJ><R!zDOC&}Dsrz3C^Ocklc0@*Q<HS0=}P{$fIrzqGTG~xj2|Jp^nh~5iLOtHd<
zZ+Q5~Z40`mJ3<x^U)IAieG%WEAM(kSuKgtcdwXGDNf<6+KnJD#i&oX~>D)FvFgl@T
zL*zfWzDfgSDw3xJAw;~A#6)W7Wg$_tpS>WV+ofCTC246x-uncKK7fnsolcGwwqt87
zktCXGl0?SfTWb>UN@PN+mj9uKKGGXGzGXk&!6Qxstp9twT}rJc1YBPo)~@Vu#=)5|
z1(Rw?zk^GfgcHV2N!cul_5+CoZ4q3oeXvpx^I!BhX(rR%D6q592$$>6S_+msXgRWZ
z+R)A!xLvz<1^&!9)~T?VP$S-rj3R}KSEvbkC*Iy0V?Bi6;2>S6R0oOx>FC`09n@E~
z?GbTpW{SCY=u0q*FQC9JZ%G>urfbP#?KH0iQI%BX_9=&RYFKA^Kl7>g*9N_hBCTb1
z3)zx_h_07M9Rj>6`5jgwkcV}Rpif2|!4PHP7=F^mDE-m~(wrA*WOz9`UEcI%I^>>u
z)|a)L&eL@&hSFq#b)Q9~v?vQTJN#fBV4B*~M~|JGNj*u69=Vs)umB9$qeyDNI67&g
zsgwjixQ7NILPpW7D}B_a?$N-K)*KIRCC31Av2vJDOZ^4h84j}E|7FeZ0LA8jCgjbq
z7SA8O6U&wB0}PDX?#|?C4TgmPpGjH;g8pKX6PAkEwO4)^OBr!!%>qEDffT#S3CIu?
z{2t#8XFCA=eHRLf;)tXXs(AKHSQcTN2nUdbuYiL@86EPr&dI?tQuUt3m1AWo5bE<m
zxMSHHfGaa}0>Cu1iEiYi=>bB1gPYkh4Y@YcPF@8-kqXwgR!3`kO6Ab1oTN5sdf@tC
z^5Cj(QH?T>7X6rxO)*iML7gv4oe!{PAR8g!DTGWsJ$m^AzWK#`3t@bmzVfJkfzR8H
ze1Rq;pbpNaSXaV+N+Eu_HP`#qAHT20Yx-t=8Rqdoy!0S7c^H`Gey@h>_+dxg!BHs~
zwR$pHPU1$N?^nV~-dCB%u#w8?lLEzu5o!xCc2r?61dy1K7%FT(Di-l(+e|ig`Daz$
zEMw}LV-kQiQ_bl+oig^ktLnQ=V7`v3R{O`{v-S?2NqoX786>8O6DCE*Zc*Ja>pzWA
zBkP2otGIO<{r*RWn6cT1f93EJv2c(>8&nqmcK4Y6?@p{3m~3m{FM_7cK<jdNW*xMe
zc7MF^)fXNHRC;&12ZB4BS(=EzeDeN}G7t1>Gw@h#+MUnuAI*<Z#rrr9*z-5v8Ev#S
z3*dbJT&4gURmt6&zQL@7$P@Xf3rA_q-U>?z!#O|}(A<jtzF(9SHVAYk%9{;Xv`K3E
zWdCA<+C&CU-&s7C6l(B|544&+?X33U=F6-g|9$R(^-G~b=iT%p1JRxTqR$2+!{dd%
zqGI@px^D&8g$u}z`Wk{FvkB8rr=d&?l;zvU6{To3G%3P)#WWCWi5*@mb)7Ur?_em(
zceb5bDVp9vVZhXfm<BD<kljjaCs@Mbw;WMG4zDm|z~I3`I%nov1u}#iXh7&a_)o#q
zfz_SKmF%9$*Z5`=*|H2{LFJG7o%m_TThG%xV3zGo(PQQf890f0!t)lRxLovs-DhHD
zLtA878NO();HJg=6d2>V^Rr^2esh|!>L)`eCtS=Np!+(VsKKhl7VC7WU~m6k#(<+U
zu?C1+$O7#FHLYUC<G+f@g-P9PUG!~-aVziZxuK-70(e{rJbR(HVoo=#K3WdRL!yDG
z7}g_4=gX6^jTUW#{1*HdA2fMU1BsxIh4=XfMKs<KMNF+#xtX_zbW6z0=TPKq9d4Gx
zQ+?_YRW0i^7dSduq1qDG6!9B>YTp{!@Qu{lP}C~xyWKbuv;Rr&cguk1ucAQHLdjPi
zX5{%a3XcFj>-#<w3z~Tll?il|*uv#-&Z>@g`&f;$Wz!Fg6kdC@Sc6(d>ZqaN9iq`m
z0!x}|M-x)o$r;lRzWafERVMR`9&X28DS!!mN;-(Vm>zPTc$UE0d~euh)o=X_25_*V
zQJbM4%x`iJj+lYnUwP@c3BMBtnAIc*1NPfmzn2d<zgP@>Ya*r00QKgjPT2F>_-}x@
z^e1m>-A^1vFIr8-X4fOylN_;jR1#>QPQxY%nGr;ne_d9N1Rzu%$mi{$Dc&DE0Da3a
zrm4|fKf#*zgl|8k(M?So9Lg9OeL;Auh*q`(Kq1FrXYwvCI*_2DF>5XL`nQ+Dr)Fc(
zB@f~kSfAQtq}R*_;mH=84Zhq*qxm?tHrTQKV)44Lj>RAv>?uznW~lTdpQu!ep^gGh
zWamzDaQ@=6#8~4@NL;2lFfo9tn0pdtE|XGLWbo7J=;AosFNJcMhYb2YO_zr_`620P
zHnjA4?aU#-M!(;ty&DDkW#x*V4zARkCOW@iYr&n3@ip!+Jo5vB6esUc?A9RkOS0n^
z2A0?4A|DL}U5v>#!cqA_xD5uou*BDW4eFfysy0v@@>2L}zNx{l6D$lpKft9dMSXn1
zbYx=J@2H?dHcV%%Nr~=NZb9lkw27x7--r^3P-_RiH}xjs0)Pczj-Ss`jR!yHA?@nv
zbWOI^+R_5W-7P=#yN6&c5(GdCw3_d|Be<P=AGn}Oa&sij=0`ttgGVTbQHrG?57B<)
zKaZ*BFKqC3Q2eGl$=B`(Zlo9C_#zm-6dAdG>a#M2uJ6)%Pcw&ulVn?p5%~T9?y2i`
zV%(89tP5>TSTznHCH7i>x@>;}`MX4ZBs;2jM>vu(rw>#Ohy(ShVDbYlV7oD~wPWw0
zhDyeJyRhlDGcOpdf%QFX)P_<U{iL6em!8MUv>`+NzxAkI(5lMU0X2^7Z9GU`EMVus
z2*3Wf*IBtQ&q4@j_I!|v&#@iUvErDdCWMR2eH$>s=m6DR&y#MK>vgXNR1cC17DdsM
zkt7Qb0YeaoS>G3hH`R0;zR<`<PY@yZaWAq*RUhjC;YIhH3CzI+p}(=2_E{qYsKt;+
zNLukGDue3o`k_ep?`L^t(pyKC^VY21h24Z!(e=P)9{;X0N<6S`B9ZBzWqDnVaF8>$
zmqW1m;_>&$WA8VKTHuU7=uhPZ_cbxYZzxgekWIeK#MYN6Dy&y(#F-xAZ3e1zh7!5M
zT?(-5FIw?(KUQ(kJ12=dc{=2s;k7lR#7+C;0;wgt?_%a{s<nlV82@{9Nzl@&Jw}pR
z<~#<?dt<W&bv<9?PYHhW!^PH_l5}%_oA<p2QE5<5W9Uanjk-c+XlgU1gJzB7Isb`^
zYtg!J&1WMk#}0bjQ4Pu*k(&vivBwz%M+@Si%kP;!5MgM@65<*Jw+|rq?gHR=3?+8*
zDRI0+V5@qgUnhrFHzNw;=Nal4@_mUeAo!XD9enB)d~j|mgPlSzz_&5@@Y2J;V~9N|
z2xxXM7z9c*j!&zbihuUX<WqNWilWg7qpOBBbobN*am_S68a9;23s_(>3!V+B&h3wT
z+rDrNVWv8-EsOnx)XA^c?UNa65A!7Vp#q+b#6!JF`BncXr8MvK*u~b>1{p#oZDliV
zgJ!o{=gL3UC=iS^JRH@%^WUL@jS7WLa70SYP2Ht;PZCNQWcd(@lf39JO7Y1u+IhwT
zK8M<{o}%0wMk)|-)9ynuLupDM3A{SM5|+sM8_t5Q?yl8;faC}hAo$8e9L@N-9Swad
z-u`^KnT!Q>;hdk#u)lMrj~@n@&MfZ@1MTTpCk98~iGEN{r`{8|V>R7)##Ek2)1p*N
z&pa;=Wsl3#%N~qwCkv1RVXV3BIuBl!u^8E0+BQE}L;Ls2d6w`tP+CPydv1u5VKTSX
z1%7n6*`V2bpPV1Wb<`E0?JZux@BeG_2IYEmf%VLcZcDQBT@hlAA67v0V@?@a;#<9e
zpjhWp1b9~@55vSKRf)4CCKu9zm}v;h;z;3U>%CBK)yR4?XIlJ~SU^_8xTuEIr(^-~
z5g3CJh<iBwKjH;3`e(AHMl3m61AW<}*200B6W}xYKpN=O0?FfFKY*hF!-X0ykmX=#
zR>6pN_0G*l4PF!s<k0}x6le_OR3d-p`6gvJ^>-LhM9TJ7rH(b6GL@c1DzT<h022`j
zU?aROA*PXMS!ISL3a2i3i22+E(dN3iu$Y*}g34^OIjFb$rF%&m!{1*X{fO-6Lp?d|
zIU&p!gv}wVGEuj%BFv=^UwgmE69_*J#}pj>#4aaAxJGa>6LvY$3oHoJhX3N|UptrV
z@&mPqV-?014Y;eYgYWrcbMw!tNlUS+6x*xVV6x)Rli#8mrflohS2WAf?u;i6>xp+c
z|0U$mb?I3H{Z7JDvNz0X!Bu+2!g}w#5ReTH_w_tYB8fdF{|87lyjubtPRYq9JRw{M
zAc`9xLocBm(b78|lj2KNJarcT_23=!IQxE<1B9Ouxm^etX3mL57>T9K<uu26MZQ!z
zzZ@X@yHgqppivI+i5|x}$llc9*TClRKa-R&YD1EaS7`jRh5t4>`6S8qEQL<p-``dO
z=sAF0lxr;tyJ~L0j40|<GrFmqES*-ucYHbP+9Z1$=T=-7QLTt{E?=O|c-H-D;PWIK
z>PBw`hu1uB%R%}ecsW`<+P?+NI@gYf!!YM4Y3?S}Wo4O98(YFC@?0`NGiAv_w76%>
z*8F%|Vhs}+1wDXmo#!9bbwjV$m?l@Lz(Qij^uqE_(AXw`{SHQpPj>a6u2n*S+*UfP
z1%3Wmq#zGaBswy4MzQQ!(5uxO^2jBg<@_82#FN-uo;`?eSTqr?C#R*E)l!8y>QZQD
zHV)LN3=FMR{50H1y$}UKlRY?r42&E<I^7cE_b$7SVYE3;Y>Ns7G(>U9l@EeZM(5Sg
zE2)%{mW9#RfCP$19ku0XFh{q`l9Ec40TmxTvVgNL2qqaVg1EG|KfErS(Hd`7&fq;B
z@N$I!C1^dBIs-_>$xo~1yTdJZ6YwXvl3Ng24Wf+z){T6E`$6p1>GLQDI5gA5+eWS2
zWpW=Tjr2+Wh216)*3tRzW-@`@j}ML0I<EI?KP7DssW1%pM?CDt$O>skXnB^90Khs?
zK}0%*_L6M8kNB7clV9<aux}uT@pR@sxl9L~xtWp*mW0l2vj*RK<f~-f*Roeeuaf65
zI3>~56QyEl=QYQBB_~Y&;ampliDHxUeRHd+@HEoP^4h2$IyuX6DoEN`)McI`48LN<
z9X;)?Qa`WaMikI1OIeJ>Bz<NeZ;$L{rg80l!Gm|k$>X_r0X7iDvp7V10$3yk%vbgv
zm0w{=y6m*C84$y&8TTqbVtZ5ONJKiuUC^dGwa1N2@os=4j=phxCF^B=$`!nF+cU2O
z_2m+yohS|C7~CU>s%~$D1TkN$_s0w_>?Sv;mkOnHdd(M;9#l3y*OMYwqOu?_H3>O(
zw!7qv0k?yX7or2#lpyH)z28+)<(6$(WBmao2e`(+;?yF314o<7rF#8y_^>*->3uVO
z>lICxIaCziL^yXF#<nMnIy|y(&t_MV^`?3+M_7S{oDYj^8h@Yx3Hhjl^>aL&3+CPZ
zn{Z}F-q$eB?hi+YZcX9Al7c~FXcHW4PI4*Bj7x-?bOE1Je;OCdg`^|g4>lSEY8&^W
zia_%hS<&%2GP%`L>?}Y5?fiQyRN}0lq1`a{I6)CUi}itR3!qM<k;kgVd2SG@*a&w%
z_2DL62H8Ts9=e$lV!PQqC}i7BPkyg2N0)S=e$CC(u-)_!*81B%R|M&1q9_gjs`|dJ
zP~@v>?0eru@{g5%)|ylafX;9C0%O7|U~<pGA^;jP5|xr$Pp^r)4nI8P&{b3QEgOc#
zvjM=>nAKlkn4?~KI7EYF-o&rURwF2)mybfS_)vSe9B7ve3U2zJHLVA<2u=s^HlsC0
z@Jl?!sW@`UX4!9!lv%T$OtyvNGQqi|qOH}ObcukJmer!hP_TkpJlNfTnWhl~zp|Gx
zU~(ksrka>7;CKP$NKmk4F1tCYboCCBZ)DW5Ny*d>;fQk>8!rV7yothq&lKn<#Dy(O
z^NcOwrbD+ci3Eb*R7fYTJ!qJLqF5+;FDBk8d)Z-tSkUK=&N0`+n-MxJ1NsZH=k`(b
zRE*qOXBq2<3yM7Cm?Mc-L6O82Ny*6QEiv(Mc|CL2bVFxvm#<(Zr>KKzpsvk%+uH^^
zqbDf%176kpSm*}X{D~k)xqN8tRTxhrixJ26JAUPN1p?knxy(8iYYS!X13k9@&3b%G
z*cb=OGR&`Dbs?SY0S+$*Jq4djER9sYow{{ZY@?y(u-UqV<IS_RFsKrblW@+q7w$ow
zF7L(wfU^Xe+4+cd#FkOp{%%5Dk>MwswK&Zk8#Ae;VlL@ifV>(<qkJRGgYWgymi04F
zLU3pOMI6g1kA+<r@^+7f3GZm5W2;6kGXMgfu-5|1f_i_bzg-lz3lDSMcpkBs9_|~2
zk{0y_O)wU04?WVW*P&+2R(jgDzxVDD6tI$=6E^oNK}+kTG|sFyHw?Kt5Zs@O#qqPf
zB+6_`UbB8S8Dsf(0=_5&6ev1EfVZ)%6Z2e(Dg`+O`H-PFK3_7gi!%nwY4z%r;_Mk$
zP44z|f>V@{s43gaJ`%AYh$o)riV&Xjm)zSo>FwIl>7o^DOf*K%T~P^8AbioW^YKzY
zW6j+ep@`yFIt7SuQlIN5Oaba+so8SSb`N>T5lDD5A2#GiA=pBx**0#&ujn!v1=!?j
z?{{}&*x>*`#IdHn2qFeY!PwFBzZZJ^Rv$h=<>xkKEQ-}^I@UbR(a|ZtFe+x58KB*9
zq4g%N2%Lw%er4b{nYaXn>Sau=vJ5O2te7UW3<&a}W6~4P!OX}SkM8kRlu7H&6iULV
z2sC_De_3^&k40r8;@Dob*W?l+xHmQEi9H%rdG4RgoSg~bK9r>@Bw4}VB}ToT^QF3Q
zk2$VS6eBi?M^1|GcKwt+{W|^$pq|+Hp+bh7-6`uM>Ng52z2d+QW<^;<x0;$I`lcG2
z?uR|0g1;i6fX-ZH7xZ$ASzO7y%iC(b9JwThGSq|FPqzl_5#+063E&%)uEoT`-H<L&
z%z-*K9xf!8ImuoJA7*Ew`!Gl?5Bdj3{*;AX)xXo%)7)3hk!mZ9^JTI-Z}>^YgfujE
zH-87=74dn%=)CSzf-DOmkg3L|CTDwr)}WUD`Sp-aEvD7>${pU4#Gm1vr3op?*v&xy
z3})AQGDY<el&r)uW@?FH0S$km4qJ_`ExG|=J>U!M817BoGISP)4baf^ye`n>EkrB(
z4|qxD-Z=(-8^nqsd8rU<49v@K?3VwAT^7D*XIiQzz0G&6kIP0sgW~iOy2hPC6DT>{
zP||;o)*&j?>H)Y2P&2qn9cwerZD7AT>~pM-?Im2Q$GEq4lCiEqY}!N<^NouRgB+(=
zQo(uj9p6;GN<L^TbHO(Rj%lnJoWCJ{KIR1D6No0@X9S6EDKuo0Pey`EyB_c04+v%o
zFiUDoGkhldO1(;a03w`e2E1VI#uQIP8SEmP_lTdGP(}<8H7@vmujSYhsoOnsIl^}h
zFYP*&5D`ob5x!q%x#U2V{4n5aI9}A~wG!5b8TQ68vx}(wzh5%>DAK;T!2LL(WreU~
zgtW9S^}^sJ_-@T6gI7rCS0Y^^_*UgSUCMfZ3|EW$SYlFi80AWmKtvlBNXG(2Np!cW
zX@jvyj4b%K3aiSxuiCiFiqJsITxmu+?=hh{a|=j7K6KDYO%U?aRJeVGvo)-CPzU)p
zmr<RZNsN|9r=%)GfXqJ#Tt0<?!Y8}qsU0IA<xq~rHh4p+hS18FO=U1`MB21WN-w7|
z#1tzCD!qJI(>F}ctGDEWJOKOZqY7?$@$qoP@t#ia?Xj^1BC!CIs|~5H^tL}D)^sSL
zt>XALs&{pQ^Z@JNvdT?ARmo_R$Hok$f`=`-iDvknITDVi*q}A&Ckup1nZcPOP+3R}
z+OvvDGCu|rIdWf{(Gc%Nl*9+%W`|}9XT4BGBqBo@GMj)#wG^E(tj?@OY4EAvu&SBJ
z&9zL?jWg*R%JR&fB2ySyobve$PVpA{KB~3ob5*~}ek3(DDr4-PAr^aGA@@o|G#V{K
z2md6l6(*Oq_L%;kw8?+5!_tsn;hh+dNRLWkzEta@?DZ1G%X%2Q+51Ww<KG6gw=ZL5
z4sZVh+65EOtS=FF!5K8lnj8OG!(=iZCPwZlNil)VMKT^)RpqFJp+G^rPU5Pb^bU0-
z#>>Wn*%gB;yRPO8QnXC(1}p#BSb?ID9W)sHyo5|<XNM^(ZJV`Pm_P};BSfRYA$_|l
z&C*fT<9zFEwset=tJTB)n*};nSJlc2@pt!Phy$>2x`iChqwyVi>w1JnNnyEQ@-8Rw
zawi5d;qo-h>=+9&J+=-UXsrVyq?@=-0x)A}V=*D*X}`UnZ}z2=sip@04BON30HxTz
z0`((&ogk>dd@zua_0faKyX8TL3J?yguS}+XBf=c%a8g^mW+^O^hxpH2_CZq|uH&x|
zz}Wr~(kgtoo;~++q`<6JApC^z9=hB<*Vi|u;h)`CYZSR^j&2ymN9<kiubg=JQyrm-
zZQX5z@&?ATQ{|b!;upM7X%;>(5|Qa+KV!kkxJpc}tRi7+rdwuu#GECB0unbQFpE!g
zH2VVKm7@`(3wnG2qdH+^FENV;F`4?E5U_JNseDj!#HeP@Su!<63@uQ!WNjkGPwo1Z
zAox&f`HiT8uRUYsNh^+vn~s{mZ_wrJ8<G6%OExO3aO~QpQw6nHcbWv7i?pk*2hRwl
zue=<=?LXbbRRX#IK0BAe8_01tdt%%z4KziiCW?0P3=|8*=AM@GSFbSX$dAjbx?*ND
zE}xBRh_6V&dVc1rE45UarF!Wr)JU`-7U}e8TSp`^U3~Nv&miM5QCB5U4?8W)NmsJ&
z2LyV60KDplrgNz^oyizc3!#M>)$sIc;MyAVTa6S@L!vMyFStT&A&eEr)ULYNFMHIg
zAreWpw4W8!kD!blYk3o}XC%-*?aMRSKkA%s$;QLSpQE5<Z8TrT25n#Os#zS$zVpjg
zCv#!fO$(iXl1QgP46&hj8Vz7H*Qu=x7X<p2W|o_p_uqG`n9~LzmnUMIAq_=osS?(j
z<)4%19($C6eR%T~Lxx=RiXiKDn?!{Jm@6Iyc@?->{KmgT%g7T)j66GxA_PCGB>x}v
zcAR9iP=*!qx#C?ef<m!+Uos3u33qB*E1P2ei0p1)^e)Wy;;lt4AVoOBr{##jkFoz3
z`j28@E#?M8YTSk0rhzx<VPJodexn8wz^+3xS`f-6=&1XF1DTro){RuSv5o8)trS_Y
zGxLJrUDJ#Z4_OoR&%@W&CT|~KP-dHlOX@kAroNm{l)(-|XH_HZzMVRR>QUfhvEK<H
zw0|Nu7`>jz&CM(adm1U<dNjX9rcl*A`KIYO_JUJ-uqz&zNt-xNc{pklqDprk)-Hps
zTBG296|;gLegNNX6rGt2+1zt7<QV{&H$vzm!zdlIETHLQ%Vf|!@B;V}I&&p{*0T63
zc%<d=ThTkd#nKX=aX83RxJx56l$AnoBPnG=+$qQ1WY_D}kJ;2d3eQZ(XgTqz1sE{X
z0lTr!Mg_JY1WZCI_!uEsQ#C@mYx)}6BS25pdkV^>)k!;;`El-*3<~<5=0m%gQ-!dR
z3F#2YIy&0(y|$|F){P>Ou4ptIOY-uUbdv76pvNeO2hw#4n8!qf34(ae)iI_ReE=rq
zZ$^E?_3>);kHwXdxZAquq9s@suk84FQ5iF#3aCKFt3^yR!qJ#_sZtpd8RC~-ka^50
z*V@QDY<A2z*LY*IizC>fF^aK=-S{i1a3LB8J7`xbU`}WGvF51K@lUWn99oy>-#AaL
zQ}Lp%%Ht@`&(1$n<hk6>u7Ge)iu!zT$6b$mWaPjfP+LL|Uv=B+s1M_pGpP|o(DUSa
zk0<=`bKByXjFhgbxM9n3aB54*lSo-cw#VNFHnH9UYjM5p!*`x=3VQ?5mGK*yEN|rO
zeywkf%_9f=#4yU05ZoBIg5j?v0WgWL=Y*z8T&mEZQ#ofW9fCg><H52i2vevJ1E6Xq
z51BJratG6rB}IubK>1I@Y$9&@XS#g7ZR&~Rk7l|0A8%n-pIi}HUON+oO2R>pyFakO
zU_9~zVisFnVEacO+%r^`^m5fy1#;-Z>P@e#kV|7^@A?R-E=0cC(5lMvgvy*a5ES$$
zMYJMx=IjS#<UjYrF&5fzWI=u$KmP<1Cm(_1sWE|UgvMFjwmJ8>a{@fFzf$kdJ&}A&
z@Y|fM5)$&OU2~E8*24R3_KT8+sfo@!)KBvjoTX>Vr>5<pPzaNSU7dZ8-6l#qMIYy7
zg+;(Gto^a)wCusbV&F6r`phLsYV<qVU`D=M;M+c$72x_eS_j|e4=R<g$h^|J!CDJe
z?}Npn1?)Hw1n14L@<PjYg#d`VH${5Pps-kQoN1|*U6+>CoEJD9OhHgmH&p#kdv*4{
z(JhY_SIWe|FFXtTx{~W74s||UPnlm`D7#(@+elryR8b&~bR<tWhq)n?D#!q^s)tjR
z;Oiirn7DHCM0>_D(60ixGz1`^0RtDK8Ps4yUx^k5gb#SqM%%A0?N=@80f@@Z{U98V
zk|wF@q1O#bsw)m|8k6#i=<V7I@p!p2hAqyIiy^$MDOLYZs;r{y^^Fvd+wRLapC<nA
zXRzKEVM;}q&5~SBJnnp@U(9o#-1u&`UN)Jf+-?!n2Eeib42)NP5UY11m~ZBom%M)M
zJ&K|_&h#AV!QvOCv;1U)@#Mn1!jx~($apkPYQUpq3h`kuPoTILgO>()&9g{KPShM{
z6@tie<(^_!UD(&)hI^5=^-V%F0WMYDD1t3eEhZ)JBoe0(tgEgyG>(MY-#tz@a@|Lr
zj*I#=9aHO%on@kG{X|nw-aK*M^}H$0%DY!_9lid)dlhKx`MbH8i~q{e4&ay5i7p5>
zTjle-g{};`YFhH21u>FQI?YuPS1rjfw&9+*bpL(d7Fr8SGOcoyGtYVVoiO7lcQ+q@
z5OTLORp<WsN>$<C0B>+Bt4}=pprDp`g7SH=9li>31Wn3Pv|1C%hzVM#Q*Ppfr{iGF
zZHOm-2imf2Jm#(8_Ee{upzFQlzHU=dC$FTm*eU8`&fYrQ%XIDhZd))Y)>VSZL|ktu
zTIU^wLf#8T+P&^Ncp;ALb0`H_J%i2_B|%BjdJke^!>Y;~44}y9=K7In*EoC?Oxe&E
z0&%MX?P;qweznoXBc34@TT**t`5hQyV_C{H8cAzHoVOLp{y@><PqyAG7|{M@kgNcK
z>ot#Y=PYjU1E3v=yk?kU5wRygHO1Z`6Pa!ISYZhB{P(HGpf*0)hf~2o#8jG2m`;3;
zGEk7_mj2feN4_c^t<l7T6HmBNet3qAD?;W`W)sEl5Bd)tvInoGqzZZ2n(^5)ZInsQ
z17Cmfh>(6UqnL(`h}JJ1j_Ru_{D#R5WKNF=L!#LjF|+#bgjxyB(F@L(vkpp;Ek{}L
zroKPUhK^YA{XTWCkdc(~VV>q$RY;p6mP-@QDd>MqP@nBZiBxIKF!gvAbjib8Wq1yj
zBHU&E8{%_U)G>t->_jl|*8xc?C;RJSb+75Ejo*t5Tyyd9Dh2*Zy`CMB?ZXeir`~yZ
z5x8sy=avgBhHs5zIT@B8JP~b@WL8#fQYmEFWVihN#DC}d@67~PWhV-x?E`X=IL;Gb
zWmWL-+?15Cup=w07>;o}?K7-cBEM4-L9t3WTz0hOo7NoUC{FhNmY7x%%n}}N0Bf)c
z|7#GVz>8+X*Rz@wZD#mN#PiA2ICYYFvNA0yMGD8MWILZrw2#;B8(o!cy#9_sXENq8
zFr$0zNOcOSx9Zcgez4Ga(1z<aN@BiaE2QxFFG1CYr1T7utRr#WtFaGaz*>xwj7jM4
zO>bvq=sV4=Ks1237)iNDb8S0(c{tp&G+4?hpU}=SQH3(lVgi1cu`wFqNp;dTqSU7R
zswNr_lx=cPlch#Q?o1aY&UiMweu_Fsvgq@yz;9C}W51bp)o7xdiIn~dF7K{%S<!S>
zP149X!X}2X*_WYgni6Q89Z`!+Ea~_sUe(JwuX#GXo4_@|Ql_!xt=gwfaQp~FJN%)-
zbx7(!)PtY;;Di_<{^{a*Oa1IL4hucu4v#WP`2!N1qQ+4eWTo0_J;FXf)fI?^0Xc7%
z7>M_poBQzOQPfegv;eJiwq>u>2(tMb5z6ckb8lR|bUO|UC;6=ORa|;%Vy+}l=y%NM
z^er;C3f3Vx?7a=YQiFvuo&vtj4{-^4yM^$s@6$c(5Tp=m3aucU#@{@V=LBV|QDx_}
z2$r!Y+{_l?7r#M8o}~&AAd%U0pbRNVQd3f^lE@T)5z^=hco>E<J$*UI>8Jl_l})_p
zHm$&7KH9{0*o+G(x8Kk>v4L?%gOkKaN1BE9Aa$WUi1-ROiI<h}(Nx;_mQW<!s37{D
z1N|X>59)MsYf72c^8n~Q-Sr`?w!ZTuWVyQr)9vT!cIA|MS2D|~isvbsA+}JGk+nn`
z4MX44$edAZ=3%t~Q?3wKLZDw}Y6K=mLk@OEOSc^)`Y;8i5tM&`z7xc*LUxj1>rJ`L
zWc*_c9^hoks*TBjPNvJoL$JvnXMlx?%+~@n@bE|#EGFF*Sa;MBag>u*!Ze$y&bY~H
z07F2$zeD{FZ^eO&X3VNMw8ex-B8TG~X~>(9&dVK_W`7O%h3u9W%(f8BHp^0|LeyA;
z(bAk-B|EUmYLsr$`?jVGR1o`1zOSEk^H&-=nA@A(7ekPUlu^VI^<DZPiaS1;zp2kI
zkjd(Oj=WbljP(Er8s-0a?rAqDQ6NKfhg=6-xZsd}oj`h~9rYUzWK9vPF4~EH_9Fur
znCQO>Sw0c4nt=R`=HAC87Ma^|Qm7E74J5c=gy`<mJ)3@L>?v7XLIre#Qk=?J5M){E
zpl9GO_uzfxQUUR$?&8_r_w+>jC98#ov&&dBeiOlpi#|RgK7jPl7wdwuH8M=xDA?gv
zS`sX<wC_~~ob%c>J__5BkfzY+`F94UcnZEi9Hwwqe8<=&%zofi${?I0jGjch+`9AV
zytu>#p#-h4XJ~s95|vnx8Ev6R%838rjQyUpWO`iLUCtH%M%da|?dLYFi1kXP2wc<G
zV`hdUW|P_zEiuMn6kG|gjsDv9`a|`gy$;18AI|lh1bcj%^onj@IYrO4Ey%FXe?Or_
zT>TMT@x*{}iDThVsKjYER;@W%=;w+e7+mLN&554E6zQsMhl`dIqI?=8AjA%(NLl7c
z7rpaU>sQ#m@?VQZX)cjucfb1aF|_a$Ypn2P(ZWBL*Q;m{N}Zhg&Jgcp;iMrCV){*z
zbpmXcvBmazQ*oJ!A6*gikfBF%Ll!anQ7DwC`2-mDR4w2mtFMnGbADovy&d)N9)>XA
zMDQ-)!TB6fJEbnYg<LTe>l@boS}M&_oE2_MDm<wT8wwBgvV<$CJt>dfpt4W+um+OU
zJN1D8%^+x3>C5MKjVQiWrboDX*x#n@i%|!PrA`*t<1<iHl9-pwa=Wuv!r;%@p?m%<
zVY}gYtq69Y9b8covU*IVf*_LL!OjD3)L#0>`C7b;N}|B*)+}NNmru$>7Wn^fa3~h1
zVT_sbF?mHW-481G5KL_8TO%ysZo7pz5mNVEiW}GQw0^MqIb#X-CvlQ^Odwi*6`a>)
zUg?5yUL~NBhf(_6neS^>5y*Lc%8^m=ZNX9FYWE47oUu$jnI?A3pG~5F{llEOdxjV%
zpQc}BV2Tp9#&%rC-VnU@A4qJoN5|`WxBct0${;s^S`SM4O@f>nV+)C)Fh#<&Z4l=l
z0Du=_DwoCMG(LT#2PGz*&rb%|H^}JiZSGdE7ih$&ejiu1M)YsgH}e3k$mxxnyX%mA
zPhK@o<L5+Ql#|@>?}UVe{J{?g(W@5@I`}s;bLr{LXL1(cXCbgj>KQ>7+2Og$tx}P}
zekm~>P8w@!uqt9nwY9tBaD-%TRH=Lf<6<jo2GUG76D4f(p52(WVNRSJvhn3JG{Puf
z)-VfEqHoR`al&wDrQqG+gq0x{c|~i#zi0W^CkO-)psVvWARHpboUok~d@@aOx}bF}
z4f=X*>tzSPaP_P=D=ozo*6BSIW0-di4CX@$#~4lz-`)t-H~{rRV3JVQX4o@1@+sou
zl30kkoSF>RTft(MwO6)YYf4>IU=p<d1y5f{ct*jG`fgmCFs>h|oOli{^#-d}hSNA)
zlOru{ce_40U@j-8jmeh`op&1(kDsVb|L94S&6+WBAvTF2nn%j9m)@?8U55_*m=XM0
zO1*v4WVB)UDe9v#=_bi^>I(u$VY&%SrP5=gGKZ<e(Qc+*L)1`ITC49ks!789IjCQK
zcE7wr+SJuv58naIjko!~vt^)Vla4c(07i|}6D#!zhQ{uCEruH(FT5d+W~c>n>*^n|
zkpRCBVm-Gw8KN?V1t1DLB0#}hFNv$~r%Zjv0hU;2tB;H9?g@}CH`j~k2TbkQ+nj^~
zp%nR9e|@F^`^~J?74Kw>W#MmNZA(>Ge!I9yTI`-ec^Xr~yg-x~C)+;riIz@`=(^)^
zKHDd=?&1bbLa`<J^C7P4fth|@p`>Si5lW1sV;>-2P)zhEmivO3VH|?}K8htQqNVPr
zRu>G)>90)~qZc^^2ORbYFtFewBm4d99EDS$NmXiY$kVwU*lSu`q2=YO={8AaSBye-
zRHsV>*U6vg-UQ?H147zeJ+?F9O>iqLKF80sm0;>vWGI`{fF<qkff!~?6^4g;18A}n
zmX{#gUb^km2qMX<bUjCGF~eALw|nid1wrs%2iDv18!Ks`ltI%v+Xafz=A70e%!qN-
zLnT?pYAdg*l>%rskMyTN`6ZDUIAjsTIE?fRKsq;WAniAK+uxL`0PvV0<yYfK@<#DU
zJ2l<q1B|s(^E$}FUG>d^#DS1GcwF_^nJgKq;Bw>SmAf{pxQn|<^NAC4GTWD}lu#bo
z<|`Z^K-vi;7%Z|U4RU8x)c<+M%a{~ow@a}jeBIbHmceYp&gwFey7WVT+y(c6v(l%x
zRJr)Kv}PIkf5e-@;bbZ1WJS%!q-kG}1B2`Rr<_{7@>2H;W(lZ_t`si3iW<UL3W#l&
zWp_mvF6X{+=?_k;&b84#;g8M37mH&a@nyn%{==@9R@WgTxMIHW5nbCdf4**36WM+A
zf3Z$1B+Yx665~yBmeQ!j+LKuc?V~pHbn@rla0QwjNb7%}DoN1AsGc!6QMHTL46QT!
z&Y0UE4jlrMBe(ZVt0j06*aIaMt?BK={MCLX+(`S_QwWPIw<K-DGAU}C0wSPGG3f?q
zLKi^$XY=&rw;S|lK=&h`+sk#ib485}(LF!dftIB<lUu_K?}**~!>Mvm^{CJKkUAR~
z9PCW=VH8;8SS8~6al8<&<r*gHPhn8Rc8uEUdca+gbVymN>&y_vM;w=6`jP>Swa7UP
zCGp=~hWg6=MHcDS3#uaZ=?5d(FgKPS`SLd(C=hPc4_Or<f~=L78^$IH7Ep@WTDxrd
z*7S&e@bZn5imdGn#t)4S{k%fgDxLo*GAKVk*+gCK93p)<QubR06n6UIEOI3=%Xloe
z7zQP-0H`hp!MCEnhOvI_YRKK1c7B|+EUG9`gcG|2N>Zq|+v%k!t6@ro{nDObX4G9v
zF|-N>*YjI8qW3k;lM{DpckVHEFZ$7FEBU}m81{-=!{aoNPLjq^47OX&{+U}zHiaP%
zQZ5TnN&zKVV(7srj1z&mvI^`<mC-|h(Ij*Dm|dwBmz+4)7>R71FT0b@5n%g+WXb<J
z56wR@k3Gg>wci8?P=ar`UnGM`_Xb#YXl?dYubQJ%78m!P{1$&i(KPCNu2=m*@YO*9
zAUCN7GSP9_KUw=|XcOV$&G919u11dYrLjo6%guSW_epGxd7|Im2fq^_l%b#8(ujSn
zB#nSv#ga;W&!tSXQ&Ifk^i}c0GAR(QDcF^lu95K19>BH$@~uIV#9dGUMaX_Kj3An1
z0a)tXnZ^rT4ZJ9U_<|&jShEQ^JO04cJ^+=+1s#@aZ?JH02}>6ZgM6&1OL#x*UZQdf
zj%g9S8vdb-&b0Rm2{d9|Acm`2glz3XG6u%P18(BvzM?<y7`%~oAg*y%>P4CR>4<bU
zLJ{<sC+SBTT4#BWEvBQB+zP{~nijQ=i|lsPsnEqR>WVa7E;9gIe7~vV^rc-&Z{L7u
zaK~bVxBL4T8MBIenq|U!*Uq$dR8yPOmZ-n}FI#;T5ib%ljB0ACxxuSvmh=DV6t#RQ
z&q7jw#jjsHPFixzSKpY-%*HV1=LLBfXDC?@jbWaUQhwg`uYv^NFsddi<emnLznLD+
zE+@v3eKQlLH(c+l@4?08Y9kn`JyI2NR$k~Su>CCNXAP?|DEe}_zalFeWZs#H!Z4}Q
z-h1fj9)1?MB$j)yNt=|mst-}9wjxl;b%G3uN#gJz_Wt0BK+jEnej+Gp|3cA#3_L{^
zyF=kZ!Mk^fC}QRiJgP8qO#{=F+2MWqpo7vBM&U`lxxvAK?%7xcv;Cq1e3B;}F>wAJ
zLJWo{QU6F?!dG&P$0n)NI>+J$YIh!%{3*@cmEik=#BB~6|96jk;>{ZgDrHH|`{~dt
zP^SpZZhz(NuJX>R<&QB2JH&9RNEhLL(Qv5xG9eYM3QmwJ*Eo}{O4u`8m`%+~vPG}k
z7T#w%h1$Q7z1lqFXBahH49^znwDPn-eNkngMn`Um90A6J4^JH)EuB)GHe75`i6C2-
z$V+sWls~-)#3~r3`b8RM^cxLv$SoF|RZk(0g6w<~0ea44-lAVZXX0<3>^riRH7PCw
zLW+HtQ)ijC+nG;VfHPwAq(+AP7M(`01>+a0y2B%f<hY2F6W<R1HTM9k7ke>Wq&Ul4
z8;!xq*nF<j(EM{@^7Cqu<%{OOTpiJzj}@8O-|0uSH<>cv-i5i$dJ6uG-x<XQFa|LA
zsOLG#I_%zl;!t#XT|!IQ9b#HF92(R)KkuAl6&Rtmv|Pd{ZRp0Bl~K?RyLlNf)t&>$
z#x(vLzh~u4^JNA32m5e@^#rFRQY!wUvnzX^tY3;asu(`b0Epj~g0~n!k2-$fPSe!u
z?7z5kPz*}1R_Oy*6f7zDk)&r>{4o(kHF5rZr<n*g6S#zPM6NJ%OS;Q0wm#H_V{K6N
z<81b6=ZM`C_Wj#Iq$((zZS~fc<G4m$vDAZAaY{lLTsUGsuDDTZ3hiOgB6Z9vb2~#q
z48d5YTN9NWsV*Qeb~8s0FI2-FQlLtF(sksBV&OV4SeV7u=tIX^r)r+Y1&k0O9aoap
z_TLZfT>?t(KEumAgfSegC??`b$KnNaW}L{$_;lW4KmdS0lzPY7YA@^#09w#<00xFg
zKonYVY~TOOW5{LV;i6l2sULQ6n8uC_6=*p6cu<$SsTs1JFLphM(~f?l!(mkYg%j1o
zR5w+~3Ub{!-FC8R-%OPkCL#?YZ!z`zjNk}xBJu^HV9}qRllHbwK-sK+<B;klS075K
z(VaRsw^Qx~CPav?&tbgw)-Gq*#l#=KJytTmT?(sc`n-PI@emY4CAhWPcF~MwmGbqp
zV8$u2&eZPX)(pecTaQHGmYv5o(Ocz5W{YS8*J~gig*?BfQGNUT?3dPEXK?7%%aAiB
z8`R^i&n1rCFMw3^1>R-^Iy_mW&R&+S$!igntk#5+g1AA0(}_?`nZUdf`7J>$jSb#|
zi&Q+I6HSH3k=d0%2aGo*Y<qZyp=0ODY?+>iN3S)aWWI|-`qOB7R94Vbyo|W-OE4IX
zion$G%Wt{ROth@awqVqX$hSCg`o*`y|Ke5>Nyd(=A|uk{Dg#+&NtaE|diIA^Are$D
z69-$(MoHmVMx2X#YdZwN<TNRV3SXTHFL;wL=v%5rmrMjZsKmrOV^%k+64(xdjDZjY
zZzO;&Vy+uVCCs{^JUpC4ooReRdFc^xrJ)afWAQ#}f+ruDIqb3h_YKW~1;v|@Wab=%
z3wt)n25d1e<pP~Cvv{F`IIWbADg#0_N05>7%>eM=!|VfB>MRF6hJ9sW)Pg^Yj3LIl
z{A<V$aM5+~Pq_8Z=_2Q0uL}a2e2+QUb4Fz&p3(G;F0U$Zzgz02-<h@V*!sb@z9xjc
zXK(J)Z81Ry4%Eh<t~@~BmQM4HZ79*p8KE|=-&G4EUi4_w7~}`Dc|>&lx6geZ;QyEP
z+aU3Agoo(fUi<8M?oMEcZ_M7#BL7q;gVsVH4a>g&W{jna4OS+~bui?M{R8*cO+0!1
zUqof$$TmCuIMawv%=ce0+}nIJHa#|RsA6%|+Xe<mfDJjD-{sHxS6gZQ)!jtD+NB22
zZ<q*YW7?p40=EAKLS2tpPQ1wjL|q}#rjFP<ik~ePp0`_eAf1RTE6y~YK_`mORBh4*
z0TC4{Qf^-X4zW3@YHmNnwF@q}eKKem5l3#w?3X`ObuxZgl1c>92C<X*sG6C@B<YJ5
z!RG=T_lLJ!VSPl<7R#=|SM=sr6MO#xjITVx^}S~Nd0J)Yx=lv#(9O_q%<|Xst|Asn
zZBphhV+|0R!9zm#1d+e#Qd?gVr{-T4bCDnP!Vr7*%U3?ljUFchO4s{k`QgB;W!c~8
z!&Ppzs3BTNk6>rC^_s?JBnOlX%SPUe-@_{@a&c2yFUw4LBKM=Fv2;Yq>%LhUTUezn
zx~=JB29C!^U`R3aiF}2%chclb!JRqQYr{W5dck3Uu!GTF8lM%mQC0|e2biPD`yOn)
z3=u1g*4&!t(zXAhSeoC#+}?R+R<1GNOzP4=6wQeqY;wNO@S3okLD*nc9azwJCh%@w
zriH>M;zuzs-UhoLYtfoRm|Mqa+YngX1=AXIYiXL&Bh&sM)@>@ih7v|8jp@Pczwubm
z{VAiwjgq>Y6tbo3x}N);Y;wF#dN+CE?6AoEQo5}mLa#?JpUxo;r`vXe8F4VZ>w3v5
zCFg^Jz2E)_?y0DPo%jDUK*!a7ASvIs{2@@MR;<9J3SvDujp<&gp*r;64?`ex7gdmA
zgIJb-TfSiN%paF?8Wl5-{S-loHG^#O^A2?wvpyIxFHL<{=kRVFFv>@Q+q2jB2$P&%
zTH3JU)uFy`QLgT<`+J#_$F73&c6hH3)IpVXf8ErY7K$eRYS_>UB%|Sn#zBqj?kvSy
z*uqeCHW4q^0USm7^|Qhb^{)H$hTt{1`-zN@=0Cy@t#ofeU$po=x{haDA)_?k=^J4)
zR&`Ijk<w+dl;@=X*kW1tUo1**y^ON#lK2SwyGThx{nd;5#ZdK*-D=;X$C$n8M_k1v
zAg&?o=^#0?Y1U2@wcy96G1$OL+j(-H16U=z6*nJrZy--LC0c_i9@BeN<rd8obRzJd
zB<<jkFn(m1m_~8--*YBYe0?!~k~})QW1Nb*6Lr>Cc2~o}0ScFSh48jOsceXY_;XuO
zpD~M~O7XQett=JtH;#N>toJr5dHJhP6m8t-kxdJnsna7_o~w^;J5jSKGZ`UkHq%zm
ze1Le_hbdB%8{n*+=ajno_IGbTaq)FZw+LpS@_WrzZ%GCIF5eBqr_Kbo4*Y8^QV@;;
zEClGPkRyV9&MXINWmkMW^0h+91K}QdL$qT+q=(#nM4CKSvhaiIbH6N^QR(BxL)0)6
z7@J4a%4QY_NIH>xg<iX4|56r@qVVe%*LL-Y$mUEtp1v9Z6v}(SVQ(WrP>N^v#rL7g
z8vaH}Y^QK(qI;UJAYxK&6A`SIPU4&u?$UlVNF)17TAsLNoJKvme}7xz8WF0MIMsL1
zKDFAI@Z#r}gcO5v;|^vbs4Bj&BB={)N&qxl2<b@e&Y#$bXl`7GC68M_ki#9w&dbFs
zWUN~7aSD7?BvjNf%XDJ<oPhu?Cej^3M+EBdp?#r9cv5A7+CWxthSDu`NxE|Y6o|bP
zp4faBMV^8ZUdk9VNdwc`IJh}0KbLP(2d6^_O0t#MA(hGqHT>00b>mQjy*|QBd{|KQ
za4h6PRJBlM%1?w<aj>a*iHFCOe(dLl%qt-I(x`hY3;0uToj?MM)=gh^k)*16K4h@P
zmV5fX8UH%zR!pXX?P8mo;Z1B!X)j%86ZjR$+{OS^a$)=tW^RDK!CJzeL-OIR*>j>U
zAU(QKY&mX2kFRm??^nR~Y~%J77*ENQ^ZBR(aL=~`U(TLmvjcT!b2jQ~Rzzg1Qe?|)
zpjCcxI`26ftjj5DdEP{k7>59txj45je=3v(j0Dwq2RWMqSsi7M-XKhC?YSWUAFo>T
zgGpm^fCZU;Y`hh`IioGu76JQP1FzwiY(DsnGo8*Jw8KD*bEmbmr2zc8V^c!BP=a2R
z!U0s0b+giRg3WS~Z=ke2oiO7NqmxVoA_=QUeDZI&6QNj%W11cBU%PH;k;0Ml%_$lu
zz4>ttBnq|q#tdo7lstz*=8>$V3|xM!n!TW&Xp)x^XMEOYa1Rr<p#Q{_gknc8$+dj)
zdSV|ZcOsY->%sURfo0Y(;f9wBrakeC)}GY3dVuXsB_<eCw%8(al-dpCN{)|&jfCGm
zXtVL*x&`wHj}D+zwAS2x%Ci;mi?P$r4?tO$kNfc|<_XSzks{L+EZ=MXUi!qZAb8h)
z;O{Z}Sg8NVyWVV16KmTCumD5y^mt9SGDQznSFJ||NnBn+24Xf>%y6sh1q>W^miPJI
z274d2@d%(sC|x4P$sw%=`Ku2V3Lt$4hYYdCVa;AyFV!P@4-^`(g?gB8%Et>1x-yK=
z*JZ>1J1t$b=vL74)T{TF77}2rb<Y5;G=)Ql&-o6YV~r=fmk>%#b(eu)3tixMB!)4`
z+x?W^?E78n1Y(!C;5AE>+F7O#ne!qtjy=-A8d6ibWIk4d=ne5tj0!9*(p<<5j@$}q
zu~FNuHM8q}K2pDloYH9b*@AsY9cMgRkgER}4dWbfgoa^{w&+?kIAJ{jMr@(%3G3NG
zX%Q=lCzg{T+zoX;z$cgEy#NMse4_E98Sf;<B_>%&%WF_iZCD;8YQhEa{CJ-DnDT~o
zf}hZxE;Ft2M}j2rWeh3+Ess*eib7?8*fzBWpa<*sA*~u--65KMab{O<psgI9yIf)M
zqujBuy?p0T+HX+rm?xp&8VLaiXd~W4RhBVXpoG~{_p|!VwopgHJ?w<QYrVi2On7h0
z?t`5O{EJRjeKr!>pH>;8S1-OY2_d5V>+Gxq=nIDr^1gAl@?D136&{|RG(ONww89Tz
zIC(Bo_tuJk`AzxhF)*1Z5Wj(2MPmds?%>1j6m0r3Sra+(=KF0rANDh20xL~E5FmuN
zsH2jBYX!BMJMa>~g9))!)>nbMwomTx6uj-O@`ko@-vtDjI^LlyVwrVyh8dWY`?Izy
z1JLg<l1tV(B-;32J)Jkn9i~&}LDYCBAyD$Qd?F;Vwcv7z!3#R)!~ilMurqtxiy(=}
z8yY7QH*vJTwT^#sj@E^pb<i|hqo~>u&7W^vFu2Ih!=DPg)>O`9VH%4CaAY<-6@+%#
zs`vIenezJZz;@OOV0MhL=$9dW#kuK0y@?~gqJHl>OLhq_NB;!lagr5^a5DU;a)LqK
z9TjhsPR9<z6%seET8!=Z-$X1X4wcNdH~CA7ncvz17V(^57zz=6i7PWLAM`C6#&0oX
zp&mW^CEtv3xUV;PB1B%i0DK$Xs(r-)G5z<pD$7r)%n>=K7J~Xkg#$V+D9g!;L$n3&
zaH_j0VzC|-=WWocnaz)vRfTD$Q%um1f+P8u6@qjX*7(@9<HtLVa=_-;y0qISiJxQY
zgmmsft&EXtwYc-B$3NiY`U*Q7LBP&GI0AGuxr3e&Lnlu{<X-Q}NrKb0H6M-Nc+!bB
zFiY4teSDeSnAZ{G+%3TA=)zZlE2TUpx@I=k%K!|aV`hQk$AhAWty?bGqs3s%)h2?p
z>gBGg>%Izjszmk&YP@;5!iPw=-t}$oRVI_ZM)VrKTIHc`RUHe$5+~6nvD&rzFZ-7r
zf<m`!i#8~-uXy3UOWDgDBkH*ef%O&OQ&7-!L0Qo2U;3Oco$Lm(!7;>*qUQ`r=}UWu
zPVYc=i6hnI*Q;rN7R)ZsZSbj~{`<_yB|h2jLNs3}Gvw?XL2E(Y#+G?beph5%c)Kd!
z2PMy=su5RGlWbbsajT1a{<ypli#mT}SKsKQddpCE-Nn|tiRK;oko3ll_iM9S6+Sza
zb0EmgG{j$44-=1Sy<d|scGlo_McShUpY}6Bs4JcRlLIs32_KTzFqac=;R>=r&Sx%e
z;3xNN5+bUXsAKEh#?^Yf*BS-LUeFz89y-sPIo?5Y>jlyE>Lf%H_v`inQ^TY19l3A1
z)uA>vmh&&h_pBraOR$j)y9&rrTv1&rd;Cwr7lGz|N#%3PI}2PUmp}dI=nz3^rPwpx
z&OX1Blpz~1vveY}0^@BAU~?iwJvtOTHoRUJR^^<9BeU&09R_Z3T$P$n4CkbyInyQm
zFpGhv#MCMiWeo>IH2@lWE{_|=?f4=y{2?`+;8&|CyJ^=I2NZvWK-Zo`4FA?GioU5G
z`^7Ijk0_DHz3eo~!+i0nGdsl!!NHYxO3PEXk1nOzV<ANKP;k;}>DQrq)aU>=VP$m%
z`<SMk@0gElgD^iFlTE}hH>2*B4rfh6eosQJEZCv5w!FMqu#5hHY@UoXu=zSp0|K&N
z;lUIU?Nn&C!tQM2I20cnX?zRCmL;hCVEgZVn5&@(dqqzf85@%hBtQ_0=DzLunJoe3
zSA;0{3U-V#aC*fq!Bf#xx>VDyOB{EB3+OkBY<AW{`*eMu6qwj+U=90k64-K%di&(S
zkNsSt(MLOK7O+(02qZ8>4(v7t8IBVV)hy6gQ9obkR5St#FPf`QDJ_7htPVrBDc!P9
zg|z^2vM^c?0KmR<bTGky+RgB_pM-pmPiOf*nhfOmJ-S1!Mjn{ov66v#t|o{%5{L*C
zArd+m)~2o9Kwr2ymD8mh&3ylnRHC}Ym4YbHk^If$%i^YJB>g@upoZMwesz#I=#jp3
zxdb9nH=3XU)>7b67_Jc5=8eVh*DTt@ji<$7%wIF%Fv+GqK<7}>oKc5)MTHM24*%4J
zxHJAV0>cey^C1omt+2j25HGeG<7?~mVX7#*6!OCOGBWP^_7|6JQ53v@pGx@6e^;fV
zYO5$Y<dNM%Z!Z|x4tGD)^4pzudoNvfq@Hm@QUlgPQvsf=b*}I`lQ_4`<>hSyC(#C6
z8+;6=%!Odz-gV3wN6sImW4HU${_kry!WD!c{8dOP(;FzdS8_HnWf`1_dag5daVirn
z=G^ZAYt|AXQKiwgZG|to8@H!$W3cdjX15<}ezDtJ9`8ZB*&RYu>`oit9cCQ_xAxZM
zNUH;TK2wLz1)ZdqSwp`HjtZ8WVJ5{iKyIo&rw^mrcf_^j0`=bk-6Xsj<uv10CVg=g
zYn$csGS1hPK!6hKj_6b9A^+VQ+VLhr#}%w&NdZv`>^6Vc+-k~?4&e^r7xr6-Wd)6Y
z5G>rc;r|?`#t6B+K29imZO?j!@1g3(R4Tb7f)F$3?>ygaxh3h*IEa#=7~;8yO`Mn0
zEd^tld72X9muK%s+=1*8)8GA(!Qrs(G_`$-EEvn0ll|?n?@I~T!N4!xddLe?hEjZX
zihZiHx&i%wmY45xp@PB_0lhp0#}G^E)K2YSEDwTLDR_J;%GBTA-P$Gn*vd9XmD%Fz
zOYffG0Xm1x23;c4^=Fw0R)tiILI;ID%LiB1@q}AB8O3$M!G~b4mzIHb0i_}UlV2)D
z?sD0Y(605p!gk`?>zu1-J|K87+|~@A4+50~RcZ6+vdnLcIPpS@fc9!)wK9@7V?(XP
zDsvm+sbdiLm~u0d6kMKt=!a`C6%dBk`^&tF;ur-~dK-)RN+?Jd1kz|}9x>Af+X8W2
ze%7P~XNaJFqHqA3c?|3R%(f8!{(B%tVZaheqs&If&Xg}~+f(5xxQ#-fjmw$1Y#4g3
zz;6OkJrWL;gr#z9gAtWQ4aWp&D5SqQ-~mmx4|z+Kbt(o&PqK-Xz7Zs)J0{QOl(#Kd
z$R&0a6fewAdSH2v-OXOD^l_6gu!w^D9SJ~D1%2%qE2O6jriP<pxv_Q~?8T|6+6nvF
zqTm0u>XxFcvxwleu*%two@op;YgK{&izK1Y(yShNz1aklGaiCBJj4G(<eJ8hi)~V1
zjW%o!H6vtq>&u)pr^v_0<?Ac-l4}@^KB({RB<-=V@FBoXLrnSNcG^(6>;JLu(YL>S
za6Z(n#Zy0j0M!c=+H&alY9+{_0*+6v>=2a++IHoDF7d!9S%-M-v_np2I7M~zS`lrD
zvJ7lNvpQCMAehX*1ZlZyj%rhn-aKx}4IHoaNxo6{io}aJ<99VSuq>3QIXF$;%w3iL
z0hGgah?-*hu<9p9&|Wl3>231EA9b(`T!Me`>yQZ1j|JcudDN2~m)O!Y##Kc|M4WaG
zTw-dSiSQlsD<LCY-LZ%+aX#epXj#d+6a-FRILknvJ^g3D5)51&R&bJ8xR($Uph>Ac
zAE_ZWlkW@zzEWw6M0&pm>Fh%BDJYcH|2e&B>e?8PGpv3m{YB2Cm|jmQVfh>EMVlSH
z#~R-ej@ETZ*I_&RmRJBDJTa`plU=QT`>Z&q;SlDdqBKa8Q^Vli70t%yUrem~c9a7R
zO-v*Bi1M`~!$NOxVp?W)WH=q={g+ccvX_;I)0Ntyfd(5k4_Q!vS3$h08O3-gRkC7W
zx>RP9!25e`07j+W=W;*a^HuZ5@U=~Fi_6A92HA%-beMz`j0C}PcQ5pDBXfgLH?oCy
z947){$LZOlk~y0A*kQuhJ%!qe()Hblqqy|}i~1XT!_vf?|7pcR?H&t(k)Z~MvAu|r
zNZ8HHit3T#10fK_+QH>C+-&+q+n7^fY%u{;UNPO1MKbOqNwYx$0F!1*pHGmrXe{}2
zbZ<x{8nHG8<c@gAt!x9=N#Mw6g-wYuJvi-d76Y_)$P&lvVV?!PZfzwKYn<(@e7U%z
zCe%vPwA<=|Ph&p5pq+aQ2Vb71*2VJvIsBInIns`lsEp#b%fXmG9K0ditAl#-0wi<~
zgSGk&nHn5_@Z7rnX0tj^uaF`JYIa<zke?0r7U~<q01iU}xg1(o#*q&)g<RKuJ<);&
zS;L+$bJ}NG%lo{$nM2el*CMCItEf;axP(=ywxH8)tmQe#F2J=5%%?MWNpQ{naqT06
z_{fdCNUw|^jWvD_;U}S^l?h%(G}>yPSe9RZwX{`Pu(EuEH_B-#99^{LuxjH&<Y1T0
z;31)itO~{Jr=pO1VRU9_J)#w>M`ci1seZtBMh|i_UNBFQr~#b~?cZ-48qAE>DB$If
z3Mq(WV*C^jD!WO$GpbK02UtGhKhh<^#2K_Q$V@UTABSkCr6Uq0lp;*7|58Fe{62mN
z(xujH9*`M*i&<E*s69tgjF48yTOVjvd1tEq6gEJ^<3;CqVfWglM!2N8iT#&$h%Td)
z+guy=Vs5=MKAU1$=O@wFQ7kO&WBrfiz&GQPawtbjkM5A7lZw@R9OnN1Z<5pTZ!cP`
z{2E@TfdW$4e=V22DbSSx6%>h?c*h^dHRu@D+0y|9vN|i07Kt7hCM>1C8(4ZdK79JS
zp6s`^3_(;X&uOBuO)<bCpA`_Cw8p>@0n{`ezVUmLqsvt94$b^}tiXatBBZ1w&TU2d
z6>|01?ou14+#bq895g8b;@omApK$n_cp$A?tjiR89%2$4a==@XfD7Rj_2w{$q@UU9
zpc1#NkHO%#T)d~ggTYwnC#L~}-i=-57lc6*v&9c_GwKR=Km+k9hIg~Y&P!)r><tq&
zHB_&`ocGIKPu6SzBpvWevnOKK9*pl5Q8>+U>KIP1tQl40b-Q6bMxlkq2Z29*n%fB)
z_4pgcBx?^&gD^O|JMK!vLn(RjO@P5^pac`9OQ7XcG{p~!x%gLnlf4#hXij|jXbku_
zkO#ABi-OT?y7Ei1=gEAo2-d?k?LGFZqK^i<V1sq-V*YH6pwIyNzMw`$h=b4v%pDhj
z{AkBHECSQ2{xw#%S-#)KV*C0j8V{#dXxUhGUbHyNXP+D$pTufP-D-ygB;?rG$gvL*
zRX%ZT9BR8;nI6nyF6n@}N(qh5gsAGWL-5X#+P!0&m&#YnSHrn2$v`$eHCJ=Kv=nri
zT;ZKvh%f{0Q@1K1B|M?_$V%Gs*!1JfDGBL5`|IP8{i~^h_{zo-{|XT3j*smc&yN*u
z23b~BY-CTBjg5<K;#6XxX;P~RaX5&|Ese69>Iac_dqRD^O5ICf7cp<vY*|;qNrFsj
zRgf$1gjo=Vn5uBZ0+II0b206bVab+ZL^W=EPA-Td)v%#5zQ!SOZ3G<lXsrQj%+A;d
za<+(=?)ZeAQ46RdE%E}T`SBrAS0jn;w41Cl)osE#`ueTEsO_W%KzS8(mGdRM!_&SY
zEm#J|8N8Fh6Z(=Yruv5TDr#X)#jb0)=ZPzt_|=Mjv2&^f&<gE%wi}>x-(;ZV)uF$s
z@*GCWa=Kz>R2I#1@mj%$Yi+ToQYX2s55dA9)&4xgKWh3T!@|C9NzyEof0dcj2tgup
zSP=d5>kuD4CTx0Q$8#Nn=~SxGiuF#PoaKi+g+fc0=?p2lU{KO+HHNWdtKOPe;MsPO
z>J*atD)Oqt9H?r+3<?j~ge~tcYU3`Xehq@KD%1MM4}R+)`9>SLJjbb>2&VTiA-nrx
zC%~cCNYk#?7X2)qQulE-f^>nM8l?x<iK-dNs#_xl<*a3C3FYB9th_z)fYfd}H#<|u
zk6VK$EDLw-^n>~_fbl6IGLfsxI-Z|BBO&Euyz-v*Yl5F|HwSmU9TpE)%_vfb+do?Z
z`26UJyV%!x*<(se?4iOq$X6gV%acz<IcG@n_yTJOLp+3CKQ?SQnRQ4XT53r_Bf8oG
zveAzeEHXmns-H2{O&-PZ$v^NdAZNzC5&BF-WB4n0P`Wz6^lJ*jAxl~6?03x*y7q6n
zLPA4s^*h-3$-|Mt>(Xu{d^?tDQunbv!ZlRqv<)>_&tR3!1ZlnPPKLgX4Y(;%|D$$Y
zAZs}*b=&;G$l}Q?>DTwRf(It+K$v54`HcI72Mn{o0(d<?bsI82!nre+f<HJZo2SVZ
z2}7@N*n5^ZdpaJfH>e<YxDwIegYazF1uj!Yz$`dWn4m&PcPl<;yY%9f{$rfnb6dTL
z&eurbst*USH!h4xHLibN*B@OX92T;4<#;L==GMq}H7WL+>P+OjvwByS_Meq_a-ln*
zTCofq2)*tg>TL-xXEbWNl^H~pj}yT_4plj6LjaS3F{)R<^NYu_q7U%&+Y5k^JHZ>7
zP5icVfM?h_)7_s@eAIhpI@Gu@CobBy?4#Bh<w0ZOwy<9epyK3*7Z>owJ(*lblmLTR
zTb58VdhxQp$BcP&Ih3<GOOINVn9AmhjNFg;DGT7613?;A!Y74;`T(N82!Gq+=k{Pr
z+rqx3@I+!I-%f*F3VrU6mhbYNq=*=&22M!>oMk=MEWZj8RjvDP8?5J=0ju~Vfdv|d
z-++M~WWKpIH=vgo)WW}#MA(=$7|t6=#Y2T!!W^#fh=ETx_`dRBe--&&zA}@{iiOcx
z)qcy2@!6wJKx3PZ2c4wyqLrs}E-TR0%Q+BG$OQGY`tLJbNoPV!injw5BVOd7>?5tq
zqqwEeQ-V?uZ*#RFNoHBF9UR&!+X8JIn67K>e8Kub_)tkYyz$b?!>|3}$uL&DV-*EW
zdq6|MQR)u%YAz)aug4jNfBx}~1rINXKNa>y7_Mxq)kVUGcESMm?{SFF-<ebeKP14Y
z2M^nze&XlZ92HcZ-cxO44kN@!w~g8a|Eu!G=VxF<YmSK}B%ECnT-lQ~H6Fya33{A(
zMjzrHG>HDUZP?*d)*d#-yPm$N=~KAe+AjOIz~!t}=zt#!P06!7xnhy1$5Xdz+zPa)
zUA6l~A>5jvGaoPQ-ED@^bG6eO6&sG>3?;DffzIE{Bm>dt<JRYUzA^lQ*&>;zAlN^*
zC_z<y6t22KC`sq;*F_*{DAM{5PX)a;pujjSXoW(Z5o$itZdK6QAC~$g=(CT*n&s6k
z?2Qo86To>jKx$n<hL1TUpe*yS6OIOvsAZ4v;s;LYgC=#a%7JD^7C0H~fzIQ@ERDH`
zc_SnG#6ZS4$}>pkvUGlm4f0}rDyD2Sj}CXTO!qr#i5hPPq9WMs$>Ops99GctN|hu@
zux@=|L>}Jz{fdKk^Equavs5>`jj%cvL*ybrTP#G5Li=^o`aL&sF!!)96UF1L%V!+M
zNk*j2%#sGGkOg<E8|`+v02cedMxLX4r+oZ8SD>c(@`;G<VR6oHQRl7zkCbA>pj0*l
z4LFAV;>07f1@W4EOvr;DZy4B)23}`ZF)2VzCg{^F9Elo-&^D{8U;sHU)-!pS%ms=5
zKG-;T4tam911Hv8nq!^927N@D)Z^wEcXoHAM}IQJ13^Ip-66F{N}*<-8`!;hgkgxQ
zy<dL-x}~Kas6E#e82$Ta$Bo6-ooi$sN@=JSW)mQ0v;#Bj(vLD%b3nR*m`JM^c8DsL
z&|{b3mSGalYQeu>XG0W0dNfsHtuUxW(HzhNVM4H8^#6xe=kRcqhDcv{!?L~vy=PKm
z{d`%Z>^TPDqUV43aa;85i5WPOxD$;Y;iF^xXmJW;`-ndI;WZTYI{>)xHqoNS7Sm#R
zlP@bQYW@cg{+fKDl9q8>CzQCFYzN-*I6F|CC)&49^ug*3WVL0|7OBSlJmP@TW8R6n
zNOc1sndO|I9s8!m27G{js*DZfAA{t^?)vbX;-C1Yl^$HMiG%#mSm7;(5704MWOJl?
zqh(=jB^vR;&xMWz*!odTwkTdKzzu+9%GH(RG7|Vd*?7dUW%Zd0WdY!h<cxRm2;=X-
zVM$ynrjgDmE@tfsr6M^9^l8L_NSU!_x9gPx^RQ$Fgqd4twcC2kexAVy=H=|ySEfnB
z-aDj>vDG&QqsyhOTf4mUiPM8$h}g4mTbf??CdT)H&Y--xrj{WiyP}_kOd^Dufa9h7
z9f4R%$Yxrw9|w=!k|W^P%TM|6#d%|Y`iG50gs(}`B)c?5_$#n$+r#BvoCR&fW<HU5
zI%)NvMKo+vYB8x1x@kQDo1=Ap;uu<F%(G|W``B5mY4zxz&=d5JvNN^&@ghaIdw-ef
zhG+-KNul(M*5Y}uj@Fuk7R*PuQLR{aN@u;Lf9X!UWO^;)nRiYtFfu-zSXE-4>oY<E
za8gT!ROR4nT7gy@o><`;)lJA2LvVAlJemKlWoBocowsJTJ6FxMyN`WmvATe?o8La8
z3Rmp*aDrGHsq@L<c#54Hav&B~h6dxLxlI4Ly@b6!-2ay9CB+PR)Q2S)gAZmlz)7oE
z_C<CM8)6SU+^J<dqKd|K+H6&Ox<Qb8Mg#V}LQsgLo?sHVA)k?D<Xx$jV3NSQqg1Vx
zc{3QE=TjHFd1zz%#r$G0$(_DTWKyTZQMo@(>)<9Y#O;;Q49ry;W;e^MFpKPQw2*4i
z_k_0=N@N3N<8Z6rp+tMST8mX5KTS5e4AdqSUHTFa>3HGBJHk1fQ4Cn3kGV77YnL4d
zKWRr7@$;MQF8Bo-5I+Ke2Jq%HK^_rgZyLr$Hn`z{O(^I7O@S5KZegz1-KNu8!}8-0
z!zIB;rr%Zzp+Kf49kE}^bH{+PQaxI5sg7{1Arr9q)MZF)x|fRX0*p!EWYhOf4uqU;
zpDUhuqRIo+1)d0$=Dx4Lqdw`QX$`Gyp+Gs7hwS-^>V(dAe<pT_`i=W7Wr9}2C!4%r
z4Cf=G-&J<h@bDWpg*M{dSLC{Cr%hkOMtTzTFs)r_tx=m7q>aBP-c(HUzVmL3JO(5u
zY$gbDPALp3%ezU{sl!m3{4<sw(`UI4sh!p!LFtJ2yYGl2wgDmb4G1^!u0sxI9oiNx
z$QA2T9aSh)-MyNdjf_uGp<EgC4jgI=3G?EvDp~qr%3dFIm8PR><ZlvF3N9g`W~sh0
zzX?l1BZHXKrrocP`|NiC`*On~%RW+elHJi;w~AYf7t0p!Me~9q(4*mAkdC&SGSHC%
z8>s*9Y`Rjh@eKq{UtS7BX31o5CXbB6`2Yy@j}3jA|FSkF=FZu#yEvXWHq7`R=NHxu
zbJePR>m)^-+*A2Cy$}>*d>|Y~kF<K}<0M7~?G4=1Dw=LlyEe_ST@P}z#7$;_#PFv?
zelAJBHVzJS6#%WB>O56*#Up;84-Gs7FuDjgK7k_=HT7;B#xyG;9BmKQaJ-fC5n=EJ
z?`W$hMLH5gp8>&{-5)$)uE(iM|9W|fL-i**Qh0UVRisY4M-wF#Q(N(r!X@!z;(agv
zt0eeGPD9O^GeKx&$AN6xM$^sUmkSF-7??cZw2Q7F$@KmyULPz1o={co*s}GpJ;y-#
z6KLudF%@%)Lct$cDANqmF74NIGs(uX5!MsX-9-`C%Ou%Ige(3_2ao`Ck1u<4<cRt3
z!pyh?eW!J1bdAfVn78-dNBiX1=xWVD`FulZ_yC)ZDXH$&q2+F-W}X{sdgPP!XW>a;
z{jpGq;C44l{iSN}@mn8Tr&e_pmqq`8!SP!X7O?E&vIHID*C&#y`BlS=z9v6Q=%pBY
z7})?L?Y_a<Mo_BLIHDplMe$}%6WcPSt8%A#w0EZ>F0iq_HdO}_ndmg72oo4U;%_?}
zDmr4AL%C?&%xrn3z&Us;T7TC*-nu^#CrP0lX3BBDM|tpTqRrHxD@3dN6>LHojTH3*
z15n4-29~#GInR`)868hTc>SpDebYBWjjr!p!k-%FvN?qw@;0J;P?z}-P|Pf|P5y%(
zI%ap%x4-1~7dW9jttCBEt<`OFi1W^T&i%wY`m~zqK2vz`%5i*qNz=yMqb3nrzP;uJ
zy>*4jVKk=Z=EjyRv`$~cSpSs$FD;7)O3uI9tUCxo*;Gj9f{*$pKqE`gb+6dw)^!uV
zkks1Y6Ibp7Wfahjwkrt_5jDbzHLNN)X~|!-$|9y{tpO=UAplc3h!r?#9D8g|I-OJG
zWnfy-YRlij%LHIB%tBdY%8hJ|^@g;!TCiEdbWGSg5Mt2ZYq)pa&v>{uB1YPiwNxHH
zsu#V8<e+_)DLMzm&%w1bxBIgUp}nV06Q#^(m3r(odWMp`!wOTO{M0l2@7kKe(Cjb=
zK?R&B^(ucX99d|}hRy6V44L^8?y8v4o+iQqU;HoCG*K=0+`ebJqtloT2d=Df<uPn*
zgyG<A9K_|`WRBRwbx>O;h&|}P=TxQr`+e`^#}B}>XL0}cq}kCB|JrbBeTZJlw;b-5
z53+=aV4gO*6=q+JFZonPS{oAk=oi)#aab@}jCKWGH)>rd5%U03sUXJp9HPB5o8WDE
z-B=FQ<Cz<QQQESc0bJI%qiWm$$*>)eA{!?i{&-m<pg*%VNPk1`b$<y`1PIzN-RH6h
z1j>!^Rs;h?vdCjaF>FH8R+(R!2d(cB<f^83_+GP6x{!HDm(b`QR9AtvPDzYQpSZve
zZ<`{X%)7=2M&3eCY;&40!X5p`gpzB)M0kSwf>(rj+6Dq5c?t)%`bzjhou2q4yqh0$
z%)dsCWP2G&1_;N-@#?Z#()|kCM0=kyKf<p3KfTmE8EJ0;)(SBHg;Z%TUx>RmC5fCv
ziedx!u+|z|D=|^6?DgMj=%5J6%@^=ij$NIx_^&y7QdL|<s6F9@qzg*9rY98TT6ptR
zCwq?C-$=T>b0;of=$$eQ#_z^EIAYfZDK2e-_zuPfP(jlEzY^%cf~arH3vp6HgGZxX
z5v7O6(F6{%FU$T3;J=}t=q^d@3Zl0azf`n)S$VRKPw3<%dwj|(?sCi0x<gT16qy-S
zpN0drPbnhE*^uDu)K*Szu(_Qiq0n{<NG7xPuGRS#|24yCwiXXKc&XGu^-7vMX*h)q
zlid<mCWG>|+=OrPSIhJ%DH>@^MG-~>ezmgiZDh1Ha46n(jY~?Wav(|u10iFqp=Zyx
zY`L}#+5RR}765wkN<Vl$AP?2xu8W#;S-DX+HdQT+3tsuEA5H1t&rqTzHwsY)%EK#i
z%&9xNw=@``v#{N=%1>KKBwtN^p9R802AcG{5OQVem>c3E;Wu${1xzpo(<sARHn~<I
zJnFFa3#=#ITr7ae4>ByQ2plLf0vIJ=*ixqRK0;ArhI%C5=E@>kLlYWfbbaT`F)r<D
zWZENq9}H8IEEbi>`E!6|<nnT@z8IZBvXY3};_W*e<3NSEuL)tk3+v;}Wl$|PTy>Xn
z-C{v;=RviL?ZO#xK}3uD_`CW?hI-nSJ7B;9q=^SjBxY5e{zo4{wH37eF4)GPu}<NF
z&cZ$!8%-E*pXR;?tLbM{Hp-mYn-A36RN<);{;pz;*b1^l=>Od0<2>|*TVHBZDrePA
zD2}PJl%@NbZQ+jg*F~JdUExP{f^JXR@*0cUW-4%QiI3}qGvIbBSVo-i(pP%6m!a?{
zX<fV`s(co34Vh18ruT5|?`A{G^+!}WjOosue|$dYzZS@@Y^-f5b0llU;!%tgWz#6y
zFtzF$y+gh?qCry{M>mv%Ynuy^UdA``Shx8<g2b1b+|odR(WI=_HTtky^*OJaK2?@H
z1A!paPo+YVcxkS{ClxQXZ9=s(s2xW*XCO4xrn`6LH4{O{ru&yb@zoS5hN_M@S=K(&
z4@e1o+lFfrazJaBpMAr`C*EOOPYls+7|?V}faZASV~_J0tJq@?H`^zFB2BpITuJW%
z*|xz`R_Ui8QkmW2Au@Q;vmT<W7B?Ms`iM~uNc*gI>Gzp)mK#5Bk^H$QUk&Tfq&K+A
z&?xYoZ{}8qdTAn|f+gK~i4X0WOvxo<+LbPO%LOMBGMBbvxI50jOnI~>b5UOH80P<=
zHV6!c!&UxdxRIUzh)k1Dz0L1<Dcj;><sM^Cu3EkY<GP3M_0ARkhud2f7Ym{b(^<EF
zYw;=|Z|Hj=$uKtOp90&K$ramX`aIYmkS89hU$P&lqmDk{k>_XyEL>a%^?YkvKJpH(
zSwnsy%w}ojS{mf7U`K3VzWKo~oz%!Rpi^BGKBq#ywbCUV9aIH`;CQLMmoJuOfleFP
z{IhRPh~r)<h6~Z^tbYoR^Z(Iz5bk*+#d|#4)LgYr&f-IQLj*SPH6O8I^!-_Ss`6a`
zyVn;(N+c6bD#E^Z20jJ>O*2fe1F1!FOs87Zw6fjI4NT%8)8rE$cBTn1XnIkVkPdn~
zF0+`!$o1Xl<`<s$62Zc!DD|~~!BhKxwxajpL*NpJEJJihvH0A1Z|E->3hzP4c*U#K
zg@<a}7Y;kVAN)*)ij?JNGIYTyf&|myS+!day}1l@4iI-&T|s1Q$|jp+inT$_0XciH
zbGW!$`R858RXQQjo4zbt#Y7`sg+ks^owE9#IM%H5HZ}Ig;jP6h4YWn2zc^z-G<4S#
zf&x><Kw6HMNcH1U(Wi0i8Y1?Olng5nv%KhW5pFv+XUHDyu@BCjZ_DJxD0W@kT2fto
zQ<#+DLQ+stGu?EKK{9$ndwfBoN!c2zO;e{jZi04M(<88Q=Pi$_ZwS*Qt)6c)P{n>F
zn+5J&=?^6xFR)bs=zU38iVPoa<dfhh6X-E#NuK!FCRQEG&0$hr^<i-Q2$tzf*(kCb
zjc2^kRVyyD5D{W^Z0MYC6|Z5UGP3rEB{P1O8E%(YnBSy4b^08Kxm>X&S7CI+NX@@$
z>S=t)1z!avmmFp0(faVCXP+cD`jFQDx6u)CCg^ypWYa_tFuU9qr#0(-9MRR-=Q<Q1
zD!Mm54Kno?EzhM8)x?iP507?}txQlHFT%o##7b}LIU*t)+hvr?pqId>^$^@8QfD2y
zs)N7r2!xy=n0cOe#UREadO?iHpN(IhDv>oKTmCag2BXPabwHP~{=GK7<M5>{*+6$e
z^bCa3SEW3FHc3iBngQ{vZ(mv(R?Zud0D?FS$nsfaXrUXZ+e|BWKp#s|Gh@Zvj=%`v
z#r%+PiGDr(2~Qpbb;OC{B6AS|5fEdyJ+-xwJTH;ll5*?#QhWp}k^D=!3E(^9{O04~
zKN7$FrR=r$IK)*-?J&NrrLgoZy*Kiz$s?oY89<RBL)gcI3kA8GM#o?D!`{Q*gp<1@
z)8Uwueh4p<3%ZNdb%ZJHthGdL8ZP!OOX093hM1Jy6+7awWcjkh;QL_HS`TmpJon{N
zq~-maMKH=}zhvXwf`rWp`ZXYTMeYOTJ9dj7e*Ixl+;GSEP`NQP<$QG-ut*_gWWRcw
z#WTMP%lmM(TEa^<v1cF+dYlF5;QX&_P51pRRH*P!Mf|N8fDw?@kd7X?bdk(@G^{ZI
z1b$BrTW6$GXTW3a1dw_$%$wPs7Hf?m075{$zh3ts`w8Xsz|GkkSg&yY#<MagR#+o!
zmQ#XE)}|%=WS<UqJ9$&O)PS-t?s(Ty@lNRaw+Z+sFmuZ4rUn0i!8s-dqB}YY6lPpZ
zxwONBtGqNlpjH0(yQXq{m|l3;pEbtswX-wVe~jCSoG@ghBNZ#-bWmBcADjuOLP6T#
z`5f3+RTSbN!_BAfxDpkK7vGZJrA-BMNnj?~m9uOxWW_1+SVv=cl!f(*+Em}`Yjcn&
z>)O~mhIz49McZDSdf^4{kUfZYHKRxu@SgpeQXr;dX8bdk)^|9xpLa50g*S=!t&5N)
zteoSV`xA4K1WT2kz<)ID5am*rkP<8$1z;zYRV!V>0{kw|@d2JO&=JLkfLR(VYvrw@
z?<~$YQ#{#?i?`wxwQ#C~d)&?>H%7~vomff*eD@htGU4ML;w%v^zgdG8yIg6Iwj#H!
z1hh>Zj)!z97T{kC_DtqlwMvP-0xwXipVS#Vi(6+lr-cS8-aqRJZlUJ$ww7EZ?J;xa
zC&036ZS6hLLR)x}44h~#nwfhWvY0PAh4sWn(kOr%N&Yt(Uz>(LB@a-ezlJ|p*83E}
z_E$){n*y?pH|K3rAbUzsq9z5Fl6q$y5f)C_!0<NYXNs8MCFGmK{m)T`fr;XvSdO}-
zn!TRMZ<Zhx7(%kT>!)iY@{<?LSB(1|?MUQ-$5e@Th|bvu(pvnELwyc$x7@tqWrN|2
zSjjfJa~e%@t~XH15}&BTC`<kW4qE>4=R;S*NpDiYu>GAx?KOhU*h1z&)9(7kYB_W%
z-c&yv&o(>sqAM*@xqVEfKgj+l4FtW8b=WX=;pf7|AvLCm?ORT02EqE9EQlUtNz$c|
zGsEs)i3cL$+Fw7~yiut20SH5YAukZ<xTDLcQMnS15&-M|Ac$a=<G2Qm?1tGjr19Sc
zeh}`o{8}${v1m9g4`!bBlKsWL<rQMsu9MpGmLRPD*ob!RVqy@GH-lzwl-j`?;qB74
zvPRH7@hnx}FAfH2$jrv6)>-=ehqN;B-d{8H;Mw*ZL0+hPdRW_aR6>1!j!Dg@AR8hD
zV06?FarW&Lre>fhDrL8tC2y&53K+B=qj^%ro(Ev0LO~1j>g5pqA4)#Of(|nf7yiE0
zV|XU==u!Rvp~R*HQq}sRSTbt`zxCvz5$<UuAfn&s=ZR&QM!FuF19WBj#GzqpyO{%2
zl9@moYcf;4Rf9e9G+N#B?axW%<K;(;rOj|U$pvXbY<&TnVfI7~@>G%}!iog<C*@BR
z>$ivzl)uOQ%^7*861W&yMNwl-QleymHWEJx#b>T<sv-rT9`x2ULyPWMsy5ft2nJq}
zHsYz9|KUwQ{hhR}25m*VrTjyuV|QfVrn2FMT0Z8r^T)8%U$Q%Flp=9iAlNnCY{zH&
zmN*A)L1ibC_M|Sh<CDB4Nh+bhw1xBy&?r}pa&O>i`QRwHKH(fthTLfJiV&e&{UZN}
zlb)ZHO)|ZHO+Me#vvK)+l2UKSfh$Xf;wo_zTgfkUkKF_>ZcRejeOfKmf{+v+tcP9V
zgq8O(Lb(q4ED2m6!IX+(Sw41E;}nn{?*w97Uf3-LQ5>YaUV~)5aJ$ID?}9D?k$I5c
zjJ^g;2jtYoH}d!Z2=2-(4?FZxoXzFE1D>lpbuL^+n?mrE)^}>es2_XCHtMqdrv3i-
zH$^G<G2!IFkP-e3Ivflcu9Zz_roA?OV?2KD9RCuV31N7L2cvxI0JQL>W+PINUadCm
z$aiwBIKHt7KA~3UrUY7{^IfS!%Og!s6U2wInW17Dr<Y~r&p&OyeU_Cs!Jc-PfG>e;
zgG0wy2%%tLPMf*HXOuC9KqKPn$T5jJZFO!X?d?k~cXEvU9Sf|q560{9B7cL2{5f;4
zFrFsHNh2Rm55*i#Kd8l@4(BAj69^vMdOAG$tjm`VDWh7&$%I&j%Jo^y!S1>V-sg}~
z%h-y3tHt(`iz#BXveE>{%?2gRYCszmNWw$MIvGr6=4j9XCKBX$_jDNrc3rOL3)h2w
z>a*bFe^i0}#SEdNa<m*QP3+x%ijB7SxQTBVotoL8b&R!wx-#YMU9y_mnq5K?Wb=lX
z@_j&{p7ZOluj)nCHnx;2_TA@P(V?CL_^yA`7F%B_y^@ZB*|@8r1TH(Z$lsucD!=CM
z((r%<q}<v;i%bLT+@OeMton8ryFsR@F2LqL9Ws+cG5g$hB>Ts=oHfwe#%F)N1Xmgo
zjmPsatv6(5G1R}ZijIviALvcUe8|4etLVuaN{pE60R_o;TeP7XjnJe$WGMn)g@$kt
z2%&db6DPG8QjfOMPPs9$UOA3g?YS6W&*8jJGjzD_H2H~-+82u+vD96c`V=8rs0oND
z6ND5KN<!Pi5DCEav-z!cbXv6|e0TF(cZeN>zu2u`K|h?~Jt4fm7__)T00I?z)$wOY
zS?}qNzK}A13DARoKqg-0d*%X284D63e^@mTofZYNjxK9jxW?TL{)44m6lStOaVjSy
zW04Jftib5Og6DKl%40>K=sKbB`Vvy!Q&wZ9#sph#2mL$=Lej*raAFK0b<cwtN*61X
zvSx^mx?otP9?qZu+Q>G*l4$z>{J{iSP~v9nW0iA%BwG9T4spkLu4PD$qyC8}C2Y7{
z&P)I=hCu=#68xO_(JU2w!VX%kM#Jbk`nM(4qc)KN2PZE>Hr2@qkuHSizmnr*CZ@R-
zbj&GDjw9Nl4-RuF^zxu%NnFBNT~?aTX?nq*5B2&JVPuq7n2$xUFy&l4l8%Rg2E+KH
zpPbM(<4=cy3?+|bhR6SeGU&8;AF<F%SAr+DC^voH@fD1e|Jk1Dz=W@LOkg-7AcDKb
z8~F^s5?ql(FsN7JL<@`HQYl-x+QCQySFEJ@5cOp*`-pe-^UU>AO-QVs>#vX{74Ix|
z3m{)D1L(zF<w*NZ9EfxHS(bJPcGyV3(0XqQ<NxiUgZL<TJP{BQ^pK`Qs*Ucx-9irT
zk{TQeP90Ic$C*&uJ<u1(Uo19_rxH}k!fXLbQzmrUftz41P(YL=Sw_~mK1+lqbPf|+
zO3(TJyoL>%78;f>)6$x-^`_PNYl0pwL@7n5OP_}#xWO@}z!D;)oqNT6-|}LMbiqE<
zx1%f1m6XoFUL$nv!Dg&3v(Ya5=)rKDoN+McLz^Qb)=efETNN+oOfSZ`v443~PXqX^
z;L3~d*E$Aa1zB%XbI2cY-|PuY3*DNS?anE_jNRC#?v5!I?W!#9HpFX~<M>gz*3iD+
zlhy<`%r9##`es)4*q#qxAT=a4xYs8HPC8zNikaN}cQZW^d7`uiSPK%N@o*%p#zG@+
zBDpP*?RXbNCITMpX=NqANtF9ZEvV}D$-ZzI57v+>iP6i;=D6mSs63-u+nfh785{r7
z&Ek$)Rtsez(gXm~VTNj@Y)Wrm4oH?Ot5dt!fdRy=?UQZAEey2#uVog?2pO!zVpkh*
zMcr>7l%N5Dr7MGu{9~Ar2O!eV_U};$cMa``Gpr`RDiwc)y;?#AAp}s9c038aV1!yh
zC<k=ExO^3|zyEtQ-aD5E?3zx)O`Ttckz$1`wt%z4G(uhg@b%_;LL1W!YwoG`=rLhb
zpoVfieb^l9*3E{|1#R#MO}8BmNou-!BgGw2uit_ulupWrtfC}&OXZ=h+fVaag~(~F
znFCTQe208`VPAHZhZgL<L$a^=$t_s(5tm)jiY^t04+LYav!-)><?P=ROY{)a=+?j9
z9Jxl8Vw5<+KBUQbA8@HX!%9I-)5Z6W;T9iML}e0R!dmxCav$emtQDw;9i@DtjTK3)
z!IDv_Brl44dMPlw(#w!<uz`{?EBznki(1DL8%am=RfKzm-ZidhuBvL;^3B^MhJP=$
zikG5S9lts;_ZVlVs*Xv?8=SYY!{3|(L@C#8=H}pl5x*s%E4xv$D#0$x4+C#Wi(D|S
z%0TJv=IeQss)ujW(#DB-V+r}=CZL|%X0J}YG2e<cSKqs4L297PX9)jPGf%{iyZRpr
z+#PL=8&1=>+r6NRU#r`tGsjk(eM2^e{g1s*>|TPo+^=WNn~jfsi&=qhAK(d~Io%BN
zrBgCUS;Q>CE_B^HBessp3@K`7qCZa$R1P5Ci3oK}jh@6(5lHl#fmKcRKbI7y=NQ|Z
zC8?I}c|v|>Le4v{ENXsG!}n@T;P)H@Fl3d~n_+sw?}X8BK!cRR&mnh-s%>R2vW6h2
zIiw<irWUyB%><}Mc%>iAwR?b>@Slr)V2KP5n34YPefRM-F`<4_e3#C#caDNj7sy}F
z7iHQZF?#>B9#m1v=JU01G|T8K#N8!Ses&p`9(`OrV(RJpk;|#)k$%Wy8UnwdpB(mM
zP;;W>*lIG{8jf{EQ{A1<7kv0EFysIHV?1d|-UlX;j1z{U3TC)RULJFNq}jz`*u#u*
z_H-BnuiI_D8(&{azx0aer-NUPz0ruRus=PL>X&Ph1VY(mI0s1Yh<`0#ZMxe%RKrIz
z47C;;$wX4gXKAk==oZ1pA<Q-5i7_tUBbd?^@y{z~f#z>fWWQWt_b<iZ3IR-U);9qj
zIED1PHP*@Lsx2)FJ|OX}?(sFsjc+G20bdI^d=%fz=~KT0jM>6VBFS&5#%0_Oh7ncR
zv|yFXrHD}9yKqh9l1Rgnd$NR_X6}An(|^Bv0TtRO`|*m&G6iXFB@;ibUBebuT%+b#
zN3owXQQc!<gQyH#fE4e5Vul5(7xJ?&UmH|t1IJG#vSgRhUQV6&7_{XhAz3?Y9*XGK
zx7Bd6M>Mfta^h{`^#gffo}&(k3P6wvZP7i^ixtMON)#Q~iKQfru(bRECmJVGg3IwB
zmZFm;|EjO3a2)elxh3^<9tu0e(p;u(?iRC~=$#CER^OE_7wH}BR=!k#vZSA@aeW9J
z4u&w#+kkr;Wi42UGpK90HA1@0I9-b?0%D=fYG^fNlp;cHl3W)MYJg3GB#8yzv+?gl
z-hesQA3oK5{i=32Rr~fPYbx6&h!*nU1-s8c;TT?8{T5<+<hz;7;bqc@wg+pw{ozVi
zk+(Q>`ohv+=H7yMciW~uCU{W{zsx!{KL1hFKge2dV?;18B9NPk^us{+h%CGQ2Rpcz
zUvs{Se5AjVH4c-=d;VKS_A!Z*0j6VtDBbG)OA!mtOMnAL$8u`p51iImk8<A`OEPzR
zCm_hIeB`$r-{CMX2r&V*fG%F+mTO?Te^k_uRqXRP_x8%bOdhA=_Mj{?C$}qy07I8c
zZ#CTMKe;;Un5WffO#^cbEH;nEIRnYsxE1E7TF(cmX|xomtazXZTIs@^kQ)TgZjY{&
z6zPY7LI$|v0f~()!aB=K>GKBhIjPb&ossOLpO#5MqoYXAVtYv3cPmsOy&mtg0NAaz
zP53({u<o_pRC~&K@)-#bwxF{D#EpAVf}3A#RK}p<A)s*&8p2ZCwZ@hdL64#?%m^0D
zPNL~e;lkXEmu>#+K7Btz88N+0I$!U9*i#Lb=S+q<@AhOlP^HZEVe@fvo3Ilt?hqTS
zsT^7NZI0=@v@qSwFFcvPo;s1ndXb-mP<!fZ4B1ebP~By3ekO^%DymZEc)&{Yc(K}1
z@5oa|V{HTA*G!<72c<BWIj~QY{hWTJ7SN8?TLbCx>!S4r**f?!%;YQF`<Qr<^%RjA
z))nXP&C=)k;Q|&ZGAZpmE$|VSbU+&UY$+M@N`Wx_0j(-efghatK=vOI=gkl3jXYV@
zpL`9!bX;pMvt%j})G2N!hZ$8NaM<sT*svg_u!Z=nLPEGlIt=(^VkRG~cx$DoamVlR
zUOe7|wA+uC+o*I*r5usSIjek_A9lM5ClQ&G{UUkg7_l97ZJ5pX$L7SugPL2~{Is?$
zwQCthC8JHEa+>PUCR<L3Sza~*WhNmDqZk%2e5i?DDGI(TE|2!%6_|xnNwe`ohA`uK
zuru<wE!SpbVb^S)>Th@}G-9toSt*sWC;CPnne0%_rd!yXobsuG+)7usn*)K=UA`cK
zU4TN|oli9cJ$tNmqTJ_}nghFd=D*0=o&#yngcV?GC$Hl4()qn1B8vjH2Q`+2SEJ+n
z%VPo&gAGk9Blf#pdO_vRo;Vna=?>}tC4#xhod-eUqdILiAgfZC^U2!p)qm1B4<N^1
z$9rfQY*UL2WhSpIqcz}_d#sA5iM#bIw?jkH6N-W_^cA(A_V>6^$<*6dWk>dr#EETy
zFy~s={BF2J&2A3sZS#2hn3goebm+nGC}y%&zxRL=Crx7GwroBKA+yWC<~V}<hBvM`
zUs3Ls%g?eStRdx3u}Q=_r+Wd>xlXqm>Wd^&{1tTFr*Ul*3bG{v(;A3UbQ+d7hG-R=
z=6WKqc7QKW?SV}+R%z$TkGf@$$e9ZKjy-4+g6;UjWHD)P(7GvPq#-ooyJZ{8WNEcA
z&aVsoC*P1PExo1EgQdH09eMg2RoS^o-FwH>0-SXQ%nx3YJhx>CtP^RTR762%<mOfz
z#8lXEyiu1pbW9BS@(Q5>T`|A{6`xTxo|$A>1F0n7mxRR4Af`*<ckhA}4y{1z0mo3e
zof?CylvmQSgd~Y6zzrlUt#(3xbWbfDXOm&-HG_4HoHTEX**KNYP^tK^$0Z<j(0I{L
zSB!bIg5Zm+uxi0ylp(l-#r&WoMR^LOc;|M<-*~p31IpnTJA`%ey0m-!%Uh1CVJ#s>
zE=sXPTG{g#!l$oY8{$4FVjKy?$7VF*VA?w8#exdDHUMw?gg`N-f!darrtNf=t5_~L
z&T^hKQZAgmAchjen;9CH@_E=)daPK{hW)IXkv@33-8UF-q@pHj;yAr3hbasXa`V>q
z`-Q&>yp^ORB7UTe#E7K5Ecln*AJ$!5zn<S-|I(3DTw`F%N2{@Y>Yd<K%Nwa%xoONo
z1t(N0)zh4a7Fg;0i$H-n)DMgkbX~_nr#z#qGqS(S82d^|b)1(ta;pbe&;GgA-5ss}
zZb`*%1S{h=rXz@c!`YQ`m^{Z!!Ahz>$;9hJru>2_kHF3c8Hw-P^+y2lGp<!`ojtWA
z31p9fzNW!zF6)<Q99k|}#3--13*Hgm;0*5#EA12tl(J_+27fE?vR5!4itAgW2WW_R
zuiB+ix+~Cc>noVW<TTk1ic-59LF#jo_pLt&C?2~zG;7>7Vd&A4-3+8<FQUZd?K_a0
zy{yAbaw9Y;5t0T|#*ByZZxz?*m7J(M4^W%o<U+)rW}A2iaVQZ~(ze->E3Fr6VOKzg
zDDD^;6;vT4F3Y&|6EN2)@(WH`Qg@Qr2?*=_>4n=qVG(T~yL^~iBBJacQp|4oyFBqB
zIz$G#8LRPr65lojGAc9Mv`E_8drwNYW@BH1d+4c^pQg(i46pnQ?VGFi&BBl)Q$kKy
zwTwLaOG>6eRI1Bt*kS^4>le;(8g<m&Z5*}gu8!ne3ruw6&Enke0*c?n0bJa_qSB=9
zs=KT%ubi=;NC?P&#3`Q#7*ZJx^m~J$TNZJGa%LLy*YVUdTEZ)(Ttvo#o8NzC2ukI?
z!V0DO)3nyC1kT;>HXgUBHF#z4{G_@Sj44A>sbKXT%8eJZm{kOuoivO&fS<Av<``L8
zUz3!?a%0=#Oior0<`&wvE+z|m4UbkP*}dmg)GlBylbNrUi152YEAqe_wb1Dr=f31T
zr_@Op$N3QVi`TDhUh9_0PvZ1_e<l5Dp`sQ|L@)`T+*aJ_Nr|l8U?r(^VL$-TZ7H#k
z^;224jCqvDyF!T!i>wB{DyHPb?AGz00Ll4WKS*XDRU7PTH&ohSkLWi3zirkRj>^A>
z676W?<h#{!9S80W*752szAF;kA7V<{9!L3_6mY~>z4v=7b?xip#B#(q6@J#KcZE!q
zLok;6Y}e@?=A{Lk#(`bKZmFAMGItsRc`5(_tH}Q%mf7q{`_;(M5<{h}G$mAanP19v
z4#*>|?J4`S7Jz5)s48~@2Q^@%sHb`)D)&RdwdT;U8CXVRV{yAez5bJzf@L;<rqg{9
z`0gkhd+u=S6;^|ULKKubkv5#-I&4PF${-XNMjgGkaA!XJ`ZJt2rMJbQU|<dXT4NE}
z*tqpIKUMFvoIH91;zmuSau!o9RQ^LfK~{YQ;I=5Zi!S9c`a?gR=aradQG+95YpDG0
z0~`PwkY-XQdy(u0lvgGd?|l6*;BLli7T;iutgD+G4TEEdpNXcMgp9W>d~glI2?_@a
zZ~~@kfzYxB#PhwIPl(T$9KD}zdMqa&Bb#7hOntda1>p<TR4$0`_UN_v%x^5>!`-%o
zh09+f@?820|4>$6kG2&aH+c8>fM5W*xFpK?nqteYDfBN2bx*P~rBCXg_ZJ)5N?k6W
zF475%{TW56zBL(^Q}(UI(^*4F$l$!taMU*+te$rjf7U=4xNp9mx(@3xyn9A&!vBnp
zD2Usw@UzU6B|5i)>Rxx3=;ByT*9<UrY)2I~C%--F7)Q|16hS<XtkGCYnpNNTxpexe
zAG0k;=52;myM7t<`!jiK?)ij3HE-=}9(K>i``{br_Ps4wCa&!SsPo?_K3%0<$hO^i
zTssf&RbjdT<auF#oE+jHFy7>N1E$UN+h_ZM%SHJqX4G?ZHOFGp2HppLC-!FTNa;;*
zT5>W^n&uaFfq;mVgAyupf{-u${AnqX74n_m6!o}9M!wMZ7vGC?fcrD>aHSwYpKw{W
zd<So?9Qm$g*7w<xFb-)cSUbT$8xQyxY!KPt2>rad5SDq8IhZ$bs}k@lRM7b+rid*{
zVS>oIoVLwH!+66D+l*iN<%S+`3J=2IVT5pKAcQBALZfQ#Zh2ms)6?Cje8vl)1QjVK
z0rhkHXO=-M(V<zbNt4%|iX33IXJM|%tzMAxEoCZ<5blW9MDNr!&1LT@c}~aov1qSn
zjLMEjUpWPMCAr#)tUK7=Q3#0ES9^{B@U$*t+itqG=I90X2n)~>+obd7<IPkoB*nTP
zeFSHU+ZBpwLCR`~4BsjzQ@v&2H;Bjn(V2&yTfL~d!T1zqd-b21*d6D6Eb!@=z%Lr-
zKYde=t!Z_-j`z#Ooj0rvbTF&j$VPd<>XlF#-O1Cs7OxF4-<n(=E9cz@U}~&hyau7}
z2CHA09@er)ko!BKs}f|JYxapCZfWK%Fa~7?3WM7Bt2eOtVrE+QA`fiMQwX@mOl^xJ
zU|&eYu6|yFY-(3vrLkvgJ@$O6|3<JtWXsv=SuTv{BkwHgCMuv}!UXvH?5uk*5u!`5
zF1&%Z4fU;fsY_-yA?}EJ6xP2iM;BIxs3!G4fQ4C=#MYhDwq9!$b}&DS<y^Pvgs;lj
z2zfdg!Kbr2<P@{unIxLT4*8)_O^+m!f9@U}3}g((oI?Y<w{P8qh!%=(^=v2suLKD}
zs`NzsuaF5pt#j>_O;B+t<4$Ha0+ZN+^23mj$s##sy`R%fQ$dRsEbfub5P|5=m{-{p
zdn=0@-xK7U+QL>8W;2@_w=C3wZI?;2{bhBqL353ab8?W-e~~lRvQ2yYyb|Hy#H><|
zTS5te(xz<tJw-_~ocS9R!t=mGUbIGaRU_yHJrCFYevgPgt$Q8!Jt%@+&*od_5Pz#!
z8+Hfof3SLgMu{U;xsWOkLxmVJ0xWY>0bf8Upk#8hZ3aPB{g^P}znPZ|MY*x+k3@Mp
z`^dqM_|ivHH$=@u->CB`UasUMf^CP`9TJ?7B5sX$G;@33;yC0dT{o!&Bb5&3Q8bUG
zSL%6zz<RIO$<r^Gc`Rac?ar0y4uJaGm{Fh5g&ofVYYNn~7?o(+!<xv<LcCzNO&Hn!
z!WhrVq%hTA@zjn2h}4G;!zC6-&$4-2SA24<&VJT>L)kFYaaZ93nLMNE66<OqN7X+_
z>TNa|tcmPqACz5r-X<$N3pwk#ToZqbK+?L^plvAYMh5^hyO*FH5Q7B67{@kJhp^B{
zyH85rekUaTG}mT_ZyX**K4-mytvJv2l`<QQ8d@}X5H_L}7S@NQN%jE!ddv3<#inXe
zhhZ)K1bFHfJOM;7wPoWUv2-%d84k7Ymuz20$prk~sIA5s+>`<zi7P4~H{qt+z2w*1
zqoX6PR1yU|aH;IknaT97{R~7seJ4i^jpnS4e2(V~RU1SDNea~Bu_Wco+gA<>r!IIz
zcS&nQv5IQf;xgES47MBDb%BghUg0AAeSB}Mtcpw;j-FcialzuOM?2nHq==mF9t(5I
zt^a=Jug-r<RJM-a(-3f^)8n^_-3}?NhdJhJv|eDgZrFv_lJ++{{njD1Yhgox;&!X_
z(X1$}!Qij!x<a1MGS!hWW*?PjJ=0_Y;SWL<*_)w7J75tg_PIFgfZ-Z9PLfg)Kpq2i
z(A^jg@$hzdmmAFrL=rq@`byD5#X8_eP+LY9|8Js_MirJ?GY5sRD77(!h=@jpj~HXp
zY{mq4TO4jt!*T*{iY>DWAERkHQ0@qGXlr^`Eop}?Hs_owa7tljz8rOh+Vrh3zK&7s
zR&tH0osvzP=+KH3J;nsS9AZ&nCc(E!i>eo$uoQZwDN05PrlF8SM^Em8N&Vfl+Ouug
zT4G`L1KW+if14InheO~Ei9kK%Co4ySWcK$oWBMX?g_o7?e$z&Lu}C(!sb}iO@IE9I
z$%JfoZ?Sqt!gIeQ4|Cqh9obgpUD(U@e2o?kIZ9ryL7+kCR1q&OvDow4#bfBg!*h$@
zFzWy<3=_mD-AD5zgqDs{o5)L5REPaih*wR1M_Y_luUI})Y{y-cWPRD@H+}k^*kkCg
z$Sjz@J80rG8yT{2*~JMhbAqG?-M<Snh>qd)o{5;6f0}XUfSj%3H6ZplQNkY5`WC_r
zt2`bw?d(4=rmiIXq;6C(3yVv~Y76H7ptP!liEOTQ{D6JMG#(k0Er7J*0%SShl_q)6
zv+_G@6_=sIFZ8}d-T3=VG~fC_QYB7F!Dp9uCbO+pyitf0-1_ehYhGQ*uuU6B@XF=Y
zgxpa5Tt=*LPEw@2kWpJjudNv!g69t&2%WM>N5JOzQXUHIc$UW+lhoeK3NhVb2@43!
zhC$>$AxS^Q9}>XmBS?Uqkr59vKga)w1e98MLv-Cix9Y|_3p^Tt&0l@!h3Rf+b9kS5
zn^tEr7VDu4gj0#WZCy86f9`Y7^tbzX^5en@(NgT9ObDtu8bYC|{(-_*^SQ1R1O^5w
zlZT>J%VWy0VWa%2vLXKwRuviG_X|VKKAgWgajRa>;#g;__5#MdC$AYa3A{-CG}5W2
zTRUyC!EQ*XKY?HkK|F`D=(jg`jp&^>LV#sT{o1nD;T0sUM8MkpPz{zTlja%JBfVRG
zOhCa+<hU|MWWOZRF33fDy)+t{3&e6ke5YN>OWX}tKKnoZ2OFXU?J2lY7kMPRv7Qv@
z3^`u~20j04EgSsVfFv_aDYoyYSqwhF(DlBQ`9F`i@mflC<!`P+qqT_UA9Qfv%Zg?Q
z2t#*RfjLS6Z7Bfq03hUF+b>dd#zN8v=<9DP_=tGXA#`T4ZKJC7`oVub<)={P0lyhz
zkmWc*CL+dijWD1sN#xsYO{F2?k~HynOHzc_4{Wc2PPO{<Yb78zuICFAyEF}qd%Oh|
zc%J9!5A0~rd`<0HRm^oxU~l3WnJI5{^M%3RD9k;ol?z|8!xznxZ~Hi*b@_&%cdAT9
z3tqsW&~<WZG0Ok-i=v<I!!oN?iWZ7o6cdLm6PFD`z;K-8(eo$%{#EkcakXOeEDm`k
zuz5tez^L5H9Avys0ExRbE=<%gKzf?Z*Pe7|))aW}@~qNh6>Ktlx?R|!zhe1DF}kN_
z!+EJsKw)Vo4}elVY|GU3a2UdcPEMS#K!0@z6HoK6<PA~TbdSwi+_)6w^Ob)V5+tfi
zgMhe{Ge{II9MQ&vq}~Yl^x!^5zcbs+=nJId5k}Dtx4UiZ-ix<e7IwLqM}e1E8o$pJ
zde=6!9VpEvO9Md_uxJ?g47qa2ACvwTI0r%2pjTi5K-mpFNjH&nQ0NdgU*@u+`6fyw
zr8;1$^{rx^bGrq^m0n~Jxd{3lc}9<JqC*Nu#>bPO?#*^;sfP>C3Vxy1G8g-yFKQkw
zZZxzVH&h|`XUwyi2T~BBF)|o4O;hg1Akc-<Sbm}s=yy>h4nY{~euB9s1jrGS&`el4
z24a_q6{6(5QeA$uHBr-CVK#n1Af~<_F>01dZHJUkmGkH7PVET%m7d<3<kWKW>E&ih
zAnWMXR+jdG+?UizoMH_8BOc$GgaGJiJa`!AQ;*(+KPRcW$x2`r(f^>a2JvfxP;UN(
z!s`8f(;va9$=xhX&Rco})cv;Z4v7)VFbIc{5RaO0G`MQonwslO)|(BDJiYGAseOsh
z;SHJC0uKZ&wx0KQIWm;k7hRt2T~P>G_jfN`n682P*e8jX!5q<zgR8AUYxpF&PpWdX
zhYTQ;UbieARz^n|**y^!p$T3Hq!8XbhSnoAGcjNqs`OKFUK>EYBDik1^e{=?sak;8
z5(ui}7Oy#aT234G(VwMDMpXnn%q;l~+V6oHpPG!7Vfn4Es)@UNaTFO0v>o;9ZbjuK
z%dIi{AtiPXtMlW@DO;$%8?0d%jR^?)a~^9B<nKm1(uSV{)EEx19CBhi+@9)@_L$<t
z)O27$n+D}o+fkGnl@C-wD^zi%3O3N)ucov_w0T#C5<a#xo&6T>4Wb$DYGdyJzh7;3
zSP-IKL=`+JKn&N}F~qDEKrLH%f7U2~xftWL%Me)UQMG4HI2#K<0)<O(FdYKfEA!%7
z-Xl5l2er|8+ZGlba5`BT;rGpQDh6Sf-Uas{T*8q-OPBm6PF0#UUgM<?Hp;h$e|L!5
zVf>IXl~#ZIH?I;W3XzH0x=66(V|2n2Hsnp_7T2W8mD8oX=k|84_<h1*D3OeY6y>0)
zs`UUhxlrvk2%+JZx1z0~t2sP&0bd2su9|}(SF;eDXxda5C?L-hab~#lK<>T(MY}$R
z0d|Ga+Kda3iuY3~1lTL%fc!U+cW3HT<Z=SGf<=~~OV)R2OhY)chocH)!7cs%k|Nhl
zMbFTI;Ta?(S2l5whR_~l|LxIF%6y23ssF^by`Pe2>+<Ob%5>`~k0cD2LS_}VNl^Wy
zUL#+K#kj|OTmV;(Qxi9>=_tlGdEEtt)@~F^1e7&qBZti-aGUFC|0UFWa8NlQcIkXI
zYZd_~7(ie}e3(J!O5BP3Jy}Za-}Pn8nFUUkKdB!l7;KC!ItQV_O81e^$Thm_mUtjm
zD;0@&jGFe@y`X2^v0Z+OH9WIDuE3*c^tyz6D#C-^(E*mVTuISz4fg>3wMpW`N%e-&
zeF|Ec7+RZ6C-_HUs<@rE>U`Sb1Jx-OLRruVf*DW2*ayw(Fb9N{nlJ6WXDwY7JjecG
zH$@jHN--%)B}!||Ad^v@M1kW4;U*^DR)=dwGF7`Q7N1K#!Kyq|AD8iU7rlwd&?QNE
znyWg=&i*&uLOV@0*R58m8~wc)BuV7nb4$J%jHh2`IIKrew4r20l{)-7#IXkq`ZL>E
z;t1qLKfIwLB15>ZjmN(>xTh}Lk#<&3qsqSC!KPRp9j8OqInu<aJ}1bmF6;$zI@8|D
z8M_$&TJ51-%*O*TZf;Vr=o^Y05<LINba1YOn~E~Ry*7`mPubKQ5;oha^)X^poD#Lp
zM@KBHT#VC(Qzs!=R4a{)cTkMqEN+d}Zht4IeU|eha+JRy4#w=kT*Mv-ibgYmkBxvc
zA~^pt>dUZlkz+rwx^P<L%Q{gv7L4p7lg7l|d-C8V^WX1XgK%wjH@fNJ!}b0E9bm8#
z9+?NZ?(V}DL#JrMR$Yq0Qv*WMam-t6A5QhM{7k?pJA~*<rAzcGuL{IyHyyC76&e^a
z`*6NCgA}Zy*$!3g<yt7;OQ&;fk$aY{W*GsRo@@R(6Z%xbfV#>K8;T;1u$Sr?$QC#1
z>>71PBBLx;z6D9JghPHpo6~;akh?#WiKx`wAw@^e_*88}RlKlXgf0AwTM!({i5MDQ
z<TSE*M}!ErkyU_DVW-wNkB$53XcFM3jNnhD0z`g$y%NF>c}0Qgk3>ULG&RzWxe94D
zWK<zukt^Zo8K*#3ps)i5z!XvJU@h4de8^Hh+xn_u_2^Rpd00l-tl@UTq9zxH_K-<B
z5b{hfOmK4>+zDvr!}Fljl&9MP^c`(CrCfx`LW_#5Nzw8z78CLRq4xAMafzYC#}m_S
zdH;m*0z=0UHjcz!d-qPFZfx=nt?%kt8)CxWUO%S>CDalC0siklc0dhTY;>}d!ys+z
zG7592iGkDxA?9_`#2G-r_FrFHm*DdtC5ZJ^j7OQsD(?YDiQiZUH`De9kNd~n{$6-j
zfHK;>I`g~&Dhps?q+gfG$Lw_d%9Gk7MkvDsQ?xDtf^q!EFI~~r^{!+CE+`YcI`736
zhk3UG(`z#TuUIh;oP7zP{04WfDQ?$Ki`TK)GTEV-Yz7;Bi8E;r&A}UhQbK*a@3$*z
z*?M$HSv-gdw1%JsSMIui0{Ov-ZG3^ZI&W~`L~r2yZYXM4`WXwe$Zv9=Rm05_*|oDO
z%4kvG|0<EiHMqeH4ZG&2jgfPm>8Wgp8ZI>K8&#`tL8pc^fU)huzVCQ|6M(LBq>X>s
zZOz0WkxJCfg8@>{x1em+a{g>59=o>m=U82fSqU4<g~U9WebQBN^`ZOe6NwhLiIWlZ
z<Jf~V)4VMt!T;IgT*&*bQo|Tpc6rn%U1MJ!XQqN9xQsQ9pZkW(z+nfn5o|VpsUI`i
zS@u87fp0kKf}R>7=F3L1VQb6^)3U=?go#s2w?MdwTMSRGE)UqIxV1Rrm}%?cM`;hG
ztQo3OJY;p)3H{lkrKeU3TlDvHM{||2uR1Zs1vGJAnLydb&oZ;W5`hL>zEdMB55Uy9
zHo)A9RpWlm+pDZx;;Q#gc!^SfOK(95rO0kfs-tKx@58?o@J%m;{V-zf4Pc)~@x4gH
z!jPOel-=Y7=T<d9ZJ{(T>c^v`N-}dj&z7`!IbzOESoJmtC0<%>HN<(zBbzcpT^|%m
zA73w)#b5@EC<;xLR~Tw|6rw$8p8dS-51CXIhvwB?TmcUsV_(xK02G4zg*lfAt=!w;
z@)IgptZbN8;r1ch#&ywN=+O+P-pt?weCt=;^#)g?)JHacsw%*6iY%!%bJ}H3ptoY#
zipF7IPs_c{ML9%u^dl;UQAgX`)V9UNzyw}_+gabV>8AB(0+(fyPK9BJ?lgi+?@>O!
z?;@I;w%!LqN^%~S1cDR_TO9BZ${rvX0dvm&**;Z{k~g{QDLT-k6KdF)DSUXIi4fzo
zaEgecDeb|U+?4v3j4hCu#tUb)RNrwB2VD>1WZBb1@h>LmY`pQ~@gQCH2SpFZvOiKj
zT<jCa;Ww7O+0^*oaCFx8cUg(NA(!wKQijafs+Z(Tej}Ip_IZo3ilckX=amXsSFk$2
z65w$?-YEb<w!#Y8vDzV<2@j2U;HSFLt+TCdPvf~%s{1Vm+}@v>xOZCrMYA|)su1O}
zMopiKSPiW~(}m3*mT9_ri27!K6fRCV+K5E-G$KO{Q?j;Bd1Nf~aLGz(BXe}zr4IHc
z&$jV4;<+N$6xixcj<7fV;;<(KxGoA2AXx(p0mu1$?u!7BUXxcQi5*}l+*_CaZu7Y3
zfa7hfN~c;D5#J%k#9bUEdVWZsuCbOz2O9U>+xZyHAt4u+R!^flzk|iD#H=!5eksq1
z&zSgPoeJ`@GWtR%%3@M?crbAn7byL|a9PXEm}P!?cQDPPy%KpdcWgRnN;kt}&dQ~9
zJ0lslXwF#rEGyoegY)ZK__kN1o#MFpb1D_Yj5in;JymlvG4L&D(*Id(g6W|(Dda9V
z#ykaP;JZ=XIOpvOoEAb<iEM=vQf)?17H>0VEvHZ$CNj+68|S{IU3={f7V*OqP-srd
zY&pY*B-@&}jGf_|)_TaMp1Cm=sFiwkKuo7vrRj<nk=FixN?3hP1b;$MrDj8Nll))T
z_6IuM6Sdu=x<#;DqyDOhOjNrbyX?n@4}+C2nR4XC;BUt)FmHs2^Gy69%Fanny+~1-
zpYuW->g5}}sk}v`Ac(6#p-SwK5JSkDb8|*fEN~dG_Y#%;q<HC9#M79gUg%U8{aEAN
zjz1i(k|y0o+;gdFu@>n-^&X5&TnH;B6A5-Td>8bTJKtfvtlYO`Yda>(_yP$3SdwAJ
zIN?o93UQ;N*!1w5*Y|A%(bHk-y}i;iroOp@Lm@3&JS$N_pi1i!_~XG2LZ5)u+68ZC
zj4*=ti|Us|x0{da6SP<b4TRB06lhEW{FU+)I22ilnTT$B|J}f&$VFw&nD4A%Wq#zb
z-F^p9*QsZwKx}NUl0`F@DvvJ<m(Ss3w@Q1JNoO?*bQ)fMlW4TPpNUF=lOE4@wbHW;
zQNfLjqC3E^@2ssFa11>MDal(Q5EN4?ZNs~nH*C<h>hugxe3sgTRq>D5bwTWM&KsC=
zrvJ6IoMb#5h<PG;{VZ%mK35EFW4_@i=68sINoXBbA^Z7liqXRc*GNZhj*?HOEqX*&
zHE#|MMOPbl>#HBGZuB?aSgk<Z=IzE#iIrp*V!u-tQ6wdZ?>I}|BNLHXJVM(Xn-<{o
zzIC_(w}q2q%O>4fS-P%R>&6j|xTgDoRb!!7SDWc4>IHcc%ccJJxtbNiQe6gy+^E+1
z&rUZl5y%W-sR?l#u_6TPqCXKd3|YRXtQuko->t*B*$t{Tj4}G5aQ`Eh$1~u~9L=^o
zmoqncBFzJ@E5yek0{1r>_oBfrvqN6NrQnz8rj2DsV5!AjB~siDi+*Jk>5n4xT=bBp
z3mb;szX^8%lvUI8h$Or9y5Pm!$~lc%e}#=cvU?vrcW;}+S+O(ObQ4x4rmE;Zc7Kz;
zccT&Nj0JdUx=p!m6e4BK*oga&wc$gXtEh7wsSoO8cb8V{*Pe`cN2G@C2XS_-64G#;
zE}x?$#lcduia~Tf1OncRO16I5_tYM#SO63XhI)71-~i&`6hAVD)oJ4x`~v%~O>0|e
z!9aO$&tY1(jn6;EcUDnl(FQknoTv#8;~$y_!KDKpY%!NG;yICT(5Sm10A{X~ScV73
zVR6r(dArBDB;YluJ|W`wu5Zrc^GUcWu;awJp3qwTT$fKz-z8+(gvmn_*R||#UbQO%
zA)2MToP>s}1nKVkv5m&iin_k!s@HZz;M8!hQ_58`pvu9T|2=B_%woeit~A{nD~#5&
zGhZ5oTc|i-=KNJ4O`8ySiAZ4d9744Y#wFR!4+z~X=qxg%4032oO{Y-l6p=!lJ}CFQ
zAuVpq)=A|p4c8eJ5U`U}1d^IW65Ca7X)Hp=-{zNBEE6$h4qy~tX0Me%NZl1_bLg>x
z?DQ&~ZVOvpY}VOkv1h3R1z!U)!+s=2=20svxz<6yO#m|sN<uGK<l$0#kA(m8aG#~8
z%AAe<;9#rFZ*(M>Ra1I_1Rh~0JD1gGvf_%o@M>V1GB?KIGgE{tW3n`SRA=uq4YB}-
zSx99-AeGAT5H;x^N#BXTHs;CpNDFvm5})<7I{1cU7Qonsy-?L{&jrPO<{D<002FLi
zL@E;|XhO0`Ky`>a3IxE{BVRfQXv`mDZ{Hp7^2Q+BxohV_@yPd@uC>v+FE|(>Xp1_}
zj7t~G_3M$4q&25s+)nVbjqT>WpEqbdzLPYI2p^7n1KGINQ<^KJlucd~e1iS0kCc%Q
zogSK~k07b0C>>%3SQc++@AWvwC5zx231n!gNDz!v@`U46cWLF%2M&p?Ro*e}_t=41
zWO2S14G6D_ayPHd_$dtqTkc!!cIYbL$H=_d*}QL3=C)J0ZL+tI@XkDbr(LN$s+faG
zxf>sfRAH01r{n6$2FbP!>+>(=Mg5owY$_6oI6m8X0pfyNP3kXq>?_GgdG|GUC)*@7
zZXO8t*~{|v@C#7%hb`}S)jn35Oel;H<DkeocoJU{N53uR9w*f$YI3w1Ps7MK@C=rF
z>5M-H4mD@CjPeLMPF+JSApbHe&fx(yLJwm&Nh~>$P<YBShtF{V;O+5H)J)gs=d(`k
zZjfy`e{CwargD-B1p@qbyZ1%lBAVV+zN&`k@34}q%7MvrSsA#IuE7Ln1U2ri<6|W^
zX*6S)AWo)<Qg9#z4q`G4zq@HAA47bN1*ERQd7RnYBH(P1(v(PU>MO=30{7Nf9c+p%
zrp0@RgTAH)r9xlahuXOCICd5~uf494kpE&DSeUdQwd>~eFvOO}O6B$&0x(9#S42E&
z+9Gfr!TVs!ReFp^yOM2Tbu(B|_Hzm`p9ge7olZDN&<?_N4^wEfZF_V(trHNaAc5Md
zOo#XG4l{Z0o*z9^Dk-$s|G}gaYutp8G>DMjVl7p((;2Ap5P^OfLHk2Af+k_{gRtuW
z-$Y~c&2NsxZ8*O2dhL?#F3%7QBeld35E|iMeG$LQuIk{m{avC4k<VzyG&)2A7#_la
zL{*iGh0W_pr?g5i8EOlw^)g7*!4Ih#vBE%06(bahA1Y{!!^ht12uqAf$Wq1zgd}nw
z>a!7<MRR&iUrB}Vc8tcc@uz7cBJqSOL}qj8lcBn^c(dcV<{(PYJ8I4gaB2Iy6wY3b
z4^Q*O=6*HEA25Wapz1cNCCp2S?h>eNx$r{63LXx!hW~u%mj5X@9Mv`j)8YGm%#1BH
z7tQJv(PUM@N1iLLOu6(8_=T2>!QRy=nDJbeB99)dn`eA_J(s0u@xdECl%d__p%6R{
z53R}Z_i7k0EcjT9c#153U^Y2WI+Pq1Q8<RgT_BhUCd>1_m_^)&m!~?j7%*`<%Lhga
zBLu=z(8fe$wBCpx5PQ~wqY$d4%DHN|8BQ=Yz_R)=tE(df-Q24azY3n;Q&TxXK$b>z
zveofy1HNPL5?J0K%8FmK1W};yuqM)vV+GZDre4jm<g1}3QN4>PKVZe#wW4gwxxo90
zuqyl-u8)(gMYBwp+oIAh|5YB+Zq){9*Eb6I3sk3sEsWR6r}?@&fqq>G!NFy8viZxv
zG~&K~RY))D+3<wnnq7YhUoozx2qp^$#={Y{$>Ra;rA1Apx#Na&g$OLWrT~fY5=9AR
zG-S-_2<SJuU~mKWE5Gwu2#%*_{?B*CXGW~*zD`%G>HLgrYPfeN_G1MWr)5#RY~9*U
zMo{bZ7tPbYigp%}j7+9Bi%4!y<M%FkM@utrlkv72(a(fBeeU|5Tuo4oKca99GU>^A
zG%Z`CGM+K}lPr_HA{l?JY*Wa%lhDDv3t2{e&8(=jlm!sHjfDBJZi<M&{(#N5P-ZK2
zx6nyg-f0sIfkJSV@KKlH3LSBDYyD#H@bjdd6NDS7eDDd!(I^QS>M(N7(9H!qJih_8
z+1(7-sMsBtzrY`L=;EW<Iws|HHMEeOiI5=z8|ck5lOw6VYc#qDbCS>+|MHve4q0l1
zFo@?K<bjLJz?o_kkmN=_A2|&xnAnanyMrMt)=xCVdl;TpQ(^Rys4H8lI8rK2PzESH
zH#EArV3~vfgHZ%xUbUS|o*n|5$xdDeHR8lOSJE+}-#2MB&Ux#P=3N!1r_2Uj37X@x
zGS42swdvj9Sv018a0|NfbCY%($Mq?YL`AkCAlmRYD}Hn2!cndVu83(aLq+jK!(^M{
zb<1sZiI-Q~d_dpfd?AW@?0a(-*D$W{k86ec{?lT94z1VK*vIS<KPikOdSMHk#)h<5
z^xHWcPWguv8{KM&W8;Ej;@-1LNNSQSgfs;10YeMXFNTr8ClKpI@Z-mzgpOnxjP&9X
zMAn$OXcWCDjS>hv<@FeYiWev{MVZqkoMV)AX2F_INUjDLHqXdUH9`dJ4gX@UO6}F7
z>VdV+v9?BsIMQMIOiB}5t9+ma!6xH<v)DlG5ihccwNzDZb{<s3kf%JJ>)GExJskAV
zm9C-PHYT~QD;3rkhsDDsI+#D@X3$nGwWjcuKYJal@!VEs3=rf|$sA<I+fuPz^zf_H
zq{-|9=Jcsu^rZdwi)CGTkngOxmY=r)Fj<0ueT=+jJeY3PONzv)Xi<<)6m>XA5dc12
z{YYLkU$s}DX7=87MaONi7pT1_koFo_JaC7Pny8>K-vq}J7Cx})T@G|~wWaMo@20T(
zNnG@*D7Kmla`?H9G=7uh<QS+%h}FkTCjbs7m|%$Mx&9R00>cvNwi~(M=o|bN9ro?j
zQoqdQTpp2a`#*oj)pk5xCPf6>xBg_MeR0(e?}2F|#}rDz70}8@el{^kk^;w7-!a{b
zM}Lmwz!jrpNxI?A53o;ZX+P2FI)ptEddmpKV6#~B?$B><w6=M@Pk}JO`0qXquM>i%
zKSVA0*h(?-`>&d)Noj{^P)Ej#yWVpFWNHFOk@lb5BFL6;Op&#W2)8ahx2#YMk5Vs`
z*fd?aRCxA_ZHx=`0914|<y4aZ99=v9O*rC8`jZhwwDhR*i!Bz?72ho;0I&b(+oN5@
zRU2LO*~tLnoUX-!Qb1fBd1$qjc?^u)lpq2a55$AO#MX?v5Rk(TC7?`6E*xU*97raN
z6Ql<{4Ig{KF{gx7L#JB_b~v@*)`dYe>xmMCgsZ9tWE5uipe0VD?o9AaLPRTxLz38^
ziNCh_CGac3L<h{CeW7E6Lt=;&ENA8{c*xl~$0d=XTdz^|@bRe5qhM_Z)i)5W>MM10
zK8Qb-WYZGIAtS28YtTL;NBMmVV&iO;-nvE4H3ny1qg~Klo+x$nX}I}m+M52Ju&Dp?
zL-!0&@_+H}ClX74Ulem*SF*?qfVm9Cm-UP@#_6M2aFKx=7`fld9<{(U5pV6o@8q0g
z!WJM~HfYpCrS9%zJIYH)fz<lfjdnaR3S@miCz{zV!4u*K0qQo9X-)#g3Rx^Rh&Am8
zAfOQVQLW*&-b(F<1<TVu70RC+%LhF19G<vgG#r;PRRG(qQXTF65D;-ln74g{g1SCc
zD&kyVyF40g*p(jy>`i=c2y9iE64)G^@Qe~6RxJUJZz2Q$Zk9$NxDO_B`7IXe@*f+C
zJ#Ebq2W5JPtS;!a3{7<z)WUD~#k$xUs9apTrhYn_gl2v<jVBE@)p05$kwPY156Lg&
z5=@M{PL!g5NuLjA`dM99<U;r<S4y}Ru6L7sR4<)BN2$FC<$Jsjh&c~wCN5z#iwUYM
zOv8jb_W?S8?L|ZguhhaZbYdIS)Iw6tM?!|u>&pZcw0@S8_njh!k;T<?nq>+7q=RAv
zg#7FvQk_ippnNG4kt&SJ;7z5kPt_nqIq*`8Al)8!NnMi`o{(tOZsgQxWE&U}&M({K
zj`OSRk39!hN`s6uRF;Wbnf)aQwfUrC{E)P4?$v0M&}?ub@B;*<j|D3Y_PPBv^8o_?
z+p6+regdcoVH?zl<H-+$r^96dgFdt%jcrxuPS=L7$2k0k{Dw2OpH_{c7lHZ$Rj#oW
zNP5##wYyE>s(NNQm;_Z+avcFX$8D^VE&%i}3$i+3IMNrlc99MKB=(X=dWz*T*n?4n
zQY4X!Bk!i<`MF-GhY9*S`o^w_R)GwqEn>RMl%SRD4*3C+8ib;MJIyg^Ot`rZnk~B3
z3H0zlx+6bKu=C=34;wEhPKA5kc&2g#M>Gr$=QuP)w`0Wlr0!|UX6ns)ZYhkZt?{fU
zSOfzlaG&7DPvEQv>|zA)L%{vZlMb$fo=F>2m??1uOzdO`2SGp+!egDqsVS9H-kd@$
zAD_|ku0pxvP{GIBez>Tq*8^TOn=;-YrLNoEb}`C=<U7;uo_>D?__MDW0Bd{zF+k40
zk=^yDYg>ebcJVEIGrqaX)3o)0veo4&dc1-jDO7{m@_DOzliO<Q%WiI6N_f9BubEH5
zQrg=l3R+^!hPFKr_jpm+-JRXeOaC;|k?=p_XH0|rAtG$dE>eGqlguKjS$A^Sr`Kxj
zSsp@KBoaG)x2C+WVd0+{Z#=qZ;-xnyW-cqci^z9-iG{Gz6L<JOauyH~XRu=D^lUs8
zt$dqZZL0Mfw+v6DMDEXg88&VsTD?Nsgdj=@gKYZELyX_3kCp}B!I%&{AlEjr06oT+
zzK!9P&e*~onio-|sNZQ$pkvGIlU$Vu)gw{^Oa_Np@kAbG+q(Jyzz0B+fHlkh>3QjQ
zSVi8kDUX+Sg7`-TOJf{$j4WTIn-Btt&@Y@cANAF1J?+SD>G;`7Xo*MV7I9Q|ka?9x
z<rwVWN|Qkxx`}N!Ug>OiVfV1sDd-Nv1h9AJfFoO^$}aq=M{xE7eqHoT9n4h{^7iuE
z&EG3TTi-Z|_qd;G@pq)hI60A|#CM)U_w_*1N*>^DI-qRYI&$5x|L|WN)BSeSt$CPV
zZK@i5VPO&lBX~q+w4FG)`uN8fTV~zg*E^ddcXQ8w=TwTYO#%1>kp`96*`2hQzMxj)
zoPKHl4lAojkTz>@On>3*5GEV(Do#t+sV3z8iCdr9&)$6$9;veEy*k3x1X2rF-@D~{
z5vKx^JKrA(bRb9V0y8}W(?i^+ZRaG@h((4X{K6meB@<iopfHgP8(QByMTj>?MgApB
zn;1B<lx3_!*9-+1=hQQYjPC6JNCw+?f5^7&Mh^x1eBnm;>YegMBv9CT!K6WngIWF_
z41UZ$=fV)z4J9*A)&hQ{B|*dezA45wKb~KgP}+IgI|a%KaH?v+^AVe*bX!(en!Xp1
zkw$_D5r=C_q#TE%S?TDn?ohENL?tJddT5<JU1WH~6GzFc)l$||b;NZ%L}Ephk;}}P
zsb7JOIqo(5TokJDdi=6(AfiEro3er@r=2#&OU^^^z&6teJG)Ly+rxR71rT9WC@G71
z6hTv^ds$ZdC@j&Ze0ow8i|98o+Z~P=tiH1VceKuQ=pZT;SqA!GRz0|zY&1(YFMY55
zosk;Tbw1yyJ7eTZ{a(GQP+Om$2zpCq^67<#$T6fTTtI8eCl%z>?@)LhV+5fpTO*h-
zBPO$8g{Stt3%oNB@KNX1tH*T){!I89%7FJ{aqlfd$;d7j5&|}tjKAT#NK_LyK`1s8
z{U2lQmPl#jr2=`D0||)imU_j8m&`%}rduO#P5l|3x$74q8M2~PoXZ+){!%p9Q#dFY
zh(GpTo;<o{joVYlwi1-KUlpAY@&+7J6sty_eOMa}^0iwaO#X%T!CV=oG&=)6@KYd9
z;`<4Wx0byc&D|{O2q>YIa|!}Dt+v|qj+r}CVmikFL!|!%9g_bozNH-xl@>7DNXeJ?
zTVjV_sGwz8Rau`BF%p3VBhdoJf$XipZ*v)r#O4){o=^e3!Gy3b>Wcm3-yxjbEEZGx
z>#>=K!n4rE{6dnz6hx7kz`A0T+jjHH?EN{(UXsE)EufW}12+<2cgY1}Ch%v%^KT5Y
zavFcN0xu$RRfWsV$c4Z=Ro@eUXG|Q|`lN&zC~~E#7U}P~A*g^Ke>bY^;V-h;$Vr&m
zR9KZIujuwGdo6l0Y`syS_!Z9m8H@p}E^?23-X#WL*&Qpr7aO-6OpJ3ee8Q|ul+WEC
zp5e0>ckRHTLBckFLs(dTx!?gr@BD|(OI2I}VZ~fSiRXsp5y~=P%I^S?t)q03eAEuF
zCbsOVI76WP%f@r@mvEv?l2yc7)NeBk64qqGH^9NlNn1s|IZ)<BNjpI^)FS<c7B~+}
zD3rMRAv&yG5Z}-u^t?Q~D5r={OcOW#kYDGAI>+%j?zFAx(JkcoP%S9<D>`(h8u5;u
z6RjKLBph2tWOpFL8dk<iqk|TdcHHQ{8@DnnAERiOR=LaRWOlIIz-~9G^xTkR89!m0
zK`90^y-{!~xDFH@+(ZIdfaVkc+%9H0cpu|4hZ&h(j?Ou)>SGk@yV)ck{}MPxMFIre
zf5C7zNDE>EE8E@ceRELK-U6}SVr?l7?C*%--tkD6e;L>OX(jXmVv*`09r{f54f?I>
zIpG$iSIKgRDcU>RTUu|@*qaFN_(7_H(*_Z{mDk@##9DOUe;zjFqEMw_K@4S4o;J0t
z2O@IGC3QX&Kx^8p1Ot~_RlKD61)1WAoJyc_@PPx*-}LRSJWk8ySAQK5pXRFiQ4cSo
zJkfZ;>yikypQO>uuPe7_%uJwhcok!!!VI}SykbJDr7!Ukbph_sz})`bRRwzDFGi%p
z_fTj(OFajA-KsxZ;0sbH#b)!2YY1&Fm9Rwe^I`i?GXLf>Z%JL(_PvyL6W$8peb%$x
za@~r!lj;?P2@r<utnA``ZG3eNQVQnSUs*aBO)5A;&=p!RGM0K>K=l~82*qXG$FcgL
z()AmD+A68@%BFy3s<&GbHA(iBYLixDJtgL+mpp`BwF^=)3O{f#?*FQ?>5FOnp@rPp
zs<Ey<;Ds3-rerQ&Lf2lte6(+1msTci@bdrsXQ0@n4P6YdtR3eqM2}4F$mfhT@sjy`
zUUZff_ql27Qt~5L>#gH-2%ez&<3@3)nof<t7n5J{o`aDGB0)$o-_N-1sJwW;@``_9
znb%lOCC~S4MHRKnE8_;wO_jD>P_U7zCRCtHe33Fjz=oo8@V%c6w^mlqf77N)o{gIS
zRSCMK61-)Upvib{yi4cK>Xrr@j9xb$hoI7p27I6KH7{MYmZOv2zv>V}(F+CNywYBy
zK-LqiRa9z76Hs&@oKTI)Fa$W8Bx;KG>JPs>)dkODgP~2efD_Wq%3@`IGg1nob2il8
zabq^i+PQLI0j*?OZz{0h?as!sN}D{{Gjh6Sqp^xTx<a2e(XL7L^IMq%;UQyro~?B?
zzJ@B-{;qErrv&bQM($oLrhey$APYcVl%&<{@}&VhT8s5?n5;a(dRA$VWV8<_d!(Yt
znS$yS^d$J_Xd!bFRbG-=#9nt@vBHIO*F|Twj8{g$bBZ-2vdl$Ds5AK;xjzNil+^R0
zf1UnIu5{PSFf@)>d95wC!#>mFmzxqSkbEFq6&4G>aIOOqLz18Yf4l!bgpqrBF3r{c
z1**mdHlbgHgkrx!2~4ms>BvgQHiZ}V>R0%q4kg+y2Bpwhk^2pHr85TnIA6(4*mJQQ
zU2p%|N{lK)V7_2LT@=@gjVdsca_&+!EItaIyTD9)V<1x&D`s#XERSOV^w?<c$g#hK
z#Y~&$vd30Y@XlQKhLGyda{>+Ht~<X#TOycR-mEbPU1{6V*QY+Fe#a;r>0C$aQbH0F
zU<0dGMW}nzQ84R)GNkgL#T&DG-QdIkzu<mX6L{t}xA0?aZj%z}(^Nl}<TlNU?W)3+
zYcXI`rF_g94WLgb>SbA+7pk2Z?V6$^Iy|+Y0$heYmyzlT6JNQqQ(m^KtiT=Fxu_4V
zpzR16Uxg3+fbIn;wR_?z!rSpy!{vtV>pCdlwwB+U<%Pz8(OE-mtzYaBoA^2MZ97^C
zQ=uT67KrLWBYY;kw!0n?Hh4zj_(geWYM$LsO$+in$Pv&6va7-D98~<fxC^8B8>K;d
zLfr`-GMT>BerXCAS|)QqQ4tten}}5X`B?`NbY#h}GYnO1UMO*im+ljd6P#Z>ZuEZy
z(*ruSw1DveKd#+>DLkUk_8$ofmjAJ_Hkv;z(7~GnpbynuvVB!23cE^L@bSwO)4Sx%
zbec~)VC762OYnu0g_&Wb8)gZ84Ucuo-T(egTK_uradbr3bzyReS!{Pc)aRvT&hrI6
zg=Bt{13b^_^j*c&+4V;kDW$&`26>X|13Z9pGte4($&UAqVohMS%@jDX6tpt!Mpu7r
ztQa~4A5s;5F#)h1@3r_>o85;jxNs{%%-<)%k|d>`7;2-mtT-x<ar_Cdt{>YSEXzs7
zIjH<;A*d>Y7(8t+EKVxDKH9eug~Zx<6u&mX6v*wc<)`hz<bkVNAFoC=eG*VMoW85Y
zbYXeG?}~E-I7KBwnQ>&~pmVspNug%B{A+JdGAr!o>Mr_WPwkA`liiG}q5*sP50Xre
z0-M87I#NTYq&>^VUT$j8jh8X^0lL^Zw_aCN54t0S)=JpkCZV-}bRBhL@Us=y(553H
zQLE_-J>F4(^fGh5m-3MMrI#68$hm5Oc?Kp7UYZQC=Q<F#J#?>e!OcTwj`A}v2YOh@
zqL7n6(2mBJ&FH{{bG<)ApPSYRuUBxtgU88b35H0FiDo{*B0ctHh<(8LT{T<OpmRDv
z*`O4oMgKtAr6PHc^FSp}KiAgc5<WA^=cV$}CXtjZ{VHd7I)$cp@)VESqB2ZDOy!kD
zo7IXnlD?zls}p%Nl$G*-A={=e9nl*&s!<lwdvTW(YOiLdvCj=Lueu9}gg89P)djt8
z+yIz1;N;64wTb<pY}{L<fJj$Cd&Dz~;g#TTJ|qpFMXhnC_*h5QS-Lx);J|_&Eb24N
zN16@bJ==1C+5us<2~6r3Y!c$HK-jfSFk5HWPup+~L7!8c;U4u63HJ2wRLyE>IBxv6
zypxE6B)!5+x-LCRFlVyCDV;()3!fw9MzD)vH2%^*=dk4F*L-Fl;-*il=GVAnI!G14
z@JT&3>vi42r6>7oVL|@9)lJ$$(7abMKWB7?*1@DMJcb8|Bom^c*~Y2ZS<}GR_nVa`
z3^2Mc_d_5*9ZX~GOpTx{y|Iwj0`}eft&n5q4svw}CdtIL^P?J~fHeIV89Yrc!>PMD
zef^w=#Oy>{6%pB!W~S-1J}!V}43oS`nElL~SOAo3e^K`;7%?sY!7h)2eX5>?Y6l*c
zPq^rTgZLh#f}kd8*J-EX@XzGhVorCu8;1K0Grv2Iu^wwtK%)}a17nU{wP<hsFxpWP
zJ=P^E97findYe|6i6mH_WaHtJQLhBg#2pT|Ww0KmpTxqpR|Tpj&tm=KDdajsq7<%v
zF%fUy9ygxCQqB`$xI1BieVZFt9mLx~VWN*2DL!g#Q^H^W?tU`_0lAtO{p9UFc^H$>
zR{`3ZxH(Q~irmr+0ha67t0x-af4;xW|GClPT3){kSlfVGjIW&O!BW*?yx@Wh;Qsrv
z@!r&zCkHnIwpmEarI>Oe+fRL^sfjHDX8`_IK>`pK7;01&r*N0@1@_JiEgh&kxp^t-
zTjTV!R|n6~p_Ehrq-E1H!*DiuDt5&<r_3GmP{25~-cqgD2S|hy_ifW&CTOOe=z2wt
z5v@lkVkM+BS9i+Mc&u!_b{1Lwgy(So88NX_rRc5&h@d0@Y%+s>iu+mvr%d8xYhdg~
zijc@iez5!vG04Z>Y8Re#E(`<wVbpoD3#gUTIL&|p6UCpV1UARFWW8*hknYKh2A1by
zPTyna^Z*jD4m4I+v03OiYaOJuSL6T?Z-j|qzUc+Y=L0m;q{&Rhs~MH4i;w(Eb7E0c
zbP?VtLjAqNKp_K*<wGwK$v?mFZh@j0!3uheCZ!cr!<*e4K#0VYx$~I2ffj+j)39G~
z6Rj9b3$lKZfr`h8r$ok({8g$x2|lVr>L^atP)&GC7;N9g(%i{b>nKzJiFM;f@QV51
z<6ViBW8)YqdvL!_nwwlXjn|b;58S>(G|94!ivArxzSKxS8RlDrt}~3xHh|dhtY^~a
zK7k=IjnGY+!Wl*kq#3LI+2yU~*sAdSWpKWu!}KW-c$A`s-H&XeDz-3+o!xz;)Yr^6
zC$-nM9iNre9m4Cb<J+lE+@^5$kF=1lkzZuyS+*t#0#KIxZ@>Ffn!@GsG4cv=G<K4V
zXWm;p3FTuA@&l&E(k=l8<F!{!C0yt8dRPDqj?EyEY<`n3RepBMg(eS(-Pn<lt`6VT
zYKmy+C_B_^a(c~2wh%j;hMu_y?5VVLxk|6EBAJZ8BY5i=`<<u!)Iu-WoQ2`u9dZrl
z-n0@4oox@I6CzCL`(Z=+gxXIv5_17esQ^8|e^zx*d-2vFd4p|s9JWkB86b(KNF}8M
zuAPK{4PUs|o?ubu(<wXSlu%^PXT7gk%pHYIk^6#k&Jf+y3m<+}VC`qRIi~NDy#GvG
z!kgjbBl@YXhW5ir147;UhTtbrq#PZoshIiWsUk*i-_tZ|Kp9JbY-q#0;(=GNG&s?^
zD|H5N+0dV#$+Bw370P^Ao*T4x4?`%}m-<#WD(km0QXPcr6;}%G8l8`f>rFnBVR>ok
z2dR{F&<keF&}=BfWCMd{a$&k>*QV}QZnXUSpV5W0AD(VjTT3-#SlmY&7>}Ti_4bf;
zxkI#?7QY~Y;x;<PZ@3YvLc&||@5#+5DJe_uz}hpLXY1wO@TgnuqnzAA)OY%sBIkGA
zL_yV<ux!Y1D4cV|UNd-7YemQ;gf*{-7Z3NV3eyW!LuNj}FP-*ug9fcLImx8#r~q20
zq8w%!+sowzxonR1KL72{6olFk#0Nm%YwF0An6B;47_kllyA{Od>Xlg2&kaP6@`e|R
z9i7`T!+pIt`I=Lh6lG-xLk;^Z8Hnf`DtnY|WCLsmv=jKw^PavOWF3fNA&o`jvPtn?
z%_7b8u~gb?kk`Tz)eS8&U#v2F|DdF5X?VHR)e1*#+a~Sq)QNx>Fm7o~Nuo_63L7;l
zCEIM-xht|y9w@DeN^4UG{#`qW!miXNNyqr&q>Ifjt8&jzBm#u32T?YWM1a4Dyqkm9
z+E!Bhuy(|s`R`PfI@@#b^#Ee0Sc~Zu;=+9oz)Y_(n2=GIMIb&qG(w}Ya6=P-qHJkx
zLUyHC2=CG;hy1_Oa$aZ3J|`e70c;dp9#x5l27(urNdP$~qQ+geaXUnx3YEEdPLeF4
zr(B-xl!u|g`Bww`B=mMMSW2V<91cdIDPMiT*P<+->GwIXJa6WfcY>)WqQWi4`;0Ao
zxD<xpONq%VdP}a=hh3qO){MRw<p<bylEML%NY5u1<$t8oPz8xc-fLjM4*20)wHv4u
z-zG3oLSRnN!ElmXn^M#k`<SQ6HH&KPMnOB-RcX-JeY#>Z(}-w<yFfG?nr?YLEZpjO
zIS^npU#_3YtpLFwc;Hy6keXVMo69-PIL4S=nZ$N?U6883aQ)cEZ6Y2gSqZZowF{&m
z$41uZn{o<P>A_gA{z<I5p55QGYp2*o1}EWIkErWv$1D+=*dV1SIIr8)`_3RSsRO!!
zs<fXWoYZ$HOguTGNh>*-w9KoFahQ0hWzRZ@t&o8)vy-6?9ED$N$V8Uv;Rn(yxDCA;
zKmM<a)h_)=iGOeoOYzG71Dm<;cTHrK0+u}^3`nN3Xeau#kor?0Oi&j*LUF<e?|Hw%
zYc?ngKp;NFr~#4(45{2^PULVJ>q9t=FHY%0lEY6jQ8cfCHJj~vmdgA9NH`)}L4N>;
z>oe#{V}Q5gPaB{B4&VxX$H!UnI5{!Qaq-qZNZXuZa)gm6h2ErZyxF}#KW~2i6nabR
z1pVb6Zdd-(voZu@?gk1nw`eu1d0$BonRvpL&0>xAWgzhx9F+$)Pb9HBZDthl`l5n6
z4=ce4A;8S#?X4k-43RswQ!|PM8&uAu^`1!iL>hL>Yn|e{QX*c+10S`pq_#2)7hlG+
zbst}spZH~RNsT;P>!wws6aciLM~8BRB4R<_NGCu)Z|Ipq63;Kx!2|#jeDf<1{sf!|
z5M6g1TLf=V=b7i!m`jZl0tQk+ZS8%B3d<IG%`pt+bp5;UOQd~fKVfw2lOd(HySPSL
z!oeN_34E=_EePP=4a1Ixc-OO8b{;!*#E;THv8dK!o|RDQSpU&a!~SdBK`ttwF?-CD
zZdS9Y0wvyhv%paq4kMAI$Cqui$PQ^PrjOWO5^uH_POD<)h1hr9m~zl<dPkYI1m*4B
z8dmAP-l(4+a-{G+yg3mHvVJA?+ckjxo9qCu4owckAI^FNnA-BAM{@~Y4l?%qPp{rF
z6hY2!Rq_DPom~JW199$o*}5};O${0Nm|V}DA)>tt?1#7N1jk*E-;tId-q)<=1w7op
zw`;`Vup}x(y)j@_;|V5=-9x3fhY7G&68%k_nt5tZ0^XA4CkCRrqB?cRXtrUFRIeuC
z+@4!$WNcUsfjuHS@ADN(P73Mn;@R0sNFbM#ji*RhP^7iMOweRb#R4_0p%%sJCxhKc
zcvo)?BN10Km0hRqyynL>_8xuVt{>~lPvWzxL-{Gk?8`dksM-2td`C>0ge~%p=t!Zo
z<^;cC_@3;=^10qh#)*dxe5hjfjofDY_xhrDb!0TN<Ozr>aL$QUjIqGoV>DgjySXeB
zJ{Aw|_%0OxH8A4M=Y`rcUtX)JsC}i%z@(H9QC%A1wT8!jX>d2??!~2=-K8>5>?nnO
zSF+<)Gx^z4)}_e>Aic~La_6V()1Q1D5|ZSYSP57-1vEc%dWQCnOWKA3?Ut5zhais{
zap>s(O8j`BHN7?e*ijn~y52WHiRv}d<i7?Fsgj$FOMj_g^$1D^NsxBEG<Aznc=7`M
z_hoV;arSnW^Rtzz_l#Xh5NayAT1`0xr6~OS&%@u<LB$3pJRq^L7gh|Rhr6*-gV#LI
zffcBh;iQ(@h7?wiK1LXfp_{O=q_n-xC+xZwer42oEH@Q}X?KX+ka7^KGER9e8Oeo{
zY1=;#(CF($bwy881gb?LF9mFLF#91CKY)HVF|j;3-;_fD&K$sLy!kuVs<3NSUMREi
zm^ERbH&NkDpitz%^4nA;%Ur+bSMSrLkU4!%uA{U6@XLU`QmBTc`qS_OxcQ&zmtAA%
z?1Q+LbfEHlC2&EAY*_gJW&_noXAc1(C&dril3^erw@zqbLY$eN%|l&f7e&se@=!o;
z3FOm*+M(p;>K_~OQ3qd7BwfC`sY@B1!KQ!Z`4zw57C~rJr6NM`M2~Xy%F>lW09)zk
z*oxeriVJ)i2cb7ic`25<rpq&3vDQq4XTCa@c@;BdkB!gu03c4RXiV}%`#m9r&9K?R
zncBs!b{ae@Rb<ea2fB*mc*95IH-LF>ST)vwe<ooLD$#8&AbB`)JG_L0zw6u~R&rmz
znJ3>Dv9GP*tp^S0`}!+qa-`4<p+|`T0&?YfElQC+3WM0S0{MEcH7?E%5@3KN#ehx7
zqeYWlVf4KH)5B@&%`1k4#I7*ASY?Ada=QH(7Fdp#w3G_KM`$+Y<mmpT^$G=F!nt4=
zJ`+hFbqDwKhgCs~XYbf=4(p4t9X1ko?h?l#c8_33&k2yhu6r3V{_!0dX;|)J*I_P`
zqARj@U4-rx228oqL4@j103)mi`6v?LL=MSpL=`F3AVDcdAca#5B`%8MoezmX0}@wN
z`ef`S$g>7bS3M+?r`~%Z83vw?Ei|Tr5`Q*<MYLKUh|S};CwY_G_N%?bpxU)P5~inl
zm|WqIGTvdbF7fx{IoINkE@pGpd@p3*d&(m72cebq$^C)@hU`8mk;*98gIA-m1-o8G
zwTmkdZ?F2J;ufR$lN&Dws*?>Mbz<@c@jvSfGj4^0pUmEelSbsY7+4w{=Td5VBLDfZ
zR55Yw#Pi+xA(+^86VH*sHuWK1h&AYtN0n!QU17H#Bx@D>|I@&PxyP4EieZ(voxvnC
zyHP5}>9{j#;!%Geww3Z7R_YaAHrJ97o$n*bmO~dc%F^#`Hu9}2cin7h`Np|zY@C#F
z5?T^v5NSHeOXcT0_nM@I^<@d&vm%4aK?^-nOBe%E19@)%(>9tw#g_gpha}q85;M&f
zzFjN1&X0fNLIXgd65j85x1!~to<&UxVl-6Q>0KPD5$hc<WE>T^RH$L(`yudj3T?Bg
z@IL5K$k<2{GF@0nH1=3bopkU5KtlOZwZ1{A?sxAX^}@)?0C)}KzUDo_#L>>Urvozx
znGKSl+fD;WM$|ZV8^%}G$8HV%e?b#0!sbD26eJ#$&ChYa>Az}R2$j*QCgXb|%a*oW
z_$5D47@`$ppb^+vd3AeBYA5+CyE^&Cea#blu@Tpn#dKmADruhvY{UD2kmVfMqe1S4
zY>VwaaP67sCSm;G8u)Ye-H%&(MI+N#*8@QK8{N)?wiFIA2bJ3mgCFBlRfY4TJON#w
z9#!?Qm(E65HQ<SvfysSd=)S0g^;fD~sHi)ZWy3$IRTUBYBRs^=*N0h`4uB%bPd>bz
z;4CYOzk~d7v*%)3tx~@DXtvoEuvvrWXcpOvo6pU()K&@y`LO?C(0q3t>4%$V^PdWF
zO4Kcr^5O0XO?kZ$p?I}F$YSYf+a{b$dl3`~Z{cPo{20;DHpON^Mrb9__`Z2>qY^&X
z2_Pnj9^KF{m)YG08+yW%&`u(&NbOx$<2yZg{K3pVW9uV#c0B)UiBtVMyzfmbq0Ymq
z^K(hBHr_8ye?LC8Xn6bVMnWKC6U!+%fB7bzKMsj{$&;B1{?P2}t%UbbGpLqhl>pVe
zsB}~jA|5mWT}v}X0$qaU)U+Zb^_y+8?{O(J!*JB40YKUORVo{7nc;F#%RqK#u0<^X
zqrZb-hgO-aYAXT2Z5Ftk(G=(Kg^()^nu&Ds&w8j&^^YlsgpqoDy#Ol{1rDH>-I=D1
zKVxNEfELW{#*!Pd?c?`2z93&giJK-Dvv4tfY;@n&hx%&`Z=wu~@(a&D&A7b-*Ryem
zFFlM#Mq@jZ_9q|sDy=Jt-><P@TIWub^)gLyt~4J_yc@&75PW)z_|7-_r35UZ4O+*`
zq2JF8EP1WF3-WAC*>D~EDrIsL;t=9h`x>dt)Fn$FF7*-IKypsu3dKP0{kJiGEjYvh
zC_0sQKb<Z{;Xa{Yo%VIENLF-D$cmRqHEt5~_PqyO7%0!nyX@Ho_f$s)bgqH7zR!dl
zd0S`e>bFD2rYLSpU=guo`a|yBN;v_z?Cxe0MmM-v)GBZzMB9p>ivz=E(i2iOI!>;$
zL`>svX!+bOV1CBe13qeKkl9}}9|9D+C>r{djOa^~I09TcQPi*I|F#I-I}WcCg?<&`
z7^kO#+VoZ2YrIt$Ndg?#0*1mosA&+U#?rG2XutpiNBUGUKPDrw@K06v;bU%h@|%s;
zQri12ZEy+?Jmfk?v5N}ouE)s$D&;gE7}Q#fU<M1GV2vUu1VfIz35g>p>Nt+z>M<hC
zJotb3m77fb7Xpt396q6yCRfrb>!?oA(8py1M4>YnVH*ld9Pp(oxz+9=f+Ak}8g6-O
z9F(Jgnd~muzB}t}sacmL=e||rI@s>3ni1JP=_mp)NDPJUOves+&NlO;_CP|7Zu4+o
zVbQo9fm8Ml=7)tyQ<-nX?-xdWlZI=Pg5ll?F_6@7P2Du3(s<|FR0_zOpL1ANpsg0i
z?q=XZtyaL_obdN>J=J`#qw~}EqFz}T(K8F-==MhIy2*eC`ubzI9#8FCV3N67;>8Gs
zbs0=$F$D?`K4EqmT%$XfOyXB(d+g~%<(_d>XFr6B3zmC#x*Cg=-?&!Sf7LmYN~$TZ
zX{pf?&waIwc(tW9senB)7DI1CN4~V&@9E_Ow_$5Pqu1+?CWA-wJ~1*n=9uswpn>_B
z?4&&5ld%Wx;qKr%E!M}^P|ihWsghDdl|qJ%E5FL8@1c=l@81XCj~EK}p@>B*jy-7I
zrz?JS%?Kr5eEDO+E<E#PP87%f(;z;V`6`x49Ebz<#K46>`zV1->7xWVAOC7^ZObx~
zoAveZ{Jux}1%5^m?7Lpg(n-~emxS;9;&(qfEj4Ie@Ej;Vfo-V9BPu_^#HaOWQ(xad
z2;GI9*$CD5_ltH{J$1GR!?9cQ3A*6c+XR-&*61?c#mtvm?*2o&t=_VlV9{yJI?+*$
zCgcG`LVfz-&DFf>CZ7!+U)RgRwUL(W1hI><A0P%~M5gRH^sN5HBDi}%bUWBV@SU_1
z2{Drc#n|seL67-A+=5DTTrZF2eI_P#kusQfBK5ArQF-##q9T6z^LR9UMD=!!34tH+
zSFg*fs7>83L>fsIs&wj^ujt_d%QUxNv5OW#Zr(mTvV8;bY^p%P<!h%lK~}gHx$2r|
zJBriSyUlnK=-7;TO94`?t?pblK%Z>3dVhV?g-K>uWN~#&m6<;Jw{;^9^zx3}?Y9oa
zb!6%^<+Sag2wO>ZXnt2F5)7FKG*L~pjU%#WFPJ7q-R^>8C54l=J{}i>(dHv_eh!6R
zggO~dgylq>LknX_I4vLh+dvs)>mwr3T_bX&@wp1Eh|xs_O5!+07%zO@HA-ViB#b$G
zwGONekZgixNOZ(_r5@><0W@egzfd(!j@PVoEGE|47*l)$YpL~$rBQfhcW(p?InNnB
zQoQ%(lD9T24n$U)ecx80Dhfsjviw@t6%bRPI2zOA_uF~nU-;2ri~)Svjr%Mn2T{J_
z0W&M48)e_U_?%uwDHD_kO+wMQgubU5ZZq{*axee17opk2sP0^k%sd}#`ju0#OuzA9
z>E)~Js3AJCWirVR7-K!Ig3Re)l@JZB;syX0BWje9icQthN`&wD|D9F42Q@S=zogg%
z;nqIH$CG!C%jGYoJ8no3k82z^#l3^f51rDXmvN4PF?9?g&Zz=7=>3P7wKlU*r`jKy
zfRn}OS=gTN6)r&!{bQkNtji!7whfq^5^fSwU&drhvC@iyM*1+gwQYVokH*)ZL-;In
zT(+kAGq14a8-%!waNyNiV)}`vp}fAvvwzD-#FuS^M-P(p;rh1Z2O<tS1pv%H<SU>l
zlmKp`n8e9^;$9zeK5Y0n<@r{1y`~hFiDi&+q3q1tiE0MBGao8iTpM_CiH`4_N-)}T
z#>~jKQ~+Z=1*4IW4JFHe9tCxp_2FIyusHlG)x1}D)^dW?eF3x;Jj5KoVyXY~L9Xk$
z8DBHOuLE^Ku@W*BD{J5_8U?cOq0aJ^fq-Qkl2`hk`_SSxpdQ{VCh@Pctp4*XUt&t(
zqE2QPuViWnM$gXzrrg65E#16Z(2$+jNTN<dM=G#9*cwm~11z36x}X(;6!qMw9&mQE
z+bJrtA1JJ^;qWoKh6jvI&LKRyG2CamdK3_9xjU>{Dtpb5x}zBmFVq|HMIuvt*XcTA
zp;{nnqy(YmiP6Af0up8MTEy>RQ6Y17zc=hBBk~s&ZY%y?feH<o*dWj|SV@wB$44cs
zMm~y?@Y^7d9R@h7-%7Vlb%MyM+yhUi-gJbtO+)<ROqsC?zb!m~#y9ld{G+3taw-=o
z(La$jEJi`Q!eI$J3JK0l$0RZD{5In2jx0KfOSjK^@G9$TfoC*db9WB=fuv7JnV{4j
zMH}W2V_yFf{!~E^NMox-tej{5W~Jtmwki3FkA1L*ro#|k(w#69cu*OCGK$&hQg3@<
zC!GAE)F@)%Eeiwa@TW8Iv9x9Mo_t)#n~<k=+ybR}F`YFpEUeSvpNKh0jV#IFNX)Ng
zhOLmF<;bkad^12R!>Ul`2^h=?HAF#ICmLf&bsa7aF^t5jMMn`HFby-mUp`gA&Fqs{
z-s*hi_|Ar|*4}UL;Y5;w)i5D9jaz6=@<=D++djbl?@Ei8Dei;)EzhVi(@7x@Xm2wT
z*8Bm8YQUsX*3{=XF0<UA9$=xd#uYGUay+;?b0&_x5^XAf=~j_5S2)D^aVgmx{AOOE
zy!LvPQTf1Wx%19hg9E<_`0Kcr(eU@gKkS)J;7?}TS}{b^do|{u1o>{*Joxk70-LYG
zlb8})CvKixdMxN*-INXFUjXLvAXI0dH}D)0XJqz&7tF}({<>(L(77oICa~62XOwN|
zCfCc`03DC>7VG|hXwu^!L5omc{Ned~QHDiWGbc&lj8z0?4xZc;0MalXmhrW}D`~&z
zye{GS>B>KEKN5Gx*J`P{^YgW>>*R@Zmr43gL(HC_oc&mTU#e$BU}yR}LiUCn+W3H%
zgO2>N%~xs^XXd%gZ`l>2M?IMsg~xr`stu!}{%H-<UjQ=q{B=@*3;7FOT^!X+u$>O>
zIz=He1ilXF{c?fEfK5&B)Ev^y&8eX>@tfe%XluVck~K?FG>zz7zRrX2*2+Lkwyh=9
za;o3j$zEFYe;TRA`;PeCsOaP#VfulqF6T`e(O+>tdAu*$rm>3~2~^quYFxzsx<IP~
zVes;5`uW?H<!!3s#TbUXb$NNmIPFrq84C9wxs3fmkyE7GCm@A`01Tv1G24T6mFy;k
z?Pc#xF7pamj+TwP;}zoqJsJO^T17!!CTVk2TbdsqXo1{7*dZ(T?j@afxJvAW!qS`;
zXs!|ocb6|DGy6O>Q&b&z1n|COy#z+raE7&783SwNL!OzVsPt#7{><*QB}N!1YL3mW
zG$R2K>cs!-lZ#pF9*&u(Ftm?cfKL_+y0t&FUKqz{j~>yJo0kFdSt-Jtb$bf;4wu4M
zccpXuT~3IV7IBzmIh_dwQTD>-kSxoeGfIIBfEY$p^8AGqsTcxVAn|{y=`rv{;F^HB
z@yq)11Ix<?Xdm!=))ZWA{Bf^t{3=xopl@Veg!t+_qKX}WaW6SHV+5{iQZqD^)mZ$T
zW*sJY!tE7r9+Kn73?af~8_?1#sM6_xBbr@$Q$VYh^V%>Fz?GvTOk~)KkCA&AnQ_01
zo?1_jWpCH<P5SaP5d4RVzWc-VJtR<1l;sY!A&<LQe9yEQeH8tH$)8Sv4KO9_75U@B
z>OCsP**Fj>Ym(b)tFuL7-^5mt-Qh~RMtpW)6{E}3Qq-2HRh~flnr=z|sBkV?%0;`J
z=4m|`p&>j7@C@+tAb};Ou{G;#a&JXuTQdzGc`mTn$9(LKm{0-exgWAl{T$9Kvtq%~
zQO6sIFgX0-$y_*r=SI#hpBMLRVX9!Lp!LE<MHcH`UGFTRBuk)}5TRxpoHOx5AFlhQ
z2jf^Wxhi!d>!bqmvM!vg;Bj<%{{_06hhJ^&I{8lk_GhuFN^Qv2air`H65s6#Dv})v
zo^}URK+K^yZwI4@avs`EqPj%&%aimJ;=b?&R2XikI0xF+d8t#eiBIN~QP#><-U4E&
zScu{Du|^2{d57&lNug@VpWYWqZgIU-P=#Wc^TIff%NdrY<#c9;3p%_j5i=&beWLWK
zFeN5`atA;Cj?U^Sw(tk4M_Dxc8^1%HoP1k$xuIJ@f4`Tu?A|K!nnB2uNvts=5`+bL
z+Zy&v=2aM4A^T3jyv1_$PQe|0walwqr=kKT8aK!+mT4J325A!*E)n>G7Wj9>c@fzp
zMMvP!Lx_%w-SU#<Wgg`HyI5qsf`oJ^@=+j?fLK2@czg8B>VP&D*UA6if{X7ByB8KB
z-h(E=&`BJym}{(yF~eOcsvWw?S1Xu0g<bu6I*Tfgux~hyejao<s>{Z<Y_ITc3*@M*
z>L(1YQ!(T5#106?l27*I_ux<%I<Iv$B8U0f^PYc3{=3*N!m^fNKauZI5LI26@$H+D
zY+$6yU{^YgBRAE%?=(J2Pj}MiIBm~JFRFD%(u0s{N1<dTWa>5bNLSPjlu03Cy9lxa
z@+_pT@O<Kz2YSFCXIU@lp-#t{peXJpM#RaeA3YT+#!nv44s0r3pl<uG1F5htt&<Bh
zX7+uM??E!}_%})Pr?^^B3A-J&x*SW};sE(=A5T56#Kqnmg-x8NcGU?#=4Z*>L-<Cx
z%l~~albCYNW+z&G7}wa`aq_h(2cE})t3G}wf9;cye$rlW^jqElM6%lc=p}h4>rqYO
zj2kG2Sa|ZpKe6fhT-W3a2sl8}_2M6srZpo6+Hj5eQ4BQ)D|>!k>4LA*Ushw?m-K{|
z+bVDoi3yu#<gS9=Cp^5P?ZF355Je9}e4>*4Sb~<DDhVEgohPA>5N2eP=Oj|l?G4(L
zSZtITP8aT%sfHFHsA;5-XOjbPf{$&twsUw7YoA}wqjI@<7^_%~p}{+OP6!6qZn>`5
zrDOMvoR2Th)?M-spq3w$EXJ<Un!~(8f`5A_J#iZ%&R!8(b0W#dAP9r9)b9^dhH!i=
zA0(=@o2i2l&WV|3+*sZYxf|>8e&PFS3?Mg$t4>_HwAd#=h#g3BUOHeUODw0c8|1G|
zk<JV?9A>mn;!g+g$*AZWyfx*2f^X6*vr8{Jml1|%e~*^&(yI^zrK)amEPsB;jAYMW
zPj=Oc_zT<WU{)Qu95fT-!}Id)S<&Dc*z)KP5|j(IZx<lN(3xMK2^Vzlh|&h3*WJCI
zOaUT6vG4KIDgq&<njY0@5c~iF*L6#sZl(5*Ca<ZQz&+fZTB@~&2&FfC!gFtDzq-v~
z<IsCJG9gq<FF5~EbjwMaQjB;nP!_wCj#ZK>+e1<$<$eC#qNAPX=KZTy%_R8R0loir
zO)7tGu@5iW&x)p!Zh}w14%BiM05qAH)EVT<7633?c5&0lbIEz}WtzI)&7Z@bc87<T
z?Px{-ZjZ9_&iH+*$gW<Z7Yb)TjphT|O9_GZpLQZK_ly1hnH%iDMhwZg9;<1d^xX0*
z#i0rrs-H=Z8jH8lvV$sboX@<Buo*S_W*sxBIFo0<5B$=%Nr~a?Kmd=8$9oEcn0R40
z+1H*fWJ~`rN>M?Sbz`5VEzApW8eA&nG0>+POpj(_M?u-3VfRJhK6ToxP-CO$-&i@g
z1MsI$Q2z$%OTwRt?OA6T^Eyf}7@kaV(ScL`ch@Ru7Scei#d=#N9Yi#YI@}WjuRmnr
zXjmx_0sOij7-JM$RjdPUQ;T_uWDXD0@Tox&E9fx)*$@sj!N7)%s_SVbisz2tk1n_x
zL)4jqs%=nbknY9P6yQJt1RJ%ZkXT?=1@e_MZOWP&Nyx`(`CF+t>Vlw#x*}sz7dVU>
zw&;qV_xCqDsAZe)g+1eZw&GC6oZo6bIQn><JLHZV?Un1O56CHTWRmNh<o?my1uJh%
zREab$EBvpU+6nlJ-#Sd^7MQ1#cwoDskd~KWrGCEuGb|&q+?I|X;0PhGV=or(7;6mC
z_14luR3`AX+bXmzGwm~maU{#YtYQdO#xl?0^iQaQ&EXN!d}(HGkBG>lEAAl0TFKg1
zp3#)V;!ZD1;E#ES;fU<rgfo>G-PNXL9sAy#;?v2p9CRjELg`vOiuU{R@JBVVvkLN!
z@O3?UrKy^Td#iE?LW3Yj0IHMc%}TqHi9uS~la5Hv7%}hj)kR|z3$pv;Dq3M7_<F&Y
z*U*mDNcSWh>rTxWUe&zf?}p3gm)-_){c#>vU^N+LZGmV?!ya`)ZY+(nhf~E^28+<_
zQIz7K2>n-}qbq;L%0G_&S$&A~sh&PMv~;o2_c1Fyf1(d6?rwgt^2c6>n`GNI$5>L*
zH(e5>8L!MfRv=s<Drz8!7%!=<LGF_-Gv%*}pJ}BvXKxQZ`}s#z?@`5L;s4;h&*R^f
zJ9z-pf^JBC?2FkP7COJ2>BJoQVZb*EgecFYZD~P&y*>`tcO~zbEW7XDsdXdm>lDEQ
zY~3%6@y#PZlc6(})R+5sjZPIB+K`hN%7(P&4{_iBB5_m;vtn}YpHS6Wq+=^UeZ>C*
zFIzFdTn8U8hgBzws_tJtT=1g_%Q2^H@5Ch#TfUnxI1)01ev`q?yglCQpBYd}s_I`f
ztJ4nw@Sy(#VZzzAnkl2hVsxv(IA?Kf803ivRW7W{Z07!~@1gOlcWJ`2tJcA^G0^a%
zpv8?EAI9*wttOhTPi1b15G{!^*iueI;E3sFlEL!Q{%j40_*c(spDf@aw;-q{*klVZ
zVb6nawZGaw(#5BBHZ$f0jUn+SLbtzqRo;$=gUYbGd#riJ_Ee3+rYvm(A1mfBicB&8
zpU)XhNdf4LpLrj_jNbaXBBGeHw^356=~}=~utuEOr)K4x8F#}O<T`#5o`;C95n)2L
z{A`nXFCXa<{Bvv1s0qqI(u2v?<yfZp|1;1!l$AInIOX0QBeuf=@YPmG&&uI0koLu0
zDe1Hg40wy=4b!F?kK}iFW-|?2AQ87Wlq2AQO!2lXBzLCbTqz`w&h6EJF8rs!Vt^>*
zc2wWVbt=_{(Q+ysI_FIO{9kgvBG|S*yu%pK<Q#saaX|Qtq;S&Gr+HEkU|uLVZcPu3
zsV{vVpnoTz%!313uuqGUGCoSjoorq~*1(qy{_(wzSe=)oZX%SXwU8ZICB)Iu{uhQ<
z9+9Z`{bgf^n-&}Si#}L9St#Rv&GsCp|3M$Oh^wWG&8#0|j{tQT!=;#_KL78lSp&*N
z0rHq%sqj!GO`kXIAqQIV#2z;Bxh5}glSD9#*D6o1I}~NKu~ymnj!C}^(jgquat4a*
z;*q!UphWWC)4_Wlj~YHgN=&X82+f$edOV?Qn%p{#juyLTmmf4};E1H5Nzn!P#X&nK
z_B;RqCirxg#iHFOi|lmG(9K1^wp>819(!k<v=N&j2fhu>LR<F5$Z23mqJMzx!;`PZ
z7VkMT!DBE6boS#V;R^c!5QXo2!f$8bk~7zzWb4DI8n^AIcOwTgQo-xZ8NjOc#<-DN
z<pX4CHCR|qybidgubpMFQT0Z`#8+YM1QBN%L%|1GEZa#Fb^cP#&{?2x6o$ed&x@-y
z99-WGhPAFcCccy<>=%-QsL$&P#ZLEf;Om>7%GN)Q*kP#c%X23XYdLJYYm3mAb{U5B
z18{B$OuBJpz#gUrz@ATZ4JiH^)@72eeJjRZ(7$?}3j>~w1OEak`ZJ3fW5?DOYMRWG
zBDdudt7fZV$`Nm?92{n}HH~#uM`PryMIAV}kYISab}Tbr{^PF)X_pjjbk!GLlWQjP
zTmwFc;5og@i*;;pAQ-Rq#7wuI3BO+d*4i39+#QGwt5FHFc&=eVIhG!LKRW_?jbaY_
z-^!KsY+i7e_T&ZGEDYZ_k6-fM#OsTV0QD6(>!e+Dy=S%}`?kyg|No8!^q%7y6T!ls
zT&WKBt7|}3d}Fz*(!YoNYqD9auDsGJa3?hQwSd5uY{#{W9aHo1phb5PPJcwEv_%zK
zbdw8#3-t8Iwz|+y0qLIjf6nmjXITs8+F<+id;ySexc13I<T}b&#sQrsnRaco=fZD@
z1Lvy&4;!z5Nkp$-RER?9uDX5D?7ukrahdv&=jF9)e9}ABfSdv!W=kpv&i{yjFtX3!
z@R59<;CcM-{C_;VpCM13s31R)s$eOMSbgjBOQ?Z=6^@)dXd$9s^8Z-0mz+i>!vZ7#
z&}{g%V5@Cxwh0c2);Nltuv%oq1^kF(&;8UKr49p$n!0GDJjhy_poDJr{8P;8a}L*^
z8YWQSkJh6~qnd`*=%D45t{)h+UL7$Ez@8rrBNbi!5A&y{7b#sCI%y`=O^Rf=XXO7T
zykk3?J{`pN1wjO4npxv&;q8!y5my7TB=^@Q>z$?_HX?rFF^laJsuY&W$j6r+dapM(
z#g5oo9O47vf!4SU(xJYut8;{R7pEWEdc}7nlNdWjb$2P>{1{ZAsM<vD=8GmZYYRKH
zil8F-i{-}Oj<5a04EIA!sSY;MbPcOi!sVqC|6~9-@r67nY{u3M=dStlh9m`u728jm
z&8-C30!L#uI3<w6?+~0%%UU^)N~p>a@xiR|<1n2iEJtoNlDmnEk|T7BO)~k7*=Pyu
z-pj+zIb_N?if<UHhZ@2pkjkO+U>zQ%r&;$>ihLQUK~(LeIaN~P9mfC7*1c^^L4gzv
z<P`TcuF`==s%d5;zk0x0HK~?2O9z>oCu-BEI$u_mN(+jRx2Li8cY#Emn&olMpSO@b
zMd}9pYbP2Hc3(=O<a}s}BS_M<Xno!LT*V3rJO0-Ee+S5AeRKH31sxe47z$@u$hJTM
zmE1;`sn8TPQ~l+BeH8i(7+F{V5tMtT*ncC5qmNPApa20qHL|!Xfg9}+w(^y1?xTfc
zSk&uU-3hZDP3C-g9LaAMqCuE^S;~h&@PS-qmoSyOF5)U$_qOp`mshF*lBU%XVzA4l
zo`ac4Mw+uOY&bOV&GO(J%@-BZDVS0VHSCT1FifCnH<1bvalO`M@doV^+LYmh6~U_1
z7yvbL=O&s`2mpJ~(>i-zsB)`xJ(hwXrP(^oWoDf)J}^pwHZc(<L4(G6W^m_lgocYv
zeBa7)<LR+=2YGCSw_wB%JO86qFvX(3&Ru=<D{HP&a0^%R_t_r*Zbsii{blc3+5?`Y
zRFvf;1qQ7-TolB6@P^$ErNy^S5Qml@m4tBB6Aw6lO<fm3+%Dza?B1{qT-Fj#!Jm`$
ze65l<S?_uajn95sJ(7#9bsjRk#d`F{1$IeM)k6hqZ1|2Jy<jLY|D<9aGkEz#2+@a{
zT^BK$Dp)nNg}j%J?NZ|5u4(r9&4$d^Vh^4q_pr)he=fj~>FP((<+B6?Y|bv_{)q4|
zYV?K!;eiLmW(hT1OMnWCPPKhDlz1CN^KOfGz;K}bviRb!dz4^;0|f^P8HHymEHg^e
z^s@9-1Mi$`d>Nx&#X*ipW}kg16^h3D{7nu8_J%!4|9MVv*Es`Z*LJ18cWdTll3O~(
z9JfNMAN#pag?fwhK=tJg63X=bv7Jo5``UrBN7ie9?OSQ{6C^!sMu<2L1PCf*M<(PT
z83Y^Im^8K+2^US%J$|}!l>;?TOTG0s8cshT!$>O}?lgApa1chnV#knTUo4REK4~Tk
zAK6Np-XX}<gt(%uv=upyQ#~AcXlGg^S`6dh5c43P4g(+bcRTG^*8FcqtQiojjc|Qm
z&m*R8dKOCzKK*|9JR_D_3opC>$A=EF=@7->_pbR%KpKMB`zc)W>=vj2*;Gc$@Q2CU
zj?IC03q9HEOYjMizT<r1Ic(Q~-14PnLT=qu<iFc`+&XMIgh!Q@m27^`Ci3`5520*{
zrX0VlH*BN#gUP8u;sJ8k^0>;0E@1DIn*56$A+3_NYQX7Es3XW|)t;KQfWYP$<g&yr
z>@_I#p-eH##A2Y}#<DuXTKD-vZ=x%_NVlyX`|5Mfy0B<E4+QyGLNPgltg1-A0zZx4
zQLU5<(1-v1qpJn-#mSq&a^ysT0)Bug^g$-7B|8T2>%pLYGShmLKkyQd3a<8=Itxj0
zV}>-#R+Kh5ShLp|Djd5HD>;LE`Zt78uM3G$Bd*Y;zN`)tx?k_X3$|YQH>IWJp2hmT
z;vC#m+yFloM`}+FGwW9(D8EYp6A&-miZr71+X=HK2q*hX*GvEd<NOo?N_#~yn|>cO
zzjrUC$A(z}lV75>_P~gN6<Wqck4!9pO3@CFjd9f(&&{!xf{=XPPC*Wbk#wTH4Y>R1
z5u%ZaL!S0aQHVhg2%<7o{<;HWes;XYAO$6?I4l3)taPc0*A)jw67QfZ%hjA?9+wuo
z3Fp<Xm)A+#s@YCcB=)-^K!jm|ew$^GHOV`O4yizCY75Lcm&e5UF>fRP#IW$D!J-&F
z<Mf?_2Myzud+URVF$Ivx7?%y<iQoI_FyT^V8I+WR{ULjq=6&Wz{@^a3r$jt6k^AE~
zA${PBKKlbQ!G2Ag^xBcp3my7>1xP=hCFb`2o<hPPQ2U$Ry#d;+Gx{d=<i@wgm1B4p
zt^i7cL+M0I%&Ju6o~n;}3E4aDrn0~W(bBx0?CvklV1A2%+@vT8H;Rpje!0IUwE#@g
z_D4(p5{r9)ZR{(Sg3BT`VsexOSB9s)<?IOZ5%-LX#W~hSHT@aZP)$1vB#}C=^Jo$*
z7yvS-&Ui*=mslYGL8HL>Bf6b~P9Jsmm8tXMbpK?=`w9|JCbpq|c_j7KVgkq%XMthu
z)#QJ>P9I_GDr(cw`S#UReW1db@2|MiM94~MAwth%F0Jr6;8|XF-ZH#rp&*S16B{)#
zSOE(%^v&K!>WHMnAS+e$gm-D$b~5dEf_E{hjdPTcgWJP{S|J1lMVuS8__Q`+_w)mt
zHcn^=F$<iL1MznKW3C9)Hc-T}+@uwSb5C%?abBf0^<bh%L{F`p0Bf8(0W0%&D1+_z
z44NR#>j45ggOhjCZ=@+W?Z-=m83xV2Q#SIY>}S_=`joHl@iTK`*TkT4VHSIA3I=z6
z&L8OWaep3MJAX)-f+4k|{d|DOsgwapzlMkXp{=y3yL2Pz$$KB)i(y|AJ_ry^7a7bw
za>%T|J<d9vY$?xNKt1pAA**5k;B*{~BQVR_w72yB!NU4~L%U?s3u!3t_5b3C|Igib
zGEnWGI1hNUv%yjrfB4rvmpyRyAMVi0<~)Y4%4Z6qPLaUG5tBdv=t%w2F2hm~Pp@U#
zpEL-k7&a$lFzKOqlW=B6?QPsJqFi!v(hr_$kV5^2W9kCR_XPk>#W#c)BGvj&Nqk@^
zzp&goE#i=myo`KcEdSxIW2Aq@ES~GR04EBgU~WlUoohwxUU7;Mfc;TQrSQwq=!Fms
zN`kddH05wFaxM@Nrt}}`5tkzgIx*PGDkv$0ZDOM=4^}Jy%fi81$vcra%4%F%SEt1d
zkH)Bgk+4A;AB|^NvW)tt9{U${b29fQsU%7+wIlamZvM&H1Q3hJ7b$`|<FaJ(Q-E<M
zc=@@raoZ*6PmPz<7yzqZ5=Uy;D0EZ_hYgo_fpv0->^?XzqP=fs>67vjdRbdapjYW@
z#|=-~IPJg~d<+$V!^b=QaEs&D!nQrCutgElg3}?X%CMcA-Ox05XGsVoSuZECHM@V4
zv`v8E%XbKE@SqY<)aseh#fbV=(6@LXVKDX>$yjQK&9Biyrg9=U2n_l&MB#fP<XI1;
zTfZ>25MIllbWn}&hxsSMBb%LD&q#}D2w?8a#7+RF&s>_a`{e4G@EG$hPdTy#>U`fR
z=yoYdZ2QvZoZ&{Qx`pXbifFny5Vhtl$n!VI-c=j&lW-qKwLfPdZnQmEVqwz8p2QkX
zN>PglC_1dR@7ps=_QE2;2cv_bRlW3wR-)VHg5>dY2d=RNH_kqykB4uMF!E@6-pJ8>
zi>#}F)@GKHWhVOCt@clvcoc-ni;aN9evVK>?XJtJD)4JO#a@4u0lz3%#9SISxB=JB
z3l;j@cHX+<3IF5J1>_7>lmvkS4V=V7KUyS;-M<47;mM|{53kD*Fl5*76kGkX#+xKp
zK&UXoMm)*ID4(R38~K<Cr8@tzc?0z9&evG?UmWrGCnZ&GKf_j7%5`XlM`YEfjxDw*
zos9v31z6j3_g4DIe8oIED5|8(M*yK&v(V>TkB{COh!KnZr$n)jr(@27?S=?&B6eM7
z|EI)V=V}ycmiN=Dpv@u}{ebdYC(P^NEY41E0ia@uFAh`P3in=oUfAnQb2NQlV)6H3
z@v6YBX;FZf#YcN%yFS`-hTy8xu~r{P5p@}68;?QnPy3t<y>~4t<&7Pz3e($nbh0Ns
z*(+ZjL&-n;&3?8B<s*y*Vo#EiXl6qIUvBd36wSdzu^1~TH8%4VdQjSx3WCG<E40E#
znanRjvZEj4Lvq|jApgyaEo>{E(vW|dxXZYhaPH0X6YF}tE(Lp=;5yI9X7atyH2BR|
z#WIW@*2l^rRlIv^^wCnCnkLNB*D|{FS%4>Qo@9)CfuM5y0f96TKoy2FvxD?sv%$8I
z?1Bl)CbLeH<FvcjDL7DV<&E_-<#Q#ER%y$j+194CxN=om6kX*fQSYU<2xm`;cYowe
zJiW=ED@pLJp;#UeIy*$tlvcI(Yl&57cl@7y)t^hh*lhJ0et-rAP)@?1Yr}fn-J+57
z<A}5`04Vw&Ur@Q-K-)<5{(E*sONwuUY^Cu_L52=#7~m<0O%;a?iBQ1KgZN#0`#(|%
zL?ivuT&BaXiHlXR2Geb>6`C{;w7m^GozB@JP!WJ3qYstH+9Z5OU5<%qpf0dRsPxm-
z!!l_o*NxDIcs@%1v?hpzYb0d_37Nt=gBBvXZjo+v%=1fwq}eDzFb0<PLc|7mPaKmn
zW;|IsPwRi!RJdk_<kTnBJrP02lLPOt6oZ~{l*p7aA)Z?t3*fc+s%+GZ_`{<?Ae|dv
zMeh@m@OKmnqvWC5J<v*ko@#)1v#BKVd;p$Npg*_u^%U`oN@^<zz&-QoWHA9HRkqg+
z6vt2$`d2Nm00lx9?#ir1>F|FfssT?K;pKD8i9^_Sy#AH<Ds31;<X<8X;H)l$Pafa`
zDXZrEm?HYk*%%t&3)76L-Bwc(*34e6f?Pr^jrG8$kHLaLciJn@{W>%&#@2+@O$XFX
zQPqdyg}#f(JM^MRhZ$+`ltYOY$}l)xR03>CO`5c_udYmF8}~y&&;1L|-(6YcZy^|o
z*qyww4&x#s1<!i^;}@&qOUA`$z|O)Gm*Ke|fTj(UpMA(j0$azmvv6bl%!m*!Btn9{
z{z|T*zJA|IeVsm%B7QUxAEnZl99|NYYIr`Cez<(mJ(EyfDQl}4)au%~pW!;XLax#b
zb}+XqU1L0Klb+9`ph;l=JY=p?4LM9m<6>RpJfp9t2N}bWii;!z)vtne*cVnm<tuMm
zc;k7Sz7CZjge>~Eb0pNQmMO;8Cs~}(%(6y)oSANHl<wMq+L<8xd7!@jl#s|Q$L#<&
zY@O-~?3$!Iy79Txz#I_wZi8O8`Nj_bmuFV|8NtJ{WN2n(jUw%o<1Z7=H(Q>FaZ}A(
zCAxQUusu9S%G#|%Y!qZ5LSGO+3MnY%=GXoq`e+@R_bzO;q@nE<BJ&a{0`Bc+2Tu|8
zTXlDi>r5<7$QgfjTt-XJV9<Ki_|ul84H@ovLA1=reI{7BY92}+Pff#EcXTi$nExnE
zj+NFWm_Us*wZ_9IH4jI4rgA`LXsH3eLkGU&%07BCT~)^8z&XR7Zr>&dSE)F(F<Hp;
zDQuBdJfc^=iIW-Y&~K#Tw1G^$)Imc?2EBEISVcv7mwAL0pRS&Pnn;u&?ue=pF9o-f
z4t9&yjmtiyP}bh5Jk3V;3yOJ&A;pzVVjN+{;IX=%qrHj}=b1{X*q7rxMVRoudA4T6
zB<3|fi~d$!^4L#^3^p*KToA4t5f2b4T<fdoZ`)|w`}6KKB8vm`$Sl}uHrc-R0<bLh
z1O%8_oiBb}Ed!Th;_kpv+*^aH=0{*v*25DA8mr$*C*Bc#5N$-5f-8Pb1ihjaF;e)J
zz$!JwAvpc$)GKig2_9kaODfL01{aq3Z~B@tR}x*+?K1y=B#BtABU4E~+s9#m0EOhY
zJlKrcS%Hi}kj0}C&FhHn$jd&EfhRlq^w|rX%4U&0Unm!V!f(9I&vig6YBN8808Tc(
z_AM>+tz8VJYoGG7%Cx;cd$a*kKZ7VIJ*i-vk0s!X(a4@-@3~(BN1V6iA>o(~eYXI?
z^*os{KK(qJ&%e0!(FIVnXaQZ06-%86%!<)>G=PT`bEv&=76bixA4j}5kCmz1iE##^
z7G{_~r_Ge%uaDSvtE_97eDaN*&9{zN_0(woHJY@Y5uN8EyKrrr6`p4B8jWc7PEpP%
zo7C-KmD}D1m@PRJzyN`eXI6>EwW4UeXiU797DEnxci|ea(@_0g0GPN5p9a&;<j;+J
z$p7k=00<t`sjQ@M3Jr##TVES$X5T+64J6e1vS62o7fNl0s7||qvChg%t0W8Qz`esF
zK&+Ka?oy)c7%8`z-nNN&F+8_U%2lklG<tuttrmEq`@8=&Ab`L5M!V=U>6eOq5|OLO
zI~<te0RnfF(yc;3HbSK6*9%_rN=-_5rMQEpJUltTLI>C$KsmBicy7-h#L*58vo-DE
zr|qUR)b|p7iY!S(D5!R&LrF`|;h^+9c{Y4JeS_-rd5q=w3qSq8qKHOP8lSW%^)%@=
zr;e(125{BR4}IZobrjVWs??bs_X4_oF-i&Wp9R{_ud^?O?-LN3`;S*8t(1j1@V{+L
z!?CAwc!e!w5KE?hbIGKlwmGxc>$Oaw4z~TSI74>U1BnMz`R(5+S5KWp?EsBsaG<OE
z1Z1Gu<n(%&ngcD3Xjj6ZhPrWiGY!)+SFZ*b9Yj9#zC4cXa5_~#;Cc2yv*F8}WL?6#
z6kacje2+rwj$PG=b=*UNk<$2yM=LCr%T{*pMAm(@Y%|y=8-{@RhSdozs+i)~#VY&*
zB}M<?ht6vCIMZ-q9w#|p)Dd?XT~-Ce+2j_O^xUg!0+gE&Bc{za!-W(Yb;QJq?Vvy+
zG^@G`sVp3KBti5Hczfy8Nb`(duu_3wuro8_C;*+Oz}<FEbuJ`=wB{atG<yFR?@~AA
z3%S#OtJpXe@fv?hkHKn67a~I{rsdn`X-c~hmVl>E8f4Yu4?iOiBa$HdXZE9m;VNeo
z!c%Wnd{7+Oj_i_UUl{64Zb_$;aFGr5Un)IFjx|bG;nTK^P;)B}q$lMk22@28226p#
zLmpWQfeN3yVGz{L_~@A;+V+mXnduxT(ZX6hPlrV^AC`X@Ah%^Op_6nmR!r{dc#VNT
zw-||_s*Ul!BLpi_AXibxhs;Q$?HNdtUtl%*j{@T_812+<iIATjSN86=-WvdW#kDs}
zip|%iP6z{Ra>K8~6G~mRYd3wBsU8SM_6U1$C?m*m?LJ6A&3w%tXP}AUUm>wK5$sUb
z6Q6Ta#oq~V0)OpqAng*be5@EW3;-w~LX*K!AL3vSi99r!Xa+VeM8AOfE_q*#`1G4M
zlX1G(R!QI+`AH_hf7N=o>E4C`To2$Z{v7HS*Gn)vP?FmF$czl^>IIZTAOdKo!%ZXs
zO~yOiumHNaeIS|$2b)1i8l?A;+TFAr>GTW>+WS|0)YizXvxi6kjc#Ut#8spq(^_$f
zXvkEED5agsA|5A1Qb#d@WzS>55clPjHDpNZd*gIdIm(72R-9Y(V&x!)a8)ZcG=~?H
z5_b&}QuxW<=ANHu?;eHF?~)PT1SBNVHo(D{W0|QZ5Hg@3Qc)ZVI0AQkE7AldtixTp
zVazeO%`E=E_`HVL`~;R?MtabSmI@Z1)sd0^jB&RZG=1XagSg5K5-hzVHvAYdx`1Y-
zN%NQFP(+k3E~5ckkRI29#?Q9W2P4IX6!EsD$VXwtP)6Yy01Bgo`4Sq*lF5_{9<|B!
ze)x>fD1|cX{s=_abZGArx&~eEG%fT%q%Nv~EX6AIU2f_;x%F@?(Ocp`vB>O849v%b
z{jN588Xp->HBq1&GxliSF;*&ksI`U2^ej$9VDN)|E>~Zh9j#}DmeVw^n$NiFRS=!E
zTZ?Z9x|?2d6qxqMgEiR$r6tVGrONE+qOUH?tx1}n2Bz_eCdNC?T_o@MjV`L>_a9J$
zN3yefoN=M_I>NREHdS5AyeMmOouPndHcMKwcfH}ZL<;XxBC>Ndtz2}4b{cegg&FD4
zQIZ%hZ_XI}M49amhg!6ymQC8V>vj&?Y<^NI*XaQFfIS0Kz;pl*GVFA-^omX_$rCTd
zi;`jYl5q5^Q-L^%Qi3~>>oR4axCy8AC1Pz7-SM^)t%kxp%6;UT+qw>PIWtm>Z%@xS
zoe#GNM`K?^0#j|t6h@^Xdgb;tj#=<xh|=zD0OO>EJu<=*&2g;NZz|l<n?1t{19EF7
z?gUnI3_piR<PSX|&NbQ;w4^8_N>I-F0!wTd4}(eC_i;3^9pcdx(-R}GAim3~E3EpI
zZVP^z%&+<fWxbCFHvuYUBL(`Nllud#S05YIg}hc5R?WTg_6v8KrU;r%SW2wGk*fph
zeaMf{^D$d0=$@94I^(}vipt0Y`Kk;yplN~lk7NVV3gzn;K$Rn`h|%T2Kj=EC+pdAo
zwQ>&eYMOW%O&AE7QXi1lG!<jaGA5CNDb0mQ{R89R&66N&p>B|0!Lz7MEC2ycwsaL)
z&<w8}Yi{|rxC|kXz*GyaZ~SE0zG{E4rYvEYxOwcK6vSW<?XCq@vEqJZN?D|2;!k=h
zO$H2CX#n5N&8g0KDy|AL&#Uoa@0^~5oqIns`VXK(q{lTBFDS3U2Pk5K*1wYlutssO
z294U{^1M5bv(^-!-1$J{kS2I9Z8obMu!my-q>6LKlLDLd6MoSuL&aY6yV*JL$bCs(
zZ#^zUmy^L<e-AR@jddx%IOZ}2(UlP#nMt?^UggcQ9!bLS%y!Zkc>7cG1<5YBi^A{^
zojkSvi_|Ew&J=&N*kfq$kfP9I)pxr>-I^XR!6SBX@E_Y>Av?CN-bUO+z4%W%WOi5r
zUL|JGg2w^}MvPrvxZs8G-03|I>qFw<EWzbSn0#v?@(A&m-TYL6RPi#J?hIh*G)m<=
zD_+MD(qtTX2D4dRQh-|lSVopx<!_M<UrWX8pd)Dx`G_Hxpjr8sShq${u|1w*GBr!*
z1xncPaRHSjfQleRALB|vtRJTzxwP1G=_Uh9=-w-<Ln4$*7L`ajsl``sKYA~3P6M1E
zyW|a<hh-14K`_JQ$LVOsr!wG=%{Y@cjum*c{%{53pj@NE2xE1RNCYW6rkU8WJ^5fA
zV_lqH_ES<I8Fv}G6n)!hhSl<1)s)VK4RS0mzYiLe@(bFwz!&Go@;I@Gb85fZAMV5n
z3@a@H4O;qj^x~|ZE-##MPgY8?(~B!Og24Tk!!(~O3}wwHFC0Q(QYxE1q+lx)dli`z
zw>86K@BV{O|4u+8oK8TXLx0+U@5ClNQoO*%m32>WdspB98ujyPA|wHqcK9(!{t(hS
zq7;dnXKQJ8WAxdG6GlI_Ea}+cp^ibA1T_;i7VH5XZ`7oSLIdB9z=c$!J+fL%qEqc%
zZ|;ACgOHLb{0Cwk7$L4@Nq-m=c51<M`jUX2gfnzFK`;OUTM6(AaHl0|xknIlB|L9a
z#f%1*jRgkQdo3*b95b1UBvH&lxR}cC4eLY<NguBg0!>H-E)TR9wSv9oAnsc<RF4kA
zXbH4LEv0cUs_nDC<#)i=qi@r2Lhq-U?3)TikoqAH?!5z=a@c5V>sj7vvs{CYto(iw
zJA`yiQz}7fjWP90?LaokZ{WP{sHi{xc6N%VX~hkK>y)G-ixFT|Wd)EXl}h|`b?PC1
zA4-&}S}eT)#1ArU$EPT0*ZG_j4&xPE6q$;cE-y26<{-$`)?j$80Q>%ABgq{9<*Hst
zXo1$!p1>b@47OSnzb7H!MRJvd%Bz-vN-j$=6un2e8_a4w>14OiL?j2d&q;*mN$Jw<
zI0LHz!4JYQDTOu}2QjNdjZ=fK<}<rmh+WT+c<48||NR0;=fV-m7Zdtw1rjcfIGCaO
z>aa4`H!9l*V3#&L4tas=wVB~~B%z<K&_rp(VE$qqH4Pl82*h?x#;Zy?#^Zw$J~q2?
zhUs&9g<SPwRlKI&LYM#tyaLEYb(diP7shNt;cM1Jc$6Hh1x_==YMAn|;0+P`5<oEG
z-U_0P+isGNSyWIsH@^M|zFvZU3Mvm(2~Uoi?6dFb(FL+E6)r~fOL|&6+0Cv1yNmUd
zd|V!YTlw@9@)b6H($zRZl<h91O}-8Yiz~SfM`e<nx?vs2f6aQD;pBO)qrBNoV7quM
zU}koq=;!bxv)3bls}Q`&m<<s;!46rgYY4h(d=(fAByxzZV8h`)m0<2mA{H|be!)V6
zRIowikAoOVzNKS)NR%YQy@1s0m775NFw|Md62?m=brzkL5cNgS<FYWngcNHrnA>&a
z*ob2H%QU8}inF+?Efth+_i#X-8K$E43#0+(hQ*4pWjGEJ0#=v#s|yW8=L#=?@$sPK
zgo4kq9UC$f!A_I|*-mOk+S_uy<Kc+~?WNrZPp~cy8;<}LjOjaU3h4W`t=vaD79K8v
z;HE)|a{Q80eJp&>QWTDGSlv$LAU}VH5fII1FNiCajgP9`+x+MNbGk>~n(O_knn7HV
z!r0Y6PG6I1R7eX@I26)LDE>Gm9yt+ezh4r}*{IJ(aL5GM`^c2i03#%jC?Yjfjt^1u
zfVOQXIM?A_&KpnZv=ubq9adpHjTpE5eXQHDK(Eo}X@=w>e$@F*Q9>~;&rB&JtLAlV
zy?E+?Dy~DSj|jEz`vRyNNx~Q#WbfIx1YB<1i@|jrJhw12It{~1M*-r%ht9ROw*wY~
z#L)R>kz()9oWVt-{DyxlQCFiBhL?#)58~-?EEAgvB`~L=cGaVbvw>JpLpFspLw_e%
zVgb-F-eGL$E5hA=uR@Iuz)J4^A1Q_p=)TT8Nqf06B4PqeioFeh=}&sOjN734f;AMw
zYwzv~-br28wX)3Z?{ZCdBf)T&mbB%AiG{fccySv%7wcbYQAf$QI8#l840EaN#33~4
z04zk$biYU3jwnW%d-C9uCVr+jNXt*pG<9_yE+KHR2C8<?R)}`mcyhw`kF^auuVATn
zjewG2f{O~o<ecd)Y?SfXB9c=`Sw&MT%il>mVj{i&^DFo6EHOHc7*zf>MY~Ge8*}6%
zX#I1P+fDF#uyOAaL5CgBY0z6GUcaM34nJUr1X*7HptSF}s*73S0g_YZ<+wuCR%G<Z
z5@})k5JR(5xLQsu2+d@Kk-zOIK1px9UJ7c6O&pM{odFQCeLp;_vf+&_uM+Hcsm?0S
zLo}zog}ihKrHU;%dH&k|oMf7sct^*?!?t4U)<C{7xG09U#Tb?!8j4^&e$scC`?kT3
zNls!vmB?oGddAOlVa<3(Q6ziP?(Olf2~A5&Fz|-@>6C4857W7wT4eQI-(v{{?#Es-
z_F+u%r6!hi$IORm0>H8+-}o%n@bP6{#URt+ppYs2>gg%8dySdMFf<f`&8wSyWC?pg
z^Hdu7)kpzUPFcymZ&IbO)bR(8Kcavi_>nnD>XB1DW7US8-rdqI9*uK@u9z)Eq=+6v
zr6nU83bohZb$<|eOxzRUr<4W-L>BRrXCgKwR|geMph2Ys1sIAtJ@{@<R`ps)|1x|4
z`@J(^6{?q4?#SqErv<x-3XB#|{4Tnv=hL0TR&%o>k1JNC+u}rdBMF~#LA6*(BHnrZ
z8JB+POYiZt7(%a{iAqfR4(`SylBqt!#;w$rZkoQMzpA<nX$#x2X?j__tDz8jwCDmc
zd#)JT3YGCsP-!;8CYgKHiM5zu)0ucNoy1L-;RQ^-Ok0?c@@L5<g6@R$$(I2Gl}4TC
za(Rq{^9CV1jwb3eg!Ol7O(!r~g{=dL3<B<Q7z5D`h6#TP!=zs10oSz*{_ib$uLP|K
zq@XDla-Ce|oSI1*Z7Gfn7L=-<qYYzK-`0p^RnW8xI%m=7oQ<%-hx0JMlsNHJuotI8
z-FS7(5P;Ji0{W8C-qA?wvN?nf!%*BW=)+THf3gXzlDygTgp*W#WSE$OuO5@fj73CG
zaerY`p0Q)MLxp!lVWO^-c8Ac;22JN5n_hn8AnLB}D;idWnb?BZ7=pl;25-d~MkwV*
zN74rN_U59P;37gxRt%!10Qwsv!gJ&g13z<b3+Y5Ay2=jN&8>Yj6BdOM@ILru3<%_r
zJWcjp;zF~H_>9YUD^VE|SPGaZT41D^S-xId(#`Gc8``GUo*)B0O#B%?LLNy~lXlA2
z0a#|blR&|;IG7xjh^aba$=M;5QFrfzkKu8rEQP5|l5UJCqK)DyrS(4qu0iZHGKaDF
zX6x}%hVlv{MQ?Ak$`E9%w#`Ys?RQ0%nsHIMo=f^8FJO!aL+?QI=|I-O6)g&h_aqjO
zS7Ek<R+Vn%gh&$1u@9Oj+ABC_Y;0_bTB;jYfN?s@heIZLW#{UgRUhVIi#_auljl8N
z`kdi2m13wkpea+|{oZCGWSZS5YF|=y*cKb#hp8jQ;BP}Iwd_RWbgif*_YesagU&%&
zRx!skz;4S;k>fDSRii*ukw`Vhw$lG^>`fdrPF@4?U5hs8k?Chf>V?hNGDJHTmR%A*
z_dR$byJ`m}deoE;Xe@7!D_>;~#_yOWmn}aW`%pvlx}t^Er3jVi^y1Xo|A}8m@e6s%
zDoJ++n=)=f0#L8cbQo8?gn6aBvVt%kE3(W111i>oJjND|v@&Z%(w>sl?|=x3u+kB-
zav^tPA-7-UAI{j?n+X324-pztIf%-ask<kc;Jb0q&;@PC7x|_1r-$*%{*6io;G-ks
zQSC5Mu(H^zo)*^nq$QCkYt5cqYzS|Z=s)5to(x(#i+RzA-tS5LV}P?)Wh1cIXdG+`
zoNDSe@S*m#W9GK-`TjziAT*i8&|78<O(^B;slHJVKIhTP+N$_o7?~j7W%yAoSmB%l
zMEKAnuXtQhS=i`9S<pK@laHu&i#xJLA~CLB;7N`|&)u1VS}`|)@?98(O;Wl5(T!RP
zYXN}@HA^9D1n?2jVp}{bu=|H(_Vy}a>k?{iYdnDhb(mY<jLrC?)zINwD!cN6_9m%l
zq}3#Qm%^BahOXu!a|kI6x_P=dNDgr4J{3q`C<vcV=8q!>wPyRUqY>m^n#Vk%QQ8+l
zjZZD~#GGs#fJQBTd;nFFaXHdTEl-UBFfBrloWgOX2De_)Zs7ycJ@NkssDDVeBRo94
zH5j)Qgv4tv<w6z+Q`|VaBR~HfcNAqT9kXwgeX4VsW#OLFai&6sgXnx}m0Wb{P}yDo
zRN7CC<r)h=qI9(?dVIrtut~M7+OkN`%yF*n$?(;#EgVUx5Fh_7&0|<1s1V+>;F_ph
zk!;8SNue|gU#ZPq^so67l!Lt8kmhD_T@~WbN+GDYG+9rz1{#wBwIgRf@;UW!R$~wB
zIBV>+-~A`}SDJCJKCNZ#5&l6PA+5?TOIj+aNqi`{06f!%YQ7Fu>L>Ly)o<Zr@K3tU
zH)SCT!(QQ>x=N~d5Ivlvlx7SdN=8MU))<f1>$@Lak>BqTcNqk{Ldp^?^d5V!@`1B7
zG0o3^jdjs~7rZxk#FLQ1!T#<B8$k;24mr!v0IijI<wIif5hXQwHtS3mvQJ@7WlZ$%
zsH~Z?5hkmG&UmD(#+vo*Rse|X`AN0oBL#WUX@{R4p6Op25#<1rskQvk4dz5LZ890)
zSZr8wB@4wIK3DUN$ktcJ*H%p?QF<HOIHtWwOI90(5D{C)O^%MWNU?!ahH03wg$VO&
zvt~<lSsHoHFkU|P|1v@IbxzRB&G@#Q47&u)KcLAq_IWOHAGi_gO?V!@JzPWN;Hr12
z#cA4L%mH2Fz`tBOkMFd;$u#ZyiiGN}vT<Yy`CYcmkU+d@2MAxfTczjc6GaVCCoubr
zUM!5Sq;kpP?+_02O2B{7zS14qMZK$~;CU81bXMSXry!40xA}fa8!9uQdm7>OCt=;!
zw93m8=^%st#pq70DSTA8Y=hS)M<Y&-kYD$xyIUt=1~w@tF?m$<w>*IhUD#1*>nh?Q
z<ivRgws+Femwv{0yEpH?KuOVi&}v8s6DC{?X&s#CX}>*cESsFtjf3$XOU@8uhY2=v
zFRiA&G?U|z#y&fdt9**naqme>n97uyYy&XnOdE#LoI*NeS@#ykH|OaH(du1~C(RB8
z9q)b??tJ7d6Fft)BI%ChDiz3Mp?|(vc^+eu9-u9&_l*Z_E8}JW41jZY0=5zeQ!E?!
zzZIuI2r7DvbFf7W&W5BEY|KSh5A^&D&=|7*3Ai8u|8;`-Eve%@2)$sfvUC{C{?#s4
z_erMN^=mY~I4^t-e?SD{Ow1ZbwDUU5Bzr!;91d>W3@uI4ap{Ec&CVx{VM{7D@(Y(5
z{p}mtF5ZeQIXbXHTsA99b)8R<q54X5oq@-*#-{InVDCo<s}QQUF8f*5T75E8Yf2Db
z?6X3W(Z$7z5O*c%d6F$Nk$!XVX8GB;^l}(%Omd^s&(+=()9pR^san{&403N?Vzg@A
z8eUi3k(&naL#?Zro!kOC&ziePzS!(F-k_Q*`JPOg44wQpV>Sl?a`m?-`&4be`qH}4
zssH>r@>lBIFNRrTc?{JbL?2z)ZMa#^;H$d1D42{z?q^*OBMAp#io#cEDL2LebRY9U
zaQp+OJb)51G9ox*e+*$nD^nz46TRnGY4vW|hl^j9a#W811R^QNTB|AF4u#`a{P~7$
z#!&FB@<hE3iY}0H)=z-7OX0R}nS#CGn3;{PG1)P$OXT*;uLAH1Q4lX5kQ|pXAEwrz
zrWaF5(WQP&HL20vt2oA;H<%YN02!Wwv2q7cAxM;Mg~!67ZFv!x-H9o!4mki^z!a{{
z4&#P;<qSWJX}wQl8*-NEh=^_%8n%=Yqdcg-Zm&p7)Fd%ib_|xO@<5<OGE1bH@FMCS
zDeFJ7uj0q5#GUV-<1K;2ft<JGK@xI{W=l!lIQhZgAPQr$kj~Gk%r+);LczKDQ{dG&
zeh>E<bHR=yWsR6bWhZbj(q*h-Z#>9yvm?7rlqN3EM$n1a4{I%6IX+F=nwj2bkhO-N
zi?U<6bNG2}EO`|Ag2I`NdbbK6u4hobg2W3@#MthX(Q)w;H^HIaqvB}l#@Wf{g@q-%
zGhuK*F-Z?K!FTaL&_NPXy)-BCCg}ZonGY{SEO-EMx12-@P#<6_k0UkwG872e-)(ku
z45lrymjNl_M08JlE1)wy-|4Zc-bO9`SSbxY8*97&T=ihpgN&uZASuI7OozBmi&P8&
z?n-dt;L3dovCoISrl*&Wi^U{;@xekjW#n8uL#?d0P^<2vvI5!-OaZ@Tl6lQDacjN8
znj6)nl3ZF|8v*EK{#Yv-HcDEmsVc~|wyHtIJkTTR+S=iuIQmY`^oIXL`|IjGX@`l>
zp?;t}xv6}qem=;>J|WW4N}k8$gN{&)(YlZWb#~^-5PvlchV{r#k2Ur~2Timfz-~tp
zl7kJ|zyVL?kcHIh@MR;zHe^tVn@$FDcCrtn`e_xDcAGxfw&`c-&a@mJ{cuICK|Te&
zc>qMpab#-MHv5{O6??3GKrM&(t#MXR+zuOFjcm&?jaQXXONVAX*NSPl-}$zwTk4Rq
zL6&DThBQqkkxE!Tyuaf_SV+Bow#FO5T^Xbg@Y3xUHu^aHG9mB)0!>vCnF$5C*n@N#
zk{re9uqkJjbtws`c^tW&zRI#7*GhwP5J=_>muob$y^ef+I{$L?zEQ?cJbrHD8vOb{
zlzN=_(l`C8q8uMlhP%@BJQUHZacALQ1OOHsI?pw55StT>YY<i>BG4S5szfBi@indK
zVrsjDR=g>?CJf@1C3D{2H7VN%ng$PVi3E3RU&6HVbtEAcd{h@PjMNV42rdN|lU0Gw
ztdP{iSy<Wzbob}_qt#IJ0G(-xi{9&vRoz8rIMXiWmy+z8H$()+cD(bay7FQoW*w>U
z?K4QzrDw8Er{vU9peHwP{gVfj4j0OAzmcLZP`8^1-;!dHQ>Bw4$UU}!tRy9to6>=a
zrG8C<HLf%9A@k7n;~GDr>CR}KhCV#hcj#7YkI<vAK(0sbO%ae}j46Mf!io?YSO?Vu
zf%T$VaGSu}OdbDkQ))!ajY5Z^Y*$z;)gB7$^N|2^_LVUJ=Yz^n3C{)fDLZFm@puUp
zLL)CmV}K$XhuLxZUM<V5-V+dMchUD9vB9`_UY6W^;5gZOT7aMKxzSkA;e)zc?qB1t
zlu4%N+g9qW>athU3vFekb>bK_&H|X7&+tF81DPwLy_2-lxwCJ4>9KrfneUDv^^i|*
zh<s|aMN{*9I4c7rsQ-vxC#gXE)n8V^Mm)F+0sLY?TGnv#9j5xQYDcfd^x%By;e4gB
zoQkjGpua<+^&5M$ifginFsKMj6Z$$nT*9@ge{nx$(Du*8dP5}hL65>P9Zb2>s9BKf
zrW7P-=gc=}z+ne%;G{qZnDn@r@5Y-)FgR8a#+2vRT#d*72Q6M9V&cRrGw+dbg;uLa
zaw6xE;QhUsu5!Vkm^5ss9seY^dG^nCA&iDz4?%XRC0Wypkr)E){CwvI^cE_%T!n`0
z3*GrdcEG_z+N4sDj%r3ddi1UrEHT|A^^6Ug4_0$;WhKqP4!Q#ejyli)1;%F+f6z2H
z+q|p2#fQ=W6-ht_D*vaP@+;+?5DGPNz2or52FaRp@+XK;)17RhiEcRGb*!dT6C-A<
z&3wrS8Kk20C(q?1EhKGp11cuKn3TZ|*+|9ljmSXn11Weo&f@yRivifFaqhTM_=D_2
zS<O!OGZ1AwI#RQ2+r1-=Wh`wRND(#O8>5oX<V1J@hwBcTC9E)FQ#sGYP54U$vO9)d
za&fVve^aSWR;z=THbbgj6peppbQ~(VXhb$RD9cpA|DUmB^o`PYnS-T?BK~WyyF0-P
zZ?aW3DZ|t|T-)nk8Iv<W8D;xH+-ApT>9VF^<u}4l#!e-skoN|`{+3^tj~^tcJj~Om
z{UKBh)ZHSKRO9c_@%xxWM=A))MlwSQIAqP<^%xTR#LVMcG5!at!^*~7Y`1>^q{5E%
z(oF41#;T2bGjYFxO?j_@?f5SuMGQ1QnA?jZtQL6cB}Rf{My}ThgpSsK;RJ=3X?Q@`
z)$I=HEc>LF$Ee;{<&I$}Pj9VWHd5@gi^%zzTGsCt%Bl=*iJ~BEt{sq)Mm9YG?dLta
z#=VLD$~;>j79&~btHy+UTfYqmnkw;d%(t_!1sh>xdVsc0!Wl53&Z1B3ncd1UHE|#J
zzJ_is1bCs;cHCKKB8>eiYd)M+7v^G+I}_a$bvVs@Q;B0(HRhyBUT2RhYJ3G;$_xl%
zr~|2qx*J3bt(Gq~saOM}vRBgOLahtBp#OVh=C0Gna^4@BUWyjYH}(O`sUpXOq*Pe$
zQvQ<xp?{zQMG=VHRLH`-QvOz-Ha~*v93mscc<b6>Xc?xQ{Su2dcQ}54O{QS__(D9&
zSmU0LI$koT1prw#hJ>en{UE?4cN@N!W1r{;MS&m}%O`Sg(YH>=y-(9-kSQ1DUUbB}
zKzNKfp{9=weAIIaqo^T-G@b`85(E%}@NWv_Q!I3#4o$5Fd<TVL@orc;NyyW`K(z#-
zco(vbO8f>Jxv<340E#OA06OT(Y-z-UAvD8-XfMn9E@JX#000CCG+5xN1{`BSEtJZK
z-c9`@hU>s>!yn~<#!di|4O1U*!q~!<$)dSxLC$nNS-CS9r{XC|Eu-X8q`CyT?1Wus
zm<0)jrF*?4%liQD9+zi)wGdChu)Xd+brmbZCO$sVa<^*MQC0*4AI1O=J)k*WA|UTl
zFEDo>M`HFk%j!0yK|jKG^PnI`lxSWi`H0=PX7ufvsij=taj7CvZ6eHJQJY>OP6UeT
z!LSSqO!PkC3V}GZ_^UJZj&DJQK@_!4x0*};u0#YRWDVc%kYZ8ig8OgBh=t9EH)Bv?
zr-Xf31)QWiWSy2Q7}{J|j3RQ8x7TOPTR^QXAw1DxpUl={kqgm=7-F=DloP@nh`5qv
z$42BYMCzamI)G;O>2DXB2mJXOiI${MB*b#k{-?^nu4fm+?Uu{{?>-E;0ec#zp&NRj
zp={h0!q5n2b;N=bL?NcdzRAXHW7~J*Dxa<38SIEFIpqQYJ|2D#eZkHC7_Le6vFJ<+
zgfiMDeUK=#g>-pC#0oAW^WzC98ftQA;9jI8e~5LWac%zh8vrP@ug{Hr-2iDJtSGAv
zh#N<>VvnByb5|P+kpG~>fZ9$f$Pc4YSb5*ftjK=psiv2so>W`bo$&i7Kmu`XF(aCP
zCbL)yaNA>9SxohU0Ub1WQ$AMcEP1rb!1gUCH`;m%em~bx0?hfDXaMw+ubofYjqOgW
zUmFGN_FBt<LtCq7<s50J6}~tSFgu@hF6_bwJs!v)PzFP)|K8GVwhX5KH^SI+Oe1{*
z8*a-B-6iELZ19~uQmUcGTh%rXoWgxyQAkjrLx?EU%=A84Ypb0n83q{XQ$m~20M1PM
zfNN}bYH_pXXQql9OW5A(yExU>M^Ga}z5AaJ%zAs&!DcqVC|>BaLkKZ&1T(x;0hglS
z31!0kN1TtKW?3aut5|sZfpALEw;8+v0yp2MvH~N!YtD!0->B68a?ePlyJ67vY{-wf
z%bnIu$6dZa!dT~r;`|iIBKH9zd~lk9Ok{u$sMUv$B$+RXQIb?mN}FWL$721tFtm0W
zRw)wq24TzV68^q9IT?Jh$2@QV<2Ix!0lX@zlqu#gCt>r#jZsWDX!l|8h0Gz%4Yw~{
zEb6zjhFn0!3+4}TiNwSdwoMn8kG<6n@jgsZg{6>^jH$_+-@@2fBa@NC%Nt!1R7hGb
znH(A`kB%Nn-oVErH}Jw_oi59;+C=>L<1CJWXAjbe|M6_aj;*cqCUH#soA=41kc;)8
z+`lZ$(}bYhIqAQulHcO!;zPzk4;JmtoU$&ytLlP*pyUB2wv_t@hdUoD4_^vr92-!D
zZ4vjAQ@_@e$V+=OeS{f);()9`KbwHpwMRd)sn(AiD3k`r&N(wRAR{Rb=VMfZTUu8k
zFw9OMqH*1xtca9F)juDn8DC5TGR5*QLBI7iS0yo*RVgV^bKXT#d&^mHWmq(tT?cKt
zguz?QvcBF-A(?Gknnc1{=_oVA^F8ipYD~Rr#G0sjA(*l%u=spUOV}Z7(_JnqGdUQp
zFy#H89r&J<XD`>u@h>PzgWeGh9gmC&a~8c*qL<_C=xdy*!v#^j&=g)?51dPd4;V;f
zwx|Qckr-?7?T$Iu3=fJv3)VBl$`+dS8eZ?ZN6${m_f8>+Ram`N)a*Ca?w8*7<Pjkt
zEC?)Vs>Cv#Pr;*1NnT)r4GX_-y`PF$@%0@SxGJTAKFrp88DcKoNqOUl$joDhq<-Io
zu(bIeN%?-m*exZf7n3E}jh9q4OMwTDB*^=89(>aIm;I;!DA!2Y7<QzNYb{#G5a1O$
zw3iHQ`R88ch6*7DfXGc=^RX{aOWLe0#d+Pfqu34ejW}G&s7{Q+z?xOU$?c4khVnIk
zhchY+-u)?s$=3gl?dA&9(xG^#4;=4P8R9Sn^5~UlD$CYOUC`atewe!`Myzdzib<BX
cKj)h)9_P&f8}<b;$5v&4{y2ePsOW$I0KDp3g#Z8m

