Sanitized user-provided file names in HTTP multipart uploads

Protect readLine() against DoS
Hardening suggestions for Stirling-PDF / ghostscript (#2339 )
2024-11-26 20:44:19 +00:00 · 2024-11-26 20:44:18 +00:00 · 2024-11-26 20:44:07 +00:00 · 2024-11-26 20:38:23 +00:00 · 2024-11-26 20:31:31 +00:00 · 2024-11-26 20:30:35 +00:00
236 changed files with 4022 additions and 38042 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,2 +1,2 @@
 # All PRs to V1 must be approved by Frooodle
-* @Frooodle @reecebrowne @Ludy87 @DarioGii
+* @Frooodle
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,5 +1,5 @@
 blank_issues_enabled: true
 contact_links:
  - name: 💬 Discord Server
-    url: https://discord.gg/HYmhKj45pU
+    url: https://discord.gg/Cn8pWhQRxZ
    about: You can join our Discord server for real time discussion and support
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -11,13 +11,7 @@ updates:
      interval: "weekly"
    open-pull-requests-limit: 10
    rebase-strategy: "auto"
  - package-ecosystem: "docker"
    directory: "/" # Location of Dockerfile
    schedule:
      interval: "weekly"
  - package-ecosystem: github-actions
    directory: /
    schedule:
      interval: weekly
--- a/.github/release.yml
+++ b/.github/release.yml
@@ -9,7 +9,7 @@ changelog:
    - title: Bug Fixes
      labels:
        - Bug
-
+    
    - title: Enhancements
      labels:
        - enhancement
@@ -26,7 +26,7 @@ changelog:
    - title: Translation Changes
      labels:
        - Translation
-
+    
    - title: Other Changes
      labels:
        - "*"
--- a/.github/workflows/PR-Demo-Comment.yml
+++ b/.github/workflows/PR-Demo-Comment.yml
@@ -8,14 +8,14 @@ jobs:
  check-comment:
    runs-on: ubuntu-latest
    if: |
-      github.event.issue.pull_request &&
+      github.event.issue.pull_request && 
      (
      contains(github.event.comment.body, 'prdeploy') ||
      contains(github.event.comment.body, 'deploypr')
      )
-      &&
+      && 
      (
-        github.event.comment.user.login == 'frooodle' ||
+        github.event.comment.user.login == 'frooodle' || 
        github.event.comment.user.login == 'sf298' ||
        github.event.comment.user.login == 'Ludy87' ||
        github.event.comment.user.login == 'LaserKaspar' ||
@@ -28,14 +28,9 @@ jobs:
      pr_ref: ${{ steps.get-pr-info.outputs.ref }}
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - name: Get PR data
        id: get-pr
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@v7
        with:
          script: |
            const prNumber = context.payload.issue.number;
@@ -44,46 +39,41 @@ jobs:
      - name: Get PR repository and ref
        id: get-pr-info
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@v7
        with:
          script: |
            const { owner, repo } = context.repo;
            const prNumber = context.payload.issue.number;
-
+            
            const { data: pr } = await github.rest.pulls.get({
              owner,
              repo,
              pull_number: prNumber,
            });
-
+            
            // For forks, use the full repository name, for internal PRs use the current repo
            const repository = pr.head.repo.fork ? pr.head.repo.full_name : `${owner}/${repo}`;
-
+            
            console.log(`PR Repository: ${repository}`);
            console.log(`PR Branch: ${pr.head.ref}`);
-
+            
            core.setOutput('repository', repository);
            core.setOutput('ref', pr.head.ref);
  deploy-pr:
    needs: check-comment
    runs-on: ubuntu-latest
-
+    
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - name: Checkout PR
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          repository: ${{ needs.check-comment.outputs.pr_repository }}
          ref: ${{ needs.check-comment.outputs.pr_ref }}
          token: ${{ secrets.GITHUB_TOKEN }}
-
+      
      - name: Set up JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'
@@ -94,20 +84,20 @@ jobs:
          DOCKER_ENABLE_SECURITY: false
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
+        uses: docker/setup-buildx-action@v3
      - name: Get version number
        id: versionNumber
        run: echo "versionNumber=$(./gradlew printVersion --quiet | tail -1)" >> $GITHUB_OUTPUT
      - name: Login to Docker Hub
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_API }}
      - name: Build and push PR-specific image
-        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
+        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./Dockerfile
@@ -156,10 +146,10 @@ jobs:
          ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -T ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << 'ENDSSH'
            # Create PR-specific directories
            mkdir -p /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/{data,config,logs}
-
+            
            # Move docker-compose file to correct location
            mv /tmp/docker-compose.yml /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/docker-compose.yml
-
+            
            # Start or restart the container
            cd /stirling/PR-${{ needs.check-comment.outputs.pr_number }}
            docker-compose pull
@@ -168,7 +158,7 @@ jobs:
      - name: Post deployment URL to PR
        if: success()
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@v7
        with:
          script: |
            const { GITHUB_REPOSITORY } = process.env;
--- a/.github/workflows/PR-Demo-cleanup.yml
+++ b/.github/workflows/PR-Demo-cleanup.yml
@@ -4,7 +4,9 @@ on:
  pull_request:
    types: [opened, synchronize, reopened, closed]
-permissions: read-all
+permissions:
  contents: write
  pull-requests: write
 env:
  SERVER_IP: ${{ secrets.VPS_IP }}  # Add this to your GitHub secrets
@@ -13,17 +15,9 @@ env:
 jobs:
  cleanup:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
    if: github.event.action == 'closed'
-
+    
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - name: Set up SSH
        run: |
          mkdir -p ~/.ssh/
@@ -36,20 +30,20 @@ jobs:
          CLEANUP_STATUS=$(ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -T ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << 'ENDSSH'
            if [ -d "/stirling/PR-${{ github.event.pull_request.number }}" ]; then
              echo "Found PR directory, proceeding with cleanup..."
-
+              
              # Stop and remove containers
              cd /stirling/PR-${{ github.event.pull_request.number }}
              docker-compose down || true
-
+              
              # Go back to root before removal
              cd /
-
+              
              # Remove PR-specific directories
              rm -rf /stirling/PR-${{ github.event.pull_request.number }}
-
+              
              # Remove the Docker image
              docker rmi --no-prune ${{ secrets.DOCKER_HUB_USERNAME }}/test:pr-${{ github.event.pull_request.number }} || true
-
+              
              echo "PERFORMED_CLEANUP"
            else
              echo "PR directory not found, nothing to clean up"
@@ -57,7 +51,7 @@ jobs:
            fi
          ENDSSH
          )
-
+          
          if [[ $CLEANUP_STATUS == *"PERFORMED_CLEANUP"* ]]; then
            echo "cleanup_performed=true" >> $GITHUB_OUTPUT
          else
@@ -66,7 +60,7 @@ jobs:
      - name: Post cleanup notice to PR
        if: steps.cleanup.outputs.cleanup_performed == 'true'
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@v7
        with:
          script: |
            const { GITHUB_REPOSITORY } = process.env;
--- a/.github/workflows/auto-labeler.yml
+++ b/.github/workflows/auto-labeler.yml
@@ -3,23 +3,17 @@ on:
  pull_request_target:
    types: [opened, synchronize]
 permissions: read-all
 jobs:
  labeler:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
-      - name: Harden Runner
+      - uses: actions/checkout@v4
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+      
        with:
          egress-policy: audit
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Apply Labels
-        uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
+        uses: actions/labeler@v5
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          configuration-path: .github/labeler-config.yml
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -6,13 +6,13 @@ on:
  pull_request:
    branches: ["main"]
 permissions: read-all
 jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    strategy:
@@ -21,22 +21,17 @@ jobs:
        jdk-version: [17, 21]
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
      - name: Set up JDK ${{ matrix.jdk-version }}
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@v4
        with:
          java-version: ${{ matrix.jdk-version }}
          distribution: "temurin"
      - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/setup-gradle@v4
        with:
          gradle-version: 8.7
@@ -61,22 +56,17 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - name: Checkout Repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
      - name: Set up Java 17
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@v4
        with:
          java-version: "17"
          distribution: "adopt"
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