diff --git a/php/public/img/jenna-kim-the-globe.webp b/php/public/img/jenna-kim-the-globe.webp
deleted file mode 100644
index 909a87615eb2935d70746f7819ffb919d5f7c20d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 98876
zcmZ_01y~hP+XV_pNT}4Iq}xM>NJ>b9^w3g*gmg%QbV`RPAq{hAX^@r>2?+%RkuE_%
zq~Y8-sNeVh_x{%heHfUTz4sgIUGLiasHG$?FBpuDrY9$(p{pTG&klXRi+3{%9gcR(
z`TG4kq>&GDbD7xafhmgbSh%*1X=4i`9Y~~l&Lk4)G(dNuv6-FEzEGBqL}~|r*=R@3
zUx;F~7as?H>RsnT-n+y>2J#CdPbHE5lJ#pbfj;L?0+^1h&qq3VR@Eym?E~31DKEc{
z<qO3hG^?Hb3QQe4y8Jmi@1C>g<B4=ZE{XaoBQF{G)lbe6kBe7w65GrdO@Gd7i+Y{k
zbPCwG;JI|#x%`Mcy`1#Bb}4y@kBmPVd4B7=X?I{rpxNaalKiv}3H=F|JPla#`HpNk
zLElY2Q9pD#ll&eS(Eiik$tMswvWb2<Kfd%?W%Sx`G7@Lov&ZR>=XZOJ<lcRG$sD8~
z^8E=CIk<ie*-*c>drRt;5t0shvH5j9aOraC^w#OTrEVbdR;T*t$&YQxW$s|)2V_%#
zncsE6%H!-1lc|8)<DSS1a%A$vwMzx0x`}v{Wc4SS1z(N%RT{kxK5n9Of~a4$%G+pV
zF7b|T5uKA;5*s=O7EDoFgW@pF`Jatbw{K0=KR)BIHqv4CjhMc?R}x(^5cmRquxCZ6
zc-b5&XxZMYVa#;85M$gQY0t60V0tFQ^?Dui0iX(YeyrG<c>i>}yo;N$U5LEyoh;{r
z^tKH%W8$|6*`|iTwiV~RVQKpsj76SICQlO)spLF;=Fe75#~8C_xGS4`SPJJN`;RGZ
zS?g)@#Rp+ON)R<&V&^|^G<=&GqkbxmEPQXj<s9&NiHGM>e=4S>pSs>IfW8FD>Co+;
z7V4SnhOg<PY||<wrh$(Z+iD~QZ$NVTy-f-YyFL}1|KbZ^bG~Lb%p+L7VQduHDy@ln
zM-Pl{mD^p3(^oUPj*X1X`OAK9j|n}<(Xe44`&Fov<GR^+=8MQy!OX<lggSv~cM*+1
zJ<#)m#X)~yZ%5NhaE-}=hw$Mv=hX`@R%%J2_wiri#qamInwQO_^?I{(QPqmbc52UI
zKYDzx5jETj^g3xRfNQt(8mqaE9@FC>qYQMd^T0E<PcNT|6QqeMcTqsEH4pkSZ%|Dh
z372FCfTY%PI%vr|DwRqT-xg^b<pStwii#JZae8}<R6F%Qr*+%mCESk7Z?4j}R?L!(
znvjKqqs?zE)|>hFkyj(?$SI;*2%(H+FZbs`lfM@Z$idr0UeBMcn4VWxll6y<?O|;W
zB43GM&)tZGi-_2Rpkm2+uOxJngW$hs(19sALvsQux5VmOfQ}4UJ*$9z-27w+nl9>P
z!37wbpAVs5Li3l;d<OkkJ`*);VzE+GlXoCA>qp;m;(*L$3zAwB)ALW<@z2~?%TV5+
z&TKz<Z1^6s6p05>zq|ckFOi;wDV*~=sOR(WoWurt>niC6u)#FC{}@yAQr-RG*#QmY
zxDq56{Woh}bFI;2^v3vNRk*>`XeRW<vuf1KPnAm|jeATOUNC(Q{qku9dfCOwTkSox
zZD<sA@(-QC-+K|_!g^i#kRfh;<YA(}C-+gt8FDdKLA67nPAbZCf1-w*p=S!caeZ(Q
znI^;th3&~>C=8(Z_;*1U=9U<#mdD@@xf*h2683l7-X2LlvhlyRw~BoHYn1t?_?TXh
z2jjCC)N9BikLO6cqoer`!1$rpH&~VUC1?MI=*kP*h!M@E^qa2#2KZm2K^LyB$Zr7T
z^pPGI{XPCl{y{Y-l&5PydD#;4_2w}EPl+|CoE)rc>|-1~JR1In!s9Pvdr%CGXQZji
zPg^{-GHL{-<V{R}Q9#cstUeJmNdEs{A`gkvKrlFiioppQ#(|BeK7T^3rPV783W=q`
zCZRu(rzKq$hz;MzfB~BLg^Re&DJCYVS}^JaEXDEX+Bazz6`w&azcODkGRRQ30QUE}
z|1SPNW+zFiuqFiSgCPesTFOZBn4)3`3M|~_NDDUZn|sBIP`U=9;>$$Mk{#|UFU;?(
z*tVc~BEP9P70d8Kt8De$21H=c3ZpV{8MSt%P<eC4%D+%>l_~#gT-|yrKu6Z$uC!j-
zo2k$x|0BY4RG2MkGQ@WzxK^VAT=AJ_vGlCm`W#bF^8v{dF*i(^l`=ya_ZwFkdaSC)
zWE+Ft;C^HngAnOQ#W>x{;ZHJN+hO^ufc<~x;{rkq%HHxfB}hIO@~EDW@Jy7E&-Rtx
z3s9h6EseeuJr8iedp-LnnD}lH;Xy!W9@dwL^5sh~)}ZGDsJ&lyg-tqvFY7Zpg59`Z
z{2TngQT!K-MA%PZ4yk%H-jU)r7kO?lmt7&m2Z7O5s+_BYCj8xS--deX{40!R^2*+L
z@k5*2?`vUnDRA&A&nXb{3X{0&--_aX|3$e1%Hj^&cmL-KA^7>YZprs1(_8N!8hQ1d
zh+DHx56h3gL^-#rRmnY_#DzIMn+}D0D5Fu^H_xMfAyZMr#0Obj%8`U>-S<x{T)|{(
zo5xO^UWnTNnIh(4zF^t;U8$sPBxgi8Y7J0kJl&zJ&x4ZpsIsYlsx<P6#e80-yz&xu
z@CuSIe!sna1rK2pA>XZa61M#Kyt;PPy8HzifP$t!c6(TF^m+yFeG=OLfvKphs3W%O
zh5^=#c**<_lH%Cm#i^OTNC);*{uKe>ZO?>A-_iN{g#Zqso=K$j0%flA1N4Frg1|IB
z!tGGKMf}MOjsS|vmbzPio@%N467BV}WapoA|00elDqf&Ss!N1}C1KwTV=xMeWy)(n
zkeNFV26#;BB<Mp`1W;Vj$w<{LccF9q3N!V3N-#+XzKz40R9ML{xuz{u5(&Jz9wr;k
z0YyB#gzg%ClYZCYXAB14ubYfQCh1Tp42*&`B2NQa|0V3d(IL-3K43$49b6*>!KmXE
zd9WT2ng~z@0J41O_!XLNAXot5Apr1AD(1651BiDDrx#R(S)MdEZ<dE$P<kP<K}MKv
z5QD=v=q|!{^jw4cKk@OvQat`Q&FB%RGOH8l4e%Ppz3+n{>T1Bh#m42&+UJg3q4n1P
zumhomK#P@?slw}wGRH5hVE}X=0ouI_YmJeBQ8Y9y9a%rZc8MXQCQeT!(Z)vlNkEnZ
z8xN7vi~%y}1;n-y*vYOCf(RQKuEr}+-`QtE7^9N>e^<_{`uk|6r_3m*5NLYN8>k6A
zB!FcK7U4xE_2NqsD}x|OA|BYRm>@rB)M(5|=kTc4J#W*fqdCd}!}xiaZUEIZ9_=Pr
zpl;EJSqC7DMa-$|OJ~Z*(m*iPf+y+VZ@p<T>-2Y)?Pfpw4-)=O-7BnW*;xUavV<eU
z`u@A_6JmuPu#6f+Q1)wnmbH`h%<Toir0UojMD-$5OR1KK-J~O*R-f{R00v>(FyLnh
z7XI7^$Z*F9yB?i&$ZK{=`aKVJP_=D^pg}q7U*2EQqyGjx^Awa;QgDPWSd!4~ekUIU
zSw3aYc7$@!H8>AC#-r*$4;;)>!yUzr5^bJ;Au9ud47%xl;o{ar1z1gi`|X2iqNQ@|
zkW1vI89%cIUinTj>lH*oP(_s%@ohKHcKh}JtgT!{e={)f9{AnXHy4Vy$S@#I3SJfl
z>_2}|ideapB440VK;rhXeI*0(H8(-__?!FLl*Y*Ttc%EcrJEm0!gf}sw;Qo>XLwcd
zBEyWFa-rfxPtGN0FNK<*#TLz<cps!119j1RHl17`#QDQ)P~70^g6gvwz-%LCSKta>
z#g`@?*nTb81IjUj+%0<$AxVh0+N@H5nwvq>{n*&Ey7&2bAXfimEMF<nVcX&`<iY?j
z5)iC~77r@G*eyCBOEKu7K^T0sT!tUFZi=P<?@<3cx(K@xRm}lN1DUg|%_CG6UO5@d
z2?H!sttJ7YQm7nU{=(s7@RZPzwXZYHVw(L$Lb^gcp;t<TAA<Km91p?wj96}!56~w`
znh=H7|H$tn56X&wp_;X7m_{iFio)feeJCkqaQ*hbQtjXB2fmUA6+Ev6hs2okbq-(A
zf*l&ZTR6+I&M-4!{5@3u$@Wp|JWPa2e*XR#$doWm#>iY%Io@r-WCf0C$3iQ0jY8|X
z@#-F>!%wH0&6-p$Yd>#%RBFnd<)>Bt!N{;hvO7c$|ASpIZ2c*KB}lfMj@qwQD13nu
zU1cX!rh<zCXbJbXgD_+i4?F^EeqewgqhOKQU1hz^l5jf|`^f+OmY=~#%Gb6=89Wyu
z;eT*eQEuu92McL5nqRN)qh_6bpZhP9Babwa@iF|vVXs{O{MjFzS;TEInm*8I<VD4u
zky|i>E;0rFm4g)#aF>|xq}9I#T12$ib&sM*Ro3_-`Y+$P4O_j=Dd6D52eSSb+S81&
zLs0~_0ytpyVttR3r3?gHvncA8$KcP$onB!cj0!N;O;5v;Y7c9XD_8uBxj%lHx+r}C
z7`A$oe`r|-OXH67C++sd+rU8(l%rf%js)Hpu<20V21{OO?|fb;xyyIYGOZKPb(+84
zP8As+6PV&Y+QPq2u1Qrm39z%*sJNa(MgufKzC}g<t9s3*a+uEYe<ggJifcGiI-70}
zoH@8_;lXAX^cW%7ra_d2LVce;-fqW2QHsa>PznJ6i?}JbVnDWZ+DzSdHB%vOh!gRF
zzO4A7mXk>0LBJSDvw-quv<QwGoFRJB@lT*(8DN+`h<k+gk4#?`=RXM_c0#C0<)c`Y
z3qZqV$ar`Fj2_JCb4FHBj$1!0g2hi(na6$rYm`f=p;(^o)KvncFS=>rd3WW-ah9TF
zxYB7=d!FQa=}Fg@Nf`~IqD}9JTmUMNnuG{JHYjke2Aw7>3-~W1jFr9rHy;^yC*Py7
z{zw8D$+^N=iFs#iiODsov7ll#lpwe$xBuh##x7X4DmMubmQkcDxnH{}sf(#Z1OVdx
z>%0w`Uph4tZ2?(VSg$I)!jO0qn&LbQ@Z~uabPufW;lI3EV_Fx8ti<~->1O-OexODt
z>^EBKF&-2py3>F?G-Z6q?NhwNk${y5O@g`0GI!oxMkY}PsN~%7d1S&!PS+DQp@9B{
zxcLV(QX_9`iEWr6y%2F3yp&>ykpWN<5JHt>TrV3K5maSKN|~YZ00o}vX6HGl>J<Y-
zwP`cu|7med2aFdcuf|0!5dIZj9`zV19Xbg=>g>QMlr>S+KKl_A%Lp8a%l??e@;C52
z@?<l39!zg7D5(o(Bl_5VfsIjb?hz*pqVaf@_?5w1D4H-R&6N5CWq=eoc$VDvug)4V
zNBsNt(d<Gb%raGzi7thA)NB}9fwQ^GBFrJ3-W6ohViYn2x5HU5J+TBO08NVIQ>`<k
z&!ldb-yY>T<MLDfhalKj!$i{~Q%Qivc4HYn$^T83xpRBY3=e`TV<77ll*xc$S|Vu5
z2VuMLj55>u0{s5~{db(&noLK}p=2#^t>VVZli8Hrj2ko$hpdO-ZX^tYLh<P3b-c*f
zb;vHzT@$ro{V7x~G+a!2Cy7~vbqhE|c!=6=utKl;9iSYo2$s}C@X;kq-^g19p-CiL
z3zv%{RC5(W+f&koE)muLun%hQ{`Mw%`(oaD4ymZbd$$QHzz5(zOqxzT6~j8?Fq$$6
z-`n->65dyXpiIet_Bz5lMW#foKxOrbgA$LsT|-8B5CD|M0tx}dnnCcSY@SrW;g++G
z;wx+1JCfCa7Mmu~0VCA!qi_HQ=yXe;{*w>>M^oh2qYj6_rYxzVCGdlgVP!Meq0C5*
z4b$yuHbB#+y@NLcf_Y3<<+B`UWe2;m3B$NT>bBBj3a+E8G`7SQ8|VPBgSS|LLR|hp
zMlEwy*!iNZdw?O3-TxAmiFmE-DXlyZA&==v#>XpDthHJ}UP%i1S6%5918bify&{*o
zlDeI`)B3!|>~Lnj-w6muXITfqmzxmLl-<<ak^NH>mYaZH30Cl6UY%&tITXqX20%yY
z++$O7(w%W@2^VB|+I5qWjH%?4mqxcg532mT2M{=;D9(fFo1O6=-lFuM|A<9bUJ#K;
zH-sVpG~X#l^7(-fkTdA+z#NvS$~jrdCV_OIj0f<bV?)OSI|A8^6~21y;UP4oYV=%B
zUamTtnYyBnXpNC&b2TW2O?s9pc+!hMz^8`;rn8vbS=qS(&Zt^&KNMn%F65Coq6{WH
zX8j}e|3K&uFG4Yd<hS3}K48EAbL@BTp@#AOd%YY~683;z?a>erJk-%G2ed>`SP7LW
zE5Puum`?_rf^RK?A=rVk%2TpkhE$sHhSj7hFfW0T7)BV}sf{HoKZs&XM7NsPA!q?A
zZU460;V|G?kE_%_+BxtaR1mW`HwOU4tcOfkfB}n6$~x*oiACo~bR8PCo>!J{1tQ;?
z_z5;Q6cbwL(S^eR7iZ5w3X3<9@!c~?E@6-MjrwF5To%cqqbLWzfra-Mq0j;qD$`Ls
z-bf0EK}_x{0zR1UbjcL{e;Z0Rg#;=2f;d2x%$Hd$kLfuSeD_}n*+b07yoFm_!R8Q3
zZ37mwk#|6PXBhCPFziuQGdV74LC5W1d6ZgXO#QXe!K24sCSkQIOHeJ+!7JG!Z2bmy
z{i?r?A_NNW=P<s8L0pu81828}<R3I&X-0n<)56*v0v<&ONrodIWrJ%7iH@Hd3h*L)
z?!HY>xxJk#ir`5iVfO>#>&6sKWRBbom-|y*EN|E&P1GcmSkG~6I%<_{nbKvz5@ua`
zrtiU<%-@swV4Xe8j4U4o1@Tb8H0PQq4WLk(vGWlVZ0Q;Oe+l?sd+>t1VV|}OF$Ek8
zFdBIWV1TUi>r#@E$cdNRCXfvz2_d#pPx<Kv+X4U(xi&--;dPF}bn7uXb%*@SpZQG3
zaKklO3S>z!7#IKpTY%F1pfk*@Q!haq`xg;`c4||t7zAiCjRDqcVF1+jFRxGAK?L_-
zjsB1N#c<B8f$IE9=b?5lc<|F(sux9dlZd{|g5WL$34$jC4}9C)*3sp`8iC5QdRcB-
zxe1wrAkVpj469f1G%%e6j^STK6p5)6?ZrGC=<Ja|{iK{QqOjqrb5MNthbQTtJ2oS>
zLS6qg!9Hhyb5vb24ayycu;fZhnWg?mvV0_|+Rd`os$~8%<*^q45rH7=LEA^Q3NVkH
z_CCn)`1f@9{BtyMF+C%zjce97D99RKSOmE{W;1MRcX8|*bwLG^eNzTZC9J$WIE5^S
zhY<T5Pm!qL18FZc$~7h{cmIc``v)RPk`t?0;;u@eGYkqi9a-M0X1B~)U<6=FtBU$i
z@<M3`UZnegG6Zj6s}AZ$<8vK9oFNRbYL-@J3_CC>W$zh$QNfb?!o*+E2A?cd3MgY<
zP|$*qk&S(meTNWLC$ip|u<c)U{7;|!&=@3E`73h%kFby|_k_eelVe_EMow4`1}yS4
zMGB%zL{y2y6#$f_R&|aG`XrW~ryz<fO>);CbtU38>%-^mC)%9r>OLysWqN6G8>I30
zKJp>nWZ3>tgY_wU<xLc&i*v>5O^CSxl$j~h$0)HTns&2%iw+V~uY?+uQhOB-+B+E*
zY?{Q*M?`pKj+>f9-IL8fG#NaIN{LmdB4hVepP&Q*a~BAo8kY>$z2ae+yYxXL>tX#0
z+I09%Y)!nSg63GpgKyxP%O46!^T=C<Yipdn^=B0$YfHJX4E(zG@F0MAig}}g3rd30
z+gKrhYtsK$9)*{6&2>Pfatf;1kN}Y+%!`P}Q$RQF+QSc(wyZ)qh&x@^6dMMFGGzI2
z_t46xuWnn{yTdgn$tN#q_Tzpm2H`ePPFn%{*<f@Mu{7bk*&h5{@@JnD@d5M%5&O^0
z5Wg~tE@e1^nx^UN5NdKceM$c#Y(a|86?MO}|AE8#aH)rPv=NN_OkLdx<zwR>3Ck%1
z;J~U6HF3>Qk6eMOX*zMhSXZO09n?kMIoo|fRB3N~7axuOK;7h!EV*8EBD$jRcZ_vG
zS6l(_sE*QT4}AV?88lvpN=BhLBRQ&V`eAVfcEkVirhkGxUfctdNkEnSkzt(?c`n3R
zQB?tW#1vf`jAE1q3PAwCOa_A}fR=?6vlazwrIq0C$9EmVG`yHTx+A)Ufl|9@ZE__H
z_bK?mYczeT7x;8C@Jb(qwNDg*USbkM7|N1f$3)bqJ{iUuF&WMCHzHtk-`f62kpV{J
zK`f_T@^}cncm@w<{ku<J!jepri=$PQR;8g9O}8AX=jSagchavoJ%>QqMF=H+J3*3>
zmW-lqmu}a?f$NcXJ`D(SQ+A@eR$BN-XK@5%L*_TGB_eF)$czne4224~=EN09tvtu5
z3Rp5I`1ZGSQv7La&#NOmh9F7I;N_iB$Ozv#(z^E<DWbM!0RZYDAOeCg0};&aY(-`W
z`^G)|5UNC9Wtn}9{*jv>K&2^Kj)^L{wLPthzOZN7WNdq|mh4Q4uM)`Ybqvr7W86&<
zENJpk(qEZGDIL1!w}TX!KSA3e4t)M!rJ1&?|LV;D3=)`n$)m|br#ENN+4P(dYG4fA
z%a?Kq2R51N0HXDh<Y4(rIHZ^CkgH~Y5{3MwBkLVXZyr5q87w)M$-&-B(e~ABv25OT
zTv_>P&xAhA#V0a$qZzD-J(^qn4ZJt7wK7EkXW5=_oe?S|`Dn~|4eSwrH!W6q{-|4f
zm`kr((8?HYxCa;!Ku!QOiQW>!AyS_>zX@J(TxPXTq;bH=i&k)}*(?G!H{+@|$RcKY
zSLk-*F$IXU2`Yzq4neha5ge7t<s9k6(54xfM0`s5*qn&92-y_h#jIsPj|_5zenu%L
z;{wSato#pF=(yBoupB`E`&coEum{sYFp7aY9{A~oQ4)`j-iCTXJW&=inE<McFu3HO
zb}BwjGi!AzwG1(CEMaEJ4CFubQHv;QSR>$3rVy$E{AcAXc-l16sC)3h?(_(HJVY}1
zRzc(g)bZGlF+YZKl48uC6t6S02J@c|zx<D8CP$ZqnJt3M-y@AFjDvGhqUPIVH<@Fw
zEME>w0#*y-K4B2EFE^}t)$7TUd>S_1+%kq)g~snyIsVKumdht_RFfg**0~gq*f`+1
zh`1q|3jWxQW6qWg5Ed|dXtWTJD2ASr3bFUA{tu-llb-1Fniu{`_<vW^yA^kpczvJ-
z#gv!{x*1S+VXW(iVqmQ$cNSi5A`S%@lNPg}dzmTzoG*LW*SG9t!y@bU0kl>}fnnSE
z-&iFoJC6L*6P{&)hZAitZnAf@?SB>sNznHu*T}&H479<1fyGx~86G92F&zBZ=LX3|
z@C8D}K9ueTmW1<Fyn(h&ukZ^JuOUGj>IV076+59!hgcM#v#iEyB$z4AEiUg4$!+}#
z&=etQtwxovDRfB^O?pRy|DuTV=#%d+B#DjVPwsX0ojD2^jUabH@IL*XR{3CnUfa)B
zT11t{kGTEv3f|<0=b^TPt5i~etiOS0cNe7P?mh>UP#g;btabVIrwO>4&L1hxw)x%!
zRm5g_@PeVa?(F6!RK}EKIat945f44Zm71ET5Zfq8tZN}qWy`P*`l$Nogwqm0KF*#I
z;(zV*BAex|gJ5Lo9jCC8eD}lW`tal;8HtJbkR9|r?&rYU$|j_FbWrN`TZo`C@$?T3
zH_3>k?%EK8s%?516r9cFFKx+)yI_Egq#Tr39Or1W)Vj<6k;(>^{%lODr+@Z|%CC^l
zlh0#F*M@kZc{wjiHi{jMhO}B^uG8}43B^ZSzs6iOewfFPIv6-S7v^nd##6yXlQKe^
z=F8ut5D*u+@p)h)<*N>c1?Th5E%PZdwE)w~8TA%yDZhrK_X^WU?^Lb_=e)31iI6A5
z2V<i~5u|CE*GGp*xbaJp*U+Op@#<YaYLd#rzw&rGlOs9jZlmdop;5{H-CDIp?SPy-
zHV@OFcgBDGb|3`i3jPRT!;Fm_os7jRB|QW|7ebvlNWuy;z8)jwa2tKrWT*QTV)k1$
z=dltnUNB9`Kc(4=SwADk`@zB^WpC$^u^llhBL3}S#NtRM&#Z@GOvYUa>hW+`24y3q
z^@9g*S(kj4Zp?*#)mM3`Sn%tS;{ufUk;!S5v=FOc^kDs?1N^Y~NACh2|FvdeibnU`
z%>`$3NN*~81%4(ZEK`_RSOD})n4k@c$C_D$h^Vyk6wWEiYob=PZ0b|RQTgPY?zp!j
za5WM=94NX2w10an24B04{=_pN8j<`FrXb*AZ3mT<M+ZdDaXlXHSWfZ(&fMJm)nF7n
z!?_jnyLqda>3yw}lpV)>kD=zb4iB~KHc>vYybVj-#&~Lg9t=|!UZDmtvGYQEO`~i5
zQ=togcl9`a8=wrk8hGtJDwpK@@hu*)RCCJy{7tbBCVm%|y^Blo)*;NG>h+ECC!Ew<
zrNo5i5~As_q%O-81MI%M;nC6f&0>~bqAqb|cF73Xn&?gS>@JWPC*k@Ye@&vz%tIfN
zY_@x}c1JU_CqL(X6Z#~JSzf0-eW=Wat{HfqnXmjNtfuHY@l-M=qg?}`mV|v-mf?Gc
zU1!Q5S7ll^>q0;ygWg{H-jm21H*o$nHJD4%!lP<}FzOJ}&>M^x$HtVg{rHJA`scDJ
z#Dki8Q3h8W_yAY%4>ig6^%@AhZ!KJ;vR^GVeZ#l06IVUJ!h5WOB1MV<z1OUb<zUz3
zjooC<A7c9D#L`kR?e{BV8Yfq`XZ1u3-@NhOQqO4O(r?bcDpPr9V${L;e3tgug0YO0
zQ&4X9{hL}W7l9{L#r4M<?Xlkz4VE4f1&KNC@zvR=*<8LZn?%Z22bXcD9kD+=`;^6A
zETJQ<n==G8%T|b+D$e7XM1ORXKN|(hzxWK;Cn3G0QEq4Cry9?|N*)%V6E!iqqe=_P
zS(0r(G`(Xh#k_z&oFXBid4d~zhcCB}A~tJyUoe>u%|_Z3-pw`ROZb?7YVw#?DY#V9
zob`^m2?bY-@wUL7P^k&LZs$(Ss?+9=kD6we>x8IDidOX2SxPV4v2O3(ca{BIsnBOZ
zji*4a+WWP=BSHU|!Bgr1wpWRIRTsGU29n&M6Bm7vGoc4hQ2g<qzAli*exVyNA+yc$
zLQ^!!Jh(#fu{hKen_{Iy+A_a!k7&fiq<U$6p#1j`9n;@#gipkBDt=+=vDgy#OSMiJ
z`@h3satyV*xBU7OKfB@0&XXkrGx}kya&KFj+lc4kCl3%0(zMZce-OxRx#bev2J*V6
z7fZaB*!mN8)~Be_vhdxNenm{S7mp#$Eju(v==6<|0`x=G0F4!YYXlbozwlefv0rm{
zr`F%5>d0cCL^CXXtbUH$8diTR`;|^mUmDx<p_DYvl7oV*JOs<)K2(06QibWVuL^9s
zu_#f6$HHE$q%^?fY$$m6-1G|fbw_!#ldH;wdMqB^pTsm}3p1dy7de~AG1~?%3Gl;d
z)%TFbA9bEu>VK7cJ&S&^AH0=fPgIWazV#ZcN5h1Ppsy~-=bOi2ZJ?*?^sJw%4$-(j
z4ZX?)_TEcrfg8?Ttpx=s43tk<Ibm5^{1F!cw{sij*|ds1yE-hRy5}Ie^vW$UT+P42
zwDc*YyuhPTCky`6y?I5747;fgFj3x`9C)q+L(%6bcV@NxQubxu&&BSuKdlb5WhL6B
z?mD{O@*4LoEtmSecp&PQfu-uF*_4GZ6^4*5i8N?qn$%kmbsx;*QBy9{(F&x#xk$H3
z-~9$DI#KU;s*aw-=z_V-8Vi4X{CfmWiB8~7wSC|Mdp%?-?ln}h^}Oo#hFk!LkSeM3
zy59Y&E>-zwX*agQHy_JJYikeM#M5!75jNqT=(_o{gsPiD8y9qcPe-8Ez_c{c!GN&^
z3B7LtLT-XgBBHEeNPbsu?0wTs^d_t`<aqVY51-fh?#^jh#NSfTUXce7rW;tkd(NJY
z!$yQ_Jv<iNziQUGcCfokC6%EQgH0tSYxXuknp@Imzm5ZkA)~%in<N_Fru5oloFCuS
z@}!Q<n{lmJ?}kyXl+IDx2p0$SYTa-SJG{$T8~HR$K`J}4M{rGDIUxcdw`ct=9b}$O
z`7-0{?uTz(?cyY70s#NSO-6x29AO9Pd+xC?_fF#c1?a4l#h;xq#+~zp#_P=kL^Ty=
zAsLXsiegj7USVBOFOzU9;x*%ZGIoe;+VF+|znMHBXK|w(*JF|U>zipgzo8#^?3Qv^
zXw?jwQXxGfVuGz>(!(m`LmoPxHmEG?A`)1TL_&C-sVq5IaX*<WxW<5{-xmy|u+#5|
z*@WuWat_z#>6I`Rd8^WaK!0)C#p9Fq29`ZS3LP;ntkm`%sd<DuZsg7uE;6*|)e9dL
zOqFa_@(DF{d))<SCon!H5jxpmj`#h$K8j@h=Wy0to~~ffz_po=VN#Y`JiHhn3R4Td
z+Bm(-D6?r+62;>}g(>J1dLFJTY7-3*eGmyECdF`7!?W5@G~J9`|3sGj#x7loSLt=u
zmsc4B#SiY5I2@eb<*)l}T4%UVDiu=RaJa+vB#ENNg~DXAs<yfFEtwpqp-ZM4SCvtd
z=S_^h62sbiy_;rw_I3@kzg_M9M}MEaG@2{szf8?ARHAcB>Fw{otBXmbs!N2uzGvVF
zh_tE{D2d*GzNAC_@bZ(?)VkM$1b?Gmu=(ynw$hbUB{x|J9bPD7F}Ny-nXd-Y3JYo`
z0qt8JdOhCmj4;4z*F4IRk(^P?4OjoGSHF;HJiBVe8@yIR#XajcdfuiQ9aZn%7Le*o
z5NvfJS`t#V^mO7wMkg5*)K+D!qZ9aZ<*n8t(?7{>2r^}Wmjn+UViFfF&*|k9O0lW<
zVzMc92D2c`(1zS8)yyttX7c&6x=NootTEVX`3?CD_eOw2uh;vJV^?!tV;-pAVyfx4
z00>poZwh4RJ>To3oe$_+kR@k1yP2PG$6wZ6AwiDiFx+j@zzoa73Q{?tc00d}U>kM3
z>z^>b{7b;*<$4!HTcNdCrq2P0D-8%z9Y$%&1S$pO9%9q?<2G{nX4+@k5t;mqKS<fP
zk1nAL$s+ZA6IdpLDKpa=5bytZ_?N2q`D)@T5_JT+kgj@>`OPRxQ<FYhiH!GAdGLr2
z=S=q*S(p#%{10}xs0;=@+IB6HUsqekc}c;$w|*_+v#r0-6(!EudM6?>WqJFQjM;N7
zDD9=W{;f_sy>R64cgFsCht+Jf7XQ0@%W={UIIu?Ykyn1kb4i!7XgrPhztHWuR7W``
zXZL>Ge>bTWgP=w2HvvRM%fvR&SvG7EZC^+YS8q$*p1_#h-z<CSqN~CSkDP=gHCV`R
zuqBJPN|&8|G)<(Ki)mp$C8;*$`3NpO_xunWuj$NG-A9~S9QnO0R~7*khF$xlt}wXO
zLc77h{zf-nTX5$5WuJL}_fAA|@5e6^6F2ncXT4T}aYDimW8*9RsBqSU*b~q3LQ8k5
zxzsLH-j|g>|CKat>71CeES+yH*WvuDDCbOnLU7FBl_j}^y})g!XN1cSVKvse51fO(
zHcBFUs;t=k6p?P>y@w+Li(kgR!hBhp)5vi6j!P1Gd4zB~3Ti8|>{l9|*zX)!>T8dz
z=!kXHOPS&f8e1-?50K(2s2Su~LGm)XZsRNDN+xwb9(1Csogg|G@;J2nUrG~|BAZ5t
z@TB~N*O=uaG|{=J7vF1dR4(`ii{l-xRzvQc{Xp`}#^d{)_+Q{1xdpk7qXE0^{2cdQ
z9;Ns8{qCp!m~6XV;cHZb>0Jy4GYPwOKa<nAr~I7r+d{5)oqYU4&Brg_KD2)yd0uT|
z^dvX31UMRe6B>5Gpa~cIv3+ev7I3iA0Rse<vo`Ay*o>Od?lZN?H^zV@pDh&}<TuA$
zmiF>{K|N>w*bl<ojlh8l^+o#NJ6a-2R112Kju20QfoEP)Z-dMQ_ZvN9Sg=2fwbss#
zL!6u#17Ui&2DO`-9^5Fc?Mh~xJIH<yyvl}jE25!AS$Y4POQO&|oIue8xx0L>QysUe
z=Sqi#gvAdf@j8t&WPFXIY^DB?S6_v781-y8gT-$%T+Jr=&~_8?dRrDScJT>eV%v6L
zzimF3lfq`YyZotEBQ*ofUUm4jJ3+2<*b$Bo%JWqhejKdEC=d^Ba}0LFb%#<n9gZU7
z=attJSoc+)0%ni&d&7*dnWR<6DsIF&fb^5iaLbp9+yu4TSRMqL$Ei<_dBRng>8p}|
zDvN6K7tRDc-}CehSj8d{mcQ&|yW7=M;YVw;Kl((WuhtvWJh*&yOtmy{ZSBsax>noM
zr{#46RoIEoL}La&+P`i$)DsUeZtCIj^_P`9*->|`cpsrh2l42ASLE*M8R=|m{VCt_
zOS4AaW=U*Vkj6G8gc@=63!e;#xPq&@&lG(Oj`un^Y$QM24JcicEO$NCR-%(cp2k!u
zIYdT{&Rnw0KS7?7eEZVj6n<NH_2wKp_I<kQ%9Nx8k-FP~Urvg`B&?s&^+XC5n1mWV
zI!_^dGwzC$Zd#xa;gwSMq5iG=qcNMI@;+gDDeiEv`@yxICa}$Ml#{I__F!0u$r7_|
z_x5-(@2dCP+pfA&JfcnQ4L@o_Xx6Vyi@z4<%Xzloeu4dpzME*??}<JWLBDHGZcvyp
zeB51ORr;ePsg#0ti2_r{bRgG});(SG%BU*VZzM|7dnNO5MdsSmJ8rEiJ29+oI5LwH
z;>4}H=;#u7E!PKwOaJFd4yK!Wo@t19La>21t_Mk$3h)a-=N2Ap5NW@Zz@0e|I@aD;
z|MFT2&n7;w@-+p|g}}nAH{z*kFWD;1iAOe$TE5mQq&?r^7QTNg@z&;nfGCIm>7GA<
zTi$iiap@&&Vo7sl9`2WLyC(3&eB>w-j<2qY<`;q8<=3Q_PWa^UjWo3PpNNO{D>ue2
zM@DR>Qb<`^g(|fG=g78h)~Z$h+}?Y%SaXjWX*O$MyCR-d93VgWvk$mEHx_q7@Ht=0
z0=oiD0Tyr>gykMxM(=}%1*hs68ZB(WFFI`}Et0Sao{@NG$ym}n%ez%*oVTa08mSTV
z6dxau;L57y5~yo7iuK=9f>CDUZSVUfvX!N9%FNINzQE0)+GuH|Q-9w7Q5>c>=eXU!
z!DR@Jw4jbc{XGS-*u)q0s@`FdL7#Wpo`RbI+U$_~MPzxhYhAsOCjf)x3VLSbH~ixE
z_Q9~zQ{W5{lVl)syCB(KvULJUE}y>_O}l*~;r>`@e27{aA7+>fEApGfQ-MpOG>yDj
zrH#E~e)MfQW1P}^F-+45ejbI-dWE*t9^d-9{$MP`(Sb>_lbzP&c9w%>!~VAf9DJge
zHzcHs_u^6;bZ_1_u3HG+ZJ&cvgEOzt$CJ7bg&hhpr{&MS_wS~rg{2-(H<sQPi+*!f
zzzvteI^G|h3SX1f34cJEhRAK1RtXvp;7udJrd|5|`PJ@e?o_I~AY*F?rdW7V_)At>
zjnllr_nEnEH7pdcVbTuog_4IQTEAb!dwV0_X6%>iR&-Z!2!E=d4?KSDxgIdEJqGSQ
zoI+bJ4<Gz<ii|Ly8w0uW+!!ZC^)X=i5&uadQBOa-ENRM3s3Qz_Ovyh-+L5p*Wd4;|
z-EP8u$64I_*j#la@@#kQ90z$C@%7-iW^lt~-=54*{5<WO0j}5_QTA^C(uXOodH>^C
z+jw+o&L)@{?oj;*_-wiA?7EjNX0%DT%}Bjk{JLy9UH7LKUu^RwX&N4L?@+szDRtf)
zr?_9`XFuEomL0C|v=p)Z%5;p#5;N*D^uF8WkE@MoEmBhZh;<hTrV&SP;jP&9!fa6+
z$fb-|m-8gy^;r>f<Hi!u#}OLBDXM+-TpGE-=lU^VPiWdn`xe^k`LW(%&We!6qE{B7
z0huoXy*KS=^D*~REcstjOx+7_delkppeu~0FdyR5oUK^u#OJ{x)IMVifA~a`Ivj>N
zA$FzULmvnL08OfPTe5G$AM&V{6bq<6w#xhcw%Q-37|v`N!KIm7@it?{?q9w|S|sc@
zHb_m*Ag&TlyuowRC1OLn-C}-oq~S6Mxf9&mhq1ig`WE@_QfyRr{RZB>_^M~(u1(|A
z1Q`4Czl=W(awyX-_G}rJ<{J=S^f<5;Pz@O6X}Z~o;vkWY%LygVpYI{RgvN%bJXe^^
z#yUifisN^*;&-&o9;Fn?xw(xF1eERG=#G>;@Pc{krFuoYFEK%Ej$l;Y;uQ11XX<Fh
zhKniT5a^|Pdyxl0w?O~urDxFnOf++<N7O1C)JdrK;e9+60hz9+{vMnH?YGC(X((pP
z2wdsj@_M|yL&lz%rDxlc`>f=iUXljRwanY44xYA_t4jNcu+vV*`=&tO1n<qSc4OlQ
zP=)-%1m5nBDHwvSEc~Hqgk@$xG66X@MG&+%KOQKuzJCYXg5x*N?Al=#IP2GlM7n3$
z7CBTSNza%ArOpD^RygS_zWMvT54^a4N}!Q)(eUY#<L-o4JdrSL)Ac)<YRwzQP@J7a
zVctXa)^3uLq60FKj$ym=MQR}Gvz@G5T}1C4728wo6E2lE6N|q%J3j6aFCW*)y6oi3
z)ROl0l6u;mzD3y&G1wvXdCGU!);1<c8l+Z%ev0T3k|C}n!p~<St%UERzIYmzYg#L^
z<OWaLykO%O27wCK>{<(dOa!vONjM8AfTp`m7eZ?`Ytah5j!tq;mNkdv>6lKn8XNmh
z?k{p#tP}X5h3u#6(Fa8BrAlVvy|3AfeBu)KrH!TY>kmuE9*CVV1_|CA9gCNPcM@(G
zH*ILJw5DV|eQe}hRHg1TlQc^`e)ixj0I=_(q&Q3h{v1aq^0WiDNSHR=LLzlBwH)&(
zqCUU7X@j<6`DQ)(UbB-%Zy>UUc2Kf5&LanTNU9Enp=-TNf%lV0zgrC(^ZtAX-@d2~
zhCiEN^&Td|t*s_gq(N7Qouh?>2@O4Z)BjvF?$cnyuThgM-I7P$0nC9al85e%#gD1)
zm;fu^ffW;ANhQf7CEd4)nL#Z((@Fn?1EVxp#IDh32LDZK&~imY!%=j>{rSzR5$p?`
zui1++>KK*qJ*vq}7ilk;SJ+b7v<V}l?<2N)fliYr6o4T@^Zr-qpRk<mh2Pde{_T@F
zPQR_ZQNbKjwUD1WyFtP}zbg?ej(e_0TH!_Tpr^=BhnBFf?i$s?NythEt4{#dVdgpB
zx|1)X{t01Cv}yQ*C1*;ysG0uz2mC*SYl_+6=$S_|*~s=VIm9h9qfWn0-gDW3D#Oe4
z6_w1srg*7#_OQlUrw=1|S2Pyda4?cqPjzD7Y;Xp_MA4|QaBog0Eg?&S5rl;4xweM?
zO<5;D&$<G+6=C!jBS~=<&2k@1e<GiouH`sEpM5(H=zZalfB(h7Vpqj4zsSy#{LNz9
zkE?v~)5X$g^HMVWH{Pn;SoZ4>{DPatkeCGzmva=UkU~@vr`%LxR;aN~df8DF#Dz5c
zNk}iF?_L|SSz3Ngigt>!o~OGuZ^3Dy>IJ7Z<41NfvMh|>^ZAn>+|i!~F0xH?aW^^K
zi?FMsc+6sBxHO=fviHlXah*0W^qyDsO3mxJ9aid+%?4=&W;V@{6S{shfoHFIv`FUb
zspzJdyl-N)?^*aQJ(1}~tHe)Y53Cexm}`utewfIw?Ef1)l%QZaY9+c2m!<Kb?uuYz
zckPV2T=OJcmBIdM^ZV_r%)?!0qli1F8>B*X3yfKHX1BZNIFH9yWQv9hc6l(Mul5Ur
z?}m~;mZum+nBtA57COqdw-!Ret75+_9*F<g`VfqBC$Oc6*y;1F7W4_`FSVTx&zVVb
z32rt$hdm;qS@Gki{C+YQB|8|sYZ9jHk$<VW`&$Za=#A2+qHl=mTX{}UlXi7JOfWK5
zj2JA5O9DZ2^DLt7i7i|a!<umE$AknXq%HS69=^Xgzcl~gD0x=Afkd8`1tO8#(BHRd
z!P6KR13l9BbCBvk2!x~P*ISoIu!5{-%Zpylj14ddP({aWnl`5kytvPlG}wUUR@fxd
z#Nnu{p#FsmNjZL&znHc@=yc8y^(uXcHNeK@4s6NVVmzI~Oz$|$+Xs-s&d{N_w<jv_
zF#V_^CAmrRP3jw!*&VTj23EcFphu!D@ARoqa6`fuh1*(xcHJ2J@Rp)P++IwtEZ#op
z>PTCrO_Vv_ZjEO;_B&CZl3&!N_cZ%S_i}W?SE87BnsBajDSj6!95_~(%Il{_z$Xlc
z3SVn54?NyGnvW8$>C!JxGy%Suu08|~u`G_IR7mopMOlVxh;4?1mKHd!&3<T4;E30)
zq7#p%WZ1;MNGz6kpdIJBTW3Jin}po;Z++w_j2NJcMoR7SpsRW`vBthEiIewOSUgSv
z+Ya@#hF(ZGe^e)aBz-ftpzh@2vt%6HcugjRQuNxZAqJ95tJ*F@yDnVQ1^b%2!$%5?
z&N$!4)UbX|pSblS$=?WL*!I0_qbds+URx2!gA(wMl$GLmf4oM+q?t)PX;Fq>J0+w@
z&ul|ipRC{wAA2noJJY)+f}c>X&7sfg&R<X-KDJEX_<%2!v$hb3{Iu~oPzQ4Wi9D~$
z*%pQezr{WC3i)v~p;~cv?@nQe40=Q`DPc^gYVh)7Q70;)w6zJ$Aws$?lb>w3?+8@w
z(fGVMcOl$=+wrss|FP-Qc#Tmk^CyH;`vdOCQAy#O54gSjt?n^Y_nWGg*w|RG62~4r
z7(dv5D3f96g!ZDk!s*zzSpxBtXGO`Rnag4^Hjb>~@#p6C&*-mW=N+_<YQ<P8PH;wD
z)@Axhvgmi2>eqaK1?O#iVx1U_=q9W$OPyY`Y0KiGHN?%x$b#h`ZT9_SNnHpSE2rv(
zy`yT72=~}+3M<|l7$cllH=+7k^Hka8N%>Zu+>mu<(P%W;HFLFB7%IP<EA?A=H%PHH
zE(3KU*fcOxb6nIlHGbM;THQU}N}4B5rtEuvPd_038%5Rl%7X6Kh;D;;>)$t-yOal+
z>U*BI(mcN1NeGVE7rt5`mYk{5GF>V4^vE-r@P#Lq91ptR_FO<4^vxPmeU}2JDB?jH
zxP!Fj#fqM~Vfid?SL{%7Y)`xmZj-wI-O-maI*-z6-xo_>14$Im6l8BfUPEf|wIk2s
zkugZ*h4ECAT{c|+J}-PV;~TXXhvQDl)?<8Fd4J*=wNgp@nM~8&=8mJ%SG8a9#f>U&
z$8T*4kbgR(9XbtMjc<tILZkDaU%OOyR8k|w<M@qwH`3DOr{L290oGJpyz8|{<q4cG
z$F?>6r)^F-fs=C?TS~91l#h*fG&&ai8&s5Uez?}dBuIkSp%=uQnlV4)^O<kKn_T}b
z;fPsQ=Ccr@Hy>+Fjd(G?M9hsMZyH8IH>OknjQXsTQk3{p2q$ykw%OoY|KuFH+m~9E
zKM5o!GfargroiisEe%}#g!I8~bMZ>W{jkcE66*|{&^30Z0;PJkXWH35BQJlvxltsH
zd${?FjL4{|oBX=7X|l%dso7;;YqoL9(&<}fqwmLq@%TuAScxC7xH9b!9Cc2K;WII;
z?Wp$H;=HvbYH?D%5Sp806k*ETK3(x-F%Od`b9WiUdF6U)zBN8jKpik^l@ghgv^ZaX
zp(GwRxF*(cc1_lq+bnYA`uV3@Nura4wE5E?d<(xUUEVr_&A4UdAUzMEyu#Nvr#o^&
zmNRcYQ@viPs!Qco68C_U<Cx!Em8`l{rPjE|YS^wAH-geV^J0>Tt>$Ibo>t}w<V_@{
zlI~)^=hNFU50SHFm#0z+92XLy#T9q@#zgvjcbG@t!})E)FICT$6!spc(u#lX4dzCB
z7TZ~8R*C+b49g_H_hV{JALnHRXX#AJ@@+1Uyn^$xxh|Ky$)LdMh_Q}ei*EWJx0s4N
zWWE`@((dMV#BRvZ><Xy=tbe=3=pAAx-%4K{&_*a7uOD53;SE~^xPrWWc%H607R-Ek
zBggShMJ1GP`FQAe!DXU9-FPUTb!Q!TOA`+^@bE@@(<al`R5hyFMMk~B59D><$COj7
z_Ke<icC&=cc`OP=QA$IbwJkH)oVgo^&ohUx^oG04Bx7p4?vz+Zu-m@-5xcgducdz9
zX6w$JubKITkjBQ3_jWUAlg9b$0Pu>oej<K(#bO;WMRd~)x*K(7Vc|~1jC}9>Y?vF$
z=%dbq+(87MwjlQ^kPXPT3ma49k>;IGI+XVPS;NXU98sB!)0O$+=?INQIjahbpYyLQ
zihGtcA3cq164xMp)BnrT7py(JO%R<ef}D_``(gM6k7wiACAP(~VyTq&$-)}U<02w3
z=353$=vV3UAEON(&lL7~l?nHb86-mIqOs_Dcw$c+4<2S582AC%VYI7cJv}@@{k8Or
zzd4;A{MJf$`+8XUmXhUB2q^*2=L(W&93BY^S<PtVi;;(^cS{ag=jo_fa4p@wlbG#F
zBKdI~9!Y$&AkUHv7s9iy?CYjRvM6eqUAz?gF_+1kUif2=oB>y{jK>YAAu`(YAG_zD
zu#X26UC-n89{Emr+~w>e{n1-(_LX>|Z+fwRvG#y@Q2d+W@_WH-%iEm<LebHd`y8^h
zO#40v<~VG$kMnRZ)|`b7?d#=6G}u16ZJGl^(b_!T_rK`nItAU#nrr^O5E#yR`H9Je
zLh?_AX=5f`H>MP376K*t7waXT&gdy-RT`}tT#viO@T3750@1ij*1nC)bVlZw(8pMZ
zukB57Q*~sdZ}T?WiW%@&jxo)yWsC9Xq~{cp+AZUby)XXas~#>eeDsujb<#`nA`o-0
zGjq0ktSf1Vd(VuoA<UyS<L4Rn*9fPGeaEu-vQ65|&-@<4&xh|;o%j<RJq~4fSblh{
zb)A2Im?~P9`L!DJ0NpzM!(H*c6_VaY;oe*90oJK*oHu9#3Vn|vYG#a@mhUYWEm!ko
zizt%s#Ly(Hk(DT!l`i^V3yGD5PvHs%+$%G4B9DhYNg%B$Yh4B%OQG2sw)7DUQS2?M
znoI{rIhhIsuL*2*h4%}Qw|tH*f18TN=T$fCwD*8&ebKJ4vGLxs_G(R=9PVi|4Xl-D
zoO#n{>Vh0<_`^>s9#4I&V|kurRi1}<H+{E!G0^4S!<Pc$vRwDdvCU?vCIuJt@Azm~
z4<Fa@h<ixhsvw(d;e4p0#@iTj8dCw;-{b2ubN6)O3vL~j$PI<zh7104>hBcDBVC=|
zeB5G-@aRwVDbFqg&vB;L`edW%*cH=rSkrSd9Fyl<lQiR~DT})7FqJN5H}0!xR_638
zEwUNExaQV%H}1ljDDBWCeNDPm-E{t=^LEHrMDNtkN`<)8gI39y@u$A5FXGRsTBgXs
zBICSju*bzZ!+)DI&2&p_s-R$YHNc2VE~=QFPbKhxj+yGAJhRmFiwnGal`?N?=z@7L
z-U@0y_(7Nt=g|?C2Zt%hAF)$2SD+Pc@1xt6h^xSRY0(l6jLdS^h!_XLrLA<V%j>&;
zk<iV%5mp#(ZBxDtD!WT1kZMG5wD-F8OyMAcnJT!J&fINCO`}VFnzwJw$@6u|lDnMg
z{<R?{qh$Iwgwq8&`bXQCcCZu9YxxJxtr%{4<C2^d$8qVk0S^L1<!KTlOmAESr*52N
zf4+5|oBw>?c*5vY(YESd^jvb>nD$Tf&)nhmZzS_6-G~K4INL@!2t#&N*Gh^eT#Xd3
zh1G1A78pn1F*EJQp~n-J;nrjmv;Xvc$M|jCDAe6$zaUESY+pV*teu6`oK^+@Ktseq
z3G19#ZsNBnkJDvknu4FZ<xc2Owj*-#4YXY#S$nEjy#Lj!l@DAoA~nCOaY#2Jk(4a*
z`dv=uGoB3PY0NzA9J%U;X_qFqX=iyJm-EebYzW85#5Z=Hku}PH?(4aCn92MaH|Cl8
z4}=fbxBV`!hfT@BjF&^bc3exEho`?e&=Z;O=({|#cxy2ZC!cfDzFt=3vnqbA^Gq=c
zxNctY*?)QN-4l9_R5KyZK~`JVmcq8L^)&j%dVz%mFMhQ3>Ma*~x=$Y8J9gJx^_2DX
zKlfQaI%ep%KQJdS#Zef|&qd~sM|+#J%{1ES1=NYncdRkIOhS}x5y#Ru-I2_ZSnWQN
ze)&+Q^18MNewM>}Lf>=Z7@0GLP~sg|tYXacXLJao4<ibf7f(B}g1Y>iWRs^-qlGJC
zFYK<FD~9@QkcA%P>TPe@FR~LEv6*eWPyAWCr{nGSG|$gRpGRD#igkF9RPyE%{e1Ak
zKlI$z#7t<tr+xb<DQWpI^4M3vL(894y!7NTa;k$f$WB4Y2uT`wJ?Zd%;6>=rec{f_
zeKsk%=-pMvPfe_mo3ZPwtYn4v?z1>bc!@>yntG6=U-!jMVkgA;^jmHMvCek+j%M&F
ze;uFbc4y{v+H`+H2iZWM-JZx`!4{Fv*urV_1~-rKdK9eS*RSD;QX0P{wsrhA{Ug%@
z!<>a8f?qcCeIboI)vsnRs|<e0$PANGOWs<!&r7ML;+sA7PAfQ`<a^U4i^J&1bU2^!
zkHd;_(eaYu+8Z+9k4FzkJmE>?verkxuu|1cc%Jpl7x+vBxZJ%)7;}5@qusFN?oT<g
zuzQP%tnGJe&VGPiDmw%d>{vcH)+HM4jjGB%GDnD`lXp%p%=QYoT+e>;{64Rs@4tc7
zQBTF8JvQDJ!Xh8B4gGI9xjIv6PPuv;egd!F`ED*rn~%m0NTC4&TgU378>xeqg2Evw
z3|y+DstgG+;<29Jb#`w?P_tZCM|tiyCC*u<w9q~DK9!o<lc@#Qn@DmIdCa9AK;}Ko
zWhFa~)!q$S0w<T8U%mC}PV8iBqL(G9xxY>l9fn=+vyw-?@#3qNez!w6B9>_4eIWl)
zH}I0A0T1_FnRerA)=u$Ii%iOcQY;G&jq&$Pd`a|&%=`CG&&SsW{k`w9`&AId5Y9aL
ztX4Pjz$q!&_!D{PTccYp(!Lx){HgWJ2wY9Z#&0;(Kihl86l~?Ko!(K1v19LiX3$F$
z8LKw?X)p%wjC@e=P$1UIAg{wt(K~wQnc&HWI@W6s!+iql#NUf@Y>9x@2c4#IFQxmu
z+WP{_9eke|8gjVk;Jg_+!(M3P!uDS;ziGt&$g~KEvg5bCRUca6ET+0{F_fl8&Gm%r
z|KaK_qvPh)h3%OzW5dkM%oAp2Y@iJ_%*@Qp4Kp({GpA{oxk-~W4Z}Cj-tXCGpHDw*
zEqN?oOCC$sTGn;jlSe4KIYnk<prPeq!85oLa*nmv?QIozGE;de0x3@~I^<p7s!j%h
z1A{v$sBtV2&z|??wVq#6><`o;b9<g2pvUIk<z^BqS<A#89QQt&_{uJJPLSN9L+d`O
zf`Z6nk|H`+EvO;_D#KG2Px>;J^ytjuk8vwbCUi+)XeMSH&sFJE3LqQLn^r=2O(_g8
zV--0TzVtd~$zP2~1#cMAy98AGg&O!hr4&rf0vXv^xF>l?3TNjMZum-l|E};lva%Q`
zOH9gzHO+tVQ*6kifxj_z8o@fcR=!`pAk{*|3MlyPvcK`y6&ZoyAusJiwo{ls)tB~V
zE20!*W6J~Kk1W1m$&31%s5>|DS|3DL!)0&y%Jh%51M*e}Q4(CtRHvQ^OpmwMu3r#!
zzp1V^4WJ{ukWX~*-Y7;MZs;5dU5-L)#5`_KA5p)In^IBp5<=m}W#jq|sZgS3=g4F9
zI6IsDkrenTYyp=$BeC>nUacexxr{KAxL3q6prB`vzLhyOYx2*I&7Ug$5aFs2Zj>Hf
z8;RPsoFZI_JA7s)!8WWUU*VM@HX&5vf}a6%GpwbC*Ai2}s#`eD41CPsbK>$|hEG*m
zX`n#9zpzy)EL=83T7wCaCVGpT#l2%@(!buC-ephtk?Z~LtT)XwP_ttVx6FadDJI{Q
zZR8W=;N`A@T0YIz7u9N*AoVZQhngc|VOeJ;E+K8GAT1&dkcMR`o-EDbEvnMX%+R@^
znfL5GGfH=J{?L6wC6Y&?cP_NrA${)pQ<L!)@PXwLUNXZX@;e7cC*I)~Mh`)0dPjO%
zBa6Lm47F9Ok3#M0LsC(2gE|Ga%AsoYwks~*AI)S+$wVyU+26!jI4Zg4+ANZv48x?4
zSbIj6Ln+*qQ)X<QW(~bOo`xmhI8;WBJ}j%2E=wM4dG@J^05fx6dHc?fHF+^E189f{
z@fBfDv=8gnQDlEt<7+19HKs&`_mCHM^*gaPhVP3HLT{uvQ_kcc?<V<l#HeXlTrfGy
zB{IxfeE1<mE)$?QQZ@<i%0|IPjlX-JkET`kZ-!B?>mhU6)n+?Ej;~%B%1o2V$%T)2
z5vY3RC2g!Q@baoX2K0QN6AhOa3t{(EPmBA3`t9Bl#CFzzw7+o8u0^q&cb}5_K|JEi
z)7DxwGDJ5Ia>@(28zdfK2@4y;#vs}jlC(#ud!ID}G|RO(nnYrvk<nCt(N#Fc)jgl4
zJ)U{Ul>K!r0nIv!(`jRsrBO3uYEx?vn_9-tc<`o;_#$;xy|oyz(_VrbvxdF^dSZTg
zR5V;-)52PcNjP1%{I2$Cq)hgns9a$R@U)b;g?3GN@aA1Vz}k2i!eU!|EO^g!saSwM
zUaeG=_uM?z=|sXVDd-vHXhaK-l5XkgIZyhS57QoM!vPx3fXvLp?LUQm?P*L1D>b$x
zz4cb`TN8G0`pXnrW0ZuU2|)an7q7flcG{t_{_O$Rio-6Pj5L0w1f50My@6U1!_*Ly
zjD&<=Y^tW!^5q`xq5JQIG}f)X7-`uPYd^YmB@A3&?m+WjY17}q?6U>qMs$=(c^VGo
zS2@##H$O?{az7aainVR&SN6Xat>~!Ydb6aiconwuD`yU9-tDIdr_=Au;G1S5NnZ9W
zO&bpTk&~Y88UsYxNO;=6G+>J_xO17PlC>4o?3;*^I8Th-6w;s^K=!mbP6#dd;6*5p
zYy5O~o}KNamZbU|TD63|Ppo^=h)1k~d@w;3Plw`~cO^t{csvpT`2H>DCVIapG^~P(
zaUXVVy}Yb#n^Y_8Xx|Rr-iMrEFw=S+4{zP{7+U={pD#CLhelXNqp%fq5%O?VDdP(V
zM<gb*)B3!WyuQmPjOm)}<;TXJkifJc_x!tL%H&f8sd9+M)}k9O)tX<$#7B&5t&{Sg
z<d|wcJR(u{Vqp!2C@T&PM*`o3*Qh%s=}`8!Rd?a($j2?eNgYV^N7F)x-dM<97Ku9q
z-S0;8n<73QB!^G}yVJK))EH>KC_N+TGk2;4?AGeR8TLmo0T=U<wI2fzpp3>K(3dq&
z29C}94*Y}RiJYM?b;q?9cGEvpI?SLYggj_70^7i=jf77o^7YiKuOUdd7`2_%jg(n}
zG9jxz+d0vmm8yE~a7qR1qYb!@^v`e#9bO&Y2i&u4eLnpfy|~^UH}8vElT$q|>E;UY
zg{>3WyV~mFVq1v+w|_$4)~4V^o%zA;;6@`8CCv88#)puhf_m14-AHi8$-_!IvwraK
z3ENd`!A!A;fon;jci_OB|6kDcGpCgy6C_9amQoc_SE{<p0DY<y6sK450tTkMi$Tn?
zQF?S9t(e*)OZIsMq~ptjothT8j@VEYweolG3fcF03)o%N0{%qm+_T;tDY@5QQjghi
zX6|#cD!$YhZiOXtQEcU0Za9f!jZh8kO<U;1K^V9$7~W^e%4Z#t6Zmboifc10j(m+#
z59~}IundT_9nDr=GG79Akn^g(i;7mpTrj~8Jq2vo{KV+>&6x=Uh^rege3Rmi8k)m4
zf;g@JPU=wEH;S)tx5ulkS?ZTrMg}eKR4Y%*Ws(80BQghHhVRw#ssoGfQd0jeU6ka}
zk<qijdw*~mQl#%7r(;<s)y_FgGF%Z(^TOhzhGLzq%5^X*Tg33K;5Q=^*=OcLrH0x9
zqD!;$_~BS%!_J#bawCl(j~649o|oZ)`a`J{oS0~je8ifY5W+Z_O}oLynp78E1Twi}
zLB+KngCCSK)jJ6&9^w?|ia63fEF=OWte#<}zj{mQ-TpB8RIcUO$QQ@aDntle8$41;
zdYr|C>E7vCT8NlP{!o5<`9*2?_)#v;PvG9fgF82yY+n~~q_IJc%X5k#>I^rIyD^1%
zEQC<LHh1^r#u=yq*mS$DU|zZo+J*M|#n~+od7K|IIq+yNbLy)xNq*1uf*RIMm7L>k
zJ+|mDzBm(N!y;={_39Ei*MTRUnI^<Q;eb%;y?3Z{QB`5O#$OHj>@>igVYqi*E%W>9
zG;+Rz(5D{+cEsIhEk;h8zR+sC>lx?J-q#PI-iC)aLxwl+Yd;@lrrUTe{GO>5jzj7&
z6l?zE0DFFSJ)V4JT3pg?IGpBK(p0i&!S2F&U1e#iE3qYbst`Gx3Bys0D_*1YcXhQP
zi8l*t2|~=XAvzk_n~UE?9TLQ^acz6K6?F_VYhp-7^A3>Erc-b<p{18zmLZIVBrYSZ
z&~^@y+6=KLaFZ&2HRupfW!xGQn}*&!8^4K+#Z<M*SoE+jH;l#@{T27f1QljJc_=2T
zSx{|b*X@ew#2<*LV}!0UAA6<1%_4^<XU8GT(YR?XoLQLq<L2s0*;Bg$zwaXYywLyY
zaaTW=T`65D5baaZM>4#oFj*#2@`fqX;bU<CI*)>YXJ$c}-*9x@y@6jWDCxVR<>pt(
z-)SDUY0C$R8F~tGRP?>v(i|Sh0*wLp=^%(*>$qQ1_9Sgv5O1c|79ZP*sN4^kEq84S
zgx>yVZA{M8h<W7t19K5b(EHlUoi<&xbmvL<Cek-c&I?SRWT?`e7YD2HF@8A|5TELR
zzoN2<S+}Rwj!K&?5Le1<5?Oar%6G!e#H-Dc6J(H=5l;C-Ts`{!-Wxa4gr1nhc8~Sr
z_^(N-%%ESBwPoiV{WU_~5S>cqm4vEc3V+u3!5NW)x4Q>(ZO=I?)9*qA2=}L|tK-_~
z@M_isS;KTBQX@ugB$v#;;F&GvYak&bgHJhAmuPV%YC_9Wfs0(@Q0`LsKV&^-D9K?Y
zT=40%s(3ROsBQOof7?EdX($FyB~hNYH6X1a^KuW5m^PG%XONDipj`JYepxn!FlrKZ
zE&erc4^7sY^``R-wWGhYO-jiFe`wXqd{y)fmjylkVeZezM(+Dx^qv_wv%OVC|4kI>
z21<s{zair%?xk)BPtDv-zb&aiQX){V5YQhNpzq4QWGIBx@HztPJ}dTj!f*ZHd42fO
zl@G6rL@w(86_s}B2Fth0<_zFH;a9E=a*EM4OX>i6L}vM(lio30**~K>qcB7O=KJd~
zF%zEfHA)a4OL8yR$O>}<z9|-<cy@h-l`~p@=a6tNP7!4%g>G)NlWIFG&iT=UJ<jpw
zX@Ki6`?^s?x$?W7#1QF3Owa2$g@B8%nEjJiWBr?H+m(%({htb642jKGUfLhVma9g#
z?-Evc!B>ovNu78H*eb7P>fUP{m&r|k?=;u_?+VF5^S7EiFvMT=DJzL?)3=~pB1&Am
zFt`aX+SK@;>=@+;D}%o7bL&>yq?+4l3hG&7__j~2s(6?ty{RhgmU2hJ8z@dS!zE_&
zg~5kilNo-{9N{APRrXf7o}wZcBKgP%ZDFqJ9Lw#65qsNrRdm|x*s+!F=XtTAxU?lV
ziAgT|zwH72)OYEDW$jck@a!<cpH>RBE1);s*+N-)&ilSF(`C>@QX@apSQY(@VgD3K
z(cAdPBnSPWhWErQ75medCF|MU`g9|mbBB{dmPmd1G%v{MocyRK`b?m49LuI7^5x52
zo&mHX4w|4gM?mJ&T*!?h-yD>Q6F)xEu(Nnx^oo?KkBAM365XMuVLxd*Rf2~O`T%|?
zCN_G~24geLFy&3VSia@^hw{9Zvcz8vr7a&^9WxP)*q=7^+2)`2KX&%YAD}o$IpORg
zf3KlJ*7?zNPT=%+j~D+i9SF~RcN`P3KQ4}MFqHM=P4m3oPlx#tFl?6ZnC-k~j$&n4
zh)BgKFP+UKRp!M<`3wGPLplL!YL*>AG*aXKoL<y!t|BKr9**<pqOB7w^MsDv(4-%=
zb+qGbi`Dv_Mi?Y#zu`PmTbF&)$AkL^7UORLj@gqE<|5ez>bp{|FuRIpitEGZlK1!D
zBOyV4J~DARL8J?-*C9}cMnP5H>p9%)e=<4$1oumxC#Z0chso_b-RQAA#OgtqjL~@$
zrY|Pm`^kUYbPFG7lp1ok2vsn2_Z0Apw!yM0sIpkM{dS|W+Q@8vaO-EyNMai7y3!D8
zJ$L-hYJhvcdm}yAYF$n?@u!kJwqt-NGsPnL9S+9GeQV+qq*5voNsW9kMMgKNbF2+e
zdQ5kCnNE{=DOZv*jP2`C)6_!X8NH`2$^8aJp!vLcT$8nqOGvWZ?XIwK&&ThAXq<4j
zX4Gx%s67)}GJ<pIsL=w|&1ChxK;)||{?|ffR8rMYVZwEx3Z9Eki<QuipIBRto+&;m
zN@E=tG{5t1@Kh0CeO<0fKw8_gC5O$1Xm7xoUa5}8R86-3`_%0qZahFN04SS3FV9)S
z#t~d<v00}wa>_>_b*lByDj!SdsfE|9kN#u-;QzKejdyVVzFcf1ZVNYAg-&o6pzi-h
z;NrBeB#t|F(-dwT)EPlRM)EO5*YCb-#lKxgqdVKKuF#87Syf1NK5#Qx;Hs|kO3UO7
z_s6$_gG-5y|B-8J1hIl$72piX$-0=woX`L5q-m~Rq+Alht-HRZMV5a79!Pqwh|;=<
zi=5X)t-IK+r!pSYoA-s@L<%1{C+NlSOqQc%^VQ{Je5J!L&KfUGy9*lm1vt8E_{M-O
zN@BNV4mx>!%uzsMnJg(c;ZgS1zwfAxzk$7G%<}u>kifu1iT_iWH&lNPhz$K>qt3JZ
zF8)3P##6zIG(Yqr5o&&;s=7i1f#->o16Ec6#Xx$Bd_?_|eYTi*jIWU?M|&;pycN`~
zA>tQh&htLDU^hB`z-03=yJsTX`fpOsw=*2<qK-has90^XZ(k`_>D-|oNSc#?j%=f8
zL03(aYwmf_WA?$c4?(}$evmZ&PW|1!VL2u?`u0pYO5TcDqRJ3pfby|F9~!km5<t{o
z=JKgC7xBBuhh?%+oT>wlB?m}H{F*SG%d=EDda~*b2?@bq&G;Nc<PuR@FUclUNO5~q
zo=ZgTcdlH7I`3Be0$|4Y`@BHxqP_;R4?Gom5<}wUq0w^&HFEQ9Bef(tLiUtiX3#Nu
z<jCL{YXM`|;a!)cguptk+B>8f0&MrUyz}+f8li2{DAU*gsoT90Q!5DwCd!qy64(O1
zpTU>=mG>kJQO_+^-RU^8xA%riv!9#1hDv#~bT)R1VJV^7c3zanzYFk)?+<JwmHm0}
z^li3<_)%67`#0KvK9B^zk=c!@6U!2jFZH}UBi-qwe?kQpafPtX8RgRN4z^?!-RcBL
zN^;OI(6;PU1pAISf`8j1k>(=Fbf?)EXCXp6>f2l-h$fSQV2%D^Kx!4x;NEQB{uVA3
z!XSDzloSMAv8tldP~y}Bf1P=IF2J|DFY`#&>EQUoGn8G;^hSUA;tnDO<$@8aUvkFT
zK7Baa@l8mxz>5I&VFcuM;nO4S6J!`=GD%go*V2=dFYp)fi2@6y@;Pog>_|~y@9S6y
z=3NsEKlHc;kgzfojsiU@3%Q~i*i=bN;ZOR#D?AzjZOlbrwJelEcKg{i_Zq4&Eym@N
zw7B(d=_aGXF2fe;(26Z0WoCRNje=c*5hQfqaK_3(j)!$Kv|MePAvQ9ZSi-yH=(9e7
z^g!<vS+8b~p_8&*gtm^sq~U6L=qq{Qib(6iH(sm!{xYif)h=^~-_M+I?6Uv>`D%5b
zV*TgXl)4_>&Jk&U=iMSz!N=Qg>zGEJOg50E;tCSYV~B?S1pu=iRsKM}SJ0Yd!HTOl
zqsn$cTNM4##8gMX-y`MI-B$z2(Uq<@-wwFm@sO^O24(+SfxMi3KdOD!-B>2=EuM->
zrp0i#P-O~&xh~xbDXa0df*pBhb_{rFebCXRkl-27{xSIm{2Z$s$%Hb9TCe+rW~M)|
z$8Nl5Fj5Jv5aNxn`!AewE2S83Zg#x~r$@)Yi-6l$8u>1_iF_et%&`G-HXBoSq1go0
zU+lSKfhV?w`s+%+VdATD#t^1G<d3w6$u79SkYh7g^?RmQeCGO6HhEw7EO%zx5lYLe
zPlqfGB2;^-xjhG`;cy;^^w`D8*i4hfiiIsC0aEGRamC{#y~fw0OY|1%E!F49$tlGA
zF`ZZv2Q2RtQ4VH;m#DM*=9bctPX%Om+4DXLlFU6++Va947e|^)hRr7JmQZR_eyOb!
zL*YJ*zrHH&IOg5DJY@`K^DMSO?L(U&MFr;f3<}SZj-uO&#C>vz1(0LE9^u5%_LZ-=
z4-q$-05}Q}KhP5OWmu6Y)j$UE8)J_RY-mFk*Es1GHhF%}nxyBN7TcL9Uw0|LA1wcz
zH+^R}At8FX(J02wgykSxhu*~5;?Hj2P~=&CYv_%r<}tOmgC7n1O;RkkfQuR_e{}s2
zed9qY1$pq8=#bABT?;GPUCY&SS)U)9oyzAHjAfKPMX7Fszkfubn4o)IT7V*g`-2~U
zfa`aMZV7*}-DG2a%r-<u1L65Em?AB~d03W0*ehoH!}xL`FOM$`31<%EmL%_J%4W(9
ztMt9YxCdSS)oLR`X<mk9@pvibVtL&}8<2Qij=8&cDJF9mXI2kZY;g-ZkZ+t*cn?~0
zwTUV)`*9{bj6Y5-P>8m3VtfNze>2NX=Y}PeN=Dx(1Q9#2<B{4TnU6(s+oT286J{NJ
zt)lz8cW07rkqc;yD#Twx(wc_|!7w_vXr#!G7l-<QkSFcO$j8`!GrjL}KYJ4W2?{xx
zSW(r4tq_*Ey&&a_Ec%J<w&^Ep7vw8TLS$rm6J=p!Mo3A7Un3KBHf;%KKb^sWe%g=c
zJ;dB>8G>Q{^tU<VSxt!&VKWW0$pgAFjyXG4J-&xHou1MtaX!hbSnNZ(xt`Bl*;bj3
ztPW|%eP6H&&o7#e{qQp<8L}1(XCMJ$JJ%!#F$?l+SfkQ2(fsW7LRj&aVVOK-j&}6q
zXF-K4=!@%jNaa3zYUxN@-@#wgdX#~u@B^x+HgE?t!_XqvfYfPADKr9}G`Jp$%eMT2
zxR$A&zW^&-Ye)qOTimt=OSwN6KIfv15cqC<G9LpD${9wmQsqfz`RvNy%Z<V%oEFPL
zCM8%IQa%fcK(Q$2tj^f$+%UBth;GH}G|zLE;u1ZW)~z$Om@<=lUL_2kqhloEttXoH
zQ%K~8QKMdcgVfPeVY~x^(`7gxmF%i0Mu=me9>}I%9IjPrn_<=(Q;jp(3k|0rE!Wd=
z5YGJg23&=yz?)~%H|mq=80z*>h0WBo{%@BQCy899750P;Y=Aw4GB2wU^Nqqi|4Z{-
zRrst1cuq4h`)&7Pv*RSvnQu}Y($b`^2|H9CA>3%cldZ46uN0@Gz_Y%8%H)7CiBqQz
zuhk2v(BXExlW`v#r2DukR8np@g4y>#1{DUbeQR|pkVLwzY>Qm6S)@6Z)uiJ8M5k$y
zfpXt4=gFGon-4AQR(nw6GDOgnvM(0#AhE6)YubUxA3lk!Lap&V>0&uXs0y1&+-t1{
z(J|ebLC^0nSHOPSFVT?$k$Z%(MfB{;Y+JXo|7fm2nLeU8cv>Y3|8m_-D#wSGdcY$&
zG){`&m@*r;o!^@<7|3mwb4BKca$iwqew)6hXXR@D-V<I#@<?IyxnI1le5_^3V90+1
zt!!!l&zAYxvCsH0eKHFdt!l&O_2TN_`cZ4lg+57EMmx?V;bDv+cVEo}Q;n=QPUsW;
zic0%(EQh@zfrmk{pupk{!U7G=GHqWN(t5T$_mt+JT~#66+`oyIRVwXM73umn<%v7`
z5~}C}W=m<~bWYVvAro=U>~SXg#REI<Ge>vm87XAdD@-Y^-H}>Lhr?5In4xDOo*`LN
z0u!1{gcB{WN*G7f{_VDO25NG>0&kaCWNKX=zUvMmGAFqPV-!LAFi;LNllnfm)PfC?
z>0)rT?e7wOuA?*ws<$J*y*`KZ-8R3Gm%@I!=N<^dwbrfX4^HsEn&o`k#m9sEbTfHO
z<q?OWr~1@V!zh#%&U{q9Yg#=}lyQ(KF3DWmYakoqb)Y)WP&&(r+v9edy;ZQRTf?F4
zW_!+bky-c+Um~`86=Kyt9f7b5UCb<Fjtkq7hR*pHGgv%x%aZc7?2|t2Tv(z{RqFMR
zj})-2BK^k#I^JQ6-EdyXd5Z=U;lQ7L72La2gBMsTOxUSMIwJZo%Z;Bq+dI$c>-IVA
zUw+>FVH+uubolh^XWu0Cp~Q*)@#;$-sTAds+R#_YBzHOjbSvTDW{%4YmGx4nBjpwK
zMY9Qq%%!3b0@5mD800BKn?s=<0|pJ_K<8q$@KUHzfDG!3IWTx+pkOMO^m@{9Nj$`j
z!L{=q{^1>6HmH9Rm7S2Tx=FKYuFAIc_aPAp#!GE7gl0$D4h(o~@aMQ9=$kVV`duLu
z`rJ(QSat?N(nM=8xLY<bxof?lVm*fvi>V9i`MRiLr-6$!9xIdRJJ(Jj?A3T)K*bMM
zl<VxQdHv%Z>{eqSk(rs~hk{1zsP@HFV3I7W%vELYFUJfEB!+{jRZba@24VHp+zT5B
zd`regKp5#fcB~GJJTG6%LBini2@OooRy3`}!JfWjZFUqiEcN)oEh|-g)o=l{wT;q7
z3hE<p{Sfi=F$pmKNyUKw(LWCpuxfdQDN-}^s4}TZ3o~xk1UJB{5JOh@!o<+#=l5$U
z_RmLa5AV1`PxOxda`4GJK>;mXqk3L`vyU7HRVWO_5o`plN+4uN;P@i^ck#0`C4`R_
zqi|~aNIeHhl5}Ni%HCklWEQfhRfbN!KbOQh@mu@3JD9!W{MLnnFo-G?q31!#`Vy{s
zLzC2BA5VD4M}z!eUYB+_3GVv6^vg|ba!bTsgqrPL{zCTFsb{ChI;wc;XE5)O9xr@X
zV`#-ytu?<^1S?QWrZ6=czR_CS(CLutS27IaA%N8UV~3mD*>O1j;I6!D*t&5BA3W}y
zo6~A#aOZ!j{Jdj-2uc6@#Po`1?|JicVXrG57jZq&o@Je8kj8AHGZLY-aeq|~v7|75
zEy{iy3{dPOi#yb$k>ej5so-;ZSYYELjV1L}c%XY7-MmcI+HI(2ZzGl?-=r&8&|T96
zO~oUIZ-dV{e5a|*OVOpwyIP86qZG+ZA_4Oi5)j`@RT5hzK0m2RaYm|W7ktNq^!D>C
zn+GK>+w-Jo7aBqpD*+e(9=bTydpwECL@Qfg)?YiaDZxB|gOQEQztH{O*ZX=Y^%*WL
zu7r`l=_6NIgWO;8Io&5JD=f227d5Kn@vOf<EF|-<`uY_J4{3t~v0w8ew3p_uh#<!w
zp$RIz`=V4e8jmJ)pxs^=ov<U}@Og)md||Xx6qcHJV<m+KSlq>rnEi!D%^LL!y`NV6
zYZ?YQ?Z}^LM5?5debnN9@*p;`*Vovl7&^3_r4`PAeLbIwpL#GT&ve`X!!5}_5InrJ
zgF(fcH`3v9NAq6fdya_}jnAsDg<iNVu5Oqgs+YT?dPV8+t8zzwp2G#ANWA}~D7sKD
z6UH3pYBd*~%zwwH{B-So9>t9prNs<is(BIy)%HV=-}{udxs4L-ukw&gLTAKs9&$PQ
zqQT%F6@<jePVx=8CWyhB%`~cOh*Yh(Kk01bPnufs802a?OyY=$;{$2MN+t@rZP9<j
zSB>4=#Lw+r4h<t~q+%dpn}!E8N`+hl*FNtr$O<r`UV!%ddaNx_gEUAjb?k>=RCDww
z#oMg7p5DrstcQj~UZ|o4aldwWPvkZ0O<rq@uhHT@OC@PbdL}m1Irfor)RGoE3_=9_
zDct%BNi+$tP9E*GL}oDZ6oaymaK3^wXs%2=so7-4hs$i`^{P6XJqLTs{gfgMnWl=g
z7RN+Mh(uk%Qai+WG%PJ|WmXcDl{w08c7SriH$Beq6;=F}VU8~&#}@(u<+R=J$+z8R
z@{AfA{I9{$A4L8WKEY7BlF4Cj*i9Y`NkyOZ@tl~}kHr){_T2sFPb3C6esfu2v67Si
zreei>kb~yK3l2tVU1WR8DDTtG{dF!XD!wQsnReVuRo3NX%vnt;zol0ERHq`Zbo8X{
z^M$D{!lk9qd?mG<Uz)&lsZPYv%C4N^CMC~KF!~5=<}+#gS;hR1&{20w`39_WwS|*x
zJT%$Uw2#3qVFeq@kjc=h0uGRjxv(FDa5=wJ@*6uQ(t1zZu5RKW)@$4&YuR*5tK!4N
zW`<}g(Q)+@uzAw(X3L~+?g@To`IB4WgM8cfG2DCXG}xj^PjXW5GH@BSryu3mB5RY(
zy!|^VzRaDT>5Ew9v<`3CRmME7?lwFeBShuugi10C8aL=j=R2F#3XUYFRIx0)HsdXB
ztPI$OrD+Ju8*`c*Qr3x%(B5pKb^V$C7-k;DMXXkLVU?p|7UCkf?App%RaaE%ZzLHW
zhUAAK47L5&Z^Mg<N=<?hwWKetqthW4NURx@`omB7$unzO-2B+7S0WEWP<aylhQt~p
zVl*3G8W}nmkq8Pn^96_!rlXJ$2-x0l$B=_-GVQz+Dr_-&8v0(X(M;OqI_}<IeBz=B
zx+6BwCqEe!c~sf<YcrK)f(?UU!?ET0zZBr75dXOKxX8)UHUlRs;i~{u?$qd*U@b9e
z)guoCk`^d?Wuw{*^(*l0$M3&I@_|J^UG(|pauvq{W=c~l5HI`?eQO?(<LRpAsUYGU
zR^ZMEW2--8ufd;YU;sXCH<ftz3gZnpA9cW@{9zypT4r?+UjB~2JL@L_1JPofVyflh
zdnMa+?m;^HT$_au)moAHIS0<D@v=n|p6s!^#z2p4Ha_PmA`bF9cLunDhbPP9e4dj*
z|M+$Pi9`^k#HL9T$QG7}Rt<6b##~cpjwM%Ks~dcg{Nvl~QWj!2)k0?sfkj6_KeQ~8
zsS`;80R2Ny50aSKCLc)YweyrquE)CSP<?(}BW)PXZ-NT-?m*cVJ_3<WxorK#iq7Z`
z0iTZ}RZWsya-LoS|I<>UKWpvUqWro2&MG8J)|ih*=z_9Pubo&j*tn!QIa*3#6R4@C
z847kAXvFm*fH`Y|z^e78-|!Nms$|8VWfsYKHSK;5#^y6Dd4TvOPsM;cw;JkB8rW*B
z>%wgSb1ggGtIc%PRxAZkoMa&HO@`FKrRJ0@Ftgg-XK>!*B9W5JyH>4bpVYK}#~@VV
zy;8(sG6N_MlT?T#e;?c~^==kWA%9)^eNj2*1Q=ctn}Dvb(#dCN+pajD=repiSwYxK
zdk=JJRh-M`l<TkqtD-a=!oaE)+~Z|jO?~7vurN}y?;%x9%|xd)EkmUM>{QiI^^mGL
z+E|vP7L(LU%Ly#?4i>-ydafAW<{GF0T)3i8zKUKI7Uh<HrAfCyQ|Xa@J-jWjpQuo7
z(Ja4^NS>V__Zs)Hq=05avcT`>mPH+48PV6?Ed2})gwck;IFgmL)jMa43UMxpXCGUd
z2yVwNSaP>Uu)DH}mCwHCb0v7K;J=mim6AjuG!A05blAFFCmnsV^$OTSl{qWkutik!
z@|eP*v8%Vy3xAJg^gGWQAo>Q*n<nyh3($7N)c-o`aC#Zd;fFb)_|#+|g~oYm>QC{<
zdse#O@Gp}6pf8tAh-aLYpd-DrmRCHI;HzoT5Dkj1f+%(cd#H!3#T_-tV}6347P-dr
zRx1pU6+(Na*gs)Iv>u3@>A-SOL$JUq)Igy!Qh+2~R<l(Nye{I7+K5*Da`2DsHxlxV
zDn}Os){@pk)Q6ba#oCWyC4K0JN4p|oNq+y*eL2o@%{yM-tq5!s1E#5IAsWPY(8o8k
zP}wWEC7*amWhK&I_G&-^HMsY+6pu|C!5}liFo;5}12ZwLc^m#J9~)=H{6wG=f(vt8
zwp|=O*zl|DiWR6KU=78>Q@KH3x$x5Zn6{mOrN+Nf8MQ9F8)^v2?VQ^R7IK26)L0pH
za`})MeQA2t5lR(M7T7Sev*^F1606A-fJP$h3Z8{_e~N0==wL0sUQ_G!KGoRtzl;Q(
zYe5A>q)5-TuR%Oj2J$IyRYo_~`lA{>M`*sb0b_@qY-!iInyO#?LO?3*(H(xeyIww<
z4KZt)S}oS@7&NM2g<1UQ0n3DpgUlEKGk7%?7NIreXEr*F%7{2bES~a&(V#qL3AcR%
z9jOY~8#h-CTG53{HN<(P+@p9MS^5!e*V|!I|GByugj|Z6aE@yTh>I}&$i!eM)i72T
zyjse~i0$40_P8;u19FNAEb-4q#*|kl){}ySk!xI9k{!z^W%YNyYt+Hm&(IRkntCG4
zk!D3M955rB%yaDclSP!W84b*(ikhlay$%10RS>yWqQCjod~mH;*3URAFrfpEViIhH
z9lnZ4N>U%?T_6h2;hiPO`E%vhn95k|-<fXnxZz_<_T1crIR?5JT6FQvrrTB(V&7yV
zFP}!YT(Jz2FrX8Mqh-UD{T&G#d?!GD28}3$s$0C{DWXvK>@YVR=)_scBlKSUTu2ra
zq%`C4H4bN(^OrHsxW7PS1isjhxBjFt_4>yjQ4hz$Aqn<cfad6AV#>ahE`;g^9>P{D
z%z_V0=n5{f`oEegwbYUL(y&v$s-SUA{q(~D4O&fu+6qksK|*g3iz}}cj8WY|0O0+D
zXxk_2<HG^-;~v8QeL8RF;Nt^2{A0KN;}x6adiK??rOyX4FwESTNQ~pz>0>y#Xos5h
zkyjo0v^fM3w(Qr&WZQ%k2Wjynv@!!<25>}Cv2rz0{T*c8X2+>GR_Kil|JBtyx@0Wf
z>sJ!Vl#0Oi)V_n(S((i{@?zs(G{NA4BrIn2ZVFz6DqpiHJCI`*ZKU(53f@|!OQpeA
z@z_gr?f9W7zK)3Z?K&zgY$lM+$$6-Sx;@6Z<Ti*RRFW7G<et)uc!902N_*#Yio7u{
z$jP$7p7|(S;+I3RH-a(4xO!lStPXXlD)QLJgOeSjCr&Mk_`FzWyW*(eYubc(c5OnV
zI;q4Z+SRS9^^6JZ;+p33u<qK$!#EM<Bgmdd49h02a(n$;(vywv{6Pgba=#&NNP8IP
z)+<m{?yYx9`pOM@Ylj|sDLp1(vFje!gf{s@N}g$MNIpev@nai@6!6M3a|ShBWX4Yu
zg~9Is)Ivth|Ag%7E76E@$yp2KqRx_tX8n~H2RF&3-k|NN0vmvg)4be$PeKb#M1l>M
zB1(MO{lOADX(N$4!Rv?L=e<6Gi}K6vNiK}okukPoNr=Qv0YZYAb!f>B)8oN42;-sd
z=#-QyBZ!IzC~9gG#<`qRy(uBJawn~RMAygX87)9K9m#4~?%WC|bat>qjeK5hQqem%
zfun*Jl4iK#>-}~8_ct4)-ALTPDkrZm6vATlfPWGMj}HhAuCmM(L*z4k!s72+K|DEp
zXOIuu({Lk~pg|KjR^gb18mL)3wPV~N+IvopR8iRY82|oWnj{zIp9-M-RjMttwgFHK
z;pnGs6Dr7_e6L|ipL5idro>5mR7lcG(tGmzURPwoVvd~OO*?31*`;{Ok|aEP^qZ=B
z*UVp55S$uvRsN|8Qk2T|p6BGQf_=CI!`YKWPe6X+NL`8(yV`D6te(C!Xeo?$t@95J
z!k55~Q7)vd^O0?CH{mab8IAv(4S-&4%+HrcnRX(8&dk-%6X_V8k#KH)zmUVNa|Z?4
zm`~LZ43SiP{nA+o<prC*F7B(Chea32b%qN7z=aUQOI}|Cco>Z|>1Ez_;pT_)mw@<t
z1N4eh#JV1_PHkOI89XTY8fwy24_!_11>VZ8{AzD~icv5=-`Q9g0TcNBOuGP}8;Lv`
zRLq;DF*C~N;j!5u)1C`b`iF7;V8rA#HEp&*(kL@RRLs?Yf)s?-&3Oijf3TrMu=F3-
z3C8RP@^?!lj}+DEy8+|v<h%kn*8|uYcHjG7zJ4ckdyq%_9sq!#AtMu)8%7K-u2+;F
z{H_B4(u#f+=x;o}G)g*6n`=eE-X+Kwoq8teMo^1%Q3UCcAZvQ)VgC3=xaP#|-Wh7~
z69Awp?xQYk{sI7&0RX5FuLDO)N<mA@1s!!WQr@C<2H%gc<vX-49=mSI?cUUVrpz$x
zJ4}g$l^{S*3U%}C!$(D}Q2$`Vxz#zQJLEM9X@)I4ys<c;8f)3t%2*-E%rV8&Qb(+F
z;A*@%`-x7Z3oBLnqxK;Uo&o?sINzf&th3Kne+NKbndVg#{ZQ{catJLJOcM!Zm0l)r
zdX*7-D;2IW*awT>&in;}#9vI_;R)nMb^&4Fv!l!<-JQSr^`RBPxGe^N83_B=fAdYB
zetQ80wZk{prHIi2xkuH?o)R~an%VSDwmoGV`Q><BLy|>6GnwOTg8y*CR!^9WNp#qt
z;&@@IiRwzPLNUK2qFhPpVGPVhzYP=ww#K80|5N$D6VTw!*w?iHR2tUR4*=d7&f|~5
znKz|n&>@)$hLUFN3PUEFl+n4Q<(W6fI3y;1Djoun;{xE|41dCOSB|6x^N?K1w%T*t
zWAtZKp$7n<Ffe!y1IX&~Cj}6G!_2G9BPY9Tj(utFZfrQ|WSmlBN`5^iyW@#<ciwMd
zOh37_=upY|=Rt*1vi@0wqo_q~P$E&R3IY^=D(nA$g#WXHlZm0ci+QC*Rh~BnmqDVC
znX~vC6b4NF>YFcd!V!W*SRtI^KZ8JUPAI5_LE+(2v&aX)>Klw?x*~svhw{dP7OH)Z
z9NICXogb!H*hmQqUL<w|>(%tcs|-Buo`ODBszCr_mo-G9AtkN9t1?oJ7A<3{Ms|Tr
z*vUeG{Up0E)L%c^z_VNG2TJhuk=rJm8OY)H4TxcwtpA7cKl|r)EC*74Tw`zt1j6A&
zbmpZnQ$J+J-H6WPy%e&E{B`ap%WsSoDB#Ev0O0|sejGk~!smLA3I92>rplxLpaD6~
z4+jvkvSY4GI1T&iMkoBYu6x5>KUTKz0{~z2{SH5y8ev(7clXN_9abWe^2EL_H_E+6
zTBUoEsOo1)^7j4NZ;)z#@*y$%;oDfCx%IS`$%+AC_f(`w6wd#F{C5V3fkyfIezk_T
z<pBU-0MMrmQ|u!y%?+I;=<^$YpEe6*SvlQ^PKq7~WV=ufC%}QtlBlRwl6VxWBl(kY
z3k@$ml>y+I5HC_yOdocE77?svTvP|~kHyArV}O?c;JVQ{c5dnWwHpy<&k%L{vcVg(
z_AiGx;m)rdivrAQS`hANK)5+P&Xza=wB)?=A}XiFS@{1SBY>3I6Z~ic5KR<!8$E)Y
zMqZs(|8_tegq41>JjQy2^03M_{fq|!)L~|C*j3FEH@hiXPuyNO2jDX_<&AQV*P|T|
zD9E~I;q*b21Ap!7eDzgp7X6F*2@N4rc%P+I=a!)UNZkyob<+b-kJ<vUIG?ZByxbQZ
zI=kzRFhV=3^#wVZm9lLH?`$8_^lv-lPe8rnN}6vZCDob{CmX_USN{Ly1x|hBX$FAH
ztgW_dV1u9@cY%JxRWJh@B~QWC{1qJiW|Qbz`~U=^%?_!S?26FRrGT}_C$W0$HE>0c
z?-f{D;$%VS6I4SGG7PsN0f;dRSlEc-HKg12jo-65oiC}b2@4tfLmb2V72)wf6v27)
z;+O%}n#&kP%6h904y?}rNIzUNrIEG-UCeKum|zk@SMLeiV9*{iRjm!FJ<~sI|D7N`
zz<mdNcBo7lGIr5>S-aP)#m_xMrXTsoT9><9EYbkV0tzxAe`HCnEZGbO*!+rq0DywP
zmB0Jc;cn5{N&pjacYjCa;8%Vrv%fjGVr<FDVW=3@ljMiG1%{yjstQO^4trYlZFjt<
zcT)bE^_6JDYWGEVhKV8dRh{{K!2mLFg-Cg;&{bw*Rv5Q=?FzYk{~o{pLkSF6Ms{`p
zcd-L_y(9keLmg9aFmnnhjgVGZ`~x-T@O!J*4cP&ZsZXx~b8U-?e06(75iJNvYe8Vr
zHcWHAB<PXPsf%3o3jL?U@N${8BTG-g$5bC6000JX6D&;}2WSI8o*4%K6S-J`tDG*Y
zQa=2cEsGfso!EsU6Gcqu%S!Q<V4B-I1?k5bL7O?2LA{(Ioq+!U{wo84^j(z<3BZJ;
z1(!e=5?E>cSH|kM;<TFQCh_M)!X676>shQ^LCh9tBusB^xW|{fFX5-QUx%i8<zF-a
zyr&n^{%4m6-$=9VMkHW|Gn2Nc^j!ClxoCl!Hk}T39cyp4)!@s};Dyg=USJ&XGd2ad
zC3P)q!^Qxw+o>gk32f>$&qh-^W4s*5mHxsd-!?%<fPe2v+;r!&HX+r7s4hJv)ekQD
zuLMbV0PcQa=1`Rw`%+E4pP-U5O0Ml<((@8@gY1wwo{h7qJDOZ51IPPO`T-|}&8Ldd
zQ+L6o&843bYER@*XJa0rAq*sG@3_aaV=c`Xsqb#I2RxBfQVWLeTR}iL8N6K|3hF!q
zUoOVT4iEtQrNw5!&9kTlY0L3NqoQmoe8p0S0f-Fiib65pO$z3M7xUs0OCS{0aoW*B
zAGY}~Qg9X;wH{)=!SK?%VW}|p-onB-fOzEktH}T_(^C;&KP}=2mUy%JDENmq!mm!%
zWI{|!)2cS5u~mA&<uL}J#DY@X%&wfTQ@RJ=9cpwt2CCz`n%%a`M#`3RlffoD(z2Zq
zyb|F?=$a!+Gbx;ctW*8t%p%2?jb>rEmQ<zOw&S$@u&25&IO!S5|Gd!AZ|+?P3+!#s
z>W9jy|I^U_l^`KoC?dsTjIzQB%fV5t)cZ5Y_yItlGEQRtDFmZO#LI6T8UWxi)bNHJ
zo3Jitpjx|=+ie5=gcDXh_qOhys^@!(uFHVQ9lp7_<n`>&UV5AUz4<^G6OWD{I8f&!
zJ>~hTWn@|axVu>HkB7d)b%IT6GX+4QAp-zr#sGu?{8omlo{yMOv@fhrlh|Va;Qns{
z9`xg`ri&im6cbBsxEO;Qol%T6FVHBF%e%}NRik<zeP~UT<efxujoAMe+-jctYPTRb
zj)`5v7Y*<QvCD21hXfe(%JImb7MI|R`L?-ntx$YuVXA`eO6_K^i>+Pjxzc!lERoIy
z002h70LUN!w+jwj<ZxX2g<T2s_S_LIE%*qeS;%~P|Kf*iN=}}6YPgTi{{sFi2L=BP
z13+LYf8y!KvQN+^%?y$~{HIgEDMv^P4!Xmr047M_pj9GA(Zx8YSzIMnQ!3is`=W;r
ziQob~a|@a4YEe8bA|TuXkRl-C6dMm5M^O8p-Ld<R)@!U_*Ss|nZ5xtOc0RYcxi2$5
z#C3s%@p5^$m!mN>6#)Rq6nA`@r2AtlJG=+{=z6b54!hlR8)NX*5hyDWyiPNqSScfH
zU{u#1;Qqz>pN*o)yr^sLbDh%{ci4V}fz<$-i|~OY?#1JRKsPbkJ8XKABF%<!uED7e
z0OKoAoNLFfV^Ev%&@NcAQ<@Yqjz9_>L1v*EGXwnMP?>Qbp{>Bs(6g!zG5QCDxZ+l4
z6I!lx)3Z_hKDxgTFhUy|>tkJp_EA}F=d)36LVG3#AsnXVgIVBWqsusmEH7LdLeLch
zPD%fR_peMKaRAncRIX#ywT`^Ui}bkG9pq}@sD;SxFsM5esew(9h!Dv}mo7E&&aqy^
zG%3Q|^L@jS5@=eWR2NtXmm_-4e5GIZnRl&<w0rD00Dx<R699x1hvcluy?O7#omvjh
z4nSt;&0sp&?w1?1!@DyaxZqX+H>ul0v-qeU)$0cA?I)g}Ay}{>Gyz~B*`c#NlHqMm
zriAgw38;Yle=+{gCW@DkaGnLN{(}Bj*Q&k~^efibBPjszXEVx1nujbncF4O2fd{tD
z;+IL37iqkhcw<rB{3-}*7XW{=be%t2UsGd2>)I=@!%)A#54`;6X5s%vYD&GiVxJA%
zJ|`Z*)uOE4v|clKtRSY#utza(<WL4d;F$cyt(G5<h1FGm;={aSaG?_Q0K9>3iP3Y@
zP(A_$7E`Yq5u5z~F#dbbD$)Tm%%yOmx5nNx$`9)Ymy(5v_`xzCu2V$H&7aG3!#IZ4
z!qIO(|E2MgQob^11CKbwvLIbEN(rcqJmgvqvp%aMmodzR$v)68eah;5eq;4vgG|j_
z^juNm3^667j@~DCw1gSkm2T*Qk!9I_m=p^E?qtb0PPm+ylZ$x(U!uzj_#F;_HO+M2
zkG!(-Jj0)MVF@ny--JkLuCvY{&62e+Fg<1Ttsk)6?7b;Ama0epn3$*=F{|v5W-fp4
za;XS#mH_~48?`_t!CJ(4;^AWeVf7EXcF<@4yOYGUNcDp}b6yf<6P`5~r^82MkXr;K
zq_q*Bdgyl&eIow=6ETi3rs-!h7zFT3m?2U=0HVzLnqxRgGZFcA>$PBi9RT7n^m_;Z
z|5HO=m;|AO9P3mRK>v#g&LKTy_Fx&W8&q>+bUG|j<^y0@i?erZfVH}tH$Cl&_bWhJ
zBT|9#gOf+x&~vM-N8XWsWO~#5?}FWC{oQy$pA?GANV`#4U6rGX7h0-3HKI=GYzv!4
zu{C3sMxjs_a|lEO7d*hRil9*W{dgw2XC74*HrdlFqyRu1Es(`dvxmBJ<~*es>A#^M
z7m6Z-;egQc{rBgQGX4K9{C|f=_X*x5<hC7elL#>~h(R{f0p{~*w-A&1u>*hOO(9fv
z*KF@%leQl^8P0Xf_FJ?aKJo#y+60#=Eu2Uf#Vmk&+(k%?;!u(%yNf^xT9YzZH9;0&
z!wXZl{4mFK%-#}5$L<WA90-C<IM7*|p@ro8Js;m_k?W+;X#Y<3v7Yj^dce=7-Jicc
zye{Z@r~FSW0cfKCOkp9EAHDI|5m3;44|T*GN^kxf8UQ`v3-xttvssd9%{KlI_>fz`
z+_w>f4Xg(~+=@{+o3)>5`NrVcWL60Di%+cCau{6+g6YJa$;1XxaXFMu0X5z#1#dTP
zFI=N-rRZj2r*iVCC!+Y7A5){Xh~*JAs}I1fwBU2^V9@w=1LYUxAfoWWV<>KzX7JQW
zKA7?6kq~CgAKC?6;Cu|(zdC_WG<k(YZs^Nz9)mBQTXO%0RdRo;gUJrfV%jEE{;w{B
zYXE?+(UrX0ztKE|0beM;Q6vp^@givLl6p@q0KolYx_bbr4;m)8Moy6qy|H-4FC-Fi
z50U|w)qqJh!U;R-A=ZFe9x&POCE?*|if&^A5?HKf=UWXhsUglqY2ON!i3l8_$tjkh
z^u6r|PMh^ax!4uGZg_+}fdEJvpnu5nqtIMZupnj8bSR%8SpS<9NKz_0t`mYgvSWb~
z06=8VRe95%T@gybL4vQNbCzJ=Per6X%3K%-(En8_|Lbq$O#fpX{ljj=GdyujB?Mrz
z<@uzB_@A2x^G*J&Rp9wL(e}bonLR<FP$?tjP`g&n8$7Qd#cj}LS;o8dl>IzuOhSR`
zs%lXO0HTu5h<f5;i~Qv&(ikWSfa(B`AppRbb-Z~Z4NRq*b8>*8CyGW=`~Shk3!x_U
zutNv}VkQ89*w#;T(Ge*YoEhW1vJEl0{QxeGMo82)SPftcw?&n*J?S((-!2C4?|)SR
z8Gw;ZNOVegJoM#j{y`R$v&T%v_$sG!I*8|S0V4V?o;cYb&3#>87_TnKc_lS~#ap-U
zuof$zVh4X1UeJXjkqjt`kr4oK0)T*J^^f?-pq!>Gc>ixY0K_-5fZ(BqTL;67egJF&
zdL~CQCJj*XPB7wi2Jz+;1j?d^_?BqAk_CT!!9o}2tuUa@FD9+@ey|9qcX})XfB^?F
z^)i6p1;F|Mqd7lVY`b5ks6U7r)UCq?&48IR4I5<`8J*!gH$kmw_vX=*I6Rx6dVt$#
z5F^|YA;*N()s)ib2Ry}ofa1TfoM5~9ZV_f2r1oeX=rR7A6i5=*WGjD1;r}xT+`gUP
zn2@Z=lA=i#3(*&GkDi#GHM8>P0o>3Tlj@CI7cmr;NjmTTNMfR??mIo9*C+-6Qd&~7
z{1o$Ue=%N!mil+qaikyO0T?HVRrh*FW~bPOtLp?VtqiZU?fC7l6#33Ds45>geb}c-
z+$*xdgc?Ixc>Cs!#9rXB7-*YVnjo6~*|ck-6#&8b52GiEz2}Q&J~Q)cUFf6(=)bWc
z{Ly6Yc<ul|D&3dv3IRH?1<{;c!)+yv=x=pLxqeGey1lQuY)#(@R_$~MDM^zE)2#pi
zR#oVfE`oVss*7*fR{mAG@?<oE*zomGkOCd!S>VaZ!MDT(Wrg6R>7-xP!;wv&eVJ0t
za{`1R$VeHssT+hrqt7haOD}rhM-`ey7Mqc1qp*Ku>kdC^^g<c{fei<rPY(xx)*H9s
z4?VW#h&#3WKg2*z{n=sWb^v_Lb@5O;3f~Grt0EL|6dLueAUCNCped%Q7-ErUyf#w6
zF6%yu6#&2@EJ|Vj8BFLXBE;YGOlh%)6MP5xdTl@E$ss9H@frkRsz}?!&g>yc+B%~T
zv?FpjS;swsTmr5Jz1Z!`3@s=M)J<#wJVnp1EY-&bOAl4A(H3$_<@^7_@-p><N2#wB
z_r?|~WcN(Qb0?UG3je2dn<g3$r6`Gj4vP?OP6J42DVIqJ`p$kA)78GEm=CeWV-3Cb
zh)3){Acv|>e;+xV;XC;1DclD|;5hatev;Znn74$tZ074t@73BW2?j8lM<<?JAS)YY
z%2__4wIg#}O!>d52!+VZ$vCXPmL>tx5dE-h!$M5n5+E!G3K9UmSW<|ES%N9xPbI$s
z0BaB`xNrb?udehFa_-9?H8ser-OT@u%TLo63tntE4j}a6#Dit|kPUJMAkKL3bZB@Z
zwZU(o4|K>9y#`fj1_6Lf9o|CLrCwEVEp&-%n$=LD;Vmxljv@nqgyH}WC3*_9r&ay%
z%6T-vBGan)+9{$RF~(`~#Ln%msXPbP4KT6n@46k0q}w+a(pb(F>OC$>_2}<e`EltI
z5Fto%sq*CLTYu+VTvYk<>G2R3Ou>+n5Z$Cg1NeiGnuB34|I7jYlbC`>t|1-m4{_1}
zK*J8^DE4u@pNx;<w0<UNQ?vvbN>m1g&7?ticTK9AnDSb*B%I%VZYvTPP3VhQ&)?&r
z1qNhPlyRyDE(O1;yzLw$qi;QkRI<C>R(wO05Xd3kkJ;{QVBqnZ2UzX!PkZ3!fTLkL
z;uSX*T}awLBM}$MKD>P<(-+UL%|x|OXoCW9)0X<c$QtjX>u9j^;=*a~@&<rO5zB+_
z<J*UVZtrrF6wcEX=l??w&S13IJ1SJgt3dv;rvgO@c0x_Z^FZ$JGe>bble@#?@t_O^
zl}g9X11&;+Re<<JY!ClGrmitO(r(#y$95*RZQHhO+qP}nwlkSvVr#;Q&51K{ZqB{;
zeCO1kx1avey{h(pch$41c2%Gvc)jfDkFW_2!({`dBhrI#Y(=aABF9Hv!OoxTk-grL
zT@XPlkH3@FpMjUGFe$ZzXRMRN7`z2xPcHs@3Mm_?g<DiCs=m3u>m|Gi`72@dl!>V~
z>XZ)xjC;wb&|Cunx_*#fun|;^&r6C=lla9}3ZCk1{u{H{$jT&kLDmy!tggp6_E=#^
zfJpm7+31yssL@UH8Xm2iAZX`TgkhF#)9=GX)vSr|%ic3FZb}`vGmE8(UyaC|4@&q8
zq~CC7+6hh?U^`0P3%l=cw%9J1zra5u43%8_#3Cb|sS3*ZhM}~9UKGs}TC@*~#HWNn
z<QdiqrKhmN^F27Q$2hvU3>p&vgvd|+0*6PfhhyVKT2@8kec5DR`o*XJBS5A-F^@mN
z8b*K&BFX(LK?^ugQKTqyR=+++$QO;7vee>A34$ts%iVWjL;3;_4kwUTp|p*VgR{VF
z+k;bd%ju7Pv_X3MC;A6H%ey&}Vs{8lz4pMroWy3yC}Fr@B3*=te?hqS9CMj0_vr^L
zD=uu(;$*l3QO=y}xlw-lsnYyS)yDBg+!q8u(Fs#3s{X34Wf$y8!Uur=%Nc{5w9hbx
zj*eBe>1aC{^gnW%k3&~Wy8eUy>jMV`ik=|z!BA(vUaF|ePZ?l#^0l|D(41^Ev?=8<
z(Eb?FLh=j+H0^@N4-e9e!5lIR;C$Qg`1PWgyZOvg5tl+o9Rv+9-I(3@otlBk(GhLm
zxgDKGqy<$ibDsxkCalk+Z9<_mffAW3d&oCgNGu+c$~h>k>;S-PHP4**XPUQ5Wj_M}
z_=aCtfO^mbCSuLMB*S%(#5o1OzWKL6fKi!HuL**od(%k%XdX4h39f&Kv(X<ope`Gy
zar7sEi3))<EZY+}_eiA>U<JXJO|;tj8EE)L1SGdJ%+jDE1rC=CwAL+mV5sP!K0MX6
zs(U|}W>0f<g7)JWu970_eU<yzn!yXzj=6ou>U7TcQ#KXPr5SpNj86{)$dN#mcUOW?
z(Vkx`I6D#&GARMbPXOe@0JR+$Vq_*O=q735e*^t`0*ltl(ZF24g-0p8(Z((~_+umW
z{VeuQ8X$7pF)V~`qRm$KtKC|D6}UX$saZJN0;q+AzE=H^7X;{Lt;G^fwue_CWQwD1
zep>ef5V3|@chGIR7?vpFU(Q)??oTI+zzQMP+Bh(NfqSdPcN9WrAY_QrvnSWpra!>H
zg(BJ+JwGb4m<$P3C&ZBcaLPskTw%>HOy_<9)1q#qkYSw5V)ptkw1BU=;6?z5+_XkK
z`I`DB*wz#~bPP|}mjhCV{EUPG?bPDK;xDxg#xm*zgOYR_T4*^}g#)<Na~pE89yZ)d
z@n~NX%+6#2zc~=fea-U_w?jv{#;8<Z7$2q$gV`*FfS1U>;3GZ`XC&leBpuLcroMB%
zS^i8kj1LZ4Gi(}ywtw_l(#|Ryv7eTJ=k){tg5LiXqV`muiu6{-Q&{$*hOx~?{x@C#
zh*yPZQTKwYwnOE`h1}U~4bYrl<EKQ4PESJ*21XbP^B_b{i%of_C^m7g9LiieLMI$0
z10!fs^okTV6%=RGP+Ic-@5A!cqOV^C)k(m<znrZfp!WNkA&|OEQ2XR9x+TKo!UZFk
z3d{fd$4wPiYbY7rHA1%scf&wf4~edW{4Ef#uTH^3MfjH+ODO+e;4gh{WN<wIY&Z}I
z07MZl<=iPRKxxr)u5FC!pkd8jpfUajKhV_$1z_>lLt)vFCfH(D4DxxX)x#jm9BFS9
z$b!~DL@yDeT|-@D2=*i^6ux-`5e|T(<g&-17?61g8>l<C?GmTI{$dB~hVPD<PZIn#
z!+L;vxIPOxm=z{gT>ciI6eJ$hwAkNLtWo;LYeTql1)IxIU?rt)TBvm9!61^1c@&@#
z*=ILseU1URFi@t+0Q<u!_AhuqZ~xbPOpsYp?pf>w+^@g*N8lg@f%y9fmq1Cka=xD*
z%$+jUbjo2QC!!MB?gK^@n*+MLsEy_|iVK}8WLi~WatQ0A-X*2t1Yf62ki~55++B57
z$OG-HBr5>=A&}uFJX~2vXA8%Ok`@aB#SQ>k_b#B0X^TQyk}|%clp(mJFU2U*lRCXs
z1-OC(w3S^ak9Fc8<nL^*5quf9{RG4`5Y$vg<tZO=UZu(~fC;+)AD{qmdY=Oi7CCFh
z%@Jc~ES&h(Ft9rY>Y<+on~c!$2J?bO=pNZN<?@-Us^}(0jyo<CjDg?S{XaEMSA<J~
z2H#Mr!N){ZcD{0@UpJ5hQ`PFVl3`y57Q<xW13@`~I}u$%fOZ8T_syOuEBvy3S;^p)
z-W%*XPaiM<NiKjyP7jQgL%7i#87o7Q*0%`Cz(P>)D_J4MQb`X#84AC@@gJN3s%~ql
zDHIMIxQv77Jp-LOcWjbqg_Gj%%P~H*(cd%!kI*zqQHgfg8cHIj$VGN;SP>WjVByx+
zUeTSZ0N3_C_iG80LUNG$!dr+XZQ398p?4y-LSdlFYOeV6lAxWn6aDhq<Q-0hWs?yG
zt+39=DD@<i)tvfDaFnpu`PWV9An!exzqDqgBI+}HG+$A{An5Eizw8LV_AFD6-%YSX
z9M5|FFZc0pK}!eB9(0q(zJN4nl<YI6B#o)lSRN_;jleD`sTe>JKz}r>odVGmXQZI?
zZUrDz6_lwmf@1=fxu0jTdTJWt4SFrO8v)8EM;I`%q0JlM<D0Z@9oJl<X)adh__^6o
zm#9<Fg7`MgApYM`8!0YOFyYnVUuL-Y;Q57U5<A5KI{a<YF^}!4BCe%gb^h32G5o*C
zHh>cKb@#h%KKWLy(Z7*?Ju#s2-?B3yc&QJ2;9a<liW1+kYb-p|g$$;5O&87Xt#?+8
zZEEgnGFbfn#>!qNe^3HW{(>Ec9zHk%AU^PA+gp>|Vror9GO-@55DQ$&A}@w>nv|s*
zy34YL?3!-GKBAxb{gpIg+_WTcJ=n71@&O%@6HEM+PF5b$z<IJh;4C!cPSSxA%r^<s
z2euaCg@~6B{U0`Cv(@if+P69YAn(6odw@tB?OBmS-X}hFIN1s3(|_Ry7Vd<!W)3((
z2RohsRG6b%Q7x2I&j&~-EANJq2d~pMrys{4dO#I3pS#lm@UBj;?3qQlipe5)e*GvF
z9HHr}Rb#y$VY2GeiAurjQ*)qKX$AGYgGrWVlf+<Q&cCP?4uT(p*80awp{3f(cJ+l@
zR0D~n<XIK+9OmM+T&8g_0erMS!wQUe8U*r&3V1-K8$pbt03Z-wi9XVHi_!-mqD`IY
z9e5()e`EG!6PV81Ec9)8dB`^{g9>?-f}6Nu)3V9H9}@%a=f_*7IY-Enzs@*!K=uPx
zj^$6R2R5H^okTU6crO&P0wuGnhXDGP%vjA;0D=fH%=EXc(Kg00@lcl_nsl^6>0kLG
z(?}WfBC#sFhw}Y&W*RbRP#=B<7>$DR5t2Tf8O_^DY(jI}hRhTIR9Aq7&)Tr*lT_u^
zlk@D{e^3I2p9YMZ`0S}Wzlvdq6_Esup#tQfz8#_eTv<#O35%8$ChPb%*3;}0d9SV%
zxIt>pYzY7=!oQtDIb86bxseA96@hN~sO&w=A;6YOX%nMH&Cvc84DRi?gaT8+J+#%u
zGpPeJ-(goj8XO%<V=n+W{l2Q8IKgqL428Ha)T0AX`HQu;gt9Up^3!jz@*!eIf*gFI
z17)Fs_l|Yki+lNEli^?fgBP&i@)?F8qhhWnVuUDf!f6;*#CG3Yg}{KdY}gjUDlHOg
z;NDO35!If83!#aTZX3;*)!{XOl%xqTk7lHwwO0q>c=42F9xA5&P-j^CbhH6(-J0?6
zBBq3o;6}3iRG5jo!L#OuRveJzP6UIfj4!bQhZTgB^+Pv}FRILg2$c(GWhf%}R^%cO
zr(_R|6sVBFvFt*+bBvZWHCa*w0JZU$FW8;{XkL$55JHI<ilI{|&RzL$|4{%;=v9n@
zYFQ@cl;~<Z)&AUD_d(&{cYGmxoGNT3!lxcQgVU>!DR5y@Wchftnrv)8e!3;RyC1Bz
zu{7Z9fj$#LDoav8h!3hmO_u_JjA7v#C-(On!c~k;K{hns86Xx30L!#*vX=HIqdXa`
z&XTONnr<GFyKn>oB4XQWD{?RX(<8`+wpti6gd4=zE;IY83k3~_E}uzIJc7lsSd$Q^
z9{R-bi&YS{0~4&4u|$#YB}F<IL;6PnAX0#oY#KZwdeS4bp_JTclG$Tm`f&@Szp{h^
z7MS@UKzTdk%{G5dTpyaBYKN4%;kLly-4!i1<{qg(A%+uMV>))-*U2~NrOv0Y-?~-8
zbcV*AvYTP!IQ^_Zg2JPxtId-em;BiVKsBZ|D>o5{ppL={01(<<;;_mu7ckZNR0=`M
zmv7*S3)=Iz45p-50iNCRQ)1LZjpS1-1%)1su9wain_W*FQWF6f`CDJO5#8a5BuN*E
zo5z<TIJL1ijEMhH27pQQgq<fIuq>m8${`%3f#XbvNl@flFGZcy^UGLBF;eCQ@^LYs
zQPJPR1z>U+B?%Lh14h@cYzm|Z!2|@n7YpAvtR`~M9A8CizYUFY?a&qY7ZW7V2pkZG
zBS(7u=x@UR)N7o2>{<nM;63etusz*v{!I=5Um;JZ_Crw;o9-SzGHyeE$A4oQwIyu_
zieWa*D>^TC0xqF$ijoL=bfe7yphVG?Ux2^KmfimRUWuc%bmvj_UtAa%MA{r@BmmWt
z+z|2ZpvQtTZyFfbwP`tsL3%U#faT3V+POH+F(8iJ8W3OOkSRXIO5)%DzFrc<#`)FY
z;ZmLs7889m5cGqcs&5=$tZLm)UZn^$l7TiCJvr8_<q9MXTWe_WJyQ3;93i3WPjLIB
zo>RHgT|c1oJL7%Sbt^x)GHa?WAq0r2+Dbzl%J48CqTFYNV@<Ig{D|C;ZxSlpJ5&K}
z2d?qdBSCAsU!_)l^Ix2eiFQog`Mhu7&R{`vB!OLTj9gvle^%u>pft?hT71<t|2=$*
z>X~sRY(|HAZ|Gk4tg(_lqK;xVX86YzWMp}e5KS9R_c>9`O0U76m=rzBdEr25R8fvC
z+L5T&R=v+0;fM&~80Id6qQ@n)uC-8xD6YwSVBm;>II;$T&rI$hI0PE@8)I{F2Rb;I
z`ayYuX|n1D4%;jnc8xt?vMTUH%fMSR;L8vF@utiLg)jD`mp>5n0mz6(YQK{;Eu*~-
z1L%|Rpn1QLyZW=pwW3fq2>o8ci}<gKA5h8|9UYQqpk3HCaUu4cv=V;?jJgQr<qtFR
z%Vc{5us_d+rZ5Y^tK)AiqzW342t`k)ukyvd1RnraZOvAg!v|`&6<3sHriP6t*Zt{!
zr604fIy2N2Im%Oq1Nf(q)2#uRis9|h7|^Og5q`(j;1YsF4~5EMZ?)H}HkcJ>$5!tr
zQA{+5do;$*E{+ApmA#y&^sS>O?i)lalt3{C4H;!~t8r%lRFnFb65w-P33xo~5MbNK
zJ$!`!tOv?Lo9VB65U&eGx9I7P#GMfB&{jyd!@{X=Rf!Bs1@dS7nrG_y_5Dl|NpFD_
z39;K21ll(*t-nBJ%_cK_3rf8K<b!5`)#c#V=2=rx^mHM1H)af1D-N|3h7yBZ=!6bM
zig|)<28`Us;(WoU#Z$u)3B3BTdu!~BaOE7!Z!H#OYZttQW%JeyZ-w5b4&3TOaMf7X
zvsF|dTaV(tRUmaOSwpjI2WfwB3K_>h`l%$ckInV0o_$RzJ-1LeHM@B_;_$F_W#Q+(
z{53euZU313swiiIK7Y^Dd1wiOh?3wxn!@yguJ2am?SL8{)Hyy!DJ(btfDx6l32l?)
zeufbm<&Bklm%{vWAjfEU@_4^EZ$oIz*=Y#%{jg2d*;z`SHj6Bw^>{-DN?=V6B`SIl
zU`4yxtY3M($b{3((<c*|f&?~t-tYtD7=HcO&6CWRk3+R)P|IQC6AVYU=NUGG)>rul
z<EZL3wK^U!6oRD*c?`sqTO+D9q!Dy<-ZFdy2+k{EwzU@VGqAC%N2nWJORG7lJC>JH
zo{?{gw%pCbJ9z^MH|hm|oqjO!bMB}MripEB+_N75MDn%<>40193X!NV7&o7(viwJ3
z5aO}fY@sG~?K`)+BFhl#fJAq_<{UpSLxjJd>Puab6rvz`$4Z2Ko>V&Zo01yixS}HC
z{Hq4*(p;mdC3;ET&ne{P2IyZsm?emq3pjMb{j~$mroJ`Ewsv<8!wZ|XTQ0$7HA!tt
zVR~v74@J`CbIB5IKr*JnZ-;qt$iW_PTuiSbHB+GNEXlGNxKi6FoNI0ZRgu{kL0(&r
zSGsN1;-_@XX9SI{r8J$byRwAjFe&k|1j=c-mHA?{Ra`=~Oe)5~Ko5z2>=dBeqs~Fq
z_+e99-f(pKekll1ZpJ*9UASLAE#hwAt^be8$Yzu)!)W2iIgX1rQ6A4}A!n|7lxu#Z
zY-wlfA}hTj8&BQPnf#i_NX~JCkUz23w_G5Yjv|`~mMpL&d&GS><HdPff#Sp3t!*GO
zQcg)&A5c3J(i}_JPvaeqb4D1tP}{AYfW+B^ad%#W?BK4=TlVB_M))78^UMaj$)gXZ
z_>3p&ZVtWdMLC*esfhKsK}!=OXhqB^#{H!dN#Bj92aYs2tSo)IvjD2jMpc`N<f(GY
zR21NqUWmGsOp8ak*d<xKtxsXX2yyw`%wL5!gcWQewtIrVUq1~A|E(kt8=-Q>W$Sd`
zO8;~i2#P&HI?rM-&32dxNOluNS0$xdsd%&aCC_eoqsGlS_C4|@TNmLM-WIYnxjjTD
zO)6OD<SWd;TyefxqIpLXN&Q>{RGRf`noDKyMENG$tT}V<+xZQrU1%|ut%6j*>Ufvt
zChT6WaSiyMsL))QmoJ-*Bm9%|p_AUS%Q&_+0bwFWM==msQv^LD*-+Q2d>(&kpZhm^
zyQldBga-94+I!KUHNu;wGRPCBP<Lz*crE1&i3sOlYam}2RNDUpbqC7$g3y-j#Hu2C
zGezz3#kMD}4!8r_$}L)I0-v-1jpU`MtQzE#gujFBJU=#4>i&sVfMNDnpTyv4fOTNv
zv*UBj&u%UBw7T}$_^48IEI+<eg@#gM;|FJa`s+qq;Rwi3*R*ONXUC5t80(b1VkJQY
z5%Cs)La@Z4peQw#n?qurKq;7L-$iV)krPhv&)s|VHRqn_V+0FJD{v%C4+Q8kR7knn
z37y{RV9EHPGFmroGG%i~D#Ufj8AR4}+0d1PZQ9bFb>hb%r^I1(+>Y1hC@MevhUqx!
z%G^d5L{rAQNIt`ed@z9`V%eh0tN5nNn5L&u-K(;1!(r_9-!6K#!<Z~E%xuXS?SUOg
z5Yv8@8ev(o)L$>Sxbj11Ka^7Rq9Vq?=W6@Ew*lzp^#w5#mgRWR){buKt0EPhm|DbQ
z=Sl01;g89R*0^H1hFmn>#XsVVe2SA;qfUR}SUyeTb<vH1rM|aoL1YfdJx2x@y=m5Z
z7n~VJRVM_Wl{8b+bcD#efrJsaH%d6J?Ay14q=qfXF|!@IYw5xZkiHq+ig~=bg<~dD
zr}#({03U}dWmLPeJJuJ>9OLs#zcj${5)*#LwH;+4@2%ZE34$qVnYyo~YPI3g?H24}
zZbp5U9k9ATr5c*GbKD;^K0`MPkfYa^?VO_6U=r)w?OedT?Z&auU_>AS1`LgV72}XO
zU^Jmb)krK6{++y1#BX9os2li|0+<#pIK2d%gy%{AC1v`5gMd6_c_NIESISjW?pp9N
zJqjShK>2$p4vrauSbLW0?Kg3Ft{X!-M16IR6k#Z>BnK6g4w7QB)9U$b50OrvA!x+_
zry*%zIOUTu%i7Ar#@AH%*eb`n?nkv7tXikvW)}{nPhL!2y7_T3{T>8!x3IdxGn%wT
z>4s(ZNjoedI<E36PD7$U<4+sUVIi84D9fn6FE%0N?*_&lh_#u#7%T~VDG5VU{Pvwz
zFOP74S@Ij<>Naxwx&4WN&k2g2^;pF)NzAW43Rf6v0W`J&nD;VQjFNW?-NxU=uJYa-
z<`p4WdC3<{2?VBKWJ}e{Ui-6B9j<X?U8G+%7IuNFd6xx^TKBFwT~(`g*Z*e`AZ3-8
z5!!l$n~H5D=D}n!)Gc#8#`8H3d*K|{ZG7qKqjdV4-#P&ff0DPLh6oyyN^KFNp8+3*
zyvbedOgU&hEXOAC0f`Ln^c-u&cVsYf)|^Drlt|^Jyq)5oQvR#ZpBKaB+{$(69?(yU
zS*You;-%FCPGU{ED=LxR4#xO|(s_=UYDR}reRKkJm17L2B;y=~%4e7*)k}r`5jlc}
zHj#1=lDY{h@U9NR)u>);>#BCa>O}2g4gMUY&v6b?_ru8jsrcwSBQ)o#V1-QmVXpAL
zUbn_8rW5ZM(64?@N;4I;pDOa-q;9A*$)2_yBB9pR`>A6B4NGlUgw4aKq44PF8|fej
z%?CifECTM&F43uMC}{1=pJMd?7BYH7K<Wj~h)7>m8?#|46$ME+moii;?j99<CBD#r
zv6B!&kjQuC@|K=~r~{ZYGBHEJ<XsRU_@_-~_Dl`no7gM%`unUhDPUbd@fY(l<6p8s
zSp?q#SiK;wpKpKT`xSE%Z=3bHq4%LqNOacJl+Yd-wjDN$+T*Zn{RheHd#W6vPJi$9
zmIg<oqWWUzuyXt~%3M>~cL%j6!&!|G+hLGJp<27mtkTUa8zXPYf#(*&`zuj+ORl6?
zV4Kzbr}dF%ykpTdMEv%zxNK&!o6n;TWB4)X03QT$=DED$69^-3le$Jwx)O%qv=`(i
zIjc<$A!#saJ`j=D#jVjyo(EAW<Fzd8y;oQjpoCJ?hL4n(($^v#erPkDSO@@6DJ&V;
zMj{Ufe79A8#t=ODzg^`>wqdFU&vcuOw&*&r#y%Gn6quNr$FDP1G`YWy)_!P24rvL_
zS?xat%VkSlGRw$xBkKS1a<Wn^rvOhd&TlO(<fBAjKg~>T<{$TWnEthj{*Y;^-%)B&
zXPwT6KMqF2olU`@SI|}+QHQMKN<oO?LR~>;z5DfE3s1&qUPNcfG19Zu%`svYS6SLi
zC1H60?Izhn^)7-{(c|Y$Jij9J0Pgf>O{4j+Sc&i3XoO4<C?0mC3IWibA6}(4NzTro
z3wA`!#_v3G^yCh?)X)a+TS7v1C{1;JK>vZW%9Px_TqxBNi^ot2Ft`gF!%D4!sTdG&
z6Ie_ryi$sz(KdHi+%8byT~JI7@=H-BDp>CsbUhX|&dqf;YN#=?HNP3}R-rY<aSZ;>
z%D#UK=pbV|OeNt?Sr_)jF2br5Yhge4gYrQ((K-E}HKVJjUN$B=_f)>-&QmFaD4j$C
zHLgzAScj%lG`rakBGVQ%77O8<K%HZBa|lIdpg4n06)C0dPHao~9BIP@134;?7gp>D
z2X)URw-QQ|l}itZY`SA8LZ)@BN{<s+B%pbsd%gA0dVX8b&_as3aXf9}C+Fy&=yLy1
zP8Sd+U{48nZQJiI207wFb|{nis6iYkTiKgrgqe0jYAoekU{;q^c~zXJ4*H-u@D_md
zl5{%pW9}c{hupF>T^Udv{NCw34?7z;y$RI;t2IYK8<0FRGVM5XN4f>1$XZbtCPbV|
zP4FT;j!J$&N}YN?jOpgDrN@Rmmz-mA!Ej&UC4oE2b`?@?>bz>k2OS<Ms-(d0zZz$?
zAlb@+QYpSx#O=DM+lVB${(Xq^MI2diUXms#{V@Ac2Yyad0`B;~CWPi&FqG~BSUMI8
zeE@+%UevN)3_ENPclI!pR`(gPImGFn5(uf7yJT|5j5Eqf%aAfrKJR(IJzFht6t6KJ
zp(|&coJj?n`LM)H$~>JWxm8oi99M3$cpRYEmV%(m$U6MF(4~kL6?KJ=fQNNuFjWRm
z1-2s>^ZT7zy5Jh=I`}$gT2&Iy)KSfBv2C%hb_+iil0xZVLW^y;6hVeXE>vSrd;U-x
zeE(p$2psUhlx6L1NI^qXfNy{Q`}mC7pkp#ZFEJqE?ksJMNt|yxjj+RP9{Kr><U|a7
z9kBMcESG(@MaoDDh(n-9bE=K!buHgCdY8ct{aj#@nZKy#_om?(@l*e%rC1Dt)~SpU
zoXF95IL#<^czrj6I2{R*B&D%%z6Trz(-SeoX?O)m@F4_k_BLda47cb1Wt1g`y=}hF
zsz}9cN)+k1<-T2OTU#y}#AX}sI?y$Z^e_8z(dD{wMsh*T-tI?VTg|IyCF(coTgt)f
z22%<xd-M4p{1AhK8SVu1{fWihRlF+`mOxE(M*Zr8@~Or}!7=(mZuyFT@3(}PQ6++f
zL1V(lBkn%65M7`N63tqKSgA2ZVNx;AAd^sBy7=9QMPF&-lGFW8-y2r{#8|A}%fh?k
zNEayTb_${?_z8N^5Eza5{pUS8^OYn1)K&X*J~0SD1&z0`|7^2<yUcltt=6{t>{|$_
z@8GYC8dTnO1)~pE^906z0ml65JvH^q99$oj1w49ipPkoblz0m;d8)ls6;5VozbMJv
zr5Z)n7U+Ijy9f6{+X@LW$$lb*@kxn{3TWtkGc4#c+$U!mu!EL&Pn55rcvWEYo!aam
z);=OUbmth~*?wj7l4HnQ6-iu%GV{^rjmkjZe+JGUGEz@1BJq}v1=SD?ld_IG8$L6a
zyVeDY`!+yVi%j|r_w%zPU1F*vAr@kmR>Fc5g0ad&Z9`=!0{9PrLp|@mO!qPNKj*#{
z0ptP(SrRReY~XaapCBl31PnA>)iWDfPB_Dz@wNvvO9~dQjQZ0k5g3mwlW1JJYo;9r
zn0UJomKy73*$v`~YWW*$<0kg}Deevj%nYMkf4(`y(2+WQln%LW4mh&YZ0IxC%WdPT
z9uOxE)kB4yH`}^YcHji-cX6#cVw~?X*^M<AW_X_k$HRN&!uf8qzYOU#>$6e{(=n7<
z6wQ&YBlxtO%qkpWNsC1#@bf^%Hk}^FWRg9&fqFBc$uBUX+eb&pkf2yK^%S>ht*=0s
zjWM95=*%kxS&GFu%#r1Bj*#cWIWCn@lb!M#0)3>bU(npHeyug}w#p1lgkN?%;Lo%h
zw%WKu2Ajxhro35M-?g6apGL!oC{P|ie8<*&wZ(B<2FW1vv#!K*m@ip3a!Z|KDrDo4
zb&tc5aKh>D+$0q-^r}IqTku~jpoaR%@dz^hOBxN%S~<|jN<E(VB+;*XTTVD<v@N&z
z2+3WIBdjhymS^?iMFzjMdIg;g&7b|LpxF`l41v+iPSb>jaH5knb%=yt7d;LU3$zE9
ztt3A1K>|SyQu(4JYTPc(DQ<XkHGiRCk^Jf64_;#1#ul~L9|P5rr-G(izkyDlj(SI*
zbi^eaZTOYx2fAR;68z@b1|kfOcTveh5FnsHRRETWq<3{>4?*uwcdR@TA`l<jH1w<c
zLq*zVHKclAY(9rRps~a$SOcoB(W6t5g_YjAG#kaH%`MUQV0l%X&GnR{8&Zh;&s&Ic
zBnO{0$L;Bbj0bjQj;VR~WroLU=id1=_1d;nBJxJk=#=p}JC)JlTgraR_LkaGm;1*l
zZhf)d_?to|6A?2O+>K}2wo3Nx+h979US>noZ|`rs*?#KL3fu$ioC!W2;JDwuy{PyJ
zrAp+*htbEs-Z;%L>3f;f9xo2zcz%yfkf`%JKFNJ@$B!z2ne?txklOeoqC^&D$eA5W
zm2dT3_u6$fEXI4nJ64ccsvvw>RUa!Nj!aG@*IU4cb&F?M!0vfC+7M&I)3I5o&2mtI
zT`sL9Iw%Ez40>(u3~+<<9HFAPiyc03mN(Su@q$bCBL}{yy?fIUEfVS$193G1)CTxz
zudlKu1R4I`N?G+Ubo{P!Y}1^Kf_QlcVZ{ix3^tyS``LN7Klb^ET)_Do;VqY9`zeN+
zcji32nIcs;ukkS=5CA~(YJHRnlCOF@eg_Rq4v``NB$R!CSeq7s7&f2A)FFUhO@dFa
z!AJ6WWlw#6c<s8RKx8Q#j<?AYUT-u?Z%*M53|fQk#us@y84L#*lR7Yu(RqNRlA)eP
z9+rp(&?CDQvr*>x;Wk&NTWq9OspvQE`Yv|+JolLGI-b>bs(P9pvHWr}l8({s;Ib*)
zi5A~hbm2NCkxNtXX{Kh>jJwYv#CnTU$%OUqq>mS3rIvj$mu~9=iyY<mHSSM=asw^N
zxW&+Tx{T^(1MvR6E{(1z-F=0YVOM5;xt0z`s&!M?SB5)di$L!%@0Y;ix3xp9oiJ0)
zuu*He8KAr1x;e-O+g56HQ2m?89y$7YDO?Q_*qU`QQiLLjGkcjL*W2Ezk6#;n2t_!c
zU?DVp`c(kp<dm!w;4T%}E4C-erG=H3o4CAMUzO)swYvCIaj@w$m~pGAS-yW>O{cWc
zEM_B4Rs)&b5&POwtNPU3%h?HJJZ_8DVeaWlXwKUkeV8gI$As(yS9}6LhCj|!OoCGQ
ze4J1!x2qL>=hdBDlwoZFTvB`YFmW0?72#z0PeALL4S!FVJ^u%l80@MtuDkApR2^n)
zQlFJ)@Zlj!9BCAnuTcd;W?+$BR`}ekWv!_+>c-o5l0%5db(rk%Z<S|}%`kyXfb-0I
zQ%Ne+K>TGF#8&-?r*TC{j=+k5jE=-Yeodf)&>$nDq>*XqL?I6ZZsoU$$cvn%wJ8A$
zd~7j@*$f>Jef3(ZKLnKAPET^93qC&4ej1BqbmdN|iS`eXCn*8<o8oFEc8-tu=<#nM
zyDH?%&y!hU%tW|8jjB+IRg+acswSvyfi_9T<u8)zj2W~IYt<8%zvz~Ipk%YcUqYs(
zuo_8UMZ}dpsveR+M3$Q0tdQ)!xoTT#v=JTeRP87O-!E567R+o2{y?dw-HpUbjaL!p
zers0|Q-vn~V=zOdm3`ALVL!Mon5*ghL&ZxBk7wq>XaD}vrG@f{SFwUvgwO_iC;wK?
zwmk*Rc5T<Cx<|Mb6IRWnCKZW(mXq?`eLuMkWl+1^f8G~mxoGP<@9)Q@j<?ibZ%WtS
zz*;C!gGcq2m9av<X9b{!<C!?iHdwMv3cVt)aHP|`w=#Y{Sg&Lh2!yXIs;$B#3A-rJ
z=RD-qZ00;0P(*W1C~j{}3s11ar^lhZ2b*t0y8@SAL+v8}m{J+vK5;(erRr>bUI!@r
zt+GoPBWST?+>C0eak&&l{XV{+h7M7(gbqDcmbudgRnteLIa0;p?S%b;EH9-D2cOFz
zyj?tG?Ov0FiM;{GTI!^@9HO|}Q)M3y56(Ba19PTyAuZ^HrW3~tGy(x3eQ28hv?SR8
zy$SCB^1=)Qe)pBShWtJ?N!2qO&rxOdqo%xyErldM8&o5Y1d;X~P+9d>N7<1DdON&O
zc?&T5DH#z{Kl~Q_U}+I3>lD!UXox%nsOoSIU02Eb>k7cQ<Wj8YCW>w+V)>m;>+TFk
zivkz|U8UK6@TK?byJ7`Sc5wNoL{?LSqZ5OXQDaH2W73=<zxxRpREzmOCM4W^H`hA9
z`0X><z49EzL;d&Zc70Bs_fMa~fb&C6bt^3iZSA-QH!VQ+l@l9X@vivRr+bZebaa|P
zBS_MAl{$x}P<&g>geUB4gi;A>@3VI7Um91cnjnty!agML*Kt2z<gdoJILhGeti!sx
zz6Hv3$~7AElg9GyC}-YlI~z%uYS)8wmfv@QznE@$`pWO{npn;(Ja~I%AqQg$I~sao
z@7l-FoCI3n&b6v~^DnQZJe^$#EtG)R$A;@cIC8dJya!P{EE7ySMZS7nW(uU`jh~-k
zXXBe&tl?QOAGOEqk~Hu@g3b$u+pEiXE({XzNQH)j@%i>2XQo!J1K(vNxWK^MK-|8M
z!UK=@>}EclkRd#@=4OtnR#M$PNuXN27NTeeYJ7}WCYr=I{bShEPY-5VLb?gEWwVLY
z<C0jPy}=9h)D4at7^pUXid-be@$TL4DVkC1m!)||zch^CE#TpV@U(j3fHbDb+JvlZ
zhMPWrIfH)*_5!2hIH)3{fGV2#VO^&T`C2AOtjWMfi%tN-WIt@!X-L3(Rqz1~g1C>c
zY9QR)n0wsI%+KD`z9pNR(7<s`HrCm8^cPS+Hm5QrhUjYgsA#va1{V;-dPSPqwsL9$
z%?It(C?w}d-cyCJy<B*E%s?FNGZPI_f`}DoB9kn!=nwL?WmGN#>d@%JMdPL)v6X_e
zF1#l$T_<CfEr!z&j|<3K2}_!f^l{5Y5WRblQ$OO?Hk9m7dmF%uUX;^5)(SoPNbg-a
z8NP-9FTcTC8iS95Au|Ka;fXkB&SoSxWl?0<y|&&}zOH$4==zhqXW0q|qjxA6a85@8
z#D~$=F@+CG(?m<TAa@G(N^PkZwERPx8yl+$MC1+jGY_+16Nnzv`+X3AOCwJWjlo`_
zJm9d+PUr{r6IxH9yG-6D%K=9L2Wkc#G2N#RE?Z5)=U>T@o*~hPm!J9PC}^lq9M3+{
zCwSsTfifo=+t9*lq>{VwIi0=R3<fTyvyoNclr+SB%MZIuVohlBi;{$YtKckqb?4dB
zlW0D9R349_mVCkkNHx@au_H#N9&gBW+G%BnU#J4slhZ=&V1ly-PLAer-t<J{kG9_j
zrQZ;iMR%_5RlP&Y*^<0yUWCRSa5`y=LJW!NUIPDbxg(8G+iZ_Zz|t(+z5;M;7aCZn
zKw+O<WzY$pmg;?dz-KwE^JaKf()=WHcJ^1;1C3cRPld?&o(omTuT<yX?9#mH7he@n
zFXb4j=}ykzt=6Bev73N;0*%m`B>kC^+IzzfOO+5QVZ=AC+HsT9C5TIcOxgp3iQ+#<
zEf%HLV|w3Dy~p(i46s@@p9md7?QxOjH=eCf7emeU#18!YXeJATr^tx-hAH<g?C_Fm
zgYXB6M2rPvD6Qf~H0X7xQE_~K_JcIx<9+}EF(2aviWV3Ll76%UM;KpK?Xu?Y^6T_#
zM|x-Q^0(_q=@V-$J%V4mw#1Ti=+s=w@5P3C&FNe=73R6ee-X%DL1FLALE$smozTq9
z!ksLfd8&vYF_<9}D|RpYV+>VNNt_Y)J2Uh;;4;*ug5F0A=(z~9t`!(?o&3<w216f+
zm;9FGG&JeK9@Nc|5J?KNYLY~(O5p7qC*p(Xugz;Z+|kRKyadCAevi@T=T(q}Jn@Ep
z9U;+O1`+R_&qrLEhei=8JwtDRkJc7bNG$N@qd7(CGFOPrVN_OT(KkrVoegRXOv3ZJ
zBjkzCS*#@jZ+&vf!Xk-hoe}l72BBgL_E$DAIDUE~9T{i|lp<te7MmS!hMj5l=m4nC
z>oTDrxXC2BnkpEXNSi^2*mLK8lIx$-aosg9YMZ9k?4_7`wz!3Ex<7<F+=V^ynNMSk
zVDKV#j&q{^_@Ky+{qJT0fuJKoTC+w_H~;wKvh7I$Na{vz-;KLxRB{~>cNa7_$^xXS
z9@Yn)6J9M$8w<+KU2kfIo_?(C`j4H6Ki-LO`^oANH!{o5>lsoM0bBW5O(~3v9i7X@
zFUXBMPmF$k&IkMLn2t3V3bZ;ki$ihK@ORVue!y5T(DB2P&^U;T$h*!0mG@1s1ujzO
z3H5@9DJASO6Yu=wCDy=;TV>4O-7-^Oy78muZ9%<x-^RJxLkp>EE81f`z@B*=9bo0t
z8<k{>jfY)IBm2><@i>G6b3p!#Pn!+A30z4L1riM}1vWHdAF}^xX6w}6Q=Tz&8zUmb
zW<#NnFc}B3lvM(&DYn@4h0hfwrvgn@i1#jNlnaBZ=>$=?_BC<{k_BCxDS2z>XNEb}
zHK4Uo5;bS*2In#8w#5jV5v}Q`W5|<i!UhmCO3;-V>AZWxonw9(V21eOv^ahm8NoHK
z%MDKzspK@&4l|oLBQ7w&K{)Ri9ND<{{l3`y9HJopIp$1N*dzIV!y>wNH|$(8oaaWs
zh+rTu2RVyGvOFR{&!k;_uc|)47EN|T9!&f2dw+nXONyPmP(UOI)3MliKM&LKl|ROa
zjppvuee3OYhI~mAHt&Gfw{@}7tGO*+z-n`4Wb*=E$ILAN)Wc|;35sJVUmdy4iO$4v
zs{8NXpsbA_#Hj7m7ERbKk>EIH#+OfKARZaHH`wupC3f=FHv%Bq{EvjVq|q<CnQdTJ
z4^=J&zmmlF2(S8R;<%bB@~=2d=|n}6KX67dF5zWMMg0TyUK=K6zQ&oe9O`RYQc;!%
zWtOUMiu;u^KP$glz{E5X?N4*U&8BS${C{Ey1bajFIi;ivd>K!Y!S4ZKW7V*LD}{X-
zuAJ^hO{fBP?3NNlOiz1EKe(X4kiAT?p-zZY9Wf!{R0(zOOe>281e=V8)nu#Vr`cQ>
z2+h-yKZ`04y(0RFoV<cuZ@|IhqP%5vGFBZ^c%;QrAiHS_xK<dr5$xatYE_4Y)Nq_N
zZ)}h#1|>??3WnHY5>ye7K!TwN57=aXVZ83C*L9AxT(5!e8ji9h;Tx0VR5ZENH$huB
ztO*A7X8oPqKJ?o`I|L@jzJNg7&kjk93=&Pw89a)fAF{H6Hr3;uY3~dI+-u~w!lR9e
z#OWFQQ^L;(cHN8VPWo_V;$+_ln~=>>U=UHu4HO?jib9Q0OB^=lu+S0(R2hX@U1M{$
zySq2ao;rxBf47=LugaMVTlxktO=K}|G4ha|yynwjc9BH|$D)C3eSd8==rvYTwAYAe
z5+e>a<|E&qzuv|RTPoDl>E{`t;M$`OZdcpnEOXUfn@hlPEa>zAo&0u(T_P|>iQ<A1
zvI0E&!F^;jxVPbGHe%y+-BV`FTx*SHK0uTD$1hQ{V{_MX1G1q&N#V!>^1*OBJ9g^j
zX01Szq|XG6fMtvvl6@XP6QPcAYn;{_howU&-UR=xcc|{&U2`g+arti+MmZlv?EXDz
zPG>x$bPI|)(y8yeDIE2;OpO4rB82-nR`n3F_axoU#pZ=<yc(k)rVu%6hIMYpoJ1$l
zX>MXIRrMo${Sqt)ecUbC&2AQPM(nYFnkgXw`eE%ZansUH3=PyGwVfA(!3<ThoJZTC
zc66vjz5L(KnG^m3_qd_c$&>u0PzCxf7*RXdIjww*(#jAp{R?Dn5Nz1fw%D}<YZ{Wz
zOl)4-<voTFeZA1s{E(meNh6t(rPi%!5F&?{ReJdmf2k<{Z7yFy=llDpk_EwGhxTWT
zMB^R&%1QBm5794fr9AX^HzYAbUU3SisNhcOx|9XLfH1ofi%2?zw-X*GdiLb1LnlT#
zmYphF3vxJ`_{|7=LO(JzAj6rVIftzWv2&sXhGgaY;>S;^=zNh9YM*fmz3^WhAbO#1
ziJvz{zlXw$-!|rtOR%toZ}ekVf011@Vo3$666LYX=H#0l5jmL)=GGWND_>y2tdd#Z
z^NW_6-&72X4WNSd%&i;r!lX9w2EVxJ^E;=O$4JP>CXy13u=KtOnI!Fun4uhHoiW$x
zIUo(eSf!?D7~8^%@#`lNU8k~^<F9&q%|uMXxz506FJ#wD>K>Yr{jM7IAKw~#dmN;b
z&YKWdi;sHT@@;WGWQY!-yR-kInPo%~OPuqJ*5$Y^!I43!Cq*H;2|PdKIdVZYK6TQO
z={-rMrN{+?Ru)zWrgK>3@^Z_tNDa)%nTs3{tv;GnhQpw=T>KDXQjwe94am~#PDeOs
z{?I%Bb`9GCXFbP&1JTwtMYjJgellBJIMYcfKpo8}=Mq&#U*o%Bx};Q`7{8r$*z5jB
zuYak#zl5X;4~`RF>72)TxEKRnevC=ESfc`dtg!ewOi6a|-rDMrDWA|LZL~_ngMv+U
z=bpPHCO7g9@Ow3(h`$I?F#4tt^iuUIo5p$Wt@9x7d?iA?!A4BJwrrkKPgRy1bJS4V
zZODl9MQ1b-95$qnkqF!|GhO}$S7^c^Vh}r>^Y~U#(X5%Y8_t1iQ$n`S793S_GQ7Fr
zk4lIhchyR?FqbCLs-K!aSR%)%rs+Zu;eOCixWHrPXM!#}6jD0)VDhOS;F%Mh>#9Dp
zljT-x+|ak8*Aha3M><h01G9?dq35~^;XY(lj{M-yp@3?;Ve2dr%)OG_%Zys3U0Ae#
zU22!y)Qp-fo9jIXKADikOrI_@RSbXh3YSE6IbHMXU(wp^eU<s$?H3JjPtg_)+QJ&a
z&`9c<CDir-zLU(4{{P$FXnBJ{m(=qrv)CbEDy(X5aM*Q*(JK7hV#GGYEIBQk>G(C<
zF}?#Xa+Zq;$B|B&&sPI0<+YWu6@%Y(7)}C33pu_2WJT(0?%z05+t;vUo#FY<Z~lR6
z?g>@*ErHz`L2Uk*NmCrAP`?vm@baWwu!1+GuEvw+&@p;TM(Koh!#D(!?pr2}GAeV5
zxAeqv<vm<^bzPF0Lcy~o5iY7U(FBWAbO1>{c7S=sp2cbGESl5v*kcc{Nuy@zww~T&
zb{O#-k5#7!kpFB<A;>}Z1miDoP06IO`b=Ao6Rtt!hC7?2`+nv^q6%zv5Wr+6VGn!f
zpH`48NM=%;r)-?c;0(@Sz7v0bO%Edepzmh0*oUmt8d@-RVajJc*<!<c@>c8IU$!=@
zT>{IsZ_Fpt0#D73s#)EPwRtdXIPn}l^#fCOV)_~G6OD~1V-$KDipvC}rZ~)0RzggE
zD*+FlOVy(OD3W=5v9k^mmKr)C{w%&iowO+2K%x(rq`dpv-{~ql4X_fxBC^)bI%DV9
zcVDYznoRwMRLkQZ^(X5$`soVBAEi~7l<9q1`^{!i+PtwR8rCRnTYr~*e<D^eb4vo~
zhF7|M)s$eJ??|;1nD1!fVEpzmSBlU?GN=)vD=RLuOW~Bi^xvMN9=C}l2q2s^*MH#e
z=+FjCyV+dvOdU-l)XvYIo>S5BUV*pJuK6z$O~o3D_IP1NXt1N8a819?XiYgzkgL5~
zEd|CyW$l+%-vQ?NrV@>WyMttMOtX%?V>8fFHErqn<VY(~mO1EOcW3TB*5dXl9Y(t$
zxfy~vn=qC??|R#-I(6!HCx{KkYDv`UY0-Z^{}!2XJ??C@ZxM}oW_F0>;dRcjjT!I!
zQ4g`TcCtOQeg^kAC+)w;*U!~IY(v@=6%Cs%haq#zdnJ;Oj}TEDt8=#7dIPFOb-3xf
z+Tr%J+^va|Q}AQyqjFr$A))4jWbxw?zJ1`dj#mV=0lN>^VOokWyfQxy&~FSN!3L>U
zN$=fbv)?;(@WLTKWZ(#Q1)B=f?(|}goIthW>$vev@x*uRc!YnMms>75zEc85nd#`*
z`D`JUjW*HiM5disC{eoLpJ0EgC=s%0vk0ckpcxk*3>P$hbq5|DK%&$*ibpsEhb;p6
zpaUOz+mspXrcV>uNe0DoZnQXK9GhQ)4ZbO5D}>o8Ke599D$*iG4f{36jpEuQ`>{T)
za5M->f<Q=>J9=VD(PTq`b{Jc8fDKwc&fMh5bz)ReTyA$A`G&DrMQ8in%=<d6>r-@9
zyp~`XJFqBxGx$z=<=C(D7p`q9s+8t!wmiDMk_v9j1(_`+_iwP3b3T&Fga_icZgS;j
z6qKatRJN;{_Tkv!T^98WtI&nVB`^1&c#ML3ZWQt6DO9T;xBQflLJY$RL1k7D60ZvK
zOR3||7{QrEOeUx&F1Lty-{u&M&V&S|=-_rr*zJ}?M*Mlz(M<qOR(wJnQ!2+;#g*n+
zdFv;!E{6Z_P;u)4>oGy7uMMW_-w+j}&CkFmmV57)1MUT((Rou-e4|u=5rdQ%?##u1
zXGVWa+xo#e8zZD&+Q?Kw1~d6A%VK6d6m$O^(sw6w`sRVKrE5Fj)o!F_QLqXet|{2o
zz4XgKFB3hvlMRim^m#h@sJ~}*6I-8xNFkg4voIc+%rx%DKMH2+JZ>mP5{~tR-4KVd
zr%*k_XPqEyVx6?@0nugq>pssu;?OG~SZ(a79LpdjM$hR%B@jcL=?V6N+F|l~xmMnB
z@EgZ)^Qd6`yM1NN9S2+xN%;_SJ!pgN)B(yL7Zlde32dw8tfaXP7^SmVxQ6vtF*i!n
zZIN2(2<9PQjfdgy&wF28y!k6FN!zt`#yuN<cPcf;Y|LCdVX_2k@Vp<-(8!yVOY(<*
zFgt2I%1B#vu|KF^mITa28Xzp6<m!c$P0Y{?fhtfk5MZqJ{c75`$)#1Gd!s9X<;2>5
z@rPi%I==~$VjxpmVda5^-1u950%MH6xjgCR4=esz2Tehq7LVIL#Kq0ZqW8P+tlFlB
z9EO^~<k)QTXWjap7+TPG^ed-XGI*;=!o3uvG%-U5IA(1a3qlshXf~6X>4!60n|tbw
zE6+3OU|Y2(qBr<b;^<Jr$H%10k!!}10{h3&u*0q2LaTQx^EqUaqzhT8R$iJc(IgM-
zp5d5sYBNcCaA~N1Dl&W~QJy{FH(Q>(mRc(dbp1Ac<J3z0m&a)8l9?<QnJ+aAw!O^v
z^0maC3Q(Z?oG*fmWkJn_?UcLZTXkHZV2v+}wNnqtyK;FsUN?=hT!jXEsK}zIq#+Dj
z9o@b*l!xD^)xtXO)(Z^ZC$WdN3C@a-P6%Gg>Megxd_D~Yt381x{Lr3d9JzQnbZ9p(
z7c*xgy|$#Iiz@Kf#y70-w1#B}CVBc!Xp9={7$6GtsAR)EP!ED2ZX;MyVlly3U6_9s
zgd+c4prd+^JKz-PCTS^$N&a)6lOKbCY(*Ltz@F3x`dYP2kO@1ZsP|Z^5<8n1M;P@N
z*{(G`I`k6eS^YMtcbMw45JhWrQDbcK!*KnW_bSSfg83D1M2Uh^13m_pyej0}eCw^`
za$f#&+r(EQB_Jz@u0UIc7lBNgFSIB~Zr$NqUn^@6RL|NC(b;@QDkjoAKX>nabo;0u
zG#bL8u@L_#9*DC&($J&@XeK5F!Ws4vy$%xI9Wm0?8GUR@4bqAvpyK1Vng0B3!QKO1
z6EsGyzW}f1bO%J@F|XKSO0xE3z}kXM#U}p(Vvo9gL0)TGEBu1Met+f`mc(O?oJDr+
z)tM0tx|~?=(}Q$I;zJL6Q8?jw?@I&9ex*1@@~aV)(~2^hG8}M{k$lx3ohzow88(5R
z75QhPh`=Ir|9$uzRB8BNdvBW%1Hz;VzmCZL<vN%ViaFX8j@4Zj4$W#g4~m`wF5CWP
z1_wFQ6*Oh1ymMEf=g8Pa!<i|bh3r$o((<xZGn(OhKmYjdhtU8A`VRm10fITXSP-eH
zhMJOk-p%cT8@Wx`0sY{KyM@fHj1^rz6zGF{dN*s3LW5W!@d}_i4@QoH5ecl+i)lK*
z+ALx0vX;^&%sBMGZh7bmE~Y<n3ZUL$f7fBW+ePY6-?o!o)81fI^|+6<1j}0F20x=c
zcNg*!5A7Vr=+fIIXpurPQnaAnXIwkKtCx?>9_vYYLH|+Y$f2zolIYzmz({(diu|15
zkEWbz{1|u#B9~3Ab%QQ5t8LNYyFx8C<P==3PIPdD%c=W^>_z?VCLz=hhi1Oz=0`%?
z3*p|OnU6*3BU5Gkjb^cF`me)sE>F7L-}w+1A(Aw>f35TmP=>}Q?7uoYaIezlZ@|||
zq{nrXT)~*X01Pfw7~P?$j!J5`G#=gBG2Msc3q2zo^olW$1k)L7aq=^O^cFI9WWKF?
zQ|K0^ctMQdt7O^b6&$Xu4T?X+1WMW3J0_$4(pM_5&|L|Adq{t>g>f(O66%7A>!K_F
zJ11FLW27mI%Pp0Fw)($kJ@7h0xCPbx&e^FgR*@CxbFyWzDuy!^tWczrl(xjbLP$Jb
z!S7g8?KC2%V-2)8TI`}5R>js;uJL*cl%5b*X3F>r0shBZ{9O1lj9=)D_1mrCqm_FZ
z>z!8<7d;9|!C9-=CChAL(&|PZ55)*n$Z)gh+1#MNsWz5+K<bM}vE1sT2x6k*J}g?B
zFXa+x@l@m~_adKt_ij*y^x?KQH;E1xlldB{v{_O8f(h+$YT@4v0%>JX3FK&&umwE2
zeltr9hG25E%UlhmP7Te}U9OkouPj(+Gd36+L9u|wq&F+~@$rs2P3JDM*nATt$}gf|
z>mOitiE>6-75KzfL*eX6NJu{w`TPpxV4~J#B$>84un<`b*|q2A^uqoJL_oX0Q$usb
zGTDMvapynW#SfTW#Et1&kw{Z(gVuF4B<EG40gAr<<N7LRM;odZXoihE-mxp^!zb%k
zYPN>G{kvjt2dL9Lj8rZ2ucG)rbQAN7NS`x97t~nKnQ>oWa|80!YV5rUppA6?bkl9G
zZJWyly>*kCjBZX2v{NuTgT&qdT;^@-g#P&iW<qkA*6w5_zRDbTC7t};TC@Oj3N*{#
z?FJM*OkJg^B5N`dl#Z*Ofhi;Z1Z6LE31u}*^|ihJ&~e!TK+s{y?Fh4KzkX<<eQhQZ
zgllppNNSG${tD^~1qeFGn_!uJ#K=v5Sp{%oghMZBDNqo{r=__y>+owTPQ(vV1Jb&?
z81RTSwophaQu&;4yismof2nYn9|0#0Jj5kxl$?>92>G9G>dH6{kQ!+~$a#?G7h#1R
z=(&&0ei#o|6HuL0&z7_(g=hmG_C~6%THGgi^>lhO8@I#;tmQ}w5Cy?7u6A#nn68Gy
zE#}#W5xn>XOjssv!6dw$d?7VjQhD{V3%!9-;=lYpPpWsKiPH<pKJ)Dqf@L}NkeJ0p
zb-~I!LKPrDFx%54xYOuFP#Xmvy@Y$K{OvNixNI)N08lW`085FVLi+c*`Jpo4YH_<;
zNi;;)!8ap1iGr(gC~x+MiSzlisg7tv-758mH#97l>eX}&5a{KH>*9$i8$uaIU}_Q{
z^duaM&dN5&=c@8~O(pbAL)Pcdq~G~)K#iaTqC+D)V`^eE;#a|7z?9G2FiPEUAR9gL
zS{P2vOLr9a^Ra9${Mu>r(Rj+VQ3}ll{Gqfds_<oSqWOXFaVsR7DZ@KHV^zSw&`O67
zo|?erFk^*?Y?d7hgy#AAuf2z6!|P@xog%F<)7MM7aRX9AFLQgul$%)4MqAAqHhI+o
zNOoRb91>R2n!@4=HgtENo7*AioI@tn)|?xwX(s$hBD~fx?70FOW59e2sHZiB@#P)H
z20T=PzgW1A$H#*XQms-9{-+mrMHDR@GQ0I3<R{*4(4|2|%rz~&lg>zRg?y*{_7Kr9
zns5=Fp&?6r9v1e1?)f;X4Pvk36zF~jXa&=(<dJikM)81!9R4<(AVUtl9xbS^DS{`^
zgAnDsR(l%{K`+f}zh9}ZZmP#Sbz%NuRK%IhIL*9pdkD*arkD@av5D6lfCqFNI|)FE
zwlaa1Ie8Z<bEel@aV`&;{$E-fpXlZFNU*<It+OsmKn04ogxB|$R{D*a<aA%So*5tZ
zM=5N0^)qQRepauPv2z)=9=h0B8j24rj7)4VXDeW74eY^VEMpM$eaPg)XNs6Y_^V|f
zJ*=bTyP745LyDmrmG@w8Ck{}HKEC82M-OR`AA`^PEI;#G^2K53on?yE5q|_xt7HAJ
z(aB19SLL6YG4j8f=t$9%QE`l|ow+X}aK)leQR3La#_gJmkMIlvqMfPakWJ{S`ZV+r
z2l4~D9eBMkR!Ur4{8YuaM{>yb-5~5z{G@U_%!+VojDXeL{Ih%vW~c+JNWeJHivi1K
z3k0uj<~h(ciz`|DD$~OlITSGcUx&6#0oF-X8(d?CC=Ge3g$6Q%WLAz@M5sA9BiS;e
z9BLjqW!ZCYx=?%Nm&D2SQ*>Ok(neJ^T5P<$wi+i-q<I{8fr?Cox)nI83wqAhpdo)I
zcIT+POf=A%mH+7|@@qskY^3WN23sh-N2qY$vvi)`XDyvkSm(e1000008*BlDB_bU7
zkDC{_>q~Ci!E+k``*U08^kaatZ>Wa2wQSJ|n;49edjRL(tY2nW-IL?RY45H6j3ZUt
z8KWln{)M28>BW(qZsZyGPj5ouTW6o@H_r_$mqA#UZsA~S?4JbIuyyG=Zm}7+zW{{x
z8kc`I^{p1#i&-5<(RDU{Kh{N&@|uv#ntw!w0qf<P)a`A(yXVMfwAJXL+r8+5TKQ?y
zGQ7`vDCjbfu35dKt>HDL*;`?b1gi2)2OSK~lAxrv6=0XPb!1k`DyGw!78sj--VFZM
zHB#rsR*AkFFmTJT9EoiLUi6&(K;^xW;Kq-^4taLi_kfJ~?yZ>Ix&p3g@xIa01HxzL
z6HwsGpWM9q<npT9!K9WL2OM&0O4IQyxzFgtQvq?qmrft8Y*cf$>1t&Pc2<yV-c=s&
zQ{819p5`KlV{ylxbbyDq%fP-djpsXXTLv@qv*&kUn!4jU1;rb_HjBd*#}CiKjDk%M
zzA5voQ67QAo_axdZ-90F@rpAIYSYBi7W-)`{Jg7s#e@v>PAU{_>KZ-#-1TXbV=Dt`
z@eRfgYJ${=WSRy~9iJXp6FloEu^lfN%MH_NY2`la{j)tSzI?$tZa{NRNIGN_NRkJi
z=y#a|RCw76g;!Q>vjIN*6d=k+Wwg<8yN-V=H<<WR+*}*$v3`W}jm1$Bei=acxpT}O
z-=Qf~AHhTI`FN~K@YAb)H@dJlYk|opMsgZ@LVS}{hB9=FMB1sG@o>e_k7&;YByAWK
z^fBHFi6l?1&4O}wsNe-vooa<Rk*Hqpv(j8sIy0E?fg(m|fmyO>dqB3iDv7Qm^v-KV
zyA<Bks#KE}VL+M#JjVCk5_wbyggBN9tV_U4-WdAi3VV*>y_N*=R1A@=wwGdt)bC(C
zX{QH^@oT(4sgsUP&K_6nQA<WHXV402I&96A=~8+_M)njoj<GAuWjrWXviE^HNG9^V
z82o#)|F2V(Z06vUuG#Bv?n!2+h3NY8a6CM6$R60u3S99*(t(DyGn=rn^83C?<ov@S
zkHvFod!`=({Qf~d|Hp|E3X1fUd4QYZCIS4~O%=TX+!y7KBH5EJCr5$BP)NR9ccNbr
zVufw6OpcCfd-8V@Yv%LRJcV523(K_?^w;|q>Vh>?_3rTJ8A4dzS4I}k5ZoIv2aIG6
z_>U7&TE2q9c4_#V$B@;kX&CvHv8bvSS4m>se$dDhd%qgiKT8&Xchr>wVrD=AypqYo
z?Bfeit$SzPJSsue)+$-ep=T#b*h9V1&zR2C`do+Pzz;w)ob#TFo97n}LJLmnCJ{ql
zI3Vk%$R4`omorZI%Qoey=u_kSdPLcHIKTht?A;}8wlK%<@o6HA4vPn0d`?AfI@wJ_
zA3=j^eLMN&<=%3-G#B*{iRoM+A?H+Sw+I_3V;aJE_lE%-!&$w-&AaIY{vHzwXO$lW
zAsb?^jhaT!ThCijK6Bg~@~-$l9T#>h=<x`tAYW^Bq2`N~Rzm6_KaA&f;?ov*WD5$4
zLVAP5Mxh3iul8abjAW{$G4YW7orLg>`C1-qjP+TDAwD}{_q2u(hnDjqyqTo7Yp|^{
zi_JJn)g&v#=Jcn}{EY?G;UieM2-&NqN)Z2{Q%?fI`}=(0JNEi-Mm?#TGf2LM6J!1S
z2XNy4%o>{@!^BKZ+a<jtSGruGhnEB4IyHefzLtdyQ<mOz%%M@&kM~CIz3M;{lgzc%
zM?|fwB|T9UmYU?I(2z;+!=Ndnns$8_uF4sGY%1jDq3}F=`i?3!ML<u44**(`SWip9
zT*uL7mmMG#^PkceNipph8YbzJhIwt07u?x$U|VuU^`fvitwGYRb8n^_P&1!8>uEy<
zrtE_PyV+A?ZETVJCC>ktL+{bSwGCSlr?P`V?gm?2fWfT<#`K#Omcgb;-2C@e3nRrr
zvd|K48h0a1&@CRDp3xYH=i5#PNn4mNh-U+rg?rKXeVg*(Y*DV-5GL;ektLgWzv!x_
z5CY4G!j^5hm)qd7@&w$4gtG05N46N(S?Cvg6p}a=v4(rindZjL64Q+3Ow=j^5ODg9
zDSYgb)gtOKQq`ATH*%xrQ&QoQ@45pwh{bl&S%60>Owv`u3kfE+X)$o%*&c0g#}$ne
zMiut9GR56*`Ka{%*^2Z-<0y$~mudclRBde;)LKn8jxzECM+sWx;NUt$%bpmw)DrW(
zZdd>S000wL_ztBRX&((!Sh1si;KS4!Sr7Sr*V>R97nVkn%F9+Vv)5A~TdxlWYP5hF
zYQ<upWbFrfZWgrO3Q4Cg*HC}g$w?3H^L-hBP5d?)Cd<I5J=<z!#i6EhHq=2oit$Qp
zaX}O*#{<E)PwtScoK&1&CFQ(vQHddv(2$X$#7+Lcyi{oC{PSAM+2;*{1PqgHzLnPs
zR`Gb81`2R3X%%`;9yS0Q>_j0iR)?9<O_++VsyH>ueh`WZck2Vg@<WuPW9ka$$Ad^E
z7d?}o&#*0}H3fg56K0@L!_dlB!An)pRb3p*HbDU%sT8sJh7~`b+g@lln_{Z^Yq$~y
zLP2jshb&PR8($N}fw%Nj(2m>GqQ5ki>VMBp=Q%ze=g9r8G2jVsk#H87TqSZoty?SM
znqbm>EMNMu{mCucvPM%%@?TFZ>bb3ftQj#<BJk0_AFM4z{{M4ENUzIa2?kdCct4_$
z{<aPne4VSZf^5R7w(ghzf$p|eR#c4MBFMVdnFlp^7=TK|9PV4WU(c(0Vnx@!i`7a}
zu|O?E9eODkEF+F?CtSBuRSh{sW`n-C?k|WaLnyq-!=VPw+J5T?pllt!Ws^za%3b0j
zBR5b1WzW2O`$>2y-U@Kh!wG6_N2su_rtlr5z~Y9*pYH=36Fzlx#=;qZ5=fm!l2NQ4
zUM>ks>`<;zb;xIfPTAKb>(Zw^vbw9v!=FXB^`9M(k)#{@sm2H0FS0rEjSBSM@g)i(
zF<cs$ih@4fgyy&{y0I~9kCcv~h(rsY<m8T(_!njJcxF>xzC!{J%wK`9Z(wBOV1=Wp
zt`=n*L=r~3sDQN@5VbD~!I)_pE#GO{+gzKCjfG8c&T(BwUhWy;p%P9_DeE}uKhbfs
z;Q?Buh3Su{!$yZho${vxv0Q|4TAzJ-@>|L9i9BzW?B`|+Lc2p&iwNET2aD-?j0L$y
zFHHIa1^dTABN*9e<OgHtpZ#)7WH%a*7-zh<jh+^NFmsMD?pKaTl;bVpe4m8u4MsV&
z;K`EIB<sRsqT#YBOkcqzS{t{jL)D9;)TDB*KDKTCJ?t>#vD;JYpQqzH_$nJ`7JK7j
zd*C1Dc%`f3<wg`Fq0o{rIQgcnj@@K`KoOndlg^})k~Q%CE?P%%lkQ?xG+h4>*58SR
zq@;H%n7Uk*Lwpf=DGOm+49aU`f6RSZC}#^GM7|oxkDm^f_;9b3ABR;gYASKzLuwgW
zvQ3k|;d&)PwEKDrt9zE13ipY%zYw5k3LP8upcotfbL`|5DnNfoot{n!6!MFSLOG<U
z{3L|}Z5KR9G`pTlHrG-z(dgYTr;#g+43(@hKviP^Zi9+bJfl2=4t*|(mFwk#Y%T5F
z>%!qiKc;4o>?9TGN|ow^Jo7351v3omeWOWB8Rf0-)}(o%VlogA)57x+vZJEAD?GxD
z9*8&rzi-z%0vwi7Ui1*Q;v85qEn8Q1^zh?6iTat5Dq(NHU0GeK^|&~to$tQTYMufU
z>IZT0)-oV9+iG#%B#tH5*%_irnZ^o!y?$0Lmlksa^nq%?1fw~F%4KcJBR=cRK3hVU
ziDZQqg$`^QY3Btq=Sbn(2m8|>al7Z~CvP2WizgANV(!tye$mmC#08&;)cuT&5^i_o
zR%V4%c^tWO{``xy`{8pqYm%<6FknAd9k$c&ypY_ha}(3$_oX|=|4qL%sVlw7tYj;^
z7}Z?xa`L{qD<Xjomo!XR7!L@)Pk?w0{{w#Gh4`VWu=(+}BCi=XKrM3(vjxCb(To82
zt_1L-<wFkdFKvN?u@3N*xRW2Tg4|1+enD_0PTOPCfH@6L9>6<~8C?hFRL6Tz$sLi<
zVnd=tz9P~yCF{m4oeyhI%s;8fY>xF<pvI2c^CIqY;~|5+7yKd?13f21U$$|80002K
zMHb5}FNL_`o|4v^x9u7hB%X2tSgWg(YuA2}Kmjj#MJJzazLU>hfc883Sc1yeNHH)9
z&g}aR^N!ouNFQ8^(5cWS2m7EXTG@-a3|gkgwa=au`FEi|Lt{{?5BdfJ3TMkSJlMs~
z@@TF;BZN``#YF{=d^<sF7uWz&9OqBAHK5jkxR+A`>UBs-&e1fEH{r*ypMbuq!N@L_
zQb(d@p~Vsp*I6GH0GN_xj|#B#i{lyQ$n)Hmjkq|SS)Ld0MI>)p>3u``)>8pOI*nZh
zkkTnWhZUCDICiEJZ<x;s%&s^`#f&1^whZ?Ns9UCJoo5Z*VTf=!o8JyMMn*uF*}Dc*
zB2ql9Q>jE{woanyLh-{>)StNa;f0P(ZJ%)upJhG&oZ<s`YL~brRl+MWo)uYpRq1gU
zb(j~|JQ}G#;m4h0*uA*ti}1lqmP#;>w$>Ehb`Gu;e9f1#_qEf<G~>&R)?Q76lTPt0
z!iC(H2lyp~XOG<E#c!!nyZQC!4lG5;zt%xwc7mvBHRWE+c!ZhBc{?YPfCM#nnr3tk
z?I!Qqg3X_AV@@IGn&rT8TJ4!qRhjbv=m_3>fh*oDGvdKmAtA07Hb2iDGVrqY-H&)%
z<_Hlc>`~>V#$Gzc9-Z*2`(JaEF8`Ku4fcp;D0Qnrm4S@4#Qj%cffsX^_fHQFvSUy#
zX+CVHH$yL;bofA2)Jd!RG(E<rm=f^7m`g^Ld79`7>IYQsKZcMg@FZf*W{;A)cv;VA
zI_D76fp$!R+3{h-xS}@gsqcx_sxVWas?Ws@DaB&F=8(d&F;{ze2D!mZd~Hwm8WSqw
z!EdeKW#gU6^-N3nI3>+dUUd`OMdW3rhIj;sGl7I8H8KBAxyn|uj>KfZTlEE9bdcqZ
z$ue<CqtG49+gHA%syc*0;{7|+>dTj0?(0*)UXp|tQeMWZXbwhgHS2ih4B@Y7t-;hv
z8lgWO7KC01?h4{FBpL)BHysWhsh9v7)C<ZI1Cg1UFtUfC0#Jn2wIe+w*A6ZRvGa1~
z_NHfXPnvJpvNjXCvK^%G%QS{v`P8LVGP_{alqZpf_2-3uy8dqMpc|%I%>90jccG7j
z`GSXUI<$gL+w3$d$FSZyhYp_g2;h#DFO)JwNY~eDGEevU0$Jilqp2@pX`}7vvz1XB
z<m)XXzm++GzFBjMrZy<x!@o8P`XF76S-bsIXO09i>OeWQ$v+^f!5?0!f>I-{HAKG4
zWKfqyzGS*!6Pcmn*E<v%2Xp(fmf)%zNq6r0rjIun{DXBw^RUaP+>gGBU;fJ35WRuV
zu)^~`6?ijRFjQim2<Yj%!QpS6HUEoIaZRijo57`(-0El%z<&y%isWb=4m!0@46IgW
z`I0#f&esd%00n`%=^|+>PU_5|*CGW^FOv=fal9-^;5+IZm^7zM$NZT5GXCU41ev`2
z+^~!m?%?Uo@B2}Pu}DpMJM78*b*HmlnA+Tk@~}x8xIvVmRdKxT*V#EyuFe7@J`-Wt
zf05f-!0?}}@nGNPex9q$%@dN_xhzqN5ZR%mr~GHB4yxW;9KE75&HY7t3F+29f2TpP
zMP{M~*k$!LF}wZ<S91RXc(PcvGyuD^XbELF4KM<T+;>;)2G>CM)Rj^2-TQd|X5WV8
z!;6EqqFIUJD=((50IMXT%ylnh^cW7;{K(Mru$~Q%!tLV19ub%}8;S2;>OTAbCJS2t
z96P%L7b@bTz`s0U$Ojo<{*Jc&x`3L{UFc8=EKLd(r!{H$EF*VHfbA1*K3^8U1M$6D
zKsQnj%;2)w$*2GT33NFc)Acm^{rL?sB~k4~lzd2WB&L=zSy=kf;KFL)NGq=~gps(l
zF3?!JW+sdmnKvfJHW0U|XJhcl2xFh_7GW}bc6`ju!e^~mV7~WywuZxFr}9jke!FP<
zSGvQrEW7^oJ^?x+iSF^3RPX2(&bYphhgX|jPsr%&{EUYuyVFK2%4C*nd}Q=S{cyDE
zz_%+A`Lkx)gB=WNl7A_-^Qr-+iR>ujv~u>$o191^?DB|_H}{`RedoDqmv;X<q?y3B
zX`E`>@YSKznK^%GXf6z{v`mT|>wYn&i(^)_7+HhM*zmU)LNEKFv?l#V8BR?@_9y_m
z`)9uGA8t!*qja-vc+23uMP)#bpTAwXgFy6@S%m*<%-o0rvc1T%IvHexDShW`FQ||f
zdis3%Erum9{sXx^1XQtnE&0_{y4AH?mklRegaJu1p2g_eC_M}<#J&eC(TXHsXy~|A
zwdmR_(yfmZ8zeGKZ+=f10D52i+~#qj^S)X*ie^E#_p&)Rm4EfKvcG?B>xYK>wEhk;
zSIg6ytO+(Du2*0~j!Jv{36qc3uWiEKfT294b8hmC3}BfbVVb^w+!Y7K(lTd>GA^Ib
z1$7BFlV|z1=)CnEV|PD*fOVNi4<Z~x#*Tmb18bF&_E3F?u*qcQ`y87RooCWHTdGIc
zyl5+1zk9k|Z-$P?Zk93x@D1T7g1`jKh-kPSnbIb2--oDqGh1Cw*1K8;LVYBn`efmv
zvURK9>5?@Qc|V&TK%oEMYg9a(JYKf9wc{$<ohi^-wIU-*c*i3EV+NV(=md*10Zo|3
zr^tex6~)LY`XimQ5`LiGm8`)n#83gw3k(ON#4;KHN4mig;yY1M5jZz>MQDNE>3zVY
zlMw?JzAf^b1L6F+fUk!v$F$FV_9G4)a+rsw-H$`@OY%M3kuhCl!GT~O!r*0zI4~U#
z1qT1XDF&IY-O{hayoYDULBWmRqnDTI{Ml^Flk+)a1N&P#qX5GE@08jS*6=gumiGF2
zo$0`_!fyPg=cDu3U*#vMqPm$$P+Wl<1T%VhrFEd!U_R=_SX@5>y!Rs|L5P>2s#Rg&
z^g-r+>bU&#<|;BbK3T%5@Lzv5Ae*`_#Ml0KDddO@+fm!~-2Xp3whm_s*A{ddSfJ*C
zD93jG<tVI>cQ60ipQ>M4IlOik<a}6X4*chtLx1P*2AJP_wqtf&$aBvR1oXy2*i-~}
zOZ_3s6(caC9L6x;G(7wHz0eW80#m#z{~GXzuoP}jt0dhRye<iG5Y>Jq-2O5~#%;ai
zkTg{Y8Y_u3q}Ut~m?~mqXQvW)1IS6PT8a&+x)_*gRtb16EBB!RFT$)oKePbHC`vT0
zl<bk&_huUHzvV0EWMBASECbvY6l!)~A5oxWanmo}8v+bu^Y~&tJdMIo`^rGMBfNi6
z%eh6UEg9#O{ArO!@x#Lzr5R4M7vXA%ke4crvH`B>At~Cg$^gOb<yPA1X4@h>B9Ww<
z_I}+QyE25aC=54O)ROWY5%LZ$J__DH<%7cv^5Ty)e7}#<Nx_%zsRy@Xu-Y(YOt9*z
zt3H_E%4~f{DvzevQht^dke@92CNV)zMVM{Lx=h&*7nhRXy8OWWY&9ngPdeOu)4fpW
z0c|GU^Tn1HQqyBqkf6<%iHDalx^u`R451{l_J4=~1o<mbo}LV@VRA2;i;X_$!c-z~
z?-f!Q&-%3}?F$ngUd-U-jizA^#lbD|m*q#Y%8~y(zA$w-`rU@H3TXU}eTJ~GVf-J(
zE#p)6&?U<v!Ey!N2;rNg|JW_@@!Ob!0tam|)gK0K$Uht-=y&W`>LcVHytKJuUijm7
zE-Awa2KZW#HFDgKM;=MyPJ@&AfsO6v*@-3=ut#$)>>Ay317b##?crgb2)c}zi)&Ro
z7=w<TxT#e)MkdbI{N~lTz$4=IdZ4=FjwNPXvz<Fbl4ST}su>lECrGqp=PUmH{}3#z
z1Y7VGD}*GM_SL@|Q_s*(!0>Hs+>C$}!hO3k94m?%cmBhHJnqk_^ca`dOr$YN*+`?~
z_H5UfJxr2knL|sb(R!9wU5Qi_l1ID*c=AH;HDeu^ws}pnEJS4Ny(!rplxDwphfpqa
zQ0qGIBdND^SNvVA>p0JT30{nF4ca(72Xy1ZbP@voRb!7zJjX@I2{)g8jzab3px#uH
zNRf$@_C%Y|)DWb?ubDS7K^EGXbiPAI1|~Z}8BqZmkM8S8S)k>jaA)1*k7dDdG5~w_
zF&R9{;7+g<2!p?lXf&hLO)Vta42(j&G1H`F9lN|$^cnaA=9$5#<ZrL$w@xDRn1S3R
z3FS^&kP)VonY8h^pevkpNKhpf?cyOn)&msbNrkgvrpp-uZtTq;narQ|z9sDlL8x%r
z=&Kw6cS>M2HWzA8vVqKdj030ZX8Hm~vG&)`KEIgHgHZxTxMuH_#qc>t2316A%XLXe
z(n1q%`B(`QOPEH*xICG4m^mz!k6BS_f10^yPvKZINqljFC2kFTh%&Y!_%ETe3^nCa
zY?tag0`AFI^0uSO6gj@PcP~nh_P!a7orl!xuzH=TODKy6zz%N*r+IgH?9^hhqtiPb
zhIIkV_$j}^4=%>ZOEnyBu8C*Oq2dDK#RIVGfVtl%P{SPx%aV$hO)B7#dDAMr9-Bd6
zr~+VW1zLI$Ya?4dHNCFScbxM7cvyD?unQaa5Axhuw;U<3+S!LlR|Hm18A2{e#|Vk|
ztRQR}M@olJD;ezV7IZbq#c<(ViudiEud}6$==F)soUl$3AC~hca8Ju^nr=Zv(W=U&
z<IZ5aSgOK9!XI~^01p~OIl%b${f%t%#_p=2JRYlUM>#uet2dVx5-C^wm|2{U_p;*<
z^`CeTVr>K@_=4)I2C|Wi*n{a-fMvO4HpT>1HHmM$8HC|%G^wN8uBKx>GrShvxUrEw
z_0IF5DFmz^s2$z}O}>>#+O1>Y=r<@-O9ZE%i*<;OG+KYw9!Q!0-Ui2hVC$a0h0M!6
zt-P?>a?2W%u_s?q{OIc?p7Ru5C%6B1g34!=v51&ReAQBaIWr+$_(8OpycT7#51LP?
zA)SQUxVaFwVT1@Y_|lF#82{t$jO7Bh*c$nEBNpg{ljHH^Rp6ETO8cIy(4LVW82tT8
zdioyD?z2|u=mTnbh&FCOOsR4>2(&3J-c)@mWm^z~DVtj5$83k+D3_@P)qq${;6KJ(
zAK>eQ2M@p&;%`pG<4q=QF!9eS(j=x+WNH7cf=A1M#Gy0b4EGYq(1p*|dA?q<bpMsA
zJ`4&l0!$RTrTZSVqj=K7mMYkl+u8fMahN20Xr8fb!H=A;uPLj%j>&yG^~W-T2x;%=
z?|=er2OBpxLFg=E<4$43MPDUOHv-mbnuT&dJuyA^t#cR~SJSP)bnbplaq_`;*^q57
zPYz@EvqnvYYdP?cHwRuUg6y@{68vcTJ@o>uz7L;P^CK4pKgV-L{?zF{8z6~guGEsW
zMn(@Y`gAPFLfcmLIs}~=ELQWs?H3a)6fPq4VwrfUCgY%P4l0kpk3rpeKMA*YZ9##3
zA*ASPx9<NYFl)J?OfThdVuL%EI3fVp!ASP9=~1x}vgGrj=S@Q*XLS||SnnsHSpFZ;
zW6UFSdtw3lYuJUgn&6&e(Uk!{@=mc7pQw-C=So|gBaEEn#eTq4<2PTvp3M&d%H8V_
z4l<8W4Wi^@*ZXN`{AVZwX0BDllN?B*x4Vb0rQ%5(OYqXLpi51GB5VSzFjyl?G7}m#
zW&OZEk9Ea?WD7f>vNM#6i#P=xd9+PqoNafW^;Hsr;Ig?0s^9uDPiufw!a*WJN?sZ*
zT!G|Lo=9*%Cz-FVi2Ui#PmUP$dw-Uv)ax)Gso??JA&`0vYdfe^PEyxRTo*%Kt=%n^
z$LrAR5dHuRHv*nji_E65dwU^#kylG19B0`~H+r_sc?`<yjQO|21h-_yoAn`+A#e`s
zE2<0vqa9@JJ}iK{&{)_H%e|Z+&WZ|qty3~ZQF$Df^{;)C5GntpbT6n+3M&&}Q90zt
z^y0Q(s-jNK`gHi?A+lRwEDRH`UV6Ck2$ECEk`JT|yjdKiTl^Q$wzt(Fh9mP%5fIR(
zdZ@vkvp8W$MDFtE>7(zEz;+3IP&E#m_VCIVPUIUe40E8=Tp9JCoT*J&%Qgz1t`*pK
z`7YNS=B%aJWuJ9hH11joFEfB<wssIaMGQhQ74mM^MMje2qXs-T*Z3A_k&S=9pQ`U=
z%a7P)u^v?of(!l~!WC#;i0{35KBA`i<l3xvd)CsrEo3fgkH~l&VHBBTvm5v?#=a*U
zr5mP7F+da?#hW}2>zjFzUgPvxYjAz|wDW%fbZ)enTPoye%qePm*0OeH)$(Hf`~*kB
zLeNTa+P}R<3H(jFwy?pC^V>(3xzg=__|d~|v`q5H&H-DC{}>n4>Lt?S1P+VhH>HYv
z*C<*o+?C0@b0hl5H45omtm&R$_O`+J*3L>=XSqAW#Zw3$L<cP-=Cu0=w8pmec`O6?
zlAhE5wC4ZtyyD@m$*RyyFP{f0Khn1T0CST-i}rR|Plb0$dJe&LPt)&`#QP|3wH2hk
zYmfiI2Hc@G0h@GrGS-&|Y@FJOrH-UIL#EKvG*<{ln@Mzag6=l7_~IV$LE8pLcPAe_
zWp(WRusC?}I6NqWE?|HwScEg}jbHwS350bYBAR>@v0oha<`QSRfYBfzKP{yUwLxZ;
zW2R8Fj`SA*K!9b;I0~r7K>Xzu9cdT|)QD8{ycf$ZY!2!jjzF$>s^vim?>X(<yV;J{
zh0Sr5FW9e0HTlopwEZ$L2IWe{_Dmj3@${#=)Dlv@_b8AYvFW31A>V*#g@oqtkccAG
zCUApYS}Ziy^a+^T_DhYgk32}gcWFTa38z2=7fvRSiddP=B#06=$Q$||J0zI&i8JD(
z0VlEOqj?&e_{VLL@*k2eX2*^|<4+mknxD9VB}?N$EdAa{<6DdM%gVuK=F8OU%8wZR
z8}+pS_P8CM`HE@2XS7uw$22G!Iu?wdYcf_G>sWs!A3KZIv5$*5#_4oEkpQrW9vsLP
zxL&--MsGrej2qsBf~<R<%X+xIX2JJ=KmRg(OcGI6&Yz+gU~~KULPJo)kp`ny?AZ5T
zrJ3Q^eh2hKx%`E;>~<VGL}_>~_YHWv^<vRxP2sM+eiQ9^hchxa!PS3lF5)#*e{Mri
zphGJJJ1NM#`>Gh`FUwK~8H-9tz-+oxUmyL<MN02mNzL#6|0P1+i>he*(0t}4ZDI48
zZ41Q?ybo}}HuZ;d-3n;Ai(Zd~JZuuThDcxA$k~;G=AIB{q9}+pX0u>nMET$x=yvBn
z(qWdVUaRO#VOM^avN+CP0nwP4-f6A=Ph^^^@D5S|fA>xmY#DdsuzI-{Zov>Is1U^^
z<=EK&xu%!PTdih`Q8j<Z#4*Q*4Hs~;Rfj~F(`%S3kA*>Iv0rTD2z_$Vf;q+1<KU<J
zQ6*XW!oQtseNVhZw-|{@hZd&U9b;fY$Q5(^7#4>&HW7w2_;+>RtvWhBiD%?5yQ$|o
z9u4aUExG*#8Cu(xBvncuF`0pSXZkMUo_}?$zR6juD4wXivAIX8PN9Ku+BrM=-tPkS
zFIK+Xo@WKNWam#v)C61sUAV5H$^XOqNf9?!rK-4HGm3m1hPU%Lo)@@;$Jp?y)rSXk
zJY>M=x6Qi%Ex`2!i-+Bh%i#GnpW}&AK$AsFqy;8!qV5Y(4+1&l__={6{~(`yr=9^G
zmk&LZ@QiB5mHh#~`KMQD_d8=UyLPA0c+x_V_j-YudeLf2C=avBv0i*Y<zt=8f-X|)
z98r8@N+qc3PKR2yR}2j%Z7c2~Y*5(%yn3|e(Xr!mQ-&^8oKi$m#*@=TwH0LbJRVFW
zTT*IQt<w}W^*x96TuS#5N#gj{`TM^#N#hNf>LwRmxHYz4vPYjbb0gQb??N&lfvxwG
z`J!>T`1Uw@vvE67erSPuPazSmFWLXxS{w;cmX~($@?WvdAlw8Vs-?dzqMh1E3)2VW
zBMib)vo;E$mw8PZ%q<iU!JUfi4NOFUk)O>s2K++dN}{MO*1Dvh<!KeOBcGa~X~G5d
zLLhtqnKK0_HF{lYU6*U22QPquuVvG=witVZ5j&!5=@3{dLlm>DE(*VOHoR%+N*me~
z9hQ42zNloBD@UOCq)V1z!>%z-ZMK`Gjd5X0e7G=pRoFae0;T-2T7SI-v-rtpyioft
zVSOv7b?wz~eZ*X4$Q;5`r@DQBI02cyO(0B0Q-u`DJ6`Mm%7{)kcI(6xJ4MZ2sv6nV
zf8Hdi=kw>O;z4$w9F1E61=quoo%0{es}j@mkMYr|MC8Y`1ZPA&L)S^-zi^yQIyUFn
z;av^dJi}<2=rNqttp--*dVQ>lyhKqCB`HvbF8-z=lI-mqj;UYG(o+O;$bwgIL3_g+
zNllUXX2!A=iy53`?O-t!6%k*@eqCmqU+UT$Um*^)aOy+*qo+rY9#*ze&N!8)lM*tF
zCMAPq4vM0RiqBRM_RbYf@{HjsY;m^Gv~mf|pY}LFX6JvOnSD3ZW|AR#(%`;4{0GZc
zjW0Fm`U#$P3dVny=gWpRE9PY(oK7J;YpSkM6IXLoNbC95<d|mUt0H0_!c|lr;_`#y
zDrKm0lXbi%s1PNRzw=;I7x#sx;ggit791nM0nQ#70b7~!fU)7L_l*;Ijca<sWClfM
z)5GVAB;>nd{H<aN;fr*frwm&ym@DKN%F~h%FD-*(kKF3Nm0d>%8YcMXuf|D;gfHIW
zq-~{zkO&V@_-&)(Zahn|;QEG*>au9|oNe@q<OuKKWbot8aUCqkL=N8Iz4sL;_GFYT
ziHqtC;27*eh5O<W@xM~MA7LXf8{ha01jUgsOxJlH)!FWOFx&%!t~Q$nFnnmJRhWB!
z6%n9(ADT1PVDoSZ2Z0)1n3oFn?$P3&67&L-NsCQdeMKh;#&AWT9p+FZ-g}zo>W`!2
z8{K0;wEy5HfH5e@5ST868D}1H6hSOxxaW);)^66P@i4^tuM-<^b+Xo_Z5tfe)fMnC
zXI6FbvO*xB{_5TJ;FKNe0nyMBE;io5)7hmWq&-QB1dj?~QHpqwj48bAcMcbV@+O3G
zu0*w`RUA`|1W0*B#xuGALX&9>Yyy9D+wsfsF!K@a1lY+rxOoupgwd{w!5F1t_k20#
zGAAFmZ@A_HiTyKK@$2LI$})hxNWB&$_hDIbrF{=oL$Z)aV0oeMnt1!KvRZ)8oJOW2
z+pfp?J`1YqUZ7}aogV!OU@owh4WGKmJ8ACD!;DbKJiiP+^}a1uFyoiA9U?MeGovLm
zH>(XvYOq98kSpG{&h<d?EM?+wZQL(zI<;TMw|c1SbkC)O(G6k~xQ;R56QxLrer|r|
z4ob$b8~5cI0c-?6ldIDJ;Ab8MR#U?yGtJEYIIVQG``)>!-2dYyokY8O=25Qy-a6O=
z&*F%(r>)(qWmJkxL7jw{6ck5^Q6OX*JV1S$Q4oNs0CeU>V_Km>#CPsyJUBL3K;v5z
z@oQtzO{uY2#(Q#k9ST~gu_;Nm-44ceeo`+)HO$wc)OlwkhsBZ33Ces*8*gFAmMXv#
zfT*Qq{2}orSqZaE-$L^e%uMiZ6<Sy5jP}Scbn_n4Qo}Cj8uVc+Xotx-BY=qghG&ft
z)7b12Y~f7GnsZ){Oq(Y%B$D_;k`bIi$2&_h;P8-zlZwGM=-m*P=MzZ|pyp-Y?R}N6
z?@5>}(>QL;nj7287ut};v=a+jZ6^L=k3h3YU{k1R&XTt7DjjbS>jqFcJkN=<ZmZ?&
z6Q$<i6>|?x{oq*Lc?#Ky&&4yDD?>`}>s-rkol5zv2Eq@@I1T|a9Yu}H;P@W}sbAFW
z@l|7xX)^j}TeKw++!%6a*rGd$(3tV(+qw8O|MD&bX%h<VN!P$ATRTDY2vBMJp%GZ3
zLTlwlt;M-G^Tzser<~$#L)BdX?C|6y!OCtfsOA0QIE9BZb4WcZeD46D_RbUTA4PlS
zwkGj-W_o~NSDc!-fYL@r2M=2n0o8!=p3{laI0>Z#AMSw%aZo5Z#PKkIwErZ&=c@hP
zbNbTE8&QRpHcHxUZX)NMvHTIp=RBF>e_vOfq(-1R)&9@im(N2^j^uvpdv9D?Eb8)y
zuFYq$!#%j?(W4>t;nLGg<?&K#?H8PWtI*>@Z;r3Zj@R#*sbf_4pP?KFByaYt9<k|@
zcXJGncfrJn&9}Os@L1r>(YhHh*R)(E(ELjM-igps9ZZNOVv&l*p<kGn8#B&C$Jkfx
zqLo(BWNn{qUnI$9G1z95+ptWZ|6_XGY46k>y`$8_R7oiv33B}rf&;p`yk}Fn`HMj4
zY}G2`8t?`ON3;aV9+<crwz=5XY*k<uY$CmFae0A^SvXx-W(ljW6m#>F$;EB#{SI+v
zN!Ano)1E`A-n@m!Xr%9A0#{c*&+P^wnXx#0_{h_jDUOeW<9M7T1Oar_C+2LXl9#CQ
z(SIyJ0*5Kt4iBZNXys)4ZpYib#x47hU~6>kkOLF9l^x}E`x)}L#|T#+`ef%QWOYf|
zDO&Ns)*%mMRjX<C(#pX(Qz*v!Q2I%{wSKV<hyHYW&LEH^f~pHVP@DE9IEnaKvf;x`
zl!EJ=%NA@zHbaVRskaB{T8@i80Wnt&yhlYUL}y>TCo}Nqy^1?gkz>h&F)72S*p!SE
z(K61FW9{?Y!Vi9Zs`oAlx7*RHfOm0|$Wm@7Tbw%tdL0;dgRgjR(R9O?Ug=zNNSNr*
zt>5y3-_8-6ot6s-^R~v)v7>kbJPLXjFsKXJV7Gfp_mp-Q16oaBVI8Z!!2aY<{^eMT
zwdTq!IJgzw+`YD>fop~PY)LXj$_I>NaPcP*EyfVa%o)^RggvB%D+rVXaeRsG%~{ua
z-gh+MdLF`$*s1@60FJ5Zne5Z}7_#-x#~LBFjA=c9QWUkbf;4(o@X1$sF+#FDBS$<*
zFzWd$!N4SYuyKC^yk;+;E8nbv(89!*Km8pSi?FV!^e&fm`B;e&vr+$fjLr#1IW?tV
z+*T)$9$R!2^TlTM8s@A@gGj7`a?{!oC&FkxzxgS;eYqNDt;BwMXa1Yt;p3*H1Mx}>
zaKrk+_9hr<NRYEyRtL+SLfgme83PjgpjRX3F5NbDj_69GO^tIE(VQA()`k`QKVWcn
zmE0>N=qS$e!Vp~0OCr~s9%&rPaUTFJeGhX^mU^5#a&6IpU<0n+Kju+`1=qbX6toa2
zPPUOd0+0lV76E$Br8(MPbj_JB5Y6-Z(*GWKwi3%joD~A%V<s_{18A8{K356>uj@vi
zWehoPb2=2)55OWOd}T^O#;yTtYkzYVLm{KD@bTATBI6|PbzZb@=~p>b7$Jj}(6`{A
z@_)RK7UB||*cR3g3RYbutt{iG5vtTqX@u!3WLL(<w1pMT_>QsLIbLZOQnB?NEW2%~
zB$tDA67&l0x^sb!ZsC$bprUC80_S;Ir74Z@YM{jjypD}&IXlXzu;SG?;R1^lLY}&2
zoWmN&ml^&5Ag9qs`gU3)w7TPt2OYWxYVFdk9h|OZW9kk!_Vv_Mv60E9annvi$}ZO@
z!R9?fJFTgzJfBIq0CoZ_$Pb-)ak;`BSAu*P^m1kaxy{)FA;(+_7!MaBR_9&gVirXC
zLh>mAU@fI3WVDF2z6dZ*Q1LvrA(DDlm(zrP7~7<r=(rewJZr!U*m13j$IogWLPwp{
zH@^Eod4ZjAVFH?~RLigGkple-BnYt}C7Fol{l<}#!Eh?Lw$?0tIQ-@4D}CR>#kiW$
zPZxi20GG0&(?hAb@@q>5K0c(-5X1OSbFy|vi2rWyazDJD_u4q~!Du{M>O+nAln(S#
z0QCoaACg^ejfHYVeiTP4RdPcf@8+KAK@V_nQYJ!aUI#Iu#+443y}%?4gOedXc^jr@
zs9x79_b938z)?f}1{d_kg4Ut=5T<eK;ei9wpwAJyCQ|AjAhW`T2ne}>J^~pg%7F9R
zJH$>lTTUIAB_?vv`en|s4)&M1y<=##5(I7&c#I8HS<$`+jlbdeonO?3ux+p^`^6(_
z@;?c9++&x19qq-;+l=~D2t>5JMv`h;Gk*^tg2p`7g(QOESsx)p=1RE*EA4M{c8(D*
zkGmCLol&cv!ZKI=LI|H#2>wzb$t>88thzidBos<{n3_E5-)SXXxW^4jka(49vBm($
zYZ31<7fvizz(XW;`5pW<cf?C$2AkY00<-K>XsEwkV3l?D2veZnEy<xv))l(wR<}Lh
zwe;;%5X00bf>z^oF23_;(yf-)-zBwe&ZeBV|25_y*6XZuasH&9YgzAf{*=7)(?5yF
z)^8*-&7+oG0Drs3n3aWwJR}+wR6$>N<kvm_O3e`U`MVRV=nhyJlmprxaamMOyH$Ny
z8$h2^T8E-hv?7>WFQnZ6Fx530sQx5JdKY?Vaq8D*vq{X9<F^NW>8;QV3l=_Mv2rpk
zA~N3?(AT){riDyBYU%EAte;}KyH<n}YhgM-lw7RL&{ao_s@fz1tbWp0Ae+wj9D30C
zC=3-^%)Q7d6RMpk;o~M?o~-i7Fu~6wEI<K`mHexA5c+M899i+mM>)~%oyWm9BI_BI
zPAp{fOvusN9$g~I_(rb$B!O=Mp^fw<)|}O`UJ;*m!<>?I!hvFiZzD8opXl-NoFe=o
z;0CcHlnoTP9UYr1qzK&xn|wEO(YfK#NUU;0${R^QE)}*~Kv}&{X>}ilUcKC(wyg!J
z<nKK)27x`woPCT5d;f(QxfH`E-R9rE^UOwEL1_G)fpZev)2jKgo3O<IuJxw411Y@J
z2qfM{#_nvoXu4VO5d0HngP0$s#6(ymZAJO=fl|X+8R>Sk9&6Btp^y}PZNTyS4#R`$
zE4%<?e)nR|{`Ghk-q4ZDb|jAF>qfU{{RR8;Se%nYGi#d$z=Z(|6v9#gPO9?(l$8EE
zuqTZWm`)t>mFqrRI`wZzKVN-@T;1+yq_A2;jVZe5l18(#2<PC!7q1(I?MUN?=u85c
zbENoglKP+8MlPm*+_Uwm<NY6Tndd1h-#XKZSbG>pAj&8mTRc|vhy+SOf&p!7zf}V2
z&O)0&FH$b|32dk>ra~&*)GdjY)9ljBHX*^U&CDB*bjhH3@^)lRKs_2=f6HZ8S|szY
z@eOMH6GWF#BKqo0o|7eX2WnuQrO@=D^+FV`t%sB;-brFg>n9MX!31U<kb@PsC2uvF
z!vb2qNV7Hmw(q8h8U>kbSZj-!^REO@UbNn5rSeInhQ{aWeJ))5M-gioHoZW{<>U|-
z6A-RDa;&YN8s*JIUd%S3|3frq>I`l)7FGF;3oqh$%jM|FWcUEC-2Cbn5;I1lLHFct
zq6;53--Zsa5+XYca5ahi@}+P$)m_a7G=L5epuVkXj1&vgCAfUpV%0Dy`;$wm<E1I&
zrx^hxtMT3U3{Nm70<9>*m?DLZ-`UjGbd*YIws<hq=4f695AEAMA%>Q>qmfPSu<eYh
z?mn@o*?caA!>N^Z>T<0lXl%9Cxy_Ua>5Bm5od5kM)&iD3%ATNXKsG$s5wVKpS%P7W
zlTvLo7|DZ8CgikUE_-wpfSF%c8w#7rO~;vUyca+Q;bIVH+{3F9OrL4jhLM$$=}jLP
zBaq-j`1JtAM7$<=n+d!FE{VEg8J;#;_(&F_vfR1UB#6^@=j`8bB$wUm2V5!&+jnvp
z9aBtCuUXZpGZT1<C)kt>y?l*w-ZbR>Ka_HIAHj8@?32fcB{<`hrcqn4)w?x{S@9w|
zGgWD5-1|8DEgYYkJ)tG^VMjnY$(PGTGdiF*6$xBkex-gyv!z7dK-TbFPQ2`OUU_gB
zN(XLA>raRZ5{1kpY0$|)Q5(Wgjm^Wp&186t^@wu#lT>FjKPUM+Br{9ggn6q{Q<qAZ
z`bFQ$WZXSU=rlKkD#$s~)?2HV8&{P^{$05)h~2M~Rc=54Uy&d*{V}no$^n>4CY;B)
z#)+}6F$^^-Rw*uIEgTmhE<RH&^pCLL!SkG&nOchlF}39Mb1=-(4Z(W5Fj_tG{+a?b
z#M(Z9tewqeLLSTC1g3Jvj{1{hIvJ{e%IlEHP{%IOIfD$aOSwpj()z&}oc&FzVA)be
zYPB@eC^CF)jL5}t04A%~KQlt?5EdF**Uyh69bLI@BT62?d5ozmDs>XVGPk5_aj;Y~
z5aZ-WzgYAg_6Fb$*A4%^G0=bEi5LR1oGz$iJvVk?x%0dUxrq0?D^WDa({62Y4VAUQ
z&_TGP6zK}MX-*DSSkfsYmdHiFTfgO5gb?+draMtL8A?QL!MtZTvhk8S?X`v6*MRb(
zF%!y@T%IRbxeKE6EV@*|F2~?u?*aW7Ur!$kel^MPV?5T809qcMg>txlgSYc|23;@s
zohNL-iRdsm?R|A#M0x9+q{U3g*9grSB{6|pL4g23(C6CoGY;S}UV-T)zq-eFa@Z_4
zznQ|h35|DWds$B@Xj)6Ny@6c>BONWiRk|h|m@HDwx4~$OS|aV7${KHZ)*E&gBzR)I
z7n&^XKd(D1U-PAdM-q-?qAtI<Nhx7LrHkU;1@qV{|Ew0S0UQ~tj<jH}aVW5ES-8C@
z_;T}}bo4ZfzKX0<+y?c!?Oei@dj&Cs#T040R0BmO2~Sj2CQMlEMs1rh9Ap7@>S#a8
zaFvp!{rEogp;f9AwpT6Q5$Qinn_mDD`-%R1b<1;Q5kxba<%N+xZw8IXe=MnB5erD3
zM=U>P<4wTFf7TN@cd1AXRXN0x;O~w<By=;xaN#L`a7kW>Wl=Uso%Y;Hni%tvbLxfa
zudM-v(x`eEVpiD(RD$dKkYh0D1c_C9g>UTJ(1XsQM*b8T0g`U&#4IZD9z=-cR?3!4
z^Kxv)b|5~NT)w!&zbW3t-x^+HP3)hXatQNg$IS?;X$TzV#KI-7S672qb~w@?dZaaD
z%M!tPDvrzzO2`boW$JEX<N6i4eKX!CnZ@H&*uIJ$UELvZ+nAb_9mJHZ7Eg)#+GzJ~
z6)%&vHbi)Xv^=b?*0i!W?5@WX)`10M13vD_VHZir=xoUjH8H{(UW%DTd^OZ1@0_Xh
zr$sVwVgk%tco3XfsSzyunPb9<Ip@Bn$;w3L+eQSA^-NG4bA@a%yQM$+a$D<g+fu$O
zl9eKymsz-0Fqj8wX)sHP8r*}~7IPu7QJ))fJ(h<t8`hu^-7mF0tG&Q^^D{kU6_62!
zv98peoy4mTeX_iV4#ZP<%7EKiz4lo@B{IUu)wCV95#$x13RM7phF{bvZmy$(gEldb
zsigU|M@K&Dk1$w5DI&WtSCL$p?v4V)blSAA`r^Wb4B_wu@%Uhn5+6KZIgX2SpvuE2
zMLwJrp_TZw8A$OG@=1k>yw;jO1i{P{T81_Ot3Z_Z@6mJMLUtX;Ch&p0xcfuL(|bo@
zk4f`G5CcH^dh7La1HVRzvNdj{gVmAXqCmd*b|}{uJmAEPxJwKGbV!27w{S~`CJz+J
zfZOtb=nfY1FWqL!UcrZ1Pqo1|DgA`J%r0>X)bp!>6tQ-s5XuiBf2bw@8%=vX5z)X(
z4;uVmMeGid=O8+NR%Qth=L8qWE{o36cb@Pn14ks_I5>^hW~LtUx(1em=C#pS_cK#!
z4$mzdT{CzJSE}d|=JS+OMA%E>(5)nQ^BVZ@;+zYSV223!+#R1PFj8u~LmbJRFNV+q
zIjuStHdHeEE?`qrdxj)a;#mC~H#6b$mN5f)i1lJHg@%F^#te&+<}8-+ePP(Q#6y2G
zRXP51;Tnh?Z(3Dc0vn7LYctwhNTf}V1e?mD<dVS3mTP+WsfA@7#rbWEp}1pDBe#%F
zlQ7C4Q$=pNOD?A#|IGSjmfu+w!R^)^qZ1_X^7$WvPoSvT4ZpMW^06jvh_Og9!=M=E
z8GJsZo0Er%I#f&2D}q%dT`X5;8LxlwZan?p;Guy^%g}^US`;zjq0iW-{FBh%_Bd$s
z1J8SSJex+!pFuQaM$v4X{$*It-K73x=lgn1GG+&Y;mcQAL(<GHSk<e^cE?jh@FNuc
za|M8E=*0>genilWjBw1|04qS$zj(LfnO1L;8iZ}&5g5_7>%PO#qOjLb^w`O0!_^(7
z7IR{;za&BEegBTx=3_=`<8%#a#kF<v>o}LhJ0kD1L3(4>EbKg)s-a)J$m;`71R{$I
z*NsQtP^{3ga5unqG2Xw;W3?4L0|MX3S0@wh;%)CPNM*^2kG!%)yeHRNk)qPQ_G3g*
z{|2dVBaY=Ws(SkaY%S+ZRi)UzR?EIT$!cF9w_6G7Ke+%AR%7ejspjH;xgPwA1c9uh
z*e))$&G6Ei=bm#0>8US^1pQCT`>8Z|bW|ydR#A=yYGrxR@*p-5VA{RKxCI8S-RmM=
z@SeR4;MR(;{z}1(mPh?)f?hJoz3c%1li)Aqh(Zd$Jt>NnbFUEtp|OR?B(_u|sh5m8
z#Ht2w+--oB&uY$Ht_9VbEYNoYWYI8+>-q+*Dd4mr7LZpVvfk_>>3K1|zR(e|A%+SG
zBHQpAVszLX(T@nJ985x3*|1i-Kqx*Zs_23OyiRWe5Ex#vK2)!~`QakDJ_XJi!p@{7
zRpetN9%OpD+s#|pS?<1Xu(-W_;QKOUvPy416O%q`QHTL=_AoqR2ibMp+Ok=?>dqa7
zq!}q0lh@{LgZEi84OYkai<ar}TZ(nSL!l&RxrNCr6x+PJl>knJVzJ#e#q*lL8v8C9
zp>(P&iVCofeV+WpMRu8pyW2Rio^o%2{#YilPH8Ix2EX;2<6ILka*g`RI7>M03>cyO
z7b$4f>qgbxUsGI;XMX;m6D|%upq%kM#d<gv+s%C9aqo9^uqa^lq~s}9?F%3z=Ail>
z(=*wRnz7dsJEXZxwS0(4wC@SIik^*3e9J`%+a&)lCaz?&h_l*^ph+cYt4uW_)p3L{
z(97VQzLdI_{&qPz8d@b<-s&~l3iEX(R~CPcsSK&Pt*p<M$c2NQ^)#Jz2?L8j)tss4
z$!);!!*O&GT<W#MlT=e(!E(7-FK5)ed<*nNG3-JmSlK(6M~o<oLhZ%#Jwaf6ucQ}Y
zTNM)<O3I4&n3<WdDUr;9DFL9>Z#Q;48#+y~HykfhjJFzGRBcggx*^1E#ziOqquWfD
zs23$+w}G8?LF$}K)t9KQkMB!ah6~Hzg@38-2ygF(k1bP9Ed<_;7B=Q#fJlD*Pz8qi
zq!~A!@xK!mvKIBSS<h>eE!gXglvQ899bHrO7`ygURGT{EPwv;@8?NUm;@?(v1!^bE
zG!DjkS05WEN(fY6b?72HXkB!}0U)o}fVa_B79}BXQz#LyLq+ivWzFiWnYiWuT?{CX
znx^{olia?xM9gq@i7i@pZ8s!`D;~(98p5mc3_LM|wQPN`c97KUjB6Y<`nj)P+i+EQ
z<6FkSIj=corOEQjFdUAiO3Gts{Mi1esC@>eZTo)N5#(s&OTe8}KHK~=UI_?kUuq6s
zZu=U9nN7`{Q-tD-ycZ@r_>uqsD!n+r%Fy9YiG^8CS5E284fW%-Z{|P`$*TSu!M%zW
zaW?F>4@{C}HBIPS_htnIZ;``?yX|?~(Z^d%R!;~eUMDXb){M6<iGd+dG;itV%9Yub
zc^830Iut?Hf+X%ocS!)AFu~3{(-GWm)h&18k9YAg0Frcc)t9O2lY#Id&sf4^?f$#%
zOxo*vEra4u6Y-5?vCZep1v43T&TeEZS}&rjTds+wKaC=0K+eg(pb1yQ5w7wsZnbUb
zGf24}<nJWEE`{!$9Ny^W`w@bT%MZUHat}y$EB)VDpwGJE;xT#J2SHX$9<YtarfqnG
zC{D26e3FmOK@D8VcI}cKlw;eqroacgMOtcYtZe9XoWDAZ{e+bENluEWF+Cb`MQvU-
z|Kn<hAJL{EB+OxKt}u1cCn+s|fvp&>^meslrKyEY9tU&O($QgcQQ?WjRJgTE9Y)g7
z1BDFoZ<*kh(61II9tmFmPzr$*(@X}%6-)x&=mPv4{6^XG%{kLXX73NTB&=L%Nx$@>
z4M^M1JcF7>{TFbCD$9A*Pfa5v8jwh+-B0lFQ!n<ODvYkG?5Q0U=@_(wR0jv#TEpw$
z%1=j1{_A&R`&5JbDba?fgDKlNhwFRsZ$zM1)74Mw^vR-a?`{3l4Z45lfE6z9ie}*x
z&^`V^DqA?lP6iLCcAltp(c>ugsuy+ccrP5f+!h&+Wn{fU^o|+9KW~Z2_VFu5kCw$#
z<P#gEj9vq}K#Y8z+0wlwanuEhR(O~#mkyr)6(D#l-@Z6z@4T;l!H0Dwd+Ft)l&<jm
z4&tjP2~fIAi%>Km8RqJ>*(u#QOrwmLg=WWlp~*B*=1&sD^`_lPd&ibT?p4fVFa+y>
z)%D~a@lfLDDMlAbRAjDdJm;#DjXIv=38jCeiZs|!AuJX}DJm6yirL_uW%x;H-Oh$J
z=IRsBVjs&(Jb3i+d5U%hgBT6-haYr|h~0)AHVx0}2h>gQ`oiIhWW2glIk*8hCh{w@
zH0%-WT*#aEZ&pa}@1TBY<`d-tK2eZdg*6H5a3|ASE-EqTg@j1*sQd&GFoTj^=~g?)
zC{~bOBjKJSE<pn&`|+|WZ2gp#+6hSdhyzK@z3xL)3YL}I#aFj?HQgei97)^m@g9s7
zhwElx#jU#mhM%ErRnc3*)cz8KUciH+z|<?ctjL#ar<Mih9~E=)z1e*R%T1ByQWjf=
znI$cs6^XEkX~<N~7pD{4ZYb=Xz48I8E}`#}<?JH?Q}eE$iU#i5X(^r>Jfv;&iVD>r
z4aL2tZb!6}vr0*r==dJ2#p>W*`1;SV)`l!n?HoX7(+`odOr|rTnki|=H9QE>;sD~;
zS$K0U(mez?P9*VTNJyxwFar%z&V@7k^fL&i;H}4;PEOwoQsnG<1#7`u!b9w%W2U$e
zlT?W&8zCiVI8zH59d)cPiO`+esQ<*N-rqo^V_n(;m1iGPdd0Z8ZTOs;&mF?;gnrK$
zx`KaCPDcB&X{}4wpyfo4&r?y`z-YAivI8YGoq`uaV^XBNx(ghLu!5iX_G_$9_3dcs
z@)z{4d=*8*)YgsYiZml>YmK_q+Zv~v|Fi<(1Vk)~VnD|Q(xItKG_Ds>v1kH2ond}|
zCcZA&&&6y69Prgimj;m)W?Jjz5U#QAI&TLP)G9{MKTpU3@4wo%Sh6uT-m9-tsRjtR
zecLunknX_qrD<oh*(=*#BERxq<*YAE)yUad)hn=!_`n`bmM}SKp)kHwJt|ji7=Ea8
zB<QYI9vo`wiFAo+aPRAb2fiJ#zjt7hX0m=L<-=jVl!=|SC|H+07m0U>8Qnu!I1>{V
zbb#QS6j=uoTlYV@m&u@({f<VXmUO<KYIkBNhFVHb9aUha7l+%|lluxd*&u8iY`ELZ
zD_c6ZlK~9kK33CyZx5NkpJ-5+`o`~TQij-P2BsOth!?Wkp94X)t(`+u&>)8|p{w+a
zSp?ETRhhQZIyI)3s%*Iqjo35GusEc~3Q%aLNK1-q+Xx|mR9R>SIg|`i$)-j`;Gr^K
zYnZLy{2p=xfCw4pYnUb~eyrI=k?a%&4#>966wSXB_SzjCjHG{V@OuhQl)0bTl5~sD
znT?`ZZm^?Aw|)$!S5R4VD>BHw1CfwwA2mVABtn>`01O*$xZ~KvoxTin>IaKO==ND}
zyH>lrXMuO_-hdwv*0`q2B@BS76Zqotfo8O*ZzHwbMx@0}&S6=6xG>?8X!x^x*m))v
zaIo{~>r}tvO&7ek0=^c>?;aqrj=}WNi{NB^W9PH=SvSK}+4`hdFa$Q6W+fVr<cj&q
zhZI=vqV><ufQWl+oT0|+UJyGj1vS)PuXrp<XYB#{_c*{wj(>8wA^aoz!Ipb^kD=DR
z5^INXr)gL-c#DC|P1|jV_OcL-s;q?Wn1m$HKJ2U2NxfI$RNyZ9IE5rdZLKAmx@1L8
z^RASjIhh=Yd*C-e$+}rJ;kxf7rScrdc*15CFnahDnL22u9xAI)`(-oNeI-u)DcuS)
zMl1uuXi9QTat9HcsH(?NuxUsDld~YJH&pZyL}+U2j~L8`0?7CuzJO)urn1CDQ-j~#
zuLhpa75eTb{<fY$t2JZ;G4Q&b2VI2l_@)LCda#eF9!%TX`tPs-L2NB^@-YjJcnE-b
zu*J=(mHHX2edrS4zbHD(*5O4g;0#!2najZQ%#Sbd{=GK*SY8rt;6*+ZH7zagM$ZwQ
z2&ff?h(<+R^a8fXrugD_7C=6+Bu(T$!nNbDe)x?J64p{YZ-{&Q%zC?Cqt~9)(`Qhh
zZ_VPg>imheo9YOoxUf<(9Lr>UFokn|qsn)%(iaQ;?0u|4U@~GzvrS0Zfz9K&p0N{!
z%?1pe=Y2SPHzaaSvhVJm_dtFOW1R?-NEb=3(-MWw#8w@Yf+owyP&U+OQmo%nklun1
z8*#hWW|jf^kH2IRn!9QM4(8&ek&(z}q_USsSkRL;x{xFoD{mi%)*mKe<o>hXJ@G(I
zZNi3sjl`BG2*hd~h}ttK?X*DWH(wd0CqadJVwU7ste(qzXC}C~A1x=hV7@R>eD=4b
zPt00VbW?PU>HlXK1k=~Mearz-aC~cm3z~{g+1m?OVv{*D1Q0PV{yN9^{!^j`_bb@G
z6W(!3=UPpZN@4(z_CTSzpB4yzI#9hT#yfOQ=^KT*t_XvJ_OuL72a406sO$%N|E`XE
zS`ulCjB~Z`NT{SdPQez05IwVK!Q~UwH+Xs4%ztyb^?j(=p^u&oUkkzH=eU?dLm_Hw
z^45Z`z4nk;o^p|vOF5U5HgMDdcMgNOzG<3w{^nRMqg;4Bbr1dbuNBtKKxcH+9@YPH
zI<hJ!`Jc0A0usx@#O~hRA;G34l4bVfV3+6L!gpw^^Ts8K8UcDNt)gKiitnk?^I@WE
zjOJEj+S<H3b*wIYl&r^I8$;B35OYKqG;LyGl9B(T;D4OI+y3cIVTBzR-l}!7@@5A`
zr<1XEa_|pA0y-ly4M<6)CY79>a~6kQzPfJ8sJncW-hEwri1Tkuko54L5)b~`;`Uc@
z%R38z2VGo4!?8So^hZ<_>_`*m^_Wpok*t>PR&`M-VEZ3km+3($Ot(>*GJX~6Z;<d6
z<i7Q_U;bK>DX!nm2^JHMC<wF?{vV+f0_W`ZXu*hLsQ4(caU@U=t5|9SxXZrxAdH)O
z<@g=>gkX%vI6WUiH*-8zFKtwN|L&C$e5+|(8A)k)Piv?tCk;&DuV(IPB)Cqxg_|=v
z`lp)KpV?2#Rh@Q<Qhi|Bhs~1z@w(tDgYRU0wJ?BOyKUmE)9u)4Wff_~PW+$<t>69u
zfXdX$%Y-pQnl6xo#Ew2=!<6+N=gnq+SgT!LbWnVz6Ep#_w9YMUgfa32x)bErEYW>k
zy_As8Q@AE&-Xc$gBTw77+W#9dBdJLRnGLI{WD6UbZ2*)&d?UiW2IBonth#T#e?(1!
zPTIa54r6l+#}mafy+Bm2qCljatgbAIbZ1gf;!9A_^mEh%7`gUtp&{kvIq_F6>q&Yc
zY|}38nV#mp0t$goULSfqyQnl(9O(atD?79^U5%gnsFn>TbUIP<*(0=O<;%ajPO*N@
zFhiPushLo*bH0WN9oz;ZL;0jf)b4qLL1(_b{Nsjo1`9>)=CD3mgrXSWIfP|FR@#=X
zy<}9O4wChuxp!nJ^}qTz(BM4O3hKaHtc;E+ln(@FBQJcAW+&&iMl6yVr=y^kliltJ
zP@~RUv{~9?oaK_00=w@6s>71h7&?XO(~&u^H720hsXL2RqgWBe6nXOArUsnUgea7T
zwv+JgOYM?{Hj6eR{W^+`*ej67QcF<$@Cyk!@`1v-dVF3wKdXReSaMg1c9lNMVS4Y>
zw0yez=Xq}@2(sy4W^Vo+`J@AA0x%jHrq>p@gZp*^F2oA9(u14Tt^sJqc|r6o>o}V9
zE({SnxxLAzeS>xO-|lXr%1c3aUam<e^_%8fGHx}@!9@%;fU4rOyp<sm9&*aSScS;5
zL1PMNI<~N_PJIj_l(NC(F#En=VlTfr$SBAQIBoK0QXWRK?ADXl*xU(zIw<;YbociE
z*)9zTSS?fg*)z>A<}(N}IJI+CAN5kT7|X-yuBPXAuKF-%IcY9x9}2MnxjH$I(h4Gd
zlp=Q|)!T~MK^|fb)2N$1Mf9iW1caJ>N;Di9E3(|d(4HN4DyTM<gqg9EU}#JV>GR;|
zIJ(^ZRq)2-uW;XLAb1^)1DVo`ZU(#@Fmxku7HY<=Q}^?;nXLGmqh?mE!25p=Z6F@@
zE8Hv(idWfermV@#gNWJx1|`88=jd`}c$Xr%x$Conho4fYAMH>9rZA@Wy>Yohgzcoc
zu0I({90(;86GU=$SY(ec5pFPTH0Q;e<V~u0K$L+@r0YW{#(W(H7GymL$ObiFw@24N
z6c`uuQd$W#{UEB?os#V;64Z`hGL8z~JMD~GT}7n{)ESB#iv3&UXGgTFStV7MAsO3K
zj$h=74F5isE0AMz6kZWPc0{5CaMSYG<W7-eBa=j!U=H<TT`5*Ofix7X5Qf%RPbI}e
ziOC1a`^xgOguc~p$}#N*^^89p^AqULSBa6b$=C#@Vn2qTYMsk$Ya{+}zl2S%I@7X0
z@cW(vM;xz;^tMNf=5wSaXq)i#@ypZ?c!Kp4LN}&pVU2L<&vTWT8TIIkl|;Z7#rCw1
zsae-E@OMcYQZ5FUQtQkX*;EQn1rW1xxo1@mLCS*QGxXCog$g{-psoTplb31wh-`n}
zp$i_Dz@zs^)QSlVAa0`XVK#}!1a>iZ(=?sevuksU<JC5H5dAaUMrn4x;>1`exI%d>
zttY*k>3%y}$f_CkC)IvDN=|Fa+W~$@CcBXz>vs)5TORuKUrZPm)!zyXf12;gbF*mT
zi`v&s+^lrqNY^qfG_rwB_Jau_lW*?}Ewqn%W~w&!cF>5cO&6#)Or<?bhg8=#DXDP^
zahq`RzRVOdJ@fcGP0WpjfACKvjO{*sXq;f-Vuhm))Cx=+Lmy<Jp4n>lq<LZF?E==C
z^8SobqSb_qv$y6WS;TAxz+(E*66_|<wy)k)1_S@JqCQ!hNT_)-1N-cvIVGx8w0GBc
zn^>Iw{t3J?%93F6Edr?`R|4gfoVn?l5tT-G{+Y2}jnRRD+qjvvjL$ZezsC@UAh$c+
z$TM>=!KGW@Ygg$I)PxZ_ZO?L(eR_=nD>TN4b@j#WW$glCM<@m><{jL|P=se`Wzy{5
zXBHbs%p6wXBe1MGQiYYd8E72Tc8<;k|6<k!l7U-z#_8AKJ%Hvl*En#CWR=w!rm0W9
z+^z8&RMnR_U7c5cuk-~y0XyU5mLrt@9{<5Mki3$__{?H?mG+L}EnH!RUL*GIRt{Bs
zMCR4R@{lu0U=xXank{H{8U=uEn=TZ*JV=vO>$WsKmQ0f15c`a7^~2!zLc1Opm03i)
ze6<p%$pnDkUG~&EH?64KEyQ0h$~?zj;_q&8b?G_%+F%)?<JlK<E&|O=z{|jpWAz5I
z(8;|T>lbn#WichYsWk85etP5oS;pP`8INlsM~yr};3h^YmlPR0u(BfXvBI|(17qK^
z9wfq4WR@GJ?@M<x2-@F2!IuUlE0>3n$KQf7JsqV~oMpiQ(Vx8idOs48ZKiRzMZFQ)
zIXN+tzbjCH<?Wctc3yw$zVQm@J(AKYZ|z-3{vW)`+Qzw5;_rj4P5TOKZnqD5P<HUq
zXDrW<D5D_DH8Zm|XQ$(cT(g8|eMB>^j8ex2o(-#<ns$_rY3=4g0~xD5e_oIyQ*nnb
zZd7$_Wp`^nRVIoC2s3v{<FyX^dZo~bUE&L2#JP@kG7P+}q<28xQ*imWNRu|uP!m_i
z{k*@%ikXgykuaKSk@d4?GCwkr^+7K%W+&-(wMXC%OWGIdla!|QsTGmG-bZN5H#m8G
zCWyY(;%22*_!ev=uElTD2#T8Jl?$oM^T(vXo0li;wPj=jDyB0C%+6Q4slJoLMl^lM
z;9FPu&i;6s5@&U=mCwXAYt2Ty_>A&dKC%Xn&^rv8sD05CEcdn0Ns@Ewu<Yy3-rX$F
z&-M}Xckhub!G5+Meu(JN1xu_~kg&d&tFv2w2+dK9xk)4lacrO5Q>|LG9+(G97u$K8
za7mUj7RMlM#||?7v~z!!Gt(1!;~tjJ9p*|42Hv2q3-PEh7r$(!%d8E>t|K1nK>)j0
z68A*Vvs9{sCQ%sPr?+jq3sRyAbQ^V6J4_W%qHw_9h_3L4ZaCb{GIv;D+M@q7e1|}n
zxyRO?Yj&lU2h?_fj|bHRFM)~g#2TWqWRk{>3a)2xFX7}qk<iX?At-u?I9YVH*?H2D
zCqa6sq_<UbvD2yBhZ*cqeYxCv`*0dj0nMSj1e=B?Rt=K%lae|V9Tta2wiF%ap-=i%
z$`ke{V4Cdyd{OU~#TIqFqd4s3*p<326c=Ei%KTK2{wTtkW&vm03_=$+vO|sCZ7q1Q
zG68U$B*IsVdk(tXcoTaOL9ctWBpiMzhF7^$LC;cuc97_XEuR{wM_bdkI7UnoB%k!~
z5Y{29EL7Xq9fJ(E^z(?i>7yFmEIjgesPkvP=`;_#Ek2E@17ErrmNlc>(NE61kA$AM
zFVs2G9UDu`GLOr%UE(l8oWkQ8M}T-Q;8CtssfuRt$CGWMUFEIlP{Lur%d=~hJiO_P
z36w2);9M!nNI)vAf01YgQcTxmSxxV{U!I7;YYuJ`O-LObGR=uKjkT4>^BM{;#ggAI
z{m~lQUAk{Yz;hIX1Nt`1CWEyLLsAmpMBUSdsNl(7{64lhVk0D+droUUh^4x+o#ikI
zR1x8&TCz8Hr9-6WkoPWCQ|^X)258e+g&R|OLQJVb9>s3vdd*JPC3DN=xO&||nQs%N
z+PXFyrxjeEbNcTdDYX!27&{dW`cJtxF#jv)vn<kp%SE(Zs9rk~={VHfG{qlL=`n^u
zy1*SSwJDaBdx?+0h{1J_q3gbsR;D4xzC2-~@k4qdI$OrupU0|Z_VW0zocYFB`v2^1
z817yU*xOV9ZP<IYc1s}R4a(2>-{8eaoubK+(A`$eTXP4wte;;lC?w=v9eqn{eG!am
zpe>`m%|GfDo!J`Fog&P~2{9vN`(19{BuD!ZX)`7Mp2{*=vAMst2*OV1F^>R`n*Ez(
zt5aS}+#sl7$0s3W$-sb*_3l>8`9foyRMnor&DAgA9+LB6<rf8w_S(H^a~A=hkdQOQ
z><Hzui~k16=xLnS@s?^}cW{_}r95W1W6E*!C;7OD2=--s=fd*pG-q(;D_1-F_3#a>
z!K$>q3-P!h%<}DKiB<-lh9{R2st<DbC08PkI{^d4TabEsa~JB*t>06J+~XJZHxiL@
zAxEJTmEXZ<Ps+iE(|9*TsVr!tZg~hd=#i@iF69Qs0Q-jy&D+Es%!AERR~Fnl82D*U
zA;-uv_k7GeUqDm7FTW>VTtcbMz3hMh!z`690o7PpnIqXsGRU2eZTuD3@|hE5w6tW;
zx#COy-z8nU5`j=1ckDiJq9@U%f4@R2@%+{~MH>3Ty((Oe7@So^UMAzxe~H1XT=cMu
zCOVdKnFhJ+lu1shYQ2P8-xfJQ{5YNLZr3U#eu&eDZCSrCT6x;_V43NeuVX1hjS!DE
z>fw@*sc@@+&+<#~?1Iz0Yf0~+9D+@6KADKErmV3F1w}Db^i10UN$$;xy?=I@S&La%
zt+))R@0JNw7RG*#*P$;n?s+z>m9Nn(zegSlA$r+v+|7vN$rfwh<-h|Wc$0{zI)bz)
zT2kFDUcmCDb33Kk^1AlG;kpcPa!W@$S+D7)0ZAr@QrmA=`3RT{fB{iyU*zwtY)(lA
z^WR(PBueZ~z77$nG^AtHR4J$51dfpJeKL8{a!g34Umnr%{+U6rI`<zG`;aQu`52Ik
z5!btckkha19y{h%XX1v11Ye5f$TwWdQ1Q08L}w_2A(t?pYd7L|mR>uSy_|Ov{<e~Y
zR}J8YZ+Sefj!6C#2WAV3bfi^IZ?2@+egY>UA$$4%E|?J<l=WM;SS2<q=2)5(^kQub
zlMzx`r0TBhYArcY3mpGDPPZ_OTYfoM&iz+InCkZ-p1IFT6HNDXKafM=$^mxZ%;Lxq
zy*n7@z@nGW2hPKqWQk99de$m=3NJrOhDLqPf6jnM_$MKvz*^%2rB#10?-NWOc0NoQ
zkt!%O0Kd|QLG&GXxC^Ac0LuR}=;)p)ZJ=M!^-^$^>~nhG-AQ0Ssz<xkpl_1nPru}l
zOw%Rq9ZSTAgM)PZUsCn&57_H;3YfeU>@BMAbRm_uy5DXJO{g1}Oq5-Q%+E3H_O^Yt
zEG;+i%p|prFm5P7DG^briaQ3v_7&q~0jdF&`+XDoP_2~bV-;erXRIb+@feO*b%~hQ
zI&xb;Yw&7$vnEl!0Jvk|MvLEXE8MoWWga7S(nfoUV%q}7pPnZj;e6lBNQ6HXlSHrX
zKetJ!=NKUA`Tk-eFVW+Lpj>=Ya_1K%r}1?%4^?75Rb{Bb)$Gn-0#wQ_F}uTnLyKPe
z!BOJi<;6i521MdCAy*sI{!jdecaLXER^7gdYk9k{V&9tB6|R&w>(wl@g_^quwt!JZ
z^>x%A`Gf=s_s+Jq$vjx<Rf2pPht?(7A9pWY;uy#a@^2Ky2}KQ#A0H9-rX?<{k<B0<
zRsmzj7RLXR(;RH)IHR2%e%k44+%Kya4il;`|1e^e0NzAdUKRJmK%BIUZ;Xi?SOts9
z6h=hSvS}@{=e=DW{D+uWL4>DL!H4qd#isbw#DtE`h2-vN4*wO5pV1fjJ$DfKr8E~}
z$}FicOMeq(GJ~gn8)Djx<0P$fJ&UbCGrBY0`9>t;N*w#5sbi<jgiPD#W`84Y8Ay#e
z&lDRYWtFBV)v$W^#oFSZ$F5<+dGwdvo*UzbM3?Y~pNtw6U2kEdrFc4!UyyDb>BjL4
zOtYb4AsmrIMC0%}sf;WN`*sVoO+5^l0Xc$eCfQS~L~wPvw)!s4j?n+ALi`GMY%o+f
z?YtdsPB>WDNh}#%nC<TwRCio-8Zzi8UYW<G%ISp(4Q$f2xO}>z;jA2Bl?v<>{Cv)(
zdamo>|Iah7gkWT@d4lvf50IC#E-{GL!+J5n?rfP%FFKO8buh=p3k~1VHna5`3xiXb
zHnks_sTk@B(pn$wGK-j{{Hu&vV|08;LP?{<DZK2v5bHfO*})aQk3~629m%23$tLq}
z6`>*~7JYWO&vVxsQ~T)r@6t^t0_7j@xGw%4ZDPsFi)y7~t2zbWuHT6t%mq}I(eGu?
z+wtFOAu&(^j4cF^jC>@ydqbuSU#7)vDI;Z*m0+`T5FCMxBBxBxglok~;3J>7&bHo<
zk%|qRNx^o;RHKiFIly??f6{LSb8Cy}_wo$TRmWJ&-^KxGb6O|QQ{dlZ*@oF89gqo9
zr+noVw<VrK3f;!TVrK0+p43~NmIz_qK=~}`9a58T(&dj7{REwuk|zX(>a*p8B8k9`
zgat$vv7!7T&;r=GI_6jk&Tuyg*8H7COIM@6;q#8fgaKrsxChrP+T<HIN9{V6YHW*>
z%-M4SIEBD>AJZ$%McT(5*tCsBtMoMVGrt^I10cWK7Vz7EhaxFvpcxxaRECpOzKpV4
zT^c<)PL};zz@&V?oi4W#-FBnB5{eX(I4aM6HN{Q=LY+@{+~YCUWHSk+ZJpTeK@fPZ
z)3G*yT#YHRB-MJEW`EG+l`6Gz-v5|$_JNEQ<YGYcl1|Q0nuF$v?69pzhIN)AmFhz*
zalL;GS>8>P4=4l~$yw5%PT{^Kp@aTJ7<z=SH)t85MR%R=c8e}9jWu-p3Et2B#lPDc
z6z<lB{q0<@P-rwICd$8mz}*zMt9ki^Q7V<xjzh4Fw9_yIgD{a;0iFQ(Nnm%Ae%6`{
z1E03!M2QfpkRBS3!fC9G4`bl`wb!qJqF6hT5YX@s<_Ue&eUUfj$m_Uh1kPi_KWy9a
zK&okdBxWLu+#YwfLl~p9-4lRj+w$#hA}0pJ5aVKJA#*#!G~r@enbuIIh2wNF^u$W4
zOGQUryB(%f8`1>mj0&SE<%VRBrVwAkUt+2o!M`i0zlEX87Y&0-rinBI7jZ5w;~K@f
zLvL9t-r#K9xvv%HliQ$0jxMki3MjRiL*av3Jnve{A+sMba&^Y|s%ly#y7r|G8+!KU
z&S=JKA!>?s$c}S-es&9#1yT^O$|=J8&8w(U)hD`(Fs@T=2VixLnA777tf;ii>N>Jw
zA+J=c$CKR#L*q5mtRk0vU@Csu>`^M1ug0UvR)KVCbVz;F@-}bX`_E1JCxV205V6Ds
z^dKl+RY*8~B@rL(u>x=|oo;d#zOxmu%axLqkyH&X8VRH1ttz!i$Ps)0Nr{O6J!=2$
z|5*`|Czj!aY~b?L6xiR)`*3h?mcpuAebnwPOKxrBPV#th%(>8wg+I0+g!zRC&|=<&
za$N>K>u6U~%8jx$oV9b`ku2tyr7@gF<YnvLFmNB~_Cg6`9f7q*7-M=3ruPS_*Z#`k
zxfUpwb%7tFzb6Fm64N6OXz+JZ{qc3LSiN)^#6*VACNRDqwN{NKQ*m{4&8|5Sd)mWB
znblQ?4=CPx0<P#d+JTHy+fIt!?U{5Yp&Yi==>84s#}hHE<<BUK$q+s^5HE3!0@EMu
zM5Q#3pGxSKU8iBK@J}66_#2*_pv<LJ1rI;YIln*D^oq{c;L865t$Gfe(ldEy2#8u?
z;fh-4^Yiz*JQ_{>sZvPY)P7lD4&vb(mIgzZ@6R({<$SI!^U_QLm2I{81K~549p0OY
zB({H+TBId2ExQgZXj?5nmfLXV#ldTWkiVyx`Z8}%@2^jRdVUxNKd9cjRPHnnpGz;W
z;5YWovIP4o)(rL75MJXjwYF5M9wz!)g>D=6ej$|;w|AQHE5c@J^MXB&h(uSoJ>%b-
zsr?6q=!`tX!}oaSz0vsn8$LMtR?pHOSUZ1>y9M)B`gKM0i$0}br6U|Z6$NabXkP%K
z8A2C)v=RI%P(Pd0hI)j<f%{9i+xCeE4jIp=H%5K2HYG9)Xo&u)x+k67dg8LFR5*%G
zZbp&aPD2Bj^Ghjvj(hb=#-BLejv^-upGf^=dqx>kY5fzHa;KmZOV1Ub>0X|g0$%SC
zjBPC<fGNtfX54HBWf2_muIngVNiJsxir@!p8FlVW)Ls)-DGAgXIU~1wF|#KBp^X9U
z1-~|fmpg|2hq2o})v%+<5;TET(y`+mEgIIG){4n{6Wimu{8_3ti76I>>ZR*S{x9@e
z5^DklFB?AQ&i%kvr24<S3dvicgx`_>9D+?TGAH_ZL|cb5+05ab(%!-g+ZE`b)AyHx
zL9BoOi-q!Q?$R>cxL|-8bVwYlK8w*)?hcURK|N?^;mI~r@%mZuCUEqlGF$==XTS-V
z--*0CW5Rrh)vH93(@o!dZ4)<C(aQ`)BqN=|ROi`|i~+fVj~z01huuP+jzxm8OjU2`
zGl0vjH`FW`LRHlg12>F?u|Dseeu*i>+Nq=SJ(Ed0gyG~-L!pFnF)ykW(UDtWak}*i
ze$OJpc4M&RKpYiO4-hUR4EL*)EjQhhvw|)Q2+Q=WNBIt<7m<mR@U522f$cAdYDM)Q
zTvTOV&;jE~+hBhfBgaWqf28d&DFHc=?U*o>bwE)uOHE(jsTTjp!w67W3P)J_-#`id
zS>yRl_4|+Jq6wwn^ek$&!?J2o!h(V$bw>eb7!)RwvVR<qQ2k9;=4n(Y=UnTQC!8Dq
z!pzYCli%*9=2&h@>tP@6Icm^+h(|4~=C`7_{XCqL35Q&XOwLn7YWdR7J&D!PBcn;~
zpRb$-Y=Y)_$s{G~7fy^SJQsFOZOo+-gIPh*xNgpEU1A`%qinAouz47fo)-gkj|Ok}
zLl=0gdbs;Z)j7|hy^;S}`3*UEZ`QnVz0+2Y3Uzm^7{cDMIU;QGth$I-jO*Il{@)^2
znDGJCzLB<a%`iKF-lf25jPM6*7U84Jqr6#gW!2G~=8xf>=m^=~=mgNuO7g>*ataU@
zyI0H+SSVuv8zL8RMdM7XCnBwax;GHe2^%WLT?~m4wgPQ$u<+W1&(Dc541!QqANCZZ
zW@kY{qEv}kUdDEPzw1L?j)l5+T=TlKR*!G_hYf_aNWh9Oj=b4Kf>cSWDk%Gd(-0-X
z5~%g^+ElV^sY-qjp!&_@evtn(l$k{N33=jw59~nhd-s3n$~K=za#m!cNtzRFr9FMb
zInyGYOg5~mf|?0_wWzaT_j@<SblTH&jP}5YBQ{V!9ZFigBNcqyJ!A&rRJ!%RcB_9U
z5MjmA`u-}nG~59dL=G)h777RMUZcEHNu7KgL)F?R9&y72xPMrj;#NFVsdN-5r)iy_
zCtnPt0VG(NV}*p>58c`3*^+Y=dJHJjaGF5|*8>VO(mV#$&NCD5NSVy5Z*pA3Htu8F
z=qoLBI%cZ0>;Y$nmu_-{?TghYXZy+`<DZaOq3+f;c(Txt5MCtL|0c!ZeGvCyx%Sht
z2OLjG))M1GnP|0KKcNc6ywhZbZldh6QbHD3e;okpqjK+OB1G3;r*yi60ti-<{U`uB
zIXHN!+dRjw2rH@6rkFyN2BsnUez*00G*@<=_@a{C6n)x7c_vX35nc3HJJWQ7o9c!`
z5q$0`E$JmX<3&bJiEqG2Su=kIKnp&)J<$}@J_*Ve;B==lyd+@ohg0X&>0h0UpE<=t
zd{9qJUH3jb>I)(XtH91**f?ol?&beq<(fiuDD)?@;v>6@?w~8`?Xr~BI9j8?S}xeC
zr&m<0J%j?AcO@TxVJihq=%0(`Eykb;j+BSn!{)&d^~W=(t4(Gq9#;oz>J-Ig+wTRb
zU2|-q3}CY<Y0^tM>L87v(N`Z75pE^yw_jqw@ib7fx5o4?T|r0|WMFTg_NhQ~W!cF1
zD7zqi$u586evG`in$7csEN!&KN$8F!Dv?G-<Sg)W?DO+gB6X^a3>z#K=<nkmBai}t
z!3IUJ$^}rj;u^VLus0m9xP}XTwT8EYy!!5fMw_v>VOpx_tY(A)lEZtDuGP}xAW5zI
z?>!bA6~A9I5_5Ouyn>A%Mq$pNfw$csQ#Jv9z>{e8!s8Z7UQI>Wi^s1$%BgTrN@b|j
zW4?hXir?tn1J>t;{cAEO!!y~v!N}!^f2&Cs8Jq>G_4}{A0cin-_?S%u%Yi~Sdv0UL
z?-lSsf$n2?TZvq!%?+JT2Yf6cShtuc5Cx4ORG;2^-v&GkG!S4>NBp{w`?hK*JIqpF
z<}K(P+@J!Q_sc|}W$A0IGL~qQEv8(Jqvo67G4H=<v{5sR&A=~RFG}1pI-HmKCqxRM
zG&@cIe$;#DT4~Y|TwbMY1%UL>4A(+>Ml6R-QdK8(xvSD79M%Z`Rje0yEQp*5B=$nz
zxN8&>2TmajV>4gu`$ee`4cW-UkxU<E4#03nEgqalaoI<*py&>TqbCe@W+31=EWQ-V
z@JXFv0<Y(MrvUA^l!51HBsDXyYK})Yn5WKA5bP<vtNKAjNW5l6{bVVO*}zD=xdA;;
zXO;|xfz?@Zpg+6^SI_ezoQ67G^JLL9#&`8rm;+jJiTs9AS>YAtoHvyp0vvtQZT6jP
z!`)A02=|Ndv#MJ#$mGTfmZP}H)N%^wRt>F6+U%w;lgg2mBCSpDZ*D(-k_1O8_98bl
zomX%M3n>9_3^4ub@KEjC3_!>E=!`VE#{Zc6F;jYH7**i??7BFgRAC!7n1A`cc6X?R
zum-eo&X45DWfna=NH@}Y#}gVb9&oTCG!P3mtaBV|P;+^`<z7m!n>>Y}Q|8gHvTB0*
zOpjM+jL4UouggT>X5?dGHPM#ZjCea}Hpnk#mg7X~oU|(DvZy$P9j|M@60*)^=_$!D
zlg^EXecx|+V2Z#QpjN<aSN-<rZq}3WJV}ni4CaZU7-#X(ut68l+#V=!<8(Lhoov?M
zCEnZ2Ixe|bw!t%so?*r=aZMiQBad`qwJk0F#tn^DyBpm0N*ul@|1eBFq`&I&|2orM
zzfNPk$HDZP@wa+J8~T{oC}m*(gK6G!3i~%+ar+vzXJt{xutNBRM)>IFJCAbrVSQc&
z;o=Dw`wzFr1v#YIGR8YzWyE(YQN&+Mo$Tio5$Qc$CE7*>SGgmJ61OH)gw@pxRIsV@
zr^k2De7=w8Gb@VqR4of^>*)QChLw*hs;4GII>uk6@Aw-ZXFUI?tF+4wjZ#vR;**$i
zTgN7Y4W?VgxmqWW8eFw`b3HSau+O6LL>S>M848!Ls?a*qP=V1L#rSgA1r`RVO&6bL
zV_2&cw@*F)fEHL`@F<n`YXO+V)-0j9jvtT_wFNkeXEWXUOdV~^9l<TBU-FO|x$l@C
z5<;#qL$_GBn0G;sLBe;ukoc2(pcb0*nL~Yk6XxD_tXPgJ9UtR@gaV~!m2L$HO$G>T
z`_pKPe}p8~^|`7*y`E)N@i}w}G^T%TQC}tp*@fAJ)3)Wihb9$#%Nf`;VaIB@Mre07
z9)4;}kx^EbS%3@}$}I+Y_Zr!RNKf{z6MnYmu`YdUh`9%XE%{f~lKb`YmE~-|S%WL@
zvK>9ssvsJO@iGwX9%>-pPOg4pm|tege4|pKamzDYzML|1C2B}5K2<q((pySJB>^RK
zj@!!J5sOX84g!IwV2Wm0DKw=YHeB7-Lg}5yQ>yH6>`KJ$E5WjkWWBs7dkwb*Tlqr2
zVFi}veylY-633Y1dVf2&NXTc8!`>zW;!6cp3491@;^RccMOTB9C0=#kZi6)MZWN(I
zesOJygS`>xgjv7M+o*_sOLqzDOLIsk0^}u~t=bo>;!A-d%d%dTj^$1UcrC0H2!8ax
zj^o**QEn;@iShCj8T;>7H-a=xgqw|H+e`{cAjTt`lab9ZYc-qADxn)j8V4Bxuu(_Y
ztC`P7zp8wsx3nNRuk#M&`sb)=tVl1eR-$ikbZem^83o0<kyJ@Tif>6(R7jj@DUyX2
zTB1E*gRKG9e96bCYFh^o4XX7yjAELtk0lKBqoF44@>xR-L+JV~aQjRhJJ8g10^e&E
z-&_rlke5`fdK;vCS;&^N{E7z&s_|Z<z`2Q3VkxTZE5j&{>9>?(3-8z`=-1SdD~AVX
zZ_^fzW>N{;SB-s{H2W7To25C<0xGx!=|0w2yn$D+7Rt(D-X_2?bW$-y!1ZW+VIPfI
z*Ewu%1o~R%m^-#<Y!}UsX|36lZyQRCCr+kkF9Spy%Oiw0ftBK>1k^lt2_8D-e#6)I
z-|hkclB*>Q7RLBXyh7j00c5++Cdw01n`6Z6S&Gsf(fQDMaz!?vMr0^dU&?$vwKU<v
zEgonS<*3ip%5y7L487F!szCo@m>P8~i^mwhKtO)q&#oS?)Mx*k+0E4z{6w#N8p_hd
zH|OVokF~8w#Qd!=sQ#m;v#Mtn??C(=n>YWK?-5VG=ASmWIMZumUFtHdVPiRTv)arr
z?a7vl#uR5hv6dCyYY9sKJly<owK@;7p}S;0x2i;g<jgGc%76ekYx^!=e19R!j%r78
zgbTr#vjhz!i5*50g(*L#uuQ^j()36%fqGSWv#Pejl+CatO3k8|5SkJB$2ug8AkUXA
zjX9Gg*6;sSKED<F;HV+@ka9ng*Nya^THZv`#{|ReuUv*-kJ7h(Xbx4dd^P^lbCT9<
zulg2(X~JH_LtO4Ne?L?slizJwF&Fbo3+cqC%-uBZvvxq}m$>vhu+Xq(Git||cO1=6
z!hZ8bv8;S-yQUM-iD3Qoi>&sr>T>%(i->#QoLRh88B{O%ynbNV%-17@Wx+7|E1i$M
zDKB<R{+rb#4n!y6<r`%AOENdqG}Lw-VB!iA6%c&a*}2w~BkD)ovElyz2%nz%p_-9w
z<18T#VP=<A)$z>Oo$^qUp=*B$S8A>+4^x^yVzgFGI>GTU{ooCMDASMR4VF$kj5ABV
z#5TMR+JS>P^QOT_;)$OatO=&VDUr>@kg&uI(MI?<NnN~Eu45-0Cn4cjhR#z_r(@tK
z#Y#^=V@9zmu%l#MA1p5oZ^pCgTiT&g=<;1JucHRf3O@X$;P0FIl^B5_#zn(D-T=^c
zQP5_QjG)HU#ya>+k|~<$=(}M0T?Ko#{R8xdPcw={<yt-Sc=9yeO<vGG*|#an#?sQK
zIY5@gZZA2QBJB?B?qf@1d8P18c;yX()E>dNif){qPi%u}?LuQ?G`OIwLX8_(ftIQT
z8K^hk8PIWGWuq$@_@Mws{TM2TJT$TT8ia{NhC{{BbcC$R?P@3Y=B-(V3b&@Y#25#L
zzIbHUH@47OExia>AoMlC0xs0B))Fy%Jip@$w7GS)inceF@+n&i=0$xC)HjF>i^(#@
zuLsZiBHjl97r-dK?Q3GXADXy?UN5Ssx%HN#2WW-w+5Yop5hC(+0i5Ok@0c%VG^XD!
z#PYmwXFBrxAJ-Oi3Wh&bTkd`(=1hmZyHeb?sI;;o@c(bk@Zh#|wMcDIZ~!<_`Lc_%
zX=%o1Auji(5>$o+c>>MvIX_nt$q4d*<ct#Y)j%@=QDy;KoH)=g$3wRMNs)8e9FX*Q
zfC{MgxZPdV)#nV?W`UBOA$4p-NdcgN`#Z!$Ah4o=64Dl+KpN+a`fB&d=SI=-3xV@E
zVvv8>o^gvDQ6{E<zEC>oC92shA8oxHMgv5?loVdScvZit*`mFsP{0fe7?t$(dPB<y
zEmA;fMC&-oK72eB8`QX)SeC`p0|VJ{<qGf+yr7l`C*Ks#Zq7)fva^RCgM*GoT+fE(
z(<qrW9Y6opHuCn%4hRmyW-#n0xJn|N0r5)~2LC@}Su+e0nYnz_;Y}zvfH}0LWwq(?
zQp<V;cYOiOJIMX|&=1SELbIO7Mue~_TOD&Tq>LU|8e1;UEvD@0yG3kJtU!JMF7#mM
zQX#qkfeS4TCBQL#`K?P-yyE34<#1}W>Wq`J#1N|ZK>MMN^<!8_41PriNqnnje5Tx!
zflhB_ED@Kwy1>>Yf?*pb(9`G+M-aO@F848G$ceD-dB->Hl*I2?MJ2bMDyW)CW)$80
zv}R2U5h^;bgl_z3MQSpHl(QAsVI)wg+G&%FP|>`05q*#52BH{3yYy?B+-!JrvZ<iW
z{gze-xPK)6_a$+ythz$WFSA|*g_TN+PxX_U6Dq_qhDfJQk)bP#_%PHj0ow0BkI_Yn
zVF5>w&N?U86zy~c5)K};@r|>zx%5q%Qg^xGUrj>*TvZZ{!+s3kQaLyE<HteZE~aJ(
zPsfri3*gk1_BnPpsRaiqTtK6Lm{?k6WkdrvsF$UxSs#g>QbW`HqV5|h&(}AujKsqg
zFw7jR_f@_XF2;8VmO&lo3`S39kr6L^(p}hS^O;g3a-jTm#<uJ1dMla)z*HGCamd7|
z;)f$nM+Hzf&DHfy(LVTd9EAj`iK-KVbijt=x`egAxt%AVUz2=(JwMA1@*B4$swj8<
zzm9m*zFcl5VG6kUd^$M^ssV$h-c!S{3=8;E3m<m~cjKl2VR+7GcIKm0L&V7WT02=G
zfz7`R8T|jYU92FWUKWqO{m^og`fTXtKRxb^5T&>>OP+5Zg)24wilQ7jR$>OL8sH6t
z<E&D=WwcVEXmXlU98Nf1<UEN#h$L|Yr*3$Tc;yamFjwi8P#t6jvO{o3$9aQ44(mU^
zwKW}|)67;DE{k0NdS9Z8t3lH<m^8M^^$!x~#(4NS0M^I^IYOyMu`7^&p6XJ!zBKG9
zF%@6&eL)p*T<BH4XC{V;cX5!HpYi6}S@37r+vuU@wIQS}TnD+L7<vuwj$F7X8>n38
zS$3(Du>IFzV$a^!S5!kNRUy2AIMAw+KvPbf+zb_=S#C&X*5qP~o=B_rGZrWu-~G|i
zq7vRMj4|q3!~bilsGn!Bu}GbD6$Xc=I6zuP?s2|}Q?su)$PpX5T#Zmb<b=MVunZ!w
z)3=$VHK=*xlnP@!jLWe3@pPK>uazl=PS)y!hf#-Il3~CPr}E$zV`tBxNXU8d1B<VW
z87DC!a5<bWVwRH#Z$^x>a2L3TA_?vOXN%aXF=B>O8ezj@x1T#o@s}KJ3UpCnY#y8Y
z{Jw&~G~DjgRA=+nA;(|jj~6a1R=IrXvwrINc*;lT1r;zq<tc|OE#CKusq(Si(!bSs
z;NL6)l|<<Q#Dr$x1P<~(_HvAmyH7u}W&e}Ajn{V>An3g8(y$MJ4kq2ERZ~)1zeAEN
z@CW|?1VpIoPzp6;y*z+vJKn>Gk4p>ll-7uq8C)}@%$iZ_#${TUk;_%lB4D5`Tb?}1
zSiJr16Qg2<S#>b#5xwEdw-vB`Mpk5bCM3nKn+SKjb+=Tav<beO0YZWJSBO9a@u0#f
z%u@Rzc0FmV>fM&I4vFuyF};B_dN+7;>5VaQUDNdX7-&BvTVePNyGEG;qdHTvL?#RD
z`mOlaYac8-cAHv4-1HcH=H<C{A{b51W9W`x)Uf)?xA_}6K1xt!L)ZW~UiFYn^)&;q
zA%tL87?WvbwM#h>i3{KITkn_+?~zv0F8~jk{gJjFW@p$?*D2g&)Bq@j%{)xQrC#CV
zZ};lq4G!_Nza`<5EG&qLV=c1oohh^2(Ld)|a0~`tJhLei&m1FJ$X{=)0s*d3^9GU+
z2I`{@N(Bw#TyeaHkf4Q%OHAA$Xs_H|EPI1ig$|(FGbu{6v{3pJF;#HX;k$TE%Q+*B
z&Eq}*Q<f^m{Z8pd0x(?@40DQAo5iB#xB-+CgCI>QW|h~WFZRX<a{;Vl(7Kd02s-*L
zrnR0t;5|Y0g1F(SUX&4FhkPmC#-Km=LC~ty6lh0P!d!HbMN~V7*WIA~8m}M?F@}*$
zb*Pdc?H}_(S^Q#i%hz;D4x`8GaJ1wWz_oGtQl`(Ic*jBQ*shYjhz)h*1Q|Ic7kYL#
z-nV%+xlFR>Tv#aC5q)Nl54q_ZvK_7zp<89FCLb78kj;S?@TB%~EwR<7&bi}p&_4pN
zAt3=YHk!Fv8oFgAbthv9R|lTRA^%_^KBVKII`;(wO>4Tu&U!n2!cO!=OR75ViJ?9v
zkE<$Tn-xl0^atKU$C6n^%PaZ-{cz6c$Q!OTd}I0}J-+nsX7ef0-PzvR=_~HO)G?z&
zh|q7q#bX_(B5zO(V1TVI`dS*9{7`&k*!rBU-(gL0O0Y&T9s)gk=*f#cij|Yo9@PAu
zG)aHKmz9L<B5fC!yKaYQ4!Mi__*O)?a2Jx${KrD<$HyCtn8z~1cMM!C?vFnM;Xn!;
zcccIaiQBn5@4g<a9~LsQ=5l}-2mtp{lCC<1>!FyxpQn7_=&aq-@j6^HKtE?nY$cyV
z+(uW@1eG%UU@^z#@M?;x)PZ!?PV#`76S=}7xjGhXf|589X9CQy>O8c<hnXKhExX%Y
z?k!@;i5WL$OJde|L5I?`=PyOa>xdHho|t^K_42+CF>!ic-nl)AdGzYep`J5uv0MhD
zik+(gfZ_R387!za^}xOpv59Kx65|8rmr&p7IA1ft7Y6;&Dv(K39Js^htun!#1G?0+
zY?#??!**-2XCy?ot1>EC|4cNJdN?;%^aHH^^J5-(*O4@MH#&s#pS2#ux1~pc#`#cH
zV?%~#3ef)2C-J4x&=JAPUA>)-lZEvkA6_%}A`9W9aU14K?XDMN+cYi?tHOlPOx)-#
zMoP=y9^V8Ac3&(>H6C5JAMk!vhk26*m{Odh;mUe*(@{WPir*e#nSlEUHA26Bu|VHQ
zMsU!wGhuBuQ~}q=_?t}{0ctdr%U3mK7xH?grD)-)t4~W)-PH}Q`L~YzQY*hCz#SZm
zh_@QUzp5xIvgVJ_I>r1(N^(cqw=cbzUXVqsl135qC2?gZ*IGh;C#+q9NqULkAZ&;2
z{_*wLx-$JRmKtlm9L9NBU`|`H!G2B0fOry##xQpK#md}*J!Dr9v_WxAt|m3{Zspe?
zip+tF2D8bJwH@3rE$#<(Zf0ErW-?r}qpoTdYW=o)@-ps}1O%@9n;qI6`l@6t@TMzZ
z3mLgY4<TR&C!tBUsZabf0g^V)!>bS_t#o!cE}#Ym1$k-jK%5H5K`p)03B?D?fkXWm
z<TyM~wGm1=fNzO9E!sHbufCP$(&xvuWE2eLZ-+Uzf?tj&ozL7lCA0?d5KE#ypGY#)
z7V>cBfFJO*GF3x`${3I$&!f@-hPdIvAYQ2&?_3F)Os6E#a7IyesiV1G2EOLO=>=n7
zxBLf!%QM?@JeJZ8nozk>0vQ~8!m-rAJ)qXKhWt5<ad=7$R3du%9T$i^yB=ymOT;ZQ
z)eFCz>jsCf(St?oW5oSR&@fpD%vkb19J{r2K-JnfxLSv`X~}aQuF!i~E(m5Z&P3o~
z!&1Y|7d$?t{20IMpN?COW};Zd3ToRlU}~5>-+Cg1`-SDA&*2-b*s-W2-Q>G<aau(N
zxVf4w;;TM{m=b-?pWo^f)dfNr)0SaP$ypl|@ut^z+e_#;iLhq@hz<jwdX{!UOow$T
zrF?M)DSO2IE}w5V5c*GQ$Ks0<;-%dAk9{KJ43oTdGxAV?GGXuBkNqj=)$_amh+n?X
zs%$_s6i->E9-N4r5p-V5aV$?%{AEN6Fh;jd13DZdc#<;!X+5D;WWf>%@vvDaGRVPP
zcwKY&-a=jkz`48&NnsqE1s2o*{a%tt({+!-@XJ4cUK57~$R>ln($_N}_Hy0cebW9k
z`Zp*b@?UMe=>^*6efXAxj6M<}`s0!}U{klaBp=WWYh}bIXb?^HxnTtTGaGT^EU8w8
z$otO>w7aqkT|F6ztok>?Y9%<1(JR&s<{KXNFthK8wQxJb91?=oD!gnUK(oq9^DD@R
zyv_ei?;zrG{Zrv8y}X587;AE0)dGEf=#iDvhH~*F;@l%phmFS%mt&ko6umg5_0(ks
zD^|m-HP%j3xh`cm!=ZXZ++2tw@RCi7)on+~W@m!{mT8ZyoC8QcVqQIjP$(ooxhWq;
zV?|Po__&zC`(}*Xg-XAgO$veiHVSFomw4FS9P6lL^3pZv@Ofy6Q_kpZaA`!OVO*XH
zw#HDW$li$<ABE4iiGQ_@;S{XHI>~(W*GhQ;1PR)lUta7n1xIoEL!@x8UC32&^0l?J
zgS=SDnS{5V3<PTD$s^&>;bocp=Z+qvrgK;0?D3RT0@!em2~U+03i+RT1|>rxzfjXj
zmpMmfFF@&lJ$JYHo<(4rAAHo1S0d+!;G_I>Nbkf#D|s(TT^ehdDM_02>eME|^_sd$
z$KU2GC+eu632D+F6@tAuBwNHE8Ij^XS6o~*EAADPiaLVOLbbwd3;@av(5$?%pd}0L
z{5pb;X;{p{4zcN%KEtF}_hl=`XjOM3@;pqGO=Y<JL69(|#q77wecgze)jxujU-*?o
zVVg1uwi}|Wv|H7W($%w;(=o7tq?4`k%NzKZh>yzrYjA0cMz+KBmjWrlX+^8OA{8N@
zUPA^}wcgGg2)OpKV``x1q)WI(!omeOW3Ps6mR}wv{rxP}X~G%kpc%*~TY^q2{C<cb
zSH#JY7$S+vaXW7Ep9oRsz<55}a&PACQRh)(j?P+*oWXjE7d=A43l*Q-BV%<Vu(u~F
z)3zXySWexlD{f}DGqm7yr-Y?`>~r@4>lmFET;<){X(L;Cr`|HjlW1~GRwmbEsY?0}
zDDJFY6z~!g1iRUC7-i9;McR1FdJRrUHZ*IN0}V)s2>%_ic3y~7;7>N5Ni44gvZYOX
zAHhuNjf#Oir&t|8QEc}e4`urxq6DVR4+GqI8!>Z9*tOob8=kF7Ob&N}=4HpDzXij0
z+h+ec27Bvle-t}r0*!GbqPR`<$KV^9t*d)#+mJ|TUwl$`Yy%Y<AZ2NCtGe@ebXA*4
z<hEFjC<B+7pUD*o&4G*Ug$A=quf>OD^}JKfR~)ubZRa@b`?axeDWPJCneu>HfX63H
z+sKpMwxjqim4j|bfu?D%(f|G*2GkN!lT^OF&}25bt9jR`Tp&QCru&KVI43c`qG|O{
zx!_fae~CYOlZF}5YH1vjieG*p{xI!>Z-Yvjabkbo-Jn#7NxGZq^QtpsaWs;D5<{vr
zrhq8eGq@15ahWyfuIF347_BtV(5zeGY0q;Ks+}&U>w`Ws;U_x{eC+FXm)e2aO@N1y
zcCGtkC~gTN0{AOKfHYK=QyRzd6vDc!-4*wEMZ6M?SSJ8T7&uh{4hv{MvSX|+in!%o
zqD(YDr7zj+_$yXXlNZ`Au{0Vvp1x9g*5@!@o@_68)b+$4`Ffz&lvx(Y`X^3N#Mpk=
zZ@U-<=?@raX$$tqV#$fS+or!LfF0uI&N4u<?(qTb@5C9alP}-+7dVjVG!Bzuj3YuX
z;EV+mS6AW{;~m3>GHn=JvA!aKOV7B*1|jn1C(;e_KXLLFHre43k)6HYftSalMqWx5
z0Z+TE9-I3fT~%)~%K5!}rZv*jH83+7Q|9I$Dmg5bTu%H1klw+76pv)4t3D0dnQH?V
zeZLwU9fKb&Y3W!#z6(J^x}M=*tKW~C|NnuE%WNRzUP(lP1#}7Wga(;{)e(-4NsD6*
zhD<ue8Fsm+PwrqE=V?rLm?HdVMOJzW#ArmJ5$yu6_J!{@wOTd{VQve7a3tv2hxXvE
z{59J!4jaCk+@5?tl0N?WpRRU6(#X^)iF8<CbceRqi(+ok$bVkDGPG9Si|ycrEO03S
zf=AZ2OVvmLALj6`t#;Ep@0k<aND6>HYqwfe2C?wC-6zx@lBkryntekPGC?Z{d<Z_K
z!tZiM5;XZW&?ljE^MSql4=pVCxtE>z!Hlvs<YO|+e(q_%@y++nngP{kk(aj}`b7N5
z7mv%;PFlmS4Y3tAI?3nXdWMwWB>EE@8;f2n{*#jI>{iwHwM^`#!4*~S{CY_<XOWh{
zQw_JT0e8a~TCQpi>HXMdF`?nbe}q`7vuKG&-RKy$YM4xJAeGRway%)r^MvH2|EV)9
zo3X`QjoPNT?(tMT$I6_-AFe`pf%?o$M?n^HexMc7%`D47EtQnjEk30x%V7T6$5Gn3
z4Tp5z^8_!9=52wRgKu}d_JYdZiREY6tLPTlyOK>~n+8g7&CDMAFRG;8uad9%o0_;L
zCAHz1$<SwR@vp0z>N2YT{lWcFGgBGWJr=mfQ3rMyKWqWLGsvveXNaGKZw{<o2Lwj#
zv|L<<8shkI>F*3vo_c-n?qjsW)h*6o!>EZ>Z2iDl{^3C<hdWHW=xVhbE)SWG^04oo
zJuT}$e=uaNfMt~OjX;g(wi?MTz}C|}Am#?MYH<q>nCSRVaZ=_v0P?M(cno5StHblA
z;-Q;>KM=FFq6g6>tTjtbh9q^|Koe!f@aBxKo&~4^WJQ2;qfK<iX-2Y1gcR1qDZtv%
z;DUPWRIpo)f~dH$<v14Nh|rC+2{u@BSS6Nen&8Zu6}sBl!@phm6K0Kr9>6{o*APra
z1Ss^)wZmC7sD-Yz+a24yo9gsgYm!g`RPwZ;J30#pkML~cU;;GJ{?Wp33s^RxvWx7w
z&qgR7Dme{KLW~fg)OtBusNW7VZ@U1Kr29jJ2>vvs$k<6#wQ5bA`E(;jdb7^kJk{>7
z^tV$Fot}wL(lVr}wuGt(Au<LQggr}MWUYE8Jz1y86tM{-qCGt26$S@A{2WmH9o0^N
z8EXb7^!!m6j`l64xLCS@p}Rtz!)}89n;`yT4t_9$y*`H}Fg-HYi3HEofFoyx($5SJ
zEtMHJETqf^2snQaS=pA{mx&@>zJQcA{amM0T)9Mz3VOE-c3PYaUx^J&2v$bAhKb<Q
zrWxJw?k;)^>L<%ow!Debe!d!Q<$8K~N;eSdM+~Ycn^{0iN^Z(P0{swOv>U|;AvtcV
zK6wQM5bn(tKw)h~qk3G+ckaUFO_&{yI+zgYCeU=jC8jgMzLF6xU+gG#5Pf2li@rpq
z0aDqK<(x#Yzj|uLoE;rd+#u*m8g21J4PRR1Pdf)%`lj`hjJ6^r77bjBYHTI_i9NVP
zH};k1WrVhHeV<5;VqhI}*hbB1sw6^rS&5^eoo%gPoB|AhGHxMt)Up9W)uGmr0O&VM
zRW_Q?(=f>IXQVt$^SqW3=y~RG6mA5D=b7PFA7x7Q;M9GC#T4autO5iF0ApBOW9C{R
zK-<ahd;|HM=a9HOnT2EYC#rDN=&uy7&-@y<PD}k-09t^P`eCX;T7i>Tp=Odd<t8X-
zPC&~Ep#ds0X~GQYiUbdr!VMW<y}S*bp|H1EE*6Yg-iMNBmnF`DZw^b+1-4T}ZlPi3
zNkkx0p!g2v$R<RTe>JA~8AqW5R5eX}Z+}R9U;S*Ya-h^l1SFC#vJ{J(syXw?M)(9Q
zU#x9N-^O{CygKFpy_wJES6~TU^SH{Dgo;-QpFP{ST85>F4#sG{h&S}T$pyY=omRlO
z5h{?@_oZ<OI2i^Z-YO}mb(~hUv_H?B#217x9yd07Ot~_d*FjL{PD7%Lqx9-cL+MAD
zIkmWfmcQ~AP!JT{V?dcIKK<FYI?GP-)fe=bDu{pcyy%+suFl@XY83CO)iq(XcnmPS
z82;aYJ+DC%0etFt5RWGMA*ul1UZlb3ZNz>jk)k2(h(t(od6&is_cd)w*&=L732<8L
zXFsHi83&si{RX~+Et2A#UaG)Gmgfem?ocW%Y2lYt3O~CzBhhP$xF{sWw0lWJaaXqy
zP+Q91E<a(tY5v5EF=e0mLmmv)MpmDd<2JE^x$neZjwzW1zPBq=Y9dDrQ%syJff_Yf
z#wyc+Dl<Z||NU?;0W|2C$G*f*7=hCN`lt?gsDqlDDs^1fgyrb87_Hgg)GupHq1~o&
z;(Jd6dWhi$J+WR$B<&p#5IyFL62;=KAw%68e(*08`oAcNL)4wGFiG6qRiY+PIO<MH
zOs?4zP*#+xiXIEDAHVPMpT(z+3k{}l%K@6n#5YXF3lj8dLUn;pIJh5f$dGxmg1p<;
z`^{T$l0bdw;<;l9=wf*+gW{Cmt4=+qeF{|WpZXke+1o4Sl_~(2qx%6ZH5?a6kZuKH
z@shD2`u*>+f&qFNgTH}^4}4H8v-R6~q9fI~FBqGu??R2T?H?icabCgBg|@-G0md3e
zw}C00sb+TG(6H?(nahAbNHmJU{C8Ux8f;og2dhd-CP9Qyw$uewj8I!@8pdim)l!09
zno#*`A~xa@r^X3{J6tDXyE4Q#ISy4quPq;>==d9X2b<c)^%xKiQd=lxih!V2U(~|E
z8V|VVy$pigPYL7ztICAC>90!nN10XV%83rAZI$OfJ$b5|3}M^hKA_+>U`>cZCk-lB
zzo*%Yy<}-ReG-nU_(&Wk4DMvvDRtjKbQ0m!Quz;C&sIb;P>PArV6%zPP^le&04HZS
z^_-9NjZ|Mpzj55p%|a(){3da1mW=i87`~=3xf~b9#%t5vD?=|-QNhu?QYJiYAi|Zp
zR(t^)QmjLzom*Vw)a3~NBaju&BQeuR=MFomElVahq8VI_hlqkt4ec`a(stvdz`g-m
z>MOSOni}V>i6_a$_;8Ohc3)M9@fvF`J856mCIsZnhLS*=ZHl!>Du(gFMyuXpIf0D%
zPgs4Txfdzx(z4zHhdj(gOUk0gxR|d~^vhZXA_h4vCy$eL7;L>KU%s+Cb}i{V$0=8I
zB#Xte_CrNtlLw(Z#0J38WwM#`>EOE{W7hyM`_fPFN4AlGtp)&sE^fFT_(+_Q3~!h`
z_Lb;kk+uv|C>T!Inlnnjl{>c|B5dpnXfScXtg9#31rPzl>`IdD@lF$sL-%ZUjByuX
z=X_%+VmJS0dmy4I2a56DQ^8Zp1wJiB@{?m#Kr7M$w^1))KVxyNZnltr&H0H*o>Jw1
zC@_rM&}O*2A6$y%a7r_%%<?w*JCUZI&GIh2C)z#-3<}+-d?Kf0h&MA8XC7#wwIL^(
z#L-yD0kb0g=aM=z@eQr?pZ$Q?!tY>M4?)rfwu~M5-1*Kvl4h#~cux-D;*z%2P;Sc3
zy4|+9DNj2KGU;gfoXoFRQ-|x))$S{`m}J+7qQ<maBri)aX-Vx7`@oy}`&xFw4A(X9
zm`wk7a3Xoh<^mH$w-Tpe@uKw{7J~8RhRn5Q0QbJ|O*_FZcF}yvGVUW&g^XBPXKN=-
z3;f9Qldu!wRNi$qn@vrCc}?ZhQ~S>W_2I4l%qH}opTD@+bTP{9;KHeGH+OHYyuWW8
zBu(Pepz-t+14;QEZl1?_)eg(<6=MZKun*A8&#7ur0DQBCnS(HTy<AbXls&CSRs7br
zHy0r%<JQS_#Z7v8unM4;%K^vh-9Y~_8&m(PyojhTC&f}@;6&Yj`0+o}@dQp0u>RUI
z@vL6!B_eV7>+Jar)b!{a7>fP@O+;$>Taf!nf4%s?TEf8~65d@#v^UM@ABSIpy#czy
zI#RzvHh5E@Ngk^o$g%c}&?P-3KUs?3?nNtms{Oc}=Q3oruT-`M5jzVC;N+h$Fs|)D
zBo3<Z-t60E0auJys-=OXQC*@cXLq}lBH@GLL7Lle%m=<i=JYN$7e+7w63iG^&-rXF
zJ4?e%RyUcOd){EYg${(!GS?1vv0rJ@DQzTB0Vb{npma@LhPTvtG95<QnA^Q|imQzH
z7tEtkT4dGdbANYvU0aD=J9`U`Qubk3OE=s{sK@t=AKn?Z%vbkWDrF-VtabtVJgvSR
zYCr#Tswich7MR>PDuK}e6zU1XigD4Z2Blc3$u!K5OS)=$xC3ZjMl<~SdUq|0@L_j2
z4dY&5e(RUM(hNJP=}IW5?@!erX+B@CyFJrzoJK5eK>-AN0ui$iB=fN-5X5b0!gT~w
zHy{N09F4Y8Kg*%-ho_7al<{u{8#r>BD?k)$YL3g7Tl!(`*LJWB`T&uv5;3NJ>##}u
zGXpkV>){8e_9mZ57Rn_&J@cIw#tcadeQA4#q!+t>)I)Y?3LQDg|LrXJg6XU|01j})
zfr3o*_~J?G$j-V&FB_%t-K?`GUHuS}$!dNTL{W8S>Ozgqh`hE%v{)O%yiJSbEfN4I
zI$3rsFJg4@4xwr`?-X@M3{`CM2O(*GQDaJ7h;LRPKyUN{N?Xs17+Oc(?#0_PTVdp{
zHkrf$37gE88=DV&Xv?e<Z4(KLQaXxc53{DFjaUP%=JV9BLtwE&SHmLFwej?xL_<%&
z7pPf43XCRV2OhV@_y^5C?_>L7iJb2Q_Wy)~6HeGnP^Lk%5=s-ICUqbIy8CD~4ZN(2
zu-J96{sMbzyWW@>#iG}E!|JqP&dJ1FeHRD0wBwZ^Hz*tRczs0H$$-o6lI?k);E0s$
z!CfKL%t{?u27p?cFp+H50W7Q-8`h{NyZt_&7Ruv>z}fmAMY)UX<bu)=84{B_)c^Y}
zUC<ArkCz~eDy~d#Uwt-*C%W#4=IJtIT<x@93R0MDT0Xk2Oq!jAlWTla2;c-{4K!*(
z_#h@u?BthiQKV2MQ^<15-D_ZmFd%Od99jX#_8}VKlp)tcXFG{yl!4qgM7b^9b<`mA
zCRgbDE2lWgr?xS;8DxubS26a4bki@`YUV~q?(+yqmHT_!RBm9yX6dA@@xw{3jq0w|
zI^<=0+t<UB8y2Fwm7xE6Ue6)x&}v>sQ9en?+W{2$<_c#uQx0Q@Sg^9q`VuYimGXfk
zzYJk@mS5;tb{&5xxTr;p1(>HcFRC(dO58a)qXPuUO-;9Z*v?s7N+3tZd#nbBFVic5
zGO{O$B2v-B0UmQo4mERSjW^MWp0~GWnT>#c0<+PaNT|d9W)$<O2J{C)A<;(%9Xsuh
z*cl_;VTy#q-b#<kbI8Dg3lupl^z{*mM}BfY2HwX#fd;L(#(!Az-doh(wFb?#vBCof
zU#zI+v|v#<-J)XU^Md^D_*Xr}2VLLBd*m)$y)~w>7-PyUXEE-5z1>FTYkXVhl^;W6
zRjzYNN^L^gY(C3X7Fne67Qyql_tPqZ!T8>Ngxdi<uj^X%KqRhTXwex1p$ZR9C)|ny
z7XqDYlTdvIMZOdsVhd=x*32$}9TttB2R)3$COo;omnW3~jPHfD#HTSge!Ag>{)w^9
zD7+UM$rj7q1GP00kX*!(zm35TBr@eS7$cpN+PlJ?vnH=CGkB%AHi#|PQq`p9+QR&&
zr`?4gwKW}GAWG*FW)P3wi9`G2q7c;2%8DH@AWyw@tk0a-hM)e2_9H3i|8La)8YoO+
z?urcg$4=^LU(3e9`QVJ6dZ~ex(t?RtemJBMzNqp~)X&`by{?i0dqY+)cU60DiE;)|
zE9dtx$B=baQj_I(JdnP|Sp$QM)YzhuXFsOUNynS~fB+?<N?x(~LJnXY_BaAFWTF#B
zvS&3n;~|;10_Q3Y0@$p%YTn8Sz?Y~Iej2w|?ucwZwkh1*CY{HN_(V$z^(_z6*};5z
zVQ8-yM7H^^?8H5jEBB}>hiuS@5hhIb#i!>gcf>^T$Ud<cIL$~@-oVJo&W~TjNC?rs
zgx1nj(ix%At@u#SnjUZda1vG?k;FcZW#xww5QSWYj1b9^Y>rCa<Jgx6ln@CIg=ZD{
z6}9{)F4pc8id{S*Aw_rQz8vYgBNK7|BwA}LoK|7!?1_<Im!6N3zFf7WQ8naJW9sAL
zHsK-TQ2VfSgC$<CV5}NZZraM(;X#7FdgkjF&iW5g0JUu_cSTLZ_7#`rzv<k>44Z5b
zuw7uU5R+RO_`*m7RXG{3wCkj=!YFOC*QXG%t}!QyO1YkKNca%VG9z|*otu~ET8lc&
z;AX?|dvYy3o=B6Cm*IJS%Ol!(%I5<)lUVqfjN-Rou-;6-dFckXQ`AMv*!Vloi*hf+
zv`g8K$R9O@2V}z$xGXGLSm!(KdJntI?Tw^>4(B#R8U-}uuBY)q!`-^SM)Bdl#0rs?
z7f9?}MdRz}bFksr&=#F6^(iQd_xt|n3ozK4Jj~Lg{E^ix#XHFhB5@z{B!69fmgdI_
zM)zmjzBEKI7F2^x+n6pJ6|Wiw?JYLwjrMy^_YR+r1LE5qNNq(%oc%)?z%@Y<B0#pW
zDebN}y@GkN&e@RnX2O6Yw;=Yr6|P`_NNz~XCvq;V9`@4MfVw*fG1SSog!~voudj*#
zKj0E=9tiUwpD`tYl0vf8q=MmA5(vTp!fn8FZsM%9Qb1&G6Q$javmhIGNeE%2Eh)Nv
zBvOG^4c~Pbk!3wFE@2|#MAl_12Wb2>>vJXL@m1*N7{76$&A&`Cl|D}%4)~VZ9RS=c
z&X#V67B3y8`c|LIy)aS7Y7ZllgqZ2+3Sn@}`+90t+BI(IiixRcUFwghNFIQhSo9y+
zfV6o2^pc@AO;-nmLz4&wu1iefeR<K4nH6s_^SHlcHkAAhLu)w03y9zwwZ?kqo-pmb
zMJC`0?gS?hI;+c}767Nz&KD2|g%gO#7L7E61-IM-iVnn%9Q8Fr(m47(l(u%zyi`s*
zO$?MceX3DSafw)p?xF9+)L^PPDbT107aOrnT>IF<eySosh#ziWK?i|sCfhC`!NS~)
zc&1^9pb2iX_m2j~c!t10iUc?38LF-RR+LDbAF1n)-75<=W>G$W$r&UaFwuYXwGoRM
zkt*797rRGgIw5bNz~9*6nU*f%DND^Ycpabe=F(-d6A;jocK(Ez=Gckk&AM(dRY&fj
zHML&z3GkmFY-;6VKK54aNmwBH<5WNXQmO7H;Oh|)0~<9&<R^NI)+oSB(F8(aLeR;`
z-(J5&dw_EfyMTa#68laN4=|Ar<-thFf)5n4x}rz?`<uH9$f#!hK_iPI(BT+haw{h`
z@rYoD4#b6lFk2a;sEu6H?uav_Lbe3;dD@r0l_A*GA}|yPVyLqQais^FYaM~4q$jaY
z#;JzvWfy(kV%noK^$>Cb&}a<jOF%CYX@_BF=LZpg@gEd(r=$te;dus{J(W%PLnRH%
zK>I5C<}YI@v7xkh?bd~suV5Q!dCvkMx#*)Su*No0BAzB<iWQ}wTimE+REtMX1-)>c
zGW1`Xhogj8A~U+qJpOM`8orLB9STm<7`dFb++C=*FR~+p1H})*ai^nDlXQJS(~&K1
ze-@vBnngW@>kv|1;L%98+jUGOA~D9|WcxQ}#+18A2mW!3tReTJMp(8FRH{?!X&E$$
zv24o~1|(tkhIv2n(Z|g&^Lz<Z&!6b`4*8ydkxAz%A#@;f)>mB7dWGBgVF}5g0EJA=
z6|$NsPiggY2Q+WPC#L2+{u=9$Mi`if=5esUzPHg=`uvY@ZewG$$t7&5nPzbBV1c8*
zxmXA?3-$nFx|EA0&lAf=+5xyj$B&FjnD#+85Q2u7Wiir^)hEltp}z8ZItm3-RaC&B
zCAmlXGQAJR@%LwRl`?sd5yvmgM-RP9z9T^51%@ZNn2CDG``-_zPJ-PpauZ`iwj9Hc
z%krz9P?d*t?mfp9L?T($mdRK;M@y_8YV+toXRV55)ZSI^VRT8Y-JQnMB0vhBVZOES
zQlAFw1f1}YfcpIITx~{n0Hr3$(EtLli{I#eA@9#kuh0+k<|F`1cP67_e~V+P1@%eJ
zv9=JDDM`h4Q&6n>81$qO0He9;!91&0KdbEZ43rnqJLK2h<P)}1!YR59j$dWM`tO+R
z$2_D9q7Q&hFBCV#bBC36F2wyykk9T>qHS&xQ*I(9)~AXnj6C9E_BB~peskLFW{m8H
z816V2(APg`XhD;3+k=1vNKm(9G%!bH7ivMq9@45Cy6L%bd7mPNvp`S*OlB)>qg72X
z4a8pGcob4ufwK#}*xknz<W!aN78Ri*KT+?{X&O6xOl|7S<mG7g;FEH%wt?h(LMp9D
z5usg-4=o+v!A%WbWaGvozz2;TXUq4V>&Z9<$ZE<EEsUN2woCZrZ{7xw9X0fi4s--J
zA^={|68=9bLlNW<jghRNQoy2+tI|D>XhIxx0HUoWQoO0`d7;B%w6gB+ySt`n4K>Th
z2r2&z^)SNDt!qiRiV&}rxGhzQvUNx;H~@p((m$(rWt;uYJ9Z-2&9M`l+EA5~tZ!<q
zZdUxb*x=1pSX5Gou~{`bixHBu=?(pD$&h0cqZXZya+(LE!cR?%R|7BwxmQ!P@-<bB
z9@-{=YX%W;gqC>DIZcs1e4HwQSMQ9PuV{zbo3|CvARZE^-gpeA<?qU}m%cOwszXIH
z0#U?>B@$AoYS{?YKOjRC^G%-Qm)gfCJKQhg3IEBQQXmxuHo~)YE5#N6$0KcdrN9Cx
zCi{!FeJQA99-w!U(E%mgS0fXO35RfqNtL@ri=~MHNaGT>)L1uB{j%}-sHm>O0SsZl
zy=TdYm8@+{1oBuzUSn!(18t}1)9RzT5rbh&p^1vgZ<5IiPTTl&lq>ieNJN6z^%?@<
zsABxbuWYhD(B#V@3C@e!n^LzHSK*V1iD!pE)kw9LPQh=(G_zOB5asC>9NQ`p_hpVZ
zOo|#=%~t-0`+kML_wr)k#?i8t_)uyEM)rVWDkEbFWaWC5__ohHaYcmc(bc!EbUhe7
zkR_GB%u#>X1(7!-C=7GtoVN-K33Y*EA>EppB%*xacWFyOQ9W^qPw_MyhzUg6!Y3b-
zk)U?75APNWT#<5dj0FwgBvUP%)Pb9S1>Nwd!_#vk9sJl_3Ju|B@trsN@FJeLFEf~5
zl~5iVC(-rKeX*Pte(I2~zR}j_awm(pnga-Dc*5ogMRNzuIaq_ffpvvo<Y)cMyfg}|
z#+a4t%od<{#FtLOdC_AujP6cylzJNZ%TECTb^y2ng>6g|d=%k>H30AEdVvc&h&h1X
zI+U|~J&Zv16k)88N4NJM=LH{cOpt(ZLufD6^@1b{GPQzOAa?}rt>v@vj1te-+1jY+
zYtmVqvDNz(F0YOL%$0VM20F3Yz~(kp=pe-v@BTHOu@bWl15}>rH>_yPO#;_~Lvl`^
zV*b1L>3SEoI&1K{5%yDU$cp2QAh<>I*&0jZ{4y|Us69j|s$D~&MB*E%l&``sr>*qz
z)_+E1EZ3(NkWH3(N}cG2z<&m`1RXxS43t9lO9N7;{2Ww!o_eY==2efUAFuT7tW6ds
zQ3w@tH39<Z0hWv0u+k~W*&^o;{`N&~b*zuVpJoMU8H9KQ<?eXD8x##w?{NfVnS>c*
z2<rM<>ZGLPZYFB;9*AD1RB+3{G%BehqtTtlmK6S?3{e(jMRjqFXc%C*J^ku}v%;`I
z#6ZDxQcQk9Bw~!=M$TgQ7LOGiz+YH;Fasp$&@+>D&&R4Om5b|)+XDynPIoS*m1?&q
zl{W1prAIUf&~Sh4owzHptv=J7qrZDj@dz{N=BH2CpvNO&Ma`#>0rfH`+?_=>yew|K
zv4R_Cz1P?AO3WEC)ANF}2|$Pp#zc^&08h!`2f6@)?zpCS$Fo^P144}LytN7SNL(V9
z6cZ01fZ72-rG8?>3TaZmOSj;BFbChnCuH06!%8?sBoT^HGg8IU%?*G*33vjtG6Sk-
zW6n;G2omyQ%*up391E2gBVmP5Y|COjd6*|?BYHsBjC%Cg&E<hZg&GxWP7+}Ug2B)z
z7+)`7y4}Htmg@9NVMK?cC)O=17O?hWp&{#W5XQe3Vs&CC0gF|!&|4WVU(Vr0%+(Ri
z<$Ej`WHN_sBJ{sVupHmyP(dbQhW=924@Z=oLg9nn5Dc^9N5cfm<b`>5onXuMTVDaN
zu!anb7b>#g<+q>?LrQ^wvF?0Z_V)3M_Tk5UqH;rUXRHd)+pHEoPQTV3PO#a4VYg`U
z-MRT^6<axJeatMr@9h`>!+X?V%2>is42a>T;SNOq@;-I}ohZqp0LFC)IUul`fQEx7
zo=i(N04kLmq#8+t!SBbRN8o0d<s!SesKy!uMItHTunqnUdITvO&_O6G;XQQ0B&be(
zl?-?;Wa|IBnMJq#tdP&+=<~dcIi>eEHG?KA?JVNkmv&i(yACQv1Vp5a@AaC)n(MEd
zDSdR@QWY^esQ&>_5=%z#)!iD&pw}E>$sw5`=`)5^uTVR-<z|QgN{HcpK?75U&J-K#
zyt>aCe-Y$71n9$tIAC(mOa{2%G=Z$<f)h6VS?8*R^R7YC<9s=Rwe(3$@i99Zk*-_B
zz&EXicyViYBOBtKw@XTOXh>EZ1S$vXeZ1}~fMDeI{5f8Pn`u-JpBi(g%m5doG%$pf
zVw_{)w=7pq0bJ8clO74$*|c>#l&k`qbAQtoZS-H=q><v-J#j+ZNoJ>vL&r3ps&Ys)
zGU3kmj>2A<3tc06+KX+oYS(n`uc+y3i358P9~~daNsr_5JPJLniB}j!fhE)H+nGpr
z5>ZXy?PNh@n{nYfL(MV}t!Xa)8Q6a?B+++#Y<Gi^(L%wMVa0$v1_;V39HOwK-Lda>
z6)-(e0Y?_mq~C!s)s#EQaPyYo2CbPX+5~fhq*O<FtAMgIeKV{S(@Dr@u)LS1CjkE8
z1gdTE_s?;NohB(q4rFSAPtkh^=+o0Hbx9=9bwcWN(cWl-h!uRpIWKrqaj0s|OJSg@
z6;fT83KL0TwP7^q5zVRroMjx~;l<tz26~n(ZQ=>ocFe<0)@{4dI8SYX>j3>l*5{_B
z5m8o${>z~lMS+)q8`Gnzdj{uJ(rAG93Q-;+Z%RAFXedW%QJNXP$;d3zHqfZw>3zjU
zP?an*P)g$2Gd|@p>mjkS$mDiq(3Al*?c03AeC4e)urTg{eREoD^NgH#!TSI#&xDDo
zd7qD#cu)XIn%`RGTZB@gna8Q`#U-%)8O7ILvc&SN*&Hd?rF|Tg&Jvf;<2s#NCktv4
z<U7V>!_a@6UFV8Z%<n0DXDER%oBGmt0WP}3C37H<yu2#ta6cb}kl+k<$;!dNSRldH
zp3mHkJGNJqTo-Eke>#AjImH?)G8W}A-CJkWv4fw1=EQ`a*n{`I;wH+?Xtuj|dN5Gu
zWfyO;U*x;dnO2ZPcxD<#=OlNmQ#8|lR;`PQ<}^`nwJ|O4cBmRteI6RI<Upi2G8Ovf
ztzUF_;9pY6=pD}ijOBdQW(IpR&7)@jIjlje0$N|gq4{LtD739yunbU@LGW=U8O(Ah
zawZqugdc>A(gvfqPK@#>hPdj4-$C77xEF|1@iW0JHx^G^>;|*E5uiYdi&IQ?XkWF(
zvV8-A-3C8c_t+O;fFb@^I8L2vaw4<dho>#~Xn3btr14+IuB^t@@i_iE*F_J$z&p76
zsQZh0fEg|zu~*p;5XkO%;Nc=FDup;Zz$r-BCE1jqW@lL{bp5)Pr`&qC{@Ikc2J2Oo
zmg5<gP*d`1X9RVSxvUcdRT_e$xi%V?Ak6AO1N08ueE*Yt=6wZVHTlEE0U{tbt=aMN
z8uS*zO#jw%+KbUDga+cX;`Q9dSv-~)F$BMU$SOD3bn>#1*+2Z$ZU@AMx=#Z4Mk6lo
zG8jeISYxR3OH%_u@Q;P?CqJL_d!mMu?GZa_rZb2E<vPq~WpsAHcJ_T$+EZqO`$)vM
z6<xb_M{g}e>w$29a!%Hp+kk+M^AoQ+@m+QExqyn;X~H$of*rdd5QU!3<$wp*W>diS
zJCeQeU<b@`6e+$%Nf{FNXCi{SOKu0Ob2(L!#$1Kq)=ulhy5WgnWR%R?AOf7|a9+5^
zI^^r8>1ce&z;*2^YR>9nC2==Kwnie3RESx3w1HF!ssVvqq$a|9+iit1^WG8$%9i1Y
zXQ+dd%OKrE!xr;>7NCF-JD_@KZX|Ae;3d}9B%~GQsN+>48tzB-oc&MS*n+mt-Xhar
zz)=1jAPb%CEU*fqE*j|!(f}P$xO)%|e`*w>NkBpn2AMCy1pFTKbW-ITxi^I0Z#Dfb
zWhh*<CUi7tFM5YIS~0JDMu4koKLqBd*EEgOe#`2o?mp6P(Kxp>pI0&-I*#Dq7?~Hi
z`89sbxY>m?z+&T+v~HESR7RW_<pIHriJ&WcAI6dN`~izOAgh}?>%2Z-C)ethHwH^2
z2+=L@I<}4`!OKAnjZeUl@fa*GlmcNVko29~lLUsAeDLeup!v~Dy3}SHJW#jHT(und
z-q<RfLeojqK$?v+wmqa``#M$FgN87Y1j~Yb1jqmY06_>XLgi`}h58^m)q?=3{=;Be
z**#xio_zW&uXnd*m8yF*kkAkH^W;z15gzv#C(lzrjN?0-v@3LZ$O!M5j>`x9n{NoY
zt5*4U`88i9DmFL;rUb~F#WJ?*mWb$>WG+HgTLW0ipo9Wq1C7Y!jF3ox-BTqPJO58G
z*odY2`nNggE!NAK1LB0tLLx0+{nfTC8+`>DUMs%aBaqX!Gr~!l`|Yxrm1<$Y3ukZ*
z7?fz%?3xwb3BIC!4hNGAvuhq`6`f@uv^b0d=({W&5*~l*)zR#QFKZA(sU&%M{-vBc
zoQ<GH*&Zh+Xd+LykOaa8wXxaOdkj=gKg&LFLzig<QdR>aLVI%nm*maX;UAWut=P~-
z_lJbaJ7g}G#-Iq(5Gl<i-$KYSNF2~dr~%ZIfnewW00#*OQ6j-6PBXav`GoOgNfZeP
z1}}y};tyE;*$AEGQaHs0l+0{E051k*XY4@J!EA<dKs-La41Ye6W>OD$>Y4xpKnT0J
zs_ey~G|&n`$R;5^lMg`<cw$Q^M1%R%icPvzIAsf;3))9w1%r%&UzrYm{?y<GR`GAK
zq)6ZefqwgRHN3+!j<9kSEqJJ-3-!%Dz*UHd<czswJP19xc*%W8&W4i6bwl<A_s2GO
zZ@=YJ!mUWIe*Ouz?lC>luF*~6m4%>n>VygBUG|+Be^@WfMapZ^-q=Wg0llY7l0-?G
zSaf2##?BD>vmW{=F)q|%si``%g}z;Z&=*Lv=S47~CO<5-#%)jm@2)W(HQRVtaUF6*
z;3U}$QLswtxT_;J2A&4;HeJVh53l>iTWOa;TuFy-C}Pgv;1H~^1VvP9fkNf>(#9b^
z4B{A4gXhnkzyTu3H(zZKrBSPJi%wVo!Bt5M2wy<}0#>|TbzbQ7J5oQ;H9|l$EE~L!
zHAw+$&3{Y)rCoi~NKMBmJH?U(u&b3M;6XN9vtn2JL$UTw2fXdBTA%=B`-|cHBRuAM
z4zkpoAYp)^)dU&OW>2pe%SZFNmE}$&_an*+Fy_+c%OVTh@9*Q(wADI&67XusEmIO#
zB_gs1zaxQhP=TbyJ}SAYU>p^kK=jBIe#Z-pYa!Lc_4p2p9+XpQN0Z;ZQ?FK50|R<3
z1Z<|f6#Hzp)MZ{)BM_40({0>kCd#n4L9s@c&s%h_vQD>Rck^U(JU$SJb@rCewN5#i
zu4A0)N;;R?ssI6gp4U&JC$+9dOcb2qU@vOwlJqlfpZd`aH<(EYXF+T#b9pF-^`_3u
z&o}@B^6z3m=OiYr`u;ymrZmh&i<0HiQU+LmO&EA!13*wqY~?TW@G}C_j-pe-#K%PG
zr{^<hjt~E#Gy*0eB`LP_)qTt9hI&elV3Tw;&sg}r(?oXc2B+l%fUELE#`HJ*TX$h?
zF8pV(o^TOwEW?F&Goffvwv-8d8*YGu#Y6zch-$vqB3-Guwrr)zB#XP7lOb8B#~-ZM
zkcr$tq2)Ykek4N5bl%kGd~e;ry~EiZb!o?$A%)_Ic&`pJn`68djj8a1pAU!O!z6x;
z{=MAcBZ4R7_BxZz+D<|@BG|0(g5{F1S5tYSSW+hng)J9;75!iTcM%S_#_z9#LWR!4
z^jz=<A~F=9C<!Df=!6V~6i{!JAw903n0_SFt~*U?8`k~m*+k;}6W^llB13llo0j1)
zfuRZj<ZGfjRscF5t(L+4-c?N7>9`1)t_dmmjCVm&w<n)liC@Q#Ut$&Aa0K2uWXY-H
zp}ZH<`kmf<pcOtjQkWbk8gbuzQv%(Z;LmvJPM{31lRkuLVL&&ou7E)bnSPUX`!Wvz
zHUCjaWJ)MLgY<YUS|vYo2Y{NU=YIZ88^!DtHPrHgd{mp@-O&-AqFIh(ej+A4c1U46
z@{O@$Ify*twD}akvo?(ri{$n`+ml$q>BuJTjVIA^Q!rEV*S_kzErL5|$}VlDubjO^
z#eMt;sYUBdx(Lrq_L62f!1X(BX7^!lHQWaaM~9>p&=v>xA_GhKi0jImbByt1$5V|`
zi8CI1S~~IykXk$c)eP1^1J7wnC@+S>a?Zv)jj#gzxSl5ML2IitT`32k<gXDx%5R9}
z54r&APr0y=s6-OT2Kgrk;fbmSbJ;(wh=2q}KuN$g(Uv2xu4xY>)iceSV-@SMe9gX%
zJgJTOp5|q9Cuz>2+vXULU!LTqg->?r-O6TOyDQ8S?V>yq1G7UA>p7BxVXXI6?`b7*
zBYHGOU^4?!`Lz&8@5=l3p=FV082=-RW>yYI*C#<<I}*@tYNTi;1;180{e*wgyDLF$
zp&odJJQxoLT{qucPTV8etl2kAA}m&$1I+t;cT^~m9uhR8wHO1|g&fjty~=45el!Bh
zB}+ig`8-d9fLW97P;H;cN?Z0v_v((qh!S?)>Cj*iJ5|tY&cRpssL(!?E1NHo3qr#b
aU>wc464E2Azrp~~5~Kc_6azQt0000Q;}$6Z

diff --git a/php/public/img/jo-myoung-hee-fluid-dark.webp b/php/public/img/jo-myoung-hee-fluid-dark.webp
new file mode 100644
index 0000000000000000000000000000000000000000..314048f984f4b5f95cecfa162ad07ff26e1e3d52
GIT binary patch
literal 97010
zcmZ^Kb9AKH7H@2$V|VNhI<{@wwr!(hJL%ZAlkV8IZL419&di;;>%I41tyQ&7o$q}6
z?7e^33gRLnCmz5+s=@+tDspUu8=s$%l;N^~selmepm-QDqlAcw3V(=m!HI!_H8lHh
zH-FvXa2SM~-~0gd`97Q%MSDX6cz1bko#dNGUf(A_)<%;6OM)&>-M5dEiYwi(uhQ2N
zmyZqAub2Fn?=O{;mNVUVzJPZH-uL@<KuQVR?HH#c!A`enx9|IaUY9O!x6dzt?R)9V
z?N)cXSNT)y_2zbWo6pkQJfQOOdmf<sw&dD(x_chr2oMFtzQqCn09`x4u}9Ur`N!?s
z=H=!T!4=>@cfY#@kOYW)-~Id^Fh+33y9)4ojD79>$XKGkpFGpO>+b(}^zD5~0GI-D
z-pSi^uXN9SF92BpMgZUl@|FI{_6@(&XCS9d7x3QO{nNJuuzGe6zyVah@;-mAc<G(v
zs{}9vOumP{(gOejzLVXZzFY4t0KmuN5hy^lk@pJm6##hm<K6WIJlI~*1AI??hrE=Z
zeJ^=0eLKCV7k1Zpqt+Q$LT_Tb@q-^;KM3A=!9V<b+fTrs$!`G<yy-rw+8wh6C$JZn
z3xEUPsQb590v6sM_dvG<0QvyaI!_>91_0$N`&lHQ`Nj5uCyS>FaQxA~#rX_)^nJ^2
zBlzg-^EvQ6ew2Ps1)M;@A$O=Qw*JC0(7w~!gG*x@0lp}HVa+e!_wy|Mh%PC6*26#X
zEwG^KQiE*EIa-ORPX51sU}qbeX$<tJ_>Lp5eAB}{2N0Q4_Nqa2=ACXt*QEhnm%XzV
zRviU;^x`>4_K^IxxfM!tmu%eKi=e&;6Jq%1r(>F4L}DZPfy-p&yOh4R@c-XJqT-4F
zEcn0w*q_wjh3Njxw#jmB53WAm0y^gec(E0RpHK_*Nw`%oL!2w(0X0s9B-*F_=<|WU
z*{AM@d130Ik#6|V_$QF#I+I)09d7+*!hmB(!FHgKEI2f#_<uYzfbQ?ZsaPcW=Uh5;
z-tWbp3xHYWr`Uq1+91_}(gQx%Tc|A~ajUL&{2^5FrJWXC+lPoOH~p-Y>}NZj4~#O_
z=TVusRY+>bg(AfZ#kCX8p4&_72!mXPW|}sVpRNI&h1!hZMxb2Las2Q3f5-mwJtQ!T
z{`Y;nZ1MW^B8Uht(@<Gw@b_?Udih1SZ0;?qU)Icti+(%{SR~Sp&{si$3GaewdO-cT
zzpXB`ss=^v6rQ(s*?6Pap!lrS(#=DS5u8q-3NSh;I?j#s6Y3@fEGc506RI9ehnDC=
z&dAaapQjene}@MRaqj<yN!1$j2Zh|NVe8jW-u1E8_~PKC(HNI#Bej?C)IlM+_zCwC
z$`oIK^KsQ^j!zQQ2C3xQ9#RPV6MZm0OExF+&vsh0OnL#4H~Hw1@|-tYDf`e{3f*jb
zrzP?zbAe_heezMDJ072&y=e!=3d(;6Xe3k#WLs{UpXgsf{IkrOn0<g6c6{>AT2MRv
zryVM_XnMZPx8UD2Ao%apbqzG(yfT6EYW~(c_Y}o{91Dvo&AX#xcj%@8XoltmYP9-6
zZs)S2$jM9i!qdg^%P?MnG8PYevehiN4CjXHL}SorJoq-{V)JI(|0^~%9tydRTB5Z7
z41Q4Gb`|WZcAC%YL`0CgX0{`{8*9bM8~>a9c;iR>1UDgxTMeaK2DL(9CC&GpRmh(?
zQhUOczI5ahLEf_D4K?hY0h5l0SmRnUl#;EP-1rjbrR06kj4RMf1a-$vu8oURIdy97
zoJz`G1r4>0fvVGDYZiY;OpV&@>OU7VXY7Md1<c^Y8iqDcPySwm>piJm3M~3gFz!b+
z{x;sZ3E3D|XVa)K6>da%Q?UXM(&wh4$7#Ml5#`a$YqWo#em%Q?^7qKuk`*nvQ{@mH
ztBOb%7fcA9W;qM+If8P^v7l6WJB4^Dmr2H^YEL^%!;s1%m>h)ue_UvAP09c!phsz$
zo!tPgGZJ^V@S9C>sE_9<*z)G#+E$<nr_?d*$TiK^)1Q=FDZCKkd4YLRyv^rH!7s!v
zWcVk!?qI>23ikM^zctwD8@DJ<$`Rag3{EY?tID8Q?>ae<CYJYG4i7J*92%mxidhsV
z+DZL9S8WkXLKy!yF@5F{MToa#0j^zQMn_y3;c-J8B{j${cjM^D%F>h4NjN1Jj=j8W
zamT`XDz&DdEMJ-%uw~xEP4$8<T;6gR1fE$S^xkl<&D@eAWh8q%LKdRLSbv>80-b&w
zWg@@EiNrVM(=Y?5wgzb?f7dI}va>(#>^7%SCC1O%|J{iakQejA9LvfTX3qA$la^|g
zjvdXAtGB16v3Jga>DN)wYJ{Z9InjKNI29`wJ`=eyoUvCD=+<l7frBU)s2Z%3RG$}f
zjIhz|VeGA!cD;7yH+3*+8;s@Ij{Z^BJ?P%M9eQU%(`bEJXoZ(ox}D>)Y-tEY8u&rt
zLoB}kN!&z=R5@lnBnB(|5!GcNl02nqf~!y#4X4q{busbw!CfV|1e_O&jks3)1E&r1
zF|C<bMd`72G_-vwBXl9+0k^OVyg#Xv)8BPt$`;oSOicQ@{AmIh8X<~x>+tz!kwVWj
zi}^yFl(SBlmi?uS>eL`xBsOO5$>E8%r49c{s@2Kgt9zm-Kgz1rRh&RBD9mWHf-Wc1
z?_~u~@dB=|p1$tbA-dnd6WuM~hAFNf?|8W`B1qA!=nO*#k&v-!M(@<g^%+G#+#)Vl
zqHC&W(3&i~avA!$&z7W#Og+#Ks~Hyr>%IKMzM`py?Qj-eo>wC<n$+5k|GX`|!euqG
z;iQQFu7_oAIg^|iuA|ruUa2`v^cOb>M-4j`C&H^v*fL3U$nZOv6@@ARw*pJSqM%oG
z^j}iHw%sasA+)OK*&$x>y_f`#g6GUK5o_onUCLnxjBI^_Co!s3_~o?5!WBm&36C&6
z3S0IjK=T4r`~ETKnV9YPZgH}jUGbUWuYR1YD2+kF-TzZkZ8|hwa&3|#MkN4#B!;>C
z<;);_m(N*usEF`^zYCbr?752h%Gbd62y1mLgHWsE^W9Zqon2MEv`xtnS#c8MpfsTb
zAGmpji)lvh(B!VJ5ymi6sL5x_u8_)G%KVT7X$zT4hkSYXC@3&$wN$n`1rgtFdU#OK
zf$o@|pN_x%(;Xa_GCK1vTK-uMe3+^0{@5g1>r9=%$&~Tl08{A>CVnBy$YIhfn408B
z^S!wyiTGC$KY^AUFXiNg6JI~u2Xtp77oVwau^?f6@DJqaN)zYbNc1=$;K;{V0=lE0
zZ>HCf$Yy}HstS!*350is-AgA3g7AOqO?A@x$ie7r_Z%Qdb0%TJw_fSPJ=9=-tgJW$
zmv(a%^4?{|l$aeW4dJK%%Z8@a77@#b9860jk6tSA%lI&yU@Lgy)1ERwb_$1gixv;7
z2NuI0wVD2YUJYjSR>%7`Rztj(svDGt)F_N~;<F_>o-iL~`+Y#M;G(zmca8_TBmO*<
z%I$Ib=ss(TI=Xr8Oxbz4cvjkx=h)HoF4SAIIM<B*eQ|&!!)lK{Le`7wsZx#b<WYp2
z@A#u2XwseN?<{72jbvB2+2&Bv#g~mn@6r*z1^b;klBo2n!!4iDtCt_;^wg=5sHIk;
zp#zm+VqKa1AsIrzYa(=+{Ngxr=Vt$@e*bCHl0GWcRsCijY`HNQ&IMg5Us3l4XF0m$
zm(Rw#KK%V)JgEmO4j}XRO^`7UFA!2TDW%Cr6$A2Das!6DFql;&3U#D4Xf6SjfQX_8
zKNlwxQa38nW2HA`2vv0<9a84OEy2w@Nzwdb@7qGDFnuvkdc`urW;l8?_}w5_il%d6
zRiA~*?BXX6T>@0n?c;xvi@;}3mA*kBc^I_okC6*poPP*XVapPw0;a>8d`vg0H?%Zq
zuB^V+8F=T0ZnBz2w%_BCCl)UzcH~a3jZqEwP#Mo)LgA<F>XM0r>lL(Q+~Ko%Dmy82
zg_pUwg%CAR>iQNr_&`l3>Y^`0!Ke$HKM@h_N`=E*fH}^_mvRz(I{lem+5_-UYz%`k
zQU2<3!*2|KNKOGgVoi&FcCPfs?3|GqXjA5s4_5c5U!1ayHEb;MTYG)G&-I5#!S@zJ
zkmv-<<U91>f9?W*jpFj}@DT3$m9(S&^6gE=wtwA+MDJmsxV!`Lf*`l*C{GTLj!({F
zlV>5(2SU^E2H@7rQ@Z{pLp7jtWL}IPNqp$693tp^po7Umt@yEvUPj;%8F;AKLPJTG
zj{JFS@7B*Z;e2ee2A{X=uYOvN)0vO^i1Uzlxqc3iB1LkWi(ET&Ury^j(;F?0yI!Pt
zr)wz(hM4fX*DFj;euLPq$oHMW3h)tQaTFsHF}oE{bz<3~IQzD#YpGN5kbfRhXKQ`=
z0<9o4p-=3@m+h+Vr3IBO1HFE1T~tna;)fu>BUG@~VW@K$aWC^Nx%;~lZp$dd)A1ES
zV;alR`>`@1nv!6n;&JNsdNd2)S0Dr6i!tE8+kgJGU2?ZP)OQ@WDqmE{G_f=AjNzmD
zY>k{+9^sYmCiv^yfn{%AJRAolzQ8dcVRl1L2fN1j37*Qm=P+MgXRmeJb+PX$29)kr
zh_ro2eVmh~rJ2jKaRZ9jjD*z&-2rZBr1j2jQYbm#y(yL%#)SS`-;cNZY3V)NsdDm5
zH>)8(i()F)ueZ)2niET19%Ey%NHU7v9IYmVNwCbT_P1>WtP}4&pP{nn>>J-dv;E_Q
zpXesN;@kV)^NRZ<P5qMWehwzsV4qbtRo0`V0iL?$a0r)nxQFbwJ?Cv~64)3l6k<ei
zw7#G&NMfikfxYr95dsy*AhCS%k1zR8tobq%uYOfbLt<SN^TX+9wP?^|z1-Kd#wt`<
z>q)ZHN;g#ridYZ_FSdo%znW!Yvl4s~EtG33Ft5JCiG5Gyr``3<XFMw__4xJTY|t@f
zf`sVIcI@TF{hiI@Pn7nvaB$Y`IuTUdX7E`+Y^iyt%<>N$*1f9bc#icHT)gLVuYA>}
z;LO=hm9?oreLrFYob}T<Cdm{sGu9?r(om!iVF5d|$3^Ms2V#r;hg@R4iE;5*(}i}T
zh;G&*Vi>qZnd`#C<Y}$r_m49waazkYB)k@M4@IhgIKJ`jVQKGur6GT*0V#QhX)Ha+
zQ;L)XrL?8$T;n7;-Gxu=_?%$5BQF@M{TC`kRiCccpy?@7zSYc>WQAc;f&kQ;mOl0Y
z9vU@8k{NSH93CkHE6S?wY^xMR%*N4#y|{zmwkC!)e%*Xvj7bVa<l7+`ED=19@~SQ|
zDcPLeX44o)s+Aqh5E0I=+Z<KS`&Cyh=&w?huCLrZQEnhTenm=+1^;mg%AB|X$yT5f
ze9P*2S5HTg)lJ<Ien+?HqL_6uXzH#u>C(6~(;m0O7!+*s<sji-z^~+s--8M(33gFs
zDom3yuX&J<<9iZ)&|63IDDx=S{92?_Jyq7Ti|T<%nj!2L$ydPXWiO(}6>LxjVOwOn
zLTBj2uVuCG%L^RWN|#W>y<pQ9E+Z?ELCiS;pL-;PX~U<qq$+(Xqt4ueKF*?g*Ex#{
zeptYmeg?)6AbbkrY|<Jnm2%sjcRw*B4h>rBC;tqIy;4_!e`B6Tuasz$S?DNxy3u&w
zHxff30FX#f?0u&-jiJDGtow|6>H4xVc%9**2Scq7Q+d0M`wLF@Q&-&7tGq*(c+ccX
z9qY#!NJv%P&h3jwXurR)-h!L+PU@Lc=!GSMbM0G4?O2rIxVOC!uW-AF=yFJ~t-YTM
zt3*L@uVrYLH#$>>=3;-GapU|Q%>AgIZHB`>uv*y=&|mTSADH;!KXY;1<BcP)PgN7g
z!LRZ?#W;8sM73<4QqX@R)@heNDNW|mRMHH1eOsbrX>WI5VeKkc$T;mM#x47BbqO(s
zfw0A)Zb=qeb~Mk0+2aEYMPPf~<4?aQKPrxa>^#ZoVPiSRU%qXJ{uCP|$=Ng~q`?O$
zUlGPnE=<I*{jvC7nJjawi*kV+p2x`y^#rXs<AM7;Dg19@7GK!x8-C=GQRv$Fkrrrj
z|IJl=LV|e10e#-!w(uF_er~x?OZucO%;r%$g8pj(qIHkPf^pr>BUtpCm}MZ&AoBE(
zVJN0I7A`L2ac8u;;B~s(z+J{hCn?0xF(D?5k)%|OLKp&oEA}EWe`RUKRd4u3wNafv
zADhN?uI!slHOD24ZgGC3@OiQMPIdjA!OyeXas_&um3&#CquLg+2@^cmBSC?cb~vZJ
zjP;ntPWH%!0H*IvQQ#LMd2&`$NC+-JXWi|@G7~`&YK}1>pB{=2#~)(($GmBWp0#ay
zG}V!;9(1F&P)PrvVg6!GL?^)kpT&+FR8PL{%?J?K=xDbsXUuDG#T|^Fw|roFWyC3Y
zXu;;DT?qk^uS;xH#VgG2d5#Xdlh-$=*68r#xn4Sd2SGgmZ^<=@p&cip%r$mWAf>Gi
z`PW>0*qs0BY>mOL6w;4w{Zy_MX(72otV%}Run^8hgKt1G*#=N=z4Cn_RU}DcGIK0?
zv^0zfe8n>^Bsk|*Nww|)TfiuzoobaeUxLFF^MJD>f4L&ZKJTYcA_wFm|3gaIm%H!q
zb~%AmTP%R_x-mommq2`<a&*d?85eC`tIF7M<3c*>7mU0?)bmM)GVV-_c6*t1?m%0}
zZjCLmDY<mE?8inA^?Ms~E;8&$@Fy$A5V00BYz}U{1cQ2jA)B5$+pET#>D4k0b6k6<
zxR!`xG&R5o9JvjMvN-i|Lud97$U4=%fz{Jh#eMBDj+CJKLH5DRAlaKoLxSl#VQni$
zXe{B*nvDF`DePnZqRr4Lemf-;J+$AJC&w>g@oyfj?hTxaRPiCdj|y{>28PXmF`stH
zAUr#jcVbY(%=H_pwCtb^Tj{3b7O5nD?-i4qkKixQwbzUm8tWCXMHa&($cSiw3t?B=
zZ(~X-KN2NedwU}|MJNv1WF94_CR572M({fcA@7Uu;Wr47Rhu$hlyB7_rB~VzS11@9
ziK)moBVY)%HZ(<hs4?nL!Vhh-KayZ`H}Q{k(n>Ib>|5!$j^m3JV%|qCj4*zx7Lgq*
zllVu0jeJE7lipXm(oFpa3Vh}ybetYf*fJSteRL4Nu&ALgj;bJ0O7Vl&MW!dcWEEw>
zqjfXR?ODspGW!+@i*{9S1V|YnJ>tT@2C-#i)M$Kp1N!ChbcE}iega*EciG6NU$N#R
ziuvp}mLV+2_J1=Vs^^iWv{oTtPjS~b852_h`T{HU^Gbt=BST>TZ?t-LT<D-ddU)+D
zyZj6rh1LxfB{V@t$V6owZ6r$_iBfc@8J&+3ET*2^o?qSJzr5rh7s7zs_e;PwYZ5*A
zZF))Bi$!Kz(t{5syJ>pXCelfzXx3V>t8s>FIn9v2erAaY2>cB31W*22%u>a8Zxj@L
zDs?L_p6S*$-?&{@o<)EtrbN8pZ+k<Io7Yls&Dp}}{2?1~?AYR;rf0=_{bcbiO6Yyn
z*TAb=Xc{0UNv#HoJ~_a^GHzda6on&#=hANjI0DLOs?lP8z~qbupq_9@wWJuU2G@7;
z)jxS9{nJW2^B#E27=uL1US<M}CAZye5>{j=Wo$s%@Q$G%r}L0ed8pePU1s@eHV8``
zzSlH%B1bOkfK@2R^}Qpy#bL`3@-wCTI43{L50)HL1f03C3g6R{lRAHCQO-Ax!%--c
z0euyL^7KMr@UMkK_n^wX7@?jm-Kx_s3w7hp^yDg)q21<>uqSy81OM8x5yUm&0I?R?
zM;6hX-2}zzDa*af_&?<Fa$xxcZ#{`EO5(Ut2jHQ;h+Ne<-8j2HsP0Ke171LdyuEH(
zF=ACK$AgF|22PZr{+qX?c$8@2oJq@fEewU*94;*19)cJ;8o%C~j_sT|#d82*KATk(
zo;}LzmK0L5DCw}tR~f2DWtmGrJ5>mW->KS-2@EeR$*ttGjUVVcrm{1n@iO>%h)1&P
zE=!V~Xeh1zEgLX=b*n)UL)#MJ@~Lj5U|;&sf4OTs8i^Q=^jXGjnaH|%Z-7bp>${M2
zk57546rPRuN{{G~sH?FCyUo!djy(TizZ$SwVSD&*y>XE%WE*P2keEYs^z^p9Mk%L$
zrGp;B5@~8nC(O8R*UNs3CBLvGHP#4l+2LteI#gJ*2DsxoL^73;O)I!@@fML{VXRy*
z$Zo*eSkHWc2D{g0vfX^P6QRG-YX)p9=r6dhR3Ob_lelaXQ$=Zg!~f#yk6EJ+fGeo;
zJP<uo<8NQzCX%AOK6mVQSdH(V@{7suP5C^>rGPk5)>L>`Bn&SY$3Z!&tsT0+yp(Sw
zxmZV}r%0!S2FxiS*`8_&oh4Z(q;OuZv)~Km04k4G08lGEkR?_;62eKy8K*zmvK^|p
zUvWF80zOdAXy9=`xXCuTRK^b^SHB(sZGQ!(6SH7YhY1$oz00F7NQRKyzNqmcZV`t5
z&x?B(Bp82{AntjPbC3P%v*i;j#|g-JpgDSJ7HFOEnOBoTq{us4e@KF|^LnZB_@31P
z{v69S%e@o0VmL!S3jAf><2T50*?U>A{Y{XC#KLe6vTX%Ai`gGmIYjS6Kl8&xItZAn
z9XfAI+^!J)qfh7DyR=ABAeU9PBt+lCBeyBqDD_Np`G8!-Tq;;6e#rszT4;x3AoY93
zy9HT!5{BBVJH)|G(`i-)Mk-a@WOoI#{G)_$9)8_Qii@yhQXw0hBr8!hyB2Z>q<1K&
zblkc6<m4~Z<>XJrPD?{j1zN1$L-9R}lh(nVUKamo%1*W?xx$aGs2SmU=_`R&QfTw4
z>%sc1X$ofN%-wTxePEcW=&TGWcfB4r#plQcqYCMZ#|jB09J8@2=8OUwl(aPi1-7Zz
z?ysG@gqc^#jio4AWd!1m*!h6$FyaiaU?<TWGk=>ViM+}7uR1@7S|RFs+&h0F!@IHh
zVB;2+Q6eCA*nw~_S4g4N1?sPSf6qteXs`HDl<TOm^G(4J=ww^fb>Sk~7Y1TqkJiwF
z2lZO9-_C#JLit@m(nP~gJ+g6ckMVR-vIlYE6(xLzGh!ZCf+&C|g@#g|$bDw_DyQMg
zAbgRAPd+ueEX)9mFLT`*QeBdyLsWhF_IUq;!isW$F+FoVE6Cq?_Os`b^gdccxpBg8
z*Qi0U3*TPf@8ANdAruL0)$MwzF8wGQXH@YskWmUdLQ_mT>mwoF`J`tJscJu>lrG0n
zZ^qPu-f3N+n{TtAd~fp$JYH>(;^|sN&p8i=ex=_72o!#>XvtkA=HmgcpjUkV8r}CR
z)Q3gb5whAXB94lA4>@Jv+-$l|Zz|!yk-JuX3X#u(?b#H{9HR6;NUG;Q#Hfz6O=I1g
zSi-5U$An9Ma!Jb;(bKq|Yk?OOYfj-U%@ckf2tA#@bp%)Oiu{+Q=UC@mNgYoJVK1ug
zwJ5DG>3LQ2Xo~YHNlXLI@t$CrFP4?SZ+czP+o2F>#2Rvv+wVW=fatWaB)WyKo=YpD
ziAw-sLvZC8E-<X_nIcE|%Se`JAV0vmq|J8C>Jl7}>@uZP34xq54Zs}x%5NGGK8wI#
zBAenn-l=%Yf^|3|=<lr1_OD6&Ya>zBY178la&4owRH|e(cx%espv0r5OyI5Qbuj{y
zL}<K6(Fe7)oV1@AITwIfd0ZT&T{C#}^~{6nC1{MOKcZDSz5Z=$9V}P+O~N--d9asj
zVmDqel*xca)^%A9%xPisS8XPl9i$70xB#EP0*`8M6H#ckuFE3OW%}=!M}~G;i4tpI
z)2rL4zf_`LA*pNd$f@LDlnU_(WaP{|7st}4sxKFh*_tKX7>-@At($<Uqu!Dro=pER
z=Br_kI2vnurHiw2kUv=v<Awz(=}ZC70d&-%$k-B`9G8AEOKs|#4Z5iJ>?OR9+wgqH
z)EWrI4ZrrJOm~TCLaNH}0cW}p^%@FZv2R)tD!0Yc-FE#@7C0SoZBE{*!vbs3qsF4r
z>OdmzKM-a9VK)`NQipit9IaVwd@VzMwh}C>A!w($r7AygQueKgbyjSzdu5|ixrAWy
zpg6XfIdt@a!T%J2J_~~~uLV`k1OhUSz4J%;S=o@|T~XAg96rX&>7?TC2Td^e^bFvz
zjDTI122DZtiiS!oh@{~K|KEdgfo`p)W^5_rcGw;nd_!cDsP^MtZy386jHuzrSXTfr
z$gkrW{c_?F+ca3l%97I?&1~iWh_V%ELKAmon51e~#sa2jLZ%eQ6A|O0?J#<~-KNRW
zOU<m`jkAsAM4*t`>wd39Xs9h^B`IC@AlE@O$+Cmeh%LbFIkoa#AJ1Xk>RJRruR_KZ
zP|ol96Az0oomVt=8rLkcHDP+yXJ4;JS{Hop40JFYc-mn7zEp^s3W?KlD#b9H8?(ZE
zy~I6}8^wkDPs*g~%J3i;PZYnKi)=Y_9d*h!pTFhlP=)nj)=%(f<gsiBf73b{tUZ#H
zqR-ShS$LdzVD4$5b3X)Dx;WR%9*kCgmq?8PzBm|5k`E4Z@G?%s`<+`NSki^LX2tr8
z!enzc2@_s1N_u}>MkIFtdLuKJ0d|C;f>J9^j#6(VTDkS>_|fP?)pw^b$R>`<ldR&-
z^#McBpof3z&@5Z>#IppJr3o^!&DWd7?BA0dH1*1fWgJ)ijVn2|-pXN^XvoW>5I0A`
z1{}ZyM}smKqtYn%hw~7{cvn%gDk;S;aa8<)^!KRlx61H|Aq_tlg|B!5flyrwP|kC|
zBegMR?ua8j?R_DFqPo<3y4}HAyl<qO?$3*~L2X-1mgO+-X6xndr?O!NOh^pQ^r)!)
zOGCG=Tc`lyMqMe{{{Zgq)SlNF=LN2aQhP1R2ythTBI|D(vwj}5mh`~pPf~RIEUw_3
zpIYNyX-Nk41&xdc9Sn_z(Ne$n3tVL#!jBXm{dx(-4_+`TYxfvIf9`Q0*wiaDuheY0
zY<S6V4+5-fPD0mXl9^pnoVt%`Iu@N$b0+MQRt<JwJqRhmLfxlPJ@(^hW0^4=<WCj&
zKW~^sFIrAe6^RbOR7BrAs_KxR><Rs%!nEn`ZrftoRVEz;(iC6((tGqHMe#_Fpuv4e
z=Hg=XyBae7#Eea#{>g7CdX)@Oj$mSx=-hO{BcDIk)CU(=m|bAE-ZKg)X>e$Lz%<9W
z`0{*e8u|<60kzEoJ7jx9wzw^FJ8KdX*X^63w%XoLy|eKbyBjFpN^r0~ib>}Y6u@}z
z<jMh)#r&c2&jyRh|7J%Vm1=%)^!58fG_RwIIomjw(vw*#pNQgfhBH?A{2ln|L+^z)
zuft1^x#r{KjzrOL7-hxwonJCDPXw!{@|noj7B{Efbgz*I*2e+zu!{2uh<SRwhY~)P
z(Zk7M5D30KIX6S*<)OCriG&V)=P_pX1sJs^G`Pc!?Fq&*O#Vz<)<dq@{0WCM@_{~P
zv9vE&n0}*r*YGl_y7$c$w3=cOBPFrS^FJ)7z}Vz{UO?W=Bjt6|0|nhbskFar7%g_*
zIR4NCmzfx@!g*Zh<jEa?8Xom?!MC&8PCjDo$V785&%?P&$mWp6d8oI;<YLzm?Xy@T
zy}j)QqY|T@iJ=Q(5Yf982Lu#s`E7($x~4S7@Bq$b_?2DG7#<<uCfe>y%;aS|))U`W
zGrld4ryOc(ljxg7xnHUxeh0gSSBfsx`|c>q1Qto)x->|3P&Ko2+CMbDDydeGz3Y)1
zJH0o#*-BhS4SDaP=J8Guz2M?MnjHb*!u_tq3S^`qE*i0u_#6E8IvXaz-%>F*QFcdd
z1)QsGLMKjF+>2-e)3-{_zz^!;rBQKN>TQLSg>~zp?mMAcE4J_DK3vI#69x8q8PT&k
znwoU$mLg$eQg^d%(x^z1T1oS;t%4i;r?a5tZ}70s&c9FSn5;()nWyMH4Y*EXx!7MV
zyV_JA-~|6v+Ix2Wd4CE{^`ZX|WU26;wuDqENXPEy+R2g~b#sC;X?xQ#;WB7}Ea;?(
z8KU*5`>!pgTp*b>zXEkNY;GH@7L*8@0VT0?g+)%t%Dja#+5)Ps5P|b)O98)>JfFFm
zc>98ANalTBcK^2Plp~L|)UI6Wz9y{9G&Z1=i#muId$gg#W2JM^jeAJ*a9^=&-&+pR
z+3K=gCly^g`D7U`;9OS^wgG-ls~4C8okUj@;O=7yVxH~wYK)8^?l;@Uidh}&bs4tP
z4~$CpnlM7Q%$P>l9e0l9p{@#<FjPZU6<mtfR>%5+`Cl(f2~g<3)x+gRMaLzErNsmX
zQVQP{zADZsbsku`Z@3>3%r@y_tXp7hCGOTKg!Qub7Ap0lv6>Uj&<av&>2~L9-RYi;
z{p!GD>p&VG`iK23365lR*=JT<(J616s&%_xZy43JGG@0PFi|KWyMKpMgo`4dHO$2Z
z`!N%m%_X@I3FiTF*i2-K5ZIm#LP#Pc&)xA3e{FB%%80<zSlA=p{A3A&9ygeG|MHir
z_^c;KVZCl%D$%FZg<ARRyli9<F+bhl;6*X=kod-0G?!2rI2GLNT;}9Z^_l%=sCbq0
z9DsL|R+nbM0Mb~A&^1+XvkM3c{8+^jDsX}BPXp8B=!7-A#H@W+z;jD!sQ$@Qt}iX7
zzS%WTk7)Qp0XO*49>xfY`EXB758nmttazTM;q41XHlMZraJp$bkl73*sN3T4fyk~L
zRdmIl{wBqD+8Uxli_vYTBHuxMm!^tYA#UwiO}Bw9<<NY2sP=46;~dznwzlGJ8<pA>
z!64WIgRur$Yeh_ik+MLW^h6`(yA&W99DfUIK3lb_Wl@gynl?uvIo3q&1LmQ~?NrZa
zv4z=TNU2nfkL;6#nEQt8)&${-$LP`=RqI(~323~~7(!v@y0EY}MpKVtHk$oxLk#e8
z`gsrC4Qwbw;4!d+c}ah-8Vb2pjKBRL%=DCktuv&wG+;py6<QvP^}j1bIvn=CG}w4w
za#(JF6oi3_8dJ@<`@}HRO^sOJw(2NXP;M1@^onJz&z#J1TM;J<ozSQGeMv>>JnBs*
z-4q_5bm~T}QgnMDv`Ux+gA)-AWi-Hl|D{APGT7#LMbeAzy;xlFR?jn$z+XI5<$rr)
z(u?^^?R)O}>P??|QvG<fyc)7@fW}9sCxO`aH3dF5_hjvwzb$2{U<MIiUgk!61Y*nf
zK!hgWZ{u9bsD&(t&#5e;uXtWg2@KBK7<YFMYkUzITsv-Cl1oQiU6i@L*cZmd%=<|k
zEBpdMktoiaRP6UCa>DRLi1i8DMzZDlhJ7`-JB`|Ds~e%sl{G5=Q@-w-9zgyiQah+!
zzt1VA7loe}c=V7X!$Rvdk~aLhn@WHh3ql{3VGV!sJIj+lBjR|O^JqPBE2ZO`U8_T<
zH+&^6WW1OblO!~+Pjnl|o|7an0T*$O{>rD{Loa*40!#CWRCN}^bw>THQ??5u-#G};
z3e1<jIKxTk;>~H29zI*QKUl&<S}<dz@|kyDIh4l_BIaVG%++NJam|zSxQ4^<8lv1i
zTX6LObU0exK6vd#LIpWm?*NZVg$AkEXm3<e+7F1`ZzBt()d;4Qm9{PA>$*E7LoT~A
z4AVk04D%NXTdVgiH>si{K_$D?iU!;``6_KXpjop-`{ZU;R&l;caA-Well|+7J$+n?
zCCn@}-3MYrrH)+gKO7N_7aebaK+nspxFq^ylFg45GEcX-k7tYXdTE)LjVAZfr%#^9
z)rCy}N6A>2uA@ntOb&M_83MGfbSI0h11<ctrq?*l5Q%rFcmO!33B_2aVEigRi^gCh
zyinrQmf-2a&xWIAOfohpW3k8Vx!4XTRud8eYE7Ix_EAz~TTD4kH=s&2#vY*5Ai;_d
z)kP`=^_<yCNRGRW%%_@aPhm_#C@N@VMhxYZZLN$0*%qEvu>EOpVTD)!$D#NW6Stig
zd_We_upwK^(`bELHkyWj>7wSBk<6w0gZ3BkE?Y$AHMEPTPsrl`U|^kIbyimF25nJ=
zuHwsYy~YlW*!0Ae$l*mF;TJp|jpP=pX?qgE3|(}Z5j0FzfEoK$si04%?ppE@-Sn{l
z!RHl9dqMM}z9Ma2xFS@*kC+_Z<3aZDrpzl!LXwjaDz&X}>$cGI1(JIo_!^1iPbZ~v
zr;f8mXUQ?0Q&A@J2yRNwj$<sEC5WJ$_R%JZsGFV8vnuH`P2&P^YNSlD&k57#Es@FH
zG*)b{r#+>x@%Y7HE6qPfiL4b!TsMr!gx^mphQkWf#Q`J#Tc3=(x<xfMvPMCi)2F#=
zOa)Q6b;|eG69MDV;Pyw)!OL{d7wjESq&9^b%WqqL-?bdgld8z=^rGSSCmg0;Xk5HU
zo5&88Tv##&I`*S|l1lf3JiegC|0Pi~ZOGwg_STk{V-CvE?W@pdPizDmatP~E_l)XR
z4hV|1wUv|f_PsZL{iyQ3=6n~@9zJdT=oW0Jtzq;)CAuo2f0lj>V~$Nf>ghW4rjYp%
zLpPIA=%(|n%Zu!RU{AfgNpiRwNHsq<MC?u_&WWpXNUWrLorF@_VF&}e@{;yB>+Tgv
zmjz|ohad6;NwD#UvSeYz$raT9^6CbI2=bh4AY1khF_fi*!qKt&r_dMDD!d0^()&s!
zQR-Dg7>sSl$8K%_y8j+i5H!!e3rc#LM$4i3LJ>8+R2FCssQF|BUbpXDx_+DQunE-^
zO3{N|Ch#j6mKN@Jj0hBn-aF~(Jd@6cKsEi0aLRky$Y;uzj&pgg^n^DKJSDUD)3G!M
zhrh%+YF%v%g*4`*n<Joq7g4hN1(ke*Xp=6;ZOGUbWfzwWPycI+GYe^lo4((7BE|@&
zc{2a^+G@cC8SlmgO-V(Rq9eT}C-&fx{-^!pPs?sN4~)^|C%2{&%;+-^g^o?2?O5nC
zR%{0R17Sf`W+_pPmVo4#$*%e+?xF$P@jboR4Sbb@p+f$-Ww~NUDJQpea99tgDOon8
zFYZ>qKm90h9fa$ca3g+P=$F|^K28?0yHHmehzCYU7pUJmsrZfYw9^LOwh>*95CbQ2
zE4|xQ%@3}dw#ai~C+j3mxl7oz$}}fCW?OM?uxXiluAG?b*mp2Aiv<RD7yo4aq#FKD
z`@)}A;WAAOc}GaETFUo3dcTNe<;dTM%@ZoIebLrb!I>f+$E2}5YpB1uYbENI%T0e4
zSL(j-^Nq^_J~|#kw}koNyp^yZeJ9qw7ZKHqcd|_C3O(jWyHB%m{ZK}ee_lZ1pYwna
z(Q5hVul8x*=>H7@bPDZ0MdA?CK`*38*t~;wRc>y`V<)Hb(5no;KlVG@F2D(ga<~)i
zQt|hF+fl-e8}iDEZb~>PO+U3>;NP}a0;T5YS`LaN;351a^eR=(jC$Hj*zUd7U~y6>
zGB)x1RxP02bV;B>vBB7FVr5?JyGd8}SgMOL!cKcwP49dr+!-9^LRRBmu7yQ04?$_=
zS0SDd;vJR=b|+8sdKA#xY69@EjtW<5bvw^^RE};+^m<1tZJcwOuq_SrH`vr@|5Vk6
z5HDQZnSCQhbm5KMN$8eRJ><mGd_;$HfuG?9oIO}|hJ#f;9wE(O$K{{R*?*kdC0~5g
zYH*<004Zm)09k3aE})|YHxMtPlU7D07!H@KJNU?qAa_CQ-+}K=MbYH~CGA3w+iiT<
zH%3Mh1IRgj3qR(6HZb`(YU6~<91Du!kSmKljdy-+GMv~}C(V+FUPir}(;S<!XYs$>
zG9eAh)r<hbk#;d3?;zGJ#hIiF_~{drs0$VqY_BDQHL!Nwigi^}vWlbjiwZwWN};#o
zZ`TMtJXkQlNTtCY!$Zf1Eo;4Akvl}qQLnyV8lUJS)Hy4olW98@c!@NYTRdw);qUc#
z@WIdvNl(}<1)-<_*(NKJKH1@*WDTTmxbj%wT`5OeoY{?~FU0NNwz4I{<pQ0ySCoYa
zP$El5eeKB|MIsr#Hie+RUKhz1bikM%*BbTM+bLrOA*jzXypRA1%M1JK#T;V|VAs=3
zAj!PgETMOxt`=MUEpE^d=gXE&)EQbR;<GuDW*We#{;))d`hp1^H+n<3qUPT*D{zPb
zMtf4e?P2sOBlg#3NSle?OSNF%X_I^R@d@KHb47?hXcoZ}Rl49ZaIo(QSV0h5C{3gc
z^6(5d9;*^?81AY=qsZZIlT9s_?CH-ss-%o%p!51$y;6J9MFkWG-S}`p=Vx{Ab`~QS
zY|G0`aA2|Tm=WeHMR*MJscM7su^-wOfBY9frmu4Ew&Z?#uA+Z;-JNe|k8*Gt3UMF_
zeed=27oAhnnKWN-P5MQ$w5BVJvp2XMp;G%5<<P=^zJ}7^M*yEfRR%oIu}R>|k30Wc
zZRi+1B`YB^v3bEtOD`l?q$o~}=i0pn**eYQW^zu9_^y@OOl$G>loqFrfS``zSVv4V
zP=;OV1aNeDExG_#{&CgR*^LO-l1C0QL~@zEB#_5dAE3L@u1p`AE7vawO5yZ{Hu9T~
zH8rVa|6qYnAY64s1w6$kJn?Nidkhp=YKuGby?S0?&yZ1fp3WPevb_>j`icvh4=E4$
zRhPz>KA7=9^@sSQt2TmX&E(`S(Az5@7hSeI`ZqUmt5r~*iT!mvt|+i5FOwfq79~`d
zcmr?x7L=)suR&Lb4Sj7Ob!PmqAHqSAtDK0(9WH|lbz9nvcJtB>mYDli-uBwy0$-8K
z2hZNOFSho=RFzz3T?R_Gve!9{{}S8JqO^;%2GSpY2t^N9EV|OCs|9>VwWHF6^57C?
zH6C39?ex;daNlC0og50T*vdR?%UDRFW!N{$t$bocrkNWAW&<6ulJz>M{)!Ie>McC|
zIvu7SEnV`<wWNO1feP1Q^VBW;$W34Ml=7u)k>viUokD0bEp1l9*xnwh`lUwIa2&LT
zE*^B}Bdm;)e7BDoNyzj_Tv+tXXQX+GPr0uAN{wj6cvEH4`020NkILOukWLsw-o@Wa
zP@rfWl}9=n#@CA<oy&Cb&u4wn-jz9s4)BtaL4s9m4W-^j(sPnfRTL59L=CE}raU-S
z1RKJjC%y^9Q3*8Ow<`p5>{UL(@~ipznA(j}=Jy5jW^UnZ9z$sdlVT%imtI~$^5K4s
zRMQR9KUaU#!n^k#mVlGDS4V*J`}+v;ePAzY!6!d8stB+|By*$sz#?T=D>RbmHwg2q
z^l=va;9l9_g5U`hFMib5?)2BjKOb+I;yQgMe~<+J7Ql5l2E~qwT<f+(7n?2Z5_`9&
zDjh8_Q2&V{)e?NlJc}vr8v*hrpv|6NWFFfWXb?_<x!D+d!v&6?Y&k+@%=sUv%a*gD
z@tch|8&Rl^HL+bB${5~`roAMAUP-}^`ib1WrzTZh!m%xck%D%c+IvXmfKw|!%BMZj
zKr6{;0GLVrUJojV$0iFKLz4kXUdB%o*CH6eh0bqHOOoaFr$Z01jq%`5q=(x8HEK6p
zIOFw4YxyeaK_gV4*uVHHnH^lMn{}nDgk<GDjF*xcW04)+9_Ake))+I+lB&1&uA?wz
z`JJyy9r8>@{$s^igHc=8J08LH$2nr4Yjp99(*Ppib@XIN^3sXR!0~D&PC+{F&Y5G6
zpG;m8-ite1g7Q&EvNJAIjc4<f6n=r73_ZJRP8Hl40j247{@*>7_B5?YTO6rS7-isQ
zL$6}L>>|3p%OUqzo5ap36GQs+ahuKgmINPn@mkUc&(!%Mev1}5>G{`yj#UgUKB@^K
zK^8`yY6EVCoR%6VLC^i!I@gGxE6;^Qfu!Fok>{w89|*zzheefaFg*;Fp{(l-4%+5z
zBM1=wbboBjllyL+d`l=I(@uQSjV-x>(;a%5KowmTt+}1u1+=d3dz7;g!8vL?+8q)`
z;kb|~TLpHBdZ{(5?R+%!D>wl)yf&6LJP4$~4qHy_oNI=|+1H}mWXA)bmGW`D^3!j2
zX5r<3*L3_7@0%x27*v(=iCK(jT9cI@7B!YFhT^a$Sj}G18ZRWYv*r==vQmW}x=!84
zSgp0XNDxC<l%Yc$31)h!%gl%C6G;QtiwPF(lrV;_P$DE4Ywa+W3E+b3I->5De9+4-
z5|g*x;_ORNhqqN(GcYo>fxf!*$Wi7z<@R%6vnn3HJ%~{8V!K1p5ZNu%;YVqCyF+&3
z7pv-RzMfP|uIB4{DsPRHfob11#nR7ma*Np3>!8fsdSaJ={WGBjbzDl%2dajcyv3AA
z00^??rJvO=3{{!WDr<`?fq^6LXPcb5xEC1Zblz_psq1pfRT`=oA8#niQm;buSIDLj
zD4=WpemSZL>f6Z+B9q)QTrHgLP?c1DJ^#+0p>#pZgA~qa9s{XyMzyAb>Y3L4eXA!H
z!#(W4PhrqFvJmbGO?QE`L2wKqw*;5oIgG{$VB1qTiClQa<H(w-p*L{Vv$e5-Nho)E
z>)XR#;|7E{HU<`H$x?Dx_pK-fG3gS0@(-l;*C;|YqBlpXgq98piC$s9aYv-+r}=Jf
z*F^2L?j?T+^dv+OLES11Pati&BAm7FJL?xk(Pw6KUbqa0ULQzcnYZt}K!~yo37t~H
zkIpu7yKJ?Hx5bQ$9Aq)dA4wx-x@ot@{%{+D2p|IQqFe9gvDp=rpfB+C+;gRgi%2Y*
z3>Y8H^kbR1!Ej)7&Y@ofubH(Bd{BR`>PbIq!m|~oIZ)~bAaq<aWF^vR_IxCZ3aSDH
z<@86L74-hMt^IWDHj!K}KA=4OVXv~#bA?k#R`1SOQ3oPIGme;ox-EOpmb~1ouZJh|
zlSwb8K0?K1YOtFU`*paN(PV9cG^nLEu2t-x3v#MKNR2lI&Pldm*VAAQ2J+^zi7Rpx
z&{%z{9`?&Scdm1k|IG=ap>l4C2a#~@_arzv8sm{R=!(B13J@B?@jL~D=xft&H0N1X
zmt1R?$T4yU!+1;>GPo+ov9AzjllM9*ANHG!lxN}^ImdJHD*qk;Jl0zhox6f<l#3lL
zZL9mK6tnjec*G{%0w%WIbRe~8x7d&XGbt2Lp%rQrHb+TL(xme?`9=&TW<#7Dm$FpD
z^vmMh5y~6}c|!W4nwdszs1hXErGZ9$?7{-QI!oMh`#@1B_y=1R#rp`5*>-{0PSFiJ
zrezIqRLmWtoh6KkvLPhoWF=4?Z-#bxHhhb3BSr;794{z(xz8wa_dSj`>_kdLbxH!Y
z&VOwi=(;QkY@}-BH7Snmst%=9yK}G*pG@eK3PmoNr=Dj$Lu<n8RgGg7nu?6?qfrnM
zEmK#E99yRut#jvXNYYcrqMngAmuOR$8M3~k+uG8vh|E`J1dV~|9-<Hj3AR}cyc`LN
zkzBBJE32<f*1l(qQ5ny<72F34wGpcBgrzxo1Y#t)q4ZPk%6_q@AIYVK>@tU2WVJ>l
zqOVle%zM2FtG4A5nO<+w>-fDvhzGE2QLbWzWB4B;qzPdu^SS;0lBbz;4QsUnvOq&?
zX{(xge*NnIo)H>EsEP24LF*V~0Y8hhDQ~NwV7y|MH^1Ee^ied#rh~<c#aIGA@+3U=
zfmKhZzY`YK<r(pIimn&@ptgq8zw;qAEJl>z)Klk{F+cn!U*H7usH+Lggo0PgFoB1x
zS(WC3vUcF9hrdtT!5p3bqFwP~ZD~*NikPoq@Egy<V=9!<U#BN3Ab#^c;=6)J8t84V
zt?w!=nI)iJY>#pJnAM_Dcj$D@r9OBRQ+)V3b^f0@P%sA&_tkw0eZLsgq<dth#=Na@
zk`s>$B%VvR*W_##1dn6c$I#MlgfD%$OJUCvc#F%K+(;Ux0a!w^<m=j~u)r0UtyGV>
zY^{0gt%W3@)nN{)3pH%IK#*h}H0H5VjMqbgCW-#lmzKL!RA*`VJy*8G*?||Y=JKs$
z;VwZ3W=!i`12S6f6@yFk*`bxp%z^_cZH3j}m-lQNDK{p9_+-0qaCf8Jb+OAy&Pw;K
z@b7FSeg16#aN4;-Zu*oAtzu9;AQK7X+Kzf<X_HoXbiV~5M7Ta2uJJaByoILb#q5-@
z*>j6Emeq}WzV!v0t|h)Tk1wZ!C*mOre@l>a1esPW4mR0HKRD3mJ(ihu)e+f|;p%%u
zda9gwD8YvC4bQnA&DJ&uY#)J8%+7p^7((APu6;Uxm>?z3<LyM?<}tTkZPC*cyNtsY
zyThAGF_}xk*Qg)_bW*)onky`@5oGD*pZsfF7aV&zK)J&e>ZQir&m3@mb_e<~Lw%=i
zRoMCnQ*Bo?rMr6Bw;qf>YLpLjd@uZEYb^}j^%t%Rg>53$hGQc8$uF9$HTvmxdl30W
zu$yGZIIop^f%Tym^1FvN2B(BG+gvE#kDoox62iPBz^}?Y%+;s`f~Q>JKsWs|U+lcX
znfebu;FGN_pzl=VhPIa}X1^J>O$J;KMqud&&Z$^rvl^L^Vw@#`e8E8;0l`JzPfRVB
z{NQ&`iY}F+Ytp;Tr1__`twbi@<0N9-mHEu)HrSv#c3K@rEx5aZ#93eq%3>K^oG}nO
zDG|RBxp7fTHf;x7Mdl%N2j^weEvJut)s<wPMgdMO(l`u1st0#a?u<UMpXNzLvCpz5
ze`);E1)_?V>b6s;_;e1fHMt4G0ar-NQ$B!o#S%f)iLcMHc{PfiRYMAFFgBRAC|4h4
zdmN&QfL6j%4SiF=fc2qu!*ZZs5$e_AO|He7L~CdzsV%bqU#IP7HB<N3{9_z5S3^cN
zHE20-VXzFglQ@)HBY5F(GY&Rp<Oc{$=`INfh60}Wl&)Y{ti(Mz={M;Fc>H!0Xg<Gi
z%N&=TdOUCysaej#$W9Qx66%H%wPBkv|7~s$7x#b_TsSbKS<d_(X|(f?k*>I$ONpVu
zQORYJ5X91MR>VMAkr-{l`g|F?qs0QPu`)}bkjAoop$I#3*Fz1`o*{YplkXSZbrmww
zhYVISB_5F66?VLAV$N3ojGNs)l6_9pa?Vu$Y_ucb4EOGGoX?_){3fh@ZFjJuURp+o
z>Vx2<#|+wjRY|uR0^3Iy#PNX^Fl<>i6((?Sr)EN_N+uHDDvFhsgFnLE?iCd2dvnmh
z$-j#cr$)K=O6z~rJ^KK%1Cj_jUA`#b%SzYg9TRWG$eG(9T-k=oeEb0H=m>)=Tfw!e
z+nKU4k4VkN$&hVU|B)ET1#a^;WFf#L*PZ@43ssV+M)n;);Z^3ZQI7wZ<F=0so_V)%
zkW&VI9kDgkF2&8g!DwH)ftk6!HZwKJhwdeMHXAk>FJj9BIlbfu$#y_Zv5qtN?7Q({
zl4?uCAP>zuHK*iprO-NHd=Fa7{rzRnwfjxLTox!?Oh}spd%JR4^@spX{SKU`%F-ln
zw6!?k2Om3Sbg1)DjetjB(N1(Olq-vxwlj)1xDCEEj1wV10~Az0>Ot_aPat0eGz=`E
zlmt`EIYjASn*SGMIf{88k(b(3i0~6kv6ip9iaRVO>6pL=t=dmkH<=Qp1yRgMKG37>
z6UV41Eqa|YKWa&WVK57fReRouQL<gT4UGH=&f>%61SV!ohy>MdWgm`+;SvdygSOcZ
zyo>_!kVI;2xid9P#~y_g;2q0(@J^Bq5q}Q<DgsBdLp)(rJj9p<ay=yS_k<Sk1F_y3
zqI5&=NcWN|Ni4>m|G*m*`K|=Zn^h}qWFHgrIS==@HvJjla?ezsj$i;6b_-(Gz>ttB
z=sEcsUBxRB6t%oe@Gnw524UNV>XW&dF?TP=`QM}~{=rD4#(}iY)^h$D#xknHaUB&c
zB00`40pZrAHJ48CYjsqe4Ayf*yS-X#2Pq(>3<R%3c#oVw<-OafZ#kuxtK~v|-|O-+
zJ))Sot6QU=6@_W<#Hh`YtsvITon5nx4xVgR$}zx&=BHK^LXYcCIX+zsX`Erh@3#~9
z|FWp`@^+jg*ReJ7xmxxG1gnnvk=GJ-7bMPfn0+hs5H1A6rY9s?ztWz>G7Xzo!etZk
zFc7g>k84-@VslxY|7|qc-mLVVEzDVbRKY&=mf1Je=;kKMW!*wL$w!s(_9p|*g93{>
z<DQHlWxT^1=snqf37E+8@SM2K{8mv+d?VFcoS9{gyU7e{rUAB1o~z_7*Ekz$IVE$~
z5<GQ&gkBw70PdH0=*%}WA(ugx=m!yc0gbhszipI%(5Px!-fC@&jp$)!d<MWzGu0?a
z?s#SJ>-Tq<8mIY|NcPDDVtO6mu;oyCoL%fEd-3ONawZI*HN#0xHkFMLWn|utt@p_r
zWph=hM$des{D{1fRs28O@vczBvcaB(DbPwFV&yo%(Z*NyRLmg<<efMhIlJ7BChBQR
zbLsrkQ_70$(=)xmm6{b}45t)-t-YzV&siP>Q4MBPGBl|WDg7U|zA?J8rt9{^wrwXJ
z+eXKB(y?vZ>Dab9HaoU$8y#CW{k*u}H}0)JRcD_u&fc}EcCA{q=9~vc3g5ob>Rza@
zx&eszf2u>Afng}92g}{3CW5%@6DSyqkeK2lSFP3*^@h^ci2(cH;$16!Ubj%ihL7c*
z28Id8&VK;>ILda^89v{@^3wPevoR0<1kx0H=SLwTPBRhO%9kt+7P1f~TAMHT5lwU!
zL!|?!5~M<+`H1ed@f$-U7VQcgCKtL@3^hu6$0=VkBZicM3`Gv}A6!@r8qvIzbUOef
za<-K1)pysPb_$Db{~$C%!{@GuD4jFl>T$(055Y5qheeoz{^$JfudD6EiBq|`F;;XY
z&xAYl992k%?8$aTNPbphXcyo*K?U5DASFVnKYDaa>@I*I_#4r!rWTaC#u|#cZsOD3
zlyVUkV(eiP(2lstRUxDS957p_Mq<0U+ilMa@fj@m0l^lk^#gqHVS|&NM+AIj26xjB
zG0+F5IXcUBx$UNbVM1$#$sLF!l?P+aM2&_#w~}g`!p0}@{aho%6&MNg)1oL8_E-q+
z%1r+=xT--~DB%yywSpGx^~AR0pSEQQzPXzHg$|Q0JJj3*|B8QSfRv&TrAvA87y_x&
zSD3Yfpr1!%h7o-It7?o-+Yc7`^7;27gqHj+IF(6u=nc->BlGHlfl5?6MP(47Lqhd4
z4tjPB{kO+(S}4bI%q658zxvqW$dVSxVuuxsW?`BTo)J`#yf@T$S#bOrQJk5ypXu0}
zDEq%@mMHPfs898SX$c{F6l*9AG%`uG+lpGlApbvI$kzeHJJ6D;B2!47>(4t&r8u#E
zH`v{bT;md^&dNfA_@K$l6&%G%C9e$zpBHsRDSB;(wDCt+2eQd&emL6hB~#is#Hd4&
zCb*Cu%MU$VrQAq7Rm5FF0!wI<qZL%N-SrEB3|2~;+QpKq=Kd(5NsMdCD_wYgO@^V-
z`Hu5b*3={kMm}@e>m-oP^4Bl$M-DVc+Y~21H3{Vg8O0m;H&ELOOx&x0FYxoupi;OH
zckq8scK*J*sysm(mD!Dtm8=#ImAV0JcTz{A)lWPk*$uadJni=FF>*hweX)jvpjnO)
z-x{!V!9?(sk*OVBGN3+lfF2{6QAXRcj(<p6Q`h#=6i|Io-9a}o^Xt+rSng95N)|*`
zyPg!L2?xp2`d0Im%xOL(^HvE30@-BtUvQdSMamBi_U<;mupq}{ENQBF#;duE-M(w}
zm6M*`%u$(XK4LR3-{)zzd2}k1i(}C3oXURXYgXOYWlJ*-|2L25m81a;aFn&d?SVS5
zv|(3VAK<i*R{#=7yW1^)$-f**8rrC4Id-au)A}g?^9pl5Vqpz*yGdV*XS8m-ja}Nw
zIKCgHex}o%%5rc1;ZCW&l~IOR23N-mKEE7yAoh>Rt}1#-IUZIR(XH5Br+AR11Q2G-
z8Sx;v@7NydBaJ*NzCLJt@}HNs^qm_N=xu59H0ReEemTg&E6<TBz1TIpr4ML#!H)pZ
z3$A5x7%1dAuKBO@%>Te1i+k<=GB7yx9ec0<fM8-3!OB_UsIHV|1>XsY4L@oWW6;!_
z7N5LxK^G&m&3e>s3_kD49u97_8Jmd$sb9u9tHHRDCj|ElzyFrNOKa>cI^<No1ccAV
z9=3$h&OVb07pFSsak{SBy~3|Qe|qv1nU6RF1$v-Y?gDdNrFg#9VWK{rTgH@XQ4=)v
zDiss-NPpI1c_0NRazN!UglKpy85Eam?Z53MGcG7@J-GLoRF&Rb-+IHseX4}PI-R~|
zl%v6Hs`hdiJPT-^{cr4dxA=2c`pTK^LX{Te!1+ke7Y-A)5BUZ-NLugn#*HM7QA7rW
zdv<`tlkbZ&=qt8>2wZ)^C?-Ja+x-ok#I8%x`E;1EiI)dm_Vu2u&+9NlJCq0p{EG;q
zGB>|*gapZ!&>>DZU<5(d53vBnrlDJ|vJN`5qFQZD1v-Ug(-K~CbUP1EjVIf?s8H(e
zh$+VuBkSB@PMg&xEhGIwGqcV*OqrLU;kJ-QMDV?Q?#@R@9f|!^TT*}1l6DCB{IABq
zwAYl>e`HMlV#dliNRki=>}w)DN9Aw*-&JoXS;6mm0%wGxaM75_V+ZV2|JZ9ru@kRN
zTZxCoU;Hp(glP&b8^Z`}G++B}<1@nHNkfNilEO;G1w82k(4DF8xS@FS+6;5vNK!3I
zlWmB0YxgqG2ARvO@W3_em!_(r7{VmZpjf%SLu5NM5}nd$A7AO^`Iwru`BrOZ1EL@r
zglSGyim*UI&L!jdle)OcK>0F#jIqBxL;Md3(U$z8^-z%Wze8Yn;`J@gnlILFrAch(
zK~Ua8TpX5d*q?(#d{2EH={Lz%2*jHOJ1-suqS9yhsrnox@9OiaO8FH1Lhfj}ZM)3T
zvZ+g0d4l!!vnZS|f9VEvxN>lh_}vn6b-wmV6f`%*ScSXY{zh*tRg=6g9b?XT`S)P~
z-zV|gL{J@PL)Lofyaq{YK6{nyEeZZ_-=_;5I)BB?-tQkW-<z$kuS~(;E`iKJ+Z9hQ
zeC)bpiDp^(T2S_6I2-XeIzXLddJk3M?B*BQjqqx2Q>7LE9bcX`)}NhCVqkIqrotXC
zxbDao$|cbco9uC-44f~)^QY(&5<%ZE=F$a}V31W2h=|Cy2i$Fg-7U~T-6XVl0~A!`
zevm_JWRY8j`OrYKZvzLgsB5Wr);p)sOaFtm0F_M)W$h<F@-IMO&#mw8g&m4SL4yUV
ziDh(mWsrkeWmW%domGm<^YtKn#wuH6SxZ#+01_5)`2>&a5ZmJ>dHH?k^&4!+mpY|D
zz+Vxu-UF8lePj(*irR(W<aBL+{_ZP}e_Fxxl|uYi=A+V;wYz$!rw2vPM>#M&n#XNu
zd19Le)e|<3ujGY$`l9~k?Mvq>k4B-_qUU{512-iAqDAn*vffq2B2yjLyvb#)Ab7X?
z8x}l7amz{e35h=vi`A0SlviKkoARHSR`o_}L2I9pEsafRuD0rR2(W>B*XjHB)<^38
ziT1iLj;_nHFUy!`s7<1S`lX?>!a(yOor0j2vB<_~5UzkHJ8XRQv7F$iEJ?kPH7&Br
z1o{lpyu2ITw`{}j$2jX44tbG^vq{bN;5Pg~g^8)qy9o#E=LPKvLMEYmdjv?oM|MVx
z<q;f&?S|94*S}&?agQHpeg7uBBA0NG{&)<7<%AJMpYW$*qokCEgjj?^31qdVX2l6w
z+3EC)Q3f0uiYoGlXp*OW7q+0wNNF<lPaKR;$e=ALGfTF-)tn2+_D(cXrq{3Y(h~7W
z%#uy!YtbbY5)X6LgRlAtts;c)WKNYvN8TdyCjaOB3(KU_L@>dCM&RITa5eBiEL9ES
zW#)#yE|DiQTWBpHxVBPwi!Q<E85AQ)4}vke2WFJWTj{I)bJ<a_+OSs4kj=VwcWTwJ
zA}~qRlXkINzRe8S!K_7(QMv&iuoPu!aisKae0Fs(if^B=`JSa~pYm_{6nf||fc+xI
z4|tbG+7_DtZ#>=EBt4iZiX4a%(3%L!AH?gDOK%wlM=V9Kr|8O0w8wKr*C*>24#`6M
ze4xBn?=)00(TlHI+ods$me{%Tg~u==$m~zAT`lwlvlkObUnlfmkTW6XEjUA=<MX~7
z-L)6G9>&c`@PXgH{6xo4L)CxA>Ui}0m*`e_*N9~bdgwu%soDzYnJUT*%7>Uh=-icq
z$lBuHCuVlzrrwNLjk<weH=VwxFn}2hah&>k9fKy+);0die}RIAoC&ai<Rd`~n0^=!
zG+vb22K`(qZ=e`gQqBl@02ajLmH#dvhl>M3$T~azHN(QP^le_o5?n3Xff|l2_td@v
zvG{qfXu2NUoR^J0yEy&XaGs$@U~PzMhOCz6{$kOus6Y<hF%a}~L!JmY%3L^xThG{>
z8Q&d!<^Vg*=0jsCe9<67)4l<kdaB|Q2w6VlXF3&F*c{2!=WrAGz&og<wX{ilar{?&
z%YJf;^F5<rXnm_i1=*0NqjVo!#QJvt!>2wDJl9eGZUo+epmXia_w14PMfbdv^d^FQ
ztH-u*Vzz-yg`H?2)@No{Us(r{zM51Bej0w_t;;5)EQ!O_m~%9N@##8U;xYx$=B28A
zZ8^~)$jdJ(v^bN~4va_kbxy<LJv{N8)V@f{E-Kt@I4mj&0>al&rLid^VfeW}m*1hc
zV)N|DpuI>e(Tt?P($bYmxCvf{8)9l*{lS<(T6G$T1JgM0v8^{0o%gN;<Ilv(DT<Dd
z9Zq)czZC9vh$|OH{wvQRP85YphD5WI5WGAqpK`^PqxAZW?_MA+?|zh;AtWY)f(qoL
zZm(A;Pr+gvSD+K4L)AKtgVXrP+;(3)cQ)h_;g*`fT#em+Y#;`;ATDDxd72h8f_Ow0
z>b{hr9_f$M7AX$JX@6&DKJtZ*cKLM&336e~Sbt7=g<2A<07nk*Czugy-MhUO{5!S^
zp0SFoL+F~^$6Fm8=i=?&TYBM32BLxq8b&OS8S=89%=999ACv?UgiBSEhh{rj5_vQ*
ze_FawHK>dglK_@Hy6QlvfMB)5*5PxrnP+su9i}v;dcaK`;)VvsJoq68N49PN@-L@n
zY_M`Q=>LkqA(AsUnT4h7?O#C!Mj3P?w<ARs7Y^o+cxI;$YIbnHwnOooB2l5A{s}QW
zdJg;M82{5_9+IW=Clq$I9>cw-Mp^@#P}GEN)3I0trkeGY?;nDb(3u<HNhLx+3KpNH
zjPh}-m20VtOxmx>2*#}KQhqcIg3$W}?UAklvBEewhx=laj9d{4OBpZQs$5I)5(@vN
z$Pxj`>QRYuSJ&!cMC5~C9fNVDN-~ENkVFwl-rfhA+?g+BUW%w~Aj6*r+zn03mEHI+
z4acc^2l6-m>B(MALSkHfZ4jB+V>nmrMO+-&!)QK`qo_MSYV!AITI#>Rn*|p5Pw6&a
z)YmV*&|k0(FdN?K)j(oT&3AUhnd6uh;xMa^^&!s)m%ji?Tmr%4{wXIaz0W1`<ipB+
zwbwv2J=d7C78q(Q+nI+=GeX#vj*pwB(yL#JG#Q^tO&c1=uqL=mHmDtdQ#GTQPu}+f
zo?qcBVo0Z!nJWDCxTw#*wkFlEXA6EI0tnotovTP6H8K?0_JOHIMX7={GA$pkv_G3W
z<d>=Dj6`uM_AeAWVJC!6Ssy3BrMV62!88F}43I6e5q{Urc~g%;b3#vDvakZ{wA}Rd
z-N>7L=$j!T{(*pHj;914E(ry-U}Df$447l&(q<0!zXU1jFX<S?>MZd8U>;P1DWsET
z-VOD?u<UHytP_xdVo1Na{d(@YGoR$cAhs;b5<h<D#B!g2Ed~1QJ8GB4qIF3yeqLQT
zv;FE*P4!MVb^SpSVNFuH4&f_KxBJ6RPih3xUHLr%hzDkx<?Xp(>&Qmlwym&29{R3y
z%v~8|Xt+zt(IM+T2YJq0PpvPHKgr=~@F-nCepS(8y;1G}<{13WBItBL8)rjHDGeb$
zMa+ijn`)8Wt(5eEZc%-m#0J<^h@Yl~(K{-FJTlaqx_dX(*W%|S1J47pGjzuz4|mz?
zQ!X6ywPGo5mFvpw8vUEbs(NZxo#^rx0p4eed-)CF)A}Ot#B2c#^e~&XeH`l-*HrD1
zuKFOn$kZ_GcU`Z(Z}qun7nquz=U_-feE0Uh^mDDIW68e<Ue<r8K&i;ThyQZ@fIa?9
z{q-6U$!qW^f&6st*VkNu*v9n7i2EyK+P5G>_=KdZG{eOi1SXbeVGh-MH#f&M*;=!Q
z;a!(%xq=A4x5tQ!tUjdoY;azGQn`2<u^1_Obm>)F<!ni6!=Mobzr%H|@~TiT4-6T?
zB2`#;+5M87c;`cd_x?KZMPXA3@N{xhQvWYt41V{kT{Tm-#Srs(ff(t2v&$mPQ%6Z_
z=HY+KQhstZU9BHKj}ZQoBGF<3vj@250L6fLv^)r2F>fj>EN~$;qG!+5fz0aL1e&7;
z!X(Gm+y;cYNZyP<`-H9l?vgTUZ0p5RUq!JU#_BjjDGTEJPhTcZLlbWhh<%3Ojc0`j
z!nIv&O|Pt%Z>p*%q|kW{l%M=?Nqw4~$@<!c08ZT&c*JVMrzzO)Kt$-&uCV#<ASWG{
zqV-6T<+7sclm@c@RUYJ&f8l~6I9?7q8p{Evx11r6Y00MM`sr&|=OW=%F>6ON#!IT-
z1A(O&4X0ZOuIEA<U@3F$@*C(@_m`a@29T0Sx!@yUd*7&(=MGin!M^zQ7*ffqCzcGc
zFV?Ngh9te_6k=ir#`Sh%6&$C&&5>FcqE2j??Po*eLhP$RS|g^>^Nx&5B2LYrtF;*6
zO_1d`zBoLQp2gz%9SEJ?xo6pK(&k3|9c939)`+;WqOmg}8&T_{J`t6lj&kTmk}mDR
z-vjxB|KvFvdL>q)ISma^a_CbLvs2OO#TtC%!4IZJ&?GBI=*MnFM-EhRUWX$m&CvRc
z>QUWOpsk+L%O^`fPRUFPDP<?-{bhHjW+I=fHx_8Riz)3lmIk+>wR4*5^4|4ijbuY0
zr0lbG8U%WnV@{ZlRN**FH<F9IRozVs>*<~_owQXrJ~s2lf9FLK)+#s}wSB{_@fMEn
z<=I!waVdh|l>)EnbHE|*O-T52`8)xiuL-%?`UHZ6ezR5KHCvpIFZ*Z94Y!0&5G1J6
zH_vyH3P(XM|L#AEo#kL(AoDQ~oq~#`hOcp2qwMEIW(KRl?W)#0jF@lmK?aJIRYRqy
zS>i<n#Rmd!(W<w}TdOMeoBr|Qid(Meu#O<F4C7<SnPw{RiiT~#1robiEa-s5+qH^_
z`XV=u`i-`+Y!h;0l}CXUkVTeelax7p1|Gzsc-j2M*uu)j3Bi_I-Ebapt!RC9mBO}#
zHMvI&UW{7my?G4*ZvfK%`3DrTYp0XpRA(baOhq0$;=n`9saQ|uTx1X93$F7OApC1r
z)1RY^!T>=6{l<{<c}}*e{c1)cS^Z11Rzp$z1F__hx$d34H^$MxFBJPB<lccqSCl4Z
z?nZCARvAnMLe*_VWD4lX%cW|x#NK>Ef+Dn{QHh?-t}l>enQ*+960J8<Q)1YdroTYo
zLYIoW?4iI9$S-J$9-ubm!W^)Or*<<Cff(dMhJ_;=D*Z#aPCQzRDo_TCv{=f3=auXy
zJ$ytRxl3c#&(u~l)3D6=8q1&|TCO(LIn_@>LXH_>)!*Rj2-~BLzzw5W18x3QD1IOj
zM?)#fpQR3xrRo2;x8f#`oRc0)CWbU?icAmym@j;GTOv3F4(78S3h<2IrW!>;zRErg
zvEpY+7E+~K#AO)=X?cd7;mu0pud@J|_*QNUrX=lVpWg=w@8Sg?8aRy{C@2E(Wqe@Y
zz42_6*QD}h_g7B6>n#2I3aH#a?T*dM$X5bjP_ZK!cqHz0)IYD!^Lp`h4mL1Ma~%-0
z7IYEod%j7P1+iVq-|O=7;g(B5zQxgk)N^r>eF+rYJM`huv51-_L**T!?`&@Sg^4tp
zYpzw3+L^7-?d(>*piUC@NV|2MN9@SMQOxfj{R=L8|6P4G60+oD>iA$`A&l)~NYel*
z+`ckq>bA-AX_a(`1JD2WpUK~d39@xknXi`tE{Wx)8b2tO`R@1;of)iw1lk>4Ia-m(
z-N&qPodaLKix&NqFkUr`+6N6KRFR&B_Np>0glLHRv#&kEg?=<ushV+TIEk6HKi)5|
zl=%A12iBLk-Q%H~rKW3UnHxVn0MPxjIvG)ABEf#Yc9xt8jED|dJ4N;x?a6|VZaVb0
zr|9a}F1l?+PEpJ;DK6Q-%vHbS7{p=GP>H*Z0DJ#mBqim)s(1dqz&aeKkn7bUAQR)<
zWFY*HLr-j~QghAYHV87x#DO{IYf-!AY2>Zrr#ZsetQ(0T!2_ULZuh})y&A1u6$KF8
z<t|kZp1G7}Psa4L1*qO>)UlK;$`&;n{BS4KJX<aNOu}R$>#8ctYTuz(Bv-zpOpB04
zfG3OXZDE+08DjXVcbj)}uXzX={MA2wNJ<b{fhTFH=eYwvgX#U%7EKWr1U<)<qd0A1
zoYa%@Q7=UWjkh8aEwIij`&p_2NzE(zZ)~M%^*;ig>r4{h1EY7Cz_bWzK8EsUjN`+T
zs{!H`NwjjwEr^hc5xdLQYG{ms4gGF26)ci?w<wN{dOAZ%64OxfRd2f%rL~9mEWaCw
z#iT78v(GSFJi;2&BUIj+9w{T&n+$NkAUhEUg)O3;((uXlgOXCmNPVNE;HfiG&S3_*
z^?Z6hz7(CGm}Hm|fSBwQitK%Zpy>VaK7kX=OUd+T$qC3+AED^^uO;g+;t<jUc~(9@
z`?r-2A&`IUbt;SA`%AM6yLs06)Ay)~e+Aub|JpqQ{hfOe)rtB#iBVv{hXT;Rz+@vy
zcE>lHmt+efE<P|<?%@6LEiYF0s4lu4KOdKQY`j0_c_`s`x%(H*VFyO!>8+z-k@C|m
zCJvk;+xVc>12$~N2WaJqX_Zwgevl;rAr@Hufr0?O6g7p=oVv_EB7_bP_$y9*#unhY
z>sBUJ)pSnPfPl>Cx@}bU=<<lA4E@N+%vmqfzHuYus_B-?@S~Bt`|&#h%y5|9C&D)f
zPsB%Y-GAu2f75|uf0e_rIS8wYqXmQnx0XuzLl6ScPWwsIeKPmT%i|<n5>|Ml3naTb
z=^0vf{>o#c<(RywHDW}w<tlTfXhSITiWb5W%xCOzx%ig|XLRG$-(ztl_3c+aH4!r|
z&tqm$Vzg|dUpAT0w>XuqR7Tlt3C`5b`cWv2DmqyrD<A0`6C<0)IL0!SX&F!TxCxBW
zPw)YR<4PL#d4LE`G*I4YScj)}y9Z;F>*rUMy3WVm*G15WeM9}hyJxgRjX!w(s?mwv
z|C?f4p!iDo=$-h1MsdEnpv*8^Dx|-mR;oOc<1jwUEy&U%k)j66sRt~zmZML6S2_(W
z-TnExoE1G&)@`m=Ln7=VkLRn@7ba_v#|-@){&eu6t>)W{A)x`BE&fsa8I+8YUyCa-
zj|VZaLAoTAYWuTh64I_F)t5GQAd;-Yu*2XdDCd{wrRp3JPRH3!>$WiEJV#sqGO-0*
z!CWo@IuUH9xXRCqIW!?K$7ExrF!iS<C75mQcKWARZ$?tWdai#@sy|=&e*}(ULyB=6
zIFr%I>Z6W<N4*myhBgwlMzYAfD1vC^OE(<q;GUN{doUK|@W0+Zz5o(q=PK};eG%i^
zSem^r07>LGbm3*_?Po&Tk=xZ$i^y?scq2B2m%a9k(oph?#M#IsFovo8z^9!nfipOe
zPswjJuRnAJ??$Ed7BIohxnYv211_6xQuzJ;$@q8Wi(3|M1@<ttOHdq^I*Y--?1O--
z--c&T&iPlIuT=qWNSKWheAg2D89zaBIaNU1pzWYV#=-{vO&y{9s{5l5LAq|7t1ZA#
z>~tkTvZsG5*x?5I)>EW6JtC@#{grd*kiU{%(lYxte5Ko*u%OVFV7iKz%26WJH>Z6m
z-}A1cJyX3nqCevARN$1jsO7Y2H^?Xo8QD&MnJu;lU!?w9hdWnnrInP*#Uhm$?PqDH
zMb?m%$7nnQPmvDBt;dvTO*f`-B8FT)=^WK~Z-Q}f@$!7xcTh%UGjlBCjS2*vzmQ{r
z!{9Z~4p?7Pi##k`p4C!+k3Sd@RpFV7qOn>pVGV62-B|w-@%YNEhh~C-46Lg_o-U!?
zpgSJ6)JHQr-O=rS^yH1J%JW98mQB(lu-B0F3)h17!Uu5x;9YHkGCY{O&7hl_H|hna
zIgN}L>8#}cL`oE#DdrOgbngVV{tC0U6e?E@C>Vd$Q6%ecCn%Y)Ub&gKK<W{y*cb7|
z@cYdE*GeYHy5b<|S^u?Y&!Z?1;4;M@%vi`Taks91)8^Mtay~q99ShcRk~=#P)o2o)
zD)EwCx>NzrW`$91HSaAhi6%e(!w6FhT4Pd2aQ|Nkl@tY)D}S<E$*`xf7#=@J{DNf0
zrX$>5b6A9RWnLnj`mH7Ri%BmhRI>4=#9Y&eA|Kpj0eRIa<qCN&0+IHtkx~oO_i%w_
z|It)V<NdxeEN#|Uvx+-1T^@U-+K|N_8SiBWL?F=MzLJr!0QI02vo5Mqb^zexQ}(dc
ze2h0~g0y1K5AgpK%zTEgYh(*ZZU5^l;4GCp9pQU8Pf+a?JtzPG<R^}GCiiJ){MD60
ztD*(y{5({t#pUboR|HploEW1Tik$-oubRbY6Nea}|NaoD!dFw|_A0RZ?<G(w0L)b$
zvV9%K+yU4n)Ow?M@!Ly79CggRX%+(Vf!2zw^7#B4pfe6Gx8D0+${dDK{_A7qCic;v
z@*1-858}d{u}fA6V{9Vw0u`QWQ4h8JPMR6rq~mI-JGCMYn%PdY^Nt#%hU>u6PbDr;
z_GZHB4iXfALE`i<z1F1{II%cMwcYbqbiMdd6}<aQYwM>&=q4E1LLIys)|XzH(;?hc
z`#y;dG$ru&X#tf20HAPvm*cM{P@Y9>bh$lnwYYkk#FMQEQOT^W+uOQAA^T1}5Aes4
zJ{av5DEUu}Mi6~yf6YD@O3|q`w$VZY`N8jb!z0X;IcCZio{Q|~WIt#)Kz!7RG^<%T
zu^ZyQihm3~!?IuKXX-;3BXMn6f75k_svD3YH}(Z`+2~uxEX4}*8hz835>%RjG2LBd
z<G_`y=<$^&2lv43`Y6J)5h+LVI)=dC$3-gzK;+AQHL#&yfBq=P<^?{Fi-8#$yi|Z;
zmiI+B-MdWdX0d|GWlcb`>S5tN9K#0+c)z&oj&C|~PERKmJ^!u6uWbhqph-`>73#x|
z^&|JeNrA&L87nxv>@Z(4!UB7|rezN~R?5Bd04vHub^>?HE;lmB?+G>^H22*}!y0(B
zI~HxK&pI$i9wyWX1EcA$+MK?8+^gelie}Y0pcjrg<bF?6h1m(DRGp>~syZ~JhmXdY
zuMt?90JQqvj7UZg*yZUFZ8gPY&OECw8U|qg?G|t&0Ey>~@an5sR=U9FYds~Md`u0K
zGI_K!xpfITpl5H!tV0fJr{e*97gXQbNihci(yMvU6DDtWSH>D;--E_ptExUc1_zhN
z_HZ%BmqUL-5zU0R>Ko;K#N(~I^9W~7odid-kM`XM#BR&w?#lKdH0R%$2(|p^o8kvT
z#VrS*kNdhepbo1DywRMb5}}siCjd<kWo=#MeUsKZA2%d$jpWp978<Bjrs5_!-&;Cv
zR0gJ)FgnOq0vtX{5D#-ON{QFIf!J#W%mD|urTTnx;OC8!Njf(D+dU9x5aRBO>91D2
zfDP6dU(iwUxSjT8q?HAKw<h;C0H|vkvYar*e#k`srVTPy3|#@Z@Y^r#H7E>f#xWuz
z*l#0|JGJM~t6hO*A~@UqWmgb*nJ1H*Tbbl~5usV->TNG2z^06ZBY71F8hXeZ%dv1G
z*sC=s++u&MX4u3?N+qw?CisiZ#zq9hTh^iCgmXHuBcC%EUm_!RV@xy!fg`J9L2Rl&
zil5)n!Cp>Ox}1*uq4!QXgp8F;wDGAN$N)ZSWuLh^l-Oh<YP1-rKY=H%fS#}p37G+w
zx8T^zXboRI!}$d^^;Mx~2Qb2YpOwJ1D3*2NH*0XQK3f0)<~xKzq5M}~(W0_3pqtES
z34k`>gxpriV9o1a9N(y;r+p24Pcj!?9V`+`1>BsrysOANT=_zFr@VAsRoFshUIF-(
znGVUk1@NT!m)I-}aWH|NllX*+Mrh(Zq8csdbQ$S8nRD6|2urp1aV)nK6VzeQ!Ip~W
zYO18$7%z&-Nm_o4P9&#BHgP7=3hi8*zU=J7k%U7ePbx5+!%R((tPa?@XgjwUYFR@N
z8gc&OlA;t(R45u(X}L;ZW6(N=U-F)Y2NKM{c4DC6T#L6ka~!wCLi|SEsb4(?YB#Ct
z{;D9FcYqmg<KQ(0fl4`o%y^zNu+9Jg=$uAo@F|dj%bYrBL%Yq#XpoGy(5hX}s8}Gd
z-*9{G$curxrAgBTz$C}IhiSSF3N`yOkKei|xtwx_5Jm4i!?_jUT0F}B$Xb;Bw(0r~
zIG;-kinwMNZZYujL^*IR>7aWW^V)HP0*i8VoZ2COJ)Gs0N)c1%Ef(Nf-J6c^+j$cy
zw@)1vO~Tr=k2DNLdXhIjdv29t8Tbf8pmg+IXoL8rvupxv4%Xd}ZjdwyLUF5c^{Ak}
z-)imNblN})<-!t;OFkFUO8iKVHLws$A4lORs2&S&&Y4XI6W3kR-hM8RZ^gYAKPSfi
z^<|8IN+jDc^gxY%B8UJ`wYbgf6Fgvuof~snh3Mtao54P)L@hdG4vJ76P~G<dS$vTP
z(9%>8FJR0!-S|cnn4Y)LVX7{&*s&9W2nCSL&eUD|NU>$2RJRG$*v*?Abavz5u3$#X
zIqKb5O@m?s+la^C_ozc{;wwRZz*hSXW=j6dcm2(Alle`{l=63qSKGBSd7icy;?|_v
zmmGeHz3ASq$BVWpKXR0yC`ZWvlF+hdDf;joX~aoax|^B(-}vzZc``{@aJFoAfNu~K
z_Sy0M9QS~wu4Dp5e$h;XRohHCKt0Uk_#X~aPz9E${LEsN9rV;Oxt{#tX3_nx?qer=
z=F&jw$<$Q%^DYVP&}HC3E6wZAyD^t9GJ>(jkA%h~RFEk`krxSK-@+5Ut537!O4Oxc
zlD?$ZwzGD3+T)xuB^dZPA3^VrXotbtU8V)30SpofuCZ=fUQ&tqlJFh|)$VGH5>d7(
z1%g4)3sz1|GY_w|L2q~{iB;KtqS1%mA<L8M8-V7$f~rvtvk$L(;f%*S(WIjjHm#cA
zMsEiieWV=^*%~^RjWzdgJFtHT$D`);YKz{;LS^N=ch$Z-mhSW^K{-10bzS{58Ej#s
z9u1U3%t7k337>bhcF0uueagY^zzumEh>b5qowBV3BhhZ;K4SlJn>*d3U8Rce^Egg6
z-Z&@=;6P$0{KqJ)Y%U`3%Hs)fWrQGx=weq0b4Vx(IDum6?J1mRL#f3dz>?^p=*}6E
zH!xRIL8JoPKmiq`%I^hK%4We2ov?JzP(K!sJ4GU0THw$NxIe#FhMr%%kS{#*IG%YM
zc;0-AaH1iSyJw6XJF#2%0qqqJpK_DI$Y=>dh(Ae8Y-DnN{={8=2c`QsXgCu*P(iVL
z*?Uo)-m(+p(6nrgJMK~%t*Hgk3nbJZIV=9Sd$Fzs7n9f`aS84bO9nx*RkV#-C67N1
z8rAH&63=cS)`W+2?0u#E**S4LidjW<u>hHv&L5O-5qivu!Y8>NpQD(q!(Urd%byNa
zMK@H|5^p6^Od!FH&o0UE?kVh%11@jE_Kb;ofO~BivMW3~>22fh)9+RL*FONj{#^HL
zXg7o(iYEp00DzQriELLoEUdy+m-cpTGdDg5*73s9Pz>!G5^ykP!=bX!$koBR074lj
zepo~-6x4%gz(;&g8YZh!wNI@lyZ56VjgwX-3$A5cZ>D}HQvl6Py|Brzpk2SA980WJ
zK597=-lkjxQS>MzvTj_Hp+{A2N~%bA(E|ff$@FFOr?j+LBD+K~KI~_ePRDE4;ninO
z`R&{(1kB+qd-dAy>1~1yOOn#%PBYML=lNe$iXtMdG8#^V!9jfV;#RJ??ife$?;%b!
zzOkL~;m{dm#<obrbk^nHfPNF@<X-12BeeD;ZFx@^CKe$G<W`PkK(m!i*EK^tXaSqv
zne%86ZwPv4jWZSL@Hx*?sfX<9vMB-3ICqYz78(_?y8oG1K+C;B#@tzwn*hky@zsr<
z9a)CU7DhcywDq0d8)VOyZXO#yf-?Tf0GiTGo)Yh_9{@ldjG^JVo}sAGGzxSs>^MGJ
zOn7K$EyD4w7jqyAu)h0m!<|Y`N^LLNO2OoXVO9c@9%v&2BhU$}*NXU7-HXFox&RSx
zsk~me0Qa2EMFFPE&P%K9V|~Cg!zwuoC?{Oto*!6}r!>&}Oqqg%bj-zymjE82LaaZA
zZ#d2~w{~YjuKzA=)J}$A82J3%woNPqF}J^{6bMdMA<$!!sWG-rY07pO;(qWBOME3S
z_>-m#w)5?ZbgIzgb#mH1Tb@;iBw|D2*FU^8xMb^JN7;+Zg~_T0TGlc(jn8=@{!%sT
zp*7ruLCJES>IUObpBMPYOiBSj!DjGW@wQcjN_DVm&xx7(PHg;lIgr}2$7hAwaT0%2
zo`qFKU*~}4$%n=4O=L!ZB%LBYOP%oHH4Oa>PgAcJW=NIN6L!9{)j6>X@wkF8&8i$Y
z<`wDyld8mC#{f?GRBM#>^Biw#`q{t<sT0&a%@<-FWfmcXR)&P|-0DzcQExz})TAAx
zScAm#%Fjz%)#|dgppRRSHR(gM;#tbjXm}H9NgyLl8?c_)nz{N%O`5;`49z%`Dbcji
z&2ibsM-}yG4aK*mgl6%8;hqC(nSF#efBv&NR&Wk>UI2yd+Go`2io|_RyoYW|j@3~4
zCWsfAk^3Y3?Fs(`NgwMR?Ud<z{^3^huZW04dw@1DVY0sZBZ5Bwm+~J2Apw*4Za+uR
zwS01I*LnO1cpv#g_A9q={NVzsp0{22r>EOBg4m3zH8T!5e;Fbu#Iw?#NDGVqVr;H3
zYwKxhdB7xo0`Iy*q^1wvYE~%w+3a+n-O|m;_4P6QBRe2~-_T7wHazhh5-zK<v+rR6
z#Z3N~I87MG3Tn&@E?9tBFAKL(N$|9oygU9ig*c0e9Lg0+kGpJ)A2O)4glX?JhwoW;
zgNH5Z*J>q|)e40n`;v3BR6(Pjdp@0k0RO<i13|}#WvGC#oizi>h*2TIlbQjEifMOf
zn65+|dp|mBNA8QU5c8S-9&a@?2J=aTYqpaDG&YcWUt1hXf{G>g7(cajx4@h{UY3(z
zu5VT4R{z7Lnl?&V?P~Utya*xdD5Hhnmz|(&ifzi@6iGGIE+CLof2TJK%08X~Pfh27
z*%C0U=ELZ+!a~wNj}I8SeQl$Vwqov6&z&6^tiRycVXfi;qBzy*aU#c6b$$<oey)kT
zgo8gi$Ry9?OPS3*^G&{DaetVP!Inw;&DtMjifD(3kt>}w@Xr`^N#jK>*_+U64Di9A
z27!CdoEAWVF7A|T7~xit_GJgO3fX(#C*3@?A#WoMeS|T)Ic~{IlF7h)a#p_qmpYfI
z>K6n6)7G0k0O^$3OLZTYo1baf;o)rk*gKH156-oEWOjBQ$hFE~^f+ccS%atT1uapM
z{A958GeqdxHN3aU)sQ+>joo4gt)9Ai@Pt8_nq7gY<PilzhyMeVVIqLw1^~d^blZY`
z*#{0I%RNHi`T&W^QrCHK*G$_)Nkw*gjZGP{@M;FW&Awg3Dg%95&e#2!`=!WsLEB6#
zYPll-<ca}N-Lg=(drKI~n;fX_m7Z01X79LwWi3XLe=pa<<SzYp@-12Q5j~qJzC>IE
zDelm`Saw@gT3mh+T#uVUBM<b9n#DNNI;xPBd*R-<W?XRX6G0h^2?Y{8yB!i>`e*J(
zTdCyAlg?{=V&XG2!nRhO3C9+b;@aEulZx&I7k^Wq2gL;X>oUa|DBF<cG^LT`6Q#A*
zP^_;7E7aPpT8QT^h;XU`coiNeixKx!NApyQKAk6oqOo^ZJIHSFIq8U2p&t{ki9v6T
zdi1wq55qO4^?T*vIRR@tC~e=k(0p^AO6`>en5n}vo8`iymkFm8z8?T@C2u@VsQb%o
zMI>k;+0)@;ns)V#K|JQ-gp>{J!-@Q*Lfw*B8S)D%WkIIqwdvJGq`lpW`~;7BqscyR
zD=vQfIW>|B=$zPpl*{UBzbp9ZU+)YYA4fLO24c$;0)p%ADB#Eata(s0>mpo)fteC|
zZNC2^xn+@O@$&3jOR=yaKP-SSQG}M;-62i_U?w3dEs^xj$3skc1n(OXgKVmoWnU@P
ztjnXkmpwlW->Ip@L%dPeM;+bA^7=h<R%cPhImblKU@y`+f&p&nf8hlJDe^}Ps;h_u
z-)w(+S^9zkgP6GR@*R8-`t04<H#0g#fJJBGsQNQ^`u)nw21tP#2<_Lf=ohrgEJ?uV
zkh%0*VC&<kYSv6v3Jv+zxl|m?<J>IFcI9bm(l6}OmI?Yh_APgfK*q3<Rn=WpnF`Og
zZ_UJOw-7e~ftfrSNVN^G?W>0|DNH5#0%-QJhxY$`p9cV`eFDBYC*(i^xKMh23w)FR
zibVx^={UT07-eJ4gOuB(!<j*Mzj7&}c)(phv3H?~P%YAt5rf&>PXiR(Ipzu7<H#SL
zGePMzW$ECgdNW%V>t)O+O_A)hm9F`R2&RK&ksp$Tq=PUHF(D^(RX?TsNoCwC_LHR+
zp!H6hM&aCUSfF3KIXYw>S0(hBd^R_?iy+gy;(hMR9D?jIStmRd?(&#;FNN0_fLCVv
z)Yc-7hkLWcMP&kmYYY)QTN~JoNT>pw==rwZ-3d7_bV|xW4Yy@E&#anuTs>H$Ni1TM
zkW0R4cR^_`8b(nS^NPw9j7=9VO@tS_zxyIH3mkp^u8Ff9+E->1B6m45**T&w9u0pb
zHvQ9T_r^Pb0AMcl4A7p`SDn$svI<mo6{a-{?j1IM65Zv*_quW4C*DGbp^stWU^)(9
zSYc?~@<IPaE<eTaDc`l^YC)RN<4HXf#mrURov{aWa7dtmrmPc{cI&m`ox)PsdKAU$
zkD`_UJlVWsd|3gU@#~`$j46nZ+Dk|(<jKGe6DATgy7}9FC~Avz4JO)~Hol6k@y}XY
z#N;oU1nPr`3-eae44b<}jt5{Yf#%hsEhbLoZ4jbz9d-ZW20Z_jQ|cL7V`w8>5)4Z{
zlO}))iOpCqzY~a2YP`lzNdKk=$~A*gp<=}k0KiSV*R=Ku;M5Cosfjeb>O||BQqE|*
zI3>_m99EgoA+&xsXMvUE7Z&hAkzO|36~oQtu}Bbj?bi}OBUKSI+k4$tOvRLL@OqB;
z{hOXDMB@iIDvIYUCCm&`{k(B%#j?2M^on<mC0Y>oPby+351ByrM<jjA4cX^*Y<C}d
zSmR9gpf5e!xeODO$Tv<@&jv86^QrE=9xX0UEC;?9wSpz|RPOz<&Lk_yPFRQhU6V%U
z2mQO6l@H~6*OMB=1aL83SuLzt@k`t%`?N{!3jN^4J;MFfQAI&<?Z)X1L%dWrb@uG1
zRvlPT5tx;Srj2L~_&#Q6n4+m)CxUjjBm{?|FCeF4=cD3qM+9*BL*LfCivK+O2*A=~
zMKU+=t=z${^bbKw0uvz|wdMl@(}qbMkfo?}iXVYF;1w>%W|+9YKlrKOku%A|8RW#N
zah?$<MMoGr^r$G6<o$vsW8*q{#YcwO@56+^?k<}YGT{8?NC^Es1BqMfTDNS;uLDMV
z4-B_7rQa+pDPdsO=`QXhQ|c6^lyQjydwV#8(h;O_>hSyo)ZNx`A8g-Ys)g7P!-Ho|
zmx>fuvc{%AJQI>A5)-=mmo#Y^c{LC5cP$A@KGM&ofnr^ZmKv!mb@s(TvW2A}h%f7^
zME`k-%CGXrCp$i#hD;A(7x;=M*yrm8MO;u%ARMFim(%s50C1G#GPEa0ESvap+*3sz
zFcCANzQt0D7Sny&36_U%@qNr?s&}tl6m8ClA&USlvvWwYx0{FrcqB|!jZ;F)=<4{?
z`ns@UApX2sM#ZXV0ZbmFmCiKElYJ%vubIo`lAL*rkl<Zb71rI>1#1wh@g*_Nz9poQ
zdKb{_g>i`e6hcQ<*fLcm>v6wRVXmB=XgpL>*oz1K)@HwZGCWz@Fy-Ap`FT#ueF<hV
z362YuIMw3U{jH2}+olS3vxjv>B9hU_sGVS0n{!C|NW|iAa49)TY+Xe7Kh%j>zVjM4
zM925LPcz-DJwDw5v>RlA*xJ<Z4V#(5de@2vR;Yojy3Oz9DspGNPh^I8oR_kYixrW+
zo2GSz)gOMBxEW^P3tv~yA%y#=mAj^tc@`^U1mSYZPO$I1gjY2NL`=~nx+x^kQoyCO
z?srrY0<9YJ51p!j?=MDV9XN2Tce99$H}YfU?hh#RCw1WOiZL%~&H?p&aR2TO5%U=i
zwvt0e7S#?ZWv6gB9Th(86LNcfK&G&8B2~1bf19>wqiKP+TLU2G;Db42=QIbQvk)Oq
z87LRsW3lK9ccY6=(;a)}@|{d$JlGSaKgiuJvo*mkp38-NYw;D4yOO9+Pz7=7a<<=b
z;CjmW=1vrVNqyB^O~^|(6Gdq|2=f3A3nT0aEn0YGv5p4_qY7sH>v^%c^!v3A3@~|Y
zPkwC(gjk%Aat-918TASx&%U)bzc|=61KIKm=$v>xhqqP<Dhzw#J5osz*$tlf&6oH&
z!hbp$LFB3xP#ZvsziGNM-@m92zRW;$AfrmL(#;4M1r^+@=LMH4W_yRrKPL%YF^=nx
z5LS)x;EyjrQH-jpN?l4Hah<p*S5cl{`}tG6=k<QD6@H&9_dq{dd;mkzBmf<SoP)!5
zG}4Haa6n<V_W8v%HmTPA)NT)sM1av0Wh2tA$2yRUlLr6&Sdz<BPESS`i@((cH(Wz~
ze<gBwNvPky<90+qTI*9eYHtp);YT(HkSRp_0iASAPXZhuH52Y6>Vr;IwB8=BjIESV
zwk=f@eob2|<To*YOGR!$Q7MjNgc(12AXo&ok8yO~<ZbV*T&*0<+YGH<BW`#*Ro8m)
z5G)_Y8t5hl1pf+kRJAGDTLc;^9jD%4hquBPCkfgk2OUMQB<DkV(}=H1m4(9_&`apn
z>$ENy43*1yoBGFMnJJ%{mXsLsk@h?ptT|tYpO5@S>^&lG!j3!~z;WenARqhW0Lh_n
z;ZG$zgX(j*gqQR%maICy6+B4>S&(G`csAdb{P>Zp>j*b!IPaTXpyvT$^6Es4d1FRW
zMUlg4_rq}nJ>PX^nXysv!8Rx^$r)HdThZFOSU2gDMj|5~D&;aTE>Q8N6MTFvo!hJF
zYfb<Fr}p7cxyA0lYT6JS+W-J@OGJ|yaoAk;!swns=8_pu?ThjsL{9katZY$^ovnj9
zAXrchM6cLi%v!LC5c@lz>`4(UvN<}qG+syxfyAU!o%gjuYQYHgc?P2w5uBq^-Y`xO
zzui^GV3yA6ODZt36uYtDJ&cpS^Md&^hWy+tYh3J$<E!b5Mkr^tH7)m{;k`jR0n~f<
zp!tBQAf=47#YGcQduf(ugR%bNX#oCRS#jYcpyC_K?`YC2HM=TtxuJ<KBwQZNBF+np
zk&A+LnA!J``tC`I?`;0Q=5_xw-bC;5mMsr3vwi?tjAC(r!MyKNX&~jpz~uKS5*a-$
zQQsZ4<X;1=$2GVS!fg*!gCei^<GSq0*E6q?rnj=aV>9<rI6qUPY}IxUb6mKY!>jG-
znHu?r;2+9Vajo|1f@==}MFA7Y4X*`sFO{{V!u5X4A&LV{KS4CbLZ>3+hZH?|BbN<*
zm~}5#G}Rz578s=vGPL-{A2P#UfI20xCcs6Y#XxU#8n`$ZVJmJwc!m~feZC=(wU>u%
zJQLRDr3X$qP!nf{%1*(gsI>BCot2FQE9Ja_3IXdMA!Tn}xk#<3XS&1PkpS^T#tMvV
zetRseMGx}+4;NVU?fiMxl)Y0UPGsALQFv5IHaRNLqe%n>Lk0jvyvFf(f8z@U0E7U7
z)cZsL00f#JqIxRR_M(`f2FcWW{v}^@B-g{q_A0>Ehh#+;r-EPL!AwjoIyqh~KsZ$2
zQaOfW0-sxuqCZMA#6fV6s-Tx0tHuV}iVDT|L=|3C{M19MqIb?A|6uF+er|8aBD#Bg
zvnRwWfsM>6jhz);e=$d$R;p`K&M+4&{rN&{<Bww8q!-ns`^zN}l+xP%9A=E8AlO08
zBJ()Bj<ZZ&Y-A$GcEJJxXpdJstaH8a`mTk=h;nO>tHgvW3BoKKBUjXN$UD2s2)Jp;
zln84~?wZHqBp&b)o`RXVJHK0-VXfWFa&mpAYlu^A#zaTRrQDMEM=<uN?uU46z$s;H
zOq6~MJ%<<nc~;>?n2T%@3nveD3O;z4u}1;enue%GZY$N+%FN=g0Qh(OrO(GW4x|(c
zVZP+iHiCLV8-s?OcX|=}jpIw6)Y=#|TEWqLza22B<PAR%Q=e2aM;Z9tA1+r!PGCrh
z>S2Y5(8(oQ&~49LG{Hup@wN{(e2koUkA!J!8pZ+%R-|P1S%ZQ*cFLVhXtkHxbAiU2
z+6b^2db7AG?1%4*sEw(79VT0>bX>qcIA+aiSce_?tnYLdyAbbSkT|DG1r09a85|Bx
z#@&@yV%Vks$eimh#PAQriVK&3h}ogt0f2vt+~$VY7EMlow-xszgi6YNz4gjTgxTnv
zRv#quOjm9k05e;CKA%-$?j4Eo`zVSrk+m{F$#26NEhhhPWW{&F+ixW>vuhq8K0Y=H
zil`tAzb<_wy@RxNNT^0~E;g=X>{fvo2#Ne?=&h@GBisFwq;hiO>%PwP0EeejR=lp(
zB6^F+UB`Y&F33c&P!p2GcM5iy^8TGDfw%}%jor&qyrZYSO~Bxh#5=j$Y5p86i+9T}
z^o&tj&-3x+HDVPtZWlLwA0w;Mz2#YxJ?&*ZUGE$kc1$-XrS(7r%IDKXK0`$n*0ni-
z<EX%Gs|bc6bn8jjb=Rii9(bQw8)}p^9IQWXy^0m^yO6b+ZuPq%MDD>Y$i^%PfR-Sa
zy)QD_f@HX64}xio)}U;v4HD3@78zpsn}di^6|H#PQVOCubnVq}aW~0UjE*iKDX73L
z7Rp>~v(hfuk+#}+NPa$&;7k^I`b>~3(L?I*>fZj&VT%72z--5P#zD|Z7KIVhWu`Z=
zS7@P^LPUfy&}Hmt6hWrj2)(=EdA21YskEN_ywiLlwy|PQjP=Na+IaJ^e2U}S3m%I^
z`LkurrWW083;d*k|6=EC<gH@dVh}PJuo3C87Rs6l7tsKuP-xA-M-7NcPtf4oNl7e5
z1Y?TN5EHR}`@7VWN;E)HlrYMN0H?OWO^6^tC%=z^S!o;IHsHyrT^5Sp{Dhxa@XFVs
zR|YA22>ITOa++^-A!T4W;MuHCzy%ny6wAWYFSb1MG~x8-otzdLnTvm2@Pf8ESqBOQ
zH)@%R;`D{E%qk(R5#OS)wyj~<Lq!AW#hn~?xC=)oA+mR@iKd|#v}F2c)OI&uOP|-b
zvS!!jUc9DSa8Hr$979Tkxnt20aBzUPc(pecoclEknFuNEsBy8kaeg5|?c-&u(4Vy<
zx0_gmg6}<}fMA>Jp6k$MAx}_BU%Y4CL&E78cR-yuQ);qRv|Bu#502^-(7G(|8!ZKa
z_=*)H<DD2vkq@Ch67WqJ``-k&!(AE@w=WjwcS_H}NuFzbQ=*>SV*GK`8ag)zHS%p;
z%5mUBXL!z#y&?(Nvx^5jYhd4|aSmjhWxpRwSz$D#YD7HxpnenM2IG~Hd#6kI53w3b
zL`ca`86zxr91>SP2N!nz*`>h5IT!va1W2fjmgJw1bVU~T@=HlIv<jXQ14!GGH5B(b
z&wG*?Jws@xM?IJ5sc&6!twFqD@`zK9<Y+YhaLB3hKz7{<ejswfE5I8@!heSmfCQW2
zXQ{j)G0!<+tlCn_&}4IN0~m6#>mdYj(SUm+K=1Lfk?^)6Q^XZ4uCMk@>>@an_6zE!
zZylU-1AZ1ihnSYs0v^$*#m^nf!jBsFIinzi>J#^R(vHtkA7{!x`q6{4dZH8VJd+m`
zYb%S1;RLU(CrLkfy|!iX87bT1L|MWPaI@0x%rnP#Ucj#E*&F_XAkS-%cOEq0wz8@5
zGFL)7TFzw?V$P}(U|+b=F!loRP8)JRJaro0l9iB-6CSM5S9!vy9NUiYb}hmFQ2*L-
zJN#*Zw=u+s-=*&y^UvhAKIO?=JaH7(CfNo&WbEWF&%)I8Jl4wn__|S^EaGPHH^pKk
zeZiYiwKt(ffy3`CaSuv7euJc=j0vrD2Q5bi85dMx;JZp*{_EdakX6)IWz~SXNI1Co
zFf1?3;c=evO4Dd?o#R?^yGY{ST06s4Hc-cQ2^|h)jiR@lH#F~yEehp-aMN&A*FKX(
z?Pj}sG=2=rG8mFlX(JNBhJ!!XM%uBfLsrf<`8HVHsk^tUO`HW@c>|u_uC%pj^~29B
znkO`J0pC6|oFJ6K{uwlun=wiNOZ;}&vE^IN1EJf{lSG8%G)Wn2&SGci6i;ChHu{0k
z)wRqFf#rj1v@*G#OzCX&9uX&#&Y%AS*gz-03%k5(EkL8kmNmoht96^eZvA<UzWnZ@
zSV_vA^%NkfiQG$qUcH^myus4bxk7>6u-5yY-LiJPy*f>o7uoyk3l4x8PO7JNn3;JG
z`sVvi&PjE-gJaj0W&^u@UKslP-jMkdYXRWrN7y|XdcY>(xeacy^T^nMGSm>*UJ1;6
z@3Wccy~I5hNtiqO-g}41|Kx4p#JE<jAlo#(m<|N*zhfrH#5v_P{lUQfn}kE{=nN43
zO-dBu4h)b~eO+~FC0<1(xQ!pz&bW+1ba8Eb!mzM)+?+cpoan{Su4!cM${(eibHFJ9
z5c2M7sz=JoTL?f(G*i=mE1CHnu%B2K<>oDM2ah!Av*W89_QEi4An3#sNzD)~q3Rxc
zP``wr5akG<Y*Cav<ScN%HWf-<fa@tGBod40;9uEbyk*AB$-UTK&)m4ZS+0=TJ-h}n
zWLSB0U1$IR00VVP+(yxdeE<Le001ptd>~5xq^(e;v}uf)AUnisM{Pc70-X@B2E|)3
zAvdvKuU{@Ce1>t-__g1QWcku8TO@|$zGG1KNaEf12V7x9M7C|PSF<m@M7k{1zpU-7
z^*}>wfBY5su&)R08))aliw@Vfk6C`FV)e8Ec->B8-gVk6<g+H3%t%Kz`iPf*!VjDR
zyK6&QrDPXQTthg2(;M3+1tb!pv2q337Mj}G$z;*8GKC^*x2`ZF%T1i0WPZ*^uOEfY
zc~Np}QVh%(mOqR`!Vk#GmBLpqk*(Y7So;*xk!LxT+~xf@<aSt%*+SYf2cW*|H(G|r
zRrIHeZ^{v7ye88$0RvruG(2|9IO{#CkQnIPvp;A-O<fq%v-AHvZ?vev@P5vsGH36z
zo#l=8stDiv*fel|-li%sx(vw=eyAM5-B~^KEJLjMqE^XM0t*eDH_an)LF`Y$(4IF+
z-bUU%0O~v)K>#hM_xOgo84G8|aGs51MwvCyDj0mZy{iQu>_WwWv8Q+>lE7Sd-ly{4
z2v$22Hsn&}A_wUszrc@WgI9oEU<Gs1AOHXW00k&kV)<DT-NxnKiwHHulNem=s;Ms?
z(4W?h4ml!D=$mz_ZL-dO(-*~WE76x^Py0isNT=U5rP4J(6CxrNsOGrefR{}%+sqv8
zYQ#fgPdZAB9mFQnlC;}4+_esII)MDZA#HZbY`RKSV-n);K9=kMK74YBAub5Q>in={
zK!X#_hVks9QJm}X4#{|trX%6)@}@>=;T4x0RALJy8o`eb+W4C*LMk0fmu->}8q!@S
za`=t@dQO3xX-^b@FJ3)@wyh77&z8NBTbX(T%To3z7TR=S1XR+31h1kYRZE!fYJotE
zN)Pu27bmDz=G_A{a517f0!1S)WV6z2RGac_KmP>gzh&P%_239H7wsC3fb_FX5%R;W
zbfHWobkAwHj{VW!l{41ZQ%y%ri(V=Iw4SL7c*^l<F$3Qocma#eHM2B>wRBI(?^a<?
zHBX$vV#GVcoAYx6IJqE0)=)FuP;EJ>5wH~^Q$F(p2<xxX-v;8A5>wbsW+jMy;Ja(Q
zApIN%da1*}u|`8Up$_66#Lb+{1c)%#LO9E_fCR-d8jk?V&8r+Wc?2N~H}+{@IHZVQ
z6j8O{kghZRNc><k$^<8g#zH$g{gg&=&K;=m{cHdI;Yx3BwIz8Y5WE35!0*f^HI8f_
z=pWe9w{2GBXz#T%8zv}M_kw=M0}di|J?yKYTplY`i#yE7EUuqAf%*_ck_;8^9>q_v
zF3u}&0BJ^;-+|OYarC)dMq*fE+6Rz><hVsCV)nB}_ec_m6P<Y)xGdo%=DS|Lt!&{*
z2$&Y<<pXZ{SLN=!;+-Wgm@pMQ8^r<r{7+k=MF%h4P1r@L^~QapdRuri{WQZ4+`DuJ
z698R)pR2`0_Xp&w&a-pB_kUR(VOYgV6*y!>a<$bI&Q%!6Rk&&kLiCZ1Yj&w0b5sq1
z6Jw$`Sx5qrp<z@VL>Qm|4}`jc*~yNffIP3S{85#R0000PbLa#hI{Cl=0000W4Hj5f
zfLvcN?*TtYr9iU%ZD5UNjAbtF>c<`ntEy~piaf^DVQE%F8|y0KI5iWEB9m7+qdf!8
zlz=;S*(`0Sf`4JBSdgJD&l74WDkLSP4Pqzu$Y(fqZF-JT)uo0bc*Q+^1N~JM&NxVs
zJM+l#X*E?~>?=W}X}`IM8~L}%yYi_TjGF8rMH5(qAbD?SH!NfPqxqhxE|qL~2peO~
zU+8F75N+gw6ZZKwbyo$yuxpw&Z6V?(#G$uN%#ekX5WJ_Ysf5Y*_Un<lN8N^~=ABh{
z-@#tWgrR6-8{@=|A#>KY3adM9>Rdpi0Uvy!poE!;+=7C0`Q!0Dexka&KWOSanf!K|
zT7ujnzOBm&Q_~5k%KH1}qsDWcH3JDzyln1rs7K?JR|2Am7{IyC5FRi|s-`|&1bHlQ
z&k`Xjf?hhMm273~rTiuxsUQ5uS*}^mW3cdyAi0res@ySW2)l5YA*U%zE>8L3P##nS
zl%G`B{SZJtZ_p0vZ-Duj7M?BhvYa|`3CTv$sOS5~`@BI~8WN6yTF#lIpueWtVv2ni
z8{rX2p_v*W(9Gu+bA&|;s4)ieVaBQwo3QRJEvN6-l}l6U55{a~@JS)8pYY^e$mvr<
ze+9+PTiYd~5Z>$sOo9;X9K921d9DJdjML@-D}{G)J!!B%qK8sI>rigt;P(lP9AcTo
z9(D5wASz&2Z1y<W*5$V7xX9JUx<*P1%qRc8af{*64kNQDgz(uh6^dK|Uh~V^3g!gF
zZU8P=s5zTtSC_Ql00000A^|;wIRIfMl1HAw3(k$y;Co8&dqG1gO6kOn0Z7@3uT;MV
zk;LHgZV=WHUBmEziY*YhT5yx$I-2zgd%VZ286?(p$ocq1ti)YWHmBYAcbsV^gx7)0
zbyh`;-Q|YN_1|wn#;N>rg_HcF;+z=QL0d-Vz*tcF`qHJOstls*(2awF`%Qzj9m$|K
zo{G`)f-aWwi!g4t{uY%NP?44{r9;A3FJ`?DMm<hZ8EbSCrI(hBe^Sj;YG}M?v}N)H
z8nA>CO!_Zzm2|k<%l`%qhGZC${mUaw)Pq3uW-nTO*b$ACq_};qY1!-`%y!H;K1T{)
z_zWZ2PB2}$aEg3RXYZ-rn(LfhXa~%LV?_@Y{7+^dCBMg!WM+ei!v5uxw@Ghb_2|y9
z)F6HvRL@4>Y@;J`ggTb_q-;2>&bJRmMHD{oAo}}*yVaO9L>be^iNttI<<Qr9lZ=~d
z9{(D@OrTB!%lzTdc`%o>e2>G-#N3R?TvWngU*nG&G9QB4p}MROr5>#3crfJtu%>FD
z>$HK%s8HY7w<Emby?!r~H}-a`md8z9aCBb})w=J`%qvhI#mvLO-gCdAv^J7Ak6j-O
zp@}sen5R*VV|<N9lLOAm_28VbK@3gIx87@%qoin1bgR1z^z7#j$}FF(R|TE5i)_6<
z>@m9SJ!;%}xo1{3;)nnMxnhj~0qXIM@MO>c00005v>7|W4ov_eXpNbW6adR%cP#W7
ziPROvkHna%9VbjavJ21}zEY>#5l*dV%0h{}zC#p__>xlhT!}nz4Y(jB|6yD9djy)Y
z2#<y&fX<n?_;yPD?7P>rBD(34j*P%ng-d9POu3bPIDv^x1ZV{jO5^4U=@`_3`vnSg
z&q-(jB$x<F9WHEE;76U~oCBnYrKWjbYh5pH<5rmGkf*)U;r~6sxI66~(#9DrHzgU=
zzT!P2yY&l>w*7we?16<JLuPF2!!sUe_AS9kF^3gq@RkEhsSJhnnzaZ}%xg#_MU2?)
z>s_r%78o*#IHQWn@t~pJfH!{>OaV9Vo_g>E84LD~qsgDgX{D$w!Vegrl%z>H;h9s@
z;E%pc_}Q7a9LQ5B(GbI7VE9zBPOwzQ`?R#0{24wV{G*_g91k4;4$WX+gH!a{>QH{E
zEDh1(pw`NqY8m@a2tP7>J)v<5Zl7CM)m&8D!AKgo62`k#^I#J92j!>T!X=!*W>D2y
zz1U{gfIdoJIiD4Pj&d^W63rG8`CPzd{ge{&{whUry5emeL6Ni*#|z0w=|6QM=l)o1
z$CN(W?D5p!Y;&mI1c9<R0&2+U4A+7#g+<Tbw?dLVxL@f1s2x?W_mpFTmc~5HTMpOK
z^#$e7D+TK)L-K`xvR_X)UNX1Cd^y>apNSE-HlcdrXQP)E5C{bZD<1>_2l3k~y&<|*
zF(-fk7k~_a0000BMUuw&>CqOjg4jQCu&Sq~5km4yuv0e+V=}9@piNkXE3QvaE4hnG
z=jK3{`*-K6#g5{A@Foz8wD{@TY55<>I!jiIh}6(jxfnj15TW<rsE{x2{QhSHZrHh;
z?n5fU%(IJIVRplP=}++xK8NlI33Z^0HYmM3`wY5b1eCm~v6`{Fm}|NKPY9$g?b~f%
z`rsrg{z#%q)zdy^2SOW9QH^ZcXqyoq-#|;TeOdDuo2E?(&iztr#T-IHZDiG0qPpkH
z3CnK!(n0_yJz2BL-t0^{i^>4;NEhf*(OQ3ViPsy}3vOp7I?Atd<gqT@fis0Gu%bJ4
zoCCbF&WlL;?*oT<_i*%)Ws|i@IT5_3Nh20Z{{e)1DaH#QbYpRR)7!e}jHNxQNuw5h
z8oU{m@hh#q(YprbKYd<#I&hh7T5lxt<<J}A)fesMPaDK&*A612%`M_r!g~FXohe7N
z1`-VAJvVF%1vrt=k2`Z!=EW9f@%+RQ%oLy*)JEW-s`dV;ZgYZA@7K-M8LIYG(i-LH
ze>?MZVEltb(|jdPpPduDphgsn$lJ42WCemJYAfeZU)SglW8uy1e=3b;1D%gWZm*|i
zO6h9a1yV!@(8Chun5eT^BY(}Sf{n_(PisG@Xf-Ih#xHf%xBl1-E4>1p<90OV59{nh
zghg|SY2-eAW#~cZ7wY6MoVWcz$6V{6xZM;B0QsN*0004G`@rEbA3=)M2pZVWQl02t
z^W|;TETzip&-FGKeoc{ebwaF|r>ikgd)c~#g=~ciM*n}<+bPaL1=TLdwmz5ZkkKTk
z&sE%m3Fl&$n!_}!%X(3rCg3#Fomxd`lrU*m0hWWUE7HHn$Z`6p8!xj?KD<{|qs0>6
zq@D+de)D3t0zSYlU*@XiZKFGkgDRvT%`{@CilS0|j`OCQyiY8tQop{VqY3#`;D^(2
zTwhLR2?2s2c3S<HfT(Swg0!9Tmk(1wJKnp1&{&)uoDttJ7ZvWc4^G=O`S->g>;Y>(
zh<Is56?O7~8U524Pf9g5-*sn^oXzoZ$+wA7o%5VBg_n(oiR<+h)!F+;QRL6#w9?QI
zjU+;}Gd->sqL8OVY)}r_awjdaa5crR_cs?SJz^FynTa{xZ;OJ_)l*^Ku*XLvc@j86
zS@xKvPad3^@e1=Z&^6D(44&Zk2PbEtBzqYVf%y^>??2o`2_Iq^pGeo=fk<J8GW;`E
zl~Xhb_D;&^%??_ZcRa}GjPciWZ>?sl^Vc7Hf+0*BEat$F=Id{Ts*-=%v=oIbHcVda
zcvjYASfZtfTgAH_oN00Zm!mt`>sVdEzM9z%7@5k^(%GNxHs@zkx$aBGb9tHh$ha&-
zwBa*s@H^K$usb$r(k@0XG_LE0LmOu@n7Zx<LFcB!cNP}J9$+6BeK66Hk)2Di(ue>6
z000)S9NQ61FvAX#;Y;LV58wY6Xg|i2m5}}MwM!5mE${Tr2mnV*mPR<1r-?&2vE=ar
zwjffUY}FSg7M#4p_~nKA>XM1Fn0nSq9DjO6aQt0N1+DN``BzzB<L5SLU=z=g63##_
zBoKxTe9%Wszc2-*nU~y3hON(CVZOQRo5Oq{#@(4P-pz9+5#?o9*kINSy}EWE^U4QU
zQI$(~;U<82M)e&@Y!;gzfP%m<Vf_}siq@dJrX9};aKgH(Rxh+t-E>nY1e>E)^hm{N
ze$+e^wTEPa-c`k+4EoK=5Xsx`9LFLiv8khTt)i0H@Tq_I%16nwo+i2xy;xz+>f!7K
zv}nA#yOTtj?N<~uj7rKFcGLh(Af^qC%r&(z7!xy>tR=)22XeX46}>H!(#lxLM>_k+
zj(ClpV(76@n`?gG8AYf*5Tu#GI#btg{q&8IUuvE4SzD64{rj81zrtVD>C9nC!_C@~
z*roA|o?l4?4o#-hQ+?%>{zFM3f?Bx4h?F6=ZY5L4Q?28j?ez?b`H9O+qeivA!dd=A
z*(x~zz=7~fhr-R2l-+STb!6Vmtg+UcUn=X-Gf9N)#l+xEqLS9Io33BL)<3Qjin$rD
z_}5j4Lvr;wFIT@DO+Wwu01(Uo00001pnwdjRw7;nPLqV%0_c9gg}rRKz_<37g<AtN
zhsxWW;%O1}7a7~$BhzSkZ65O}zO$w+l<18HpH=-+mt4@(_!ck%xNbxgS;6^R7@?2r
z(KrlPpx`)67f?drKV1{StuCHMWTJTSG&a2qa9fYFk@T*o;oENB@rworgqubO=pH*r
zHAfwA7|ao!?cF}Z<|6~*_wj}pb7b{(hrQOx{gbI=4OOq(xs~@w6gxRCF26A0{+z^N
z55}k``H+Iku%263o#+a1$QH^OauW|%5R9pqJ1tTeaD<B0;DlG|J4vnNl4T;P_G@a-
zBRQMu$(LdLFtor)T7|l4p(6wVqWKEm&F+IPzjktI_;vs7Os#<Aub_E62PYWPudhp7
zy%CT0v){eNQdA7zyIEt|GHnoJ$2y5$4QE{0+YuDBO*MbTPs53QF|yPQ&=2p4EPX8o
zUlXN0KCy37`wL+G+{i=?8>A)Vm?XNEImClee%-`4pTv0|;g>d3DdZFo(!GHho_y5v
zl^JJ@W=uGyYm=n<sF9eC$c<{tRZTA`Bp!aG{q*bGv5O~zJ3Yi@;Bta!oWzb~YyFxp
zS=UBi{i|Gjy`P*(+kjt}#HJ|IA&!6w2d#^M1lg+C_Q(JL000000V@Dx<z}q=2wzj6
z5{~b6`!dpVl(onR3~2D{axyIUtwLHtT-_AI@h4I=P(&WsKcwBgEoLPVScV29I$?U9
zdLa@C>MSqWx=o2B9fBrBFzVgdRn+AYoX+-s(sB7qx~cFEFsq>*kB&??sGC%(H<kE=
za$%f)WwuN<A`t4cIeI|+%X$u%GzGySQ9jtHywD7}GyIS#uJOnkF@vR$9=%{uWV+e)
zBxM&ot%{o<GlgjV5;^UDCZ!JlpZCx(pCbBD=$mOLF{bP($)Q`>ytxP-gV(KAtL(Tu
zQnDL1fY}Ya)~iJl@m1f6BQf#(u`DZ<<mC^rL>3Vf%Bb1BVWrcN*M&>}zEVC-obg1d
z&e6prNcT=|oyELFzYY%U^wa+K@<j_)^L`xhh2te~MM1-QjE`>$VSQN(+ce9J=6{Jh
z9C{gp)`}+W7&7xK=$dRMgR|gb{KzlHLbQv~REyVP?KruF0_qp_Aoo6jx_%}5KUPkG
z#ely3PKDS(1f*hHyIHJX;Vl6NeS5}4jLGWOT7996-Ny8`_8smHot^uw=Ia`eRL34*
z1ZupmAn0N}ATTIL5j9&@rFR6=A5Jkstj0(`Of_)SCt*-XkxGKt6KeHh<q3M~7Qdi_
zu8nh8CN{fg?ckH-`g~4%oKI7cfOh+_e_UQHsynII7Wr%;9^q9Rc153{X6asXJOp$#
zd}Z~47ALDQTd7BU=Dbwzjb`%kt6}ymiEoA0H6f}cP8m6N(VX;wN=qA)#r>9T2}$!z
zk>{5T0cKv+pd%}>g9x~4C`0&pkrjDTEX#_4ftfDki*>+dCExX%QzMjledw1kA9?w?
zJb6lzUeiU{=%-&~#=RYg7|hIh9tY1IOx*dV?*`<HwWMM2N>~bOCK<ssHfOuvFVE-J
z2dVW*UTZ@4E1#^C()CpFy~<jV_do!!0O6fUj{t(;0000000nl@z#Y$+VL=$oHwOO!
z^QU%u&rHsc4F@V34DGQJcGjxq0r{{^B2#?H9Aw+#*PBrgj^sTxQ%`p%+`S+cd9a#%
z3SS~gZ9WZ=1+L$?+waeZE7<dIWrLO+@0P!&=MYxs5n20?d@|+bHU8@6DWigS4VPDj
zpt#;C0L<~z-})8cTUE1(#wLCN_YV#YFEL2?J&Vg;SIV0m{HoxgC?OfJDQU~^IK^FB
z8mP9C|5W*A9p6*;PejS~YHq|hG)RUW8kt8+0aL2R{0LYlARUrV89;e&5Lwl`ULi?x
zEorPQuN>DXsES;wfWygppJukK=R{A%>h6J}AtP`ktu-96lqA%iEiUjOx*m{PHH8BG
z_reaNIjeTk0B3_Hu^f=~C}P-U&xy{R&fszmxOUe#>{qqvn5%0@zaMQ!spVZC!9fGp
zI-&FcK`nSsBbdvc+|ovIWgzNR!~(%i05nU?IT=<-C4r=!fHPVWUSufZlb#`<zo~58
ztDe9msb4)KqA2wAGfHL)3RaZoe^_Lm+hAYxY%^+-ebg2gd@nq2l;YVYw>RTqu4cGd
zXP!uKRw?#o59rvwb}l5KOyfK;12vieMcc<;T_S57_Vx?`kX7WPNHVJjp~5;{eJs2#
z3QoD7YepU7gNgV75E(u#w|n1lzkwnIR)MeA32Z-?YduKX{y#Af$F42SK&z{-T#w%7
zo+}|I$tsSh+d%-LRGt6uSGdUvMkiTY)XfJ|o*h|2l&O3{`hW16lc2OI2&{6g{ei-s
zgCVY8qeY`e`xbu#e`3Dv1EO9~9#w-gUUEn|kKxhG#9@z9KtN2I2CF7{{!WF08nwLs
z9i{nL;`d07*H$IL6u<x@ZpM-TR?q+d002}I3mCSjgg&v1h%Fn37oWR5o=TL>DK><l
z)!KVaV-8E%0|nXt#DIurM67MSMWyOHvxM9y&-ZPdb@nWM3Xf+njj)}|XvU{*L+Np?
z-u9Lsd3grZ?B+=^sL9)rf<NlfkqtT*!h_)xmArdDyO03>%+22&#Rf{anF6?)CJ9SO
z%M6GByMd_&1D=kKHeV1L`n0pCx$T5%9;WWP*9_R8IE#jyQErB+#$5dX4*H?f$%(-O
z0|K+~gRq0t+4#MOYW$dDFupOXV|u|xJPRBr1_op3HCS10-O(qqYSVtaJUz)X)=e_M
zsL}B!GutOrK<gRECn*_8f&N*N&(;T9Wj3Oa`c(Sl**tE!B`NU(Y5|iN_I~`e0Kj+Q
zn^RoboE`;P#%>|}o_9ggU4o8YO<R!OCJ_h1(A~#a7~Ls+E=20h6Kw4=u!X-MzD1@y
z0{>!v@U|h+7B&T1$F=arNq~Ie`26r<F5HRXDi+athENv|1**MZCG<#t(29`qgj8ca
zSN-Sqou?d6na7Ya-9D%pBvj#tp^p0|jp0d+I85(vof&P0Y5qLFvjf+hE1oUynLeC5
ztuXRsGvb8b=Dv#Vk*7ToC(oPXl5QOg%}<L@%%tc1h^@3H)}zt2hs(Uj(?`XaB)8fB
z`;K<gIdC*I2*gSpC!tIM*JIQ33lHm`Q_Qc3YL~Fw&wy`t^iqd&5tlx1U!S1)p~aRW
z<y~v`viyEs*qceQwH%-ew`mpE{YkHxRSpj42c{({Zn6oAaNZ?^8ob($9BcpwArJrn
z000|`4+#A5s97~X;RQD&z`wMA#i(v(M?w~bm2zBa?9&falKpEg%EV*Lb^fD6neoAh
zTaDx1b=rIH&6NK8!=J57`)s|&l3X|NU4u?zYETBggykxknH1=>+^dqyFm~l%1n-?S
z?Ni}jmzp<!BZ1us+!00&#H;|N&tG?Ft~CVC@C?Qzmr@XF!JrI7rr45AWU-zVWUmF@
z1!xxU@04qQa5$pb`fU1%<vUY?Pz!-`I;3GMD_M5ItbCG}I#Sx{)?c!5$&(=oNxlLb
zdhUijF#%(vmTqT}P+1ELGH7d#z&;Vn4WxUyUTY**LKu5K(5pp9%%m<T!qc_4@}L1a
zBbE>kTL6I<fT?pkKvt!DM2r*tod$S^7muh&4-P0Gt9zc2rH9!;Ht1<j{k@hvAI9Q)
z^g3OWISl}pEvpvL01il!jXv>u$NRcT-g$}uETKuU$B#T&-cw}KJwmYz-*>8SbDjmI
ztnR^9vapOCYC11>Rouj7y!8820BnbA)qKS@oRe)S@YHq&PRUdiE7Fi^Pkp_ii@lhK
zrrf_5C2Dr;!;><T3~jjQO=!`ul25s41O{w6*%CS}zt!rYqY2=DFGNW8z7D?odkTXv
zoOIG+#?i$t@rXjM)k--I#4TzzOR;&)PC;1rU)HCUL(NdG<2JSo5FnBgaO%m_VTe-S
zEbm{e`WA<I+;Ko1=`W59Dz?A6q>r|+chWmdiNUcU$1mpL#iwv&&;XtS>NT_g00000
z007}?0y(A#tPfdR&E32uJXv&{bx(g9{f*&d<h_gv;Id8sa7YAB|H9kz4u-uID>vH)
zpd2B7y1!G!#n+&M`0_)L?@?3c09$8sc*)T>@eNi_(MpqOzIEVA(ltC3iiM=Lk-mS1
zG<TC|QHFIh;GN|KlF!hJm)V$6s%dEvJ-X7E-Eva0!tw8tIf`T9Juy<$fj-c?Jtzsg
zX!e*95HmEN@E0Y%ARX;oduS4dzc&#zK4YveYRU7wmlS-h?=sA*!UHjN9(L-DB-X?Q
z;!98gr^2Jk^(_B=YZqdsEw<>D^=aMy8P<8PXiq+2Uk0xf4z!L5eoQYza+;T7)o#J!
zZfg80diV>?3H?+^PjWF>WD=DkibMk>-(eNec<{V=y0`|&@Vz%wnMDAow>&&N4vk`j
zR;Gji0COd#u@+&aPK0@ihWRa>h_q@y+hDrcYZAo0cmh(Qle~kngt8rN2pDc0-9M*4
z`2nxcAU+<f<9KEpAGSvyR5DJbM#Z2#h}%QFI_rzSi{Iqe^e1a`w)u7d<~leJ)^n$w
zbQ=zcELkZ$3-PhdySRy0^Te%F?*o>kAWQBsH0>{DjM#QKGm1RbHdYK3S`1(Cnz%^*
zxNAqy<(G}+cBi%g?bf`D8zWP_xE@-7h^@u{QJ|uy>bgSF$)tN%>m$~E)nKpyhS`?X
z02_XJt^fc400G7RlvQj5>gFi2CD0Hp$S*U1b3CnvCQy1gwod61o7KDNCUU*O=iOTe
z?F9Sem69Ed#8Je-I)xP;E=O0=X_w#N>Ur`cAx?_WNZG}TWUDr<dIgg*`HT(0z@+TJ
zE6_Sh(HuGL`0rlNd}ROxlKHCdfaQ?FJX;xjrDG))NN<QGwk5|<LyU0@OQ!}>j)?y|
z25gzw7FKyLQ!Ld|$%gmWY<rCJP8K@MaB_Cx38@zNrfp+P1vG&tSyc!fqS_9C02jwT
zc{yuSNbUUt%5jX?`3s{p@<rE#jwMm|PbEu34>UZ^g<hAn76qp#=F|rvO3)LD<Q@S^
z=l0+*XKPAIgS(LB-g%1_BoDT5R_s%C*3AcGwg3Qpav%(0DrUc}z(+yh1GiXh1beau
z8?>i&fx6<A4~`}cpRv}^Ykz`DuL)r<i7axP+`B=krqoY~Q_~(c0r=?&c_s-kJ!N4G
z9|a}$FR`8KTI-_TLo6!_nv^v=xaEi3?z<@=>oeR~1@(i=N)uE&aj}x99m9i}$meRm
zxW4>ErJSV$@yvqLCj>`k!caQ<$~+laGw&HTc2AdK9SKz$b5!C6Wr2ug(Khr5pCSoZ
zMnct*;9y9b7^35oGqoxppb0fJz5qAS0b_|!00000g&+sr@xW}OBZ?zC`7akTwOc@;
zoaZ&aTBsj#gp2+<2S01ecgF)*(s*W>Lcb}VUFcv9G9cUlIh`F{<AMOFtmf301P*RH
zU}h@}T4%W#s~BB~^E&YwPrWM&bWV{sN!9anbj{QZLMtb^eDDu6Z|Y3_-wVK51;jjY
zn|k$DE1v>)Q2=YC(mHV)yXO06=kND&@iy_Df4kg<M`#diDJ5JE-xBI`Saz;RH3&kw
zhFG1cYT8~O_CLAx*rQOJc=E~sXcn-5fhubTf!u^I%cuYYFA1NeXNso#e6A6npf5}h
z8mK?xfY2<>c64bOUjI}<nxz>9kV`lbTRN6D%{ZVbQ4MaPyAn?tEIv8jd1s*7c{rr%
z5RxpZCXP<=D|KEnp)CU^a|bemo+2vtWx*Ie^XgO~avo%+K)Z>-J01MLcpA@yX*cNn
zAO-w*#tKhqJEk3y#W>VMNeesGOQISXvS`Q};Vo{|PcTd_%k@wH5z1mgfe%EPm^NH<
zTtc_74i7Y@ROW7QH@HxDngO*u@w{@-{C+r4cRVV~!Zui8O|_I+^sgmbrY++OJErmZ
zd+|vin?$qJA7UG-0AC38IqdpPDT`y3fo+(!s+9|1AnW@$ZUnxE29WsngfBl3(fO|^
zTeOAQV`9a?&BWi+obfcf62Y+>^TAP|000000006X@Aq*G#5XLeAwh+Vg2#ljG4k2+
zudCVETgDn$04``F-@zaD0of9^oRD~bRQ^N|FHnFX=&Y=qAqIkNJd~NkZTelGV^H;H
z)rSCPU%*K0Cl_9(75B5cQ0YFad6p9Dph9&U0FQOfE}R#nHCb_d9)f=6PXG)Bvx2`!
zVxR@9yMlbKvLwqvuFcLc*Q*SCQJ>k?b?*cR%}{1l81#p>flIzPDP@o|8VDzKP)1*y
zMd_GS7JSR%^veKxHtqn2YhxaO5}|JPGm}NV;||>3l$hTcmf~C&-XCi^a%j_Et<b;z
zlPkhf)?hDhgKD40baVeD6?z^vM+T@@2Bm)24?fOz;MaTC5ck<s`igKY_ONuw-b!oz
zW7_95ePVC|d9mdJke7s3vg}po2DGwuY?d-0n{Mba(9DxMFV<y8XWp~YuFCz%>OL32
zb%GE5*C5=bikhG17m)WRCBC_JiHi?$_XyA+v}jF-Wa?mJJ0w-}+cVaG9x&W#vsynC
z>KETt3)1o#MZDVu0S05&Yf3(zuoOxVDIhogVTn9%fK+xqn3qt|#gM|&QFr%laVmrg
z<?}p~x17z~{=&`C6LV*`Q*XWWttAEMB=!?)!uRPv+gPF5Uz4iqO7x)c^vBtf;asr$
zGw|<E4m0JN+cx>5%iseWMSuVR0000000Hnv4B@~9YQ%gj7qI&kG9cSytfyKtSojfw
zfSp;y<n!HEAz&k;`H49KYSt<EmWvQkjsP%YriVs_RbzcA%fSDvGKqi1&}74T|A}B|
zGQw4pF2u!@Fk_K%&N6-^I`fFvc|KDctkwEgpk=mqIr(WRY+GO9n-IVZ?EvYaCVO!f
zT7*N(LH_;bILp+XwVb6J+$s5qYSRSU<Qfs&0r$16p&;fBC<h8JG38i6tKRD_2a40D
z6C@+IEzFw0c_OgtYKBIz00000A@}b(;{X5yZN@FoD4q}yAF4(azAa#)JBDO99ds#D
zOeyhYsJ|@TOEfUNqM0^o9YUM3<HVAuIW`k#BPB!qdBc){n~J|l_6fj@Uv2WyCl4y6
z39TT@^)L6`APM1sjJ|1Hs6{!tIwK_g=wUkx&UonU-c*$d3B-@y#+B={x*j81+>*C;
z^>u^ynBTbOJz*-XVS=e95WpHukR1qjL!KX?uE$S|(1e!QG$I}-gH6czW7%vG&`uug
zI59h8ckF7}3KRL_h7zuyCR%+>2xmSE;Yxy*k3$5x*Q0Rs*FC9FR_q2c7u=a+RjOht
z9P2A0iXHnJGl0QLFS1yCpc@=iyE_-CX{?_Kt%_T;PyMRY`tF0&z<8vT8Morc`gwnn
z?OXOq=O**v!H_QJ0!=^zT{6#rvqOLY00001A1BmN<&+9AKE=DF7fI|*5tpYx8;=xk
zXLuqJ1aEVE0^uN#GEW!#5pOmFfWjAurgA3_O~Q1gm{?8-D+5e*YQTuqYaN!#zy*$R
zg#y4?;9tdQAk6=#@gfPU>|WS~OFLAnRrWq!03yk*F~Bz-*qlu&IDNeq7z?rGEX;n|
zK@3WRgOO+rLCn;M3d;u-ImU}59*ZAED0RD^0R^*@LoVXnVnZLDee)g4U;m;?D&HG;
z!La+YO+D<8W|2~AfZvC{C`45bCxh4k>yiKf0004Y@-fXRqI8!Osg;?I0~I<h`?1x>
z^(2M*^$yFza92_mOYwr+!6cYri4i}k>l33U0a@a#_??X~(mQQ~r%XgX1x5Zf&Ey@t
z#$uIPOa;5&jK4`!LZb>g^019Bu>MRfFjXpgCKS7!bqAV9VBDGo?k~WE&?yae3ooLD
zrr~^zx5^V+t9oU>Q2EF+HYU|M-2gfb*z6`vV5gDr0Y&u3VoKo~pd<sL!gz@uxxzc!
zIBE<>_?KM7M8mxc(N9ekjAfsfJy68b)mwa*o5XE=&BD8OJj2}XkL36eU#|K#x1tfV
zA-s}0Qk1IV-&`f}OHLWG3ETXc7tlL%8&cXMuAl(_uQF~ej1OU1LArjM&x`DrA-mtu
zWI#E}d<yVhFCz1buB`F9M3?uNJZm`LP-?F=FcrFph5DoXLC9W2SBFm#6`IG@&VUmk
zI9Cb15f;5`go{ukRgXY_H$Kdmp0&CKbTQ1K=X+_M{$?s>X9t!9<-nQ=Hd&8fTbMCm
z?v_7{0015X^S}TA002ag0Xw{5x{&Zd@9fLw&%Hzh=YLBel1sKwNwE%4jHXWTfJ5lt
zMh&^LQ;|Xgb~A67^jj1kF^_&Ju)WKY?W{K(Sh$BpiMw&#t7N{?1g9Ut9*tcPFz-wq
zaVv`o{+>nC`)wwJsW!qv*mEmSWxUeAO!()X$WfK&m+2{=98+vtfaCFChgZj9n6TrL
zdT3#>i~vCZscdQb7QI^ZFy*;*_2K&Ms4zk>!$;IQn+Y+fE~FE>c4KnR*)nczOk<=l
z0ocO?fB*mzeqFxs|No-v3R*6_OA^{30nR>F5R+f5c(@M-4IP$MB+I9A9DYkKD|uF=
zgD*gy4}ZEv9NU?eH%$z<KIdonF-^?vPxz2n&z;iK&r~T=A-p?Gfqc#Cp@F^4F^*Hd
z=ok#y*M|7>Y8J{Y6{wnvP}bXfMkqTIU>7eYNWT|atVV4UF+q;Zr_)y$4TvH9OBOsc
zwe>?MGjv`KnKRrjCCD0Q6r(}STvML3sn_=^vDT98NLl>Ve>Kqn(43PqtW{}5{sKAJ
z28KPsr`89RKmZM*zyJUMw28}VF5wH4nQUOD({#vB>yHkj^bUO^0gXW}>nCHqV(vBB
zS+k{wjBE$Lh6lt5j_fg7{ux$}?0?hQ6IU&8Q*>LBOp%tH5wboJE@b?mLt{yOqJMng
zfpu(7dc@i#iEySZ{aQCZ9z;_6?-&T-i_jh*U~1woxl|b_oP{^6@H=lFZew-H9FlBK
z>1xI5Cfty?UICy}G^X{qz5wC&1oF{0S68&aylO|P`mLh*$wOS+d5v#T0O)QRAOHXW
z6rsw5C~ikHz+X)qsiln=HS)m-i@;A}$5UJ9{AE#JCY}~_H!+r8Fj~z@Xc2gMR^yK~
z{5&7k5Gl_<y@6je(Xfn<gD7(3?!%vegp(4_+T~*~a%jJEo!xB-4_rN-WYSkXAs(ry
z^cgC}o{nlaury;HRr}}ZToSX0t}|J(YOC0J^!IIXkh5ERyPTTmSk8+rh_utH#hIX=
zE#j|-f7y383#7-#${J#e@K`WpKW#uztFMfu+ZR>ffd)8}Th&5?L&1k%lrSKG095)l
z$d$gtxBwBNzyx6o!z=gz00007Fzgq6zY`gv8v)eDPnZIwX_bXVyEarZDl5j+pOifk
z^hG8fgBHpan+0BG6%06=T*X&;*tCI0k*G-un?9y@UNnjghJ`?uE8s|471HNJqFQw3
zbVa<EMY76#k5Rhm{U-<U!S(pSORTa%e8N&iQqBxyh{RkD0whS5W<QJ(TAm06daQCu
z6+8hJyozbz6z5G$U^x|Ahd?Q(U>y2wJcN6gj&OM>d#Tn7uN98>w+VlukX{qQhCBEG
zOpzT}0004$TN)D$_m#<WIkK1<t)m;5@o!SkE2L1<*rs64;gywqKma%Z%#x)a_?!At
z0DUD(w7&y)iODs_y!$1tZF@(}Egv)MC@NK3JFjJ0jHWB|dl`;qsT>6Gx%=)5Lwr^}
zJAU(BS0(eXpo12Lxbyau@E%>Q4b+EgUm(H)YD-}Luh*l5c*9+9L{b}}ntygOREi$M
zAC7p*Wj9HCS*YNt%e>lKsNsAe_NO8;aY7x9UH2rnb;$n{`gxd%tw2F|pkuYIZ{8zp
zf!ze!&5otImZDY+iiI7{h70pL&;SP2?l1rV002VKnwSR+4pU{bWYF2H_m!-uwnPI!
z`_tNM(6Zth7?px&{<{9p>^UtcJhMI*prvNB;B)9)i>|^y7v3ZKy#m^BECq3I)awJc
z;|wRdYKhkqktd##mwi(cTYePh1F`X9E^&o>+4Jstho^8r0%a>K2<-EsQyC)`Zog1@
z&`VyybDnYt<kV>TLmYOM0SO<PnG`+VAmZ^1U$MVI9z0Z%weo(>w$;u6IvSyXBNzZL
zo*X{6=3V)OT5F*A<cEhROk3|5a1r(pxKe0sJBkAx5wnGDVH>uK&~q{XZxt+;klF7T
zsPr1W;)jp=nbG@=i;0Bt<6#3L9h@r~up(cvZ7lOgoql0bM+}d11n!&;hV{gn_D;b;
zo@YwoR!=J^=#Y&=v_8y-oQ2yPL}y)kJ-KM;Feik8#qUoIkFEJ;60A3nex4ojbHI`(
zcCRPPgAq~kGklpm8jiN~u^--%I&3xsa+&(!5hN8vZPmB|x?7S|SRPNXSa1ie_BU~&
zW+d~3a^&b`(o<#?Rq4!!izrox@Bjb+02CZhdK8C#qDKlJXTS^=VF^o!MiHWQdqW1D
zG}1A|>R@y4Y~sEW0%z=?XyqTD4pM1OT;CfM;|NS~zgu2RVMwV5Qk4v2BY@3z(cV!?
zSGe)qb5z{x8&6db3Js%~(#!SY9<1lmd7cEnrl)xpb!@S}&qp(&iYmQSZM5h6LCN>T
zWvZi24uXN_VgXpvk%SxVb3-Cw5zl%oj0^I7^AZSh_aVm}&$mA5uVO<50RR91DchPJ
zE_{E-B7+Kqj32616&(BcJ7w5Q!m+RLs0Wp|<&kTf$49bf+S0{5^0SrguQ?S{?$-ZV
zFHqF?kP~+}x6d4}4;YtUyGg33LirIx`W27>1y0AE%2<g3$!ga1D-J^vMX<Ve8B>*$
zJ2#ec%NJ557<GL`nx=r%&}<{w^Y6;Xzm`QnoA{1u+$Hz6khR;4X8!t@rbeJf_H-yv
z-J?Ic^eFgOK_G}R0;PoQMAasDX5`RqRJ|b`#r=YzJ$_9bfmv&OsacC^V0IUkBb==C
zQrPz-e6yKc^d(*wA)Y-w)D>eCWfaj~PTkSAwqVVDrBtG3jl!vd?J!cz5aQaYlfWNh
zK!-8_001o`eTAk+hDaf~LWeQPG~%D7&J3>sM{bRE?L_A$Snw6qgRLHw$3B8emmA{$
zQ3{Sg;Y!9sUdF_1j=)@zRQbu06RJ}!;oGbiDD!}T003z(Sgw<{zs9wHEL7&Z^a6!#
z$Ef-$Iy(JkX>zV7!77v4>9ywX57~cSItv8Qxz+H-`7}M3tkNR{TLQ=oek9)j2O7<O
zvG74OUb>?n9$jloK?UWV=i`&SSJLC*jq*Q^P2slQ|4CC9d!2t0cHAA5#g~5o^%l$&
zxIxD(ag5fho~cFU5I*O{o`;r=t8k*0*8<_VCaSH?GgXUeV{}RS-rK#t!6=#d)xgte
z(THi=L#i>qU_sWAb_<uIEP=CrViyAwC5yLwd)gHz9hJ#+?0zOi{|%BWjP0gZoG^`b
zysoMM07jaxOo1v;T7c2SQQsim6hPCNB12=te|D~ych;fIF&67}uK<IK;zFeNhxS-7
z?g{2tp8bx(WE5n!!BnIh8UbJ+Z=ClEiahR!=?i<Okw5<I8qU>*j@y&xBg#H0UBdC8
zD@i!PaLj)usId3|%K&QJg?AL5H6*Q;UbG*%(C3@@Mr-SW*IONrKEw=AT-L3Ih0ks2
zXtw@TmD|HJZ41^d000KA0TE1kU;qFELZa2)H1D$8fc0ooX%=#YA-e+XD@oe}ha#N<
z-e?k0B+{xJv{dkX?;V@8g_HGPw+D9xh}<&z*pRM+r6|F^FSn(%^BO3CROlMxh&V!?
zq%s@|BRN2YW67`RPRuA!^)yO}AI*8t1%DhC@g$3Jlbdh?H^bP1;79w2bO!?)VV_sb
zeYRgiT>x`cP^TNIR$p36&ITV7<(i-hb^X^XIT|wXCv(YN-=#Z&u<Z5J5Ey~!?r=rO
zD&ub9RRxy(V82`gE=1Q$RNQ=>pqx4LC1J;tpHv`;-f5q}->c=aI+z#WQv!)8@WO{r
z!}aRJNpIQwXa|-2dPFV@J3h(f8Cc0j*fBv?>1!OhCDU<68$ZA}FZFIXkG4}MF&@oZ
zYvCI*og~FN2Ooh}8jiZezo*F)Ex<=J?a0W|aqoS0>i(mVB}?epb^SIIl4zCS;1fby
zjEIdNb2B#sR-wV%9?)pj+<C}3#ltDn3~6DYm0M1(O9t!1oi4}`nN3Hjh}k3ZA6(z!
zxk?3oFs4yOYz%+Y9@1WPC@m@ah-k2rgLK0oFYMLnbJ=50lE>RuG87bs-(B17oW6k`
zg=4gemHa&^@j;YlgL>HARKo)0f0bbSSlTP6XfaOh4rmC^BKa!H*EZI5pPeufM!hww
zmhljUi;D8H38a6TSh;rJwD~ImasB`R000Oltuz7=sbN0$YgvZ(2aqhl6}-XO8bbC>
zi^#pz0TN_tGaB@egpWNzTn*@z*f$rRG&Au7Z^6t&P^Uq^0fC2pHEw4=|D*-PL#2}K
zddxph&m-aDQ^0j8h}02FrVtKt16w_5yEpxR02z|(U?B_raCkEmod5vI26d2nyo&BM
z68-17J}z@$sMJM6j^fi$lDAmQE>UB3y|kucK*%mrBAgJQvC5EIx-FV9Y#j;71(I^*
z90C+Yl@Qyh`zA};v^R_UdESWllGyBltTc~-Oj5<x7CAvIm3%PGX8S6S3mLA%wT6WQ
z_YKf)0s)x)3y50zo|FdDQl>P30007a4WV7<T#&VqyQVafHQ%{8hOr<`gy=Sy$PL}8
zJ}XGbY2}3!crB%LOsWG6#P`Yx^Pb;d>O_%UwMYfLu_Ky`FPTuT>w02yz=Bc;`V?TC
zCWSh*T>~GQ-*9#Kf;DwWiI-8gec|qgJi0Jrz|Av_Mjtj8B|mF6b-+huJ?YP;5v9*s
z4i6g}(y2^ODp?3+bEHI7%vkH}3wBT20+B#%mH+?%xFTB^<k;_FQ^muGytLuGEMS?l
zF@wEJ)O76cCWL8ZEjFv7oD(?bOIGVncwL`H0)aEA^K+3*A?bxECL>-hp*bU^b0H3t
z4?^U9Cc@-kzD#wSzg|<%W`8S?aQTSJ!D#KBGJaFVTy&A?K#5QDO5Kv+ch}kW;eO{a
zC+yG%ec1>?01=Lm<N<{3iVqU6r|pYvoH~=fholJU+Bv`1PgXkYGM@cJdsW<qmN{R5
z1}~?|SRHuoEW*n|KtsJdreajISvTI~^wzM}XRQxT&O8t(pwOMZd~@js!B;AE*J2Hx
zTj0O?Qb&*`S1GpwCg#l^`G5cb00000005NI38MFlwv26&LV$w(Esk53(o>>0wLybu
zRc+8TT}p9<U5N99-Z6QOAlhe`7GloI)Q;O({ol=9E3|*gnKJHi0|HYRu!>|YLe|c~
z3nQgOqLnbR$nb=!SF7Ot{@cU67VB7S4Hj3YHvBZtw^0brVX5G8TPtn{$XecFkG%KH
z<RgG0x>!TQ*31W>7zi3C!`y&6Fp0FP=>Px$PE#vbu^-Dm{W0F(P#!iC_%(SY+6%A|
zPXAI(q7wb-#^8D`P$~jkO~0CZ5%aagS|Dg3j0e&Q0?L^HdAVVWA;+LVBxh`bq<@W8
zy|-O+wR}qm|2G8?Ky2s$17gZYo2>C$hV`*K(>Z!So5nlOqV(wDZyf|%NI&&D9tJoq
z=aw=)lK<+b1Sl+qm`xLrzJ{HsIv^$(+(ucCW}GgKgOFXVKVG7H4<S@(w`!&E&)+}>
zdlbV$yS=cPX^VYt-8e`V9WVFoG2-Gdy_6_abXKsTC;YBTfrQR7{=)NFd}(~8(Qa1j
zmz0Q&1a8d{*NN*Dl`z_SM5w!1=&XEXW_1q`K5shbT&Hr!X3x%r-Xt@X#d^x&?G;27
zi!wRKi$LQ;uHfz|dtf=`IOoU?ygSCc2GY$mSURJ`-U@gL@rGLeL1Cmq51uV#WWvZo
z8uJ-4uF*$G{ZEAZnqU9`00eBdy;u<?=xo{>Ujkz6S#2^r0fct{b@>v1GxsQL@T4a$
z-y<%ig2MAxr}yz^?YhELmsS<yeM#8mI{4s=;K$9t?#>_hN6(OC;ds8Kr~4k@v1X*V
zh`rNUOI~%$a*eJ;fC#!+fh1aUL2!X&gF1*aG0{7Jh|-Ynnl5aV=jGuwF9s~6g|xkY
zf=g?=XGWPU$DG_1b@1PmMkZVbX+z$p(&)-?R2{O+O@wD7ant|+01-bW*8%?~=yFsp
z0-ZowENY@<NVOv2elPi^*xA=RYGv@YY!YopC?<0nS9Dm1=Xe9!M)i@QKn6QjdeS!0
zRK(Sck^{6Ro|ui+<X2U!d}`YuHhzh6S3rl)t}jbr`)$oIaR&Z=kD$IFd#v)+SJCK<
z0oSRV*nK$E&36Za5L8^~ffbC~slXdkBh{m!f*$`}2_S!vy)Y#j4z(HulWgzbPyhf%
zEcN^R6PuLJIq%)u1g2lMa^Kf|5=XD=<_PAa^u`A9fLp)A4cL}0K%NXHb;#Jyjs1W2
z2QO1_J@*!Cp%4gRjP5rEsgMyVgJ3iH9>4_}3U^s{?=u#I6{tO><AgpV)qOf+O`@UE
z5eQw?(Mf?zE+WoSWv4s00aeqM6{Y>$NtS#*@!gTW?K27~BG)T53&Yu7g9usL1tye{
z`|@!Q0~{9f$S!9X;ZstxQ?N+HEA`RqKi^kO&8sj|dc|g!?q~{4A4Ea^!dY9!6BZ;<
z>yf3Qu0%nGao(y2HAe6dq)W_GfNO~XC^ohD3Pf``b@q?sx!>-uHY0Q(UwuDTbmIS=
z=9#7^R{kY(WpeMm1noraKuH3s)GBi8AW>G`e2-XOgSW4ZqFB;e-55+qP$*&Flyw_r
zcezrL5k!14V5-cL)ayBrKWRahr{TQWVr?~kG=2UYj;TZ${%cu_;$xC!M&hL?d1=oQ
zWbVX@ku9C+jBVDV;Ln%%tg~L9KascTguMVblUHgOYTy6>2o1TF%XkE>Eb^wZAVe2-
z=q!3@bpRNhduY!WAi;u)Fg(t@>GXX=QR=IM6&uzK+l_<~uq^YjuSH8X!zg<-ZW&8-
z;z`)fp1tHFZvWB?t^7=4$h)dd&Se}*oc+ghX;}lm31uupJrjh14IwjYgCtwA<E(7B
z48{9^Wx4P<lowJM6dOmVueyCC4BGz9^-i#Ta5}~e6q;%Ko2BXQlw%#pX=UILJYRKZ
zRel1(|8FEWXn*1i@&j?GJGFH}h1@JUSOt#SbVj)&y84~yaVhoKSe8MNzzu%HeOM<<
zx$bR+DozB#_&%UhYCiJEf#`*!T9rv&euN!VmGS2H{=lX>J`^w)QaPAytP6sIM*{zs
z5IW69Aw?M)o8M`GgT7HED?bISUT>;1;SKk04u)V;buw<K0SFlLL4e7Fmoi50n8i*x
zXDE#$v*Dt^1}&hvC}cA{@7Q?WiDvu)=S_*9BzyPtuUsH5OGys^l7p7mt9j-6Cv8I1
zb0R6*V7m9pU}tZQQneF})=W0;S%$(ROkl64`J?uECGiD-nPB4B003D)65^~-Q7Fo$
zoh>y#u#vn*QY?hKfPda}sN?vW?vXYAI8&h0o`)X?-Xt{JN1!ybBl6fj&y7Z3tQo`w
z03#Mk)(lxR<;FK1W_{yvkL`cwVVmbnn@B$Mr+9V++&vNqaSBxBe7#e2W?j<-`oy+v
z+qP}nwylnBbZpyp(y?vZosM(ze*ZXQoU60;&AzUxU3*p4tU2wl`*BiTBis7MLN%e!
zZ2~ZQhW`rCG+HiH|3fEui*@1z<V^tM0fsj;|9~VnOJ@NVU&VV%??KUcS6HLr?R#=#
zYGlCv_BVf{F1E={=I5xgZMa0YHAsm`AMB96f0TW}a?)r$nGoH<yon%*2ZiPnuaZjn
zxtzYpzg{UtR|h6<bcx^W%_?iEnQ|r{pTVZ%n55QTHk501Qz+A6WfSjC<Y9;H%>bQ-
z+(^ox#|uXIaOmj;IV&HnwUS0#4KgYd#p}MH4(VoB>~A|zVWLO24soS_F0ceb3RWd#
znXeEPbK~8Zm6V8q{IXA$TO__h#3G~-m&Go@#I8p!*<p_QlzvU&zMNpX0pw<bZkf=;
zOPvW{p8}L}nrwME;^*Vg-s&_QPxMf00C*0w92)h_lonkupWDe@vpI?V3!V2jGU>KI
zsN*e+HvGG7ps*V<Ns;F~#8L*xmA)WlIaoR+KdNSDA7b%bHK>~*JEDqa@g+9WIe+KP
zuBC3}uj{SHHZzrONCtU2aRcH?s6NW?9DQBAwI^c%<OO%z^;Sw}@p5rRsA(@(_>}2D
z1?M_8>Vl>I&&*^P7m)I0F4m>h7F9ZC?3{ZUO&UMu%s5q58MjXb$4^MsCz9kVKZfMG
z(=_Fh6<O*RIFH*_-Fv(jYB^UKGaPV#yaB$$VDvarV^Um5ga&+X64SqFuaRkt&?aR7
zV2o6d;N=mnzu4q)<@Tf|Vkw!AQsTW{aC7Wm1ybw(WVTKfT;JId00*HSitXEy);mDD
z?5X4u`0X6G^X^CW{(^m#umwgE%swIMAd|Dk<^W?&<mlxt30TDo(e0-$zb`Ztzoflp
zjyP_x9~B%lZ8TD;R~O#;(gF6U0gKC$=6##uoZF(mSjVp9P_6;6I9rf?x}SYYC{~|d
z`dea9PEuS}{V{gP|CSc%gCh73-5$ZmQb(>}uSshLBcUM)>!N>IBoHo<vH1%k|J_3H
zO=AwbSji@|&N5iG$sk<+@=+AWExvjz!5%RQvSpA(SvAIC=OMwub{8VP_T9@~pT==m
zGPsYk1iEdx)-A;q4NbtF^Y8(?(;VXC=*6Zb?;xKS-P|7arFg(X%g0$x7&7RmM=BNV
z7r7Y-!Sj-)cPD1V$UC2`_{}qiwFklX*uuwJ;Q6Mdm(#=GT(U9(b5(JBzw!p3fmF6&
zI|h_J!r&gVjTLbI&`Jx{ZxQ@%E6)pCS{?=-vp}j6VC35{-w30~g5jTB=-Jlh7$|9u
z3L0^kfoE+%Z5D&JbLmT%V_hWy$EB2@=V;H|nEsDDR?VPVC%geXRb&cdzD2{MCy)#z
zZNm{lZ8q7X;r!CC6?kIWL!kOREc;%pSNBJVvo-yaz_2xH`@ZHX4U4ISG;t)gQD{<u
z3#2U;t-lR8I{T{D{1H9~SNyr8d9Eae3c5TslKNjEexEOme6WBTPR*jpVudHS4*g)P
zkthH!WRsNk4&<RWq9TtsA9{0z7Wfs!jykWYc?myG<%y~`$vbS(%I;-9cHN>9BvTL*
zOByua1xdYjq0kcO!zhm@aRC%!RrfaUy5WJTp{zIHN@;{MZ#lHGaR#?PEf1baOOMw7
zm#8{qf+7x(r93_=%ve3UA^;0NR+Z0s6abcm5oF}xT>ASQh0(_fceUa)l<M5MNwJ$R
z^^7reeiE$jB3Vk0Y)p^`D~TB#)-F)xlcDgAB$sTLLM8J4#_Ctk<5-bPYSv|CQ)b}z
z*pvmeda|iPM>9CAg1#iLXlTydOWS^pf$b3<Cs3T`p_k?&9k68_7`1g6(6JKH26S1(
z!<XT9*N9~~(|7`cX!Un{V#)Z5WpBlCSKITu-4pnAR**2vjF<0q*QyDw9?>xA64qo?
zQY*?iQ95vH(jDjY{hq(?0kgspm<^)RtI||zkP{5KB|`|O0EG2awvgopaB%WB3mw-R
zMbf`X)BZlb^?~u}p6b8qH4W{gT@)`Egii5d%xwET(78kIMg&yKwl0=VmYw<177qt%
zdL|Z)IL41!y*}D*_XXS+$Cftwd?<vmkf@M-znH${R_kb0g-qH_W}%_FMZCO~=Hg?&
zQ(gs$HqgI=(_WqC*an5_yA#%?$05{*pe~Z8sNdbOZl$49kp`PP5l$m){-Cy4P7tKv
z7m@rZI;*D^XcHCm3jzQ!yCd??q&dBN>=Ra9nY*PZ+*1Ov@Y*XFv64D!DyN&|1A#Kl
zj?7u(O>U4{W@(@~#*%9Zw2uKXOx8?)>M(I_X7{hfg$<iwxN^_T!E7$~KvwzzK!<9f
zN1Jj9q-V0LMUzRYd3MdIm~Ux9?me`Lo9Wd_g`WluzYW%VD^?I{!OC7rb2{zyKraev
z=rDLiR?j+^(OlS0d1QRa|HvsSEi^q>Zdd~5*cXzR-pr)ir&_|8#<#9<@WOVe=;<8L
zW5xYPMaZW1S+6#wC_(uimY6pixH;J+z$&}*|EhCP&Oi>t+kMzyZUpW0vRjcdh|jB-
zVtG4S+_Y*^oG75xvNqESnKKL>Uwnr$BG?^^OWOCH%DA;HJ3Wf&nA2QE)r)<*j4(p4
zccM_*HK%)sU`na$(4!zfqmSNd*iIzU8&mkVcq6g}IV^XvK`D)gZ;uOkD!wn}U$mii
zLdwh1J9dK0#IU0g*fZBQ-s`jQhx5CeHWHY!f%3t3C7A&|e8UDoR~^3U`_hTYpheU$
z&b+=UKS57u)cvocE{#muqK-R^@-K;NS@-sgM#j?*PgG~V?Ot5KFO=a2T&(s3=Q>3N
z7Kw}i{NknL;zc>C(8$0*Rd{dDw4GI#QhyjSRUV0@sX&<lMoQ_CMgEz9K?)W;VmpNG
zM^cWp`Tav7i*ujF>@W_XkKfB!+Dat7@`|gVHu5+(HbBlz|NmUd$q17kCf@X7%T)qk
z#C6V?M$8oLHiGdaGp$8d>Zc@QbBNh9gAGK?wKnT2dr)#XMuob?Ww=N#RyZPrD@1=A
zZpU~{3~EKPQNZlVT0Qz;s8Dku!qK08(w1%R4@*7b`-9wbwn0(~T8^^?OSW*fcY+fB
z>hAT;RGB~s$eJA0sq1SG=2w?F);N$5eo?USnKZj{JmFLqjAhyMo)>ok5Qo4gVj-Vz
zLIsoZAZC&22$2PY=k+J0imMB;*3JB09?xq3sNcN**B+4ISUuEA+?WFl5>yn7H3be}
z{F&cAeq(D1Q$Q<P<oi-<<X`mZtQV1+qI>i4paVZ>e+Q!qbhJ`oalmiKZb3Ee!!ho0
z|I~Ru<bYbMceF~@Ag4e<!=w3a^w}G)l$Ye~hq+TkQvWXg@XCpn>lS9+>Xh<fy(+Db
zvyWO^ji@aK{YHl?l5+U(kz8w4?P_dOMLrt(sdWXxgJc4~R1ixGB039}f&wCSec-hu
zh=Aq#bvRd=K3wx(o0~?zS)1m1J`qf$)?|^-zA(8wQP;VCvo&v4_J^;np>cvBy3>5%
z0>EuNH8qysg?PSMaP`Eu%0?#+NY9X<B#2WK)3Eog9UQI2#6RPUEcQ`J3*?A9p9cV^
zofHaFNrTJYm`6g-#D8<LUJuv7|C!0JMd=Ws)Z%4bU=c#bY|D0#px6ykGi0?{Fb{UJ
z%qM@7<>P1j5rV6XiXx-g`w^X+8gD9F+c#s4AX@*$0nw{uCU*`|)9c05F(=Mm^zKgf
zUQMAf&q23%m_9>0D72V%U~OShehfBes<21enP%T~|MI_P`NT>ce`*?w!qJv{2wNx|
zYc1Q-bD1)I*!I#nmDwMg(f{OUC4^ZYsZvS5VA6tM<KkOQ;N)Dz30#t8qL>;$+ni|s
z>CV9PW6*^K&E%!2;yk0O2St2U6>3G#Vh(F0c*b#ilDp(%4eHYwuhK$=e(}?af<E^H
zB6B&00bQI-tC)r*rs=#UkDZl0aD=f>V9BlYpAZ(HAhGYS3(auC9HXbk>aq9Bb0{8J
zDe9l97^gx)rJc>!&~1AQivP46(*#t}ccq51FCHE?i?bO(W7Lf$#a*p;5H(eas|P;^
zpCc6ikg>QT>*pPA4NJBzh$ka}G#_SOqjq`z1qG`p@BN3+yR6Qt&g+u9dcS>}YkU$G
z6$$({k+nvW2X`Kkbcg@;46J)_t1K%(9o#-_MPV8&t3Z|#`R^b4N+GFfw2pq9NwC%8
zc9m^$NbN2Q2(IYE+DKn1tPuSC_s;sWcb5=fAZRiPB59bE9G(zd6m7v#s$wi=X5b8L
zLDAfN+Qa1zT*X0R!YieANqm@Mm>-i35k3GlQLGs6t*Ht;FD)S>+Qu^qa6kosFV@VL
zj~`eXu#?>ul!gD_cLB(lP)M@<@ZBjlC?s*TFwQq~2&He3QNGEA(Mom%I9(nZ@QL*x
zfSv#z;7`%FW0mDJe{>`&$O~~<{hV$ZX9$|90!--{x2k#6Wo(-$&B1fVBd~c<W4QKw
zO2!*iiK$a>iL=D~A3vX*29z5H{IDzt>?u_+iVB@Bga~17>p=C77rVi34R<$M$9ih<
z)eVW#JN?ra5>>TGL`fbSfdT3_Ns-5+*51lAM-+RX?{EQ;??~1jkeEV&%lb;&3F@0A
z*p-UYk$$c!RW2VnJ72s|Rng@*Uh#>1nt)~9dkA*ohRC~S!I^RX(?(5AUib<g4BaDt
zRlhY4n&i;wn=><FKlVkFDN`@Is`wLMPD1RxgkS7g`Ce`+`>`?Ok)*WQ*`O<$6|0+i
zls<JaPcZyNT%k@Fif;xar(6U*KQf1Ixjw+K3<vLG5f2xha%IjL3~#r)!rzo@{bh!r
zx5cg?E|=v%X9^py+c=h@{EfjvK>C7Oor0Y!Kt{VH)c^?N|NO9iB*9M!;7~E(n-c+$
z4K9EL#K451?&$^MkNkB)Du+7*nJ*Cx$gZYwj#%u_)Z-%etZ^tOMv^ATM)bB4P|b<9
z1l1aHk?{}u2*_f>M&;br+Yx8UG&5}4=YL{KKW{nqv9>n7p+<beZXe|HSBj>+ivH7r
zFs&rgM&gEqU>Ee8(f7(`)=;i;h4BF(`_kK#teoS}Q?Wj0n}K2BwQ-JBVztCOa-zUO
zFrPav>g_8%9$zFYRw+V4sQ4CDfQHj{Cf(|o;(u4@r4psw!m=VZvMGxi+4u0PgxT;y
z{ww2$CGU#Zwxo%qIe2V(Yn8E&WBc~e*X^<y-F{2UmrVD-@-S~acW87+Zy+P2hWRXF
z4ep=v-U1N!LwDY0=10Hx!@*^8(>)bG#t&J&bR`$I-e=P0*iB}{FaHEOnqr1(OcZRj
zTzH?J*W$X|e!HCTBnHS&+ba|;39UfjjVZ&Se}M?Y{}=F3k)=N`wp>Aiu#hmrIME=n
zJ^_FclNIhHbkaFRu@M-Gec>rYy8ZT`T0BDlXI<9)QHG%MBxf+UXHz)bvh{}(z<&N^
zl%N9GWRyF12tEv}UV&ljwMj-QIMi`x-lSfbNjQeCL2Q8-8IR--PPK8PAjw;6^IQl2
zZ9$*9XnOODntg%of*`7q%uJKun=rVo_2;KeTGkxQE)QVUS!2j|;2$5HXIy#3?-zVi
zEknkU9DL%SeKQ{x9NN+^tnM!H^OVvtLjB@`)|3l`oBWNZ{LB^!%MQLgmXyEcmU_?a
zfnaqF*>4O&Q5ZZ>#T}Qr676RSVbs6YCv(m&(SV18<}h4fnHbzSv?6h#Kiv?<G5noL
z0!nm<Jsprhq-R|~^ID@hNW++@$3I=lFoz%(710NqEoDtOY1+-!O-TgQguT%eyYUU5
z|IeO3f5SlWz#ribW~@^|av}S~Ax&V>Me;Guw0{TV6^dmx_G>R%!B-ATt36p{*&|+y
zT%YN={0_OHv?ySrLOuabN7~jj#4KNwe$$yi*s6Q@m)k^_KE|)7T2A@8Kqg&%{9?o3
zIJ4`lWra&$&^_=&j|4uIa{Wf0#y17Q@FJ8oY1PNg)Ln59x!>k~x^R~A2==#hgKLlB
z@bc8b<mi#z%o>(N(^}|(yRB}i?s20GB4^EP-B~PoE<aP9;-v0QG14)b=I*@sB^LPI
za-U^X715_m>95eZxwG|5eq91?G`MS*==&L}*x5QXvODG{b3>qwi0We1oe5n>we>;a
z+;@qW{xfbdHL#%A+A_=knYaw*4vw;6q^vDWtu#5%GOd;_HtB=^$%DR<?~h+86IuQJ
z`N+99OI~;1Gq#+&AoP?PtgQ4}GvHNP7YMAVw@VfcjK2GI@Bg(h&`f5FC-?=tO;pvg
zAkYy)Tw#nW_#(9)^GI+N0X!PkoRg$E3cz$~CG%3XvbA3}<7bSlWqIdy@SC@A>Km7L
z-hyQyrVHx&rT<|(P!|9}9PT|y5Ta;OFRvd}8e9^ZmY@3>jL;Ii7qy#=qnn}`{IRSU
z1@ql{Pv8Mj)f^~NfE#OoM}d(%GD@`^#^kg^`l`@EQW?YE3Z#T9x6@{bp8;_Br8->;
zEuxmelau6;IJP6nAVT<}^t0Ov0_p1;i&q&(%rz9W@B|>QxodvKyIF<%VCOKH(CeTl
zTHouIZEadqlD1rZBa{9$tDG5Pbg!8L$EWzr2>@!A=~x37dW!K-ltRJ~#3wrI62Dqj
z(^Z8ljTWF@M8-C@B;voy#*w+8Gpaegf{0hZIPJC*BvsFL0pUqhh(AbEubLp$e(y%8
z^R}AICg!N~Go5KR|AArs-ys@n<_@N7b*7o_G$Yhl1_h9tm}T+Sx{w(!{R;#|u|hz6
za)3}4yR{L$G5%5c@~dcLne1M@wSgYPcI8(+1^wDSkSHDrn*+ET($!VE3QmDJl=Xm}
zJc#oanRuGKnZr3ifR6eX^&id~Skah2?2;cIR8R25cm!Nu6=JsHLq%OF_zkWBvGJx5
zvHq?HxxqNQjTt(ke^n%~qb4>?ps$Ls33#b7YMWQWruul|@Ml{LYQ#*pyE`6zYm}uz
z1g{Kw(!zU}zh_9wvIv=e5Ll^XEBcOFjz(1Jv(w=~n+Zss(Y{FvU)70XnpKHGXlE~|
ztda(YczqgmMen%3&>ZtDPL%~@T=G^X9o)YZz{Za7n<E}Oy^nFxFLq%l3n%#?=?Koa
zFh7|&Q46wXctBpk9{V!_GXM(qLaDWlA&`F8GZk+@@1}A1diAmzLycDx!cT(^!$cfD
zY;7k#LHnsD066DsJO_SJ{%3IXCnKo(aaBzFkU5d_{ZdbplQn&8cR^?EwF?kh*vyf$
z=-fZin;#h#M*inp_}<6RhO6Pq3G(MM^=7)NyDP7c&h_~q)+9QHOMy^o_kv2;1@e5Y
zI}8!}xCo#@^n{)~e;~Wq;GA*Pw=(=T^3WMI<6LZbO!ZI%7dgp9xhT|;#IlZ!LiGBK
z!7xK`MD=jJOPoi;y@3iX4FrjXc-X!I?})V`7j+aGU~}61*K<;d=Cei&LzLg-+4qc`
zmkc0+-zAO*QYI7vVUiV1|Lv3V+(rC5_YRIotBwSEx)pQ}cjn?k$n<lR(AVbjHK2Tx
ztolfutTg?}k)sT1m(}?qH9QV_s}+3|F^Yvs#khKRSh|zl(tlE|lPpSwJ+G~Hx;fHY
zo#fMaY<BfXbj7n4nd&-3w2)Blf)iDsQ-DYr%$+6YE|>r8!R^^MbYc7R`}%5F%;Q`6
zKA3Du%|SZ@=vjkt(rDObv2IC!+Jc~imFv6?VL1M@8|<HYvX&qeikDSu9+5inAx&2!
z@zOm0EhkAJDKF-g7t)KJ+;p!U(E&0&s;+;khn5nzCMYEMMrVngOGv6GwiN(E<)B@`
z_I_rdi>b>#{Y{%S*ABmg&9qskA6814b*zDu_#+u-f=S=hW$ZXGLW4S7(03-}MQCO1
z>fg0sfZ?L~^$Y71blVEL53L%=x10$AN?a#$6O6M%*rlwI?Y0JO;X8^G^HA){1^hgv
z|3ogVVHY~^Ksaza3sBnr=no4!SKD%TBbE=XH?sZO8W#{*HGg2Z(O`&S;U5(s3eX=&
z$>p|FqXkRG^HHqdr0+{-I{_=U5!&C;i(`lvk>AAa5g>+N0q_=i7$)UX`^Wnk$LH3#
zSg+A}wXHv6_ibP=ZSfp}&l?tC#IlN)xv@-O;n9#8$?0@_NMCKcM`#j!QhL2r@a()a
zOO#pNj0uxv7dL2HIPB6J)W#U(Htx?OaG8KNNtLA$`M6q7BaR4oRn$m2a$`_D13-2D
zi+zyg4r_E^gE=J3*%t6<s%4;lsq0kQy$&VJS>AcsHh{P~8EZC(yTrmLwxns6R6$3_
zVIz0qa^eaL-b=|S8ov>kDG4b`Kh9*NVW_PZ%_w%O)l6G9Fa_WkPCX@*MgE#2sKauo
zIkXdW5o&gQw9F@^WnF5R5k=^V4au7rc>Cqprf|y%?R(D`7uG_eN-hVv#;7{41K?S#
z1VKD!SAjjF+_7|&sl1<>6OKY{D+sE)OY#hl!*fYS`zO%z%t#y|6nW@E(uSjZkPmmF
z#{<_T500~W?tI3MtBJM~lS^@0M8f{Svngk?qDK~dEh2Gds6sPI01oa;AD|-3zG}Cs
z{d6IE3OUn6qv{Xd=R{AlS)8b-*#<paOp`QU%1ALjbMEy!7jZZUdi;o|TkWOKd14TP
zICM+F!m}>B!~G5Uph2vomsuH|xt|pdqzoC(UnM2{8N7&ekQfm=@e1t{m7y!aA*a6n
zHoN%))yR_9+aA5chS0bV3?5eXc~~}3R=7WI+IA_htZ-YHtovK6**V|Ne1K+<do&Wf
zBJ(Nfssk4<%6vXQ4&2<`oD3Wj+91bel-WlYGj7jyX1umx04RXz6mZf0H<S~qU+1Pu
zLwOP?`oZ-%7?P>oK3I|A<g*CIii8P7X$R;a_&B7p6Iu-8k5%2dJ{B$qc6e>{8jpVB
z*s$!4$sdg~Vxtw~ZeoM?%HGtjEN{Va3MEV9y#(!}`FE*G@Sn-1m|?9x^_hH*o(|VW
z>)+ogJTZWfEgXcth@~F5rhjh1djRO-nF);nI5FoGPoSh4J9Pf4F^2gL4-v^3s}Pjf
zx~J7$9f+9z-x}^)Si=>mI{`4$9te34mKl1HHmjVxwRB<1>IaamWe5G(vGR4a8(t<j
zo|$-9*n3q5z~ueoCVPK_$U41<0qWaae>)m(BHd+4E;~bPrnT+P=VB&QKDD7H+hT-b
zOS<Lm{}q%czm#V;hN)SAcgVJD2Vhom1m0oAjV&2bH=x6J49c2eWxBWt6z@CEIFQ;X
z;^Hc6aCD>4a)b9%TaYgA9x8+6=rR^08V<-`$#U5CqbT+^ZUQ);VOtr6#72d9x<N}h
z`L*5H`W)-VRwLZITb)ejL=|k;#UsGpI1qt{I$vSloJrm@9hcll%*1Sn)(*o+9L&$6
z1j<*p+Q#ChLS(A?==*%NWD%iYFSlV3WsY#tsJ%P0FGPc%Bcfdo7K?WyELG5#-_OI2
zU*NLql+OYQni;}pzFV(N3)KfK{JY;>;-|t10m5bVXKIMRm{JSb5J2-gWZC!+tlH?`
zRWvsD{!&z*ISk3J!pygku;;VqV4``LLJE{#J!;^vc_0re{J`Km6YL4%Q$y|^uZ-yI
zN0k%$wLbFA9}^{PaJ{IN3K&h_q|q`^=Yq=a<m3aSYRgNNvn#|b|AyovGH47VHl3zD
z5Z7P*Fdo`Se_6pnzwZNTGl)2DYLJsxeTtNyPfR39=u_d8%U3`Ch{{gHssSE1uc=R+
z>DQn0IpnZT4oo@walU6XQuGBrnv7@ACTwLI8r#`+@#miB@c4tjx#q#Uciu#XmMC@i
za@ijV)Y1wvKbdta+fag!Y*%s?MyLsSR|8=D$sjY7Vp&=crva_l?w|Fil-kK1)s%DD
zWQPrGnOi*;^psL0716<J$ie%(o4((lC~S{s^*`B<Z`{t%QtpZ^8J#vnv$}9`{`C4!
zZ4uOdkgAgwe}QrS@CluxaP|O`?MI3*{2k{uItAeyH&yvoM)?)+W*=h10iQIiv=gsw
zOMuV}@{M!t)V(X21d`K<0wO6r6t;1e)jkZW5F|vAt`EJAq%LNPBDd4`by6ZAc@Is6
ztK-YAe^+T`6gUr{=}TgE5o4eXx<0h`l8HaJSagsNu2-#pGZXH&_zLELvx*9xnQt#B
z4g5<+ydW}1zLHlWN3xlSF)W>{Tzfd7LPM_P3%<Hpc;>CoUZ!D;86`U(-!oHf!BJjV
z#gblQSh61h)K=VuUo{65VLw==4bYHbDYYVGk3OWJG>0WgHM3R_C5vxG2A0_P9;z8P
z5+A_QOgTyPzoHDuhL=PM1q$b_;_q<#V;@u8Il(1l>KX-xx*Uk|asV>$ae=le=QR~{
zmxXW^4a`pmK5-i6U~QoB$*(2}CK}@esXzL8#-Qk}O?RJKE!T|pBSnE*;Z9NU*`19*
ztEHP*TPI;5-Q9+wy|pmB9QEmT(P=Qj^Q~kbP&`rh5F*m34^bB=Wc@LekN0zZ09d6s
zqEX!-s7G7qu*de#7C<3Thg2%wE+!J|{X>l44j{)q&A?65Z=rQA%q)Dw1W68)spq;y
zk}r~(=roQ6H83mZr!MMHHlAtRKMpWW@YftSe2dlCtz9gNk<Qy=l8stHJ|&hG%qBq7
zwXNSii<G3`@nfL_z&)X5z@I7H>_b>*#X!R0Inah`cZ>%M9HZ2gBPPRU@(3o=f4&@7
z5dvC-(iH<RC+toT$ASgObe#)l32n5r>+?U3Z7<CKE!+gFOeAKly6j}{k`UQ;Ia*tk
zd7B36+9?B)t=EMLTHi@XaJ<&v=|XdlJjh2@_nO69PdXB(^J0&Pe3gLw`QA1iYA!(8
z6Mh5%V|acIcTv5&h3ymrFqj1xbja!Xqud6$aPNb7SUNjRj#&l85%pulDu#Y`ZjgsJ
zXu~LaF*hMEKQ2p*)31f95H8twNh|10bkJaw?Ur(O5oLL-+HzChVKwSxolBDGDW47_
zS|yhILc91YK%heh>e+39)^4yO{KIrkn!37Lxy$VW<1R9-m@h-B=`PgCa?IQZnUCim
z;5xN3>%l@h?J|D+)x(mkD;>%xo^ia(4K_aF3&RUQ^eKil5LGdYgj&tlnAMom{m7>9
zQc<-K=<UoIl7aCmJ~qFeWrffoAuRya@=oV9vWW(QD6}4jl)_z9w4uyGyUyYdd%R(;
zL&qVUZEI7e0jUy1SJD9Y0Ra3go$^v=wiObb^M7%9YC6V%%peD3<75|%mmpV1p74tT
zVaNTct0(^z>pg~oex5!MgxAof?G>?~+``38zfyNQ5=g&g&2mfKKaeQm^IWlClPF?<
z?g?ao2iI#{dVPH&!$BF*Vj){ShGyBQFehhk#tE2QyO=Sv@xAlVE+m{p;4(KkY}6Z=
zZxzUxuYT@j(oU<%qBaa=G&FfWZ0#U>xsesOOLP-J6kdouVled4b{bYWeE664d%HFL
z>WwzJw+JTkRcz<%Kr*Dn=`&cw#n1(bgdZm5K}=)c5wvo$rC6tuX1Fo6lQaW<v~?(w
zl2x;2zXj{~XNO^`%B39X3y0VQ9mv>1$^zkQ(Z?;n$M=u0rni*l@ks8Fk^?c(SGd^X
zdZcSrMDWo(ySV^P*)RrnAOL{*%um>%$)w;7W!p0$h*HsV@`vf<!b02z@}+y_^%N<9
z6+xcu+F1Tq<$m3Xb;|r!#`I|ephCLTk7+u|B)k=Eg5R417wsPtgmdyI4{CuV!W4H*
z=>V?-UIwxR8@~;RzVwV=+%I`9nuASL{20?&Q`c*OJQ{sPPKtlcN)yiLE7K_uowxuu
z?|T=)iLY@BK5{!4*gJ)=-(4G@XC=d6AonM}^plp{D0|f}CBL-N?>dg41Bv&e?HCqi
zd%i1xB}d7!7gHsBUZd3d%9}lOaLiqPYjS*L2<k>$4Mq~}TF|8_5>S7UDR|h>&Zzf3
zf>?XbDd$L9W<BZcIh%?Hp#(p|%N}^a$!LVRp(7va=-E-TL;2De>CP&xtU#ZckD2^k
z`75T(dqPUFOH}wApAw}(LSct5K`%FbBMLRvufr|xapsm$dc)?}YbqQIF`ou2hNkZ2
zv4(6PP3$J?yJE&r@eYTQd$91^Yz+==e=t~iNLh__9#&Z10TH8A_082yDF?IZ>}HcM
zkC|HC;st58?EB?(r*r&rCjedM=R*QE$%Iy-*O8ikPB4g9ZuHq5U6b31-e+jF3I$}z
zhCQpqsgsRNd3W-jdGQl?`G`LD4cz*Z95QBGax?;0Ixh}=BX<>N)nT#_QTSsa!Q?4H
zK&W9Yoy&8f1z;k4G6HvJsrxMb2S6mOl}y2IT+Icz+*@vn6Iqc2hHpoI9ML<X-sTn;
z_Z{vz(T(>U+;>|8jLbop0yPp}i`Oj}mPql8M_y45is#AuZg(q|-C75&oALuHgTBA8
z(Ai4N-#gv{vb@wnif@{`F~iL;1oiT7|1xYc+0RUtLrZh#>=~C9iN4{Zk3(ElZ%$K@
z45JOx<z9lN^&58=KfEJ;4~!WS5@(*IW#*b~ku*sWzW!vio9*l5Z^z~{_Y$l!K@6cd
z?y1WMs?Y~|js2wb@N>E_ZNru5-FKQwR=gk?q;37}G_Ujtl*;)Bj#qW$kC->SPC?C6
zKMVkE=_skZUEMmH0*PSTjl8By=|LUwSER(rQ$!+wNti_4#cM!xmJc^z{|FctH;>7R
zKk-k)?z8;~tpc&Bai(^XX&_Xm;g98j*4nz8E@jC{K3Qng`x<b{AQFx;pC;PGp3K~2
z!oH$9TGY_X8zj+vMMO?ckmDGLTuIIhBw(}1gL>D(65_r^a(_orB*>zY#u++YXxMa@
znz07V8b}u!2j;|SPhXy=C<mfr!Yu_V`8I}KO7JM`nFj7>v+zR_CM3%{Vtz9beP|Ot
z^lxu$1UWtG`LQ+Z++pT~n=MM*@(57Xp~Qhd`z|p!KdrBAQ%DQ(&WN6!87f9}6Au+@
zpGA8`J2VH}$n^7s3*cF7T#M`xtD&HOlcj$(b@{y&$EC@T>ac$HV}_9|K?NC-^u}*g
z3+k^Q?^J@+3>p^6R2CW(YBN;jYN1=63z&q!{yhePDs68bpNf2<UzIP_V}Rsyczszt
z{@^26Neu9Rf7wmtVIchiRS;+ITw?@Ql!yG<^?)I8r_fZX#6@}`cyvE^W;OTs7UUaX
zFZA9(=4<|5C~Gbi6csxMdBeGSj5mcWXGakyWubGkoBHH3yzTEb^v9HzjXZwyzKfvm
zo}?LgnE$qc{*_Xn7)N@fFJ79)bV5Y<<08PucB#h-#IFEC6*5AAe>DbC*SG&Ov!=mP
zkI5FKP6>yn?Lj4kVLEYUya@RXJFF<s>7;Hp1{c*D6S>V)ai3gQpn4bv9&|Me7&ce5
zGkQ1n&>!tNML<9{!Wx^(Y)W+P%%K<wH|mWg0xfR3$3N}5+xfp8qgavC4m#C>^Mw#D
zCMlJzxp=2<(!yHP2p;!;pI=*5(!hZ-En+N-SU`^z*nj_Pc?^c<UpVX4{>2}bm{w&F
zi{~QEBK+#>`pTvY?2->sEIJL&A|5gK^|Q-4Tm)Y&P>5~L^WjJOYdjvfp%(zc9?EOJ
z95PHDrP-yWlFpp+>LlGhV!poJd?Jy%cGzih8<6(5FCCJS^IAIgfpDk4M&bKU+f?{b
zNp#iy{Rx_nTq!I5FjVIHr#qtFe2pCRB4wt-BrLkRDlJ#Ei#w!y2L?R?^q_^rq#&v)
zdYTE;xa-`w*LMX0ifslxwE^@!$x)^*@zXno@en%}r&_T!E~#v)X&-u-9->8kS<>vc
z7%>7p9f&t%cWIulf-UM_E9gPn{|Tvqj?v745}mU*4*@aRt@0dU9ZZ*;V9W-!b<;#*
z2fb}27j3y&-*kALjwEkVX@mV!!V*MC2DbGUA2u<O!aQ5y&^)IyPVPC(24vfDQ+n1|
z!&^Z;Nh~0!sAMeK_TQr*AdOh%zg(}w5??ny&OPT5)t&2^AW4;orFeg+Y41>uwRR&W
zL88DqP~Gdm8U)ipkhMR#CCz8gJcuASRZp3A1#K88ZJ$}au8ss#tkxEqsB(C)=y}3d
zT7<|h)vTc2R&u{Wtij=Ww%)_jAQ|hE>h~(KMlm7Fm6CQ>yxfp*NZG#@2{QD#5;<M6
zDHJB$K8tiNV|B(=4H2@}76-x`_XAZejkhf4$xtxH1ap$XJnjW${r>(Z)4|Zf1rrYi
zYs<5wW~MHvP1SaFwLwu`yvOo_g++)Y5TN}V!ZVq#Yuy;4KdarZH@SH8J5+QL#Kych
zNSNmv-5g=svK1vD?j9kIbPP64E@;c-pU#oF!|i=*M{oW98hyAR>F9F;dr8=oSe)Ma
zB_V;<rcyj~<(PYo-&oT1^?<u1bV{41*upP6NJLkmdRQ~AmYIGH<AX@{6PhARrif9s
z8W|JKS^q{Ov?IeC-6qsDOWEyp{s~3-E{J6e;YjvY&aZ3Ijr-&RzqWE)EQi}X1&G69
z*EtXmMrk2|pH=<rEM12J9o8J-l*_Hr+i44S?HjWuIcPgKi?j(mH+?4INGa>tI}A-o
zp81*G3I(#zgsqtSL}W|ANHA``vyb6CnSrtPV&f7X_;i0m3!8DoROx9izF`tb3l#~A
z>(w{1_xM0>?SjIfJJ>+{)`>ulAh4BsM{>39@xwaiTv1h9NTM;(g<kYqwp-o58aGAQ
z>YWPaUQIQ+sJDO=*E4eAr&@1ibzJ0%T*RB+9!VZL>{DMb2F2KW?Ee4K$`2ym$7v2T
z^-nT`QXpJVdl#5mo2id*ZrojL8mGd`>+br9a32jaZ^oQQ;^<Bpjjo95qaSi?mk7S%
zydFsXQ7vC*bqM-A8<baUke<9qNisvLbkdF*hdCzQ&+bm_3Du%Fh84#PQH4%dOEYQ?
zk{lgWu{{77G`+c{#3L_-7k)p8OIOy_bYpwVJ6V6A><fB(3n%yDP0q+j%T+p7Cb!_T
z==Rc|{wyK@MtjH40G!lE4j1U43T$9kc|mRKvc)IJ3}Gu+-G{Sk5VQWw_Ba*b<cG)^
zdJfsWxNW_hLD3N@y)rmcLX_35R)TTeg`!b&W9Alq>;?8)uOS|amh@gVM=<)`)NSCZ
z-WfFCuI{wJ379ZxOB)=JW%r=Ey&)*iY2MF{vr$r{tSndDZuA)s-v8_2RA=R;8~`u7
z_EuSUecrP#bB^$xHg#ZVs&lGja_Tle|3{K7zMy2ns8QOnIfHc9<$#R)Iex{n;V~FA
z@U-O8!%t+*=agvR%w`JGSFv8Tm`)B{RSunIQ_L-jdLw+VBV!2<M}Bb%f<L&cXG^!e
ze0H*OqbI%9$BK-NXgbTp{n3T*IwcMLZMnxU!(}n?4|zAOzygKh`H331Enn|r^WSmp
za{7*-;hK-4OaT0|{~r;mrVMh4=cFyhx`1o(R(DWen?DdAsq{N8DHCF`hY_P++&L{i
zC1`{0BOP;a6C>=;S4*4lb}DEf9yqShMX4XlK%In67Ra#N28jbYgzP=!LZF=5rw*TU
zPP5##><4>2{w342v9+)3g#QaG0PsmR4nP|a4$!p{9(_}MfRq%oT}Hba!g6f1j3^mo
zeX#LPr5o>Eg}d|iYqjRkT|8(yEN2<37p4Izvn0rsw)nJhmG0q4D?S4)X6N?+up>+>
zS~IS^BY|v#CA6Mcvfs__+5A9|N!_KBW)+pA5!-2I(_p!Gsbh-p$6!T^XdF>F-@<0*
zx?Oq5!>B$TN*fn_s&Q)hQDb-JYdN6oPOdqK70xE*Aa~V}bgKTct;MxwD`zlw3v;$|
zdIc1_(gK@5)&`>o`*@J1mpxL#Mh&3z_#WJL&`CUGeqK!eZtiV8dyE&D!F>S(H=>Ta
zbrjuRjOGz%DI6=Rw5YInf;IOk6r9E4=0LsjT+{k;akxcf2TFnxqUp-HoSi-s=ZpT$
z+UQx?mZ|o{;>Kpz*VHD{gXOx8SPpx7Dxz>K=Dbk+G&HZdk}(hE(jgIpNKMqJTj+c+
z??0JO5Z<yuJN5qS6q4Ea)GRR{q?;xfarxkKIZPMjui+5CqSR}RU_b=iMwi1dr-?{J
z?eOM9k&dc9Iwz||MZs~IF500_ZmHPcGl)SpdBTc1_0OXaOk8WpUFk`UfMUhhLoo_W
z!HP|kM1sOU8J7f+@r`USA?Q{!e6sdV2gpy8F3y}@`$bP;vTsmE{F6(+FvGB?tMaKG
zX{_fYO@q|1LzBi_%3;)EEznzFaU-AKm#L;~Tz3YQiX9GG=;g;aW?Unoy!1PttPN&=
z88_GbDafS&YK-<rT*Qj|zu3{BQe;@W?822reFd`gwVzSCKVj4(gFP!W@^jak=#Vq>
zf!Frx5gqe$IHOACUp^zN1Rp-v(<B~&PF*ynS*qCxDXRH{)f`Uv>4{J?mo=o=K4~c7
z75sg6APZP$%1L;$WLps)U6W2*X9~blb@&JNFrrg^XWot&mOKE_0s+#&K#U655u32T
zA29G*0+m6t&LUuqO_Cy@3>ASAu11iP3$QE9pN>aZ2R-N+PjkpG?epV$#uNPP)?3$>
z5XwJmEu!%?`T9VZwbC&w+|IZB9RfGea9`a5018L6Gj=&VE87YXs3z485`fB4L-Ib{
z;Z}38rujq(7)Wlsy6e|@H~k@XaFt&m;g#Cu+n~AHGseeqH+83?f`|hrm`(D~en&cU
zI8RcOmObQjhGdM!+|oh1!on))DJH{zSI_NyTp*xE3btnmkW?qua9^=Vqmo{T=sgF|
z?pfbBo_IztW$E;IrQm;IP7iM0q$>nS$OZ@_;0!n^T{JnIUkSld=H>r=p}f&99G60X
zxMM8@<=94}oTfZ2eGGk|d+KbW5~@xa|M1?%K}zgeiQ>-E=Akt}QKOizBE7P8ED=eV
z1^Jykax)ML^~gWqI~Hc({yS7_I4XfnxfK5_X%xG9iQQt*?ER>EnzulJj=DB#va?i^
zb6mm^lXU^KvKE$QmJOy`eoIo}`<sf-(O;?dexKhLsiQhO!MJjt9<p>q^Q#@@BTZ~N
z3)rn3^S_uu%Q;!hhAxvvms`SaIp!%Y2{xdq5z<%bxyF{>r%Q=t)#kwJR!(+cfeX&5
z^ByPRu63Jy|B#8)+G*Lh6ZO$MK_zMdmGKO9s=?uI?^GMC71_rBtVnFCDd0Su0;_9|
z_dov8C>t`dM+RL*V+XpUb~e2uV7+i--bB=c>t{^G@`k`mwcEkNE<oos$ZI+?ZBRD(
z{7rM!I!}Vp^O4Fxf<tbhMc&%dN)p(>!0O+GVQ4WP`^zTXN0*`7#-9BF>8=QRTV`1U
zi>;`sQO7Q-xm{$!rr0sRHebr^rD!5cu7e`Y2HP}6$rtiW>?1_zu?zu<Z`_e>3tl!T
zedoRTyvdBS?|m(FgmXAD+55u;4<ie0BY4M$tRgg``@||1w>Jj}$p*&m!J+^}Bk^z|
z5u7bNbW3^z-PF;AB+>P-l}|&R8OsO@w<o}qCOtZ78)_YF7$#45>0tWZNvvP1ge^~=
z8K;HEY`I~kwXt(zhH#ntn8o109>2l8Z{0Gk42>+siJ1iL?)c^;?NC-Z!WR@nQQR+a
zK2{qPeg>JVe4R`@tZqhm?MI}N4R$px-<rQcWDTmbxT>Bxp^`3~S#P*QMz8;uPJJ&_
z_t<{?m-CYK?X(o8>ZtN$vS4X+#tVmIb5Q^+e`X7=eEOFAQF8cGslS0|jhsztjt0b7
z1gkkR8?2utyG&J14SIV!WO`-m3zdwKbj^R!LHYuDph9rFWUj(vkiIn8`Dj?IW}Zv-
zL04FC2_t2sj=&_b$<@dAd+ge@I>@({9Z%!Q#+|n`KS0i`nc~W<u7<k=L)8WIhi%qL
zt*U(tYKX2fI-s?RDF5>_LI*0ZDtT7}x!p;>b}oLDKjT{|%1BSnG{X|czKU7*(#dRH
z7N4FCw1+ph@_9gTi!$h*n$)xbDS2V=1vD+{qNHpVzx~bY_$zU)#!62*gT{@=*U8(z
zxoiX-3n6@ujD2FpLjMDh?ZHHA&#1dd@K~0h^L?^y5E%(w-7*5fK@BScjVPoa_wNY&
zfX^GstaO+q2_*+*mEN$qtT0lEtxn3>xlEbYa7!=CwVfA__BntpGPiE}MFMv-rDqq?
zv)v5m_$<$Dz~LHif?k$=<v4L_J3?v$s_kzszyaMl_CnJ7zz}qdDp7?K{ZjFit`8F)
zq6@2<+DMzGnNunbRQdduT(c=Ryzz;-Pii#Td&xbI%U{W7SCq;>_2=me5hYD5G(f;>
zvO6EUJ(*-@Z=*Ezn+80&P!4h=ld|PIo8bSx(rt{C`u_w3p!dy^XfbEKx+>!@bNjA4
z<rGd@h-2i^+#Bg8$}mHR|9)(Y8&pw(=$s9>TW!zF4Is;Y-y$n8HVTcI+`Pi;d5BjI
z!Ava$dU_k1R`MwuK*1rV87pOBV~AQg`mp%u>CZ{|ZMlLPD%L?{t@H8|7eKv%p$C;l
zw#(TjMD?4bc7;z(ldXI#_yh{|p8mja9{e(-W(3%Pmc>1>x9;&j);?4<akS$vAE}VC
zo=7=Ot+!FSPe0^|AQl!q&>z&e$Kkp9TkG6*s8XI1Tsd!XQNNr09-a`5$Y)SNSMQWr
z!WygmW{WJ~ER{)zabQDgx(?#Qy`H}4+wLXF@s>Xcb7Pug98y;beuaccGWQFDUj{qg
z_fK>CR#T*XNcng@6Jo<t6Wa2+D&Hf$jE%yXC73l5JJYRS<0&F6AH=6DMNvPH#USi$
zp@BsONc8PM7o6;M0ECV!^mHpRGw`1EqoV04lOVPaS(Y_2&dMoy<0Wj~c}`+VG$@V^
zf}Q6JyOR${n_qTQc0Xjrm;+hBTyV^?GZh54Z|qMClg=7lYxO0r24P1HQ4B61knqAg
zV}GrkH}l+DoS6RsWCnQjzu@%lP%Rx@hqx3Hhr?ZNnISICAzAqVW3KN02>e;t?%f?K
zj)n8|YTok$!;~X84bPVcg6NhUoqbBo`~sEy%2(uCMS}Wsv##&$3hb1+BTANjzhk$h
zTD9r{Bwjs-uaUmhVB-m+!9I5#nj)ceL$$yJmOv$s)Jd#&(dP3DmGVJ`RtF9~y&j8U
z$^oU+IvM^TQm3a%<h5;fj+j>Hy|nSYsMrBVPyIv0nhQM@m{RP&X&M0IizvqoAom0S
z3KM}!U|lU#*2(jKMszrt=9O>!L;?9SqbNz1C84A>B>$9*HjYd5;f2Y$F+#Kul?xo<
zmf`9*yzVZ5XeE^aulhx6gse)Qps{BJt{EQ|Jus*^)Eah)i#+FD(5$sX9=UY&)y@1-
z9DQ{lRKL)>+f=5Ypys3VaW_ov%B}eSn-sXKR?e9+|6U}|G)(n%9I8<PbE@v2{Kf!w
z!^v;aWA#Y&qN2#L-_xdL1_H}p!E`Mt!HG%Ag)^GD3QD8rm5coKlI12U3n%Uom`yfF
z$Bzdge{&w%@Ao@oYr5OMY5>wiD8bI__3kJ!3D$oVqRG_?xx4lJlu?KX%9X7>quA{(
zSK<_hFZb=#WK>YL<F{8d@-sD|Y!KKiI|Q(0z-bufxa3116y;O)`hv#p6%WTzzEP?k
z6Xa1mL(iw1$oAEfo`>8QLHhTio?KlEX{r(7z9Bq$pvhHU2gk{#*Pm@;p_^DlgepB<
zM@D(?A5iZz^}x0zkFnbf{OD56t_FxZ9hHSvAfc=lnyvId>5@Nd#d%-VUeXdsL*;nc
z#j>ahlbH#W>pJMD;%ZSqYmjMr0bgwk<QZHAPQ<_9PJMr93x1BS!V9hrWi;=kb&zhH
zU(=e>FA!z+cH7&&pdUS~p4Y|CBL3041+ccMBV3zCf$o6E3`c9l-z+I%1GRcr;UO5!
z(RtDMFf5A)`)u#Jy26F0Kn>>*ud#)#?yyb=VkYSGQ8;{$l%2<K5ufHx)22w5Yg$$A
zErDjh%&)<#Kw^0!WKqckSG(X2+_n(Ys(xxK-O750L0PV^nhH3G=Go85gM?I8eqzFI
zjiYiW+JUBWMjAlN0jl42%>GiQ6G(mt(>LK$EA{gMx`lMdAsVQ51`G|~y&$TShY38T
zxI02lRM^R-#_&G-CU%!KUd(!WL>El^QzBlW^2U2!wjNQR<AaDw3qe7_uxc<66=xG+
z^?uURM2Hb%s$Cpn5F-7(shIzSJPbh>&QqUUb8#fVv>6#e+zzSHkm$aeJPGSKuHHpY
z!E7<NikPd$omM(_SF%(>xlYy%&{0N*xjblu-s~ta+1&^a3kT<g&v&9t#hhpxC0(Ds
z+F=-LR)2%@!GyxzwamiS<C0nai&MXOpc&#FnemoH$cCriH0wZfm}A!8**T48sj~4>
z=24}jKvmvhihNpE-)F>b!h66zE;q&4)hW@r{AOowq=_d?(>%%%cFzQ?)Z*OJ9W4&a
zrOv((@5-N}I;m&_;Rhz-n}r7cxE=UgdkzT{c+5V!^UYquUN$&$BjH<0wJGLrKz+9<
ztBRYGQR{8C=FB$l;tl->x=QP5Ggg3gZG`|n%=gx&q}>E)^V*_V;@~d(IBF?RPQ&mb
zcYBztcIpZGeg39$H=@7ThtRE)me|_lQKkL<ilmg_gS=bo9<G`T(CT&C$~P|)R1SO!
z7Okl1Q++QGSz%{|)#F$#f9`)}CXKd+aw&9pEmZ(B7cpZ}Ou<ysP`L)(PNi<(#DXT-
ziNWGlsC7e-uTru&`?<Z~sITJdwXaKs5QPgr$g1v0L|T!tz5l&AR*Q{E5$G~X29{op
zh<HTDzGdf#vNtztq2!A`uVy8{NjDgH88yH5&S_eaW=x47ZAQ$QX^l>|0_`#4^eWSG
zCAsfBQXx8e8962r-h_6N8_v)o#{B?z%yqAiIvb>=%2z%gSp+GvoP2uJ6}w#Mr$ERV
zP5EopEv4dM)KCn7-=4_S0W3ULu8H(f14~|XD9mbWP-9AGR4e|yAG*$(|26q6_WlNb
zD7(z#9sM5SXQ$#;0Ab$E2)c7D8M(ok$YS3o1j+bS0X&Sp6JCWo`}Jtn)4LB3)bb_Z
zH4RaIy%Ab*d&bK6!a@VD_|x}7(a^^cBMcaVbbx`qtq9uhx0pSe2ewgl2n1Jr>;LgN
zAORhnB<~DT5aSxIAk54JUpm{$5Zs4wufE?ez&l!vN%9*^W9Tiylb(K@mtZqsgLJdP
z&Z~u(e#NW!p(n-N3i^pcbLbo$K}mLwHdOld^3FN&8{v=xk!!tfS-)y6^FA1*TBQ3e
z07K`c7zO^~D?veATbyI!QgKjdpcu=L5X5bO({s-}hhH6KaGJE?Flb@v?Jpn3bwzl0
zBTznVWSS*N2E>vhvq6Sxg1vvF-`^m-`AQBa(CVy}$}VgAQSLi|wYXVp4M)OUpn58L
zHAT+`JSv}ntFT@X^ES~L`vwT+L?=EEXIjp}CZELCYIdgt9=adB;8hAmRp14L5)LoY
zP8L(lK6@zC2qNWZ_OV50BfRat@ZOi3EqLs}7#mK1Si~Hi#qtGZwBDiKvLD(_MN|3t
zzMn3f+f)j2zc<@yw%0gH#=Iz9e`ES<u1`u>&=#Qx=j&ETPNqM>4n>^ijr$mevb(ZJ
z;9N=IoiqZs1*nnu0|rG7jrr2Wt&qiv^2(UzqzW<@_~ljb@3<2^VXq`Klmb-P-%U54
zTI+PcxDrZqal09irjS{qc|iB?S!iEcLHO+r@kt*fOkF04#IY^y{iwxegV-GTN-^sV
znzHi!DC}7x*5bY}CeOgM;)MS>`oHswBi&PDy&s+HbqMBhS#T@+_O<OH`48^;+%W8J
zdP^6mD@L<M+`WGME^<el0LVug9_xuA3AKS=F6)ld<~q0YNP1NFs(Tt1_1OEjo85bb
z6VlnU*2|R=#{-JT2m$=#`G=mvL4qt#)%%b`DyvnmO!Gl%ITsf13>&p~G-qk0{eksj
zd_@gJrfl!$%x+6=<<YY{V*%1z;~$zE&)rUI=@V?4rAheShRfEBCfo~dP#U;ytj?O=
zbw8SD@Bas#Kw`f}F2jU7+O+zuslHhgq(R}8uW2qcl(uN-Xk?upreZ??^67+GOfu9H
zG^{<ZG<FSGv~Frk&+sedKSrS%+%Gb?hMt7-GSd_@vGe+IF2K}=KAy>U;~5)IpR*rr
zwq{cfCN>ax%cft;Q$~eWK+qd~ltQy@@X&~?>~AiS@g^#IOP$_iH*2?!X6}r`TNcNl
z&PY%N`{c}Awm$}SWfF-9J~SVeml{5Nlqf(c9%b-*67P~pd8N```6$)bpSuG1+v%|v
z%rl#X!*uQks3YU}rVn*h3VZ4~-{a!O?ee7T2<2LpS8jeC1`90+bA^qBYgwIX_hQ2Q
z^FrT8<ib6_Z1u~&*+>8Za=}R~;|*{C000000EcUqf8g|PnGEu&TNFpet7)k^3~9gf
zwybey?EV94RNW0^(7dwE7zP=!2SvT%8OXd=8=nUVznA@Qp0*W4$m&A}0)_&h3nq=&
z(x2YkucKsv2cJb6o$FpWw>_KyjGc*k3Ar63@=0JI19ibTc;IXTx_xvSY5zZpR(eZ+
zP|N)`7ytTecZwgGNy3+v1tRF9geR6q!lxF4t|D^uup>I=gb<YSHfC(XiAuarb6UQb
zycZ#h@h@@f>TUpiln5|vVEH&gMO4gr{Zu@}*dp9)#L_P8v9p;>o<j=S;Vpa)4#wx|
z*wro;*2k2X54HV2p$tD%uy}4bDrlNig-IV<SM(#+MJFX3w^Q8V>c0Z6+oJwdyO;OW
z0Gi+qnE;>M1nOdfS!=%riW~-pldcC7r_stoL^Q|mLgziNZAQeb?+Q4guZ-Ba+7es?
z$?KFW_N0kX+x<EHVhK#|$<@`}0#AlW10XVdI<U1<sorGnI-Bl9zOJ3)Aru}8NeaKR
zTq#}s%6-ht2bMy<!431km@p%ybWCi@U?*A>Cxq_BtHw0spkkHF38&<mDMA~_6?lr4
zty*g~GjO}hN?ecyUZLamX?efj0$$;GHWUQJ|MfyF03@;IV5{z!%C9iRd91v>UZkWt
zu(|&?i2EWUR=;}!>(1WFVNcZwK87cN`5~~8HE?4R6*j8d`=>Q?lOS8d#HTSBrH~v*
z6I=iQ00000-?mYyRtZO+_dF-H7vDjuH6H_8Hi@~OLnf*b&KR$dFi+^Ez3DmgZr4Hf
z!O@W4EdP*0D2FKj^^#2+GKQFb!ho?Ze3KT1^f;dl^h&hf84EfECY!tbsW(ixP1x_2
zmr_T&KfE^iQ%0NQyG|)ugOQWW<5H)nvx=>trR_gQXoY4RK*OlrJ#btEH3KLNB?fpY
z7DVx?O^oD5nfVGe1v*fR%sFxQLeI6MD)FGKBf6D(K6v<^p)ti|3iTY^J&AKl0%;E=
z>Z;K@sDM_X#EFXWY$hL^e+d0WRKC{Q9=~pO#(UWqbHb(^>F6-?9rJm^Uy7vKCUUVy
z+b)xQl!Bt$_4)2AS{yvut)mk9Mw46=W<HoEmr@v`e=LNh+@`!Qn4IXk{5KfPax|*d
zzWNV+O3_08izw$$)3+};RKJH#!nwYfb5QD{JTmjKqNh+S6)~44g!IoBa;0rF`&wfX
zQ}Ar_GdBVZS{o&fTA0|{^uhQ`{7`7R6VAObxzHCWQMs>XY0z&QFr-oG?bgT?o#$iY
zx}~;qsOkW*#nuFy=u6RfkS#rJ_}|p0l(Y8(t%@K?!3)KaT%r_HUG2O?pRa~s<%1jE
z7K9qwXWm&UEC`EI^1u*-nhUw=5uY7IN7Grk=V!RxX;kFFkEq^8WBwL4rG4~Qod5if
z_;~z;uHhU;maVM;Q7zP5q5ED09`sxxz@}!}DTtInO0D#B0NF(&HCn7>H+HYn<p7M0
zN0lHt{he&23%I-_enbieU5<AY(!UNbYWY=$(OBjH00ct;QF2phSbzWk00000z~BVO
zQLq3&wr)H<k3g8NNnqGS)ohQ{KPlYTp=7zfHIiY?VNAS1_Bu1%nuK;F!%oLf6wA+Q
zUetv|NlP(VRc1y`xm>VgiW$<Cf0kE1W_T#7Lo=J5FKfmM5+s6jx+8D3>Qeu*1wB(Z
z8*SJ0LlV?1P(oa@G5*c)X7i@NeAP$QU2DZIF#EBdWKYyab`s{t%&2OKC~RcbElYG|
zSH_%TLRY&|6=7y<qjF;mQTCCLMs*PhrGMCEt`=NTK_C}IDs6LDyWZ7C{BJrk`hn}p
zN%yN#+tgS&byh0B?0yS&Fp#mG#n~2v3NXtgiN9fZ4&qbG$oJWsZI;du%4g6-JW4O?
zn|z!_Y&wd5<Oad~N~<4HJs19P!$OfaCQL5$UcgPb^ktyKGr)S8lzhjx!cdhe43+G&
z49j9tt5rY5nxuP+50=;f1Y6=D`oIz$97}N}JlbQOHhiiA+0yD{e=PX7@VCNW&n07u
zzts_IkZG$U(5A|+l7X^C^@n9`*p2$enBV>F#`QQ!hM!n8r$`xtjpcg$%YE2@7Jn19
zHH63SH^f0n`XWtcgTT|l#dZ+$_<Qgywnr(<J{7%@oL@?Oj|i#ANYeb+cV=#~P_@g9
zNcR1&NxXqu#Sw?(|A{jIoBWbX<M%BTN~>b`pn_DHD6`v=t?|gc!DVwx16AtA!vt%_
zN6vUeXEvCLI|B7PB2}<7Fi-LTt?LI%*JdAHme(mczBXy*31eeSp{TDdFH21@037cb
z<bp;B0000000|-k(*OVj_E5Df0dCe*jpyX~*hM6bXq~R&aELwq{;1f_8I+Hej((K9
z$99&*7whpFQ{9?f8=2ui1BJm-rS26ljV%LJ&y~3_PezqUwErudD<4kH8vNyS`y)o8
zOict+1magwviBrcqJ<%?oC%Nha!i!^=~D4g21sv3>AA1%v}O$0s$NZm-z`IuWlmz)
z!=?1vFkLvt>{2L!cJ7~@470_PCdqvljJQWc<rY{YTXS-}EoaPhtP%<t^xjVw+~rB4
zLMTzmy<FbpA&=P$tF_lA(5CC-*mm3Uv{TC@-90<nsN{h#SOvYVYN>J0m9;LErkO0*
zWgKxL^Yhc)8W<-9AHM^(W}($|Mfc=o5iQ<nF8AZp1yYV>XMvo;Ocg4-!$>L`VJhNy
zzo^b(7z=JJGLnub`r_-uJ-odANidyG+fh9gS(8h(U0t^{eUEvC8#~l1=vMrYYRdYl
z*Z@SdeObbs6L*^QkXd&ewS`LYgM9@n56zw5+!)APyWs11VLKr_sH#JpZzq$nVwLEn
zE$<_1L-Hs(p?){aqDU$7uhj1llYD*%_3<R)IjB|KW>uY#TxANA-|NUF?i?{S!un;i
z>#%Q0+gk}gMJ17_wN5wVTp*?`))=&oMQJX8CHB!)4u&Uim|w^;%Bv}5WEu6LO*e1L
zY~}y}0Mxijpa1{>0001ktg{UdL<3iV0E%D=`8$k~q5dxJQS{G@ng=ecJV-(pWLnc-
zs~$erL)?{Y#-!QXk!`b(L)7knoIT12)WNKW_D^RBAC9d3ry&HhZXrs6>qgi=Wcw$f
zYwo45(BuDht@xYbSBm6n9YgDi{}RO?%eHMaSUnGt?-PHl62!fx$*zWyK2GABRE1SM
zx9X|&*+V7o<}XRCK%R;O#NSZIm)9{|%qFU$d>~8}EWd<o&Pn8!eyAd;xfE5_rC{fJ
zNl}PQWv(t-R3Xxag2wCKo(S^FT8}u(=Uph(Cz;6DZ4~5f?|OvAm`0#5h8VjnH{X6k
zC}a0Fc#%U()3{0hV?qS~nEQ%cc4-XC^FxQOK=oawoXJyr9X>w1FQ%mSY6OkIaQ!Bu
zTSYIvYFox|v}+EV6A5JX)8FQpF&>!mufpF>h{P1zzBBS5{>-kjZonAF!z<ikMAD=c
zX{Q7Iq-FnS<g1fM8i(;3Vu4rIVf5(Et*lv6Ti(l^V`H0NbuQKK;?uU4p9WwE3+vr&
zE$J2$0I!O}z%qU(^-%ox>~fXrY|3h~B9Cvj(_4EUm#vwtyngMVEA0!lQhlQu9R}(A
zCF6V`73P^(P9A>89DTWs?Af(R?aZ_zoSefDMWT&VaS&LE7mZK=<l5m9Q(m%6L>h-L
z0>W>d%&M3YF;OS1krweR%>q(G3F5w4hk@jRYgBK6(m7<XfB*mh01N-~IZ$v;lmG-f
zT(BYjiVg{ll`(3L9;CM=a?W+V#C}E`fF0<sr$WdyGVrf0oUuL3cHM`x3F}F!F!*%?
zzEyma)8GMM#QvFSZCgE^c-3&p-N<V5KXCI%KdhXCID?3oeOyUAHnel<0$(-j&Idw7
zC_nw8xL)p#uy)?&R207h%kjb=y1vAS5~wTCzD+dvp8s)5kVz8_fH1rXL|5Vdc|&d>
z^v&sWtV0QtcYa7Qn);j3Tglvd2CCN^ch2$%&a3!$fgVdIaY>Zr+!8yIj1Bzwx;Q&z
z8OLbneTO3nG$0bZP<A9b&KK4peJBq(v#IyKvws}C)JeB~Eqt=H%3>5_?BCU8^qrZ6
z1?fL^`_yA^mbrp)y%fIrsc#v(MsAzHuqLSEipS8kig!f_%|@m|td|F`K>a49n*|a)
zE|eXnv-QENu2q2WFHc&*To}Jbxx+C`*TE1utj$%iQ8%DE$dd>z`AGbdDDw^0$k=O7
z{yu(&h&s%sr&Nvg?YaC&6F)G^Bgh=>6tUWdK}u?XuP7LhQeF*CLq@(K)zjT|m+T(B
zs=+~Vm2(c{WB{(Paelz_rN>#}z-f8xW^VQw(ol@cw(q@V0@8PxLk1g4#bawWS2HjB
z!S(q7uvd|`!7C0_*&Lf0lyExoi@b&6s8DfRC{I^h!l{8FB{}HprPJ^_vM?(G0z4Nq
zvNf)^c>n+a000&gOH3pP0Wp&=)GUEKU7OS(_}$1JW6yg_$E{o``1)mNdAC^Gnp(h=
zu{xN6j=W*3`NX3QE0iAXTh92l&|<(iEa0BD593*q!u4~+Ap4?%G~y4B{OJj7{nHxA
z5-?bnEj=|65ffHD?AGswxaEsZoIx?vC>}MLOc1*yLmuX;%rZMGBV!^tI~?|bOpl<H
zKC;!Gm>^es)>k~VzyXr@u8Fei+LW#*{orhE$ZQ@Sh@kb%IqtjFm^wHWm}W!rZ4aI!
z{W)qrN$OAa%oi@DZ~j1sA;`HzD0k2^#0k^tAcGS~Txo%yR;1Wr0M3%l?_NJc4*biY
zHFGl@vOAQ8B~&lo)LMg1jo8&G1uiBtw`LYq&*+nzUz?*V8(dE<c>`~lX5_|nZWn*C
z3G{cYw_@Z+MEGI*6UF^TbY*ig@Njd~XG?e=G39i`ToN|xL4Gf2My1S-8-Qj=v7E3G
znz<Mz#Z6E9Z)Q&Ou&)@t^>+qF3l2#ckEeBj{CB^|V6>TC@MqbL1*QC|G;Zi@w9?CL
zwJ=KhOZ*N%QVZgdsqhq;j>qdek%UiV*~MtnYvk}2{c8K+C%&{;!OE#?YfmYjr+eSu
ztb8+>%#_NTr_>MymiU>Zgg-5Bp7%*3JPH*PU?}xjl*y)AF(KufVK0?$H-1=Es8+CD
zkkHQhd!p+Z%K0ONB~7ZSdk?3Fo7UL<2|A?U*&CW|GR4HMO=DBzbzAMWDMt>Q8l0jI
zF7(lZcI<JHn4HpnRSVXV-RHIRdSgdcjAW79sxPmU92ne2pe~`~q48LF?bF5^k7AC+
z9dG^nA6f2K;uSC|Wm+X(u3kaE3y?&Jn{W0g3N*S>g!HB{eCV%b$Ak)mElXyzwbyuN
zFf1>B*&#DVf$8K)(Z|i;WL}`Sz6c!MBme*a0000RG*2i1%U~NR0F^(Hu(W}SFGb|E
z_L*=@BD4BxqrtM4O~~51d@&i_AZY}H(*~9#Hx{V5w66&{zzM9%!Xv#IpHB}gqJi;0
zy3ZK$jc_Xa4FVR2^!yi5lIDo;a>g-Z+|N;8KUGbm6glVtBHuM~x(p;E*7TK{;{W;+
z(_n=dT`S76RPX}p);F0Z1CEbTit}KOdEAFuBH`u=Cs~^E6s1aL75I4Gk9Fz#3p!}Y
zVwi_C)2yXStmSutK`Qleg$3h3xBq(8$_DW^PYYtUqeyvAd<gL9Yv(Z|>`|p#&(MCd
z?dVNLm8Du-f5=n^(YO+lQ`N(oPOeO)<_bo|?JU1WHTrjVkQGkao^kb0!w00g(_&Z;
zk$df+%E$c5u%>ZkG26ra{6?T(NOTs7>aySE7<QZz#hgAaG|rC#WG{_)?8QbuH7(;e
zXwB1j6?YTG{YG?UwB<sM3CJUY-8I8t&e2FC8KqO<jEd{JfwP8Y$*}PB`E5HlKWdI}
zoHH#sG!bk5{GoyN1t)ge-SV|K>&+t1bKVy2V>A&uUoF9;p2iC)VF!K>o;kjVqsJl{
zdI(e~KKB1><#F2!sE*#Xk`B9n3-8)SY45ayd^aVP)lPRj9u=Por|;o1*_oY9k-BO=
zfT++;ezWaQu8=!%I$I?mKWO$?c4F@g@a+BaXIt2b(~Zdye@f`Q;hZ@@WK?asH)?mB
zd&bW|M2f&C0hyr8Uzqq!i{fc)tG7eBmYQF43U)u;i~b+XPnmWis$fLJ4n6EwA;%DA
z>G0kl28;QhiNhswrts1A6@-)M7n`t@_kN~Y)WC<;YLHC89@cPrghVRkQE0lf-nG#m
z{mc*O5tqBf6``Ri(jWPIS}0k)GOxm6t((}vPpUH?peD;J#lR^QB>7zB4J`=I*FBu0
z$aIXtJ~}H4yG(Gaj6a6b?QsF0*R1S^^bbxDdGN^kCD`Ue@nDE0fnh+-TIWCj00000
z2$K64XO^D9G)~(Er~;6iIIP+eDYrxqZiv}di*KamSo=&?ZNG4KA=N>2OpJdj|Fej$
zf>qsHoSX7FYxDNm1(pnvAZ1h2zH+Qc*SmEcScB{}NmmWy7KO8g5ajTflM#Vbc~?xq
zTJyY;TW2`{$L@WrQoGHkZ=n<OmxjtR{k7@wg7FO%@sgbRd5`aGR%?6p`(frJ;39>t
zcz@?wtg9yFJ47B_0i(vX-ejxncvp{Db<wTdZF2B>%smexEtdX`2q#HU^eifPcH7B=
z1VcBwAbQXM*qAkt8c`_#fP^AZa(P36qDy2?Q?7S4n3<LLO^%iG>lE~=E|7#J90Q6h
zxB5h(fBe2ARHGn7rO;p2bn3rP8oAEoM|$3Z+gjmO802h(dmac=l%t-g(C;1J#gsKc
zzWlqHW4W_22=0YMh9&ZNmY40_qq3ikBai(h=&v0Q0~iJA5GSK6(u1q%ujd?PK^!ox
zb=^j=>9H`DPhH0fXSP^YKXi#9Hx`t+oI8%CY^ha+bN5jc!Ul)0^}#Mkt24x6`!@e{
ztYYCK`a;HW@CbS8?cxvB5qGCy7)D+92Au^TmU?A5bfYCEQD0NPhY@JnjZOC3@4Nhd
z4?ZP2eOQy}+|Zq`yLfb{6pwj0eU(`IsbN;FzwryNm-Rj3oTE*Tt84H_(IZ8Y*^3jw
z!1`4GZ7Cq7%L2=Wiv?CbJ-+%mV@;{{>TNF52gR+H+O4_!5!ZoC0vKD>8kJO=Q{c8A
z8m!}nWric(*qg0?A977ho5heC^?JcyN+tgIYB!u;E9t>9b;CiqSYXg%s&pl|<qd<b
zAH-&cNt=|fW7?YiEim0n(UE@vP9F0M4v^{ib-%T@g_K-gBi%Ce=Wf}VW3@>|X7_hi
zKLsxtxDFdzM?A!+=j}=hDbD}MZH~ENbPo51&b8{66)1}JKy|BSMGD;VuD})%BzEeJ
zB3MPqg=_&%<_)`_t)k4CFQ0<2r+FuWhb?EPh*muhUSQ@;$iO%N0000SU4SqE8cB~#
z2sJkD)UMH>0Gk7lbUl1xNAzT?TKb2#*;I_s3}{T!>jDEYt|qDmO$66C&#29#H>`Fe
zfLwTSw;rJm!OQ>!Ov&AIMcI5#Plf!KxOo4@(QG(R_WZtoD{Zg1zpfgoUkX~6U~{HT
zb4u;KeF$tGHed}xoOqLudtIXV@hWZsH6DT}kY|9b&mg!|D5zC_sA+)#XS0~c+y&Hz
zet%zYsE)783Rj~J<FDFAfxZQRBxB0cL63HX-n_S*v{j=_nDLF_APIBwQY=&%ML?a1
z<2de*M45Ykj{%T(kgX1dvbtwyE$UY+l%~NQJNhEy1Y)t{nnYg^bquTEJ<@jA09Z%<
z=2ap7GTubi=6)f;wG?HA02#Duig7E&un0&dP@KCUNcZo<(77`LQ}kVR>-GaZae1df
zHnHg9c+;C-o1-fmTu&`~3y+(a|6cEI7`uz?K)El|;giiNuH{l%gtJUkoh~?v=5L)J
zZ!V@qSf=~?g1bGr)oE|6cR#mPpu#%m#`n5x<Qz%MG<S2!cX3~c@%-nMd?PCQ)Od>A
zTS3u%1TEiIByDhkqd9<;f!{w|Zw1CB-nWrii6}=LgUcd1pE#)<6teZka?Um9*guds
z0iq{fKuB&Sk0&E0K~V=0V<I$4d=BfKCiV8&DJ)HgvDOQ2`q$t+W`^vZwkh~8OIkgv
zrdABmN>HFLz>t3aLpY-yh8tH@PPL4t_IhzI0>>+1qie`yc#!Cte~}W1>wOzc-<5&#
zb9c7(G?a52!Qi)+3S4k6vrNm)!I6KfwJy;Bir(`nT7draAp5*&kKl2!cB9$z5rdn?
zNLc|eN3WzQxT1Ehz-<e#ZT^2oR)9u1<mB?`GPPl86V>lPmR=B7?XaBUx3eYhm52xt
zrqD;|LQWW=$C9`By-@954L?}Es>?68!hiwfZUB!A00_tRz2MY$U;qFI)bhXp0001J
zE`s_K_6)`k6C;VbgDz0D+~Hox;CxYV$X^$EX`$HxdyY9(y>mpfIG4v}2(@{!uON@X
zr&_bU>W`c=a`M2Q1kylY03~`9wzU_M8qj>{2uW&vVi1A|ex;{S3sm_@dsCFA=dV($
zJ{5{~cM?LBw19LF29c%^yo#a4;Cyz!h!Nti)CO6^0qcRf+vrAI-;e@IEZF}BHl*eE
zL`*~~k*w(VpHYQN>B7}ObE)peuSqdjoVUSeG6ug~Dze~OmQo{&0=p*SWC8REo{%Hx
zV6Gr|qEpAM7R^(Z*$JQ&;lSM=_`CT#S9Rh>TiT0yr%nSA^0(#<`L>jl#E%CJ*AXYV
z1I6B1vDPWGNIs9I%gd$UNSq{$W076*XzBwsY6om6H5ZcbkrRuB0`q1hIQ1(#pz9du
zieI99&FG~H7wiUl;`2^|ZDY~I@uxPwH%3-AxSm?}7aun<{=MGZF?Sci=p~f(*BzOZ
zfb~z^utPORRrAok-Z1$pWEeNw3UHRS!jv#c(?fV9P+QBLJAChOCGc}6!U+q-=&^zE
z@H}8R68%F3d&7V;J>D**{f^n|ibO6I-}XeNCke$eeNSbtyV9)HxGC+VeQTHG?1>P;
z>)5`^?uXd>5X~4`%*=b~QM|P-=;>DPm`LpV>X9)b$PhzvFX$Yw^mA_GPU6?tp7G|L
z$!yzeYkIp`yjah*pH@K@`0@s>kvAaboJDg@l2#1WpEqv$82z!G4nibtaFI38F6@-v
z#}B2Gv#ceU#6tuu9b+#~+Y&)xeaG%j{q27IrX4X1GhYAT);V(JVf*qB=eYTK=jA!)
z)V7`cH(>k6{_G5PjemC?WFHq@T^GFwq1W>A83dh4PvC2@%CLr(A?4ZK*^5!3&<O+G
zZ`YcPnMgG9hJiStQQ{~NfXex&<RQr>+kgN7XP6M+Aw`-@f@8Q7PKd72BA6Axo!eIh
zg65b}(LNtipPS^E9igwAJEPExqu(bZC;PcF1xiSrb3a8A_0CGJqy)a0Ac-*C3TJjD
z%8fJX6s32lBSw)fB7<0xTEYpK77M`XN5UVg38u4^5)sw2y^cPMV;Hl^{MyV#O8$s>
zT83knn<8J`F!}!{yUIR2>dnRD2WEuB&Mm;Ux$-~a8R;F)<HToC`RoI<|3O%Hq#jdO
zEhXG)jN+#GCXd6f0<ZrcMzdHPon9x+WFi?`qu+RZdpw^OacA2$uKkpK5cg04!u+vI
zo^>%OI2I!S&vTcN8XLvsv_g7)fGIPvP?{0)kA(S*yK>-}IWRSUfCfB_o}2zsmi|RJ
zFgYx|x%O^oyv<(WzEb`z)H06)y5_KvBC0&Gz%Klxvc?uFh&X!U*dNwvyj^x1C1kth
zSYmxjBjH=<bIkZIBg74XqYIFL)@;Ndt{|?1<~5qZ+UpIWPyYx^m*Fy?c80Bln`N{Q
zB=Cv;(5Qm}DpX*ydvA*iE5}2?#sPXy-G2>psPs?FUH-&!7)-?~uBO63s(75uQo`S5
zCuW)JHY0tqTuZff=FKKwopTd&garY&UzegtM>Xru+Zkq7fD|C)u%T+50t54KKbXz<
z-br2aLo~sGj~2`#;Q>uN6Q!YQ-BN(2w;}g8-OO!cCqhI*bWTMaPxnf4Cp36&yY3=^
z=lYwbhJ8v+eCm(ate0S1*8W=izRW#J6+A4g<|JkCuGrQ>!F;&PpNt2{CROg!@Idy|
z@3owIINIael|vcw%CoA-Q|R(|H@jDIrQWo_=F4CpK*m~s7f^y`4y~yG>&lNgy8)w>
z%#HC&zW@2VLZ``NDlwl<k$322UXqY}soT@<k4G9gG|6DZaXM;^f#gFrC8C|~*l6x*
zXoqO+_a-<Uef3qZ&fY{dEjq=Bg_st^DMb`U1_Ebimi^!dsZ`E%@F1sv0001b(6;^y
z%8HNcOr{u3q5x;11PLmz@mo6AmUqM}Cb?L{@{8hJosSeM_e~^0E*^S3dr5d=3SP_f
z9(?>7YN1wAgB|6Lw-G@9XGmzBvb^NaCo^hj1Nh<vjp?M8W@IY$-(As--gWwQ2u9rY
zNU!C5OB>3P8(NPlU~AdbS<y7)rj|R3kUo|D`z0bczx!+;{NJshi;;}BM;pz#mDLNL
z_#ZQ#UDy5gD@d$;D%_J&YzGV7Rj^lukXTyD1$LnAzPmgffHU3w9W;N2U=Gx{bC!o*
zc?0$<!*3XBe^0ca9LOFEHRnq05<Jm(o{3&LS*-3A8015lKUibn<b{j-i0oVE+=`-r
zZO51$+OK_<<5;V)NYr{4jEoig>mMM-z!ZNq3&0$+Eu)hCG!_$Q5NMmvIIlTtkH%3Z
zMvU{kh5f_b<p}sPJSPE*jW1uj0<j=@Kw+5+0;i0&tRd&oan-Cz*J>Fl;4wiY3G+Y2
zd=A0=;1g6*Ma7EUHs_b8uoBJ>D|I43#zf(bj0<=XGrbf~L1hrYiOld5P(J^(*xY;1
z&XW&~v(k-xQgj!sz0kTnL$7C4p=u*`0RI({0h$`q4;-XjpY`*ueO$p#Mx)BxOoL`)
zHD>aj*;M%-`t%-WZr^W>q8lmiG~^QtWRl=he_Dp#>G`f4DFz(q#BK)!dL1u{W+hsq
zfdCCqyGhMm6I%@7iYkY*y3(n}x*E!9=n-oN-?twXVl0=~`^YNKAX`>&9uHPMHu1Y%
z6VdY;pH7>T3I=ZtK-Du<-4(_rEn6#+ySGFniL_JNp6jQ|zq4=|e>#$1GGb3kOfI}Z
z+e-Iy{__$()M#*%Ia?Q_w-k6fmYD}HVTeLHUD-x3AWKti_T&Fv6S2=_%HS<lwmSM}
zqtN^U#n|3?*-zBfVV8mo4O~$SeX|*HXq!%VRKALq3~O`}#s)$9v?CBDO(nvewBsCc
zY8ipycvbS~=flx)r^Vs#->{&=&&YpRjk~s!{<7j}twQZ{|4^+b{HXAnk9l?GU5c&e
z;bLX~Mge+H-G2>psPs?FUH-%;(cYn$mrBit7@RFjiRF*fut>{bjSc?aCV;eerNqN;
zg3Km=WLw}oEXh1p(J*r8&4Iko`EjER1dx%FGrSfc6J~Yx-2qChVpGV&e4xMPrOab;
zedb9IWNQiP@H~jmLK34cc-)2k=J?hqUcLj`1yQa$oYyvk<*Glrsj~2FO1>im9uS>m
z%N^YzDDP1UTQYB<1-{X*)A!cQE(DkKgW#s&Bb475_hYtquh-H6(abQl@38lHYx7O6
zqd=`vWU^~&*4*vE-w<qjEW~TvGo!P~YPmU}AvpVw6&|;vbn=El%zp(^V6(~e2}SH8
zXAkjAW|H|cToK?goF8ZA%X-)*#%~XeUAV^&K|V<_7CF-YVaYbLL8!e|D9jD;4p^b1
zI*T+Pv6r<27li26g3%o6i(9s{MWz@9q*bJRLMz^8a=TCf02)NIF%1aA3r)Dx9LTqt
ziz3;+gH#*v)Y_3%0dSuIV2Umndq;j$n<qFZm2eNdTBI^J+yaQL<Ddz+li`#!P0ovP
zy6?p+BTKEw2$m1wY=xbo04+ubop-y7&?wx{0++HqvNipJ=RDB@iUgunr2B**_H{?2
zdphO_$-3K^kXN<S)Zk_YtZAr4*J^$j*J;agR}soB(L0`>@sQt0`LL3mJP-K;FAp)a
zG-zhtItybHUmZb{_(+=MxHgs^sK5i47k<YJ>AW+EY;ZpToXZ#mNT^a=L_h`+EL?VT
z_?{H;o~8GBS+?_}zGPmbx-nLrZ{fXhw{+}lQE4IRO6ioU>0>V2e{WtS+BN#LpDF^+
z=6J6kJE}mS;?fjJ)V&jkps;|9#p?%^Oxd{wRJrk9^dbvZuhD-Q5?E+iM!?1pf%~&%
z^U5f05e>$YuxQq3B^GrYc;3?$+;zaq7GGN2!$!07h!Nx3OL6R)@1HkO9=~U6HzPXS
ztd?K<BMX8Rwlmb7WgQCPtg$J7#L+G38dHS(rb7?6!xJ6=t}7A82L1Hege==pbv4!5
zuKy!-7E|Fbq4FWf4ukJgTJY8I=^FzI2uob7T&%U%Qkh2cGbJoCj@?`eR?YoUB(CC?
zb{v1k5Cx8`a%f4q2bTO3rTyp~8HhP1&W0E6s?AICDuk10O9FrhY-g@7H0UPQJseLO
zb8GW-Wn*iJ<*#9J^K&2T-R;8{aean<#Z<%ZaR>F8WH&;bWo80KY}!EPF<4748W{jc
zSFaicOprw2-wU$a@R#Eh)|(v|@9p5L0nx;ICMkd}RXJI_5RSWYNfzvTbHK{17Hk$2
z-m<ih_<q^p%D(693Z4y;t+Pe+#p`muS6;L7)b!hdf;M*C{wM-(A6`#x(k<V^Lxdw)
z>qJN}LneAv#QA5JIDWk|_=|2iR%X9U&+l#F8_}QFh_cHWnJKj{P<;GTB@s68o)t%;
zA4WU`{aj!Rhhdz`q(Jd7ULCD%LIXs|KT-bG%V2=boM&D-n7l?+B{I`ZR6-SnHFM#K
zY9rCOwykZ>+*~!iP#E71OR~SRuE{;fE_v=CgE4j3173;$c+|&#%$mf_Ch(p3Ek<7f
zLT#bEf=B97TM0*mP%R)r6nTq80BGH#T3z%xTa17J05-R4HjHTHNsF7$t9P1K_Z~_*
z%{<e`OitdFf40aKS7q9ztc~MGQF7h!&PU;e<?HNzWaF~TB>A9{lXlxpDmv#H4zx;u
z*Yo{VMhzbeaK}BS#|sw(Dxb?>_GAb~(a#uqh$gl*MQuWU3OFmD+p4IJ`IrtyGpBm-
zsAAANCN2`$hCdKfX&6p2iq@Fc8@L*IQKpHH=N#M~=Q)4?w*z{wTG#+2z!0L+SI;Q!
zCiNc>k?|UMQt_4+gAS1IY@mr|11+?cJ#$E%de?-TAR<|w)W~lkNG?w6+!s*i{RbSh
zP@Lq}SeLXM^=t8uEw^YXwj}yS!b{yi{RW0X)H$BuOc#2_G4HG2Ge4PTPfd?J9ZqLa
zqb$#@MPP~8H@Eb2R@5L$nLHbc5izca*#9syFt8U|4X38%8d*wg5!1h-E-*$b9yz76
zs6?F(qGk1~B+TLV)9YzWQd)^u_9eLJ--hDIh6jt8QYznj3`ZKXINOF$C@zfuf&40A
z5BVqle~D?QvHhG%f1EGWzY@~@yR>#w@uYG8q`ej6q2OZxy(jL!hPl*tNe1gRs#PQ6
zEfebgd99Nqo3j6-fVwEk$^(?WZ8!RuL>{_!uM?lHPMlDffJ)9xnJRM?Q^;tOQyTwo
zoHP3M+rv;z2{#h3{J%eNro9;mm6mOeHzjI%elL}nQ>Rt=O%__ITP!~Eo^bVAY3v#Q
zPc+zyNq7X@z&PHp$R*oFoW#>q^6zVs3r@e?_1P`B8N7LW5pTRXaacHY`vo~?`6(L7
z>#Pay4bmt?Yx!QVchoOmHH<N97JWwO^aFXExv&ii9x;<k;@@(Ub0CQ6mc_`V8g-Vc
z_YFw2DgYUy11_os9dm9_Z=ADOopK(V&|#&NAIG?7nv2qNtM$sS_^kW+7GbZ@9hRn{
zz?+g6tW9wKAC^X!R2ADZb617{1ySx+N!x+|000<>;cWh6R}2eZzHKzC^QH9~HnO(F
zIplv4(hwcQ7VzqO$eQQZ;$mt}xs_`UE65n~9)XlR#|>PQP8>v0Vuj7rZvLMcd7d-k
zos#1P=o!2#XkkKxCO_k8wgvu<Efj=C{;24b=+F6IxAJFdAPV>(Rt&T&cJmT|J^-`7
z4Xf9IGmZ`MBMILj25n*3bE~ghk4HpLq~;o>vx`a^g=}=mdHP8;YS#@%My6n7CN{|J
zHwTgGCt<UHzh@c;Ky%1F<cHZWXk5n9;bxC{LUr;#*?bU4_{W)kAXRdbqY-il52*t>
z`+1T}1jyCd1Fb)+?iN3@|G$&>qT6omkr(J$nm#M#o7qM>%Egc(pLRQv+`<`H(>z_}
zn;l{&9sh5UuPypXYpGTeXqtrlowcJeU10^yMq$X$x`VJMa#RZ^Pbm=|N4P<rwG}dS
zmXZPVWZ5VE0kzF_Bx0GL;#z6!e`gY(=L_{O#I(O|?H!c-X&is)FGYChco@JhN&Bzi
zwWQu@tQFvy17*~Nmv97)ux{*pt4x8Oy_H$I8}bK?fPZl(>79HTki6;IyoinsO&hOG
zGkb$<|6Oe+jF~65^V*Rg62Dr4*8hZ|hfi80&WBizag*o66N+qQ#BH<7ppf)SY5g6~
zlh=`StVegCvfIOnfXi9A6K*7FsNybqDwZTUoN_bz1b^-nSJu&64|vUNln)*J+hw3v
z)|5DyHU@g1w--|?WnkRsFeLk1>c;L?2PyY*w3XrS^iOma%f;?#|G?&$YDS-mRMg$m
zYou3%ZhtZm+Qh;gtJ&Y@a>=n=P-{;jz}C1OP^<O~8#BD)al760Arewnx(V^-xn1uL
z6NUhqzUGhvde)H~q@jYK00FberFUK137v)Or~f9n#KBszva5`U=xgNA?SUiew%obw
zGW(JTi<HaN+Lqi{oF5`!H*<m@8M0IZF~<1d?Aq5%Q8{iwhALmBhj>>&aml6JouTW|
z@ih7Y`Usv{04?!GGWP8cfOQPLTv#*)ZweZz9fy852Ju+>&>W*wEy#7sqB|e{T~`)I
zs_aUMG4=F>I?;ylp$Dr4+HUK?1YN^K=&9%r8?KrAmE+gYW!=9iXsDuhEfd<|jEi^m
z?(vanSr#3xQ|dDCW#oZ%0FI(%Iv}&=rMF1}m`*vuJvfz!Ty|m?9+!lE480X@05toP
zS>M2$;ArJ!2I)N!i*8uk-&k2y`<XC!BU}4dlk!jv!LMCH21$N;W&8T_5B>vOW)c#e
zlCKp)?CD>w7E0TDnDM#mw_&|$yMln-=IRcTb2D3-IVv-xwd7qNIB=ldrw$l+j@reK
zg6Qby0l4b=m-_sI%xhK#5sNX0=HD}S)XV`dkxL9;gO`mbRn=OasO5^$v^nig!Igpj
zw!n3A(a|?@w2M>jIlf71QrlEn_u6X$e4Urqd8_X0)^JL6f;+8ysfFEhSiYlR$bKv?
z$I@d+WGt6Mx-*X0is&CMV7iIF{$8&HK%qB7e^zSUl~o=R<WECVC;4zQcL_9>BU_W?
z8|nf0!Ln=VMSRVbTX0rJ&LxFrSV^)<iC)SB>2agR^i&+SMYCrI(%)qC-s$~ZchF{%
zn!Z+910nX&SVwDK(PG}GFA~eMx_yL}yx0Q^G)#!d|9H$wDyO*Rc!eERRb&?kVx@%4
zIn{B3ImqUevbkyUF)DbdEv|X;Hka0{=t(m)QI&GIb<pSthEcKAof7`ci$H40i|w0=
zcUi--?$(NSSc%&oen!}3@|im6vR1XliR`HvafE@?jo69AImUMUl(y5|zElgbqnlu!
zZ%@+G49pkOPkRWtB^3*v;j*ri8ZfFuw+YrEHK*X*l0O1>XE0sI7}m-Eu%-0zYd8c9
zUhmnF4fN_H#JeU$0s`^QxV2}OfclO~T>~+ix`f3U$4bl?kKAp35!<)09gFK0`aEH1
zGJ1iBmYi@ZkOlAmd!S?Pz<!P)AUDS7000AWH}QN<8i<fDz(t^#JSK)xL?&>Z;dH8o
zMc{8q*DK|_%E6#2_5&+fWVyVirV%o=qVSi!!le`~u0ipxz3|9M552#OY*n*#)A;FI
z!hOTfPKjAulHfGv3vX+mjWJq2{jhniwQeM;5~r}NJ<Q~;3^=Ob+%r+f&7I$CQ7A{c
zAOLyX_*KzI9Z28mW;yp+LTWEixgGieThXm|vfR5nd+^KkJvO#5t!Ms2E$FNH?W=4(
zae=?ipniq2Xi{1xtBIq-K4p8F`ma-X*G*sNZ1Fp3&cGa{V2gKUL+b9i1;qUfK{k|I
zS10@NtuMg594yL_{%~5&u;X;Jvy6Ka;pr+{ne+@UX=NzZj?mi&xW0S<%Dg$UXms1V
z6}hSj`|zFrow<*Rf6l+*k6$Xyi|L$#oNiEJzGydu$naI!cjI0r_povI8G`U+SR_JA
z4t(;f{W=VX*bzBnZ^z6oaRB$@4;Knb?@y9D83y34&-e!_;l3-3!pZT|5nFXJOCHjn
z?~8B}IH-VNe}Jt$<&?n8({tttS`SaqDLsYaVi+wf9UQNz!N<+XXvZta20HQ^90(JE
zikr*QwM!_gD{G7hjdoxx(13d16)hLDte))6J`Xd#kyy>#T7d$|3qAjY|FBwe!2R@I
z93FLE_~%r!0<)X3Wwj~>74C_C3-{UxV`HH3T$GB{XD-(28C)hMBG(Y}RePU8-SULc
zIB%_na<?qslM(0fv?U(WqxA)f3C?&uj~ah>Tgz*H;n_gI-=NESG4w#|Gaie~(^Ehx
z<T9q^?Au973nD%Vz19hL4bcUoeJ+njJwhO^k(r;c8l3re*sBKXx5nf4_V@lnX?pa&
zeG;Ec2QL1Qdi~{ipGF<Ho78)k7%nd)cb6~je3R<k$>|T&;`3wTm-EYK<Vp2b?;=G`
z2&zciCWzW{WwA{Hz&EbfSNI#jj^kQ>VY8<mLi{4fQ-%|B#{(he<tfIDa#1vGUna&E
zZ2DM6LM|)jk609^3-0q1!ME)ND8eOvkcwOv4PwUEPpPqQP$nT7%GDNq_LeeKXRd{X
z_u<mD#QU4X<XzjUl#=%vR~M;{6xw(cc8_`8JG51uV0C7Zhf@2&4#Jje{lvQ6)wpz*
znJ+*-VZ$N-@R2cs6fPkRAdGUd_T?Vi@?nAc=FAGdE<yOuuYR73OaaC^yV<I<$VeLU
zDRzJYFL-7NFZeiFdh*#8&72=geUsCBr}c5)Psdz6Tx71z!K2T>=KC(2VUoExb)?&z
z(w`T(Iu<3HG{`-4Aq#Lvm?<O&aAg?hwNSJKlYqP{8KAS<Q_z?dcSL!4rbl>&hJKEo
zK<-P(gwn^RgOv1TgJqkGCtwj7n_A8(>q`|P=3ZRCg3+X8hE3J*5R7wjtZHu5rL+3C
z%&Kz@Y(OUH0|-Dy1oz<~P@QC3BwOS5$}$TD+zb#0o?|4^d!a^pE%rj*Hat98?rsc|
z&$ojphd)2mHQSbSH+$uND>>X0Iv@SJQ-tA7<aF-+15V!e@etMC%Pz?cqTHXf`z;R%
z?44LIS-Jg*=5)Tk*<zcSPvfU~(62(nShI_XpMV_ifeJKR5C@4hAQU@Zl#bJo000I6
zu!tyZ)%TXFFtX#uw^B9{>Z>6G=&8exCe3&#B#P29Y*~>K_rGWQWjVvVn|*jtKb7((
zW>|Q7k-bjv^<HAn@Sv*KRhVwRc)<BAAMF`QFwz8VLp|sr@=u97W$p`;O^jB7-F*W=
z1hqZi!Xe#1Bx_rR{{fzXzFonUe1!Kyhxi$o=!7b@%a?Ao#03KMTM#$g`1vZ$;}1K*
zgaov_U;w27Y}jn?f9bmHGvB+$u$!k~?$&jL+1UZSi@^SB69z^RsuyY!(kw`Ag%F!T
z!p&u*+Z2RCYsYGnKPXzIOJbJ`trhgKqhSsAsZ!N}{4YN99*sD%%cG-<PBRt&%+&Ag
z-x=12F<&Igs_`Cs2%RtO??31~D2q|^jIQJ7-3G8IH!o9hU)*@X=f`R0B_Bqa-`zVQ
zmm-4)cOlJ^?rNXw1YIL~Km1VQ@IEfwL6MN0!MX3J`*`#G(yz=)_}igCKbh42nRO*E
zB3>s4()}+jp?N+ng+Nk`PbDzLla%nnY^@_$oP)1Raw%b-PiGP+XFwoedMj(bJbdAG
z)=4~MRSnBI08!INzWurO60f1L_&~Z)#qJ$Ih{Gi+py{abl^UZvfe2Ut&m}FbgsEYh
zz<LxP&ok7>TmL0bScBQ*MF+A~FXOj}2)leqBDoGYp$-Naj)C|TUKN{@uJk);14M(C
zPkCwOGvk=6?r&1MiVhSOemMHg3CC<CiCS+wJeVlyg=@WCct>;HZc7}yD7WnQIw=Hx
z&U4es65pa1M>?ekTA(Hx`!FNFXy1eE4AA?Y+|3E^Z3f$Pz~ygwy4+Qvj+sSpbCUh$
zi2J;+j*yh{`j=fFDjqEK9piS)z!8zpSwxe`+n7U&-FVgxsJhkP<sPu20MRcIM##v$
z;ZmAGI@%yml_2;BIy74<8%n<-m+~~En-~lr+CYlappYG0w0um!#A2sm5Q244yfG_P
zCMT8X>oDf{Te)Q`=mUb!4V~!0n6?em&iJTi>#ZGTn8ue5{RWR1zr42LG4ni}T~hOr
zqf&`U7Y7TYBS0jq3wer+$;Yk>7EWblCkiHEHg%{CQ7r~Nm$+SztoKX}lc88%&YKDz
zB5DSR;6%43FM+YS5qdZvULU4BUvQkS3RRtH@Dd&3%<pFjxVCvgys)nn1)r681xS~3
zd0|zHaJKvWGJB}*C1^}h=3HCx{GBwsiUo;3E%|~haja=HD30HNC+4XF3Yxb83QpWC
z5K2Ks0-Z6?ATC~E<8W1bGHLg+OFPwb2_hPD*{GLoSZ%h_$hZESWh*z1rs2U|@v^V#
ziuEA@>NEm;%^P$dZP{KKE9P6Am?x6P==~c)_gbOf*c3Xh14|nOD}MrPmf<iWdL^H=
z4MZyO+5SqplA9RdMW-z$HDX|I_NS9lfh9F}`BvT;r%GqjEg_%<Q5c}|?MCdmBbA+=
zLPsraL!BL|k&iV-k7QnAYZlercH_?6!(D#grxOXH@B{gIoNr0ev`0pO>bnwwH0nj+
zDy~k8Y9r%#!H5J?Wg;kX)BpfCDfltw2ol8qyYFHeLCYQNRXmD{6>VX=z*QO35?VEi
z1EUs>TXAL{pCDx;DaqfR44hYtR0NOup1Y-28?8Va=pfHQ`LnBE7G2xx=_7gnZ&}!h
z+&l@z5)iTOYdQ6sDQYMs4xynxSe^U-=j5l++IUz3mxKi_NuNt#%&Y&&+3|b{U2+b$
zKqOw{O&E2jyo1@3Mp!mBtD%>jusb`DCj-AS6M~2%6ns2ly1X^X=j3%<bO~#8V+2uF
zZtffis2Lo(JRsg`4JujLe4unySD`GsxECk*WK1vu-w|wi<e!Kt%M&s-`5(emZt)x5
z0g|shyMMd6MVvAOLtyl=U1XN}DgXntGh_~Dv!B^#Z}oBXmb00B;H@S^o$f`usikGo
z-hUNeVb8eL-A>X|zcr-(ZsbRabaEu@_^2|astTl4%X>+(s=sr2H2qGeSb-0QM@RAq
zi<<cR4%E@V&$RR0dk2|Bh0=5O))U+k9jFvIis~V=NIk>B3GiS@i{JYT>vxAm!gg|~
zNipL2ibIZjj&krkUH4AknnN@D%kScy6MuP$t>LUdvkjP;1#LCiwrL({?+E?5GeExa
z&r9-5tqySh=sCQ(lO8?gqhJ>~L6oyt17Bvh;o8h66os5nxuWMwW38WX9D7!n069B}
z`qV?J69-D~LX_s{jryEH_PIm5vmKk4YtRRc1yry^ZW|iR<T)=n4LWYW8HfX~ZOPIN
z=n6#6yi6uFucpn}c8#aMaZW6!sodZ<;Hcs0sd%ri*2`$Pg*QVVN~fk#w{!9iMB+Hy
z(JY4UTu4~K^5ryNc^u6wOvWmx3guiIdL!s;m*qwGwDQc1_^=@`-Nnh2)_#*DXJ0I;
zvf;P&oPA1FU>%*w3(jXZh@!sYdK7g=@logv0h=geG1QW8<!tTCqdAvE-E{~g<{K@5
zBO_W%mDsVGcP8ySqjCXMjNn-RD;rDPTk@?`5|ym*Q3wv&*I%UB67p2+Ii6b=cuco_
zh@;Du`+)DMB1C*wSJe?{MwIOt;6(m5kyN8VCHor9Iu4SwKbHFg*LcAR+D1S1_H+Ov
z&Ad5Z5R$MAVOu^vYRjCLpMBfh|62~qAU8NPj19EBD8EruD$dkG>wCEySehLQh03<9
z1;r0|^>IL-;dgmeC`ht>U9$r8G+#3Tr_<)saDWVB*4|Z!6V|LP#967+0VFSK(km*}
zk>$Uicn0&PQ0$3tmaRDRW#f^HZFI-v)R8C!b}+VQDj8r2a@}%<v=HwaTd<vf5gFYE
zQNna^n2omO&Itu;gZqxDFre$}-YV8cDJz2-`BhCyNav|rP8|cTGEeoB5@P$8fm2)f
zQ`f(W@Nfp-=4n3bZ0i==xf@?LCw6~Al#SmTrrcDTq>SGp;|p3k(z6QCpTV@YKg`-*
ziuglvON9CVc9|V4IPa!+rM6p7=O0m6o|^N4^=0B%c{5ysIQxZELnTYPT(PScVhcAh
zNb=vN#39^6L58`6JzXP+|3CUAQwlq32T^@Hm|AXahetM@o~*sd68GrtZ%yG@DE>$Q
zExW`SngM&pf{GXZCFjQc9TuOtbTNSiR7o|%?-`&&<DQwNmCayv0(a*K5XCleXMw^V
zy&a&;jLcv@EPyHcx~#zDk^2u{fB*nhC>nQ+NMG7|SO7rfkNgp*j?*#w%7KnM)0ub!
zb@@@On){E5rBG^&^jg`WJ@d{OgxU@kYljX1CoUc_kp2N8_QP4~r{(`=nyKP9Y$qxz
zDq5Bo%<Uq3(z!o2(!To{Nq#aGYDM`-ifWSdDTQ_-6KFVDudB0Z#*hEJ5WfyQ3Se(n
z&gA~`nvhr7(e7LaaI-b?-FU>udnUvraTnAcU!2o9>9=loLgD7`&IQe>I2_>`pIcIZ
zD{vCgHv8)WxW*?_PUeFwV5b{4@S45$-CN&vMt@5ei_QXAh3@&BN&d^O=qA?^kc@al
z_Z-n>MbQ=wr8&dE&V&UGH$X%7OV^7@^R*~3=<wQv?Y*yJ%2)i+)5iB|lN1|<s?b%?
zvcKE}c6~g=7;-gNC?+pQ=+EgSq?UO~I}mf)EBLt^uo@OmtiYHUjiMZ_Zw$>l=!Fd+
z&-HVQI3<43f$st9KbmkV3UU`O4wvi!^q|fvdzc_8hU{Gzgn-p^IWd$gKb70u9374p
zhDgy`BDW_i#tXX9_RLOo#xa(4eet)}(oVbwb-4hoAwGxKn25_Y1d@DF?+f7Es6zQ8
zxk^PrJ&?O{jEYktHuu7u4kzQCUXjq)5w+pm#lS-w8a8kJg?%^uTR>wcMd^$>1sQ>@
zVIBGg5U^E>ututbWTJq;BpkICG8<N~&K0jx+V9}>bYfv+;ToApg8$t1tE*OkM{X<3
zgf@3y#gPkO`9C)WrN9YmJ^(>%{Eu}|4I{}Ca$=JQeH}Rp+R(WVuXR^Gn}P-yP#Y@?
zspJTg9vR_<W#e79Kr_d10nafo&TuQb`#}do8vQf{8iUI2N54gr=Nbuo!$a+1ko-vg
zS3_3PxxnZrJh}&oga^1ad1rY%(DeffnQj1r=qHAE0~-dU9O`{MR2nRj-8HA58rDM?
zL6xV~<qZ&)oC_I-wb*oWhTjL9Ng>E>em#9nzxrvHZ;Ce#p4GU>UEyA5XD(T1U{CC|
z+@#z%iYst;`@S|khj9j9vY=azLjj$ii-O2fzUJG7TQ}k3iRrN;3wv%TD-(#I4vje`
zxK+2QF9P%}Cu9|9USvz1#qkdNL;Z2m|Hz~Z8MTw5Ss167+eqHND8b{V<*VrPv<G0<
zvaDqlc`0rZkDxx?4}ohkj#2`0005XAb5qs;0003C^jLeCkR$+PFl&v-f^r3Jyq){6
zHAx^V_qKcdI)Cp?(wSv5Ik}wWimW_V&^{mh4A1ka<Z*orjGAF4)K#%ylWA2zXDk8`
z5N<<RPa)+R(&@~bWQYiyW<3O2H-2ke$!pkr`dxd#dXqBA%5Af1^ju_N<;HbH_wp-R
zRuA_D`&D)zw3l)u6GX`OnCuLp>|+r)K^(~$;gYlK(4-Of$$HxZB=iyeHVZ-?+uJJY
zIEa6Y%Y0B-+*EEyH|A>xxDA8p7<gLO+R_UxE*T#+9xPfJA$)wu*pv|Rp0Iz6TxgcF
zDyTWsTn@I;2nwppV_U`v#&l?Tm00-uR=vWtDejofvu-}CW`sX~#24?P0tunayX&CO
zQTC~N)pgAGA?`cDygi8x?Kq&(x_v!+Q`~40VG5<phh8q!dvYjkI{rT5bhwHxCuQ-a
z2J@M@lJ$k9+{oEZN&dh#Ei;)z<{+$f1@rc~IuHaciesy{5WXI5j%8-LXF4(%KgFt}
zP7c2q_w7@V-!}bN;{sFnt|=KS5~v4c57jkHyE|gm9s?20VBdc-MftEcrq+PHVXm8E
zEUQ_8i5dg3^oykg#HiimW_tY~ui=J1kf-n#Qbb4X#50@(E`xQg2uWm;i)b=F!UsKB
zaXjJ+w&<!&hyJlJ@gPxKSKyxQ%DltA7=CQ|hVb*Pu3{s~@yA9P;4UXn`X^Ka?6eGE
z8Fx;FHTk=u<^vw$5gF^v0qvv9fc>V3n^W8XHbdKGs$0a=LR)5JsLjD!P7&aw<xhOR
zzY{wXnCaH9(3B!FUEQ!J@UJJRaPKy{IN0#$#7BtU@4A2yFuZQib{a_7FKeciAb_*n
z2aqAPDw9~vg3|NvC(#4=rhJ-anUsO#b~ut2{aFnA$ZNgkpxx$2ie6QGdJmY)4!#wL
zcSMAY7(wp(fIj4LdCDb=!!Nuc7rY)3ziwsG4J@jQMdHoybik2MA+Ucy+K0I1t>ho)
zLKWeu>WS+F#q8m2D@v{-G7%cl&~1!a)n32kci=%y!@N=_`2Z~UYP8}p>(%mNPyhe`
z9|qG?zymMYGM7|s{}{XiySMtd`b${%eBnw7Q((L1-mH*Uwy_BO-r;fsyGu~K=l)q=
z9>?f4vW<Nk!9S*d*cIV&A81;IG);$=0Iha~g)5c;H_$Q7Gu@<%%q83-pLE6jeQ)_m
zUq7F1)8A&pad|*b&n*yO9NlZ%@L@d}DcE?^s7b)P-TYDXTih(@+3$QD(_~*T@dO7Y
z(p4dLk4qQ4-HmR=HLS*psO@x5xS54y6#coZh-c*HXl#rgS{e(D91Y2CWR)(s9vZO`
z@QDlN-;``A?}V3_4H{2Fbudx$y@KsvmUNgHF!`t-hlYSa-7mIgTIOLLLkY4HD@tGy
z7{7>9oi9*{*mLVn$!fO9mB1vXQ*OyMroa7I$g>0vlbHhw<0w9rA*PoLdS#ICPwiUc
zu({V$%<kMUS$JSY{at<Z42R5zHTl89+{u{XB1P#jD3`b=tR5lqus-3L$y5!zFt{y5
zeGoY|M5tg^+CKWbN0((T<(p-2H8`|M;B@{OhmgAFSw?olx8(e*U8mtE%#Gr^{uD;<
zTTN2GknZ18*vu9x=6hk#CU~xD+9Tb#HxQ0a%9U4=tO5@!!?|pL;q3a?@?N<`WIuY~
zwRjEHu<DHS_%H4))8Z3D{8WzwIlWkzNSRjO+9s~o$mnPN-0yRZ?Cfr;+_P~!y;*h<
z{QcN0Mz`#A>xJlz%Lt5lMI{H2YC@a0K&}u+M@v5Z_`0E9A5Ev43Qze5yrOB26Gydc
zZH-MTN5ikD^(X*S`z~qjRRJnoX01~0r+9^d)CL-YsX~4G^)gUIyWpYWD<VZ=dpmyM
zpW5g?ahIFz4I^BLusY2A10cO`BES%p{uNXc4=0Ct&REp-<6<M*5Oxt0{!OSxb12<*
zA^jc&s;`r)WTIp3xW=Zg$gRLUQqpCL&ixFsk-vQY6woB`M&N=PNE_AZR^uWK9WJkG
zO3N!F_|LYJG?-LPr*nA+`OtWyRGB&AdXuupRl~HT-{?v&)<wz=bO+r1yAp5Cny@FD
zaDZ4@mVf{N007bxgvoFO&$)4jh@DzfQE%V0tMHVuNB_@>D9Q&y6~_AShN_K3><-*z
zjv@2|=-RO(tSJ9;owT%`cbuW>R<V}I(gBl9R*YEx9GIPqM)(+&?r+VObg`^J^p#2F
z)+0?PqI!0nJw;T#q(`}-Zq9`C#R~`=iAMC4zl{TH58d93I6P509V15JeoFV|^fIY5
z{d_ul$mG{`!{v5@fi~21ddQs3PH6%C22o-THhc|IH*0rd$1h;jw`0YEN!9!msX}2W
zm7iIo7;>ckaZ(_F8k9k*yr^&dptnyGK0lAZRc-j!?YcH6b;h*dM;_t#lab8AWcXdC
zmL4&L0`S0LD9i`el?z%SDhC-8WF^axUzP(>x+l4ABjp^3?^`QB9y^UTh;A338KcWO
zEq=?K2wKCous62S;1lJ%*bjQUH*#Up1iSzjhIf@cwM|8$qe{Dmlae3Jd=h!@vsO%9
z*Af}o^Er}sot8}(b}(&|6$^k{loo3YDEQ^7J%np|H4RvRH|3e)YRzaixN1xuYHokP
zwOf6fE*bKbj>pnA47n9+YqtuYjJymK{~2TA9Sa)**-#jh)A;!;KMS;x!LfW~;fIu_
z!5usLC;MumlEi?ASjO@^SX(ABTUOPh&!X**zq`6>P}CSdAjpIASl?MmTq-C9)Mz8U
zI`_abyLtcHO--e7JLeZs%4w{ardel(UZR|f=<{Fu%?>7bjDu(ha75&SRO`?O|6IBm
zjkq!UT3Ej<Y#?`JhwMJ|&rOhUe5<`)k_7iP|1ie`RvU%GuNjAv!@TD$DJ)>G|J<Mk
z2P3LvzW1GI8;cgd;n}h`!=F-Es-0lXR2NGnN+|3aPYYf0x#~Ka6IXs<_3G0H*9iA;
z3$X1poC!POw!CC#&>r4Cz1JdtunkW4sL5cx8@Z35U(b@!Cv)_wF1=5ZSKon1fKXlH
zLh-p9EY^c(Kby40qb@n_l)mcdFq^izv>VdmPP4K>`=`OeiOtpetfG(r00DYiES&UF
zrx&P)uf=g*jf+O8so#G4HLr%#@z<8Q3+FVao9yZG2iL8b%N#@VSJjn(`Y_~n=I%@p
z_GT(B3jQJ>j_Ecc*`9s2(7&q&c`mb|g4bFT7$3!PUX6=Jx1>%bWSjumanKIk_w&__
zOn3g)`1}~6W_2eag886cy2<}{9;9%CTubyr)K3%Md_ybMfali|qc5;SdzeQTN?vVy
z7#dahinbJ2tLvLtqN@-GLvN5+x)2wwE0osVR<i;Lz5MZp`hT#8&w(b#C*`N`{oKcf
z5GvE;+^YC%Wp~4$ic5D$&bH%Uh#I>)o7*ZL!o=Sa`}7asFO+W7&6V&;U_qC+uoXLV
z_#jarH}=cVJq8Uc-l&lhzekG|yoLp-Wh(d;kCLK4<;&(0KwUjM#gkp?zhC&<8UV=o
z!1(<N^;+6&z7nEP+u`+UN+lJP%xqDTvG(=y=LU)Dni<vnuIR0aV{r67?GSPPh|siJ
zbde!6Tt`7I`Dc_(GNp%PI$xg1=F_exLN@AlwwclhYmr$R+N+%q8Dab+&)Bp72IUl$
zI9ZlN;1iyJ&rk6q^az!J(NovJqkav6URP?BGo9hyC*y50;YX{}eJ4m&qOEXtEmMR3
zLRS<QP5y==K*;g@o#rf`*PXnFlJ(1{(8^rd2|@%3k$$-%7+`$(ejC4btYU_GM!W=h
zx|~j60HChA>fS6^FDjM8ZMb5U?lB}(EzLFV<?=HT8<3=n4e$#%Xud3;R1NYtf0y1-
zS48Fmx81JAv_aChxj@e`?ek~PqGGlh4LBp>vw+<;vLmdeH^>n?ca8F(WW~r=l;=UZ
zf9rkTUYKO6Ixu#tC#<<EH9;4Dn%zDa`czb=I+(cN^rbglvSXMrWhh`3-5!X&s^}Bi
zO?{E3z#D=&{4WK_OUESt$Z1p^T2uOUq*yMk-Ywq>lSbRhujXxP-^eTFMyRlI7NY0^
zX@3iTAKL4=5WoNc07{$fn{{z?F4rEc2pZl<2vdEk%a5ZL2;%I`_4VgA?d`O<hA?ZN
z^SS9tGK$*SFVdE|ylnOL?m@Z+7V8$z<D~jgsTum#l%4|P)VDBF4vJL@v!Sl;Ol!!#
z9@+WQHdDr=_}QSaWh!hrBj`8P-0E7rS=)qyQa7X%{23{2zeyE#r|`mqO$H+}GFQJv
z;u&75WGO~w*cyR#Re=<!Ni%qNd^&{ocDR4-)TTjUuU)mpAyX`ATiXN03W|nFyBseh
z9)J7pL8zb_ad}!>Mcm99>|Fp!BixZr#*U3P5>g7LtKw3PIrJu)gx9|OO(|bl(9%OG
zEtbUk`OY_}*(sj*HKkz~Z-ycEGYpWjOub*Erj=c3pC|;Q<={d$ERc5<Wn1CKscGgz
zh7feNQ>yEc!2Lt@4nZR!6(7p4LTrbx!^2Pj60YY_wR%PvxG~ywpw-W%cGC6CEG*%1
zEUI{J2OPr)gS2Q`d^EOMbbQzf4*|$1>F3Z(T0_eF{`9u~8P+qlsdK1rf18Jkbs!YU
zmkoyh9+jtHF6jc$`UrwV2!G$?pNPoi;T*ow^?y2}2>U7rtSh{g81WggY7lD<=gt`;
zk0)QysO2kiW|vgT&LG#W=af=zge~^z5|YCeaiRBrmLu0vHMoS=zW4Lzva{CcZRZ95
z%vp-MhD#D8x(gzUcn)f9OaOUcdIVF*B3qMbi|x_9Q|BxvU?9jT<1qCz>Y1nYI)X&F
ziqx7;B4Om3Q7nRK1DikP6me`vn7$`axGsS^aUQ@<#n0|TT9rt6xHNZKtb(RZF7KOv
zW4ma@%3pWDcV<}kGIqvcsbF`iP?_uV06?<5d<QQ6qf6v8rnkS+^{8E3E4lVNZ?IRp
zDSnIzrF6V&;hgvHjV)Ils}{5_=r29ayos0cXnxYFAFuy0;I!Ivt{q=^Q@SP|y`5hQ
zwibl`tZZjvQi%WnI^=)^Tqk6@UMN9kD@H2n@?tUWc9&Pbt<8ngf1YNEL(>1EXK(K~
zPMmw`9Q8nrl^b?iT8t;{nPd4rgg)u@|J=YXnW=27grd+(O-!^;RMcwq27!RrngEZ=
zHO*j~pT40U{|MsPAFk`7M(=s7@yq!)9SpbZ<)IBNsvQu0_1d=@=lVDAC$66Ehitsm
zEL$;QH55$&QuPmy8JKYRbO|+Y-a6a6v1D~~99#u@IInrjf8ts+BzdP{`rWEE6S}u*
z&{F6K?_q@qi;Y)zSBo@n4U+-}y+#FYdY{wKL}t350Aspo$uS&I9h%t%1T_k|6MR9!
zrubq7BzCI!<LMO-;1glvg(+I{z@RQTgXg3P0u$w_r+55DE)u?EhCEzVMc8jI^mKGQ
zgqV8((>$HqC~=+*+f@GZdUD$FmXpIujmt0VO5j409>7n7IT;d3F=~7rSR5b~`jBOe
zCJp-^<DzXs5&F5kd)bbzCYiPHU`4n;;LEi~2e=o5&#XxwNw{;RRIOE<hc*I)Q^Y|q
zd&SKaXffrv9-T_H9HXmdX@h5I{O5XA-7@~Ot(u~6HeFsj<Xn>rUTb=u#hi|7g4GUD
zmu8D*Isr&xvYgC>>l;J<0+kI`*^+=0$08!L=%2U%es|2kx31pA<R-)jv*jtHP<$so
z&uo89Vj5)&NH8+*2JE(v%nKQtRcr7-6eX9<sLEj6_tSjjQGft3Qp#0MP%<2^n}_ms
z*Q_l7b3n~Zqga=j%NsBV^o*Qz5bD1GhCjtks#}Pii{H1^(ryjdIbkZuI=VbMvvm5|
z#^l$|(Km3Pl~NzQfU9;|3a3(gg^92N=B|~8^0oD7KPr6!_^IaYTxp_twUe9m1XrN#
zrNitvRbb<Np~qAWOhu+~yuK$S{uD^e^sJC~;RLXigD>co!^?7rLi5p5dVh}>vd_YX
zU9d?oeE7e^>OXCtj%>;a6_&~^Giin3D;7_ZKWh?(mDtkO>~2QUeV_oelK=z0vxgu6
zujbcpTahYs6r|{WktP9Z#zx!Bi0FeAqZM|K!@?NXiA}9(A`k7w0mUJ{BQKi@19m?~
zfzQd`4a&B(GS)}YDOiZ6m9x9IO!Qe1c)W+9YzQ|(hfnyeIh<jChSrb5@%xt+O;9Lm
znZZWt>lfI+0MF9{9}pGeK*QhVaMS@=Y>`W@-WLqch!Y99OuEc3830Y~5p4Ex2c{9!
zhOjn6zW3g|q9K12t(o_Cch}>jS2dTWQ59alQ>|ct6w=0$oRM`!|AxDlrO~&{a%QE4
z%Nb2X{>%<f=Ys_}$^)IIX$R7@iss}b>41}ClXkCf&RH36Aa>F;0w8Xh(8?kZKVxak
z+l7+uTRxc9tE$OP5IZV$@p;55ZKarQPzztY?>`k`#bn-!z(sxq1D;(WFCgT>(qn2j
zh8}w_&F_3-04!~SU)^#FAD!Xb?stoEf1asVv#uHFLPD%s{sam<><OL&R&qE^v~PxE
z`Q5_BcplUvjAUO(gxQYne7Q`BHFc5>e3Pc=d9m8w;}pF8FMirmR19dlEw|PJ#+H}m
z2cLLs^&zZKb<I`~@;*PcpwM$SMYXdWF`N;U<=ojCHq|xym^;kQgUaLT*<WN5r0Fk_
zYr&|d;zz16esJuJ2<<<xDy(*P>^x;q-%)FHRN&54RgTW;Ci^|P;owMYEza&M(J;`(
zRTq-E_xgL(Mq();otGE(<HjvCfz#56o?#6a*odICNj~6cjlAHlaJWu6*APLY!!O>r
z|3fV@^7?FJaAT}WLUhpV+PM&h@YES-4!yZiS51Ghp9s}H%~FLiE=9_lRY)3e0r2b{
zoDf;(p9tzfeyj!f5V+m)>0Slwq|!jGw)tz3b&P$aGUu{4-Hu=pzZs;sO))2X^Hfai
z6a$=ZFiX5Jm!~O+n0~5@{<us@@7*)_8`a1@Ni%+TF9OTBYm8qR^z|;3{HtLUd^$x{
zzi|zgze~Ph8+|BQ=5cr)&}2feM`2L!Cy-zYJ&phX07XNPbB$V#AQ`gu3hRzR<x8I)
z7^QvJ#xByR5~sC!pSaLGggMiglcRBwGjkVFn01^Ie9nf{@fO27A?jBXsfb!I&nJkJ
zK{v+W*<Swna7XeX`&uC(#6|Skr3e%;JTn-&WOi4B?Ts!OoZG6h*{l-kDoYYS{QY<?
zQrYA@1BC(Mx+R=co0ngE>n*_=)w^KC*3Xqbh%tV^tpben==an%Q0rTJ<LyhQXhU-+
zUr{aTq;Apj=tskrB(f654-LB(n!QXGV8yMGil8hLFl(gIM`dJp3IDQRR5oUJs@IoE
zSFRsYRjr5JnW|wu1fDYB{sulAU+1HARVLUCZ|6|2vzeaU$1F0l!1+yhsm^7-DE@{e
z558c?5wu9TIA=#3k<$t6858vAJ>Lcmoc$3$Uy#A~eUnP|Iqg{VNB(+9NJdpiPlB-8
zC(rCfB$rk{iJ$lEJ2v{d`LursVcpIqi7%LAEz{Z<G%;sbnjaF9GisUG3?ACQy<~uL
zO<d2>g<c%KLC#*6>bNPtaCWJ9w^jc<Y?o00s-4Q2E#hiTisXzba=4yFG`N-rJ=c1&
ztGH{$Pm?GYbPu(VZ@Hijc3y<Bw8=y71=4i`mZ2~+fTxjCouYU$Kr;+Q3da!8Otb-=
zjeg?Q`7yz=gbGj<`M`--sc+KS8#>tD`jU3Vd3Sp>j`2G4u5I!#T|&;h6-N2IPDGJE
z{Epz0L94mKGEi`Pjx^B%=>Seg9SMI^17IfQW&i@I0pjszfa-Z<jQUKRjn-fZSy^#1
z59v_~Hz!@hf1qK1Gr-M2V-@BNxs|CPT_V!3KaC{#F+wNnie#c!8&Ntflg;%})6qk4
zYiFv}q||i$Z6ync*}fH@P2SogR{HzF<nL?N#T<!tt46bSkjkgN1pXA&xL;J2=A13Z
zeNq|;Zqj}0@BGT4ntHuoEor9tX<7XT_!BniD`$fb!Cvqd<pbn9do~|}b_P>0`2Z3G
z000v#0bZ->xDGIG{a|U6uHsVxwg;l}ML;XBbqTt}X%Ib?eFMh1!C9rZ+|Z%B%1K-5
zexb-xxMUV~SaXw9A;x*Eu;+Q<Is1Kb40z2M%$|E9Yi+TkhJ*Z%GERu=(E4(38|mGq
zLH`uHx87!ZruIu-s1f8xZ<P(Ac4?izu=JFr;|qk2j-@}+eSxs*0?3_)&hKqC!a??Q
zPobJTK@ITw%R`FSG&4Kt^}y>x+D9PRCVYUIPgYno$2pluuhKE&uYQr5PvAreCBl8X
zl}M(!hmJan9RDndG}dPqJK{4Wvd7~)3!a8@q^lv70k<O1Os*to3ytAOGn#GL2R}bR
zNY?t&bH<ROpB-@bpNxy7#P3WhF3DV8i|8x<s`7Ncz*&*Pf;tAFNLzZ}i{E!h<Z<uB
zNMP|mKUZ{U82YL@{7JZ_Rv9}-@wGP^$Der}hL9hLyY_d4zQpCNHcc${0?5c4zkTd>
z#p~<VQP%ul!p!;@{r+bChd$6uAQ5FC+9^Dqsv8yAfqZl1f;^$*auk(9T=|Z`WU8nL
z=sjB!+|<Vf12~0XYVp-uz$t1p`rixxoKS=h>F}MiQ=_QsoDTXlQU7r(lhXt{fMtdL
z?1m2|3{0hgmY9^RI}r6DlXx_cwphwrQ@`Syg2Ssj<vH>)r%%_7(n~F^AIt;C{3tVl
zxmi&K<oNKj4wD8$bwKTkt+MJ7@XHVg(6M9BKMJ365DdIqF-DB*5>KXRQ#_L?)u*Y{
z1w?4|NmG?W#P9R{5@*NVwBt5uPWN#S_X5s|@Ok>=0MpLaws^dFwHn5>e{)>@d9a*^
zH1ikO(c55t&8<F?8U2lt8sH+xemAK4lyT@0w=VlI=G<x>wSa)$HvVp%7g%dK$38?B
zF_=OGPQ-Hz>K&;sF?EPv(+H_?56#{4!*nzB;r*gT)VWx76}|(<XzQ)ILcCj1D<3_P
zQoK%DgC8IPA!Gmm03N*3m8ouUx#H#J^4qL!EwOYByfFrYdCRFjkci_4_~7T^-ipki
z)5!O`Q{DP2!ZiCCoDws7)|4iq_qq&|?PmCz&7|Nm{sO*Q*e9m_yB(AG{P{j`DG-xM
zi!@hvYyU%N#)P;3#Rx6dQ;oMMV~tJuG*r6BI`xZKz0T$kS7Y*s4(%fHE;c^*AFpTr
zc%EUIAndD_Cyves1kUH~3E*PP;23zl)W43&=w5c1@MS;!PY+<7Z~z6f?VnM3F7FlT
z`cw<GKrwgyCx_Wj-kBc6!I;UfW9>i@pU8`lbe%w_;_3jb1$b~iB7Byxyv1f@gyT0C
zQ0ON`pnR)mDagl^=xO<wgFm7XochDHCiJ0RI2Gy<Yyv0SVc?d=$|6ZispEtCuntzX
z4C3?^lrAF`f=q$|;)KAZP>ZeTYTo&1*G<qVy`HxR_Y)ZUY)NXQFM{S`<A8cMU=D&K
zIn<k=nY~E2$<QlZUv=K(NugD2^+ff5GtRJ~b*ijZN$dt~OHpbO%B0-1_T9z%dP^^>
zRy(2p`QTYjQDPet1uzk_6_|fvBuMpxa*$@1so<fM5dS1#{g{*c`-wT(!&o+c-a<8q
z5^$xy4Pyw?f-byH7q?!JgL@Wx%w&TN6ecJQ@W+MjkiUp=T~<LcE3{e)GR6*~apK$J
zM2)Fs=W!tDBlGEpIRYZvtQ3H#U<FwQ7|$cX1L~KC#F74(ilULK74HMVBL&%<jIXD{
z1#WBYnWj6|z3WDDASeGa-FO=c(^|Jm4=)oHCTG4``&}Cu|BV;04b;zlDm#8S-hjxz
zhrA4gTl5acnMJ<zfG)6ZXF;6mEkzmf8=;lt$$$PT!l^oKAJebU7Xw3iEXk4jB}7xB
zgY;VypEs1};G;~Aa9Z(SwChl>_F|3C#2XQo=63jteeTqiUW727JRviY00C(x0000b
z{R_CnB(Sf4a5KrsYCZ>rg3Ujr8C-oBuw)ayWjmn}iDi@-PFQ}CR_=UzU+^qf4Zsst
zEtt$A@<l#I68irHO*rxk5CSBb_$y5Wp?k>^sol3@B!W@%<7^KG>?BMS^kPumACP>O
zsOPyJ%5-o43PD&aIX=T!Rvac(L`CU6$vy-!qxvNGbbr<w(-2PEJ#8TF5cotjx4Lyo
zIHsvazuVZgJ@C835Zd3s-fv5u)O1$gE~B#)oBZbOX-QCIjJs%5z})nnks@pV8T9wE
z)nLJ=FAQ5D$%Rv!xEvLem#?)-Ob;)8<K;gUUG1>pc7wYY7qGCMPMUEr1o~Ww<?tAl
zYr$DL=s&H$YZm>qJ(x416aPnVwI~|w@9L~GI!>=5$dsxLH3VmSlIjcp?mOt1Zj}1w
zPLftv8tr{q>R$_?j@CgR+^l=dwNQV{cJ)*)(6`=%mZim3kH#VdkKxOw<3hHq<~PcE
z7)&W}w#6VR9t4CU)4$$AYfTJ^er`zoFU37fxS30Q983;;Y(lk7|FG5(ngWPQq0a`b
zR8s|%Fm4<W#05)$pgqg@<$?(RM#6Lpg{v&O5I1gttkmB(LbV`Ih!{doe>Z^e{E{^p
zUznWi*qMqBadzZL@-BtdNp4P`Zzq3``onOl@;>neq!MKh=DZmdZsA|`feo4CtKRR!
z!N&`m?TRYR%Ba(*q&6|~6ON5XgyHt`B_b98)!<Eqo0C9k80J5aXPbUpQ^poLfYa${
zIs||tIZZhcZAp*i=sdHjc0;0p0W{DbEBb+5`Ytcg>JOeU(zw>{D8E~t+we#o>q)Yy
zw49JL|7tc|y}$a<?F8fF9dfR5i~`vT4(Rk?Jd?iGAzbGv;de6+NJixkEChzWxYM;!
z$h3*<?v>$La7B)@T)F&S(3%y)islP3ah9<s5||ZT@LCN?yMJEJ@=JZ&1pV>~jkU}a
zmf!#w4cUMI01S6++1FG#`L#3}BLQPt?`JPU+ZwQBzsPPj8+-$~(r0@z(Wew`NC#)f
zwiuYv0B9WisvLnea<T4p{VK0aJw6JQpl%!4q)PMZodE44=;ML!>XbIvni6Mr>+wre
zV>ZVpDuj}rma;GF?j9T1*Rax=)`bu(h_KO_&V7_kO$WuX#4wvU@(%>EKKQao^GfEk
zL>uzEMMlqIg8TgogrA-u+ge^*0?1f+Hsbh=`LUQn7&8@FguL3_xkVn-Bn0B74m@G4
zM~I9FE)9aJa|7G#saoLb?Jm69Q#Jf<{X!}z3_*96zZZt)z~&v6W08i0)B1n`&tzYT
z%<JH?6<o|{>$F<|BZ}7g^(_N6Ao@uNG#>3+C;V(JC<KEQG<4G6{p*!Om2})f)U_|C
zPR`zZe`5W)-^&1s17@)lbn)anegu4kyS>sOj*zvmwh(2NHLt*5KL^}NwCv*vz1n0r
zQ-raC0eHkkViaF^jwU^I_0!VFvkuo<e@^Y0?9@B%-PO--Q8c6TbaZiwXEMEn9{<FE
zP|HaLo6tNqY-|%<OKVKG7zX<|AHq!qfC#4Mb1XKw>en0UC=udDZ)qD-*N19I8c65W
zb};tO)c8$GHI=s&u6>>;ZkACTT%?fR{H~y-7xJ{m_cVI5n-jxb;W?ub1I`p0#edTu
z#i{d)=4G4>)Zo9!*zQq+uPVR>p8{D}MeY(fGh7>@aA&XwFfF$O<q8=HC>?Y7<!&pw
zU+SK_I9b2N6VBymkde3;eW1@svVO=85pVhD0jy*k#q-htlQp6XFnB2?u1$+A85LrZ
z!dX(5RNw$=MQ}k6bUFR5W~o0whe|7R`eauv8SJ@EA=ig$^#^1lKL`2Ps3MX^<M5??
z-b@k`MhwB_?NWkkO@;pnM@8&cL~20Z)wQOAc<<n0roTV{E)W0!0Av1vmpmVNR&w`X
z?se6L#c6HsnjZFkh%tgwy5OGazQ^!Ny^M51jk9rjZB$LLN`eH7b8ACe=AO}c8-wP0
zXfCMWCliMOmxX`AYU{07xN9&uHSD??QmhnDqNmlHHmedWT4=XSqxi`~!RY%1%%yq>
z+%qJR>9iQrUMZ0fI4i)9$nI)aIkdFKjNihB^BH|mfVb00ja5j$rtn!wmnp87n`o7d
z-{@WriGJbJSJ%p1w`i&A2K&|T<S==9F`P7hd)X)x({XDXqn|o{ec?mA0vT-5R6g20
zn>X|pCRl5)9}M4=!)+p-wFn&&GYYvXScK}uK8&xfPiPqfm`2RkB~E@4ay~?R)GcTB
zyrGDpRd^kUIlZQMAJ_k&3)S~hiePUi?h+fgOoj~B#~T~rj>QI^b8D%Unkh+79{4vo
z#Z;>Rs0E#PO~b|x;wX>bA?S43R2IG~JQVGtDN&W|>fn#>Z<2X5N<=C%=~%_8EZUhM
z(5XL0Lx)pX2$nInX&Y_Mk1RY}%+Z_9D7IjI0L9#+{nLPNKIM_*{+>S>4A3yJJAFBE
zMtQ^g8Muzm=fmf4UsyIeIsvE#>dVMGTD#Inm`-?teVA^L(6;&}O?_AKuQe(k@%nuy
z_$|v9c*lsv_Ph$R<r=|r{EAkg{T0&eSTlM#leEF=9~?K24S6~Qwc`x);OF1;&^Uwi
zwmmdxNa6bT)VB5&whxOtatBvgs-9-`fffJ&CvUI?8Xy2Z&|z+&n=x=U{>AC)5<EyJ
zna!1(7UJt5DjlZ)Zv!TKf>~~sk(Iwjx|&uA+Fo~sEozM^s&ApdbAj{JOxjIYm-_Z=
z*Cpm2g6h>*F@63jiS~5;^<HAANPI=%vLLi%0prg3KR%>(9;J=*AcHZq{k+<*Rmg-!
zkY@nHx_P{HxQ#s@7`1-ja-Vu@t%{vam^9I!`Oon<<LC6=Q&<3yvH$=86PU5q$HC=k
zK|VgYm;PMZavFACCrXdH+HgZ$-!tHIK$C{(cK9C`ZXn1n^5u#IW154auBCn~&N1gr
z1EOd$?u&`IdQ0?Up2N0A+|!`}&2&csT*5}UpZ>mJ)yaK*xcAH_7w3mOdDi~8SRr2f
z50=7mu0+6*fQPzv7L6z@i%LMrHCbW74hNmfkyLUfak>~Fk`ITXj(+lKRUS9+k~!{c
zNZrV=*?>%^JR<WpiED=Q03ug6VfcRkb+7E9O|#=Vv7!cbB}D8ZLAR82KFE-?gC#z-
zUDkY@>94C#>HcaLEsH9P3|Wh}MHroSHmPIwCL=&;WJ>H+@ppP#(;L4X?3A8li`A#V
zf}zx4^OclLDg5A$C|jQWVutI_wmov*fw`db;$MDT{*jJ?WtgnSavaw<6yH)92N<hl
zsww(nVOJ0(K8LuUWgPd*E6@y1<_l!fv(*+rUb01(Lo8wD*FW|ZjHrh4&Mbeyf79C}
zamRFi(WY*Vh6#DDDdS|$)Yr?!!qXvMB7D0Kg>um>Uhsw@mklBWEi~DDpEzESgTnnk
zRu%#@n*l(1v;$5_OgZW$)+idy+2ac}W%~_|Qx0p_w)4C4JCTg-Ll^GCc{*vK1r<O+
zo!XKIlUmgzwP#~^VHh|3u-4mLKa1RL@(2c*ed-+E?~nme9^LAuI{9Xc$aW#U+t+$E
zz{wvK`78G>&~+G<Ib5YRpWMK|3Aijc)e__kJeV`}!!%uAy}p3$E~6-0bG}Br=d2|5
zgYe4bdGi^yz?T3bQe?+<ng6P43;!=ko{3dP;tr0pKZMM;L!CGnBa$LEoxNWk$PZ(!
z^;^4*xPjkJsXX?4F4PjJ1Eq0OgucWF82?ilYAj$QQXC#sGPkds-LG&dS~adhraz5A
zI_h>y>{1uvmxBPtcOwmi?ZnMVLUA-shk5L+LFU<KiEcdVRTtq2@Bxy8*4iC4N}MHH
zG+v<{5x7Y>$8KNzvoN>LMZOd~`Xwob<NnD&1cq7w001y9gp!uhh7T;5g_prE$Yhqx
z$)=1Y%48sR^W$0v;2s^nP_z2O;kydX+7=~*7bP(ltd$FeATIJRaazKU-bccIMfVHn
zW8R$AF+?u`|L&xnk&31xJKr$l4?0W#8!l&SMsY6(&(S^9lU!PGqaFsi&BDL>loI1@
zd|!X_)Kq%u+5UVDT`OXf=<8tmq&-X=gI8m1Iv{tt=r1vdpKXK4U$6ihXA2fY*%FFO
zh!g{Oy`+^R`1q3(7R0$0oHEtCkJK2YLFld1n~>l4&T_j}>-;3qCH$yz)eJY>z!OBV
zOA5ofraj7)Aiy#Cg(406NtJ$B`9X_DJ?!aH>UZj~HaqshPL$8WC(s{49bTq-TO#C|
z9-aYlfEj!u46rDSIZG|P`T-gQ41tuC%}WIWb$wn6QocNJWB!kMd+_vG9dLB3Sse+Q
zBa!#a85BkY07dNm*75!8P=YnJrADS8zf4^oWVlK&`7?pvmb{Y+^H_-9Yr<l$1aZ$l
zxmOoY)l=UR9j~7emZ7gqy>x2e2jl;x?YfOAy6>H7bbfL>0&vjRoLJxhFPB-Zu>vCm
zyLnv%clXgGYr0mN5KAGN4^=qq2=jMkXC9hth4`O01ocyohn0ad%3Se5_oSyl&tkDC
z$`OAUGWJ>`z94d#b4N&gZ+==l{gV|b(i|84_+|6ouuixKWQ2&1CE@4+0oJ}Hdm2^s
zO#xT@^8O`bXGfKJ?^g;<$9h%|gOb<&WKcx7)oOV{EtyQD@Oeaj07rOkR$^Xzbq><*
zZO9#5Ik??GApT15wF0mJ#Bx<WNN57p)xDn|(Y@l%lxChReHX!N>Xz5NW#!WFO}fE5
zv6|liY!v3Y%ilX}Sgn`p!bN_$1}KDDdeHd~`&tkcaHC$El%>C4KT~s*6H_*fn(8^X
zb5^&7GY>Nc6WlohzUtzuH}ZFLzd7O&F9bTqmBCkTp+Y$S)wx8J-gL3;vu7>u&Nsr@
zk#WvPTYy&G!)kM#6Q1eNCFIa^CCF;5Yc!>}0pdwG0001E^G&~zQyo^g(E-}IpkvqF
zHQN@h=`Z3C6VeFg`zgsvIyfahOz3_wfjilWfMw?ooPBW2hrLQC@mb<O1KZ}Qoeto;
z{govrki`|<buxbZNJWauPIxNm{fr!7b<}BYk;`i2`zJ3^ofuV)NBj@RwXmCyC-u{_
z{Q2Y9haoz*<$x}v(uR7>`4Kk!x@3RCjTDkfWmagfzA<B<F!pGRT1#G{>Bu*KKy-Q>
zhjjt=;&ZF*@6e#D!uPgg1kpI!GE+&XDGs0x#uwXDm`djU`@-;M+BGni()U!yl;-HX
zC4&sa!=(C*A%sJVlm%@7>97<IAFZ{@VJQ7J{Q_O{R!}|#>YykmV*3jSf#fuHA%w_n
zW!EI)C2kGBQN73e&j}LmR6cU6x`5IIZwWI30;}#Pj12i5r+jJqc2|`U0{?OaAXWCF
zhic34*#xyA*O9Q!?ITuy&#Q9ocF5zPI*KNkl4Nuu(0pNQTa-dgcQ%YCo|p*fX_F7Q
zlo6h#a<r(gks9msg(Bj*nA1=^J3d6$P<VePbii%Vuf?qfPH@WDdtx!H0{BGx)$srT
zFeU&10W)nvQPL2H5!~63A)J>pYwtSq$6ECe|G;RK@&WvGBq|Z_uM7WrnU;Wqvd@tx
zKmIvk--WR7e`nZE;ApT$q!hx)bh?v$ZQYx44gTb7!jH((n;FQ;O&cA?({}{?W`jyN
znrrx0IS;Pm1^>slc3uRyZ(QaA+VrbFE?SOy`G;g4B1~<rvvl2v&y7Gw6d@2V$S)^y
zdl>P4j_I=s5J~h(FF4<z`U5K|)07Z4u4i!6=IdM65|K$;K-o0+fH2V6ljjD6m9YEz
zWZfaak+MuKHk|~hrp(XO+yWSy$+T!R;q}NX+IU<pPE-{2iX(Bm)%8tFE-e@PO<c6t
zpb3_2R&Ey0SJLetEf$axPLW2*oX1Tono1sOwFBsz7N$herTGFnOKDdmNXJ656~%ar
zV()y!#0()Pt6~mq<^g@Izd8q!y_Uh3_=Y#HaO=)pv-udJ(mujlxzj1=<2Srpfr1ZV
zf0d(DG4s5N!012#00fP~a8_Ws6EWSV1k)2c8%*snl!uXKPZnH++33yGWd!D-NEU@(
z;tgC25u*Po{hd-o+8)rQGt=~p*IUhCfUo!}_t~eiAkl!m%om&X5;-&?YTDlwb#MiR
z!$tXP32vu>V93bV@@mzzss)S1+CjY)J66Z(e$;P-YsjGhd$iylRbE7*b7y<4w{)qm
zYuRUv%Al@-)p(NRHCzit=1>6Y!+vaG`POOP-3>3!BZ_5s;{BgzCZ?fX0!X(Fg?O?f
z5Z3=T%wzPN(#|~DjnUCuPP%83TO|RFmHkC&x1!hKwx1bBV)Nr@{Y{#fFxg@tJ30|P
zJwg*&Ze+DSt}B1hxZtg2N2iAgFF}Ir5~E;u3PUE~WwwN+D3+r@9y9_zrlPPXTgu(_
ze8|F&T5aG^@5$N&Qibx`KdW?WU8KhaL2P?kY|n+ZXzLP9keoXo(?k|VM!H#Ku8qZ)
jxmjKnM8DF1D+a2N%=TS4x61fK`weJY#gTiDVt@bu2nQ<A