+        uses: docker/setup-buildx-action@v3
      - name: Install Docker Compose
        run: |
@@ -84,9 +74,9 @@ jobs:
          sudo chmod +x /usr/local/bin/docker-compose
      - name: Set up Python
-        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+        uses: actions/setup-python@v5
        with:
-          python-version: "3.12"
+          python-version: "3.7"
      - name: Pip requirements
        run: |
--- a/.github/workflows/check_properties.yml
+++ b/.github/workflows/check_properties.yml
@@ -1,42 +1,37 @@
-name: Check Properties Files on PR
+name: Check Properties Files
 on:
  pull_request_target:
    types: [opened, synchronize, reopened]
    paths:
      - "src/main/resources/messages_*.properties"
-
+  push:
-permissions: read-all
+    branches: ["main"]
    paths:
      - "src/main/resources/messages_en_GB.properties"
 jobs:
  check-files:
    if: github.event_name == 'pull_request_target'
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - name: Checkout main branch first
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          ref: main
          path: main-branch
          fetch-depth: 0
      - name: Checkout PR branch
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        env:
          PULL_REQUEST_REF: ${{ github.event.pull_request.head.ref }}
        with:
          repository: ${{ github.event.pull_request.head.repo.full_name }}
-          ref: $PULL_REQUEST_REF
+          ref: ${{ github.event.pull_request.head.ref }}
          path: pr-branch
          fetch-depth: 0
      - name: Set up Python
-        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+        uses: actions/setup-python@v5
        with:
          python-version: "3.x"
@@ -114,7 +109,7 @@ jobs:
      - name: Post comment on PR
        if: env.SCRIPT_OUTPUT != ''
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@v7
        with:
          script: |
            const { GITHUB_REPOSITORY, SCRIPT_OUTPUT } = process.env;
@@ -160,3 +155,59 @@ jobs:
        run: |
          echo "Failing the job because errors were detected."
          exit 1
  update-translations-main:
    if: github.event_name == 'push'
    permissions:
      contents: write
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.x"
      - name: Run Python script to check files
        id: run-check
        run: |
          echo "Running Python script to check files..."
          python .github/scripts/check_language_properties.py \
            --reference-file src/main/resources/messages_en_GB.properties \
            --branch main
      - name: Set up git config
        run: |
          git config --global user.name "github-actions[bot]"
          git config --global user.email "github-actions[bot]@users.noreply.github.com"
      - name: Add translation keys
        run: |
          git add src/main/resources/messages_*.properties
          git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV
      - name: Create Pull Request
        id: cpr
        if: env.CHANGES_DETECTED == 'true'
        uses: peter-evans/create-pull-request@v7
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: "Update translation files"
          committer: GitHub Action <action@github.com>
          author: GitHub Action <action@github.com>
          signoff: true
          branch: update_translation_files
          title: "Update translation files"
          add-paths: |
            src/main/resources/messages_*.properties
          body: |
            Auto-generated by [create-pull-request][1]
            [1]: https://github.com/peter-evans/create-pull-request
          labels: Translation
          draft: false
          delete-branch: true
          sign-commits: true
--- a/.github/workflows/codeql.yml-disabled
+++ b/.github/workflows/codeql.yml-disabled
@@ -1,79 +0,0 @@
 # For most projects, this workflow file will not need changing; you simply need
 # to commit it to your repository.
 #
 # You may wish to alter this file to override the set of languages analyzed,
 # or to provide custom queries or build logic.
 #
 # ******** NOTE ********
 # We have attempted to detect the languages in your repository. Please check
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
 name: "CodeQL"
 #disable for now
 #on:
 #  push:
 #    branches: ["main"]
 #  pull_request:
    # The branches below must be a subset of the branches above
 #    branches: ["main"]
 #  schedule:
 #    - cron: "0 0 * * 1"
 permissions:
  contents: read
 jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    strategy:
      fail-fast: false
      matrix:
        language: ["java"]