literal 0
HcmV?d00001

diff --git a/php/public/img/jo-myoung-hee-fluid.webp b/php/public/img/jo-myoung-hee-fluid.webp
new file mode 100644
index 0000000000000000000000000000000000000000..1e9f4aad4b622087bc9487a7eb289bdbeed59cb7
GIT binary patch
literal 101012
zcmb@tWmH`4(k+U+1_<sN+=2$T5IlHrcTaG4f(9oz1PSi$?(XiA0F7JI^lg%Ne|vxT
z$T;_m%a0xm=w7|nQ#Gq*&8qq+D=i)M6&gxYN?ch(nUBIB@;lZW^h{_*C`?BrVGe=_
z$vl>_ILo*tSh%`IU;gB-E|DB?2ly2Du;#bPrIduee7^V$R-GxV2M2(!!ZgGE9^I$!
zCW{Zj0H!kl7`)v2Eb{~N*$wN_^CK8MsR;&o=7JNlNfW@6K=Q8!olg|{iy)a3k^9aS
z%*q&!d-7vnvgbRX$$I}6Po#&UbMnK^KEGseD+maN{J>=ob*}qOJOLl!pD95SPbv3+
zi_JT~20zIEZoHlW>nUfNPXH706_HBt&hsJg1|0cI2jq6z*a|q?JQleDM}ws<p+P!8
zgQv+!gBUiG$?MKr5il?S`~mzHoW4j7&VJmy%?3Zmi~RJf1+PB$g2KRHkcf%jlwXhE
z0jL=AJ-tV;cVKXK6Cwx`{M<#}`F#A03Z4XMJ{Y)(;DIqg26vn18*9&OK)`7W{;fk=
z=g9LN*aq0x;BX<bd+%_S51Ldq80^gUtKHIU61i#@^XUg70yhC<T_Q>cmEnk~BG+wb
zkSk>`p*|?x8?3~dU_Nxt`Za-eZjW#1pC_-u(Ag8<dcQ3&<!LE+a82_}3AFjyV2SN1
zN7@DD*Bz4jEwHYqrM(Bwr{k2pqS7(Mz@b&1sdSA}bM<WY|Mm^ryIMM2c$&~<ENNd$
z{TE)3!T<kx^^V+b+c9-rgvyR>l#Wf;R87q$@yf>aLcIAitkTmvtB@~V!Hhtk6(c?U
z|BE*?y<a}4sy~HXzpBBUF+A))FHhz8wz~SA{kHN_7LT9Je?O$=oRY5pFW)}jOrKVn
z53~3`9JnQEPi{4rrO+zcMXQ3w--mj7XHEDsg0y}6?;~|(^8C6(TqosFcO>drPAzFd
zH-el9HYR&TmE8ej1+10^0%MuW6y*MYGW>@Xr|b^seg8)*qe71#XZ`!I^!P<Y9K;Ze
z-Tvc~|2PPTK0C(X|G{Bb{nwrTH|xBTFgBm^`p4Zm!&IYre&@K=|6{dC0#7R!8@HF^
zCdh}l-!amWDEj}UDVtt18A2cY;}6!B<1u7G|G39>ogsfa*Vun^@JDe0OxM)vu)-9c
zrrue(bX}w4g7FIW>zRW^0;k^p6MXbX@k^5Z<7<}KK@{QX|KR83ihtMjdl}^GsI14+
zzW~awEkgYN*Iv?uTmQgnhyTC#XLlFN|H5mH)_43z$#*XRes5G}bkt6F+j2Zog~HeR
z_m2=%pMbLe7(qgG^7MZJj3P{fd-1B>i2pGPNUZ)FNuBRymSpnmzIcUuxn}jos8Fe(
zHda9q&7c352WvU?ZESO8{_{1fUo3_GHyFH<cGvo!!`J^{AImG46|eWjSAafOm^|im
zybZAF(+dCK+tuI31nqCE8XbALMi0~#UP*dzacEfxR!~{PZo0&FS{)h0(`zKOdSl4{
zU$KD+<6W};%RjZCJRn}jCfok^T3bayhz$P@97jO0zX;Gw75bd-Dgam=Ff@Cx8;s#?
z`|CacwDuLppfRo9X4?~?Foq~tMT5_|5Xh3c(H3$9nMYLbv~&!TJ#Bo~{+G}H39;3K
zCjS*(QQv8j@coTnJNZ2VSXyPAFSZR39jqX<8|2A-!35F~<QV_cYY*)F6TH0txrzS<
z((Zeft@_l%^h<^RY2<stJvVwH`-AjeJB%*Nuw-}*yhVi>p4~`E6k?p7u78rjiWdf-
z?|%f=*DwnI*mN6$i(3N`1hJI8J?|%io7$e;{@ciZhu$!~IY{8le0hb3e+klmUQM#r
zMLk}i%rt-yu=4Ti<*OzKLS`trbgB8XSG@m9J+)OdFD9#W&HVFT_JX_67b{gd)~lOj
zh19Z9{>P)XzFXj4t+WwZ5doP%ZsEWA^_Et7MEZ;AeiuDl{Zh{`@Ku9=q08k3%KJi`
zxH9>>e*soKkhU<d-i7aAWIH-Ef(rewj5lX4{jcoNDW|K)@SiE*))iX^3KC~4tFP95
z|AdM{lgL5*&DTK`qnE4tcKgO`4G)8+luwdd{KPN0$bWBg<RugvDsd{pO1|r@a9++p
z*t8D*{O4JnZ~}_hAnv&qH2wHrpngfhKd5v5CNd_NfH>1_s=rqIUu8RPjBVv!h*K6U
zrKpT=#X~M&)Og0e8+LlPG=H}yxy3E<PsBS_=t%#<pLk@}BwmDMQ2UbT(LTO6gPb4N
z7`%b))VzT-d@T=IaU2&=&-ANMNY(W%4T%eh1~2CSj16??<IRRc4>ZZ5M{FB10`pH1
zA=IJ5&%@(SIL-S3T~O5kn=<P?Kd>tB{;w0`t|F?@u)&lE$AZt8I3>?0y6F+`C;45<
zX_obL47~Joyh%sWWkw+Ztxpjl8@B0(7%rD%f4o@l%W=Hm-q_Q3!+lxH9nb|!)@0U5
zvOL8MAuwGoo))Q}Q_>kJ5AauB-0Fo0gz-30P~$m!zG;UzG{0noB!r0ctET{3MtduM
zLGt6ws<St@BT-{G>V7x)$@iP0L9LjOW=lBYVrR^h3>%NyAGkV(di)cyePU$L<%sRc
zbXRsU6`0#!V%t84x<eRzEr+o9JKtgl$QhwRGsrwY-I9HOd6U$!INu=N39JB1w2{q9
z$)HdRgsU2ggxVZ+HGXXwX6$JdjlzxYl?U)((vPp$%Rz9oAcw;fv|<V02)^IyydCzd
zl5ma3euc5A2Lj~COYHM>uE|LTA$Z{c{Ac@p<2!MS+jX(-;>+V?R2;lK<jN@%CC0{q
zD1Y4rN8N{15Y-U+-2bx;s+ltP6W72Q9=bo`e=-{Ew;6wUP6e#C-Jn7fs`*RW$7n6i
zrV2nXE)IV|Vt58Z_|@-l&it3aLGAsA7@|TCCszreYSX~tgYQ|3z|X(o`$9<HmPg*K
ze@bPZ+r|bOYB99@eucMJ*XTzTio)M)KBtdb4${eEE*)@vB{W|l8X;2aWVSv7RD}Sc
zc6+(c@k<zqTsZU~huB{n0?CD%`GR4z`zWw?`5o!p&e%H1DY;`_$k87LhM`M#%3*xc
zz>}|#&j!wCaQIh#uyrb2S4QH()1c#paEsYR0ok1a{i7}j8LFPNFETQY<;)n^((x76
z_XTCHLA$n$)QB+M*nVbwZGU=nZ-<sso{6w-3X~ubO4gwvBmM}NO9e(@AkcO&k;V%a
z`RoI6#7KP8yHwO*no<Zq#uj>l2R!Jz3}AOm)JpOv9tdDk!tHk3@S&hU5cR^PD>6#!
zqO%k_=2muoITCefv&X<{Sv2NELXwIm27e5Px|1(j5ZkCdtwQ;J3grDG?IooF8Xhm)
zIgc_mv4ZKTV)Ks4VPWt~5rWma3wYHGeVEA3onp`T2fm*#XdI?ePVRmnIC!-t49TKs
z+TvOGh>n!;g%a>|>}qV(R-a*&F~nO!FWrCcSMRccnAnl#b}?onkVDhB_V9)5uV(~|
z|C{naQjX<A9!V1fuuHJIFU(RA1o3qP3&R%-Lwp{-Y>RHu5}|>IK6>p<2UZ#1rD(YT
zk%&CctMh)%X%MR_`0YESaeSSOcAY!6FJ+?RfX&TLvdi~B(Fz<-Bg*fSm#1rM5gSq~
z3YlMsdL)hhqGnSBK%(?4F+1Y5s*Q))-$?&`{CukciL@~h`4$b4=L%0Pj<bY{Fi8b%
zq&Na{h>BGx&6;~PFJUsi@4QOL5RqiH+eQWgvPI~^^&Fz5r7VKS(Qe{=7zjgV2S2D&
z_;9p3gZ;obk(C9(xln0fq}`owJttEbH<v1+7q$6ing{Q#?oQ@yF{oW4Z?3D=x99q-
z;_0x2;v8Lpb^R~Yv>~HfBFZTe+;jf@8ME7gO>OIKNG-I1Lx1F12ccr!n+}qf5cBu7
z%Z5c{l?B&Ohkx*eP8WAXL5{uz@_{y$-sz9f<v}Q=)gwV@Ggs!0M7{46`5RN>{)GIx
zlb{K14w*1%pUT}aJ$K6n-bT+Hs_Ad$z&Lf>2%YELCbVaDE&MYNrvrfR^V12}W=xbN
zZ(Z8xvEQ%40W0d5M2Rn}lrIHWCEb(t9g=1gN|!5>y+ChMI$?ibbe7#clu9)>+qPKe
ze<SDrQ94C31>4mpuW2#=b>PyIqwg=+N13sKJjrY15vEHB3k(onJtty0Bx<&u>sjQ&
zRE$LQbvr%B4ZUR@_kr=Mf_nymfVU-nfm5fG>234@aJIzns>Z)w=<%6&=~Ti#uhK*6
zfbK}T!Ft;+&Er43e|bsPchkh$@K4DI0l`b*_>afF99u0%)VWxbRi@FO_;6ffL;^1?
zwkDV619(vHvbzJo=O8wwmaxR3y?eo%4XQq#4<}&_W$JvJ$V20T-D(a7OF@M|P+Q;Y
z<F7^B&rdxImB72ZeLr22*I`*qso=4k*OkqaM>sD<uN>pWZed3B*@R&~eESIHA=10;
z19eoWd@l&BMl{U0IOyE|RdxNX6DwdHx?nLGPpK`wLkhBiHTQdlr7T|S4_?wQ+$qQb
zf*I~rNWrLY_<KzArOsGtZwy>;ghzvm&Ca?_Z1NLVG^adw`5s(bQ%$L5_PMJr-7oX}
z3zwG+14G9Z{hjYygS+jIzd08oah00Wcrivx=DpBZZ3SF5dQsCcR3ap_Xl}fJ-KeTa
zC0346_s<OXzIkZ5$JZ`CAAIPwtmODDop}<7GYyaDLW<b0Eh&}`!Lw8~P4961{Q0Q5
zzbS!l$7V{I7p4NModa_RBbrZ9o%b}<A0kF8>L|cX8#X1)xaR?bEpkMS_hn%GyozMw
zyG0P@4cKYcz7;|mI3Ofzn?#7a=FZyjlhbJ+k07B<Ube+Z34ng$nPK|EF{vWO-txy1
zkTpYX<@qTP6>|0mjy8acslEJ96Rph;Ta88wPmb&%LO%Ag*<0(j(}KgFUT-Bw^K;)9
z(AY5`&f8?I%B66Wx)wxvCLh5>QfuSL)^=N1^V-|cbEJK`1)eBW)bK{%Sc+hT!M6&9
zk%&0-M~t~7hmpra>bRHMGD?WMxqjepYKA<gQ&`Qz-O(fr0wDnge`9JkB~uv5N>62r
z$kYhspW1QOryY*u3*D9mgo?*-aJ2vablZ)Fsm(@p1~f${iNY098#YfF0t_#qB?A&s
zMtxU3eIY&%c`m@{fwz+XKt+yrD(o+xj7h-SRkkbEGyN<^EKeeE&=>B55uV=hYyG2+
z>;Qq`!bN*mM$!pyjgQNrPeN)!B%bgeYlIgymv(E=+u%c&V?vdeLBA6_R=c!x*qrwD
ze%Rg^B|{vH6DcR1L-Xm_cq;y-z@*HIgU}9buLi<hH<YQDLWQvSPv~nxH}L72ya_T)
z(T4=VE*q4sTe7qRL=13!nwVq1eqJQIQ3OJy8-j;^tl;id@su3(EH2b;o>USAW&uL?
zsvyKpPS=Ss&0ht*&gy>-q_t%BE3~_xt7!vzM0}t3n<(=s_;w2K5nHoS=A-e4Onx6}
zfT_2Iyh*t<@SH7n&(_|yoJ-tW_6^*&m33*ZOMYI@%+fmJQ(yYs=^#c>TD|BybYxsH
zNdKJ=-6(7I7E)(HT<zq`W@Ani*MTGG4+(RAF^?d`N|_L{2UN9*tZ^A5+c2ndnsagB
zKoL$IsNbi!?AR=+MZlZbSwUGIa@AWdpor6cZ%8E*n&RjC40_Q1X@}VW2Z~Ik(5KNW
zF@*hezZV<ia)=24Y-VeObXNj4qnQ}VJ>znHs(%ns*QF|&U9In`IgpZs1!u2(81azl
zbZA2{go1GRm(==ixvZdkKjVcIK$ucUNhypG2|`u<_MZ^-n>J#1jjS(G5iZMei+c@`
zw=ji0Cipe8A<gYxuU1fEQY?{wUf!8<j#t8i99vFte;Pk$3j0?H6QAyUbzO&@3krjf
zjYD79>m0p9j`{dr!tUHAau3}%H%N(chU`U(Sg1cUHzOTcS-JVFGE;-vkX2Bb!sNrD
z9B)KSvc|62kbJj3e(twQNcp;0|3~7`)Z%P|Bm_&+!o6-|wBt#Lb_9t*e-xx@4oDGP
zTlIAbx<&b}m=lfO_fHs2-+qbvSBO>nf`fQ*4W`NcFdS0TNMnXgqIs`IL862h8Rk!i
zJammA9qchFHur@JYBt*(1J4i`oY!=ux{VFway@hR?imI?GngH{P8_^_;}~OMZ>lD8
zboZpWV1CDtxVoaz&~dgs{4Ky+MoO-9MOmjO)uZ*z;$N0Jm%@qX)Bj%3g4IiA<*zbR
zzKMiB6CMQNN1jFhQWyzOU&2zK^}kHRVS=f^MZEo@6XHM<<o70wcgGpSj=?L^z7ivh
z<!`YbO+g_1h4{KJZb9ZFo{!#6=~pQ!db(|)yk@J3WlE86Mt6g`^p4)2RKmGs%sXP+
zcEUa?+p~t__n6^cu}OF}A!CghWw16>dJwNb9li0IdeYgDqL+PsdecLN?ec|oFC{sO
zYh;OQP^b<M48XfJ>@f8TlN<6Sdr4#J4(^)T%u2*fs@{;&tl@RvMQezJ@rxRAEaCd2
zD15=$@c_aRKb<$x;3^o|9%6UT-vV1?VeRhbpeSaK$>r*`QBcv^X${cmFFmhlkiHYP
zufXie8@}(7%>jBnslo>%?xZ_+{Csz~iaz7Qz=_9^?-f7(RaB*`!0P$=QcnCMl(LF5
zj90tpZBt0Nj>!g75t>m>b3GV~=1k#z26Z&X;%&iK6TFhe@p(u+!doO!^|m_nk3JS#
z4@q6qp7J_>B1;w8==e+dY|~TO*w(`_DZZSJ^>WGv4%<8O%n*7RT@6#7iUPhpL!AA=
zi*gizF{6+acq7v&yH42)<>ofp=fTj#byjvLpPEZ@5Y}0(6XT}%F$UKt58+vTSTS{T
z{ZmMSp)+{19=$mUGuxW0N`0*~k?P5vT$?|Za?k-%#&I;f({E7fy9~=S$4SVyPc<F1
z!&G^uEVN<@mvnN}kqbJdYW)o<ikQlhp(v&_{u`fw@U~WyXdX@IITDwDs9c5&N@y4C
zOR>yiVo7n&iPlMXshw;hF**=*;p$M$3^r098VmFNao^Y@PMFU()MPB_Vt2!F#~Gl|
zWb2BF8!QS}5Ln=ps-0QSDIi*Y6=#9u>wHP;C+7lE<lnhAtc5DW8{`6BW7DtZOg$qL
zsxijL!4QmUqe4T=sXxjKKxvHOpS$|+eWcc7vcfy;^!YYnEVtP6;}vebe)1bX_0gLu
z5|;s@t+yr221&e?<Nf&m62o7_YKZWw!{6svM6g?Z%Xjiu1UC#tc*Wo1;EzD2lrB=g
zs8IfHhCl1eM?s@qh}o(b2t3qN<F$R>!}`){`X@X5@{~&!OcZMHX}j&h^mxdEs}_Yn
zJqXiKV*WOJm4Uwg9*0lDy@U4^TcBQ1ZpSIKbl97Wz$7y%t8?l*Vy+=|DysDxQ_|=n
zS0p9q%xQ^|BmwRYF~-L#MOC<kp%sHl6y2VLpH}ztBUzJZc)fKaCFFVX)c&i}loL4_
z^W2n*|B_%JLR8n=`TG|Gur#G?4RLn94fUeLtAhQUC-By{2*R_>H`D#oEjc|buBkaU
zeAOK;I-%{0;d;Kv>^o*UvScjWmXygYY_0d3U8hnUh*he)=?dz{`aQOz;7N}*&gm7*
zeUYE4962<e9+u}uq3D*PesGpe#)EEbD5$qPr?d~7#rc*n6QS@Wh8<4D>Y)1Od#D9{
z1eu{&w>xDTn3A@tV(zIyx8NZUdGt{tzc`5Oie}4d^o+U09AHzrJ&UKY&)uW0D5SN?
zTj=o>z+Ok}0b#W{<&bs=ghCD*ijuFCG<70~^7T4&RDZYyji#25Y~MGsSjP|}n>E3`
z5BtUzO2h<5iWa8U?bCa{oAx{0L*%+vgM?O1K_{i3^>iTGJvRODeEsfqZ%~NuWC)2@
z1u|L)T#EIX)94!c4OPA#)Izst@jz<tMNdh>TN}VgSOpSW9JL=@wkV4r4;B&i8m2gw
zk(BXlyN={D(#;3;x((hpqHBiGIqeaMMB6y(Zt|$wkP?d5TCs!fKiWk8XE1^F_8bx<
zs}OY$rQ6JDH>!;@tW9%TQ?!j?yI&q9`?m12L%r(Suwq)bLlm;wHye~j>JEKG94~Xf
z%2Y;^l5c`7v{NQ<ga<H$Y4&Chr{EFx>9fOjzO$Xc-O44FDO-9)ur-t2Vywzfq9`L=
zu?o%H*|>0{hPSEt<vpRBR&Oivf=Egn>g53MMPkK03yW)@eB&Mh+u)Guf*e(ge*qoX
zs8HSuGeX2DfkT$GKNWAuTB@XMFeKF#K#zAgtq#0q2pZG$2=QPmrf7TY%ZIB3iu|g?
z5mhP>Ou?XT#Dgt^^$@g|cE7Rj$m4lZ!}tpDm0G49upj~^f5*^d!=9Uxx7>(>S~w-l
z-|Z@`GSRhg6oEc;MI7e)<UW0vm)n`M=2{jLOWXghIAYj~ctd-xKi(5k7;r9Sm(mNw
zb87ZrbV}vXifmxSXh;R%smW8ieiILLd67#U@Lc)dP5-&+Dij{57u|15n=svf0k517
z=JbS7ON1V&aQ`h#(e_Mr7r4vBuVVtHy5qP@>1XgFV+vMb|0aFd!sq>*HmbA)u*6}J
zCaYTSCgV(^KZ)Mn$9#3IEqpXwqAz=*#Bs0)m-tmcQw7s$&r8ACb^EUK4(a8dG~jrA
z^%LO$f%m`?O_<Jd!rZjP9vxD!Ud(~dQ~Qk4%6DOWA+|mMnlltoLx|hHX?|AOBPcsP
zh@x4m1tKb-K`J(DkfQoZ%O4)M2kD|<Pq{gidx03ICk4mDIiF(qfgU`n==;mjP(L@m
z7=BYXQ4C47eyQ-@4{<>0a1TyGX&QD4G2VB>62%RSK9Uz>C;9KIG6+#{V!ja|L16fJ
z8-=igPoI+mJ<=opOUY>xK(Mdy6S*jCjAZPm?rsZ4A6bO2((45np+uP|K9ZC!o8<&5
z^i!ZcYnNJlVJp7in{Q}{74G())TECHjt>y^+ljH%f7ZUzIdI-U#v6(gO_KNv;3b&;
z?P0ozKzv<i1F!kB@OIhW?rW3p6EGVvop7`kW@9Z|wtY5L_3xFmrI~toH0l!GwY*8A
z-UuR*hB4FjprgqiK)uQ6OLUu)sFM%mJf=BgW#u*Qt}s4RJgLl!*cY2{9mo<*8MEc!
zQUXi{6;hVJO}9cxmIO6XQhX)JNDJ-yAm*M)SxgU4+!fr}<5CXm+1cUE!ySH4ii9X8
z47o3O2)F!0D*o`eOknQ|Ny@UITiS-y2sfqswC2Hbe8>$!RCCWJe4z4id}wa-b6m${
zzuuYm(u8+Xw%$}LXb&1v4zCwF&f02Z_S?Q<x{S32M^z~|1XjT|7bT<utOKF}8&;mZ
z(eKyxCa>C7xO_tNM^RaG^%!n%!|Q`t0+h!cN?2yubqX!JrQMVxa*tqAyf%VkTVCq-
z#4<1ARo;IQwbx?=0`|+g5aFx3-@zk<+Huytc_y+rM!>0WH{G3SxSPkvJUwakAh=C+
zRwjv|pg=tGZK!*OwB7T2H8AMY5o6^UR;FkoQhJ%vYAx8i{p4$t(|B7S&sUz%vfRd~
z(R$f?pEK&1je-@97#rX^a_c;%z{BL?hR`Z1p^N=Q!j_E(5C2?1S*6>#g+lFMrnBsJ
z8EpOzY~>2>;-Us#vt>&)gvO+n!BUK#2K*^WAmpa2*c~FHQ+~oRy6GUc9!gTLu{yVP
z@H0O?B8*;iv|0j$6HV*^oD@R6%o;z%@by(7ThJJ*>`*P`DJoOhpO>nfeTXYh4cjHT
zW=Yd}aQxl!sd9Mapii2kO(IM<g}kGBQO9Eiji7f~x#PLRcl2sU+%Ux&$#wRIr2xjo
zh7k(1h<_{kdp~LE6a25`IamU5KPt68{oqN0k{`hd<0O3V&g6l`kS4If&yiM5J)naw
zU(8Em0|G<31&$gk|3|i~Bqjl@<k%%T!P!p6SU7*j;&&Cn8rUR#cQxW~nB;ultpm6P
z3%S7?XcnD@G9o5QlYX))<Kg^E5$vmT#IYUtDp%Q<w!^ia=3UQtTHfcYm&jI@*i9vO
zsU*YYK}4}>9Ilc-nWT<c`q)CpZOWHd{n~;_5o))wsS0w)Kf()&$Dz33<5R|pQm&3-
zvHG{zV4=sIo#?@cpDb&=O3Nism$czyNmm^jhcpvybHpf6L1wrD_fQI}5$aD^4d%mT
z4Quq$l^szSzI<^?V8$>dnL$3r0y`jtd}_T)2?d{&e5-y$KdK}b9ASec$tS%W8uGov
z&NSsTnQ~o=&TCW(JdVEA&!)UfEin<ETF5XEXCXppyOkm3@{4BF?j%;Xs+zB@PD$0m
za8Q6zvh7OtGaM_O9!*Pn;J9=v+7NP2Xbig$a+b=Bt!^A-X2Cjm;~yX^DZVHBv0n$;
z{f!UYOw;1?xjF`%Batd4EY!LI7ASn?Q$Qca(%n*-|E>dTA3C!%^6M8-w;E2VVMpCg
zMN_mfrNqg7AQPer5*eHt+QfM*q=lUBowoH0M)M-{Rm&&-g!XLLQh1jlfQz@k<3nc4
z^d<5;^#uWI-N_jk8+r2?Z`>rm&^962-#TMRvop-KM2+zqV<}UcN1yY8#=gw9JZp}8
z+0c2pROE<swz`oSggb?LdBP!@l19-$S+)LJ7>fS+yROW9dzGb^1{rvi<>A(90FYgx
z!LFG~c7R*hz_)Z3Gd~e^f*<%Tl=julIUKPTxw68<u(I?lHQ5aC<ONaL!6Xo&x^p}O
z!X(%GlX_!V_7ca02jR8M;cMZ`By+dB!zR(*zx|~D!ArM-MB4f{Le~v$gNwN%<0MM+
zk+sL;ERfCfU9^udMAeN&G9?TT+N7yd_Pw9u?I(?S2GN?Z3tc5znh6z~wjv{DcbV=W
zZ44E{SjhyD@#;#VTv2O%n$h`K1?duo1{zHw-bLlbCG{z#65aVV;V9R-^$6$L+~%JI
z!HdP)-@_bf=wI`^4g?UUJIkap-4*qeMz9ozZdJul+G#0ON#wwVWS2Oql~g+z9DJzy
ziRaRd2wXp?D($chqKLR%psR%llI=fFotvD-oZgiBmjGRwP>|RC=k|C7zPR|V>y|eh
z1Zi2gmNx@@c|sySOya~AmrHt4@9Z8s2)@yDW8RhYrOa88)BzE&miO0Q@$CcrNK9RV
zNr$U2sGw9Q0XW3E*e0HxwPheL2k2hR{;}P%jo)m#s9nBc4rmTG{h%=XAxw5QIG3zD
z#80F*nt<$1an@|mM~Uw=QayALp>l2Q)+#3%Jqq;dC;&#SJpWfx+w3i+;V`w?slPUe
zR208aYigM!bz25`zXZ*H>(r?12QOMay%t**5$dFP0Sv;8jC0jKJ<nzY({6Gq_ILWF
z9aT-}V#8sd`VM}rk6OlVSlt<hd#uN+>yC(_K^k_1!>yGzz>CK)DcK0E6diRgqJhwI
z7fmR!=M4p`W<%~I1p>g`)ovN0H+@wDy<Ay(r2(CMy;gnj0pa&TVI<Q~Y=~m8`iV7k
ztyapLYv-fvcu*3@TyhWW@|y;0j=KIm5?4|jvo*A=EA!5ah@2Aa32mM=JZZd#YumLv
zgi3%G4<_T$6^YGD`x0vMy>^vHu7vIOoCG&P?Wi|GsmYbOZOG8^3|!FZ;VSYynsLb>
z6=um$LDSI~%W0d!wI?1?QtmK$)V@+~MIS0Wt-E|Mv>pg}(L(hpynb}WlpHSrRY1IV
za*laV)stv2ZK=!m*;AH;vBx>$9US=hAmIu1T+Cx?S0c#moUI$|=R0xat8J5u<C$c#
zBT~ej_(rnkw{`XfOP-DLf)(QHZj?04CuvZrp-*tUVQ`)b9Omo_x{%PMSfq%>{ANJ6
zZMV(Qd%lA;H8Gs?t;!=EE;KjjGUn}4SQb!C81dCS_vwgnc~&zsM@+00_*I*^G|XpZ
z4aX#PLnT$y+kLB|ILT4OY<6ksIqe}Pi+XDv@jG8o76~brVJ@pFxsCr9URStPs|Q8|
zgUymQNJ@fKCKHJ&(=E6|{={%ey7usjpYc)>`A4WkI=NmI&kNs%{lbBJu4s~jt%=+u
z<K$nJrtI|C8y`Xkoh1<I`#WM6PZ4Phv*EJcw^Io+-&SiNFhTVW){TsxPe(M8Vzggi
z{n}<?dRxOe@v+jR|I4g_`l#~J<TE2>vI<b@X8MPoXUexBONKUQrVeWyrE8u_F@@wG
zXTF?WJNHkAPm{QcE(4#+R);kbJ&vB4rcmgCcc%{AYN-k3Y`>wk7L6tWvoA)jnuK&&
zWS7wH-v)Usev%{$oitil<*i=#^M*oMxGTzlbA`$109|uGpP8(#dR~aR*-mGXZQn+l
zUzn#LyuRy#!N@l4O+?VA70p4gH2)BPBr45h{>cyj`plK2Nu)mRHJqFnL~yF{_yiI8
zLspjrtFCZ3G&FV{*ar+q8je&NCSaQ$O`5-4Z`Ge_yoS*<j^T*bNSv%;Y%>;K;b^du
zuX8rLY@Ce0HFzQdEGz@II}tmc#&M1~_>N!c=SrvoZ;%IZV&rx1PkM8v#o3%ZHdC^a
zmir1qmG3wx{35S!t9_zhJz(NJeh6tFRpeez$QPE2LPTwIKtr!=g@UH+j7EQuR8I=0
z76C7Ac6R#Fx^YCsZU+1wzb>#%@g6I9sQbVnLV?^K4Y$?&8v&71?{YBIB0g>}r8O31
z31+9GAu?R;ex^-7Ek9d%mJw-7!n8jIGE7$f%=g#-Skja{)bFM5@u3UI=bk-F8FDGU
zr5Q>}=^kLmFjY$b7=$O_<IZCA$FtAhwp}bv;f?3QcsF3i88i(pM5eX<vJx2CP*BIM
zmJa}oz0%Nj^q!(96ACN-@R$s07p*$_L<TY?A_?8uhDuOCNa^gav3TgA33^ZK*n(j$
zP`EQl(15zew+a|=rjCGeW-kIJYK~0Ky1oM5LG;_DPq))pb2qD6ztNXzfm^}xJ$F1r
z&_mOHDPqjhGw83JTEwM)bX&wAv~@-y6IjK5rHbcK(504N7@V>O2`g(vO(E7lW|W+5
zPI0dsp5W&Lf|Tq}IF=B-bLir=@K6&ma@$~SVAAo;8P}TG_EWe{9*@bBKb(BsMS=hN
zeh{j&-umO!-9<HB4mX~8vy5lW#P5fjlZf7L_OjqJ|2>9lpPSBQ<HH+DYCETny+IyV
zi-~XYAuIV2(dr*X+mv|eZ5bdBu`vLu0p8uB$Pj(+(SD9m{v<Fkj>>d4^D{Ai2Z2Qm
zS8J|<_t(8)4y{?>72;DvkT%j<G%|TX-)pa0h;Xij-TDMUay#P$tlX{F$TS_@>5uOn
zP6A=O>D!$@N6G;3M+I?hXP<Pd@!FhR+xU?QwBOE_1=@zl_iDjox@kTJG-0pq6n!9P
zK&eeqKj?=J*~)EO&OG1oefH2!Zy@usPa5lOR!R7t9=U%;=d5~TIrOF{_9D%C882c2
zjD&`ylaf8)Q1K~yv(t~@9o#+d-D$#^6kC#^-UaSBOsn!Rz7WP#bi((T=5mA1gAQDp
z@vh)AtTs9Zz*;U|ctV%bbCUFrg+M{^a2p4X=%#}Oj5C`wNRnMLw3}zMkQfT@U)i&Q
z>gS<4IarA7`n8+7E8G<VZ;$=e%Zau+NqWP+EHV{gfZt7Uipm~fyEE8e6Fx^&OryN&
zbGcr&h|t31jGN9f;`T5asUJjt_Y2)(rtyXl;|+8%1xaZ6_oo}-=^iCa`kVx7_z&!D
zkbc3_1i#lN8>laOYf7yl&?9n&TLq<shJ7=G&F-7rjQV$|%DRo?V3ROnN@b&DImYqa
zL79S1N>%NVU=W&!TF9^-aB$=IH^!W#R%Fb<b!nbDCN4ZJWY^MEnB+&qdC$YVXC--;
zl{MI=@_j>f|6d<Tot$~M0>#qbPXR5H6PbJ@d1yE_<R=eW;*Rd~n9u7H>|>dKK$le&
z*iU);VP{?mu9ISaN61*Tlo8}cdTwWI-Ne@U$vm8obcbLD$PSl&^Pzv6hofb1^Tw)H
z3yPS~f9mHu*H1hQXXtCyk+<w#wE%#-pCJg%fLc9LqdOK+{bLa|LisJM{qU@tJS$2E
zD__r2uFK&t{RdN9S<AP5o!n>v49&ec_dJTKGrkVaY<wS7paX*uE-ESw)L=?hP`%wT
zI`(^`)$83*K*-e27A_>0vhYZ5^=&~gWfONu8o`V0B0sreKX<YIUKkt+N*ZeGy5+ww
zM-C9Hm?;RHhj$A?yEL!Mg<a6J$f4YSf-wm%KKr6gv=UcNV|*L$Sa_6L8(wzWdJMNp
z0f$IuqXB0PRwU-&XXd^hRvlFPL0s)ZybCLy2{*zCm8QPg>HAoEcNeE0?`Q3CY1-#T
zq(L>#z_HSsy&qz*#8Vu{EwZcrC2%We<wo2}4u&*~Q{{78qEzb7=#N{Vk-ow-|BJI@
zpB3X);XjiI*nH?%SEyezv{pc=B;xZIOheSO6lQ{RK)5H)96BUrKJp}TSC`$++^c+g
z)>&~Cjw2t<Rgx>QwpZl(={`Rur0C0!6Z{oqb|yU~37N9R`KX;G6)xZV`g5aj>L!)7
zU~~(*U+Zcgn6NL_&(x-_%tl8%=-JhNtCYDAeSR9>Y47wxBX8{F$IO}z`%PTUc2kSt
z`@4x(A$$U<1!QDCC)w)o8Ign0K*We)AV=fGuO(_KJ69SsOu$M8m%;g4WUlAc#><rE
z_O63@2G8<HcPPW!^Kd*>FcZO%&`%|cVae~BIX`!W(C+K$M6LUGm$R{0t>TEb_(Wgb
zUx?}?%dzy1T*c9TJwJ%UWLdTKgO9?>yYtBjU-Lb>lknF~tJ6nGt3p>Qf`=6RUw7tX
zZuBPS7q&USu!qy)R8Wsa<lQ14Q?sYlc5;1_K}`4a+6CSUE{|t#?4eDy3RAud3$SQS
zBI9Sdd50G*;LzeHy6z|}#R(J3DT3*2TZ2^+PjqX$;}-^gBo~9oVObk3?-7mdpJE(?
z;HdNI>$+Lwm>e&=N;%hcOj+{$X`_=yyvuxsWd_JBO;xALdPIL|AejiR3-{fdpwAKU
zrp<Q>=`r_9?yoLzWYMNtHMm^^E|kW$3apq~BqIEnaq1Lp@=L4oF9Y@Mo=ci%h4Qon
zH|P^?K8r9iyU*1rZK}IZ!c-fuGB#|QG1q=y14)ep<h&BUN7^U%1x>s+2CCl<)9WCn
zsoIlJ7!WObx$yJAs|To_-0^IqTvph0V5s?pb?CCn^R}g-dL;ngmQKYB=$~$y5;x|V
zedTGN{@%vqO1|7XCj6S_!R5`oCB~s2deQRTciH5&b=GgADZH?Z2Lg{uB}6$eKi~Ay
zPFt(Hg?TZuBG(g#JK#b|ObUke$hw@lEMSS(qxsfs2LAja7L7RQYEijyGN5d|ym^`5
zZlWI$xfJ%1cmc)q$>9^uHqbq^Dyo3dq@f(~$lj?xMfFh-Ce}L!nO28-92<!+HB;OC
zQ-e;JUplOT?(0U#On^_uw9|tM*7YbWMdR8Lp70cORqa7ye{86Dl7_W4A?_HQqp%q)
z8GIwFD+*^pHODZuef3mNuq*77X39(lW}pQZINZ8AhBb~jbbcLJ;%$BKbW0+nja%dL
zsxQytRqtizr$$cL%c>QM+MscCThX`g`vugLE9pN5>3zbJWgX4+0|9@>6hT=#qk5pj
z1KQ!~Y;P56&5BQq^HzvimCH4Z(taT8`2|blG+qD5T~3sNmPEpclf1x#v+K?bijJ_a
zDxiSrj{apG9Ia<QGIoMIr*;M(#Ab9jN;oL7b$my`HL5&r^ZV5@Bl@W;iT_p>_`dNi
ztfbb;oN3zp8<s{Tf_>&W(l<W8;&)nn`LoW^&Sfq_3Og9+7mc2)kf1_1LUPRDn)r*Y
zU8biHrQTWO6lpIbYbejAeW0GHZpcR-%>@EC$T!;@N{Qy^GtiIpwe8tFvFF0u>Lbb0
zLX*R>f4etmBbaD`o)8=5D(Ak33d|@tM<-9Vez^EEKHmpk`_q6{!2Vp2f>^g4+Z<3w
zPj_QU(Cf0x|B)l~l(|5YdH-hmHC>^(o|S#wuuyY-$@<vm?g93xCt5%G_BZf0DHoDK
z8nxx}io`gpV(dKU6dkt8O^4ONlw8kE_;M~@cSz51#IXYN9G^LvnPhD}(0=2#Y`Rj~
zt=`QWbheS-om$W?d?rS{O+*Z<kqT|WsQdz5VbwZ%vm+elrfzJvaD`;D5I6KiOE$|}
z0E;Q)<mv5umEJL?kuERDbgScGdt7WQ-~91g(?+sW=C~Hg_%!-06tZSvz1|}UJf1n}
z+ggvA-D#NF=AS=HE@Q?tO@5qy{j{J%kU*~9?o=EhO@R07@NLLvjk9X*nQ9k`E!uJk
zuW6mHspl+T&9)SaE%;YNI-ba@zI{TLe`5Eus`a;rrmj(>jEHar{U+}y0f8JRS6C(G
z%VX7IV!t9>b#$MjPO#J#1%tXcc$+nuny3_yJS9`HDt~iuNbzU+zNxQHcU%{M3~||4
zVefX?AiE}XpF5Q-rx?Gd74HGO+NI5Uu&D>%(|z@YG6=Z$hUW_wY?bL7;EG3Kn@J!h
zFBCv}T6Z3qlzC&v5V!Gz-gtlOXF5z-vr(kmN7<?%A*6iqeM$CJ(wPO3Uu%zYLph#R
zDjmoDKw#U@nc~)2#tjS&qw+f)C9Py^<3>P9r=MGq6?bulbA@S*!O0~4^+o`kcg4?8
zRd~$!(*PPSxMCACt~C1lw+MU+XK|9c28l_yEx)7Tlcjk})>TE&d{MR3?_Pg^1KOZ;
zY+NC9C|J&;ZnmnrE5ZroF{hgeBOW(|x8jBf)ub=zSKP^>OEThgeOx4)>@FQR4&`Z0
z6GkD~&p9yS^rv+GjiZA-@{<9pmd;3g+vJqqGO{(FDueL+*SUZfCpD(GWHmD^DbE7v
zNmkpOU_~Z-BQd<u_?0#~pKUvG-6xLiVSg+Lnpe-=$0-YhLG8YioAhXJ;jjlLY4)E^
zd#0X@eZlSeqM1Dr9@oNa<MGli-HotDqZIZrOBl%!V$r8G$>RW&U$--U97&FgSwkmY
zA+jakFtFtwtJ`l14$yEvtJh!f{o0bRnq6i5;j$$%gC2@Honoiyd`n90c=9#!m&7#I
z>YMgi3(2hRX0>U}>L6X+cUF0yZ-b%s(_*vV%=GbP!MO#D*V;A-_DEfpUKdYjujbR|
zj;Y>5%Uc=!o;~wRZK-Er*5|)l(f#^mU#pCKGYzwX>8_Jk-?&9*V-Q+6Keus(nuSaS
zfjXPHhQ9&)Cctc;THl*DGaYL?mg6Rh5zjH_iIrJ4S<{#;6_xE<^NvAtFw2Ey44dTw
zWK+PqCA#Su7|fzDy#CX}r{fo}ZViJkOmrX8X0JCcA@1cG7rXW^#Uc;RSSDNu%6Xdl
zZT+S-;K3-h?^n1A{PdP-{*|_mU|r)wJVi+*!VSs}T?Xb1k}kU^2zdYQvp!-gE%Z7g
zooY;DdW_k4=p+Ce1ZvAMTkPJfa1i!AUc2J};b7#ywexmAe=KeIWvsTo1la8OMvR~!
z(~LHD!cfD);|J(GMwtDWrQY1Z+o{n~H@3n%dYbC7Zx`vR+>T9MXE-9RWQLA>0napu
ztV=Z5;M}ocL#V7C!1BDI$=M{E?KPes-teJGvuc)DWKPeH?gz#<ar=_Sh(+-7GByf2
zBJIki@qN8}YDCv9f|h88r&<xIe?-?((g!_vu}Q=H&qZkB#pdkt-{C5~?(TNgLJD`G
z!aw68#7|Z90oq3h;``UGAVXPzYBn)H_g(KJu=q3DI&w|lTV?{3{O&~+G4&fhIZo%#
zeRMR`-y{5d=BPOV09S-klG+0|+2)>Xigr~Gs+IP7+u$VzF@y_BS6SIx^N1~%Wwxx~
z2sDe;6f2|}>ykYkNMLhl>9|J@2}onz{NCA;iuJPhu{IxK`uOVAw458Va|=AG6XUJ1
zKjC@|f#<0W%iTj=55o#x%HU-#3Y+zE0M_hvgU8eu7Q3?ML<L98D%k1ZwH;^5n2;GT
zP0WPekaqiP7yvNDfDp^8(6yQuw65??-#4m#x3^cs_n5Yq$>B~fK>PBu;UlHjMevHi
zE4?4=wX-6d%kM5KH|GyNKBvyn<qd^{zmwbMaFI~NZ<Tmv&@<Mot6dTh5pXcAd63F~
z(EOpPCVjhw&(YrMUQM%RHl^X4N2Z0R1zA#gzxiidus6T?+i*WB%B!quugz75qv>QO
zi8ITLGzRQt_%~z)3zgdu5hl*PHg0b;(POSyS{piUi(u%Wh~B4c74mGHV!RV{ch^pc
zHQr)XTX46#=A*#e%m}GFN4OGd^n-^|tWxSK&`=)JjBI(CAT2!mHHW@y0Np&T{)*99
zszs)_gCz4#^)=>ZJ789VvGYWv9`QR4gXC<p1|K=RWrQK|Tj(4EJ8}&C&lxmXl`1={
z)uB1<nM~c=hv?pd*Ts-d_F<hWb!45_yF*>;N$KDUl-)w+3KAFG`S%;3HG%L9K4<ip
z^lsQ_skm83!!XRx2YqpnW@LSEdbXQYn8}&s`=Q<_r3DR~RG1H@0U0i#UncF?v^O-x
zmEtn?rYBsLWUFYk+gGr876Cg~nb#1%TO)$r5Jr()hGxO{aX-X4SW7mFePw=FW7VId
zv0{8B{Q-AB<!VB&s`*06*WIC?!+86rmgL6GkQ$epH^>{5dI_^?!9shcP^|Y6J?ahe
z>93~B{dI<ZQ~RGuwQED`UO`-HsAbX@%-V!isD6qLKU=!X)fc01)W9>qdOSTHW2AJ*
z@>xW)!y#XRcwf3amCQ#f4e`WC{g6G0S;6V_Ej=e%ZL<ELuxfoH!Cy8XSLsr6&<q*t
zVNsl3&GRf~?>!oC8S=-$%VwpV-K3;=WR2KE#=F!omOTmwZNCbwIst*PcRuj<&m&hI
zX9*l#kLKq|Tv)FBXPe_43zHe^8TM!%Xz60&yP=Uz8#Zg4UQvv`G=y`kWd>?XrKII_
zg`6K+Zj6YpR@trqxUB=yyuD`KNJqj%OFJPaj@r5(*dSBNNvSA6pS5t#RlOf>+CXY|
zB4jhJZ8MV(jLS3~q!G5FMO;lfv0d%UpN1ZTP_&O;>x*+Jt%lQ1x~UrqWGJ)8VXDk?
zot-16`N23}uE<LYs_1%<Ni<o-1#<(|=;x#h*0ir6x`i)?Y)|fttn2hI9mo?2wU4v%
z4Rpsh>3`P@8Y?$V&wF;ziJFPU84eh(`@|)F-y&#3hFvPeDwDH+oJL!*Q-)cKS`xcA
zXyxyp(zzuUp1;1JpgYKMg9%-HJw9OC8)Mh`R;4rs?qh28?Pmq{j+tD3St<1xH~Yqt
ziZ7|JSe9U$qh}?~2&-b|N6Dl#Sk51In4%6nUaMafbMV;PfYHVYg32Eo53yY=1-u1=
zI3=#}=iy1H1UEVROBY&^OmR5ue7fYk=^Jy$4d!f;zJDE3XBd;Yn*F3VqEs0c-dKW@
z*SOP|k}aI)94*qsID5dW`4*UA%56)E?!8DudQ^A}8DCvl5&^8gZeN*FtimEU*z_nx
z7#wPgU$TrP^`LAw4na$0A|&287mxk{Ydzs=Q+wbDKbJpq!mEOY%(cX{uU+qE40`ke
zP5a5$tL<(RpT5-*3Um!@NyYyuQb!%30GV%)v+kZ1XZeP+xRRQ`o?(5Ti1_)E?96;w
zudQ!OHkVe3+a&WnH7Dl;cQ!S<$N6AI_4thQ?x6pz?N86G+=$<9NJWu)Gl{sjttjgL
zc6U&|4sbH<7xGM5Cf-67H|GBOe8CCphWaQO%!ogIRpM4Mpn?S#A?pWG(;cI3cQ1<w
zdGh3mq1_jsVlf5oXeEM#qH@LFEAw|?mu8}H@pmhLZ1y{iGj!8B_MSrNkj99n814}(
zxs~KaX<n}+y9_7lvqyWC<J$F=fNl03!{7~#OGyYj`{(cQWA#}O7UorKHST(seN<>9
zx!#p$FepucHGSoEKHOY%<?jO+COEhg`4D)iFcQ=&^DWjwifGL8dGzHejyk%=lXI_@
z;{*$XcYsDSGxeFe^OJz}1G|$@0l{;A6!;2c9ATiAZzteA7o2--I`IAGX4Hy&sd*vq
zK({H$X9={-lQ5aB1I8j%3$_hL{@udvK^O#CDiO^5eTm?-iV&-*#@7eW6ZM4ZR2Br?
z7TK}P;gQiR1YrrnonCWBzl7Z|#!z}};s73oWOnMR8V|bB?uR?PqM+tVhq?;~bHs!k
zMCqzV(+NmJ`R@vem)yi4QJ7YW7-S9}LE!YGZ6aPRd~sm(#QGBZ7h2Ej39q+egKSI+
zUosUe1h)c~gFMn=b!$l!F~1iq(r(4Lmqv*B1C(~ps1Vo;lR+1p@SB}&33n&TY|;p+
zJX9k?3|P(XPoHs>**ab4+n?kJ7dFWPrthgG>U^3&m!K+z%=$LQ+;6)yr^qMcZwszn
z(Nd>fB4<V(YtW9P9N+ev2afT3$GgC-;5S~GVr2E>spabEZff|@sbW36wne5c>~_ct
zr7AXx@Vl-mhbL-{pEr;KjFNYyj1;z3D2Tso$-GRY80tupVV3&OKSFkRf=lBf+`8+K
zZeegdQ0_-UcFel_<)>LSJidz6Gy!699PjkV)17C6-Ys9A{V2wCqL+b3SQ8HF)(gY_
zMwEo;{7a}sx`wCO<IAQ8m0snO(&lDpdP&&Jz<3Q*7)Pj^BL7)jQmx_#?pjWK(zi>@
zU|B^-pq-+vvif2-Jm{yS!xMy_{yUsdb!U^>T|ZJhkj)pL4}=1rew+Y+|9H+h*wWFp
zl}1w)Lo7G5SOJ!GvVU)YpgKWd?2aC3Aa%#vxeuHT4DNna;<uJ_<kKwxyRBH!`!+Ro
zlcX1m$IR1V{O_ogcX0V7PcB$im+xT1*j-yYVI+IJ%LYm<W{#z6dC`hl>1f3^&iW*?
zF*My@96aV@TtA9NT+*hRgw5M7Qs5!?HKAGT)?-f7q#kyx6P+vz^JO3&&{-OVOWA(h
zl1bt4^o^eQC+(>)Ht-w$M&;2ZP7J+w4_ZUNKw~{l2#Nm+m9wdj;}XhVu+-3S)(2<v
zuAR$9hNwQ&6Qn{0lfGsDsF9}mhhL@N2YNL20zri7p{-;r+8MR)1M*~_AUk%bCRZwO
zzq1q)&hknI5ph4`KpN`mF{1R;_ZWQWo04xGgV-R$t7!pt!_dACXfT@ukdNpO7uH|y
zDt%ElQ!NY!TW^Wmj~Q>bzgB*Ok$dH@nR56|!yMw9A5U-oO!p5!1u3$B-jfI7Ve_2Y
zj7BHjjGOR{(<MY^LGof1$Q!J;*aZv9LSo06Y$h(dp`oxYXB_tww^2lVs?JEuV{7|X
zg_dIq@TrW%>0w$gHaT%zWRBXqDeysbJRt>&xgV^P$hrvU5*%WR(X?vbq*#3~B<Pb+
z;YsK?y)~s(MO@etjOx-{1z;GVt;6Y=YnWRrl^A?EcypQ?t1@61SvDRp0huulk<#qq
z`dBDw{P2cMqMS@cUi^TV!Mr#m%*C^T$hJ7)hGLwxoG_ATZ)K%UZX+m`1}aPsk_26>
z3ih%)Tkmd_arGRazgQZe)cZHsE05$=v^+l<Hw>Jeb48jy`Wz4<7$m!7hTOIP5G76F
z!XZZFmM*XlUf*4!hDM!k6T{c0p2rCELlPQ*67o4HieKlxdmocgvEZEcc@;{R(*5%U
zj>5d6VJr2W^o=gMU;9CMD#j}w4>8EdmBt_m3*%4GY`c}mW93Xo^fsSHFO)7ww;Fc=
zej=nOzQJBV;zva1L8elX>?cKB7>7f~8x_5$QG7GKa>GDTJo{6`&F$6h5VzF$nS5==
zuQ)tW^IbOJG(0{LKi?<oP8)iF%5abjU9`%SM6qdgSK)RwKWBcMa1k~nJ9H{@yo{SZ
zHSE^&(@J8pyn=Ef*yyc6_bt$2Jv5VFFfg)|twRe?GCh!?wF$ZEn9smDnM}-s<zh7?
z@Al{)s7IG-;~<a3HklaA4qytZfNUf+VRvEheba9+5VL<!Zj6E~(`7*BqBQt~pS$Ey
z&GjR(t}SaldzSi^If}`B2IpMdX@+U}bl6{qbdr;H2p3`vRusaC7-p+mdM1xSYvj4>
z@k4hh0X@D>i}HhjH!F<7*O(g%0;PN?uXZ0*sgA2MzU5fxXre$Fq-P$SGak1D??N^y
zAlnvAsgk4wk4^3evnt_k6iJvXx!s%I`e#2=nIs<9uxgk|rt#HO+Bj6W!W$@GyH`4Y
zKFfz<c1+Nw=)%ApP^95|7gPPd_5DISWFheJux_{z{rK1EVNhyhW90mw&5Z?D7x)C8
zlhB)T$4FW+ir=X2784pH`(MH?^>S&oWkd}B+2tylKbb3%_0!rX;R&g^Ox~>20)g%=
zuh0E9^d%atVW?P{I|x&BthM_+KA7lmMK2BO8>hS?)NUEI0SG_+kPi4+I=WpfuRPS0
z0E8*%ChFD)J-9C1)xf*8Ex_bR>L0^>C<?-6e5A|f{=Cbeu+|dK`flEOte;C%fOYS=
ztNv6e3N~M%@tfn{=|1LOb$_FMEx75IrS2DL>cMe0m(VAW`25$)7#Km?*Ie)qe7OqV
z0;~NxU*2QTfsaq`84>m)L+;nB?3@<9*dBxI1FR(_cU`<j$ezisc22KW1o+u`n+1gy
z$+f~bl^~i|jh_8@gPb7gcE^#Zz}94*T27ocrV*-Uj+_KY0~0qC(+ZA4)Xmg;!x@di
zI!afH)hV*TF&~qWb=LeHe&e_chvL~b62(QAvf@cE@H^N)mnR`C)F+S>WkRjkec|<Z
z*#xX2WTpAvBa4vL(MLAG67ZuEPQIe!FUE5Jtp;;y_x->*;~=;L(T064N00x9vA2$@
zqxT+u&%xc@U5mTBLvg1_(c<nd#a#-;wRmxNcb5Xi-QDdTp6C0M_ujSMb@Ru}NzNpb
z$;|BRBzu2G(>&e)Iy^8qiz@z5`B1O3(l+tp46^8K-JsK!sufhPzqBvveG!lXoGZCh
zU<tDpc_g>fMh;fc$tJ(GNnFmEhgcsA^j2YUNZU`<MKN;B$kb$D(B(U~sh|3*C9FUu
zP<u9K;1clz`N^J}L4pBB0JStqWmQ~CaZ+6qS@oKcvfm4X&o79G?d20d%7@NC$OykW
z=Oz`9(}u$7@#(eR2jiux906ozT<0C*vG%oetz(*>^DdmikEa+sTkcVEv|N|!oLozn
z^;RKKOS>0m!rEI?@2hnP<YA)UXY8pY)LPW3vI=UD+SiQcb4(m%_5$0MsIakWlV2_a
z22S8LRaHZ|R&uLI1b27Va{8!9GFj`#w&a>JWy2dR?=BkI0=4aysTL)Ye%1gcfi;&a
zUH@0}Lx;@Dy+~#)miC>!(t)?!-=A!4&YId?X2w!(al<+A|H9=i&z7h&!~rqZ{kc1c
z<koJ5s%AFVdQ`FI><Qi@iienn&U6fs1~@3nk`MpcA7Ie~9uo@uxax&2_M;^GcHKpz
z{02XDy@rrtkRk%Ft&!J&dgLQjt%rPE`x)GF_w{{gVDm?S`uy3id|$z@(z4nt*OZ_|
zuTDfRuPz(|u>LstI%{n+0S`?`_m^Q>QA6Vvwh<>U_O=)V@lYmVEWF9iIRNIT&Q9MU
zSHt2u+-AX^oIn^`WxG|_ERdh!`T59PJ?_fk?b}PjY1Mi6jRqS@NL*5SF7<dK16yP0
z)mQIi{a<O>`)_0sxDxDkq%<9IV3k$U|9H?1M8$#}=?IZpC6P(L6v(_eDZT($woTzF
zAI*7`VgIG-^kLIu7J@v{V6D_go#tIb>|g}T*brPna{qIQI^4sCl{+iK3oBR8+9M}d
z4~?;a`23V`5{ahteEf%B5&3Vo@c7a(Eu$8erk*Gs8Uz@}y(etr??cp3!SauN$+oiR
zLbfkod(YRaYALZ&-252{>9H%ik=Z7@tgc)>XZvxuYH?b3%Ew@SN)jRL&FE!bZ38lX
zfADK;iB?fN20f2#4}YP<o)7ZDeq*w2T!2_Q7NT_yzHWAu*74UMWdfw`uS%$^L*)ed
zH<%PvTq66}<BcjDokaZWrK)a^bF^6N7kCYVKGeQ^c-Paefq%|>3aZ4jK*3;UwWhd^
zwM~Uilc920qxSvW!;#+z8hgGDg@5Oo5E-}pv7D;(7cHr}zyBW5UqpG=e<id{iwM37
zt6k$W^7?O(h<UyzQ}q9w3JW-w9qrfw`QW|q57&HqU`52Dlld+Qotz_qT{INu0!a_}
zp6->{*o1EMHUw1a^SCwOoYVH%h1f|L^53RV=RKfSPTjfAhdEkGUY=N>H=BRuW<=b<
zy3m;(HNIU*8X{**M91HK;?QdS*Uy<Hx_)nAUV~@X<^+*84}6RPio0EQ$J{ks(`@|n
z(MI%zWrG=o*K&AOS}=y>*K&5T#&29-mZYdAD!X24G40oQE##tF?OQ?SQE$($arRVj
zQG^PIISh)EOjg8y;P_ta1(1^+dlLONL+9L#xKsrnL01ZT7`uk>yV@<#-Z2b1lS7Zr
zUN+c|1;apdLr>~V`Fexj)W<NQ71lzNik^L#SeltDJKpp=&*`}aQnSYUe|NNpXJ}0s
z^s%7o>SAY#Tqc$3q}?lZMH)`!)$v~m&FeBY)}cEg@DqbrRdxGEep%rcdlJ0QJtb+^
z<A(6}V~YX+4lMarF_7VADiVLc%a{a5hvln6u4>hOl#BJSg7k}hgD%)suCqr35?>l@
zU8X~D0IVb=-3Gr131nY|JI#cFU|=x@`NDg~o{~UPE%yDI{qFKNsiUB6De2Wi{_+uk
zlx$KA`FW!?V@@1>(;xjxJjca61SQYN{3B&^kXZ=mC0%E-$X$7Pb*FIU#QFt#R6gd#
z?$1NkGw?l9!$R(H3>s1V#zxF+fU8A?(g))x3+C~w-EV%+11Go@WzCMbq~L}Suh?nR
zt=sMskT1~<aDW<I>cJz_dxeehW%2<F#bnlq%y{;14*FZM6m~3XdN)4IGWh%}U6~Tm
zF0Z;&=^)(97Xu_;9JxPPjBOx)z;&sX4UUK`i>*tLr~60e^C5!e9Z8Wu!(y>zNkW9b
zr5QQIL@vybl|}au41`hfZRHjiSdX{WaKa>Fb1<k>w{6)-i^tsBW|oOq;w3M&s5OF^
zQYs<NVL65pl|)T~?9fJG4LzI&ogZ%o$d5cp(kF)cOUssDqC%eBmBPB4u9ZTqZkIxv
zQh(?M<o3?Or=;vkV+2BhRIVwxGqt4-m%DR8VT1{@p2?!w-x%r|0jcR_n*ues*JSDf
zLA+rHeGrtC&3herA|o@5)eP`d)BZ@>V5VrfBrWd#O84);Uz#pP+nmS0=q~rnK`(oZ
z-!e14*ay)Jq%VNB^x&9Uh#$VEYJMN4lvp38p%nu(#z}9X?tJB?om`w(vo*(TwaZ-i
zt?+hTQAeA9V`?=>;Ljkm>lF}CzZ%hKcgB1cRa~E4FuO~AufZ3R$mq%ommr*VNAch2
ztFx?X7A~d);UwH0Pm_jTm_V<=`fr~n=wcU2&0!28s?TI^@4hdwtJD}jo^_miphiqo
z*&o7;_NZ<p6!Ro4xm%8j>ln{?<G9iYT)m#LC9uidLnjt_(G0P%`O?h7p*YQ6!0%pi
zVB<P7X6{9hGLL)9p*9+DkFd(OnPmwRw;yZi6_vCGEgN9Lkp#y1EW^HftMOYNskl=6
z3*h}S?R`sVa@&-J{m^dPJ{%8HqSV2W+cyt}vp^_|c2Kw7;3SQENN3T}osQO_u|on$
zNt9igrMtm`%8enpg|Mi%TjxzEDpqOUGn&J#-R;!sG&br5=jKM&ONe3N)mPnuk(ZH~
z>~Ja`_iFPHqXQgz-Pwh4W`kM{nBIS&IiRwXA<4l+`4~IjpZ_5kIbif|+?TZeGWeF3
zA&6N>YioIrBZ<<6?fKY<zPRS<9fo}Vw|j|a+@a7I`I>^`Ozy1t-de;6_GLRAtL%pb
z{2jD~8rtWb$WVzlK-)@jlW^^#YtHqHdR4)<V@n3aSGsMKOUCdiky^m#WnSxsI=D(y
zREWz093+el_I+gct^IwQ*eV1Naln5Rgm(Gvk0HVl($J@@IGcJP@b?(5tM3t3kL$#D
zvDS)(WC6>lG!g#lOUm^W3^^B2bs!w=#ut66ylyHsXlZ9PsHx{s<th%ZW=cV$`^agx
zBOEXtKnHj~uIsA0VVt1nQwX1{y%}KTq(Fd7^7FC+HNXm??zDOQa0<Wovk{Yk^_H#q
zaOFwAnx^B}lrZIC0StPFlo8W?XvP}YQrNzt3h*AAj~DbnjUK@POCM9W{4=y*@S4-J
z;msp&-cwv*!10dG&j*(KBycFRh35kBGojq9qcK}>L<bU}THQ%Sl?P3Owf8dF$^A@V
zka$F5j;5tE9MW-g@`f4|K~5*e1V|^K!CJ<*Opx*5d3*+4Eh7Qbxu?jxAfig-)jxA7
zQDmMOa1{}g96tB(9I|tK3K&B>Gm@?^VP@%C#&6UlwF!=fb&e04=N#J<;KJzq7nofF
znS34{TX5iz9kgs6{3YLcBqV0U*9e+o8|%}$aFpH2KvLrQ{A@st%shlAuCL6T1y)p?
z&{44;yep!ym&LvzSR93;wJ>O8WZ_``dYa`MlT+_ul*w9u;OCmCafo|%oxVQLo7(~P
zuCn!*XIG*7{#S?L@>PdZ7!+-o&)`$fyH5eYq;z{L31Rv{P7TFF>%<v;Xkq0u`5+=m
z*NQu$dysqAkJ1lN6^o!K$i1b${+}JsMy~(asNzOixc74gHgW2XD|xTrCS`rV`4rMt
z*GS+eLQ6z3gkm9(^Sj#NNShzgx|{JSE>&+lIpVFSKFW*#2=c`z-?aEn(8B+)QIowF
zdOtwf8H(+I1^QC*bJ{lKdrf`ZL@G*U(Jo5hc^!5jW6h^=M$R^(4$tu3nTz<zLta}^
z2UVqb;V~16H}H^;?&Epfj!B4`PhAt+uXOwpth9uhUN1Hi*&nrSHh^IO>umgCw2Sm%
zWrh!2HgBJhaa<E*(Ei3?7zT$@h#ruRp$46j;}qs-f}s;indj##9OPjx<}?^>C@o9H
zr@RUp3R*9ZZLlA8jcS8t3eCA!Ytuh`AE$04@ajHTD48qbusF4j?&w-AJQ#3ZMum$6
zUgO`nvo4JD?UX!lOuIk}gHh(3=D^0KxCGOdFe^M+4zuOfr%&Z0HAj#~H6Romn0yX#
z;F&6MC!3xEJs9mbZ><fx#<4rEU%9XiyPx9R?3k41A*5t4R1i806BCV7Qu&VPB;+5d
zK|(ajDwKBmtJ|!yy2*aJ5aMRzec`vKpEZiZ;NB+8gAQItuuQ61Sx&TaRdvQZFHRq?
ziQRGU4M%am6WMY9$0EVo>q~0>$z`U(PfS<F3$SsXDH}sLEPZ{{+siYDDu<6*vyWLQ
zbM7rr$M8pJWx-fzr-dAa4<phRVc|R87l(C!5+l(wF>8%^lFk=~r4#N=H-i<AD4PmX
z5fCJbjAUqNoPl-cg;2ySwF|B{=JYH+xcf)LK@4NtiwzsfUm*2(3ybSO5(1_p*E}wl
z5lsPIzE}Zx6PhZ#KK$J!w9|2PRYJ`38qtdH4@X~n4C?!>fiV=3q6c%$4Q~!<laVev
zijZ~dK<fFLMn2P^rln6?L(8x0`4~q*JmReRP8J~&k(A$NaO@i2z6)<~XMc3TZ!*G2
z^Tlg6FB-%5m(grfl2cY(&o_~QsHf?B2I`-sz?2maxgFz)dDtK|B{)>#%01~dy46oc
z|CFKsH!I5k;RB@Ai*TNX5lb$5Gh|IDMY$ejay2wn4*Mu##f_*@KBg`yx#Nj}*PGKV
z95AONf1N0B3%MQal%ihtXa(=$MaYerATFKI!jN2ZyGSb??pf5ElaW%2c9-@EiUn`B
zfMZ%9Er$y7SG<Sr-E`^Sus9MgStB<t=}!8V<xdsTTsb~@v!9xpsAJ3|R}T!KJ!sr7
zGQ?;pb1o5L&xbDLKUN2P_ZrQ|nXvaieja$Tqp{#w3GD-`X}H4CqO+9LsO;@o_AEg>
zp+Tq^gbj|AOxg@<0uZ_<h4*J(s9!$k6+4rB@TqM?at_At6$)}m^tK%Z^&3N7X3cE)
zT=uoTKrtr!OM>r3#d5I;I7?x|A_a+q*Ehr5pEhFt91=qC^3#{c&95PJArlI^5U)3h
zKEYN97TAS?y~%0Z(LqQJ-}|E~;)$8imKAwSF}_cT*Z7KCOlbEVsgyVdqz=ivKmr>~
zY8OxYYwD`UNe7If2_AwMGy<J@T_^r{;*h0{{;-#gDY|Q(w)6CSo#wK6Y0-MaQX@e0
zSs`1_$NtbZ9Vs4go3}si`Hg!--6w<iMDxn82fl=m9_Joq{+Gl)AfC~G$gUqg7Qf}q
z^z;_-(L8OdTo#oX_W~Iz7`>IrJRHlk;GQGtgMK%VNI~bg>jf%7$+~ptm+_Bbzx%at
zL6W?(Gy1eJrp=eX2zo-=nNL{>e_c@e>(ddZfyHo{&M2MU3{~AM#JVj_;BGV-J0EXx
zI4#ILLcqZ!=Uy|N6ISOHbk#rbhabMTM`=hp)rCVN=^!heGkV1Tubcul(-TZihLMqO
zGWn;(g&rF2$C_&J_|><47lL~N-xBY-vf*=BNb=8rKB0>FUCf0!x=DY5kNkOHlPq%N
z$5Z`Y5<G%lxW&EmdG9kk64t>!V-FSaFVB6oCkqdN;n4*%7V=L3lD>COT!}<k;%EE~
zWAv@uEf5juA5>;K$Wc&pWqN~C{(U9k7v0kUI??9D+<Cj1eo1(OL@v}AU7dWwIzc^E
zW_o$(yUz~tj)S6w-`x)qW_dH9?Y2KdGJ*Aufe|i)jvanmtgIKPf8YHXxAwZ<tbI6{
z_O+)r{V<$PCH^@c7X=U96WPV5)%y^MI4DQalyTgAZp#&}oCQg)9@4aZc_5~uuYt;x
z>o%1)<e1#dJS@gEg}$<PoA-2#IW2mfj1XF8#jfm!!_|x!*tl<q>fpU+^`W_V3QtL4
z%>$R5?~07mRu)mV2VR#qT>tt}SubhWvXh;&GHt|+s|Zet?F??Jp{(yZLmV!|+0%=7
z|K!x{S*|i1$}FsFw|!QrqKdp@;P0mYxEg`5GgadM;5vfe0Z@6LJh`&yiZXw*M@-MM
zOnDs<==d$GEotQ*M!xSDiVN*1ODIO3gk^JEO#PyfJ5sR`qExF#SLl^nZ#4i(qnA)S
zpY!!LBVs?I<WUeKgZ#T$+z+4eIfy)F8DozW^Lv=6D|swuj<1NX+J>`jEYD_o4LK&o
zVF(dnILb?o$J*J_e@O7c_L;tIpswC<iyAkg^R<fR!V>3To*YY7Zc*Gv1kyGp_#W%(
zB_=k#Del-la`$ZEN;sGEX}`9B`>YT@^}j0>U{;Y5{r)vprh*<Jlk_J8-A65!u;@VN
z8)_I0i|hVD!p>_IA8WDJV=?#&9zeSR(16k3dmCZ9pEK_oU%pfZ;#2(#7z{D+QI;~`
zNZ;(%lG1~p&Kl{dmO-_98qs@y_ZfNEIW~%op~g(*<EpUYhhTbO-^@>AV;#}CxI!BX
z(>tifL*E!#1KB&vJvN@74|24>{E8(YV4nfUgpACEjI%o361zbqG;`b!!-6rZzm{1G
zSyOUNhqV&3hRSr}(}Uo3Yctnfeh-%g#G?9o!P;i({N&)m)nuE>xfQllPC;qB7N0Fk
zUxF2+YzlJ8eklDWo}{NNY#Yj+4DP+rQ;z^8uYtnl8ud+VSuV66rHhod;9(FSB8OUV
zT)z8D%CaPcl1`HKwU+u$>BsCOXr}HQDSdUx99yG$B1BF}K=Cwc|9$snDgZMaOX?C4
z?C5c@3?=qb2fe@J{AnJ57>;|Ntg9#V-Ex*PD%R%3lqG=i^>w`{jOhF#aBl_=Ks4_Y
z8es9O;O+7s)TKh;Vs})Ek|zm5*Dt9d@BRI9?-dxsrzuDJ^>U^M+mo&SbBUKgTKo>F
zq(rjP0^L>L4qi3oorl_!WDZi;;tN08a_Z)pu7N|H&jdD9Q~(NY+N<B04)SOx5mzuE
zMQ&_o#_%U&skwxBxS^m>f6icqW#R>3h@7iygxB1o8cK5y<c7p=<9^ynt4|*8Udivd
zxsLMN*OK^sWWU~wH}}q~#Z1iaVT#M@{&Z+V77lu+mgOP3{8P%(4$($Z?D~3p9G&T&
zThI$;|E|*&T*(Xu+KA(XXy2A<^Ax(pi8phv`rZ}YdjaImF7nBSBJJWpHPhU+c@K?l
zs|iB7Ljx1D*XXM`ok~Sme+#E@FJX+3En}^exP?SLyni*jNHyXqAq*1Vn1KI=QmuuU
z5K6ZijdA6rcJo3XL@OrrZbj$o0rVDf(e(`VB?zH;OX@Nh{vc_9;}4Kxh+^GAPm;08
z8NC`N?2Q?05Fc&OAb9O$tV5D`?}}M<O1wr8euv4~jOMqG6<vpq>aae)shzQ1yb3*w
zvyhpB5bEqCX*DM!#c~rwu~2Vr!6bLWYsc;RYU)TbAKI?*Wl)_5rr*!`OkuSc9HNc+
z@@w7)j#icEZ;eQx4{;w`?%&^xVpFcI3jBHJNU50<9ze?j_y{zEKP!0I{TAEh`-k$h
zY+_LPyWV2)zOH-~`Vj9xLs+A*Ulrm8?fKos4~jD|3;#hvTeA(EzkpB#wcSw5F8`vD
zG(RrLH=J10&xr1TD|+~zjJf?OT!O5$lE4HSnFVovo>s>olE;Ep?^cs7#J!V1o1fc@
zs;%!!XE3S;uAzxNRS*MHnZ4oIW0`50>l(#^rSWbeLS{`k|2Jx@JXSJYULm>oIoLB)
z|L5$$u|CSNdOrSDBbz|FdrrqQ_W(GmziM+<#7$3xkPh1yZrt@x5PU#3pM2AAZU{5N
zl@%>_M1|X`ogRzl+mLM>3($Z;rzBJlGH@Lk-@#zBiM#&;N%bFsJB^#Ww}FuL0z1Q$
z&bv+#Tw}q(xhKZxi$b?qT+DO;2{pk2f*4s@ZaS~*U{Va57v8gppD&)d-pj@!1cgcQ
zjTjn}?)SHLT+zl7%P<3Ux3qXVBk;S=oNAx$O7>k(`CCGlE8r>MS7vQ}i_S~k#fq?+
zLo;j&@6x5p*q7FOK2x7H?O?SsT8{eAO@wp(6pM!hzOw|ONi>}QbRq!XaGeLJiHY^Q
z>@9;NdX<XB$ONmNQ)g=woDp4ynErGA2buD}LCODe>KmcesLAgmhw~DOXs3=k)wBf1
z)Vmrdg0Bse=DRG<@&#O)yn~$%vA3taR~_HZG%Qr`<9F9;;YHer(%<Hu_==dfYzeD(
z3_QC!<x5pzE7z^oi-l%~3kUguf)^p}LkYf0(dsio<L`?s>45VDRsVEz;NM-6XtOVq
zWRm<po_+0*vET{R29USQ%q7H*iD-z43WS!X%rYJZm#)f?oPI|kL$Vx1G_7`@bg&(e
z{%>&b2a)#fC(Tp+<RG_x^TmVGCD%nDBkQW~wu+JU(T{ZR?fNr3Zp7A@=;Le7hG4Lj
zEhdiCT9B#o73*ACb1lG69+T+=sHyLK*HBq)i`!5qX3@*(F}1%+Tv0%v4pF3NH%3j0
ziZG5VfMB6$T=-DV%xe<Ai${1;->I6c1KEZ-5U#QzK#rm)q~BL{p6~I^>7HfFgF=j6
z<v<HkDM3x(WFM?f_u`DMDd`fJ?HXC$Eap*gj7<+IV+KjV?*9)7@W0sD=HagSQ?kOB
zPepo*Y!x=TkrA-nMb@l7oR22Yhs25JPcK-4w5Hg%_VD~F;?}Gcuxd74D(<M_2swZ&
zNQ>R~>o16_9`Tnka>GBpa7mz=s06v8di)9st<;Oh3t6Y@DnuBN<aZFoh`4_6h>v|)
zmxZj#YEJ{1DxWuepVzGDVo3dzGW(ZJXBf;{8&(ex=cW*d2ObbDBoZS0bbDl;=9kck
z0$k~C0UsWjCZOV?0-iH)>RWuBG5g^F>juERF2!;MsNYTJet(dV!sq%gp8X|@L{^p9
zg<G{7*UzmY14*S!$xl*4%_v?r&0nn2ZzRM}P6imd;KKsc_@#NdAn9mt0=cqb7R59<
z?QUbhs43_<N{d;Fn66lSMRE~Ww^qL0Pb0Flur!(^TbyFC?)w`%+fqUP`LY20Xg61o
z==C|vl;dQ+{B!APcTzr%^$mLGjcGQP8U2D&IKpvD1V+hr>MRYBO3c!b)+1Y~XH+oU
z;@?RFd{wl36bWxYRV)KHdshu>X}q;d`-*YzCquJPFEam6LgrX9|AW5&)`QS{=BT+i
zTjqUjvoNJwC#KpfAc8fH`vV>J^(cmK1vD~`JRj_5!DOn(te{Kt?1!=sG=NtPZ4`3d
zfipGP%n%l3#TNFu^)$5n6UL8E3QUs@Cr_XkWQ>Qu;XYt`Zh{w&9c{S+4ICoZbP2=U
zXS+&K;-zplu@uO0Y&4kakLvb@WZ*BrWq~C3uqRA6SSM$*L}W*Wuzg@unWpvxvha9A
zNE6!)(>U;$L%3RfC2lBV<L(~B>@44CM03!fyE?Up3|xID|F<moqb%YKxi&g4rzN>u
zGgWH5>7J~Qd#_CS>v)|7>|O<esanb3`MY5cCX{W(nuPEe5a|sq4Ch&9fy=?5Y4bRC
zBHoXBf+Pn+{|TM^llBjo_kLpNhR)C26x5IK!pwy=KOz8`wnLhN6zrzcnybrcrVo_)
zL8)ff8*<xP<dq-`@ntmdRs&VenTBFBV_h_S3LV>ga(*M_w*91oJ9E#-ulsqW==TW7
z;VNe#_T`7+nW>r%Z~uVILH5C*3n}W>>75L@Q9F}=<!Xkd{c#<%gt7vcD?ByfSiaWP
z4w^c?r78_AR28CzScidn5VO>c7owsOd(q5#@4<h>7H&2WBqPhmRGPq=;e(7?`$aGe
zTMrw+r=yBjz<b<sft+oOp0fq<t!HN?XO!dgOfH#;z74<nxvQ^lNY{pIvv5|WHK5vz
z7sYIri3y%T61Yx(v}2m7R9X0`9?cN0RHE8xw?q^g3!tm|Nt`VNTm<vToc>JvKOds_
z;2e6AlHFP{L5gm!{X{=^UQetNAn}Yr_*=%d75KU)kG)n-?w_6!^7VMI*20h$)Bo>b
z=h79>tRH&KV7Y&kp;B_ZtjoX17ZuhuX+Fsr_nYyc3Q4WaU!q+c!09&(S9}V8^91r~
zKRCaNZp!Q`J)_B-r+6{Ul`jeS%6sOzgF&_^6S8ALwLkdS)DLc--a#MAz^<wFupTc8
zo)$B3!gxYx9CfS5mMB!J>PdZk%E0?#D)o9wTf>+ol>)OA0GayBd;TrS*z4afX}G3p
zY}`)YEcmgY*%d`D7DeB^?danTY%uh8t6Yj#tOgD`&^8iFf@c(%lBP1w;lh6P%$_Wc
z#$vIOPM+!;Fm2xDkt=5X+g9*QEJkQI-54c<l@7kVD%4U{!XKWP`i?y9_t}RDOzBy-
zva0ZgliaJO*Sq>eLx=|)DuXgsmcpO9a7n`x+1uOnKzR1(FSG)^bnZ9z!36{e0%dQh
z^wv@YS``d)cV=iRw&wXg(GO$T|9l++nvf7QR>rXY+H+<(`O6!Mx54ySBvzMy5TmXr
zKV6rDOko#j)=Z;P?hlUn`m5kGMkG<4VHdS+Q%t!W;xx|FTe@pI#GBGEYi{ygxKLDE
zXxWXGrw&ZJcNi|tzOs39ojHy-4_i!%rAuI_kT&{dTN(bU#-k%mGo55Z6$<(Hyb$+v
zeiWZhYE%D(S-IU+G|ha`*x+-B!vJrBp^#tUyG27S?)LtvyL?GG71#gsi2!~0ZiMEy
zdp@YoA$lT>9r0b@L0mU!>8*>p6>!{`reog4OMY!W6B9hnE>0D-FYyiUB<b>n21g}e
ze=2a7sdCnQMdfFpOkqmy>|Xpi1?)HGTCpj4rlYMPwset1wx^S5ibShy@bD0i%q@?(
zUwTNm8Tb5c3Stv~_z969&CVBrUBlnwQl_@PGTrPw05pif4E{#c*pkW0pH@j)xwD`@
zTO;+aNd5gkDy{bttgfgY-1*w7#hKsAjMeasHhbXt>VZBSQE*yfc3?4PwMU_%4{VWo
z5D-&k6r@~7?BVI+K*Zzco~@p1lnt?<OBki>TuwP>iqeTn!@?!ssGiC$u=Dl_ttQka
z%<K3|i2uZNYQwiJ0O0Lu&+oS5GW__xEc-3g_w=2i;}hWjXQ1j;@&7m!o<{g%_kRr#
z(e@+CH>wu^Gyne_*V2ITf6dVXX$c^85KgxSU?BW+AUq>>t1VS=FaSp6keLlVMA*-m
z-O9>P%NTEB=>~KJay|pZaYjVrzm@ubl?`kMF309&r{(-7oy|BJBd_&PnJem%+l(46
z06Ej}<DbLH1j}D<3bp84FPwT)06+_*Qv}rS9z#G9XPF}q#YY@;Oot&LeoY(z4pe3e
z|A>PEw0noKI76#M!oN`f0E{-$eB+-8qCP21v&0Y!tsU#4;Xf&0JOKcJy!&5f%Rm3b
z|Mx~Px7vXDzY@R#4V1Fng+FTHDdtgjA6Qd{0)Wk8hE!E1H+)t<=fD&VqIz~NGL8m7
zK}d#l0k$*NU;Zoe|920}>}&!6b?AZ4SH9^{tvkLDZU6vURa<cL#xiFw)Nj`$SY0Cj
zk9?^ofXm%+T>!Y##lOXP#r?bg?=3w1Vu(E`hKVuN?RKr1J<fAk1bPs5)Im67guym0
z#O6R-002rof6GcS>vebK)9>-5IDdI+K>6eY0Q$jA_&+5<1o!evQpnv!>5_r}R~qOq
zSiQZE7@d!9ib8N3rvGjnFh9ZxBPZdJa8W4&ZIcAr);qCM++x0zwG252ngnz#K<O2L
zTDSw~OAEY2#yT#qLuc~;Nd8Zt&Xe<#j>Yifpz!}UMeZ$^0Cb;DWSa>@i;UOI5HXg=
z_NA*a^;y^>I#HRvi${m-bVxZ=$tg1>Dfhwj9(_R(MLPP(3&jBdFj)ce*R<u(H_{H6
zX#XwnzqY`q+ODBkjFdciOHk5G;)X1Y?!FKZGYd-Gy%6Gu@;WX6poopas~q{|^Qkro
zAf;^SB@ctf+=633Ohy=O2Db}TElXkuP-ZaxHvd&FN(9RLJlLy0l~Hg=8`-vFi^0ET
zwMu&R@C!S_{c_+Lj(IuR0b(U#mFad<|5XXN9r`s(@`3KVvNcQk8@6FTlt5qrG$gr4
zmjA~gIGMoarqK?m4Os{Pn9<^&MaDouO4MWka9zjUy9oe5qGODbq@^Py5_8%>Ps4b|
z!jMP8e4eQ%>z4Wsutibl9rCKP=GU1B<mzBajRa#fPuDhMBIDZK-6?JM)$5GRnBpGH
zG2%t}WQB`<7LfVRIUzj?kv`51fD$X4V?d#LKB4pn1T69JtoBt9?@&fM)UF6m5-S0q
z-qEZmMl$eQYYh%j0?~X}Kv{q^t;~lc8fs*kr`(9%Y>LR^?nn$YG$Ew^9|issev9|T
zTzVRUe#c?4j*SrkO!01dKK|Kt);FYp>q7VWQWytNL5T08GZWZsGWPqb1R&hHKgp?8
zHUpDKu6IH!N#U#NZcbHSX9VSfHYY+52Hk;yD00*9={91Lm<|@y<%V%N4A#V!?R$AS
zVl3wfqMu;Ax<?L@{t*T0$yMI?nOm_f!JzEGzd{rMZBc-oZae_B54=+`40osa0sxn^
zM=L^kB|vp!Rg%PE?r~+7{3YWl!+WC_<9-}WW<+bpGVV2L0|0=8VlDt6K6Hou%mDx-
zN8_MdNmB7VAe;&Mo}TEGxCGHYNr!+M27>3P!5;vinlggot*9leuseuMSke6I`)m80
z22=|Gz-?Wj96&-ZAZaHgiZPkv2=iw$oo8APo*y8)WKM#Z6F9o?&<5eoKy3o5bBReR
ztDzP^oLCwB8Z5h^9suAU3vPM?A65!&`^z$12x^Xi`<<LFP`Tg+Y!n;ffFbndkF!81
zXdE&JM6+31))$*I{?2vYWo1`{tFii19UtB4aRSvL2#GGX3;6{{!xi-QBi^wR;WG}g
zn`KxlIR2I;ZFY^{)aHtVZ0HF48U9lXp?G8iB$v>(Z)w&ifYJ}6DC{VMy=sa+BO)oN
zKez80Td(#F5@Dc+4Dt9)YCva4e4|(pZ}~FxQIr1(m~}i_9e~(Mi~yqvCt30G%d)Ws
zOR}%fFWxo1qX0bC*A0yYaDR*qD7_gIZS4&csi-I!n<WN>U;8IyG@Yh|5H8;L#Q;EY
zBH9z)lRZAPYiK@Y>fuq|UqroR$<U0l^$i_pvW$2H84r1tgv8KNEO%^$vDpWk&>c;$
z_Iq)szkczD4<y#ABmnAxj<{nbPTde`RJDqjzNqmZe5nA`D!>A5p=IV?*QB&;jO(m^
zL<`m+;eU%+)FH@O*p!a%mc!e0ue9*$kU}frIc)m~Ccx3>Us8rSNpSlZhz0_N5?U||
zfNY;ZNOO&&mv{yHF4!9;Zn+&qhxo|O1O*ZR^v3gZRK>7EIMV0aM;IBJMI~?k_zn`~
zvns;3AGY>6q6H`treyHxm4}W5a(n^R05Yup8Jke@>kaM&H1<+ty*jIKqq+6N+PCO?
zPsFny=<uKJ?>3*lO=EK|F}9qbKsDu-ImS;_O<Fun$L^{Q1(@R|R~KN04z){&{#Hfl
z)DT@m->Q^wXHbhb{Q0ImqOBhWP|E`9e|`FmDlvotRi{oJZbyDQfy)WHbKr_ZqtK?m
zi!2eUt^C1H1=LX3)zBRMVe9aL#P^7wj(#k+{{*y4`K<c9qE#y)UfIK-R^3iCXD0=z
zKmKU?QoSVlD~_cx9_RNT;fyCJ<%)^`<M#sqOkxP8FlKc_5t^`0w{3{$WdovhNOGq$
z!6hV`Bb4i?5@+H-tlQ%KL*zjt&I_^0u?o!GyNLKD5xdH)$DCuBiReu;G@*o2IkB>k
zWhG=iOuY`1W8%(>Cser1<L`lDSfi`4yRp0I>TjRc%yX7farjHE0@VnlBUyUTiQDXw
z8Z0kn|MvDWtulP&_8YW>V{oA@89s_x*u?TRGpNJa-dw%#3h!e)gwLC+d5=t$Awl}l
zSkd8lYB{?bNO|}bzRwv~$|H{Nh|yZE$4pmn41%#)&|B{IaPQ|hoJRY>l@rf!s_&Th
znjzA&0b`*HBhAaNO4TYn{%3ZP&gZ(e8f<jrB{_{Q06-O5nisM+sdFL$zGPS+B2fo`
zev$-w3N7JJ`N5o<r2psLQR+dK5vnZf!vLJJT+zj*n=<g?Z$YY8QX^r?Nh9fDI-`mv
zVHC$;rz%M6yX@dAt~-}7#-LkGYX&y{UCIGT5*`yx4N$|+rhcRLt6FKRsx9?DOTa%*
zdtb{|57Mi?Gnq1l;!C)0EFYq^KoE!AdpQt8cB*rbg@wPmkR&4aiELeNDkI-WNsn?S
z;{A2Nb_i3l-7=_0nx)~r$`k40(x+|f;Yq4z?DRQc9g*>mSR>fft(@1*%~^tE8f~EN
zj_&ubwRoLZM|UU*K_Llc>lHtKX$4Mmanme>O+WXn1I714>GcEKfl;oKn5&N7DWTcB
zQMb8i{JhVHDVxo=m<<>AFNenCiTSig>AHJ-VqlS+YGolzj-PV5R^sfPOX<HlB*I?T
z9iC8zD!Dy-f9aH_>84AY*n+BpJ{OQpSZ)mqK_?Ip&Q}062AKhEl<A;}wCLXBE;mjH
z-;5z06We@c$A|iahK>+G#ED$5f338Gh;QV<nD-MFS9xMiV+kW+IgqL}3;?LvbTz6(
zh0sY#CzDYBVi*ffCOMFSeLO}mE!0~bm#YE*(DO!25DRk12jp9u;(E&8<C|xM7eM)I
zj*5J(0-Xcpc3?rN{%;{M3+1r&w5H(qj*b0<pR^PM`KeFm6eICJcwUc3>6$}-xM3bN
z&N)lGt`B6Tj3x5SYvP+-ziJfI?Z7}+<I1evPtE0aIeIgGUBa`<0c$=tB84K<#eac`
zoeAha+3X)YcZ#qcqJ<gVD3Z8E9h-C$6lfrg?#bd(qh$E8F4bq?v{>UJswc9>SbgOu
znJ^P{F)*~UJ%!&vd17E)iVNS;V?Cq-w))$2c)f&S7$N@K(%0gtw@Nx~8Dk{n^`|w%
z7DoQBrDR8avK#vwuJO(^?!jHL6hvaH9r376fl~|FD3=KDUyhHt*Uyag)Xk(yDtwyB
zLlSlnZA9*8T-syYx1t+A@jyCmm6)C=J>*Sol<yEFH^JQ4M-|TI`bvRm{WQ``i(bW<
zf!WjpdRw89&xX#Js3<<?d#~Bb&Ztr@>%pPJBsqWo$|90-6d7<rHma&-oynOKUc2Dw
zFxNFKB5NXwc$Lyb(~uFBJtZnTg9U~g>()RIVTm`luMn)6{jC!7!1Ed?0J<f35G4<^
zyP*OGQB`PQ8;KhLu&fLXe0DTzWdH-qK%uvJ^edTU_lrZa3Xk=SRp(WOYK`&T6hIYh
zyAyWLNBj?&CWb2l#EbOFJ1wM1d0sRV)RPgq57r&_1jPZ+=3WbVy+QHxPpmi0LW(qr
zqwht-MOIMBQ@xV!x*i*vZ$x}Kk=>DSiNrxaqhw>Dr7hGZQ*jlL-s3_3yMcsX%x=ZO
z-`6bi=hVA)T?Lt-9S~Rk+vmtPJ)ER8xe-fa!q;d^Pb79YM!c`tAVlc22GwOFvVW0|
zTURx_;kKP;y)@6V9SE7wBnL=#<}1cR(FOvGzGLwIQc7A>huf3isGF#6r22GzN#^nE
zaUZMbMFK&YDX+ldOwH=Xx<P_LUlUcYoS!kzp8Cm#BS9s5WfygY3W38X=WzGT;1E93
z#WhIZ8VOpaSHBo=uViMZWrM#iQ$*Glx@$9zFg`8_YF|)*(NM*h;4&DPwfapG<&u%B
z;d5;QfN3cu0f5mQg*mWKTR6q0N|%XwE?54+B{$Xyl!{QUwAV_z*8ank1yubThMi>*
zu0Qo%5Cu?V_NoOc5t=?vee%0aqDP0Ihkz;s;8?ipQT(N2>=76YbdPy(leD(^*<6i>
z;g_HdYgMstOR)T?MW&E5BK0oljGf4y+1XE}@?u<Aj@;Gg@Hun1Q-+Y_mg&z{EYD<w
zt5)xMjQ`U&FiD^@N~&(!YBk5^O)E~5x6O?(Bd{Pk7^41QGd+PoOQ3)jq5!)_xUtVF
zgmc$EEs^u5;w|##(T+TemL;AnvO|#F%QD+VcmU4Z#%|ix1RLWt$7u<Qkd;(WB2O)u
zh7|_H_S=POsi=Z|9edlwgFn)~kjdvDoYc6xMQvG-JskuEPkV_#yq3~p6^o3yG?JtG
z;ftz;Mfsvr)|jwSe(MZilWVJRfB>L?szaN$MzVziv!E1>{0FcMLmxhg7NQ51NH#JF
z28|M0<v13I_?j~~sFUg}J_bbzYQa>ll?eJKiF+wW=0!<SvJC)$t%4QPw~cW!?Kn<m
zJuZR0;b~<tgbw@m(1nf`#@r0llN@LBjap@=h{&vVtiHCxz#b&5&xG-QZ;la&@v%Yl
zX-JWdg<zJfv7T=eR1M@yvz}3rN4-M`Z~IR2tb~4JX#CQEOzTL&-x5&~0y))K?L7Bx
z{<nZlFMxW!!z${YTmvU8M}+0IrLZV2lq0#tlNnm#>2st-JGI41dFb}NVlO0C0fvF`
z0Y=jXkF7rpqm>)lF4+1(ja)L8(TgYc80X9k@+ejbt>z3-gk_nDC~na)*yTlNa4mRr
zn7g@LM#zq)N)e4pt>Du%6U9uGq^ayDr>U_wwsJ`0HPqM0TTVX?o_VXXw6F7-h)ogt
zO0Lkd5IUm*V*!nsdmh_O=h$QMCoMYwOq%d8QtByv#ohbNKEMuvY{kIfN{x2QKpfRF
zo@gBkNC}>b%ZF7aY>T>sxIU7Oh;jYXp)xB9ZpisrdJU5VJy~W_yW(1|!j3V|PVKpZ
zJL&0LV(_o!+2Q9c-=X*?GFW583(do%F6@h!WwIaOaRbn<wkXzquQ1kNRq$aZcDMw<
z=w0vp%%FLC<7)DbHw<auSLg}Z76|~HI1@9NZ0!*~;y9d@XUENZGcD1P@|3Q+IaW|g
zij|JHELkv*WHuT_tUNhmv4!#Aa#^Y(kypFi$$B`gOkl_RB6*lBVu&!O46L1u#3N<P
zScOCHWYXl1&u6L5ha78-7;pL`EgS(Z64DcsV~)t;^S0l7sm!?6*}EnV<v4CoVTx%R
zE#>>aZSg@>;{E_*{Biwu4V9_rl_ZS=gDKFumVf2w=+Z@!=hT|dx<Osn?D4PwwcJo|
zcTxgVbzY)7?qws`QXZfJv4N_!zj3nLCYNbD-~Q!`<I&p`%?|s!^Bv)C{&#q`oILYY
z4Suuy1i~hra|gt~QswzhDY}qFu>NEQV?dS9^^su2w(;e045VD<fS#rtg~LiayB#~u
z8V@^Vz6UtvWk|{>dy}*KTZ|jiJLf2hX0l!&Y}H(jm?22<O+y3?H2^?;Ht3EXYi<;%
z0#M9jas(59l!2*{+SWTkpJyUIycm{!+27;c$-_Z00svq1IH;^5r$Zv=;*eANLyDOo
zjJ8s|=4N<k$NN!|FLXb2ug(!+OyQ3=zNDsl?AqQ*Cr%>WjX}j3XRKqI|6e0;6Qv+g
z$S*pDW!{Hzwa;B)s%usXaii>Y5GM&;+lXzskDJ*L=a%DPp7@uoCMA8Xo4>DSaEuKO
z2K;rovfyQ%K0Q$G<HulJPU>V4mH%y)k{677?m&@6eB47g#Zk?Ll&{p3b4AwloVqz|
zl5o_7j;d@LS{!3UCc{36&YaU!QS`>J!Bx!fyednN-YhiDcws=QF8dj}FSm9rXtH`r
z17vSBZBddz#~AZ_W!P&$-2=dBw&pjYLoZgK_&9Y-q5_qAOGYLcGO{8U1*Mtif%+t?
zsU$2(gND@2WQ~i-tQG}4-Gc>E5%L~ruNA_Lv1A7I#T4!ZgYitub7=f3+WC(GXB%sv
zX_=3tKV^BMd;^jcZsUDmGt0a8JI?sY-n6sjMx%J6QaI%IInPlgAax8td!uT00H}n=
z%%gl3%gko|10xhLiJ@VZ{1(*)09ZCm8o3Hlig}-T%vElfeLkl)9AFD-fvF~#7Z<`H
zpfax%rP}4>^Ji_<z<$-iSs>T*Tq{s~N#Rk=%$8k>;ZC`|&fPlN;Hl)a3}nU&X=@0|
zcoWk)%nh3%$44Wo6}*m-dQ+dHo2b7a{6dV7$|cxVM4hyrbilZYN*r1i?`R+)_vwj2
z=?gA23L1GYHmrY<jic|7m0A^#K^mvi$xYI-P{>^JyOGS|uOrW$8)SDI<GxCtA!__}
zVQat~5VtVHJk^Wf()5SlZPKhA7z^IAM=5-Ox}lh6<cUf8p9-jqbMOKf7MT&qoQ~*0
zUqhbn*Hkor9M7DxwMZMx)WlQcIg68vZoT)y^4EdV)cOVc3JIkvqQhS%^J`FGK+R{*
z4chz@fG+QjyUXn|0Fd+oAgyj<LKzNotI_Q^h;WzzpkiQcX}89E-SbQ4o&_YTyaY*H
z&;Ubk%OG119Z}olu)aHLKEj+E)B6cqOfX_eUc&(sGpNUd=kZ_Tl8EY_cyh(>P%x@#
zzmm&2>3?EVIL5e%(t4mf>{7@_$adH45>*?`J+`M84U1&QHbx}A;RJ?>jgBy5hbh`h
z!SQPCLXxeD;<4cCDqUwhHw9p05zD(8k~I{vRiA|%27M0%mei!{{*K)S9`B4?HZRdk
zRaIxTMdz;C#L(`1U7rqo;!rS1)M~zd?@-}H3u#3kAy^JS?e<D=9)xwfF4=y+2-~(i
zDTn%2r(D*AaO8pd{Z~3kb@WkE=^W+FbN|ej-)1|M?CSn)qkN}6&6Gh3FAzf{MzAO<
zS-rB(R+c4Rsrq#|T2cgIIcBEIu2MOLvVTr3qK(Ni)q`JRzC<?ccn?~*h)$eEwVfG?
z9wZ}&XayvV0idT-NWX;13p&{sql|g=qC^6f1_2h;vasZ&6R2yfEM#9{klY*yN(Cw@
zEW{kqTGd#)wXi7UMF1OTUDc5El7IB2fojyiP5>n3HrTr~fPgXFYRF{@6Sk>Jod0Gg
z9v843=~}pLI40?B(EU4^Hy#V-#|R0GHvrPSo}ReA;NqQJIijn)tudV%KDyUr2gh%M
zBTHiGi;!0cKDB(eOtIZOxC!e?&TODa)6f-UW}EKAJ$(^(SUb4cZzeZ(&K3HBYS?}*
zCiu|^I-Hq804exG%C{x_6jMS?pJjrJOShNVJp@a~;kmz_VSvEkV=!G((qyw&v?j9w
zUc<uG<Mt6`#)h%(4Fy}(5)eh11k?3dY`n)z_Ru?Hp0G=opocRm=mz66XYnBgYr3Yn
z9Uw*;BN@muB(K@IThK~03?!hz@4c?ttPq8#X_pP<ka7OC*;ig#0FkwX3rpH{0IWGG
zrDj!s4e|HjgS%f#$iOh~=f4rQ7>PQN<c=o_cM1+2N3ruRaYDj{jyR`TrKy(*ep$n~
z?oKo|E&sz~#j7l3zAPRS?YIPPK;-~_S^D$tv-Ma88a)8VPPpge;|PZ*iu~-oEu6?0
z_?p4GM97R%vmC$8E$Vt*GkRNSG+lqDRWW@(@`I-Jh9)T?Y3U&ySTtsaWA#1INR3F4
zArz%7imv)T6`_bk4%tq;yR0T3Ly7*>FR7|t1*d`YJ$C*SU9GB(9rM|Z`9W|VQJHS0
zpYiK$iwjd~eifZ(C+Q%wmStaiRwe9($#lPv$-wLQ)Xzk8P5i3vlY2Uj0cet(BA3#o
z0!PUDig6YC&Zw=mlRU>;IQ7Tg^8Em7j)LtRFGD-RTcQB;pa(p$Q*Y%wy2uslOeOn}
zBH4+y==-Tiy(8|(b6&>v%|ZvyqVLfNK|4nkC(nJmNCvT8pOEj+ZPTkZxuXrx;OC-K
z()gpAFBgKAuMrK<;d~&iQ2i~sF*y9Ga@{5X0x7@eM44ow$}-=(K$<6B=?lakv*ijm
zl(p1r2(z;VYDfhHPXK_Sg!}jXwt`BTY6Q^*X*$w)Vl9c!y*JK_S1+2i@9nlVv*nUA
z+#KSQD~t{PbXv_^&r^{Z@fZe8xlsLYV{1w0Ohy1-fKf6E7dSs-BP@#px4=e?Axzn{
zo!EiOy`!GL1_pGwm4PUj4>q$@BZbNO{g*q~fh^l2dqsOK$CFQb4INM!=6OQyjYO1m
z0-;I#9T#8WN8?`Dx{-|0Q@x%jX3EuzYgwyZs6|{{JlU?be1Q6qzcr0pFkgaOf?@UX
z6@LmuRd(Sj5cti1>hGIUv8=+Yct4<FO%Xi-vIpqkIlrBn(4N{ZKjP;I4`=J;(q1&~
z<ms@#eC^DCtR_-sP+HK}?A^l9CW%c_l)PR>y9fHqCPZ3a>s!o2r-00gabKs|SEIDo
zhraX)nDT9yh1%+ezfcm`yc*WK$p#>9jtM9B2WX==9t6h;d0TDznGi!uKOu9^!2P~5
ziB1iT+w%##B5lEMmEvyT5GfW(l56SWx#>ZX&7WO@kB*oRS_&7F{yOoFK+H&0cl8^u
zs3B#mn9)w`vClPQ!YbN0dq%$OcAWsTFwf*PKKxS8#Zozl@OhZjt__TYshT`2`1o7Z
zs`t?06+#&LbCvH!d+Se!47_*-^XQ(DI=G=UQc1MLEQVTZY%;v6Uw&yvx(c^x1An40
zqZHXG8Mlsa8k91<TbLPG4u70BHis}e6udmGe~&p)*lYi*Fez}JAM$6|tBFCuhSCR)
z@Y@B^#ehEmwtR{=a(z-x)B475un!9jY#Rw1o`<~(kJRy(us=|VLQj+}7A|In<@k*N
z<tv)JSFe2+(ERFSP2eLiId2p*9Ad|)l60Z=0U!;zLjZWZ1@n9gehQi~B==DKv`Ig|
z!m#2kR%1EFD8qnOD#9fEON>jtF?DI@g3HR!{F;}V|IoQv_SZI12g~+wwU<Ia0ox%3
zpS|fVst!-Fr;B_mUl>R`_<g*CfMbdvM%(_(YqASFw-eHII;=8Pw?xG1E1<Ekdw^%@
zEIsRCWrxlzPy{9l=*7{iJy6RVMKTYrnBSqU%!?HT#A9{#_?&Y^@7?VAJy3Wqlj6;4
zL0dgQu6r;dd3yL3y@)`eOBK^%o7rLF-4R<bOkyL<U6{^wEQmX1qCOZXJG!f#@y9-B
z0PiPSroRjk^`7#@?dXm-x1d+-4npF*2gA$ai_j6-@8$15C(@Dbe+rbq7E8vVS-R}+
zzK1uji}E1H;wBx`j_Wmxay@oWtqze{XbA74MZa?nD-JtcK0jfRh9rL_`D@gneX-b2
z-)&zkf9FsLM`TOt8!nS{=41cNcuY(&OxJwDZu^JvxTiW6fsW_<AC4&W-f{t?$J88T
zC^Kze#5Jz-we1(T2fh*e$f}>4(+!ojHnloECEpdtuCrn^4;Z;TFc*2ek}Ifm=)tpy
zoef<}k!W9@-i^1DCUL@eIP?!}1~i!YiG~JMhq#&S#NANJ8m5Ai&I2R`P@{9nU%KcQ
zGt69Bl?<V&iMm*)7BR7HA&qN`zlFP7#y;uP8Rv?iD-AKdfiYZ#S6_MzSz3wZH}oeC
zSB2#i-UHke%izfW));(|OA~(pfK@FG@BnA~qxL!k-nT6$4frI9dlzy5oRXsc;0FGE
zGQPe(O{9Xk!hNV-%eDPVLBb@7a3D!WlPAiWz-hH4Jvj$`nQ#D@W><KSaS3vWf!@?D
zb|Aw3!7hF(5pRC$mU0{0V9wxnzVqUGj_ZPiQc_J}tHuNUn_&bkWzdSPBCk<m7sg6=
zLUo4O)9{NLa=WA)n08eIUB)UBLqhk;9VV_r;5ba7K;w$-GwZJ)p|d_GeT&E&=?!e5
zdzfJM)@Hy#H(YbpG5Wb*CDO%ciA`bu2uC{*uMX#X&anu47vDGL+CGn5QXG_c-FjK;
zk!HUx?!rYCXnQYXJ^$HsMg85Acvpxy|ImGr@pK1|OL<QtBtM<+>U{~Rbvrjlt75?<
zdc6b<LMs&tZ6}j@Q{rtyGfxiwhg2~*PSA&)*WXwZQ93z!j74XzA?wy|Xn$_+9Y54%
zhS)QHrI>qbevjXM{j1-<fedJqh>;alsOm<b>Q$PA_9H@c7FuX7*ZOKR_$+%|8^Cs*
zL#iQ`j+=w)2(MJF(UWTUv=wS6^Osim>URLNmmVd9?Pp=KpVv<!3v)|NP6EYuh{S>|
zVKxQCEJQP1Bi^2~%Y=!4Mg<Apk-Ih+{*D5K3aJRhmb=9sftk*<=>*#3md&^wH3sBW
z!dyojQQm0Y*m02tx4=i;#WtkGA(1Y$DFA>O6YN6ydu_1$AM(F4dSIU_hCpBZg#nBS
zGpB-t4TRh-x}?}aQXFKQif+u9P~TIhuft7=2O{9d*vMHEF%h<S0V6<urVzf=Bx-q9
z16WQta>(d--g~wIE<WN<4!-D6dwWqa{r>=dK!LxJC>1ZgU7fPJkZJN8l=A2Ka<kV>
zX@@zwB4Juok8>+AQ`1wz{MIkLFaN`Wk#|=?Nx<tkw`&r36ZgWAFL7-yk>-a7XQ2cX
z4FLYnuWNvpMBGxqO6^YE-vxa^4{`sToLbBEJ0o*rrXQF^Th$FooZfT}|FRG#9=O;`
zE-CT%NaG&U%NF8+@}synSl{eeLr*@!BIpgXW)7r<i(>dzzT@-#>-@1pg~W_ElKux6
ztVZ*P&fu;t#YA!+o$@#B#0fqM*82F*UqIE~)N(jl3DRD~Qe!*;9Ks7I-`pUJn-M!)
zJD44?US`uwNPihwChJo(rV*K9;G)*egirp&1BRZ|C-8e*I6_O@IhmFpbq4a2|L3<2
zj`U%&Yt8nfe)5)gM2<Pc@fZ_)qB>fDK3F!n7*vtN&rtdB(__@}aJ!fL>LCdg44$;c
zgXSj;mthW=M&&)Kwu$;+lLCSg67{Z@qZ?}H1o*qgAF|7Lfc^opw!NjXmvFJd^|l-m
zuICdB3>VuOoi*>hH)Vc!5igdIq>z6wM%lYQKCO^XbUhtjXl4Ka000014*s=(D@GPv
zTMWiP=m2ye4PGFn0>N;vo!*)JF!x;azZ(Wbc!D~N`8aFh@!oo?4#n@-s-u>#5NobJ
z1K+z4Y*ZUq3d7ed6#^NL|FBK@fVR(Hc?30^cVRFJwOstS7MEot3`#)(ymy;$uJ14d
z2N5b7-T)1j=p{PmXX2zaoeN(ObeD}QGM?LE)JEDwq9xYPX}b}^n+v$1k)Tl#dPkwH
zSTc`y*ljiI6BwmC2`lU8z|lW2N0<wqCV;|4=;^d#<4i(11-8%rAT5g>6yTb?F)`2^
zWR?M4TxEX%$~}2@^O7Mn&2$jugqm~|ATr`H$M%f2^Tn4+4sfh4<=DxHno~UB-(`;W
z4aZ`of7t8ZiL0E?Xt|TbnLJ#4?cV9XqW$$IHx~q*#f$1PgI$-5fue^x9GYnn0i-ZE
z>x*}W@Z2mF*gWfm5YEP_m>xxUPtd*35J@IJEu_#6o)~u$DEMIHys;GX>tH9QtF!|d
z(Cn@O>21xfc-h$xr7+muWM&QH<DIO!Qm-z}x=3pZ00kj8mUwOB{iLlHZmmhd&|)C^
zpCRV}qP5T91nA@^+M7x96&=0GayZf&7~H$PPA_M4l?AL=#^QLhXaynyU#Nw+Mv1E(
z&|$GFU6c#)-*5|+xGo>?0006TV9SxW$<}z{Jw^G%wVwo=daO=Zs&{Jqd6W!q&EvE6
z3ZaOY#GJ(@Jc+LT=`v`mCcT$O1`MoMywpdHgY8*xVE-vvHp22<M56-7yf+L001^~C
zt4VMh4wpqkXt>xCfC3-tPvt$FlN@)Xs8_duaFl3)1J}C{9eMFIUPAMy_^~V{UfvU?
zAf3YrFwgm-R|(EKlEK2|4w|I~Z%xK)4c2_ZhQV|PY<K$*w$8zBjuhv;K6@^lL0C5f
zloMmnk^q2~WObieX`k2xuqkiAxOZ!81pD-De6GAq(r)z?!4o1?FiV0k4X^m}e3&T`
z4B@U@gB^aQs+u_eNQI=YP!zg9<}k0o-di-!)@&|-BQvAB4P=G*iGIE%i{^4Cen`p+
z%8ouO%uIuFe}}O1lUh=|s2k1tm0PPm#R9Y4R#Com!(1nZ&YxZ}R&3XREx)mhfy`sk
z_*vH|&yRyqS}l;&=}EQM7Y=q&%l|g`6(!jWVy>;kS<LT|pbbozZm{wqNaF3N7+kXt
z4UaYJV-Cw(lIys<(PHgB@AbRXZ41+p#k}f*_D2?bVYkbu{+N$3sKQwyvXZ(li5@q`
z8sg<{^2JdpazPP;Oa+B7qY-JINLgIlv@qjv&Zers*?Pz308k+TVdcp7pfXOjIL=T1
zYajqbCi$J4rh5=pQ1E}2!SYaGLJn_N8obk3&2acHT^tzWc8A7*03_>#fB|{n000L!
zSZ!DzZ9kBrpafPKZ};*I`C7UWouo+EGv?t?A@i(mo&0j>CFxRvQ-mR51dZiUZS4C6
z=^)4ea^67%QKiDa@!6@cQQ2)+I_)4YfwuuD*f0vpplw=Afb!JhhMN~oWu*FxYTHjD
z--=TDG&HvK19;2QAwHPYax_IX1Sonsj4<2DNZ+}hc}7Wo*FZknhj-5T5NF&SI!TuF
z0?{^5ohIcd6d6|S&)9%n`lb*Lh#<xZF1avuIw(+G;CSw5=NKr}G%sbwk8<^JGv4;9
znB{XTyjXq(d!eVs)TY!wZg3$yHMlbwlv7>ibI19EH+e;=-Qu}Ghk-j>re7xU<eNb2
z_nI^H+tgL#P1AXn??DTDiOgm6G%i3!k>}Q5Pwd1xovW|CBA$A-&9q|>qB3TuKTSUz
zAbYru77#mGAwH$G8AL=RxdjA7SU6&(0j9};#e?fPOpPs?atlqFgdgiR+PFz;Xv#L-
zf9k~g9jFr<_Gka5x~p>`F1{ms1-Fivv0)AF5__V-#-5+B93=rZxxP~BMF12!$aHxs
z=)Rq~>g0a6004avttw>Ck|!NS4PrOIPnC+Su7e)|;+WS&KmZkB--iQu0^VksV62jC
zWU|d9x^>~Ezyuxz3~&aGu)LSZ>;Ny4Uy-B%EemV|JW&$3<`?#tn#<~VStm59TLI1K
zNk9M|bH<D8ZIC>E`IF#G@}5;_o&=H%jp`y!r?CwX0Nv*2B^YnDGOeUMA|TiSH2;JQ
z$!m&qWqFz|bgK{1FQ6V{3kT!qa>ACfaKxAO>N{Rn^6JM(EWGEioTR{WRZ08fH0UEB
zd66qX5%~OMVv$owHNZ*jVGn<q$(-AsEmMYWOhOA-#HcM$d-#C)*`784&xl8Ob4H(#
zc?}Un15DR3w2J9<8J9TfsD%{D=B!WarP%0b=g-;d9Tv;{x7x=&Aglly)|yPB`7H0Z
zaY#j!w_5}X#8IzMgQ0PKI>kFU67Sa{&Yu7X>o?e`D5##l7>ZJ;)rZJa33L8q$SV^8
z5>ILSO~yFW))c(xlLO9hPqVd~kXgEHHv4<3S3P@{KF0r9^RmF#CW}wNVOx=Oe6`0H
zxYp*_oX#mq>IAB_@Fz{y(xG)*&T=tgO_9cIgs+zss37+ORt~Q%tOhpQvAbrh9u@Gz
zikPp_@&wHNN@9?<8taQZN3e202CorE)2hQ(I3GrHwh1#+B(C_*9^Zy8zLS^+o)q@5
z50y~{zu|*?w>^5g^9p%+so-wx&A^@V6^FZA{qLW^-sI!=uvWUcutBMlp=IJBBr~k$
z;kUOhf6BqeS2i?4bowo*20HJ(UF3@vj(k8itHP3^9eZ*pVU~*mY6L5dxfql|wy0mi
z<q8(8UU=)zk0=8@@|KmWUHf}+$Ux^#HiZPZjO^$}QDO?ottis$@yL1OqSpDtzOoJ-
zLUtX^Rfj*Gi7X8XC8fl4Be%|j>xNH`?5J)N={c=F1<uhVlLY}d@~Vai3i;&)FmEiV
zjW7XSQ?R<lq9Vb=?(h+Y<b+1c5C8xWEC2uiZH$EqumKgWeuw#$XNPw)45Aqjy)Esz
z!x^R^000pdcGatryg2m+6NC4P*Ekwjaa#E}k{(((MZ3)MlbuDA|3u7TBVNEd_Dd}3
z@@%5{8))!-oyHinqY>h-SQWP$QS=n=KE_eU#&qqaT-Z%ifN;td()+SYMh{k0D1`7-
zzt>l6(6*~9z+J`9SIYp_#vri_cmVW8@{LvGH$jweOc3;K#7RTn0O+Xb>emL5{x||w
zPtd!0+L)_2>RYd<A?`lO<a#W=VQ=Gs<HYLvsL}VpDxHCauZqG3WK*W{)0&@t>@Y2&
zpX!{%c4t^Jd%#Z-AI~?gTptb6kS^BV7J3}<1Hm<T;kXrQY|JVGipO<;vn2}6#-PsX
zg#y*=S4~*B1e*|Yl^N<LPzjE_l&IKs!ZmOsClD9Sp`)g(oFIRIO`0vJSV!2q%-4lV
zeWBkB8Ln1Jp_NvymL|UeS8m(KDy$Tf#iWw3b?26QOZE~Is`+W`?uvus3aXpNp~J2H
z;Rlj5a#qaBF2680Z+MwTe9vMI=nN?;)%$%C{G=y=dy7^o&nWzPxglY@qE`Vi&BUeJ
zU8PgS`z>Y{NZP7<pT@uH041WihmYM<d_&RcBnWzx6l!x#pU+!k)F+0j!v3`$fu0T*
z-IdV$OpgOF|LF00|DilJRu}cC^YQW@3iQcdNx|5N$W<pa4D}5L6!08=R9vk0V3u=N
zJuE>+V{?u_fGjy4e%KrAyme5$CH`sOIO*FX`RCqSg5{dZ(el9g?rDf9ChI6vsjDC1
zgQxI1U<oToAMUzR7p~lDS+F383+yOOHw!|5qSIi;-(DUF%l}QfL^Ei0zJLG$5Pd`f
z`GD5RVgRi|2$CI>lYjCO=ZZ)f=79TFAmoPwK5i94cz*x@000a3xLd--)OUvtX&%rj
zta2%qEy_oX0d0WkeM;b53`AT?(iZV!r)e%oP?y80NIW1!eul31;j8@?*^yQol4yJi
zA|Fz27kWo01Ctj3h2+{p$xEcF*QyJ3D`D!ua*4$ik<V~;h~OA8ZnW~LuO*?4P??qb
z4-^(*E-JuBq&uWI>Y0M(xpr3shInjxS0$ekiFvs2P@`Wo5t>Ye<*{;e#?+~+4YpI*
zaXm;$mHZPFls<yNA&s;qi)O%o<)QI~t$~{cJUP-vkEktAxAG-s(3d0(k?HY0Fk!0n
zO_dw)B9I;@uK41P;eD%CQbIPFY%+9sS-;@y&uJP^<w1QLu5bZ^A{$zP%!m|WZ|uce
zz1W@>pJ?&$MA()f(Gt05!-BYm%r+UN8aOg3NAiH|?+9T&Ecl^=XW}z1;y`}?6qX)d
zJYiJk2u>e%`rG7lz1rpPrxps$UCJzt*uc^A!VGT7>08V~ETVJiavkuO|FP1W#vL@l
zANuVF2XBN?U()`BkZt#MrI#>&I2oBn09qu9Vo(M1)XjjF3XZhJXa3b(af#m)^Tjwk
zoVo0=Z;%q#NI%pjR-yPXLF_8bPewMpRT5o!_Kp78E)ko)%QlfVVgLJCclW8sAQ60p
zOR9z;l+RVSH{WkBQ~jlmP}yGx_|%9Rh4#dw-mDF1x*g_w2{uhwLu1CS!`8~x;ay2#
z3k{0k$}JI<9POtAB0N%K$d~PE3_+B26yD3DgV1tdDp=&OFaQ7m0000009O$fZG-_s
zCXRawpq2YVBv?|%SkeFp>f@-hR543K_tZ~?JHcGeibo8MV<*CJvwtFUG4-?FeB*-~
zBSrkeJTv1&pf+H}_p@)(&W&b&z98qA!bk|sF)$^JNh$mloiPAOH+(E{LMSJqZsPL@
zHCg_vc-!=TT($Y-AI&7BFj2^9V__^88F<AYFM;xmg{x)alE*?kPf}LjD23S7YT8-X
zC%5bLd$0juT^|)$0<U0>y8)TPxkj_3q83?;9haQmj2l)an4zdBMw4^AsN^v#|5aEz
zqS@sYhjE!iu(UInV*+`gEIbl_?%XP5R7ovZrEpg1?a-%$m%(E((pIY;5&L~Lu`BvC
z7&d&lLV;I(;w(34n*x+Yr9*zi0||31h_3E;kwb76q}kZ(Qh&ocn-HV$$to|ig(msZ
z5lXb>wE(mjrkV&2#K@&!Sv~ZlFKGGY(E(1iUHV%LScV)sFH2z=Pg+OV^-PdB{ZE=6
z4@F2T$I5i?ee%@glTj<?mZI8=S~ABqUKOJQNHEa%Y4Cqs-I7}7GZ~Z8rU}RbTVe$E
zC}`k|UHkR67nhLW^5S0gKO=fcIUtDOhKMvy2#e{(EDxoGk%pR+8|#_c$XU2=A6%+-
zKGGk0r{(DMH<kM!6xdU*<Gfc9ixv=d1Bkd5@JWcslo9~y^o1mb@I)EHKZaWHP28p4
zF`c0h2?YQE00000001^>dxpUy-{F4^uh0z{9)RV)%iFO#(dcZs+`t$e5`eyno=PlY
zF_iCmD#x9;ycqXr*^t6$c!SBg+f0Kl8@AFx%vCmhKfFA^f!F128CAI&sJS6uRgwnf
zs;u!1Sp1R05ItcR{5tuAJ4}ahS^|%kqb%0&KxzZRz<J!}>qZRLSUdEkVT39aGLneq
zcq=ZEv~nsTfOTY7=8ANM%wQ)ewHhf5?4F4JrLkVZ?t?D%gh7H-p(oTNGng)io+Xce
zn~ZWz0clCP1Z#H%q0MtIdos%9nE+h(2D(T1uQs$Hyv++)>ox=TcGmuY{$iW!eQ!iS
zDWB9-%tWFkwBc)M>huuU=u{sl9C!?%CGxJZFDHDzHiv3uXF_97nWliBCS(Z0Y9$3D
zUxjA$MYlrkxDm=t$z3(CJ?FOL;o$9W1;t|MUo9(@LNUmdLyZ+@A9Jef=K+`9uu!rm
z9#K^l+1P(gRWn+;FL=IwMMF(%B|YdrAh-tVo&Qic{Bj{_P|zWNn&><2OpQ~DG+1nm
z_cxJ8)xQQPjhjD1I*?BLHKey?ivPy%!Cs%M`+=YBS~R>kh0o*mkBGCv&k`JZ-9zYO
zrUk?8{Q)GbUu?)3Oh)v!gzz8AK#wMKW)oyCq|!I2vF?%B^Y?@F8mtFBRjCg_^~zp5
z8(`vxwIS8%O#TE5q&eoFc_^0;qf!ez_pThuQ~&?~0y?-z08lIeRv=}PfeTv;Z4^(7
zVzf>YaMakIpjj_X9Q}_{@*dFpfUM!4s6YKC8_=K+tu^Ss(%YIXHA<Zi&&q)|U@cua
z+Q3gn6OA1O5WpEojAz;`!UFfP6{)sPRV8wALO#{FvZx`k5~22dy5&Ja4_oN`AzBSX
zaQ!p}owJw5G*0HkuKrBfX+A54F0Qpd>i+*C!1!MuB~;}FTp5*;BIp16k#?>&wp1u>
z6o)08VmyZT1e0<xiQlv&PAR%4kkgnwPpzUftm@DOLo+;cE0r9AgL93kj&`F3`G;S8
z8`rt6yLOuN6#>%+mf3$D@*0T`vMb*pSP;^amAM2f@*PrQyS?fZB2<kdh5O=4nt`g~
z_>gLORa!8?5)wtD4Py0+sLSry0@4OXpPkFw5EIC{@Our_C1?oQov*5tPDWXMyuQe_
zM?QH@<+T26x@?oEaJX%IPfSWBi9T04zs1)kfO__72Sfnb;#*qJ-9^i&TFUBt^HeGG
zIYNBXyhd0wb|=t%nxkFW^~~Sff@k4}iMRE)H&U3i^2XX^PHw#fj!V{>#8nFoib~L<
zo7=oB?KJ^OC#5{WXlumkRwt=fI_qO!%-BJ$0<Gp>{rY+%`JVw|D$XsN^9yOZ&#5AX
z`l$rhBl>o8k&oa20000003e(4O40&aKE`rm1Lbq^TdJgy?hqjK2gYb6y&%8}${Qkq
zc|fZKSXufU{kvnsFyny$G8x(`=>m;q8wz45Yc=Fo02;1sMUWy^;1nOHH`6a!zJCYZ
z8s#*7cup8AnOM<*sKm%ZYJluq@1)N?xAn7OG>YD6JQ4c{Y`G^f>?dMu6bQg7zL_vn
zE+#$dcA&y0;?;pcY@c)}dUv7-6P^K^_nI`!J!B}x3Vc3X88PRkl>1OeLhWw)!{e6&
zZlF+g_Q(=t3ta~$Fgru^?YEgMozJ7kD{LY-0B8o}ToCW7e6WzI^;jqY<SWi|Tv_s~
zyM>FahqgNoQ(lfD(j)dYxW=$494I`fu+<m0b~kY^ox-6}MU%qJb(O|2HN%CzVE>1b
zOC3vPd({H`R(q8F_<aETx?2Xz?~SZ)jG&9_xm&mAG`iw=E!j~CrtKd0Ga>nSIckI2
zTb&SX9RlJ}7uHML&tG<D*i519@hecv?j)zz#<9ATMEw~B^daW>^$vNkL)R7K`J$lt
zLi%)?zf{t8=yDvIO)3n^*}xlb(O)86NJ_A_V4c9`54dC@?q*ca{IzF{v=UZkhd2NL
z26xVjp8yK611B67wDNG3Km%Zp10p<9WWwtsh=A>D(^u}q+Moac0GygR0<v8koRcQT
zru$*)vhEn@z6Qny1Dd{dZyD19)J~UGn<(+cJ@bSB*t=BI-g0MM)*89-Z#}p44&vkC
zJ*>_KhcuZ1u9pQY`uqX~EDy#aua;gBs178Et#Cw}r%5>f5imL4y+dATF-h-MOY}C*
znlBRrx@;9Tl?33~F!1|F0YCMWDJgRZAW$0^O0Td-=poOKC$Cl~&TVEyYdl2jMlO1u
z_G<@2Hs`v)m%R1=wP2=7GB)!I+2UNZa(KB})QBfBct5jwvL&LFa9uMu<Z;PvtAg>#
z(zjDkK7kxjvd*5fCx3)LuF0m<gJgKS54#v;rF2iMer%_uq%n*9&)_O%um>KQKTCji
z)_Hf%Eu-C9X(;Yrzx35l7_k7l!z|)f5jv;IsbRz8OX+TDy5^b^E-Rjhvc1G0pv+fc
zV#k~(G9CSz(cdfu5`YUQ>`&M5EBW<K@~}y_c2xr`>B%mICsWkuNQ;0S58G&NhK3k!
zRaV@~xA+A%^e)z#QFCJlTk9f*(RwqiVB!InfI{Ntn!&<7bJb!Q8-?V$j-sGLG4BjQ
zPe{xF-^hVb01kz{YAUx+t}Z{w0qe8JG?8X{;GD*QYSmEq<GBQdJG<Gg<*u)w*r5ae
z(JwWA$dvflV}*4VrwdLiPp(~%z>f65UNSe%474y$36j~`dXi`8@IS1r&mMybjTLgU
zv-+r3sE;v-M>ES0R<13E0Ka;JCj<{fdARu1tw!$h!iTc;cDf_Fs$Q8Qq6)W<vWHUu
zt<_Xz5?vk%Omoq|dDt6((?|dmzW@SRg-m{41Gzr%17t;xW42PxU=d!xkaO-=yIij(
zE!K_U$1uAW3-h8SSNd!76xFk38sd@Ts|o^XTr}z{g_@*NJ}>-xGN{#Q8W;F;#pfdG
zaZEq6riobN8CK9@X<nG#t>@$-t)0d%iq9;aySi0F7sE5)P6n+;>b^5UMzEsk(P+N2
z8NzEpCg7pL!bL#cu>iqJfATaOmtDC2_?kOa(Qhd3N3yy%q*Fd(EX?Q>iUS~o@tl8o
zOFS=mMN978nS}{sR~MXhdF;wnk?qyB9FJ)=Sqpqz1yDf52pMOfDht<g9yCAz0eRpL
zIrpr#A`h%Dpa4uw<EW?*%zMKR43aAnY1SCy#_8ErW~q|QJ*7b?Q^E9z#}RTc`t?$a
zt+7m$NQg#M2PhxxQ=~BpFhBT~UM%(d@0N0MqAH@r9D&QLl(!#Ykq<jDz|HNM*BgLq
zrYU*=14pxJqV_3=x*8)AF%6^-snaEuwnh@2C@b>zx(nr<XPGNbYcB1Y<LXjwllGVk
zz9~PaNDHZ6>J;8t>UOx>OUY%QNanpf9LXYJMj(564c6aX1g6SZn7{fpIOmdkdNIDo
z%X7l(0fNzo>=PS6&s|w!dEW2(FaUe%bzRA4d@-r(CE$*AX;`L%RDPoBxal-Vfj->(
zepONU+{)NMl_?OKTaPwxGdTlnBH@+4-IC|vCCxYdIfaUCk2=#Gagel%zS9A%E@w}C
zZ!Eb4uzfYIic17}%e_#4bh?5ca%Mn~ze3HxlNL;LBmq_C$ljs2g&8E=Hm7Z;WU9=6
zga4ZEx!*QI%+oE1_;BOL%wRemR2nA*vKDdN{+TK(n%YBld5;d3+_e0y<3<Q?UW}<V
z(Pp<IKseJ6;eG%{)l^1b{)@rO7CkVm#4`m(Px%MmyAUUk00yjpCTUWDfPe=(qHcf3
z?XRP8(YW~0lnV=X|M7z<uyA}IWQo^pTY@BV3|I62aKps}$J&2@ZVpgJAOeq%>C`ig
z^x?d_66<{{MF$^RdP8|oje*Rsd*)muZIQ62-sV<GYT8<|tJ5YCAkyFeG4MOg)MJWX
zSagXdT&MHdM1BoTfY~*AZy3Qt|8JOVCU^D=22Ep=Vlw!k&}dAK%?`g(+iGwD9Qnj6
zc(*wjpbU{^O5ul7k;jLO___$!{97TV?By6hL6Y?`h<?Amt2-t7b!F5@9tI!9E|e{h
zLxM&wH<EkcZ*!~k`4+oDw=SFxXf3|mFrdbY+(y3hoRRxoD9ckI7$L6j)zr1Aw;2e=
zLolfArypiU0ne<;o>`a|QO;$KHZQp{8gZ~dQvHeUey!som9yjyF_r+*r<Q`VQ=$0;
zp03IC{|Cg#nhO%pc50TtNR4AjO?Kn|I~i&X`EMy<PvI7^lL`-3#SUkr$X2rJ`HTUx
z(X?&JJ&2?5TATp@447#1+8_>f7H^19svf3^sQvQPC>+)a5DQBt2>d}2isLdY&p57e
z1MCt}V=KznL*Z~;c;#!UEFV!13jCdOw1~hG#AadG+-UMjsYyD#2&qj{Rs(U@4g0Kh
zIl^@>u%+#+o&uU;R|Vz~h%vRyJFd?}qa!R<f&V76|9EGr%&2loaKnMRg$<|OiekIO
zG)ha_r4mfJK*E*!CNBqa*PE*LLmc-k0PIkFeXA-oxA@MysamO<RuWj@zNzttOAr76
z0A!8FAM)X5$g*s>GQOd5i$bgVWrHO*Wu?z%zI$PKMu9@Hjh(UW1h_~4^_S1`J=H3N
zJm`JCLMU<eW}eo$mK?z_8o7O=!`afSpx*<d!Q_lMbY_re4oHV$sJ<ZBqA;l=)3?xK
z*ia3K8nHqVt7(6=TngYTfwar2i&~g71ws)XCYLdfL<e<k{eVyKy}v)gzHdhqK&&|p
z<8e3|5U8Cg+btFFs=Z;IQx_ul)l$P?pq*fI&dU=PV!BXKF`!@Ahyj*)2Z6o|09f&N
z^mzaP00O(x?591-%N3CEz4vCUg;;}?A4_Vu2ABgiNY-m4et_@&z*rd-Xiytm!Qd$a
z6P>X0ftBQTJu5t%@*}*!(1CG32JGk=Pb}gDKSt(hm$B>jZ_>t(xJRY_B12x=*1*~Y
z@53<@S19AR^*Qf_pK^3>t%vOn=Y#R@BHu}p(H_h%DZieFfZ8M@9fJ?<M~Hf!J;;r&
zWDV9?hZt(o;K7A5ISZ70!?Xh!Ol^|`%9=TtSLccLilm{jtTH)@5C8(v0S7+isqJDC
zc>dWA_u+Vsuvg_mz0VP)F5{0ofKeO!WI5JR8R&g;Uzdg*O}qukrr5XI_B^)|K991A
zOhSi(0xCs19J9N3LJCZk{?J=@oAJXqcUX0#u&9s4*h-Lsyvuos;NpcO1P-S7#?3EL
zle}NovD2$S(j=^kI`0jMLVyyFME;y<-6*duj?)v?>S16d0L&jwk@U})vp9|<HcrY<
z@G9I{lSewtJVO-iq}5=Lx)yU<`G^!~swU?b>`B5824$cT@0Jl?wtmEv?n)ftTp${D
zlO%uzv<hjcjt%)upFc#^`%{21J%AI)Pd68wB*Dy_?&oCWTWbASo6heE->JP>tD}in
z=<~ntUB}kH<jx)<K>B@5t%B>n5XhbaL-H|`!v00@Fx9`#sr)4$8W_G(8`J=K3d{EQ
z?rB`Sn8KoaPEPZ5W2uJ)cz<`5(WNTW;G*9^@p7}??2}&P2weRagNYK0XFcCNo74sh
z{QyZSvyVT!k5`D4sq-z9TeAG|!H!ud@q3lVwr=uJUh_bh6;6NxeC0FH|H(h#EoXRB
z2rw)@F4=asA%SGonbs>!(OA(<&$jcb*!hu|BH+w|bLOId92zWFG4nLlqO}gXo5M3_
zTlNP9kMd26DunIPTW+FynF!%aWwJ`FG-3i@#wT_@oW?*}VBizI1T+D8l{H5!PBFi+
zALAFRYl!`=Vym|U;Dg?O)`^%*h85R*EcEa)ygEQ6mS*+p3)g+v&P$3T`|7$sI_M<$
z%7K|c+?TF0YUREM!!mu#di?VQQByic00E!;3}0>mK*rXPz>j;d9<)%tKnVuL4KeQI
zvtKnQ$fH!cG2Dy^zW)2O=fKH{u^z5a>DW9+$TqZz!}GVgzV#XlTY4Qp8^jG{@8IGg
zGx3cA<pPx3#2{#P;hy5w21?CBcG@}iHNIm(K~BzHVP3ZMqgj4cqg)qYPBk%#;Wlmb
zOM@7uQ8*yyBGf<ZzI1RyE`<OVJj_t&>Hv!mh>>y#P@Y_d0QB%lW<vR*tJvt0MWM$1
zKoh{0=mUlBwi#cg`F2}@v<#D|7MIX3qvY@Y)%>g17Xb@Zs?|)cgU(Onvz;>EO6MET
z7on<QQoCVnG2K^eA$9s!j_%9G--+>Fx?{}t;Synl25DrMgl;0@CBS7XoZ&^Q4>ag)
z4~EYW6<VI;Aw7<zroHDvfE`r|&N?bBR9hP&|3Fvc6<tdUV-$bw!~nM-Tk{@O+pEo@
zo*{MN*uEi3zhKdwgOsXYIvyyC_#N3WRPWWe8hdZ;U=8UeTZ#;Y7U@FLVTjGVP}3$0
zZV}a9ut4>J%B_FDB=Q=zt%Ca$?U~?}#Axu@=6HMMnQSv+M#6+{oLE1K1PAK3f)<7=
z%g-N7oR<dTvLsC4IE<o}%Li$rsi5@OZzqOESTd!QJze$!4u$UHWa*l8KU8*L0-$CZ
zKY1OE=@r0r0>3rJP2Y#8vOoX}T~tPq*1AeZO6g!@2x$)_1~&i^{AC4F+f03VKKEgl
zYTyxRZP|{i|EcEz!`)ZhWI-Tp;UeCm9_{r|CuKay-z*zm&;;)=xxHdu?|P(|n5A2U
zvu5G|j=o=CU;P<*#jD!aV}~;ZSai55h_N73kXWW;Db+PaJUF%8QYnTw+|aHhWl0ZQ
zF<VC2+gyX!tU<d~-=M^{V)z^j;^m>B_J`zkg|FSnWVrU*a=2GCY&~lJ+LtY0Z)EWd
zpd*jpg9!G?6Km3!2qXosIZW{fg|Jm+w=9>H%upffhi76HO4fC;-)gYCpq@Wn{1rGr
zKB&?@8>Wbhu{Ki5-4Jr;-e&Mpmbm@*8NGc^HhXiQ9SMV=utq*M&2oh%79X`vI5I-)
zpI8UdJiO}ErWY7a*4<#8l{3IWTV?Lcf2u{@*xt+i+&?Mj?jpJbm_S69;9?Wk2EFo9
zbIY5chFE7bz*IXZ0y1!gNN6u}IgYxOt&gRQ(M{AD*vg&e{opVw&9r+qlkM0cW+(I`
z-N}kg9|XvzVshQiT}I3lCqnJ52@(+alj}w#U&l;LVz3-Vs>gX8r+6ks2f7sS;uf_{
zR5mSQ<N&<jW`z=d%Z_!i(qSPGZLFi|WO9lbO6=Q|`O4eR0x0Eoei<>psR|62Ng6(P
zyFu&gWD!8EXbNH;$S*%~hoX4mWFqyn8&euKmT-etlYT%rY__cu9(6IGC7>30Mq}Fs
zu2o0*FRui6T!nck+sq}5ng291{VH00{Pu?!z|C~ic5RmcIe2YFysy*i3$;^x=yZ=<
z945shklnMZCeUknoasah5y8i=jwv7j3p54C9nuaJI3o2<=O_W+KPOXiM*6cZl!wg<
zfFP?>_E#1aXzaySAZKlNIh>Uybne%xKg3dJK(U^KRTnW<cmJ(6sL|4v_xsOV;?8=&
z=rVxW)xfvsILFW;JNF>SwkF*a!>9AMU8d5}&mey?&LYCHMeo3;v)~qD-s-_rX89fs
z{w&FsD$L#5TPV0AxQ-4A|89l&if9rje?>2pDPq;n##dS+VFet203Ok@=r!tXfxwP3
zY`1$9+Y|OAFVg+gSxU(yRYaxDJ-ZXbV~^_LFs+s~+_Rovy*aESW<@mzVns1ud9RGU
zO_zML4?9loj?Ls>)+{owxB;MVku+mG2!p^BQ_gb-6^`pw20uXJD^jTLG_rBe9c|(P
z6uZmMJ0D(CEt0cp?lc>xT?0ND6vPF*FFTKY{}G>kX*&z+mxn%&Fv<+vQ~?{WQ=o#}
zHNu2vddQw5MR?K{w1L#P#)PO(xYO5UK3fyV;!<i>5AI-$f(wW!|J5%qgN(5RBBH5m
z_|D-drPd3TEsLKWlq;<$cIi3vDju;uo<qEcIdYNn)tKY_biSGAF_60~r}X%u5pzwP
zP@ic$IWVQb(jAlD-_g~RYq(Olh$}+g#-x$p&1#Drt9Ua=I4h*1PDt#VQwgAAaHZ`;
zd-u354B<SX3d@nmhQZ^u`sL(hW;E+<Tc30?1_@<IStCrnxGNeSoej1vt`Kw27JgZt
zV}8p(sa?j1ZcgiyaQ)|v;+SIb`r&}QFK8WKv%ED&R8x<@oF!sVbt3;+@{$`RphgIh
zf+$U-Bh%r=p%qOhS}Wg3cTk(Sq8GuzbZ6rK1kRZ=$@HR5*C(Y82N(YhWX~8NAA67)
zWOw~k-8G?@JJ^R#4zZ>SaX?n_EU*Js>8!O;zu*yJLX;SqWtX^-u^p5$$H!4fH@Gn~
z_x@pH|Lm2F1tj|7zT$r0<bI^%_Q)iS2^=*q!cr+`zBYsL-;Pie2ZUpBcV0PCOiYc{
zvKqo~PgwG5-hpVV^t0uPi9#G|5kPs1Y4Oz820Omr0ppqSk6t!KVoD%C+4M8(skYrB
z`nH1{A3sA_dh>N&$7TAIz?C#`e-!=?<u+z`6Czb?1~`<>os!)9=$G(Hk;O;0W5iT;
zD0JlqGHXfdGM$R$H>9p}Cb3_|^qL^M<?+deBU9pR)2>=ezZ6SM-v7n8m-vnjo-+o*
zSk;jI1VrD?X#quN4wa-po{r_m_gB(=Jb3eJACiF>e)|8a&03wKJW&ZAhi%9i`aSu=
zJMLC=Ct4L}5S}1MW}GYqT-bvO^|AUxbAeZqN~eAu@w)aHl<T|gPrWEe$UmPfD~-6(
z)MJXr!S--6dCmxQH@JUqf1I_}dKvsuQzmH~fMNgu00a9hMJhqgRQgM5m=Ky$T3BNA
z8;vW;4UxQN^Hr1;Z)0O$TPRrQh_q3B$Z*^kc?}?#n+1|7fHICoX*1aZZ2g*kPOeMw
z6YB~Xeeiq>+i5cVWz(#!VEyY~7Zko{X+a!}=RkEWxEJhk*!02Bu4lOmY=@(okkqDc
zC;UTGrQ7nUNkERy>DVwN?-eDC)6MnwfJG6e;j<iE+@l#*r2WhaL|_5@oqjIG8{0c#
zUg;IbyYxzIKpxC+=V4<X;s^*3T&Lvko*E+v)Qsdn39RjP!WAZ1-!e;`!#P>|YVD`l
zq_*dAMaF<e?epv}=ek>@7TL!uKbQ=h5A}!J!1tBWv{X0VfH#|G<LjX@?6AUeno7_?
z66optj{e^o#DAVTECupPa(8DO%m0kVPPUESPYa<v`%8WR;3&anPQ<Tu&8i4Xa*(>f
zFKN;wpxICG9_W=#P=AuDRrY~T3lie?MN6zfvRB}iGzmiN8oLe0maXTyX;f=|=);6@
zAl4&eks8Dxnbo~bM4fhtpB03#vBux~Zb(4W$>$Lhhdcsa6=s_FJ4<A*)2jP`8r>U}
zoXT_SXPsR7CE4><jb66TgEBmawwv)F$tZ@6esh0c+KA6d8B0@eFr?l~1&qg;n)iJ6
z190m+cxHu=5S-AXn~jaL!%3rPdHfZwdPw<OLA28Ila>$>VBIyYDNFg?Y`PGDeHNaR
zugsr3mSSg{9dpNi_oQ-A&m=+_pA?J<E?1}mN@d@YE7K8f070f_2)XuJGFcr(p7aRH
zc=oT?6+kl?^5uQ=;tXzdF4gZIX(wRB1^f5wbJ-?H2AykNtgfP+kUcM+)<eG3|E0nH
zw8%N4YDdY=6s{!Y>DMxES4arTcu-xFO;&Q1=%y|Qe`Tgm`uW;XXxggqA-`ZoJut<g
zc|lhIVDNu&90`j_C>q#$K{F<LG-Q<4;G9jQinPz^nRdYGfkQ<G2^06)TIQwNCK;#7
zgPJL62jt*vFbxXjqV$D~L(Xt;PDPt0P*lctoU5oN@|7TJJ|F-bjS-GQyEzxV41z$L
zzCUfmcmN4*9}XMZ<rizDsA;CuLv`U(a8^P5@t%ynsU~UL^G}+6Yksdk2`*@6YYvTy
z^~uN4{8V8Ylv9Z%=WH2edcdbty?Fvw-87q~NQUK)Bzce5Kyq;Ws`D)m0meY1g=L-Y
zMJlYlwN<`1kK!QhCH^NQ<fV+B$YNe)1=|bZ<e-xkuU-2g8XUAM{@W>0ItMvv5)<|r
zFeY`?!;kI!brs>A@Yb~HXsMP^^4et@MvG%2p^MA(WqYN@ePbU%m&{oWng;)@jjS>i
z)QT3aRr!@Bdtzjk9p0}--&(ph??Fe+hA`{}7xS`dEVs;RSyB%Au4%(JCABv&N%Q!y
z<M$2GoJJHiT~qj`wYc$J%eO{PcOLWMlt{dg07xokp=xo9N(Ga%%Y3CXH~TSn!h)4H
z8wMsaDJ_jK;@`*ZShZ(tQTC(|4x6(>3eoNYPAM6=QV*tqg6Z@MAZ3O|RH{dedRj|I
zhF!o@zq*stxffn8ghq^&6DL+yBs1so0m(QB4+Qhr(wvmDaXAsZmt><b92%T8Z+E!A
zI~SlHO?$7RT<p#3bo2~bYg}ja+hFa<p{UYSOv`g3qA=1|_CXmAN8w@hVeWGO!?v&@
z$G*QW^$V8kK;+A<N(MPXOayU?8Msx$T8yL*$%{nTHzw-$MN|%B^)?M@DL<muEqv9T
zr_L1wD$Kh3F2d9=<(udg!K92Ao(9c8gQ0Yn7{dNAs(@V9&vm2MIxgHLn_g<>Nu!&E
zfi_oYy308;yIk&}W9(n}-S)9|Wiy5iY{h<K=Gp@PpK?cDQ?=HXo|jc_0@e<RF<epe
zrhXN|Y@V|N_*a{Cs$;8qXur?axsK`i2)m}aquQ1vS7ihJX@b3$fW|LV2DG>B^PyUe
zhUPhG0|zpc$LEO{9IMuU><w_@L0weI)~;2_)T?;l@rc!FPkJFk+_xbZse~{Lx4LP}
z>l@9S^P)ME<b+VYnH?W3Zj}28)OLEdN*xMvNFDuAw+uB?-|KF>4BVnBRtQdKM{Y^6
zBZATI=aTJ3!>}7c0cCE~Oa|<GqpWnC7Hk`t9iVji{&`y{g+9FUcid~caJFnm*G0pI
z7`~f|JM=4UPuspDk{dVEQ9V=m0FhZ=*Q1egv`w0IHe;;0NYQ-!+vg>2>OprC;a<ad
z%2XZbQba(u7=Hj8=MVfohXTDE_Sn7~S?SZx=Mf1@bC5fTauQeyDB|=~NKPa@1ao1+
zjMs3nyC5Bo^Nq?pRC;9%_7{yS?<5`GgA!zE(B~=-z9Z;ABW>gjj8Smk1UWe|v?0~c
zV%!RKP@W@LnkAy|<iPm)v~s!iJ0KIXilZ;OgEHArAvM|BEnqba&L5PYK-Peg=^H(e
zhgY`zL@}u0urs<MGtiqsazdPn#lpUfr@|VL%v?Dcf9)w!p8K(UTf;B<RL<hxAgp9f
z2k!kSKc|g0TF$!;0gz7n2V`@ER^dh^<%YObAR`b`>TUJ}&l_`~*kK8HrtAPa1KBQx
zvFU#4`|iO4G(FL^r2usbm8i5~jPQ`dFT?5k2Pu#AwXDuUA)BM_PzRmV->?jlLWGaR
z{dc}B!N#zVsOmDDVV@CC$3EA<7A+F{fm5|O=RqHt<fc4Ms(Ea3Kg*xkzKel=;Pedx
zb@H1Jbzu8u3_OLuYtMl^hTvE6s~0z4BAYw!@O9G#t>XW4&Sx1iOq38_(hk-WtiX7D
zPN4TNmjYI<Xzw=a4~hT)00^5X)^1o6lR*ApgTLnk=OASB_%udm^5Lb!lg*m6xjpxg
zq)WK8<8iV{k9&DJ<aHiZ_LwUL=e?z9gS*OW2$)24g^#`J(d2slKO5E{mAp=5mBm&v
z!8RU=?y+A173N^wZfP!zk9{oh4jo20y%O6`R{2jkCq;W$&YO}y!WQMah2V%WFpaB+
z$x=d(s0!gz_FOCO>Ufav|1v*a8)=N}JS(SPmCQ*#%b2+rfqF$Yw*1j=%I>ufZpv=#
z%D_HzY+@mU_E#MI!MxZMy!tpL2~a|+s{_7g!72~APmksH#nTpLgihvR@EF+kZx-j^
zQ-<?$KnLtac4+X-2p_Zm=-}%>6=*WkC7T+O`KwNwzR3w1;p2vwySN5XcC!da#lOX!
z`H)e=JTD*Kt=c#76V0fCXH;%Hm^y4PBZw(=>Ch(T+p0_d&;)6wI12v;Rj?JH9LouO
zobg#UDOHO0-p%tY4zIT3r-b%AB}NKreeKZ_?nd^wOjPnV+*ddvPqLEvh6StHSVz9)
zaw1zGX7rv5pEEKW5|nA-mfAE*dF&O4Nlb{)Sj0ixc_}mQmG}I_5k;4uj0B3o=q1I`
z>ogXx3Pg~cAUOUrg&R=mhnYl_;-CO@PbLY!IR=Fo?htr>#izm}(DhU*Y!rj$flW%Y
z^*6Bsq@16_QR8p;j*g3r(+U56a@Z85$&hY8`mQw-4=kD%yt88pdHHojd0tsC4>Jox
z1In!@33rmEGh+9PcX~6GmO|P(#J~@8iAVzWt!$0aai?=FyF3cMh*KpnX%vjDD|!o8
zLby^56Vw;ztrXu223{zf>TNj^wr9|}*H?ROYF6}T`q=G=r!m}5QKQRzz$!h<Hm^0o
zORh;#_1Tl|r>i1oMoUs2uSucO&$`78><nIY8qq{5E5nfBV(R4~Vf6)zyEP+{_tk2n
zjwfj0RZIXcW~J?*9^a$M`*GF|(QvWT_|cPU=i&4N5da2*4&e59)B^3N@%OpJTx}!K
zEZv7Tj}qv?!0NMJbUoJM7<VhR6B>s`z9Sov(>!(cOyR#NJLdY*)fOh=-IR(D^KRW^
z@RB1{UqEeboX^r^NLK+0*46t5dmEomeAv0I>0cU6Gegk&KxDPrs$We5`<kiH+>9e5
zStum2<4^Jp2BaXL0lJtZh;f1Qtr`@|Z*t+a96A$udBxtZ)AY=U^w|SqT4O(o3(vU*
zhjIzTwti~ky5nzbHt8jy20nVDR4d{Mkv*om3<Fo!qmgW3a(rswPfYm3T(pQa%T|o2
znESz@`+S>FPbz67A&!<oXb<qF$(FZmB<)-3=5>hSCHuN9@)^p=RyMH#b&Cz-xBeXi
z$*!@8{vQ2gbJaCYl9BxAHF=HuU_=Bwg55S);pYz+id#gs8(VHK0^@sG0BmdkG!%Au
zIv^g`CrThU{Hg`KZnkNpU^^^i11E_hx6$6)v~G(O?2ny#KfdKD7H;xHb}S4op!7OM
zdnf+zhUTfxf)IhS*C9eFrrGhnrc5?F_U&~9$s8=xiV9=V=WYwDL;q(T+no3_Q{P0w
zcb7BTJ`V@>cbRE+q(>9vBUk4Lyr>Q`n=u0Fu+Y5#WawlF$GELEbGQydGkO(axk{)9
zAPP7QG_8*_n<<NXjese=EKd12Q0z-`V8BF?N~<ou;Xo;M1Tr^hx^_N?{ey(wz=zou
z5rZLH#ovQ6e&Qnps*Wq<phu=Ay3IW|;K0KuH0EkLvIa0%U8>*a$NgO4sXh;t>Hm8P
zm6v;iKH%)wh<!LD^RQ2oY&wDU;frUo10vly*Aa5qipL%(`*~nLGb<HToNpWZF0b74
z%vRautdwVXw`dBYW4Xq+A(E15gS22#PxXatYm*PSQbo}em_c9nyB62?TEJuy5Z(=W
zOHZ6S{sq8zQBUVgjffOB1=6v~|4Z`Uii8pWxY$4+_x>w@U64P9+knadh350CPPb)f
z6}lAXh`2!Mjh5@rwrI;!G16l5RnEkfg*U~J4aboUwup`h1svFmd*;tgBqqzo*Xi_L
z>zhYnk;Xo^p{>z`mq;QbugA~=*fPu-Aw`8?`g4|9%;T5wQ#Jqq2eZvH0<|Ys;W|ld
zOB1n!PswKM2oS1prh428DM!cB&S_?W*{t4jDzPuuzzP^4Sqg=su@Ft)X%BAE_ojAy
zBgb+Sgq`u<`7=qL#q^?;c8k3=AsY<Ce6#%MrJMd2Y;1SJq(}pw%0+~~m(5?(%CA?`
zS65*;!0L_vqnPqA^C$KAP$4-%7A8vf&dC`6qdbEJA)2KBCU0nK_q?Bu9HN}c<CIsT
zG<bC4Vm$nYqJnMvbgF8>eN*`?=c|=f8uEahEPzEk`A3T0iHGb)Q;(3W7Y%_GuPyID
z;#(NH5tK+LEMsY@Q_aazEzp|4f>Fx5)G`53j`bgQxMPVe_dA<%Y!uLxmkYI)sx3EN
z*J<+silOBQrm&gP3EFjjxlaqiA7$)QtA3PL<9I(-SkZ&Y{FanxO%|?9W@@t1V5G@M
z9rbz5QH{Wnv;@>QjsZpz9j0Cps4}`!Jf+#VkQ0i37SLz`3D9Fq966)_r@`IuX+IEy
zsW`H9BeNa5mhk90OV6PW$vGwGoq<^y99^FsiM3rR*U{)q>I64c63D*aSKFW;0-uq-
z6F`lBy~$bUmSc>GzgTJFjt9gm<Mh0esYOkT6j_<Fnb~!ywAbCNMOnFcn-THDX%zT@
zX7eMh0y#*!{Fag#@gDu#d0o4Yiw4C`eSK#wgzCO8aVILn@o<r&n<GxKtzV$O@%<Y#
z)=_jd!I5%J_>;peJtQ)A+NtwA)md`32ulM~*GKs)bZx-Q!s#&QEA<2r(7(TB;j-2+
zg41r2R!*7ig%6NxR50%Y9(ZCM84qV8|4z-vnkS&aK;&x+c~0ySgBf-P_evGg^cp0Z
zGS#`r5h`MQlS=DaT^zF>0`h@A6{dzWs&i;05wS;}Nx}~qNmIdR^AU|PNLWZrpg9d-
z-*|dE+!Pq%CT0cIK)jub77KBxwgBvW9@F@n04ql>Oz2ib|FCt8)Fjq_;x)Zw+C*14
z;1rArqIexDEayDWmGza<)6_jP{;8H=i29N&U`pZ=H6yy+K}<{%JfG{(#ceRF64l^l
z-4gHPgq5zwz}<7`A^eIshMDYs2XmC|pUl22u`P_F*Ny=yVx>!s2r-x+;fTVAepB{)
z8CH!)UEh&fX}<;3RNsK!cC7FqmL!(RMxKPLEAXP*<yZao>Q4jyFzT^qV5JXES1jkY
z_lv&fVBg`q)X5quF@NsJBco%tXfh6aJ4$Qcr?^bpp{y%5tncSQ3n@+w%}g8!UScX`
zy!0#MObH1V<;+CNz<Y?brIK5i&|E9DU(M-<d4L8HQ|SBL8m1y<h1PQjl}Pkk8{kXm
zM=Cft!QEc<xVjgNN0X32h2l|>8*g?jrq(K|NXjS(_RW_oVH?4O1bXJ3uN1X~x5i5w
z>j>$uO>pE<K2BKUPLVR{Jz{0S3hS`Z0(K9$bGqlD7r?2#jpnKuE#Cb24KizpYKfJg
zKMGJ`$&N*>i8f9aM2qQ_cm43+p!5VmTWivbONTbxW9UD2KP<^b_|kKyrB;)ZIF4S+
zG%v39$>skGH0*O~>fio^4xhF;SYna?5^hz}*;(ey=Zh|ym>yLB<|b^@g!`fqX<w;k
zM_=5$bKh2Af<F}Y@C>#?x8KGrXCbn=h~xrW$Fkdkhkt9OM*y7UusJ}%ej09zR@qH;
ztwSZbH#b<jUwn-h_MpBT8Lh}as*c!C_Tex1z3;wuQg=q7NSo%cBy3xAk5F^P%Ga)p
z*5_n#*EGmr$O>H~z98tN3pYrYi*^Uqg}3l=2p|w{63&zR%~{_hY%pCf&uB`^KQ))~
zI;xz_Lv8J}{mkHCzIq&5al0|V@$%?Dk07ZxZ*U_;wKw8{JwZ;cb8cC9ZNmJbdoUt)
zYa{BodAZ5K?qGPg$$OCq)PzSG$;x#*Kh}`tV8RYWw!G}3=g0>L^Eo=X%l2Yq7T)Cu
zg7f(lhCI8>>sSq#i~?s%?I`mB+kjc>_mo?43CquQe_0)r^4m8B0r|8jbKwsGY>rgl
zHe<E<4du`Q27-*yfObmy6vFj{oN&>Ozb6yeEuDAacNSim{5Zae7WIP&18ocg6Mpq2
zcbq&*aEc9mV)mwS($J%B<5EDj5y$`!*=&e0@^|rC3aywh#8rtqTb@md+b9)YAk0QS
z9TK|Bc%1t~)rLX?@!5y%G0{6wN_VPElo|D?Lyf=6hbdPz^7xg;0avV&!nlWENGZOh
z^huxOOgmt@ZT@E(3xT1aB#`PmZ)H1QbW<?K{g;=|MiE%w7IBt{q<oa7FXM`liI_Mj
z7z4l?vj99m!@qX64=)(KvB{={X&Mz|I=NA}^#okw{%LBB!0qUV97H#N2;cb)jnpbz
zkAC$_KN<L-gqpm&KxBN^9?z#>b=4QRWZppFhDiZAGWFXu$~~d&wz5RACh{Bu=YA89
zIX+>|4^#JhGnL5dW3V)!vqYe4wcPo0%=b=i!N=Ic*ghO!_f|^Y)ZLmNi{>vA7#^Vu
z!dQIX@t(Gt|6RC5T~Nq7ZUWAvwjFwolG*I|SLM-iEm+uC3|wP{5L~9PQ_FCJ)GK@M
zdIl-HJm0Ddpvgi7$1pSBoX8~I%{!#h0KZN%Xmi`BQ>DWW_4Hb{-i^-dtL$EbvQm_f
zNS6uCQwK;_!kc}|Y?JZbSt1Vs-;N`vaLX2iuKz`f?hsrXMc_QI(YDa%*ZqMWj!F&o
z6Q9qEEuc(i#&@Wo<Q-4z1AH&;%&xsFIZyO(QRzfIOu4Ok<lRCk6sPBp@Jwp@61DZk
zn5?@>+EA5F;c)S#s_t``$RO5MjlT(Q2cy;I)8-&rDqA$@nec<te<nq0YESZE#9Hgz
zUe9VrP%O{oMAy@?CTk?jzM}u5n>D@Mo=rCTz+#|u!p{Gt+du#|!-NncNYF-9^wn8_
zC2PPa`jmo18a8ssPbHxx!CKlER>iHkwn#)_WpM;{tbSek17S0@UNY|nuE`lJ2GAa<
z{H6zKDLI+0)SXqYO8Y!>D-mz$%EebA(B?O1B*_<E_3ax*rlF$rSVR08LbY85g+MWJ
z3`3yTXzm@SDv@e#`ED=nC@e#@JAFOwAYg}#8xJ6p6KuSpB0g6^{xZi%<wO+?GniYM
z>nQ{McAfNOtA_X^#^Ydu<6~XIEjPh>IuuSJ(B`{7xrVw;%!jIXiSfo4C7iTpJjLIG
zsUe|k;KoYUX@oVLRFQ9Bx75h3=>cq(?#!Ob&<ZWI8_Sh$z|!Y^1}zva%*Wq+$P&TE
z<YV-wdfi(L94P6E_2);F(en$h5FGqZS?J+rSIQF;+5ys$gIar7!EbemgV?$MP{l)Z
z@-oyA#_|Cri&c#`4CWxFb#p8APrMJsNX>7FS<)+6rgUL+-@VPe_UEuD;sS5=l|CO>
zouA%{aM-ZSpo%;e+1rRCq@$e=;;PaY!g3CmFQS;+X%>omJ&%R#D|&6Fq0Gk=YP1{o
z>0J4*Hk&6_7#V;53BwaNeI~Wc5;vBah4O9p5LU`&cs>yVLnZFVTmuaiVW=Qb&biDr
zPoUv<0rZ=sXsc*i0I7{MRqO(cXF@U2zcRx*5vs^Ez4;ipUZU{Pb{;LK6Z_^+3zNWM
zLKYslR0b4%V%X5Yx}lmSm+BmbO(Vt5$s%JTW7&VI4?tp`i77ybJsh7jPq1rg`xO;V
zdfux~x6I63J)MzIds!yw<6_4tmk(oJud$wZ1ax_q#N4tn;|U9fBtmf9w2O81<=89a
zUk7bjbstRy+<tcI78o-FM!lOqd!+weI=-6U{PHQnfWEW%D{%pkCtf_Q{0mjL8`hnE
zgB<AA6Jqr;%6CrD6Zy-GDG}^NCoblkyIgmLwvw96S=bes+grTlRmDF5GL1yIQji-x
zT)-9lw0?30`I^Bra;e6$-1;%eUNVK`PcS92Y7w4QT;9~iKS}ul$;6R00=+2yze>GJ
z7NSe3We&z~u|<navsX-c_9rt+xzpb`lC-Vu2X++e5O)b@uLvvj{gyr(_shH^<@r!f
z4%nP17(~6;w?ZBLVssyyQE^)^l*N26S))@K%GskyK<>=ktEf5)GJBi83$Kuk_f(N>
zptiNzg+D4SUc}!~Gwfev+*{iZg#qhIyZ+0m?}9{qdM^&YN*{@BM+PK^-AX|rlKuFu
z?*4-NMH7nSCCL++a}eMK^3W}biuXmEC(^%(_?ciT(&?~^Y#HK;$wwmXgZv7}SxQWR
zgcItcWy<7^aslZcjJ-ArXw4d5c=>+6AC=rl^)Zp%@wUErh*OEBxtc{Up_1cN&IBg~
z&0&|;O?9^rHXJ#bSPg5|sdaFO)UtltwBKu}A-JFQ*Kut)9$cc)sek|)v9vOLp;dg-
zKAC_EEq!y`J&#XuBQ%OAxh3z+p;<wiC5HpiYC7UP`V?qWdyU~(tH~o?{a6SX>6;8K
zUUG)9SH(k55?mQVEOdg>_e4@OXTlc0wHcWKt7(X<Q*nzJUBv+nhGY|hI2`Xtr=vZP
z2;+))(!gE5cxN~t+e-DquCVK@Mw9J+zCF@{wHaplA&avWz0uQ9irV#N5Vc6D%ikRH
zc3s?SOUZ6V2JZi4M|v<Sc_B{gu#ZXxvqlauzito?bU;SJBm;Bo?r?}(8mFb*LT;fE
z3MzG1r&QxPwtwMHwN|}sE^%*aO&bCnWf!cdd7jA8p`rAZNP6WFmH#?5^pb^Z&<>Za
zmjEFr{$QAv%x(E;;CN;-ME2sj4v*bNe~YHOjhWE>WcaKmsO86OGB<FL^7W%o1<;)g
zj|T5w$Pr#vqS_v3J)0X1yuqTRNsX`D`ha{_E0Ke?j`p>vsSG7mtPa3MqIp?2ZkAh4
z)rFcr0ifYpbo|k5>djtyN~(SIIa5;FImo;^<@am5Ul2yjCOZTXfGn-IunIKhXU+PC
zH;wuC8HD?QRexL48}q)E_mr{z+MOX5I$z&=FL*v+FoEeA`!gb18xPw(Pkwc*5VeX3
zK$5yhv``KKY^HEFIy~>3|NX-vJ%%4(-IlQzxOMn&!y}N(V|Lzjp~=;=E6iiy-KJpm
z-KKtzKLR5&0nCuvF9m)eJI=gCvKW&zZGPeAg`P_wV55dQkr!l85<DSRs1Y2Xw&J}K
zi~Xp;05NMxrTS7fvdv>yfb)${|KJ_pKtc478RGETDtAtvdV)>HdRFVyKm0We3g55*
zu|f}*4=QiC=InN3Hb{NG^t$EjeRbB_fdvYB0{S<CL~Xq|T*Np^FBclk`Y%Cr&_ynK
zKusEGM87&D4PZxslDyI5bRp9>r{nR7daWQcMG+-)O{PP*CbZGaSvcs`g0ps!fJSi}
z%IH6-qB!n14x4bh!5*bq$~t?162D!yP0Zc#cwRu)S>)w`@Yz?L;W}%TwY@ydr#9HR
zw4_}FyY0D$X$_dNn-2aP=UhXFTrt`auNxHPEO@DSNTkVP6!a849g3`fXXmm6_A_co
zom4y+dq*C8v8T+^N;hb6x}}j3<>;`)c9TRjFL2h`fP!Ck31`7`cIelOQ-pJ?&^XR(
zW#33_2bwN*=C(<Qx?&SJue!Hb7R<7p(T{;h1Kn<Qq;Uy1dW@)(%3M_~cGQ-s9vLuL
zNzp15o<`Ik!^+flfl#|#8-m+nZA_Mk;07}v;(aepPU*K*onmupU<K2%Yn^G}#QhIo
zFa$dW+6$?%qSQ)E=Km=FqZ=r<?fkA!#wJ-GQTOAqxe>xo3wQB=4NJ63aRRO|7*t8o
z@lDS=1}d-C!{%Wa95x8C+<BS8QE9<W9#CXS!3axqC`Q`Yfd-tB(Ya97C^ahLp*=m8
z)o%ZKY(0h9BiAK77;ed0fMZVSr$(?f5$Bb-p!z7VqQ8*{QDbu}`ZYrp04N$qUwOZ#
zn4_$alDrZT$y!5thtvE)xqxg9lod7tqzH&~7x+Qhz^AITGq;K(N6Fq@X%@e@#n`qY
zXsT1*sgOyIL~?>CxfZZbYHcVmMb*S27@LmKVXT8OHF+Re2)#*6d*0KJ_;ISujQbfP
zoPk~O;%}u-MSo&AS(ia-d3R*s2f)CcHeALq@C%g@eg!$<*wdmAF`Ox{s5-zcQd7sM
z=Xt;hdo1SW3I^Co@W8Gt1J3%Eyxl}c#By8TvRzmcQ~|f21A5Wb!9-s5|90^z2cqcS
zSf}n2fY($Zh8~%?z-vMpidl!Z<+&xRmemNb?TU`fUyCR~oKP@m>xt$-BGA9Mbnl=w
z)Gi`)UPH;!OKyXPoNn4av1I<jcPf>4E7|$ohZo!IJ)b0?+eUN*@PA%Y@tcl{L)AQ)
z^`A&ZA9fZBoQhrj_*&8nh*6x5DN4h{fL3>^=M7`ccN|UyerYef<(+Pi<)y;RfJ;#J
z{ezq?iDcs{N#tSUOI4}N6)m`VyWC+PKSR_eIc@)W(5rWdiFdeN@<|+PQo3uV$&J$U
zvwE?TnH}4<{bdZUW3G!f2_|D&Wt1@MWY(J(tYe8yRtCg1f7lRs5CpxTu_BjFT0xs1
zyYmY_zPal)8ZK3`Con|L<C8zWC3wGlAq+W&ZWw0n#nTH3l3gwL$Zym((CcQjA*g;`
zFo10p?REBR*2C=$j;;qpYvuwJweei)J3_a5O*Hfu8Y?m(M;z~}e^Fi@3CWP;o>Dz<
zJaRsOCA>W(x*4-Tu*=YH3P~H$PCAOPz6S-^mF*wWE1}$bho5%H28<{$r6s+JlGO(R
z{c%)HjLcBaSY3DYU+$w-XgI_V<?Y+zimv=cYgYMYyYuwZwQ%(-fvr%-VpVBXtx{Xa
zif?KQqt_L5XyN2mZio|GHkV#If(`b;p`XQ9(~{g^QfMQy(pRMauuNlGtq<Gv+<X}d
zkgx>i8u|-PO)~t9z=<uQ$1M=zdhLaih0L#c=}Vfe;^}6M=ZGd)kpC<2$l51}7Zb9e
zgN4^g!Z3Hneg>x=LYJ{D_^6BwgnPR?m9)mkgcR>dgm5ge!P{`wh;c`_4EktS3=Ee2
z<FQ^H@!$Pjy@DaNoEo@jAnoeWPiXbC_2&J~P3kZmyS+~)X#9s2|7X5Cu{XPpNsc#v
z4liIhrt!hP?hQKkUKi|Ggcgc3zYPCD#iNJza@X`#hmGM|vNEAXP#0;NRf;zcx>lak
zj7>*|_yba>iwQu@B}SWSA*tl9!xUTkivKST1v7^%pa)3UX$9@QY~E&6G|$i}B*kaS
zLWMTbeH&qUXX*W_PWmhbui?r$rZiJzy&@e0#V@w>cy?AcNj^$H4PnYH^qv8m-%r#v
zDUwEF_>+lSDu3iD46?K(SGz<YF>r7wuWO&4Cp70!sfp-%MyJ^tCmbGHvgAz3S~;=w
zj<yk%x2?@f+UFvK1U1d|v?_d%4hmHZ-YVKg()_{i@`;#_Mlvl!0AUIQcq|v;gozmE
zI`Abpq|rwfjYBS|Z<XCK0I`;w373m;hoKI^>}6cqZ6(A!oQULh__?y1D<AasT9FI>
z`*_EoB&j=_(?_8mPWRwW^LtRqAd)15=f=I_u4-D(0M4aq#G&a{QA=*!5A6Wo4D$d`
zBOW#}q^`EA%3PmyzwuC_3UJZ2R;>8EAs5nwSOL21woJi5r#W{x4}4?h{(<!Yc64sV
z3>*thavs54h9ka{lL-wue!i767Og)YLh3dm4q_i%#*cAbniOhODho|?=)k!V;a^o@
zN{so~P$Rt<VKH6A&8}=4wHD!vas&N&1?KuPg)H89QqXIlZHCcl8TsR<VeeeaTcRXU
zgxfp<@~bws^>Y(-)RM<}=kD}XHw59#QZ_yLnZ*dnQ#*x2Uv7jT)wM66*R&0w5lWwJ
zkmlM?u;%Ri#BuS4&QtWjov<w}0BT&EZJ)SLg?S%*;lNwX1FV(QJ5Z``roGeLlh$d@
zMYGzdW<yeUgx8>_4&k*WbwUZYQPj>r#Zsfd3ao*G8xssG9p1yPEo1?cO%&jPLG|F!
z3gNe#)XpBVi<ocGY~yFh|NYBaEt9e`;g-pB7;T+`Xj8hQmmoqlFoKb++N_DJIT4<f
zh60)T|9*7@b_`Jaccb7n4+4%>){rSE<ZQHO%$H2$Hfw0LY#7pwiz>#CU-0v7%gcuT
zVAfEyA`d>3F`YY5nO8{bNi`CF6*IN?68%0BYL9!uv+hP`76yPX?gKv(1sd~o@Nybx
zuWo0MsUvNsIMH>Y2uFF`Y9buMHQ+X%NJ7V2--{r@?qpem=jD1sUyI|#{^I%s7}KGY
zeVnhvA>O&~AK?P%EZu+>b+PDj9KKdWvwb5Y&nk<dE^?T~#+AqK0C7M`O@6QKB)Al9
zaMawfO4ef$Wvgner~WNfN0whP8{Wt;K-Y1B*?l<&pIR<shDYeaHw%fIN{3l%Q12}k
z=B~s9Jh;CmX0D$#y@}+xhs~7INrJ(b`z=`!x^{u6OuwdU<6Z91?@3Hi6!m@EOD2si
zcc+?dSYANiHsHWN5<1!sug}-Z(kv~!v6u7IW{Gj#X>rSzGr9R?VA#B?`&NIPHh8S%
zvy6XiPNO2(QY!x|ryMqw{0QVX#0WAwk;^RI+}7;`)L5~jko-5;v-7+x+0W7RO92^n
z<B>$J@A8)%oxSnEzn>(EI&rn!y5mQDqGE5uIj6^s-A>%Uw|oG@=oJ$@BEwiiWzy*@
zgboi)tdL)SAjuy{@(S+<T~PfE6!gHprF+y`v~B3KziT_XpnY}Lp7xJXeCP7}u$cU7
zC0DosgCzT!+(^+uoCR}3x}h{kRvh32?<BC6PYyTnwE}k*)N!yu4COEn=~)4p0ry`8
ziUt3^$M(44D=~KN>fB6Bl-rQ#)GY<*u9a`)=F32efd?0~>AaWO-mJX)TRoMOHD<u0
zDL#dZNJW`PbPE)ysD3;KE*`(3_%yRZ7w_*qTWF$;y}1Xs*)AZRpS{^3;xztyup=m=
zi~MyxWTMAa2_8aCx>)P?Nx7C8E-Jr#g$%nU|2cJ`2ff98R(Ux0=J<aNXqND>&&kCN
z-&Br-^DN-1K?7<nT;Y#PV&UUAKx-&X8|WTh`*_L~YQ0mEB`NsVqhpj66Fc)~Z#SC3
z>YX@d|5dimES<!8ZpFPmKBi`xL&4(XG6ZnyLIySk@laHVg5&{AiX`Flc+vrNOLPEB
zXJP)(2l1|&-9^U;B+v)3KX6L+W&)HUzaN%uk3)Hr980(ysh9Sg#6_DGXS|MQ_rw6!
z6ir&0sMsE#-u8)jCuW(?$&x78nL%Ugo;NPb3GkB~=al$ux|Gti%Zb78E}^2hS8RM$
z$j08UTW=9_a1cFJRr8Lz?i_@}>ihxh5sT&e6%=0&+3QZnQswLnoMP-Bkc1d<X`&8g
zt5U@P5yZx^{h`WkQMF%;wWpWOZUk+PLg5;E7KefaiFjh9ihtA1aCE#*_RO&Xadn!!
z&D8=OGNQo~jXL9#1G88ZGsHKZR`k%ZF0%>46=x_+r)dDhFc!WM5Y!p+#IP;q{o&kb
zL>_mmyW9PwMuG?6=(t0dzAiJjY9M0I264lYRY?Y6e;Frf!80~_V{B!2sMcD?U~V9Q
zu3B-kcO*EiuzEvhmJ^0UoGH(V_#oIDIJKzxYQO-5f7)kA3IhH`;zV3hXaJC&6rqGQ
zfFr@!5mH{9{+;rSD!lR=@er95yTzy!twy^&2&Z)DJ$?}0v~KB_nc{<SRh^qt;BdCA
zWoqs}SY1|==n%DXhnNw{eo1=Wh+XAjpVd4v`a*j2%n1xegi@9t#s6J{(><^}ir3#j
zRoan24g8GiPyjB_8>}Og597x1Kr28M)KwR+3stYs!6zaKr07;EHC!e$b)5If)(x<w
zthWe#VN+a!QYD_LslO9wLOJbZL-ZH?8pm1$@F*#qd$H98!*oX{1u1>uVKgN3g10zQ
zKSZ@1iD9J@#S2$R*Fv}_qI+}3nkoJc6#!5LpQ5xz41o3ij~TUJ$2+$0R3|>Nr9+hs
zBJ2s{)?;;t`n*u=4=>TTv|)+RDk6*H5mtf%GVY%XMBjHC=;cQh``1CJP-gdqlb0S%
z|7wym<{*&1<zg0$;xcdiOij5^laVGU6qV#+Ynr!C@U|6a`yxgG)Di?~gYk~;>~4Yl
z!}BN+YgfTB8oL<5nuUE<m0n!?CHI4?#+X$<&s%J_?aQpJ4{z7+dY^|;N_+ciQ$n`e
zR6L`-!QH<6_JFPLQMBBPo?EWs@hrH<J9qFADqD+SHW@0^kGlW9z@55?tFHi$6z&Aq
z@(=lx^QIa@>RZE@xIjX#MCPMb@2H<S{CUJ>SaapG6}t);eem?l{61|uCe><yuJOBQ
zwUWIeub5dbk+2Tl9Q~r6q=1xC@B4-UW@k74%Q0eS8N*d<1OY+eG9^sSYvn)y2P-fZ
z6)Zu$2zCHXFOou|wGH@2UQQ;kW-I|30UZh@fpa)tPKYE|ss}V~1j_I?DD8997HGn2
zO!EEXVX9LbF_Re9Ap~ZRsLyP;J|OLnkx60d(n`uYvR}s1Gclm_s1nq;lI@pI2gIO_
zv@MkBb~5KDc_VPsc(cd*!mv7IPSbsSTS|6rm++x_`M$?MCFj}!YDPQ>$rDM{^qwK$
z$GmwDgz5%9msCZSjl18lE%S2{kuBS}uC$VF%OwO&8`+XQAv9I0=%Q0#-Ofmdwih|W
zlzPMWP7?Iu-q|>tlb7IM`+`w=HF19417a!AK$)VIEv5J&4Bqjo^!v|Py2}RKAG}yE
zN!+GfT0~(x?9SZwzSFV|wUHmGE^IsxiQj^ka}rHz5O`^|c4=)6dUA^&XVHt-Zj63l
zUjgCbd1VQZt7YN$w6lw&?U6q13Sec)&P4ds9vRrg`1?k<Av}hLFsYR6rk<)396Mr=
zx9+2?_?~{(3^h=VV#3Je4rWg24=+*g5;@oiCSh)Pp(H+%Du~otz{>UFOt1jb0_#Fg
z=j%U?&>UW0UID08N8IP~lO`eT>(PT374W?Yp^;@C9Qde9ISj~OpU#kqW~4fF35<BB
zglnv&F3_T6@}W*^L4Q)aEB3tC1(z|yh8JagiU<DYK@u5(M6-DqVGOW1GL}!DE<1|s
z|GuH4&TzaN2ps`D^Ms+eO!7Vfx$y;jFRfmVqW1sTxfSQ4Sj~c_nNhX;IR8umzx1xS
zX7_zCt&T`ne?*xdNVe=Civ}1hH~ld@sq=3>1tY!ZKZ|@$kmqJGT+9f>#Im(9=QtPT
zo4$tA!HAbVtu2U@I$%}rEexW95qYjDJSP5yPXZcl2|p5mutZ`N*+#}sJq5WG{o6zb
zV=frs8-m76VUxW-TYYfDQOPB9ABK`z^^caWj1s{N&wt&YBH2NxwRunD0fB+ib~2v=
z+|$2El*8j<-R<stuEpjBd%eRIJwoPOj0xYU^KnA|tt0+Kp(E^xtb>=<w-n9$%SIE}
zaD6*@jUp-z$he@T`VLC#m}`E15vfMjynAHD!EVrn84<;4F{n==6CXUbgh;13(;N9T
z|0Go`bF4@p$h;s&VV}F>^J%Li(7P^Gb#X0ZGI~XLtw1u^d(LVUmeJy1z|*eGa^g!%
zKf>%aYHOrt!rx7&lnMV97(m+e4aHx0&lJOt0t@-a3x}S0`OIC5jjusLMw9eaQ17o(
z@%}}SxP6@foks13sfG3^_{`QpU#?1_;e2`dK^H*Ne)}c^yrs`d;`jm$SU88~f6;x0
zAyLsieF{i+ZE{9HcarZPW?;SljIPWj&-e6_>nDWS0CqkLZ2bqjo?J|i8&h{TLw@U!
z0dK=xiP%EyWFmP4<L|BrEq1=GWV4(qt-lA6roSbR%5)XcQZLmrIlomGuyvI4Alu0w
z2>DYtQ?hQ4kdK?R5tLBq(F}4NTRKv+uk8ma3DeRibd2M`xf{d8V^<<SBMmngyg_bn
zv@Y_ED#P)RM;{pd7GnPWv)6wlPycg36*e`e-}YenfdW=iHGrm<Q_OcH@w|!{vlz^D
z0JZ63yHV`VAt1zt*$%@-3iS{CrNdA*(&t-V9-fhpctJt~(epj9?z>@}-m}I7&vqcN
z3aXHmQ$l-!m|1D35RU!MdzSS2imRy0$mfc*ZL!gS$}_<KGa!DAQ}m5Ltv+vS(%p~K
zl<9-GDWR<UWy-xcFbZUAQPDgd169i*lxRTO{TL|ceePOIN#ufO$gkerkYHLVe})+v
z2F3)S;M_<i+vK}_m-ucP5gxLQ0*(_}YA>O4hn~3~9uTe223lN@|Du0IwCg4SQ|u*1
zAnm5(r;BnwVct8Mz-UNDAVA;~F_}Dkp3k8qhd2qcIM)cr42vTR4JG`)D#nA1%{$CU
zZ{UrV&^!R-AF$qbA73Bx_D-7ltydXN`Adn{eVs}52en+~XG#DvhnSLiVkF4^oKN0q
z3p)<vf69kO2#~w0m4{G}wf>hb&9<+NpQgl{a3)8kkZ@c_nDCTFUb(I3)i!U>&f8H_
z*daigB;zFs1(%dmlOiw!{&JU7^$To!kojy><>_UczTa`6C5flOo3(w!!eHaV3$9LV
z6EG^JB!#AEraFbgink)6h-Y!wKt=ew1+Og?IXic%GBd>bmZbx~0N9jeP~|9>Nhs)}
zB#C^f{OcVATu=K;NmIo3?^+L@&nefmR;7_sWd^m18AGSA*RTA^RhKNSWQa3zBX{X_
z)JcLq3dBl6N*)uwTh(;g4lR)%U{sba7gZ^<^}Ie1^i4i2mSG-RWh%=#J`X+xp{UD5
zIHWkJc!|t(OV20(L!|_>B~OrcpH`50U$dz=01Sh~xHsnO41S$UjDdO}OW>B6uXP$a
zOHA-3f>*T$RR!7|>`0{A5>;;D0M~!nuf)0`^h&cGLMTOt>Q>#$>R@^3)h*aV{sX?R
zGn<dWT8lr`6^97pz&j5S?$lJ_<7as@{rq=jPr#59(X-FTTkTT`pjd^_&|3Yl{<eH*
zuFPAWA#@0<slyRuZd3~4@umagQ5*A@nhi*G*nquMkLTTqAf1kjOm4HktBq=*5EL|t
zmqslmE0eNMi&u}AKbSZz$y8^?Xy=Avg-s}@kxNgL-;_qUKDYl`$X4n1@E2v{e?G>~
zNFzit77tT)9`%8{iC<soyoN7nwc!TFn~wolzt8D+Ib-QxYK!mo`p{a$2%ou=J`Ok)
zlr}w^>|mU-vtjfhD<+0T=M_4NxHMwj=9mXl8ou9+gVV@h9Bvxu(MdJk3I$qrE;xn5
zrlg@xwbyTaoI(dU_~%SX#Ga*EiD*i#VVpXnTv#k~2U>T1E&z_9%@R)<$Fuoz<hxRq
zYM$Y`g<gh>9jXWss&1*v>_3?Nw-D+{5_@G*erZONocEo9c`q_>G)+Hk7x7c*l#;?|
zV+77{6JBENlA<|>-qcZNOF*>t+iJ?gqFSi&oPE(M!vmm}Aq5~2X5H>{3)U?etc|R)
zZuX&8Z8Z&)*tJ8qUR$dz)6<sH^+a+sRkj=Nm#lZYx_&!N3=L$T{cPwa2E{U{U6`Ev
z94wBbN!Q{+iuDK<Z8J-K@0XiYtd4mNNI#S2w%#Ha1KCF}G8oJ?2S?qHsN1-P03<?U
zJ)#zg&I{iwh1fD%%f9ZRyzb?|`jUVNX<<DYAmlMT<rbL8?d4E4&3`b+hRAEaZNYv-
zN5#E1x2fuTvg6A(=I=K>mr<6Oz?O|J#)T#JK@SN-@OEf!zip>{O#fXF3h{9w=B{hz
z8waLEU*@h-G*uzgNzUT?FE4)J{&rprvy|UCq;aPX+QmLLG6y6$uiL!slk#SEbIK?B
z`(CbUnR5#vhs^Qu83qN}lo)=T@o{!_LXtL2m4!YaOAc^dCMB-ZX@wC8Ts8-<IChuR
zxd!foWvA(pj|%pq{!qFdJVbE1{{I5!u^3}y9=kAqyVdG;U%zHIFi)voaCY!`8qjhG
zA0Ow;2o)>XJ`j7y9uW>nG!9Fu4GCXkb^%^ouKXW)v#utXW){J8%IBi(alj<9uYrhm
zi3+^qr{cq0bFE_9FE!$~@qV4ChPM|6S7+jAGiC(#@s07gdKI4c<@B6q*22SU6yt&-
zes4x*6xoQLKwuG-zPh~bq}H{y=-Za;?3C{cKpv(al;D}Jvs0$l>bR}5@Cq=82Mi;<
z)woi=2C9;1ibfp>A~^IQW^yarlb&H$C<t{S9+IuOSBQC#s8npVKx)(`lV>=#Sl^5Y
z1LyZ$TdelUhQu}pM-kDFJ!_k4CJdc`IZggNCYNSaRqCy~ho>Kvs-~R+yZ4VfXqsb+
zPP2_qUVM{So1yvM#?`BK0x8=)S`8dyCDZ3GIhzxUCZ><rOHPRF%p$N|p5=@|+!xX1
zl`qoJRdP$n6#x>-!X|c)23QoAOEbutA^wn$b=>?=5jolQVf8Ryr6f1N09F~#lMhCk
z7@ESr(McW!KqO)xghXTiaNFU?0xD5BLvbo6=Xjoec9gK*B$Y-%3*!wsNYxAt0{V_%
zK@}w1&zhtXSk#R26vX*wJMO)OOqS4aalM@w5WmD?;oEoeoL}l8QC1Xi^A;+ra52S)
z+Q;BD6@BPB;|*3Y2RPc18zTh*hYId^hl2P&3ew(9K$@gYDRt#B;1W#S<rRi}R@-HJ
zY;GEdhbb+V4;bZ_cu>)0my^d>Q>z9%H3eG5D$!0K;MkQ!fpV@YVVFoBabNd<WOI%T
zMg*7YKxyBeo~aiwZ5gGIta@%~-Je^E7fOf}xBbiCrG~)!RV!AmJ@u1L#DIoaLLTw<
zkO&6?d19$WHAIyrLD|K3jdw4iO0Z+n6P=RP=#@ki*8T28Dquo?*InuG<yKan?RmiG
z3LzI$iUH@S16$O#Mgu@_3)OvnQqO6w`hx8PnxSbX>zgvX+1IxqCgn&>&ZB-uw=gxP
zx9DAFs4ZN6cdBQ>_%#)ADqM!_tq5pA9IJrYvF~{}&Nw>8G9;<F@Yms8kedOCLPyZe
zYYjrz6q9w%Q}b|#OfGOP&6dG}rmwDi6T)%m>O|)~-eMZ;0~b2lHLAqAKRxilaq_fH
zOMN!r$pfjJg~U3}UEIL6RM=I+TNH|NF=%$lkk<;HprD@RdUN6F9}9L~=*9Q5&J=EH
z^|L!QG#yLOS0$MaxOV%>*3fxv6x-N@g0C)xvWNteW|3r}XL;a{DpC6JMP`nn*j7_9
zFws`g{Q1mb1n)TitN>rwCOdd_crK?v5y;`D=nh16;<!)%0UH89WMx?;14{PDV4wk|
zD$FZ8to&fc^OZyXR$p9Gs$6eHV_YMy<e)w~229ypCKc?5@dzkV6L7wtLhi6F_<n3!
z0Bnddl<y>L7);k%Q{4Z<C6F+Zdhhxu`gEx(9vd9GW1UvRMCpzkSvG@Q5qoW?V3`i)
ztp(_i5ac9qpa%TUyDG!lTT+_EBn2W4uUmtWnua2DRSy_)uTuU=)u8H5&%?N3t)>%F
zUp_R@Ag$G`dVkNtb3;K29{iAi>$#fb7>9&tbQ*V)_i9!!%qZ$=pHpuY;g+?Qu^vbe
zFJxW$7FU-6b<lQDO>o9c;}QTvUZ8Od^Plk_;ifOE$IMc6%HH-&G)VI9<^b@faoni)
zaUq~+RhLu!zHZTUWk6$aa~~vl?1qQQ1way-R)*NoR||0q%!m6(Ju0T#nx~vt->b^L
z5|St^ihp{ozBHg;ScX3O)Tyd>fI>gB(!F_iH2AGA7U4@wsL%8IlMKCMU69H~sw!T8
z@?QSwk&;+@1P@HP&`5a)PI`NmP`i`K=K=$rh*O3yW|mBd<w5&sm@sG$;<F9jxuLSh
zF&Hz+W~MLdV$#RrT<bHlLWbR${)cOG2-T!e#JL@beL6Ke6%vyv8jqbLVFB*eW2P)1
z>5=%RlW9)@kC>UqDbCJ*X$Hie6mo-Xef*m)hCxUz;A{MUrZ`Yu)V}ORpe{CVIS6my
zcD8wL7!OZ928CX1i)T3tDgLHZNRi>8V?Sx$65@awzH6Bru!Omgg_TO6HZ9qQieU#N
z0s`@fk^w|OL-P{;Asr9Hil?J(vW2FbdHogJ6Cgh`ys!6#k)aH)M$4re{@+`SIJMb~
z*3waOF={w;@ap>%8AJjiae|A5kzHtTwZrMYkd*`&|G}=18QcyRpJjYHsi$eC)}|WE
zSCTP=4E@AsO9hv`pW^|v%#pPB@P5DmsY38X3L%iC1jr@*jeUt!Y`T3;8C>FEI{FVb
zzAxc2J)H7hY#MiD$!nPesU)m%uaoZN1lRYchKMRq8~t0pC^9oR$Jcd;4t;IY{p-7q
zBSnnc4<xp=?>(pr0nMA8;SD5Hr}vx9#%AEzo5R}!z2D2C;7FjimAg>oHwFS}SfeAL
z_NNKH!XDksJ|#)TJRQGnfWvv+=<>1>^JWV+>Zv-E07V&0xAj7p1Q}uOr61T$jud-^
zk(9;V6bE{dw4c4aR+$)6JY?iCN?hPQT;6uvjZh=)bBQ%-HN`5$tQS!n-HX+Zk#Bu$
zALa+NuoDUfx4G*}$|ODIo?Yno4%1me9QG^_c#oB4O4CkdKJ%0oBsGt&NKnHr$nuKU
z0(FzP#PtTa=y((mAmRgzuZAdBl7qPq-ysY^(;qUAKM9zh^^}T0Az>z1N?ElH>M(qz
z_a0tsKK<u$288b?%D{Zep~B^{N4-|V?0f5`yCULPZ2?}NAv|H8V=y8&N^KmL!zLig
zlCg2*gUl(|O@jnGIyLJghaGG)ov|E7E*@WD<5t8myz_g8%me`Rz(FWc>3{&!u(ROQ
zQP=^>D#Yep1Gu+GBVCgg818&g!aNYepfncjI%*4x>tFDPB<1yj8nC)NC_cI2_Z?g#
zoV$lAH+_VOLV!Z^XM1$0FV=+smI74&xW~SF&H8YHP7G(_Y%2Xr9@^mNb-CUL$CFHO
z>kRjDV8n%3-kuXTzaA$UU<ZT6k$|u{r$y3~><|o$N*4Ip?1XIFP*2Xwu?vt)t2mW%
z<ISOA<y|oUOPowbsPlUVP-FaeHa_=76>ou-MTG$hKQK4mb$UMJ`#ILkq*M3N{5YS5
zIAuvo7tSyH=r`@`&%YbBhv2{}e;%z5>{}aAfzWpwSysnKvcAFtuZ9I?EYWasa>TPL
z`@xPtER_N{p%Aw@gcKZzWlTTjG~f^BOan)Ba3%nMr$fnNp*d3e9~zxtbZ05XH7~L&
zhn)-<oBAwuTm>4-ksCw~`*K3BUNBaY4fBBr^zt~g*FrLFGp%DLma97!++=VGd}hRh
zVDKgMnr~j$z6txadB7vLVc(h!cGjKZ!aleTjmmd=KG16c`nHBuM*Co71Ke8(;XrI(
z@>#Dg`>u<6z)u8TTBslA@ni^e@(;`0sIE!GmSy4>^Hxy)*GSO=j8^w#$UCg!H-Ykg
z3(hJo=3_t*!^pFE=Vx4^ev^f^C&D^2hG%~g{z3XD>j{9vi(-L3DNr<{;BW$g!-Y_p
z5JQM7of`~GBCMD0WLc<>lV&_zf^@W_%zYRcx}S%i7qcPG)r!5km9PoeJMBYnUvl-B
zmqoV&o4EHv59*!}K9GzTt7013z*9G7^8Cff`al2xs@H69_#&wqFVaQ{fNg&q&GOD)
z?_3KQ4?+>uX~$g$_Y5zqYxA<gH-4qN2-<R#s9KQOdwfn_hBEryfF~G}xqd5iJ~#C&
ztq?t>K;?!1#rW6_wqfrbdo;(^acIheW1C)YfT6myRu>7fGx7L5Ct0{UasJ@5fh1*K
z9~MRFV|@}g48M6_CG^5&7EV_r|Ec|;u<x9)MVV<TKbazvcz+TP(QrO+n0Xf|V1;>l
z?~d=)&si2DN_5U6&i&DY@e)r+DAAkt?H##WP87xA{2gu;#_N`#h5LD=sKR>5KtQj@
z2{)Ev!&pFGs$@8DU3oX0XkzI4i|1XP=YX}0Ym)x)=>I80C=WX=pejl@l&R?NFmo#K
zTX!mRtH=n-0@1v(@6r9oFm1g@P*dch*NN*#>R^G5PRJGa^O#>t7a~pCgJOX?RXpO4
zX<B5D?bIoC-L&MWD0=pWCU}S+ZD3p-76B3JyDVfX4+M7KF=Ord;p-Dw?sGN$6L}t+
zi>f{p+Hz9Z8{a8+qUZZ)0PDzom>6-74J}ME_yq3!A6C6>QG6^aI#E>Z=_lCq07X7|
zS%&A`6zB&LJC}B?gn3L%jp8rcyGm8j360;++M#3e3t@v?Khq@3EJs0K23jzkgy)sd
zi!+~h#w=)Ij1n;RJYDp}c!y1mWG?YtLxIlcP3|U>$fh|9wwBXQLc$sXMY4$`$hpW0
zFnQz?W3tI#iw#%Q{|~GLie9j9)OIm#;>UuEI9S07UFLutGJugdhPcMbt-&<(048ZP
z00Edoy3@IJ^jZ@`VAUtu{tYPx;|uxhgf053vGC)8ag$<9_7KxxULg7(!(6oAl}aIf
zPLB>C5@J+<2Dd$ox87~hx?mCzq?8#5-q3{vR56k9O!6^T{5MrgpN>4Md6FG+V<P$L
zv6a0wYKA%z^N+eYp%NB2>v?q00BWUr9{k0D1}atGsA9vQje0ZCvB+slO4p}2XsVC&
zO##<fxBYvPShlb?=j$^Ug!$6XEHUhAX7@6{LFR1~vD@!3K_R(Y6LXbHUMbnWO!Wz9
zG>xM{m~8Pz49t-!Cxw_73fm%Kk(qi$TWfzdH@A_d`0a;DaA#5dVz}HXl$_iY*S5iv
z`aFX!Q_&$$PNH0Nx2Fkn*wlp@j^DyrlBu?b-fiR+W)eg$;M-HXZ~5*MlEmO+&pQQ+
zWpCFCt>j<ElZH~UQw)Y685V|!d2=L{!I>b#<P|V7Sd3*@z6(>53;Z}x3rf)bx^P71
z?6P1*9)#nM$F9OZ!Q#>#<AxwmTpFkQGB9WaVUB&5%&RijF4SMlbh~&>gC8tSrdX<}
zGPk~lK$h+j@KnlB1vrp|x<7zT1@ZYqd|1T8oCs_0Jmu@m-F!|~!c3CFF6z4@HCw^|
zS+9h+*rI~^mg%@}+5Z&4h)A36{x3*>3}|CF&(=cHCm9%oIx8~fE(k<gIy&XV#hWmJ
zvNxEH*V{0i=}!rab0|r-Xmw)})SH#Kc!*@!(hHcEOu-QK?j<V4{<1?kpvU#{a|HZ^
zGI3j;t_@yrD-NSCQO8Mk^?~IBCa(6xc+eE2Qy1%A=~sAf&&MoeVpIa>=cV)#o0C&&
zyWp~6#dJ^!t>eU;;X=2*XIL29?N2YSlfnh5H0>Qw#CG;T%@d^NQ^~5RRP{U{_%vxE
zU_3ZMJATwm6MJ7L&IO-;puw#+pa|Aa-niIEqRqQV|7hcQ;LsQ+e7r78IQj<8y=HW=
zb`O>eZYBk&8qdBy=BS4J%q~BwzGDg+M{DKCHUebKiJkoNx+xx&v6etOL+R#a0H)V%
zO@6j2<rbfAxR@Xm6`yA|I>D*t-ZPa#({&?{vQ`)7su&$}XwSCw9#VbI$Q>Tm^Wcf_
z?aUW1JdVh`!_5eKcaWQvLjG1f$%SR#t2TCisPMF2grHGcM^i5b-r`@(wlXl`yDo=(
zh~Sf-Dxu{d*NC4n<l9m|LPfKxw9pHRmp}^$uPXFmLx!eM<(R<i<sRe)<FpOcHu#cQ
zg2IH0FIqb2$aR+>w8K;QwwWiuTA)K`;`(=s-g*-4!sz+##cg#B9LP?tZgiZfAGBCF
zz;ItOHMF1cD>JYFU;tTfES0)5^aEja*TNrkANCHaW9rKc-sw97^1Tv9HtyN|@j@Z6
z9W7}!`NHF4c1UU~pH*+)KI-Y5jp>wdiClh?!pv4Il79(iOP_^Za*|Qnb3lNFkl|ps
z5=sXRSz(H)_}8#<C$Ph=T1Amnj0^K<-o1g_)DCNo_vgd*w$8<wXG)IyKG3jzh}o8a
z;U!(vmwjPaO7iZxA^R&IYKlmPe$FJ77xW_mIshM&=C@-3^K592(oe)T><s<w&Y6pQ
z@K?IGsN@-1JZcS%^_wE06kkenNep%s`7OAZ8}c#aK2@{^R=~5d({!(o@$f?mDmaA+
zv;k)kMEkN7dQZ+b=ZPQmLvgZ9<UIEn?>;z4dX2>tPK&jmToOp08f?OR+Lf#n-Nr^s
zsIb<9&l!h;M({Q}u+RZS@PuN`87HOwkLTKX`V7Df@;B31U>pv{7z3In_N8v8d*NMr
z+WvPd`TWUqqCBxW5p7m-_wCR{g!84&Hd9jWE4*s}to)(%>z0=Y^Hdok{u=D&<)cE@
zESg`{(k*_EM~7Z|4_eB&>y<S=;_m+x<A}pgBd6w+K<sw}3silvzpdT8DSPrQeEGlJ
z1RHO<S-4i7DD+~IW(~LW^p7^ZV1b~+67j$>bz71Lim%ib1bgC*MAKE!WXPg09lLz?
zs|&%_q-*{<FR0HFoJz0Yqq-b^<mf`LOItT+_gX<V<n?8NZYpPpuiS+kH!3r`lOxS<
z|AtYvb+iGgc)zAkUKJ&HL;gk&F>1MC03{n<GqgFxg@v8-YvqRyW*70g>+rIqd*dkk
z7CjGozNzIm<KlaMM4E;CBf)P>d*Fi}lG~zn*FsqRWisdLU*P;u$x>hXWz?1__*A2z
zqeeXy1Clg6W%hTM9;u9OS~K@iO#@S>hI+!mhI;lbgJ1Wo#x4Yop69>z|I`-(74lfw
z>{PSjQPS&-TTZ|7MMb&|i85>CNM0{WZlAi`!(*|xrP2eXT|^6+bkJ&`?xLLLNB3<K
zuj2;ON65KmzAZ>xlexfjFK(W81S#l9um)#n*Yj>d%cB{fgR-KA=PKi(#%NJaIbvfS
z<q%$GxQjB;1P7`9<x?DI{xXcT-C%|T(f0NyLV$tw8BJG(H$_zmAwt!?WhF{VLkebN
z*-->KU#U@l)WV=f?*OQmrK3{X1mwySWE#zalr*JpGU#?4&ZKa$)%siZ0VAR)M`Mm?
z@eSv^iT8Wf3pm?D8dJ}oz_o_x6uZv5h5=V99M$1gcsINP{P<e(FE*d*00n%zQZ7OA
zZbz!Ui{XZma7Y(lu4fLkel#AeJ}|`F*WF?J=@2ejiA&i_46f7bFic~Bz;MDuE6+eq
z6R|2sb7}6~==xah$DPVR!^0=Lv^IDV16E^_j|KN?WVF&K0o>+dKOB;|!k`?{Gm}`r
zVpM`W(L!O6wZpCWT8?O$R)I3nfBK-%>zdxH_xtm*`jJhC8!nwdhH6H`3ytRqO$<)=
zD}#x{Y>4C_uQN_;yvTM~GD2T%q!|*AsIm}h;7_)d5aUeNWv6iEkgy%bV#T2wtAriq
ze;WS1e*j;u=I~%Ee?!$%nj+<>8t|Or_?Kdj%}0e?MVP8q)V8j3+oXoz*n2qcknNSO
z8yq1Czp6F^|B7yDn&wvVcpyu#NP?J2McFmSn9#fX?Cb0h0zt3H>a;NjbDR$>9qS-n
zWd>|_|5p23NH(Y2Mb<s?feQ&&cvUm3@T`$@GJfvpQw@$*WwZqZ;v6>XG<0cu?v_hl
z=;3!(8IHVU4lH8Dg7;tHMIVJtWBWh!#+pN)bKw(Y1G_;O+xI~RKk&qtNy09acpPLt
zC(cy*$l?-ekey#wY==l<5oiILcJTFS!50ABE};h70-@sQi#g)t<%xxI7X9OK8F<;Z
zKkjTNlGGNEFit8tt0qKyy)GP94E+Rac(HEBUvtHwzjS`@gtpDX6MNuL;JNd;&Aq@E
z*qU(xbQLodD_O?ZgPv(iJs>VFZOHUMUzqn<@nw&bjO{#$FD?fqCeLGL?I9AiBUH7F
z)gO3@01n4wepW!H0mUD%Lzld2SEw;!0BN@6nY1bYIRR#(m(y9tqLQItR15RoBOE#)
zEmZ1#-Tw%9*1iWGT40bs!R_9x-M&vwQ!@payLk9HC&eaGv_QFl3W&$0!E6Jt?Zvz)
zu3G~qGY*E@yaisS;Y#RsWQ=3Ipg-rtnP~>D{*|_zq;aFIPYIjycGX$?E#86>agh9@
z5FryZl%BtGGyr}VbbREh<;<WWo;Co46`)a-kUjACZMP%Hu%lLbuWo)Jy>NNsIu+Vq
zF>WwS`S`*1cH=H7T|fk-Q1uT#lK$uRU`3>sTp?7HsN`=lqidN~^i3T--d(lEbm;Hi
z^wG(+W_gV~#D0k}6(k?)&2y%@Z-u-d!$GTtr%Aq-CK;#WA=2bBUS(q^pD}o;T{e-c
zB-5bdnyRNRzA-MM+uxuElf5zNLqw|5p^cJ--=^zhDcZ!*o=K^*<1;GN2!<c&^^<UQ
zct{ZKnN9yFLZ>%fp`qunO1aYm@1ZPzpS?QC?76S<fP1h-e)z`N{`LIr<AWP=lF7~A
z!AdI`!3=L&Lp$ah4)^Bfuv1@~_O01qAMNh_9m{x3Ug*>1z4?OgWHpm>g(Q~|-@bxU
zg9hCE=9zUY6a<n@!qT{S=nrR$5=*u${{`K<q?U0TpRMDNByXHwF8DJUuV%^PQh_;t
zZQfRp?h!Y5y#EWu71oP?0pI_U{ux@Jw1m7oZS+Y|lt2Q-Yc!_V0{wjm15n7YQS)UL
z2t3ueUM;1)E`300KGnApE}s*EEs8jw!W_K8_q}`I<Z-Yt9=m~<^<<mURAMv&NnB_B
z(O>(etm}`OaUTC^FtLESaTqRr>4NUW4PS-ynJJlG5_ri}VMu$2>;18W5z1?t2I{%o
zP$)j=0H)p!%$48+yw;WqDr~)g!TyqFVPOpyxaH?V=3o~zzUvA_%n6i0hUmlyWA%fO
zVC}rQ$-Ck7#~u^&Jo?mWj&;pi{iqf9S&hDbI7WTrhRFOQswVc6t+R^185>(6*2=rp
zev=}vPckZ_TbNt?UQjc*K_G8{qQwe5wJot!iJ0s+7Ocgf0I6^aHh$*z$P`Qg7Gfjb
zs00CCRBaV^KtpyJqu&QL430uOC9YpkGR#Z{UKvC8s0j~H2!A&{lHL))WO@sOy!wU5
zlo&Hv7YTTK)<v-xEIZ6?UnK^QmJIN2asM_Qz}@dM)a;p5md%iupS&&cjMcxNs496$
zSTh3RW$J(-V@hw`^u1r*n_n`+ErCCcT?`#JWe{xY!wVuTgZ~V(4;cE;S%GUbUp*!d
zrO*ttZ!*VtuP~q%znJ&qsLjH+s=d9dDm>1EgwtdLTIFr_9UUjxE}^3+gc`m@3pvFx
zMG|j1P|sdL-7t)he+oNBiAC<xnF07#mmPV%QX&&dGCQ)bfwSH7B=g+Uzuem&i%!*m
zs7`SXF;rFt7mCo|bP`$IF5z5&*^bSzA)L_lbCZ*Zh@hfmzfJgl&;Phq65QGJqy86h
zSwakO*N#&jl)oy08+V!yZ!ET^2?K##7ae`zhxGas5Fy#5+cVrqRJZpHN850}0pxvQ
z*8xV2^2{^Xv4TBtX;()BFf>j>=OL19?m;tv6CfioQInN%tbbK>Q;3~GY5R+>VZA@n
zeAu61zXMftyHrHMB5e0`uhqgJjOUS94F{;bFz=D@f_m{=lf3NGWP1cKaxsERXWEf#
z=dF+#IC$y4Z7Zn)|7_pCZQhaIeb`Gc7(|5hLed!kAK7mWpX}{Fqyh60=RPYCYTP!B
z|C9*`hAjhtpt>q}`51!p3*g|1Ag%0AxVgS3`X!xBzI0=No5-3t&n5}HV4ceg>l)g9
z8eh?|^WsRrcq*fLV)xNu?uSav-wFvBA0mQBKmwnD000OE>)sC{LX2~T|KWI>S23tS
z-vA1=Ggj<?j0>^^7H($@fL_FHvrB(b;gp|Me~m3JgG4Nf7>3Lykv)&l+b^+DXi{Pd
zKpKvw6f-YO55Wd6`st|(Qyi@R2A#+4up%cra2c*<jQHJ-@33=z^fv?ybYXmmu1L4L
za`okQYFyi<<gaUY#o!1UIjOfTKuTp*rD3foQ#%fIFzg?L{7IEh&o~wVuhHa*3#Cy)
z+LIHUOO)&;<i6!pYyhEZGyH|uZ!Q64<MY&b{;X{5i5;77E%kp+Umd;*=Hce?@x8%}
z2*xvB6Xgz)B1vrhTjuL|Y%ji=MSI>YA-WzcJ9)7&+7Kb^7jH)gq}u@xU3wj3a8N!6
zP0*C@K+Ehw0ciLI0(sqz-`13EWbbi^$l6h5{G}2tjq-FBgdw7o4fl%B3Fb8#p^B5b
z2N5t=oG^?$tPgW%7DJ*O)VTwoiu=9W)&HwGoLA`FwDU%|uR55XK(ZsW@sqa1X_jc-
zVsKx=2Ni#9wkO`9u}Lr>9HDqbXRrWTK&8J4;Go+C_4UceRI{OrBR{%098J_<9E_wH
zgm^{|eG8{LcUGe;&S_&J>qn(B3m|XZQ*K+TpC4Bu^_Wl{JxqL1;F^o)Fgdx(`(;mZ
zGcb^%pnahO49k$0B0I9%o_;ak^F+kxqceF-n65rn^)r4=kV$D!_lf?sCJw)S_^*x;
zw^M%pw3JxvCo=~!uc=cTrM@)`s;CIO3F?U!UhEZ}0dLfZr1oic{J<fRaXlnyyWwSN
z%TY#v3#!}Yw}^Gq9IpDYfAZc6&I5y&8pe<T?=eZc6!3lL7^M!1E`$OZ7UN$4YE#f<
zLaEmKRG?y(a%d?*1DpW$W*M%N$oBO?i1%sBHvORrqC7$5U$fKVJ%y9_nvLBGSDyUC
z*l}ACkC{g0e-STq2;EIJG<SF5&X<ap=3|a`K~jzZmg#AZXnC<nNL}@$m@X~4?aVbi
z%}aDTNU47%aCJd}Iv8|=0t~qXuuwaq(1_(l02{bpz@e83#IN=kzqiYnmhv5gCn`JK
z--x8-9rlyPBd!n%U|y(wuBqzS{FRS!qnlD1?aVZ#1sX$YJ|Z<!j>rw&{PH69_=hCt
z$v2GFi6F>i6JKH{`}uMuQZtBh?UvDxZQ}dud*o=E(lI&%#jnGZ!rL;TOw#ntl@BxI
z`g$=KBD`VB-6aJbl6p&gY&87-Vx~6tn9X9RD1Nnv^&;Ufn&%gA6U?b|N>Gfh2Te@a
z>>S9dgkjA|2|^Nsn}+6-=|w}+=j8N_l!`z(ttLdu$mM6IQSIZL6^||m*l3{BPXL;o
z=J+Vw^jjFknFt*Fg4OE^@iM7%g^7uhMJ+5LVp6o`p0vI1Q$|Z7!Ds~!x3nlp3l7FB
z12CC!0FZ(Pr=jsWX@SD#E`j&?!Yb${(1{QMRfED;K18^`9L1TJc5sh~DkS63oHW{`
z5PNHzuu0|GHRXqV*FKhg;wWj+Of*HTtrmnNFc})?{=ng%zhm;g^`fR6s{p#11g7Of
zlQl%$YdFZMdQintIrjC*c0iJMB+q&Bk7zSVYpFpdBZUR)&q!#Z+m--iWBS9>F!*ZI
zt0!5d%R+Ogz!CnSHzre6PP-;*EB7EI7XuqkbYTRYx86a3Ot?rda$?l%1i8#B!RFG5
zV9}-p!Zf%UNC5?@{_U6}njvYZ?A`ajaVB8r4uNOR#S6CGnT!j_`#MNThxK)Ny94>i
z4Tp!3^mhj-w~49Rs=diTcUK~T;U4B0XtQ>1;GwA^I_+HLnAhA7suHGyPN}Dd%CMm+
zl~$F8uoSNFyalcjp1yr7w2a4C3zM~i+;Fr`E^{`62?7bHx@677`V>xupGMZFh64cJ
z7{zocu!H@gRcXFpx~jQNquXgDrrKFrW0{oI_F*}aPu#;|?eA6yYe~cxROesjjLPF2
z!~wqhytF<HPZzU(fc!O*pqzb1?`X-}+%wx4+zmidjsS`#meH)9L9zY<5piDO#k;#^
z^+0`bbIr>%R<+y*<c03TP+Zk+*@kSl&dpQ?C(;;Ijj1H`BfSP`>(2L5gqbxdjMkY?
zTgOx=5&pynZP>ROsnn=Wpd57#LpS9Jt2?@DW&xGO9K=?kv6$6Y%ku~a<c@Sw@hcCs
z;J{f}nDvf!Jfxoa#cREVhg{mOq|a-HqZTZ;V@)uuTg<Vi6yj)So$(Ri6bXRURwuw!
zR%s-o1eR46uDX+f8bQ66dOcseo0hem*|sNM%Ng4Ffzvbh2@1ohgzXUlc|eE4)ALAx
zsWmxZu#p%g&4v+Xm(=>e6yfWS(&PCZ%0>d^F=Y@!!d1!)IYCw*PzS^iDnD98zEG&+
zk0BDA6#xS>V<2B7oCPy%I46;LZ@^#`gH{v($u8nn4rnYz5W+AGkQq22K1!Ohd2}DI
zS*Wf#4PJh^!+Fx*iTfC|az=~y!0FKNU0`8rO89g)Jgf0bsT<!NK@guBU1goOv(8jU
zO-kt%^$ZSZHNM98VT-a&e5RgVRieO(05@>IfoCS}4DEA^psMjXwRKcC*#y;j@~{+X
z9bC;;82s<-BlV7w$vW8vgyXLEN$fHf`9|1`K;#AS?D~$_#-DSI;Ju^p+Gv@#l<JQZ
zN8#{^N993ve$5B^LnJKYV+AAf)9$42{DWWCKkuO#$s(C%W8zB+cqkEPtITM(EULIS
z5f<oVRg#Y>2qS-mayWkX#lI?yjxZm9S;i-L=j;*>M}pj*9w{Fi0%sC0K0ar6_Y%!K
zUvKn+N@4?Q0;)ILA7fc3(>lVkk)H>dUBcMxav1<Ly7^}-hn6Q+AW|s767~sJjg9rs
zdRdcAcWh(3#4#{47w{0VPoUvC3yju;WE;rc;t98iBIu=&NXyIT4L780bw-adP#_d9
z9K`iPQRFxTuCcM(LsW+2+6%qi8(e(ZB=@*13K~p)wD$~alIh+CNC;Y$YuNf0lyQvj
zQ|P2%Viz!oNts~~a`y97X11rvx^@IsHLdZdSoYXL&fxPDp$VCk`B%>vty-u<rwMsN
z8DDs)F!~R55o#9Nl3M~#&aUk5zqEwN^lJn-zSJ*m;0C*GYQ0d`M8`Wr{p21pZvt&f
z-*T=ts_x&(Qtz6>Ma|!7l9*aJ#b5&87r4AW*aWJFHyHvAN~KJoD})b#7bo9T!MMF%
z3&oz85$x*Lriw=)vu@0*CHWP{(=Ib4rM(XVaj}7K%{-8G@LMe93h>zF^fdi9(@l@z
zTg2xJm<V_NLj}nz-G`+rgTE|8j$bn4Z1mBz8CL9XLSE24lMi@@Eu@*W2j@%xqZdV-
z$9<QFH8vozmIs|=ff{-`)3MRVp^o*q>n4xTG=m;4E)NepS~RBAn^u2dPY%sbE$K|U
zdVO5T{I2F9`r@g+vPdmdb;dzr(`I)HCAVjNdDB7VO=>{G&E-f+9Mc9zj5+0`I!vC)
z&ZJ#YmMt+XXuop2JGAwEbO<p)y7~@BN~l{A+ne1q&+ES+ltT8}h|q9;aUoF>!qUFv
zp-0HiwBjA=6^(7vK);wuXLtR*HPxOI3TVq+@2lj?g7*w(IeV69-pP4RiE~9qb|TzW
zhGRC^>9%0WC(g{?V4X=s;m(Ji<qmChKGd4Wv`PX9i{+xDj{bBY=v%q`I$KT&b+L0*
zB(~KWS2==oC|jYQ2?8&BU}V`F>7`*x*G;rz3`cgLtzClmv|iI+!3}a!?ycd3*63lV
zo|UwB8Et?kTjrp_q#iGWAV5fIs$&Kqdq3czj7CK#@&dO5EcHdO_Wee`$&|5{peM<W
zlM%w_FafdEKVU!snbMXl7Bmt^MC`B0H>l;^Bz4?ots@#9CC*?3$ay_*AJQChmFv}B
zaj!~Kfs&n{B}jLlrWVRw;dTat-NN`>x?&fDLuycysRQ~*2v|s6u(m=D)&tnj&y?fI
zBj~|p-1{eA06G4v!xpeyTXoy9PPC9_3TxqNEDwL`;-S(M0i@LAL(WqPT<xEU4^GhV
zSbr_s4FNSl|CgpcC;;7hL_B?26$rUIn8ZNgQ^ZC}i(!ej?4qhJ8>R)&46oMb&@Asx
z0m_q+b~2L1e2}SM>Z0s#&e|c?Ih@;>`tDM@CarHBYY&?B6|Qyn2VB~gt9%1oq_$GB
zW(0gOlgcgOa*imzT!t{uZgI33TCHt-Mp^8p7s0lP5!lr3l3A&r9LO*l_yzQIBc~zU
z*)Bnh5y(`iyH>l35F?U}Jfq}6`e3V;f8oMcsUNNljWDJQ_PV29Sxk%20yfK&%XmD3
z{X(_jvfMJzcET5{4h+A?7118aYoMSy4kOL%!vt7+kB^^|x|yyd3(w*10N%?8LH===
zcooMd5-EiV;hWR+NAq`qp|k5&k149uXeurCb4d@~3XS=}eTw3FVD1XFMljg;yW({*
za7^-WXTjivwR^qk%goEbYc)c3ARl_ZMV20;FPtu^m%@;Ox7;>*Oz{#-PtiL6sxs#|
z#N`0F><|2+PkxNMgc<-3?f?R-Rmg+m3@15Tiw9qT`Khvb;yl1Hc?mBAxMv-Il7lo6
z-_u0O2fr#L&Di*eGB)G{1dp-HWw{$v#7sT9lmQ!G3>osWYZmu&y};Wnx$7z{>o~rT
zOUHnN&$=+gFWAUA$u$JDmofFEm@X~4?aR^BI;na|4N1#sFc{MgGOwNUoCF}5=Chkq
zevI@6y!hw|A|IsZ6b<>29E0GC0wJT9GkuL5bEizs&j7{;2bE<Q=qQ)Ls^B<!?s;SA
zZOZNt%x$o54pY+?kfyw!8cJi9w<m@9RA?SJ%^Vw2s$2JHdxFN(@&7f0+2N%{ttcMp
zYsTODX|YE%q|I!d#wuL36mi9p>vMS7`Qp<rx2GF#A09LoyYLa$8BSvAf*`Bn*+pGr
zsXn}@S`cGz=Efu?gM<(Lv>;AyN;QLWupyeP)iKjR?O>s_60;4I#ZtXd1#Q>YFG?RP
z8eIC(lwsXZ`VSg6&~H&^Si2T*aSz8B-6@*A&MhPtyr{eOj{N>4*U1^Xbl>j*S|zJP
zM*mB<b1w;Z^=NRs?jw0?T)p5_h6UlcfEH0<4Y9cH4l-=fpXF6~fFq04O&i@6MUo52
znBwjBhTuE3j(;hbi_6hwRWOSz$DcqKbcT_HQtv?Qh#WV+q~~!(h*gwenvajrzDW25
z-j5t1dCt%P00aM#K7^GsYFKH^bJTsY13kIWQ0IO#j!Dk~0)Knd1_!2ZZ$**QY6dDq
z$Dk5kBdxTxJ*5+ZTQ@-Y=Rh@yTv7>VjX(Wy0{;`vmZ}2_lhzppxj&1k(Y#<G@j*~v
z4mR|}b%y{H-gm=jq8uJS7=wh0F9!)X!y=4nmY8lSgJaROcu9SxVD2J4p#{J|<#5WM
z-98kO6{g=AVgqOWu?Hj^7&b*Tq}#XfO{Z<R1OVPPJvWAm6B?oBB!y@P^W_Tjd4uZm
z;wCr$SwsWMD1aI{BKf+o7B!VITr|cM<YhbwhMDi0t!Mr9J(LXW2&?WTl350hpLzW8
zvL!8}w25&Ir9K=V(oJ551hV>0&;VZxS2^uP)0VmmzEE~^A<7UQ%V#oJq}37n*x53e
zic8gQCH>N##}PhP+#{0J*3RP>VLru$qP*+~B&68Gawr|Tv){5eVt94u`NBmdJ*rLr
z2xp9)Nk28_HkKrT+nXh2Y*z(zHE6adP{+h8$pDzpvE&#CSCPlOLC^@##oK68>iePj
z5aH~T$QfS`TJ}NkByME55$plYlwffb)0*B!$QY{E5e0thELFK=%Rfrh>B1cBAfr|8
zO6ME*V&;hB&F1K2pm;qXwde)z0w;4JV7gI?=TNPXs%jIZO#r~=tVrq1M5ckz5K1nG
zR=S{+UP0^a_=ezZ@S4h*PMF(C8N0GGLo1dH3KNku4w%2qwfo{=%7`(c4RO#}2Qxn_
z8>OI2$QbXi%Z{$hfCLp~^d80Z(xResivp~(oIU%100jt(10$s^gJt<&K);Chg;0kX
z04#Ci0lXn^s?|+=fomXdL8%J(Bq)^u9C?nyypR`I(!+vGKF!L;3nJbd-YeyX#)&3x
zKqd8e^Ibs^RfVfip#<zNHD&&;7ViD%POwB_tMZ;`9X1j@&=>fsUEf-V61<G>tnlX2
zhTjf@X~Q&wD9U!w1t}t&@2P(sS1W12?FZxh7p}I-U-__r6ZQQ{i`b0IwAPcO&f#=x
zI~xjzqy9{o-`Z99=MnTNl`e+fdNvotW73$<lmhKEVk6vlL1n_B(p;3&PU{UaNpwqz
zYF(K?{TzVNQhM-hX9ULV2a5F{ElSyIX|`@Iot}2}MC+sIRJAIBmf3g}$>Aq*oZUfq
zElqxTR%t1z(Z=@WGEDKE5PUK*nwnHm?X=0^3f3z2dr&u>iIUJB?SmlKB3~UT6re6x
z+tryyy%~0|_kQyT^TqeX^IXr;+;r7!vHr)i%tYRr4Oqi1AvXZu4P^x3-x{BhJCFS+
zdh_+*W3FozkVrXIC8gDA4~<+OCd*=JSucCS@%kGd;QDD271G_T6Ub+}lvkHsa}0e=
zf(C2nY4pKz?N|nSO|3=#UL?FvXw>0h$fX0jO|#h(b^sajy{NQa&3YnsF2p0;{t5rT
ziD|lpaI6SAkmZH~Jms=CCEE$pgI3Q-^(g|dbJ$ruNMo{650*@ucZYH$cG8aBsTPt4
zu;J?l<#W&)lu2q$i~i+ExW6ugOwGXs9Hz~qhG&EYe#_5WTqC&)jAwe`_BnLq7<rv&
z7zv`b!iu`Yx2L)b3J9kY&Q^@+8$GqHA65N4W>J_lA9{DvUrC(NTu)0`O4`wSkJJ2K
zoL6f2L(}@)lM5@FvB=?VUc+aWQrw*!B{R1D3*oZf-^Vy=!Ho2xM^<l@;%D6XEkt{O
z!yLyI$3cozGT1#JES=x`5^ghZ+*knhI>T$y88`j#tb-0P{=?-rF%_BJ25*q&e?UD1
zdf6aTtF|cJ&v#^!uQH7{-OLRVx*Q}RI(iF{kt%^hC%EPDij*#$vlHq^Tx#&PXy(GR
z+Y$h21*W7JBpdf?A`T2aE0&r1AhG2M8thy`xBcG5zS3Oa89;#6KovV+o?rS&@(d6O
zZ@53q$bH6m2e=(AJUVQ<MCiRm5b{5=SX;#KW_b<>2_775pN9a*=i=uV)GXDk((Gyy
z;$~rnL`gG%v7s0ttS99_BuhT_HB#hkFjXb|v#sW~<5<&m{uLn!fni_O7(b18A{k(C
z@RI^RpvsDXu#_01!WGys5zudpi(CY1{SX>C=v?<5`_!7NG<&R0phlPR!`y0TKeX4K
z!U(H2=sQd|XU&q4dEPE%`);2L(McXTCas`-BInH_<GlxbrmATnE#JzX5YM*`YL$T0
zKRhNeUFg}bWg~LR>RFipk39>QwmThB`Uu;byPG+%6Tdp3+~0;NVRA=E?;E-)3AO20
z1i$P>_<DRox@Wt^aL3q8-3i1#?g{mbYTo<n$lmu`XRm`z4cAo=ux=aU<EpL$d<ddt
zMlxVZZfpc<ONqe{Yx57TEATH{up)EY<f8C%`)=J8SY2&Uj~Zqs63Lw-*SNF5|2i_2
zOEbOiY)kfc;AT4EDDvb|j0G$eV_MTlcUoJ6n;Jx0RVr8i*~pIMyX3hV5^_5WmPcoq
zqFQJOEevM%$V)+uO?pd_P84BIWX{~G5CO@Xi5y>ByffzFr2_v7sCh>K1QueKuDQCS
zKXU-rh9XaeEE*#sBlper5_Ha@qobA$7EI9>5~XLl=F6h5SG;s2`pdH$MRQDqWjfo7
z2y%xlxNE^3Wq{%I@<J>^k8w=?9dyv7m~56B5X}Q<N^d+>RUZvm?@t>yTFXX@`MXqi
zM>8^d>lKylaedh1e^9w&I3t*Z!B!q;Py-Q~OB(uk7mXl?A8aWNbjjD;y-Kem;a~1$
zsmT)%1VQyPTb`jN7h)a?BLDyj?NWu0cdJNR3h;-2rO0&^@dEtxJbc>aS>>?@=yx2u
z8gY<b<4nsRP|j4Ahkf*#;Zo%JQ77aI7wQkJOHa8GxLpD&97ZbzrI|tI%u?=f972`N
zBp7P_I@wCIi8&=O69}<0F&ZX9KOd;}QnDl8aAmLP#mkrF?!RLWu6@Xdx1<LzLg0!Z
zId;riMrZDNXKytIfnSyfAF9;^?qNUDz!zSaWnO>)SViMqCH7t^&FRopY2$L&<q)C7
zkdMb-V0oU0^2fh~O#<_BK-==6Q_Qu7?qV|ly@$*l6sQu{IjsTtZ}O`>jd`c5p_|iQ
zq&@p;KpKpE0nAUu)OtWCWdqOi?B1;Pen5e~n{jD%*6VPTRKyBBaX6VB4s@Ra@2$=5
zNdy*c&TS1(yXL>&<WA6Hek9K;;$Mf?oR|NH*yG8%j4vzB^?16bB15@yo#Fc;1EB<A
z3zwbcU@jL<V&3mcvDef(8sNyOza*pmaR6jUo79ap;cUOYXFp*!tSRfs7NuRV{RIL0
zh0b+?iZJ%y^|1+DS_Onf&@y4u{IW#y1u0=nrq6Kz%H5-DP!2Z{qvsW}GPxOR*z-Um
z&A8bx8Q*sjM+Oqs&K7zLe6x}Qji=6K2uAKg?JoV%oWpK?KnS#Q(cRNHW`an3(`_#N
zdHYRdrR_=(lySVImW$#~=DJ6G67}c`BzG{{Z_sA$Kn})}3c|ee;tR2{l+392_<5qx
zMQ|X|-edFJBk5seT97h{+09$+^cY7Y0}&;iZfUk^oY8qWsbpKd-$}Ygkai(ayqsu>
z&!B5-T(2WZ)|U8ZrK$y6F(>eRYg$FC8jX256PR?9VJ!wG%wKt+m$@UDx>ENIi@o?u
z-^Tci9s3nB`!{D1g;5D%&31LeS-B5JRr=(3+-Bg4a)!w%Kmm$(*lF$Hd6j;LW~+c7
z?^^Wj_A(=WVYrGqhN29u+EhgYI<CVS<e(vq&hEMcfCALm#Qr?VtHQ_Hj;(v5+Y#Cw
z&Y%L5n`0DL<!?K^$X?fIZgH(AXmcti-D%eJn3YA|w*QBO+7KiwV3)1*$iQV26a=CC
zh5T0Ge>t%!h8TnRM{fN_&~d1rm-tU@IVcqTc^qZfD1@K{$B7;1@b;XNwe2RlfpdH9
z?a9~M36JoCo%&Nu(q&B@!2v6xY>7)?U~5y|fXzmlGJEKr_3!rtc+<yjp3)yc&gYwZ
zY=A~B5(<t7rPmZ6w13|-yQUB`scJTs+F&?jkkSZmPOu0vI7$MOegiulWLun?)<Q?-
zRw;z->3-X#U>#UIRV!mk%*<DZSFN6hG)YdpByyKKcH2|<5+>YdPF&5nr6f>qTD3uQ
z4Kq!?S7N(K^&NLMCqF8W|61tJ#d{}r6^yLf-8GnOVRN0zG>kb0cQK4MPv5Fsf((vq
zB>(oLQ!sL}9P?NLS;(4jw*chTW$8R&K27#4VcU6OHx%j8z1La*sV0e-{Vyvm$2ID#
zT0h96#SUYA^rE&i>5;&3`ZyXmqSSwWvw!?BIuk`S0o9Quc_A@Jzb#3Sl)K-vPQeLj
z15L0KyWc_ju;Evm&<<o9thlulm8as?H^tj9e;0p!j(SUgn5C@#pi-_iu2g3$)GT?T
z5KI7Z&?wOpq<N0-VRCtZ&CJ7Bx^0UcICy?X_Eu!myq7o$D78V&zdhHqtZ4x`#eK7r
z!GK0Q96i&w-E~i$fx<h7i+oq(%fWWN)XWVjs)NOI?<Z6ldTf^qN)#jrJGtmNsc($J
zCLfY?m{$7;k=&w>YnU`&D!)&^h|q0K?$iq-`10a8RX5_we>zH0W<r`d1Z%eHLS5l2
z!nSXHdd+G?GeU^XG?8qPbnz}5A0Dp^FrpS5p0hvd0000oHZ@i<I%V`HJbsk9TeozB
z*E?VaNROd9Q_H~#C@8O$i=9FN*FC&;A5YNf`;cxS|4=wD)R#((<)V8OC^%f^DoMe4
zd|+ZKlILLU#l8-$;~>p(5DTyVAurhi^%bW!vLQ9Et-)}g<cQNs<Mz{G&&)*N;`=I-
z481_)(j9W+vhaJ?%$GJw02t~eqLZ9<sq+7nBTLCJt5UMk7)6le9+BJ>n2yr4W0wBF
zdc}fGBXV{n=!9_S3|WEHn&f^BxF#n506I1B&9`BzL&2x}mKsP%7id9A<49N!HEs+S
zfYHw$+|kNN4on)bF;Os1Z$N+h&7AAE&a(kR#taq~HM+BY*%WgeRQTnbzy>T2k#cx&
zxEX-v>YVD4IQE;Xi9j7rZsa9Kp1h03BXv2ra^}SGB_wTveD=LFKz(8TZq`=S_MiJ2
z57WlTLQDx#T`*Zvg2&LD110YFO~RSVg(tIYdUG-52x>6Gd{SY{EAeKyzo5sCFmiS>
z6M6__nfEtP^lW#a<?o*F^L5!zidH6#7E_n4t5nMLlA55SF~?&C1(Zup>#hAR>NxbT
zd8yf1#Hqj&(ON>l!7?^9@hO$52R(BC;$gB4rp@1#+0#-9vuZkA{9qPH);gW7=zPHE
zvox==7NE`|i%r3%m8#zl#tJDq?x}3o`gnxd6-ao4pFrm(1Xd<RqO$F?;X|rzkn6Oc
zyFuIRC8*z<>rA1Eo}3_>{1f7at(`~D04$vscSIO030;(A7J|4m>mO~FN;P0zfLB*u
z!1j+G>0f~yaV1cjV=1<~27=d#+AL}<K`{z%a5^zqZXP{pqJThNw}Ibn8w=AB7`;n<
zV5J{k&VOI8;1ksFYc8O8`l3Pl`lm7PlNWvzh#o3dAF-_w9{N-?pGMUE*5+a?m4v{I
zU35wuA(*5?c{<9#b4UsdB95^1z=uy#(OsommW&x_{;)Lr0()+74<EF+1RxX7K}i5I
zgQCM<ns%OlCrK6rG{6*O;u%te>N6lE-5Xg_&}i+lwKg1_&3O2cJO&$#8y`SJ0@<5D
z23X;fWb6v8$g;}wx}h4_^cBZgBO&E(S?>I}kJc=>Y^)L&2GIleEqG_pKMG-)3Nd_b
z$7@5A1OXwP|0cJ4hA~Qv=uW@^Zi=?Sh4)FE1YbCoQaZ25<(H4wZA`-S-a0UM9(doM
z@C5zL1Wc)y5H09W?ZakYl!(w*D)aq<>0=`21Qb4Q=s!cxMZYFyMwDP-Lyo~KU&K@L
zlrtO|-4p37Zd^cO0D)Y`t`W8dlcyw%WmV|ST!)em)JMpGN*FArz}G?i6g|m3RsG2g
ztbPxFq7yP^UU;7B!Q0Qse%Ow1;-Br)?__csqAQlY=gOV(t_vF11E=HDc*n}6B=Xd`
zWCscm42drd)r?sDCLVTrjf=PlZJh!7kFJLOFpRa;?r6?i9nX$_g@DpVCe?p|;>2Q#
zxU2kkMbn@Cdh4&C|1BGHhP5V;cB56yjmI2H2)iODh$*Q{z>EC!0v#~FRXq_+>9U-F
zp_^ZjO1llqn-uC@L?Hiwb69yhxbjZ~5fA0q{RrfkLnk!25vJq7jGU<fcBY?5B_nn@
zd4_3B_EBj8QUW8O8$rwr{2&Y$2o$ExVG&YV)4ypw40^4KYiFWReO;cvl)vgT6Wv_@
zUs2I9<d(WKF#Cm*++a%5j#-!!%CI#2t<T0)FA^!_%{Ho%)Qh}d;f%ET`Fgx<sCoRI
zqa+BrIB_kO9|+9UpjIkZ3!Kr^aB+xv%-9?HxHI*u4C=$kUH<#2MbF<;{-~l|5;hjK
zzzlF&=&ahD@ORh~2uLy|R+GCaIbOdZ(J}TglO3k-SZ&Znl!0+*9k{2U&swnP*{JKb
zS+NH`BLc?+N<3}&T)J%E{6|YB*3dOJm6?sq)23QmIe<eS<8S<w*jsmA!6M8ZeTTVS
z8y`(+*QdES>BK|d%2=P^l(-A92N|!=qWQu+1>bt9Lk<cYiZuoXXw;K$gQlsOANoM?
z@>_Rt2BVr`>^N!Lk<Akj0FvWs!6&(>s3it~>Rvuv89mJ~+F?3?pUNb3ea>^nl6Hk3
zUIB1#6s{&{U_k4e8+sf;&@IH`N9UH%0S*9#Iy#gk!%gwOKJ-Z}cgsNenWA!0IK?<E
ze2T6UDGn1sx&(WnYv{Cuq>POOxW?0c1q(2IAal-J06u#xk~9<=?@g@jtt&ZaAHq-P
zL`ehhSj*vaNjlm6XH3#RDVN}Yw-0>^UZeCJK(oarRph3{FPbNZ@Cd5LF*+4~%bUt8
zQ#8IGR@4)v@wCc6_V<yYk&a-Ma8CL@_(kXwTzh~V6QAeUD5?5pdFi8vD9m?Za$U`c
z{Foeo%*OAv^$lq)YMcPK2aX_y4~H#Q30>{~opZ>u6%V|EnhUFs?zxP4B%H(A#%;=@
zu%}<>>K_(<tMs!xifvwOg|%Vyo#RZvvhCcU$(K^IDE>agO0Rg$P()c7^xP@WR*=@9
z_heJ}yIfpI4Pq#ImPn0@0spC+Ct9a>kR1$DHG#K)KAGG#o~}{H$q%1Sk|^?DPAp_R
z!vsWP#bN^H^Sg?q&f|#YfAV5bA%Q2c<EpDQcjAt>3+isyMB2EHS^^;jjpeg;qN$^Q
z)dopm73jbb5j6{EA@zdQ2qdUqf2P#yRTb>8DScI2_#oK|^{w|(a*a&CopAa`vN{%>
zwzL~s3?8;>cI>bKtbl7=u)E3VZ9~Yqs`3K@tPF%dO*75xn3qIP2GOUR1-`R>#N)Oz
z7eFRNam)BrcTeY;#Rs(KuZd*U)da8)hng1!vo;eMjHC<E{(lCF`(J1)v8)eW20h%6
z*5^{_cdN;vV>&vig;g^}U&b;X-zx;Zh~y=LK2t&IHd9+1g?T}&>5!{V&1T{weihzU
z2FcJK6P<uLG8y>z{>@bA_+O@FO)VQp&ZtPoG<SW~3FYtHSTgpbcuWW-#Q=+bV!%WR
z)I3t9IW6VaZmvf)c^;*1<!4ZYH*7fVXJ`v02)%?#P-VYsQ34RqBYN#A%&>`7iz`!J
zlq|pSRP;`RLwOVIAMTe<#n!h~GpaTSXc5SJjmA@umHEyO`heW5w!<OTNz^GsMH8<Y
z(1#<Faw93Brs<A7y;NN3eC|d<jmx^M0Z(yN;IeY*fT4#gP+E~0l1~2&fo)nP7iO35
z)db69WNo}$sTmZA|MQI*r~t)dBk`y+fWlA&i4X-f0;U|B;1%<<Be!RP7jOd`+#eSu
zi0b*&tZhgZ+M(0UmyS^$7nK>vPg3UUpUrrmKIo^JjyHc@BPdQptaQ7{RI3=1LCfJT
z1KVCZ%tgxQMR&KRKH2_9Ho|+QLs=Z!HLHA`GOyra!F@?T6dX=^f<o}-;H_itj#Iyc
zDGb{f{EoBLX(+bvllfAE2=syHS*7B;(watsS=)kPwrv3Mh;ejeY1@i}UJRSc(pCZ=
zlBny8J4^;}^di^f#|RU)X$rwH^)UF*vIpl4g_E`l_LN}eNf8e#2m>^^7K-5a(HnEG
zpMf-ovwum~c<U*oCWVLU*6wQSa(TwnSoqD45Xv|yiWc2A>Wp|=I$F_=XgZ3Z-sBJ*
z0cX;8|H1t-0R4S<__i%}i?h`Pwhupv?$57yU_*s_lXcD53B7snj=^z<DMoA?Z!T#x
zY<5*HX||{Bzb_~jpIq9)qYU(0<XpIYkmdVv_M*}|&=e?2ri|z`@go$Fmv<h9e~;+}
zm?%3u!DgQ15oV?!0Y4YE#kwtEW4MC}YvC#J#(%>()@E2-He;#>?Ex-JI`x$9|B%uP
z3Q4Yz)pIFQma_arWPZ26w$rqE1P<Hc1l$Wp+wJ^fpa(1%j%&v#W1mU4Ye9RHAT$t#
zv(h}ji{{o5F&CBCUQxpm@vm5#;5_|ME*0CL{b=Sa;2-<SU;7`>v&PCEAv#H4mJmbg
z3<kShUDw_1W?3C4Ax4y$j*klr<Ab;1G>$;=HSgwgD{@f2@f5F0Mvpo%OC+rtqM~w@
zdseeB{W=WKbGfbwoM7;j@7?yaj<fF&VGMullT@R>HR-ZCi6Je?=#nZgCQ08WH8hnI
zwhlkOWmDbXji)|Yj~>FWdd;mfLx5z9*u511$v@%GwnR2I`SlhlZ+&%Cw_pqipRkGU
zBF~Gum#!1Rd_l4^fQhK&)*=bdOR$j)3=}AGyj30o%!4;rs??Ud|GsOJ3W@S+s6#*v
z2-c#(o7KCr@YB+gvWLnSv^fSC0HDvs6htP<nV-T_f8SUD0q*+i5M@kM;@2;z05MHo
zrVNE4yuEPxnM{LB3P5XZ@u6@4h}$b{joQ{XRPgb^2inR-sQ?+aFf;ae(h^Q@VRB%=
ztMt&gQvO`Lmzsgeku7#)78x!v4*DH?^InQS0wPUs!6FU%#C&C94JSO%3WP-qN#Kp^
zCnz;4^V~U@Tu@W@x@ACI&jpPL4iaEa%bqd%6c~?5O9Z<%D^!cO1uT?v1vX1cVbb5Q
z6L3q6{wj_0xDezt9Z=(NxW?Hj8xnz`Y-P>e`5_-?&(lg0gT%~XF+b0*)7&r^O)0A2
zzpESQ?*693`s&Z#grJxn7zX$cn=0XRhJYZ)?o-FP0%e+4Dy7DWYd2zK1QCG)8)vO%
z51U~n(boZ_)0UltcynB0-`sN)N$0ixh)l_udE$Gk2X8+i`(h%=_&n5ky6tzaM65pJ
z)Y*6t@O1v97KMLZ7>Sn~%pISU-pYdTY^3A2h?g(8aK#=QI6obw3-kxWBKB=%x7y(h
zc)@pzZT8z5Xm;1izL7pmMLg8I-#B57O~`FL63Bdp>M{3l(fJm3Y!A@yg&)F%hck?-
zU5%NFl|V<j60xW$?!?dq5=^23h`=I()|%ziNh#T%2Sf{`p9aG-J*8B(E_63ej|nX@
z48i+?p#r{Tck0IWXDo3nP0=Irs2YjENK5TB%C0xoX7Oc^4Cc^Z;uDI*M{_BVr_b$*
zWrB_2M~fz@q(lWVj$Ldqt?m=Jmmu)p#qG~IQi;mD5IxDHtb0gHv1Y{_T%$xYnaNYc
zmCNJ4B-@dXJSM8hg_&Bn<PEA4;1V7K1Lu|w^ZhD`OiV2C6l<S%j0xI@GvB$cIzhjd
zH@;#B@^sOy(2Sh3Tb-x|dwwRZW;IHZ0VoaUtTY~Kgqc?wu@E{%fkz}DUFhCNiG9=v
zPuI{g_y+sQ<QWkjc+RSJ3&e%&DK3@{EZjFv=T0Y*2MhTF=&PUDlX+Trm60K96!R+I
zujKpX$el*hNPV1}DCTWxQf@d1J~XbKAh}mV1#&(nEm5GpEC36hxO=-|T&c~#LyxvF
zH!w|0Y6gR2l+2vBXg0h-Ylm2&LP=@dD}m9$d4F>nkEIz9ZMPrYbN|65hUBm?&!oeA
z)Y*aOG4bi{AZOhV2wW@0=nQ|x*~D(f;>Nu8-h@$=5I~}>%M5g;Ot_%?ba5lDmNZMX
zpXmb@`maM=l6fQCPYbM{*+GCRt9dvHiS$@AcU~7sQb0;C0niL)H`azn(@i3c*AV1D
z%c#EcEGN&2`RoE((jSktK8!PX3$N>D`ayXcKVzNtGgd4Yrwf)Eto=}HPYxP$rj5=7
ztD7w^xP|M8hBGpJK~h%D`K!Xh=ingD18(@ufryZ#p99xT091aR{2gOGOrlX*U$D(5
zjAe4>xVE@6YpFXKl0HcKr5!}}O%+pYAReXT@wd8RNj&!1evc`k*X9X0Dh+<6KZMU*
z!X(I4lJNIS(c+Q*T<S(Vp*8=FheXb!I&v6@Wno?oJtVMRBS0o2uS9{2ZpX1dA~t=U
zQ!|;w$<25@-72o{fs9I^FRV<GQPlf!&Jc~?HtE6xj<gQ;hfZ=yR!|fOtoJ>-iVj}X
z0LJxXTEw#;e%Ex{<+HEFN;t%!gs8)exs(o7Tg%Cvd-8^7^)zc6RN!vLF`1zKN?n86
zg5|m@Cz%Ln>IFV~cW-6KC3cfep+4x?k(j?VEooJtT}}5MrcY1oKj<|1*}SI1=aL#m
z6=0;INw<w)>BoF)ChOt|@AgnJwWOU+<c6&>rHX%wu{Nebhi+|yFZ$5YvKx~D@{n|~
zy$0VNc5Xpw!#CSG?0%zf5iXZd{QV!hX}!(Qx;nJchm}zjw-0T2DM@|naoK`;^~Lw6
z)yJuf1sZJ`xLPxp!u~V=v87ayZdqFeA^tlQZqix$F>ID1`!9nbs-DVA4jVWVaIOb6
zG4MX;*u6<>Bhgk*2t47Iap5oP;7clE(c;1MbL+ktE){giS9kDPI-<A?Rky?1jOxU?
zmpvxXL}h^4nLO!MX<8>rG4sskkzvXS)vt>3PyiC~QGgBtBX<r6&*w;xsab3SQpWHa
z&psF5TD6f$VQO87M!WqMxcJCpI$_X?NLJ|VHF#KLUyDR5ION9HA$JLC6vam#tOl&|
z{q#eRw!^>qlp3WTs~}Z%z-gqv0NMhZSC$-TCMk65!Rqh(KSZ=Rb+f5+QL3IQi?^U}
zPT%ka)!dP8|AF#yi_Jou*4iL*AkpB%35Gcr=tj#}5$?ZmoF-@NKb&G{We5^d=-)b;
zDPr%dgHB8fzRL{|HU_OhPO%pc=(BZomhxFHbr3W#pGt0BdEhrTFm&#Ugl8b~<*|AH
z3jl0ra2RHX+C~87`n}oUUywP%3myjv44x{rWQejhsN7f`&f+^1)@(F1^rNv;H;%Y7
z1_vg_=px<$POs$5w#c7;><uQzZ8)V2Xl1^WCMpU8Dw-;7WfG6<aRKm*WuPH!QQ1Z7
z0Ua&n`>gEtzFD4^su|ve3KC1ClSjlUu?R>_-m&I|f%KJ~@f{&$?53RxMiK@*oF5`v
zBTKB0N57hNh#w?ld%kAVKTQ0+aPe8Q(Y1y)WL?urg*^%Cx=p<RFUczfnPv*Iwg~r3
zhZEazRYSxn+1T4Xv$!s?bt}4~2y`3x@xQe&DiGc$Up_lX7O~1Hk;}pTvX28e@oAZ}
z%6t4K!~GkdG<qW(z`08Le4OV$qL!dG38?dTTQgq5`B5)m2GX1%bsceR$oV+I=T?fk
zO*<#Eye&q;>(-!iVRk!jnxlEqyrSswZOPP83&*j-)uZ90AsU!-*nyR40@rUNf*<6)
z>Y}7x@*#DD30~cdCAf0|#9gfpa?RUvg};(v2!*=l6z<p?6&crK6w+}YQ*_0F4GJZX
zK1DZ(C-5vz5;ruAbA0l26$>T+8v^x3Lv5W%lGQ4Y7Y(hy;BpUQV<#5|GD;I+V1!4o
z<~g_14m;}oDEn)9T*e{&+SIR^0y;#5MO;n3i*S2OJAFaZ*+2jQO$Oz^fa7o=PJY7a
zAVzt?y($lNY~=b4jqPx_L7bEPo1pE=Q$>kYD?uVXk)nSHf-hDYw$EkL6CLgQpg5aW
zydLQE8dM$1=xy^Mi4zx65(wx7C|!H%+wp+Kd<BN7>ib8qe(!cm%f_MF4y#FEK5GV7
zv`wDNgj(wd^4^=TY-@;tI~V*JI>MMumy&!_UL>4aIdC-a17bgp8C#tak94U~euIME
zJVxHj@!p$qmLpcOC5j$eH&wJH*CXP`>W&D5y!fsI@0dvle#{XB6Ruvmik6E70zOws
zk_}4-!b=_xaaxYV$lf)eLZ!@VOxGg)Opm!D_;K2os+?1<icT%R^q>g6lST;$yz=g>
zdiUN{+TDvSVr{J?ME~Ym1g@3V>8haUQ?UZN1~hhYr;NZ>BV?-5owZqLCKP8(89tr>
z15^xkqKMPB{h$>>VAPj-iK;Ka!<KeomSewb9Q42MUl|+|LxJhVve6m?Q55&u?`bZd
zk>=NH>Lt85qw5gd+>q;S<|HSf*8!&zKc0>rQ$3e3%bK0rX+N{xRLVl~CTW%^B^j$3
zF%qv;Q)+@awq&E!G=zi4$REO6$km4w5$O#dH(jFgbB9)~h-#Lr{D~oTuBYn1_^dW%
z*xi<0Z?bZfp5Jx`pKfV9%^dJU%lxpB2%^-M%?XAmI}@?wbL|cn^`oXb*!GW-o;WbE
z%d>}>!s!J;uhggTnTPOO(MY%@B^$6Gew~A1vP4*(SEz|#REr}R!x7)?k-gbEFYW8Y
zi*q%yACuk8QwrTsH>Fg~i6Zn|&H-BY@_5a&xzRh2*hb1SFRy$Gn$(H0<4WI*C+_ke
zzc)zNuveOCIV#<@l(Iy@JZkmIyaA|5D+&b=B%TYpo53*V{}GuT81u|CR_R5W+rq+C
zg+#A>U3Ncy+T_9`lhez497kB`7DPr37bEd{9zLIK?iEY3{0Jwjd3ESN!C1PM`r##e
z&n5o5wB^JMhjZ_DSQ@>#WF)(aHqRLYLhL>-PS4c_fcD5%(~``~uwkS*NxMXTU&hK9
znYF_{WoNF;2pw;xQdqMm!uO}jr>9PR6gFV91S{$b7}f=0EyfDRwyBB<-~1h%WJ?Q-
z_fmLZK}PyKa}+0?c3)-9U)FcFIbAACk!?Hf-Hk~FEqyHT_Xr+eekBUj(D-<NFnrYe
zI8JC8XW9Q(B|U-ro2L@K(AVTzX>uU}iIa53(F6yG5gzbw9+xy8fx{!_cnTR`L89z{
zKT{YArL<QgAq)u2s(;52&+hd(j$j;Sf;a?U9Fbl-B@IyVo4TbWG&iP}B6;p+Tu2i0
z^@*q##kI8iFUwe*sr?)Qert8$!noLAzqb6FPFHfh27qc|sd5Ojg84{>D(U;UziCpM
zm6|#hecSVP;U|AXre*t$9(s7+jF{w*4#X4sfxn-1P-VKYI<j_9UH{LaXuryZW1}({
zM8Ad=z*OGE4M=sNyp5VIrAv)pBS@H0ti3-O=bE0Md#U<=#&Wbt!;myk91S!xfa14!
zRa{WnomppnmGAtd_=Rcq)NSOgkIk!cK+B#t#20=iCec1!I;?O`k3<0$n$uvCOf7oj
z6-GImhEz*S$oev^X$#z?;odhV=u9hl^>!h|a;k{dPyR-v6t|P1J4(HYmHNUx^vPO?
zUhtKdm9Ev;-&@Gt9N#W2F=Qpw)`n=){q2}tA9%6xD)W_56I>Cz+N$wdrIyOD_$44%
zS<Q`rZj}c%fClK2O~(;Ta;G-;9Hhqc;oX6x*zKnjp^Xf;(qzR!KxI=!O|D{p8=g(t
z$$^A!fRF4qV7$Vdp>~Kk3Df<vIdgZXL4|%(A#pou;Q))iZ7!_aO20>PJZ!(fo4wHa
zVP3E=`><MDv<drsZLQll>g<x4S~UqFg=J-ci0ly~ZG`D`=(=;LAVI|sI3x`K9KGyN
zTbeJ{-cCISnWUv0fwTdcemN(axyUMnrJ(l1ej1vHOD_PpW-O+ZQ*<m8+|SDo>9YFq
zt^#}flDBJY3_L9jdJdSI&AanjPAGN?2aHQ*3D~TAmiBR3s~t7QmH*|_Ztm{co!C3@
zXgm~)q}g<Y6!#k>=H#8=I3iW7BIb^Gu9mrv3ok~Rvqf_vF8=~-Vhm^>vBSC4j`9vF
zhMV3ey~Jgy$v&!em7~t^J*fi?x(kOsKp#3BF$$vityk}nw=RBA0VA3v-=R+|M|kOM
zh~ZIpx&%Cfdo?j^>78`ESuQ!(MVJA=1625NC{hYGT15{hQ6g);&1!=zF<lU8E(GLU
z3~felnAAf9!CRoHN-Bu{;Tc8;fU7(vo`nVkk|9=>9#y_9V*Hh!1*s}f+Zi@oKX5P)
zDm%6tMfZh-=feXVpv`r{R9UX!dGLF_4dZ(3G3-MGeqplMfSbdpQQG5v@@e9Y;hue|
z9IgA$P*edor~^h7PKb9k=dWw*-ZMZ!o^GV*=nq-Q$nJGk=N04@(P)Ck)2PjaRN54O
zC3Kb;6nt;wsKmz09m*pH4&t4_`p2;~S*abZ<Z+l*C1#!5GQx8$Jp>E`if0FiXtuOq
zb7})5t8Wt1#v4sR?2N3I2j~eAvaXWVmRt;gjs=6FRO^vWH3f!nXVv4&+_#0zhE_w)
zGrB9y9Y9b&>7{b^vF9))FT>g0B@Jw`v(5dCc!4$mh=DuT(4RL_o6zTmm|~*VID-2F
z0nULXT__kWOs!sm*!GW-o;WbE%d>}>*~%5+VZ`xpH$t$RPV;uNJiG;0S)9)HegO15
zu@&!QYN6G&aw%BeUte{;P*hp7OprjQSmUh?Ta2aQ)S2(?C(=HV(t3<(S}6%`GuT<Q
zM19|^%)w?tGIofE@$f>5^Hv2Tj{sirdc{gF;xQtQ;h}o;CQ^@yo#+S{v}!=$jN>1c
z5t;epc)x;CU`fPkHU?Sx39_TB{GkOty>~VE9r2NMfmdrf8RPOO5Fdz%mYPiD*!#wh
zU9bCw3D}2&VhJ#0s<lPdscv$Hs`1zzJvZvv8Im4>zT6}F6kX6Bjp5{N%3W>Rx&$)B
zbB+$UUx=+&H%}3c-{?>iB!E>sBbK$IIT?!z(;115=zGA5=ykYD`{;3+tE&*>Ebgaf
zIWY*}BbrIjO(@?|!ZV2937bq|5o)b$OfdLtS4t?=UVw<OBKsxqmIfEO=R73nT6V(~
zL*S#>{!}qnb@8Sa08c<g<0J9s$y5kH0C&2RuH!lb+(Hzxj2~TpW?yY>T!2H&<~Rq{
z4%hnm2k9z~kj#qJ&zXq6V2%o14#slJVk7lh)p2<@_#Hc^KWDQ38lDZl*)mk0i^Utf
zUSq#kqNAT4xIFy%!VV!r^dhWjizIc1;Db`!@EnmZ##&+P6Zn>lSQ;3Mz#H?Jq2iHr
zKl{#T312Pvyz6j|B8n7-A<i+rkt=|m#E#+pd_DLilu)8C^RzXZ8>cvW<CP9V?_!b@
zowW+D<OJ+PrfRMVkcD(XF?Z!>D~UGZ`=*febcHgEoN-+JJ;~ewCBfhPxI+`i_-TOq
zDUed<bb0kd2_OTkC13gbW|40c!`sih548$$1!====P=)`Ye)JA(P4bBS9S)IW44@9
zhBPwYNs}}7yjueb4@A!f1!xfW43Fk$MQ{yo9<)A&{*hkHY7YgrkP<?#9H-EmM8OWi
zm(}hZK8~Iv+eDFSn#@Y`xvuU0pm2F1>RW~v;|0r>U{5Hxh;j9--N{bUHK^b<QLvT9
zyyWzDxhz`5OyQMcZovf`ybp+NFBQj`Ox)XWy}2zW*LZa%wptlL57z9aRpP%=q^5%K
z5eDdP(|p~$Pr@bq5q5#_(rR6QeN4g|0Q}=c37*3L@bpm&Zz;^a!Q$HS?jfAs!1V;j
znl?7K=)p=#7oxC3RmvUuv(Jh+Kk*Ap1~y=OZ;mis2QcdOWOdSB8tz2RLDk59m$3$S
z7<Ln^7jmoYV2SBZDS<5D)W&7A5DJ@J&#)CT&<ny0zsnM)irG*9Ra>$`-dek;u+Gwq
zV#7|UeGsy$?NE*`dsL}W0000t#Fi`R3XZqV7+)SpUgO{5nbZ&M%}}B!tfR-_2mt{K
zx*_)q#$iS<TvoK?y$E5+TE9I9WWjIUj@NOWA!?v^qCii^VZ%ytBe*rL&L`x(ksghf
z1@bzQOey|fBy>|4t?ORzUVp=^MEWvzEV^T|O2=aSKslV>V%VS0>t>Rjh39m2j>`5t
z)YMHI0#|^2`Ko1K3qhpWZ(*I@tpPCz5}}^OREu$aPLzi$nW7!%`p^=uJdH1v9*@29
zwmJa%J|B^@0cOfya@`f_v48rD6)F)Az5KWZiKS5(EI@Jq-mHE2&<mKIPK+U3XS!J-
zr*iW-0P^W>$?#*~G)P7)EfA;g{T&Cl57!iyW!?7V1=9R8fLT~h7pHXbGjHl8B=0p7
zHZB+iND5JSm89<6Ki}`0RiPat(ZEg2kLl}v6qcvUPJSlFN04;L$`;~9FEf*D?=`1Z
zrXi6%Y!53KKeHnxV84veDb$5+SRm}ao5F3(DyFgMy>MgLjLwr3-$;rj)|AP8-E6}i
z(d5!e45O-%ri+v4a<54M11MfzKUBtVl#9W=fN^>yprD$+WFo;x{cNOC0Y?;==gS}V
z1i1_7P7pb20T11s<A(?}+-PvkP21chRc1+d=^N`mjBgLHYN3v9Wlzd&B|kDFVM}4-
zst=i!{$VP5a}jl_ji8*6z?bGaXJJ?#V53+EbRlUfs~VsrAcXzLE>8c8<C@&LAY~_h
zmGAURiTW~s30-{${`DF@ggv#x2W$5o0h=9w!lx0#fKGiiKB4LmrT>gV9+M1FX&JkL
zg2Q(U{y>H5?%{IaH~O?ri~rR9t$K<G^JM0Box0>|N!3%{*+oay>uc@zs#(CV%?yEu
zGhSbVL}<B)92&Dbj0kVCetEk}>{jwHA1;lnr;ea!VWFwg<Zi7d0MOt9CN4E7;X6y4
z1ob&7XaS_}Bl&%W8Js>>cax5{g7*R1cR2t@MxM_%_BG%9y<HOZL!S43aJ&WklwLG}
z9NH`$KmY&$m2^GhEkt{PSFh^yAXE$nO<Jx%U<vA^eY!q5z2mdgC%+Hxly+;n6(u3*
zXLRnQ{mWlen6EB0Pp3V@Fo9fnsShEFD(uWwhE6Dw&N@D0%T{QQO6OSM(V_vT@WX~c
z;mSjLf(t-&QMsBC{4wa}kUgCPmmokAq}#S_+qUhVwr$(C?P=S#ZQHi3o87&;`U&--
zqUvQ<#y9^3g=vwGEg}s6p^XY#%t@jQZiqd+Tpywl8Tn>O6~(K4N@W@TQQulUt}u6~
zl(NZ!EWN#w8?xm*jAv54RuHQJ?LQb6JN~!(t(b&@qod5!9+EZyfdOHH+60mYe~~Yo
zS!;gi?=cci57rB9%OqboYQYUiPO`?P2iRQ3&r<XKx+NhKiK-}k`<`uH6-0+@*Vp1L
z6Fx2LMt#q5I+y;??IPqXO`0_$jR(+dtzn^@FAwhOnys6s^nM63c&7W1V7*+=REUd<
z@jzHhkj<@6t$SS{#srYl7#ApS_9oeWzPVl+Jh$`rZR0SxdF}!Y%)6<)yP=B8z<V9r
z&28sZx;&+6gIXLJZ!SB^>ED5;RncfpI9ovAK9gCYf_Hx-VskY!QyOJ~ZbduGcso@I
zkr*iXrC-0rX9Bs6D8AVeF_07vQ&-`bIwaPW3nO1*G4sd1+hWbI?nm)IZ;-&2=yABu
zSIt&9I~xNm?E}UVaFlUl7jRY(Ev(*zf{qh=WVpqx$sXg2>W;Bnztn^UMm@t?Ly-{$
z@yGv)o5n|zevx1zc&~YQ;VsrN^c2Df$>K8#kVm^LEB23wB=GzKdh%8}wL&+Lv;|?7
zFqS2z;&aHy!S|5*ov6g#41YP8?%^7Hf2Y*)U?fFiGd-HC)xb@D<I?_YpTTX2+I_Zq
z%qfxK;))G6s+ZNTYz3Wp8r8YimDY^LO9yur3J=Ir!~)bsKNTfV*B)RxVp#jteugx<
zQU43=&;(XA(qFQjU*((8z3QJs{MC}HsC;bu=~0t=HTc887+*0)&A}j>r<tN^MqKF;
zQz#JmSF_DrIcMxrV8lX2&T2;^tI?#Ei5&jy(#<(0n!YfB-FPNhN9y>x(-NE@-n#xn
zRmfdQUMTN}WJhIZT~8Yu+<ZM8q+dbzLjI4Sc(3lH+coq8wg6wC1R#x*S)ZF{Pu$J|
zc-t`(dmh~XFZ7v1RdGU{vJ*U9woQ^zcv?ljnNp*c!Q`1iVn^E-d_1+PPrt)?X~k6B
zI`Zx~5z`5NIM$vfedj4@lPVOjj!vWj%878;9W}i$+kaVhSKJUwWpYzdsXL1TBwvQi
zWpQ94Uhmy+wlbOQR7v~sk#rI__HN`%Ag!(fUZUg&z;jEn@i*w_7IR>I>WYMqb%hdo
zBkimtQ`h0&iaAyl2Nn0KaP*`C3o&K0d28jqdPwFdIUak_z$0r>ULHQflE8OSvQ#i4
z_Z4|}1nEP@gTWLs4?461&I9-st$M(g6^7xJf_a;cIpR77GZ?!`ZkyHWsJzAvH);-)
zhdQ$(C3dFpIO}xfB)xiOltrZa&4eIED6&EvO8d7w%lPoOR=hxa>-&X(o7NFd%8LKT
zft*B!000Cq2j89O7nIGQCVsTp3+))zLP5X{b42|&+Rry-i)pnsw#*5_8h7+HRYmEV
zE|Ng3vP}IkX^M5A7R)37e9eDK1;C7jpdDvZlj!75G5vCHohsjDKjh!_7MaY;KuZM2
zx60<E^Wl`R@zbg>pG`7ldiqS8f#+HYyzO4e>WMaSadyl_6i6U$m^Xlut+Ce?&M3hh
zp>T>V1D-k)K+m!9GLlVE7D)RuJlj1BukL|su3}wEbvtxKa_j(EIY|03)*tAgY_Xg3
zhTeF$Hz{s($`6Mi?VZYVL*h9`5A-OLUh3`n-<h=c685-_su*8AvevZ)97G^4Vu?p=
zF|}ztH(v+<K}91psXqtF{Ta6Pjg_KnP+;`PU|F9kH+zOD7eWv85-;Q;Mc+7efbQat
zE~EIfU=`qmR&OQm^9Tp!tzyc|k%|2)ZaM~SzOb8O+NKj?M3yU{BL)?(avKooIjJ-h
z;vQVf2X_J)CNWa_!8u)4B8c#8a_#B3U?zk6RzNnq=NlYe&Z-$I$!6(65rt0MCJ)l6
z4Xf^&gW1=9)e#peV?FWK;U1$_|Go-5&3HLu;-)svRieKJvX+v+(SRmoPq}~aTjZ{l
z{!tPfO!D~m4aOHia3%PD5F%*0JrpZEx#fF-L-;)4pVgA?QqkJyC5<MzFz$MkYF$oh
zsN@%ozw+8lP)-R6)}bM`wbE04Mj=viJXPDr8a-IhNx5WIGadadmve$AqiqFSvBM27
z&#f6+wL8aQ|I283{lp|_bx2epJ#6y3e>G&dPZuY4?p*TuqqsQb)xKpY3^87$mfw1@
zVzhD;0tKi?=0>)+N`CO%#Y&Nr)n}t~w|_*W-J#@DYppO}J71!Rg`r(oXD<g6#H;Ba
zIfz_XL%#+9y&?JqloJ!xMa+f+1NnRD4}^B10{|L?v1-$gXbKCzDfH8zB4F}P{eq<h
zO=GT1Fs4ZNpAJ~(s6Djh+ufB0dHVH&4QLcfmxsdaV)O(Jx9*OMm?qD|`owX`2;eqS
zGaRyEnO&mcb8Io>_M@mij|cs(4q+((S*dAY$6B7Fk~rT<w|U~ut)glynU*bUeSy-K
z;7_4qFymm27K0^&&?)1)pfYYOCUym`>TdVS>9;yKfFzN--8!5UCmb~e6r-~}@5}3z
z^qXQ@Z&X9}pF8=CT0{%pI^D=|ggU9CyG7$}5(qz-B`4AIZxnk?PXnelDJ*8!^Z;U@
zyB#8FFttQcHIlM8*JV!6kIurw>oe5XaB2lI0R<aaqbjINt9PpEf6SvxZ!cpXlg>}t
z{Rk804i|^2iGpimUJ=4bRKn{s1l)~(hyK5dW9URsi1>*mnP$0Iow#zWp@%RsAbD00
z+#4wpzNWxe*(vzVkS1;3y?0h4vbqfLmOivNiOfz0cT!DvL}zA70KnMVVzik_qCEtT
zI1>Lsew^iH7hOq(;}%UeKzOu<)|1bvi(7mgMb3<==y4LSo49|deMV2}s_8G!6IsEf
zJmpjT6+tcH?h50P)t_9YO%~^Otd6WXCXr^!WP%52JNrTSY8e{*$O9%e9TtIFXQ(fj
zPgL>>y#^22qr$EsE`^Jl17ps>Le9cR$;_RYIyiSa*^0$dFn^I8ox~w6dnC`W*QOg`
zkxH4!W)|hFa;kc&xRK@<GarmrY5Iy0YncFUaA0mc*JD{vfgx3gXD9;(2OdM{Gdy;T
zm$yTGue$tB)>q}e1-HeGDJBu!k0nlJd!yd>gC6G>&fb)!G0p&Q&)bjz{i%%>$21x-
zspKa`Sv&OA(o0)MYS-mW@h~i#8eS@@ab6x>Duh_C`&BUc3W1a)<ig5rO1Y`qU2Tx@
zczh<QNNCE|i;bZ|{7geIaX_?)QdxpxdH;puY{**b8^Wkq8n+J#`@`3ml?Lk-3MC>X
z3tXFm5k=N0ru<7KV&k-nj4dTaZ3c_sQvB|8Pg-&mhpoL>!~x^oedI|tJIX-6OPs_k
zJ04eCkCq;#lb9Z9i{UsP3qe(-S~D{aEIE@{=(?L{p`XP}C48X-R*|q!ZOr&4usfpD
zb+SHqH&v6<Zqr6wn0)bbvD#3S`=bN^DR_UQX{)=7z!s{ZXAFZ0J%CeIo>a=U(wbV=
z&Mr}i*)xMHlxkKT6L8fpE~*};(yHG8?JYZ5At$W~2>Em#Rdke8W5%eniU;ZhZ&+jp
z5$2ArR+)1}^b{E9mG(0L9Gn|VNLpf&CPg1N#~WhWPfj9Wb&6r`X-s9<<MsJ(DPUAF
zuDN4;;2;tE{xqO)sVZD$knb1}N)dB`FqHK=<`nsU`|jr;|HTkHuAVje?7ZPfMG>KU
z)Sx19WL>QnU-Rp90wzmWk@4XusEdC<UAv>PrIHNZ%jn)OMsq>=kOO=!?|TWIa+Pm$
zXBAbPmG+{C@q;t^^ib2VXs5Kk-ARc!vcc2UGC4mj@6)X`JPA`BdP1GhqtDbukxTc}
z7>yFkb#!<VmR!5!xpGQc%Fa?8m_;3sFiS7Dx@Jgqevujz$l#6-fZfOK#F=OYwyDO_
zK|&$Gz@)M(aV{Kcd#}E_ot(nW@126H0G@TZ-7v*l0IheYDr#qZ3E5)?R7G)*WN*aU
zj*4u=&2TjdfcQMQC_$H*zA}PfX^s#@da&CiEzNunDCLVm1p7{|Kw~<uVPuzXrVn?8
zDgW0#;27T+*&P6YL%sBWv+DQ>?RALuwZUuQ31F)<9R%mB`>xy)RH#O-VGSDhm)`;K
zuW32ELNnx=FwsruliGo4IMXgt8`Veff&Q6j)PmGA`#rQ=E?Qq2GO}?2Zhq!JCXEC|
z2MaQy%hjO{HdEpq3(kCCV_5!Y!>)!!sgX#L`Hc-f*6RMgEM9csg&Q{%%HFl58$E-5
zS996roY+gu=BRymq>-uW_m%PY{<q5v+12nS{w9~_&>?)9cl##!NA#0S$d090Bu-*_
zD2IS?&z?}hCsG=#&SWz#uDXwH`YWBJp(rETPv4+Kp!^KB)dT(Uj2y1cbqcz09Fa&R
zfPiQyFR9ru43CSB7AoH;@lfhS9I{;T2lZbZ%hUOp>FD-A3N8IvCCilYk>4CBfAV5=
zk1#n94tn=|PF0Jq34N!$=*s;NW|r}Kcg*E3M9y8*VU9|FO(-=*tbyMy7`h|UY=Y&7
zuW=wU`J0v#V_3lLTV>p{r=sBam94^sH$@RmP=Y+_sR5OrOk%CacV}d9Zr2N#baK0&
z4=gw09(D+Vw#BH4O{lND_LgarZ+ViWD4H)?gK*Uo2k=&`(nlhPzmjCL*jtRcr?Mrw
z!gV7<Hxa%Wlkg%pxs`Cutv$RK-OOXk7>CKxs29kL@dl@Fc3Ka<xgz-!%~UMn4~n-R
z{?_}Hd4p2T9HV|PMl4|#Jm-P&>6(LF3m=_mJIAHNA<<&6K53sg<{y0FD(?lF!ZIdc
zFDbArY&{IJoIFe}34olGT{iXR3jkh!*aPWUMG2u;846TluLvs}*;yMcI)x%&S}VQv
z2m@?i%69Q_yS)C9fI0nMjl#nSh77jxqm5Nmw1ji*dKhz^zwYnqJ}lB%to6e@8ZvtQ
z7j~#0o`Nz&V+?dbX)G-eP3KVCsf41+|6vMY(o_asPS>JU3!|z&9K+Lq_b?&<W~8~E
zNT#^!Xt0AMAJhQUBPnX?01%meqJti3n+i54-|pvS+TR^_Y3R3<aQ~+5tnfpgdV*e!
zyc(sXmz?#qA9+xyJ%3-YNa==)+i1*AO%S3ukM+2gV|{!CWmXnKp6zat%@RhVJZ4Td
zP<+nFbFDqAJtu4qRwBiW;GkwH1fxtmgfTCG$Zy+~Asn<xf|3>hTUA(SIbrJaiVoUR
zMT&)(g34rs^Pfu>kibX)(FO>>)0&jF-yuMBd~F0<gIpRD3!PWNDqdyw<$B}od^Lv~
z8Vv=F3+k}}cLhmVp}<6=SJ!=NRo;TkQD}^-D?~YY_flK)?Syk`L;1HPCBmu>#$07Q
zbXjU<z<zyr29R}@*cd8fpbV9Ki}VHtSCW^mBk&lRL)%OA;Z>-8nXE>D;=HUfRgRX?
zix6O|Rh8=md8ZJDbFcvR^Y6Zm(d2Wus1pw0QAOl4>=Io$t`%X`cUUi~R+u0vbexLz
zH{5rt8Lqd(pr3-AvvDGS7oyKnkx*oNEA!k2<HxHiV{ZzBXn9~MA{4^ptVFvu|B)m0
z!Cg36Ld2`xOr(7V1c;OgtkO20Ws%8Wv4HksZw}veAhi-AUDS1N9w7yY)WHQR1S1Oz
zRD8tU_s7zyn&V<4LftRN>aG1u1I;n9AGkqY)K3%%C5AfUc9>oZ>3W?XuE%ySBknZG
zXQ_xhUJ<`DJD8%NRtdZT`|g>kO=?wdgH*@<EdN4rjKDb<{nXwnCi}Dkj-ze1eY{ig
z<j4mr`pZBLzierjHODNjS&6>>*LGS^V17g~rk_KnfC0s{4b|^TQGDQ?3=?~K*+e_h
z&Tg4r6<TSyE}WO7lehUB#(8jC$gb`6mu^u9i~Q<C$({k5Ni|ojmJiWacSDq>ljgWm
zb?!b6a#o&{vRa%*;l#stnuvQ)`{qax9OYpXC~4V>2H|{hty8hRCDd^tf05th;#4Qq
zz#E2kOHhX+U4L*5t~R0+Dfz2Bu|enU4HP?O$sM)f%$H|!i{SexvGN<~^4a8D_`!Uo
zp|Gn321e;Z&{YZyQI9$s%9Nm{4u6BDAW1Dn4LG2|El71OxpgCiyNU)`Xit~6C#@m=
zT`r;@MBNZ@LOt6QICgczv$*8pn)<Z_sfa|Ak&CLsa!e%}TZ;C|Y&JDogLN4i*lj$z
zQ<8poyk~5XB6i?8ed+4~nC3gEt;h#D17txYna8+Kde@_}$<|eFFf-9O<09Z(eV6Wq
zJd}rs$fo@lu3xPKwnU3bB8`wcJkAu{q)cE_j%^~!7l})BZB!x;QGlxK6T65)1M_yB
z^%esdTVh@L6N?4Y5V%b|%XD-|&P}~$Ek;fnY+VjbN!<>Zl@-mvS`qvE6U$q6@RUkF
z6^}$2K~EQV(H2`HQ`M$U6zV`t$XkRi-Fr1bx{~?Er<&ek<Ww=O`=ucdncH0bYBd`p
zuI5Tx19`S&PTx1YY@6Iss>dR(94N*wXTDE)fROxiasxXY7CWK~UXS*cfSK5tlZ0$m
zQYoF04E{>9eQ4vhCX-vF5*$`yXFjVYGDLW{ACtq1HSZ=V(Je-x3`eSeNgYhylne-M
zWr3%Y0HXU}m$owP_^m_}Q5T3d5nWXcMunSRQZ!<he(Gw+X~}7em9-VxPYGA8c9eRg
zt!fVPCplMJC_<4^`|Eeuy71YNDOCh31KK2>`vkyma6Iy*sO+D{%CgC<Hn!s)o<p+s
zh1uzasUq42h}N<RS0iUi(S1MQtEB4wG`sXCdd(%LwqqMVY2EP>XTuLTK?%u<=}1;=
zLk?87ccS5L&vKp-43pYpK?2F7=UR0zXIj|8jA0R7N&Bq%GINON=<yL7<iSei&cJJY
zw9W$<n)TH~?MP?7xdiUNrNMh<$7^mdFa!XP_AO<IXP561(U{+~sI>#g25+xaK_ZOi
zjAgc|`&B`e<e3|FnxFVZ#&p<4Od8;^F0BemR94xL89JVJ(52TDoc=2{B~E-Vfa498
zoU%0m@8pSJxk)<H1IcCzV3Lk!gq=NL>v#lgg2MfvE94PcedJaQ;I<yBalLV$k!uP+
z{}@yC1k>0zmEkK#De*gDDN{n0_>zta25%zo^I`~mO`qM%n9fSb;wD%#WGBP7d)}`u
ztM!#(SQ(*}c_XF9Mb{ey7urm`tVb>=eI;EhYOD*cr!RV@=KymyH(W-EjH6UXA5y`J
z`<xRgpq&lwtCJIC+J-Of!R2<@Yk$4Mm(3e61wOxyx<?sh7f2;kMBr!V?}UT=eNRu=
zkCK)i!&kG~wTJTQ=SnDOey)KW@zzTNuSL6ict{A(k2wkZIY@UUVLh1GDs_ZKxFUOd
zA^DZTwZ+nokBVZ~L+1t2B^zPM+@?_F!!kJd{@s;WR=r|4Z9d|B{swr#`Mlm_i6(c8
zr~%0PcN98n8SwzXEofn`jlOlb0d;E@%-Ud~g9zAyQTV4p(cu9)SNhiClVaHu2rp{0
zn3YY>5?27gUa8zJPz^;wtve9Bg}wkj;Vqu<+0{P;RAQ!CZc?%hL+vG1>RR+MZr%gb
zqyMSuge&~z3C8j_i%__F@U5bE^jvZlCjPj!M2I4Qu6b=hYQBtE8?lhBf$oqCH+=8e
zK!`hGG;c+w8(&LzFsY{4=V&VP<5QXhnxiL(?OiGG;UD!Tk#L@MNAfjh<`S;e2)km2
z<7(|o;6h-Zi}}cJCG)gG)pe1d%kVq7VEdjcoQ)V(LGqb>0n^U(3<d*Y6MHgitpd%C
zO1qRCQoCxUT)MzL4N-niz;*F>Y`gw7*=QE|UFE>k9E8-!Wlj@cn+^8V{?HW&Ark6`
z9^GiUIcrrk-u&$z=<O+#QZS}743a8C(6Q%%fZ}~sd?x-3BirOO&(K6Q8BfW2edTL+
z$W$$-BwIRZdF05ovsLQxuizR6F&^+(H+3hB{Zgj|JLrH_&C~d>@E@cVm7aJCmPm3>
zg4lV}u38tTg(_7S0Ad~?#Z^57A+HkJXtbj;+T>yL&JcDm+1WOOBh>0x1>Cq*``jZM
z9D>C7r3GC;AY2LfrsWvypo+n@(@apAmMu)#@wvy6H)?~-MY@|n$cW<=HcvY|r~M?_
zAz=DUk*u)*=Y9Jdrbv70YvO4AS_&)JX!cvYzREx*y{LXBWMW@D)l-F_o17ruc;b~D
zO%EAN(|tfHKYfMb@PV5zu(*Z`%jL&TwPN9(+s}c$e~p<)<A!+ZF5v0nn6bruuFqse
z)v65em?a+|c=ue)W4%vv$E6Xw(85gBGcHSVAcst7snt)>xL&yAWfb|xkAsl&9wUP}
z)oRl$?v2tPY*O@$4XM}=l78j8pRj&JAGGleW-6;BGuV$ivpuL`fP**XEy;~>?0Uzb
zASR;W{eU3{IjUp|_NkmWz<!*+DThcyja<Gr>kT)>p+6ar5gV`}Kt-h&6NDj#Q}n~Z
zXvL<_g)AqUbAbNq-DhS`f2x*a(aTfz*IzD<IaVl8b%gDqQnWbs2sYPt;RC2Pb787Z
zc9zm+JEg6@*!p@r3l+_IL~i@Mv`EzdKkvE!yJS9$EM6oJy4QI7f)HN&_@o6i|3vto
zl|g7uT9Kj<g<UN8UOe=!SxDYS<dQCgA3fAK*A=J@KVi?t>Cpo@g?A~hDpf9&8ydu$
zNo#b4H)fToz5m!7qCg+@pZuV}DzU+(Z_ddZ@6N?0J0}>pNkIQ$3a<``aOy!WXXgff
zd?!jKsro?1rKuyUZIU%Bl6)pznDMg-zn(ympf}1OZhl%ns0C%K;2^f^Q|@x_K~;7;
zzwu{{zbRa*o?_VW`ck>3phM6bOeBLQu_%3Z9{!T(@mR;4BcxR#Rv<Wy#h~Xi(WkKb
zQyfMk7XxUX<h?wBGyG?Fc{T^Hk19GI$H7v68JNFbOcGGyMlRHmCqpkSbXbv{6}7!I
z5YDTd9O4es`UUoONO0ZCgPFW<7{V<h2Kr64tW@4#>>VckfWw$=jnJ!qgpsg(Kk3}|
zUQf5Y)>W56i$6S&7sLZf4e6WHRz`dv&6}7MI$H4i1xWP<es%}aQKEyZLjecd)et(#
zFyG8XbjqZ-)n_FxZ-@%71J?#GlJwDCuTg^TN6jE^n-`$4GRW)BpD5o%(|ssp#~wnf
zmBv9bu;YT}sf^y&y~v^(;v~l7v^Ci|?AF36_=;>%x<YK&Z{D=2PY&ebX+Vw;F*o>x
zQN#HLV$q<zw4_t^tSbZu@ziI@jObE}3hYl{1s}DY$LEI6mg)XcctryHT?k4npIsFZ
zJgXUgR)-C5<Wis$SX%>6n)Cqj`#c@&dOF)COzzVed-+-NQi4kA`GW6DBt*KgU>Hfj
z_x3Y60l$?@qhu+>He>B3QPu^T)frEOL-sFjbE0A%tQK6C11lZ8*D^TG6?f>byqII}
z5E|MvH`6LHoW&MLcoNrcNjeOp@}8XMo2shoje$&7I3cn~@NkJ}Rmk)Nu56}w;fOZ%
z<^V%dD@sOeg>6Ub|5GynaC1(!jse^FJN7=ktp^7omXWeB9~p>MMT(NN*LYbu`J>`-
zLd+NbmW?%6MMH1D2tq9$N5u7DW@+%DvOjUwN$JJ1o>v1}WmvuC<FS9?;+r<ncda+p
zt*@;q?biTqt1qeXF}K9!4F8u`D6K!KsDXIp_e<bv92&M)^}%Gfm)_Xt?E7>U?qOBO
zI8l7C(6FoShb!sf385Oir~ryDkr%!Cs-tCj<kk+q^@`gGTQszfl_J>y23LWJ;1DQ%
zM;AP$&Zaw~UEV<po3GoaC=)9(la2^K%Xr{lh6`j1Ct_qLg~;?fWAE<-M)zIGASz55
zrC)mVB`OsG@13n1M%POq0v8g(JjYPHw~6x((S#Ql0Dv!_4{AebTpyja2rvs;ozC=>
z=)PG@BRe=^K6)%04N|;p;1h1I(HP&neU3u^JXpZ<!#!FbPJ4J=wiXRt6~Zpxc*o7O
zo_pmF@@7;>F^QIQ$s|qN!ox4r_kQ5KD~th;M5!;tg9VZuyHddqNF`-y^Yk{+!ioAi
zumZh*DB#l*+a|47R~12=QKEJw@C!qW-Hpw@J|1rVSe6k90O0S<j<z|z1Fqa4vY8iW
zRPur$we-4`K0JMhjIheYf`%G!o;Y+~G+Tvz6bjVE_fdQRm~*+;PeK%m+wmMJ@mS|a
zx>bwy!lR@f$8(8MhPvx1*V{o;c%8B3`&5A1r#0)sbV0D~rNrcB;N5^W;d1_p0!Vg)
zDY##%`~vC2N)$NEY?f}qluHFv?y!yY)l&!+-v(l<1Zw<PxRM}JN;@l{tg7-{4I&eI
z;?YXAwU5fBv26BFSNfdhw>9F%R=3e!DFQDoOTw1??k20w;PD3&GWpu~{lYp-=hy1$
z9<9FbGU_i??g1u3;TD~O9o$T5IcouW?~8$ZZA%(%&;6$ie`Tg+bKg}bQ!ZFcu)qIL
z&Un_Rlq(3nswDk*uU)r8!y+*@%8MZ&G|OKX%h-4;4U#(TL64kzH6Ghn<SYiQ!HR;`
zd7Lam8Ng)b9D`a3nUeMwtC3ngz0HCsi=pcNgZhrXZl~wZ%mf>)Syv6{e(~R+P;M=2
zYq$Y1PS-3;^KMH$QQ6FehCsEwSA&PNku6Rs_kX8G*Rb|seXaYchm5{7^Z_hhT#JP$
zO~DK`<Jjd>Eo^t8p591UwzJIY@#lTA5h22j@;@y%wb~&mZcb}S&p}j;m)CyG&dj0{
z6NG5lE};XD0S}n!`#dE=a)ACQqB>6&auk=3St-QjI(pKO6qxfDsxNRo1PBHWNPLR5
z44NRo&T~%;959zuLJAl*eW?<VXMMM6c(97%L)VmKSidnmetgrL*fGjjF|$EKzIOh;
z&B)g}44oOo4$8b-`Gv@Z1+zH<E{-4|^upe%cvX~)Ao~P$_(|R&0|7<A)p!`CoBxJU
z))uv`Xz$2%qi9OVHcsjZICAi?aw?t|uNQYo_zjg@Js$i4DdFjPMbEl;ru8g`If`1A
z`QuG-TUddEY6Ix@13>f6z#h%PA?9i#B>dSn0Srg#Hi~|YePigiNw$t!!xlj7ZeQ42
zCybzBC8XF~R;P$UnNJo7J+j3wY~7Qz-qY_2vY!wEfQ_I&2)c=hz+foQi8xK}Sha#;
zk&O+%KZDybv<X>nC-~wc5=Io+(2QL=W$E4Z*GMK}4h!PU2wApVIVow45)E(ZeU~c+
za*?%TR8(8U8|*T?scu(No6G^?Q)C&hrs#?uKweTPs{$YVR6&I1(X3>^`F*ljZ0eSk
zv?{XA{?amop>>T<v5KK>gcNVC-LqYSX^Oxsxt+rZw-}{}$=Ix8e9RGJTO&m-NX}rv
zrJr(s#d_z^wxc1y%tGd7G9RDM*#Cd}1#HhHN5#MBVH6`h_)fjtJHc7GsLtEzs3uPM
ztH{KhB~E?$$Lg&g{T;DSoA(TO!%6Kku?3C_N_@mklaWHJk#XB0hb)55Ys#}X|HyKR
zk9;#Q1Xx{VJc7DZZmubFs_jzNAg7!Ps?UW52QDfK`o20Sv9>IFEQG%?JL0M0dc2R%
zsS{WN9P$8?@2+Kp3lfh0TJok;KyvO_l`GK0r2SE~kza8U!c_Iuegu~cVu5*W9sB4x
z;}2?n_tp{$%>v9Z2-o~SbY#qT#0xlHC!{&@EUnQz%`E|=VwvLD)HCSmzrWiCo)Xuq
z;Wy*L1hg=msss0K0km=%o=K7yQq)Gk$=R3}rFfk!69wf7ex!{h14ZLLZz9T$jx%*d
z@z(oR9U<p~BXDo@4g|urCqHntbuW8gH3YU&PZ|oe_<r3?vzJ0B=xs#PhvM+8)6qL=
zu4E8RA=DSS84N(>qLtlMwDcjLsQYO^ukf;ZfuChnr0$Omnh1Rzp8~#c2>U-D@RbW7
zj)V7po4H(0wC);%47H>>Sw69*B(^5f$o%;!L{d%5F3GrRcV`uEQ*V#<D|X*RZ>HD*
zVoZz>L4BGd61u&@_CNyMCM~vp02=Fk(40#83XNmGM3qbe%V1f8MYiI1>;uZL&1WCE
zU9JQmL~M8+R`dfBcK&cFo6rV=-JmxZQ{sOuacHTBd@LylCJc9kEZIT>CnQFC%DBiI
z`LH7>x`{r}cMTF%EFlv;c*r<v-ZCwW;&(%|;AiP|yoM|jq`|eteZv6hi>t56xRTxT
zWB2*BMBUb%clgB`R#F3^E#^(wr&)>z(O6X=NUs#cVGWHh51_|a*f|OHG9(CfY9t)5
z@S!}H=^FE|l{}zM79BOIP(s+qV6xHyN8|B*QnczQ4iZKfrfJR&a_uZF;L7t9(O&Bz
zN1i!Xz^zQ_RE#y1epB~@O#49E#b&P?jQ%I@vCXj83AmQ1Mn%4l>p#wj<ea&c+%>mf
zuSgh@iye3(p)ElX`dn4bG?Qr$x?>CzDzQ1slQRL+AmG&#b&0HSSCsK>j%iJUmb=du
z=f2;RNa4d*>MtF(<Q|uQ9F*RW@2Z@qzHogcwg@;H%B6GCsf3%(KxrMF8b$r_1i2ts
z*|D@(sdj`*p(J079qL>%`&BuZjZ_8qEX%(Wcc-+HLKtey5U4s|h`dFY#6z++72N*~
zE$+N^22s>S=`{>?+T}hj*w_6YicXe|AS1(|VQR)Z@RhTWMUsHKT27bwb<jJGz_gd`
z{2DxY-Gz1A0>PM#1Z|w-m*8tV?`I+kACZmbd1qujWxXQSLQRW%84@p%>CazMofz8P
z)CZ@Y322KQ8d&CdeVXN<4DG&M4zps~I<2(wr%AXnpZwKTsDjo*JLgXZ05Nd6bc9kn
zdnKLx9HYs7W9lgr0uY?61SgF#2=jGTw^b;O*!SX?>_<q2k+q<O!e3)w9gC&N_Sln`
zOd9V@PMLIxTlrHYvXBeS2&LJyM(h<C7^#aASGmyJH1^3lCS@2Sp6)oCSL2q@?H<?k
z$Na&l#~OQ1t7bd7ccGD?dbhmfeMtSZ5z0DLL5m9j6t|-qy+V~QLiV643}?5m*&U}^
zn=F(!Vw*3@A_btgmJ@tiHi(Su>`U-k7G0(hA-xYJp<)?dZN>01F(|bCpkn3E*eVQ4
z!|NB2=9iY-d=|u}!ndmla0J2>T78mg$W5JM(y9n%P(&Q#_fbsEv>pPYEYti0zimzM
zA?n_D^BU?Z!mTEb-eq7<j(vCnQTe9?5BF8^fIwy$dA9n=Y{nnBYi_74?vDM?!FHs-
z1i3&Qv$N}QKw`b2#t)Y_jp%@LqHfdgJ6v;ncjJIZ7`NA=9Dmqo{*inI-%FpM$`kAA
zvDB`}O>&f|;iB-G8ozev=FHM+1>i-V{@FIVJPc^*1YJqLSld4W7rVwCC|K{s3zyZT
z+u)#S^2Kq$eZ;j93hCvIYHLlI`4Qf(!`kNwBp$#4#&U{Nt(u5^O3KrIKufL8CqPeX
z5*!uI=>)IpHQ*_EFt!ga4gwMGvX6JmUP)&Hg))2t431b{&Pwg4R8mo6Y0k#QZbVkY
z=;m!uDwO#S32s$jV-Z&+K}*rz+L$6074y5Iac%ZeHGT3|T4UTk6JF%*mO!vfhs?be
z6&7|wy=z-`&}fdQIcF!I6J`F8`Ks43QqzLOrAV9v?|qqJ>Fv9WAvF+{bb6BtEgh53
z-4%){Zt%d4Na^aK%li{XYvAD3%(x<452}Y@8F!~~6rr2$qZRY_nZ~!^`m0Lo_!)7>
zk4@|CLt&W*7X?W~zbWd<CCuEPTjJk<GaV}*i!AC;F}pciQNNT|NL4LCJ@QucE=WfI
z^8)Ou1J1mw3oERZID@r%M`lzIXloIMCJY-bfd!dR7&98yQ+{1z9+say!O>{aj%Zim
zR0J$r(mf|AtQeX|Gq$YFLlfq0n5RY0)lhE)yn~m|ij!-lGT%SxyKXAfQ@zPg5PF5-
z3S;^Z2`5w}wIBjX%zhbb?m~R2%BYaFZ!QqO)k&bxq~F28sdKMna%B1<`f+_2e?8AD
zfrxi0f~C^PP9V132FnI6gOn%dzCsQ|1-`f^j&Nho6pj$kOU9X$ma?Caz+jxIE#)Q3
zD3Z=cl|0{5dPtc>b1U`H)`9wtckv#@@8&Twfv;MP@qTFdX4npBFQmw2A{EewtTryW
z>tN|?NXXfTK#hg?lW=LNqjuT7()=d8z>oMhk31u)=@E>7Z+{L8s<YcSI@!3MtHn&-
zmH2*fpZv1jm;n5j=<>A$0No2iHfU_A^Emzz?bk;5JQw<C8vpN|0iI*J!^G6^>3ay#
z+i%D?BS+X0b-<m|doAHr%TC%m^N@?7pvA$ZWn0F*?m=S%k9+3~1s?J15YD*I<0j~R
zX^yj-<I+D&5SqF%M?CVo+-8z?y%lrY9I*((pT*V3p~1~Tsbl^7l#MASwKpW~MEGE_
z2fi8H7Nd|fGS_HWvtp`)H5Er-qfP&2m&j<8{1j8Q1eFzV<uDHjGr5BG^(>U*`Q-Fj
zjRsUS&WNLv^{RY<eZN@SgTS%Wh6EZtx)72ib|#@LyVU<W_a0L=b6`=`_1BP_r8?cw
zGbDFSwB0U>9`%PIz-)5ZqH4G9HF+5{K4t@ahYKomSmO-0QN4EvC`}8&$3jP`iS%<w
z^fkT6*@_~GY4t?Ik}gqn9z+E}Rcl%|(W4f52&4}1*cBXvBHeH`P3bQFikldquyq8O
zyRMn(;Xu1uZYt6p`?1;$?yuu`g|o%BuxGKQpsf2HRzEULy+3{IKN!GAm-%c(Y{;6(
zgew`in5E@Mz!MA5wN1bn*S$Lve}L>NAw1(&SQpFkN8tf4pSIKViFht>cSpdXfg|BB
zW*dV<-A-||DdlRM?L94x!9`KU>q8fv!?_nv0M=iauF*!kL|Io)vWQf|+Mogpgv7MR
zs4(_*1F7z0@(i-jH_$MsJ%n!iElz$;>gi9_D>2YtGPRB3nHF&LV(o|P1{^bZJ+;O0
zd{fQD+HU~>v>SS^d2%wIPZ_W8MwAG6FtoB<0;w9yG#C$8j5j)}LSE|znaUSua8#E#
zwF4$xps+O8S(14MMGRXWbP^z{Me@v-5xr!)1b8V|Fw%^L(<(o=2t$J{n6w*9nnFw(
z`YZhBnps$~j1H7d`zyX;i$fG(0zi`UkN+vNvCm!;-^W6;0;wT+bec+%*ZA1k`0`x*
zb854+t*PS?c25;)l!6!S@OrWO<l_^LJZb}I1qG9|%>w84S@OqXKp#q0j79rH+~=M`
z1Y?064%CUAf<^+c<Fyw268^pBiBcXFvov%k6D%0uZ1U6N=mMuI<-PXI5CpPmf!v?U
z#R&JN&457n{x|+Q&et*#_TQNM>j-;6=)?ouGcf;>T@hgla+e-@UelI`CC#MXaoIOq
zBC(b|50(s(YtWoL?Cq~~f}5Jyst{L{J(BOq1<RdH{b)uUb95b_akzrZpgOjjnd#S?
zbx`wBhdusbws)+F$w0J&9~{ZPs%lFjvG3(ddbDv}D=lKFt_5P=5VE$<??2qc#s<cY
zm1J3#fS*Yx9fxJlDYCB8DGR=FUw@7Z4OXDf-9e0tHAOf{8~(%0#))CH8~C%Va<b9;
zYwt#~7`D3y_y|mz3hJttNOq$&7#k{?fj{s#4rW~-V|)4G0wQzsVj+jUk|6tefhK0>
zyH1b+aAG607Hml-0@ilq-Hl{mwR&X6>&0tnerNN!DB<Y~aO63INsK*(HFG`yOsxtG
zpHE(PLZcx;<sph!uuEgGBA4(E0Yuc?6gAf$QGI#6Ch@{V6F}khhhD-ov`8u2fB~sN
zqc8M*DHrfm_9UO$bPT1B!yq*2{eLq})&=7ynTFXD1%eo_!_L1_PUrB8i7x@~>4<64
z4(nI((4zkJMLOH@!oUxRYSuQR_w)BD;2X;Ll|+AyT!MG#+f3>&2T?s@zHIIzH`p^*
zZprZcL{a)sk>)ACo_+>qm~eJ}x6EaTAbyqHMerOD%2YmLE{7hw<2@6Tk>~imxXLtP
zhxxoAK>Y6hD@tZt4nQ$!Jf?)+K9$Z5nP*5DpOmnli?OrjM*Z7nGU?(QIy)XyaT>_$
zc?CsYt&<vt>iePN^@9N?%NUz35GRTT8_*!XgB$vW8M#O@nJx)@P?zWiG<Vo2j%&)%
z_j|^Br3RqO10iR;LZg+ES^48Vm8N9!Hh^k`%U{0K%POQfwj$o;%hFII*M){7NF-dw
zA~Bt{ZU7n+8<>}@{r)<akax)RnjFCSa<2m0OnsH|7(f!!mD3k>yLxUb&wc9?!iKO6
zk~6fj29@%|(z`(Ms4?Z6(ykue+0CYPRx@<5eP|JPBd;OMDMOKYIG3c$uHXg+qsRJg
zVDEmck+x`xw!ESWmc|c#K|b1&P*fm*%`rRqHbEG~7Ghb?%&e&|EM%JYAP?JRbmKh)
zGth{+y1xbpQd<FGp=%4rZawy?T1#Cmr4U^sb^BrDO2w*I<ChZ=2*&s&b>=IfXVR{+
z2#RjF^+3d4JAO89h`qK+dDqdTi}TEwAiAb%_s=^T^s(qfVuwK3-2h^|kVCYOpcPNJ
z)J+%w|6*5^L{v$XCxUzj2ul)-@}O+E<s}qH6rv5b?{<BkU2-h?xT^<cko@KdwLSnq
zUuA+w&k%-E(y8d_uGN@Zr|`R?Td&;^`V`~v-P>G5h{*xVT5k28ln6%>GjZQ~ZEqF5
z?LB@$>VNRzotDk;SdvR+!VB0216A`hgNkJ|a5%7(GIUP;@&)#zT`E;#u7K9&Iw*tG
zty4QY&4D!iudX|3ERHqy&HrnpEHkmUI*j67ARI?1BeMlQmy0Z>b8W`R@1AW+bXXy$
zErMHre-Sd-PJ|;l6`g1(H2*5`_yv}@O?$ZD*&2imKd1CPl|u-APniB!mN0rcawB&p
z+N4~15yXDUD>9{TzJld&QW!T*S6Y<cZO%QqK$T6xaDh=%;iIzmQ`1E!k2)}UBSUjX
z)g`35@<Aq@PeuEP!P~*9*gX&dp`>S%2G(lkl9P{SC^$=hea&W(AiFXP12Rdlr-@t@
zY76kDD7}N-@AM4=OK-xu^M?!CJJdd!Ai;-aF<T;x?gj{KU*ly)H`Qwb4u%z4%{Brw
z^K~!N9^=qm?3&v4>^o2A&=;Vvxo&wUuCX1m$Dwf3p@d-)Ug4dO6yN9-4UasaXz0QW
zRYZj;rw<LEv9%EJ;8^b8ejv9?$HJdvL-|mfZB>iwr)b@a?k-VB-w3D*(q6zOdE)_}
z-hL^SJx74qWnPN&5r2-r3c^%DqjFe%{o=azCITk5L$j>0^X);&fq6`!w*vn4qy(go
z#Wj-+553}KO1#u#@MfZL?7GqLXbRArt4(HY-0j2nZzP~2aM<6HJey6QjT)^1-Mk2)
zk>V*i1Jwi|)IySY{!U6B&GudvUUbqJY+Ltjl+%kuk^`Via$}TaSd^GYxKlIh=xUY!
zSTd^Wr-#a?0>f%}TL_Vq_?<wHGnKGjDqN7dc=Q5ae`7!vd6l05fZj6(h2!wWvB$>9
z3!SMHnL?qh>Q|vriDJDu(WgB=>3{B{Bb<goNH7))?T{)1XUo&s3_EEGK#CBqy7|EI
zK?v=1DPT+&KtdRq3vw)zo`3}EMHjheaavTcrA5DN@@S*PfLj@JjQM^L*)yL7K$Zbc
zi_{rA<koa4eodXBEta`gJG{1;VP#zP01yB>MQ0zroi>O!2q<%#^mccE>zBi-|9N?}
znVQY$$2SZ47BM>dpFIL;=uRVC`1fTmCcDE9rw49}>bIXyvDBYc!y2QRKL6xF_}(3(
z;((9Z3L8z<LyKPV?~oH>vICXe2fD>1KvC0G8a15~LuT*V66A^?{4uz|w=;C=nFbg!
zwYvaF)AW$$`+{|m?Sow;A^NM)Hg3XCGp=N$YY~vE$reo<Mw+GJcjz>%78#yKO{^ol
zxbr#wSkVE($lNj_`%u~rSiB@15xdoJo?At994!YtrurCmk-v;G<Ql%F4B;>&bsU*x
zujqp!Jfw(_2^DGgV+NM*nV9H3!{n2(Bx5HHMMyXQa)QG$H<Qu2mf+e8_)vUsvra47
zug(wQ1t`XnwL1#Guuk-Gn~*s9el0};Jwm$g#=)CDg}6?rbTX@LZ3Bz>X9d#qP%-z=
zB~&&8|C=OJWvb_Fk}(Bp$A&8B`dF~CevoS9?v9;aGlV#J)SFa*ZbWsinbwn<Wb}dn
z_{8MKu8Vua#Ns(q5Y&rRKgZ33AN;b>R5(YK5sKUSG-@IXZyK*$$A1r<$-o9ABXvhm
zaw;SxT@f<~!-bGokwe{2ehIMp7-%MVhnm`rz0FJFy?JPseKTT644a!;73%qhL#)ZN
zNCT%9I<Wi~r`ktQ2%M)4(BqFR2MoW;V+-eD<Z~TCQN_K!j*~6Klv&S*wW&MD_5pyA
zn+_W7RSo(gu7DW1#v({tsz!OuE+%JEfv=~<nW|z~2<!kTd%jwx6>79KU2{Dpf$l+_
z+pCxF9)v9uewqj>`E?I%nVV7E?orXr&Qg1144KGd@e@up$7Y1riB*|4;>c6C99u#y
z4}|+$4{)I@&fK|$lb<0M>%Y+J!^xR#r5pH$ECY0y>emQ!@mtWNR>MhZY?Bd$w=Pg<
zkTs&86*;QZ_A{4|v)%oJlQjV&x4^s{eMaJKiHs?s`OA9$|GFq>#!3^mwX-uOuQLF-
z5xlord}Wym0EATzqD2L`P&8bLZv^PJ-o(;D=-MU%_!^q;y;Z{=6|{VqO{+(km)40h
zwUtwA?K@Uj@TYk(pS<qgCXlu`6DxGtbO+h8FPTKPe5*)qy6glGx|GGBcE!~Cm-rbs
z+(Nq$)!lEpQxvmbP@6wpn*t;??ek}5xXv>dVzFgH3%8)Ir*~i|Mw)+O834ky^A27=
z`J1(63y%-d{sMMJ2@mY;;-FvbtClK24ol}!gt)uq{JWBZ8r>Nb<6mykyC_h|K}?}p
zMDsZL%Zxf*g4Tm1>mEl%<89l4N&YXh+@(m6q@lb-3>C_w&A9sV@v#F#@uwl4)t%|+
z$a@{@c5*s<nj)L^(zD$yav8iDol~4`3u~|(pWl@2ej?Kghql#q9SxsXSqSZg7LU{Z
zgFhB)0O<M3acYIQeJj;-a2&MU4D*2=?@9ZDE^0IRyyo^-1pGc}fBJ^X`Z;MO{r;Ay
zZYqwe1kgP!x&kcHVsP73@+XjEu0n=fCe)NM4Pzo_Ti(P0%FKTbI>O4Sf2hGw-ZPDx
zG{g&>(-}be(>RNV;m{i(n>hUTL%??Do3(-~N8sP>eym(G=&4E-OBbGDOvXBqTM>wI
z!UIiWFe~4Jd<4ht`Bq(G7KE^d2w<9IgRKPx3g3jH#UJpcAn+Yi5#^h+KkAukHC`_*
zA0+O8_QJbCa|keSh+si!A2E6#S2GoE*KW9Vru}Ml;vl_n>F~gYwHH?Hgz4lb3e#GX
z`4B+HLEaf5^3NAfSiP*VY&EvJtbrkHe0m68;HQ*dwk~o%Qs&1+ZwpPm1nnX|@>1Lv
zi%1rb{9xn0l&K=@GkV?Z;rPu&Q2R$pxhn`K%BD(vkb$6#3;ai>VAR7swGzP_i4%k)
z`qn!_)SAq#_?AvWT1iY=2;iG50Sl6>h-L-juOaxqt<<{}5zjyz(iU43ahrO*;r5B)
z)0uw`vNa(~llZQ^J^CokSKxN;t8z`LXPU2`rNe~GeT>4!Mlp`F{wf+85$W9j++*a!
zyt-_pMmcln0@C_p_m^4}C#+52G<C#cvgLJW3mAREjimGWOE@<bd(N5#$MDVT=paae
z88t%2V7-viHbXQW&S&llu~dFQ-I7ZPjo3^@xRg1~^JrH3{2OYVn>W2*yB2;_pjc>c
zfzEe^77z_0nL&Qc&p#EwXo^PBwWMOuw$|@@b8a;Qjp+mv9xT3af*8j6P{6N&eo4v)
zKtxK?{#1y1%+h<)VeE40_NjDbJyz5!fLx=s^Nre{?mVx22LVyin?zk49#uk#s7r~^
z^uTThKTjM3zykDNgosX8p1iDNFhW5rkG=tXs7soG!nlbBJKMs~nag`_7gV`X&<0-S
zP)Ec-g$L2LGSjjm1Lm~`t%pUZE5uG;Kb<4@BWr(zQWTwx|HloPEsw8$R%^hHGj~ZE
z^{#sOf#bWL)iOVv6DFmRoxx&oSebLuIo*~Ml!kU6@)ilXOOnU&CVMtba)qsfs+Aa)
z-*=!T=YBUi?7ekg((@zEo1ET^!yA?aPFAQL|6^X7-i+;U?$#Th3o)!HXO5}>QFCY%
z6NZoTRA293ItPdR;wmqUbAQq`E|A3M=XIl=ytd&_vA-<)D1((Sm}CjcXt?yk^3c0Z
zR>NHFaaTb7G659*_OD&_3@9OaWI27@`~xKSr2H3;Xu3+%?CS3nMS#s_)(Q80g-F@-
zj))r64A2(Hy7%0BX3=f`@mg<2-i?bg_QPI|<bIqRjr89`tq(veJi>eXE2lvzV5s24
zJNTcy|Hu~bfp;+-<w?Tt2W+oca#7%8`<+^lJK+@BS;ez7nbbXU4NyUa);bCbE$hxk
z^7zTWI~sRd+8FBW1#^kbS?|tG7Z}qHyz@HRKiVfwSMS3^-jO{G1!7V3z@a``L-p@l
zRePoZ42au21@v6xlG03G$+WaWGiR)vKw?GG_w9+X;_3C?63b%@mSBXHzVme2y1pYc
ziW^i~bMH%0VX1$(I=mX2Hf6#>2n(9JPwt=Vx-7)!{S20;%HNs66c^ribL`rc?9R99
zBM*^UT<<wddu5ok%k+IuaEyLsM`_{?cbq3=&4Y3}q}&V3=bUSZ%3y|nndKZ^aiH|P
z4KVm`vfNUE_A|^{_)@~f(<*v1xA^vMz}<hc2{z}~=}Y$Bc!~fNc{Yn$ZPHPh%*DeM
zz|+)zVe8se?UA%r63(K0kq;CPG|Ur{JE241RucgnJ41Z{u(odLuH;`~-Z0;cIvC`f
VvVy3o@%-Sl0O0jh?fz~0{{iIYAeI0C