        # CodeQL supports [ $supported-codeql-languages ]
        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
        uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
          # By default, queries listed here will override any specified in a config file.
          # Prefix the list here with "+" to use these queries and those in the config file.
      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
        uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
      #   If the Autobuild fails above, remove it and uncomment the following three lines.
      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
      # - run: |
      #   echo "Run, Build Application using script"
      #   ./location_of_script_within_repo/buildscript.sh
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
        with:
          category: "/language:${{matrix.language}}"
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -1,27 +0,0 @@
 # Dependency Review Action
 #
 # This Action will scan dependency manifest files that change as part of a Pull Request,
 # surfacing known-vulnerable versions of the packages declared or updated in the PR.
 # Once installed, if the workflow run is marked as required,
 # PRs introducing known-vulnerable packages will be blocked from merging.
 #
 # Source repository: https://github.com/actions/dependency-review-action
 name: 'Dependency Review'
 on: [pull_request]
 permissions:
  contents: read
 jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - name: 'Checkout Repository'
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: 'Dependency Review'
        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
--- a/.github/workflows/licenses-update.yml
+++ b/.github/workflows/licenses-update.yml
@@ -7,30 +7,25 @@ on:
    paths:
      - "build.gradle"
-permissions: read-all
+permissions:
  contents: write
  pull-requests: write
 jobs:
  generate-license-report:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
    steps:
      - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
      - name: Set up JDK 17
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@v4
        with:
          java-version: "17"
          distribution: "adopt"
-      - uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+      - uses: gradle/actions/setup-gradle@v4
      - name: Run Gradle Command
        run: ./gradlew clean generateLicenseReport
@@ -52,7 +47,7 @@ jobs:
      - name: Create Pull Request
        id: cpr
        if: env.CHANGES_DETECTED == 'true'
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+        uses: peter-evans/create-pull-request@v6
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: "Update 3rd Party Licenses"
@@ -77,7 +72,7 @@ jobs:
      - name: Enable auto-merge
        if: steps.cpr.outputs.pull-request-operation == 'created'
-        uses: peter-evans/enable-pull-request-automerge@a660677d5469627102a1c1e11409dd063606628d # v3.0.0
+        uses: peter-evans/enable-pull-request-automerge@v3
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
--- a/.github/workflows/manage-label.yml
+++ b/.github/workflows/manage-label.yml
@@ -4,26 +4,21 @@ on:
  schedule:
    - cron: "30 20 * * *"
-permissions: read-all
+permissions:
  contents: read
  issues: write
 jobs:
  labeler:
    name: Labeler
    runs-on: ubuntu-latest
    permissions:
      issues: write
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - name: Check out the repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
      - name: Run Labeler
-        uses: crazy-max/ghaction-github-labeler@b54af0c25861143e7c8813d7cbbf46d2c341680c # v5.1.0
+        uses: crazy-max/ghaction-github-labeler@v5
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          yaml-file: .github/labels.yml
-          skip-delete: true
+          skip-delete: true
--- a/.github/workflows/multiOSReleases.yml
+++ b/.github/workflows/multiOSReleases.yml
@@ -1,104 +0,0 @@
 name: Test Installers Build
 on:
  workflow_dispatch:
  release:
    types: [created]
 permissions: read-all
 jobs:
  build-installers:
    strategy:
      matrix:
        include:
          - os: windows-latest
            platform: win
            ext: exe
         #- os: macos-latest
         #  platform: mac
         # ext: dmg
         #- os: ubuntu-latest
         #  platform: linux
         #  ext: deb
    runs-on: ${{ matrix.os }}
    permissions:
      contents: write
      packages: write
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up JDK 21
        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
        with:
          java-version: "21"
          distribution: "temurin"
      - uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
        with:
          gradle-version: 8.7
      # Install Windows dependencies
      - name: Install WiX Toolset
        if: matrix.os == 'windows-latest'
        run: |
          curl -L -o wix.exe https://github.com/wixtoolset/wix3/releases/download/wix3141rtm/wix314.exe
          .\wix.exe /install /quiet
      # Install Linux dependencies
      - name: Install Linux Dependencies
        if: matrix.os == 'ubuntu-latest'
        run: |
          sudo apt-get update
          sudo apt-get install -y fakeroot rpm
      # Get version number
      - name: Get version number
        id: versionNumber
        run: echo "versionNumber=$(./gradlew printVersion --quiet | tail -1)" >> $GITHUB_OUTPUT
        shell: bash
      - name: Get version number mac
        id: versionNumberMac
        run: echo "versionNumberMac=$(./gradlew printMacVersion --quiet | tail -1)" >> $GITHUB_OUTPUT
        shell: bash
      # Build installer
      - name: Build Installer
        run: ./gradlew build jpackage -x test --info
        env:
          DOCKER_ENABLE_SECURITY: false
          STIRLING_PDF_DESKTOP_UI: true
      # Rename and collect artifacts based on OS
      - name: Prepare artifacts
        id: prepare
        shell: bash
        run: |
          if [ "${{ matrix.os }}" = "windows-latest" ]; then
            mv "build/jpackage/Stirling-PDF-${{ steps.versionNumber.outputs.versionNumber }}.exe" "Stirling-PDF-${{ matrix.platform }}-installer.${{ matrix.ext }}"
          elif [ "${{ matrix.os }}" = "macos-latest" ]; then
            mv "build/jpackage/Stirling-PDF-${{ steps.versionNumberMac.outputs.versionNumberMac }}.dmg" "Stirling-PDF-${{ steps.versionNumber.outputs.versionNumber }}-${{ matrix.platform }}.${{ matrix.ext }}"
          else
            mv "build/jpackage/stirling-pdf_${{ steps.versionNumber.outputs.versionNumber }}-1_amd64.deb" "Stirling-PDF-${{ steps.versionNumber.outputs.versionNumber }}-${{ matrix.platform }}.${{ matrix.ext }}"
          fi
      # Upload installer as artifact for testing
      - name: Upload Installer Artifact
        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
        with:
          name: Stirling-PDF-${{ matrix.platform }}-installer.${{ matrix.ext }}
          path: Stirling-PDF-${{ matrix.platform }}-installer.${{ matrix.ext }}
          retention-days: 1
          if-no-files-found: error
      - name: Upload binaries to release
        uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0
        with:
          files: ./Stirling-PDF-${{ matrix.platform }}-installer.${{ matrix.ext }}
--- a/.github/workflows/push-docker.yml
+++ b/.github/workflows/push-docker.yml
@@ -10,28 +10,20 @@ on:
 permissions:
  contents: read
  packages: write
  id-token: write
 jobs:
  push:
    runs-on: ubuntu-latest
    permissions:
      packages: write
    steps:
-      - name: Harden Runner
+      - uses: actions/checkout@v4
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up JDK 17
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@v4
        with:
          java-version: "17"
          distribution: "temurin"
-      - uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+      - uses: gradle/actions/setup-gradle@v4
        with:
          gradle-version: 8.7
@@ -40,34 +32,29 @@ jobs:
        env:
          DOCKER_ENABLE_SECURITY: false
      - name: Install cosign
        uses: sigstore/cosign-installer@v3.7.0
        with:
          cosign-release: 'v2.4.1'
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
+        uses: docker/setup-buildx-action@v3
      - name: Get version number
        id: versionNumber
        run: echo "versionNumber=$(./gradlew printVersion --quiet | tail -1)" >> $GITHUB_OUTPUT
      - name: Login to Docker Hub
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_API }}
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ github.token }}
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
+        uses: docker/setup-qemu-action@v3
      - name: Convert repository owner to lowercase
        id: repoowner
@@ -75,7 +62,7 @@ jobs:
      - name: Generate tags
        id: meta
-        uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
+        uses: docker/metadata-action@v5
        with:
          images: |
            ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf
@@ -88,8 +75,7 @@ jobs:
            type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/main' }}
      - name: Build and push main Dockerfile
-        id: build-push-regular
+        uses: docker/build-push-action@v6
        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: .