literal 0
HcmV?d00001

diff --git a/php/public/style.css b/php/public/style.css
index e3b24700..b4d5f8a5 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -251,7 +251,7 @@ svg:not(:has(use)) .fallback-text {
     min-width: 100vw;
     position: fixed;
     width: 100vw;
-    background-image: url("img/jenna-kim-the-globe.webp");
+    background-image: url("img/jo-myoung-hee-fluid.webp");
     background-position: center;
     background-repeat: no-repeat;
     background-size: cover;
@@ -260,7 +260,7 @@ svg:not(:has(use)) .fallback-text {
 }
 
 html[data-theme="dark"] .wrapper {
-    background-image: url("img/jenna-kim-the-globe-dark.webp");
+    background-image: url("img/jo-myoung-hee-fluid-dark.webp");
 }
 
 form {
diff --git a/php/templates/layout.twig b/php/templates/layout.twig
index 6ed264c2..e20ca3e0 100644
--- a/php/templates/layout.twig
+++ b/php/templates/layout.twig
@@ -1,7 +1,7 @@
 <html>
     <head>
         <title>AIO</title>
-        <link rel="stylesheet" href="/style.css?v5" media="all" />
+        <link rel="stylesheet" href="/style.css?v6" media="all" />
         <link rel="icon" href="/img/favicon.png">
         <script type="text/javascript" src="forms.js"></script>
         <script type="text/javascript" src="toggle-dark-mode.js"></script>

From bc92ebc65c561c093c49d4e25fc7f0ba0af3f6ba Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 18 Sep 2025 09:32:57 +0000
Subject: [PATCH 167/524] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index e406a494..f089c598 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.7.0
+version: 11.8.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 7a103567..40344921 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-apache:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index c3e022fa..6cfc7167 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index f49da097..417a1884 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -28,14 +28,14 @@ spec:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
             - name: aliasgroup1
-              value: https://{{ .Values.NC_DOMAIN }}:443
+              value: https://{{ .Values.NC_DOMAIN }}:443,http://nextcloud-aio-apache:23973
             - name: dictionaries
               value: "{{ .Values.COLLABORA_DICTIONARIES }}"
             - name: extra_params
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 5edd6701..58fcab24 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 663e3438..657a5f98 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 61ad3e5c..a13e5d4e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 6d93dd7d..224e82a2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
           command:
             - chmod
             - "777"
@@ -188,7 +188,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250918_093027
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index eabd0372..eb744159 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index e94a1a93..14244671 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 8cb961ed..b7433541 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-redis:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index d3b8ee2a..96617fe3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-talk:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index d54a6376..a112e45f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 9729c473..72b60f18 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250918_093027
           readinessProbe:
             exec:
               command:

From 5b76d6fac6e105db43700a5bd84a410f7f854148 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 18 Sep 2025 11:44:22 +0200
Subject: [PATCH 168/524] increase to 11.9.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e686e3a8..aa9b30c3 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.8.0</h1>
+            <h1>Nextcloud AIO v11.9.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From d937739ef0c05ff73f865dfd7ce98c137897fbaf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Sep 2025 04:20:39 +0000
Subject: [PATCH 169/524] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.3 to 8.19.4.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index ff683d33..289722ea 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.3
+FROM elasticsearch:8.19.4
 
 USER root
 

From caaf45143d421150c56ec689f3654cc63cd18e2f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Sep 2025 12:16:59 +0000
Subject: [PATCH 170/524] build(deps): bump shivammathur/setup-php in
 /.github/workflows

Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.4 to 2.35.5.
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](https://github.com/shivammathur/setup-php/compare/ec406be512d7077f68eed36e63f4d91bc006edc4...bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f)

---
updated-dependencies:
- dependency-name: shivammathur/setup-php
  dependency-version: 2.35.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index cb3eb33d..e6205d4e 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v5
-    - uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
+    - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
       with:
         php-version: 8.4
         extensions: apcu
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 1beac885..81ada6da 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index 62aea81e..d2bccbd5 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v5
       - name: Set up php
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index a35394aa..67618422 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v5
 
       - name: Set up php
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index ea70f8e8..3fcdae12 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 93c4b572..107edc8b 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
         with:
           php-version: 8.4
           extensions: apcu

From 2324666591949a48fe15e731a24b5e08bf24c946 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Sep 2025 04:20:34 +0000
Subject: [PATCH 171/524] build(deps): bump nats in /Containers/talk

Bumps nats from 2.11.9-scratch to 2.12.0-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.12.0-scratch
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 88a9cd1e..ecc0e422 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.9-scratch AS nats
+FROM nats:2.12.0-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.1 AS janus

From 21c62125f18a8c366f9ba969aae348de993bc6dd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 24 Sep 2025 04:23:39 +0000
Subject: [PATCH 172/524] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.4-alpine to 3.2.5-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.5-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 094d3fd5..24a1f298 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.4-alpine
+FROM haproxy:3.2.5-alpine
 
 # hadolint ignore=DL3002
 USER root

From 68317a1eb3cb0583b36d131ba1ff7c983159ef13 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 24 Sep 2025 04:24:33 +0000
Subject: [PATCH 173/524] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.2.0 to v1.2.1.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 43f1ad90..680a59d0 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.2.0
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.2.1
 
 USER root
 RUN set -ex; \

From 456a06d968f69dd279327deb5bee959fc96bff18 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 24 Sep 2025 12:18:30 +0000
Subject: [PATCH 174/524] build(deps): bump softprops/turnstyle in
 /.github/workflows

Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/bff843227669a0c34c7f791ebd53a4b7c2a3febd...858c58d647eeb05b1725a96ae3fc290230321af3)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 0ab37267..56854ed4 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Turnstyle
-        uses: softprops/turnstyle@bff843227669a0c34c7f791ebd53a4b7c2a3febd # v2
+        uses: softprops/turnstyle@858c58d647eeb05b1725a96ae3fc290230321af3 # v2
         with:
           continue-after-seconds: 180
         env:

From 37132d805e2e2c0514300d15fd12f43fb2735d69 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 25 Sep 2025 15:10:41 +0200
Subject: [PATCH 175/524] add recommendation to use orbstack on macOS

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 4c0712aa..7331353f 100644
--- a/readme.md
+++ b/readme.md
@@ -523,7 +523,11 @@ The Fulltextsearch Java options are by default set to `-Xms512M -Xmx512M` which
 ## Guides
 
 ### How to run AIO on macOS?
-On macOS, there is only one thing different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/) (and don't forget to [enable ipv6](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md) if you should need that). Apart from that it should work and behave the same like on Linux.
+
+> [!NOTE]
+> On macOS, it is recommended to use OrbStack instead of Docker Desktop which has much better compatibility with docker for Linux compared to Docker Desktop. See https://orbstack.dev/
+
+Generally, on macOS, there is only one thing different for the docker run command in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/) (and don't forget to [enable ipv6](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md) if you should need that). Apart from that it should work and behave the same like on Linux.
 
 Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 

From 4b0c78376d995fb8f236c4125ac9732e32aebeac Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 26 Sep 2025 04:22:54 +0000
Subject: [PATCH 176/524] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.5.2.1 to 25.04.5.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.5.3.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 6438a186..536bec37 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.5.2.1
+FROM collabora/code:25.04.5.3.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 4ab852204febf68a70c7c0321a2cddcc76c53fe5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 26 Sep 2025 04:23:15 +0000
Subject: [PATCH 177/524] build(deps): bump php in /Containers/mastercontainer

Bumps php from 8.4.12-fpm-alpine3.22 to 8.4.13-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.13-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index cdf31a52..58248890 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:28.4.0-cli AS docker
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
-FROM php:8.4.12-fpm-alpine3.22
+FROM php:8.4.13-fpm-alpine3.22
 
 EXPOSE 80
 EXPOSE 8080

From b692c1d04988a3c4473b276e9d4aeec28195fab7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 26 Sep 2025 10:19:30 +0200
Subject: [PATCH 178/524] nextcloud: allow to define postgres root cert during
 install

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/postgres.config.php | 9 +++++++++
 Containers/nextcloud/entrypoint.sh              | 6 ++++++
 Containers/notify-push/start.sh                 | 7 ++++++-
 3 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 Containers/nextcloud/config/postgres.config.php

diff --git a/Containers/nextcloud/config/postgres.config.php b/Containers/nextcloud/config/postgres.config.php
new file mode 100644
index 00000000..38f980fe
--- /dev/null
+++ b/Containers/nextcloud/config/postgres.config.php
@@ -0,0 +1,9 @@
+<?php
+if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES')) {
+  $CONFIG = array(
+    'pgsql_ssl' => array(
+      'mode' => 'verify-ca',
+      'rootcert' => '/var/www/html/data/certificates/POSTGRES',
+    ),
+  );
+}
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 25d549e0..1e0ada44 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -241,6 +241,12 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 );
 DATADIR_PERMISSION_CONF
 
+            # Write out postgres root cert
+            if [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" ]; then
+                mkdir /var/www/html/data/certificates
+                echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" > "/var/www/html/data/certificates/POSTGRES"
+            fi
+
             echo "Installing with $DATABASE_TYPE database"
             # Set a default value for POSTGRES_PORT
             if [ -z "$POSTGRES_PORT" ]; then
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index e1bbf974..859c6309 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -66,8 +66,13 @@ if [ "$POSTGRES_USER" = nextcloud ]; then
     export POSTGRES_USER
 fi
 
+# Postgres root cert
+if [ -f "/nextcloud/data/certificates/POSTGRES" ]; then
+    POSTGRES_CERT="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/POSTGRES"
+fi
+
 # Set sensitive values as env
-export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
+export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$POSTGRES_CERT"
 export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it

From 19b1469d85efb0998836e7ae9ae7d0da54c7ece9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 26 Sep 2025 11:38:14 +0200
Subject: [PATCH 179/524] nextcloud-s3-config: allow multibucket config

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/s3.config.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php
index cd08f7fc..99999668 100644
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -4,8 +4,9 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
   $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
   $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
   $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
+  $multibucket = getenv('OBJECTSTORE_S3_MULTIBUCKET');
   $CONFIG = array(
-    'objectstore' => array(
+    $multibucket === 'true' ? 'objectstore_multibucket' : 'objectstore' => array(
       'class' => '\OC\Files\ObjectStore\S3',
       'arguments' => array(
         'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),

From f3c666df9af8280092051dd9e1b6a984021541b6 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Fri, 26 Sep 2025 15:53:28 -0400
Subject: [PATCH 180/524] fix: unify default initialization of s3 autocreate
 and use_ssl

Unify with micro-services image fix: nextcloud/docker#2309

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 Containers/nextcloud/config/s3.config.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php
index cd08f7fc..79113e6d 100644
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -16,8 +16,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
         'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
         'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
-        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
+        'autocreate' => strtolower($autocreate) !== 'false',
+        'use_ssl' => strtolower($use_ssl) !== 'false',
         // required for some non Amazon S3 implementations
         'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
         // required for older protocol versions
@@ -31,3 +31,4 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
     $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key;
   }
 }
+

From cc1933b51f3f9eec92134cfa56b435ff32fb0581 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 27 Sep 2025 08:18:03 +0000
Subject: [PATCH 181/524] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index f089c598..03627c26 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.8.0
+version: 11.9.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 40344921..992e66de 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-apache:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 6cfc7167..2e9ccb95 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 417a1884..07f09220 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 58fcab24..abfa8b01 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 657a5f98..9dcc9d63 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index a13e5d4e..5e54704c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 224e82a2..1644464c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
           command:
             - chmod
             - "777"
@@ -188,7 +188,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250927_081431
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index eb744159..799e4390 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 14244671..820e6842 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index b7433541..015da80f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-redis:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 96617fe3..bb6f2a1c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-talk:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index a112e45f..d59c60c0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 72b60f18..804c5d2d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250927_081431
           readinessProbe:
             exec:
               command:

From f8cc109b7e1c2dc12e4319c79fc55e89dd256932 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Sat, 27 Sep 2025 12:26:56 +0200
Subject: [PATCH 182/524] Change ui_secret to use LLDAP_LDAP_USER_PASS

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/lldap/lldap.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/lldap/lldap.json b/community-containers/lldap/lldap.json
index 8f7fba88..32f8e7ec 100644
--- a/community-containers/lldap/lldap.json
+++ b/community-containers/lldap/lldap.json
@@ -27,7 +27,7 @@
         "LLDAP_JWT_SECRET",
         "LLDAP_LDAP_USER_PASS"
       ],
-      "ui_secret": "LLDAP_JWT_SECRET",
+      "ui_secret": "LLDAP_LDAP_USER_PASS",
       "volumes": [
         {
           "source": "nextcloud_aio_lldap",

From 25c80f470bcfaf60e8a400c3f4a5b58f2e8a6d2f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sun, 28 Sep 2025 12:03:19 +0000
Subject: [PATCH 183/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 35 +++++++++++++++++------------------
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 34e3534b..bb81d695 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -391,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v2.0.4",
+            "version": "v2.0.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "b352cf0534aa1ae6b4d825d1e762e35d43f8a841"
+                "reference": "3832547db6e0e2f8bb03d4093857b378c66eceed"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/b352cf0534aa1ae6b4d825d1e762e35d43f8a841",
-                "reference": "b352cf0534aa1ae6b4d825d1e762e35d43f8a841",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/3832547db6e0e2f8bb03d4093857b378c66eceed",
+                "reference": "3832547db6e0e2f8bb03d4093857b378c66eceed",
                 "shasum": ""
             },
             "require": {
@@ -448,7 +448,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2025-03-19T13:51:03+00:00"
+            "time": "2025-09-22T17:29:40+00:00"
         },
         {
             "name": "nikic/fast-route",
@@ -3883,16 +3883,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.25",
+            "version": "v6.4.26",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "273fd29ff30ba0a88ca5fb83f7cf1ab69306adae"
+                "reference": "492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/273fd29ff30ba0a88ca5fb83f7cf1ab69306adae",
-                "reference": "273fd29ff30ba0a88ca5fb83f7cf1ab69306adae",
+                "url": "https://api.github.com/repos/symfony/console/zipball/492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f",
+                "reference": "492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f",
                 "shasum": ""
             },
             "require": {
@@ -3957,7 +3957,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.25"
+                "source": "https://github.com/symfony/console/tree/v6.4.26"
             },
             "funding": [
                 {
@@ -3977,7 +3977,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-08-22T10:21:53+00:00"
+            "time": "2025-09-26T12:13:46+00:00"
         },
         {
             "name": "symfony/filesystem",
@@ -4449,16 +4449,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.3.3",
+            "version": "v7.3.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "17a426cce5fd1f0901fefa9b2a490d0038fd3c9c"
+                "reference": "f96476035142921000338bad71e5247fbc138872"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/17a426cce5fd1f0901fefa9b2a490d0038fd3c9c",
-                "reference": "17a426cce5fd1f0901fefa9b2a490d0038fd3c9c",
+                "url": "https://api.github.com/repos/symfony/string/zipball/f96476035142921000338bad71e5247fbc138872",
+                "reference": "f96476035142921000338bad71e5247fbc138872",
                 "shasum": ""
             },
             "require": {
@@ -4473,7 +4473,6 @@
             },
             "require-dev": {
                 "symfony/emoji": "^7.1",
-                "symfony/error-handler": "^6.4|^7.0",
                 "symfony/http-client": "^6.4|^7.0",
                 "symfony/intl": "^6.4|^7.0",
                 "symfony/translation-contracts": "^2.5|^3.0",
@@ -4516,7 +4515,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.3.3"
+                "source": "https://github.com/symfony/string/tree/v7.3.4"
             },
             "funding": [
                 {
@@ -4536,7 +4535,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-08-25T06:35:40+00:00"
+            "time": "2025-09-11T14:36:48+00:00"
         },
         {
             "name": "vimeo/psalm",

From b77af1a2f85f6de9d727d05dbe1b3267d58e0052 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20M=C3=BCller?=
 <28591861+alexanderdd@users.noreply.github.com>
Date: Sun, 28 Sep 2025 14:10:59 -0500
Subject: [PATCH 184/524] add comment about possibility of migration AIO->VM
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Alexander Müller <28591861+alexanderdd@users.noreply.github.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 4c0712aa..6fa95704 100644
--- a/readme.md
+++ b/readme.md
@@ -52,7 +52,7 @@ Included are:
 - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud) to the Nextcloud container
 - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive)
 - [LDAP can be used as user backend for Nextcloud](https://github.com/nextcloud/all-in-one/tree/main#ldap)
-- Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md)
+- Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md). Migration in the other direction (e.g. from AIO to a VM-based installation) is also possible.
 - [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban)
 - [phpMyAdmin, Adminer or pgAdmin can be added](https://github.com/nextcloud/all-in-one#phpmyadmin-adminer-or-pgadmin)
 - [Mail server can be added](https://github.com/nextcloud/all-in-one#mail-server)

From d5761aa52bbc4dd1fe0aefe18b2a7803d37f1c76 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Sep 2025 04:34:41 +0000
Subject: [PATCH 185/524] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.25-fpm-alpine3.22 to 8.3.26-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.26-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 1955ab2f..0ae91b63 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.25-fpm-alpine3.22
+FROM php:8.3.26-fpm-alpine3.22
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From 7a5d3e7ec8428bec549410da64e47b7ef8d58f17 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 26 Sep 2025 11:47:49 +0200
Subject: [PATCH 186/524] nextcloud-entrypoint: allow to
 configreav_blocklisted_directories

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 25d549e0..cdd0f6eb 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -814,6 +814,9 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
         php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="$CLAMAV_MAX_SIZE"
         php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="$CLAMAV_MAX_SIZE"
         php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
+        if [ -n "$CLAMAV_BLOCKLISTED_DIRECTORIES" ]; then
+            php /var/www/html/occ config:app:set files_antivirus av_blocklisted_directories --value="$CLAMAV_BLOCKLISTED_DIRECTORIES"
+        fi
     fi
 else
     if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/files_antivirus" ]; then

From 7c1cc4c2dd5f34d9dd0024a732cafcbe1f5443a6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sun, 28 Sep 2025 07:41:34 +0200
Subject: [PATCH 187/524] talk: update eturnal image tag to use alpine image

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index ecc0e422..7067c72e 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 FROM nats:2.12.0-scratch AS nats
-FROM eturnal/eturnal:1.12.1 AS eturnal
+FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.1 AS janus
 

From dbcd5d8955f7d375a5abbb0e410fbfb09cd52bec Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 29 Sep 2025 11:15:53 +0200
Subject: [PATCH 188/524] also adjust `use_path_style` and `legacy_auth`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/s3.config.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php
index 79113e6d..a56ce04b 100644
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -19,9 +19,9 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         'autocreate' => strtolower($autocreate) !== 'false',
         'use_ssl' => strtolower($use_ssl) !== 'false',
         // required for some non Amazon S3 implementations
-        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
+        'use_path_style' => strtolower($use_path) === 'true',
         // required for older protocol versions
-        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
+        'legacy_auth' => strtolower($use_legacyauth) === 'true'
       )
     )
   );
@@ -31,4 +31,3 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
     $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key;
   }
 }
-

From fa06f1c425dae052c1b7a0ed42497490fb16925b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 29 Sep 2025 12:11:50 +0200
Subject: [PATCH 189/524] delete caddy locks if existing on startup

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/start.sh          | 5 +++++
 Containers/mastercontainer/start.sh | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 5a85aa08..02a2f2ad 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -66,6 +66,11 @@ caddy fmt --overwrite /tmp/Caddyfile
 # Add caddy path
 mkdir -p /mnt/data/caddy/
 
+# Fix caddy startup
+if [ -d "/mnt/data/caddy/locks" ]; then
+    rm -rf /mnt/data/caddy/locks/*
+fi
+
 # Fix apache startup
 rm -f /usr/local/apache2/logs/httpd.pid
 
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 0882ebd7..616068f3 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -375,6 +375,11 @@ export TZ=Etc/UTC
 # Fix apache startup
 rm -f /var/run/apache2/httpd.pid
 
+# Fix caddy startup
+if [ -d "/mnt/docker-aio-config/caddy/locks" ]; then
+    rm -rf /mnt/docker-aio-config/caddy/locks/*
+fi
+
 # Fix the Caddyfile format
 caddy fmt --overwrite /Caddyfile
 

From 36a39a3528ce3fa0ce1249cd99b53dc674bc87b9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 1 Oct 2025 14:38:28 +0200
Subject: [PATCH 190/524] add minio community container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/minio/minio.json | 38 +++++++++++++++++++++++++++
 community-containers/minio/readme.md  | 12 +++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 community-containers/minio/minio.json
 create mode 100644 community-containers/minio/readme.md

diff --git a/community-containers/minio/minio.json b/community-containers/minio/minio.json
new file mode 100644
index 00000000..ae1925bd
--- /dev/null
+++ b/community-containers/minio/minio.json
@@ -0,0 +1,38 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-minio",
+            "image_tag": "v1",
+            "display_name": "Minio S3 Storage",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/minio",
+            "image": "ghcr.io/szaimen/aio-minio",
+            "internal_port": "9000",
+            "environment": [
+                "MINIO_ROOT_USER=nextcloud",
+                "MINIO_ROOT_PASSWORD=%MINIO_ROOT_PASSWORD%"
+            ],
+            "secrets": [
+                "MINIO_ROOT_PASSWORD"
+            ],
+            "volumes": [
+            {
+                "source": "nextcloud_aio_minio",
+                "destination": "/data",
+                "writeable": true
+            }
+            ],
+            "nextcloud_exec_commands": [
+                "php /var/www/html/occ config:system:set objectstore class --value 'OC\\Files\\ObjectStore\\S3'",
+                "php /var/www/html/occ config:system:set objectstore arguments autocreate --value true --type bool",
+                "php /var/www/html/occ config:system:set objectstore arguments use_path_style --value true --type bool",
+                "php /var/www/html/occ config:system:set objectstore arguments use_ssl --value false --type bool",
+                "php /var/www/html/occ config:system:set objectstore arguments region --value ''",
+                "php /var/www/html/occ config:system:set objectstore arguments bucket --value nextcloud",
+                "php /var/www/html/occ config:system:set objectstore arguments key --value nextcloud",
+                "php /var/www/html/occ config:system:set objectstore arguments secret --value %MINIO_ROOT_PASSWORD%",
+                "php /var/www/html/occ config:system:set objectstore arguments port --value 9000",
+                "php /var/www/html/occ config:system:set objectstore arguments hostname --value nextcloud-aio-minio"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/minio/readme.md b/community-containers/minio/readme.md
new file mode 100644
index 00000000..4f9391bd
--- /dev/null
+++ b/community-containers/minio/readme.md
@@ -0,0 +1,12 @@
+## Minio
+This container bundles minio s3 storage and auto-configures it for you.
+
+### Notes
+- The data of Minio will be automatically included in AIOs backup solution!
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-minio
+
+### Maintainer
+https://github.com/szaimen

From 2d3780d3b3ea7c7e558c6772e4ea3b9be3b6a44f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 1 Oct 2025 14:43:20 +0200
Subject: [PATCH 191/524] increase to v11.10.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 4bcd18b7..8db6beb6 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.9.0</h1>
+            <h1>Nextcloud AIO v11.10.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 4153c692fdfeba54ee486c68d29f883412044224 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 1 Oct 2025 15:09:14 +0200
Subject: [PATCH 192/524] add minio storage to backup volumes and readme update

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/minio/minio.json | 3 +++
 community-containers/minio/readme.md  | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/community-containers/minio/minio.json b/community-containers/minio/minio.json
index ae1925bd..2403f213 100644
--- a/community-containers/minio/minio.json
+++ b/community-containers/minio/minio.json
@@ -21,6 +21,9 @@
                 "writeable": true
             }
             ],
+            "backup_volumes": [
+                "nextcloud_aio_minio"
+            ],
             "nextcloud_exec_commands": [
                 "php /var/www/html/occ config:system:set objectstore class --value 'OC\\Files\\ObjectStore\\S3'",
                 "php /var/www/html/occ config:system:set objectstore arguments autocreate --value true --type bool",
diff --git a/community-containers/minio/readme.md b/community-containers/minio/readme.md
index 4f9391bd..be41d5bd 100644
--- a/community-containers/minio/readme.md
+++ b/community-containers/minio/readme.md
@@ -1,6 +1,12 @@
 ## Minio
 This container bundles minio s3 storage and auto-configures it for you.
 
+>[!WARNING]
+> Enabling this container will remove access to all the files formerly written to the data directory.
+> So only enable this on a clean instance directly after installing AIO.
+> All additional users that are added via Nextcloud afterwards are going to work correctly.
+> Also, after enabling and using it, make sure to not disable the container as you cannot migrate from s3 to local storage anymore and s3 is a critical part of your infrastructure from then on.
+
 ### Notes
 - The data of Minio will be automatically included in AIOs backup solution!
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

From 85a068f6791b8c2108b58aebe86203e4e8001774 Mon Sep 17 00:00:00 2001
From: jameskimmel <17176225+jameskimmel@users.noreply.github.com>
Date: Fri, 3 Oct 2025 07:03:40 +0200
Subject: [PATCH 193/524] nginx-proxy

Make it more clear what nginx-proxy is

Signed-off-by: jameskimmel <17176225+jameskimmel@users.noreply.github.com>
---
 reverse-proxy.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 56e42fe3..6efe9026 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -538,13 +538,13 @@ Also change `<you>@<your-mail-provider-domain>` to a mail address of yours.
 
 </details>
 
-### Nginx-Proxy
+### nginx-proxy (Github Repo)
 
 <details>
 
 <summary>click here to expand</summary>
 
-Unfortunately, it is not possible to configure Nginx-proxy in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above.
+Unfortunately, it is not possible to configure nginx-proxy in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above.
 
 If you really want to use AIO, we recommend you to switch to caddy. It is simply amazing!<br>
 

From 742e0906f0166409a639d262a95a1916650e4e42 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Oct 2025 04:20:04 +0000
Subject: [PATCH 194/524] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.5.3.1 to 25.04.6.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.6.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 536bec37..593c5323 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.5.3.1
+FROM collabora/code:25.04.6.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From db66d618fdc3c5e5241f44710b3317f8cbd4a78a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Oct 2025 04:20:06 +0000
Subject: [PATCH 195/524] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.5-alpine to 3.2.6-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.6-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 24a1f298..72034cec 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.5-alpine
+FROM haproxy:3.2.6-alpine
 
 # hadolint ignore=DL3002
 USER root

From 5a4ba1c3500649a0f7dd1d4635b8dadeef95480f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Oct 2025 04:20:26 +0000
Subject: [PATCH 196/524] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.4.0-cli to 28.5.0-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.5.0-cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 58248890..2532ec16 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.4.0-cli AS docker
+FROM docker:28.5.0-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From 7053a206e14d5a8a3974945a03c9ec1748872dc3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Oct 2025 04:20:53 +0000
Subject: [PATCH 197/524] build(deps): bump redis in /Containers/redis

Bumps redis from 7.2.10-alpine to 7.2.11-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-version: 7.2.11-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 98f3d3f0..8cb0f973 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
-FROM redis:7.2.10-alpine
+FROM redis:7.2.11-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From ec07ef6fe731abd03e2430c022469880e1d18ab2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Oct 2025 04:21:19 +0000
Subject: [PATCH 198/524] build(deps): bump nicholas-fedor/watchtower in
 /Containers/watchtower

Bumps [nicholas-fedor/watchtower](https://github.com/nicholas-fedor/watchtower) from 1.11.8 to 1.12.1.
- [Release notes](https://github.com/nicholas-fedor/watchtower/releases)
- [Changelog](https://github.com/nicholas-fedor/watchtower/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nicholas-fedor/watchtower/compare/v1.11.8...v1.12.1)

---
updated-dependencies:
- dependency-name: nicholas-fedor/watchtower
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 82472ec7..ec2c0d0a 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM ghcr.io/nicholas-fedor/watchtower:1.11.8 AS watchtower
+FROM ghcr.io/nicholas-fedor/watchtower:1.12.1 AS watchtower
 
 FROM alpine:3.22.1
 

From a33ef5d1aa7f75f3716e4d55c266b5dc74f36d3a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 6 Oct 2025 15:12:31 +0200
Subject: [PATCH 199/524] move the hint to a new line

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 6fa95704..f48479e4 100644
--- a/readme.md
+++ b/readme.md
@@ -52,7 +52,8 @@ Included are:
 - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud) to the Nextcloud container
 - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive)
 - [LDAP can be used as user backend for Nextcloud](https://github.com/nextcloud/all-in-one/tree/main#ldap)
-- Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md). Migration in the other direction (e.g. from AIO to a VM-based installation) is also possible.
+- Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md). 
+- Migration in the other direction (e.g. from AIO to a VM-based installation) is also possible.
 - [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban)
 - [phpMyAdmin, Adminer or pgAdmin can be added](https://github.com/nextcloud/all-in-one#phpmyadmin-adminer-or-pgadmin)
 - [Mail server can be added](https://github.com/nextcloud/all-in-one#mail-server)

From 7fbc548d2df54904e05c5b374fc37db8875b62df Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 6 Oct 2025 15:44:27 +0200
Subject: [PATCH 200/524] lldap: adjust hint how to retrieve the password

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/lldap/readme.md | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md
index ce4636bc..586aea9e 100644
--- a/community-containers/lldap/readme.md
+++ b/community-containers/lldap/readme.md
@@ -18,10 +18,7 @@ Functionality with this configuration:
 
 > For simplicity, this configuration is done via the command line (don't worry, it's very simple).
 
-First, you need to retrieve the LLDAP admin password, this will be used later on. Which you need to type in or copy and paste:
-```bash
-sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS
-```
+First, you need to retrieve the LLDAP admin password that you can see next to the container in the AIO interface. There you can configure smtp first and then invite users via mail.
 
 Now go into the Nextcloud container:<br>
 **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management. This script below can be run from inside the container-management container via `bash /lldap.sh`.

From c1949573c9d5596f361563fcfa3f19f772357ffa Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Fri, 26 Sep 2025 15:27:56 -0400
Subject: [PATCH 201/524] refactor(nextcloud): Tidy up entrypoint.sh error/log
 output

- Cleaned up error messages
- Reformatted some code for readability

No logic changes.

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 Containers/nextcloud/entrypoint.sh | 207 +++++++++++++++++++----------
 1 file changed, 135 insertions(+), 72 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 4c50648a..fd8e6136 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -25,31 +25,34 @@ if [ "$DATABASE_TYPE" = postgres ]; then
     export DATABASE_TYPE=pgsql
 fi
 
-# Only start container if redis is accessible
+# Only start container if Redis is accessible
 # shellcheck disable=SC2153
 while ! nc -z "$REDIS_HOST" "6379"; do
-    echo "Waiting for redis to start..."
+    echo "Waiting for Redis to start..."
     sleep 5
 done
 
 # Check permissions in ncdata
-touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
-if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
-    echo "The www-data user doesn't seem to have access rights in the datadir.
-Most likely are the files located on a drive that does not follow linux permissions.
-Please adjust the permissions like mentioned below.
-The found permissions are:
-$(stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR")
-(userID:groupID permissions)
-but they should be:
-33:0 750
-(userID:groupID permissions)
-Also make sure that the parent directories on the host of the directory that you've chosen as datadir are publicly readable with e.g. 'sudo chmod +r /mnt' (adjust the command accordingly to your case) and the same for all subdirectories.
-Additionally, if you want to use a Fuse-mount as datadir, set 'allow_other' as additional mount option.
-For SMB/CIFS mounts as datadir, see https://github.com/nextcloud/all-in-one#can-i-use-a-cifssmb-share-as-nextclouds-datadir"
+test_file="$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
+touch "$test_file"
+if ! [ -f "$test_file" ]; then
+    echo "The www-data user does not appear to have access rights to the data directory."
+    echo "It is possible that the files are on a filesystem that does not support standard Linux permissions,"
+    echo "or the permissions simply need to be adjusted. Please change the permissions as described below."
+    echo "Current permissions are:"
+    stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR"
+    echo "(userID:groupID permissions)"
+    echo "They should be:"
+    echo "33:0 750"
+    echo "(userID:groupID permissions)"
+    echo "Also, ensure that all parent directories on the host of your chosen data directory are publicly readable."
+    echo "For example: sudo chmod +r /mnt  (adjust this command as needed)."
+    echo "If you want to use a FUSE mount as the data directory, add 'allow_other' as an additional mount option."
+    echo "For SMB/CIFS mounts as the data directory, see:"
+    echo "  https://github.com/nextcloud/all-in-one#can-i-use-a-cifssmb-share-as-nextclouds-datadir"
     exit 1
 fi
-rm "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
+rm -f "$test_file"
 
 if [ -f /var/www/html/version.php ]; then
     # shellcheck disable=SC2016
@@ -71,26 +74,31 @@ fi
 
 # Don't start the container if Nextcloud is not compatible with the PHP version
 if [ -f "/var/www/html/lib/versioncheck.php" ] && ! php /var/www/html/lib/versioncheck.php; then
-    echo "It seems like your installed Nextcloud is not compatible with the by the container provided PHP version."
-    echo "This most likely happened because you tried to restore an old Nextcloud version from backup that is not compatible with the PHP version that comes with the container."
-    echo "Please try to restore a more recent backup which contains a Nextcloud version that is compatible with the PHP version that comes with the container."
-    echo "If you do not have a more recent backup, feel free to have a look at this documentation: https://github.com/nextcloud/all-in-one/blob/main/manual-upgrade.md"
+    echo "Your installed Nextcloud version is not compatible with the PHP version provided by this image."
+    echo "This typically occurs when you restore an older Nextcloud backup that does not support the"
+    echo "PHP version included in this image."
+    echo "Please restore a more recent backup that includes a compatible Nextcloud version."
+    echo "If you do not have a more recent backup, refer to the manual upgrade documentation:"
+    echo "  https://github.com/nextcloud/all-in-one/blob/main/manual-upgrade.md"
     exit 1
 fi
 
 # Do not start the container if the last update failed
 if [ -f "$NEXTCLOUD_DATA_DIR/update.failed" ]; then
     echo "The last Nextcloud update failed."
-    echo "Please restore from backup and try again!"
-    echo "If you do not have a backup in place, you can simply delete the update.failed file in the datadir which will allow the container to start again."
+    echo "Please restore from a backup and try again."
+    echo "If you do not have a backup, you can delete the update.failed file in the data directory"
+    echo "to allow the container to start again."
     exit 1
 fi
 
 # Do not start the container if the install failed
 if [ -f "$NEXTCLOUD_DATA_DIR/install.failed" ]; then
     echo "The initial Nextcloud installation failed."
-    echo "Please reset AIO properly and try again. For further clues what went wrong, check the logs above."
-    echo "See https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance"
+    echo "For more information about what went wrong, check the logs above."
+    echo "Please reset AIO properly and try again."
+    echo "See:"
+    echo "  https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance"
     exit 1
 fi
 
@@ -143,7 +151,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
         if [ "$installed_version" != "0.0.0.0" ]; then
 # Check connection to appstore start # Do not remove or change this line!
             while true; do
-                echo -e "Checking connection to appstore"
+                echo -e "Checking connection to the app store..."
                 APPSTORE_URL="https://apps.nextcloud.com/api/v1"
                 if grep -q appstoreurl /var/www/html/config/config.php; then
                     set -x
@@ -154,10 +162,10 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 CURL_STATUS="$(curl -LI "$APPSTORE_URL"/apps.json -o /dev/null -w '%{http_code}\n' -s)"
                 if [[ "$CURL_STATUS" = "200" ]]
                 then
-                    echo "Appstore is reachable"
+                    echo "App store is reachable."
                     break
                 else
-                    echo "Curl didn't produce a 200 status, is appstore reachable?"
+                    echo "Curl did not return a 200 status. Is the app store reachable?"
                     sleep 5
                 fi
             done
@@ -167,21 +175,21 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 
             php /var/www/html/occ maintenance:mode --off
 
-            echo "Getting and backing up the status of apps for later, this might take a while..."
+            echo "Getting and backing up the status of apps for later; this might take a while..."
             NC_APPS="$(find /var/www/html/custom_apps/ -type d -maxdepth 1 -mindepth 1 | sed 's|/var/www/html/custom_apps/||g')"
             if [ -z "$NC_APPS" ]; then
-                echo "No apps detected, aborting export of app status..."
+                echo "No apps detected. Aborting export of app status..."
                 APPSTORAGE="no-export-done"
             else
                 mapfile -t NC_APPS_ARRAY <<< "$NC_APPS"
                 declare -Ag APPSTORAGE
-                echo "Disabling apps before the update in order to make the update procedure more safe. This can take a while..."
+                echo "Disabling apps before the update to make the update procedure safer. This can take a while..."
                 for app in "${NC_APPS_ARRAY[@]}"; do
                     if APPSTORAGE[$app]="$(php /var/www/html/occ config:app:get "$app" enabled)"; then
                         php /var/www/html/occ app:disable "$app"
                     else
                         APPSTORAGE[$app]=""
-                        echo "Not disabling $app because the occ command to get the enabled state was failing."
+                        echo "Not disabling $app because the occ command to get its enabled state failed."
                     fi
                 done
             fi
@@ -195,8 +203,13 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             run_upgrade_if_needed_due_to_app_update
         fi
 
-        echo "Initializing nextcloud $image_version ..."
-        rsync -rlD --delete --exclude-from=/upgrade.exclude "$SOURCE_LOCATION/" /var/www/html/
+        echo "Initializing Nextcloud $image_version ..."
+
+        # Copy over initial data from Nextcloud archive
+        rsync -rlD --delete \
+            --exclude-from=/upgrade.exclude \
+            "$SOURCE_LOCATION/" \
+            /var/www/html/
 
         # Copy custom_apps from Nextcloud archive
         if ! directory_empty "$SOURCE_LOCATION/custom_apps"; then
@@ -204,22 +217,47 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             for app in "$SOURCE_LOCATION/custom_apps"/*; do
                 app_id="$(basename "$app")"
                 mkdir -p "/var/www/html/custom_apps/$app_id"
-                rsync -rlD --delete --include "/$app_id/" --exclude '/*' "$SOURCE_LOCATION/custom_apps/" /var/www/html/custom_apps/
+                rsync -rlD --delete \
+                    --include "/$app_id/" \
+                    --exclude '/*' \
+                    "$SOURCE_LOCATION/custom_apps/" \
+                    /var/www/html/custom_apps/
             done
             set +x
         fi
 
-        # Copy over initial data from Nextcloud archive
+        # Copy these from Nextcloud archive if they don't exist yet (i.e. new install)
         for dir in config data custom_apps themes; do
             if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
-                rsync -rlD --include "/$dir/" --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/
+                rsync -rlD \
+                    --include "/$dir/" \
+                    --exclude '/*' \
+                    "$SOURCE_LOCATION/" \
+                    /var/www/html/
             fi
         done
-        rsync -rlD --delete --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' "$SOURCE_LOCATION/" /var/www/html/
-        rsync -rlD --include '/version.php' --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/
+
+        rsync -rlD --delete \
+            --include '/config/' \
+            --exclude '/*' \
+            --exclude '/config/CAN_INSTALL' \
+            --exclude '/config/config.sample.php' \
+            --exclude '/config/config.php' \
+            "$SOURCE_LOCATION/" \
+            /var/www/html/
+
+        rsync -rlD \
+            --include '/version.php' \
+            --exclude '/*' \
+            "$SOURCE_LOCATION/" \
+            /var/www/html/
+
         echo "Initializing finished"
 
-        #install
+        ################
+        # Fresh Install
+        ################
+        
         if [ "$installed_version" = "0.0.0.0" ]; then
             echo "New Nextcloud instance."
 
@@ -233,13 +271,13 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 INSTALL_OPTIONS+=(--data-dir "$NEXTCLOUD_DATA_DIR")
             fi
 
-            # We do our own permission check so the permission check is not needed
-            cat << DATADIR_PERMISSION_CONF > /var/www/html/config/datadir.permission.config.php
+        # Skip the default permission check (we do our own)
+        cat > /var/www/html/config/datadir.permission.config.php <<'EOF'
 <?php
-    \$CONFIG = array (
-    'check_data_directory_permissions' => false
-);
-DATADIR_PERMISSION_CONF
+    $CONFIG = array (
+        'check_data_directory_permissions' => false
+    );
+EOF
 
             # Write out postgres root cert
             if [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" ]; then
@@ -250,11 +288,20 @@ DATADIR_PERMISSION_CONF
             echo "Installing with $DATABASE_TYPE database"
             # Set a default value for POSTGRES_PORT
             if [ -z "$POSTGRES_PORT" ]; then
-              POSTGRES_PORT=5432
+                POSTGRES_PORT=5432
             fi
-            # shellcheck disable=SC2153
-            INSTALL_OPTIONS+=(--database "$DATABASE_TYPE" --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST" --database-port "$POSTGRES_PORT")
 
+            # Add database options to INSTALL_OPTIONS
+            # shellcheck disable=SC2153
+            INSTALL_OPTIONS+=(
+                --database "$DATABASE_TYPE"
+                --database-name "$POSTGRES_DB"
+                --database-user "$POSTGRES_USER"
+                --database-pass "$POSTGRES_PASSWORD"
+                --database-host "$POSTGRES_HOST"
+                --database-port "$POSTGRES_PORT"
+            )
+            
             echo "Starting Nextcloud installation..."
             if ! php /var/www/html/occ maintenance:install "${INSTALL_OPTIONS[@]}"; then
                 echo "Installation of Nextcloud failed!"
@@ -276,7 +323,7 @@ DATADIR_PERMISSION_CONF
 
                 if [ "$try" -ge "$max_retries" ]; then
                     echo "Installation of Nextcloud failed!"
-                    echo "Install errors: $(cat /var/www/html/data/nextcloud.log)"
+                    echo "Installation errors: $(cat /var/www/html/data/nextcloud.log)"
                     touch "$NEXTCLOUD_DATA_DIR/install.failed"
                     exit 1
                 fi
@@ -312,10 +359,12 @@ DATADIR_PERMISSION_CONF
                 installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
                 INSTALLED_MAJOR="${installed_version%%.*}"
                 IMAGE_MAJOR="${image_version%%.*}"
+                # If a valid upgrade path, trigger the Nextcloud built-in Updater
                 if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then
                     php /var/www/html/updater/updater.phar --no-interaction --no-backup
                     if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
                         echo "Installation of Nextcloud failed!"
+                        # TODO: Add a hint here about what to do / where to look / updater.log? 
                         touch "$NEXTCLOUD_DATA_DIR/install.failed"
                         exit 1
                     fi
@@ -392,11 +441,11 @@ DATADIR_PERMISSION_CONF
         #upgrade
         else
             touch "$NEXTCLOUD_DATA_DIR/update.failed"
-            echo "Upgrading nextcloud from $installed_version to $image_version..."
+            echo "Upgrading Nextcloud from $installed_version to $image_version..."
             php /var/www/html/occ config:system:delete integrity.check.disabled
             if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then
                 echo "Upgrade failed. Please restore from backup."
-                bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup!"
+                bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup."
                 exit 1
             fi
 
@@ -404,7 +453,7 @@ DATADIR_PERMISSION_CONF
             installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
 
             rm "$NEXTCLOUD_DATA_DIR/update.failed"
-            bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info."
+            bash /notify.sh "Nextcloud update to $image_version successful!" "You may inspect the Nextcloud container logs for more information."
 
             php /var/www/html/occ app:update --all
 
@@ -412,7 +461,7 @@ DATADIR_PERMISSION_CONF
 
             # Restore app status
             if [ "${APPSTORAGE[0]}" != "no-export-done" ]; then
-                echo "Restoring the status of apps. This can take a while..."
+                echo "Restoring app statuses. This may take a while..."
                 for app in "${!APPSTORAGE[@]}"; do
                     if [ -n "${APPSTORAGE[$app]}" ]; then
                         if [ "${APPSTORAGE[$app]}" != "no" ]; then
@@ -424,13 +473,13 @@ DATADIR_PERMISSION_CONF
                                     php /var/www/html/occ maintenance:mode --off
                                 fi
                                 run_upgrade_if_needed_due_to_app_update
-                                echo "The $app app could not get enabled. Probably because it is not compatible with the new Nextcloud version."
+                                echo "The $app app could not be re-enabled, probably because it is not compatible with the new Nextcloud version."
                                 if [ "$app" = apporder ]; then
                                     CUSTOM_HINT="The apporder app was deprecated. A possible replacement is the side_menu app, aka 'Custom menu'."
                                 else
-                                    CUSTOM_HINT="Most likely because it is not compatible with the new Nextcloud version."
+                                    CUSTOM_HINT="Most likely, it is not compatible with the new Nextcloud version."
                                 fi
-                                bash /notify.sh "Could not enable the $app app after the Nextcloud update!" "$CUSTOM_HINT Feel free to look at the Nextcloud update logs and force-enable the app again from the app-store UI."
+                                bash /notify.sh "Could not re-enable the $app app after the Nextcloud update!" "$CUSTOM_HINT Feel free to review the Nextcloud update logs and force-enable the app again if you wish."
                                 continue
                             fi
                             # Only restore the group settings, if the app was enabled (and is thus compatible with the new NC version)
@@ -452,7 +501,7 @@ DATADIR_PERMISSION_CONF
             php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]"
 
             # Apply optimization
-            echo "Doing some optimizations..."
+            echo "Performing some optimizations..."
             if [ "$NEXTCLOUD_SKIP_DATABASE_OPTIMIZATION" != yes ]; then
                 php /var/www/html/occ maintenance:repair --include-expensive
                 php /var/www/html/occ db:add-missing-indices
@@ -483,10 +532,10 @@ if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
     # Check if appdata is present
     # If not, something broke (e.g. changing ncdatadir after aio was first started)
     if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
-        echo "Appdata is not present. Did you maybe change the datadir after the initial Nextcloud installation? This is not supported!"
+        echo "Appdata is not present. Did you change the datadir after the initial Nextcloud installation? This is not supported!"
         echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir"
-        echo "If you adjusted the datadir to be located on an external drive, make sure that the drive is still mounted!"
-        echo "In the datadir was found:"
+        echo "If you moved the datadir to an external drive, make sure that the drive is still mounted."
+        echo "The following was found in the datadir:"
         ls -la "$NEXTCLOUD_DATA_DIR/"
         exit 1
     fi
@@ -678,7 +727,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
             fi
         fi
     else
-        echo "Warning: No ipv4-address found for $COLLABORA_HOST."
+        echo "Warning: No IPv4 address found for $COLLABORA_HOST."
     fi
     if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then
@@ -689,7 +738,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
             fi
         fi
     else
-        echo "No ipv6-address found for $COLLABORA_HOST."
+        echo "No IPv6 address found for $COLLABORA_HOST."
     fi
     if [ -n "$COLLABORA_ALLOW_LIST" ]; then
         PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'
@@ -703,7 +752,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
         fi
         php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
     else
-        echo "Warning: wopi_allowlist is empty which should not be the case!"
+        echo "Warning: wopi_allowlist is empty; this should not be the case!"
     fi
 else
     if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/richdocuments" ]; then
@@ -713,15 +762,20 @@ fi
 
 # OnlyOffice
 if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
+    # Determine OnlyOffice port based on host pattern
     if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then
         ONLYOFFICE_PORT=80
     else
         ONLYOFFICE_PORT=443
     fi
+
+    # Wait for OnlyOffice to become available
     while ! nc -z "$ONLYOFFICE_HOST" "$ONLYOFFICE_PORT"; do
-        echo "waiting for OnlyOffice to become available..."
+        echo "Waiting for OnlyOffice to become available..."
         sleep 5
     done
+
+    # Install or enable OnlyOffice app as needed
     if ! [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
         php /var/www/html/occ app:install onlyoffice
     elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" != "yes" ]; then
@@ -729,16 +783,25 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
     elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update onlyoffice
     fi
+
+    # Set OnlyOffice configuration
     php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
     php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
     php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
+
+    # Adjust the OnlyOffice host if using internal pattern
     if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then
         ONLYOFFICE_HOST="$NC_DOMAIN/onlyoffice"
         export ONLYOFFICE_HOST
     fi
+
     php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$ONLYOFFICE_HOST"
 else
-    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
+    # Remove OnlyOffice app if disabled and removal is requested
+    if [ "$REMOVE_DISABLED_APPS" = yes ] && \
+       [ -d "/var/www/html/custom_apps/onlyoffice" ] && \
+       [ -n "$ONLYOFFICE_SECRET" ] && \
+       [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
         php /var/www/html/occ app:remove onlyoffice
     fi
 fi
@@ -784,7 +847,7 @@ fi
 if [ -d "/var/www/html/custom_apps/spreed" ]; then
     if [ "$TALK_RECORDING_ENABLED" = 'yes' ]; then
         while ! nc -z "$TALK_RECORDING_HOST" 1234; do
-            echo "waiting for Talk Recording to become available..."
+            echo "Waiting for Talk Recording to become available..."
             sleep 5
         done
         # TODO: migrate to occ command if that becomes available
@@ -799,12 +862,12 @@ fi
 if [ "$CLAMAV_ENABLED" = 'yes' ]; then
     count=0
     while ! nc -z "$CLAMAV_HOST" 3310 && [ "$count" -lt 90 ]; do
-        echo "waiting for clamav to become available..."
+        echo "Waiting for ClamAV to become available..."
         count=$((count+5))
         sleep 5
     done
     if [ "$count" -ge 90 ]; then
-        echo "Clamav did not start in time. Skipping initialization and disabling files_antivirus app."
+        echo "ClamAV did not start in time. Skipping initialization and disabling files_antivirus app."
         php /var/www/html/occ app:disable files_antivirus
     else
         if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
@@ -851,7 +914,7 @@ fi
 if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
     count=0
     while ! nc -z "$FULLTEXTSEARCH_HOST" "$FULLTEXTSEARCH_PORT" && [ "$count" -lt 90 ]; do
-        echo "waiting for Fulltextsearch to become available..."
+        echo "Waiting for Fulltextsearch to become available..."
         count=$((count+5))
         sleep 5
     done
@@ -888,14 +951,14 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
 
         # Do the index
         if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then
-            echo "Waiting 10s before activating FTS..."
+            echo "Waiting 10 seconds before activating fulltextsearch..."
             sleep 10
             echo "Activating fulltextsearch..."
             if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index "{\"errors\": \"reset\"}" --no-readline; then
                 touch "$NEXTCLOUD_DATA_DIR/fts-index.done"
             else
                 echo "Fulltextsearch failed. Could not index."
-                echo "Feel free to follow https://github.com/nextcloud/all-in-one/discussions/1709 if you want to skip the indexing in the future."
+                echo "If you want to skip indexing in the future, see https://github.com/nextcloud/all-in-one/discussions/1709"
             fi
         fi
     fi

From 593379de56d30a7fdf6db83adb614f14a6940755 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Oct 2025 04:18:34 +0000
Subject: [PATCH 202/524] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.4 to 8.19.5.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 289722ea..980fe275 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.4
+FROM elasticsearch:8.19.5
 
 USER root
 

From 6d6183b9e83e37a0a6baed9835e3ccd225ed5424 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Oct 2025 13:08:54 +0000
Subject: [PATCH 203/524] build(deps): bump softprops/turnstyle in
 /.github/workflows

Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/858c58d647eeb05b1725a96ae3fc290230321af3...9d692f15fa9f84928799bccac2dba6565e024bdf)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 56854ed4..e6527250 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Turnstyle
-        uses: softprops/turnstyle@858c58d647eeb05b1725a96ae3fc290230321af3 # v2
+        uses: softprops/turnstyle@9d692f15fa9f84928799bccac2dba6565e024bdf # v2
         with:
           continue-after-seconds: 180
         env:

From c35e0809bdce3f3e947a8b072f57287bce2847ea Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Oct 2025 04:20:04 +0000
Subject: [PATCH 204/524] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.25.1-alpine3.22 to 1.25.2-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.2-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index afeb69a4..1d673ecd 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.1-alpine3.22 AS go
+FROM golang:1.25.2-alpine3.22 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From 7d923db4481dec87acc0146f19a952a26ca42972 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Oct 2025 04:20:52 +0000
Subject: [PATCH 205/524] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.13.7-alpine3.22 to 3.14.0-alpine3.22.

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.14.0-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 40b01470..b93e1338 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.7-alpine3.22
+FROM python:3.14.0-alpine3.22
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 436c6ff5b7f103c01dc58eb5161b6aa55b4fcf9f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 11 Dec 2024 10:09:37 +0100
Subject: [PATCH 206/524] nextcloud: adjust max_input_time to -1

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 0ae91b63..c5fd6ed6 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -132,7 +132,7 @@ RUN set -ex; \
         echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
         echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
         echo 'max_execution_time=${PHP_MAX_TIME}'; \
-        echo 'max_input_time=${PHP_MAX_TIME}'; \
+        echo 'max_input_time=-1'; \
         echo 'default_socket_timeout=${PHP_MAX_TIME}'; \
     } > /usr/local/etc/php/conf.d/nextcloud.ini; \
     \

From 90d346ea650c7a5838328cacd96b1609a75199ca Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Wed, 8 Oct 2025 16:05:15 -0400
Subject: [PATCH 207/524] docs: Add README.md for Nextcloud container

Added README.md for Nextcloud container.

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 Containers/nextcloud/README.md | 35 ++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 Containers/nextcloud/README.md

diff --git a/Containers/nextcloud/README.md b/Containers/nextcloud/README.md
new file mode 100644
index 00000000..b94a1b77
--- /dev/null
+++ b/Containers/nextcloud/README.md
@@ -0,0 +1,35 @@
+# Nextcloud All-in-One ``nextcloud`` Container
+
+This folder contains the OCI/Docker container definition, along with associated resources and configuration files, for building the `nextcloud` container as part of the [Nextcloud All-in-One](https://github.com/nextcloud/all-in-one) project. This container hosts PHP and the Nextcloud Server application.
+
+## Overview
+
+The Nextcloud container provides the core Nextcloud application environment, including the necessary dependencies and configuration for seamless integration into the All-in-One stack. The container hosts:
+
+- The PHP SAPI/backend (php-fpm)
+- Nextcloud background jobs and scheduled tasks, which are handled via cron
+- Miscellaneous minor support services specific to AIO's Nextcloud deployment (health and exec)
+
+## Contents
+
+- **Dockerfile**: Instructions for building the Nextcloud container image.
+- **Entrypoint script**: The `start.sh` script is used for container initialization and runtime configuration before starting supervisord.
+- **Nextcloud configuration files**: Specific to running in a containerized setting and/or within AIO.
+- **Supervisor**: The `supervisord.conf` file defines the long-running services hosted within the container (php-fpm, cron, etc.).
+
+## Usage
+
+This container is intended to be used as part of the All-in-One deployment and is not meant to be used on its own. Among other requirements, it needs a web server container (which is provided by AIO in a dedicated Apache container). It is designed to be orchestrated by [the All-in-One mastercontainer](https://github.com/nextcloud/all-in-one/tree/main/Containers/mastercontainer).
+
+## Documentation
+
+- [Nextcloud All-in-One Documentation](https://github.com/nextcloud/all-in-one#readme)
+- [Nextcloud Documentation](https://docs.nextcloud.com/)
+
+## Contributing
+
+Contributions are welcome! Please follow the Nextcloud project's guidelines and submit pull requests or issues via the main repository.
+
+## License
+
+This folder and its contents are licensed under the [GNU AGPLv3](https://www.gnu.org/licenses/agpl-3.0.html), in line with the rest of Nextcloud All-in-One.

From 03413d944056b57362bb65a47d2d03d837d66893 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:22:08 +0000
Subject: [PATCH 208/524] build(deps): bump alpine from 3.22.1 to 3.22.2 in
 /Containers/alpine

Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/alpine/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile
index 429485b3..25ac9671 100644
--- a/Containers/alpine/Dockerfile
+++ b/Containers/alpine/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 
 RUN set -ex; \
     apk upgrade --no-cache -a

From a64237c9d649d6b7b83be4f3e09ba167d7a3036d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:22:13 +0000
Subject: [PATCH 209/524] build(deps): bump alpine from 3.22.1 to 3.22.2 in
 /Containers/borgbackup

Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 74d87f45..3d4ce1ce 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 
 RUN set -ex; \
     \

From 8fb81686ba728893243b676f1b95dcdcda8a9917 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:22:17 +0000
Subject: [PATCH 210/524] build(deps): bump alpine from 3.22.1 to 3.22.2 in
 /Containers/clamav

Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 216ea1c9..db59f64a 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 494639990580bdcd4796df9fdbf28b70f0fb0006 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:22:22 +0000
Subject: [PATCH 211/524] build(deps): bump alpine in /Containers/domaincheck

Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 99ae1184..c4b340e2 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \

From 5c59bee1eed80d9ef507e693784e22284616314b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:22:25 +0000
Subject: [PATCH 212/524] build(deps): bump alpine from 3.22.1 to 3.22.2 in
 /Containers/imaginary

Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 1d673ecd..55503dcb 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -14,7 +14,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

From 44659edf9c99fc01f921d851c2e1b99f38a36f2e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:22:30 +0000
Subject: [PATCH 213/524] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.5.0-cli to 28.5.1-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.5.1-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 2532ec16..c1cbaa59 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.5.0-cli AS docker
+FROM docker:28.5.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From 9d76e6486e4bffdabb384c9c903ade7d000950ee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:22:55 +0000
Subject: [PATCH 214/524] build(deps): bump alpine in /Containers/notify-push

Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 8138582d..812ec840 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 8e8580122de67686a6fb74b67dd70c7776479f2b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:23:03 +0000
Subject: [PATCH 215/524] build(deps): bump alpine from 3.22.1 to 3.22.2 in
 /Containers/talk

Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 7067c72e..84109d3b 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -2,7 +2,7 @@
 FROM nats:2.12.0-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
-FROM alpine:3.22.1 AS janus
+FROM alpine:3.22.2 AS janus
 
 ARG JANUS_VERSION=v1.3.2
 WORKDIR /src
@@ -35,7 +35,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 ENV ETURNAL_ETC_DIR="/conf"
 ENV SKIP_CERT_VERIFY=false
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local

From 1f2e97a24634d857543cb84aea2fae240bee5f00 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:23:13 +0000
Subject: [PATCH 216/524] build(deps): bump alpine from 3.22.1 to 3.22.2 in
 /Containers/watchtower

Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index ec2c0d0a..c2b38b18 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM ghcr.io/nicholas-fedor/watchtower:1.12.1 AS watchtower
 
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 26bb93df914e70f83f8faa8b19f0bdf51293a980 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 10 Oct 2025 08:42:36 +0200
Subject: [PATCH 217/524] fix typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 3d82e634..11df8a73 100644
--- a/readme.md
+++ b/readme.md
@@ -360,7 +360,7 @@ You can adjust the MTU size of the docker network by creating it beforehand with
 ```
 docker network create --driver bridge --opt com.docker.network.driver.mtu=1440 nextcloud-aio
 ```
-When you open the AIO interface for the first time after you execute the `docker run` command, it will automatically connect to the `aio-nextcloud` network with the custom MTU. Keep in mind that if you previously started the mastercontainer without creating the network with the extra options, you will need to remove the old `aio-nextcloud` network and recreate it with the new configuration.
+When you open the AIO interface for the first time after you execute the `docker run` command, it will automatically connect to the `nextcloud-aio` network with the custom MTU. Keep in mind that if you previously started the mastercontainer without creating the network with the extra options, you will need to remove the old `nextcloud-aio` network and recreate it with the new configuration.
 
 If you want to use docker compose, you can check out the comments in the `compose.yaml` file for more details.
 

From 84288c4ac728795b4b949f64dc88fd17d3199c34 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Oct 2025 04:19:54 +0000
Subject: [PATCH 218/524] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.2.1 to v1.3.0.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.3.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 680a59d0..e60bb815 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.2.1
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.3.0
 
 USER root
 RUN set -ex; \

From e940d47079f0a25ee4045671e0f40cda3f60f392 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 14 Oct 2025 13:25:57 +0200
Subject: [PATCH 219/524] talk-recording: allow to use it on arm64

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk-recording/start.sh              | 2 ++
 php/src/Data/ConfigurationManager.php           | 5 -----
 php/templates/includes/optional-containers.twig | 2 +-
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh
index a03eed04..b49e5e9c 100644
--- a/Containers/talk-recording/start.sh
+++ b/Containers/talk-recording/start.sh
@@ -59,6 +59,8 @@ extensionvideo = .webm
 
 [recording]
 browser = firefox
+driverPath = /usr/bin/geckodriver
+browserPath = /usr/bin/firefox
 RECORDING_CONF
 
 exec "$@"
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index ceae13d0..1a2b4461 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -286,11 +286,6 @@ class ConfigurationManager
             $value = 0;
         }
 
-        // Currently only works on x64. See https://github.com/nextcloud/nextcloud-talk-recording/issues/17
-        if (!$this->isx64Platform()) {
-            $value = 0;
-        }
-
         $config = $this->GetConfig();
         $config['isTalkRecordingEnabled'] = $value;
         $this->WriteConfig($config);
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 572af5f1..6bea68db 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -96,7 +96,7 @@
                 data-initial-state="false"
             {% endif %}
         >
-        <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs, currently <a target="_blank" href="https://github.com/nextcloud/nextcloud-talk-recording/issues/17">only works on x86_64</a>)</label>
+        <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label>
     </p>
     <p>
         <input

From 3137c434475cef59c20bc636e1f0cee343eebc42 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 14 Oct 2025 12:16:14 +0000
Subject: [PATCH 220/524] build(deps): bump actions/setup-node from 5 to 6 in
 /.github/workflows

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/playwright.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index d2bcad71..9de89243 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -15,7 +15,7 @@ jobs:
     steps:
       - uses: actions/checkout@v5
 
-      - uses: actions/setup-node@v5
+      - uses: actions/setup-node@v6
         with:
           node-version: lts/*
 

From 28f7d3571ca69fb408fe1f8f173b1d3ac0c8f9a6 Mon Sep 17 00:00:00 2001
From: "Ruben D." <ruben@winterrific.net>
Date: Tue, 14 Oct 2025 20:59:42 +0200
Subject: [PATCH 221/524] Add clamav milter packaged, configure it and use
 supervisord to start it up.

TODO: start milter only if community container stalwart is used.

Signed-off-by: Ruben D. <ruben@winterrific.net>
---
 Containers/clamav/Dockerfile       | 8 ++++++--
 Containers/clamav/start.sh         | 1 +
 Containers/clamav/supervisord.conf | 7 +++++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 216ea1c9..9330c57f 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -3,7 +3,7 @@ FROM alpine:3.22.1
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
-    apk add --no-cache tzdata clamav supervisor bash; \
+    apk add --no-cache tzdata clamav clamav-milter supervisor bash; \
     mkdir -p /var/lib/clamav /run/clamav /var/log/supervisord /var/run/supervisord; \
     chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
     chown -R 100:100 /var/lib/clamav; \
@@ -12,7 +12,11 @@ RUN set -ex; \
     sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
-    sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf
+    sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \
+    sed -i "s|Example| |g" /etc/clamav/clamav-milter.conf; \
+    sed -i "s|#\?MilterSocket inet:7357|MilterSocket inet:7357|g" /etc/clamav/clamav-milter.conf; \
+    sed -i "s|#\?ClamdSocket unix:/run/clamav/clamd.sock|ClamdSocket unix:/tmp/clamd.sock|g" /etc/clamav/clamav-milter.conf; \
+    sed -i "s|#\?AddHeader Replace|AddHeader Add|g" /etc/clamav/clamav-milter.conf
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh
index bda4add5..2c56db49 100644
--- a/Containers/clamav/start.sh
+++ b/Containers/clamav/start.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 
 sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf
+cp /etc/clamav/clamav-milter.conf /tmp/clamv-milter-conf
 
 # Print out clamav version for compliance reasons
 clamscan --version
diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf
index 8f53856a..283833b8 100644
--- a/Containers/clamav/supervisord.conf
+++ b/Containers/clamav/supervisord.conf
@@ -21,3 +21,10 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=clamd --foreground --config-file=/tmp/clamd.conf
+
+[program:milter]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=clamav-milter --foreground --config-file=/tmp/clamv-milter-conf
\ No newline at end of file

From 2d86c0d788461fd0adf52af8c6e15e1bfc9c19f8 Mon Sep 17 00:00:00 2001
From: "Ruben D." <ruben@winterrific.net>
Date: Tue, 14 Oct 2025 21:10:48 +0200
Subject: [PATCH 222/524] Remove copying and omit checks for stalwart

Signed-off-by: Ruben D. <ruben@winterrific.net>
---
 Containers/clamav/start.sh         | 1 -
 Containers/clamav/supervisord.conf | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh
index 2c56db49..bda4add5 100644
--- a/Containers/clamav/start.sh
+++ b/Containers/clamav/start.sh
@@ -1,7 +1,6 @@
 #!/bin/bash
 
 sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf
-cp /etc/clamav/clamav-milter.conf /tmp/clamv-milter-conf
 
 # Print out clamav version for compliance reasons
 clamscan --version
diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf
index 283833b8..7aad65ed 100644
--- a/Containers/clamav/supervisord.conf
+++ b/Containers/clamav/supervisord.conf
@@ -27,4 +27,4 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=clamav-milter --foreground --config-file=/tmp/clamv-milter-conf
\ No newline at end of file
+command=clamav-milter --foreground --config-file=/etc/clamav/clamav-milter.conf
\ No newline at end of file

From 3fdd77e75d0a536e11cdb6b0c79c80cf50aadd05 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 15 Oct 2025 08:40:45 +0000
Subject: [PATCH 223/524] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 03627c26..6eb13d92 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.9.0
+version: 11.10.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 992e66de..4196cb99 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-apache:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 2e9ccb95..9f8dda8d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-clamav:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 07f09220..5db29234 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-collabora:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index abfa8b01..8466fe03 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 9dcc9d63..5b9ef69f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 5e54704c..84ea42e6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 1644464c..c6559fbd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
           command:
             - chmod
             - "777"
@@ -188,7 +188,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251015_082711
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 799e4390..dac83c98 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 820e6842..98f75058 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 015da80f..61938748 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-redis:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index bb6f2a1c..aa078677 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-talk:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index d59c60c0..27a50beb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 804c5d2d..08d3fcca 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251015_082711
           readinessProbe:
             exec:
               command:

From b55b4aac1cde4a254c9a89fdb624c2144a461a29 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 15 Oct 2025 12:03:37 +0000
Subject: [PATCH 224/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index bb81d695..4809bae8 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -391,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v2.0.5",
+            "version": "v2.0.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "3832547db6e0e2f8bb03d4093857b378c66eceed"
+                "reference": "038ce42edee619599a1debb7e81d7b3759492819"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/3832547db6e0e2f8bb03d4093857b378c66eceed",
-                "reference": "3832547db6e0e2f8bb03d4093857b378c66eceed",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/038ce42edee619599a1debb7e81d7b3759492819",
+                "reference": "038ce42edee619599a1debb7e81d7b3759492819",
                 "shasum": ""
             },
             "require": {
@@ -448,7 +448,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2025-09-22T17:29:40+00:00"
+            "time": "2025-10-09T13:42:30+00:00"
         },
         {
             "name": "nikic/fast-route",

From 12c9b6807142dd0b5e2ab763ce13d57efb31df39 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 15 Oct 2025 12:05:06 +0000
Subject: [PATCH 225/524] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk-recording/Dockerfile     |  2 +-
 Containers/talk-recording/recording.conf | 48 +++++++++++++++++++++++-
 2 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index b93e1338..83b7859b 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -4,7 +4,7 @@ FROM python:3.14.0-alpine3.22
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
-ENV RECORDING_VERSION=v0.1
+ENV RECORDING_VERSION=v0.2.0
 ENV ALLOW_ALL=false
 ENV HPB_PROTOCOL=https
 ENV NC_PROTOCOL=https
diff --git a/Containers/talk-recording/recording.conf b/Containers/talk-recording/recording.conf
index 99515528..cc8bd495 100644
--- a/Containers/talk-recording/recording.conf
+++ b/Containers/talk-recording/recording.conf
@@ -1,3 +1,5 @@
+# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: AGPL-3.0-or-later
 [logs]
 # Log level based on numeric values of Python logging levels:
 # - Critical: 50
@@ -12,6 +14,11 @@
 # IP and port to listen on for HTTP requests.
 #listen = 127.0.0.1:8000
 
+[app]
+# Comma separated list of trusted proxies (IPs or CIDR networks) that may set
+# the "X-Forwarded-For" header.
+#trustedproxies =
+
 [backend]
 # Allow any hostname as backend endpoint. This is extremely insecure and should
 # only be used during development.
@@ -100,6 +107,18 @@
 # ffmpeg. The options given here fully override the default global options.
 #common = ffmpeg -loglevel level+warning -n
 
+# The (additional) options given to ffmpeg for the audio input. The options
+# given here extend the default options for the audio input, although they do
+# not override them.
+# Default options: '-f pulse -i {AUDIO_SOURCE}'
+#inputaudio =
+
+# The (additional) options given to ffmpeg for the video input. The options
+# given here extend the default options for the video input, although they do
+# not override them.
+# Default options: '-f x11grab -draw_mouse 0 -video_size {WIDTH}x{HEIGHT} -i {VIDEO_SOURCE}'
+#inputvideo =
+
 # The options given to ffmpeg to encode the audio output. The options given here
 # fully override the default options for the audio output.
 #outputaudio = -c:a libopus
@@ -120,4 +139,31 @@
 # will use Google Chrome, or Chromium if Google Chrome is not installed.
 # Allowed values: firefox, chrome
 # Defaults to firefox
-# browser = firefox
+#browser = firefox
+
+# Path to the Selenium driver to use for recordings.
+# If set the driver must match the browser being used (for example,
+# "/usr/bin/geckodriver" for "firefox"). If no driver is explicitly set Selenium
+# Manager will try to find the right one in $PATH, downloading it as a fallback.
+# Note that Selenium Manager does not work in some architectures (for example,
+# Linux on arm64/aarch64), so in those architectures the driver must be
+# explicitly set.
+#driverPath =
+
+# Path to the browser executable to use for recordings.
+# If set the executable must match the browser being used (for example,
+# "/usr/bin/firefox-esr" for "firefox"). If no executable is explicitly set
+# Selenium Manager will try to find the right one in $PATH. Depending on the
+# installed Selenium version if the executable is not found Selenium Manager may
+# also download the browser as a fallback.
+# Note that Selenium Manager does not work in some architectures (for example,
+# Linux on arm64/aarch64); in those architectures the Selenium driver will try
+# to find the executable, but the executable may need to be explicitly set if
+# not found by the driver.
+#browserPath =
+
+[stats]
+# Comma-separated list of IP addresses (or CIDR networks) that are allowed to
+# access the stats endpoint.
+# Leave commented to only allow access from "127.0.0.1".
+#allowed_ips =

From c8b8740980690283c823d8a6c3d52154a39e76f0 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 15 Oct 2025 12:14:36 +0000
Subject: [PATCH 226/524] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 0ae91b63..9c940846 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -84,7 +84,7 @@ RUN set -ex; \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install -o igbinary-3.2.16; \
     pecl install APCu-5.1.27; \
-    pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \
+    pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.4.0; \
     pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \
    pecl install -o imagick-3.8.0; \
     \

From 97af7b63e29c152e6823cf4b7e20a2d7b17e4a5f Mon Sep 17 00:00:00 2001
From: jameskimmel <17176225+jameskimmel@users.noreply.github.com>
Date: Tue, 7 Oct 2025 16:11:44 +0200
Subject: [PATCH 227/524] rp-docs: add link for nginx-proxy

Signed-off-by: jameskimmel <17176225+jameskimmel@users.noreply.github.com>
Co-Authored-By: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 6efe9026..4d6cc2fa 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -538,13 +538,15 @@ Also change `<you>@<your-mail-provider-domain>` to a mail address of yours.
 
 </details>
 
-### nginx-proxy (Github Repo)
+### Nginx-Proxy
 
 <details>
 
 <summary>click here to expand</summary>
 
-Unfortunately, it is not possible to configure nginx-proxy in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above.
+This section refers to the dedicated project named `nginx-proxy`. See its [GitHub repo](https://github.com/nginx-proxy/nginx-proxy). If you should be looking for Nginx, see the `Nginx, Freenginx, Openresty, Angie` section in this docu.
+
+Unfortunately, it is not possible to configure `nginx-proxy` in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above.
 
 If you really want to use AIO, we recommend you to switch to caddy. It is simply amazing!<br>
 

From 6bdd7bafdf927ecddf085b352ee0bcb682ffc208 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Oct 2025 04:22:10 +0000
Subject: [PATCH 228/524] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.25.2-alpine3.22 to 1.25.3-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.3-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 55503dcb..47eccfad 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.2-alpine3.22 AS go
+FROM golang:1.25.3-alpine3.22 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From a4320317d5eb26bdcd2e328876c49589cf1363e7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Oct 2025 04:22:53 +0000
Subject: [PATCH 229/524] build(deps): bump nats in /Containers/talk

Bumps nats from 2.12.0-scratch to 2.12.1-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.12.1-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 84109d3b..37ece0f4 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.12.0-scratch AS nats
+FROM nats:2.12.1-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.2 AS janus

From 26e2b631102af22fa18caa1ac27c23117ffb2f96 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 16 Oct 2025 09:00:50 +0200
Subject: [PATCH 230/524] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 42c72e5f..be1d580f 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:9.0.4.1
+FROM onlyoffice/documentserver:9.1.0.1
 
 # USER root is probably used
 

From 8ed64db45c5395739ab91339960f332025725628 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Thu, 16 Oct 2025 10:58:21 -0400
Subject: [PATCH 231/524] fix: add manual install and Helm chart usage context

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 Containers/nextcloud/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/README.md b/Containers/nextcloud/README.md
index b94a1b77..574afd03 100644
--- a/Containers/nextcloud/README.md
+++ b/Containers/nextcloud/README.md
@@ -19,7 +19,7 @@ The Nextcloud container provides the core Nextcloud application environment, inc
 
 ## Usage
 
-This container is intended to be used as part of the All-in-One deployment and is not meant to be used on its own. Among other requirements, it needs a web server container (which is provided by AIO in a dedicated Apache container). It is designed to be orchestrated by [the All-in-One mastercontainer](https://github.com/nextcloud/all-in-one/tree/main/Containers/mastercontainer).
+This container is intended to be used as part of the All-in-One deployment and is not meant to be used on its own. Among other requirements, it needs a web server container (which AIO provides in a dedicated Apache container). It is designed to be orchestrated by the [All-in-One mastercontainer](https://github.com/nextcloud/all-in-one/tree/main/Containers/mastercontainer) or used within an [AIO Manual Installation](https://github.com/nextcloud/all-in-one/tree/main/manual-install) or [AIO Helm chart](https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart).
 
 ## Documentation
 

From 3a4dfaa4b69ca5d56dccf15c17c25db7d6a5c002 Mon Sep 17 00:00:00 2001
From: "Ruben D." <ruben@winterrific.net>
Date: Thu, 16 Oct 2025 19:31:16 +0200
Subject: [PATCH 232/524] Change --foreground option from supervisord to milter
 configuration file

Signed-off-by: Ruben D. <ruben@winterrific.net>
---
 Containers/clamav/Dockerfile       | 3 ++-
 Containers/clamav/supervisord.conf | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 9330c57f..35c81710 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -16,7 +16,8 @@ RUN set -ex; \
     sed -i "s|Example| |g" /etc/clamav/clamav-milter.conf; \
     sed -i "s|#\?MilterSocket inet:7357|MilterSocket inet:7357|g" /etc/clamav/clamav-milter.conf; \
     sed -i "s|#\?ClamdSocket unix:/run/clamav/clamd.sock|ClamdSocket unix:/tmp/clamd.sock|g" /etc/clamav/clamav-milter.conf; \
-    sed -i "s|#\?AddHeader Replace|AddHeader Add|g" /etc/clamav/clamav-milter.conf
+    sed -i "s|#\?AddHeader Replace|AddHeader Add|g" /etc/clamav/clamav-milter.conf; \
+    sed -i "s|#\?Foreground yes|Foreground yes|g" /etc/clamav/clamav-milter.conf
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf
index 7aad65ed..e1216df5 100644
--- a/Containers/clamav/supervisord.conf
+++ b/Containers/clamav/supervisord.conf
@@ -27,4 +27,4 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=clamav-milter --foreground --config-file=/etc/clamav/clamav-milter.conf
\ No newline at end of file
+command=clamav-milter --config-file=/etc/clamav/clamav-milter.conf
\ No newline at end of file

From f996afdb4aed741e6e489252ab68cab8a6ba59fd Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 16 Oct 2025 21:09:58 +0200
Subject: [PATCH 233/524] mastercontainer: bind 8000 only to 127.0.0.1

In my test it worked

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/mastercontainer.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/mastercontainer.conf b/Containers/mastercontainer/mastercontainer.conf
index 6a7d37dd..4effec19 100644
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -1,5 +1,5 @@
-Listen 8000
-Listen 8080
+Listen 127.0.0.1:8000
+Listen 8080 https
 
 # Deny access to .ht files
 <Files ".ht*">

From 15ad146d9c70558700dc24129c8ff6efdb3f0b14 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Thu, 16 Oct 2025 22:42:27 -0400
Subject: [PATCH 234/524] docs: Revise "how to use this" section of README

Reorganized and updated instructions for clarity and approachability.

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 readme.md | 129 ++++++++++++++++++++++++++++++++++--------------------
 1 file changed, 81 insertions(+), 48 deletions(-)

diff --git a/readme.md b/readme.md
index 11df8a73..0c412866 100644
--- a/readme.md
+++ b/readme.md
@@ -86,66 +86,99 @@ Included are:
 | ![image](https://github.com/user-attachments/assets/6ef5d7b5-86f2-402c-bc6c-b633af2ca7dd) | ![image](https://github.com/user-attachments/assets/939d0fdf-436f-433d-82d3-27548263a040) |
 
 ## How to use this?
->[!WARNING]
-> You should first make sure that you are not using docker installed via snap. You can check this by running `sudo docker info | grep "Docker Root Dir" | grep "/var/snap/docker/"`. If the output should contain the mentioned string `/var/snap/docker/`, you should first uninstall docker snap via `sudo snap remove docker` and then follow the instructions below. ⚠️ Attention: only run the command if this is a clean new docker installation and you are not running any service already using this.
 
-> [!NOTE]
-> The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
+The steps below are written for Linux. For platform-specific guidance see:
+- macOS: [How to run AIO on macOS](#how-to-run-aio-on-macos)
+- Windows: [How to run AIO on Windows](#how-to-run-aio-on-windows)
+- Synology DSM: [How to run AIO on Synology DSM](#how-to-run-aio-on-synology-dsm)
 
-1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#supported-platforms.
->[!WARNING]
-> You could use the convenience script below to install docker. However we recommend to not blindly download and execute scripts as sudo. But if you feel like it, you can of course use it. See below: 
+> [!IMPORTANT]  
+> These instructions assume there is no existing web server or reverse proxy (for example Apache, Nginx, Caddy, or Cloudflare Tunnel) that you intend to place in front of AIO. If you plan to run AIO behind an existing web server or reverse proxy, follow the AIO reverse proxy documentation: [Reverse proxy docs](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 
-<details>
-    <summary>Using the convenience script</summary>
+You're encouraged to skim the attached [FAQ](#faq). While we've tried to make things straightforward, Nextcloud is a large and flexible platform. Reading the FAQ will save you time, particularly if edge cases come up.
+
+> [!TIP]  
+> Don't worry about getting everything perfect on the first try — test deployments are cheap and disposable.
+
+1. Install Docker on your Linux host by following the official documentation: [Docker install — supported platforms](https://docs.docker.com/engine/install/#supported-platforms)
+
+> [!WARNING]  
+> Snap-based Docker installations are not supported. Make sure you are not using a snap-based Docker installation (generally only applicable to Ubuntu). To check, run:
+> ```sh
+> sudo docker info | grep "Docker Root Dir" | grep "/var/snap/docker/"
+> ```
+> If you see the following output:
+> ```
+> /var/snap/docker/
+> ```
+> you should migrate to a standard Docker installation and remove the snap-based package before proceeding: [Install Docker on Ubuntu](https://docs.docker.com/engine/install/ubuntu/).
+>
+> ⚠️ To avoid losing data or interrupting services, only remove the Docker snap after you are certain you're not running any existing containers in it.
+>
+> Consult the official Docker documentation or other guides for instructions on migrating existing containers. Once you are certain it's safe, remove the snap-based Docker installation with:
+> ```sh
+> sudo snap remove docker
+> ```
+
+2. If you need IPv6 support, enable it by following: [Docker IPv6 support for AIO](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md)
+
+3. AIO uses a special `mastercontainer` to orchestrate the various pieces of the Nextcloud stack. To start AIO, launch the `mastercontainer` with the command below:
 
 ```sh
-curl -fsSL https://get.docker.com | sudo sh
+# For Linux and without a web server or reverse proxy already in place:
+sudo docker run \
+  --init \
+  --sig-proxy=false \
+  --name nextcloud-aio-mastercontainer \
+  --restart always \
+  --publish 80:80 \
+  --publish 8080:8080 \
+  --publish 8443:8443 \
+  --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+  --volume /var/run/docker.sock:/var/run/docker.sock:ro \
+  ghcr.io/nextcloud-releases/all-in-one:latest
 ```
 
+<details>
+  <summary>Explanation of the command</summary>
+
+  - `sudo docker run` — starts a new Docker container. Omit `sudo` if your user is in the `docker` group.  
+  - `--init` — runs an init process inside the container to handle zombie processes.  
+  - `--sig-proxy=false` — prevents Ctrl+C in the attached terminal from stopping the container.  
+  - `--name nextcloud-aio-mastercontainer` — the container name. Do not change this name; mastercontainer updates rely on it.  
+  - `--restart always` — ensures the container restarts automatically with the Docker daemon.  
+  - `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates). Not required if you run AIO behind a reverse proxy.  
+  - `--publish 8080:8080` — publishes the AIO interface (self-signed certificate) on host port 8080. You may map a different host port if 8080 is in use (e.g. `--publish 8081:8080`).  
+  - `--publish 8443:8443` — publishes the AIO interface with a valid certificate on host port 8443 (requires ports 80 and 8443 to be reachable and a domain pointing to your server). Not required if you run AIO behind a reverse proxy.  
+  - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` — stores mastercontainer configuration in the named Docker volume. Do not change this volume name; built-in backups depend on it.  
+  - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` — mounts the Docker socket (read-only) so the mastercontainer can manage other containers. On Windows/macOS or when using rootless Docker, this path may need adjustment; see the platform-specific docs. If you change the socket path, also set `WATCHTOWER_DOCKER_SOCKET_PATH` accordingly. If you prefer not to expose the socket, see the manual-install documentation: [Manual install without docker socket access](https://github.com/nextcloud/all-in-one/tree/main/manual-install)  
+  - `ghcr.io/nextcloud-releases/all-in-one:latest` — the mastercontainer image.
+
+  Additional options can be set with environment variables (for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` to change Nextcloud's datadir on first startup). See the Customization section and example compose file: [compose.yaml](https://github.com/nextcloud/all-in-one/blob/main/compose.yaml) for more options.
 </details>
 
-2. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
-3. Run the command below in order to start the container on Linux and without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already in place:
-    ```
-    # For Linux and without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already in place:
-    sudo docker run \
-    --init \
-    --sig-proxy=false \
-    --name nextcloud-aio-mastercontainer \
-    --restart always \
-    --publish 80:80 \
-    --publish 8080:8080 \
-    --publish 8443:8443 \
-    --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
-    --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-    ghcr.io/nextcloud-releases/all-in-one:latest
-    ```
-    <details>
-    <summary>Explanation of the command</summary>
+> [!TIP]
+> If you want Nextcloud’s data directory in a different location than the default Docker volume, see "How to change the default location of Nextcloud's Datadir" in this README: [How to change the default location of Nextcloud's Datadir](#how-to-change-the-default-location-of-nextclouds-datadir)
 
-    - `sudo docker run` This command spins up a new docker container. Docker commands can optionally be used without `sudo` if the user is added to the docker group (this is not the same as docker rootless, see FAQ below).
-    - `--init` This option makes sure that no zombie-processes are created, ever. See [the Docker documentation](https://docs.docker.com/reference/cli/docker/container/run/#init).
-    - `--sig-proxy=false` This option allows to exit the container shell that gets attached automatically when using `docker run` by using `[CTRL] + [C]` without shutting down the container.
-    - `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail.
-    - `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/
-    - `--publish 80:80` This means that port 80 of the container should get published on the host using port 80. It is used for getting valid certificates for the AIO interface if you want to use port 8443. It is not needed if you run AIO behind a web server or reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
-    - `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080).
-    - `--publish 8443:8443` This means that port 8443 of the container should get published on the host using port 8443. If you publish port 80 and 8443 to the public internet, you can access the AIO interface via this port with a valid certificate. It is not needed if you run AIO behind a web server or reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
-    - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
-    - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
-    - `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used.
-    - Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml
-    </details>
+> [!NOTE]
+> For production usage (and ease of upgrades and changes), we suggest using the example [Compose file](https://github.com/nextcloud/all-in-one/blob/main/compose.yaml) rather than `docker run`.
 
-    Note: You may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
+4. After the initial startup, open the Nextcloud AIO interface on port 8080 of this server **by IP address**, for example:
+```txt
+https://192.168.5.5:8080
+```
 
-4. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>
-E.g. `https://ip.address.of.this.server:8080`<br>
-⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)<br><br>
-If your firewall/router has port 80 and 8443 open/forwarded and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:<br>
-`https://your-domain-that-points-to-this-server.tld:8443`
-5. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
+> [!CAUTION]
+> Use an IP address (not a domain) when accessing the AIO interface on port 8080. Accessing via a domain may work temporarily but is likely to break later due to HSTS.
+
+Port 8080 uses a self-signed certificate that you must accept in your browser.
+
+It is also possible to obtain a valid certificate automatically if your firewall/router forwards ports 80 and 8443 and you point a domain to your server. In that case, access the AIO interface using the dedicated port for this purpose (8443), for example:
+```txt
+https://your-domain-that-points-to-this-server.tld:8443
+```
+
+5. If you enable Nextcloud Talk, open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk (TURN) container.
 
 # FAQ
 - [TOC](#faq)

From 6624330ce505b025b990d74dcdec133bcf32ff44 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 17 Oct 2025 04:21:14 +0000
Subject: [PATCH 235/524] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.6.1.1 to 25.04.6.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.6.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 593c5323..347ae83f 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.6.1.1
+FROM collabora/code:25.04.6.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 2794fb3a7e3c24e781ed57e82db73b0e21b629dc Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 17 Oct 2025 07:40:54 +0200
Subject: [PATCH 236/524] apply suggestion

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/mastercontainer.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/mastercontainer.conf b/Containers/mastercontainer/mastercontainer.conf
index 4effec19..7d294694 100644
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -7,8 +7,8 @@ Listen 8080 https
 </Files>
 
 # Http host
-<VirtualHost *:8000>
-    ServerName localhost
+<VirtualHost 127.0.0.1:8000>
+    ServerName 127.0.0.1
 
     # Add error log
     CustomLog /proc/self/fd/1 proxy

From 8d67d300d380da915cf0a64de5ee4bcce23f4611 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 17 Oct 2025 12:21:33 +0200
Subject: [PATCH 237/524] nextcloud-entrypoint: set max av size back to
 unlimited by default

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile       | 3 ++-
 Containers/nextcloud/entrypoint.sh | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index db59f64a..6e23851f 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -8,8 +8,9 @@ RUN set -ex; \
     chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
     chown -R 100:100 /var/lib/clamav; \
     sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?MaxScanSize.*|MaxScanSize 2G|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \
-    sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize 0|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
     sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index fd8e6136..89d99d29 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -881,7 +881,7 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
         php /var/www/html/occ config:app:set files_antivirus av_port --value="3310"
         php /var/www/html/occ config:app:set files_antivirus av_host --value="$CLAMAV_HOST"
         php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="$CLAMAV_MAX_SIZE"
-        php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="$CLAMAV_MAX_SIZE"
+        php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="-1"
         php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
         if [ -n "$CLAMAV_BLOCKLISTED_DIRECTORIES" ]; then
             php /var/www/html/occ config:app:set files_antivirus av_blocklisted_directories --value="$CLAMAV_BLOCKLISTED_DIRECTORIES"

From 91ade7ed94fe576f17d6dc29f6aa86a766abb3da Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 17 Oct 2025 20:26:22 +0200
Subject: [PATCH 238/524] remove libreoffice

see https://github.com/nextcloud/all-in-one/discussions/6997#discussioncomment-14712015

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/nextcloud/Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 4eae8029..ae54df35 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -230,7 +230,6 @@ RUN set -ex; \
         sudo \
         grep \
         nodejs \
-        libreoffice \
         bind-tools \
         imagemagick \
         imagemagick-svg \

From a176ecdd9f10c403038ccbcc9e2b8b58718572c1 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 17 Oct 2025 20:30:05 +0200
Subject: [PATCH 239/524] remove librewolf from readme

Signed-off-by: Zoey <zoey@z0ey.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 11df8a73..3150c6a2 100644
--- a/readme.md
+++ b/readme.md
@@ -46,7 +46,7 @@ Included are:
 - By default confined (good for security) but can [allow access to additional storages](https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host) in order to enable the usage of the local external storage feature
 - Possibility included to [adjust default installed Nextcloud apps](https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup)
 - Nextcloud installation is not read only - that means you can apply patches if you should need them (instead of having to wait for the next release for them getting applied)
-- `ffmpeg`, `smbclient`, `libreoffice` and `nodejs` are included by default
+- `ffmpeg`, `smbclient` and `nodejs` are included by default
 - Possibility included to [permanently add additional OS packages into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup) without having to build your own Docker image
 - Possibility included to [permanently add additional PHP extensions into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container) without having to build your own Docker image
 - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud) to the Nextcloud container

From c2a040010cb416b0e7d49ddf7bf53c3e988fa86f Mon Sep 17 00:00:00 2001
From: Benjamin Brahmer <info@b-brahmer.de>
Date: Fri, 17 Oct 2025 19:41:28 +0200
Subject: [PATCH 240/524] update nextcloud-exporter image tag to 0.9.0

Signed-off-by: Benjamin Brahmer <info@b-brahmer.de>
---
 community-containers/nextcloud-exporter/nextcloud-exporter.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/nextcloud-exporter/nextcloud-exporter.json b/community-containers/nextcloud-exporter/nextcloud-exporter.json
index f9159a36..e5bf74b8 100644
--- a/community-containers/nextcloud-exporter/nextcloud-exporter.json
+++ b/community-containers/nextcloud-exporter/nextcloud-exporter.json
@@ -5,7 +5,7 @@
             "display_name": "Prometheus Nextcloud Exporter",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter",
             "image": "ghcr.io/xperimental/nextcloud-exporter",
-            "image_tag": "0.8.0",
+            "image_tag": "0.9.0",
             "internal_port": "9205",
             "restart": "unless-stopped",
             "ports": [

From fdb34bd01acb1700f36d854344cf0f9c9d678baa Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Mon, 20 Oct 2025 08:10:25 -0400
Subject: [PATCH 241/524] Merge pull request #6949 from
 nextcloud/jtr/docs-containers-mastercontainer-readme

docs: Add README for `mastercontainer`
---
 Containers/mastercontainer/README.md | 69 ++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 Containers/mastercontainer/README.md

diff --git a/Containers/mastercontainer/README.md b/Containers/mastercontainer/README.md
new file mode 100644
index 00000000..de6b535d
--- /dev/null
+++ b/Containers/mastercontainer/README.md
@@ -0,0 +1,69 @@
+# Nextcloud All-in-One `mastercontainer`
+
+This folder contains the OCI/Docker container definition, along with associated resources and
+configuration files, for building the `mastercontainer` as part of the Nextcloud All-in-One
+project. This container hosts [the Nextcloud AIO interface](
+https://github.com/nextcloud/all-in-one/tree/main/php)[^app], and a dedicated PHP environment
+for it (which is completely independent of the Nextcloud Server).
+
+## Overview
+
+The mastercontainer acts as the central orchestration service for the deployment and management
+of all other containers in the Nextcloud All-in-One stack. It hosts:
+
+- A dedicated PHP SAPI/backend (php-fpm) for AIO itself (not Nextcloud Server)
+- An Apache service for accessing the AIO interface via a self-signed HTTPS VirtualHost on 8080/tcp
+- A Caddy reverse proxy service enabling HTTPS access to the AIO frontend on port 8443/tcp.
+  - Caddy will automatically issue a Let's Encrypt issued certificate if port 80 and 8443
+    is open/forwarded and a domain pointer is in place; then, simply open the Nextcloud AIO interface using the
+    domain (`https://your-domain-that-points-to-this-server.tld:8443`). The Let's Encrypt certificate request will
+    use an [ACME HTTP-01](https://letsencrypt.org/docs/challenge-types/#http-01-challenge) challenge.
+- Miscellaneous support services specific to AIO (backup management, health checks, etc.)
+
+## Key Responsibilities
+
+- Orchestrates the deployment and lifecycle of all Nextcloud service containers
+- Handles initial setup and container configuration
+- Coordinates image updates
+- Monitors general system health
+
+It triggers the initial installation and ensures the smooth operation of the Nextcloud
+All-in-One stack.
+
+## Contents
+
+- **Dockerfile**: Instructions for building the mastercontainer image.
+- **Entrypoint script**: The `start.sh` script is used for container initialization and runtime
+  configuration before starting supervisord.
+- [**Nextcloud All-in-One Controller App**](https://github.com/nextcloud/all-in-one/tree/main/php): The
+  core AIO orchestrator that handles configuration and settings for the containers.
+- **Supervisor**: The `supervisord.conf` file defines the long-running services hosted within
+  the container (php-fpm, cron, etc.)
+
+## Usage
+
+This container should be used as the trigger image when deploying the Nextcloud All-in-One
+stack in a Docker or other OCI-compliant container environment. For detailed deployment
+instructions, refer to the [project documentation](
+https://github.com/nextcloud/all-in-one).
+
+## Related Resources
+
+- [Main Repository](https://github.com/nextcloud/all-in-one)
+- [Documentation](https://github.com/nextcloud/all-in-one#readme)
+
+## Contributing
+
+Contributions are welcome! Please follow the Nextcloud project's guidelines and submit pull
+requests or issues via the main repository.
+
+## License
+
+This folder and its contents are licensed under the
+[GNU AGPLv3](https://www.gnu.org/licenses/agpl-3.0.html), in line with the rest of Nextcloud
+All-in-One.
+
+[^app]: The Nextcloud All-in-One interface allows users to install, configure, and
+manage their Nextcloud instance and related containers via a secure web interface and API.
+It automates and simplifies complex tasks such as container orchestration, backups, updates,
+and service management for users deploying Nextcloud in Docker environments.

From 79824ac83b29812d96ee33668a63a46091fc4fb0 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Mon, 20 Oct 2025 08:58:33 -0400
Subject: [PATCH 242/524] docs: add link to TrueNAS SCALE guidance

---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index 0c412866..9dfc2e77 100644
--- a/readme.md
+++ b/readme.md
@@ -91,6 +91,7 @@ The steps below are written for Linux. For platform-specific guidance see:
 - macOS: [How to run AIO on macOS](#how-to-run-aio-on-macos)
 - Windows: [How to run AIO on Windows](#how-to-run-aio-on-windows)
 - Synology DSM: [How to run AIO on Synology DSM](#how-to-run-aio-on-synology-dsm)
+- TrueNAS SCALE: [Can I run AIO on TrueNAS SCALE?](#can-i-run-aio-on-truenas-scale)
 
 > [!IMPORTANT]  
 > These instructions assume there is no existing web server or reverse proxy (for example Apache, Nginx, Caddy, or Cloudflare Tunnel) that you intend to place in front of AIO. If you plan to run AIO behind an existing web server or reverse proxy, follow the AIO reverse proxy documentation: [Reverse proxy docs](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)

From 4690c8a4df6020114a36b17497d077c141f596ff Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Oct 2025 19:04:20 +0000
Subject: [PATCH 243/524] build(deps): bump playwright and @playwright/test in
 /php/tests

Bumps [playwright](https://github.com/microsoft/playwright) to 1.56.1 and updates ancestor dependency [@playwright/test](https://github.com/microsoft/playwright). These dependencies need to be updated together.


Updates `playwright` from 1.51.1 to 1.56.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.51.1...v1.56.1)

Updates `@playwright/test` from 1.51.1 to 1.56.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.51.1...v1.56.1)

---
updated-dependencies:
- dependency-name: playwright
  dependency-version: 1.56.1
  dependency-type: indirect
- dependency-name: "@playwright/test"
  dependency-version: 1.56.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 php/tests/package-lock.json | 44 +++++++++++--------------------------
 php/tests/package.json      |  2 +-
 2 files changed, 14 insertions(+), 32 deletions(-)

diff --git a/php/tests/package-lock.json b/php/tests/package-lock.json
index ea2b4296..7d7d3383 100644
--- a/php/tests/package-lock.json
+++ b/php/tests/package-lock.json
@@ -7,20 +7,19 @@
     "": {
       "name": "e2e",
       "version": "1.0.0",
-      "license": "ISC",
+      "license": "AGPL-3.0-or-later",
       "devDependencies": {
-        "@playwright/test": "^1.51.1",
-        "@types/node": "^22.13.10"
+        "@playwright/test": "^1.56.1"
       }
     },
     "node_modules/@playwright/test": {
-      "version": "1.51.1",
-      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.51.1.tgz",
-      "integrity": "sha512-nM+kEaTSAoVlXmMPH10017vn3FSiFqr/bh4fKg9vmAdMfd9SDqRZNvPSiAHADc/itWak+qPvMPZQOPwCBW7k7Q==",
+      "version": "1.56.1",
+      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.56.1.tgz",
+      "integrity": "sha512-vSMYtL/zOcFpvJCW71Q/OEGQb7KYBPAdKh35WNSkaZA75JlAO8ED8UN6GUNTm3drWomcbcqRPFqQbLae8yBTdg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright": "1.51.1"
+        "playwright": "1.56.1"
       },
       "bin": {
         "playwright": "cli.js"
@@ -29,16 +28,6 @@
         "node": ">=18"
       }
     },
-    "node_modules/@types/node": {
-      "version": "22.13.10",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.10.tgz",
-      "integrity": "sha512-I6LPUvlRH+O6VRUqYOcMudhaIdUVWfsjnZavnsraHvpBwaEyMN29ry+0UVJhImYL16xsscu0aske3yA+uPOWfw==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "undici-types": "~6.20.0"
-      }
-    },
     "node_modules/fsevents": {
       "version": "2.3.2",
       "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
@@ -55,13 +44,13 @@
       }
     },
     "node_modules/playwright": {
-      "version": "1.51.1",
-      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.51.1.tgz",
-      "integrity": "sha512-kkx+MB2KQRkyxjYPc3a0wLZZoDczmppyGJIvQ43l+aZihkaVvmu/21kiyaHeHjiFxjxNNFnUncKmcGIyOojsaw==",
+      "version": "1.56.1",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.56.1.tgz",
+      "integrity": "sha512-aFi5B0WovBHTEvpM3DzXTUaeN6eN0qWnTkKx4NQaH4Wvcmc153PdaY2UBdSYKaGYw+UyWXSVyxDUg5DoPEttjw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright-core": "1.51.1"
+        "playwright-core": "1.56.1"
       },
       "bin": {
         "playwright": "cli.js"
@@ -74,9 +63,9 @@
       }
     },
     "node_modules/playwright-core": {
-      "version": "1.51.1",
-      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.51.1.tgz",
-      "integrity": "sha512-/crRMj8+j/Nq5s8QcvegseuyeZPxpQCZb6HNk3Sos3BlZyAknRjoyJPFWkpNn8v0+P3WiwqFF8P+zQo4eqiNuw==",
+      "version": "1.56.1",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.56.1.tgz",
+      "integrity": "sha512-hutraynyn31F+Bifme+Ps9Vq59hKuUCz7H1kDOcBs+2oGguKkWTU50bBWrtz34OUWmIwpBTWDxaRPXrIXkgvmQ==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {
@@ -85,13 +74,6 @@
       "engines": {
         "node": ">=18"
       }
-    },
-    "node_modules/undici-types": {
-      "version": "6.20.0",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.20.0.tgz",
-      "integrity": "sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg==",
-      "dev": true,
-      "license": "MIT"
     }
   }
 }
diff --git a/php/tests/package.json b/php/tests/package.json
index ebfa99ec..95aae5a8 100644
--- a/php/tests/package.json
+++ b/php/tests/package.json
@@ -3,6 +3,6 @@
   "version": "1.0.0",
   "license": "AGPL-3.0-or-later",
   "devDependencies": {
-    "@playwright/test": "^1.51.1"
+    "@playwright/test": "^1.56.1"
   }
 }

From c4245657e12f2c74d971584af8245e1dc2f41c47 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 21 Oct 2025 11:52:01 +0200
Subject: [PATCH 244/524] fix typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/calcardbackup/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/calcardbackup/readme.md b/community-containers/calcardbackup/readme.md
index 0bb04a3b..42a218b4 100644
--- a/community-containers/calcardbackup/readme.md
+++ b/community-containers/calcardbackup/readme.md
@@ -2,7 +2,7 @@
 This container packages calcardbackup which is a tool that exports calendars and addressbooks from Nextcloud to .ics and .vcf files and saves them to a compressed file.
   
 ### Notes  
-- Backups will be created at 00:00 CEST every day. Make sure that this does not conflict with the configured daily backups inside AIO.
+- Backups will be created at 00:00 UTC every day. Make sure that this does not conflict with the configured daily backups inside AIO.
 - All the exports will be included in AIOs backup solution
 - You can find the exports in the nextcloud_aio_calcardbackup volume
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack  

From 1fbe2575d4ba30ba482f5866d67174599aefd02d Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 21 Oct 2025 12:03:53 +0000
Subject: [PATCH 245/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 4809bae8..355c5788 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4724,28 +4724,28 @@
         },
         {
             "name": "webmozart/assert",
-            "version": "1.11.0",
+            "version": "1.12.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/webmozarts/assert.git",
-                "reference": "11cb2199493b2f8a3b53e7f19068fc6aac760991"
+                "reference": "541057574806f942c94662b817a50f63f7345360"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/webmozarts/assert/zipball/11cb2199493b2f8a3b53e7f19068fc6aac760991",
-                "reference": "11cb2199493b2f8a3b53e7f19068fc6aac760991",
+                "url": "https://api.github.com/repos/webmozarts/assert/zipball/541057574806f942c94662b817a50f63f7345360",
+                "reference": "541057574806f942c94662b817a50f63f7345360",
                 "shasum": ""
             },
             "require": {
                 "ext-ctype": "*",
+                "ext-date": "*",
+                "ext-filter": "*",
                 "php": "^7.2 || ^8.0"
             },
-            "conflict": {
-                "phpstan/phpstan": "<0.12.20",
-                "vimeo/psalm": "<4.6.1 || 4.6.2"
-            },
-            "require-dev": {
-                "phpunit/phpunit": "^8.5.13"
+            "suggest": {
+                "ext-intl": "",
+                "ext-simplexml": "",
+                "ext-spl": ""
             },
             "type": "library",
             "extra": {
@@ -4776,9 +4776,9 @@
             ],
             "support": {
                 "issues": "https://github.com/webmozarts/assert/issues",
-                "source": "https://github.com/webmozarts/assert/tree/1.11.0"
+                "source": "https://github.com/webmozarts/assert/tree/1.12.0"
             },
-            "time": "2022-06-03T18:03:27+00:00"
+            "time": "2025-10-20T12:43:39+00:00"
         }
     ],
     "aliases": [],

From 6a54eb5a4403f62bb9127065e757a9cfa18d2d8c Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 21 Oct 2025 12:05:17 +0000
Subject: [PATCH 246/524] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 37ece0f4..888d3a38 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -4,7 +4,7 @@ FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.2 AS janus
 
-ARG JANUS_VERSION=v1.3.2
+ARG JANUS_VERSION=v1.3.3
 WORKDIR /src
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 330ca71de26223e7199055420e48b5aa433dcbd1 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 22 Oct 2025 12:03:39 +0000
Subject: [PATCH 247/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 355c5788..09f93f25 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3338,16 +3338,16 @@
         },
         {
             "name": "nikic/php-parser",
-            "version": "v5.6.1",
+            "version": "v5.6.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/nikic/PHP-Parser.git",
-                "reference": "f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2"
+                "reference": "3a454ca033b9e06b63282ce19562e892747449bb"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2",
-                "reference": "f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2",
+                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/3a454ca033b9e06b63282ce19562e892747449bb",
+                "reference": "3a454ca033b9e06b63282ce19562e892747449bb",
                 "shasum": ""
             },
             "require": {
@@ -3390,9 +3390,9 @@
             ],
             "support": {
                 "issues": "https://github.com/nikic/PHP-Parser/issues",
-                "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.1"
+                "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.2"
             },
-            "time": "2025-08-13T20:13:15+00:00"
+            "time": "2025-10-21T19:32:17+00:00"
         },
         {
             "name": "phpdocumentor/reflection-common",

From fb1ca10ab45ef58ff1a44defe4aabb125ce5095b Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Wed, 22 Oct 2025 12:29:55 -0400
Subject: [PATCH 248/524] docs: Revise reverse proxy docs (first pass)

Updated the reverse proxy documentation for Nextcloud AIO, enhancing clarity and structure.

Re-organized top section(s).

Added sections to provide context on integrated versus external reverse proxies versus secure tunnels/proxy platforms.

De-duplicated some content.

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 reverse-proxy.md | 210 ++++++++++++++++++++++++++++-------------------
 1 file changed, 127 insertions(+), 83 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 4d6cc2fa..953f1fd0 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1,67 +1,71 @@
-# Reverse Proxy Documentation
-
-> [!NOTE]
-> Please note that AIO comes secured with TLS out-of-the-box. So you don't need to necessarily set up your own reverse proxy if you only want to run Nextcloud AIO which is much easier. See [the normal readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) in that case. However if port 443 should already be used because you already run a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to follow this reverse proxy documentation to set up Nextcloud AIO.
-
-> [!TIP]
-> If you don't have a domain yet, [Tailscale is recommended](https://github.com/nextcloud/all-in-one/discussions/6817). If you don't have a reverse proxy yet, [Caddy is recommended](https://github.com/nextcloud/all-in-one/discussions/575).
+# Using a reverse proxy or secure tunnel to access Nextcloud AIO
 
 ## Introduction
-In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to:
-1. add a specific config to your web server or reverse proxy. [See the documentation below.](#1-configure-the-reverse-proxy)
-2. specify the port that AIO's integrated Apache container shall use via the environmental variable `APACHE_PORT` (that runs inside its own container and published this port on the host) and adjust the `docker run` command of AIO. [See the documentation below.](#2-use-this-startup-command).
-3. Open the AIO interface at port `8080` and type in and validate your domain. [See the documentation below.](#4-open-the-aio-interface)
 
-Here one example with all reverse proxy settings for Linux:
-```
-sudo docker run \
---init \
---sig-proxy=false \
---name nextcloud-aio-mastercontainer \
---restart always \
---publish 8080:8080 \
---env APACHE_PORT=11000 \
---env APACHE_IP_BINDING=0.0.0.0 \
---env APACHE_ADDITIONAL_NETWORK="" \
---env SKIP_DOMAIN_VALIDATION=false \
---volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
---volume /var/run/docker.sock:/var/run/docker.sock:ro \
-ghcr.io/nextcloud-releases/all-in-one:latest
-```
+This guide explains how to connect to Nextcloud AIO securely via HTTPS (TLS) using a reverse proxy or a secure tunnel/proxying platform. It covers:
 
-<details>
+- Integrated: AIO's internal reverse proxy
+- External: an external reverse proxy such as Caddy or Nginx
+- Secure tunnel: a Zero Trust Network Access platform such as Tailscale or Cloudflare Tunnel
 
-<summary>Explanation of the command</summary>
-
-- `sudo docker run` This command spins up a new docker container. Docker commands can optionally be used without `sudo` if the user is added to the docker group (this is not the same as docker rootless, see FAQ in the normal readme).
-- `--init` This option makes sure that no zombie-processes are created, ever. See [the Docker documentation](https://docs.docker.com/reference/cli/docker/container/run/#init).
-- `--sig-proxy=false` This option allows to exit the container shell that gets attached automatically when using `docker run` by using `[CTRL] + [C]` without shutting down the container.
-- `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail.
-- `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/
-- `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080).
-- `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at.
-- `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container)
-- `--env APACHE_ADDITIONAL_NETWORK=""` This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. [See this documentation](#adapting-the-sample-web-server-configurations-below)
-- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#7-how-to-debug-things).
-- `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
-- `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
-- `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used.
-- Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml
-
-</details>
-
-> [!Note] 
-> If you run into troubles, see [the debug section](#7-how-to-debug-things).
-
----
-
-> [!IMPORTANT] 
-> If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
+> [!TIP]
+> If AIO's internal reverse proxy meets your needs, you may not need to set up your own reverse proxy. See the next section to assess whether this is the case.
 
 > [!NOTE]
-> Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because it will fail!
+> If your goal is to use AIO purely locally, refer to the [Local instance documentation](https://github.com/nextcloud/all-in-one/blob/main/local-instance.md).
 
-## Content
+### Integrated: Using AIO's internal reverse proxy with built-in HTTPS support
+
+Nextcloud AIO is secured with TLS (HTTPS) out of the box via its internal reverse proxy. The integrated HTTPS support works well if your goal is to make AIO accessible from the public Internet and to ensure all traffic is encrypted with HTTPS.
+
+Requirements:
+- A public IP address (it does **not** need to be a dedicated public IP).
+- Port `443/tcp` on that IP must be dedicated to AIO, and port 443 must be opened/forwarded on the internet-facing firewall/router to the AIO host.[^talkPort]
+
+**If AIO's integrated HTTPS support and internal reverse proxy meet your requirements, you do not need to proceed further — follow the [standard Nextcloud AIO instructions](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) instead.**.
+
+### External: Using AIO with an external reverse proxy (e.g., *Caddy, Nginx*)
+
+A reverse proxy (or a web server acting as a reverse proxy) enables multiple web applications to share the same IP address and/or port (for example `443/tcp`) by directing traffic based on each application's hostname (often called "virtual hosts"). Incoming requests reach the reverse proxy and are then forwarded to the appropriate internal IP address, port, or container based on the requested hostname.
+
+Most notably, an external reverse proxy allows you to:
+- share one external IP address among multiple hostnames/web applications, and
+- use a different internal port than the externally used port.
+
+Using an existing external reverse proxy is required in particular if port `443/tcp` on your public IP is already in use by another web application or by an existing web server/reverse proxy (for example Caddy or Nginx).
+
+> [!TIP]
+> Examples of web servers or reverse proxies you might already be running include Apache, Caddy, Nginx, Traefik, and HAProxy — but only if they are bound to port `443/tcp` on the IP address you plan to associate with AIO.
+
+> [!NOTE]
+> An external reverse proxy can also facilitate other routing approaches (for example shared-hostname / subfolder-based routing), but Nextcloud AIO only supports webroot-based (non-shared-hostname) access, so those scenarios are not applicable here.[^shared]
+
+### Secure tunnel: Using AIO with a Zero Trust Network Access platform (*Tailscale, Cloudflare*)
+
+Cloudflare and Tailscale provide Zero Trust Network Access services. For AIO we are primarily concerned with:
+
+- Cloudflare Tunnel / Cloudflare Proxy
+- Tailscale Serve / Tailscale Funnel
+
+> [!TIP]
+> Because of how [Cloudflare's Tunnel/Proxy operate](https://github.com/nextcloud/all-in-one/tree/main?tab=readme-ov-file#notes-on-cloudflare-proxytunnel), we recommend using Tailscale with Nextcloud when possible. Tailscale typically offers better performance and fewer trade-offs/limitations for Nextcloud.
+
+## Deployment
+
+### Quick overview
+
+To run Nextcloud AIO behind an external reverse proxy or secure tunneling/proxying service (instead of using AIO's integrated reverse proxy), you need to:
+
+1. Add a specific configuration to your web server or reverse proxy. See ["Configuring your reverse proxy"](#1-configure-the-reverse-proxy) below.
+2. Specify the port that AIO's integrated Apache container will use via the environment variable `APACHE_PORT`. The Apache container runs in its own container and publishes that port on the host — update the `docker run` command (or your Compose file) accordingly. See ["Use this startup command"](#2-use-this-startup-command) below.
+3. Open the AIO interface at port `8080` and enter and validate your domain. See ["Open the AIO interface"](#4-open-the-aio-interface) below.
+
+Don't worry if these steps are not clear yet — each is expanded on in the sections below.
+
+> [!TIP]
+> If you don't have a domain yet, we recommend [an approach using Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817). If you don't have an external reverse proxy yet, we recommend [Caddy](https://github.com/nextcloud/all-in-one/discussions/575).
+
+### Getting Started
 
 The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)**
@@ -72,9 +76,19 @@ The process to run Nextcloud behind a reverse proxy consists of at least steps 1
 1. Optional: get a valid certificate for the AIO interface! See [point 6](#6-optional-get-a-valid-certificate-for-the-aio-interface)
 1. Optional: how to debug things? See [point 7](#7-how-to-debug-things)
 
-## 1. Configure the reverse proxy
+> [!Note] 
+> If you run into troubles, see [the debug section](#7-how-to-debug-things).
+
+> [!IMPORTANT] 
+> If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
+
+> [!NOTE]
+> Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because it will fail!
+
+### 1. Configure the reverse proxy
+
+#### Adapting the sample web server configurations below
 
-### Adapting the sample web server configurations below
 1. Replace `<your-nc-domain>` with the domain on which you want to run Nextcloud.
 1. Adjust the port `11000` to match your chosen `APACHE_PORT`.
 1. Adjust `localhost` or `127.0.0.1` to point to the Nextcloud server IP or domain depending on where the reverse proxy is running. See the following options.
@@ -108,7 +122,7 @@ The process to run Nextcloud behind a reverse proxy consists of at least steps 1
 
     </details>
 
-### Apache
+##### Apache
 
 <details>
 
@@ -188,7 +202,7 @@ To make the config work you can run the following command:
 
 </details>
 
-### Caddy (recommended)
+##### Caddy (recommended)
 
 <details>
 
@@ -211,7 +225,7 @@ The Caddyfile is a text file called `Caddyfile` (no extension) which – if you
 
 </details>
 
-### Caddy with ACME DNS-challenge
+##### Caddy with ACME DNS-challenge
 
 <details>
 
@@ -239,7 +253,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 
 </details>
 
-### OpenLiteSpeed
+##### OpenLiteSpeed
 
 <details>
 
@@ -249,7 +263,7 @@ You can find the OpenLiteSpeed reverse proxy guide by @MorrowShore here: https:/
 
 </details>
 
-### Citrix ADC VPX / Citrix Netscaler
+##### Citrix ADC VPX / Citrix Netscaler
 
 <details>
 
@@ -259,7 +273,7 @@ For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see thi
 
 </details>
 
-### Cloudflare Tunnel
+##### Cloudflare Tunnel
 
 <details>
 
@@ -278,7 +292,7 @@ Although it does not seem like it is the case but from AIO perspective a Cloudfl
 
 </details>
 
-### HaProxy
+##### HAProxy
 
 <details>
 
@@ -375,7 +389,7 @@ backend Nextcloud
 
 </details>
 
-### Nginx, Freenginx, Openresty, Angie
+##### Nginx, Freenginx, Openresty, Angie
 
 <details>
 
@@ -474,7 +488,7 @@ server {
 
 </details>
 
-### NPMplus (Fork of Nginx-Proxy-Manager - NPM)
+##### NPMplus (Fork of Nginx-Proxy-Manager - NPM)
 
 <details>
 
@@ -505,7 +519,7 @@ Second, see these screenshots for a working config:
 
 </details>
 
-### Nginx-Proxy-Manager - NPM
+##### Nginx-Proxy-Manager - NPM
 
 <details>
 
@@ -538,7 +552,7 @@ Also change `<you>@<your-mail-provider-domain>` to a mail address of yours.
 
 </details>
 
-### Nginx-Proxy
+##### Nginx-Proxy
 
 <details>
 
@@ -554,7 +568,7 @@ Apart from that, there is a [manual-install](https://github.com/nextcloud/all-in
 
 </details>
 
-### Node.js with Express
+##### Node.js with Express
 
 <details>
 
@@ -641,7 +655,7 @@ httpServer.on('upgrade', (req, socket, head) => {
 
 </details>
 
-### Synology Reverse Proxy
+##### Synology Reverse Proxy
 
 <details>
 
@@ -659,7 +673,7 @@ See these screenshots for a working config:
 
 </details>
 
-### Traefik 2
+##### Traefik 2
 
 <details>
 
@@ -751,7 +765,7 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 </details>
 
-### Traefik 3
+##### Traefik 3
 
 <details>
 
@@ -837,7 +851,7 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 </details>
 
-### IIS with ARR and URL Rewrite
+##### IIS with ARR and URL Rewrite
 
 <details>
 
@@ -907,7 +921,7 @@ Add the following `web.config` file to the root of the site you created as the r
 
 </details>
 
-### Tailscale
+##### Tailscale
 
 <details>
 
@@ -918,7 +932,7 @@ For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333]
 </details>
 
 
-### Others
+##### Others
 
 <details>
 
@@ -928,7 +942,7 @@ Config examples for other reverse proxies are currently not documented. Pull req
 
 </details>
 
-## 2. Use this startup command
+### 2. Use this startup command
 
 After adjusting your reverse proxy config, use the following command to start AIO:<br>
 
@@ -951,6 +965,27 @@ sudo docker run \
 ghcr.io/nextcloud-releases/all-in-one:latest
 ```
 
+<details>
+
+<summary>Explanation of the command</summary>
+
+- `sudo docker run` This command spins up a new docker container. Docker commands can optionally be used without `sudo` if the user is added to the docker group (this is not the same as docker rootless, see FAQ in the normal readme).
+- `--init` This option makes sure that no zombie-processes are created, ever. See [the Docker documentation](https://docs.docker.com/reference/cli/docker/container/run/#init).
+- `--sig-proxy=false` This option allows to exit the container shell that gets attached automatically when using `docker run` by using `[CTRL] + [C]` without shutting down the container.
+- `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail.
+- `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/
+- `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080).
+- `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at.
+- `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container)
+- `--env APACHE_ADDITIONAL_NETWORK=""` This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. [See this documentation](#adapting-the-sample-web-server-configurations-below)
+- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#7-how-to-debug-things).
+- `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
+- `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
+- `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used.
+- Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml
+
+</details>
+
 Note: you may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 
 You should also think about limiting the Apache container to listen only on localhost in case the reverse proxy is running on the same host and in the host network, by providing an additional environmental variable to this docker run command. See [point 3](#3-limit-the-access-to-the-apache-container).
@@ -989,17 +1024,17 @@ On Synology DSM see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-sy
 
 Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/compose.yaml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
 
-## 3. Limit the access to the Apache container
+### 3. Limit the access to the Apache container
 
 Use this environment variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `--env APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to `0.0.0.0`.
 
-## 4. Open the AIO interface
+### 4. Open the AIO interface
 
 After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080` and type in and validate the domain that you have configured.<br>
 ⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)<br>
 Enter your domain in the AIO interface that you've used in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
 
-## 5. Optional: Configure AIO for reverse proxies that connect to nextcloud using an ip-address and not localhost nor 127.0.0.1
+### 5. Optional: Configure AIO for reverse proxies that connect to nextcloud using an ip-address and not localhost nor 127.0.0.1
 If your reverse proxy connects to nextcloud using an ip-address and not localhost or 127.0.0.1<sup>*</sup> you must make the following configuration changes
 
 <small>*: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1`</small>
@@ -1011,7 +1046,7 @@ Add the IP it uses connect to AIO to the Nextcloud trusted_proxies like this:
 sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 2 --value=ip.address.of.proxy
 ```
 
-### Collabora WOPI allow list
+#### Collabora WOPI allow list
 If your reverse proxy connects to Nextcloud with an IP address that is different from the one for your domain<sup>*</sup> and you are using the Collabora server then you must also add the IP to the WOPI request allow list via `Administration Settings > Administration > Office > Allow list for WOPI requests`.
 
 <small>*: For example, the reverse proxy has a public globally routable IP and connects to your AIO instance via Tailscale with an IP in the `100.64.0.0/10` range, or you are using a Cloudflare tunnel ([cloudflare notes](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#notes-on-cloudflare-proxytunnel): You must add all [Cloudflare IP-Ranges](https://www.cloudflare.com/ips/) to the WOPI allowlist.)</small>
@@ -1037,7 +1072,8 @@ https://<your-nc-domain>:8443 {
 
 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
 
-## 7. How to debug things?
+### 7. How to debug things?
+
 <a id="how-to-debug"></a> <!-- for external linking -->
 <a id="6-how-to-debug-things"></a> <!-- For backwards compatibility-->
 
@@ -1057,7 +1093,8 @@ If something does not work, follow the steps below:
 1. Try to configure everything from scratch - if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance.
 1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!
 
-## 8. Removing the reverse proxy
+### 8. Removing the reverse proxy
+
 If you, at some point, want to remove the reverse proxy, here are some general steps:
 1. Stop all running containers in the AIO Interface.
 2. Stop and remove the mastercontainer.
@@ -1075,3 +1112,10 @@ If you, at some point, want to remove the reverse proxy, here are some general s
 
     *The first command ensures that the Apache container is listening on all available network interfaces and the second command configures it to listen to port 443.*
 5. Restart all other containers in the AIO interface. 
+
+---
+
+## Footnotes:
+
+[^talkPort]: Ports 3478/TCP and 3478/UDP are also required if using Nextcloud Talk (but they're less likely to conflict with existing services).
+[^shared]: Other Nextcloud Server deployment methods (but not AIO) can be deployed behind shared hostnames and accessed via subfolder-based URLs. For example, this is supported with Bare Metal (Archive) and the micro-services Docker image, among others.  Note that pure subfolder deployments are less and less required these days, with the broad support for virtual host based access (including at the reverse proxy level), which easily faciliates port IP address and external port sharing.

From 3a7d77a7660d4157e0166cc07eadbcaea9f7a792 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Wed, 22 Oct 2025 12:36:09 -0400
Subject: [PATCH 249/524] fix: make headers consistent

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 reverse-proxy.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 953f1fd0..80aa7e10 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1039,7 +1039,7 @@ If your reverse proxy connects to nextcloud using an ip-address and not localhos
 
 <small>*: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1`</small>
 
-### Nextcloud trusted proxies
+#### Nextcloud trusted proxies
 Add the IP it uses connect to AIO to the Nextcloud trusted_proxies like this:
 
 ```
@@ -1051,11 +1051,11 @@ If your reverse proxy connects to Nextcloud with an IP address that is different
 
 <small>*: For example, the reverse proxy has a public globally routable IP and connects to your AIO instance via Tailscale with an IP in the `100.64.0.0/10` range, or you are using a Cloudflare tunnel ([cloudflare notes](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#notes-on-cloudflare-proxytunnel): You must add all [Cloudflare IP-Ranges](https://www.cloudflare.com/ips/) to the WOPI allowlist.)</small>
 
-### External reverse proxies connecting via VPN (e.g. Tailscale)
+#### External reverse proxies connecting via VPN (e.g. Tailscale)
 
 If your reverse proxy is outside your LAN and connecting via VPN such as Tailscale, you may want to set `APACHE_IP_BINDING=AIO.VPN.host.IP` to ensure only traffic coming from the VPN can connect.
 
-## 6. Optional: get a valid certificate for the AIO interface
+### 6. Optional: get a valid certificate for the AIO interface
 
 If you want to also access your AIO interface publicly with a valid certificate, you can add e.g. the following config to your Caddyfile:
 

From d107cccb92428d018c88835078abcc9979fab2aa Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Wed, 22 Oct 2025 13:39:55 -0400
Subject: [PATCH 250/524] chore: fix typo

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 80aa7e10..8cf0bb74 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1118,4 +1118,4 @@ If you, at some point, want to remove the reverse proxy, here are some general s
 ## Footnotes:
 
 [^talkPort]: Ports 3478/TCP and 3478/UDP are also required if using Nextcloud Talk (but they're less likely to conflict with existing services).
-[^shared]: Other Nextcloud Server deployment methods (but not AIO) can be deployed behind shared hostnames and accessed via subfolder-based URLs. For example, this is supported with Bare Metal (Archive) and the micro-services Docker image, among others.  Note that pure subfolder deployments are less and less required these days, with the broad support for virtual host based access (including at the reverse proxy level), which easily faciliates port IP address and external port sharing.
+[^shared]: Other Nextcloud Server deployment methods (but not AIO) can be deployed behind shared hostnames and accessed via subfolder-based URLs. For example, this is supported with Bare Metal (Archive) and the micro-services Docker image, among others.  Note that pure subfolder deployments are less and less required these days, with the broad support for virtual host based access (including at the reverse proxy level), which easily facilitates port IP address and external port sharing.

From c53308ab3286664e44f7fa0db12f5a9c48fc6c3c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 23 Oct 2025 13:56:56 +0200
Subject: [PATCH 251/524] update `nextcloud-aio-minio` to `v2`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/minio/minio.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/minio/minio.json b/community-containers/minio/minio.json
index 2403f213..50613202 100644
--- a/community-containers/minio/minio.json
+++ b/community-containers/minio/minio.json
@@ -2,7 +2,7 @@
     "aio_services_v1": [
         {
             "container_name": "nextcloud-aio-minio",
-            "image_tag": "v1",
+            "image_tag": "v2",
             "display_name": "Minio S3 Storage",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/minio",
             "image": "ghcr.io/szaimen/aio-minio",

From 1968cd3b362aaf267c137f28e59bda4e9a40f242 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 24 Oct 2025 04:19:59 +0000
Subject: [PATCH 252/524] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.5 to 8.19.6.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 980fe275..a50aee53 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.5
+FROM elasticsearch:8.19.6
 
 USER root
 

From 152f1e375b86fd04048f8919f1f51809e64467e1 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 24 Oct 2025 07:25:45 +0000
Subject: [PATCH 253/524] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 4eae8029..a94e41e2 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=31.0.9
+ENV NEXTCLOUD_VERSION=31.0.10
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 8fb2f84440867a8db5208ec25d66ee161cd30492 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 24 Oct 2025 09:29:30 +0200
Subject: [PATCH 254/524] increase to 11.11.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 8db6beb6..16a240dc 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.10.0</h1>
+            <h1>Nextcloud AIO v11.11.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From fc9265653ee1e9c6faf86e52b153443dfdae839e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 24 Oct 2025 09:48:00 +0200
Subject: [PATCH 255/524] nextcloud: download nextcloud archive file from
 github instead of download.nextcloud.com

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index a94e41e2..c5ab4985 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -156,7 +156,7 @@ RUN set -ex; \
     ; \
     \
     curl -fsSL -o nextcloud.tar.bz2 \
-        "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
+        "https://github.com/nextcloud-releases/server/releases/download/v${NEXTCLOUD_VERSION}/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
     curl -fsSL -o nextcloud.tar.bz2.asc \
         "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \

From 5568c78293cdec239a560a7060aed34af5e66ecd Mon Sep 17 00:00:00 2001
From: masterwoot <company+github.com@maganti.se>
Date: Fri, 24 Oct 2025 09:59:57 +0200
Subject: [PATCH 256/524] Update backupscript.sh

Typo in string messages, changing from "Nextclouds data directory.." to "Nextcloud's data directory.." as it's in the possessive form.

Signed-off-by: masterwoot <company+github.com@maganti.se>
---
 Containers/borgbackup/backupscript.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 602ec586..41c05724 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -199,7 +199,7 @@ if [ "$BORG_MODE" = backup ]; then
     if [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.noaiobackup" ]; then
         BORG_EXCLUDE+=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/")
         BORG_INCLUDE+=(--pattern="+/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.noaiobackup")
-        echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextclouds data directory. Excluding the data directory from backup!"
+        echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextcloud's data directory. Excluding the data directory from backup!"
     # Exclude preview folder if .noaiobackup file was found
     elif [ -f /nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/.noaiobackup ]; then
         BORG_EXCLUDE+=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/")
@@ -344,7 +344,7 @@ if [ "$BORG_MODE" = restore ]; then
         ADDITIONAL_RSYNC_EXCLUDES=(--exclude "nextcloud_aio_nextcloud_data/**")
         ADDITIONAL_BORG_EXCLUDES=(--exclude "sh:nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/**")
         ADDITIONAL_FIND_EXCLUDES=(-o -regex 'nextcloud_aio_volumes/nextcloud_aio_nextcloud_data\(/.*\)?')
-        echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextclouds data directory. Excluding the data directory from restore!"
+        echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextcloud's data directory. Excluding the data directory from restore!"
         echo "You might run into problems due to this afterwards as potentially this makes the directory go out of sync with the database."
         echo "You might be able to fix this by running 'occ files:scan --all' and 'occ maintenance:repair' and 'occ files:scan-app-data' after the restore."
         echo "See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands"

From bf42de65dacf05471305776aa41f24e9582f0077 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Oct 2025 04:21:21 +0000
Subject: [PATCH 257/524] build(deps): bump php in /Containers/mastercontainer

Bumps php from 8.4.13-fpm-alpine3.22 to 8.4.14-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.14-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c1cbaa59..20f22421 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:28.5.1-cli AS docker
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
-FROM php:8.4.13-fpm-alpine3.22
+FROM php:8.4.14-fpm-alpine3.22
 
 EXPOSE 80
 EXPOSE 8080

From 19d5ad2a794503ed1b3992ed05991667b4a61327 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Oct 2025 04:21:59 +0000
Subject: [PATCH 258/524] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.6-alpine to 3.2.7-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.7-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 72034cec..ad128d54 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.6-alpine
+FROM haproxy:3.2.7-alpine
 
 # hadolint ignore=DL3002
 USER root

From 2598f1b983b883d45224c71f2a673f1cb310c040 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Oct 2025 04:22:17 +0000
Subject: [PATCH 259/524] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.26-fpm-alpine3.22 to 8.3.27-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.27-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index c5ab4985..0250f067 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.26-fpm-alpine3.22
+FROM php:8.3.27-fpm-alpine3.22
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From b7c6ab018de93f361a9e38f70392f9e5b6b0d3da Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Oct 2025 04:22:30 +0000
Subject: [PATCH 260/524] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.3.0 to v1.4.0.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.4.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index e60bb815..f90dfdee 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.3.0
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.0
 
 USER root
 RUN set -ex; \

From 68f7958c1253a522b5f80cdfdc730b0fd5406f5e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 27 Oct 2025 11:37:12 +0100
Subject: [PATCH 261/524] update detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md
index edf6c779..cb31e601 100755
--- a/nextcloud-aio-helm-chart/readme.md
+++ b/nextcloud-aio-helm-chart/readme.md
@@ -1,7 +1,7 @@
 # Nextcloud AIO Helm-chart
 
 > [!NOTE]
-> For an enterprise-ready and scalable deployment method based on Helm Charts (also available for Podman), please [contact Nextcloud GmbH](https://nextcloud.com/enterprise/).
+> For an enterprise-ready and scalable deployment method based on Helm Charts (also available for Podman and OpenShift), please [contact Nextcloud GmbH](https://nextcloud.com/enterprise/).
 
 > [!IMPORTANT]
 > This Helm-Chart is not intended to be used with Ingress as it handles TLS itself via the built-in apache container and exposes a Loadbalancer port itself on the Cluster. See the [apache service](https://github.com/nextcloud/all-in-one/blob/main/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml). However if the Cluster is used behind NAT, you can adjust `APACHE_PORT` to a different one than 443 and do the TLS offloading on an external Reverse Proxy that forwards the traffic to the configured port via http. If you really need the Ingress feature, please [contact Nextcloud GmbH](https://nextcloud.com/enterprise/) as we offer an enterprise-ready and scalable deployment method based on Helm Charts that also allows Ingress to be used.

From 8a3befadddb10a272a2970093d05db8e951720e8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Oct 2025 14:04:50 +0000
Subject: [PATCH 262/524] build(deps): bump actions/upload-artifact in
 /.github/workflows

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/playwright.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 9de89243..8c7b0a93 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -82,7 +82,7 @@ jobs:
             exit 1
           fi
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v5
         if: ${{ !cancelled() }}
         with:
           name: playwright-report

From 6c3f2e41ff4b2673ba464e1d84daedade1750879 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 27 Oct 2025 18:23:21 +0100
Subject: [PATCH 263/524] add DeepWiki badge to auto-refresh the wiki

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/readme.md b/readme.md
index 9dfc2e77..80f8808c 100644
--- a/readme.md
+++ b/readme.md
@@ -1143,3 +1143,11 @@ AIO ships its own update notifications implementation. It checks if container up
 
 ### Huge docker logs
 If you should run into issues with huge docker logs, you can adjust the log size by following https://docs.docker.com/config/containers/logging/local/#usage. However for the included AIO containers, this should usually not be needed because almost all of them have the log level set to warn so they should not produce many logs.
+
+<details>
+
+<summary>Badges</summary>
+
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/nextcloud/all-in-one)
+
+</details>

From 68edc82bf4ac950f4c51cfff3dd00508a582ba45 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 29 Oct 2025 13:30:43 +0100
Subject: [PATCH 264/524] watchtower: revert to building watchtower manually

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/watchtower-update.yml | 36 +++++++++++++++++++++++++
 Containers/watchtower/Dockerfile        | 12 +++++++--
 2 files changed, 46 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/watchtower-update.yml

diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
new file mode 100644
index 00000000..329cd284
--- /dev/null
+++ b/.github/workflows/watchtower-update.yml
@@ -0,0 +1,36 @@
+name: watchtower-update
+
+on:
+  workflow_dispatch:
+  schedule:
+  - cron:  '00 12 * * *'
+
+jobs:
+  watchtower-update:
+    name: update watchtower
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v5
+    - name: Run watchtower-container-update
+      run: |
+        # Watchtower
+        watchtower_version="$(
+          git ls-remote https://github.com/nicholas-fedor/watchtower v* \
+            | cut -d/ -f3 \
+            | sort -V \
+            | grep -E "^v[0-9\.]+$" \
+            | tail -1
+        )"
+        watchtower_commit_hash="$(git ls-remote https://github.com/nicholas-fedor/watchtower $watchtower_version | sed 's/refs.*//')"
+        sed -i "s|^ENV WATCHTOWER_COMMIT_HASH.*$|ENV WATCHTOWER_COMMIT_HASH=$watchtower_commit_hash # $watchtower_version|" ./Containers/watchtower/Dockerfile
+        
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      with:
+        commit-message: watchtower-update automated change
+        signoff: true
+        title: watchtower container update
+        body: Automated watchtower container update
+        labels: dependencies, 3. to review
+        milestone: next
+        branch: watchtower-container-update
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index c2b38b18..e3858248 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,13 @@
 # syntax=docker/dockerfile:latest
-FROM ghcr.io/nicholas-fedor/watchtower:1.12.1 AS watchtower
+FROM golang:1.25.3-alpine3.22 AS go
+
+ENV WATCHTOWER_COMMIT_HASH=v1.12.1
+
+RUN set -ex; \
+    apk upgrade --no-cache -a; \
+    apk add --no-cache \
+        build-base; \
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH;
 
 FROM alpine:3.22.2
 
@@ -7,7 +15,7 @@ RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash ca-certificates tzdata
 
-COPY --from=watchtower /watchtower /watchtower
+COPY --from=go /go/bin/watchtower /watchtower
 
 COPY --chmod=775 start.sh /start.sh
 

From e2614defe02501dffb0a13aac067c7beba16b663 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 29 Oct 2025 14:54:36 +0100
Subject: [PATCH 265/524] helm: adjust externalTrafficPolicy to Local only for
 apache container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 80882854..9c249cb1 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -252,7 +252,7 @@ find ./ -name '*talk-service.yaml' -exec grep -v '{{ .Values.TALK.*}}\|protocol:
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec mv /tmp/talk-service.copy \{} \;
 # shellcheck disable=SC1083
-find ./ -name '*service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \;
+find ./ -name '*apache-service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*service.yaml' -exec sed -i "/^spec:/a\ \ ipFamilyPolicy: PreferDualStack" \{} \;
 # shellcheck disable=SC1083

From 5289da58d6ac876321dc5af032ee7efc8c0887ed Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Thu, 30 Oct 2025 14:34:46 -0400
Subject: [PATCH 266/524] docs: further enhance reverse proxy / secure tunnel
 docs

Further updated the guide to clarify the use of reverse proxies and secure tunnels with Nextcloud AIO.

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 reverse-proxy.md | 159 ++++++++++++++++++++++++++++++++++-------------
 1 file changed, 115 insertions(+), 44 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 8cf0bb74..b1eb353c 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -2,88 +2,150 @@
 
 ## Introduction
 
-This guide explains how to connect to Nextcloud AIO securely via HTTPS (TLS) using a reverse proxy or a secure tunnel/proxying platform. It covers:
+This guide explains how to connect to Nextcloud AIO securely via HTTPS (TLS) using a reverse proxy or a secure tunneling platform. It covers several potential scenarios:
 
-- Integrated: AIO's internal reverse proxy
-- External: an external reverse proxy such as Caddy or Nginx
-- Secure tunnel: a Zero Trust Network Access platform such as Tailscale or Cloudflare Tunnel
+- **Integrated**: AIO's built-in reverse proxy with automatic HTTPS
+- **External**: An external reverse proxy (such as Caddy or Nginx or Cloudflare Proxy)
+- **Secure tunnel**: Tunneling services for private network access or public access without port forwarding (such as Tailscale Serve or Cloudflare Tunnel)
+
+## Choosing Your Approach
 
 > [!TIP]
 > If AIO's internal reverse proxy meets your needs, you may not need to set up your own reverse proxy. See the next section to assess whether this is the case.
 
 > [!NOTE]
-> If your goal is to use AIO purely locally, refer to the [Local instance documentation](https://github.com/nextcloud/all-in-one/blob/main/local-instance.md).
+> If your goal is to use AIO purely locally, refer to the [Local instance documentation](https://github.com/nextcloud/all-in-one/blob/main/local-instance.md). Local instance setups don't require domain validation.
+
+### When to use each approach
+
+| Approach | Best for | Requirements | Inbound Ports Required |
+|----------|----------|--------------|---------------|
+| **Integrated** | Simple setups, single service on port 443 | Public IP, dedicated port 443 | Yes (443) |
+| **External Reverse Proxy** (including Cloudflare Proxy) | Multiple services, existing web server, or users wanting DDoS protection | Existing reverse proxy, willingness to set one up, or Cloudflare account | Yes (443) |
+| **Cloudflare Tunnel** | No port forwarding possible/desired, public access | Cloudflare account | No |
+| **Tailscale Serve** | Private access (tailnet only) | Tailscale account | No |
+| **Tailscale Funnel** | Public access via Tailscale | Tailscale account | No |
+
+## Implementation Details
 
 ### Integrated: Using AIO's internal reverse proxy with built-in HTTPS support
 
 Nextcloud AIO is secured with TLS (HTTPS) out of the box via its internal reverse proxy. The integrated HTTPS support works well if your goal is to make AIO accessible from the public Internet and to ensure all traffic is encrypted with HTTPS.
 
 Requirements:
-- A public IP address (it does **not** need to be a dedicated public IP).
-- Port `443/tcp` on that IP must be dedicated to AIO, and port 443 must be opened/forwarded on the internet-facing firewall/router to the AIO host.[^talkPort]
+- A public IP address that is reachable from the Internet (it does **not** need to be static, but it must not be behind carrier-grade NAT, which some ISPs use to share IP addresses among multiple customers).
+- Port `443/tcp` on that IP must be available for AIO's exclusive use, and it must be opened/forwarded on your internet-facing firewall/router to the AIO host.[^talkPort]
 
-**If AIO's integrated HTTPS support and internal reverse proxy meet your requirements, you do not need to proceed further — follow the [standard Nextcloud AIO instructions](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) instead.**.
+**If AIO's integrated HTTPS support and internal reverse proxy meet your requirements, you do not need to proceed further. Follow the [standard Nextcloud AIO instructions](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this).**
 
-### External: Using AIO with an external reverse proxy (e.g., *Caddy, Nginx*)
+### External: Using AIO with an external reverse proxy (e.g., *Caddy, Nginx, Cloudflare Proxy*)
+
+**When you use an external reverse proxy, you disable AIO's built-in HTTPS support** because your reverse proxy will handle HTTPS/TLS certificates and encryption instead. This approach is necessary when:
+- Port 443 is already in use by another service
+- You want to run multiple web services on the same IP address
+- You already have an existing reverse proxy infrastructure
 
 A reverse proxy (or a web server acting as a reverse proxy) enables multiple web applications to share the same IP address and/or port (for example `443/tcp`) by directing traffic based on each application's hostname (often called "virtual hosts"). Incoming requests reach the reverse proxy and are then forwarded to the appropriate internal IP address, port, or container based on the requested hostname.
 
+**Types of external reverse proxies:**
+- **Self-hosted** (Caddy, Nginx, Apache, Traefik, HAProxy, etc.) - You manage the reverse proxy on your own server or separate server
+- **Cloudflare Proxy** (orange-clouded DNS) - Cloudflare provides the reverse proxy at their edge network with DDoS protection and CDN benefits. This is distinct from Cloudflare Tunnel, though Tunnel can optionally use these proxy features when publishing routes.
+
 Most notably, an external reverse proxy allows you to:
 - share one external IP address among multiple hostnames/web applications, and
 - use a different internal port than the externally used port.
 
 Using an existing external reverse proxy is required in particular if port `443/tcp` on your public IP is already in use by another web application or by an existing web server/reverse proxy (for example Caddy or Nginx).
 
+> [!NOTE]
+> Cloudflare **Tunnel** and Cloudflare **Proxy** are different approaches:
+> - **Cloudflare Tunnel** doesn't require opening any inbound ports on your firewall.
+> - **Cloudflare Proxy** still requires port 443 exposed on your server.
+
 > [!TIP]
 > Examples of web servers or reverse proxies you might already be running include Apache, Caddy, Nginx, Traefik, and HAProxy — but only if they are bound to port `443/tcp` on the IP address you plan to associate with AIO.
 
 > [!NOTE]
-> An external reverse proxy can also facilitate other routing approaches (for example shared-hostname / subfolder-based routing), but Nextcloud AIO only supports webroot-based (non-shared-hostname) access, so those scenarios are not applicable here.[^shared]
+> An external reverse proxy can also facilitate other routing approaches, but Nextcloud AIO only supports having its own dedicated hostname (e.g., `cloud.example.com`). You cannot run it in a subfolder like `example.com/nextcloud/`.[^shared]
 
-### Secure tunnel: Using AIO with a Zero Trust Network Access platform (*Tailscale, Cloudflare*)
+### Secure tunnel: Using AIO with a secure tunneling service (*Tailscale, Cloudflare*)
 
-Cloudflare and Tailscale provide Zero Trust Network Access services. For AIO we are primarily concerned with:
+Cloudflare and Tailscale offer secure tunneling services that let you access your Nextcloud without opening ports on your firewall. 
 
-- Cloudflare Tunnel / Cloudflare Proxy
-- Tailscale Serve / Tailscale Funnel
+#### Private network access
+
+For Nextcloud AIO, you can use:
+- **Cloudflare Tunnel (`cloudflared`)** - Secure outbound-only tunnels that don't require exposing ports
+- **Tailscale Serve** - Expose services privately on your Tailscale network (tailnet only)
+
+Both options provide private network access to your Nextcloud AIO instance.
+
+#### Public Internet access (without port forwarding)
+
+To make your Nextcloud AIO instance accessible from the public Internet (not just your private network), you can use:
+- **Cloudflare Tunnel** with public routes enabled (which combines Cloudflare Tunnel with Cloudflare's proxy features)
+- **Tailscale Funnel** - Expose services to the public Internet via Tailscale's infrastructure
+
+**Comparison of Cloudflare and Tailscale options:**
+
+| Feature | Access Scope | Inbound Ports Required | Use Case |
+|---------|--------------|----------------|----------|
+| **Cloudflare Tunnel** | Public Internet | None | Public access without port forwarding |
+| **Tailscale Serve** | Your Tailscale network only | None | Private access for you and invited users |
+| **Tailscale Funnel** | Public Internet | None | Public access through Tailscale |
 
 > [!TIP]
 > Because of how [Cloudflare's Tunnel/Proxy operate](https://github.com/nextcloud/all-in-one/tree/main?tab=readme-ov-file#notes-on-cloudflare-proxytunnel), we recommend using Tailscale with Nextcloud when possible. Tailscale typically offers better performance and fewer trade-offs/limitations for Nextcloud.
+>
+> **For private/personal use**: [Tailscale Serve](https://tailscale.com/kb/1312/serve) is ideal - it keeps your Nextcloud completely private to your tailnet.
+>
+> **For public access without port forwarding**: Use [Tailscale Funnel](https://tailscale.com/kb/1223/funnel).
 
-## Deployment
+## Configuration and Deployment
+
+> [!NOTE]
+> These instructions assume you already have a domain name pointing to your server's public IP address. If you don't have a domain yet, see the recommendations below.
 
 ### Quick overview
 
-To run Nextcloud AIO behind an external reverse proxy or secure tunneling/proxying service (instead of using AIO's integrated reverse proxy), you need to:
+To run Nextcloud AIO behind an external reverse proxy or secure tunneling/proxying service (instead of using AIO's integrated reverse proxy), the basic process is:
 
-1. Add a specific configuration to your web server or reverse proxy. See ["Configuring your reverse proxy"](#1-configure-the-reverse-proxy) below.
-2. Specify the port that AIO's integrated Apache container will use via the environment variable `APACHE_PORT`. The Apache container runs in its own container and publishes that port on the host — update the `docker run` command (or your Compose file) accordingly. See ["Use this startup command"](#2-use-this-startup-command) below.
-3. Open the AIO interface at port `8080` and enter and validate your domain. See ["Open the AIO interface"](#4-open-the-aio-interface) below.
+1. Configure your web server or reverse proxy with the specific settings for AIO.
+2. Specify the port that AIO's integrated Apache container will use.
+3. Open the AIO interface and validate your domain.
 
-Don't worry if these steps are not clear yet — each is expanded on in the sections below.
+The sections below provide detailed instructions for each step.
 
 > [!TIP]
-> If you don't have a domain yet, we recommend [an approach using Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817). If you don't have an external reverse proxy yet, we recommend [Caddy](https://github.com/nextcloud/all-in-one/discussions/575).
+> If you don't have a domain yet, we recommend using [an approach using Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817). If you don't have an external reverse proxy yet, we recommend [Caddy](https://github.com/nextcloud/all-in-one/discussions/575).
 
-### Getting Started
+### Step-by-Step Instructions
 
-The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
-1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)**
-1. **Use this startup command! See [point 2](#2-use-this-startup-command)**
-1. Optional: if the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container)
-1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
-1. Optional: if the reverse proxy is outside the host network, configure AIO to trust it. See [point 5](#5-optional-configure-aio-for-reverse-proxies-that-connect-to-nextcloud-using-an-ip-address-and-not-localhost-nor-127001)
-1. Optional: get a valid certificate for the AIO interface! See [point 6](#6-optional-get-a-valid-certificate-for-the-aio-interface)
-1. Optional: how to debug things? See [point 7](#7-how-to-debug-things)
+The process to run Nextcloud AIO behind a reverse proxy has three required steps and three optional steps:
 
-> [!Note] 
+**Required steps:**
+1. **Configure** your web server or reverse proxy with the specific settings for AIO. See ["Configuring your reverse proxy"](#1-configure-the-reverse-proxy) below.
+2. **Specify** the port that AIO's integrated Apache container will use via the environment variable `APACHE_PORT`, and update the `docker run` command or your Compose file accordingly. See ["Use this startup command"](#2-use-this-startup-command) below.
+   - *Optional*: Limit the access to the Apache container. See ["Limit the access to the Apache container"](#3-limit-the-access-to-the-apache-container).
+3. **Open** the AIO interface at port `8080`, enter your domain, and validate it. See ["Open the AIO interface"](#4-open-the-aio-interface) below.
+
+**Optional steps:**
+
+4. Configure additional settings if your reverse proxy uses an IP address to connect to AIO. See ["Configure AIO for IP-based reverse proxies"](#5-optional-configure-aio-for-reverse-proxies-that-connect-to-nextcloud-using-an-ip-address-and-not-localhost-nor-127001).
+5. Get a valid certificate for the AIO interface. See ["Get a valid certificate for the AIO interface"](#6-optional-get-a-valid-certificate-for-the-aio-interface).
+6. Debug things if needed. See ["How to debug things"](#7-how-to-debug-things).
+
+> [!NOTE] 
 > If you run into troubles, see [the debug section](#7-how-to-debug-things).
 
 > [!IMPORTANT] 
-> If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
+> If you need HTTPS between Nextcloud and the reverse proxy (because the reverse proxy runs on a different server), you have two options:
+> 
+> 1. **Add a local reverse proxy**: Install another reverse proxy on the same server as AIO to handle HTTPS (typically with self-signed certificates)
+> 2. **Use a VPN**: Create a VPN tunnel between the AIO server and the reverse proxy server to encrypt the connection
 
 > [!NOTE]
-> Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because it will fail!
+> Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom Docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because it will fail!
 
 ### 1. Configure the reverse proxy
 
@@ -673,6 +735,26 @@ See these screenshots for a working config:
 
 </details>
 
+##### Tailscale (Serve)
+
+<details>
+
+<summary>Click here to expand</summary>
+
+Tailscale can be used to provide private access to your Nextcloud AIO instance without opening ports on your firewall. With **Tailscale Serve**, your Nextcloud is accessible only to devices on your Tailscale network (tailnet) via a secure HTTPS domain.
+
+For a detailed setup guide using Tailscale Serve with Nextcloud AIO, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
+
+The guide covers:
+- Setting up system-wide (non-containerized) Tailscale as a reverse proxy
+- Configuring Nextcloud AIO to work with Tailscale Serve
+- Using Tailscale's MagicDNS to provide automatic HTTPS certificates
+- Private access via your tailnet (e.g., `yourserver.tail0a12b3.ts.net`)
+
+⚠️ **Please note:** This guide covers **Tailscale Serve** for private tailnet access. If you need public Internet access, consider using **Tailscale Funnel**.
+
+</details>
+
 ##### Traefik 2
 
 <details>
@@ -921,17 +1003,6 @@ Add the following `web.config` file to the root of the site you created as the r
 
 </details>
 
-##### Tailscale
-
-<details>
-
-<summary>click here to expand</summary>
-
-For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
-
-</details>
-
-
 ##### Others
 
 <details>

From 727d0d03db4d59fe6425c01f812c2f9a4af65dc6 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 31 Oct 2025 12:03:38 +0000
Subject: [PATCH 267/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 48 +++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 09f93f25..93aeefab 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1646,16 +1646,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.21.1",
+            "version": "v3.22.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "285123877d4dd97dd7c11842ac5fb7e86e60d81d"
+                "reference": "4509984193026de413baf4ba80f68590a7f2c51d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/285123877d4dd97dd7c11842ac5fb7e86e60d81d",
-                "reference": "285123877d4dd97dd7c11842ac5fb7e86e60d81d",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/4509984193026de413baf4ba80f68590a7f2c51d",
+                "reference": "4509984193026de413baf4ba80f68590a7f2c51d",
                 "shasum": ""
             },
             "require": {
@@ -1709,7 +1709,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.21.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.22.0"
             },
             "funding": [
                 {
@@ -1721,7 +1721,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-05-03T07:21:55+00:00"
+            "time": "2025-10-29T15:56:47+00:00"
         }
     ],
     "packages-dev": [
@@ -3883,16 +3883,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.26",
+            "version": "v6.4.27",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f"
+                "reference": "13d3176cf8ad8ced24202844e9f95af11e2959fc"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f",
-                "reference": "492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f",
+                "url": "https://api.github.com/repos/symfony/console/zipball/13d3176cf8ad8ced24202844e9f95af11e2959fc",
+                "reference": "13d3176cf8ad8ced24202844e9f95af11e2959fc",
                 "shasum": ""
             },
             "require": {
@@ -3957,7 +3957,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.26"
+                "source": "https://github.com/symfony/console/tree/v6.4.27"
             },
             "funding": [
                 {
@@ -3977,7 +3977,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-09-26T12:13:46+00:00"
+            "time": "2025-10-06T10:25:16+00:00"
         },
         {
             "name": "symfony/filesystem",
@@ -4051,16 +4051,16 @@
         },
         {
             "name": "symfony/finder",
-            "version": "v6.4.24",
+            "version": "v6.4.27",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/finder.git",
-                "reference": "73089124388c8510efb8d2d1689285d285937b08"
+                "reference": "a1b6aa435d2fba50793b994a839c32b6064f063b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/finder/zipball/73089124388c8510efb8d2d1689285d285937b08",
-                "reference": "73089124388c8510efb8d2d1689285d285937b08",
+                "url": "https://api.github.com/repos/symfony/finder/zipball/a1b6aa435d2fba50793b994a839c32b6064f063b",
+                "reference": "a1b6aa435d2fba50793b994a839c32b6064f063b",
                 "shasum": ""
             },
             "require": {
@@ -4095,7 +4095,7 @@
             "description": "Finds files and directories via an intuitive fluent interface",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/finder/tree/v6.4.24"
+                "source": "https://github.com/symfony/finder/tree/v6.4.27"
             },
             "funding": [
                 {
@@ -4115,7 +4115,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-07-15T12:02:45+00:00"
+            "time": "2025-10-15T18:32:00+00:00"
         },
         {
             "name": "symfony/polyfill-intl-grapheme",
@@ -4724,16 +4724,16 @@
         },
         {
             "name": "webmozart/assert",
-            "version": "1.12.0",
+            "version": "1.12.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/webmozarts/assert.git",
-                "reference": "541057574806f942c94662b817a50f63f7345360"
+                "reference": "9be6926d8b485f55b9229203f962b51ed377ba68"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/webmozarts/assert/zipball/541057574806f942c94662b817a50f63f7345360",
-                "reference": "541057574806f942c94662b817a50f63f7345360",
+                "url": "https://api.github.com/repos/webmozarts/assert/zipball/9be6926d8b485f55b9229203f962b51ed377ba68",
+                "reference": "9be6926d8b485f55b9229203f962b51ed377ba68",
                 "shasum": ""
             },
             "require": {
@@ -4776,9 +4776,9 @@
             ],
             "support": {
                 "issues": "https://github.com/webmozarts/assert/issues",
-                "source": "https://github.com/webmozarts/assert/tree/1.12.0"
+                "source": "https://github.com/webmozarts/assert/tree/1.12.1"
             },
-            "time": "2025-10-20T12:43:39+00:00"
+            "time": "2025-10-29T15:56:20+00:00"
         }
     ],
     "aliases": [],

From f88e4aef373c9a151a6181176a831c72a1c9faa7 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 31 Oct 2025 12:25:33 +0000
Subject: [PATCH 268/524] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-talk-service.yaml                 | 1 -
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 15 files changed, 19 insertions(+), 20 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 6eb13d92..0b10dd4d 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.10.0
+version: 11.11.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 4196cb99..3388c1d7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-apache:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 9f8dda8d..35b30e41 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-clamav:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 5db29234..449a24fc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-collabora:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 8466fe03..6f08b4a6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 5b9ef69f..49dc3d34 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 84ea42e6..4956ed71 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index c6559fbd..49f2bd53 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
           command:
             - chmod
             - "777"
@@ -188,7 +188,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251031_122139
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index dac83c98..b93283e7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 98f75058..c30f6a0e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 61938748..2d5da82d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-redis:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index aa078677..b6f2e489 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-talk:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 27a50beb..e0902a0f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 675a2729..10d17177 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -12,7 +12,6 @@ metadata:
 spec:
   ipFamilyPolicy: PreferDualStack
   type: LoadBalancer
-  externalTrafficPolicy: Local
   ports:
     - name: "{{ .Values.TALK_PORT }}"
       port: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 08d3fcca..28c05cab 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251031_122139
           readinessProbe:
             exec:
               command:

From 3475a7b5d3eca296046351b967c6ea0f0987c2e8 Mon Sep 17 00:00:00 2001
From: "Ruben D." <ruben@winterrific.net>
Date: Fri, 24 Oct 2025 20:53:55 +0200
Subject: [PATCH 269/524] Change Milter OnInfected action to Reject

Signed-off-by: Ruben D. <ruben@winterrific.net>
---
 Containers/clamav/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 81db262f..94d39b67 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -17,6 +17,7 @@ RUN set -ex; \
     sed -i "s|Example| |g" /etc/clamav/clamav-milter.conf; \
     sed -i "s|#\?MilterSocket inet:7357|MilterSocket inet:7357|g" /etc/clamav/clamav-milter.conf; \
     sed -i "s|#\?ClamdSocket unix:/run/clamav/clamd.sock|ClamdSocket unix:/tmp/clamd.sock|g" /etc/clamav/clamav-milter.conf; \
+    sed -i "s|#\?OnInfected Quarantine|OnInfected Reject|g" /etc/clamav/clamav-milter.conf; \
     sed -i "s|#\?AddHeader Replace|AddHeader Add|g" /etc/clamav/clamav-milter.conf; \
     sed -i "s|#\?Foreground yes|Foreground yes|g" /etc/clamav/clamav-milter.conf
 

From f07b015a4170548d420b0903537f4ee72146bac7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Nov 2025 04:13:53 +0000
Subject: [PATCH 270/524] build(deps): bump redis in /Containers/redis

Bumps redis from 7.2.11-alpine to 7.2.12-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-version: 7.2.12-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 8cb0f973..a44295de 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
-FROM redis:7.2.11-alpine
+FROM redis:7.2.12-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From 1f6c30b93aa830dd609116b566c71e60a5c57a22 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Nov 2025 04:14:11 +0000
Subject: [PATCH 271/524] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.4.0 to v1.4.1.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.4.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index f90dfdee..90aa72f2 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.0
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.1
 
 USER root
 RUN set -ex; \

From 74933c6b83f1231c6439d766347a947ca9c5b322 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Nov 2025 13:42:05 +0100
Subject: [PATCH 272/524] update redis to v8.x

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/redis/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index a44295de..7cc1ff84 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
-# From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
-FROM redis:7.2.12-alpine
+# From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile
+FROM redis:8.2.3-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From abf0bbc43157748c8372b37d3bff0f43cb213921 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Nov 2025 13:44:33 +0100
Subject: [PATCH 273/524] dependabot: update redis also to new minor versions

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 0caaabfb..f79c4ce2 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -55,6 +55,6 @@ updates:
     - dependency-name: "postgres"
       update-types: ["version-update:semver-major"]
     - dependency-name: "redis"
-      update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      update-types: ["version-update:semver-major"]
     - dependency-name: "elasticsearch"
       update-types: ["version-update:semver-major"]

From 0ee5ec00366434b22269a13216da364b18430f07 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Nov 2025 13:48:39 +0100
Subject: [PATCH 274/524] docker-image-prune: only remove image with
 `label=org.label-schema.vendor=Nextcloud`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/cron.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index fc8c4081..5829d8da 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -60,7 +60,7 @@ while true; do
     fi
 
     # Remove dangling images
-    sudo -u www-data docker image prune --force
+    sudo -u www-data docker image prune --filter "label=org.label-schema.vendor=Nextcloud" --force
 
     # Check for available free space
     sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckFreeDiskSpace.php

From f179e5adad0f66ebea3ec6eb5273507a8a21ceb1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Nov 2025 13:57:22 +0100
Subject: [PATCH 275/524] app: update min and max versions

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 app/appinfo/info.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/appinfo/info.xml b/app/appinfo/info.xml
index 8b911c10..832d3ccd 100644
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="30" max-version="31"/>
+		<nextcloud min-version="31" max-version="32"/>
 	</dependencies>
 
 	<settings>

From b10c9b74bf182448bdc0320c7036e77ec3d362b4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Nov 2025 14:00:16 +0100
Subject: [PATCH 276/524] nextcloud: update to `32.0.1`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 35bf5b20..0617db93 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=31.0.10
+ENV NEXTCLOUD_VERSION=32.0.1
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From d17ed75d6246a1d25b15bf859babb5fc361a9498 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Nov 2025 14:02:37 +0100
Subject: [PATCH 277/524] aio-interface: hide upgrade notice

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 16a240dc..12b4d81b 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -36,7 +36,7 @@
             {% set isBackupOrRestoreRunning = false %}
             {% set isApacheStarting = false %}
             {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-            {% set newMajorVersionString = '25 Autumn' %}
+            {% set newMajorVersionString = '' %}
 
             {% if is_backup_container_running == true %}
                 {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}

From 21fbb58c96b4cbc8315bfc4af07645b0bfec02b5 Mon Sep 17 00:00:00 2001
From: Lorenzo Moscati <lorenzo@moscati.page>
Date: Sat, 23 Aug 2025 01:30:20 +0200
Subject: [PATCH 278/524] Rewrite all AIO interface paths to be relative

Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
---
 php/public/base_path.js                       |  3 +
 php/public/index.php                          |  6 +-
 .../Controller/ConfigurationController.php    |  2 +-
 php/src/Controller/DockerController.php       | 19 +++--
 php/src/Controller/LoginController.php        | 12 +--
 php/src/Middleware/AuthMiddleware.php         | 10 ++-
 php/templates/already-installed.twig          |  6 +-
 php/templates/components/container-state.twig |  6 +-
 php/templates/containers.twig                 | 83 ++++++++++---------
 .../includes/community-containers.twig        |  2 +-
 .../includes/optional-containers.twig         | 10 +--
 php/templates/layout.twig                     |  4 +-
 php/templates/login.twig                      |  6 +-
 php/templates/setup.twig                      |  6 +-
 14 files changed, 96 insertions(+), 79 deletions(-)
 create mode 100644 php/public/base_path.js

diff --git a/php/public/base_path.js b/php/public/base_path.js
new file mode 100644
index 00000000..67c1a4a7
--- /dev/null
+++ b/php/public/base_path.js
@@ -0,0 +1,3 @@
+document.addEventListener("DOMContentLoaded", function(event) {
+    document.getElementById("base_path") && (document.getElementById("base_path").value = window.location.pathname.slice(0, -11));
+});
\ No newline at end of file
diff --git a/php/public/index.php b/php/public/index.php
index aac83826..d3fbbeb9 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -178,17 +178,17 @@ $app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $
     $setup = $container->get(\AIO\Data\Setup::class);
     if($setup->CanBeInstalled()) {
         return $response
-            ->withHeader('Location', '/setup')
+            ->withHeader('Location', 'setup')
             ->withStatus(302);
     }
 
     if($authManager->IsAuthenticated()) {
         return $response
-            ->withHeader('Location', '/containers')
+            ->withHeader('Location', 'containers')
             ->withStatus(302);
     } else {
         return $response
-            ->withHeader('Location', '/login')
+            ->withHeader('Location', 'login')
             ->withStatus(302);
     }
 });
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index ed3be505..5727c364 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -161,7 +161,7 @@ readonly class ConfigurationController {
                 $this->configurationManager->DeleteBorgBackupLocationVars();
             }
 
-            return $response->withStatus(201)->withHeader('Location', '/');
+            return $response->withStatus(201)->withHeader('Location', '.');
         } catch (InvalidSettingConfigurationException $ex) {
             $response->getBody()->write($ex->getMessage());
             return $response->withStatus(422);
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 678bbdc9..dd6b1076 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -85,7 +85,7 @@ readonly class DockerController {
     public function StartBackupContainerBackup(Request $request, Response $response, array $args) : Response {
         $forceStopNextcloud = true;
         $this->startBackup($forceStopNextcloud);
-        return $response->withStatus(201)->withHeader('Location', '/');
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function startBackup(bool $forceStopNextcloud = false) : void {
@@ -102,7 +102,7 @@ readonly class DockerController {
 
     public function StartBackupContainerCheck(Request $request, Response $response, array $args) : Response {
         $this->checkBackup();
-        return $response->withStatus(201)->withHeader('Location', '/');
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function checkBackup() : void {
@@ -132,7 +132,7 @@ readonly class DockerController {
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
 
-        return $response->withStatus(201)->withHeader('Location', '/');
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function StartBackupContainerCheckRepair(Request $request, Response $response, array $args) : Response {
@@ -148,7 +148,7 @@ readonly class DockerController {
         $config['backup-mode'] = 'check';
         $this->configurationManager->WriteConfig($config);
 
-        return $response->withStatus(201)->withHeader('Location', '/');
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response {
@@ -163,7 +163,7 @@ readonly class DockerController {
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
 
-        return $response->withStatus(201)->withHeader('Location', '/');
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function StartContainer(Request $request, Response $response, array $args) : Response
@@ -171,6 +171,7 @@ readonly class DockerController {
         $uri = $request->getUri();
         $host = $uri->getHost();
         $port = $uri->getPort();
+        $path = $request->getParsedBody()['base_path'];
         if ($port === 8000) {
             error_log('The AIO_URL-port was discovered to be 8000 which is not expected. It is now set to 443.');
             $port = 443;
@@ -184,7 +185,7 @@ readonly class DockerController {
 
         $config = $this->configurationManager->GetConfig();
         // set AIO_URL
-        $config['AIO_URL'] = $host . ':' . $port;
+        $config['AIO_URL'] = $host . ':' . $port . $path;
         // set wasStartButtonClicked
         $config['wasStartButtonClicked'] = 1;
         // set install_latest_major
@@ -204,7 +205,7 @@ readonly class DockerController {
         // Temporarily disabled as it leads much faster to docker rate limits
         // apcu_clear_cache();
 
-        return $response->withStatus(201)->withHeader('Location', '/');
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function startTopContainer(bool $pullImage) : void {
@@ -223,7 +224,7 @@ readonly class DockerController {
 
     public function StartWatchtowerContainer(Request $request, Response $response, array $args) : Response {
         $this->startWatchtower();
-        return $response->withStatus(201)->withHeader('Location', '/');
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function startWatchtower() : void {
@@ -261,7 +262,7 @@ readonly class DockerController {
         $forceStopNextcloud = true;
         $this->PerformRecursiveContainerStop($id, $forceStopNextcloud);
 
-        return $response->withStatus(201)->withHeader('Location', '/');
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function stopTopContainer() : void {
diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php
index 196e7138..233a795e 100644
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -19,33 +19,33 @@ readonly class LoginController {
     public function TryLogin(Request $request, Response $response, array $args) : Response {
         if (!$this->dockerActionManager->isLoginAllowed()) {
             $response->getBody()->write("The login is blocked since Nextcloud is running.");
-            return $response->withHeader('Location', '/')->withStatus(422);
+            return $response->withHeader('Location', '.')->withStatus(422);
         }
         $password = $request->getParsedBody()['password'] ?? '';
         if($this->authManager->CheckCredentials($password)) {
             $this->authManager->SetAuthState(true);
-            return $response->withHeader('Location', '/')->withStatus(201);
+            return $response->withHeader('Location', '.')->withStatus(201);
         }
 
         $response->getBody()->write("The password is incorrect.");
-        return $response->withHeader('Location', '/')->withStatus(422);
+        return $response->withHeader('Location', '.')->withStatus(422);
     }
 
     public function GetTryLogin(Request $request, Response $response, array $args) : Response {
         $token = $request->getQueryParams()['token'] ?? '';
         if($this->authManager->CheckToken($token)) {
             $this->authManager->SetAuthState(true);
-            return $response->withHeader('Location', '/')->withStatus(302);
+            return $response->withHeader('Location', '../..')->withStatus(302);
         }
 
-        return $response->withHeader('Location', '/')->withStatus(302);
+        return $response->withHeader('Location', '../..')->withStatus(302);
     }
 
     public function Logout(Request $request, Response $response, array $args) : Response
     {
         $this->authManager->SetAuthState(false);
         return $response
-            ->withHeader('Location', '/')
+            ->withHeader('Location', '.')
             ->withStatus(302);
     }
 }
diff --git a/php/src/Middleware/AuthMiddleware.php b/php/src/Middleware/AuthMiddleware.php
index f8d44857..a54f47a6 100644
--- a/php/src/Middleware/AuthMiddleware.php
+++ b/php/src/Middleware/AuthMiddleware.php
@@ -27,7 +27,15 @@ readonly class AuthMiddleware {
         if(!in_array($request->getUri()->getPath(), $publicRoutes)) {
             if(!$this->authManager->IsAuthenticated()) {
                 $status = 302;
-                $headers = ['Location' => '/'];
+                if(count(explode('/', $request->getUri()->getPath())) > 2) {
+                    $location = '..';
+                    for($i = 0; $i < count(explode('/', $request->getUri()->getPath())) - 3; $i++) {
+                        $location = $location . '/..';
+                    }
+                } else {
+                    $location = '.';
+                }
+                $headers = ['Location' => $location];
                 $response = new Response($status, $headers);
                 return $response;
             }
diff --git a/php/templates/already-installed.twig b/php/templates/already-installed.twig
index fa18f988..e16e6792 100644
--- a/php/templates/already-installed.twig
+++ b/php/templates/already-installed.twig
@@ -3,11 +3,11 @@
 {% block body %}
     <div class="login">
         <svg class="nextcloud-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 100" width="142" height="100">
-            <use href="/img/nextcloud-logo.svg#logo"></use>
-            <use href="/img/nextcloud-logo.svg#Nextcloud"></use>
+            <use href="img/nextcloud-logo.svg#logo"></use>
+            <use href="img/nextcloud-logo.svg#Nextcloud"></use>
             <text x="10" y="50" fill="var(--color-nextcloud-logo)" class="fallback-text">Nextcloud Logo</text>
         </svg>
         <h2>Nextcloud All-In-One is already installed</h2>
-        <a href="/" class="button">Open Nextcloud AIO</a>
+        <a href="." class="button">Open Nextcloud AIO</a>
     </div>
 {% endblock %}
diff --git a/php/templates/components/container-state.twig b/php/templates/components/container-state.twig
index 4cf5dd4e..8375d033 100644
--- a/php/templates/components/container-state.twig
+++ b/php/templates/components/container-state.twig
@@ -4,15 +4,15 @@
     {% if c.GetStartingState().value == 'starting' %}
       <span class="status running"></span>
       {{ c.GetDisplayName() }}
-      (<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Starting</a>)
+      (<a href="api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Starting</a>)
     {% elseif c.GetRunningState().value == 'running' %}
       <span class="status success"></span>
       {{ c.GetDisplayName() }}
-      (<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Running</a>)
+      (<a href="api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Running</a>)
     {% else %}
       <span class="status error"></span>
       {{ c.GetDisplayName() }}
-      (<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Stopped</a>)
+      (<a href="api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Stopped</a>)
     {% endif %}
     {% if c.GetDocumentation() != '' %}
       (<a target="_blank" href="{{ c.GetDocumentation() }}">docs</a>)
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 12b4d81b..1e795149 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -6,9 +6,9 @@
     </head>
     <header>
         <svg class="logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 71" width="62" height="50">
-            <use href="/img/nextcloud-logo.svg#logo"></use>
+            <use href="img/nextcloud-logo.svg#logo"></use>
         </svg>
-        <form method="POST" action="/api/auth/logout">
+        <form method="POST" action="api/auth/logout">
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
             <input type="submit" value="Log out" />
@@ -63,11 +63,11 @@
             {% endfor %}
 
             {% if is_daily_backup_running == true %}
-                <p><span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank">Mastercontainer logs</a>) (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Borg backup container logs</a>)</p>
+                <p><span class="status running"></span> Daily backup currently running. (<a href="api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank">Mastercontainer logs</a>) (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Borg backup container logs</a>)</p>
                 {% if automatic_updates == true %}
                     <p>This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.</p>
                     {% if is_mastercontainer_update_available == true %}
-                        <p>When the mastercontainer is updated it will restart, making it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank">Logs</a>)</p>
+                        <p>When the mastercontainer is updated it will restart, making it unavailable for a moment. (<a href="api/docker/logs?id=nextcloud-aio-watchtower" target="_blank">Logs</a>)</p>
                     {% endif %}
                 {% endif %}
                 {% if has_update_available == false %}
@@ -78,7 +78,7 @@
                 <p><a href="" class="button reload">Reload ↻</a></p>
                 <p>If the daily backup is stuck somehow, you can unstick it by running <strong>sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/daily_backup_running</strong> and afterwards reloading this interface.</p>
             {% elseif isWatchtowerRunning == true %}
-                <p><span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank">Logs</a>)</p>
+                <p><span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="api/docker/logs?id=nextcloud-aio-watchtower" target="_blank">Logs</a>)</p>
                 <p><a href="" class="button reload">Reload ↻</a></p>
             {% else %}
                 {% if is_backup_container_running == false and domain == "" %}
@@ -88,7 +88,7 @@
                     {% elseif is_mastercontainer_update_available == true %}
                         <h2>Mastercontainer update</h2>
                         <p>⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.</p>
-                        <form method="POST" action="/api/docker/watchtower" class="xhr">
+                        <form method="POST" action="api/docker/watchtower" class="xhr">
                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                             <input type="submit" value="Update mastercontainer" />
@@ -108,7 +108,7 @@
                             {% if skip_domain_validation == true %}
                                 <p><strong>Please note:</strong> The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!</p>
                             {% endif %}
-                            <form method="POST" action="/api/configuration" class="xhr">
+                            <form method="POST" action="api/configuration" class="xhr">
                                 <input type="text" id="domain" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -137,7 +137,7 @@
                             {% if hasBackupLocation %}
                                 {% if borg_backup_mode in ['test', 'check'] %}
                                     {% if backup_exit_code > 0 %}
-                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% if borg_backup_mode == 'test' %}
                                             <p>Please adjust the path and/or the encryption password in order to make it work!</p>
                                         {% elseif borg_backup_mode == 'check' %}
@@ -145,7 +145,7 @@
                                             <details>
                                                 <summary>Reveal repair option</summary>
                                                 <p>Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)</p>
-                                                <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
+                                                <form method="POST" action="api/docker/backup-check-repair" class="xhr">
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                     <input type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/>
@@ -153,10 +153,10 @@
                                             </details>
                                         {% endif %}
                                     {% elseif backup_exit_code == 0 %}
-                                        <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                        <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% if borg_backup_mode == 'test' %}
                                             <p>Feel free to check the integrity of the backup archive below before starting the restore process in order to make ensure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.</p>
-                                            <form method="POST" action="/api/docker/backup-check" class="xhr">
+                                            <form method="POST" action="api/docker/backup-check" class="xhr">
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <input type="submit" value="Check backup integrity"/>
@@ -164,7 +164,7 @@
                                         {% endif %}
                                         <p>Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!</p>
                                         <p><strong>Important:</strong> If the backup that you want to restore contained any <a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">community container</a>, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.</p>
-                                        <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
+                                        <form method="POST" action="api/docker/restore" class="xhr" id="restore_selection">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                             <select id="selected_restore_time" name="selected_restore_time" form="restore_selection">
@@ -178,7 +178,7 @@
                                     {% endif %}
                                 {% elseif borg_backup_mode == 'restore' %}
                                     {% if backup_exit_code > 0 %}
-                                        <p><span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                        <p><span class="status error"></span> Last restore failed! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         <p>The restore process has unexpectedly failed! Please adjust the path and encryption password, test it and try to restore again!</p>
                                     {% endif %}
                                 {% endif %}
@@ -197,7 +197,7 @@
                                 <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>
                                 if stored remotely; and the encryption password of the backup archive below and submit all values:
                                 </p>
-                                <form method="POST" action="/api/configuration" class="xhr">
+                                <form method="POST" action="api/configuration" class="xhr">
                                     <label>Local backup location</label> <input type="text" id="borg_restore_host_location" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/><br>
                                     <label>Remote borg repo</label> <input type="text" name="borg_restore_remote_repo" value="{{borg_remote_repo}}" placeholder="ssh://user@host:port/path/to/repo"/><br>
                                     <label>Borg passphrase</label> <input type="text" id="borg_restore_password" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="encryption password"/><br>
@@ -210,7 +210,7 @@
                             {% endif %}
                         {% else %}
                             <p><strong>Everything set!</strong> Click on the button below to test the path and encryption password:</p>
-                            <form method="POST" action="/api/docker/backup-test" class="xhr">
+                            <form method="POST" action="api/docker/backup-test" class="xhr">
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input type="submit" value="Test path and encryption password"/>
@@ -223,14 +223,14 @@
 
                 {% if was_start_button_clicked == true %}
                     {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %}
-                        <p>You are running the <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><strong>{{ current_channel }}</strong></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank">Logs</a>)</p>
+                        <p>You are running the <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><strong>{{ current_channel }}</strong></a> channel. (<a href="api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank">Logs</a>)</p>
                     {% else %}
                         <p>No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.</p>
                     {% endif %}
                 {% endif %}
 
                 {% if is_backup_container_running == true %}
-                    <p><span class="status running"></span> Backup container is currently running: {{ borg_backup_mode }} (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                    <p><span class="status running"></span> Backup container is currently running: {{ borg_backup_mode }} (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                     <p><a href="" class="button reload">Reload ↻</a></p>
                 {% endif %}
 
@@ -259,7 +259,7 @@
                             {% else %}
                                 <p>It seems at least one container was not able to start correctly and is currently restarting.</p>
                                 <p>To break this endless loop, you can stop the containers below and investigate the issue in the container logs before starting the containers again.</p>
-                                <form method="POST" action="/api/docker/stop" class="xhr">
+                                <form method="POST" action="api/docker/stop" class="xhr">
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                     <input type="submit" value="Stop containers" />
@@ -312,7 +312,7 @@
                                     <p>You can find all changes <a target="_blank" href="https://github.com/nextcloud-releases/all-in-one/commits/main"><strong>here</strong></a></p>
                                 {% endif %}
                             {% endif %}
-                            <form method="POST" action="/api/docker/stop" class="xhr">
+                            <form method="POST" action="api/docker/stop" class="xhr">
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input type="submit" value="Stop containers" />
@@ -327,31 +327,34 @@
                             {% endif %}
                             {% if is_mastercontainer_update_available == true %}
                                 <p>⚠️ A mastercontainer update is available. Please click on the button below to update it.</p>
-                                <form method="POST" action="/api/docker/watchtower" class="xhr">
+                                <form method="POST" action="api/docker/watchtower" class="xhr">
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                     <input type="submit" value="Update mastercontainer" />
                                 </form>
                             {% else %}
                                 {% if was_start_button_clicked == false %}
-                                    <form method="POST" action="/api/docker/start" class="xhr">
+                                    <form method="POST" action="api/docker/start" class="xhr">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        <input id="base_path" type="hidden" name="base_path" value="">
                                         {% if newMajorVersionString != '' %}
                                             <input type="checkbox" id="install_latest_major" name="install_latest_major"><label for="install_latest_major">Install Nextcloud Hub {{ newMajorVersionString }} (if unchecked, Nextcloud Hub 10 will get installed)</label><br>
                                         {% endif %}
                                         <input type="submit" value="Download and start containers" />
                                     </form>
                                 {% elseif has_update_available == false %}
-                                    <form method="POST" action="/api/docker/start" class="xhr">
+                                    <form method="POST" action="api/docker/start" class="xhr">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        <input id="base_path" type="hidden" name="base_path" value="">
                                         <input type="submit" value="Start containers" />
                                     </form>
                                 {% else %}
-                                    <form method="POST" action="/api/docker/start" class="xhr">
+                                    <form method="POST" action="api/docker/start" class="xhr">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        <input id="base_path" type="hidden" name="base_path" value="">
                                         {% if bypass_container_update == true %}
                                             <input type="hidden" name="bypass_container_update" value="{{bypass_container_update}}">
                                         {% endif %}
@@ -376,7 +379,7 @@
                                 <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url and submit it</a>.
                                 You will be provided with an SSH public key for authorization at the remote afterwards.
                                 </p>
-                                <form method="POST" action="/api/configuration" class="xhr">
+                                <form method="POST" action="api/configuration" class="xhr">
                                     <label>Local backup location</label> <input type="text" id="borg_backup_host_location" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
                                     <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="ssh://user@host:port/path/to/repo"/><br>
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -393,13 +396,13 @@
                                 {% if is_backup_container_running == false %}
                                     <h2>Backup and restore</h2>
                                     {% if backup_exit_code > 0 %}
-                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% if borg_backup_mode == "check" %}
                                             <p>The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
                                             <details>
                                                 <summary>Reveal repair option</summary>
                                                 <p>Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)</p>
-                                                <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
+                                                <form method="POST" action="api/docker/backup-check-repair" class="xhr">
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                     <input type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/>
@@ -417,7 +420,7 @@
                                             {% endif %}
 
                                             <p>You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <strong>Create Backup</strong> to test the new value.</p>
-                                            <form method="POST" action="/api/configuration" class="xhr">
+                                            <form method="POST" action="api/configuration" class="xhr">
                                                 <label>Local backup location</label> <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
                                                 <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="ssh://user@host:port/path/to/repo"/><br>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -427,9 +430,9 @@
                                         {% endif %}
                                     {% elseif backup_exit_code == 0 %}
                                         {% if borg_backup_mode == "backup" %}
-                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% else %}
-                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% endif %}
                                     {% endif %}
                                 {% endif %}
@@ -464,7 +467,7 @@
                                     {% if isApacheStarting != true %}
                                         <h3>Backup creation</h3>
                                         <p>Clicking on the button below will create a backup.</p>
-                                        <form method="POST" action="/api/docker/backup" class="xhr">
+                                        <form method="POST" action="api/docker/backup" class="xhr">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                             <input type="submit" value="Create backup" onclick="return confirm('Create backup? Are you sure that you want to create a backup? This will stop all running containers and create the backup.')" />
@@ -479,7 +482,7 @@
                                             {% endif %}
                                             is wrong, you can reset it by clicking on the button below.
                                             </p>
-                                            <form method="POST" action="/api/configuration" class="xhr">
+                                            <form method="POST" action="api/configuration" class="xhr">
                                                 <input type="hidden" name="delete_borg_backup_location_vars" value="yes"/>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -493,7 +496,7 @@
 
                                             <h3>Backup check</h3>
                                             <p>Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact. It shouldn't be needed in most situations.</p>
-                                            <form method="POST" action="/api/docker/backup-check" class="xhr">
+                                            <form method="POST" action="api/docker/backup-check" class="xhr">
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <input type="submit" value="Check backup integrity" onclick="return confirm('Check backup integrity? Are you sure that you want to check the backup? This can take a long time depending on the size of your backup.')" />
@@ -501,7 +504,7 @@
 
                                             <h3>Backup restore</h3>
                                             <p>Choose the backup that you want to restore and click on the button below to restore the selected backup. This will overwrite all your files with the chosen backup so you should consider creating a backup first. You can run an integrity check before restoring your files but this shouldn't be needed in most situations. Please note that this will not restore additionally chosen backup directories! The restore process should be pretty fast as rsync, which only transfers changed files, is used to restore the chosen backup.</p>
-                                            <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
+                                            <form method="POST" action="api/docker/restore" class="xhr" id="restore_selection">
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <select id="selected_restore_time" name="selected_restore_time" form="restore_selection">
@@ -515,7 +518,7 @@
                                             <h3>Daily backup and automatic updates</h3>
                                             {% if daily_backup_time == "" %}
                                                 <p>By entering a time below and submitting it, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <strong>04:00</strong> will create backups at 4 am UTC and <strong>16:00</strong> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.</p>
-                                                <form method="POST" action="/api/configuration" class="xhr">
+                                                <form method="POST" action="api/configuration" class="xhr">
                                                     <input type="text" name="daily_backup_time" placeholder="04:00"/>
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -529,7 +532,7 @@
                                                     Also your containers, the mastercontainer and, on Saturdays, your Nextcloud apps will be automatically updated.
                                                 {% endif %}
                                                 <p>To change your backup time first disable Daily Backups, then enter your new backup time, and then re-enable them.</p>
-                                                <form method="POST" action="/api/configuration" class="xhr">
+                                                <form method="POST" action="api/configuration" class="xhr">
                                                     <input type="hidden" name="delete_daily_backup_time" value="yes"/>
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -539,7 +542,7 @@
 
                                             <h3>Back up additional directories and docker volumes of your host</h3>
                                             <p>Below you can enter directories and docker volumes of your host that will be backed up into the same borg backup archive. Make sure to press the submit button after changing anything.</p>
-                                            <form method="POST" action="/api/configuration" class="xhr">
+                                            <form method="POST" action="api/configuration" class="xhr">
                                                 <textarea id="additional_backup_directories" name="additional_backup_directories" rows="4" cols="50" placeholder="/directory/on/the/host&#10;my_custom_docker_volume">{{ additional_backup_directories }}</textarea>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -566,7 +569,7 @@
                                 <details>
                                     <summary>Click here to change your AIO passphrase</summary>
                                     <p>You can change your AIO passphrase below:</p>
-                                    <form method="POST" action="/api/configuration" class="xhr">
+                                    <form method="POST" action="api/configuration" class="xhr">
                                         <input type="password" autocomplete="current-password" name="current-master-password" placeholder="Your current AIO passphrase" id="current-master-password" oninput="showPassword('current-master-password')">
                                         <input type="password" autocomplete="new-password" name="new-master-password" placeholder="Your new AIO passphrase" id="new-master-password" oninput="showPassword('new-master-password')">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -592,7 +595,7 @@
                             {% if timezone == "" %}
                                 <p>To get the correct time values for certain Nextcloud features, set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.</p>
                                 <p>You can configure the timezone for Nextcloud below (Do not forget to submit the value!):</p>
-                                <form method="POST" action="/api/configuration" class="xhr">
+                                <form method="POST" action="api/configuration" class="xhr">
                                     <input type="text" id="timezone" name="timezone" placeholder="Europe/Berlin" />
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -601,7 +604,7 @@
                                 <p>You need to make sure that the timezone that you enter is valid. An example is <strong>Europe/Berlin</strong>. You can get valid values by looking at the 'TZ identifier' column of this list: <a target="_blank" href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><strong>click here</strong></a>. The default is <strong>Etc/UTC</strong> if nothing is entered.</p>
                             {% else %}
                                 <p>The timezone for Nextcloud is currently set to <strong>{{ timezone }}</strong>. You can change the timezone by clicking on the button below.</p>
-                                <form method="POST" action="/api/configuration" class="xhr">
+                                <form method="POST" action="api/configuration" class="xhr">
                                     <input type="hidden" name="delete_timezone" value="yes"/>
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -620,6 +623,8 @@
             <script type="text/javascript" src="before-unload.js"></script>
         {% endif %}
 
+        <script type="text/javascript" src="base_path.js"></script>
+
         </main>
     </div>
 {% endblock %}
diff --git a/php/templates/includes/community-containers.twig b/php/templates/includes/community-containers.twig
index f74e3756..66cceb2b 100644
--- a/php/templates/includes/community-containers.twig
+++ b/php/templates/includes/community-containers.twig
@@ -8,7 +8,7 @@
 {% endif %}
 <details>
     <summary>Show/Hide available Community Containers</summary>
-    <form id="community-form" method="POST" action="/api/configuration" class="xhr">
+    <form id="community-form" method="POST" action="api/configuration" class="xhr">
         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
         <input type="hidden" name="community-form" value="community-form">
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 6bea68db..b4764592 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -5,7 +5,7 @@
 {% else %}
     <p><strong>Please note:</strong> Make sure to save your changes by clicking <strong>Save changes</strong> below the list of optional containers. The changes will not be auto-saved.</p>
 {% endif %}
-<form id="options-form" method="POST" action="/api/configuration" class="xhr">
+<form id="options-form" method="POST" action="api/configuration" class="xhr">
     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
     <input type="hidden" name="options-form" value="options-form">
@@ -160,7 +160,7 @@
 
     {% if collabora_dictionaries == "" %}
         <p>In order to get the correct dictionaries in Collabora, you may configure the dictionaries below:</p>
-        <form method="POST" action="/api/configuration" class="xhr">
+        <form method="POST" action="api/configuration" class="xhr">
             <input type="text" name="collabora_dictionaries" placeholder="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" />
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -169,7 +169,7 @@
         <p>You need to make sure that the dictionaries that you enter are valid. An example is <strong>de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</strong>.</p>
     {% else %}
         <p>The dictionaries for Collabora are currently set to <strong>{{ collabora_dictionaries }}</strong>. You can reset them again by clicking on the button below.</p>
-        <form method="POST" action="/api/configuration" class="xhr">
+        <form method="POST" action="api/configuration" class="xhr">
             <input type="hidden" name="delete_collabora_dictionaries" value="yes"/>
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -182,7 +182,7 @@
     {% if collabora_additional_options == "" %}
         <p>You can configure additional options for collabora below.</p>
         <p>(This can be used for configuring the net.content_security_policy and more. Make sure to submit the value!)</p>
-        <form method="POST" action="/api/configuration" class="xhr">
+        <form method="POST" action="api/configuration" class="xhr">
             <input type="text" name="collabora_additional_options" />
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -191,7 +191,7 @@
         <p>You need to make sure that the options that you enter are valid. An example is <strong>--o:net.content_security_policy=frame-ancestors *.example.com:*;</strong>.</p>
     {% else %}
         <p>The additioinal options for Collabora are currently set to <strong>{{ collabora_additional_options }}</strong>. You can reset them again by clicking on the button below.</p>
-        <form method="POST" action="/api/configuration" class="xhr">
+        <form method="POST" action="api/configuration" class="xhr">
             <input type="hidden" name="delete_collabora_additional_options" value="yes"/>
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
diff --git a/php/templates/layout.twig b/php/templates/layout.twig
index e20ca3e0..4d842e3d 100644
--- a/php/templates/layout.twig
+++ b/php/templates/layout.twig
@@ -1,8 +1,8 @@
 <html>
     <head>
         <title>AIO</title>
-        <link rel="stylesheet" href="/style.css?v6" media="all" />
-        <link rel="icon" href="/img/favicon.png">
+        <link rel="stylesheet" href="style.css?v6" media="all" />
+        <link rel="icon" href="img/favicon.png">
         <script type="text/javascript" src="forms.js"></script>
         <script type="text/javascript" src="toggle-dark-mode.js"></script>
     </head>
diff --git a/php/templates/login.twig b/php/templates/login.twig
index cf5cc0c3..1c5420c2 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -3,14 +3,14 @@
 {% block body %}
     <div class="login">
         <svg class="nextcloud-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 100" width="142" height="100">
-            <use href="/img/nextcloud-logo.svg#logo"></use>
-            <use href="/img/nextcloud-logo.svg#Nextcloud"></use>
+            <use href="img/nextcloud-logo.svg#logo"></use>
+            <use href="img/nextcloud-logo.svg#Nextcloud"></use>
             <text x="10" y="50" fill="var(--color-nextcloud-logo)" class="fallback-text">Nextcloud Logo</text>
         </svg>
         <h1>Nextcloud AIO Login</h1>
         {% if is_login_allowed == true %}
             <p>Log in using your Nextcloud AIO passphrase:</p>
-            <form method="POST" action="/api/auth/login" class="xhr">
+            <form method="POST" action="api/auth/login" class="xhr">
                 <input type="password" autocomplete="current-password" name="password" placeholder="Password" id="master-password" oninput="showPassword('master-password')">
                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
diff --git a/php/templates/setup.twig b/php/templates/setup.twig
index f1d4d1dc..7cc9227a 100644
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -3,14 +3,14 @@
 {% block body %}
     <div class="login">
         <svg class="nextcloud-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 100" width="142" height="100">
-            <use href="/img/nextcloud-logo.svg#logo"></use>
-            <use href="/img/nextcloud-logo.svg#Nextcloud"></use>
+            <use href="img/nextcloud-logo.svg#logo"></use>
+            <use href="img/nextcloud-logo.svg#Nextcloud"></use>
             <text x="10" y="50" fill="var(--color-nextcloud-logo)" class="fallback-text">Nextcloud Logo</text>
         </svg>
         <h1>All-in-One setup</h1>
         <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
         <p>⚠️ <strong>Please note down the passphrase to access the AIO interface and don't lose it!</strong></p>
         <strong>Passphrase</strong><br/><span id="initial-password" class="monospace">{{ password }}</span><br>
-        <a href="/" class="button" target="_blank">Open Nextcloud AIO login ↗</a>
+        <a href="." class="button" target="_blank">Open Nextcloud AIO login ↗</a>
     </div>
 {% endblock %}

From 3bb9cdf31dc7db3b5d4b41bbbeac59b5fded1163 Mon Sep 17 00:00:00 2001
From: Lorenzo Moscati <lorenzo@moscati.page>
Date: Tue, 16 Sep 2025 13:39:01 +0200
Subject: [PATCH 279/524] Guard against null or missing keys.

Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
---
 php/src/Controller/DockerController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index dd6b1076..8473ed57 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -171,7 +171,7 @@ readonly class DockerController {
         $uri = $request->getUri();
         $host = $uri->getHost();
         $port = $uri->getPort();
-        $path = $request->getParsedBody()['base_path'];
+        $path = $request->getParsedBody()['base_path'] ?? '';
         if ($port === 8000) {
             error_log('The AIO_URL-port was discovered to be 8000 which is not expected. It is now set to 443.');
             $port = 443;

From 10529a597c3292ff8ecc8e51692433240ebe2b9d Mon Sep 17 00:00:00 2001
From: Lorenzo Moscati <lorenzo@moscati.page>
Date: Tue, 14 Oct 2025 15:59:28 +0200
Subject: [PATCH 280/524] Added suggested changes

Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
---
 php/public/base_path.js                |  8 ++++++--
 php/src/Controller/LoginController.php |  2 +-
 php/src/Middleware/AuthMiddleware.php  | 17 +++++++++++++----
 3 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/php/public/base_path.js b/php/public/base_path.js
index 67c1a4a7..a55ed943 100644
--- a/php/public/base_path.js
+++ b/php/public/base_path.js
@@ -1,3 +1,7 @@
-document.addEventListener("DOMContentLoaded", function(event) {
-    document.getElementById("base_path") && (document.getElementById("base_path").value = window.location.pathname.slice(0, -11));
+document.addEventListener("DOMContentLoaded", function() {
+    basePath = document.getElementById("base_path")
+    if (basePath) {
+        // Remove '/containers' from the end of the path, to get the base path only
+        basePath.value = window.location.pathname.slice(0, -11);
+    }
 });
\ No newline at end of file
diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php
index 233a795e..412ff9df 100644
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -45,7 +45,7 @@ readonly class LoginController {
     {
         $this->authManager->SetAuthState(false);
         return $response
-            ->withHeader('Location', '.')
+            ->withHeader('Location', '../..')
             ->withStatus(302);
     }
 }
diff --git a/php/src/Middleware/AuthMiddleware.php b/php/src/Middleware/AuthMiddleware.php
index a54f47a6..724f1776 100644
--- a/php/src/Middleware/AuthMiddleware.php
+++ b/php/src/Middleware/AuthMiddleware.php
@@ -27,14 +27,23 @@ readonly class AuthMiddleware {
         if(!in_array($request->getUri()->getPath(), $publicRoutes)) {
             if(!$this->authManager->IsAuthenticated()) {
                 $status = 302;
-                if(count(explode('/', $request->getUri()->getPath())) > 2) {
+
+                // Check the url of the request: split the string by '/' and count the number of elements
+                // Note that the path that gets to this middleware is not aware of any base path managed by a reverse proxy, so if the url is 'https://example.com/AIO/somepage', the path will be 'https://mastercontainer/somepage'
+                if (count(explode('/', $request->getUri()->getPath())) < 2) {
+                    // If there are less than 2 elements it means we are somewhere in the root folder (no '/', so no subfolder), so we redirect to the same folder level to offload the redirection to the appropriate page to 'index.php' (specifically, once in the root level the login page will be loaded since we are not authenticated)
+                    $location = '.';
+                } else {
+                    // If there are 2 or more elements it means we are in a subfolder, so we need to go back to the root folder
+                    // In the best case we need to go back by 1 level only
                     $location = '..';
-                    for($i = 0; $i < count(explode('/', $request->getUri()->getPath())) - 3; $i++) {
+                    // In the worst case we need to go back by n levels, where n is the number of elements - 2 (the first element is not a folder, the second element is already accounted for by the initial '..')
+                    for ($i = 1; $i < count(explode('/', $request->getUri()->getPath())) - 2; $i++) {
+                        // For each extra level we need to go back by another level
                         $location = $location . '/..';
                     }
-                } else {
-                    $location = '.';
                 }
+
                 $headers = ['Location' => $location];
                 $response = new Response($status, $headers);
                 return $response;

From e614202a9468c8702a40ff488829897a2aa26fd2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Nov 2025 16:17:44 +0100
Subject: [PATCH 281/524] increase to v12.0.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 1e795149..5d479538 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.11.0</h1>
+            <h1>Nextcloud AIO v12.0.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From f1e7460f6eb1b47de7973c0b4492d682837c2426 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Nov 2025 04:15:07 +0000
Subject: [PATCH 282/524] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.6.2.1 to 25.04.7.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.7.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 347ae83f..10f068ea 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.6.2.1
+FROM collabora/code:25.04.7.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 4ba7f1ed6468e8da132560fe8cae12a092cbdac7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 16 Oct 2025 10:59:17 +0200
Subject: [PATCH 283/524] collabora: load seccomp profile on the fly

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/collabora.yml         |  29 +
 nextcloud-aio-helm-chart/update-helm.sh |   2 +-
 php/containers.json                     |   7 +-
 php/cool-seccomp-profile.json           | 844 ++++++++++++++++++++++++
 php/psalm-baseline.xml                  |   2 +
 php/src/Data/DataConst.php              |   4 +
 php/src/Docker/DockerActionManager.php  |  18 +-
 7 files changed, 899 insertions(+), 7 deletions(-)
 create mode 100644 .github/workflows/collabora.yml
 create mode 100644 php/cool-seccomp-profile.json

diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
new file mode 100644
index 00000000..92434695
--- /dev/null
+++ b/.github/workflows/collabora.yml
@@ -0,0 +1,29 @@
+name: collabora-update
+
+on:
+  workflow_dispatch:
+  schedule:
+  - cron:  '00 12 * * *'
+
+jobs:
+  collabora-update:
+    name: update collabora
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v5
+    - name: Run collabora-profile-update
+      run: |
+        rm -f php/cool-seccomp-profile.json
+        wget https://raw.githubusercontent.com/CollaboraOnline/online/refs/heads/master/docker/cool-seccomp-profile.json
+        mv cool-seccomp-profile.json php/
+        
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      with:
+        commit-message: collabora-seccomp-update automated change
+        signoff: true
+        title: collabora seccomp update
+        body: Automated collabora seccomp profile update
+        labels: dependencies, 3. to review
+        milestone: next
+        branch: collabora-seccomp-update
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 9c249cb1..d63dd39e 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -27,7 +27,7 @@ cp latest.yml latest.yml.backup
 
 # Additional config
 # shellcheck disable=SC1083
-sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN|CHOWN|SYS_CHROOT|FOWNER)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
+sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN|CHOWN|SYS_CHROOT|FOWNER|MAC_OVERRIDE|BLOCK_SUSPEND|AUDIT_READ)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
 cp sample.conf /tmp/
 sed -i 's|^|export |' /tmp/sample.conf
 # shellcheck disable=SC1091
diff --git a/php/containers.json b/php/containers.json
index 4506c09e..1a775c98 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -380,7 +380,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",
@@ -399,7 +399,10 @@
         "SYS_ADMIN",
         "SYS_CHROOT",
         "FOWNER",
-        "CHOWN"
+        "CHOWN",
+        "MAC_OVERRIDE",
+        "BLOCK_SUSPEND",
+        "AUDIT_READ"
       ],
       "cap_drop": [
         "NET_RAW"
diff --git a/php/cool-seccomp-profile.json b/php/cool-seccomp-profile.json
new file mode 100644
index 00000000..ed2320ca
--- /dev/null
+++ b/php/cool-seccomp-profile.json
@@ -0,0 +1,844 @@
+{
+  "defaultAction": "SCMP_ACT_ERRNO",
+  "defaultErrnoRet": 1,
+  "archMap": [
+    {
+      "architecture": "SCMP_ARCH_X86_64",
+      "subArchitectures": [
+        "SCMP_ARCH_X86",
+        "SCMP_ARCH_X32"
+      ]
+    },
+    {
+      "architecture": "SCMP_ARCH_AARCH64",
+      "subArchitectures": [
+        "SCMP_ARCH_ARM"
+      ]
+    },
+    {
+      "architecture": "SCMP_ARCH_MIPS64",
+      "subArchitectures": [
+        "SCMP_ARCH_MIPS",
+        "SCMP_ARCH_MIPS64N32"
+      ]
+    },
+    {
+      "architecture": "SCMP_ARCH_MIPS64N32",
+      "subArchitectures": [
+        "SCMP_ARCH_MIPS",
+        "SCMP_ARCH_MIPS64"
+      ]
+    },
+    {
+      "architecture": "SCMP_ARCH_MIPSEL64",
+      "subArchitectures": [
+        "SCMP_ARCH_MIPSEL",
+        "SCMP_ARCH_MIPSEL64N32"
+      ]
+    },
+    {
+      "architecture": "SCMP_ARCH_MIPSEL64N32",
+      "subArchitectures": [
+        "SCMP_ARCH_MIPSEL",
+        "SCMP_ARCH_MIPSEL64"
+      ]
+    },
+    {
+      "architecture": "SCMP_ARCH_S390X",
+      "subArchitectures": [
+        "SCMP_ARCH_S390"
+      ]
+    },
+    {
+      "architecture": "SCMP_ARCH_RISCV64",
+      "subArchitectures": null
+    }
+  ],
+  "syscalls": [
+    {
+      "names": [
+        "unshare",
+        "mount",
+        "setns",
+        "clone",
+        "chroot",
+        "umount2"
+      ],
+      "action": "SCMP_ACT_ALLOW"
+    },
+    {
+      "names": [
+        "accept",
+        "accept4",
+        "access",
+        "adjtimex",
+        "alarm",
+        "bind",
+        "brk",
+        "cachestat",
+        "capget",
+        "capset",
+        "chdir",
+        "chmod",
+        "chown",
+        "chown32",
+        "clock_adjtime",
+        "clock_adjtime64",
+        "clock_getres",
+        "clock_getres_time64",
+        "clock_gettime",
+        "clock_gettime64",
+        "clock_nanosleep",
+        "clock_nanosleep_time64",
+        "close",
+        "close_range",
+        "connect",
+        "copy_file_range",
+        "creat",
+        "dup",
+        "dup2",
+        "dup3",
+        "epoll_create",
+        "epoll_create1",
+        "epoll_ctl",
+        "epoll_ctl_old",
+        "epoll_pwait",
+        "epoll_pwait2",
+        "epoll_wait",
+        "epoll_wait_old",
+        "eventfd",
+        "eventfd2",
+        "execve",
+        "execveat",
+        "exit",
+        "exit_group",
+        "faccessat",
+        "faccessat2",
+        "fadvise64",
+        "fadvise64_64",
+        "fallocate",
+        "fanotify_mark",
+        "fchdir",
+        "fchmod",
+        "fchmodat",
+        "fchmodat2",
+        "fchown",
+        "fchown32",
+        "fchownat",
+        "fcntl",
+        "fcntl64",
+        "fdatasync",
+        "fgetxattr",
+        "flistxattr",
+        "flock",
+        "fork",
+        "fremovexattr",
+        "fsetxattr",
+        "fstat",
+        "fstat64",
+        "fstatat64",
+        "fstatfs",
+        "fstatfs64",
+        "fsync",
+        "ftruncate",
+        "ftruncate64",
+        "futex",
+        "futex_requeue",
+        "futex_time64",
+        "futex_wait",
+        "futex_waitv",
+        "futex_wake",
+        "futimesat",
+        "getcpu",
+        "getcwd",
+        "getdents",
+        "getdents64",
+        "getegid",
+        "getegid32",
+        "geteuid",
+        "geteuid32",
+        "getgid",
+        "getgid32",
+        "getgroups",
+        "getgroups32",
+        "getitimer",
+        "getpeername",
+        "getpgid",
+        "getpgrp",
+        "getpid",
+        "getppid",
+        "getpriority",
+        "getrandom",
+        "getresgid",
+        "getresgid32",
+        "getresuid",
+        "getresuid32",
+        "getrlimit",
+        "get_robust_list",
+        "getrusage",
+        "getsid",
+        "getsockname",
+        "getsockopt",
+        "get_thread_area",
+        "gettid",
+        "gettimeofday",
+        "getuid",
+        "getuid32",
+        "getxattr",
+        "inotify_add_watch",
+        "inotify_init",
+        "inotify_init1",
+        "inotify_rm_watch",
+        "io_cancel",
+        "ioctl",
+        "io_destroy",
+        "io_getevents",
+        "io_pgetevents",
+        "io_pgetevents_time64",
+        "ioprio_get",
+        "ioprio_set",
+        "io_setup",
+        "io_submit",
+        "ipc",
+        "kill",
+        "landlock_add_rule",
+        "landlock_create_ruleset",
+        "landlock_restrict_self",
+        "lchown",
+        "lchown32",
+        "lgetxattr",
+        "link",
+        "linkat",
+        "listen",
+        "listxattr",
+        "llistxattr",
+        "_llseek",
+        "lremovexattr",
+        "lseek",
+        "lsetxattr",
+        "lstat",
+        "lstat64",
+        "madvise",
+        "map_shadow_stack",
+        "membarrier",
+        "memfd_create",
+        "memfd_secret",
+        "mincore",
+        "mkdir",
+        "mkdirat",
+        "mknod",
+        "mknodat",
+        "mlock",
+        "mlock2",
+        "mlockall",
+        "mmap",
+        "mmap2",
+        "mprotect",
+        "mq_getsetattr",
+        "mq_notify",
+        "mq_open",
+        "mq_timedreceive",
+        "mq_timedreceive_time64",
+        "mq_timedsend",
+        "mq_timedsend_time64",
+        "mq_unlink",
+        "mremap",
+        "msgctl",
+        "msgget",
+        "msgrcv",
+        "msgsnd",
+        "msync",
+        "munlock",
+        "munlockall",
+        "munmap",
+        "name_to_handle_at",
+        "nanosleep",
+        "newfstatat",
+        "_newselect",
+        "open",
+        "openat",
+        "openat2",
+        "pause",
+        "pidfd_open",
+        "pidfd_send_signal",
+        "pipe",
+        "pipe2",
+        "pkey_alloc",
+        "pkey_free",
+        "pkey_mprotect",
+        "poll",
+        "ppoll",
+        "ppoll_time64",
+        "prctl",
+        "pread64",
+        "preadv",
+        "preadv2",
+        "prlimit64",
+        "process_mrelease",
+        "pselect6",
+        "pselect6_time64",
+        "pwrite64",
+        "pwritev",
+        "pwritev2",
+        "read",
+        "readahead",
+        "readlink",
+        "readlinkat",
+        "readv",
+        "recv",
+        "recvfrom",
+        "recvmmsg",
+        "recvmmsg_time64",
+        "recvmsg",
+        "remap_file_pages",
+        "removexattr",
+        "rename",
+        "renameat",
+        "renameat2",
+        "restart_syscall",
+        "rmdir",
+        "rseq",
+        "rt_sigaction",
+        "rt_sigpending",
+        "rt_sigprocmask",
+        "rt_sigqueueinfo",
+        "rt_sigreturn",
+        "rt_sigsuspend",
+        "rt_sigtimedwait",
+        "rt_sigtimedwait_time64",
+        "rt_tgsigqueueinfo",
+        "sched_getaffinity",
+        "sched_getattr",
+        "sched_getparam",
+        "sched_get_priority_max",
+        "sched_get_priority_min",
+        "sched_getscheduler",
+        "sched_rr_get_interval",
+        "sched_rr_get_interval_time64",
+        "sched_setaffinity",
+        "sched_setattr",
+        "sched_setparam",
+        "sched_setscheduler",
+        "sched_yield",
+        "seccomp",
+        "select",
+        "semctl",
+        "semget",
+        "semop",
+        "semtimedop",
+        "semtimedop_time64",
+        "send",
+        "sendfile",
+        "sendfile64",
+        "sendmmsg",
+        "sendmsg",
+        "sendto",
+        "setfsgid",
+        "setfsgid32",
+        "setfsuid",
+        "setfsuid32",
+        "setgid",
+        "setgid32",
+        "setgroups",
+        "setgroups32",
+        "setitimer",
+        "setpgid",
+        "setpriority",
+        "setregid",
+        "setregid32",
+        "setresgid",
+        "setresgid32",
+        "setresuid",
+        "setresuid32",
+        "setreuid",
+        "setreuid32",
+        "setrlimit",
+        "set_robust_list",
+        "setsid",
+        "setsockopt",
+        "set_thread_area",
+        "set_tid_address",
+        "setuid",
+        "setuid32",
+        "setxattr",
+        "shmat",
+        "shmctl",
+        "shmdt",
+        "shmget",
+        "shutdown",
+        "sigaltstack",
+        "signalfd",
+        "signalfd4",
+        "sigprocmask",
+        "sigreturn",
+        "socketcall",
+        "socketpair",
+        "splice",
+        "stat",
+        "stat64",
+        "statfs",
+        "statfs64",
+        "statx",
+        "symlink",
+        "symlinkat",
+        "sync",
+        "sync_file_range",
+        "syncfs",
+        "sysinfo",
+        "tee",
+        "tgkill",
+        "time",
+        "timer_create",
+        "timer_delete",
+        "timer_getoverrun",
+        "timer_gettime",
+        "timer_gettime64",
+        "timer_settime",
+        "timer_settime64",
+        "timerfd_create",
+        "timerfd_gettime",
+        "timerfd_gettime64",
+        "timerfd_settime",
+        "timerfd_settime64",
+        "times",
+        "tkill",
+        "truncate",
+        "truncate64",
+        "ugetrlimit",
+        "umask",
+        "uname",
+        "unlink",
+        "unlinkat",
+        "utime",
+        "utimensat",
+        "utimensat_time64",
+        "utimes",
+        "vfork",
+        "vmsplice",
+        "wait4",
+        "waitid",
+        "waitpid",
+        "write",
+        "writev"
+      ],
+      "action": "SCMP_ACT_ALLOW"
+    },
+    {
+      "names": [
+        "process_vm_readv",
+        "process_vm_writev",
+        "ptrace"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "minKernel": "4.8"
+      }
+    },
+    {
+      "names": [
+        "socket"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 40,
+          "op": "SCMP_CMP_NE"
+        }
+      ]
+    },
+    {
+      "names": [
+        "personality"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 0,
+          "op": "SCMP_CMP_EQ"
+        }
+      ]
+    },
+    {
+      "names": [
+        "personality"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 8,
+          "op": "SCMP_CMP_EQ"
+        }
+      ]
+    },
+    {
+      "names": [
+        "personality"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 131072,
+          "op": "SCMP_CMP_EQ"
+        }
+      ]
+    },
+    {
+      "names": [
+        "personality"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 131080,
+          "op": "SCMP_CMP_EQ"
+        }
+      ]
+    },
+    {
+      "names": [
+        "personality"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 4294967295,
+          "op": "SCMP_CMP_EQ"
+        }
+      ]
+    },
+    {
+      "names": [
+        "sync_file_range2",
+        "swapcontext"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "arches": [
+          "ppc64le"
+        ]
+      }
+    },
+    {
+      "names": [
+        "arm_fadvise64_64",
+        "arm_sync_file_range",
+        "sync_file_range2",
+        "breakpoint",
+        "cacheflush",
+        "set_tls"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "arches": [
+          "arm",
+          "arm64"
+        ]
+      }
+    },
+    {
+      "names": [
+        "arch_prctl"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "arches": [
+          "amd64",
+          "x32"
+        ]
+      }
+    },
+    {
+      "names": [
+        "modify_ldt"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "arches": [
+          "amd64",
+          "x32",
+          "x86"
+        ]
+      }
+    },
+    {
+      "names": [
+        "s390_pci_mmio_read",
+        "s390_pci_mmio_write",
+        "s390_runtime_instr"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "arches": [
+          "s390",
+          "s390x"
+        ]
+      }
+    },
+    {
+      "names": [
+        "riscv_flush_icache"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "arches": [
+          "riscv64"
+        ]
+      }
+    },
+    {
+      "names": [
+        "open_by_handle_at"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_DAC_READ_SEARCH"
+        ]
+      }
+    },
+    {
+      "names": [
+        "bpf",
+        "clone",
+        "clone3",
+        "fanotify_init",
+        "fsconfig",
+        "fsmount",
+        "fsopen",
+        "fspick",
+        "lookup_dcookie",
+        "mount",
+        "mount_setattr",
+        "move_mount",
+        "open_tree",
+        "perf_event_open",
+        "quotactl",
+        "quotactl_fd",
+        "setdomainname",
+        "sethostname",
+        "setns",
+        "syslog",
+        "umount",
+        "umount2",
+        "unshare"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_ADMIN"
+        ]
+      }
+    },
+    {
+      "names": [
+        "clone"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 2114060288,
+          "op": "SCMP_CMP_MASKED_EQ"
+        }
+      ],
+      "excludes": {
+        "caps": [
+          "CAP_SYS_ADMIN"
+        ],
+        "arches": [
+          "s390",
+          "s390x"
+        ]
+      }
+    },
+    {
+      "names": [
+        "clone"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 1,
+          "value": 2114060288,
+          "op": "SCMP_CMP_MASKED_EQ"
+        }
+      ],
+      "comment": "s390 parameter ordering for clone is different",
+      "includes": {
+        "arches": [
+          "s390",
+          "s390x"
+        ]
+      },
+      "excludes": {
+        "caps": [
+          "CAP_SYS_ADMIN"
+        ]
+      }
+    },
+    {
+      "names": [
+        "clone3"
+      ],
+      "action": "SCMP_ACT_ERRNO",
+      "errnoRet": 38,
+      "excludes": {
+        "caps": [
+          "CAP_SYS_ADMIN"
+        ]
+      }
+    },
+    {
+      "names": [
+        "reboot"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_BOOT"
+        ]
+      }
+    },
+    {
+      "names": [
+        "chroot"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_CHROOT"
+        ]
+      }
+    },
+    {
+      "names": [
+        "delete_module",
+        "init_module",
+        "finit_module"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_MODULE"
+        ]
+      }
+    },
+    {
+      "names": [
+        "acct"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_PACCT"
+        ]
+      }
+    },
+    {
+      "names": [
+        "kcmp",
+        "pidfd_getfd",
+        "process_madvise",
+        "process_vm_readv",
+        "process_vm_writev",
+        "ptrace"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_PTRACE"
+        ]
+      }
+    },
+    {
+      "names": [
+        "iopl",
+        "ioperm"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_RAWIO"
+        ]
+      }
+    },
+    {
+      "names": [
+        "settimeofday",
+        "stime",
+        "clock_settime",
+        "clock_settime64"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_TIME"
+        ]
+      }
+    },
+    {
+      "names": [
+        "vhangup"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_TTY_CONFIG"
+        ]
+      }
+    },
+    {
+      "names": [
+        "get_mempolicy",
+        "mbind",
+        "set_mempolicy",
+        "set_mempolicy_home_node"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_NICE"
+        ]
+      }
+    },
+    {
+      "names": [
+        "syslog"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYSLOG"
+        ]
+      }
+    },
+    {
+      "names": [
+        "bpf"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_BPF"
+        ]
+      }
+    },
+    {
+      "names": [
+        "perf_event_open"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_PERFMON"
+        ]
+      }
+    }
+  ]
+}
diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 93ddb312..03249af4 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -35,6 +35,7 @@
   </file>
   <file src="src/Data/DataConst.php">
     <FalsableReturnStatement>
+      <code><![CDATA[realpath(__DIR__ . '/../cool-seccomp-profile.json')]]></code>
       <code><![CDATA[realpath(__DIR__ . '/../../../community-containers/')]]></code>
       <code><![CDATA[realpath(__DIR__ . '/../../data/')]]></code>
       <code><![CDATA[realpath(__DIR__ . '/../../session/')]]></code>
@@ -43,6 +44,7 @@
       <code><![CDATA[string]]></code>
       <code><![CDATA[string]]></code>
       <code><![CDATA[string]]></code>
+      <code><![CDATA[string]]></code>
     </InvalidFalsableReturnType>
   </file>
   <file src="src/Docker/DockerActionManager.php">
diff --git a/php/src/Data/DataConst.php b/php/src/Data/DataConst.php
index 4f697325..a777d997 100644
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@@ -58,4 +58,8 @@ class DataConst {
     public static function GetCommunityContainersDirectory() : string {
         return realpath(__DIR__ . '/../../../community-containers/');
     }
+
+    public static function GetCollaboraSeccompProfilePath() : string {
+        return realpath(__DIR__ . '/../cool-seccomp-profile.json');
+    }
 }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index d46bc5c9..a5da23f5 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -7,6 +7,7 @@ use AIO\Container\ContainerState;
 use AIO\Container\VersionState;
 use AIO\ContainerDefinitionFetcher;
 use AIO\Data\ConfigurationManager;
+use AIO\Data\DataConst;
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\RequestException;
 use http\Env\Response;
@@ -383,9 +384,10 @@ readonly class DockerActionManager {
                     }
                 }
             }
-            // Special things for the talk container which should not be exposed in the containers.json
+
+        // Special things for the talk container which should not be exposed in the containers.json
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') {
-            // This is needed due to a bug in libwebsockets which cannot handle unlimited ulimits
+            // This is needed due to a bug in libwebsockets used in Janus which cannot handle unlimited ulimits
             $requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]];
             // // Special things for the nextcloud container which should not be exposed in the containers.json
             // } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
@@ -395,11 +397,19 @@ readonly class DockerActionManager {
             //         }
             //         $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
             //     }
-            // Special things for the caddy community container
+
+        // Special things for the caddy community container
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-caddy') {
             $requestBody['HostConfig']['ExtraHosts'] = ['host.docker.internal:host-gateway'];
-            // Special things for the collabora container which should not be exposed in the containers.json
+
+        // Special things for the collabora container which should not be exposed in the containers.json
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
+            // Load reference seccomp profile for collabora
+            $seccompProfile = file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
+            $seccompProfile = addslashes($seccompProfile);
+            $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile", "no-new-privileges=true", "apparmor=unconfined"];
+
+            // Additional Collabora options
             if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') {
                 $requestBody['Cmd'] = [$this->configurationManager->GetAdditionalCollaboraOptions()];
             }

From 897e3e7e6e3bf523a936ff5fb10b6011a472c41f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 5 Nov 2025 11:36:46 +0100
Subject: [PATCH 284/524] move containers-definition-path to Dataconst

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/psalm-baseline.xml                 | 3 ++-
 php/src/ContainerDefinitionFetcher.php | 2 +-
 php/src/Data/DataConst.php             | 4 ++++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 03249af4..ff78305b 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -3,7 +3,6 @@
   <file src="src/ContainerDefinitionFetcher.php">
     <PossiblyFalseArgument>
       <code><![CDATA[file_get_contents($path)]]></code>
-      <code><![CDATA[file_get_contents(__DIR__ . '/../containers.json')]]></code>
     </PossiblyFalseArgument>
   </file>
   <file src="src/Controller/DockerController.php">
@@ -36,6 +35,7 @@
   <file src="src/Data/DataConst.php">
     <FalsableReturnStatement>
       <code><![CDATA[realpath(__DIR__ . '/../cool-seccomp-profile.json')]]></code>
+      <code><![CDATA[realpath(__DIR__ . '/../containers.json')]]></code>
       <code><![CDATA[realpath(__DIR__ . '/../../../community-containers/')]]></code>
       <code><![CDATA[realpath(__DIR__ . '/../../data/')]]></code>
       <code><![CDATA[realpath(__DIR__ . '/../../session/')]]></code>
@@ -45,6 +45,7 @@
       <code><![CDATA[string]]></code>
       <code><![CDATA[string]]></code>
       <code><![CDATA[string]]></code>
+      <code><![CDATA[string]]></code>
     </InvalidFalsableReturnType>
   </file>
   <file src="src/Docker/DockerActionManager.php">
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index a404e3a3..f352db8f 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -38,7 +38,7 @@ readonly class ContainerDefinitionFetcher {
      */
     private function GetDefinition(): array
     {
-        $data = json_decode(file_get_contents(__DIR__ . '/../containers.json'), true);
+        $data = json_decode(file_get_contents(DataConst::GetContainersDefinitionPath()), true);
 
         $additionalContainerNames = [];
         foreach ($this->configurationManager->GetEnabledCommunityContainers() as $communityContainer) {
diff --git a/php/src/Data/DataConst.php b/php/src/Data/DataConst.php
index a777d997..1db2f6ae 100644
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@@ -62,4 +62,8 @@ class DataConst {
     public static function GetCollaboraSeccompProfilePath() : string {
         return realpath(__DIR__ . '/../cool-seccomp-profile.json');
     }
+
+    public static function GetContainersDefinitionPath() : string {
+        return realpath(__DIR__ . '/../containers.json');
+    }
 }

From df0f7b8d851eec11ccc1df7088625b1fe975e0a5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 5 Nov 2025 12:24:43 +0100
Subject: [PATCH 285/524] fix return type of dataconst

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/psalm-baseline.xml     | 16 ----------------
 php/src/Data/DataConst.php | 10 +++++-----
 2 files changed, 5 insertions(+), 21 deletions(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index ff78305b..662afd35 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -32,22 +32,6 @@
       <code><![CDATA[file_get_contents(DataConst::GetBackupPublicKey())]]></code>
     </PossiblyFalseArgument>
   </file>
-  <file src="src/Data/DataConst.php">
-    <FalsableReturnStatement>
-      <code><![CDATA[realpath(__DIR__ . '/../cool-seccomp-profile.json')]]></code>
-      <code><![CDATA[realpath(__DIR__ . '/../containers.json')]]></code>
-      <code><![CDATA[realpath(__DIR__ . '/../../../community-containers/')]]></code>
-      <code><![CDATA[realpath(__DIR__ . '/../../data/')]]></code>
-      <code><![CDATA[realpath(__DIR__ . '/../../session/')]]></code>
-    </FalsableReturnStatement>
-    <InvalidFalsableReturnType>
-      <code><![CDATA[string]]></code>
-      <code><![CDATA[string]]></code>
-      <code><![CDATA[string]]></code>
-      <code><![CDATA[string]]></code>
-      <code><![CDATA[string]]></code>
-    </InvalidFalsableReturnType>
-  </file>
   <file src="src/Docker/DockerActionManager.php">
     <PossiblyFalseArgument>
       <code><![CDATA[$line]]></code>
diff --git a/php/src/Data/DataConst.php b/php/src/Data/DataConst.php
index 1db2f6ae..099079c6 100644
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@@ -8,7 +8,7 @@ class DataConst {
             return '/mnt/docker-aio-config/data/';
         }
 
-        return realpath(__DIR__ . '/../../data/');
+        return (string)realpath(__DIR__ . '/../../data/');
     }
 
     public static function GetSessionDirectory() : string {
@@ -16,7 +16,7 @@ class DataConst {
             return '/mnt/docker-aio-config/session/';
         }
 
-        return realpath(__DIR__ . '/../../session/');
+        return (string)realpath(__DIR__ . '/../../session/');
     }
 
     public static function GetConfigFile() : string {
@@ -56,14 +56,14 @@ class DataConst {
     }
 
     public static function GetCommunityContainersDirectory() : string {
-        return realpath(__DIR__ . '/../../../community-containers/');
+        return (string)realpath(__DIR__ . '/../../../community-containers/');
     }
 
     public static function GetCollaboraSeccompProfilePath() : string {
-        return realpath(__DIR__ . '/../cool-seccomp-profile.json');
+        return (string)realpath(__DIR__ . '/../cool-seccomp-profile.json');
     }
 
     public static function GetContainersDefinitionPath() : string {
-        return realpath(__DIR__ . '/../containers.json');
+        return (string)realpath(__DIR__ . '/../containers.json');
     }
 }

From 6f945a236952c0a0df98952ed8e19f2d2e4afb86 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 5 Nov 2025 12:33:07 +0100
Subject: [PATCH 286/524] json_decode: always throw on error and fix other
 psalm issues

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/psalm-baseline.xml                        |  6 -----
 php/src/ContainerDefinitionFetcher.php        |  4 ++--
 php/src/Data/ConfigurationManager.php         |  4 ++--
 php/src/Docker/DockerActionManager.php        | 24 ++++++++++---------
 php/src/Docker/DockerHubManager.php           |  2 +-
 .../Docker/GitHubContainerRegistryManager.php |  2 +-
 6 files changed, 19 insertions(+), 23 deletions(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 662afd35..3008379c 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,10 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <files psalm-version="6.13.1@1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51">
-  <file src="src/ContainerDefinitionFetcher.php">
-    <PossiblyFalseArgument>
-      <code><![CDATA[file_get_contents($path)]]></code>
-    </PossiblyFalseArgument>
-  </file>
   <file src="src/Controller/DockerController.php">
     <InvalidOperand>
       <code><![CDATA[$port]]></code>
@@ -29,7 +24,6 @@
       <code><![CDATA[$content]]></code>
       <code><![CDATA[$dailyBackupFile]]></code>
       <code><![CDATA[$dailyBackupFile]]></code>
-      <code><![CDATA[file_get_contents(DataConst::GetBackupPublicKey())]]></code>
     </PossiblyFalseArgument>
   </file>
   <file src="src/Docker/DockerActionManager.php">
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index f352db8f..2ea04d82 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -38,13 +38,13 @@ readonly class ContainerDefinitionFetcher {
      */
     private function GetDefinition(): array
     {
-        $data = json_decode(file_get_contents(DataConst::GetContainersDefinitionPath()), true);
+        $data = json_decode((string)file_get_contents(DataConst::GetContainersDefinitionPath()), true, 512, JSON_THROW_ON_ERROR);
 
         $additionalContainerNames = [];
         foreach ($this->configurationManager->GetEnabledCommunityContainers() as $communityContainer) {
             if ($communityContainer !== '') {
                 $path = DataConst::GetCommunityContainersDirectory() . '/' . $communityContainer . '/' . $communityContainer . '.json';
-                $additionalData = json_decode(file_get_contents($path), true);
+                $additionalData = json_decode((string)file_get_contents($path), true, 512, JSON_THROW_ON_ERROR);
                 $data = array_merge_recursive($data, $additionalData);
                 if (isset($additionalData['aio_services_v1'][0]['display_name']) && $additionalData['aio_services_v1'][0]['display_name'] !== '') {
                     // Store container_name of community containers in variable for later
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 1a2b4461..50937222 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -636,7 +636,7 @@ class ConfigurationManager
             return "";
         }
 
-        return trim(file_get_contents(DataConst::GetBackupPublicKey()));
+        return trim((string)file_get_contents(DataConst::GetBackupPublicKey()));
     }
 
     public function GetBorgRestorePassword() : string {
@@ -1040,7 +1040,7 @@ class ConfigurationManager
                     apcu_add($filePath, $fileContents);
                 }
             } 
-            $json = is_string($fileContents) ? json_decode($fileContents, true) : false;
+            $json = is_string($fileContents) ? json_decode($fileContents, true, 512, JSON_THROW_ON_ERROR) : false;
             if(is_array($json) && is_array($json['aio_services_v1'])) {
                 foreach ($json['aio_services_v1'] as $service) {
                     $documentation = is_string($service['documentation']) ? $service['documentation'] : '';
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index a5da23f5..ffa0ca2a 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -48,7 +48,7 @@ readonly class DockerActionManager {
             throw $e;
         }
 
-        $responseBody = json_decode((string)$response->getBody(), true);
+        $responseBody = json_decode((string)$response->getBody(), true, 512, JSON_THROW_ON_ERROR);
 
         if ($responseBody['State']['Running'] === true) {
             return ContainerState::Running;
@@ -68,7 +68,7 @@ readonly class DockerActionManager {
             throw $e;
         }
 
-        $responseBody = json_decode((string)$response->getBody(), true);
+        $responseBody = json_decode((string)$response->getBody(), true, 512, JSON_THROW_ON_ERROR);
 
         if ($responseBody['State']['Restarting'] === true) {
             return ContainerState::Restarting;
@@ -405,7 +405,7 @@ readonly class DockerActionManager {
         // Special things for the collabora container which should not be exposed in the containers.json
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
             // Load reference seccomp profile for collabora
-            $seccompProfile = file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
+            $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
             $seccompProfile = addslashes($seccompProfile);
             $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile", "no-new-privileges=true", "apparmor=unconfined"];
 
@@ -643,11 +643,11 @@ readonly class DockerActionManager {
     private function GetRepoDigestsOfContainer(string $containerName): ?array {
         try {
             $containerUrl = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
-            $containerOutput = json_decode($this->guzzleClient->get($containerUrl)->getBody()->getContents(), true);
+            $containerOutput = json_decode($this->guzzleClient->get($containerUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
             $imageName = $containerOutput['Image'];
 
             $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
-            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true);
+            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
 
             if (!isset($imageOutput['RepoDigests'])) {
                 error_log('RepoDigests is not set of container ' . $containerName);
@@ -691,7 +691,7 @@ readonly class DockerActionManager {
         $containerName = 'nextcloud-aio-mastercontainer';
         $url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
         try {
-            $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true);
+            $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
             $imageNameArray = explode(':', $output['Config']['Image']);
             if (count($imageNameArray) === 2) {
                 $imageName = $imageNameArray[0];
@@ -718,7 +718,7 @@ readonly class DockerActionManager {
         $containerName = 'nextcloud-aio-mastercontainer';
         $url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
         try {
-            $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true);
+            $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
             $tagArray = explode(':', $output['Config']['Image']);
             if (count($tagArray) === 2) {
                 $tag = $tagArray[1];
@@ -782,7 +782,9 @@ readonly class DockerActionManager {
                         ],
                     ]
                 )->getBody()->getContents(),
-                true
+                true,
+                512, 
+                JSON_THROW_ON_ERROR,
             );
 
             $id = $response['Id'];
@@ -924,7 +926,7 @@ readonly class DockerActionManager {
             throw $e;
         }
 
-        $responseBody = json_decode((string)$response->getBody(), true);
+        $responseBody = json_decode((string)$response->getBody(), true, 512, JSON_THROW_ON_ERROR);
 
         $exitCode = $responseBody['State']['ExitCode'];
         if (is_int($exitCode)) {
@@ -946,7 +948,7 @@ readonly class DockerActionManager {
             throw $e;
         }
 
-        $responseBody = json_decode((string)$response->getBody(), true);
+        $responseBody = json_decode((string)$response->getBody(), true, 512, JSON_THROW_ON_ERROR);
 
         $exitCode = $responseBody['State']['ExitCode'];
         if (is_int($exitCode)) {
@@ -978,7 +980,7 @@ readonly class DockerActionManager {
         $imageName = $imageName . ':' . $this->GetCurrentChannel();
         try {
             $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
-            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true);
+            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
 
             if (!isset($imageOutput['Created'])) {
                 error_log('Created is not set of image ' . $imageName);
diff --git a/php/src/Docker/DockerHubManager.php b/php/src/Docker/DockerHubManager.php
index 9bf4ad29..256d592e 100644
--- a/php/src/Docker/DockerHubManager.php
+++ b/php/src/Docker/DockerHubManager.php
@@ -30,7 +30,7 @@ readonly class DockerHubManager {
                 'https://auth.docker.io/token?service=registry.docker.io&scope=repository:' . $name . ':pull'
             );
             $body = $authTokenRequest->getBody()->getContents();
-            $decodedBody = json_decode($body, true);
+            $decodedBody = json_decode($body, true, 512, JSON_THROW_ON_ERROR);
             if(isset($decodedBody['token'])) {
                 $authToken = $decodedBody['token'];
                 $manifestRequest = $this->guzzleClient->request(
diff --git a/php/src/Docker/GitHubContainerRegistryManager.php b/php/src/Docker/GitHubContainerRegistryManager.php
index d885ae09..eeecfb28 100644
--- a/php/src/Docker/GitHubContainerRegistryManager.php
+++ b/php/src/Docker/GitHubContainerRegistryManager.php
@@ -31,7 +31,7 @@ readonly class GitHubContainerRegistryManager
                 'https://ghcr.io/token?scope=repository:' . $name . ':pull'
             );
             $body = $authTokenRequest->getBody()->getContents();
-            $decodedBody = json_decode($body, true);
+            $decodedBody = json_decode($body, true, 512, JSON_THROW_ON_ERROR);
             if (isset($decodedBody['token'])) {
                 $authToken = $decodedBody['token'];
                 $manifestRequest = $this->guzzleClient->request(

From ab2043394095a724be709245a34c2e16312f72bb Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 5 Nov 2025 12:58:18 +0100
Subject: [PATCH 287/524] fix further psalm issues

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/psalm-baseline.xml                | 11 -----------
 php/src/Data/ConfigurationManager.php | 19 ++++++-------------
 2 files changed, 6 insertions(+), 24 deletions(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 3008379c..041cf87c 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -6,12 +6,6 @@
     </InvalidOperand>
   </file>
   <file src="src/Data/ConfigurationManager.php">
-    <FalsableReturnStatement>
-      <code><![CDATA[$additionalBackupDirectories]]></code>
-    </FalsableReturnStatement>
-    <InvalidFalsableReturnType>
-      <code><![CDATA[string]]></code>
-    </InvalidFalsableReturnType>
     <PossiblyFalseArgument>
       <code><![CDATA[$ch]]></code>
       <code><![CDATA[$ch]]></code>
@@ -19,11 +13,6 @@
       <code><![CDATA[$ch]]></code>
       <code><![CDATA[$ch]]></code>
       <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$configContent]]></code>
-      <code><![CDATA[$content]]></code>
-      <code><![CDATA[$content]]></code>
-      <code><![CDATA[$dailyBackupFile]]></code>
-      <code><![CDATA[$dailyBackupFile]]></code>
     </PossiblyFalseArgument>
   </file>
   <file src="src/Docker/DockerActionManager.php">
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 50937222..581550fb 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -13,7 +13,7 @@ class ConfigurationManager
     {
         if(file_exists(DataConst::GetConfigFile()))
         {
-            $configContent = file_get_contents(DataConst::GetConfigFile());
+            $configContent = (string)file_get_contents(DataConst::GetConfigFile());
             return json_decode($configContent, true, 512, JSON_THROW_ON_ERROR);
         }
 
@@ -80,10 +80,7 @@ class ConfigurationManager
             return '';
         }
 
-        $content = file_get_contents(DataConst::GetBackupArchivesList());
-        if ($content === '') {
-            return '';
-        }
+        $content = (string)file_get_contents(DataConst::GetBackupArchivesList());
 
         $lastBackupLines = explode("\n", $content);
         $lastBackupLine = "";
@@ -108,10 +105,7 @@ class ConfigurationManager
             return [];
         }
 
-        $content = file_get_contents(DataConst::GetBackupArchivesList());
-        if ($content === '') {
-            return [];
-        }
+        $content = (string)file_get_contents(DataConst::GetBackupArchivesList());
 
         $backupLines = explode("\n", $content);
         $backupTimes = [];
@@ -795,7 +789,7 @@ class ConfigurationManager
         if (!file_exists(DataConst::GetDailyBackupTimeFile())) {
             return '';
         }
-        $dailyBackupFile = file_get_contents(DataConst::GetDailyBackupTimeFile());
+        $dailyBackupFile = (string)file_get_contents(DataConst::GetDailyBackupTimeFile());
         $dailyBackupFileArray = explode("\n", $dailyBackupFile);
         return $dailyBackupFileArray[0];
     }
@@ -804,7 +798,7 @@ class ConfigurationManager
         if (!file_exists(DataConst::GetDailyBackupTimeFile())) {
             return false;
         }
-        $dailyBackupFile = file_get_contents(DataConst::GetDailyBackupTimeFile());
+        $dailyBackupFile = (string)file_get_contents(DataConst::GetDailyBackupTimeFile());
         $dailyBackupFileArray = explode("\n", $dailyBackupFile);
         if (isset($dailyBackupFileArray[1]) && $dailyBackupFileArray[1] === 'automaticUpdatesAreNotEnabled') {
             return false;
@@ -855,8 +849,7 @@ class ConfigurationManager
         if (!file_exists(DataConst::GetAdditionalBackupDirectoriesFile())) {
             return '';
         }
-        $additionalBackupDirectories = file_get_contents(DataConst::GetAdditionalBackupDirectoriesFile());
-        return $additionalBackupDirectories;
+        return (string)file_get_contents(DataConst::GetAdditionalBackupDirectoriesFile());
     }
 
     public function GetAdditionalBackupDirectoriesArray() : array {

From c57610b1b939188f02f84c06ece837a6fdae1355 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 5 Nov 2025 12:11:43 +0000
Subject: [PATCH 288/524] watchtower-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index e3858248..46f16459 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.3-alpine3.22 AS go
 
-ENV WATCHTOWER_COMMIT_HASH=v1.12.1
+ENV WATCHTOWER_COMMIT_HASH=9130559da17f882f2db4dbc2a3ed0425f41f25e4	 # v1.12.1
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 29831f4e4b0bd65e175a67768342756cfc4365c0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Nov 2025 04:16:23 +0000
Subject: [PATCH 289/524] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.25.3-alpine3.22 to 1.25.4-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.4-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 47eccfad..6eeb4661 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.3-alpine3.22 AS go
+FROM golang:1.25.4-alpine3.22 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From 43a2b27180cac7f0f6cc935a8209af71ef4a04fe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Nov 2025 04:16:29 +0000
Subject: [PATCH 290/524] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.5.1-cli to 28.5.2-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.5.2-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 20f22421..24b7cee0 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.5.1-cli AS docker
+FROM docker:28.5.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From 2da872244c995e71553a60373e772a474bdc412a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Nov 2025 04:17:20 +0000
Subject: [PATCH 291/524] build(deps): bump golang in /Containers/watchtower

Bumps golang from 1.25.3-alpine3.22 to 1.25.4-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.4-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 46f16459..fe3cca1e 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.3-alpine3.22 AS go
+FROM golang:1.25.4-alpine3.22 AS go
 
 ENV WATCHTOWER_COMMIT_HASH=9130559da17f882f2db4dbc2a3ed0425f41f25e4	 # v1.12.1
 

From 0a4258423857ed0746e8815f24be1c64f16eba94 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Nov 2025 11:21:46 +0100
Subject: [PATCH 292/524] collabora: allow to use enterprise container image
 with support key

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/collabora-online/Dockerfile     | 15 +++++++++++++++
 Containers/collabora-online/healthcheck.sh |  7 +++++++
 nextcloud-aio-helm-chart/update-helm.sh    | 15 +++++++++++++++
 php/containers.json                        |  2 +-
 php/src/ContainerDefinitionFetcher.php     |  3 +++
 php/src/Data/ConfigurationManager.php      |  7 +++++++
 6 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 Containers/collabora-online/Dockerfile
 create mode 100644 Containers/collabora-online/healthcheck.sh

diff --git a/Containers/collabora-online/Dockerfile b/Containers/collabora-online/Dockerfile
new file mode 100644
index 00000000..72f79928
--- /dev/null
+++ b/Containers/collabora-online/Dockerfile
@@ -0,0 +1,15 @@
+# syntax=docker/dockerfile:latest
+# From https://gitlab.collabora.com/collabora-online/docker
+# hadolint ignore=DL3007
+FROM registry.gitlab.collabora.com/collabora-online/docker:latest
+
+USER root
+ARG DEBIAN_FRONTEND=noninteractive
+
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
+
+USER 1001
+
+HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
diff --git a/Containers/collabora-online/healthcheck.sh b/Containers/collabora-online/healthcheck.sh
new file mode 100644
index 00000000..45e9278b
--- /dev/null
+++ b/Containers/collabora-online/healthcheck.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Unfortunately, no curl and no nc is installed in the container 
+# and packages can also not be added as the package list is broken.
+# So always exiting 0 for now.
+# nc http://127.0.0.1:9980 || exit 1
+exit 0
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index d63dd39e..02428db8 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -343,6 +343,21 @@ EOL
 # shellcheck disable=SC1083
 find ./ -name '*talk-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-talk.config"  \{} \;
 
+# Additional collabora config
+# shellcheck disable=SC1083
+find ./ -name '*collabora-deployment.yaml' -exec sed -i "s/image: ghcr.io.*/IMAGE_PLACEHOLDER/"  \{} \;
+cat << EOL > /tmp/additional-collabora.config
+          {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:$DOCKER_TAG
+          {{- else }}
+          image: ghcr.io/nextcloud-releases/aio-collabora:$DOCKER_TAG
+          {{- end }}
+EOL
+# shellcheck disable=SC1083
+find ./ -name '*collabora-deployment.yaml' -exec sed -i "/IMAGE_PLACEHOLDER/r /tmp/additional-collabora.config"  \{} \;
+# shellcheck disable=SC1083
+find ./ -name '*collabora-deployment.yaml' -exec sed -i "/IMAGE_PLACEHOLDER/d"  \{} \;
+
 cat << EOL > templates/nextcloud-aio-networkpolicy.yaml
 {{- if eq .Values.NETWORK_POLICY_ENABLED "yes" }}
 # https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md
diff --git a/php/containers.json b/php/containers.json
index 1a775c98..df0e2d28 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -380,7 +380,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 2ea04d82..7b092e45 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -67,6 +67,9 @@ readonly class ContainerDefinitionFetcher {
                 if (!$this->configurationManager->isCollaboraEnabled()) {
                     continue;
                 }
+                if ($this->configurationManager->isCollaboraSubscriptionEnabled()) {
+                    $entry['image'] = 'ghcr.io/nextcloud-releases/aio-collabora-online';
+                }
             } elseif ($entry['container_name'] === 'nextcloud-aio-talk') {
                 if (!$this->configurationManager->isTalkEnabled()) {
                     continue;
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 50937222..58962248 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -978,6 +978,13 @@ class ConfigurationManager
         return $config['collabora_additional_options'];
     }
 
+    public function isCollaboraSubscriptionEnabled() : bool {
+        if (str_contains($this->GetAdditionalCollaboraOptions(), '--o:support_key=')) {
+            return true;
+        }
+        return false;
+    }
+
     public function DeleteAdditionalCollaboraOptions() : void {
         $config = $this->GetConfig();
         $config['collabora_additional_options'] = '';

From a7b9c95c6c5262cefadfefb031e3efe50f0bede8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Nov 2025 11:40:14 +0100
Subject: [PATCH 293/524] borg-init: remove unnecessary delete logic

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 41c05724..50815f38 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -138,11 +138,6 @@ if [ "$BORG_MODE" = backup ]; then
         NEW_REPOSITORY=1
         if ! borg init --debug --encryption=repokey-blake2; then
             echo "Could not initialize borg repository."
-            if [ -z "$BORG_REMOTE_REPO" ]; then
-                # Originally we checked for presence of the config file instead of calling `borg info`. Likely `borg info`
-                # will error on a partially initialized repo, so this line is probably no longer necessary
-                rm -f "$BORG_BACKUP_DIRECTORY/config"
-            fi
             exit 1
         fi
 

From 5657530508abad8165bbc53c6d35bc26ecf1a778 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 6 Nov 2025 12:03:27 +0000
Subject: [PATCH 294/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 93aeefab..3cb9d3eb 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1092,16 +1092,16 @@
         },
         {
             "name": "slim/csrf",
-            "version": "1.5.0",
+            "version": "1.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim-Csrf.git",
-                "reference": "179cbcf40ee1d246d4906aefed42d3e62066974b"
+                "reference": "a476a61e38451e138c400f6b4ca96037f3c2dd39"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/179cbcf40ee1d246d4906aefed42d3e62066974b",
-                "reference": "179cbcf40ee1d246d4906aefed42d3e62066974b",
+                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/a476a61e38451e138c400f6b4ca96037f3c2dd39",
+                "reference": "a476a61e38451e138c400f6b4ca96037f3c2dd39",
                 "shasum": ""
             },
             "require": {
@@ -1112,8 +1112,6 @@
                 "psr/http-server-middleware": "^1.0"
             },
             "require-dev": {
-                "phpspec/prophecy": "^1.19",
-                "phpspec/prophecy-phpunit": "^2.2",
                 "phpunit/phpunit": "^9.6",
                 "squizlabs/php_codesniffer": "^3.10"
             },
@@ -1144,9 +1142,9 @@
             ],
             "support": {
                 "issues": "https://github.com/slimphp/Slim-Csrf/issues",
-                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.5.0"
+                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.5.1"
             },
-            "time": "2024-06-08T16:37:18+00:00"
+            "time": "2025-11-02T14:58:28+00:00"
         },
         {
             "name": "slim/slim",

From 82c2d06c72725596994891a768900dc2c8b67b23 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 7 Nov 2025 12:03:28 +0000
Subject: [PATCH 295/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 3cb9d3eb..7f5742df 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3979,16 +3979,16 @@
         },
         {
             "name": "symfony/filesystem",
-            "version": "v7.3.2",
+            "version": "v7.3.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "edcbb768a186b5c3f25d0643159a787d3e63b7fd"
+                "reference": "e9bcfd7837928ab656276fe00464092cc9e1826a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/edcbb768a186b5c3f25d0643159a787d3e63b7fd",
-                "reference": "edcbb768a186b5c3f25d0643159a787d3e63b7fd",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/e9bcfd7837928ab656276fe00464092cc9e1826a",
+                "reference": "e9bcfd7837928ab656276fe00464092cc9e1826a",
                 "shasum": ""
             },
             "require": {
@@ -4025,7 +4025,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v7.3.2"
+                "source": "https://github.com/symfony/filesystem/tree/v7.3.6"
             },
             "funding": [
                 {
@@ -4045,7 +4045,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-07-07T08:17:47+00:00"
+            "time": "2025-11-05T09:52:27+00:00"
         },
         {
             "name": "symfony/finder",
@@ -4364,16 +4364,16 @@
         },
         {
             "name": "symfony/service-contracts",
-            "version": "v3.6.0",
+            "version": "v3.6.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/service-contracts.git",
-                "reference": "f021b05a130d35510bd6b25fe9053c2a8a15d5d4"
+                "reference": "45112560a3ba2d715666a509a0bc9521d10b6c43"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/service-contracts/zipball/f021b05a130d35510bd6b25fe9053c2a8a15d5d4",
-                "reference": "f021b05a130d35510bd6b25fe9053c2a8a15d5d4",
+                "url": "https://api.github.com/repos/symfony/service-contracts/zipball/45112560a3ba2d715666a509a0bc9521d10b6c43",
+                "reference": "45112560a3ba2d715666a509a0bc9521d10b6c43",
                 "shasum": ""
             },
             "require": {
@@ -4427,7 +4427,7 @@
                 "standards"
             ],
             "support": {
-                "source": "https://github.com/symfony/service-contracts/tree/v3.6.0"
+                "source": "https://github.com/symfony/service-contracts/tree/v3.6.1"
             },
             "funding": [
                 {
@@ -4438,12 +4438,16 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-04-25T09:37:31+00:00"
+            "time": "2025-07-15T11:30:57+00:00"
         },
         {
             "name": "symfony/string",

From 72b504951a5f0414f1c33be5c5e0df5ad0c04de0 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 7 Nov 2025 12:13:22 +0000
Subject: [PATCH 296/524] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 0617db93..413c74e5 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -85,7 +85,7 @@ RUN set -ex; \
     pecl install -o igbinary-3.2.16; \
     pecl install APCu-5.1.27; \
     pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.4.0; \
-    pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \
+    pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.3.0; \
    pecl install -o imagick-3.8.0; \
     \
     docker-php-ext-enable \

From 72455ccae1aa67e6f77f2dda0b83f8c0b888d033 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 7 Nov 2025 12:42:49 +0000
Subject: [PATCH 297/524] build(deps): bump codespell-project/actions-codespell

Bumps [codespell-project/actions-codespell](https://github.com/codespell-project/actions-codespell) from 2.1 to 2.2.
- [Release notes](https://github.com/codespell-project/actions-codespell/releases)
- [Commits](https://github.com/codespell-project/actions-codespell/compare/406322ec52dd7b488e48c1c4b82e2a8b3a1bf630...8f01853be192eb0f849a5c7d721450e7a467c579)

---
updated-dependencies:
- dependency-name: codespell-project/actions-codespell
  dependency-version: '2.2'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codespell.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 9104a88d..c4df7592 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -14,7 +14,7 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v5
       - name: Check spelling
-        uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2
+        uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2
         with:
           check_filenames: true
           check_hidden: true

From 858717f74082548087246be7234634e2b9a58678 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 7 Nov 2025 15:05:36 +0100
Subject: [PATCH 298/524] aio-interface: allow to skip domain validation via
 url-param

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 develop.md                                     | 4 ++--
 manual-upgrade.md                              | 2 +-
 php/public/index.php                           | 3 ++-
 php/src/Controller/ConfigurationController.php | 3 ++-
 php/src/Data/ConfigurationManager.php          | 9 +++++----
 php/templates/containers.twig                  | 3 +++
 readme.md                                      | 2 ++
 reverse-proxy.md                               | 4 ++--
 8 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/develop.md b/develop.md
index 6c5faf2d..457b3a76 100644
--- a/develop.md
+++ b/develop.md
@@ -67,6 +67,6 @@ docker buildx build --file Containers/nextcloud/Dockerfile --tag ghcr.io/nextclo
 # For all other containers
 docker buildx build --file Containers/{container}/Dockerfile --tag ghcr.io/nextcloud-releases/aio-{container}:develop --load Containers/{container}
 ```
-1. Stop the containers using the AIO admin interface.
-1. Reload the AIO admin interface with the param `bypass_container_update` to avoid overwriting your local changes, e.g. `https://localhost:8080/containers?bypass_container_update`.
+1. Stop the containers using the AIO interface.
+1. Reload the AIO interface with the param `bypass_container_update` to avoid overwriting your local changes, e.g. `https://localhost:8080/containers?bypass_container_update`.
 1. Click "Start and update containers" and test your changes. Containers will not be updated, despite the button text.
diff --git a/manual-upgrade.md b/manual-upgrade.md
index 84c742e5..fbc07d3e 100644
--- a/manual-upgrade.md
+++ b/manual-upgrade.md
@@ -108,7 +108,7 @@ However, if you are unsure check the ghcr.io (https://github.com/nextcloud-relea
 
 Once you see no more activities in the logs or a message like ```NOTICE: ready to handle connections```, we've done it!
 
-#### Now you can handle everything through the AIO admin interface and stop and restart the containers normally.
+#### Now you can handle everything through the AIO interface and stop and restart the containers normally.
 
 ---
 
diff --git a/php/public/index.php b/php/public/index.php
index d3fbbeb9..6406d1b0 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -87,6 +87,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
     $params = $request->getQueryParams();
     $bypass_mastercontainer_update = isset($params['bypass_mastercontainer_update']);
     $bypass_container_update = isset($params['bypass_container_update']);
+    $skip_domain_validation = isset($params['skip_domain_validation']);
 
     return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->GetDomain(),
@@ -116,7 +117,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'daily_backup_time' => $configurationManager->GetDailyBackupTime(),
         'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
         'timezone' => $configurationManager->GetTimezone(),
-        'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped(),
+        'skip_domain_validation' => ( $skip_domain_validation ? true : $configurationManager->shouldDomainValidationBeSkipped(false) ),
         'talk_port' => $configurationManager->GetTalkPort(),
         'collabora_dictionaries' => $configurationManager->GetCollaboraDictionaries(),
         'collabora_additional_options' => $configurationManager->GetAdditionalCollaboraOptions(),
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 5727c364..051f8d9e 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -19,7 +19,8 @@ readonly class ConfigurationController {
         try {
             if (isset($request->getParsedBody()['domain'])) {
                 $domain = $request->getParsedBody()['domain'] ?? '';
-                $this->configurationManager->SetDomain($domain);
+                $skipDomainValidation = isset($request->getParsedBody()['skip_domain_validation']);
+                $this->configurationManager->SetDomain($domain, $skipDomainValidation);
             }
 
             if (isset($request->getParsedBody()['current-master-password']) || isset($request->getParsedBody()['new-master-password'])) {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index b9163baa..a04158dc 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -288,7 +288,7 @@ class ConfigurationManager
     /**
      * @throws InvalidSettingConfigurationException
      */
-    public function SetDomain(string $domain) : void {
+    public function SetDomain(string $domain, bool $skipDomainValidation) : void {
         // Validate that at least one dot is contained
         if (!str_contains($domain, '.')) {
             throw new InvalidSettingConfigurationException("Domain must contain at least one dot!");
@@ -315,7 +315,7 @@ class ConfigurationManager
         }
 
         // Skip domain validation if opted in to do so
-        if (!$this->shouldDomainValidationBeSkipped()) {
+        if (!$this->shouldDomainValidationBeSkipped($skipDomainValidation)) {
 
             $dnsRecordIP = gethostbyname($domain);
             if ($dnsRecordIP === $domain) {
@@ -898,8 +898,9 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
-    public function shouldDomainValidationBeSkipped() : bool {
-        if (getenv('SKIP_DOMAIN_VALIDATION') === 'true') {
+    public function shouldDomainValidationBeSkipped(bool $skipDomainValidation) : bool {
+        if ($skipDomainValidation || getenv('SKIP_DOMAIN_VALIDATION') === 'true') {
+            error_log('Skipping domain validation');
             return true;
         }
         return false;
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 5d479538..90156bf8 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -112,6 +112,9 @@
                                 <input type="text" id="domain" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                {% if skip_domain_validation == true %}
+                                    <input type="hidden" name="skip_domain_validation" value="{{skip_domain_validation}}">
+                                {% endif %}
                                 <input type="submit" value="Submit domain" />
                             </form>
                             {% if skip_domain_validation == false %}
diff --git a/readme.md b/readme.md
index 6290c1e5..49ac1d1f 100644
--- a/readme.md
+++ b/readme.md
@@ -376,6 +376,8 @@ Apart from that there is now a community container that can be added to the AIO
 ### How to skip the domain validation?
 If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
 
+Alternatively, if the container is already running, reload the AIO interface with the param `skip_domain_validation` to skip the domain validation on the fly: e.g. `https://ip.address.of.the.server:8080/containers?skip_domain_validation`.
+
 ### How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?
 It is known that Linux distros that use [firewalld](https://firewalld.org) as their firewall daemon have problems with docker networks. In case the containers are not able to communicate with each other, you may change your firewalld to use the iptables backend by running:
 ```
diff --git a/reverse-proxy.md b/reverse-proxy.md
index b1eb353c..52c830e0 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1049,7 +1049,7 @@ ghcr.io/nextcloud-releases/all-in-one:latest
 - `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at.
 - `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container)
 - `--env APACHE_ADDITIONAL_NETWORK=""` This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. [See this documentation](#adapting-the-sample-web-server-configurations-below)
-- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#7-how-to-debug-things).
+- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#7-how-to-debug-things). Also see [this documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation).
 - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
 - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
 - `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used.
@@ -1162,7 +1162,7 @@ If something does not work, follow the steps below:
 1. Check if you have a public IPv4- and public IPv6-address. If you only have a public IPv6-address (e.g. due to DS-Lite), make sure to enable IPv6 in Docker and your whole networking infrastructure (e.g. also by adding an AAAA DNS-entry to your domain)!
 1. [Enable Hairpin NAT in your router](https://github.com/nextcloud/all-in-one/discussions/5849) or [set up a local DNS server and add a custom dns-record](https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally) that allows the server to reach itself locally
 1. Try to configure everything from scratch - if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance.
-1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!
+1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything! Also see [this documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation).
 
 ### 8. Removing the reverse proxy
 

From 5759d5d364eaf7b406fbb322ecdd756f37b3a49b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sat, 8 Nov 2025 08:48:29 +0100
Subject: [PATCH 299/524] simplify `skip_domain_validation` logic a bit

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/public/index.php b/php/public/index.php
index 6406d1b0..f2880ca7 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -117,7 +117,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'daily_backup_time' => $configurationManager->GetDailyBackupTime(),
         'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
         'timezone' => $configurationManager->GetTimezone(),
-        'skip_domain_validation' => ( $skip_domain_validation ? true : $configurationManager->shouldDomainValidationBeSkipped(false) ),
+        'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation),
         'talk_port' => $configurationManager->GetTalkPort(),
         'collabora_dictionaries' => $configurationManager->GetCollaboraDictionaries(),
         'collabora_additional_options' => $configurationManager->GetAdditionalCollaboraOptions(),

From c2ea69a91839a415ffbddcf2d3700646cb46f8f0 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sun, 9 Nov 2025 12:03:08 +0000
Subject: [PATCH 300/524] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 6eeb4661..7e477820 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.4-alpine3.22 AS go
 
-ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
+ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 8cd5dd929cfc7073f1cd4de00357f0a86e70fb24 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Nov 2025 13:22:55 +0000
Subject: [PATCH 301/524] build(deps): bump softprops/turnstyle in
 /.github/workflows

Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/9d692f15fa9f84928799bccac2dba6565e024bdf...2e4451ef94c5969eee533c487092052d4d1a53af)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-version: 3.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index e6527250..437e8ea1 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Turnstyle
-        uses: softprops/turnstyle@9d692f15fa9f84928799bccac2dba6565e024bdf # v2
+        uses: softprops/turnstyle@2e4451ef94c5969eee533c487092052d4d1a53af # v2
         with:
           continue-after-seconds: 180
         env:

From da5d4ee5afa41c28ee155bb322317a394d4d0e8d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 10 Nov 2025 14:39:53 +0100
Subject: [PATCH 302/524] fix watchtower update script

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/watchtower-update.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 329cd284..6420c446 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -22,7 +22,8 @@ jobs:
             | tail -1
         )"
         watchtower_commit_hash="$(git ls-remote https://github.com/nicholas-fedor/watchtower $watchtower_version | sed 's/refs.*//')"
-        sed -i "s|^ENV WATCHTOWER_COMMIT_HASH.*$|ENV WATCHTOWER_COMMIT_HASH=$watchtower_commit_hash # $watchtower_version|" ./Containers/watchtower/Dockerfile
+        sed -i "s|^ENV WATCHTOWER_COMMIT_HASH.*$|ENV WATCHTOWER_COMMIT_HASH=$watchtower_commit_hash|" ./Containers/watchtower/Dockerfile
+        sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_commit_hash|" ./Containers/watchtower/Dockerfile
         
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7

From 6ab60592ad6b3f318227ab0141dbf370f176c6c9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 10 Nov 2025 14:42:29 +0100
Subject: [PATCH 303/524] fix detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/watchtower-update.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 6420c446..044dbc10 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -23,7 +23,7 @@ jobs:
         )"
         watchtower_commit_hash="$(git ls-remote https://github.com/nicholas-fedor/watchtower $watchtower_version | sed 's/refs.*//')"
         sed -i "s|^ENV WATCHTOWER_COMMIT_HASH.*$|ENV WATCHTOWER_COMMIT_HASH=$watchtower_commit_hash|" ./Containers/watchtower/Dockerfile
-        sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_commit_hash|" ./Containers/watchtower/Dockerfile
+        sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_version|" ./Containers/watchtower/Dockerfile
         
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7

From 472cfdbcb8944d11ef9e7d875b731a3241f2e273 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 10 Nov 2025 13:42:56 +0000
Subject: [PATCH 304/524] watchtower-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/watchtower/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index fe3cca1e..7a06c73b 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.4-alpine3.22 AS go
 
-ENV WATCHTOWER_COMMIT_HASH=9130559da17f882f2db4dbc2a3ed0425f41f25e4	 # v1.12.1
+ENV WATCHTOWER_COMMIT_HASH=9130559da17f882f2db4dbc2a3ed0425f41f25e4	
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
         build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH;
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.1
 
 FROM alpine:3.22.2
 

From cc65481d51f0e28d06c9424febfe0fde5c937ac7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 10 Nov 2025 15:29:22 +0100
Subject: [PATCH 305/524] fix some paths and seccompprofile

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/DataConst.php             | 4 ++--
 php/src/Docker/DockerActionManager.php | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/php/src/Data/DataConst.php b/php/src/Data/DataConst.php
index 099079c6..9111a98a 100644
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@@ -60,10 +60,10 @@ class DataConst {
     }
 
     public static function GetCollaboraSeccompProfilePath() : string {
-        return (string)realpath(__DIR__ . '/../cool-seccomp-profile.json');
+        return (string)realpath(__DIR__ . '/../../cool-seccomp-profile.json');
     }
 
     public static function GetContainersDefinitionPath() : string {
-        return (string)realpath(__DIR__ . '/../containers.json');
+        return (string)realpath(__DIR__ . '/../../containers.json');
     }
 }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index ffa0ca2a..7d7fc0e9 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -406,7 +406,6 @@ readonly class DockerActionManager {
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
             // Load reference seccomp profile for collabora
             $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
-            $seccompProfile = addslashes($seccompProfile);
             $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile", "no-new-privileges=true", "apparmor=unconfined"];
 
             // Additional Collabora options

From 767e0d4b9f7555af46f523f06643aa1f28d1c00e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 10 Nov 2025 15:52:35 +0100
Subject: [PATCH 306/524] fix some remaining issues with collabora

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json                    | 2 +-
 php/src/Docker/DockerActionManager.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index df0e2d28..b291a625 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -380,7 +380,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 7d7fc0e9..fd179f10 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -406,7 +406,7 @@ readonly class DockerActionManager {
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
             // Load reference seccomp profile for collabora
             $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
-            $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile", "no-new-privileges=true", "apparmor=unconfined"];
+            $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile"];
 
             // Additional Collabora options
             if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') {

From 6cfa47e072047c593dd94e0b2bfdf3f95a98218e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Nov 2025 04:14:33 +0000
Subject: [PATCH 307/524] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.7-alpine to 3.2.8-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.8-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index ad128d54..f185848a 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.7-alpine
+FROM haproxy:3.2.8-alpine
 
 # hadolint ignore=DL3002
 USER root

From 03e3fd0b1607cca4b0bd39fce49c8da2ea6bc280 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 11 Nov 2025 09:18:24 +0100
Subject: [PATCH 308/524] increase API version to 1.44

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index fd179f10..cf7d0842 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -13,7 +13,7 @@ use GuzzleHttp\Exception\RequestException;
 use http\Env\Response;
 
 readonly class DockerActionManager {
-    private const string API_VERSION = 'v1.41';
+    private const string API_VERSION = 'v1.44';
     private Client $guzzleClient;
 
     public function __construct(

From 8627366a39c11bf10f31299cbe253c413b1d606e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 11 Nov 2025 09:35:47 +0100
Subject: [PATCH 309/524] clamav: hardcode `StreamMaxLength` to `2G`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile       | 5 +++--
 Containers/clamav/start.sh         | 2 --
 Containers/nextcloud/entrypoint.sh | 3 ++-
 php/containers.json                | 1 -
 4 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 94d39b67..567c09cc 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -10,8 +10,9 @@ RUN set -ex; \
     sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?MaxScanSize.*|MaxScanSize 2G|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \
-    sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize 0|g" /etc/clamav/clamd.conf; \
-    sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize 2G|g" /etc/clamav/clamd.conf; \
+# StreamMaxLength must be synced with av_stream_max_length inside the Nextcloud files_antivirus plugin
+    sed -i "s|#\?StreamMaxLength.*|StreamMaxLength 2G|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
     sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \
     sed -i "s|Example| |g" /etc/clamav/clamav-milter.conf; \
diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh
index bda4add5..609120c1 100644
--- a/Containers/clamav/start.sh
+++ b/Containers/clamav/start.sh
@@ -1,7 +1,5 @@
 #!/bin/bash
 
-sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf
-
 # Print out clamav version for compliance reasons
 clamscan --version
 
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 89d99d29..794b059d 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -880,7 +880,8 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
         php /var/www/html/occ config:app:set files_antivirus av_mode --value="daemon"
         php /var/www/html/occ config:app:set files_antivirus av_port --value="3310"
         php /var/www/html/occ config:app:set files_antivirus av_host --value="$CLAMAV_HOST"
-        php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="$CLAMAV_MAX_SIZE"
+        # av_stream_max_length must be synced with StreamMaxLength inside clamav
+        php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="2147483648"
         php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="-1"
         php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
         if [ -n "$CLAMAV_BLOCKLISTED_DIRECTORIES" ]; then
diff --git a/php/containers.json b/php/containers.json
index b291a625..481c5c92 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -231,7 +231,6 @@
         "TALK_PORT=%TALK_PORT%",
         "IMAGINARY_ENABLED=%IMAGINARY_ENABLED%",
         "IMAGINARY_HOST=nextcloud-aio-imaginary",
-        "CLAMAV_MAX_SIZE=%APACHE_MAX_SIZE%",
         "PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%",
         "PHP_MEMORY_LIMIT=%NEXTCLOUD_MEMORY_LIMIT%",
         "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",

From 673873da631413887b9ed2d84d607204c8d801e6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 11 Nov 2025 10:07:06 +0100
Subject: [PATCH 310/524] ConnectContainerIdToNetwork: remove `CheckDuplicate`
 as it is deprecated

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index fd179f10..512fdc2b 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -837,7 +837,6 @@ readonly class DockerActionManager {
                     [
                         'json' => [
                             'Name' => $network,
-                            'CheckDuplicate' => true,
                             'Driver' => 'bridge',
                             'Internal' => false,
                         ]

From e44a99ced2c6fc7e3fad0ee0b2ae2d91ddbeaac4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 11 Nov 2025 10:20:47 +0100
Subject: [PATCH 311/524] clamav: size can only use M or K but not G as unit

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 567c09cc..7204328b 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -8,11 +8,11 @@ RUN set -ex; \
     chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
     chown -R 100:100 /var/lib/clamav; \
     sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
-    sed -i "s|#\?MaxScanSize.*|MaxScanSize 2G|g" /etc/clamav/clamd.conf; \
-    sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \
-    sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize 2G|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?MaxScanSize.*|MaxScanSize 2000M|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?MaxFileSize.*|MaxFileSize 2000M|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize 2000M|g" /etc/clamav/clamd.conf; \
 # StreamMaxLength must be synced with av_stream_max_length inside the Nextcloud files_antivirus plugin
-    sed -i "s|#\?StreamMaxLength.*|StreamMaxLength 2G|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?StreamMaxLength.*|StreamMaxLength 2000M|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
     sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \
     sed -i "s|Example| |g" /etc/clamav/clamav-milter.conf; \

From 1d685926118a940f54059917067d66828aa91a4a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 11 Nov 2025 10:45:17 +0100
Subject: [PATCH 312/524] clamav: use default clamd.comf path

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/supervisord.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf
index e1216df5..1895ceb6 100644
--- a/Containers/clamav/supervisord.conf
+++ b/Containers/clamav/supervisord.conf
@@ -13,14 +13,14 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=freshclam --foreground --stdout --daemon --daemon-notify=/tmp/clamd.conf
+command=freshclam --foreground --stdout --daemon --daemon-notify=/etc/clamav/clamd.conf
 
 [program:clamd]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=clamd --foreground --config-file=/tmp/clamd.conf
+command=clamd --foreground --config-file=/etc/clamav/clamd.conf
 
 [program:milter]
 stdout_logfile=/dev/stdout

From 2d4d9d76d63e4ecca43a864c2ad6d872739ca20b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sun, 15 Jun 2025 14:11:23 +0200
Subject: [PATCH 313/524] aio-caddy: change to v3 and further adjustments

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/caddy.json  | 6 ++++--
 community-containers/caddy/readme.md   | 2 ++
 manual-install/update-yaml.sh          | 1 +
 php/containers.json                    | 1 +
 php/src/Data/ConfigurationManager.php  | 9 +++++++++
 php/src/Docker/DockerActionManager.php | 5 +++++
 6 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index 0e78175d..7245fe4d 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -5,7 +5,7 @@
             "display_name": "Caddy with geoblocking",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy",
             "image": "ghcr.io/szaimen/aio-caddy",
-            "image_tag": "v2",
+            "image_tag": "v3",
             "internal_port": "443",
             "restart": "unless-stopped",
             "ports": [
@@ -24,7 +24,9 @@
                 "TZ=%TIMEZONE%",
                 "NC_DOMAIN=%NC_DOMAIN%",
                 "APACHE_PORT=%APACHE_PORT%",
-                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%"
+                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%",
+                "turn_domain=turn.%NC_DOMAIN%",
+                "talk_port=443"
             ],
             "volumes": [
                 {
diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 56984d59..e26a680a 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -4,6 +4,8 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
+- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `turn.your-nc-domain.com`. So instead of opening port 3478, you need to configure the mentioned subdomain by using a cname record.
+- Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
 - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
 - If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 70d14b4e..af746aee 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -46,6 +46,7 @@ sed -i '/AIO_TOKEN/d' containers.yml
 sed -i '/AIO_URL/d' containers.yml
 sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml
 sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml
+sed -i '/TURN_DOMAIN/d' containers.yml
 
 TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
 mapfile -t TCP <<< "$TCP"
diff --git a/php/containers.json b/php/containers.json
index 481c5c92..86d0e508 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -229,6 +229,7 @@
         "UPDATE_NEXTCLOUD_APPS=%UPDATE_NEXTCLOUD_APPS%",
         "TZ=%TIMEZONE%",
         "TALK_PORT=%TALK_PORT%",
+        "TURN_DOMAIN=%TURN_DOMAIN%",
         "IMAGINARY_ENABLED=%IMAGINARY_ENABLED%",
         "IMAGINARY_HOST=nextcloud-aio-imaginary",
         "PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%",
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index a04158dc..00d5193b 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -569,6 +569,15 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function GetTurnDomain() : string {
+        $config = $this->GetConfig();
+        if(!isset($config['turn_domain'])) {
+            $config['turn_domain'] = '';
+        }
+
+        return $config['turn_domain'];
+    }
+
     /**
      * @throws InvalidSettingConfigurationException
      */
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 2692d87e..6694a39b 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -283,6 +283,10 @@ readonly class DockerActionManager {
                     }
                 } else if ($port === '%TALK_PORT%') {
                     $port = $this->configurationManager->GetTalkPort();
+                    // Skip publishing talk port if it is set to the same value like the apache port
+                    if ($port === $this->configurationManager->GetApachePort()) {
+                        continue;
+                    }
                 }
                 $ipBinding = $value->ipBinding;
                 if ($ipBinding === '%APACHE_IP_BINDING%') {
@@ -538,6 +542,7 @@ readonly class DockerActionManager {
             'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(),
             'APACHE_PORT' => $this->configurationManager->GetApachePort(),
             'TALK_PORT' => $this->configurationManager->GetTalkPort(),
+            'TURN_DOMAIN' => $this->configurationManager->GetTurnDomain(),
             'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(),
             'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->GetBorgRestorePassword(),
             'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled() ? 'yes' : '',

From d82e533a4becd6a6a9f3d5e8051a0be3b9db8a49 Mon Sep 17 00:00:00 2001
From: Hoang Pham <hoangmaths96@gmail.com>
Date: Tue, 11 Nov 2025 17:35:07 +0700
Subject: [PATCH 314/524] fix whiteboard recording chrome

Signed-off-by: Hoang Pham <hoangmaths96@gmail.com>
---
 Containers/whiteboard/Dockerfile | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 90aa72f2..c862c674 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -6,7 +6,16 @@ USER root
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash; \
-    chmod 777 -R /tmp
+    chmod 777 -R /tmp; \
+    if [ -f /usr/lib/chromium/chrome_crashpad_handler ]; then \
+        rm -f /usr/lib/chromium/chrome_crashpad_handler.real; \
+        mv /usr/lib/chromium/chrome_crashpad_handler /usr/lib/chromium/chrome_crashpad_handler.real; \
+        cat <<'EOF' >/usr/lib/chromium/chrome_crashpad_handler; \
+#!/bin/sh
+exec /usr/lib/chromium/chrome_crashpad_handler.real --no-periodic-tasks --database="${CRASHPAD_DATABASE:-/tmp/chrome-crashpad}" "$@"
+EOF
+        chmod +x /usr/lib/chromium/chrome_crashpad_handler; \
+    fi
 USER 65534
 
 COPY --chmod=775 start.sh /start.sh

From ce74283f299b7761aa80cddb68ade939f6bbb963 Mon Sep 17 00:00:00 2001
From: Hoang Pham <hoangmaths96@gmail.com>
Date: Tue, 11 Nov 2025 18:28:50 +0700
Subject: [PATCH 315/524] fix whiteboard recording chrome

Signed-off-by: Hoang Pham <hoangmaths96@gmail.com>
---
 Containers/whiteboard/Dockerfile | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index c862c674..3e4af410 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -10,10 +10,7 @@ RUN set -ex; \
     if [ -f /usr/lib/chromium/chrome_crashpad_handler ]; then \
         rm -f /usr/lib/chromium/chrome_crashpad_handler.real; \
         mv /usr/lib/chromium/chrome_crashpad_handler /usr/lib/chromium/chrome_crashpad_handler.real; \
-        cat <<'EOF' >/usr/lib/chromium/chrome_crashpad_handler; \
-#!/bin/sh
-exec /usr/lib/chromium/chrome_crashpad_handler.real --no-periodic-tasks --database="${CRASHPAD_DATABASE:-/tmp/chrome-crashpad}" "$@"
-EOF
+        printf '%s\n' '#!/bin/sh' "exec /usr/lib/chromium/chrome_crashpad_handler.real --no-periodic-tasks --database=\"\${CRASHPAD_DATABASE:-/tmp/chrome-crashpad}\" \"\$@\"" >/usr/lib/chromium/chrome_crashpad_handler; \
         chmod +x /usr/lib/chromium/chrome_crashpad_handler; \
     fi
 USER 65534

From e152bc3e45791c6c1cdd1b68ca4c484483d0c999 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Nov 2025 04:14:11 +0000
Subject: [PATCH 316/524] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.6 to 8.19.7.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index a50aee53..8c46ed97 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.6
+FROM elasticsearch:8.19.7
 
 USER root
 

From 738022a9360a269f29376dec7da4df146729ec2e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 12 Nov 2025 11:13:06 +0100
Subject: [PATCH 317/524] create `dispatch-workflow-repo` action

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/dispatch-workflow-repo.yml | 82 ++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 .github/workflows/dispatch-workflow-repo.yml

diff --git a/.github/workflows/dispatch-workflow-repo.yml b/.github/workflows/dispatch-workflow-repo.yml
new file mode 100644
index 00000000..68eff9d1
--- /dev/null
+++ b/.github/workflows/dispatch-workflow-repo.yml
@@ -0,0 +1,82 @@
+# This workflow needs to be run on demand
+# It will update all workflow templates in a specific repository
+# This workflow is provided via the organization template repository
+#
+# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+
+name: Update workflows for specific repository
+
+on:
+  workflow_dispatch:
+    inputs:
+      repository:
+        description: 'The repository name (without owner prefix, e.g. "server")'
+        required: true
+        type: string
+        default: 'all-in-one'
+      branch:
+        description: 'The branch name to create the PR from (e.g. "main" or "stable32")'
+        required: true
+        type: string
+        default: 'main'
+
+permissions:
+  contents: read
+
+jobs:
+  dispatch:
+    runs-on: ubuntu-latest
+
+    name: Update all workflows in ${{ github.event.inputs.repository }}
+
+    steps:
+      - name: Check actor permission
+        uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0
+        with:
+          require: admin
+
+      - name: Checkout target repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+          path: target
+          repository: ${{ github.repository_owner }}/${{ github.event.inputs.repository }}
+          ref: ${{ github.event.inputs.branch }}
+
+      - name: Checkout source repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+          path: source
+
+      - name: Copy all workflow templates
+        run: |
+          for workflow in ./source/workflow-templates/*.yml; do
+            if [ -f "$workflow" ]; then
+              filename=$(basename "$workflow")
+              target_file="./target/.github/workflows/$filename"
+              
+              # Only copy if the file exists in the target repository
+              if [ -f "$target_file" ]; then
+                echo "Updating existing workflow: $filename"
+                cp "$workflow" "$target_file"
+              else
+                echo "Skipping $filename (does not exist in target repository)"
+              fi
+            fi
+          done
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        with:
+          body: 'Automated update of all workflow templates from https://github.com/${{ github.repository }}'
+          branch: 'feat/workflow-auto-update-all'
+          commit-message: 'ci: update all workflow templates from organization template repository'
+          committer: Nextcloud bot <bot@nextcloud.com>
+          author: Nextcloud bot <bot@nextcloud.com>
+          path: target
+          signoff: true
+          title: 'ci: update all workflow templates from organization template repository'
+          labels: dependencies
+          token: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }}

From 2628d43ecdad03de0b8592e23b9a3d49929d936c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 12 Nov 2025 11:14:07 +0100
Subject: [PATCH 318/524] Revert "create `dispatch-workflow-repo` action"

This reverts commit 738022a9360a269f29376dec7da4df146729ec2e.
---
 .github/workflows/dispatch-workflow-repo.yml | 82 --------------------
 1 file changed, 82 deletions(-)
 delete mode 100644 .github/workflows/dispatch-workflow-repo.yml

diff --git a/.github/workflows/dispatch-workflow-repo.yml b/.github/workflows/dispatch-workflow-repo.yml
deleted file mode 100644
index 68eff9d1..00000000
--- a/.github/workflows/dispatch-workflow-repo.yml
+++ /dev/null
@@ -1,82 +0,0 @@
-# This workflow needs to be run on demand
-# It will update all workflow templates in a specific repository
-# This workflow is provided via the organization template repository
-#
-# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-
-name: Update workflows for specific repository
-
-on:
-  workflow_dispatch:
-    inputs:
-      repository:
-        description: 'The repository name (without owner prefix, e.g. "server")'
-        required: true
-        type: string
-        default: 'all-in-one'
-      branch:
-        description: 'The branch name to create the PR from (e.g. "main" or "stable32")'
-        required: true
-        type: string
-        default: 'main'
-
-permissions:
-  contents: read
-
-jobs:
-  dispatch:
-    runs-on: ubuntu-latest
-
-    name: Update all workflows in ${{ github.event.inputs.repository }}
-
-    steps:
-      - name: Check actor permission
-        uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0
-        with:
-          require: admin
-
-      - name: Checkout target repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-          path: target
-          repository: ${{ github.repository_owner }}/${{ github.event.inputs.repository }}
-          ref: ${{ github.event.inputs.branch }}
-
-      - name: Checkout source repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-          path: source
-
-      - name: Copy all workflow templates
-        run: |
-          for workflow in ./source/workflow-templates/*.yml; do
-            if [ -f "$workflow" ]; then
-              filename=$(basename "$workflow")
-              target_file="./target/.github/workflows/$filename"
-              
-              # Only copy if the file exists in the target repository
-              if [ -f "$target_file" ]; then
-                echo "Updating existing workflow: $filename"
-                cp "$workflow" "$target_file"
-              else
-                echo "Skipping $filename (does not exist in target repository)"
-              fi
-            fi
-          done
-
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
-        with:
-          body: 'Automated update of all workflow templates from https://github.com/${{ github.repository }}'
-          branch: 'feat/workflow-auto-update-all'
-          commit-message: 'ci: update all workflow templates from organization template repository'
-          committer: Nextcloud bot <bot@nextcloud.com>
-          author: Nextcloud bot <bot@nextcloud.com>
-          path: target
-          signoff: true
-          title: 'ci: update all workflow templates from organization template repository'
-          labels: dependencies
-          token: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }}

From 1811ba1d38c6a7afdaa240550031ba32f8d9f585 Mon Sep 17 00:00:00 2001
From: Nextcloud bot <bot@nextcloud.com>
Date: Wed, 12 Nov 2025 10:35:37 +0000
Subject: [PATCH 319/524] ci: update all workflow templates from organization
 template repository

Signed-off-by: Nextcloud bot <bot@nextcloud.com>
---
 .github/workflows/lint-php.yml | 39 +++++++++++++++--------
 .github/workflows/psalm.yml    | 56 ++++++++++++++++++++++------------
 2 files changed, 62 insertions(+), 33 deletions(-)

diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 81ada6da..ae487584 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -2,18 +2,13 @@
 #
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+#
+# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
 
 name: Lint php
 
-on:
-  pull_request:
-    paths:
-      - 'php/**'
-  push:
-    branches:
-      - main
-    paths:
-      - 'php/**'
+on: pull_request
 
 permissions:
   contents: read
@@ -23,29 +18,47 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  matrix:
+    runs-on: ubuntu-latest-low
+    outputs:
+      php-versions: ${{ steps.versions.outputs.php-versions }}
+    steps:
+      - name: Checkout app
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+
+      - name: Get version matrix
+        id: versions
+        uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.0.0
+
   php-lint:
     runs-on: ubuntu-latest
+    needs: matrix
     strategy:
       matrix:
-        php-versions: [ "8.4" ]
+        php-versions: ${{fromJson(needs.matrix.outputs.php-versions)}}
 
     name: php-lint
 
     steps:
       - name: Checkout
-        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
+          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
           coverage: none
           ini-file: development
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Lint
-        run: cd php && composer run lint
+        run: composer run lint
 
   summary:
     permissions:
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 3fcdae12..3059026e 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -2,23 +2,21 @@
 #
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+#
+# SPDX-FileCopyrightText: 2022-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
 
 name: Static analysis
 
-on:
-  pull_request:
-    paths:
-      - 'php/**'
-  push:
-    branches:
-      - main
-    paths:
-      - 'php/**'
+on: pull_request
 
 concurrency:
   group: psalm-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   static-analysis:
     runs-on: ubuntu-latest
@@ -26,21 +24,39 @@ jobs:
     name: static-psalm-analysis
     steps:
       - name: Checkout
-        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1
-
-      - name: Set up php
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
-          php-version: 8.4
-          extensions: apcu
+          persist-credentials: false
+
+      - name: Get php version
+        id: versions
+        uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1
+
+      - name: Check enforcement of minimum PHP version ${{ steps.versions.outputs.php-min }} in psalm.xml
+        run: grep 'phpVersion="${{ steps.versions.outputs.php-min }}' psalm.xml
+
+      - name: Set up php${{ steps.versions.outputs.php-available }}
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
+        with:
+          php-version: ${{ steps.versions.outputs.php-available }}
+          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
           coverage: none
           ini-file: development
+          # Temporary workaround for missing pcntl_* in PHP 8.3
+          ini-values: disable_functions=
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Install dependencies and run psalm
+      - name: Install dependencies
         run: |
-          set -x
-          cd php
-          composer install
-          composer run psalm
+          composer remove nextcloud/ocp --dev --no-scripts
+          composer i
+
+      - name: Check for vulnerable PHP dependencies
+        run: composer require --dev roave/security-advisories:dev-latest
+
+      - name: Install nextcloud/ocp
+        run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies
+
+      - name: Run coding standards check
+        run: composer run psalm -- --threads=1 --monochrome --no-progress --output-format=github

From fcba94e4d1e9a824e4412f65eb26ba5b1c7934c9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 12 Nov 2025 11:49:46 +0100
Subject: [PATCH 320/524] restore some details

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/lint-php.yml | 30 ++++++++++---------------
 .github/workflows/psalm.yml    | 40 +++++++++++++++-------------------
 2 files changed, 28 insertions(+), 42 deletions(-)

diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index ae487584..9c5e8925 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -8,7 +8,15 @@
 
 name: Lint php
 
-on: pull_request
+on:
+  pull_request:
+    paths:
+      - 'php/**'
+  push:
+    branches:
+      - main
+    paths:
+      - 'php/**'
 
 permissions:
   contents: read
@@ -18,26 +26,11 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  matrix:
-    runs-on: ubuntu-latest-low
-    outputs:
-      php-versions: ${{ steps.versions.outputs.php-versions }}
-    steps:
-      - name: Checkout app
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-
-      - name: Get version matrix
-        id: versions
-        uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.0.0
-
   php-lint:
     runs-on: ubuntu-latest
-    needs: matrix
     strategy:
       matrix:
-        php-versions: ${{fromJson(needs.matrix.outputs.php-versions)}}
+        php-versions: [ "8.4" ]
 
     name: php-lint
 
@@ -51,14 +44,13 @@ jobs:
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
           coverage: none
           ini-file: development
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Lint
-        run: composer run lint
+        run: cd php && composer run lint
 
   summary:
     permissions:
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 3059026e..6ba0256a 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -8,7 +8,15 @@
 
 name: Static analysis
 
-on: pull_request
+on:
+  pull_request:
+    paths:
+      - 'php/**'
+  push:
+    branches:
+      - main
+    paths:
+      - 'php/**'
 
 concurrency:
   group: psalm-${{ github.head_ref || github.run_id }}
@@ -28,18 +36,11 @@ jobs:
         with:
           persist-credentials: false
 
-      - name: Get php version
-        id: versions
-        uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1
-
-      - name: Check enforcement of minimum PHP version ${{ steps.versions.outputs.php-min }} in psalm.xml
-        run: grep 'phpVersion="${{ steps.versions.outputs.php-min }}' psalm.xml
-
-      - name: Set up php${{ steps.versions.outputs.php-available }}
+      - name: Set up php
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
         with:
-          php-version: ${{ steps.versions.outputs.php-available }}
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
+          php-version: 8.4
+          extensions: apcu
           coverage: none
           ini-file: development
           # Temporary workaround for missing pcntl_* in PHP 8.3
@@ -47,16 +48,9 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Install dependencies
+      - name: Install dependencies and run psalm
         run: |
-          composer remove nextcloud/ocp --dev --no-scripts
-          composer i
-
-      - name: Check for vulnerable PHP dependencies
-        run: composer require --dev roave/security-advisories:dev-latest
-
-      - name: Install nextcloud/ocp
-        run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies
-
-      - name: Run coding standards check
-        run: composer run psalm -- --threads=1 --monochrome --no-progress --output-format=github
+          set -x
+          cd php
+          composer install
+          composer run psalm

From a5fd4b2142ac56eaaa6f9fdecb1c22c56dfa3217 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 12 Nov 2025 12:09:02 +0000
Subject: [PATCH 321/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 7f5742df..2808f48f 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3755,16 +3755,16 @@
         },
         {
             "name": "spatie/array-to-xml",
-            "version": "3.4.0",
+            "version": "3.4.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/spatie/array-to-xml.git",
-                "reference": "7dcfc67d60b0272926dabad1ec01f6b8a5fb5e67"
+                "reference": "6a740f39415aee8886aea10333403adc77d50791"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/7dcfc67d60b0272926dabad1ec01f6b8a5fb5e67",
-                "reference": "7dcfc67d60b0272926dabad1ec01f6b8a5fb5e67",
+                "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/6a740f39415aee8886aea10333403adc77d50791",
+                "reference": "6a740f39415aee8886aea10333403adc77d50791",
                 "shasum": ""
             },
             "require": {
@@ -3807,7 +3807,7 @@
                 "xml"
             ],
             "support": {
-                "source": "https://github.com/spatie/array-to-xml/tree/3.4.0"
+                "source": "https://github.com/spatie/array-to-xml/tree/3.4.1"
             },
             "funding": [
                 {
@@ -3819,7 +3819,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-12-16T12:45:15+00:00"
+            "time": "2025-11-12T10:32:50+00:00"
         },
         {
             "name": "sserbin/twig-linter",

From 5b2cd9d549224d8ac4c41f309dabe369ad0ab897 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 12 Nov 2025 12:11:53 +0000
Subject: [PATCH 322/524] watchtower-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/watchtower/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 7a06c73b..1082518e 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.4-alpine3.22 AS go
 
-ENV WATCHTOWER_COMMIT_HASH=9130559da17f882f2db4dbc2a3ed0425f41f25e4	
+ENV WATCHTOWER_COMMIT_HASH=87b5518858f6a96e8edf784bdc855d29951643e6	
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
         build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.1
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.2
 
 FROM alpine:3.22.2
 

From 5a081faee1143342e052b3d3c55e9a7e14e5c158 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 12 Nov 2025 14:44:05 +0100
Subject: [PATCH 323/524] clamav: create `/tmp` directory

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 7204328b..eab313fd 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -4,8 +4,8 @@ FROM alpine:3.22.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache tzdata clamav clamav-milter supervisor bash; \
-    mkdir -p /var/lib/clamav /run/clamav /var/log/supervisord /var/run/supervisord; \
-    chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
+    mkdir -p /tmp /var/lib/clamav /run/clamav /var/log/supervisord /var/run/supervisord; \
+    chmod 777 -R /tmp /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
     chown -R 100:100 /var/lib/clamav; \
     sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?MaxScanSize.*|MaxScanSize 2000M|g" /etc/clamav/clamd.conf; \

From e38a0d0a03ebee93933afc541b2346d670d6f71f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 13 Nov 2025 10:31:29 +0100
Subject: [PATCH 324/524] domain-validation: move skipping domain validation
 log to a different place

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 00d5193b..3f326e3e 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -315,8 +315,9 @@ class ConfigurationManager
         }
 
         // Skip domain validation if opted in to do so
-        if (!$this->shouldDomainValidationBeSkipped($skipDomainValidation)) {
-
+        if ($this->shouldDomainValidationBeSkipped($skipDomainValidation)) {
+            error_log('Skipping domain validation');
+        } else {
             $dnsRecordIP = gethostbyname($domain);
             if ($dnsRecordIP === $domain) {
                 $dnsRecordIP = '';
@@ -909,7 +910,6 @@ class ConfigurationManager
 
     public function shouldDomainValidationBeSkipped(bool $skipDomainValidation) : bool {
         if ($skipDomainValidation || getenv('SKIP_DOMAIN_VALIDATION') === 'true') {
-            error_log('Skipping domain validation');
             return true;
         }
         return false;

From 03205692605446452c84cec8998b803aff369c0b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 13 Nov 2025 11:08:29 +0100
Subject: [PATCH 325/524] change whiteboard to be disable by default

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 3f326e3e..579c0f3b 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -164,10 +164,10 @@ class ConfigurationManager
 
     public function isWhiteboardEnabled() : bool {
         $config = $this->GetConfig();
-        if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 0) {
-            return false;
-        } else {
+        if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 1) {
             return true;
+        } else {
+            return false;
         }
     }
 

From c3ab1cc4ba502458b5b7777262b2cec3011d8a00 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 13 Nov 2025 11:42:57 +0100
Subject: [PATCH 326/524] nextcloud-entrypoint: fix variable types of
 fulltextsearch:configure

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 794b059d..13418a3c 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -948,7 +948,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
         fi
         php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
         php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}"
-        php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
+        php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":true,\"files_office\":true}"
 
         # Do the index
         if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then

From 622270687266ee311eb1898e0a7df0118722f516 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 13 Nov 2025 12:11:46 +0000
Subject: [PATCH 327/524] watchtower-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/watchtower/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 1082518e..602d2106 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.4-alpine3.22 AS go
 
-ENV WATCHTOWER_COMMIT_HASH=87b5518858f6a96e8edf784bdc855d29951643e6	
+ENV WATCHTOWER_COMMIT_HASH=6c5a1b0bea65cea1d4cc1de5196789a01617957a	
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
         build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.2
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.3
 
 FROM alpine:3.22.2
 

From 9a684e8b3b1754e4ba011ecb23e442cd49d785dd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 13 Nov 2025 15:17:03 +0100
Subject: [PATCH 328/524] fix a bug with aio-caddy now proxying all traffic to
 aio-talk

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/caddy.json  | 8 ++++----
 community-containers/caddy/readme.md   | 2 +-
 php/src/Docker/DockerActionManager.php | 5 +++--
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index 7245fe4d..e4669e09 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -24,9 +24,7 @@
                 "TZ=%TIMEZONE%",
                 "NC_DOMAIN=%NC_DOMAIN%",
                 "APACHE_PORT=%APACHE_PORT%",
-                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%",
-                "turn_domain=turn.%NC_DOMAIN%",
-                "talk_port=443"
+                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%"
             ],
             "volumes": [
                 {
@@ -45,7 +43,9 @@
             ],
             "aio_variables": [
                 "apache_ip_binding=@INTERNAL",
-                "apache_port=11000"
+                "apache_port=11000",
+                "turn_domain=turn.%NC_DOMAIN%",
+                "talk_port=443"
             ],
             "nextcloud_exec_commands": [
                 "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-caddy'",
diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index e26a680a..ba13015e 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -4,7 +4,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
-- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `turn.your-nc-domain.com`. So instead of opening port 3478, you need to configure the mentioned subdomain by using a cname record.
+- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `turn.your-nc-domain.com`. So instead of opening port 3478, you need to configure the mentioned subdomain by using a cname record. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active.
 - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
 - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 6694a39b..7197c56b 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -225,6 +225,7 @@ readonly class DockerActionManager {
         $aioVariables = $container->GetAioVariables()->GetVariables();
         foreach ($aioVariables as $variable) {
             $config = $this->configurationManager->GetConfig();
+            $variable = $this->replaceEnvPlaceholders($variable);
             $variableArray = explode('=', $variable);
             $config[$variableArray[0]] = $variableArray[1];
             $this->configurationManager->WriteConfig($config);
@@ -283,8 +284,8 @@ readonly class DockerActionManager {
                     }
                 } else if ($port === '%TALK_PORT%') {
                     $port = $this->configurationManager->GetTalkPort();
-                    // Skip publishing talk port if it is set to the same value like the apache port
-                    if ($port === $this->configurationManager->GetApachePort()) {
+                    // Skip publishing talk port if it is set to 443
+                    if ($port === '443') {
                         continue;
                     }
                 }

From 74cdd0e69be18b7cc2cd045a0c423d58329614a4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 14 Nov 2025 04:13:42 +0000
Subject: [PATCH 329/524] build(deps): bump postgres in /Containers/postgresql

Bumps postgres from 17.6-alpine to 17.7-alpine.

---
updated-dependencies:
- dependency-name: postgres
  dependency-version: 17.7-alpine
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 2533a5d1..4da6a372 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/17/alpine3.22/Dockerfile
-FROM postgres:17.6-alpine
+FROM postgres:17.7-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 058b30acea1e38e4f13e6224971d9190649a1b85 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 14 Nov 2025 04:13:45 +0000
Subject: [PATCH 330/524] build(deps): bump nats in /Containers/talk

Bumps nats from 2.12.1-scratch to 2.12.2-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.12.2-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 888d3a38..a74fa1ae 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.12.1-scratch AS nats
+FROM nats:2.12.2-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.2 AS janus

From 8e1d15a9833bf6196bf0fc16c00b72094c370923 Mon Sep 17 00:00:00 2001
From: Hoang Pham <hoangmaths96@gmail.com>
Date: Fri, 14 Nov 2025 18:00:43 +0700
Subject: [PATCH 331/524] fix whiteboard recording chrome #3

Signed-off-by: Hoang Pham <hoangmaths96@gmail.com>
---
 Containers/whiteboard/Dockerfile | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 3e4af410..cff8ab6e 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -4,11 +4,8 @@ FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.1
 
 USER root
 RUN set -ex; \
-    apk upgrade --no-cache -a; \
     apk add --no-cache bash; \
-    chmod 777 -R /tmp; \
-    if [ -f /usr/lib/chromium/chrome_crashpad_handler ]; then \
-        rm -f /usr/lib/chromium/chrome_crashpad_handler.real; \
+    if [ -f /usr/lib/chromium/chrome_crashpad_handler ] && [ ! -f /usr/lib/chromium/chrome_crashpad_handler.real ]; then \
         mv /usr/lib/chromium/chrome_crashpad_handler /usr/lib/chromium/chrome_crashpad_handler.real; \
         printf '%s\n' '#!/bin/sh' "exec /usr/lib/chromium/chrome_crashpad_handler.real --no-periodic-tasks --database=\"\${CRASHPAD_DATABASE:-/tmp/chrome-crashpad}\" \"\$@\"" >/usr/lib/chromium/chrome_crashpad_handler; \
         chmod +x /usr/lib/chromium/chrome_crashpad_handler; \
@@ -20,7 +17,7 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK CMD /healthcheck.sh
 
-WORKDIR /tmp
+WORKDIR /app
 
 ENTRYPOINT ["/start.sh"]
 

From 7e03d8412cfa3f4cd7f990b18197969c28554c04 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 15 Nov 2025 12:04:23 +0000
Subject: [PATCH 332/524] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 83b7859b..cc58aa43 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -4,7 +4,7 @@ FROM python:3.14.0-alpine3.22
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
-ENV RECORDING_VERSION=v0.2.0
+ENV RECORDING_VERSION=v0.2.1
 ENV ALLOW_ALL=false
 ENV HPB_PROTOCOL=https
 ENV NC_PROTOCOL=https

From 2777c3fed56794d06f4e094adc50ffcaf20c3ac9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Nov 2025 04:14:50 +0000
Subject: [PATCH 333/524] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.7.1.1 to 25.04.7.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.7.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 10f068ea..d9b3018a 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.7.1.1
+FROM collabora/code:25.04.7.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From c0dfba5272d48057771626e7f585103744209343 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 18 Nov 2025 12:13:50 +0100
Subject: [PATCH 334/524] nextcloud-entrypoint: don't wait forever for
 onlyoffice to become available

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 51 ++++++++++++++++--------------
 1 file changed, 28 insertions(+), 23 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 13418a3c..09d7d15c 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -769,33 +769,38 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
         ONLYOFFICE_PORT=443
     fi
 
-    # Wait for OnlyOffice to become available
-    while ! nc -z "$ONLYOFFICE_HOST" "$ONLYOFFICE_PORT"; do
+    count=0
+    while ! nc -z "$ONLYOFFICE_HOST" "$ONLYOFFICE_PORT" && [ "$count" -lt 90 ]; do
         echo "Waiting for OnlyOffice to become available..."
+        count=$((count+5))
         sleep 5
     done
+    if [ "$count" -ge 90 ]; then
+        bash /notify.sh "Onlyoffice did not start in time!" "Skipping initialization and disabling onlyoffice app."
+        php /var/www/html/occ app:disable onlyoffice
+    else
+        # Install or enable OnlyOffice app as needed
+        if ! [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
+            php /var/www/html/occ app:install onlyoffice
+        elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" != "yes" ]; then
+            php /var/www/html/occ app:enable onlyoffice
+        elif [ "$SKIP_UPDATE" != 1 ]; then
+            php /var/www/html/occ app:update onlyoffice
+        fi
 
-    # Install or enable OnlyOffice app as needed
-    if ! [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
-        php /var/www/html/occ app:install onlyoffice
-    elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" != "yes" ]; then
-        php /var/www/html/occ app:enable onlyoffice
-    elif [ "$SKIP_UPDATE" != 1 ]; then
-        php /var/www/html/occ app:update onlyoffice
+        # Set OnlyOffice configuration
+        php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
+        php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
+        php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
+
+        # Adjust the OnlyOffice host if using internal pattern
+        if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then
+            ONLYOFFICE_HOST="$NC_DOMAIN/onlyoffice"
+            export ONLYOFFICE_HOST
+        fi
+
+        php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$ONLYOFFICE_HOST"
     fi
-
-    # Set OnlyOffice configuration
-    php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
-    php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
-    php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
-
-    # Adjust the OnlyOffice host if using internal pattern
-    if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then
-        ONLYOFFICE_HOST="$NC_DOMAIN/onlyoffice"
-        export ONLYOFFICE_HOST
-    fi
-
-    php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$ONLYOFFICE_HOST"
 else
     # Remove OnlyOffice app if disabled and removal is requested
     if [ "$REMOVE_DISABLED_APPS" = yes ] && \
@@ -867,7 +872,7 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
         sleep 5
     done
     if [ "$count" -ge 90 ]; then
-        echo "ClamAV did not start in time. Skipping initialization and disabling files_antivirus app."
+        bash /notify.sh "ClamAV did not start in time!" "Skipping initialization and disabling files_antivirus app."
         php /var/www/html/occ app:disable files_antivirus
     else
         if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then

From 19ab7f39312163d734ca7edac80fea81a8934066 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Nov 2025 04:14:28 +0000
Subject: [PATCH 335/524] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.5.2-cli to 29.0.2-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 29.0.2-cli
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 24b7cee0..179c0a76 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.5.2-cli AS docker
+FROM docker:29.0.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From d889e9660332e4cba1b3ce5382035144cabf86f0 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 19 Nov 2025 12:03:32 +0000
Subject: [PATCH 336/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 66 ++++++++++++++++++++++++++---------------------
 1 file changed, 37 insertions(+), 29 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 2808f48f..fd7a5de3 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3111,33 +3111,38 @@
         },
         {
             "name": "league/uri",
-            "version": "7.5.1",
+            "version": "7.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/uri.git",
-                "reference": "81fb5145d2644324614cc532b28efd0215bda430"
+                "reference": "f625804987a0a9112d954f9209d91fec52182344"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/uri/zipball/81fb5145d2644324614cc532b28efd0215bda430",
-                "reference": "81fb5145d2644324614cc532b28efd0215bda430",
+                "url": "https://api.github.com/repos/thephpleague/uri/zipball/f625804987a0a9112d954f9209d91fec52182344",
+                "reference": "f625804987a0a9112d954f9209d91fec52182344",
                 "shasum": ""
             },
             "require": {
-                "league/uri-interfaces": "^7.5",
-                "php": "^8.1"
+                "league/uri-interfaces": "^7.6",
+                "php": "^8.1",
+                "psr/http-factory": "^1"
             },
             "conflict": {
                 "league/uri-schemes": "^1.0"
             },
             "suggest": {
                 "ext-bcmath": "to improve IPV4 host parsing",
+                "ext-dom": "to convert the URI into an HTML anchor tag",
                 "ext-fileinfo": "to create Data URI from file contennts",
                 "ext-gmp": "to improve IPV4 host parsing",
                 "ext-intl": "to handle IDN host with the best performance",
+                "ext-uri": "to use the PHP native URI class",
                 "jeremykendall/php-domain-parser": "to resolve Public Suffix and Top Level Domain",
                 "league/uri-components": "Needed to easily manipulate URI objects components",
+                "league/uri-polyfill": "Needed to backport the PHP URI extension for older versions of PHP",
                 "php-64bit": "to improve IPV4 host parsing",
+                "rowbot/url": "to handle WHATWG URL",
                 "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present"
             },
             "type": "library",
@@ -3165,6 +3170,7 @@
             "description": "URI manipulation library",
             "homepage": "https://uri.thephpleague.com",
             "keywords": [
+                "URN",
                 "data-uri",
                 "file-uri",
                 "ftp",
@@ -3177,9 +3183,11 @@
                 "psr-7",
                 "query-string",
                 "querystring",
+                "rfc2141",
                 "rfc3986",
                 "rfc3987",
                 "rfc6570",
+                "rfc8141",
                 "uri",
                 "uri-template",
                 "url",
@@ -3189,7 +3197,7 @@
                 "docs": "https://uri.thephpleague.com",
                 "forum": "https://thephpleague.slack.com",
                 "issues": "https://github.com/thephpleague/uri-src/issues",
-                "source": "https://github.com/thephpleague/uri/tree/7.5.1"
+                "source": "https://github.com/thephpleague/uri/tree/7.6.0"
             },
             "funding": [
                 {
@@ -3197,26 +3205,25 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-12-08T08:40:02+00:00"
+            "time": "2025-11-18T12:17:23+00:00"
         },
         {
             "name": "league/uri-interfaces",
-            "version": "7.5.0",
+            "version": "7.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/uri-interfaces.git",
-                "reference": "08cfc6c4f3d811584fb09c37e2849e6a7f9b0742"
+                "reference": "ccbfb51c0445298e7e0b7f4481b942f589665368"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/08cfc6c4f3d811584fb09c37e2849e6a7f9b0742",
-                "reference": "08cfc6c4f3d811584fb09c37e2849e6a7f9b0742",
+                "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/ccbfb51c0445298e7e0b7f4481b942f589665368",
+                "reference": "ccbfb51c0445298e7e0b7f4481b942f589665368",
                 "shasum": ""
             },
             "require": {
                 "ext-filter": "*",
                 "php": "^8.1",
-                "psr/http-factory": "^1",
                 "psr/http-message": "^1.1 || ^2.0"
             },
             "suggest": {
@@ -3224,6 +3231,7 @@
                 "ext-gmp": "to improve IPV4 host parsing",
                 "ext-intl": "to handle IDN host with the best performance",
                 "php-64bit": "to improve IPV4 host parsing",
+                "rowbot/url": "to handle WHATWG URL",
                 "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present"
             },
             "type": "library",
@@ -3248,7 +3256,7 @@
                     "homepage": "https://nyamsprod.com"
                 }
             ],
-            "description": "Common interfaces and classes for URI representation and interaction",
+            "description": "Common tools for parsing and resolving RFC3987/RFC3986 URI",
             "homepage": "https://uri.thephpleague.com",
             "keywords": [
                 "data-uri",
@@ -3273,7 +3281,7 @@
                 "docs": "https://uri.thephpleague.com",
                 "forum": "https://thephpleague.slack.com",
                 "issues": "https://github.com/thephpleague/uri-src/issues",
-                "source": "https://github.com/thephpleague/uri-interfaces/tree/7.5.0"
+                "source": "https://github.com/thephpleague/uri-interfaces/tree/7.6.0"
             },
             "funding": [
                 {
@@ -3281,7 +3289,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-12-08T08:18:47+00:00"
+            "time": "2025-11-18T12:17:23+00:00"
         },
         {
             "name": "netresearch/jsonmapper",
@@ -3447,16 +3455,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "5.6.3",
+            "version": "5.6.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "94f8051919d1b0369a6bcc7931d679a511c03fe9"
+                "reference": "90a04bcbf03784066f16038e87e23a0a83cee3c2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/94f8051919d1b0369a6bcc7931d679a511c03fe9",
-                "reference": "94f8051919d1b0369a6bcc7931d679a511c03fe9",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/90a04bcbf03784066f16038e87e23a0a83cee3c2",
+                "reference": "90a04bcbf03784066f16038e87e23a0a83cee3c2",
                 "shasum": ""
             },
             "require": {
@@ -3505,22 +3513,22 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.3"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.4"
             },
-            "time": "2025-08-01T19:43:32+00:00"
+            "time": "2025-11-17T21:13:10+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",
-            "version": "1.10.0",
+            "version": "1.10.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/TypeResolver.git",
-                "reference": "679e3ce485b99e84c775d28e2e96fade9a7fb50a"
+                "reference": "431c02da15e566adb0ad9c5030fa6f6204d9de9e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/679e3ce485b99e84c775d28e2e96fade9a7fb50a",
-                "reference": "679e3ce485b99e84c775d28e2e96fade9a7fb50a",
+                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/431c02da15e566adb0ad9c5030fa6f6204d9de9e",
+                "reference": "431c02da15e566adb0ad9c5030fa6f6204d9de9e",
                 "shasum": ""
             },
             "require": {
@@ -3563,9 +3571,9 @@
             "description": "A PSR-5 based resolver of Class names, Types and Structural Element Names",
             "support": {
                 "issues": "https://github.com/phpDocumentor/TypeResolver/issues",
-                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.10.0"
+                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.10.1"
             },
-            "time": "2024-11-09T15:12:26+00:00"
+            "time": "2025-11-18T07:51:16+00:00"
         },
         {
             "name": "phpstan/phpdoc-parser",
@@ -4799,5 +4807,5 @@
         "ext-apcu": "*"
     },
     "platform-dev": {},
-    "plugin-api-version": "2.6.0"
+    "plugin-api-version": "2.9.0"
 }

From 143cf5157cd9bc2caabeb2ff87305a62101b8187 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 14 Nov 2025 11:52:45 +0100
Subject: [PATCH 337/524] allow to specify the `DOCKER_API_VERSION`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh     | 33 +++++++++++++++++++------
 compose.yaml                            |  1 +
 php/src/Docker/DockerActionManager.php  |  8 +++++-
 readme.md                               |  6 ++++-
 tests/QA/060-environmental-variables.md |  1 +
 5 files changed, 39 insertions(+), 10 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 616068f3..243287ea 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -83,19 +83,36 @@ if ! sudo -u www-data docker info &>/dev/null; then
     echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
     exit 1
 fi
+
+# Docker api version check
 API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
 API_VERSION="$(grep -oP 'const string API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)"
-# shellcheck disable=SC2001
-API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
-LOCAL_API_VERSION_NUMB="$(sudo -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
-if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
-    if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
-        print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
+if [ -n "$DOCKER_API_VERSION" ]; then
+    if ! echo "$DOCKER_API_VERSION" | grep -q '^[0-9].[0-9]\+$'; then
+        print_red "You've set DOCKER_API_VERSION but not to an allowed value.
+The string must be a version number like e.g. '1.44'.
+It is set to '$DOCKER_API_VERSION'."
         exit 1
     fi
+    print_red "DOCKER_API_VERSION was found to be set to '$DOCKER_API_VERSION'."
+    print_red "Please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO."
+    print_red "So you run on your own risk and things might break without warning."
 else
-    echo "LOCAL_API_VERSION_NUMB or API_VERSION_NUMB are not set correctly. Cannot check if the API version is supported."
-    sleep 10
+    # shellcheck disable=SC2001
+    API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
+    LOCAL_API_VERSION_NUMB="$(sudo -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
+    if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
+        if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
+            print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
+            echo "Alternatively, set the DOCKER_API_VERSION environmental variable to a compatible version."
+            echo "However please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO."
+            echo "See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version"
+            exit 1
+        fi
+    else
+        echo "LOCAL_API_VERSION_NUMB or API_VERSION_NUMB are not set correctly. Cannot check if the API version is supported."
+        sleep 10
+    fi
 fi
 
 # Check Storage drivers
diff --git a/compose.yaml b/compose.yaml
index f2026388..13170c7e 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -21,6 +21,7 @@ services:
       # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
       # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
+      # DOCKER_API_VERSION: 1.44 # You can adjust the internally used docker api version with this variable. ⚠️⚠️⚠️ Warning: please note that only the default api version (unset this variable) is supported and tested by the maintainers of Nextcloud AIO. So use this on your own risk and things might break without warning. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version
       # FULLTEXTSEARCH_JAVA_OPTIONS: "-Xms1024M -Xmx1024M" # Allows to adjust the fulltextsearch java options. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-fulltextsearch-java-options
       # NEXTCLOUD_DATADIR: /mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
       # NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 6694a39b..345c0100 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -26,7 +26,13 @@ readonly class DockerActionManager {
     }
 
     private function BuildApiUrl(string $url): string {
-        return sprintf('http://127.0.0.1/%s/%s', self::API_VERSION, $url);
+        $apiVersion = getenv('DOCKER_API_VERSION');
+        if ($apiVersion === false || empty($apiVersion)) {
+            $apiVersion = self::API_VERSION;
+        } else {
+            $apiVersion = 'v'. $apiVersion;
+        }
+        return sprintf('http://127.0.0.1/%s/%s', $apiVersion, $url);
     }
 
     private function BuildImageName(Container $container): string {
diff --git a/readme.md b/readme.md
index 49ac1d1f..0aa54476 100644
--- a/readme.md
+++ b/readme.md
@@ -214,6 +214,7 @@ https://your-domain-that-points-to-this-server.tld:8443
     - [Note on storage options](#note-on-storage-options)
     - [Are there known problems when SELinux is enabled?](#are-there-known-problems-when-selinux-is-enabled)
 - [Customization](#customization)
+    - [How to adjust the internally used docker api version?](#how-to-adjust-the-internally-used-docker-api-version)
     - [How to change the default location of Nextcloud's Datadir?](#how-to-change-the-default-location-of-nextclouds-datadir)
     - [How to store the files/installation on a separate drive?](#how-to-store-the-filesinstallation-on-a-separate-drive)
     - [How to allow the Nextcloud container to access directories on the host?](#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host)
@@ -427,6 +428,9 @@ Yes. If SELinux is enabled, you might need to add the `--security-opt label:disa
 
 ## Customization
 
+### How to adjust the internally used docker api version?
+If you run an outdated or too new docker version, you might run into problems with the by AIO internally used docker api version. To fix this, you can specify the api version manually. You can do so by adding `--env DOCKER_API_VERSION=1.44` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). This variable excepts a string based on the pattern `[0-9].[0-9]+`, so e.g. `1.44`. ⚠️ However please note that only the default api version (unset this variable) is supported and tested by the maintainers of Nextcloud AIO. So use this on your own risk and things might break without warning.
+
 ### How to change the default location of Nextcloud's Datadir?
 > [!WARNING]  
 > Do not set or adjust this value after the initial Nextcloud installation is done! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it.
@@ -591,7 +595,7 @@ Also, you may be interested in adjusting Nextcloud's Datadir to store the files
 > Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not available on Windows, you simply remove `sudo` from the commands and they should work.  
 
 ### How to run AIO on Synology DSM
-On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env WATCHTOWER_DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
+On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env WATCHTOWER_DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`). Additionally, you likely need to adjust the internally used api version. See [this documentation](#how-to-adjust-the-internally-used-docker-api-version). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
 
 > [!NOTE]  
 > It is possible that the docker socket on your Synology is located in `/var/run/docker.sock` like the default on Linux. Then you can just use the Linux command without having to change anything - you will notice this when you try to start the container and it says that the bind mount failed. E.g. `docker: Error response from daemon: Bind mount failed: '/volume1/docker/docker.sock' does not exists.` 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index 818ecf7c..b984c0e3 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -6,6 +6,7 @@
 - [ ] When starting the mastercontainer with `--env TALK_PORT=3479` on a clean instance, the talk container should use this port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly. Also it should stop if apache_port and talk_port are set to the same value.
 - [ ] Make also sure that reverse proxies work by following https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#reverse-proxy-documentation and following [001-initial-setup.md](./001-initial-setup.md) and [002-new-instance.md](./002-new-instance.md)
 - [ ] When starting the mastercontainer with `--env SKIP_DOMAIN_VALIDATION=true` on a clean instance, it should skip the domain verification. So it should accept any domain that you type in then.
+- [ ] When starting the mastercontainer with `--env DOCKER_API_VERSION=1.44` it should use the mentioned docker API version internally for all requests
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_DATADIR="/mnt/testdata"` it should map that location from `/mnt/testdata` to `/mnt/ncdata` inside the Nextcloud container. Not having adjusted the permissions correctly before starting the Nextcloud container the first time will not allow the Nextcloud container to start correctly. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir for allowed values.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_MOUNT="/mnt/"` it should map `/mnt/` to `/mnt/` inside the Nextcloud container. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host for allowed values.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_UPLOAD_LIMIT=11G` it should change Nextclouds upload limit to 11G. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud for allowed values.

From d26924b1e714c3557c9a9912a9504d689a280bea Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 10:40:23 +0100
Subject: [PATCH 338/524] Apply suggestion from @szaimen

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/whiteboard/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index cff8ab6e..cce2ed85 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -5,6 +5,7 @@ FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.1
 USER root
 RUN set -ex; \
     apk add --no-cache bash; \
+    chmod 777 -R /tmp; \
     if [ -f /usr/lib/chromium/chrome_crashpad_handler ] && [ ! -f /usr/lib/chromium/chrome_crashpad_handler.real ]; then \
         mv /usr/lib/chromium/chrome_crashpad_handler /usr/lib/chromium/chrome_crashpad_handler.real; \
         printf '%s\n' '#!/bin/sh' "exec /usr/lib/chromium/chrome_crashpad_handler.real --no-periodic-tasks --database=\"\${CRASHPAD_DATABASE:-/tmp/chrome-crashpad}\" \"\$@\"" >/usr/lib/chromium/chrome_crashpad_handler; \
@@ -17,7 +18,7 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK CMD /healthcheck.sh
 
-WORKDIR /app
+WORKDIR /tmp
 
 ENTRYPOINT ["/start.sh"]
 

From cf6166d6181dcdb653a9460d642927f157cf5a5a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 10:55:33 +0100
Subject: [PATCH 339/524] increase to 12.1.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 90156bf8..79bff6a0 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.0.0</h1>
+            <h1>Nextcloud AIO v12.1.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 84f5e6a4b2f23d2d951e2c2d8d2264f582ad9aca Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 11:06:12 +0100
Subject: [PATCH 340/524] domain-validation: make not-reachable error even more
 verbose

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 579c0f3b..13b3d39f 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -351,7 +351,7 @@ class ConfigurationManager
             if ($connection) {
                 fclose($connection);
             } else {
-                throw new InvalidSettingConfigurationException("The domain is not reachable on Port 443 from within this container. Have you opened port 443/tcp in your router/firewall? If yes is the problem most likely that the router or firewall forbids local access to your domain. You can work around that by setting up a local DNS-server.");
+                throw new InvalidSettingConfigurationException("The domain is not reachable on Port 443 from within this container. Have you opened port 443/tcp in your router/firewall? If yes is the problem most likely that the router or firewall forbids local access to your domain. Or in other words: NAT loopback (Hairpinning) does not seem to work in your network. You can work around that by setting up a local DNS server and utilizing Split-Brain-DNS and configuring the daemon.json file of your docker daemon to use the local DNS server.");
             }
 
             // Get Instance ID

From 2fec40568bbe1e23dfae46a81a7ee2df4d5cd7b9 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 20 Nov 2025 10:36:01 +0000
Subject: [PATCH 341/524] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 413c74e5..69c45670 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=32.0.1
+ENV NEXTCLOUD_VERSION=32.0.2
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 299c9eeb1c17ff1a424e31ab461f95114b3dd759 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 15:14:19 +0100
Subject: [PATCH 342/524] adjust bug-report template

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index 691221d7..d3228dfa 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -30,4 +30,6 @@ labels: 0. Needs triage
 
 #### Docker run command or docker-compose file that you used
 
-#### Other valuable info <!--- (like logs, screenshots & Co.) -->
+#### Output of `sudo docker logs nextcloud-aio-mastercontainer`
+
+#### Other valuable info <!--- (like additional logs, screenshots & Co.) -->

From 3b6086118945b72db0b522dadb66d01e3bb40846 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 15:50:00 +0100
Subject: [PATCH 343/524] downgrade docker to fix incompatibility with synology
 DSM

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/dependabot.yml                | 2 ++
 Containers/mastercontainer/Dockerfile | 3 ++-
 Containers/mastercontainer/start.sh   | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index f79c4ce2..f40b2582 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -58,3 +58,5 @@ updates:
       update-types: ["version-update:semver-major"]
     - dependency-name: "elasticsearch"
       update-types: ["version-update:semver-major"]
+    - dependency-name: "docker"
+      update-types: ["version-update:semver-major"]
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 179c0a76..c642ab15 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,7 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.0.2-cli AS docker
+# Needs to stay on v28 for now until Synology upgrades their docker version to at least v25
+FROM docker:28.5.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 243287ea..8e2bbcda 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -76,7 +76,7 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then
 fi
 
 # Check if api version is supported
-if ! sudo -u www-data docker info &>/dev/null; then
+if ! sudo -u www-data docker info >/dev/null; then
     print_red "Cannot connect to the docker socket. Cannot proceed."
     echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
     echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"

From 5c2321a6766fa7940ad165b36f049b3b2f2eed5b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 15:58:34 +0100
Subject: [PATCH 344/524] increase to v12.1.1

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 79bff6a0..6e07afa3 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.1.0</h1>
+            <h1>Nextcloud AIO v12.1.1</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 52244a247ed63187700bae8ef840e056691e540c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 16:02:34 +0100
Subject: [PATCH 345/524] Revert "downgrade internal docker to fix
 incompatibility with synology DSM"

---
 .github/dependabot.yml                | 2 --
 Containers/mastercontainer/Dockerfile | 3 +--
 Containers/mastercontainer/start.sh   | 2 +-
 3 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index f40b2582..f79c4ce2 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -58,5 +58,3 @@ updates:
       update-types: ["version-update:semver-major"]
     - dependency-name: "elasticsearch"
       update-types: ["version-update:semver-major"]
-    - dependency-name: "docker"
-      update-types: ["version-update:semver-major"]
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c642ab15..179c0a76 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,7 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-# Needs to stay on v28 for now until Synology upgrades their docker version to at least v25
-FROM docker:28.5.2-cli AS docker
+FROM docker:29.0.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 8e2bbcda..243287ea 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -76,7 +76,7 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then
 fi
 
 # Check if api version is supported
-if ! sudo -u www-data docker info >/dev/null; then
+if ! sudo -u www-data docker info &>/dev/null; then
     print_red "Cannot connect to the docker socket. Cannot proceed."
     echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
     echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"

From 3100cffe2b667ad0fe6fa80deec57d5a67700fff Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 16:07:07 +0100
Subject: [PATCH 346/524] keep envs for sudo command

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile      |  4 ++--
 Containers/mastercontainer/cron.sh         | 16 ++++++++--------
 Containers/mastercontainer/daily-backup.sh | 16 ++++++++--------
 Containers/mastercontainer/start.sh        | 18 +++++++++---------
 Containers/nextcloud/start.sh              |  8 ++++----
 5 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 179c0a76..7e5b5b2a 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -74,8 +74,8 @@ RUN set -ex; \
     rm -r ./php/tests; \
     chown www-data:www-data -R /var/www/docker-aio; \
     cd php; \
-    sudo -u www-data composer install --no-dev; \
-    sudo -u www-data composer clear-cache; \
+    sudo -E -u www-data composer install --no-dev; \
+    sudo -E -u www-data composer clear-cache; \
     cd ..; \
     rm -f /usr/local/bin/composer; \
     chmod -R 770 /var/www/docker-aio; \
diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index 5829d8da..67af80e7 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -45,29 +45,29 @@ while true; do
 
     # Check for updates and send notification if yes on saturdays
     if [ "$(date +%u)" = 6 ]; then
-        sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateNotification.php
+        sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/UpdateNotification.php
     fi
 
     # Check if AIO is outdated
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/OutdatedNotification.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/OutdatedNotification.php
 
     # Remove sessions older than 24h
     find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete
 
     # Remove nextcloud-aio-domaincheck container
-    if sudo -u www-data docker ps --format "{{.Names}}" --filter "status=exited" | grep -q "^nextcloud-aio-domaincheck$"; then
-        sudo -u www-data docker container remove nextcloud-aio-domaincheck
+    if sudo -E -u www-data docker ps --format "{{.Names}}" --filter "status=exited" | grep -q "^nextcloud-aio-domaincheck$"; then
+        sudo -E -u www-data docker container remove nextcloud-aio-domaincheck
     fi
 
     # Remove dangling images
-    sudo -u www-data docker image prune --filter "label=org.label-schema.vendor=Nextcloud" --force
+    sudo -E -u www-data docker image prune --filter "label=org.label-schema.vendor=Nextcloud" --force
 
     # Check for available free space
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckFreeDiskSpace.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/CheckFreeDiskSpace.php
 
     # Remove mastercontainer from default bridge network
-    if sudo -u www-data docker inspect nextcloud-aio-mastercontainer  --format "{{.NetworkSettings.Networks}}" | grep -q "bridge"; then
-        sudo -u www-data docker network disconnect bridge nextcloud-aio-mastercontainer
+    if sudo -E -u www-data docker inspect nextcloud-aio-mastercontainer  --format "{{.NetworkSettings.Networks}}" | grep -q "bridge"; then
+        sudo -E -u www-data docker network disconnect bridge nextcloud-aio-mastercontainer
     fi
 
     # Wait 60s so that the whole loop will not be executed again
diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index 5c97c0ca..edc5bddd 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -20,7 +20,7 @@ fi
 if [ "$LOCK_FILE_PRESENT" = 0 ] || ! [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
     find "/mnt/docker-aio-config/session/" -mindepth 1 -delete
 fi
-sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
+sudo -E -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
 
 # Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
 APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" | grep -o 'APACHE_PORT=[0-9]\+' | grep -o '[0-9]\+' | head -1)"
@@ -50,7 +50,7 @@ done
 if [ "$AUTOMATIC_UPDATES" = 1 ]; then
     echo "Starting mastercontainer update..." 
     echo "(The script might get exited due to that. In order to update all the other containers correctly, you need to run this script with the same settings a second time.)"
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateMastercontainer.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/UpdateMastercontainer.php
 fi
 
 # Wait for watchtower to stop
@@ -67,20 +67,20 @@ fi
 # Update container images to reduce downtime later on
 if [ "$AUTOMATIC_UPDATES" = 1 ]; then
     echo "Updating container images..."
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/PullContainerImages.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/PullContainerImages.php
 fi
 
 # Stop containers if required
 # shellcheck disable=SC2235
 if [ "$CHECK_BACKUP" != 1 ] && ([ "$DAILY_BACKUP" != 1 ] || [ "$STOP_CONTAINERS" = 1 ]); then
     echo "Stopping containers..."
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/StopContainers.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/StopContainers.php
 fi
 
 # Execute the backup itself and some related tasks (also stops the containers)
 if [ "$DAILY_BACKUP" = 1 ]; then
     echo "Creating daily backup..."
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/CreateBackup.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/CreateBackup.php
     if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; then
         echo "Something seems to be wrong: the borg container should be started at this step."
     fi
@@ -93,17 +93,17 @@ fi
 # Execute backup check
 if [ "$CHECK_BACKUP" = 1 ]; then
     echo "Starting backup check..."
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckBackup.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/CheckBackup.php
 fi
 
 # Start and/or update containers
 if [ "$AUTOMATIC_UPDATES" = 1 ]; then
     echo "Starting and updating containers..."
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/StartAndUpdateContainers.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/StartAndUpdateContainers.php
 else
     if [ "$START_CONTAINERS" = 1 ]; then
         echo "Starting containers without updating them..."
-        sudo -u www-data php /var/www/docker-aio/php/src/Cron/StartContainers.php
+        sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/StartContainers.php
     fi
 fi
 
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 243287ea..77c4675e 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -51,7 +51,7 @@ elif mountpoint -q /var/www/docker-aio/php/containers.json; then
     echo "If you need to customize things, feel free to use https://github.com/nextcloud/all-in-one/tree/main/manual-install"
     echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
     exit 1
-elif ! sudo -u www-data test -r /var/run/docker.sock; then
+elif ! sudo -E -u www-data test -r /var/run/docker.sock; then
     echo "Trying to fix docker.sock permissions internally..."
     DOCKER_GROUP=$(stat -c '%G' /var/run/docker.sock)
     DOCKER_GROUP_ID=$(stat -c '%g' /var/run/docker.sock)
@@ -69,14 +69,14 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then
         groupadd -g "$DOCKER_GROUP_ID" docker
         usermod -aG docker www-data
     fi
-    if ! sudo -u www-data test -r /var/run/docker.sock; then
+    if ! sudo -E -u www-data test -r /var/run/docker.sock; then
         print_red "Docker socket is not readable by the www-data user. Cannot continue."
         exit 1
     fi
 fi
 
 # Check if api version is supported
-if ! sudo -u www-data docker info &>/dev/null; then
+if ! sudo -E -u www-data docker info &>/dev/null; then
     print_red "Cannot connect to the docker socket. Cannot proceed."
     echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
     echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
@@ -100,7 +100,7 @@ It is set to '$DOCKER_API_VERSION'."
 else
     # shellcheck disable=SC2001
     API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
-    LOCAL_API_VERSION_NUMB="$(sudo -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
+    LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
     if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
         if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
             print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
@@ -116,7 +116,7 @@ else
 fi
 
 # Check Storage drivers
-STORAGE_DRIVER="$(sudo -u www-data docker info | grep "Storage Driver")"
+STORAGE_DRIVER="$(sudo -E -u www-data docker info | grep "Storage Driver")"
 # Check if vfs is used: https://github.com/nextcloud/all-in-one/discussions/1467
 if echo "$STORAGE_DRIVER" | grep -q vfs; then
     echo "$STORAGE_DRIVER"
@@ -127,23 +127,23 @@ elif echo "$STORAGE_DRIVER" | grep -q fuse-overlayfs; then
 fi
 
 # Check if snap install
-if sudo -u www-data docker info | grep "Docker Root Dir" | grep "/var/snap/docker/"; then
+if sudo -E -u www-data docker info | grep "Docker Root Dir" | grep "/var/snap/docker/"; then
     print_red "Warning: It looks like your installation uses docker installed via snap."
     print_red "This comes with some limitations and is disrecommended by the docker maintainers."
     print_red "See for example https://github.com/nextcloud/all-in-one/discussions/4890#discussioncomment-10386752"
 fi
 
 # Check if startup command was executed correctly
-if ! sudo -u www-data docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
+if ! sudo -E -u www-data docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
     print_red "It seems like you did not give the mastercontainer the correct name? (The 'nextcloud-aio-mastercontainer' container was not found.)
 Using a different name is not supported since mastercontainer updates will not work in that case!
 If you are on docker swarm and try to run AIO, see https://github.com/nextcloud/all-in-one#can-i-run-this-with-docker-swarm"
     exit 1
-elif ! sudo -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcloud_aio_mastercontainer$"; then
+elif ! sudo -E -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcloud_aio_mastercontainer$"; then
     print_red "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
 Using a different name is not supported since the built-in backup solution will not work in that case!"
     exit 1
-elif ! sudo -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then
+elif ! sudo -E -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then
     print_red "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
 This is not supported since the built-in backup solution will not work in that case!"
     exit 1
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 37aa4d98..14cb35d1 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -8,7 +8,7 @@ fi
 # Only start container if database is accessible
 # POSTGRES_HOST must be set in the containers env vars and POSTGRES_PORT has a default above
 # shellcheck disable=SC2153
-while ! sudo -u www-data nc -z "$POSTGRES_HOST" "$POSTGRES_PORT"; do
+while ! sudo -E -u www-data nc -z "$POSTGRES_HOST" "$POSTGRES_PORT"; do
     echo "Waiting for database to start..."
     sleep 5
 done
@@ -25,7 +25,7 @@ fi
 # Fix false database connection on old instances
 if [ -f "/var/www/html/config/config.php" ]; then
     sleep 2
-    while ! sudo -u www-data psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB" -c "select now()"; do
+    while ! sudo -E -u www-data psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB" -c "select now()"; do
         echo "Waiting for the database to start..."
         sleep 5
     done
@@ -56,12 +56,12 @@ fi
 set +x
 
 # Check datadir permissions
-sudo -u www-data touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
+sudo -E -u www-data touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
 if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
     chown -R www-data:root "$NEXTCLOUD_DATA_DIR"
     chmod 750 -R "$NEXTCLOUD_DATA_DIR"
 fi
-sudo -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
+sudo -E -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
 
 # Install additional dependencies
 if [ -n "$ADDITIONAL_APKS" ]; then

From 5dfb62216bc5b4f824dd49bdb445fddb3260cfe5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 16:31:19 +0100
Subject: [PATCH 347/524] fix docker permiss issue notice

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 7e5b5b2a..68ac73c6 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -12,6 +12,9 @@ EXPOSE 80
 EXPOSE 8080
 EXPOSE 8443
 
+# Overwrite home variable for subservices
+ENV HOME=/var/www
+
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
 

From ce3c59618b917b804b2c2ddef2eafd1b5a0a72b2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 21:44:46 +0100
Subject: [PATCH 348/524] s3-config: always use the nextcloud bundle for
 verification

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/s3.config.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php
index 04e606be..66e1476d 100644
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -22,7 +22,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         // required for some non Amazon S3 implementations
         'use_path_style' => strtolower($use_path) === 'true',
         // required for older protocol versions
-        'legacy_auth' => strtolower($use_legacyauth) === 'true'
+        'legacy_auth' => strtolower($use_legacyauth) === 'true',
+        'use_nextcloud_bundle' => 1,
       )
     )
   );

From 3d62da3ceacceffcf11ca07cbdcf02d10f7c3bf7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 21 Nov 2025 04:16:50 +0000
Subject: [PATCH 349/524] build(deps): bump php in /Containers/mastercontainer

Bumps php from 8.4.14-fpm-alpine3.22 to 8.4.15-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.15-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 68ac73c6..dae14ea5 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:29.0.2-cli AS docker
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
-FROM php:8.4.14-fpm-alpine3.22
+FROM php:8.4.15-fpm-alpine3.22
 
 EXPOSE 80
 EXPOSE 8080

From 4e4306945df5287942d7f1eb303ce85e0872d6bb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 21 Nov 2025 04:17:12 +0000
Subject: [PATCH 350/524] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.27-fpm-alpine3.22 to 8.3.28-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.28-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 69c45670..034ebba2 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.27-fpm-alpine3.22
+FROM php:8.3.28-fpm-alpine3.22
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From 71bb2a737058b147b5107b1476ffe548d5dcc1ca Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Nov 2025 09:29:48 +0100
Subject: [PATCH 351/524] adjust aio-caddy docs and config

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/caddy.json | 2 +-
 community-containers/caddy/readme.md  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index e4669e09..b85d74a0 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -44,7 +44,7 @@
             "aio_variables": [
                 "apache_ip_binding=@INTERNAL",
                 "apache_port=11000",
-                "turn_domain=turn.%NC_DOMAIN%",
+                "turn_domain=%NC_DOMAIN%",
                 "talk_port=443"
             ],
             "nextcloud_exec_commands": [
diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index ba13015e..99bf133e 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -4,7 +4,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
-- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `turn.your-nc-domain.com`. So instead of opening port 3478, you need to configure the mentioned subdomain by using a cname record. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active.
+- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `your-nc-domain.com`. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active.
 - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
 - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.

From ff8aed8b38cd23ffc2f37f2edcc3b43d532aa368 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Nov 2025 09:31:08 +0100
Subject: [PATCH 352/524] Revert "ConnectContainerIdToNetwork: remove
 `CheckDuplicate` as it is deprecated"

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 463b4a72..b63fef32 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -849,6 +849,7 @@ readonly class DockerActionManager {
                     [
                         'json' => [
                             'Name' => $network,
+                            'CheckDuplicate' => true,
                             'Driver' => 'bridge',
                             'Internal' => false,
                         ]

From d6cbe210e43b793f95e62642410b30d71b42303d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Nov 2025 09:55:48 +0100
Subject: [PATCH 353/524] fix the docs regarding START_CONTAINERS

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 0aa54476..0ae3d618 100644
--- a/readme.md
+++ b/readme.md
@@ -1093,7 +1093,7 @@ You can do so by running the `/daily-backup.sh` script that is stored in the mas
 - `AUTOMATIC_UPDATES` if set to `1`, it will automatically stop the containers, update them and start them including the mastercontainer. If the mastercontainer gets updated, this script's execution will stop as soon as the mastercontainer gets stopped. You can then wait until it is started again and run the script with this flag again in order to update all containers correctly afterwards.
 - `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option.
 - `STOP_CONTAINERS` if set to `1`, it will automatically stop the containers at the start of the script. Implied by `DAILY_BACKUP=1`.
-- `START_CONTAINERS` if set to `1`, it will automatically start the containers at the end of the script, without updating them. Implied by `DAILY_BACKUP=1`.
+- `START_CONTAINERS` if set to `1`, it will automatically start the containers at the end of the script, without updating them. Implied by `AUTOMATIC_UPDATES=1`.
 - `CHECK_BACKUP` if set to `1`, it will start the integrity check of all borg backups made by AIO. Note that the backup check is non blocking so containers can be kept running while the check lasts. That means you can't pass `DAILY_BACKUP=1` at the same time. The output of the check can be found in the logs of the container `nextcloud-aio-borgbackup`.
 
 One example to do a backup would be `sudo docker exec -it --env DAILY_BACKUP=1 nextcloud-aio-mastercontainer /daily-backup.sh`, which you can run via a cronjob or put it in a script.

From 2d0f12a8b6a0d39910d36e26e421027e0fda3eba Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Nov 2025 09:58:52 +0100
Subject: [PATCH 354/524] increase to v12.1.2

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 6e07afa3..fc2ae585 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.1.1</h1>
+            <h1>Nextcloud AIO v12.1.2</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From eefaf19c21315e589953e8bf0a2c227ebe8cfbe2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 21 Nov 2025 12:17:44 +0000
Subject: [PATCH 355/524] build(deps): bump actions/checkout from 5 to 6 in
 /.github/workflows

Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codespell.yml                | 2 +-
 .github/workflows/collabora.yml                | 2 +-
 .github/workflows/community-containers.yml     | 2 +-
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/docker-lint.yml              | 2 +-
 .github/workflows/helm-release.yml             | 2 +-
 .github/workflows/imaginary-update.yml         | 2 +-
 .github/workflows/json-validator.yml           | 2 +-
 .github/workflows/lint-helm.yml                | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/nextcloud-update.yml         | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/playwright.yml               | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/shellcheck.yml               | 2 +-
 .github/workflows/talk.yml                     | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 .github/workflows/update-copyright.yml         | 2 +-
 .github/workflows/update-helm.yml              | 2 +-
 .github/workflows/update-yaml.yml              | 2 +-
 .github/workflows/watchtower-update.yml        | 2 +-
 22 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index c4df7592..1d14787a 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Check spelling
         uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2
         with:
diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index 92434695..57f2fdc0 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -10,7 +10,7 @@ jobs:
     name: update collabora
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - name: Run collabora-profile-update
       run: |
         rm -f php/cool-seccomp-profile.json
diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml
index eddc2be1..026b6e5f 100644
--- a/.github/workflows/community-containers.yml
+++ b/.github/workflows/community-containers.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Validate structure
         run: |
           CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index e6205d4e..9a2432fb 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -10,7 +10,7 @@ jobs:
     name: Run dependency update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
       with:
         php-version: 8.4
diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index 1551c48a..5495ca0c 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Install hadolint
         run: |
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 437e8ea1..5a108936 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Turnstyle
         uses: softprops/turnstyle@2e4451ef94c5969eee533c487092052d4d1a53af # v2
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 4b7fe096..2affec36 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update to latest imaginary commit on master branch
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - name: Run imaginary-update
       run: |
         # Imaginary
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index e22ca689..c7a25b1b 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Validate Json
         run: |
           sudo apt-get update
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 650ae709..0dc17ffa 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 9c5e8925..9e4b2444 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 7d153d7b..24246326 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -11,7 +11,7 @@ jobs:
     name: Run nextcloud-update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - name: Run nextcloud-update script
       run: |
         # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index d2bccbd5..dc2ee90e 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -16,7 +16,7 @@ jobs:
     name: PHP Deprecation Detector
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Set up php
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
         with:
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 8c7b0a93..31f5bb29 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - uses: actions/setup-node@v6
         with:
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 67618422..a671f546 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - name: Set up php
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 6ba0256a..b54344c4 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -32,7 +32,7 @@ jobs:
     name: static-psalm-analysis
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 4924d9bc..4199b93b 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -15,7 +15,7 @@ jobs:
     name: Check Shell
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - name: Run Shellcheck
       uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
       with:
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index ed04851a..e88d6571 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -10,7 +10,7 @@ jobs:
     name: update talk
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - name: Run talk-container-update
       run: |
         # Recording
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 107edc8b..e7c27f74 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml
index 364b3aae..8ae3e445 100644
--- a/.github/workflows/update-copyright.yml
+++ b/.github/workflows/update-copyright.yml
@@ -8,4 +8,4 @@ jobs:
     name: update copyright
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index b10fb430..ab706366 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: update helm chart
         run: |
           set -x
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index d8c6c6e0..f7677d5e 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: update yaml files
         run: |
           sudo bash manual-install/update-yaml.sh
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 044dbc10..8d8465ff 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update watchtower
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - name: Run watchtower-container-update
       run: |
         # Watchtower

From 849d95ff7521abe896d28e3325c0222ba3997a6b Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 22 Nov 2025 12:03:13 +0000
Subject: [PATCH 356/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index fd7a5de3..6a33558f 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1148,22 +1148,22 @@
         },
         {
             "name": "slim/slim",
-            "version": "4.15.0",
+            "version": "4.15.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim.git",
-                "reference": "17eba5182975878a0ab9b27982cd2e2cfcb67ea2"
+                "reference": "887893516557506f254d950425ce7f5387a26970"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim/zipball/17eba5182975878a0ab9b27982cd2e2cfcb67ea2",
-                "reference": "17eba5182975878a0ab9b27982cd2e2cfcb67ea2",
+                "url": "https://api.github.com/repos/slimphp/Slim/zipball/887893516557506f254d950425ce7f5387a26970",
+                "reference": "887893516557506f254d950425ce7f5387a26970",
                 "shasum": ""
             },
             "require": {
                 "ext-json": "*",
                 "nikic/fast-route": "^1.3",
-                "php": "~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0",
+                "php": "~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0 || ~8.5.0",
                 "psr/container": "^1.0 || ^2.0",
                 "psr/http-factory": "^1.1",
                 "psr/http-message": "^1.1 || ^2.0",
@@ -1183,7 +1183,7 @@
                 "phpspec/prophecy": "^1.19",
                 "phpspec/prophecy-phpunit": "^2.1",
                 "phpstan/phpstan": "^1 || ^2",
-                "phpunit/phpunit": "^9.6",
+                "phpunit/phpunit": "^9.6 || ^10 || ^11 || ^12",
                 "slim/http": "^1.3",
                 "slim/psr7": "^1.6",
                 "squizlabs/php_codesniffer": "^3.10",
@@ -1260,7 +1260,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-08-20T18:16:16+00:00"
+            "time": "2025-11-21T12:23:44+00:00"
         },
         {
             "name": "slim/twig-view",
@@ -3519,16 +3519,16 @@
         },
         {
             "name": "phpdocumentor/type-resolver",
-            "version": "1.10.1",
+            "version": "1.11.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/TypeResolver.git",
-                "reference": "431c02da15e566adb0ad9c5030fa6f6204d9de9e"
+                "reference": "f626740b38009078de0dc8b2b9dc4e7f749c6eba"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/431c02da15e566adb0ad9c5030fa6f6204d9de9e",
-                "reference": "431c02da15e566adb0ad9c5030fa6f6204d9de9e",
+                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/f626740b38009078de0dc8b2b9dc4e7f749c6eba",
+                "reference": "f626740b38009078de0dc8b2b9dc4e7f749c6eba",
                 "shasum": ""
             },
             "require": {
@@ -3571,9 +3571,9 @@
             "description": "A PSR-5 based resolver of Class names, Types and Structural Element Names",
             "support": {
                 "issues": "https://github.com/phpDocumentor/TypeResolver/issues",
-                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.10.1"
+                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.11.1"
             },
-            "time": "2025-11-18T07:51:16+00:00"
+            "time": "2025-11-21T11:31:57+00:00"
         },
         {
             "name": "phpstan/phpdoc-parser",

From ecb58c81f7f2ead69fa622a01c65310d43be79b2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Nov 2025 04:16:30 +0000
Subject: [PATCH 357/524] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.8-alpine to 3.2.9-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.9-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index f185848a..ccc283f9 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.8-alpine
+FROM haproxy:3.2.9-alpine
 
 # hadolint ignore=DL3002
 USER root

From 0fe8008777cc15ce92bf27761016df28130f73a7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 10:08:12 +0100
Subject: [PATCH 358/524] DockerActionManager: fix bug with collabora using
 seccomp if it is globally disabled

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php  | 11 +++++++++--
 php/src/Docker/DockerActionManager.php |  8 +++++---
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 13b3d39f..fbfaff8e 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -209,7 +209,7 @@ class ConfigurationManager
 
     public function SetFulltextsearchEnabledState(int $value) : void {
         // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768
-        if ($this->GetCollaboraSeccompDisabledState() === 'true') {
+        if ($this->isSeccompDisabled()) {
             $value = 0;
         }
 
@@ -757,7 +757,7 @@ class ConfigurationManager
 
     public function GetCollaboraSeccompPolicy() : string {
         $defaultString = '--o:security.seccomp=';
-        if ($this->GetCollaboraSeccompDisabledState() !== 'true') {
+        if ($this->isSeccompDisabled()) {
             return $defaultString . 'true';
         }
         return $defaultString . 'false';
@@ -770,6 +770,13 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function isSeccompDisabled() : bool {
+        if ($this->GetCollaboraSeccompDisabledState() === 'true') {
+            return true;
+        }
+        return false;
+    }
+
     /**
      * @throws InvalidSettingConfigurationException
      */
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index b63fef32..53df4df6 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -415,9 +415,11 @@ readonly class DockerActionManager {
 
         // Special things for the collabora container which should not be exposed in the containers.json
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
-            // Load reference seccomp profile for collabora
-            $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
-            $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile"];
+            if (!$this->configurationManager->isSeccompDisabled()) {
+                // Load reference seccomp profile for collabora
+                $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
+                $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile"];
+            }
 
             // Additional Collabora options
             if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') {

From cc3ceb17665630821667b44ccc6b5c5df0c8c9d6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 10:14:42 +0100
Subject: [PATCH 359/524] increase to v12.1.3

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index fc2ae585..cb3a6d7f 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.1.2</h1>
+            <h1>Nextcloud AIO v12.1.3</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 9f0b2625eafa4dc1b8c356839add1261a85c6186 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 10:22:59 +0100
Subject: [PATCH 360/524] caddy-cc: only open port 443/tcp and forward port
 443/udp to talk directly

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/caddy.json  | 5 -----
 php/src/Docker/DockerActionManager.php | 4 ++--
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index b85d74a0..f6143fbc 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -13,11 +13,6 @@
                   "ip_binding": "",
                   "port_number": "443",
                   "protocol": "tcp"
-                },
-                {
-                    "ip_binding": "",
-                    "port_number": "443",
-                    "protocol": "udp"
                 }
             ],
             "environment": [
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 53df4df6..a6f5d223 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -290,8 +290,8 @@ readonly class DockerActionManager {
                     }
                 } else if ($port === '%TALK_PORT%') {
                     $port = $this->configurationManager->GetTalkPort();
-                    // Skip publishing talk port if it is set to 443
-                    if ($port === '443') {
+                    // Skip publishing talk tcp port if it is set to 443
+                    if ($port === '443' && $protocol === 'tcp') {
                         continue;
                     }
                 }

From 37c16e1b757234e32fc1fc549ba72e073647e6dd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 11:01:11 +0100
Subject: [PATCH 361/524] fix typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index fbfaff8e..fa0e4af5 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -757,7 +757,7 @@ class ConfigurationManager
 
     public function GetCollaboraSeccompPolicy() : string {
         $defaultString = '--o:security.seccomp=';
-        if ($this->isSeccompDisabled()) {
+        if (!$this->isSeccompDisabled()) {
             return $defaultString . 'true';
         }
         return $defaultString . 'false';

From dfd2cd7d3eacf4a41e2b3c5617c5759b900ae84d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 14:29:14 +0100
Subject: [PATCH 362/524] Revert "build(deps): bump collabora/code from
 25.04.7.1.1 to 25.04.7.2.1 in /Containers/collabora"

---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index d9b3018a..10f068ea 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.7.2.1
+FROM collabora/code:25.04.7.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From d3fb61bef04f3308250f79095925a177dc5ca089 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Nov 2025 13:31:22 +0000
Subject: [PATCH 363/524] build(deps): bump peter-evans/create-pull-request in
 /.github/workflows

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.8 to 7.0.9.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/271a8d0340265f705b14b6d32b9829c1cb33d45e...84ae59a2cdc2258d6fa0732dd66352dddae2a412)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 7.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/collabora.yml             | 2 +-
 .github/workflows/dependency-updates.yml    | 2 +-
 .github/workflows/imaginary-update.yml      | 2 +-
 .github/workflows/nextcloud-update.yml      | 2 +-
 .github/workflows/psalm-update-baseline.yml | 2 +-
 .github/workflows/talk.yml                  | 2 +-
 .github/workflows/update-helm.yml           | 2 +-
 .github/workflows/update-yaml.yml           | 2 +-
 .github/workflows/watchtower-update.yml     | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index 57f2fdc0..f1092f68 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -18,7 +18,7 @@ jobs:
         mv cool-seccomp-profile.json php/
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: collabora-seccomp-update automated change
         signoff: true
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 9a2432fb..f4c6e22e 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -44,7 +44,7 @@ jobs:
         )"
         sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: php dependency updates
         signoff: true
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 2affec36..81b5785f 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -22,7 +22,7 @@ jobs:
         sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: imaginary-update automated change
         signoff: true
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 24246326..ca8086a9 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -79,7 +79,7 @@ jobs:
         fi
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: nextcloud-update automated change
         signoff: true
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index a671f546..6ae81616 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -30,7 +30,7 @@ jobs:
         continue-on-error: true
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           commit-message: Update psalm baseline
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index e88d6571..adf4ffa9 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -45,7 +45,7 @@ jobs:
         sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: talk-update automated change
         signoff: true
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index ab706366..5e2227a7 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -23,7 +23,7 @@ jobs:
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
         with:
           commit-message: Helm Chart updates
           signoff: true
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index f7677d5e..44358acf 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -16,7 +16,7 @@ jobs:
         run: |
           sudo bash manual-install/update-yaml.sh
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
         with:
           commit-message: Yaml updates
           signoff: true
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 8d8465ff..a7c664d8 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -26,7 +26,7 @@ jobs:
         sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_version|" ./Containers/watchtower/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: watchtower-update automated change
         signoff: true

From aec3d09048de8cbcc70cc437c61dd6c8515db0a9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Nov 2025 13:31:46 +0000
Subject: [PATCH 364/524] build(deps): bump actions/checkout in
 /.github/workflows

Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.1 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v5.0.1...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codespell.yml                | 2 +-
 .github/workflows/collabora.yml                | 2 +-
 .github/workflows/community-containers.yml     | 2 +-
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/docker-lint.yml              | 2 +-
 .github/workflows/helm-release.yml             | 2 +-
 .github/workflows/imaginary-update.yml         | 2 +-
 .github/workflows/json-validator.yml           | 2 +-
 .github/workflows/lint-helm.yml                | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/nextcloud-update.yml         | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/playwright.yml               | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/shellcheck.yml               | 2 +-
 .github/workflows/talk.yml                     | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 .github/workflows/update-copyright.yml         | 2 +-
 .github/workflows/update-helm.yml              | 2 +-
 .github/workflows/update-yaml.yml              | 2 +-
 .github/workflows/watchtower-update.yml        | 2 +-
 22 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 1d14787a..c1bc4889 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
       - name: Check spelling
         uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2
         with:
diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index 57f2fdc0..6d8f9a79 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -10,7 +10,7 @@ jobs:
     name: update collabora
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run collabora-profile-update
       run: |
         rm -f php/cool-seccomp-profile.json
diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml
index 026b6e5f..cd3a9530 100644
--- a/.github/workflows/community-containers.yml
+++ b/.github/workflows/community-containers.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
       - name: Validate structure
         run: |
           CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 9a2432fb..8f1cde51 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -10,7 +10,7 @@ jobs:
     name: Run dependency update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
       with:
         php-version: 8.4
diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index 5495ca0c..0efebdbb 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
 
       - name: Install hadolint
         run: |
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 5a108936..1b083b64 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
 
       - name: Turnstyle
         uses: softprops/turnstyle@2e4451ef94c5969eee533c487092052d4d1a53af # v2
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 2affec36..97de4429 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update to latest imaginary commit on master branch
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run imaginary-update
       run: |
         # Imaginary
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index c7a25b1b..d406e011 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
       - name: Validate Json
         run: |
           sudo apt-get update
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 0dc17ffa..1f7f2e72 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 9e4b2444..bf449e1f 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5 # v5.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 24246326..1aaa9a99 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -11,7 +11,7 @@ jobs:
     name: Run nextcloud-update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run nextcloud-update script
       run: |
         # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index dc2ee90e..22ed9854 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -16,7 +16,7 @@ jobs:
     name: PHP Deprecation Detector
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v6.0.0
       - name: Set up php
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
         with:
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 31f5bb29..df791fe6 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v6.0.0
 
       - uses: actions/setup-node@v6
         with:
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index a671f546..65b57197 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v6.0.0
 
       - name: Set up php
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index b54344c4..21ecf1e6 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -32,7 +32,7 @@ jobs:
     name: static-psalm-analysis
     steps:
       - name: Checkout
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5 # v5.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 4199b93b..2c0fd697 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -15,7 +15,7 @@ jobs:
     name: Check Shell
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run Shellcheck
       uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
       with:
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index e88d6571..5b477eb2 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -10,7 +10,7 @@ jobs:
     name: update talk
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run talk-container-update
       run: |
         # Recording
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index e7c27f74..d8730987 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
 
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml
index 8ae3e445..353e5e9d 100644
--- a/.github/workflows/update-copyright.yml
+++ b/.github/workflows/update-copyright.yml
@@ -8,4 +8,4 @@ jobs:
     name: update copyright
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v6.0.0
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index ab706366..6a0d5bf8 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
       - name: update helm chart
         run: |
           set -x
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index f7677d5e..a1b85b98 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
       - name: update yaml files
         run: |
           sudo bash manual-install/update-yaml.sh
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 8d8465ff..b227a4fa 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update watchtower
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run watchtower-container-update
       run: |
         # Watchtower

From 32ab3aa2962533deb8602dfaee9385424cc2cd09 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 14:32:33 +0100
Subject: [PATCH 365/524] collabora: adjust some additional things

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index 86d0e508..0a48b3ea 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -380,7 +380,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",
@@ -399,10 +399,7 @@
         "SYS_ADMIN",
         "SYS_CHROOT",
         "FOWNER",
-        "CHOWN",
-        "MAC_OVERRIDE",
-        "BLOCK_SUSPEND",
-        "AUDIT_READ"
+        "CHOWN"
       ],
       "cap_drop": [
         "NET_RAW"

From 7661f45ccef34fe5be41838e7005d617aca4eca0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 14:39:09 +0100
Subject: [PATCH 366/524] increase to v12.1.4

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index cb3a6d7f..39a2de48 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.1.3</h1>
+            <h1>Nextcloud AIO v12.1.4</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From eda5151bb2a17c5909a9ba1e7f86db130de82fd5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 15:00:28 +0100
Subject: [PATCH 367/524] re-enable whiteboard by default

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index fa0e4af5..0b0a034d 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -164,10 +164,10 @@ class ConfigurationManager
 
     public function isWhiteboardEnabled() : bool {
         $config = $this->GetConfig();
-        if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 1) {
-            return true;
-        } else {
+        if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 0) {
             return false;
+        } else {
+            return true;
         }
     }
 

From 5dd2048500ebe904407b71093884913987d4a218 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 17:38:50 +0100
Subject: [PATCH 368/524] fix remaining psalm issues

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/psalm-baseline.xml                  | 34 +------------------------
 php/src/Controller/DockerController.php |  2 +-
 php/src/Data/ConfigurationManager.php   |  3 +++
 php/src/Docker/DockerActionManager.php  |  4 +--
 php/src/Twig/ClassExtension.php         |  1 +
 php/src/Twig/CsrfExtension.php          |  1 +
 6 files changed, 9 insertions(+), 36 deletions(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 041cf87c..d04c5aa8 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,34 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.13.1@1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51">
-  <file src="src/Controller/DockerController.php">
-    <InvalidOperand>
-      <code><![CDATA[$port]]></code>
-    </InvalidOperand>
-  </file>
-  <file src="src/Data/ConfigurationManager.php">
-    <PossiblyFalseArgument>
-      <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$ch]]></code>
-    </PossiblyFalseArgument>
-  </file>
-  <file src="src/Docker/DockerActionManager.php">
-    <PossiblyFalseArgument>
-      <code><![CDATA[$line]]></code>
-      <code><![CDATA[$line]]></code>
-    </PossiblyFalseArgument>
-  </file>
-  <file src="src/Twig/ClassExtension.php">
-    <MissingOverrideAttribute>
-      <code><![CDATA[public function getFunctions() : array]]></code>
-    </MissingOverrideAttribute>
-  </file>
-  <file src="src/Twig/CsrfExtension.php">
-    <MissingOverrideAttribute>
-      <code><![CDATA[public function getGlobals() : array]]></code>
-    </MissingOverrideAttribute>
-  </file>
-</files>
+<files psalm-version="6.13.1@1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51"/>
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 8473ed57..ed3d3bf9 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -185,7 +185,7 @@ readonly class DockerController {
 
         $config = $this->configurationManager->GetConfig();
         // set AIO_URL
-        $config['AIO_URL'] = $host . ':' . $port . $path;
+        $config['AIO_URL'] = $host . ':' . (string)$port . $path;
         // set wasStartButtonClicked
         $config['wasStartButtonClicked'] = 1;
         // set install_latest_major
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 0b0a034d..253b1371 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -366,6 +366,9 @@ class ConfigurationManager
 
             // Check if response is correct
             $ch = curl_init();
+            if ($ch === false) {
+                throw new InvalidSettingConfigurationException('Could not init curl! Please check the logs!');
+            }
             $testUrl = $protocol . $domain . ':443';
             curl_setopt($ch, CURLOPT_URL, $testUrl);
             curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index a6f5d223..7cd26db8 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -155,11 +155,11 @@ readonly class DockerActionManager {
         $response = "";
         $separator = "\r\n";
         $line = strtok($responseBody, $separator);
-        $response = substr($line, 8) . $separator;
+        $response = substr((string)$line, 8) . $separator;
 
         while ($line !== false) {
             $line = strtok($separator);
-            $response .= substr($line, 8) . $separator;
+            $response .= substr((string)$line, 8) . $separator;
         }
 
         return $response;
diff --git a/php/src/Twig/ClassExtension.php b/php/src/Twig/ClassExtension.php
index ff5ffe44..7f478994 100644
--- a/php/src/Twig/ClassExtension.php
+++ b/php/src/Twig/ClassExtension.php
@@ -7,6 +7,7 @@ use Twig\TwigFunction;
 
 class ClassExtension extends TwigExtension
 {
+    #[\Override]
     public function getFunctions() : array
     {
         return array(
diff --git a/php/src/Twig/CsrfExtension.php b/php/src/Twig/CsrfExtension.php
index feac9c72..51334864 100644
--- a/php/src/Twig/CsrfExtension.php
+++ b/php/src/Twig/CsrfExtension.php
@@ -12,6 +12,7 @@ class CsrfExtension extends AbstractExtension implements GlobalsInterface {
     ) {
     }
 
+    #[\Override]
     public function getGlobals() : array
     {
         // CSRF token name and value

From 9ec7c087548eb6ee92bc099b50282ab2a8282e59 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 18:03:08 +0100
Subject: [PATCH 369/524] aio-interface: always offer a reset backup button

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 32 +++++++++++++++-----------------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 39a2de48..53b97dcc 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -476,23 +476,6 @@
                                             <input type="submit" value="Create backup" onclick="return confirm('Create backup? Are you sure that you want to create a backup? This will stop all running containers and create the backup.')" />
                                         </form>
 
-                                        {% if has_backup_run_once == false %}
-                                            <h3>Reset backup location</h3>
-                                            <p>
-                                            If the configured backup host location <strong>{{ borg_backup_host_location }}</strong>
-                                            {% if borg_remote_repo %}
-                                                or the remote repo <strong>{{ borg_remote_repo }}</strong>
-                                            {% endif %}
-                                            is wrong, you can reset it by clicking on the button below.
-                                            </p>
-                                            <form method="POST" action="api/configuration" class="xhr">
-                                                <input type="hidden" name="delete_borg_backup_location_vars" value="yes"/>
-                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                <input type="submit" value="Reset backup location" />
-                                            </form>
-                                        {% endif %}
-
                                         {% if has_backup_run_once == true %}
                                             <h3>Backup Viewer</h3>
                                             <p>There is now a community container that allows to access your backups in a web session. See <a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer"><strong>this documentation</strong></a>.</p>
@@ -558,6 +541,21 @@
                                                 <p>This option is currently set. You can disable it again by clearing the field and submitting your changes.</p>
                                             {% endif %}
                                         {% endif %}
+
+                                        <h3>Reset backup location</h3>
+                                        <p>
+                                        If the configured backup host location <strong>{{ borg_backup_host_location }}</strong>
+                                        {% if borg_remote_repo %}
+                                            or the remote repo <strong>{{ borg_remote_repo }}</strong>
+                                        {% endif %}
+                                        is wrong, you can reset it by clicking on the button below.
+                                        </p>
+                                        <form method="POST" action="api/configuration" class="xhr">
+                                            <input type="hidden" name="delete_borg_backup_location_vars" value="yes"/>
+                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                            <input type="submit" value="Reset backup location" onclick="return confirm('Are you sure that you want to reset the backup location?')" />
+                                        </form>
                                     {% endif %}
                                     {% if has_backup_run_once == true %}
                                         </details>

From 01ad594ec56f8fbc2b5b3b026dfd0b5dc4da4ed2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 18:28:35 +0100
Subject: [PATCH 370/524] aio-interface: add button to update the backup list

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh            |  9 +++++++++
 Containers/borgbackup/start.sh                   |  4 ++--
 community-containers/borgbackup-viewer/readme.md |  2 +-
 php/public/index.php                             |  1 +
 php/src/Controller/DockerController.php          | 14 ++++++++++++++
 php/templates/containers.twig                    | 11 +++++++++++
 readme.md                                        |  2 +-
 7 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 50815f38..b7b96147 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -612,3 +612,12 @@ if [ "$BORG_MODE" = test ]; then
         fi
     fi
 fi
+
+if [ "$BORG_MODE" = list ]; then
+    echo "Updating backup list..."
+    if ! borg info > /dev/null; then
+        echo "Could not update the backup list."
+        exit 1
+    fi
+    # The update gets done automatically in the wrapper start.sh script.
+fi
diff --git a/Containers/borgbackup/start.sh b/Containers/borgbackup/start.sh
index 9da0d840..bb7a8a6a 100644
--- a/Containers/borgbackup/start.sh
+++ b/Containers/borgbackup/start.sh
@@ -32,8 +32,8 @@ else
 fi
 
 # Validate BORG_MODE
-if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != "check-repair" ] && [ "$BORG_MODE" != test ]; then
-    echo "No correct BORG_MODE mode applied. Valid are 'backup', 'check', 'restore' and 'test'."
+if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != "check-repair" ] && [ "$BORG_MODE" != "test" ] && [ "$BORG_MODE" != "list" ]; then
+    echo "No correct BORG_MODE mode applied. Valid are 'backup', 'check', 'restore', 'test' and 'list'."
     exit 1
 fi
 
diff --git a/community-containers/borgbackup-viewer/readme.md b/community-containers/borgbackup-viewer/readme.md
index dc3d5806..ddd11be7 100644
--- a/community-containers/borgbackup-viewer/readme.md
+++ b/community-containers/borgbackup-viewer/readme.md
@@ -5,7 +5,7 @@ This container allows to view the local borg repository in a web session. It als
 - After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
 - Then, you should see a terminal. There type in `borg mount /mnt/borgbackup/borg /tmp/borg` to mount the backup archive at `/tmp/borg` inside the container. Afterwards type in `nautilus /tmp/borg` which will show a file explorer and allows you to see all the files. You can then copy files and folders back to their initial mountpoints inside `/nextcloud_aio_volumes/`, `/host_mounts/` and `/docker_volumes/`. ⚠️ Be very carefully while doing that as can break your instance!
 - After you are done with the operation, click on the terminal in the background and press `[CTRL]+[c]` multiple times to close any open application. Then run `umount /tmp/borg` to unmount the mountpoint correctly.
-- You can also delete specific archives by running `borg list`,  delete a specific archive e.g. via `borg delete --stats --progress "::20220223_174237-nextcloud-aio"` and compact the archives via `borg compact`. After doing so, make sure to update the backup archives list in the AIO interface! You can do so by clicking on the `Check backup integrity` button or `Create backup` button.
+- You can also delete specific archives by running `borg list`,  delete a specific archive e.g. via `borg delete --stats --progress "::20220223_174237-nextcloud-aio"` and compact the archives via `borg compact`. After doing so, make sure to update the backup archives list in the AIO interface! You can do so by clicking on the `Update backup list` button in the `Update backup list` section inside the `Backup and restore` section.
 - ⚠️ After you are done doing your operations, remove the container for better security again from the stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
diff --git a/php/public/index.php b/php/public/index.php
index f2880ca7..46967c72 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -60,6 +60,7 @@ $app->get('/api/docker/getwatchtower', AIO\Controller\DockerController::class .
 $app->post('/api/docker/start', AIO\Controller\DockerController::class . ':StartContainer');
 $app->post('/api/docker/backup', AIO\Controller\DockerController::class . ':StartBackupContainerBackup');
 $app->post('/api/docker/backup-check', AIO\Controller\DockerController::class . ':StartBackupContainerCheck');
+$app->post('/api/docker/backup-list', AIO\Controller\DockerController::class . ':StartBackupContainerList');
 $app->post('/api/docker/backup-check-repair', AIO\Controller\DockerController::class . ':StartBackupContainerCheckRepair');
 $app->post('/api/docker/backup-test', AIO\Controller\DockerController::class . ':StartBackupContainerTest');
 $app->post('/api/docker/restore', AIO\Controller\DockerController::class . ':StartBackupContainerRestore');
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 8473ed57..6626e3e4 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -105,6 +105,11 @@ readonly class DockerController {
         return $response->withStatus(201)->withHeader('Location', '.');
     }
 
+    public function StartBackupContainerList(Request $request, Response $response, array $args) : Response {
+        $this->listBackup();
+        return $response->withStatus(201)->withHeader('Location', '.');
+    }
+
     public function checkBackup() : void {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'check';
@@ -114,6 +119,15 @@ readonly class DockerController {
         $this->PerformRecursiveContainerStart($id);
     }
 
+        private function listBackup() : void {
+        $config = $this->configurationManager->GetConfig();
+        $config['backup-mode'] = 'list';
+        $this->configurationManager->WriteConfig($config);
+
+        $id = 'nextcloud-aio-borgbackup';
+        $this->PerformRecursiveContainerStart($id);
+    }
+
     public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'restore';
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 39a2de48..a27fdaee 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -518,6 +518,17 @@
                                                 <input type="submit" value="Restore selected backup" onclick="return confirm('Restore the selected backup? Are you sure that you want to restore the selected backup? This will stop all running containers and restore the selected backup. It is recommended to create a backup first. You might also want to check the backup integrity.')" />
                                             </form>
 
+                                            <h3>Update backup list</h3>
+                                            <details>
+                                                <summary>Click here to reveal this option</summary>
+                                                <p>If you use an external snapshot tool to restore the server that runs AIO, you might run into a problem that the above listed available backups are not up-to-date to restore your server from. You can click the button below to update this list.</p>
+                                                <form method="POST" action="api/docker/backup-list" class="xhr">
+                                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                    <input type="submit" value="Update backup list" />
+                                                </form>
+                                            </details>
+
                                             <h3>Daily backup and automatic updates</h3>
                                             {% if daily_backup_time == "" %}
                                                 <p>By entering a time below and submitting it, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <strong>04:00</strong> will create backups at 4 am UTC and <strong>16:00</strong> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.</p>
diff --git a/readme.md b/readme.md
index 0ae3d618..f22c7df3 100644
--- a/readme.md
+++ b/readme.md
@@ -970,7 +970,7 @@ sudo borg compact
 ```
 
 After doing so, make sure to update the backup archives list in the AIO interface!<br>
-You can do so by clicking on the `Check backup integrity` button or `Create backup` button.
+You can do so by clicking on the `Update backup list` button in the `Update backup list` section inside the `Backup and restore` section.
 
 ---
 

From 271c4b21cc38d1e408909c8095bccfe915d4c727 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 19:16:58 +0100
Subject: [PATCH 371/524] docs: standardize links by removing
 `?tab=readme-ov-file`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/makemkv/readme.md | 2 +-
 compose.yaml                           | 2 +-
 reverse-proxy.md                       | 8 ++++----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/community-containers/makemkv/readme.md b/community-containers/makemkv/readme.md
index ed9ce040..e78510ee 100644
--- a/community-containers/makemkv/readme.md
+++ b/community-containers/makemkv/readme.md
@@ -5,7 +5,7 @@ This container bundles MakeMKV and auto-configures it for you.
 - This container should only be run in home networks
 - ⚠️ This container mounts all devices from the host inside the container in order to be able to access the external DVD/Blu-ray drives which is a security issue. However no better solution was found for the time being.
 - This container only works on Linux and not on Docker-Desktop.
-- This container requires the [`NEXTCLOUD_MOUNT` variable in AIO to be set](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host). Otherwise the output will not be saved correctly..
+- This container requires the [`NEXTCLOUD_MOUNT` variable in AIO to be set](https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host). Otherwise the output will not be saved correctly..
 - After adding and starting the container, you need to visit `https://internal.ip.of.server:5802` in order to log in with the `makemkv` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
 - After the first login, you can adjust the `/output` directory in the MakeMKV settings to a subdirectory of the root of your chosen `NEXTCLOUD_MOUNT`. (by default `NEXTCLOUD_MOUNT` is mounted to `/output` inside the container. Thus all data is written to the root of it)
 - The configured `NEXTCLOUD_DATADIR` is getting mounted to `/storage` inside the container.
diff --git a/compose.yaml b/compose.yaml
index 13170c7e..e8966f4c 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -35,7 +35,7 @@ services:
       # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
       # NEXTCLOUD_ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud.
       # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
-      # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation
+      # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
       # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
       # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
 
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 52c830e0..546b8b78 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -36,7 +36,7 @@ Requirements:
 - A public IP address that is reachable from the Internet (it does **not** need to be static, but it must not be behind carrier-grade NAT, which some ISPs use to share IP addresses among multiple customers).
 - Port `443/tcp` on that IP must be available for AIO's exclusive use, and it must be opened/forwarded on your internet-facing firewall/router to the AIO host.[^talkPort]
 
-**If AIO's integrated HTTPS support and internal reverse proxy meet your requirements, you do not need to proceed further. Follow the [standard Nextcloud AIO instructions](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this).**
+**If AIO's integrated HTTPS support and internal reverse proxy meet your requirements, you do not need to proceed further. Follow the [standard Nextcloud AIO instructions](https://github.com/nextcloud/all-in-one#how-to-use-this).**
 
 ### External: Using AIO with an external reverse proxy (e.g., *Caddy, Nginx, Cloudflare Proxy*)
 
@@ -95,7 +95,7 @@ To make your Nextcloud AIO instance accessible from the public Internet (not jus
 | **Tailscale Funnel** | Public Internet | None | Public access through Tailscale |
 
 > [!TIP]
-> Because of how [Cloudflare's Tunnel/Proxy operate](https://github.com/nextcloud/all-in-one/tree/main?tab=readme-ov-file#notes-on-cloudflare-proxytunnel), we recommend using Tailscale with Nextcloud when possible. Tailscale typically offers better performance and fewer trade-offs/limitations for Nextcloud.
+> Because of how [Cloudflare's Tunnel/Proxy operate](https://github.com/nextcloud/all-in-one/tree/main#notes-on-cloudflare-proxytunnel), we recommend using Tailscale with Nextcloud when possible. Tailscale typically offers better performance and fewer trade-offs/limitations for Nextcloud.
 >
 > **For private/personal use**: [Tailscale Serve](https://tailscale.com/kb/1312/serve) is ideal - it keeps your Nextcloud completely private to your tailnet.
 >
@@ -1120,7 +1120,7 @@ sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:syst
 #### Collabora WOPI allow list
 If your reverse proxy connects to Nextcloud with an IP address that is different from the one for your domain<sup>*</sup> and you are using the Collabora server then you must also add the IP to the WOPI request allow list via `Administration Settings > Administration > Office > Allow list for WOPI requests`.
 
-<small>*: For example, the reverse proxy has a public globally routable IP and connects to your AIO instance via Tailscale with an IP in the `100.64.0.0/10` range, or you are using a Cloudflare tunnel ([cloudflare notes](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#notes-on-cloudflare-proxytunnel): You must add all [Cloudflare IP-Ranges](https://www.cloudflare.com/ips/) to the WOPI allowlist.)</small>
+<small>*: For example, the reverse proxy has a public globally routable IP and connects to your AIO instance via Tailscale with an IP in the `100.64.0.0/10` range, or you are using a Cloudflare tunnel ([cloudflare notes](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel): You must add all [Cloudflare IP-Ranges](https://www.cloudflare.com/ips/) to the WOPI allowlist.)</small>
 
 #### External reverse proxies connecting via VPN (e.g. Tailscale)
 
@@ -1174,7 +1174,7 @@ If you, at some point, want to remove the reverse proxy, here are some general s
     sudo docker rm nextcloud-aio-mastercontainer  
     ```
 3. Remove the software and configuration file that you used for the reverse proxy (see section 1).
-4. Restart the mastercontainer with the [docker run command from the main readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) but add the two options:
+4. Restart the mastercontainer with the [docker run command from the main readme](https://github.com/nextcloud/all-in-one#how-to-use-this) but add the two options:
    ```
    --env APACHE_IP_BINDING=0.0.0.0 \
    --env APACHE_PORT=443 \   

From 1fff416829cf2f139c0b7203d6a3bdfe3a52b692 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Nov 2025 04:15:21 +0000
Subject: [PATCH 372/524] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 29.0.2-cli to 29.0.4-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 29.0.4-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index dae14ea5..65dc31e6 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.0.2-cli AS docker
+FROM docker:29.0.4-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From 1d6a1ffb17c83c24e360c0873e00bc19697334c2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 25 Nov 2025 13:23:22 +0100
Subject: [PATCH 373/524] add notifications community container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../notifications/notifications.json          | 23 +++++++++++++++++++
 community-containers/notifications/readme.md  | 12 ++++++++++
 community-containers/scrutiny/readme.md       |  2 +-
 community-containers/scrutiny/scrutiny.json   |  2 +-
 4 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 community-containers/notifications/notifications.json
 create mode 100644 community-containers/notifications/readme.md

diff --git a/community-containers/notifications/notifications.json b/community-containers/notifications/notifications.json
new file mode 100644
index 00000000..5d886ec9
--- /dev/null
+++ b/community-containers/notifications/notifications.json
@@ -0,0 +1,23 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-notifications",
+            "display_name": "Notifications",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/notifications",
+            "image": "ghcr.io/szaimen/aio-notifications",
+            "image_tag": "v1",
+            "internal_port": "10000",
+            "restart": "unless-stopped",
+            "volumes": [
+                {
+                  "source": "%WATCHTOWER_DOCKER_SOCKET_PATH%",
+                  "destination": "/var/run/docker.sock",
+                  "writeable": false
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/notifications/readme.md b/community-containers/notifications/readme.md
new file mode 100644
index 00000000..78ec49b6
--- /dev/null
+++ b/community-containers/notifications/readme.md
@@ -0,0 +1,12 @@
+## Notifications
+This container allows other AIO community containers to send admin notifications to Nextcloud users. 
+
+### Notes
+- It needs to be enabled for the [scrutiny container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/scrutiny) for example to make use of admin notifications that are sent if a smartctl failure was found.
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-notifications
+
+### Maintainer
+https://github.com/szaimen
diff --git a/community-containers/scrutiny/readme.md b/community-containers/scrutiny/readme.md
index dc972d44..3bb728f7 100644
--- a/community-containers/scrutiny/readme.md
+++ b/community-containers/scrutiny/readme.md
@@ -6,7 +6,7 @@ This container bundles Scrutiny which is a frontend for SMART stats and auto-con
 - ⚠️ This container mounts all devices from the host inside the container in order to be able to access the drives and smartctl stats which is a security issue. However no better solution was found for the time being.
 - This container only works on Linux and not on Docker-Desktop.
 - After adding and starting the container, you need to visit `http://internal.ip.of.server:8000` which will show the dashboard for your drives.
-- It currently does not support sending notifications as no good solution was found yet that makes this possible. See https://github.com/szaimen/aio-scrutiny/issues/3
+- It supports sending notifications in case of a smartctl failure if you enable the notifications community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/notifications
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository
diff --git a/community-containers/scrutiny/scrutiny.json b/community-containers/scrutiny/scrutiny.json
index 4b368291..b367e497 100644
--- a/community-containers/scrutiny/scrutiny.json
+++ b/community-containers/scrutiny/scrutiny.json
@@ -5,7 +5,7 @@
             "display_name": "Scrutiny",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/scrutiny",
             "image": "ghcr.io/szaimen/aio-scrutiny",
-            "image_tag": "v1",
+            "image_tag": "v2",
             "internal_port": "8000",
             "init": false,
             "restart": "unless-stopped",

From f3fbfae5353015ca392cbc1662cc874b40b058a9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 26 Nov 2025 04:15:59 +0000
Subject: [PATCH 374/524] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.4.1 to v1.4.2.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.4.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index cce2ed85..fe5d89f7 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.1
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.2
 
 USER root
 RUN set -ex; \

From 6a8d8d4479809364281fb5428ea26e3599df06a4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Nov 2025 10:30:41 +0100
Subject: [PATCH 375/524] add some notice regarding how to switch the channel

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 0ae3d618..e6cd4526 100644
--- a/readme.md
+++ b/readme.md
@@ -641,7 +641,7 @@ See [multiple-instances.md](./multiple-instances.md) for some documentation on t
 Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset <ip-address>` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable <name of user>`. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 
 ### How to switch the channel?
-You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa.
+You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa. ⚠️ In some rare occurences, you might need to run `docker pull ghcr.io/nextcloud-releases/all-in-one:latest` or `docker pull ghcr.io/nextcloud-releases/all-in-one:beta` first before being able to use the image.
 
 ### How to update the containers?
 If we push new containers to `latest`, you will see in the AIO interface below the `containers` section that new container updates were found. In this case, just press `Stop containers` and `Start and update containers` in order to update the containers. The mastercontainer has its own update procedure though. See below. And don't forget to back up the current state of your instance using the built-in backup solution before starting the containers again! Otherwise you won't be able to restore your instance easily if something should break during the update. 

From 50312bd2d9712a08479ee3ec866118d5cf67a89f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Nov 2025 10:53:29 +0100
Subject: [PATCH 376/524] fix typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index e6cd4526..c53f4d28 100644
--- a/readme.md
+++ b/readme.md
@@ -641,7 +641,7 @@ See [multiple-instances.md](./multiple-instances.md) for some documentation on t
 Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset <ip-address>` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable <name of user>`. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 
 ### How to switch the channel?
-You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa. ⚠️ In some rare occurences, you might need to run `docker pull ghcr.io/nextcloud-releases/all-in-one:latest` or `docker pull ghcr.io/nextcloud-releases/all-in-one:beta` first before being able to use the image.
+You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa. ⚠️ In some rare occurrences, you might need to run `docker pull ghcr.io/nextcloud-releases/all-in-one:latest` or `docker pull ghcr.io/nextcloud-releases/all-in-one:beta` first before being able to use the image.
 
 ### How to update the containers?
 If we push new containers to `latest`, you will see in the AIO interface below the `containers` section that new container updates were found. In this case, just press `Stop containers` and `Start and update containers` in order to update the containers. The mastercontainer has its own update procedure though. See below. And don't forget to back up the current state of your instance using the built-in backup solution before starting the containers again! Otherwise you won't be able to restore your instance easily if something should break during the update. 