@@ -101,32 +87,10 @@ jobs:
          labels: ${{ steps.meta.outputs.labels }}
          build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }}
          platforms: linux/amd64,linux/arm64/v8
          provenance: true
          sbom: true
      - name: Sign regular images
        env:
          DIGEST: ${{ steps.build-push-regular.outputs.digest }}
          TAGS: ${{ steps.meta.outputs.tags }}
        run: |
          # Always sign images regardless of branch
          echo "$TAGS" | tr ',' '\n' | while read -r tag; do
            cosign sign --yes "${tag}@${DIGEST}"
          done
          # For alpha builds specifically, we want to ensure they're marked as development builds
          if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
            echo "Signing alpha build with development attestation"
            echo "$TAGS" | tr ',' '\n' | while read -r tag; do
              if [[ $tag == *":alpha" ]]; then
                cosign attest --predicate <(echo '{"type":"development"}') --yes "${tag}@${DIGEST}"
              fi
            done
          fi
      - name: Generate tags ultra-lite
        id: meta2
-        uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
+        uses: docker/metadata-action@v5
        if: github.ref != 'refs/heads/main'
        with:
          images: |
@@ -139,8 +103,7 @@ jobs:
            type=raw,value=latest-ultra-lite,enable=${{ github.ref == 'refs/heads/master' }}
      - name: Build and push Dockerfile-ultra-lite
-        id: build-push-lite
+        uses: docker/build-push-action@v6
        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
        if: github.ref != 'refs/heads/main'
        with:
          context: .
@@ -152,22 +115,10 @@ jobs:
          labels: ${{ steps.meta2.outputs.labels }}
          build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }}
          platforms: linux/amd64,linux/arm64/v8
          provenance: true
          sbom: true
      - name: Sign ultra-lite images
        if: github.ref != 'refs/heads/main'
        env:
          DIGEST: ${{ steps.build-push-lite.outputs.digest }}
          TAGS: ${{ steps.meta2.outputs.tags }}
        run: |
          echo "$TAGS" | tr ',' '\n' | while read -r tag; do
            cosign sign --yes "${tag}@${DIGEST}"
          done
      - name: Generate tags fat
        id: meta3
-        uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
+        uses: docker/metadata-action@v5
        if: github.ref != 'refs/heads/main'
        with:
          images: |
@@ -180,8 +131,7 @@ jobs:
            type=raw,value=latest-fat,enable=${{ github.ref == 'refs/heads/master' }}
      - name: Build and push main Dockerfile fat
-        id: build-push-fat
+        uses: docker/build-push-action@v6
        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
        if: github.ref != 'refs/heads/main'
        with:
          builder: ${{ steps.buildx.outputs.name }}
@@ -194,15 +144,3 @@ jobs:
          labels: ${{ steps.meta3.outputs.labels }}
          build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }}
          platforms: linux/amd64,linux/arm64/v8
          provenance: true
          sbom: true
      - name: Sign fat images
        if: github.ref != 'refs/heads/main'
        env:
          DIGEST: ${{ steps.build-push-fat.outputs.digest }}
          TAGS: ${{ steps.meta3.outputs.tags }}
        run: |
          echo "$TAGS" | tr ',' '\n' | while read -r tag; do
            cosign sign --yes "${tag}@${DIGEST}"
          done
--- a/.github/workflows/releaseArtifacts.yml
+++ b/.github/workflows/releaseArtifacts.yml
@@ -4,15 +4,12 @@ on:
  workflow_dispatch:
  release:
    types: [created]
-
+permissions:
-permissions: read-all
+  contents: write
-
+  packages: write
 jobs:
  push:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      packages: write
    strategy:
      matrix:
        enable_security: [true, false]
@@ -22,20 +19,15 @@ jobs:
          - enable_security: false
            file_suffix: ""
    steps:
-      - name: Harden Runner
+      - uses: actions/checkout@v4
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up JDK 17
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@v4
        with:
          java-version: "17"
          distribution: "temurin"
-      - uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+      - uses: gradle/actions/setup-gradle@v4
        with:
          gradle-version: 8.7
@@ -43,34 +35,33 @@ jobs:
        run: ./gradlew clean createExe
        env:
          DOCKER_ENABLE_SECURITY: ${{ matrix.enable_security }}
          STIRLING_PDF_DESKTOP_UI: false
      - name: Get version number
        id: versionNumber
        run: echo "versionNumber=$(./gradlew printVersion --quiet | tail -1)" >> $GITHUB_OUTPUT
      - name: Rename binarie
-        run: cp ./build/launch4j/Stirling-PDF.exe ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
+        if: matrix.file_suffix != ''
        run: cp ./build/launch4j/Stirling-PDF.exe ./build/launch4j/Stirling-PDF${{ matrix.file_suffix }}.exe
      - name: Upload Assets binarie
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@v4
        with:
-          path: ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
+          path: ./build/launch4j/Stirling-PDF${{ matrix.file_suffix }}.exe
-          name: Stirling-PDF-Server${{ matrix.file_suffix }}.exe
+          name: Stirling-PDF${{ matrix.file_suffix }}.exe
          overwrite: true
          retention-days: 1
          if-no-files-found: error
      - name: Upload binaries to release
-        uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0
+        uses: softprops/action-gh-release@v2
        with:
-          files: ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
+          files: ./build/launch4j/Stirling-PDF${{ matrix.file_suffix }}.exe
      - name: Rename jar binaries
        run: cp ./build/libs/Stirling-PDF-${{ steps.versionNumber.outputs.versionNumber }}.jar ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.jar
      - name: Upload Assets jar binaries
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@v4
        with:
          path: ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.jar
          name: Stirling-PDF${{ matrix.file_suffix }}.jar
@@ -79,6 +70,6 @@ jobs:
          if-no-files-found: error
      - name: Upload jar binaries to release
-        uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0
+        uses: softprops/action-gh-release@v2
        with:
          files: ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.jar
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -1,79 +0,0 @@
 # This workflow uses actions that are not certified by GitHub. They are provided
 # by a third-party and are governed by separate terms of service, privacy
 # policy, and support documentation.
 name: Scorecard supply-chain security
 on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:
  # To guarantee Maintained check is occasionally updated. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
  schedule:
    - cron: '20 7 * * 2'
  push:
    branches: ["main"]
 permissions: read-all
 jobs:
  analysis:
    name: Scorecard analysis
    runs-on: ubuntu-latest
    permissions:
      # Needed to upload the results to code-scanning dashboard.
      security-events: write
      # Needed to publish results and get a badge (see publish_results below).
      id-token: write
      contents: read
      actions: read
      # To allow GraphQL ListCommits to work
      issues: read
      pull-requests: read
      # To detect SAST tools
      checks: read
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - name: "Checkout code"
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: "Run analysis"
        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
        with:
          results_file: results.sarif
          results_format: sarif
          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
          # - you want to enable the Branch-Protection check on a *public* repository, or
          # - you are installing Scorecards on a *private* repository
          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
          # Public repositories:
          #   - Publish results to OpenSSF REST API for easy access by consumers
          #   - Allows the repository to include the Scorecard badge.
          #   - See https://github.com/ossf/scorecard-action#publishing-results.
          # For private repositories:
          #   - `publish_results` will always be set to `false`, regardless
          #     of the value entered here.
          publish_results: true
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
        with:
          name: SARIF file
          path: results.sarif
          retention-days: 5
      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
        with:
          sarif_file: results.sarif
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -5,8 +5,6 @@ on:
    - cron: "30 0 * * *"
  workflow_dispatch:
 permissions: read-all
 jobs:
  stale:
    runs-on: ubuntu-latest
@@ -14,13 +12,8 @@ jobs:
      issues: write
      pull-requests: write
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - name: 30 days stale issues
-        uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
+        uses: actions/stale@v9
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          days-before-stale: 30
--- a/.github/workflows/swagger.yml
+++ b/.github/workflows/swagger.yml
@@ -6,26 +6,19 @@ on:
    branches:
      - master
 permissions: read-all
 jobs:
  push:
    runs-on: ubuntu-latest
    steps:
-      - name: Harden Runner
+      - uses: actions/checkout@v4
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up JDK 17
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@v4
        with:
          java-version: "17"
          distribution: "temurin"
-      - uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+      - uses: gradle/actions/setup-gradle@v4
      - name: Generate Swagger documentation
        run: ./gradlew generateOpenApiDocs
--- a/.github/workflows/sync_files.yml
+++ b/.github/workflows/sync_files.yml
@@ -9,23 +9,17 @@ on:
      - "src/main/resources/messages_*.properties"
      - "scripts/ignore_translation.toml"
-permissions: read-all
+permissions:
  contents: write
  pull-requests: write
 jobs:
  sync-readme:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
    steps:
-      - name: Harden Runner
+      - uses: actions/checkout@v4
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up Python
-        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+        uses: actions/setup-python@v5
        with:
          python-version: "3.x"
      - name: Install dependencies
@@ -42,7 +36,7 @@ jobs:
          git diff --staged --quiet || git commit -m ":memo: Sync README
          > Made via sync_files.yml" || echo "no changes"
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+        uses: peter-evans/create-pull-request@v6
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: Update files
--- a/.github/workflows/update-translations.yml
+++ b/.github/workflows/update-translations.yml
@@ -1,71 +0,0 @@
 name: Update Translations
 on:
  push:
    branches: ["main"]
    paths:
      - "src/main/resources/messages_en_GB.properties"
 permissions: read-all
 jobs:
  update-translations-main:
    if: github.event_name == 'push'
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit
      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up Python
        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
        with:
          python-version: "3.x"
      - name: Run Python script to check files
        id: run-check
        run: |
          echo "Running Python script to check files..."
          python .github/scripts/check_language_properties.py \
            --reference-file src/main/resources/messages_en_GB.properties \
            --branch main
      - name: Set up git config
        run: |
          git config --global user.name "github-actions[bot]"
          git config --global user.email "github-actions[bot]@users.noreply.github.com"
      - name: Add translation keys
        run: |
          git add src/main/resources/messages_*.properties
          git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV
      - name: Create Pull Request
        id: cpr
        if: env.CHANGES_DETECTED == 'true'
        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: "Update translation files"
          committer: GitHub Action <action@github.com>
          author: GitHub Action <action@github.com>
          signoff: true
          branch: update_translation_files
          title: "Update translation files"
          add-paths: |
            src/main/resources/messages_*.properties
          body: |
            Auto-generated by [create-pull-request][1]
            [1]: https://github.com/peter-evans/create-pull-request
          labels: Translation
          draft: false
          delete-branch: true
          sign-commits: true
--- a/.gitignore
+++ b/.gitignore
@@ -161,4 +161,3 @@ out/
 .pytest_cache
 .ipynb_checkpoints
 **/jcef-bundle/
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.8.4
+    rev: v0.2.1
    hooks:
      - id: ruff
        args:
@@ -12,7 +12,7 @@ repos:
        files: ^((.github/scripts|scripts)/.+)?[^/]+\.py$
        exclude: (split_photos.py)
  - repo: https://github.com/codespell-project/codespell
-    rev: v2.3.0
+    rev: v2.2.6
    hooks:
      - id: codespell
        args:
@@ -21,25 +21,6 @@ repos:
          - --quiet-level=2
        files: \.(properties|html|css|js|py|md)$
        exclude: (.vscode|.devcontainer|src/main/resources|Dockerfile)
  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.22.0
    hooks:
      - id: gitleaks
  - repo: https://github.com/jumanjihouse/pre-commit-hooks
    rev: 3.0.0
    hooks:
      - id: shellcheck
        files: ^.*(\.bash|\.sh|\.ksh|\.zsh)$
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v5.0.0
    hooks:
      - id: end-of-file-fixer
        files: ^.*(\.js|\.java|\.py|\.yml)$
        exclude: ^(.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js$)
      - id: trailing-whitespace
        files: ^.*(\.js|\.java|\.py|\.yml)$
        exclude: ^(.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js$)
  - repo: local
    hooks:
      - id: check-duplicate-properties-keys
@@ -47,11 +28,12 @@ repos:
        entry