From 10b61a5edea92eab87a4c7de1ca37172c0edd9a4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 19:28:53 +0100
Subject: [PATCH 377/524] add `"com.docker.compose.project" => "nextcloud-aio"`
 to all containers

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile  | 4 +++-
 compose.yaml                           | 1 +
 php/src/Docker/DockerActionManager.php | 3 ++-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index dae14ea5..a240fd4d 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -125,7 +125,9 @@ RUN set -ex; \
     mkdir /var/log/supervisord; \
     mkdir /var/run/supervisord;
 
-LABEL org.label-schema.vendor="Nextcloud"
+# hadolint ignore=DL3048
+LABEL org.label-schema.vendor="Nextcloud" \
+    com.docker.compose.project="nextcloud-aio"
 
 # hadolint ignore=DL3002
 USER root
diff --git a/compose.yaml b/compose.yaml
index e8966f4c..c18d92d3 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,3 +1,4 @@
+name: nextcloud-aio # Add the container to the same compose project like all the sibling containers are added to automatically.
 services:
   nextcloud-aio-mastercontainer:
     image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index a6f5d223..e22ab7f6 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -433,7 +433,8 @@ readonly class DockerActionManager {
 
         // All AIO-managed containers should not be updated externally via watchtower but gracefully by AIO's backup and update feature.
         // Also DIUN should not send update notifications. See https://crazymax.dev/diun/providers/docker/#docker-labels 
-        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud"];
+        // Additionally set a default org.label-schema.vendor and com.docker.compose.project
+        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"];
 
         // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589
         $requestBody['Hostname'] = $container->GetIdentifier();

From a48a1d66be90d29d67a98278096f2845d6b1641b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 23:21:50 +0100
Subject: [PATCH 378/524] update aio-caddy to v4 and add option for proxy
 protocol

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/caddy.json  | 3 ++-
 community-containers/caddy/readme.md   | 1 +
 php/src/Docker/DockerActionManager.php | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index f6143fbc..e27df683 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -5,7 +5,7 @@
             "display_name": "Caddy with geoblocking",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy",
             "image": "ghcr.io/szaimen/aio-caddy",
-            "image_tag": "v3",
+            "image_tag": "v4",
             "internal_port": "443",
             "restart": "unless-stopped",
             "ports": [
@@ -19,6 +19,7 @@
                 "TZ=%TIMEZONE%",
                 "NC_DOMAIN=%NC_DOMAIN%",
                 "APACHE_PORT=%APACHE_PORT%",
+                "APACHE_IP_BINDING=%APACHE_IP_BINDING%",
                 "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%"
             ],
             "volumes": [
diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 99bf133e..209b9c4a 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -6,6 +6,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `your-nc-domain.com`. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active.
 - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
+- The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variables for the mastercontainer and set it to an ip-address under which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation).
 - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
 - If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index a6f5d223..d19fd050 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -550,6 +550,7 @@ readonly class DockerActionManager {
             'SELECTED_RESTORE_TIME' => $this->configurationManager->GetSelectedRestoreTime(),
             'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(),
             'APACHE_PORT' => $this->configurationManager->GetApachePort(),
+            'APACHE_IP_BINDING' => $this->configurationManager->GetApacheIPBinding(),
             'TALK_PORT' => $this->configurationManager->GetTalkPort(),
             'TURN_DOMAIN' => $this->configurationManager->GetTurnDomain(),
             'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(),

From 4b782649fdcca71827782269cac81336086ea316 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 26 Nov 2025 12:03:58 +0000
Subject: [PATCH 379/524] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 83bc1ef1..12545ac3 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -160,7 +160,6 @@ services:
       - TALK_PORT
       - IMAGINARY_ENABLED
       - IMAGINARY_HOST=nextcloud-aio-imaginary
-      - CLAMAV_MAX_SIZE=${APACHE_MAX_SIZE}
       - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
       - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
       - FULLTEXTSEARCH_ENABLED
@@ -256,7 +255,7 @@ services:
       - "9980"
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache:23973
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
       - server_name=${NC_DOMAIN}

From 256a259ae6f048f6034cd176374e9a8c645c70ef Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Nov 2025 12:41:00 +0100
Subject: [PATCH 380/524] update private ip-ranges

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 reverse-proxy.md                   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 09d7d15c..0c03a973 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -741,7 +741,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
         echo "No IPv6 address found for $COLLABORA_HOST."
     fi
     if [ -n "$COLLABORA_ALLOW_LIST" ]; then
-        PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'
+        PRIVATE_IP_RANGES='127.0.0.0/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,100.64.0.0/10,fd00::/8,::1/128'
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
             COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
         fi
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 546b8b78..e0497c84 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1108,7 +1108,7 @@ Enter your domain in the AIO interface that you've used in the reverse proxy con
 ### 5. Optional: Configure AIO for reverse proxies that connect to nextcloud using an ip-address and not localhost nor 127.0.0.1
 If your reverse proxy connects to nextcloud using an ip-address and not localhost or 127.0.0.1<sup>*</sup> you must make the following configuration changes
 
-<small>*: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1`</small>
+<small>*: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.0/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,100.64.0.0/10,fd00::/8,::1/128`</small>
 
 #### Nextcloud trusted proxies
 Add the IP it uses connect to AIO to the Nextcloud trusted_proxies like this:

From b2c24c92e307441e945a657c88689ac0b0e9a16c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 26 Nov 2025 12:18:44 +0000
Subject: [PATCH 381/524] build(deps): bump shivammathur/setup-php in
 /.github/workflows

Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.5 to 2.36.0.
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](https://github.com/shivammathur/setup-php/compare/bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f...7bf05c6b704e0b9bfee22300130a31b5ea68d593)

---
updated-dependencies:
- dependency-name: shivammathur/setup-php
  dependency-version: 2.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 53707dec..5eefc5e1 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v6.0.0
-    - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
+    - uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
       with:
         php-version: 8.4
         extensions: apcu
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index bf449e1f..9c74167a 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -41,7 +41,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
+        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index 22ed9854..ac6aa187 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6.0.0
       - name: Set up php
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
+        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 49753535..91d41dfc 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v6.0.0
 
       - name: Set up php
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
+        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 21ecf1e6..8f7da955 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -37,7 +37,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up php
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
+        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index d8730987..1c453505 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v6.0.0
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
+        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
         with:
           php-version: 8.4
           extensions: apcu

From 4a8288a527f329cdf5e42141f3f913f64ac9c6bd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Nov 2025 20:44:09 +0100
Subject: [PATCH 382/524] fulltextsearch: disable memory locking

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 0a48b3ea..8afb68e9 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -794,7 +794,7 @@
       "environment": [
         "TZ=%TIMEZONE%",
         "ES_JAVA_OPTS=%FULLTEXTSEARCH_JAVA_OPTIONS%",
-        "bootstrap.memory_lock=true",
+        "bootstrap.memory_lock=false",
         "cluster.name=nextcloud-aio",
         "discovery.type=single-node",
         "logger.level=WARN",

From f080ed771d16e3bd196685d824a59ca36eb35b6c Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 28 Nov 2025 08:52:51 +0000
Subject: [PATCH 383/524] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                       | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml     | 8 ++++++--
 .../templates/nextcloud-aio-database-deployment.yaml      | 4 ++--
 .../nextcloud-aio-fulltextsearch-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml     | 6 ++----
 .../templates/nextcloud-aio-notify-push-deployment.yaml   | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml          | 2 +-
 .../nextcloud-aio-talk-recording-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml    | 2 +-
 14 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 0b10dd4d..7d6a0c55 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.11.0
+version: 12.1.4
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 3388c1d7..e6273a8b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-apache:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 35b30e41..662d68a0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-clamav:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 449a24fc..e91cfe56 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -32,10 +32,14 @@ spec:
             - name: dictionaries
               value: "{{ .Values.COLLABORA_DICTIONARIES }}"
             - name: extra_params
-              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
+              value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20251031_122139
+          {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20251128_084214
+          {{- else }}
+          image: ghcr.io/nextcloud-releases/aio-collabora:20251128_084214
+          {{- end }}
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 6f08b4a6..d65dfa78 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 49dc3d34..a3877029 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 4956ed71..c8ae83d9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 49f2bd53..2a925878 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
           command:
             - chmod
             - "777"
@@ -100,8 +100,6 @@ spec:
               value: "{{ .Values.CLAMAV_ENABLED }}"
             - name: CLAMAV_HOST
               value: nextcloud-aio-clamav
-            - name: CLAMAV_MAX_SIZE
-              value: "{{ .Values.APACHE_MAX_SIZE }}"
             - name: COLLABORA_ENABLED
               value: "{{ .Values.COLLABORA_ENABLED }}"
             - name: COLLABORA_HOST
@@ -188,7 +186,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251128_084214
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index b93283e7..5f16388a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index c30f6a0e..4e64f6c5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 2d5da82d..18ceee18 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-redis:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index b6f2e489..81f616fa 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-talk:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index e0902a0f..0319cce8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 28c05cab..35f29df7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251128_084214
           readinessProbe:
             exec:
               command:

From 6b3af009e252b37a13ebf2e2adca252b09159d30 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 28 Nov 2025 12:17:11 +0100
Subject: [PATCH 384/524] nextcloud: allow to configure mysql root cert

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/postgres.config.php | 8 ++++++++
 Containers/nextcloud/entrypoint.sh              | 4 ++++
 Containers/notify-push/start.sh                 | 7 +++++--
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/config/postgres.config.php b/Containers/nextcloud/config/postgres.config.php
index 38f980fe..acde7b82 100644
--- a/Containers/nextcloud/config/postgres.config.php
+++ b/Containers/nextcloud/config/postgres.config.php
@@ -7,3 +7,11 @@ if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES')) {
     ),
   );
 }
+if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL')) {
+  $CONFIG = array(
+    'dbdriveroptions' => array(
+      'PDO::MYSQL_ATTR_SSL_CA' => '/var/www/html/data/certificates/MYSQL',
+    ),
+  );
+}
+
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 09d7d15c..c0dfd803 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -283,6 +283,10 @@ EOF
             if [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" ]; then
                 mkdir /var/www/html/data/certificates
                 echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" > "/var/www/html/data/certificates/POSTGRES"
+            # Write out mysql root cert
+            elif [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL" ]; then
+                mkdir /var/www/html/data/certificates
+                echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL" > "/var/www/html/data/certificates/MYSQL"
             fi
 
             echo "Installing with $DATABASE_TYPE database"
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index 859c6309..9277bdaa 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -68,11 +68,14 @@ fi
 
 # Postgres root cert
 if [ -f "/nextcloud/data/certificates/POSTGRES" ]; then
-    POSTGRES_CERT="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/POSTGRES"
+    CERT_OPTIONS="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/POSTGRES"
+# Mysql root cert
+elif [ -f "/nextcloud/data/certificates/MYSQL" ]; then
+    CERT_OPTIONS="?sslmode=verify-ca&ssl-ca=/nextcloud/data/certificates/MYSQL"
 fi
 
 # Set sensitive values as env
-export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$POSTGRES_CERT"
+export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$CERT_OPTIONS"
 export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it

From 38838be0b19334e73274a8b8165dcaaefdd4eb7d Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 28 Nov 2025 12:03:24 +0000
Subject: [PATCH 385/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 97 ++++++++++++++++++++++++-----------------------
 1 file changed, 49 insertions(+), 48 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 6a33558f..fa856220 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -391,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v2.0.6",
+            "version": "v2.0.7",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "038ce42edee619599a1debb7e81d7b3759492819"
+                "reference": "cb291e4c998ac50637c7eeb58189c14f5de5b9dd"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/038ce42edee619599a1debb7e81d7b3759492819",
-                "reference": "038ce42edee619599a1debb7e81d7b3759492819",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/cb291e4c998ac50637c7eeb58189c14f5de5b9dd",
+                "reference": "cb291e4c998ac50637c7eeb58189c14f5de5b9dd",
                 "shasum": ""
             },
             "require": {
@@ -409,7 +409,7 @@
             "require-dev": {
                 "illuminate/support": "^10.0|^11.0|^12.0",
                 "nesbot/carbon": "^2.67|^3.0",
-                "pestphp/pest": "^2.36|^3.0",
+                "pestphp/pest": "^2.36|^3.0|^4.0",
                 "phpstan/phpstan": "^2.0",
                 "symfony/var-dumper": "^6.2.0|^7.0.0"
             },
@@ -448,7 +448,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2025-10-09T13:42:30+00:00"
+            "time": "2025-11-21T20:52:36+00:00"
         },
         {
             "name": "nikic/fast-route",
@@ -3455,16 +3455,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "5.6.4",
+            "version": "5.6.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "90a04bcbf03784066f16038e87e23a0a83cee3c2"
+                "reference": "90614c73d3800e187615e2dd236ad0e2a01bf761"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/90a04bcbf03784066f16038e87e23a0a83cee3c2",
-                "reference": "90a04bcbf03784066f16038e87e23a0a83cee3c2",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/90614c73d3800e187615e2dd236ad0e2a01bf761",
+                "reference": "90614c73d3800e187615e2dd236ad0e2a01bf761",
                 "shasum": ""
             },
             "require": {
@@ -3513,22 +3513,22 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.4"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.5"
             },
-            "time": "2025-11-17T21:13:10+00:00"
+            "time": "2025-11-27T19:50:05+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",
-            "version": "1.11.1",
+            "version": "1.12.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/TypeResolver.git",
-                "reference": "f626740b38009078de0dc8b2b9dc4e7f749c6eba"
+                "reference": "92a98ada2b93d9b201a613cb5a33584dde25f195"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/f626740b38009078de0dc8b2b9dc4e7f749c6eba",
-                "reference": "f626740b38009078de0dc8b2b9dc4e7f749c6eba",
+                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/92a98ada2b93d9b201a613cb5a33584dde25f195",
+                "reference": "92a98ada2b93d9b201a613cb5a33584dde25f195",
                 "shasum": ""
             },
             "require": {
@@ -3571,9 +3571,9 @@
             "description": "A PSR-5 based resolver of Class names, Types and Structural Element Names",
             "support": {
                 "issues": "https://github.com/phpDocumentor/TypeResolver/issues",
-                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.11.1"
+                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.12.0"
             },
-            "time": "2025-11-21T11:31:57+00:00"
+            "time": "2025-11-21T15:09:14+00:00"
         },
         {
             "name": "phpstan/phpdoc-parser",
@@ -3624,16 +3624,16 @@
         },
         {
             "name": "revolt/event-loop",
-            "version": "v1.0.7",
+            "version": "v1.0.8",
             "source": {
                 "type": "git",
                 "url": "https://github.com/revoltphp/event-loop.git",
-                "reference": "09bf1bf7f7f574453efe43044b06fafe12216eb3"
+                "reference": "b6fc06dce8e9b523c9946138fa5e62181934f91c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/revoltphp/event-loop/zipball/09bf1bf7f7f574453efe43044b06fafe12216eb3",
-                "reference": "09bf1bf7f7f574453efe43044b06fafe12216eb3",
+                "url": "https://api.github.com/repos/revoltphp/event-loop/zipball/b6fc06dce8e9b523c9946138fa5e62181934f91c",
+                "reference": "b6fc06dce8e9b523c9946138fa5e62181934f91c",
                 "shasum": ""
             },
             "require": {
@@ -3690,9 +3690,9 @@
             ],
             "support": {
                 "issues": "https://github.com/revoltphp/event-loop/issues",
-                "source": "https://github.com/revoltphp/event-loop/tree/v1.0.7"
+                "source": "https://github.com/revoltphp/event-loop/tree/v1.0.8"
             },
-            "time": "2025-01-25T19:27:39+00:00"
+            "time": "2025-08-27T21:33:23+00:00"
         },
         {
             "name": "sebastian/diff",
@@ -3763,16 +3763,16 @@
         },
         {
             "name": "spatie/array-to-xml",
-            "version": "3.4.1",
+            "version": "3.4.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/spatie/array-to-xml.git",
-                "reference": "6a740f39415aee8886aea10333403adc77d50791"
+                "reference": "7b9202dccfe18d4e3a13303156d6bbcc1c61dabf"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/6a740f39415aee8886aea10333403adc77d50791",
-                "reference": "6a740f39415aee8886aea10333403adc77d50791",
+                "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/7b9202dccfe18d4e3a13303156d6bbcc1c61dabf",
+                "reference": "7b9202dccfe18d4e3a13303156d6bbcc1c61dabf",
                 "shasum": ""
             },
             "require": {
@@ -3815,7 +3815,7 @@
                 "xml"
             ],
             "support": {
-                "source": "https://github.com/spatie/array-to-xml/tree/3.4.1"
+                "source": "https://github.com/spatie/array-to-xml/tree/3.4.3"
             },
             "funding": [
                 {
@@ -3827,7 +3827,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-11-12T10:32:50+00:00"
+            "time": "2025-11-27T09:08:26+00:00"
         },
         {
             "name": "sserbin/twig-linter",
@@ -3987,16 +3987,16 @@
         },
         {
             "name": "symfony/filesystem",
-            "version": "v7.3.6",
+            "version": "v7.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "e9bcfd7837928ab656276fe00464092cc9e1826a"
+                "reference": "d551b38811096d0be9c4691d406991b47c0c630a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/e9bcfd7837928ab656276fe00464092cc9e1826a",
-                "reference": "e9bcfd7837928ab656276fe00464092cc9e1826a",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/d551b38811096d0be9c4691d406991b47c0c630a",
+                "reference": "d551b38811096d0be9c4691d406991b47c0c630a",
                 "shasum": ""
             },
             "require": {
@@ -4005,7 +4005,7 @@
                 "symfony/polyfill-mbstring": "~1.8"
             },
             "require-dev": {
-                "symfony/process": "^6.4|^7.0"
+                "symfony/process": "^6.4|^7.0|^8.0"
             },
             "type": "library",
             "autoload": {
@@ -4033,7 +4033,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v7.3.6"
+                "source": "https://github.com/symfony/filesystem/tree/v7.4.0"
             },
             "funding": [
                 {
@@ -4053,7 +4053,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-11-05T09:52:27+00:00"
+            "time": "2025-11-27T13:27:24+00:00"
         },
         {
             "name": "symfony/finder",
@@ -4459,22 +4459,23 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.3.4",
+            "version": "v7.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "f96476035142921000338bad71e5247fbc138872"
+                "reference": "d50e862cb0a0e0886f73ca1f31b865efbb795003"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/f96476035142921000338bad71e5247fbc138872",
-                "reference": "f96476035142921000338bad71e5247fbc138872",
+                "url": "https://api.github.com/repos/symfony/string/zipball/d50e862cb0a0e0886f73ca1f31b865efbb795003",
+                "reference": "d50e862cb0a0e0886f73ca1f31b865efbb795003",
                 "shasum": ""
             },
             "require": {
                 "php": ">=8.2",
+                "symfony/deprecation-contracts": "^2.5|^3.0",
                 "symfony/polyfill-ctype": "~1.8",
-                "symfony/polyfill-intl-grapheme": "~1.0",
+                "symfony/polyfill-intl-grapheme": "~1.33",
                 "symfony/polyfill-intl-normalizer": "~1.0",
                 "symfony/polyfill-mbstring": "~1.0"
             },
@@ -4482,11 +4483,11 @@
                 "symfony/translation-contracts": "<2.5"
             },
             "require-dev": {
-                "symfony/emoji": "^7.1",
-                "symfony/http-client": "^6.4|^7.0",
-                "symfony/intl": "^6.4|^7.0",
+                "symfony/emoji": "^7.1|^8.0",
+                "symfony/http-client": "^6.4|^7.0|^8.0",
+                "symfony/intl": "^6.4|^7.0|^8.0",
                 "symfony/translation-contracts": "^2.5|^3.0",
-                "symfony/var-exporter": "^6.4|^7.0"
+                "symfony/var-exporter": "^6.4|^7.0|^8.0"
             },
             "type": "library",
             "autoload": {
@@ -4525,7 +4526,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.3.4"
+                "source": "https://github.com/symfony/string/tree/v7.4.0"
             },
             "funding": [
                 {
@@ -4545,7 +4546,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-09-11T14:36:48+00:00"
+            "time": "2025-11-27T13:27:24+00:00"
         },
         {
             "name": "vimeo/psalm",

From 8185c537323aeb88c4e9f34b54d192814c260900 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 28 Nov 2025 12:14:01 +0000
Subject: [PATCH 386/524] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 034ebba2..03663b85 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -86,7 +86,7 @@ RUN set -ex; \
     pecl install APCu-5.1.27; \
     pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.4.0; \
     pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.3.0; \
-   pecl install -o imagick-3.8.0; \
+   pecl install -o imagick-3.8.1; \
     \
     docker-php-ext-enable \
         igbinary \

From 190a9824e0acb9f4a6d02d96413e5ad56e840280 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 28 Nov 2025 17:05:56 +0100
Subject: [PATCH 387/524] address review

Co-authored-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index ed3d3bf9..ff33fbfd 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -185,7 +185,7 @@ readonly class DockerController {
 
         $config = $this->configurationManager->GetConfig();
         // set AIO_URL
-        $config['AIO_URL'] = $host . ':' . (string)$port . $path;
+        $config['AIO_URL'] = $host . ':' . strval($port) . $path;
         // set wasStartButtonClicked
         $config['wasStartButtonClicked'] = 1;
         // set install_latest_major

From 634e819ab15642400c916796356333feb92a352e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 28 Nov 2025 17:14:16 +0100
Subject: [PATCH 388/524] address review

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 53b97dcc..6fda338c 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -548,7 +548,7 @@
                                         {% if borg_remote_repo %}
                                             or the remote repo <strong>{{ borg_remote_repo }}</strong>
                                         {% endif %}
-                                        is wrong, you can reset it by clicking on the button below.
+                                        is wrong or if you want to reset the backup location due to other reasons, you can do so by clicking on the button below.
                                         </p>
                                         <form method="POST" action="api/configuration" class="xhr">
                                             <input type="hidden" name="delete_borg_backup_location_vars" value="yes"/>

From 411fe4cb531fdf08b24880941ae36a60f09bb7ab Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 28 Nov 2025 17:18:08 +0100
Subject: [PATCH 389/524] address review

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 209b9c4a..6cdcb452 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -6,7 +6,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `your-nc-domain.com`. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active.
 - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
-- The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variables for the mastercontainer and set it to an ip-address under which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation).
+- The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variable for the mastercontainer and set it to an ip-address from which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation).
 - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
 - If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.

From c6e7d61a9eb0e36e4c7cd8680e86db8b562f7c01 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sat, 29 Nov 2025 16:40:43 +0100
Subject: [PATCH 390/524] Add cute animal to bug report template

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index d3228dfa..ec25fc4a 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -33,3 +33,5 @@ labels: 0. Needs triage
 #### Output of `sudo docker logs nextcloud-aio-mastercontainer`
 
 #### Other valuable info <!--- (like additional logs, screenshots & Co.) -->
+
+#### A picture of a cute animal <!--- (not mandatory but encouraged) -->

From b4ec51f99e916dbc172b19a5c8473d70e71294f8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Dec 2025 04:36:14 +0000
Subject: [PATCH 391/524] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.7.1.1 to 25.04.7.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.7.3.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 10f068ea..071d0751 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.7.1.1
+FROM collabora/code:25.04.7.3.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From cc41c3465ed5091efaf576ec563fa9ae96d2384a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 1 Dec 2025 12:50:44 +0100
Subject: [PATCH 392/524] mastercontainer: refactor docker api version check

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 65 +++++++++++++++++++----------
 1 file changed, 42 insertions(+), 23 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 77c4675e..4ca193be 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -75,18 +75,15 @@ elif ! sudo -E -u www-data test -r /var/run/docker.sock; then
     fi
 fi
 
-# Check if api version is supported
-if ! sudo -E -u www-data docker info &>/dev/null; then
-    print_red "Cannot connect to the docker socket. Cannot proceed."
-    echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
-    echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
-    echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
+# Get default docker api version
+API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
+API_VERSION="$(grep -oP 'const string API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)"
+if [ -z "$API_VERSION" ]; then
+    print_red "Could not get API_VERSION. Something is wrong!"
     exit 1
 fi
 
-# Docker api version check
-API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
-API_VERSION="$(grep -oP 'const string API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)"
+# Check if DOCKER_API_VERSION is set globally
 if [ -n "$DOCKER_API_VERSION" ]; then
     if ! echo "$DOCKER_API_VERSION" | grep -q '^[0-9].[0-9]\+$'; then
         print_red "You've set DOCKER_API_VERSION but not to an allowed value.
@@ -98,23 +95,45 @@ It is set to '$DOCKER_API_VERSION'."
     print_red "Please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO."
     print_red "So you run on your own risk and things might break without warning."
 else
-    # shellcheck disable=SC2001
-    API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
-    LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
-    if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
-        if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
-            print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
-            echo "Alternatively, set the DOCKER_API_VERSION environmental variable to a compatible version."
-            echo "However please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO."
-            echo "See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version"
-            exit 1
-        fi
-    else
-        echo "LOCAL_API_VERSION_NUMB or API_VERSION_NUMB are not set correctly. Cannot check if the API version is supported."
-        sleep 10
+    # Export docker api version to use it everywhere
+    export DOCKER_API_VERSION="$API_VERSION"
+fi
+
+# Set a fallback docker api version. Needed for api version check. 
+# The check will not work otherwise on old docker versions
+FALLBACK_DOCKER_API_VERSION="1.41"
+
+# Check if docker info can be used
+if ! sudo -E -u www-data docker info &>/dev/null; then
+    if ! sudo -E -u www-data DOCKER_API_VERSION="$FALLBACK_DOCKER_API_VERSION" docker info &>/dev/null; then
+        print_red "Cannot connect to the docker socket. Cannot proceed."
+        echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
+        echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
+        echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
+        exit 1
     fi
 fi
 
+# Docker api version check
+# shellcheck disable=SC2001
+API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
+LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
+if [ -z "$LOCAL_API_VERSION_NUMB" ]; then
+    LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data DOCKER_API_VERSION="$FALLBACK_DOCKER_API_VERSION" docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
+fi
+if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
+    if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
+        print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
+        echo "Alternatively, set the DOCKER_API_VERSION environmental variable to a compatible version."
+        echo "However please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO."
+        echo "See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version"
+        exit 1
+    fi
+else
+    echo "LOCAL_API_VERSION_NUMB or API_VERSION_NUMB are not set correctly. Cannot check if the API version is supported."
+    sleep 10
+fi
+
 # Check Storage drivers
 STORAGE_DRIVER="$(sudo -E -u www-data docker info | grep "Storage Driver")"
 # Check if vfs is used: https://github.com/nextcloud/all-in-one/discussions/1467

From 2663ffeee5c7a27ca8f2625a6af0bc0bd5fed917 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 1 Dec 2025 12:03:40 +0000
Subject: [PATCH 393/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index fa856220..2fbf905c 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1644,16 +1644,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.22.0",
+            "version": "v3.22.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "4509984193026de413baf4ba80f68590a7f2c51d"
+                "reference": "1de2ec1fc43ab58a4b7e80b214b96bfc895750f3"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/4509984193026de413baf4ba80f68590a7f2c51d",
-                "reference": "4509984193026de413baf4ba80f68590a7f2c51d",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/1de2ec1fc43ab58a4b7e80b214b96bfc895750f3",
+                "reference": "1de2ec1fc43ab58a4b7e80b214b96bfc895750f3",
                 "shasum": ""
             },
             "require": {
@@ -1707,7 +1707,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.22.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.22.1"
             },
             "funding": [
                 {
@@ -1719,7 +1719,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-10-29T15:56:47+00:00"
+            "time": "2025-11-16T16:01:12+00:00"
         }
     ],
     "packages-dev": [

From 57306c8cae44959dad8439d1153aa13fdd14b930 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 1 Dec 2025 17:00:27 +0100
Subject: [PATCH 394/524] refactor `backup-mode` handling

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/index.php                    |  2 +-
 php/src/Controller/DockerController.php | 24 +++++++-----------------
 php/src/Data/ConfigurationManager.php   | 15 ++++++---------
 3 files changed, 14 insertions(+), 27 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 46967c72..c49629bd 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -104,7 +104,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(),
         'backup_exit_code' => $dockerActionManger->GetBackupcontainerExitCode(),
         'is_instance_restore_attempt' => $configurationManager->isInstanceRestoreAttempt(),
-        'borg_backup_mode' => $configurationManager->GetBorgBackupMode(),
+        'borg_backup_mode' => $configurationManager->GetBackupMode(),
         'was_start_button_clicked' => $configurationManager->wasStartButtonClicked(),
         'has_update_available' => $dockerActionManger->isAnyUpdateAvailable(),
         'last_backup_time' => $configurationManager->GetLastBackupTime(),
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 6626e3e4..7402bfd1 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -89,9 +89,7 @@ readonly class DockerController {
     }
 
     public function startBackup(bool $forceStopNextcloud = false) : void {
-        $config = $this->configurationManager->GetConfig();
-        $config['backup-mode'] = 'backup';
-        $this->configurationManager->WriteConfig($config);
+        $this->configurationManager->SetBackupMode('backup');
 
         $id = self::TOP_CONTAINER;
         $this->PerformRecursiveContainerStop($id, $forceStopNextcloud);
@@ -111,26 +109,22 @@ readonly class DockerController {
     }
 
     public function checkBackup() : void {
-        $config = $this->configurationManager->GetConfig();
-        $config['backup-mode'] = 'check';
-        $this->configurationManager->WriteConfig($config);
+        $this->configurationManager->SetBackupMode('check');
 
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
     }
 
         private function listBackup() : void {
-        $config = $this->configurationManager->GetConfig();
-        $config['backup-mode'] = 'list';
-        $this->configurationManager->WriteConfig($config);
+        $this->configurationManager->SetBackupMode('list');
 
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
     }
 
     public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response {
+        $this->configurationManager->SetBackupMode('restore');
         $config = $this->configurationManager->GetConfig();
-        $config['backup-mode'] = 'restore';
         $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? '';
         if (isset($request->getParsedBody()['restore-exclude-previews'])) {
             $config['restore-exclude-previews'] = 1;
@@ -150,24 +144,20 @@ readonly class DockerController {
     }
 
     public function StartBackupContainerCheckRepair(Request $request, Response $response, array $args) : Response {
-        $config = $this->configurationManager->GetConfig();
-        $config['backup-mode'] = 'check-repair';
-        $this->configurationManager->WriteConfig($config);
+        $this->configurationManager->SetBackupMode('check-repair');
 
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
 
         // Restore to backup check which is needed to make the UI logic work correctly
-        $config = $this->configurationManager->GetConfig();
-        $config['backup-mode'] = 'check';
-        $this->configurationManager->WriteConfig($config);
+        $this->configurationManager->SetBackupMode('check');
 
         return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response {
+        $this->configurationManager->SetBackupMode('test');
         $config = $this->configurationManager->GetConfig();
-        $config['backup-mode'] = 'test';
         $config['instance_restore_attempt'] = 0;
         $this->configurationManager->WriteConfig($config);
 
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 0b0a034d..c8d16c7d 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -423,6 +423,12 @@ class ConfigurationManager
         return $config['backup-mode'];
     }
 
+    public function SetBackupMode(string $mode) : void {
+        $config = $this->GetConfig();
+        $config['backup-mode'] = $mode;
+        $this->WriteConfig($config);
+    }
+
     public function GetSelectedRestoreTime() : string {
         $config = $this->GetConfig();
         if(!isset($config['selected-restore-time'])) {
@@ -664,15 +670,6 @@ class ConfigurationManager
         return false;
     }
 
-    public function GetBorgBackupMode() : string {
-        $config = $this->GetConfig();
-        if(!isset($config['backup-mode'])) {
-            $config['backup-mode'] = '';
-        }
-
-        return $config['backup-mode'];
-    }
-
     public function GetNextcloudMount() : string {
         $envVariableName = 'NEXTCLOUD_MOUNT';
         $configName = 'nextcloud_mount';

From 1cdc4e3beffd18e6fa58a48d0093a6d83c60f098 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 2 Dec 2025 04:33:44 +0000
Subject: [PATCH 395/524] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.9-alpine to 3.3.0-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.3.0-alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index ccc283f9..ed2e9e2d 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.9-alpine
+FROM haproxy:3.3.0-alpine
 
 # hadolint ignore=DL3002
 USER root

From ae132c8d396c9532d297b28148d6b4f8a7ac755f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 2 Dec 2025 04:34:06 +0000
Subject: [PATCH 396/524] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 29.0.4-cli to 29.1.1-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 29.1.1-cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 9c50af3f..f6ecd08e 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.0.4-cli AS docker
+FROM docker:29.1.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From d44d077a632c7744aa215f733ec24d452c71c082 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 2 Dec 2025 12:11:02 +0100
Subject: [PATCH 397/524] update oo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index be1d580f..c2b94d8c 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:9.1.0.1
+FROM onlyoffice/documentserver:9.2.0.1
 
 # USER root is probably used
 

From a842cbb82a508e6d0d2477d1720c42320035d607 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 2 Dec 2025 12:12:40 +0100
Subject: [PATCH 398/524] increase to 12.2.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index eac34445..2b381c90 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.1.4</h1>
+            <h1>Nextcloud AIO v12.2.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 83de5260511dcfabc32cafaa576aa1fe611b0c56 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 2 Dec 2025 12:42:13 +0100
Subject: [PATCH 399/524] adjust DeleteBorgBackupLocationVars to also delete
 the borg.config file

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/ConfigurationController.php |  2 +-
 php/src/Data/ConfigurationManager.php          | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 051f8d9e..45586f9c 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -159,7 +159,7 @@ readonly class ConfigurationController {
             }
 
             if (isset($request->getParsedBody()['delete_borg_backup_location_vars'])) {
-                $this->configurationManager->DeleteBorgBackupLocationVars();
+                $this->configurationManager->DeleteBorgBackupLocationItems();
             }
 
             return $response->withStatus(201)->withHeader('Location', '.');
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 253b1371..e9982eb3 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -506,11 +506,19 @@ class ConfigurationManager
         }
     }
 
-    public function DeleteBorgBackupLocationVars() : void {
+    public function DeleteBorgBackupLocationItems() : void {
+        // Delete the variables
         $config = $this->GetConfig();
         $config['borg_backup_host_location'] = '';
         $config['borg_remote_repo'] = '';
         $this->WriteConfig($config);
+
+        // Also delete the borg config file to be able to start over
+        if (file_exists(DataConst::GetBackupKeyFile())) {
+            if (unlink(DataConst::GetBackupKeyFile())) {
+                error_log('borg.config file deleted to be able to start over.');
+            }
+        }
     }
 
     /**

From 095d3d9cc004b702486048e348abbb57594dc5d7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 2 Dec 2025 15:51:53 +0100
Subject: [PATCH 400/524] aio-smbserver: now compatible with arm64 as well

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/smbserver/readme.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/community-containers/smbserver/readme.md b/community-containers/smbserver/readme.md
index 9886f4b2..20d90c9f 100644
--- a/community-containers/smbserver/readme.md
+++ b/community-containers/smbserver/readme.md
@@ -3,7 +3,6 @@ This container bundles an SMB-server and allows to configure it via a graphical
 
 ### Notes
 - This container should only be run in home networks
-- This container currently only works on amd64. See https://github.com/szaimen/aio-smbserver/issues/3
 - After adding and starting the container, you need to visit `https://internal.ip.of.server:5803` in order to log in with the `smbserver` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). Then type in `bash /smbserver.sh` and you will see a graphical UI for configuring the smb-server interactively.
 - The config data of SMB-server will be automatically included in AIOs backup solution!
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

From 7634a3887f1c1b7bcc7ddd8b83e9b82dceb9c024 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Dec 2025 04:12:39 +0000
Subject: [PATCH 401/524] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.7 to 8.19.8.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 8c46ed97..6e739095 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.7
+FROM elasticsearch:8.19.8
 
 USER root
 

From 0c0f956ea221f34cb785023da648714fb0633a46 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Dec 2025 04:12:43 +0000
Subject: [PATCH 402/524] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.25.4-alpine3.22 to 1.25.5-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.5-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 7e477820..ea0a70de 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.4-alpine3.22 AS go
+FROM golang:1.25.5-alpine3.22 AS go
 
 ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 

From d72181f754f31c4e459cbe06efbe23b348074b24 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Dec 2025 04:13:40 +0000
Subject: [PATCH 403/524] build(deps): bump golang in /Containers/watchtower

Bumps golang from 1.25.4-alpine3.22 to 1.25.5-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.5-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 602d2106..d2db5ae3 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.4-alpine3.22 AS go
+FROM golang:1.25.5-alpine3.22 AS go
 
 ENV WATCHTOWER_COMMIT_HASH=6c5a1b0bea65cea1d4cc1de5196789a01617957a	
 

From edba082dcecc4b5e6a641093dfc6babeda61f9bc Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 3 Dec 2025 09:26:18 +0100
Subject: [PATCH 404/524] improve detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 6cdcb452..a8baf9ea 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -3,7 +3,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
-- Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
+- Make sure that no other service is using port 443/tcp on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `your-nc-domain.com`. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active.
 - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
 - The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variable for the mastercontainer and set it to an ip-address from which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation).

From 832d9b5ae6776854373883d3b2182bc62e282a4b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Dec 2025 12:21:58 +0000
Subject: [PATCH 405/524] build(deps): bump actions/checkout in
 /.github/workflows

Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v6...v6.0.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codespell.yml                | 2 +-
 .github/workflows/collabora.yml                | 2 +-
 .github/workflows/community-containers.yml     | 2 +-
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/docker-lint.yml              | 2 +-
 .github/workflows/helm-release.yml             | 2 +-
 .github/workflows/imaginary-update.yml         | 2 +-
 .github/workflows/json-validator.yml           | 2 +-
 .github/workflows/lint-helm.yml                | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/nextcloud-update.yml         | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/playwright.yml               | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/shellcheck.yml               | 2 +-
 .github/workflows/talk.yml                     | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 .github/workflows/update-copyright.yml         | 2 +-
 .github/workflows/update-helm.yml              | 2 +-
 .github/workflows/update-yaml.yml              | 2 +-
 .github/workflows/watchtower-update.yml        | 2 +-
 22 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index c1bc4889..2bd4823a 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
       - name: Check spelling
         uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2
         with:
diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index b39ca29b..816f57bf 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -10,7 +10,7 @@ jobs:
     name: update collabora
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.0
+    - uses: actions/checkout@v6.0.1
     - name: Run collabora-profile-update
       run: |
         rm -f php/cool-seccomp-profile.json
diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml
index cd3a9530..7446677f 100644
--- a/.github/workflows/community-containers.yml
+++ b/.github/workflows/community-containers.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
       - name: Validate structure
         run: |
           CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 5eefc5e1..12a11f1f 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -10,7 +10,7 @@ jobs:
     name: Run dependency update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.0
+    - uses: actions/checkout@v6.0.1
     - uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
       with:
         php-version: 8.4
diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index 0efebdbb..917df1d6 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
 
       - name: Install hadolint
         run: |
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 1b083b64..b4c32778 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
 
       - name: Turnstyle
         uses: softprops/turnstyle@2e4451ef94c5969eee533c487092052d4d1a53af # v2
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 883ea66c..8b624e39 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update to latest imaginary commit on master branch
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.0
+    - uses: actions/checkout@v6.0.1
     - name: Run imaginary-update
       run: |
         # Imaginary
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index d406e011..4cbd28ed 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
       - name: Validate Json
         run: |
           sudo apt-get update
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 1f7f2e72..7beec865 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 9c74167a..0c5e2c74 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5 # v5.0.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index eb083eed..d90d57e1 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -11,7 +11,7 @@ jobs:
     name: Run nextcloud-update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.0
+    - uses: actions/checkout@v6.0.1
     - name: Run nextcloud-update script
       run: |
         # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index ac6aa187..c8638683 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -16,7 +16,7 @@ jobs:
     name: PHP Deprecation Detector
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6.0.0
+      - uses: actions/checkout@v6.0.1
       - name: Set up php
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
         with:
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index df791fe6..3919690b 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6.0.0
+      - uses: actions/checkout@v6.0.1
 
       - uses: actions/setup-node@v6
         with:
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 91d41dfc..99ba4e32 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6.0.0
+      - uses: actions/checkout@v6.0.1
 
       - name: Set up php
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 8f7da955..bdae585e 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -32,7 +32,7 @@ jobs:
     name: static-psalm-analysis
     steps:
       - name: Checkout
-        uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5 # v5.0.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 2c0fd697..86954033 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -15,7 +15,7 @@ jobs:
     name: Check Shell
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.0
+    - uses: actions/checkout@v6.0.1
     - name: Run Shellcheck
       uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
       with:
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index 9636502b..689e7e7e 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -10,7 +10,7 @@ jobs:
     name: update talk
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.0
+    - uses: actions/checkout@v6.0.1
     - name: Run talk-container-update
       run: |
         # Recording
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 1c453505..7e9b5cdc 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
 
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml
index 353e5e9d..f7960ead 100644
--- a/.github/workflows/update-copyright.yml
+++ b/.github/workflows/update-copyright.yml
@@ -8,4 +8,4 @@ jobs:
     name: update copyright
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6.0.0
+      - uses: actions/checkout@v6.0.1
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index c1452355..06555a90 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
       - name: update helm chart
         run: |
           set -x
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index a19f34aa..9d9affce 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
       - name: update yaml files
         run: |
           sudo bash manual-install/update-yaml.sh
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 9f126eb4..69b1b14e 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update watchtower
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.0
+    - uses: actions/checkout@v6.0.1
     - name: Run watchtower-container-update
       run: |
         # Watchtower

From 0db006605aabd912e2a506419a1456eb370ffb35 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 3 Dec 2025 14:29:55 +0100
Subject: [PATCH 406/524] fix spacing

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 904af4a1..ef0d0702 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -115,7 +115,7 @@ readonly class DockerController {
         $this->PerformRecursiveContainerStart($id);
     }
 
-        private function listBackup() : void {
+    private function listBackup() : void {
         $this->configurationManager->SetBackupMode('list');
 
         $id = 'nextcloud-aio-borgbackup';

From 22a784a3dea08775ab63639fe6ca24d06dc8ac49 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 17 Mar 2025 12:06:08 +0100
Subject: [PATCH 407/524] add workflow to lint github actions

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/lint-yaml.yml | 39 +++++++++++++++++++++++++++++++++
 zizmor.yml                      |  3 +++
 2 files changed, 42 insertions(+)
 create mode 100644 .github/workflows/lint-yaml.yml
 create mode 100644 zizmor.yml

diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
new file mode 100644
index 00000000..658d8b52
--- /dev/null
+++ b/.github/workflows/lint-yaml.yml
@@ -0,0 +1,39 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+#
+# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+
+name: Lint YAML
+
+on: pull_request
+
+permissions:
+  contents: read
+
+jobs:
+  yaml-lint:
+    runs-on: ubuntu-latest
+
+    name: yaml
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: GitHub action templates lint
+        uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1
+        with:
+          file_or_dir: .github/workflows
+          config_data: |
+            line-length: warning
+
+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1
+
+      - name: Check GitHub actions
+        run: uvx zizmor --min-severity medium .github/workflows/*.yml
diff --git a/zizmor.yml b/zizmor.yml
new file mode 100644
index 00000000..ee110b08
--- /dev/null
+++ b/zizmor.yml
@@ -0,0 +1,3 @@
+rules:
+  excessive-permissions:
+    disable: true

From d6e0d8b87d8b323d7dca477c0a503ef0d610e956 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 3 Dec 2025 18:29:22 +0100
Subject: [PATCH 408/524] run yaml lint only if yml files were changes

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/lint-yaml.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index 658d8b52..c88f697e 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -8,7 +8,10 @@
 
 name: Lint YAML
 
-on: pull_request
+on: 
+  pull_request:
+    paths:
+      - '**.yml'
 
 permissions:
   contents: read

From 86f8f71548a258a63538dc35d1b237a23ba6a211 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Dec 2025 04:13:06 +0000
Subject: [PATCH 409/524] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.14.0-alpine3.22 to 3.14.1-alpine3.22.

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.14.1-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index cc58aa43..cfc1f952 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.14.0-alpine3.22
+FROM python:3.14.1-alpine3.22
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 7d46e12df70052591d6a9bab47ece0cd97da319f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 4 Dec 2025 13:08:03 +0100
Subject: [PATCH 410/524] exchange strval with string cast

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index ef0d0702..27a06bc8 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -189,7 +189,7 @@ readonly class DockerController {
 
         $config = $this->configurationManager->GetConfig();
         // set AIO_URL
-        $config['AIO_URL'] = $host . ':' . strval($port) . $path;
+        $config['AIO_URL'] = $host . ':' . (string)$port . $path;
         // set wasStartButtonClicked
         $config['wasStartButtonClicked'] = 1;
         // set install_latest_major

From 911cdef763350d64661459b33da3a06563ce2b7f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Dec 2025 12:18:56 +0000
Subject: [PATCH 411/524] build(deps): bump astral-sh/setup-uv in
 /.github/workflows

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 5.3.1 to 7.1.4.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/f94ec6bedd8674c4426838e6b50417d36b6ab231...1e862dfacbd1d6d858c55d9b792c756523627244)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 7.1.4
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-yaml.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index c88f697e..a911f5ad 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -36,7 +36,7 @@ jobs:
             line-length: warning
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1
+        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
 
       - name: Check GitHub actions
         run: uvx zizmor --min-severity medium .github/workflows/*.yml

From 0a23880281bcbd0bc59f50ce6c1efbe3e458c5a2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Dec 2025 12:19:16 +0000
Subject: [PATCH 412/524] build(deps): bump actions/checkout in
 /.github/workflows

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v4.2.2...v6.0.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-yaml.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index c88f697e..b3d2f0d8 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
 

From 9d08ce1ce51a38e96a3842539ac91df3ce9b7487 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 4 Dec 2025 16:14:31 +0100
Subject: [PATCH 413/524] readme: add section on how to limit the resource
 usage of AIO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/readme.md b/readme.md
index f6b4f9e2..acc12d95 100644
--- a/readme.md
+++ b/readme.md
@@ -217,6 +217,7 @@ https://your-domain-that-points-to-this-server.tld:8443
     - [How to adjust the internally used docker api version?](#how-to-adjust-the-internally-used-docker-api-version)
     - [How to change the default location of Nextcloud's Datadir?](#how-to-change-the-default-location-of-nextclouds-datadir)
     - [How to store the files/installation on a separate drive?](#how-to-store-the-filesinstallation-on-a-separate-drive)
+    - [How to limit the resource usage of AIO?](#how-to-limit-the-resource-usage-of-aio)
     - [How to allow the Nextcloud container to access directories on the host?](#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host)
     - [How to adjust the Talk port?](#how-to-adjust-the-talk-port)
     - [How to adjust the upload limit for Nextcloud?](#how-to-adjust-the-upload-limit-for-nextcloud)
@@ -465,6 +466,9 @@ You can move the whole docker library and all its files including all Nextcloud
 
 This should solve the problem.
 
+### How to limit the resource usage of AIO?
+In some cases, you might want to limit the overall resource usage of AIO. You can do so by following [this documentation](https://github.com/nextcloud/all-in-one/discussions/7273).
+
 ### How to allow the Nextcloud container to access directories on the host?
 By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`.
 

From bd45cb4544e3007d028ed9986756ffcb2fa83c63 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 4 Dec 2025 16:18:28 +0100
Subject: [PATCH 414/524] add additional hint

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index acc12d95..fc46b3fb 100644
--- a/readme.md
+++ b/readme.md
@@ -467,7 +467,7 @@ You can move the whole docker library and all its files including all Nextcloud
 This should solve the problem.
 
 ### How to limit the resource usage of AIO?
-In some cases, you might want to limit the overall resource usage of AIO. You can do so by following [this documentation](https://github.com/nextcloud/all-in-one/discussions/7273).
+In some cases, you might want to limit the overall resource usage of AIO. You can do so by following [this documentation](https://github.com/nextcloud/all-in-one/discussions/7273). Another possibility is to use the [manual installation](./manual-install/).
 
 ### How to allow the Nextcloud container to access directories on the host?
 By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`.

From b80bc2640dba54b8121957f25a97ca2ee976d06c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 4 Dec 2025 16:19:30 +0100
Subject: [PATCH 415/524] fix mentioning of docker.io

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 manual-install/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/readme.md b/manual-install/readme.md
index 874a5b4b..ea2c2978 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -6,7 +6,7 @@ You can run the containers that are build for AIO with docker-compose. This come
 - You can run it without a container having access to the docker socket
 - You can modify all values on your own
 - You can run the containers with docker swarm
-- You can run this in environments where access to docker.io is not possible. See [this issue](https://github.com/nextcloud/all-in-one/discussions/5268).
+- You can run this in environments where access to ghcr.io is not possible. See [this issue](https://github.com/nextcloud/all-in-one/discussions/5268).
 
 ### Disadvantages
 - You lose the AIO interface

From 57efcd852da78180671212e166adf602e2d6fbab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 5 Dec 2025 04:12:33 +0000
Subject: [PATCH 416/524] build(deps): bump httpd in /Containers/apache

Bumps httpd from 2.4.65-alpine3.22 to 2.4.66-alpine3.22.

---
updated-dependencies:
- dependency-name: httpd
  dependency-version: 2.4.66-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index d9602864..c844c364 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -2,7 +2,7 @@
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.65-alpine3.22
+FROM httpd:2.4.66-alpine3.22
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 

From 238117ac47d879a3d51814d8919acc346da6a1e9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 8 Dec 2025 09:45:09 +0100
Subject: [PATCH 417/524] mastercontainer: fix docker api version check if
 DOCKER_API_VERSION was set globally

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 4ca193be..1002ef84 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -116,14 +116,14 @@ fi
 
 # Docker api version check
 # shellcheck disable=SC2001
-API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
+API_VERSION_NUMB="$(echo "$DOCKER_API_VERSION" | sed 's/\.//')"
 LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
 if [ -z "$LOCAL_API_VERSION_NUMB" ]; then
     LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data DOCKER_API_VERSION="$FALLBACK_DOCKER_API_VERSION" docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
 fi
 if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
     if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
-        print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
+        print_red "Docker API v$DOCKER_API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
         echo "Alternatively, set the DOCKER_API_VERSION environmental variable to a compatible version."
         echo "However please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO."
         echo "See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version"

From a9d462489c5fa7f568e8ced174177d565662430e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 8 Dec 2025 10:03:53 +0100
Subject: [PATCH 418/524] increase to 12.2.1

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2b381c90..2432ab13 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.2.0</h1>
+            <h1>Nextcloud AIO v12.2.1</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 19ad65966b24c93709dc521444b1783d7d0a7b22 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Dec 2025 12:16:55 +0000
Subject: [PATCH 419/524] build(deps): bump peter-evans/create-pull-request in
 /.github/workflows

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.9 to 7.0.11.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/84ae59a2cdc2258d6fa0732dd66352dddae2a412...22a9089034f40e5a961c8808d113e2c98fb63676)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 7.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/collabora.yml             | 2 +-
 .github/workflows/dependency-updates.yml    | 2 +-
 .github/workflows/imaginary-update.yml      | 2 +-
 .github/workflows/nextcloud-update.yml      | 2 +-
 .github/workflows/psalm-update-baseline.yml | 2 +-
 .github/workflows/talk.yml                  | 2 +-
 .github/workflows/update-helm.yml           | 2 +-
 .github/workflows/update-yaml.yml           | 2 +-
 .github/workflows/watchtower-update.yml     | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index 816f57bf..37e974f7 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -18,7 +18,7 @@ jobs:
         mv cool-seccomp-profile.json php/
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: collabora-seccomp-update automated change
         signoff: true
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 12a11f1f..1b448139 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -44,7 +44,7 @@ jobs:
         )"
         sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: php dependency updates
         signoff: true
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 8b624e39..060b376e 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -22,7 +22,7 @@ jobs:
         sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: imaginary-update automated change
         signoff: true
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index d90d57e1..7fe5bbf9 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -79,7 +79,7 @@ jobs:
         fi
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: nextcloud-update automated change
         signoff: true
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 99ba4e32..1bd47ac4 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -30,7 +30,7 @@ jobs:
         continue-on-error: true
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           commit-message: Update psalm baseline
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index 689e7e7e..f28ad9f2 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -45,7 +45,7 @@ jobs:
         sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: talk-update automated change
         signoff: true
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 06555a90..ee8e4669 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -23,7 +23,7 @@ jobs:
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
         with:
           commit-message: Helm Chart updates
           signoff: true
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index 9d9affce..ba92fd50 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -16,7 +16,7 @@ jobs:
         run: |
           sudo bash manual-install/update-yaml.sh
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
         with:
           commit-message: Yaml updates
           signoff: true
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 69b1b14e..be929285 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -26,7 +26,7 @@ jobs:
         sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_version|" ./Containers/watchtower/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: watchtower-update automated change
         signoff: true

From f5fbc591565d1a3538791d03463653d5d220d425 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Dec 2025 12:16:59 +0000
Subject: [PATCH 420/524] build(deps): bump astral-sh/setup-uv in
 /.github/workflows

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.1.4 to 7.1.5.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/1e862dfacbd1d6d858c55d9b792c756523627244...ed21f2f24f8dd64503750218de024bcf64c7250a)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 7.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-yaml.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index b91d8c63..542f38b8 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -36,7 +36,7 @@ jobs:
             line-length: warning
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
 
       - name: Check GitHub actions
         run: uvx zizmor --min-severity medium .github/workflows/*.yml

From 02b095040bd76c7f445fb2d197cef57da3478d76 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Dec 2025 12:17:02 +0000
Subject: [PATCH 421/524] build(deps): bump softprops/turnstyle in
 /.github/workflows

Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 3.2.1 to 3.2.2.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/2e4451ef94c5969eee533c487092052d4d1a53af...15f9da4059166900981058ba251e0b652511c68f)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-version: 3.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index b4c32778..639b0785 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v6.0.1
 
       - name: Turnstyle
-        uses: softprops/turnstyle@2e4451ef94c5969eee533c487092052d4d1a53af # v2
+        uses: softprops/turnstyle@15f9da4059166900981058ba251e0b652511c68f # v2
         with:
           continue-after-seconds: 180
         env:

From cd8158c9f6463a018b3334bab10005ceb3e5a2c9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 8 Dec 2025 14:42:30 +0100
Subject: [PATCH 422/524] fix excluding zizmor workflow in downstream repo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 zizmor.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/zizmor.yml b/zizmor.yml
index ee110b08..afc373cb 100644
--- a/zizmor.yml
+++ b/zizmor.yml
@@ -1,3 +1,6 @@
 rules:
   excessive-permissions:
     disable: true
+  dangerous-triggers:
+    ignore:
+      - build_images.yml

From 1691a19036b32f45068d1dea9f1237c49cf4aa0c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 8 Dec 2025 15:36:02 +0100
Subject: [PATCH 423/524] make redis port configurable

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile              | 2 +-
 Containers/nextcloud/config/redis.config.php | 6 ++----
 Containers/nextcloud/entrypoint.sh           | 2 +-
 Containers/notify-push/start.sh              | 6 +++++-
 Containers/whiteboard/healthcheck.sh         | 2 +-
 Containers/whiteboard/start.sh               | 4 ++--
 php/containers.json                          | 3 +++
 7 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 03663b85..7ba63a39 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -138,7 +138,7 @@ RUN set -ex; \
     \
     { \
         echo 'session.save_handler = redis'; \
-        echo 'session.save_path = "tcp://${REDIS_HOST}:6379?database=${REDIS_DB_INDEX}${REDIS_USER_AUTH}&auth[]=${REDIS_HOST_PASSWORD}"'; \
+        echo 'session.save_path = "tcp://${REDIS_HOST}:${REDIS_PORT}?database=${REDIS_DB_INDEX}${REDIS_USER_AUTH}&auth[]=${REDIS_HOST_PASSWORD}"'; \
         echo 'redis.session.locking_enabled = 1'; \
         echo 'redis.session.lock_retries = -1'; \
         echo 'redis.session.lock_wait_time = 10000'; \
diff --git a/Containers/nextcloud/config/redis.config.php b/Containers/nextcloud/config/redis.config.php
index 80848974..b59fe4ea 100644
--- a/Containers/nextcloud/config/redis.config.php
+++ b/Containers/nextcloud/config/redis.config.php
@@ -9,10 +9,8 @@ if (getenv('REDIS_HOST')) {
     ),
   );
 
-  if (getenv('REDIS_HOST_PORT')) {
-    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
-  } elseif (getenv('REDIS_HOST')[0] != '/') {
-    $CONFIG['redis']['port'] = 6379;
+  if (getenv('REDIS_PORT')) {
+    $CONFIG['redis']['port'] = (int) getenv('REDIS_PORT');
   }
 
   if (getenv('REDIS_DB_INDEX')) {
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 8fdff0d0..86ffe159 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -27,7 +27,7 @@ fi
 
 # Only start container if Redis is accessible
 # shellcheck disable=SC2153
-while ! nc -z "$REDIS_HOST" "6379"; do
+while ! nc -z "$REDIS_HOST" "$REDIS_PORT"; do
     echo "Waiting for Redis to start..."
     sleep 5
 done
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index 9277bdaa..2f30106a 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -52,6 +52,10 @@ fi
 if [ -z "$REDIS_DB_INDEX" ]; then
     REDIS_DB_INDEX=0
 fi
+# Set a default value for REDIS_PORT
+if [ -z "$REDIS_PORT" ]; then
+    REDIS_PORT=6379
+fi
 # Set a default for db type
 if [ -z "$DATABASE_TYPE" ]; then
     DATABASE_TYPE=postgres
@@ -76,7 +80,7 @@ fi
 
 # Set sensitive values as env
 export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$CERT_OPTIONS"
-export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
+export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST:$REDIS_PORT/$REDIS_DB_INDEX"
 
 # Run it
 /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
diff --git a/Containers/whiteboard/healthcheck.sh b/Containers/whiteboard/healthcheck.sh
index 4f53988a..5909db82 100644
--- a/Containers/whiteboard/healthcheck.sh
+++ b/Containers/whiteboard/healthcheck.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 
-nc -z "$REDIS_HOST" 6379 || exit 0
+nc -z "$REDIS_HOST" "$REDIS_PORT" || exit 0
 nc -z 127.0.0.1 3002 || exit 1
diff --git a/Containers/whiteboard/start.sh b/Containers/whiteboard/start.sh
index 962df9b9..8975e0c6 100644
--- a/Containers/whiteboard/start.sh
+++ b/Containers/whiteboard/start.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Only start container if nextcloud is accessible
-while ! nc -z "$REDIS_HOST" 6379; do
+while ! nc -z "$REDIS_HOST" "$REDIS_PORT"; do
     echo "Waiting for redis to start..."
     sleep 5
 done
@@ -11,7 +11,7 @@ if [ -z "$REDIS_DB_INDEX" ]; then
     REDIS_DB_INDEX=0
 fi
 
-export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
+export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST:$REDIS_PORT/$REDIS_DB_INDEX"
 
 # Run it
 exec npm --prefix /app run server:start
diff --git a/php/containers.json b/php/containers.json
index 8afb68e9..486a4694 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -204,6 +204,7 @@
         "POSTGRES_DB=nextcloud_database",
         "POSTGRES_USER=nextcloud",
         "REDIS_HOST=nextcloud-aio-redis",
+        "REDIS_PORT=6379",
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
         "APACHE_HOST=nextcloud-aio-apache",
         "APACHE_PORT=%APACHE_PORT%",
@@ -305,6 +306,7 @@
         "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
         "TZ=%TIMEZONE%",
         "REDIS_HOST=nextcloud-aio-redis",
+        "REDIS_PORT=6379",
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
         "POSTGRES_HOST=nextcloud-aio-database",
         "POSTGRES_PORT=5432",
@@ -875,6 +877,7 @@
         "JWT_SECRET_KEY=%WHITEBOARD_SECRET%",
         "STORAGE_STRATEGY=redis",
         "REDIS_HOST=nextcloud-aio-redis",
+        "REDIS_PORT=6379",
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
         "BACKUP_DIR=/tmp"
       ],

From 3ab5740f0cb70a9be7d3b9df3cc71a85cbd1d33b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 8 Dec 2025 19:30:10 +0100
Subject: [PATCH 424/524] add further explanation to failed docker check

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 1002ef84..ad1734f1 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -110,6 +110,10 @@ if ! sudo -E -u www-data docker info &>/dev/null; then
         echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
         echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
         echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
+        echo "On macOS, see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-macos"
+        echo "Another possibility might be that Docker api v$API_VERSION is not supported by your docker daemon."
+        echo "In that case, you should report this to https://github.com/nextcloud/all-in-one/issues"
+        echo ""
         exit 1
     fi
 fi

From 2498911854c16ef7aad74867870cadbf9be8edb6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 9 Dec 2025 04:13:08 +0000
Subject: [PATCH 425/524] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 29.1.1-cli to 29.1.2-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 29.1.2-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index f6ecd08e..63c8ea35 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.1.1-cli AS docker
+FROM docker:29.1.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From 7fa5af0e8cdaec036b299401553b8e5b636791f8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 9 Dec 2025 09:14:59 +0100
Subject: [PATCH 426/524] daily-bakup.sh: fix issue with apache-port

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/daily-backup.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index edc5bddd..d11f3e85 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -23,8 +23,8 @@ fi
 sudo -E -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
 
 # Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
-APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" | grep -o 'APACHE_PORT=[0-9]\+' | grep -o '[0-9]\+' | head -1)"
-if [ -z "$APACHE_PORT" ]; then
+LOCAL_APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" | grep -o 'APACHE_PORT=[0-9]\+' | grep -o '[0-9]\+' | head -1)"
+if [ -z "$LOCAL_APACHE_PORT" ]; then
     echo "APACHE_PORT is not set which is not expected..."
 else
     # Connect mastercontainer to nextcloud-aio network to make sure that nextcloud-aio-apache is reachable
@@ -32,7 +32,7 @@ else
     docker network connect nextcloud-aio nextcloud-aio-mastercontainer &>/dev/null
 
     # Wait for apache to start
-    while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
+    while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$LOCAL_APACHE_PORT"; do
         echo "Waiting for apache to become available"
         sleep 30
     done

From b6f85b04b511e40f09947f1c10f4594930736117 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 9 Dec 2025 12:03:48 +0000
Subject: [PATCH 427/524] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 12545ac3..4e2cfaee 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -438,7 +438,7 @@ services:
     environment:
       - TZ=${TIMEZONE}
       - ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS}
-      - bootstrap.memory_lock=true
+      - bootstrap.memory_lock=false
       - cluster.name=nextcloud-aio
       - discovery.type=single-node
       - logger.level=WARN

From 52f67f2de96033bfe687530302ebf6bd0676f0dc Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 9 Dec 2025 12:14:58 +0000
Subject: [PATCH 428/524] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 03663b85..866ad126 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -83,7 +83,7 @@ RUN set -ex; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install -o igbinary-3.2.16; \
-    pecl install APCu-5.1.27; \
+    pecl install APCu-5.1.28; \
     pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.4.0; \
     pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.3.0; \
    pecl install -o imagick-3.8.1; \

From 0f3f88da0841c0239cd1fdb106e44c70eb1e251f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 10 Dec 2025 12:29:46 +0000
Subject: [PATCH 429/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/mastercontainer/Dockerfile |  2 +-
 php/composer.lock                     | 74 +++++++++++++--------------
 2 files changed, 38 insertions(+), 38 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index f6ecd08e..4bea57a4 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -52,7 +52,7 @@ RUN set -ex; \
     apk add --no-cache --virtual .build-deps \
         autoconf \
         build-base; \
-    pecl install APCu-5.1.27; \
+    pecl install APCu-5.1.28; \
     docker-php-ext-enable apcu; \
     rm -r /tmp/pear; \
     runDeps="$( \
diff --git a/php/composer.lock b/php/composer.lock
index 2fbf905c..24565073 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2035,16 +2035,16 @@
         },
         {
             "name": "amphp/parallel",
-            "version": "v2.3.2",
+            "version": "v2.3.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/amphp/parallel.git",
-                "reference": "321b45ae771d9c33a068186b24117e3cd1c48dce"
+                "reference": "296b521137a54d3a02425b464e5aee4c93db2c60"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/amphp/parallel/zipball/321b45ae771d9c33a068186b24117e3cd1c48dce",
-                "reference": "321b45ae771d9c33a068186b24117e3cd1c48dce",
+                "url": "https://api.github.com/repos/amphp/parallel/zipball/296b521137a54d3a02425b464e5aee4c93db2c60",
+                "reference": "296b521137a54d3a02425b464e5aee4c93db2c60",
                 "shasum": ""
             },
             "require": {
@@ -2107,7 +2107,7 @@
             ],
             "support": {
                 "issues": "https://github.com/amphp/parallel/issues",
-                "source": "https://github.com/amphp/parallel/tree/v2.3.2"
+                "source": "https://github.com/amphp/parallel/tree/v2.3.3"
             },
             "funding": [
                 {
@@ -2115,7 +2115,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-08-27T21:55:40+00:00"
+            "time": "2025-11-15T06:23:42+00:00"
         },
         {
             "name": "amphp/parser",
@@ -3111,20 +3111,20 @@
         },
         {
             "name": "league/uri",
-            "version": "7.6.0",
+            "version": "7.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/uri.git",
-                "reference": "f625804987a0a9112d954f9209d91fec52182344"
+                "reference": "8d587cddee53490f9b82bf203d3a9aa7ea4f9807"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/uri/zipball/f625804987a0a9112d954f9209d91fec52182344",
-                "reference": "f625804987a0a9112d954f9209d91fec52182344",
+                "url": "https://api.github.com/repos/thephpleague/uri/zipball/8d587cddee53490f9b82bf203d3a9aa7ea4f9807",
+                "reference": "8d587cddee53490f9b82bf203d3a9aa7ea4f9807",
                 "shasum": ""
             },
             "require": {
-                "league/uri-interfaces": "^7.6",
+                "league/uri-interfaces": "^7.7",
                 "php": "^8.1",
                 "psr/http-factory": "^1"
             },
@@ -3197,7 +3197,7 @@
                 "docs": "https://uri.thephpleague.com",
                 "forum": "https://thephpleague.slack.com",
                 "issues": "https://github.com/thephpleague/uri-src/issues",
-                "source": "https://github.com/thephpleague/uri/tree/7.6.0"
+                "source": "https://github.com/thephpleague/uri/tree/7.7.0"
             },
             "funding": [
                 {
@@ -3205,20 +3205,20 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-11-18T12:17:23+00:00"
+            "time": "2025-12-07T16:02:06+00:00"
         },
         {
             "name": "league/uri-interfaces",
-            "version": "7.6.0",
+            "version": "7.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/uri-interfaces.git",
-                "reference": "ccbfb51c0445298e7e0b7f4481b942f589665368"
+                "reference": "62ccc1a0435e1c54e10ee6022df28d6c04c2946c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/ccbfb51c0445298e7e0b7f4481b942f589665368",
-                "reference": "ccbfb51c0445298e7e0b7f4481b942f589665368",
+                "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/62ccc1a0435e1c54e10ee6022df28d6c04c2946c",
+                "reference": "62ccc1a0435e1c54e10ee6022df28d6c04c2946c",
                 "shasum": ""
             },
             "require": {
@@ -3281,7 +3281,7 @@
                 "docs": "https://uri.thephpleague.com",
                 "forum": "https://thephpleague.slack.com",
                 "issues": "https://github.com/thephpleague/uri-src/issues",
-                "source": "https://github.com/thephpleague/uri-interfaces/tree/7.6.0"
+                "source": "https://github.com/thephpleague/uri-interfaces/tree/7.7.0"
             },
             "funding": [
                 {
@@ -3289,7 +3289,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-11-18T12:17:23+00:00"
+            "time": "2025-12-07T16:03:21+00:00"
         },
         {
             "name": "netresearch/jsonmapper",
@@ -3344,16 +3344,16 @@
         },
         {
             "name": "nikic/php-parser",
-            "version": "v5.6.2",
+            "version": "v5.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/nikic/PHP-Parser.git",
-                "reference": "3a454ca033b9e06b63282ce19562e892747449bb"
+                "reference": "dca41cd15c2ac9d055ad70dbfd011130757d1f82"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/3a454ca033b9e06b63282ce19562e892747449bb",
-                "reference": "3a454ca033b9e06b63282ce19562e892747449bb",
+                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/dca41cd15c2ac9d055ad70dbfd011130757d1f82",
+                "reference": "dca41cd15c2ac9d055ad70dbfd011130757d1f82",
                 "shasum": ""
             },
             "require": {
@@ -3396,9 +3396,9 @@
             ],
             "support": {
                 "issues": "https://github.com/nikic/PHP-Parser/issues",
-                "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.2"
+                "source": "https://github.com/nikic/PHP-Parser/tree/v5.7.0"
             },
-            "time": "2025-10-21T19:32:17+00:00"
+            "time": "2025-12-06T11:56:16+00:00"
         },
         {
             "name": "phpdocumentor/reflection-common",
@@ -3889,16 +3889,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.27",
+            "version": "v6.4.30",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "13d3176cf8ad8ced24202844e9f95af11e2959fc"
+                "reference": "1b2813049506b39eb3d7e64aff033fd5ca26c97e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/13d3176cf8ad8ced24202844e9f95af11e2959fc",
-                "reference": "13d3176cf8ad8ced24202844e9f95af11e2959fc",
+                "url": "https://api.github.com/repos/symfony/console/zipball/1b2813049506b39eb3d7e64aff033fd5ca26c97e",
+                "reference": "1b2813049506b39eb3d7e64aff033fd5ca26c97e",
                 "shasum": ""
             },
             "require": {
@@ -3963,7 +3963,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.27"
+                "source": "https://github.com/symfony/console/tree/v6.4.30"
             },
             "funding": [
                 {
@@ -3983,7 +3983,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-10-06T10:25:16+00:00"
+            "time": "2025-12-05T13:47:41+00:00"
         },
         {
             "name": "symfony/filesystem",
@@ -4550,16 +4550,16 @@
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.13.1",
+            "version": "6.14.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51"
+                "reference": "cf26e6debc366836754f359ece5b68629a1ee185"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51",
-                "reference": "1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/cf26e6debc366836754f359ece5b68629a1ee185",
+                "reference": "cf26e6debc366836754f359ece5b68629a1ee185",
                 "shasum": ""
             },
             "require": {
@@ -4582,7 +4582,7 @@
                 "fidry/cpu-core-counter": "^0.4.1 || ^0.5.1 || ^1.0.0",
                 "netresearch/jsonmapper": "^5.0",
                 "nikic/php-parser": "^5.0.0",
-                "php": "~8.1.31 || ~8.2.27 || ~8.3.16 || ~8.4.3",
+                "php": "~8.1.31 || ~8.2.27 || ~8.3.16 || ~8.4.3 || ~8.5.0",
                 "sebastian/diff": "^4.0 || ^5.0 || ^6.0 || ^7.0",
                 "spatie/array-to-xml": "^2.17.0 || ^3.0",
                 "symfony/console": "^6.0 || ^7.0",
@@ -4664,7 +4664,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-08-06T10:10:28+00:00"
+            "time": "2025-12-10T09:31:26+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",

From a3a8cbff34690706c7ce8c3cf489ed663de92d1f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 10 Dec 2025 13:39:37 +0000
Subject: [PATCH 430/524] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                         | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml       | 4 ++--
 .../templates/nextcloud-aio-database-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml  | 6 +++---
 .../templates/nextcloud-aio-imaginary-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml       | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml      | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml  | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml      | 2 +-
 14 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 7d6a0c55..01453437 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 12.1.4
+version: 12.2.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index e6273a8b..f9fd44e6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-apache:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 662d68a0..e07f9bfb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-clamav:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index e91cfe56..8f8d6d3c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,9 +36,9 @@ spec:
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
           {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
-          image: ghcr.io/nextcloud-releases/aio-collabora-online:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20251210_133359
           {{- else }}
-          image: ghcr.io/nextcloud-releases/aio-collabora:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-collabora:20251210_133359
           {{- end }}
           readinessProbe:
             exec:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index d65dfa78..1c6491fc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index a3877029..f40d6ff3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
           command:
             - chmod
             - "777"
@@ -41,7 +41,7 @@ spec:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
             - name: bootstrap.memory_lock
-              value: "true"
+              value: "false"
             - name: cluster.name
               value: nextcloud-aio
             - name: discovery.type
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index c8ae83d9..5906d566 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 2a925878..242b9f16 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
           command:
             - chmod
             - "777"
@@ -186,7 +186,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251210_133359
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 5f16388a..114ddc1d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 4e64f6c5..d1ae2b35 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 18ceee18..3af2d622 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-redis:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 81f616fa..9d9c6d80 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-talk:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 0319cce8..58afc7d0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 35f29df7..229395ca 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251210_133359
           readinessProbe:
             exec:
               command:

From e5f1cb5955575750602ce19dd8ec0014d1d2371f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 10 Dec 2025 14:59:46 +0000
Subject: [PATCH 431/524] watchtower-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/watchtower/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index d2db5ae3..50ba3b7d 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.5-alpine3.22 AS go
 
-ENV WATCHTOWER_COMMIT_HASH=6c5a1b0bea65cea1d4cc1de5196789a01617957a	
+ENV WATCHTOWER_COMMIT_HASH=1ee8747544ce9a49711d9314f1690b30c29e6a8c	
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
         build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.3
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.5
 
 FROM alpine:3.22.2
 

From 1492e7ad46c8c137981dff57cc185db880becf02 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Thu, 11 Dec 2025 04:19:27 +0000
Subject: [PATCH 432/524] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index d04c5aa8..dfff8ba0 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.13.1@1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51"/>
+<files psalm-version="6.14.1@cf26e6debc366836754f359ece5b68629a1ee185"/>

From 8a3628d1d8560c493d721538ff179fe19096f067 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 11 Dec 2025 11:03:36 +0000
Subject: [PATCH 433/524] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 866ad126..7ca67cac 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=32.0.2
+ENV NEXTCLOUD_VERSION=32.0.3
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 29dbf6e565e27861264d41c53ae54342d78eb52e Mon Sep 17 00:00:00 2001
From: stefano99 <falchi.stefi@gmail.com>
Date: Thu, 11 Dec 2025 12:16:35 +0100
Subject: [PATCH 434/524] Docs update: Add encoded characters config for
 Traefik v3.6.4+ (#7286)

Signed-off-by: stefano99 <falchi.stefi@gmail.com>
---
 reverse-proxy.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index e0497c84..14e7aaaf 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -870,6 +870,11 @@ The examples below define the dynamic configuration in YAML files. If you rather
         transport:
           respondingTimeouts:
             readTimeout: 24h # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links)
+        http:
+          # Required for Nextcloud to correctly handle encoded URL characters (%2F and %3F in this case) in newer Traefik versions (v3.6.4+).
+          encodedCharacters:  
+            allowEncodedSlash: true
+            allowEncodedQuestionMark: true
         # If you want to enable HTTP/3 support, uncomment the line below
         # http3: {}
     

From eada5b90fe7ec99141ce2edd98545d4c1db22036 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 11 Dec 2025 12:19:48 +0000
Subject: [PATCH 435/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 24565073..d829d29f 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4550,16 +4550,16 @@
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.14.1",
+            "version": "6.14.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "cf26e6debc366836754f359ece5b68629a1ee185"
+                "reference": "bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/cf26e6debc366836754f359ece5b68629a1ee185",
-                "reference": "cf26e6debc366836754f359ece5b68629a1ee185",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0",
+                "reference": "bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0",
                 "shasum": ""
             },
             "require": {
@@ -4664,7 +4664,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-12-10T09:31:26+00:00"
+            "time": "2025-12-11T08:58:52+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",

From 7f71a94c8cbfdba9a5c45c62804e238e217a0439 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 11 Dec 2025 12:20:33 +0000
Subject: [PATCH 436/524] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 4e2cfaee..9da46d0f 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -135,6 +135,7 @@ services:
       - POSTGRES_DB=nextcloud_database
       - POSTGRES_USER=nextcloud
       - REDIS_HOST=nextcloud-aio-redis
+      - REDIS_PORT=6379
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
       - APACHE_HOST=nextcloud-aio-apache
       - APACHE_PORT
@@ -206,6 +207,7 @@ services:
       - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
       - TZ=${TIMEZONE}
       - REDIS_HOST=nextcloud-aio-redis
+      - REDIS_PORT=6379
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
       - POSTGRES_HOST=nextcloud-aio-database
       - POSTGRES_PORT=5432
@@ -475,6 +477,7 @@ services:
       - JWT_SECRET_KEY=${WHITEBOARD_SECRET}
       - STORAGE_STRATEGY=redis
       - REDIS_HOST=nextcloud-aio-redis
+      - REDIS_PORT=6379
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
       - BACKUP_DIR=/tmp
     restart: unless-stopped

From 65501079013c6df1bedb2ca4c5115909699682aa Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 28 Nov 2025 13:02:20 +0100
Subject: [PATCH 437/524] standardize ca-config

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile               |   1 +
 .../nextcloud/config/postgres.config.php      |   4 +-
 Containers/nextcloud/entrypoint.sh            | 107 +++++++++++++-----
 Containers/notify-push/start.sh               |   4 +-
 4 files changed, 84 insertions(+), 32 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 034ebba2..f4891920 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -251,6 +251,7 @@ RUN set -ex; \
     chmod 777 -R /usr/local/etc/php/conf.d && \
     chmod 777 -R /usr/local/etc/php-fpm.d && \
     chmod -R 777 /tmp; \
+    chmod -R 777 /etc/openldap; \
     \
     mkdir -p /nc-updater; \
     chmod -R 777 /nc-updater
diff --git a/Containers/nextcloud/config/postgres.config.php b/Containers/nextcloud/config/postgres.config.php
index acde7b82..71a657a7 100644
--- a/Containers/nextcloud/config/postgres.config.php
+++ b/Containers/nextcloud/config/postgres.config.php
@@ -3,14 +3,14 @@ if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES')) {
   $CONFIG = array(
     'pgsql_ssl' => array(
       'mode' => 'verify-ca',
-      'rootcert' => '/var/www/html/data/certificates/POSTGRES',
+      'rootcert' => '/var/www/html/data/certificates/ca-bundle.crt',
     ),
   );
 }
 if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL')) {
   $CONFIG = array(
     'dbdriveroptions' => array(
-      'PDO::MYSQL_ATTR_SSL_CA' => '/var/www/html/data/certificates/MYSQL',
+      'PDO::MYSQL_ATTR_SSL_CA' => '/var/www/html/data/certificates/ca-bundle.crt',
     ),
   );
 }
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index c0dfd803..edc6c32c 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -20,6 +20,79 @@ run_upgrade_if_needed_due_to_app_update() {
     fi
 }
 
+set_global_ca_bundle_path() {
+    # Only run if env is set
+    if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
+        php /var/www/html/occ config:system:set default_certificates_bundle_path --value="$CERTIFICATE_BUNDLE"
+    fi
+}
+
+# Create cert bundle
+if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
+
+    # Enable debug mode
+    set -x
+
+    # Default vars
+    CERTIFICATES_ROOT_DIR="/var/www/html/data/certificates"
+    CERTIFICATE_BUNDLE="/var/www/html/data/certificates/ca-bundle.crt"
+    
+    # Remove old root certs and recreate them with current ones
+    rm -rf "$CERTIFICATES_ROOT_DIR"
+    mkdir -p "$CERTIFICATES_ROOT_DIR"
+
+    # Retrieve default root cert bundle
+    if ! [ -f "$SOURCE_LOCATION/resources/config/ca-bundle.crt" ]; then
+        echo "Root ca-bundle not found. Only concattening configured NEXTCLOUD_TRUSTED_CERTIFICATES files!"
+        # Recreate cert file
+        touch "$CERTIFICATE_BUNDLE"
+    else
+        # Write default bundle to the target ca file
+        cat "$SOURCE_LOCATION/resources/config/ca-bundle.crt" > "$CERTIFICATE_BUNDLE"
+    fi
+
+    # Iterate through certs
+    TRUSTED_CERTIFICATES="$(env | grep NEXTCLOUD_TRUSTED_CERTIFICATES_ | grep -oP '^[A-Z_a-z0-9]+')"
+    mapfile -t TRUSTED_CERTIFICATES <<< "$TRUSTED_CERTIFICATES"
+    for certificate in "${TRUSTED_CERTIFICATES[@]}"; do
+
+        # Create new line
+        echo "" >> "$CERTIFICATE_BUNDLE"
+
+        # Check if variable is an actual cert
+        if echo "${!certificate}" | grep -q "BEGIN CERTIFICATE" && echo "${!certificate}" | grep -q "END CERTIFICATE"; then
+            # Write out cert to bundle
+            echo "${!certificate}" >> "$CERTIFICATE_BUNDLE"
+        fi
+
+        # Create file in cert dir for extra logic in other places
+        if ! [ -f "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME" ]; then
+            touch "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME"
+        fi
+
+    done
+
+    # Custom logic for ldap conf
+    if ! grep -q "TLS_" /etc/openldap/ldap.conf; then
+        cat << EOL >> /etc/openldap/ldap.conf
+TLS_CACERT $CERTIFICATE_BUNDLE
+TLS_REQCERT try
+EOL
+    fi
+
+    # Backwards compatibility with older instances
+    if [ -f "/var/www/html/config/postgres.config.php" ]; then
+        sed -i "s|/var/www/html/data/certificates/POSTGRES|/var/www/html/data/certificates/ca-bundle.crt|" /var/www/html/config/postgres.config.php
+        sed -i "s|/var/www/html/data/certificates/MYSQL|/var/www/html/data/certificates/ca-bundle.crt|" /var/www/html/config/postgres.config.php
+    fi
+
+    # Print out bundle one last time
+    cat "$CERTIFICATE_BUNDLE"
+
+    # Disable debug mode
+    set +x
+fi
+
 # Adjust DATABASE_TYPE to by Nextcloud supported value
 if [ "$DATABASE_TYPE" = postgres ]; then
     export DATABASE_TYPE=pgsql
@@ -173,6 +246,8 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 
             run_upgrade_if_needed_due_to_app_update
 
+            set_global_ca_bundle_path
+
             php /var/www/html/occ maintenance:mode --off
 
             echo "Getting and backing up the status of apps for later; this might take a while..."
@@ -279,16 +354,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
     );
 EOF
 
-            # Write out postgres root cert
-            if [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" ]; then
-                mkdir /var/www/html/data/certificates
-                echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" > "/var/www/html/data/certificates/POSTGRES"
-            # Write out mysql root cert
-            elif [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL" ]; then
-                mkdir /var/www/html/data/certificates
-                echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL" > "/var/www/html/data/certificates/MYSQL"
-            fi
-
             echo "Installing with $DATABASE_TYPE database"
             # Set a default value for POSTGRES_PORT
             if [ -z "$POSTGRES_PORT" ]; then
@@ -316,6 +381,8 @@ EOF
             # Try to force generation of appdata dir:
             php /var/www/html/occ maintenance:repair
 
+            set_global_ca_bundle_path
+
             if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
                 max_retries=10
                 try=0
@@ -532,6 +599,8 @@ fi
 
 run_upgrade_if_needed_due_to_app_update
 
+set_global_ca_bundle_path
+
 if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
     # Check if appdata is present
     # If not, something broke (e.g. changing ncdatadir after aio was first started)
@@ -649,24 +718,6 @@ else
 fi
 # AIO app end # Do not remove or change this line!
 
-# Allow to add custom certs to Nextcloud's trusted cert store
-if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
-    set -x
-    TRUSTED_CERTIFICATES="$(env | grep NEXTCLOUD_TRUSTED_CERTIFICATES_ | grep -oP '^[A-Z_a-z0-9]+')"
-    mapfile -t TRUSTED_CERTIFICATES <<< "$TRUSTED_CERTIFICATES"
-    CERTIFICATES_ROOT_DIR="/var/www/html/data/certificates"
-    mkdir -p "$CERTIFICATES_ROOT_DIR"
-    for certificate in "${TRUSTED_CERTIFICATES[@]}"; do
-        # shellcheck disable=SC2001
-        CERTIFICATE_NAME="$(echo "$certificate" | sed 's|^NEXTCLOUD_TRUSTED_CERTIFICATES_||')"
-        if ! [ -f "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME" ]; then
-            echo "${!certificate}" > "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME"
-            php /var/www/html/occ security:certificates:import "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME"
-        fi
-    done
-    set +x
-fi
-
 # Notify push
 if ! [ -d "/var/www/html/custom_apps/notify_push" ]; then
     php /var/www/html/occ app:install notify_push
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index 9277bdaa..375009fc 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -68,10 +68,10 @@ fi
 
 # Postgres root cert
 if [ -f "/nextcloud/data/certificates/POSTGRES" ]; then
-    CERT_OPTIONS="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/POSTGRES"
+    CERT_OPTIONS="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/ca-bundle.crt"
 # Mysql root cert
 elif [ -f "/nextcloud/data/certificates/MYSQL" ]; then
-    CERT_OPTIONS="?sslmode=verify-ca&ssl-ca=/nextcloud/data/certificates/MYSQL"
+    CERT_OPTIONS="?sslmode=verify-ca&ssl-ca=/nextcloud/data/certificates/ca-bundle.crt"
 fi
 
 # Set sensitive values as env

From 0be8409c365aa4996c577070b025baa496fa7ef6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Dec 2025 15:21:13 +0100
Subject: [PATCH 438/524] increase to 12.3.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2432ab13..4e25dcf3 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.2.1</h1>
+            <h1>Nextcloud AIO v12.3.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 76cae30d5ca4048b3caca5872d67bc1c70c203cf Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Dec 2025 15:56:27 +0100
Subject: [PATCH 439/524] update helm chart

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 ++
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 ++
 .../templates/nextcloud-aio-whiteboard-deployment.yaml          | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 242b9f16..3911d7eb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -160,6 +160,8 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
+            - name: REDIS_PORT
+              value: "6379"
             - name: REMOVE_DISABLED_APPS
               value: "{{ .Values.REMOVE_DISABLED_APPS }}"
             - name: SIGNALING_SECRET
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 114ddc1d..dc33201f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -53,6 +53,8 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
+            - name: REDIS_PORT
+              value: "6379"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
           image: ghcr.io/nextcloud-releases/aio-notify-push:20251210_133359
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 229395ca..410d6ae8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -44,6 +44,8 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
+            - name: REDIS_PORT
+              value: "6379"
             - name: STORAGE_STRATEGY
               value: redis
             - name: TZ

From 17bf4f91d7d20a91ed499d126eb014beb50d735f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 12 Dec 2025 13:06:50 +0100
Subject: [PATCH 440/524] nextcloud: fix configuration of
 `default_certificates_bundle_path` and allow to use bundle for mailer

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../nextcloud/config/certificates-bundle.config.php |  5 +++++
 Containers/nextcloud/config/smtp.config.php         | 11 +++++++++++
 Containers/nextcloud/entrypoint.sh                  | 13 -------------
 3 files changed, 16 insertions(+), 13 deletions(-)
 create mode 100644 Containers/nextcloud/config/certificates-bundle.config.php

diff --git a/Containers/nextcloud/config/certificates-bundle.config.php b/Containers/nextcloud/config/certificates-bundle.config.php
new file mode 100644
index 00000000..cc05b06a
--- /dev/null
+++ b/Containers/nextcloud/config/certificates-bundle.config.php
@@ -0,0 +1,5 @@
+<?php
+// Check if NEXTCLOUD_TRUSTED_CERTIFICATES_ are configured
+if (str_contains(implode(' ', array_keys(getenv())), 'NEXTCLOUD_TRUSTED_CERTIFICATES_')) {
+  $CONFIG['default_certificates_bundle_path'] = '/var/www/html/data/certificates/ca-bundle.crt';
+}
diff --git a/Containers/nextcloud/config/smtp.config.php b/Containers/nextcloud/config/smtp.config.php
index 40cfdf94..b57f9b68 100644
--- a/Containers/nextcloud/config/smtp.config.php
+++ b/Containers/nextcloud/config/smtp.config.php
@@ -18,3 +18,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
       $CONFIG['mail_smtppassword'] = '';
   }
 }
+
+if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_MAILER')) {
+  $CONFIG = array(
+    'mail_smtpstreamoptions' => array(
+      'ssl' => array(
+        'verify_peer_name' => false,
+        'cafile' => '/var/www/html/data/certificates/ca-bundle.crt',
+      )
+    )
+  );
+}
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 526a4b67..eea3d65b 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -20,13 +20,6 @@ run_upgrade_if_needed_due_to_app_update() {
     fi
 }
 
-set_global_ca_bundle_path() {
-    # Only run if env is set
-    if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
-        php /var/www/html/occ config:system:set default_certificates_bundle_path --value="$CERTIFICATE_BUNDLE"
-    fi
-}
-
 # Create cert bundle
 if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
 
@@ -246,8 +239,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 
             run_upgrade_if_needed_due_to_app_update
 
-            set_global_ca_bundle_path
-
             php /var/www/html/occ maintenance:mode --off
 
             echo "Getting and backing up the status of apps for later; this might take a while..."
@@ -381,8 +372,6 @@ EOF
             # Try to force generation of appdata dir:
             php /var/www/html/occ maintenance:repair
 
-            set_global_ca_bundle_path
-
             if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
                 max_retries=10
                 try=0
@@ -599,8 +588,6 @@ fi
 
 run_upgrade_if_needed_due_to_app_update
 
-set_global_ca_bundle_path
-
 if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
     # Check if appdata is present
     # If not, something broke (e.g. changing ncdatadir after aio was first started)

From 2998dfdf435148a637f1a2bd2adb1e95972138ab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Dec 2025 04:15:48 +0000
Subject: [PATCH 441/524] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.4.2 to v1.5.0.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.5.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index fe5d89f7..e2f40160 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.2
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.0
 
 USER root
 RUN set -ex; \

From 4c1947afdcf9994dd4a7d3b74fefe32126e08c5f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Dec 2025 12:21:36 +0000
Subject: [PATCH 442/524] build(deps): bump dessant/lock-threads in
 /.github/workflows

Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 5.0.1 to 6.0.0.
- [Release notes](https://github.com/dessant/lock-threads/releases)
- [Changelog](https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md)
- [Commits](https://github.com/dessant/lock-threads/compare/1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771...7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7)

---
updated-dependencies:
- dependency-name: dessant/lock-threads
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lock-threads.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lock-threads.yml b/.github/workflows/lock-threads.yml
index be8273d5..bda40ee2 100644
--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -14,7 +14,7 @@ jobs:
   action:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5
+      - uses: dessant/lock-threads@7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7 # v5
         with: 
           issue-inactive-days: '14'
           process-only: 'issues'

From d0b5e64272df65b96aa3259dd5228575d4eb13df Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Dec 2025 12:21:43 +0000
Subject: [PATCH 443/524] build(deps): bump astral-sh/setup-uv in
 /.github/workflows

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.1.5 to 7.1.6.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/ed21f2f24f8dd64503750218de024bcf64c7250a...681c641aba71e4a1c380be3ab5e12ad51f415867)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 7.1.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-yaml.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index 542f38b8..9b5710cb 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -36,7 +36,7 @@ jobs:
             line-length: warning
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
 
       - name: Check GitHub actions
         run: uvx zizmor --min-severity medium .github/workflows/*.yml

From 5fef93eabf77b693dbd4b4ce35e4bc60012bab60 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Dec 2025 12:21:53 +0000
Subject: [PATCH 444/524] build(deps): bump actions/upload-artifact in
 /.github/workflows

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/playwright.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 3919690b..252a6510 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -82,7 +82,7 @@ jobs:
             exit 1
           fi
 
-      - uses: actions/upload-artifact@v5
+      - uses: actions/upload-artifact@v6
         if: ${{ !cancelled() }}
         with:
           name: playwright-report

From 92d036d04ad6cf10f5c5d2ebaed604b786433645 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 16 Dec 2025 04:15:35 +0000
Subject: [PATCH 445/524] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.14.1-alpine3.22 to 3.14.2-alpine3.22.

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.14.2-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index cfc1f952..beeb517e 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.14.1-alpine3.22
+FROM python:3.14.2-alpine3.22
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From a66445d4437791835682750bb338eac6d8d34229 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 16 Dec 2025 10:40:45 +0100
Subject: [PATCH 446/524] nextcloud: allow to configure
 `FULLTEXTSEARCH_PROTOCOL`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 5 ++++-
 php/containers.json                | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index eea3d65b..d5ca8952 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -972,6 +972,9 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:disable fulltextsearch_elasticsearch
         php /var/www/html/occ app:disable files_fulltextsearch
     else
+        if [ -z "$FULLTEXTSEARCH_PROTOCOL" ]; then
+            FULLTEXTSEARCH_PROTOCOL="http"
+        fi
         if ! [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
             php /var/www/html/occ app:install fulltextsearch
         elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" != "yes" ]; then
@@ -994,7 +997,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
             php /var/www/html/occ app:update files_fulltextsearch
         fi
         php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
-        php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}"
+        php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"$FULLTEXTSEARCH_PROTOCOL://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}"
         php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":true,\"files_office\":true}"
 
         # Do the index
diff --git a/php/containers.json b/php/containers.json
index 486a4694..d8556184 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -237,6 +237,7 @@
         "PHP_MEMORY_LIMIT=%NEXTCLOUD_MEMORY_LIMIT%",
         "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",
         "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch",
+        "FULLTEXTSEARCH_PROTOCOL=http",
         "FULLTEXTSEARCH_PORT=9200",
         "FULLTEXTSEARCH_USER=elastic",
         "FULLTEXTSEARCH_INDEX=nextcloud-aio",

From f415bf201d521111ad40a56654673ac8586d1898 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 16 Dec 2025 10:31:33 +0100
Subject: [PATCH 447/524] s3-config: adjust the multibucket setting

Signed-off-by: Simon L. <szaimen@e.mail.de>
Co-Authored-By: Kate <26026535+provokateurin@users.noreply.github.com>
---
 Containers/nextcloud/config/s3.config.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php
index 66e1476d..59217a78 100644
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -6,9 +6,10 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
   $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
   $multibucket = getenv('OBJECTSTORE_S3_MULTIBUCKET');
   $CONFIG = array(
-    $multibucket === 'true' ? 'objectstore_multibucket' : 'objectstore' => array(
+    'objectstore' => array(
       'class' => '\OC\Files\ObjectStore\S3',
       'arguments' => array(
+        'multibucket' => $multibucket === 'true',
         'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
         'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
         'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',

From 0f0265abd4096ad73eb7dc340ff24bc13e9e97e0 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 16 Dec 2025 11:09:08 +0000
Subject: [PATCH 448/524] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 9da46d0f..e9362ccc 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -165,6 +165,7 @@ services:
       - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
       - FULLTEXTSEARCH_ENABLED
       - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
+      - FULLTEXTSEARCH_PROTOCOL=http
       - FULLTEXTSEARCH_PORT=9200
       - FULLTEXTSEARCH_USER=elastic
       - FULLTEXTSEARCH_INDEX=nextcloud-aio

From 1dadf3ff10c338d6e74bfabe3ab06c0d3f59c989 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 16 Dec 2025 13:01:52 +0100
Subject: [PATCH 449/524] Merge pull request #7328 from
 nextcloud/enh/noid/update-helm

---
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 3911d7eb..e95b8b0b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -114,6 +114,8 @@ spec:
               value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}"
             - name: FULLTEXTSEARCH_PORT
               value: "9200"
+            - name: FULLTEXTSEARCH_PROTOCOL
+              value: http
             - name: FULLTEXTSEARCH_USER
               value: elastic
             - name: IMAGINARY_ENABLED

From 082bbab85561944db7de12b351611e11253bdca9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 17 Dec 2025 04:13:11 +0000
Subject: [PATCH 450/524] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.7.3.1 to 25.04.8.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.8.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 071d0751..50b6cfef 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.7.3.1
+FROM collabora/code:25.04.8.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 06f492397b04dd412e7c111f959f0bfc846897c5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 17 Dec 2025 12:27:56 +0100
Subject: [PATCH 451/524] helm: make documentation more clear about storage
 classes

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 4 ++--
 nextcloud-aio-helm-chart/values.yaml    | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 02428db8..39aa7007 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -425,8 +425,8 @@ sed -i 's|17179869184|"17179869184"|' /tmp/sample.conf
 # shellcheck disable=SC2129
 echo "" >> /tmp/sample.conf
 # shellcheck disable=SC2129
-echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage!' >> /tmp/sample.conf
-echo 'STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. ⚠️ Warning: only set this for new installations, not existing ones!' >> /tmp/sample.conf
+echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage! This storage class must provide RWX and RWO volumes (ReadWriteMany and ReadWriteOnce).' >> /tmp/sample.conf
+echo 'STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWO volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones!' >> /tmp/sample.conf
 for variable in "${VOLUME_VARIABLE[@]}"; do
     echo "$variable: 1Gi       # You can change the size of the $(echo "$variable" | sed 's|_STORAGE_SIZE||;s|_|-|g' | tr '[:upper:]' '[:lower:]') volume that default to 1Gi with this value" >> /tmp/sample.conf
 done
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 10603a7c..8b17bc97 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -38,8 +38,8 @@ REMOVE_DISABLED_APPS: yes        # Setting this to no keep Nextcloud apps that a
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using. It should be set to something higher than 1024! Otherwise it might not work!
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 
-STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage!
-STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. ⚠️ Warning: only set this for new installations, not existing ones!
+STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage! This storage class must provide RWX and RWO volumes (ReadWriteMany and ReadWriteOnce).
+STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWO volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones!
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value
 CLAMAV_STORAGE_SIZE: 1Gi       # You can change the size of the clamav volume that default to 1Gi with this value
 DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume that default to 1Gi with this value

From adedd78c34948409525d7dd1d7dfbcd801f9bcfd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 17 Dec 2025 13:43:32 +0100
Subject: [PATCH 452/524] fix typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 nextcloud-aio-helm-chart/values.yaml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 39aa7007..f39d3035 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -426,7 +426,7 @@ sed -i 's|17179869184|"17179869184"|' /tmp/sample.conf
 echo "" >> /tmp/sample.conf
 # shellcheck disable=SC2129
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage! This storage class must provide RWX and RWO volumes (ReadWriteMany and ReadWriteOnce).' >> /tmp/sample.conf
-echo 'STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWO volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones!' >> /tmp/sample.conf
+echo 'STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWX volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones!' >> /tmp/sample.conf
 for variable in "${VOLUME_VARIABLE[@]}"; do
     echo "$variable: 1Gi       # You can change the size of the $(echo "$variable" | sed 's|_STORAGE_SIZE||;s|_|-|g' | tr '[:upper:]' '[:lower:]') volume that default to 1Gi with this value" >> /tmp/sample.conf
 done
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 8b17bc97..25fb2c92 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -39,7 +39,7 @@ TALK_PORT: 3478          # This allows to adjust the port that the talk containe
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage! This storage class must provide RWX and RWO volumes (ReadWriteMany and ReadWriteOnce).
-STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWO volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones!
+STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWX volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones!
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value
 CLAMAV_STORAGE_SIZE: 1Gi       # You can change the size of the clamav volume that default to 1Gi with this value
 DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume that default to 1Gi with this value

From 748857a495cc13a513674ea3e5a1d4a76de76d35 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 17 Dec 2025 15:11:24 +0100
Subject: [PATCH 453/524] onlyoffice: disable background check for editors

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh        | 1 +
 Containers/nextcloud/run-exec-commands.sh | 5 -----
 php/containers.json                       | 4 ----
 3 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index d5ca8952..6825f04c 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -831,6 +831,7 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
         fi
 
         # Set OnlyOffice configuration
+        php /var/www/html/occ config:system:set onlyoffice editors_check_interval --value="0" --type=integer 
         php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
         php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
         php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
diff --git a/Containers/nextcloud/run-exec-commands.sh b/Containers/nextcloud/run-exec-commands.sh
index 9ef6ba69..e8066881 100644
--- a/Containers/nextcloud/run-exec-commands.sh
+++ b/Containers/nextcloud/run-exec-commands.sh
@@ -19,11 +19,6 @@ else
         echo "Activating Collabora config..."
         php /var/www/html/occ richdocuments:activate-config
     fi
-    # OnlyOffice must work also if using manual-install
-    if [ "$ONLYOFFICE_ENABLED" = yes ]; then
-        echo "Activating OnlyOffice config..."
-        php /var/www/html/occ onlyoffice:documentserver --check
-    fi
 fi
 
 signal_handler() {
diff --git a/php/containers.json b/php/containers.json
index d8556184..8c507f91 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -723,10 +723,6 @@
         "ONLYOFFICE_SECRET"
       ],
       "restart": "unless-stopped",
-      "nextcloud_exec_commands": [
-        "echo 'Activating OnlyOffice config...'",
-        "php /var/www/html/occ onlyoffice:documentserver --check"
-      ],
       "profiles": [
         "onlyoffice"
       ],

From 7b91fcbbd34c80fde199b0b297769c11c94b75af Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 17 Dec 2025 15:24:28 +0100
Subject: [PATCH 454/524] nextcloud: Allow to disable imagick without having to
 enable it each time

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile |  1 +
 Containers/nextcloud/start.sh   | 12 +++++-------
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 05b3dd0a..f40de2ce 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -93,6 +93,7 @@ RUN set -ex; \
         apcu \
         memcached \
         redis \
+        imagick \
     ; \
     rm -r /tmp/pear; \
     \
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 14cb35d1..05ccb8b0 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -86,15 +86,13 @@ fi
 # Install additional php extensions
 if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
     if ! [ -f "/additional-php-extensions-are-installed" ]; then
+        # Allow to disable imagick without having to enable it each time
+        if ! echo "$ADDITIONAL_PHP_EXTENSIONS" | grep -q imagick; then
+            # Remove the ini file as there is no docker-php-ext-disable script available
+            rm /usr/local/etc/php/conf.d/docker-php-ext-imagick.ini
+        fi
         read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS"
         for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do
-            if [ "$app" = imagick ]; then
-                echo "Enabling Imagick..."
-                if ! docker-php-ext-enable imagick >/dev/null; then
-                    echo "Could not install PHP extension imagick!"
-                fi
-                continue
-            fi
             # shellcheck disable=SC2086
             if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then
                 echo "Installing PHP build dependencies..."

From 3ca5f5b3000799c3012530153b7b9ba4a1c7b648 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 18 Dec 2025 04:16:17 +0000
Subject: [PATCH 455/524] build(deps): bump nats in /Containers/talk

Bumps nats from 2.12.2-scratch to 2.12.3-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.12.3-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index a74fa1ae..f94886cb 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.12.2-scratch AS nats
+FROM nats:2.12.3-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.2 AS janus

From 576c6a18bde86af0811b05fef4c6b307a8eedd0f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 18 Dec 2025 09:58:11 +0000
Subject: [PATCH 456/524] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 01453437..16e7a82c 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 12.2.1
+version: 12.3.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index f9fd44e6..6eddefe9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-apache:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index e07f9bfb..26eda032 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-clamav:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 8f8d6d3c..c0984e1d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,9 +36,9 @@ spec:
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
           {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
-          image: ghcr.io/nextcloud-releases/aio-collabora-online:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20251218_095503
           {{- else }}
-          image: ghcr.io/nextcloud-releases/aio-collabora:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-collabora:20251218_095503
           {{- end }}
           readinessProbe:
             exec:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 1c6491fc..b7b54647 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index f40d6ff3..14f19447 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 5906d566..9f0c54c5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index e95b8b0b..3cbfa2fe 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
           command:
             - chmod
             - "777"
@@ -190,7 +190,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251218_095503
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index dc33201f..a9822a80 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: "6379"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index d1ae2b35..c8160edd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 3af2d622..8446167d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-redis:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 9d9c6d80..c28e7335 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-talk:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 58afc7d0..a0d36c08 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 410d6ae8..e311f230 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251218_095503
           readinessProbe:
             exec:
               command:

From 638c8e262d3e5a11cf314dd500cb6550628fbe54 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 04:11:37 +0000
Subject: [PATCH 457/524] build(deps): bump alpine from 3.22.2 to 3.23.2 in
 /Containers/alpine

Bumps alpine from 3.22.2 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/alpine/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile
index 25ac9671..718c5510 100644
--- a/Containers/alpine/Dockerfile
+++ b/Containers/alpine/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.2
+FROM alpine:3.23.2
 
 RUN set -ex; \
     apk upgrade --no-cache -a

From 32c6325ab8b150378f85493c61a7ec37871fc2ee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 04:11:43 +0000
Subject: [PATCH 458/524] build(deps): bump alpine from 3.22.2 to 3.23.2 in
 /Containers/borgbackup

Bumps alpine from 3.22.2 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 3d4ce1ce..637d035c 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.2
+FROM alpine:3.23.2
 
 RUN set -ex; \
     \

From ad92033faf7d03825e6e5474f6fd80eeb82688ab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 04:11:46 +0000
Subject: [PATCH 459/524] build(deps): bump alpine from 3.22.2 to 3.23.2 in
 /Containers/clamav

Bumps alpine from 3.22.2 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index eab313fd..196b109a 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.2
+FROM alpine:3.23.2
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 93aefb05a9f4bd2dda53c9596c4a8ce436d786fa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 04:11:54 +0000
Subject: [PATCH 460/524] build(deps): bump alpine in /Containers/domaincheck

Bumps alpine from 3.22.2 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index c4b340e2..769c24ac 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.2
+FROM alpine:3.23.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \

From 224e4ed91793841615a3f87e3976476871dffc56 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 04:12:02 +0000
Subject: [PATCH 461/524] build(deps): bump alpine from 3.22.2 to 3.23.2 in
 /Containers/imaginary

Bumps alpine from 3.22.2 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index ea0a70de..79ea1228 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -14,7 +14,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.22.2
+FROM alpine:3.23.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

From 86328d650977ba91665d6c97b39a5d602ef354a5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 04:12:58 +0000
Subject: [PATCH 462/524] build(deps): bump alpine in /Containers/notify-push

Bumps alpine from 3.22.2 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 812ec840..83b4cab1 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.2
+FROM alpine:3.23.2
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From e136b51fc1fa6b1479e6222b12f97c9ca60ca1a7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 04:13:19 +0000
Subject: [PATCH 463/524] build(deps): bump alpine from 3.22.2 to 3.23.2 in
 /Containers/talk

Bumps alpine from 3.22.2 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index a74fa1ae..fe7d017d 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -2,7 +2,7 @@
 FROM nats:2.12.2-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
-FROM alpine:3.22.2 AS janus
+FROM alpine:3.23.2 AS janus
 
 ARG JANUS_VERSION=v1.3.3
 WORKDIR /src
@@ -35,7 +35,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.22.2
+FROM alpine:3.23.2
 ENV ETURNAL_ETC_DIR="/conf"
 ENV SKIP_CERT_VERIFY=false
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local

From 667a6ebfad10f461b0cf8b3f20c607bb0d28e36f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 04:13:29 +0000
Subject: [PATCH 464/524] build(deps): bump alpine from 3.22.2 to 3.23.2 in
 /Containers/watchtower

Bumps alpine from 3.22.2 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 50ba3b7d..14f6c672 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -9,7 +9,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.5
 
-FROM alpine:3.22.2
+FROM alpine:3.23.2
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 15fa3be6555e0916be19c0a788ed3208aa010022 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 30 Dec 2025 13:46:07 +0100
Subject: [PATCH 465/524] Update collabora.yml

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/collabora.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index 37e974f7..8e464925 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -14,7 +14,7 @@ jobs:
     - name: Run collabora-profile-update
       run: |
         rm -f php/cool-seccomp-profile.json
-        wget https://raw.githubusercontent.com/CollaboraOnline/online/refs/heads/master/docker/cool-seccomp-profile.json
+        wget https://raw.githubusercontent.com/CollaboraOnline/online/refs/heads/main/docker/cool-seccomp-profile.json
         mv cool-seccomp-profile.json php/
         
     - name: Create Pull Request

From e8176e15f5076397629bc38c1867070add001a9f Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Wed, 31 Dec 2025 04:22:04 +0000
Subject: [PATCH 466/524] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index dfff8ba0..8c90cdc8 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.14.1@cf26e6debc366836754f359ece5b68629a1ee185"/>
+<files psalm-version="6.14.2@bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0"/>

From 093b553354ce412192dc1947a2cd6bf3a6be2dd2 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 31 Dec 2025 12:03:35 +0000
Subject: [PATCH 467/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 126 ++++++++++++++++++++++++----------------------
 1 file changed, 65 insertions(+), 61 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index d829d29f..ed6667ed 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -333,16 +333,16 @@
         },
         {
             "name": "http-interop/http-factory-guzzle",
-            "version": "1.2.0",
+            "version": "1.2.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/http-interop/http-factory-guzzle.git",
-                "reference": "8f06e92b95405216b237521cc64c804dd44c4a81"
+                "reference": "c2c859ceb05c3f42e710b60555f4c35b6a4a3995"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/http-interop/http-factory-guzzle/zipball/8f06e92b95405216b237521cc64c804dd44c4a81",
-                "reference": "8f06e92b95405216b237521cc64c804dd44c4a81",
+                "url": "https://api.github.com/repos/http-interop/http-factory-guzzle/zipball/c2c859ceb05c3f42e710b60555f4c35b6a4a3995",
+                "reference": "c2c859ceb05c3f42e710b60555f4c35b6a4a3995",
                 "shasum": ""
             },
             "require": {
@@ -385,9 +385,9 @@
             ],
             "support": {
                 "issues": "https://github.com/http-interop/http-factory-guzzle/issues",
-                "source": "https://github.com/http-interop/http-factory-guzzle/tree/1.2.0"
+                "source": "https://github.com/http-interop/http-factory-guzzle/tree/1.2.1"
             },
-            "time": "2021-07-21T13:50:14+00:00"
+            "time": "2025-12-15T11:28:16+00:00"
         },
         {
             "name": "laravel/serializable-closure",
@@ -1644,16 +1644,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.22.1",
+            "version": "v3.22.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "1de2ec1fc43ab58a4b7e80b214b96bfc895750f3"
+                "reference": "946ddeafa3c9f4ce279d1f34051af041db0e16f2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/1de2ec1fc43ab58a4b7e80b214b96bfc895750f3",
-                "reference": "1de2ec1fc43ab58a4b7e80b214b96bfc895750f3",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/946ddeafa3c9f4ce279d1f34051af041db0e16f2",
+                "reference": "946ddeafa3c9f4ce279d1f34051af041db0e16f2",
                 "shasum": ""
             },
             "require": {
@@ -1707,7 +1707,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.22.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.22.2"
             },
             "funding": [
                 {
@@ -1719,7 +1719,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-11-16T16:01:12+00:00"
+            "time": "2025-12-14T11:28:47+00:00"
         }
     ],
     "packages-dev": [
@@ -3455,16 +3455,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "5.6.5",
+            "version": "5.6.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "90614c73d3800e187615e2dd236ad0e2a01bf761"
+                "reference": "5cee1d3dfc2d2aa6599834520911d246f656bcb8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/90614c73d3800e187615e2dd236ad0e2a01bf761",
-                "reference": "90614c73d3800e187615e2dd236ad0e2a01bf761",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/5cee1d3dfc2d2aa6599834520911d246f656bcb8",
+                "reference": "5cee1d3dfc2d2aa6599834520911d246f656bcb8",
                 "shasum": ""
             },
             "require": {
@@ -3474,7 +3474,7 @@
                 "phpdocumentor/reflection-common": "^2.2",
                 "phpdocumentor/type-resolver": "^1.7",
                 "phpstan/phpdoc-parser": "^1.7|^2.0",
-                "webmozart/assert": "^1.9.1"
+                "webmozart/assert": "^1.9.1 || ^2"
             },
             "require-dev": {
                 "mockery/mockery": "~1.3.5 || ~1.6.0",
@@ -3513,9 +3513,9 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.5"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.6"
             },
-            "time": "2025-11-27T19:50:05+00:00"
+            "time": "2025-12-22T21:13:58+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",
@@ -3763,16 +3763,16 @@
         },
         {
             "name": "spatie/array-to-xml",
-            "version": "3.4.3",
+            "version": "3.4.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/spatie/array-to-xml.git",
-                "reference": "7b9202dccfe18d4e3a13303156d6bbcc1c61dabf"
+                "reference": "88b2f3852a922dd73177a68938f8eb2ec70c7224"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/7b9202dccfe18d4e3a13303156d6bbcc1c61dabf",
-                "reference": "7b9202dccfe18d4e3a13303156d6bbcc1c61dabf",
+                "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/88b2f3852a922dd73177a68938f8eb2ec70c7224",
+                "reference": "88b2f3852a922dd73177a68938f8eb2ec70c7224",
                 "shasum": ""
             },
             "require": {
@@ -3815,7 +3815,7 @@
                 "xml"
             ],
             "support": {
-                "source": "https://github.com/spatie/array-to-xml/tree/3.4.3"
+                "source": "https://github.com/spatie/array-to-xml/tree/3.4.4"
             },
             "funding": [
                 {
@@ -3827,7 +3827,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-11-27T09:08:26+00:00"
+            "time": "2025-12-15T09:00:41+00:00"
         },
         {
             "name": "sserbin/twig-linter",
@@ -3889,16 +3889,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.30",
+            "version": "v6.4.31",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "1b2813049506b39eb3d7e64aff033fd5ca26c97e"
+                "reference": "f9f8a889f54c264f9abac3fc0f7a371ffca51997"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/1b2813049506b39eb3d7e64aff033fd5ca26c97e",
-                "reference": "1b2813049506b39eb3d7e64aff033fd5ca26c97e",
+                "url": "https://api.github.com/repos/symfony/console/zipball/f9f8a889f54c264f9abac3fc0f7a371ffca51997",
+                "reference": "f9f8a889f54c264f9abac3fc0f7a371ffca51997",
                 "shasum": ""
             },
             "require": {
@@ -3963,7 +3963,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.30"
+                "source": "https://github.com/symfony/console/tree/v6.4.31"
             },
             "funding": [
                 {
@@ -3983,29 +3983,29 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-12-05T13:47:41+00:00"
+            "time": "2025-12-22T08:30:34+00:00"
         },
         {
             "name": "symfony/filesystem",
-            "version": "v7.4.0",
+            "version": "v8.0.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "d551b38811096d0be9c4691d406991b47c0c630a"
+                "reference": "d937d400b980523dc9ee946bb69972b5e619058d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/d551b38811096d0be9c4691d406991b47c0c630a",
-                "reference": "d551b38811096d0be9c4691d406991b47c0c630a",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/d937d400b980523dc9ee946bb69972b5e619058d",
+                "reference": "d937d400b980523dc9ee946bb69972b5e619058d",
                 "shasum": ""
             },
             "require": {
-                "php": ">=8.2",
+                "php": ">=8.4",
                 "symfony/polyfill-ctype": "~1.8",
                 "symfony/polyfill-mbstring": "~1.8"
             },
             "require-dev": {
-                "symfony/process": "^6.4|^7.0|^8.0"
+                "symfony/process": "^7.4|^8.0"
             },
             "type": "library",
             "autoload": {
@@ -4033,7 +4033,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v7.4.0"
+                "source": "https://github.com/symfony/filesystem/tree/v8.0.1"
             },
             "funding": [
                 {
@@ -4053,20 +4053,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-11-27T13:27:24+00:00"
+            "time": "2025-12-01T09:13:36+00:00"
         },
         {
             "name": "symfony/finder",
-            "version": "v6.4.27",
+            "version": "v6.4.31",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/finder.git",
-                "reference": "a1b6aa435d2fba50793b994a839c32b6064f063b"
+                "reference": "5547f2e1f0ca8e2e7abe490156b62da778cfbe2b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/finder/zipball/a1b6aa435d2fba50793b994a839c32b6064f063b",
-                "reference": "a1b6aa435d2fba50793b994a839c32b6064f063b",
+                "url": "https://api.github.com/repos/symfony/finder/zipball/5547f2e1f0ca8e2e7abe490156b62da778cfbe2b",
+                "reference": "5547f2e1f0ca8e2e7abe490156b62da778cfbe2b",
                 "shasum": ""
             },
             "require": {
@@ -4101,7 +4101,7 @@
             "description": "Finds files and directories via an intuitive fluent interface",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/finder/tree/v6.4.27"
+                "source": "https://github.com/symfony/finder/tree/v6.4.31"
             },
             "funding": [
                 {
@@ -4121,7 +4121,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-10-15T18:32:00+00:00"
+            "time": "2025-12-11T14:52:17+00:00"
         },
         {
             "name": "symfony/polyfill-intl-grapheme",
@@ -4550,16 +4550,16 @@
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.14.2",
+            "version": "6.14.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0"
+                "reference": "d0b040a91f280f071c1abcb1b77ce3822058725a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0",
-                "reference": "bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/d0b040a91f280f071c1abcb1b77ce3822058725a",
+                "reference": "d0b040a91f280f071c1abcb1b77ce3822058725a",
                 "shasum": ""
             },
             "require": {
@@ -4585,8 +4585,8 @@
                 "php": "~8.1.31 || ~8.2.27 || ~8.3.16 || ~8.4.3 || ~8.5.0",
                 "sebastian/diff": "^4.0 || ^5.0 || ^6.0 || ^7.0",
                 "spatie/array-to-xml": "^2.17.0 || ^3.0",
-                "symfony/console": "^6.0 || ^7.0",
-                "symfony/filesystem": "~6.3.12 || ~6.4.3 || ^7.0.3",
+                "symfony/console": "^6.0 || ^7.0 || ^8.0",
+                "symfony/filesystem": "~6.3.12 || ~6.4.3 || ^7.0.3 || ^8.0",
                 "symfony/polyfill-php84": "^1.31.0"
             },
             "provide": {
@@ -4608,7 +4608,7 @@
                 "psalm/plugin-phpunit": "^0.19",
                 "slevomat/coding-standard": "^8.4",
                 "squizlabs/php_codesniffer": "^3.6",
-                "symfony/process": "^6.0 || ^7.0"
+                "symfony/process": "^6.0 || ^7.0 || ^8.0"
             },
             "suggest": {
                 "ext-curl": "In order to send data to shepherd",
@@ -4664,7 +4664,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-12-11T08:58:52+00:00"
+            "time": "2025-12-23T15:36:48+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",
@@ -4735,23 +4735,23 @@
         },
         {
             "name": "webmozart/assert",
-            "version": "1.12.1",
+            "version": "2.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/webmozarts/assert.git",
-                "reference": "9be6926d8b485f55b9229203f962b51ed377ba68"
+                "reference": "1b34b004e35a164bc5bb6ebd33c844b2d8069a54"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/webmozarts/assert/zipball/9be6926d8b485f55b9229203f962b51ed377ba68",
-                "reference": "9be6926d8b485f55b9229203f962b51ed377ba68",
+                "url": "https://api.github.com/repos/webmozarts/assert/zipball/1b34b004e35a164bc5bb6ebd33c844b2d8069a54",
+                "reference": "1b34b004e35a164bc5bb6ebd33c844b2d8069a54",
                 "shasum": ""
             },
             "require": {
                 "ext-ctype": "*",
                 "ext-date": "*",
                 "ext-filter": "*",
-                "php": "^7.2 || ^8.0"
+                "php": "^8.2"
             },
             "suggest": {
                 "ext-intl": "",
@@ -4761,7 +4761,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.10-dev"
+                    "dev-feature/2-0": "2.0-dev"
                 }
             },
             "autoload": {
@@ -4777,6 +4777,10 @@
                 {
                     "name": "Bernhard Schussek",
                     "email": "bschussek@gmail.com"
+                },
+                {
+                    "name": "Woody Gilk",
+                    "email": "woody.gilk@gmail.com"
                 }
             ],
             "description": "Assertions to validate method input/output with nice error messages.",
@@ -4787,9 +4791,9 @@
             ],
             "support": {
                 "issues": "https://github.com/webmozarts/assert/issues",
-                "source": "https://github.com/webmozarts/assert/tree/1.12.1"
+                "source": "https://github.com/webmozarts/assert/tree/2.0.0"
             },
-            "time": "2025-10-29T15:56:20+00:00"
+            "time": "2025-12-16T21:36:00+00:00"
         }
     ],
     "aliases": [],

From 68400eafde480f2856ab9a0eecb0c6d9754b1027 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 31 Dec 2025 12:11:32 +0000
Subject: [PATCH 468/524] watchtower-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/watchtower/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 50ba3b7d..93f91252 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.5-alpine3.22 AS go
 
-ENV WATCHTOWER_COMMIT_HASH=1ee8747544ce9a49711d9314f1690b30c29e6a8c	
+ENV WATCHTOWER_COMMIT_HASH=f6a7b29c312bec5f389a4fb52259919f0678800b	
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
         build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.5
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.13.1
 
 FROM alpine:3.22.2
 

From 5b360e96ac7d132a5d9a0db33b9319ca8440f4c0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Jan 2026 04:13:30 +0000
Subject: [PATCH 469/524] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 29.1.2-cli to 29.1.3-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 29.1.3-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index ebf8b27d..253394de 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.1.2-cli AS docker
+FROM docker:29.1.3-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From 6a356b5390939c68b76707c85d26b6c7aa44b12b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 5 Jan 2026 09:46:10 +0100
Subject: [PATCH 470/524] rp-docs: traefik: encode `%`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 14e7aaaf..50a6bccd 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -871,10 +871,11 @@ The examples below define the dynamic configuration in YAML files. If you rather
           respondingTimeouts:
             readTimeout: 24h # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links)
         http:
-          # Required for Nextcloud to correctly handle encoded URL characters (%2F and %3F in this case) in newer Traefik versions (v3.6.4+).
+          # Required for Nextcloud to correctly handle encoded URL characters (%2F, %3F and %25 in this case) in newer Traefik versions (v3.6.4+).
           encodedCharacters:  
             allowEncodedSlash: true
             allowEncodedQuestionMark: true
+            allowEncodedPercent: true
         # If you want to enable HTTP/3 support, uncomment the line below
         # http3: {}
     

From cea609d746345a5191b105b58799610be1effe5b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 5 Jan 2026 09:53:30 +0100
Subject: [PATCH 471/524] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index c2b94d8c..d028ccbc 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:9.2.0.1
+FROM onlyoffice/documentserver:9.2.1.1
 
 # USER root is probably used
 

From 06cdd8eca1dda533978e0ff69fd9b4e6501393f7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 5 Jan 2026 09:57:39 +0100
Subject: [PATCH 472/524] update remaining dependencies to alpine 3.23

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile          | 2 +-
 Containers/imaginary/Dockerfile       | 4 ++--
 Containers/mastercontainer/Dockerfile | 4 ++--
 Containers/nextcloud/Dockerfile       | 2 +-
 Containers/postgresql/Dockerfile      | 2 +-
 Containers/talk-recording/Dockerfile  | 2 +-
 Containers/watchtower/Dockerfile      | 2 +-
 readme.md                             | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index c844c364..0948fb25 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -2,7 +2,7 @@
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.66-alpine3.22
+FROM httpd:2.4.66-alpine3.23
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 79ea1228..319325b1 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.5-alpine3.22 AS go
+FROM golang:1.25.5-alpine3.23 AS go
 
-ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
+ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 253394de..e10895e8 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,8 +5,8 @@ FROM docker:29.1.3-cli AS docker
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy
 
-# From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
-FROM php:8.4.15-fpm-alpine3.22
+# From https://github.com/docker-library/php/blob/master/8.4/alpine3.23/fpm/Dockerfile
+FROM php:8.4.15-fpm-alpine3.23
 
 EXPOSE 80
 EXPOSE 8080
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 05b3dd0a..578e7165 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.28-fpm-alpine3.22
+FROM php:8.3.28-fpm-alpine3.23
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 4da6a372..725b8042 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-# From https://github.com/docker-library/postgres/blob/master/17/alpine3.22/Dockerfile
+# From https://github.com/docker-library/postgres/blob/master/17/alpine3.23/Dockerfile
 FROM postgres:17.7-alpine
 
 COPY --chmod=775 start.sh /start.sh
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index beeb517e..65af7db4 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.14.2-alpine3.22
+FROM python:3.14.2-alpine3.23
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 14f6c672..fcf4678a 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.5-alpine3.22 AS go
+FROM golang:1.25.5-alpine3.23 AS go
 
 ENV WATCHTOWER_COMMIT_HASH=1ee8747544ce9a49711d9314f1690b30c29e6a8c	
 
diff --git a/readme.md b/readme.md
index fc46b3fb..bcbf7d57 100644
--- a/readme.md
+++ b/readme.md
@@ -504,7 +504,7 @@ You might want to adjust the Nextcloud apps that are installed upon the first st
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.22. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.23. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 

From 8a184fdce00484107cebc9442e3741bad4c2a3e0 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 5 Jan 2026 12:03:44 +0000
Subject: [PATCH 473/524] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 319325b1..11250a43 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.5-alpine3.23 AS go
 
-ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
+ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 84c581b8bf1d08a5a89b8efd36d372f5fec791ec Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 5 Jan 2026 15:43:17 +0100
Subject: [PATCH 474/524] notify-push & whiteboard: URL-encode passwords

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/notify-push/Dockerfile | 1 +
 Containers/notify-push/start.sh   | 4 ++++
 Containers/whiteboard/Dockerfile  | 2 +-
 Containers/whiteboard/start.sh    | 3 +++
 4 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 83b4cab1..029c93f2 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -11,6 +11,7 @@ RUN set -ex; \
         netcat-openbsd \
         tzdata \
         bash \
+        jq \
         openssl; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index 4f07907b..26d74333 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -70,6 +70,10 @@ if [ "$POSTGRES_USER" = nextcloud ]; then
     export POSTGRES_USER
 fi
 
+# URL-encode passwords
+POSTGRES_PASSWORD="$(jq -rn --arg v "$POSTGRES_PASSWORD" '$v|@uri')"
+REDIS_HOST_PASSWORD="$(jq -rn --arg v "$REDIS_HOST_PASSWORD" '$v|@uri')"
+
 # Postgres root cert
 if [ -f "/nextcloud/data/certificates/POSTGRES" ]; then
     CERT_OPTIONS="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/ca-bundle.crt"
diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index e2f40160..f6b8cc7d 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -4,7 +4,7 @@ FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.0
 
 USER root
 RUN set -ex; \
-    apk add --no-cache bash; \
+    apk add --no-cache bash jq; \
     chmod 777 -R /tmp; \
     if [ -f /usr/lib/chromium/chrome_crashpad_handler ] && [ ! -f /usr/lib/chromium/chrome_crashpad_handler.real ]; then \
         mv /usr/lib/chromium/chrome_crashpad_handler /usr/lib/chromium/chrome_crashpad_handler.real; \
diff --git a/Containers/whiteboard/start.sh b/Containers/whiteboard/start.sh
index 8975e0c6..e0babd7f 100644
--- a/Containers/whiteboard/start.sh
+++ b/Containers/whiteboard/start.sh
@@ -11,6 +11,9 @@ if [ -z "$REDIS_DB_INDEX" ]; then
     REDIS_DB_INDEX=0
 fi
 
+# URL-encode password
+REDIS_HOST_PASSWORD="$(jq -rn --arg v "$REDIS_HOST_PASSWORD" '$v|@uri')"
+
 export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST:$REDIS_PORT/$REDIS_DB_INDEX"
 
 # Run it

From 9da86241d4e96f5486f26c2d1243f8874c234d1b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Jan 2026 04:18:07 +0000
Subject: [PATCH 475/524] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.3.0-alpine to 3.3.1-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.3.1-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index ed2e9e2d..796c855a 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.3.0-alpine
+FROM haproxy:3.3.1-alpine
 
 # hadolint ignore=DL3002
 USER root

From d178e12ae4df07a08d198fbc60f820aba58a513b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Jan 2026 04:18:11 +0000
Subject: [PATCH 476/524] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.8 to 8.19.9.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 6e739095..7975bcbb 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.8
+FROM elasticsearch:8.19.9
 
 USER root
 

From 5718c1e7edc5673b5adfbf657ca20ca00ae2af44 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Jan 2026 04:18:39 +0000
Subject: [PATCH 477/524] build(deps): bump php in /Containers/mastercontainer

Bumps php from 8.4.15-fpm-alpine3.23 to 8.4.16-fpm-alpine3.23.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.16-fpm-alpine3.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index e10895e8..c5b91b7d 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:29.1.3-cli AS docker
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.23/fpm/Dockerfile
-FROM php:8.4.15-fpm-alpine3.23
+FROM php:8.4.16-fpm-alpine3.23
 
 EXPOSE 80
 EXPOSE 8080

From 7a623fb12038ac1f0083359102f16c9a99f2bb62 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Jan 2026 04:19:00 +0000
Subject: [PATCH 478/524] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.28-fpm-alpine3.23 to 8.3.29-fpm-alpine3.23.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.29-fpm-alpine3.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 3ee04ae3..6b6be7f8 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.28-fpm-alpine3.23
+FROM php:8.3.29-fpm-alpine3.23
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From e2b425bcda4956b7d9b1e1e01667d9ddd3ba1a96 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Tue, 6 Jan 2026 04:23:38 +0000
Subject: [PATCH 479/524] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 8c90cdc8..a9b7140d 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.14.2@bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0"/>
+<files psalm-version="6.14.3@d0b040a91f280f071c1abcb1b77ce3822058725a"/>

From 1f6871ff5cc4dce028b71dd164d982d058376826 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Wed, 7 Jan 2026 12:03:32 +0100
Subject: [PATCH 480/524] Fix typo in variable throughout the code base

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                  | 22 ++++-----
 php/src/Cron/BackupNotification.php   | 66 +++++++++++++--------------
 php/src/Cron/CheckFreeDiskSpace.php   |  6 +--
 php/src/Cron/OutdatedNotification.php |  8 ++--
 php/src/Cron/UpdateNotification.php   | 12 ++---
 5 files changed, 57 insertions(+), 57 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index c49629bd..b57f65a5 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -77,11 +77,11 @@ $app->get('/containers', function (Request $request, Response $response, array $
     $view->addExtension(new \AIO\Twig\ClassExtension());
     /** @var \AIO\Data\ConfigurationManager $configurationManager */
     $configurationManager = $container->get(\AIO\Data\ConfigurationManager::class);
-    /** @var \AIO\Docker\DockerActionManager $dockerActionManger */
-    $dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+    /** @var \AIO\Docker\DockerActionManager $dockerActionManager */
+    $dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class);
     /** @var \AIO\Controller\DockerController $dockerController */
     $dockerController = $container->get(\AIO\Controller\DockerController::class);
-    $dockerActionManger->ConnectMasterContainerToNetwork();
+    $dockerActionManager->ConnectMasterContainerToNetwork();
     $dockerController->StartDomaincheckContainer();
 
     // Check if bypass_mastercontainer_update is provided on the URL, a special developer mode to bypass a mastercontainer update and use local image.
@@ -99,17 +99,17 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
         'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
         'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'),
-        'is_mastercontainer_update_available' => ( $bypass_mastercontainer_update ? false : $dockerActionManger->IsMastercontainerUpdateAvailable() ),
+        'is_mastercontainer_update_available' => ( $bypass_mastercontainer_update ? false : $dockerActionManager->IsMastercontainerUpdateAvailable() ),
         'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
-        'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(),
-        'backup_exit_code' => $dockerActionManger->GetBackupcontainerExitCode(),
+        'is_backup_container_running' => $dockerActionManager->isBackupContainerRunning(),
+        'backup_exit_code' => $dockerActionManager->GetBackupcontainerExitCode(),
         'is_instance_restore_attempt' => $configurationManager->isInstanceRestoreAttempt(),
         'borg_backup_mode' => $configurationManager->GetBackupMode(),
         'was_start_button_clicked' => $configurationManager->wasStartButtonClicked(),
-        'has_update_available' => $dockerActionManger->isAnyUpdateAvailable(),
+        'has_update_available' => $dockerActionManager->isAnyUpdateAvailable(),
         'last_backup_time' => $configurationManager->GetLastBackupTime(),
         'backup_times' => $configurationManager->GetBackupTimes(),
-        'current_channel' => $dockerActionManger->GetCurrentChannel(),
+        'current_channel' => $dockerActionManager->GetCurrentChannel(),
         'is_clamav_enabled' => $configurationManager->isClamavEnabled(),
         'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled(),
         'is_collabora_enabled' => $configurationManager->isCollaboraEnabled(),
@@ -144,10 +144,10 @@ $app->get('/containers', function (Request $request, Response $response, array $
 })->setName('profile');
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
-    /** @var \AIO\Docker\DockerActionManager $dockerActionManger */
-    $dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+    /** @var \AIO\Docker\DockerActionManager $dockerActionManager */
+    $dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class);
     return $view->render($response, 'login.twig', [
-        'is_login_allowed' => $dockerActionManger->isLoginAllowed(),
+        'is_login_allowed' => $dockerActionManager->isLoginAllowed(),
     ]);
 });
 $app->get('/setup', function (Request $request, Response $response, array $args) use ($container) {
diff --git a/php/src/Cron/BackupNotification.php b/php/src/Cron/BackupNotification.php
index 17da93b2..6fbab65f 100644
--- a/php/src/Cron/BackupNotification.php
+++ b/php/src/Cron/BackupNotification.php
@@ -1,33 +1,33 @@
-<?php
-declare(strict_types=1);
-
-// increase memory limit to 2GB
-ini_set('memory_limit', '2048M');
-
-use DI\Container;
-
-require __DIR__ . '/../../vendor/autoload.php';
-
-$container = \AIO\DependencyInjection::GetContainer();
-
-/** @var \AIO\Docker\DockerActionManager $dockerActionManger */
-$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
-/** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */
-$containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class);
-
-$id = 'nextcloud-aio-nextcloud';
-$nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
-
-$backupExitCode = $dockerActionManger->GetBackupcontainerExitCode();
-
-if ($backupExitCode === 0) {
-    if (getenv('SEND_SUCCESS_NOTIFICATIONS') === "0") {
-        error_log("Daily backup successful! Only logging successful backup and not sending backup notification since that has been disabled! You can get further info by looking at the backup logs in the AIO interface.");
-    } else {
-        $dockerActionManger->sendNotification($nextcloudContainer, 'Daily backup successful!', 'You can get further info by looking at the backup logs in the AIO interface.');
-    }
-}
-
-if ($backupExitCode > 0) {
-    $dockerActionManger->sendNotification($nextcloudContainer, 'Daily backup failed!', 'You can get further info by looking at the backup logs in the AIO interface.');
-}
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Docker\DockerActionManager $dockerActionManager */
+$dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class);
+/** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */
+$containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class);
+
+$id = 'nextcloud-aio-nextcloud';
+$nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
+
+$backupExitCode = $dockerActionManager->GetBackupcontainerExitCode();
+
+if ($backupExitCode === 0) {
+    if (getenv('SEND_SUCCESS_NOTIFICATIONS') === "0") {
+        error_log("Daily backup successful! Only logging successful backup and not sending backup notification since that has been disabled! You can get further info by looking at the backup logs in the AIO interface.");
+    } else {
+        $dockerActionManager->sendNotification($nextcloudContainer, 'Daily backup successful!', 'You can get further info by looking at the backup logs in the AIO interface.');
+    }
+}
+
+if ($backupExitCode > 0) {
+    $dockerActionManager->sendNotification($nextcloudContainer, 'Daily backup failed!', 'You can get further info by looking at the backup logs in the AIO interface.');
+}
diff --git a/php/src/Cron/CheckFreeDiskSpace.php b/php/src/Cron/CheckFreeDiskSpace.php
index b462195e..1b5d2d64 100644
--- a/php/src/Cron/CheckFreeDiskSpace.php
+++ b/php/src/Cron/CheckFreeDiskSpace.php
@@ -11,8 +11,8 @@ require __DIR__ . '/../../vendor/autoload.php';
 
 $container = \AIO\DependencyInjection::GetContainer();
 
-/** @var \AIO\Docker\DockerActionManager $dockerActionManger */
-$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+/** @var \AIO\Docker\DockerActionManager $dockerActionManager */
+$dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class);
 /** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */
 $containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class);
 
@@ -22,5 +22,5 @@ $nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
 $df = disk_free_space(DataConst::GetDataDirectory());
 if ($df !== false && (int)$df < 1024 * 1024 * 1024 * 5) {
     error_log("The drive that hosts the mastercontainer volume has less than 5 GB free space. Container updates and backups might not succeed due to that!");
-    $dockerActionManger->sendNotification($nextcloudContainer, 'Low on space!', 'The drive that hosts the mastercontainer volume has less than 5 GB free space. Container updates and backups might not succeed due to that!');
+    $dockerActionManager->sendNotification($nextcloudContainer, 'Low on space!', 'The drive that hosts the mastercontainer volume has less than 5 GB free space. Container updates and backups might not succeed due to that!');
 }
diff --git a/php/src/Cron/OutdatedNotification.php b/php/src/Cron/OutdatedNotification.php
index e652ba3a..628f0924 100644
--- a/php/src/Cron/OutdatedNotification.php
+++ b/php/src/Cron/OutdatedNotification.php
@@ -10,17 +10,17 @@ require __DIR__ . '/../../vendor/autoload.php';
 
 $container = \AIO\DependencyInjection::GetContainer();
 
-/** @var \AIO\Docker\DockerActionManager $dockerActionManger */
-$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+/** @var \AIO\Docker\DockerActionManager $dockerActionManager */
+$dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class);
 /** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */
 $containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class);
 
 $id = 'nextcloud-aio-nextcloud';
 $nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
 
-$isNextcloudImageOutdated = $dockerActionManger->isNextcloudImageOutdated();
+$isNextcloudImageOutdated = $dockerActionManager->isNextcloudImageOutdated();
 
 if ($isNextcloudImageOutdated === true) {
-    $dockerActionManger->sendNotification($nextcloudContainer, 'AIO is outdated!', 'Please open the AIO interface or ask an administrator to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which automatically updates all containers.', '/notify-all.sh');
+    $dockerActionManager->sendNotification($nextcloudContainer, 'AIO is outdated!', 'Please open the AIO interface or ask an administrator to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which automatically updates all containers.', '/notify-all.sh');
 }
 
diff --git a/php/src/Cron/UpdateNotification.php b/php/src/Cron/UpdateNotification.php
index e1d57f6a..2c12e2f4 100644
--- a/php/src/Cron/UpdateNotification.php
+++ b/php/src/Cron/UpdateNotification.php
@@ -10,21 +10,21 @@ require __DIR__ . '/../../vendor/autoload.php';
 
 $container = \AIO\DependencyInjection::GetContainer();
 
-/** @var \AIO\Docker\DockerActionManager $dockerActionManger */
-$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+/** @var \AIO\Docker\DockerActionManager $dockerActionManager */
+$dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class);
 /** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */
 $containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class);
 
 $id = 'nextcloud-aio-nextcloud';
 $nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
 
-$isMastercontainerUpdateAvailable = $dockerActionManger->IsMastercontainerUpdateAvailable();
-$isAnyUpdateAvailable = $dockerActionManger->isAnyUpdateAvailable();
+$isMastercontainerUpdateAvailable = $dockerActionManager->IsMastercontainerUpdateAvailable();
+$isAnyUpdateAvailable = $dockerActionManager->isAnyUpdateAvailable();
 
 if ($isMastercontainerUpdateAvailable === true) {
-    $dockerActionManger->sendNotification($nextcloudContainer, 'Mastercontainer update available!', 'Please open your AIO interface to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which also automatically updates the mastercontainer.');
+    $dockerActionManager->sendNotification($nextcloudContainer, 'Mastercontainer update available!', 'Please open your AIO interface to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which also automatically updates the mastercontainer.');
 }
 
 if ($isAnyUpdateAvailable === true) {
-    $dockerActionManger->sendNotification($nextcloudContainer, 'Container updates available!', 'Please open your AIO interface to update them. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which also automatically updates your containers and your Nextcloud apps.');
+    $dockerActionManager->sendNotification($nextcloudContainer, 'Container updates available!', 'Please open your AIO interface to update them. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which also automatically updates your containers and your Nextcloud apps.');
 }

From 05d0ea928276819ac71293f9ace4f98a354ab1b0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 7 Jan 2026 12:26:14 +0000
Subject: [PATCH 481/524] build(deps): bump astral-sh/setup-uv in
 /.github/workflows

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.1.6 to 7.2.0.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/681c641aba71e4a1c380be3ab5e12ad51f415867...61cb8a9741eeb8a550a1b8544337180c0fc8476b)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-yaml.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index 9b5710cb..3bb1d33f 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -36,7 +36,7 @@ jobs:
             line-length: warning
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
 
       - name: Check GitHub actions
         run: uvx zizmor --min-severity medium .github/workflows/*.yml

From 13b885928b2f9fe695575b47cf00edfa1b5c094e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 7 Jan 2026 13:52:42 +0100
Subject: [PATCH 482/524] fix zizmor config

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 zizmor.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/zizmor.yml b/zizmor.yml
index afc373cb..a991eaa5 100644
--- a/zizmor.yml
+++ b/zizmor.yml
@@ -4,3 +4,7 @@ rules:
   dangerous-triggers:
     ignore:
       - build_images.yml
+  unpinned-uses:
+    config:
+      policies:
+        actions/*: ref-pin

From 4253308781bf227d46d2283473d567e002f3b683 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 7 Jan 2026 17:27:28 +0100
Subject: [PATCH 483/524] increase to v12.4.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 4e25dcf3..c318e8a6 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.3.0</h1>
+            <h1>Nextcloud AIO v12.4.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 2ce06a49c711a7e401385f0696752b6b2a473fdf Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 7 Jan 2026 18:01:30 +0100
Subject: [PATCH 484/524] fix bug with imagick

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 05ccb8b0..a5f38534 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -93,6 +93,10 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
         fi
         read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS"
         for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do
+            if [ "$app" = imagick ]; then
+                # imagick is already enabled by default, so does not need to be enabled anymore.
+                continue
+            fi
             # shellcheck disable=SC2086
             if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then
                 echo "Installing PHP build dependencies..."

From a83c4e2ed1716acd5b7635063f7377e1cd52ac23 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 8 Jan 2026 15:25:23 +0100
Subject: [PATCH 485/524] nextcloud-entrypoint: remove custom logic for
 ldap.conf again as it does not work

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 6825f04c..43432e6d 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -65,14 +65,6 @@ if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
 
     done
 
-    # Custom logic for ldap conf
-    if ! grep -q "TLS_" /etc/openldap/ldap.conf; then
-        cat << EOL >> /etc/openldap/ldap.conf
-TLS_CACERT $CERTIFICATE_BUNDLE
-TLS_REQCERT try
-EOL
-    fi
-
     # Backwards compatibility with older instances
     if [ -f "/var/www/html/config/postgres.config.php" ]; then
         sed -i "s|/var/www/html/data/certificates/POSTGRES|/var/www/html/data/certificates/ca-bundle.crt|" /var/www/html/config/postgres.config.php

From 6200327a778321afab206a38be20cd6ab088d90a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 8 Jan 2026 16:15:51 +0100
Subject: [PATCH 486/524] add two further commands to the bug-report template

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index ec25fc4a..5d6cc059 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -32,6 +32,10 @@ labels: 0. Needs triage
 
 #### Output of `sudo docker logs nextcloud-aio-mastercontainer`
 
+#### Output of `sudo docker inspect nextcloud-aio-mastercontainer`
+
+#### Output of `sudo docker ps -a`
+
 #### Other valuable info <!--- (like additional logs, screenshots & Co.) -->
 
 #### A picture of a cute animal <!--- (not mandatory but encouraged) -->

From 71550aeeccf9a010f9bb4fa59ab1baf366a9be88 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 8 Jan 2026 12:41:42 +0100
Subject: [PATCH 487/524] run playwright tests also on push

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/playwright-on-push.yml      | 123 ++++++++++++++++++
 ...ml => playwright-on-workflow-dispatch.yml} |   0
 2 files changed, 123 insertions(+)
 create mode 100644 .github/workflows/playwright-on-push.yml
 rename .github/workflows/{playwright.yml => playwright-on-workflow-dispatch.yml} (100%)

diff --git a/.github/workflows/playwright-on-push.yml b/.github/workflows/playwright-on-push.yml
new file mode 100644
index 00000000..af8dec02
--- /dev/null
+++ b/.github/workflows/playwright-on-push.yml
@@ -0,0 +1,123 @@
+name: Playwright Tests on push
+
+on:
+  pull_request:
+    paths:
+      - 'php/**'
+  push:
+    branches:
+      - main
+    paths:
+      - 'php/**'
+
+concurrency:
+  group: playwright-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+env:
+  BASE_URL: https://localhost:8080
+
+jobs:
+  test:
+    timeout-minutes: 60
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6.0.1
+
+      - uses: actions/setup-node@v6
+        with:
+          node-version: lts/*
+
+      - name: Install dependencies
+        run: cd php/tests && npm ci
+
+      - name: Install Playwright Browsers
+        run: cd php/tests && npx playwright install --with-deps chromium
+
+      - name: Set up php 8.4
+        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0
+        with:
+          extensions: apcu
+          php-version: 8.4
+          coverage: none
+          ini-file: development
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Adjust some things and fix permissions
+        run: |
+          cd php
+          rm -r ./data
+          rm -r ./session
+          composer install --no-dev
+          composer clear-cache
+          sudo chmod 777 -R ./
+
+      - name: Start fresh development server
+        run: |
+          docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
+          docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
+          docker pull ghcr.io/nextcloud-releases/all-in-one:develop
+          docker run \
+            -d \
+            --init \
+            --name nextcloud-aio-mastercontainer \
+            --restart always \
+            --publish 8080:8080 \
+            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+            --volume ./php:/var/www/docker-aio/php \
+            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
+            --env SKIP_DOMAIN_VALIDATION=true \
+            --env APACHE_PORT=11000 \
+            ghcr.io/nextcloud-releases/all-in-one:develop
+          echo Waiting for 10 seconds for the development container to start ...
+          sleep 10
+
+      - name: Run Playwright tests for initial setup
+        run: |
+          cd php/tests
+          export DEBUG=pw:api
+          if ! npx playwright test tests/initial-setup.spec.js; then
+            docker logs nextcloud-aio-mastercontainer
+            docker logs nextcloud-aio-borgbackup
+            exit 1
+          fi
+
+      - name: Start fresh development server
+        run: |
+          docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
+          docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
+          docker run \
+            -d \
+            --init \
+            --name nextcloud-aio-mastercontainer \
+            --restart always \
+            --publish 8080:8080 \
+            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+            --volume ./php:/var/www/docker-aio/php \
+            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
+            --env SKIP_DOMAIN_VALIDATION=false \
+            --env APACHE_PORT=11000 \
+            ghcr.io/nextcloud-releases/all-in-one:develop
+          echo Waiting for 10 seconds for the development container to start ...
+          sleep 10
+
+      - name: Run Playwright tests for backup restore
+        run: |
+          cd php/tests 
+          export DEBUG=pw:api
+          if ! npx playwright test tests/restore-instance.spec.js; then
+            docker logs nextcloud-aio-mastercontainer
+            docker logs nextcloud-aio-borgbackup
+            exit 1
+          fi
+
+      - uses: actions/upload-artifact@v6
+        if: ${{ !cancelled() }}
+        with:
+          name: playwright-report
+          path: php/tests/playwright-report/
+          retention-days: 14
+          overwrite: true
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright-on-workflow-dispatch.yml
similarity index 100%
rename from .github/workflows/playwright.yml
rename to .github/workflows/playwright-on-workflow-dispatch.yml

From cdd21ae1ff62f02992670677cd4b7aecc2f49107 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Sat, 10 Jan 2026 15:07:08 +0100
Subject: [PATCH 488/524] refactor: change private properties to public in
 Container class and update related methods

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/src/Container/Container.php               | 148 ++++--------------
 php/src/ContainerDefinitionFetcher.php        |   2 +-
 php/src/Controller/DockerController.php       |   6 +-
 php/src/Docker/DockerActionManager.php        | 112 ++++++-------
 php/templates/components/container-state.twig |  18 +--
 php/templates/containers.twig                 |  12 +-
 6 files changed, 105 insertions(+), 193 deletions(-)

diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index baee1c00..6e5d2b54 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -5,121 +5,56 @@ namespace AIO\Container;
 use AIO\Data\ConfigurationManager;
 use AIO\Docker\DockerActionManager;
 use AIO\ContainerDefinitionFetcher;
+use JsonException;
 
 readonly class Container {
     public function __construct(
-        private string                        $identifier,
-        private string                        $displayName,
-        private string                        $containerName,
-        private string                        $restartPolicy,
-        private int                           $maxShutdownTime,
-        private ContainerPorts                $ports,
-        private string                        $internalPorts,
-        private ContainerVolumes              $volumes,
-        private ContainerEnvironmentVariables $containerEnvironmentVariables,
+        public string                        $identifier,
+        public string                        $displayName,
+        public string                        $containerName,
+        public string                        $restartPolicy,
+        public int                           $maxShutdownTime,
+        public ContainerPorts                $ports,
+        public string                        $internalPorts,
+        public ContainerVolumes              $volumes,
+        public ContainerEnvironmentVariables $containerEnvironmentVariables,
         /** @var string[] */
-        private array                         $dependsOn,
+        public array                         $dependsOn,
         private string                        $uiSecret,
         /** @var string[] */
-        private array                         $devices,
-        private bool                          $enableNvidiaGpu,
+        public array                         $devices,
+        public bool                          $enableNvidiaGpu,
         /** @var string[] */
-        private array                         $capAdd,
-        private int                           $shmSize,
-        private bool                          $apparmorUnconfined,
+        public array                         $capAdd,
+        public int                           $shmSize,
+        public bool                          $apparmorUnconfined,
         /** @var string[] */
-        private array                         $backupVolumes,
-        private array                         $nextcloudExecCommands,
-        private bool                          $readOnlyRootFs,
-        private array                         $tmpfs,
-        private bool                          $init,
-        private string                        $imageTag,
-        private AioVariables                  $aioVariables,
-        private string                        $documentation,
+        public array                         $backupVolumes,
+        public array                         $nextcloudExecCommands,
+        public bool                          $readOnlyRootFs,
+        public array                         $tmpfs,
+        public bool                          $init,
+        public string                        $imageTag,
+        public AioVariables                  $aioVariables,
+        public string                        $documentation,
         private DockerActionManager           $dockerActionManager
     ) {
     }
 
-    public function GetIdentifier() : string {
-        return $this->identifier;
-    }
-
-    public function GetDisplayName() : string {
-        return $this->displayName;
-    }
-
-    public function GetContainerName() : string {
-        return $this->containerName;
-    }
-
-    public function GetRestartPolicy() : string {
-        return $this->restartPolicy;
-    }
-
-    public function GetImageTag() : string {
-        return $this->imageTag;
-    }
-
-    public function GetReadOnlySetting() : bool {
-        return $this->readOnlyRootFs;
-    }
-
-    public function GetInit() : bool {
-        return $this->init;
-    }
-
-    public function GetShmSize() : int {
-        return $this->shmSize;
-    }
-
-    public function isApparmorUnconfined() : bool {
-        return $this->apparmorUnconfined;
-    }
-
-    public function GetMaxShutdownTime() : int {
-        return $this->maxShutdownTime;
-    }
-
     public function GetUiSecret() : string {
         return $this->dockerActionManager->GetAndGenerateSecretWrapper($this->uiSecret);
     }
 
-    public function GetTmpfs() : array {
-        return $this->tmpfs;
-    }
-
-    public function GetDevices() : array {
-        return $this->devices;
-    }
-
-    public function isNvidiaGpuEnabled() : bool {
-        return $this->enableNvidiaGpu;
-    }
-
-    public function GetCapAdds() : array {
-        return $this->capAdd;
-    }
-
-    public function GetBackupVolumes() : array {
-        return $this->backupVolumes;
-    }
-
-    public function GetPorts() : ContainerPorts {
-        return $this->ports;
-    }
-
-    public function GetInternalPort() : string {
-        return $this->internalPorts;
-    }
-
-    public function GetVolumes() : ContainerVolumes {
-        return $this->volumes;
-    }
-
+    /**
+     * @throws JsonException
+     */
     public function GetRunningState() : ContainerState {
         return $this->dockerActionManager->GetContainerRunningState($this);
     }
 
+    /**
+     * @throws JsonException
+     */
     public function GetRestartingState() : ContainerState {
         return $this->dockerActionManager->GetContainerRestartingState($this);
     }
@@ -131,27 +66,4 @@ readonly class Container {
     public function GetStartingState() : ContainerState {
         return $this->dockerActionManager->GetContainerStartingState($this);
     }
-
-    /**
-     * @return string[]
-     */
-    public function GetDependsOn() : array {
-        return $this->dependsOn;
-    }
-
-    public function GetNextcloudExecCommands() : array {
-        return $this->nextcloudExecCommands;
-    }
-
-    public function GetEnvironmentVariables() : ContainerEnvironmentVariables {
-        return $this->containerEnvironmentVariables;
-    }
-
-    public function GetAioVariables() : AioVariables {
-        return $this->aioVariables;
-    }
-
-    public function GetDocumentation() : string {
-        return $this->documentation;
-    }
 }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 7b092e45..d7498047 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -25,7 +25,7 @@ readonly class ContainerDefinitionFetcher {
         $containers = $this->FetchDefinition();
 
         foreach ($containers as $container) {
-            if ($container->GetIdentifier() === $id) {
+            if ($container->identifier === $id) {
                 return $container;
             }
         }
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 27a06bc8..a924e61f 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -23,7 +23,7 @@ readonly class DockerController {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         // Start all dependencies first and then itself
-        foreach($container->GetDependsOn() as $dependency) {
+        foreach($container->dependsOn as $dependency) {
             $this->PerformRecursiveContainerStart($dependency, $pullImage);
         }
 
@@ -46,7 +46,7 @@ readonly class DockerController {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         // Pull all dependencies first and then itself
-        foreach($container->GetDependsOn() as $dependency) {
+        foreach($container->dependsOn as $dependency) {
             $this->PerformRecursiveImagePull($dependency);
         }
 
@@ -255,7 +255,7 @@ readonly class DockerController {
             // We want to stop the Nextcloud container after 10s and not wait for the configured stop_grace_period
             $this->dockerActionManager->StopContainer($container, $forceStopNextcloud);
         }
-        foreach($container->GetDependsOn() as $dependency) {
+        foreach($container->dependsOn as $dependency) {
             $this->PerformRecursiveContainerStop($dependency, $forceStopNextcloud);
         }
     }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 9e8a8ff2..529af1fe 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -36,15 +36,15 @@ readonly class DockerActionManager {
     }
 
     private function BuildImageName(Container $container): string {
-        $tag = $container->GetImageTag();
+        $tag = $container->imageTag;
         if ($tag === '%AIO_CHANNEL%') {
             $tag = $this->GetCurrentChannel();
         }
-        return $container->GetContainerName() . ':' . $tag;
+        return $container->containerName . ':' . $tag;
     }
 
     public function GetContainerRunningState(Container $container): ContainerState {
-        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier())));
+        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->identifier)));
         try {
             $response = $this->guzzleClient->get($url);
         } catch (RequestException $e) {
@@ -64,7 +64,7 @@ readonly class DockerActionManager {
     }
 
     public function GetContainerRestartingState(Container $container): ContainerState {
-        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier())));
+        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->identifier)));
         try {
             $response = $this->guzzleClient->get($url);
         } catch (RequestException $e) {
@@ -84,16 +84,16 @@ readonly class DockerActionManager {
     }
 
     public function GetContainerUpdateState(Container $container): VersionState {
-        $tag = $container->GetImageTag();
+        $tag = $container->imageTag;
         if ($tag === '%AIO_CHANNEL%') {
             $tag = $this->GetCurrentChannel();
         }
 
-        $runningDigests = $this->GetRepoDigestsOfContainer($container->GetIdentifier());
+        $runningDigests = $this->GetRepoDigestsOfContainer($container->identifier);
         if ($runningDigests === null) {
             return VersionState::Different;
         }
-        $remoteDigest = $this->GetLatestDigestOfTag($container->GetContainerName(), $tag);
+        $remoteDigest = $this->GetLatestDigestOfTag($container->containerName, $tag);
         if ($remoteDigest === null) {
             return VersionState::Equal;
         }
@@ -112,8 +112,8 @@ readonly class DockerActionManager {
             return $runningState;
         }
 
-        $containerName = $container->GetIdentifier();
-        $internalPort = $container->GetInternalPort();
+        $containerName = $container->identifier;
+        $internalPort = $container->internalPorts;
         if ($internalPort === '%APACHE_PORT%') {
             $internalPort = $this->configurationManager->GetApachePort();
         } elseif ($internalPort === '%TALK_PORT%') {
@@ -134,7 +134,7 @@ readonly class DockerActionManager {
     }
 
     public function DeleteContainer(Container $container): void {
-        $url = $this->BuildApiUrl(sprintf('containers/%s?v=true', urlencode($container->GetIdentifier())));
+        $url = $this->BuildApiUrl(sprintf('containers/%s?v=true', urlencode($container->identifier)));
         try {
             $this->guzzleClient->delete($url);
         } catch (RequestException $e) {
@@ -166,17 +166,17 @@ readonly class DockerActionManager {
     }
 
     public function StartContainer(Container $container): void {
-        $url = $this->BuildApiUrl(sprintf('containers/%s/start', urlencode($container->GetIdentifier())));
+        $url = $this->BuildApiUrl(sprintf('containers/%s/start', urlencode($container->identifier)));
         try {
             $this->guzzleClient->post($url);
         } catch (RequestException $e) {
-            throw new \Exception("Could not start container " . $container->GetIdentifier() . ": " . $e->getResponse()?->getBody()->getContents());
+            throw new \Exception("Could not start container " . $container->identifier . ": " . $e->getResponse()?->getBody()->getContents());
         }
     }
 
     public function CreateVolumes(Container $container): void {
         $url = $this->BuildApiUrl('volumes/create');
-        foreach ($container->GetVolumes()->GetVolumes() as $volume) {
+        foreach ($container->volumes->GetVolumes() as $volume) {
             $forbiddenChars = [
                 '/',
             ];
@@ -202,9 +202,9 @@ readonly class DockerActionManager {
 
     public function CreateContainer(Container $container): void {
         $volumes = [];
-        foreach ($container->GetVolumes()->GetVolumes() as $volume) {
+        foreach ($container->volumes->GetVolumes() as $volume) {
             // // NEXTCLOUD_MOUNT gets added via bind-mount later on
-            // if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
+            // if ($container->identifier === 'nextcloud-aio-nextcloud') {
             //     if ($volume->name === $this->configurationManager->GetNextcloudMount()) {
             //         continue;
             //     }
@@ -228,7 +228,7 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['Binds'] = $volumes;
         }
 
-        $aioVariables = $container->GetAioVariables()->GetVariables();
+        $aioVariables = $container->aioVariables->GetVariables();
         foreach ($aioVariables as $variable) {
             $config = $this->configurationManager->GetConfig();
             $variable = $this->replaceEnvPlaceholders($variable);
@@ -238,9 +238,9 @@ readonly class DockerActionManager {
             sleep(1);
         }
 
-        $envs = $container->GetEnvironmentVariables()->GetVariables();
+        $envs = $container->containerEnvironmentVariables->GetVariables();
         // Special thing for the nextcloud container
-        if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
+        if ($container->identifier === 'nextcloud-aio-nextcloud') {
             $envs[] = $this->GetAllNextcloudExecCommands();
         }
         foreach ($envs as $key => $env) {
@@ -251,13 +251,13 @@ readonly class DockerActionManager {
             $requestBody['Env'] = $envs;
         }
 
-        $requestBody['HostConfig']['RestartPolicy']['Name'] = $container->GetRestartPolicy();
+        $requestBody['HostConfig']['RestartPolicy']['Name'] = $container->restartPolicy;
 
-        $requestBody['HostConfig']['ReadonlyRootfs'] = $container->GetReadOnlySetting();
+        $requestBody['HostConfig']['ReadonlyRootfs'] = $container->readOnlyRootFs;
 
         $exposedPorts = [];
-        if ($container->GetInternalPort() !== 'host') {
-            foreach ($container->GetPorts()->GetPorts() as $value) {
+        if ($container->internalPorts !== 'host') {
+            foreach ($container->ports->GetPorts() as $value) {
                 $port = $value->port;
                 $protocol = $value->protocol;
                 if ($port === '%APACHE_PORT%') {
@@ -279,7 +279,7 @@ readonly class DockerActionManager {
 
         if (count($exposedPorts) > 0) {
             $requestBody['ExposedPorts'] = $exposedPorts;
-            foreach ($container->GetPorts()->GetPorts() as $value) {
+            foreach ($container->ports->GetPorts() as $value) {
                 $port = $value->port;
                 $protocol = $value->protocol;
                 if ($port === '%APACHE_PORT%') {
@@ -314,7 +314,7 @@ readonly class DockerActionManager {
         }
 
         $devices = [];
-        foreach ($container->GetDevices() as $device) {
+        foreach ($container->devices as $device) {
             if ($device === '/dev/dri' && !$this->configurationManager->isDriDeviceEnabled()) {
                 continue;
             }
@@ -325,7 +325,7 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['Devices'] = $devices;
         }
 
-        if ($container->isNvidiaGpuEnabled() && $this->configurationManager->isNvidiaGpuEnabled()) {
+        if ($container->enableNvidiaGpu && $this->configurationManager->isNvidiaGpuEnabled()) {
             $requestBody['HostConfig']['Runtime'] = 'nvidia';
             $requestBody['HostConfig']['DeviceRequests'] = [
                 [
@@ -336,13 +336,13 @@ readonly class DockerActionManager {
             ];
         }
 
-        $shmSize = $container->GetShmSize();
+        $shmSize = $container->shmSize;
         if ($shmSize > 0) {
             $requestBody['HostConfig']['ShmSize'] = $shmSize;
         }
 
         $tmpfs = [];
-        foreach ($container->GetTmpfs() as $tmp) {
+        foreach ($container->tmpfs as $tmp) {
             $mode = "";
             if (str_contains($tmp, ':')) {
                 $mode = explode(':', $tmp)[1];
@@ -354,9 +354,9 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['Tmpfs'] = $tmpfs;
         }
 
-        $requestBody['HostConfig']['Init'] = $container->GetInit();
+        $requestBody['HostConfig']['Init'] = $container->init;
 
-        $capAdds = $container->GetCapAdds();
+        $capAdds = $container->capAdd;
         if (count($capAdds) > 0) {
             $requestBody['HostConfig']['CapAdd'] = $capAdds;
         }
@@ -368,14 +368,14 @@ readonly class DockerActionManager {
 
         // Disable SELinux for AIO containers so that it does not break them
         $requestBody['HostConfig']['SecurityOpt'] = ["label:disable"];
-        if ($container->isApparmorUnconfined()) {
+        if ($container->apparmorUnconfined) {
             $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined", "label:disable"];
         }
 
         $mounts = [];
 
         // Special things for the backup container which should not be exposed in the containers.json
-        if (str_starts_with($container->GetIdentifier(), 'nextcloud-aio-borgbackup')) {
+        if (str_starts_with($container->identifier, 'nextcloud-aio-borgbackup')) {
             // Additional backup directories
             foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) {
                 if ($additionalBackupVolumes !== '') {
@@ -384,7 +384,7 @@ readonly class DockerActionManager {
             }
 
             // Make volumes read only in case of borgbackup container. The viewer makes them writeable
-            $isReadOnly = $container->GetIdentifier() === 'nextcloud-aio-borgbackup';
+            $isReadOnly = $container->identifier === 'nextcloud-aio-borgbackup';
 
             foreach ($this->configurationManager->GetAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) {
                 if ($additionalBackupDirectories !== '') {
@@ -397,12 +397,12 @@ readonly class DockerActionManager {
             }
 
         // Special things for the talk container which should not be exposed in the containers.json
-        } elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') {
+        } elseif ($container->identifier === 'nextcloud-aio-talk') {
             // This is needed due to a bug in libwebsockets used in Janus which cannot handle unlimited ulimits
             $requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]];
             // // Special things for the nextcloud container which should not be exposed in the containers.json
-            // } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
-            //     foreach ($container->GetVolumes()->GetVolumes() as $volume) {
+            // } elseif ($container->identifier === 'nextcloud-aio-nextcloud') {
+            //     foreach ($container->volumes->GetVolumes() as $volume) {
             //         if ($volume->name !== $this->configurationManager->GetNextcloudMount()) {
             //             continue;
             //         }
@@ -410,11 +410,11 @@ readonly class DockerActionManager {
             //     }
 
         // Special things for the caddy community container
-        } elseif ($container->GetIdentifier() === 'nextcloud-aio-caddy') {
+        } elseif ($container->identifier === 'nextcloud-aio-caddy') {
             $requestBody['HostConfig']['ExtraHosts'] = ['host.docker.internal:host-gateway'];
 
         // Special things for the collabora container which should not be exposed in the containers.json
-        } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
+        } elseif ($container->identifier === 'nextcloud-aio-collabora') {
             if (!$this->configurationManager->isSeccompDisabled()) {
                 // Load reference seccomp profile for collabora
                 $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
@@ -437,9 +437,9 @@ readonly class DockerActionManager {
         $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"];
 
         // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589
-        $requestBody['Hostname'] = $container->GetIdentifier();
+        $requestBody['Hostname'] = $container->identifier;
 
-        $url = $this->BuildApiUrl('containers/create?name=' . $container->GetIdentifier());
+        $url = $this->BuildApiUrl('containers/create?name=' . $container->identifier);
         try {
             $this->guzzleClient->request(
                 'POST',
@@ -449,18 +449,18 @@ readonly class DockerActionManager {
                 ]
             );
         } catch (RequestException $e) {
-            throw new \Exception("Could not create container " . $container->GetIdentifier() . ": " . $e->getResponse()?->getBody()->getContents());
+            throw new \Exception("Could not create container " . $container->identifier . ": " . $e->getResponse()?->getBody()->getContents());
         }
 
     }
 
     public function isRegistryReachable(Container $container): bool {
-        $tag = $container->GetImageTag();
+        $tag = $container->imageTag;
         if ($tag === '%AIO_CHANNEL%') {
             $tag = $this->GetCurrentChannel();
         }
 
-        $remoteDigest = $this->GetLatestDigestOfTag($container->GetContainerName(), $tag);
+        $remoteDigest = $this->GetLatestDigestOfTag($container->containerName, $tag);
 
         if ($remoteDigest === null) {
             return false;
@@ -472,7 +472,7 @@ readonly class DockerActionManager {
     public function PullImage(Container $container, bool $pullImage = true): void {
 
         // Skip database image pull if the last shutdown was not clean
-        if ($container->GetIdentifier() === 'nextcloud-aio-database') {
+        if ($container->identifier === 'nextcloud-aio-database') {
             if ($this->GetDatabasecontainerExitCode() > 0) {
                 $pullImage = false;
                 error_log('Not pulling the latest database image because the container was not correctly shut down.');
@@ -484,7 +484,7 @@ readonly class DockerActionManager {
         if ($pullImage) {
             if (!$this->isRegistryReachable($container)) {
                 $pullImage = false;
-                error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because the registry does not seem to be reachable.');
+                error_log('Not pulling the ' . $container->containerName . ' image for the ' . $container->identifier . ' container because the registry does not seem to be reachable.');
             }
         }
 
@@ -598,7 +598,7 @@ readonly class DockerActionManager {
         if ($container->GetUpdateState() === VersionState::Different) {
             $updateAvailable = '1';
         }
-        foreach ($container->GetDependsOn() as $dependency) {
+        foreach ($container->dependsOn as $dependency) {
             $updateAvailable .= $this->isContainerUpdateAvailable($dependency);
         }
         return $updateAvailable;
@@ -622,10 +622,10 @@ readonly class DockerActionManager {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         $backupVolumes = '';
-        foreach ($container->GetBackupVolumes() as $backupVolume) {
+        foreach ($container->backupVolumes as $backupVolume) {
             $backupVolumes .= $backupVolume . ' ';
         }
-        foreach ($container->GetDependsOn() as $dependency) {
+        foreach ($container->dependsOn as $dependency) {
             $backupVolumes .= $this->getBackupVolumes($dependency);
         }
         return $backupVolumes;
@@ -641,10 +641,10 @@ readonly class DockerActionManager {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         $nextcloudExecCommands = '';
-        foreach ($container->GetNextcloudExecCommands() as $execCommand) {
+        foreach ($container->nextcloudExecCommands as $execCommand) {
             $nextcloudExecCommands .= $execCommand . PHP_EOL;
         }
-        foreach ($container->GetDependsOn() as $dependency) {
+        foreach ($container->dependsOn as $dependency) {
             $nextcloudExecCommands .= $this->GetNextcloudExecCommands($dependency);
         }
         return $nextcloudExecCommands;
@@ -776,7 +776,7 @@ readonly class DockerActionManager {
     public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh'): void {
         if ($this->GetContainerStartingState($container) === ContainerState::Running) {
 
-            $containerName = $container->GetIdentifier();
+            $containerName = $container->identifier;
 
             // schedule the exec
             $url = $this->BuildApiUrl(sprintf('containers/%s/exec', urlencode($containerName)));
@@ -901,14 +901,14 @@ readonly class DockerActionManager {
         // Add a secondary alias for domaincheck container, to keep it as similar to actual apache controller as possible.
         // If a reverse-proxy is relying on container name as hostname this allows it to operate as usual and still validate the domain
         // The domaincheck container and apache container are never supposed to be active at the same time because they use the same APACHE_PORT anyway, so this doesn't add any new constraints.
-        $alias = ($container->GetIdentifier() === 'nextcloud-aio-domaincheck') ? 'nextcloud-aio-apache' : '';
+        $alias = ($container->identifier === 'nextcloud-aio-domaincheck') ? 'nextcloud-aio-apache' : '';
 
-        $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort(), alias: $alias);
+        $this->ConnectContainerIdToNetwork($container->identifier, $container->internalPorts, alias: $alias);
 
-        if ($container->GetIdentifier() === 'nextcloud-aio-apache' || $container->GetIdentifier() === 'nextcloud-aio-domaincheck') {
+        if ($container->identifier === 'nextcloud-aio-apache' || $container->identifier === 'nextcloud-aio-domaincheck') {
             $apacheAdditionalNetwork = $this->configurationManager->GetApacheAdditionalNetwork();
             if ($apacheAdditionalNetwork !== '') {
-                $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort(), $apacheAdditionalNetwork, false, $alias);
+                $this->ConnectContainerIdToNetwork($container->identifier, $container->internalPorts, $apacheAdditionalNetwork, false, $alias);
             }
         }
     }
@@ -917,9 +917,9 @@ readonly class DockerActionManager {
         if ($forceStopContainer) {
             $maxShutDownTime = 10;
         } else {
-            $maxShutDownTime = $container->GetMaxShutdownTime();
+            $maxShutDownTime = $container->maxShutdownTime;
         }
-        $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->GetIdentifier()), $maxShutDownTime));
+        $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->identifier), $maxShutDownTime));
         try {
             $this->guzzleClient->post($url);
         } catch (RequestException $e) {
diff --git a/php/templates/components/container-state.twig b/php/templates/components/container-state.twig
index 8375d033..07580e66 100644
--- a/php/templates/components/container-state.twig
+++ b/php/templates/components/container-state.twig
@@ -3,24 +3,24 @@
   <span>
     {% if c.GetStartingState().value == 'starting' %}
       <span class="status running"></span>
-      {{ c.GetDisplayName() }}
-      (<a href="api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Starting</a>)
+      {{ c.displayName }}
+      (<a href="api/docker/logs?id={{ c.identifier }}" target="_blank">Starting</a>)
     {% elseif c.GetRunningState().value == 'running' %}
       <span class="status success"></span>
-      {{ c.GetDisplayName() }}
-      (<a href="api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Running</a>)
+      {{ c.displayName }}
+      (<a href="api/docker/logs?id={{ c.identifier }}" target="_blank">Running</a>)
     {% else %}
       <span class="status error"></span>
-      {{ c.GetDisplayName() }}
-      (<a href="api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Stopped</a>)
+      {{ c.displayName }}
+      (<a href="api/docker/logs?id={{ c.identifier }}" target="_blank">Stopped</a>)
     {% endif %}
-    {% if c.GetDocumentation() != '' %}
-      (<a target="_blank" href="{{ c.GetDocumentation() }}">docs</a>)
+    {% if c.documentation != '' %}
+      (<a target="_blank" href="{{ c.documentation }}">docs</a>)
     {% endif %}
   </span>
   {% if c.GetUiSecret() != '' %}
     <details>
-      <summary>Show password for {{ c.GetDisplayName() }}</summary>
+      <summary>Show password for {{ c.displayName }}</summary>
       <input type="text" value="{{ c.GetUiSecret() }}" readonly>
     </details>
   {% endif %}
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index c318e8a6..0e7d1427 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -45,19 +45,19 @@
             {% endif %}
 
             {% for container in containers %}
-                {% if container.GetDisplayName() != '' and container.GetRunningState().value == 'running' %}
+                {% if container.displayName != '' and container.GetRunningState().value == 'running' %}
                     {% set isAnyRunning = true %}
                 {% endif %}
-                {% if container.GetDisplayName() != '' and container.GetRestartingState().value == 'restarting' %}
+                {% if container.displayName != '' and container.GetRestartingState().value == 'restarting' %}
                     {% set isAnyRestarting = true %}
                 {% endif %}
-                {% if container.GetIdentifier() == 'nextcloud-aio-watchtower' and container.GetRunningState().value == 'running' %}
+                {% if container.identifier == 'nextcloud-aio-watchtower' and container.GetRunningState().value == 'running' %}
                     {% set isWatchtowerRunning = true %}
                 {% endif %}
-                {% if container.GetIdentifier() == 'nextcloud-aio-domaincheck' and container.GetRunningState().value == 'running' %}
+                {% if container.identifier == 'nextcloud-aio-domaincheck' and container.GetRunningState().value == 'running' %}
                     {% set isDomaincheckRunning = true %}
                 {% endif %}
-                {% if container.GetIdentifier() == 'nextcloud-aio-apache' and container.GetStartingState().value == 'starting' %}
+                {% if container.identifier == 'nextcloud-aio-apache' and container.GetStartingState().value == 'starting' %}
                     {% set isApacheStarting = true %}
                 {% endif %}
             {% endfor %}
@@ -280,7 +280,7 @@
                         <ul>
                             {# @var containers \AIO\Container\Container[] #}
                             {% for container in containers %}
-                                {% if container.GetDisplayName() != '' %}
+                                {% if container.displayName != '' %}
                                     {% include 'components/container-state.twig'  with {'c': container} only %}
                                 {% endif %}
                             {% endfor %}

From a53e315e7fc87e58e20a4bb98fe4e0858d075edb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 11 Jan 2026 15:05:21 +0000
Subject: [PATCH 489/524] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 29.1.3-cli to 29.1.4-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 29.1.4-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c5b91b7d..d2019e49 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.1.3-cli AS docker
+FROM docker:29.1.4-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From b998fa8ebf6907f9d3aa14f09446af2675e775ee Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 12 Jan 2026 10:58:58 +0100
Subject: [PATCH 490/524] s3.config.php: allow to configure num_buckets

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/s3.config.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php
index 59217a78..6ea06697 100644
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -10,6 +10,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
       'class' => '\OC\Files\ObjectStore\S3',
       'arguments' => array(
         'multibucket' => $multibucket === 'true',
+        'num_buckets' => (int)getenv('OBJECTSTORE_S3_NUM_BUCKETS') ?: 64,
         'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
         'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
         'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',

From b1baefb959119199291ad0a33226b7e4c8760f30 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 12 Jan 2026 16:03:10 +0000
Subject: [PATCH 491/524] build(deps): bump softprops/turnstyle in
 /.github/workflows

Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 3.2.2 to 3.2.3.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/15f9da4059166900981058ba251e0b652511c68f...e565d2d86403c5d23533937e95980570545e5586)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-version: 3.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 639b0785..a4f441c2 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v6.0.1
 
       - name: Turnstyle
-        uses: softprops/turnstyle@15f9da4059166900981058ba251e0b652511c68f # v2
+        uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v2
         with:
           continue-after-seconds: 180
         env:

From 95a320a3e470aa50c2fe14bba347464d8c5b7740 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 13 Jan 2026 11:06:14 +0100
Subject: [PATCH 492/524] DockerActionManager: disable seccomp policy for
 borgbackup container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 9e8a8ff2..67134576 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -376,6 +376,11 @@ readonly class DockerActionManager {
 
         // Special things for the backup container which should not be exposed in the containers.json
         if (str_starts_with($container->GetIdentifier(), 'nextcloud-aio-borgbackup')) {
+            // Disable seccomp policy if seccomp is enabled in the kernel to fix issues like https://github.com/nextcloud/all-in-one/issues/7308
+            if (!$this->configurationManager->isSeccompDisabled()) {
+                $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined", "label:disable", "seccomp:unconfined"];
+            }
+
             // Additional backup directories
             foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) {
                 if ($additionalBackupVolumes !== '') {

From c2f070b278a4772f3b75818a185817e4b946317c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 13 Jan 2026 11:44:05 +0100
Subject: [PATCH 493/524] aio-cadddy: mention how to remove the container again

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index a8baf9ea..a8d673b0 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -17,6 +17,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+- If you want to remove the container again and revert back to the default, you need to follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#8-removing-the-reverse-proxy
 
 ### Repository
 https://github.com/szaimen/aio-caddy

From 81f477211fdf95bdf5386a5a9b57c54623d8e776 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 13 Jan 2026 11:44:43 +0100
Subject: [PATCH 494/524] fix detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index a8d673b0..803bbec2 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -17,7 +17,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
-- If you want to remove the container again and revert back to the default, you need to follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#8-removing-the-reverse-proxy
+- If you want to remove the container again and revert back to the default, you need to disable the container via the AIO-interface and follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#8-removing-the-reverse-proxy
 
 ### Repository
 https://github.com/szaimen/aio-caddy

From 6fe3337a21ff0e6f63a45b22f55a648555ecd0ba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Jan 2026 04:09:32 +0000
Subject: [PATCH 495/524] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.9 to 8.19.10.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 7975bcbb..ed0cafe9 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.9
+FROM elasticsearch:8.19.10
 
 USER root
 

From eadf0dc5cde07f21ebe75cc96aa7eba65e91d081 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Jan 2026 04:10:53 +0000
Subject: [PATCH 496/524] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.5.0 to v1.5.1.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.5.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index f6b8cc7d..37ba25e0 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.0
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.1
 
 USER root
 RUN set -ex; \

From 9a6e2cbe4975ba09c3a46caaeb14cc451fc59a3c Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 14 Jan 2026 11:54:57 +0000
Subject: [PATCH 497/524] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 16e7a82c..7d990549 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 12.3.0
+version: 12.4.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 6eddefe9..6cdf8db8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-apache:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 26eda032..d7627802 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-clamav:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index c0984e1d..7e86c402 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,9 +36,9 @@ spec:
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
           {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
-          image: ghcr.io/nextcloud-releases/aio-collabora-online:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260114_114729
           {{- else }}
-          image: ghcr.io/nextcloud-releases/aio-collabora:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-collabora:20260114_114729
           {{- end }}
           readinessProbe:
             exec:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index b7b54647..055ecd0a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 14f19447..df30e6a8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 9f0c54c5..d2fc1375 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 3cbfa2fe..fe72d307 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
           command:
             - chmod
             - "777"
@@ -190,7 +190,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260114_114729
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index a9822a80..5b05336e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: "6379"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index c8160edd..0e3a7fda 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 8446167d..1ccebd79 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-redis:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index c28e7335..8635a6ce 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-talk:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index a0d36c08..2cfcaa53 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index e311f230..50dfc3c4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260114_114729
           readinessProbe:
             exec:
               command:

From 045e5edf841324dd8eff918be27fa9e3fd332efb Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 14 Jan 2026 12:03:59 +0000
Subject: [PATCH 498/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 95 ++++++++++++++++++++++++-----------------------
 1 file changed, 48 insertions(+), 47 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index ed6667ed..ce1ae80f 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -391,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v2.0.7",
+            "version": "v2.0.8",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "cb291e4c998ac50637c7eeb58189c14f5de5b9dd"
+                "reference": "7581a4407012f5f53365e11bafc520fd7f36bc9b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/cb291e4c998ac50637c7eeb58189c14f5de5b9dd",
-                "reference": "cb291e4c998ac50637c7eeb58189c14f5de5b9dd",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/7581a4407012f5f53365e11bafc520fd7f36bc9b",
+                "reference": "7581a4407012f5f53365e11bafc520fd7f36bc9b",
                 "shasum": ""
             },
             "require": {
@@ -448,7 +448,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2025-11-21T20:52:36+00:00"
+            "time": "2026-01-08T16:22:46+00:00"
         },
         {
             "name": "nikic/fast-route",
@@ -2755,22 +2755,22 @@
         },
         {
             "name": "danog/advanced-json-rpc",
-            "version": "v3.2.2",
+            "version": "v3.2.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/danog/php-advanced-json-rpc.git",
-                "reference": "aadb1c4068a88c3d0530cfe324b067920661efcb"
+                "reference": "ae703ea7b4811797a10590b6078de05b3b33dd91"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/danog/php-advanced-json-rpc/zipball/aadb1c4068a88c3d0530cfe324b067920661efcb",
-                "reference": "aadb1c4068a88c3d0530cfe324b067920661efcb",
+                "url": "https://api.github.com/repos/danog/php-advanced-json-rpc/zipball/ae703ea7b4811797a10590b6078de05b3b33dd91",
+                "reference": "ae703ea7b4811797a10590b6078de05b3b33dd91",
                 "shasum": ""
             },
             "require": {
                 "netresearch/jsonmapper": "^5",
                 "php": ">=8.1",
-                "phpdocumentor/reflection-docblock": "^4.3.4 || ^5.0.0"
+                "phpdocumentor/reflection-docblock": "^4.3.4 || ^5.0.0 || ^6"
             },
             "replace": {
                 "felixfbecker/php-advanced-json-rpc": "^3"
@@ -2801,9 +2801,9 @@
             "description": "A more advanced JSONRPC implementation",
             "support": {
                 "issues": "https://github.com/danog/php-advanced-json-rpc/issues",
-                "source": "https://github.com/danog/php-advanced-json-rpc/tree/v3.2.2"
+                "source": "https://github.com/danog/php-advanced-json-rpc/tree/v3.2.3"
             },
-            "time": "2025-02-14T10:55:15+00:00"
+            "time": "2026-01-12T21:07:10+00:00"
         },
         {
             "name": "daverandom/libdns",
@@ -3455,16 +3455,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "5.6.6",
+            "version": "6.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "5cee1d3dfc2d2aa6599834520911d246f656bcb8"
+                "reference": "02600c041e7d0f4b7d1fe1d260565ec525472fa9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/5cee1d3dfc2d2aa6599834520911d246f656bcb8",
-                "reference": "5cee1d3dfc2d2aa6599834520911d246f656bcb8",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/02600c041e7d0f4b7d1fe1d260565ec525472fa9",
+                "reference": "02600c041e7d0f4b7d1fe1d260565ec525472fa9",
                 "shasum": ""
             },
             "require": {
@@ -3472,8 +3472,8 @@
                 "ext-filter": "*",
                 "php": "^7.4 || ^8.0",
                 "phpdocumentor/reflection-common": "^2.2",
-                "phpdocumentor/type-resolver": "^1.7",
-                "phpstan/phpdoc-parser": "^1.7|^2.0",
+                "phpdocumentor/type-resolver": "^2.0",
+                "phpstan/phpdoc-parser": "^2.0",
                 "webmozart/assert": "^1.9.1 || ^2"
             },
             "require-dev": {
@@ -3483,7 +3483,8 @@
                 "phpstan/phpstan-mockery": "^1.1",
                 "phpstan/phpstan-webmozart-assert": "^1.2",
                 "phpunit/phpunit": "^9.5",
-                "psalm/phar": "^5.26"
+                "psalm/phar": "^5.26",
+                "shipmonk/dead-code-detector": "^0.5.1"
             },
             "type": "library",
             "extra": {
@@ -3513,44 +3514,44 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.6"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/6.0.0"
             },
-            "time": "2025-12-22T21:13:58+00:00"
+            "time": "2026-01-07T20:22:53+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",
-            "version": "1.12.0",
+            "version": "2.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/TypeResolver.git",
-                "reference": "92a98ada2b93d9b201a613cb5a33584dde25f195"
+                "reference": "327a05bbee54120d4786a0dc67aad30226ad4cf9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/92a98ada2b93d9b201a613cb5a33584dde25f195",
-                "reference": "92a98ada2b93d9b201a613cb5a33584dde25f195",
+                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/327a05bbee54120d4786a0dc67aad30226ad4cf9",
+                "reference": "327a05bbee54120d4786a0dc67aad30226ad4cf9",
                 "shasum": ""
             },
             "require": {
                 "doctrine/deprecations": "^1.0",
-                "php": "^7.3 || ^8.0",
+                "php": "^7.4 || ^8.0",
                 "phpdocumentor/reflection-common": "^2.0",
-                "phpstan/phpdoc-parser": "^1.18|^2.0"
+                "phpstan/phpdoc-parser": "^2.0"
             },
             "require-dev": {
                 "ext-tokenizer": "*",
                 "phpbench/phpbench": "^1.2",
-                "phpstan/extension-installer": "^1.1",
-                "phpstan/phpstan": "^1.8",
-                "phpstan/phpstan-phpunit": "^1.1",
+                "phpstan/extension-installer": "^1.4",
+                "phpstan/phpstan": "^2.1",
+                "phpstan/phpstan-phpunit": "^2.0",
                 "phpunit/phpunit": "^9.5",
-                "rector/rector": "^0.13.9",
-                "vimeo/psalm": "^4.25"
+                "psalm/phar": "^4"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-1.x": "1.x-dev"
+                    "dev-1.x": "1.x-dev",
+                    "dev-2.x": "2.x-dev"
                 }
             },
             "autoload": {
@@ -3571,22 +3572,22 @@
             "description": "A PSR-5 based resolver of Class names, Types and Structural Element Names",
             "support": {
                 "issues": "https://github.com/phpDocumentor/TypeResolver/issues",
-                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.12.0"
+                "source": "https://github.com/phpDocumentor/TypeResolver/tree/2.0.0"
             },
-            "time": "2025-11-21T15:09:14+00:00"
+            "time": "2026-01-06T21:53:42+00:00"
         },
         {
             "name": "phpstan/phpdoc-parser",
-            "version": "2.3.0",
+            "version": "2.3.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpdoc-parser.git",
-                "reference": "1e0cd5370df5dd2e556a36b9c62f62e555870495"
+                "reference": "16dbf9937da8d4528ceb2145c9c7c0bd29e26374"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/1e0cd5370df5dd2e556a36b9c62f62e555870495",
-                "reference": "1e0cd5370df5dd2e556a36b9c62f62e555870495",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/16dbf9937da8d4528ceb2145c9c7c0bd29e26374",
+                "reference": "16dbf9937da8d4528ceb2145c9c7c0bd29e26374",
                 "shasum": ""
             },
             "require": {
@@ -3618,9 +3619,9 @@
             "description": "PHPDoc parser with support for nullable, intersection and generic types",
             "support": {
                 "issues": "https://github.com/phpstan/phpdoc-parser/issues",
-                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.3.0"
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.3.1"
             },
-            "time": "2025-08-30T15:50:23+00:00"
+            "time": "2026-01-12T11:33:04+00:00"
         },
         {
             "name": "revolt/event-loop",
@@ -4735,16 +4736,16 @@
         },
         {
             "name": "webmozart/assert",
-            "version": "2.0.0",
+            "version": "2.1.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/webmozarts/assert.git",
-                "reference": "1b34b004e35a164bc5bb6ebd33c844b2d8069a54"
+                "reference": "ce6a2f100c404b2d32a1dd1270f9b59ad4f57649"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/webmozarts/assert/zipball/1b34b004e35a164bc5bb6ebd33c844b2d8069a54",
-                "reference": "1b34b004e35a164bc5bb6ebd33c844b2d8069a54",
+                "url": "https://api.github.com/repos/webmozarts/assert/zipball/ce6a2f100c404b2d32a1dd1270f9b59ad4f57649",
+                "reference": "ce6a2f100c404b2d32a1dd1270f9b59ad4f57649",
                 "shasum": ""
             },
             "require": {
@@ -4791,9 +4792,9 @@
             ],
             "support": {
                 "issues": "https://github.com/webmozarts/assert/issues",
-                "source": "https://github.com/webmozarts/assert/tree/2.0.0"
+                "source": "https://github.com/webmozarts/assert/tree/2.1.2"
             },
-            "time": "2025-12-16T21:36:00+00:00"
+            "time": "2026-01-13T14:02:24+00:00"
         }
     ],
     "aliases": [],

From 069195bf237fab2fe9f831bb6d815d011bea14fa Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 15 Jan 2026 12:47:51 +0100
Subject: [PATCH 499/524] nextcloud: update to 32.0.4

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 6b6be7f8..9c468bbb 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=32.0.3
+ENV NEXTCLOUD_VERSION=32.0.4
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From b5b642232891dccc59ef4e7c8bc5bc8c5b7bb626 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 15 Jan 2026 13:41:20 +0100
Subject: [PATCH 500/524] Revert "DockerActionManager: disable seccomp policy
 for borgbackup container"

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 67134576..9e8a8ff2 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -376,11 +376,6 @@ readonly class DockerActionManager {
 
         // Special things for the backup container which should not be exposed in the containers.json
         if (str_starts_with($container->GetIdentifier(), 'nextcloud-aio-borgbackup')) {
-            // Disable seccomp policy if seccomp is enabled in the kernel to fix issues like https://github.com/nextcloud/all-in-one/issues/7308
-            if (!$this->configurationManager->isSeccompDisabled()) {
-                $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined", "label:disable", "seccomp:unconfined"];
-            }
-
             // Additional backup directories
             foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) {
                 if ($additionalBackupVolumes !== '') {

From 9e362e1dc9ece2fc4bbfd5f10b656d99cae4e6ce Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 15 Jan 2026 13:48:06 +0100
Subject: [PATCH 501/524] increase to 12.5.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index c318e8a6..9c55350e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.4.0</h1>
+            <h1>Nextcloud AIO v12.5.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 59ad7dc98be6eecbe7866add09ac771cd8ccf0ee Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 16 Jan 2026 15:12:44 +0100
Subject: [PATCH 502/524] move version to a dedicated file

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 php/templates/containers.twig           | 3 ++-
 php/templates/includes/aio-version.twig | 1 +
 3 files changed, 4 insertions(+), 2 deletions(-)
 create mode 100644 php/templates/includes/aio-version.twig

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index f39d3035..9e5aba86 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -407,7 +407,7 @@ rm latest.yml
 mv latest.yml.backup latest.yml
 
 # Get version of AIO
-AIO_VERSION="$(grep 'Nextcloud AIO ' ../php/templates/containers.twig | grep -oP '[0-9]+.[0-9]+.[0-9]+')"
+AIO_VERSION="$(grep 'Nextcloud AIO ' ../php/templates/includes/aio-version.twig | grep -oP '[0-9]+.[0-9]+.[0-9]+')"
 sed -i "s|^version:.*|version: $AIO_VERSION|" ../helm-chart/Chart.yaml
 
 # Conversion of sample.conf
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 9c55350e..d0ed38b1 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,8 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.5.0</h1>
+            {% set aio_version = include('includes/aio-version.twig') %}
+            <h1>Nextcloud AIO v{{ aio_version }}</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>
diff --git a/php/templates/includes/aio-version.twig b/php/templates/includes/aio-version.twig
new file mode 100644
index 00000000..b7d7205d
--- /dev/null
+++ b/php/templates/includes/aio-version.twig
@@ -0,0 +1 @@
+12.5.0

From 792ba0dfb352fe6a0018dd7ee470c777da5658df Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 16 Jan 2026 22:54:58 +0100
Subject: [PATCH 503/524] update NPMplus images in reverse proxy guide

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 50a6bccd..bdeb3244 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -564,19 +564,14 @@ Note: this will cause that a non root user can bind privileged ports.
 
 Second, see these screenshots for a working config:
 
-![grafik](https://github.com/user-attachments/assets/c32c8fe8-7417-4f8f-9625-24b95651e630)
+<img width="675" height="695" alt="image" src="https://github.com/user-attachments/assets/196f53f9-ff86-4da2-960e-f7b7a2ceac0c" />
 
-![grafik](https://github.com/user-attachments/assets/f14bba5c-69ce-4514-a2ac-5e5d7fb97792)
+<img width="675" height="355" alt="image" src="https://github.com/user-attachments/assets/8a45a6d8-fbaf-4519-86f7-c7424ed780da" />
 
-<!-- ![grafik](https://github.com/user-attachments/assets/a26c53fd-6cc8-4a6b-a86f-c2f94b70088f) -->
+<img width="675" height="542" alt="image" src="https://github.com/user-attachments/assets/7e880d02-0f4f-459a-a3f6-216bcb1b04ca" />
 
-![grafik](https://github.com/user-attachments/assets/75d7f539-35d1-4a3e-8c51-43123f698893)
+<img width="675" height="570" alt="image" src="https://github.com/user-attachments/assets/2812ecc1-ecf0-44bd-9249-b76b30f8c25e" />
 
-![grafik](https://github.com/user-attachments/assets/e494edb5-8b70-4d45-bc9b-374219230041)
-
-`proxy_set_header Accept-Encoding $http_accept_encoding;`
-
-⚠️ **Please note:** Nextcloud will complain that X-XXS-Protection is set to the wrong value, this is intended by NPMplus. <br>
 ⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 </details>

From d5c3e79b31f34a66687db78bc9f1065bf24b31e4 Mon Sep 17 00:00:00 2001
From: ph818 <71797925+ph818@users.noreply.github.com>
Date: Sat, 17 Jan 2026 17:17:28 -0500
Subject: [PATCH 504/524] Update local-instance.md

Clarifying DNS-challenge description.

Signed-off-by: ph818 <71797925+ph818@users.noreply.github.com>
---
 local-instance.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/local-instance.md b/local-instance.md
index 1da26280..8abbddb6 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -22,10 +22,11 @@ The normal way is the following:
 **Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example.
 
 ## 3. Use the ACME DNS-challenge
-You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
+You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up using an external caddy reverse proxy: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
 
 ## 4. Use Cloudflare
 If you do not have any control over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up.
 
 ## 5. Buy a certificate and use that
 If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config.
+

From a3e43c5cd913d45b34d137bbecfb806d559cb6e7 Mon Sep 17 00:00:00 2001
From: ph818 <71797925+ph818@users.noreply.github.com>
Date: Sat, 17 Jan 2026 17:22:42 -0500
Subject: [PATCH 505/524] Update readme.md

Clarifying the Instructions for DNS-challenge so following the links will make more sense (configuring the caddyfile of the external caddy reverse proxy).

Signed-off-by: ph818 <71797925+ph818@users.noreply.github.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index bcbf7d57..66059954 100644
--- a/readme.md
+++ b/readme.md
@@ -340,7 +340,7 @@ Although it does not seems like it is the case but from AIO perspective a Cloudf
 For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
 
 ### How to get Nextcloud running using the ACME DNS-challenge?
-You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic.
+You can install AIO behind an external reverse proxy where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic.
 
 ### How to run Nextcloud locally? No domain wanted, or wanting intranet access within your LAN.
 If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation on how to set it up locally: [local-instance.md](./local-instance.md), but keep in mind you're still required to have https working properly.

From 4a65c04e3d7410109ca35121c6aedd0d8e4f0986 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Jan 2026 04:28:14 +0000
Subject: [PATCH 506/524] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 29.1.4-cli to 29.1.5-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 29.1.5-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index d2019e49..a719c71a 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.1.4-cli AS docker
+FROM docker:29.1.5-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From 9822a63c44dc965a202b539fcacb2ad9339243c3 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 19 Jan 2026 10:07:52 +0100
Subject: [PATCH 507/524] nextcloud-entrypoint: make recording server dependent
 on `REMOVE_DISABLED_APPS`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 43432e6d..5f47a0f4 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -894,7 +894,9 @@ if [ -d "/var/www/html/custom_apps/spreed" ]; then
         RECORDING_SERVERS_STRING="{\"servers\":[{\"server\":\"http://$TALK_RECORDING_HOST:1234/\",\"verify\":true}],\"secret\":\"$RECORDING_SECRET\"}"
         php /var/www/html/occ config:app:set spreed recording_servers --value="$RECORDING_SERVERS_STRING"
     else
-        php /var/www/html/occ config:app:delete spreed recording_servers
+        if [ "$REMOVE_DISABLED_APPS" = yes ]; then
+            php /var/www/html/occ config:app:delete spreed recording_servers
+        fi
     fi
 fi
 

From 0e22f38d16b4a1a0eb375ce1945f796d5b40da4d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 19 Jan 2026 10:25:14 +0100
Subject: [PATCH 508/524] add `wud.watch=false` to all containers

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile              | 1 +
 Containers/borgbackup/Dockerfile          | 1 +
 Containers/clamav/Dockerfile              | 1 +
 Containers/collabora-online/Dockerfile    | 1 +
 Containers/collabora/Dockerfile           | 1 +
 Containers/docker-socket-proxy/Dockerfile | 1 +
 Containers/domaincheck/Dockerfile         | 1 +
 Containers/fulltextsearch/Dockerfile      | 1 +
 Containers/imaginary/Dockerfile           | 3 ++-
 Containers/nextcloud/Dockerfile           | 1 +
 Containers/notify-push/Dockerfile         | 1 +
 Containers/onlyoffice/Dockerfile          | 1 +
 Containers/postgresql/Dockerfile          | 1 +
 Containers/redis/Dockerfile               | 1 +
 Containers/talk-recording/Dockerfile      | 1 +
 Containers/talk/Dockerfile                | 1 +
 Containers/watchtower/Dockerfile          | 1 +
 Containers/whiteboard/Dockerfile          | 1 +
 php/src/Docker/DockerActionManager.php    | 2 +-
 19 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 0948fb25..9ccadfb8 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -88,4 +88,5 @@ CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 637d035c..97d6198b 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -24,5 +24,6 @@ ENTRYPOINT ["/start.sh"]
 USER root
 
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
 ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"
diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 196b109a..e81fb06e 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -33,5 +33,6 @@ VOLUME /var/lib/clamav
 ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
diff --git a/Containers/collabora-online/Dockerfile b/Containers/collabora-online/Dockerfile
index 72f79928..ec8b63f0 100644
--- a/Containers/collabora-online/Dockerfile
+++ b/Containers/collabora-online/Dockerfile
@@ -12,4 +12,5 @@ USER 1001
 
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 50b6cfef..976360cb 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -11,4 +11,5 @@ USER 1001
 
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 796c855a..62590f6f 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -19,4 +19,5 @@ COPY --chmod=664 haproxy.cfg /haproxy.cfg
 ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 769c24ac..8122f315 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -18,4 +18,5 @@ ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD nc -z 127.0.0.1 $APACHE_PORT || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index ed0cafe9..ff1e923f 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -22,5 +22,6 @@ USER 1000:0
 
 HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
 ENV ES_JAVA_OPTS="-Xms512M -Xmx512M"
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 11250a43..04f190b5 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.5-alpine3.23 AS go
 
-ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
+ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
@@ -43,4 +43,5 @@ ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 9c468bbb..afb3def5 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -264,4 +264,5 @@ CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 029c93f2..425115c4 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -23,4 +23,5 @@ ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index d028ccbc..13b4d456 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -8,4 +8,5 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 725b8042..56090f26 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -44,4 +44,5 @@ ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 7cc1ff84..cc9181ad 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -21,4 +21,5 @@ ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 65af7db4..8df5b89e 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -58,4 +58,5 @@ CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.co
 
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index fc5f0379..fb78f943 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -107,4 +107,5 @@ CMD ["supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index cd5238ac..6b948c9b 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -24,4 +24,5 @@ USER root
 
 ENTRYPOINT ["/start.sh"]
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 37ba25e0..0a45981d 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -23,4 +23,5 @@ WORKDIR /tmp
 ENTRYPOINT ["/start.sh"]
 
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 9e8a8ff2..99264d54 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -434,7 +434,7 @@ readonly class DockerActionManager {
         // All AIO-managed containers should not be updated externally via watchtower but gracefully by AIO's backup and update feature.
         // Also DIUN should not send update notifications. See https://crazymax.dev/diun/providers/docker/#docker-labels 
         // Additionally set a default org.label-schema.vendor and com.docker.compose.project
-        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"];
+        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "wud.watch" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"];
 
         // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589
         $requestBody['Hostname'] = $container->GetIdentifier();

From c5b146f84c1b517d956cc5e1796f953b8381e385 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Jan 2026 04:08:44 +0000
Subject: [PATCH 509/524] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.25.5-alpine3.23 to 1.25.6-alpine3.23.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.6-alpine3.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 11250a43..a0c583e0 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.5-alpine3.23 AS go
+FROM golang:1.25.6-alpine3.23 AS go
 
 ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 

From dbabfe14f0b35d0d6df9e16dd09d626888ae602d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Jan 2026 04:09:56 +0000
Subject: [PATCH 510/524] build(deps): bump golang in /Containers/watchtower

Bumps golang from 1.25.5-alpine3.23 to 1.25.6-alpine3.23.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.6-alpine3.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index cd5238ac..2ee06f51 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.5-alpine3.23 AS go
+FROM golang:1.25.6-alpine3.23 AS go
 
 ENV WATCHTOWER_COMMIT_HASH=f6a7b29c312bec5f389a4fb52259919f0678800b	
 

From f58465f93022b1960428c88d4c5a65c4636aec7d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 19 Jan 2026 15:21:28 +0100
Subject: [PATCH 511/524] DockeractionManager: rewrite `PullImage` function to
 re-try 3 times before failing

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 9e8a8ff2..34ca4f56 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -503,14 +503,24 @@ readonly class DockerActionManager {
         } catch (\Throwable $e) {
             $imageIsThere = false;
         }
-        try {
-            $this->guzzleClient->post($url);
-        } catch (RequestException $e) {
-            $message = "Could not pull image " . $imageName . ": " . $e->getResponse()?->getBody()->getContents();
-            if ($imageIsThere === false) {
-                throw new \Exception($message);
-            } else {
-                error_log($message);
+
+        $maxRetries = 3;
+        for ($attempt = 1; $attempt <= $maxRetries; $attempt++) {
+            try {
+                $this->guzzleClient->post($url);
+                break;
+            } catch (RequestException $e) {
+                $message = "Could not pull image " . $imageName . " (attempt $attempt/$maxRetries): " . $e->getResponse()?->getBody()->getContents();
+                if ($attempt === $maxRetries) {
+                    if ($imageIsThere === false) {
+                        throw new \Exception($message);
+                    } else {
+                        error_log($message);
+                    }
+                } else {
+                    error_log($message . ' Retrying...');
+                    sleep(1);
+                }
             }
         }
     }

From b7d63253db7e5d74a83bd0d5f4bd7c51793c8da1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 20 Jan 2026 11:50:04 +0100
Subject: [PATCH 512/524] postgres.config.php: fix `PDO::MYSQL_ATTR_SSL_CA`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/postgres.config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/config/postgres.config.php b/Containers/nextcloud/config/postgres.config.php
index 71a657a7..0dc835cc 100644
--- a/Containers/nextcloud/config/postgres.config.php
+++ b/Containers/nextcloud/config/postgres.config.php
@@ -10,7 +10,7 @@ if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES')) {
 if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL')) {
   $CONFIG = array(
     'dbdriveroptions' => array(
-      'PDO::MYSQL_ATTR_SSL_CA' => '/var/www/html/data/certificates/ca-bundle.crt',
+      PDO::MYSQL_ATTR_SSL_CA => '/var/www/html/data/certificates/ca-bundle.crt',
     ),
   );
 }

From 88a45d1a8087b8097c257905b91ea77db30f4a6c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 20 Jan 2026 13:20:09 +0100
Subject: [PATCH 513/524] add cooldown to dependabot

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/dependabot.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index f79c4ce2..7fe1067e 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -10,6 +10,8 @@ updates:
   labels:
   - 3. to review
   - dependencies
+  cooldown:
+    default-days: 7
 - package-ecosystem: composer
   directory: "/php/"
   schedule:

From fcdd000731f025f11f6bcfe26c6e47c46bc64e63 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 21 Jan 2026 04:10:21 +0000
Subject: [PATCH 514/524] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.5.1 to v1.5.3.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.5.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 37ba25e0..31500313 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.1
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.3
 
 USER root
 RUN set -ex; \

From 3b3eea7ef02e7bf5f11dc632cfc3b654d101859f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 21 Jan 2026 10:54:39 +0100
Subject: [PATCH 515/524] don't ask for a cute anmial picture

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index 5d6cc059..aca2e718 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -37,5 +37,3 @@ labels: 0. Needs triage
 #### Output of `sudo docker ps -a`
 
 #### Other valuable info <!--- (like additional logs, screenshots & Co.) -->
-
-#### A picture of a cute animal <!--- (not mandatory but encouraged) -->

From 2c968917ebcac51b6c0a6cc033fde63e8fb72cc7 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 21 Jan 2026 12:03:53 +0000
Subject: [PATCH 516/524] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 48 +++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index ce1ae80f..75e53dfe 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3111,20 +3111,20 @@
         },
         {
             "name": "league/uri",
-            "version": "7.7.0",
+            "version": "7.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/uri.git",
-                "reference": "8d587cddee53490f9b82bf203d3a9aa7ea4f9807"
+                "reference": "4436c6ec8d458e4244448b069cc572d088230b76"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/uri/zipball/8d587cddee53490f9b82bf203d3a9aa7ea4f9807",
-                "reference": "8d587cddee53490f9b82bf203d3a9aa7ea4f9807",
+                "url": "https://api.github.com/repos/thephpleague/uri/zipball/4436c6ec8d458e4244448b069cc572d088230b76",
+                "reference": "4436c6ec8d458e4244448b069cc572d088230b76",
                 "shasum": ""
             },
             "require": {
-                "league/uri-interfaces": "^7.7",
+                "league/uri-interfaces": "^7.8",
                 "php": "^8.1",
                 "psr/http-factory": "^1"
             },
@@ -3138,11 +3138,11 @@
                 "ext-gmp": "to improve IPV4 host parsing",
                 "ext-intl": "to handle IDN host with the best performance",
                 "ext-uri": "to use the PHP native URI class",
-                "jeremykendall/php-domain-parser": "to resolve Public Suffix and Top Level Domain",
-                "league/uri-components": "Needed to easily manipulate URI objects components",
-                "league/uri-polyfill": "Needed to backport the PHP URI extension for older versions of PHP",
+                "jeremykendall/php-domain-parser": "to further parse the URI host and resolve its Public Suffix and Top Level Domain",
+                "league/uri-components": "to provide additional tools to manipulate URI objects components",
+                "league/uri-polyfill": "to backport the PHP URI extension for older versions of PHP",
                 "php-64bit": "to improve IPV4 host parsing",
-                "rowbot/url": "to handle WHATWG URL",
+                "rowbot/url": "to handle URLs using the WHATWG URL Living Standard specification",
                 "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present"
             },
             "type": "library",
@@ -3197,7 +3197,7 @@
                 "docs": "https://uri.thephpleague.com",
                 "forum": "https://thephpleague.slack.com",
                 "issues": "https://github.com/thephpleague/uri-src/issues",
-                "source": "https://github.com/thephpleague/uri/tree/7.7.0"
+                "source": "https://github.com/thephpleague/uri/tree/7.8.0"
             },
             "funding": [
                 {
@@ -3205,20 +3205,20 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-12-07T16:02:06+00:00"
+            "time": "2026-01-14T17:24:56+00:00"
         },
         {
             "name": "league/uri-interfaces",
-            "version": "7.7.0",
+            "version": "7.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/uri-interfaces.git",
-                "reference": "62ccc1a0435e1c54e10ee6022df28d6c04c2946c"
+                "reference": "c5c5cd056110fc8afaba29fa6b72a43ced42acd4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/62ccc1a0435e1c54e10ee6022df28d6c04c2946c",
-                "reference": "62ccc1a0435e1c54e10ee6022df28d6c04c2946c",
+                "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/c5c5cd056110fc8afaba29fa6b72a43ced42acd4",
+                "reference": "c5c5cd056110fc8afaba29fa6b72a43ced42acd4",
                 "shasum": ""
             },
             "require": {
@@ -3231,7 +3231,7 @@
                 "ext-gmp": "to improve IPV4 host parsing",
                 "ext-intl": "to handle IDN host with the best performance",
                 "php-64bit": "to improve IPV4 host parsing",
-                "rowbot/url": "to handle WHATWG URL",
+                "rowbot/url": "to handle URLs using the WHATWG URL Living Standard specification",
                 "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present"
             },
             "type": "library",
@@ -3281,7 +3281,7 @@
                 "docs": "https://uri.thephpleague.com",
                 "forum": "https://thephpleague.slack.com",
                 "issues": "https://github.com/thephpleague/uri-src/issues",
-                "source": "https://github.com/thephpleague/uri-interfaces/tree/7.7.0"
+                "source": "https://github.com/thephpleague/uri-interfaces/tree/7.8.0"
             },
             "funding": [
                 {
@@ -3289,7 +3289,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-12-07T16:03:21+00:00"
+            "time": "2026-01-15T06:54:53+00:00"
         },
         {
             "name": "netresearch/jsonmapper",
@@ -3455,16 +3455,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "6.0.0",
+            "version": "6.0.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "02600c041e7d0f4b7d1fe1d260565ec525472fa9"
+                "reference": "2f5cbed597cb261d1ea458f3da3a9ad32e670b1e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/02600c041e7d0f4b7d1fe1d260565ec525472fa9",
-                "reference": "02600c041e7d0f4b7d1fe1d260565ec525472fa9",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/2f5cbed597cb261d1ea458f3da3a9ad32e670b1e",
+                "reference": "2f5cbed597cb261d1ea458f3da3a9ad32e670b1e",
                 "shasum": ""
             },
             "require": {
@@ -3514,9 +3514,9 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/6.0.0"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/6.0.1"
             },
-            "time": "2026-01-07T20:22:53+00:00"
+            "time": "2026-01-20T15:30:42+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",

From b12c36f675274fd159ead5b19f7c74adf83302d7 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 21 Jan 2026 12:12:48 +0000
Subject: [PATCH 517/524] watchtower-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/watchtower/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index cd5238ac..0aeb6fd7 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.5-alpine3.23 AS go
 
-ENV WATCHTOWER_COMMIT_HASH=f6a7b29c312bec5f389a4fb52259919f0678800b	
+ENV WATCHTOWER_COMMIT_HASH=f522ce27e1fbe4618da54833025a95be62aa838a	
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
         build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.13.1
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.14.0
 
 FROM alpine:3.23.2
 

From 708e542270df92a7baf4e01fc314bb45054f8183 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 21 Jan 2026 12:16:29 +0000
Subject: [PATCH 518/524] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 9c468bbb..6968ac31 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=32.0.4
+ENV NEXTCLOUD_VERSION=32.0.5
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From f59b2776c796ea4216ec8c6d5063ba5fb877e0dd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 22 Jan 2026 04:08:30 +0000
Subject: [PATCH 519/524] build(deps): bump php in /Containers/mastercontainer

Bumps php from 8.4.16-fpm-alpine3.23 to 8.4.17-fpm-alpine3.23.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.17-fpm-alpine3.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index d2019e49..ed930781 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:29.1.4-cli AS docker
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.23/fpm/Dockerfile
-FROM php:8.4.16-fpm-alpine3.23
+FROM php:8.4.17-fpm-alpine3.23
 
 EXPOSE 80
 EXPOSE 8080

From 8eed705a906351ed15e8f379650e1c6d22021d44 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 22 Jan 2026 04:08:35 +0000
Subject: [PATCH 520/524] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.29-fpm-alpine3.23 to 8.3.30-fpm-alpine3.23.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.30-fpm-alpine3.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 9c468bbb..f3181a05 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.29-fpm-alpine3.23
+FROM php:8.3.30-fpm-alpine3.23
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From a7c091a5b26835db3ca579e9266fa02cc37172d0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 22 Jan 2026 12:21:26 +0100
Subject: [PATCH 521/524] mastercontainer: also add `wud.watch` label

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index e92d0a86..2fea59d1 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -127,6 +127,7 @@ RUN set -ex; \
 
 # hadolint ignore=DL3048
 LABEL org.label-schema.vendor="Nextcloud" \
+    wud.watch="false" \
     com.docker.compose.project="nextcloud-aio"
 
 # hadolint ignore=DL3002

From 8fb3126ce7e11bdc9d6d2f7c609478ce72c89848 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 21 Jan 2026 14:30:23 +0100
Subject: [PATCH 522/524] `CreateContainer`: also insert the max shutdown time
 into the container itself

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 1743c4a5..fb3701a4 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -356,6 +356,11 @@ readonly class DockerActionManager {
 
         $requestBody['HostConfig']['Init'] = $container->init;
 
+        $maxShutDownTime = $container->maxShutdownTime;
+        if ($maxShutDownTime > 0) {
+            $requestBody['StopTimeout'] = $maxShutDownTime;
+        }
+
         $capAdds = $container->capAdd;
         if (count($capAdds) > 0) {
             $requestBody['HostConfig']['CapAdd'] = $capAdds;

From 00688a52bd9e85768398eb01c8389f940233268d Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 22 Jan 2026 13:12:02 +0000
Subject: [PATCH 523/524] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                       | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml        | 6 +++---
 .../templates/nextcloud-aio-apache-service.yaml           | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml        | 8 ++++----
 .../templates/nextcloud-aio-clamav-service.yaml           | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml     | 8 ++++----
 .../templates/nextcloud-aio-collabora-service.yaml        | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml      | 8 ++++----
 .../templates/nextcloud-aio-database-service.yaml         | 2 +-
 .../nextcloud-aio-fulltextsearch-deployment.yaml          | 8 ++++----
 .../templates/nextcloud-aio-fulltextsearch-service.yaml   | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml     | 6 +++---
 .../templates/nextcloud-aio-imaginary-service.yaml        | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml     | 8 ++++----
 .../templates/nextcloud-aio-nextcloud-service.yaml        | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml   | 6 +++---
 .../templates/nextcloud-aio-notify-push-service.yaml      | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml    | 8 ++++----
 .../templates/nextcloud-aio-onlyoffice-service.yaml       | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml         | 6 +++---
 .../templates/nextcloud-aio-redis-service.yaml            | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml          | 6 +++---
 .../nextcloud-aio-talk-recording-deployment.yaml          | 6 +++---
 .../templates/nextcloud-aio-talk-recording-service.yaml   | 2 +-
 .../templates/nextcloud-aio-talk-service.yaml             | 4 ++--
 .../templates/nextcloud-aio-whiteboard-deployment.yaml    | 6 +++---
 .../templates/nextcloud-aio-whiteboard-service.yaml       | 2 +-
 27 files changed, 60 insertions(+), 60 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 7d990549..6288a381 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 12.4.0
+version: 12.5.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 6cdf8db8..e540791c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-apache
     spec:
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-apache:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index 404ee626..98e33a4d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index d7627802..57ec7739 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
@@ -18,7 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-clamav
     spec:
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-clamav:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
index 8dc8597d..8b236093 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 7e86c402..cd4e1368 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-collabora
     spec:
@@ -36,9 +36,9 @@ spec:
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
           {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
-          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260122_105751
           {{- else }}
-          image: ghcr.io/nextcloud-releases/aio-collabora:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-collabora:20260122_105751
           {{- end }}
           readinessProbe:
             exec:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
index ebe7bf3f..5c81ef3e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 055ecd0a..be6a9c90 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-database
     spec:
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
index 9451d908..45fdce3a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index df30e6a8..bed60a0c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
@@ -18,13 +18,13 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-fulltextsearch
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
index ae759475..efe474b3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index d2fc1375..af15d4b3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-imaginary
     spec:
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
index a5fb3266..44a57006 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index fe72d307..8b6e8211 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751
           command:
             - chmod
             - "777"
@@ -190,7 +190,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260122_105751
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
index 18cf84d8..08ab70f2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 5b05336e..c8e30d05 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-notify-push
     spec:
@@ -57,7 +57,7 @@ spec:
               value: "6379"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
index 2b7bfccd..986d98d4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 0e3a7fda..2bb79f19 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
@@ -18,13 +18,13 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-onlyoffice
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
index 6ff9afa1..5fc10b85 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 1ccebd79..28335e64 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-redis
     spec:
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-redis:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
index af82a0bb..a6a9a0a5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 8635a6ce..679dd66e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-talk
     spec:
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-talk:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 2cfcaa53..8e631656 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
@@ -18,7 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-talk-recording
     spec:
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
index 4410ed72..87fe0355 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 10d17177..65388792 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -4,7 +4,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk-public
@@ -27,7 +27,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 50dfc3c4..5788cfa0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-whiteboard
   name: nextcloud-aio-whiteboard
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-whiteboard
     spec:
@@ -50,7 +50,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
index 8c8cb5aa..299f1ec3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-whiteboard
   name: nextcloud-aio-whiteboard

From c47ace7718a790c01e631ec3b4398293a298fa11 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 22 Jan 2026 13:33:38 +0000
Subject: [PATCH 524/524] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 0a0c14ce..650c4c67 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.6-alpine3.23 AS go
 
-ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
+ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \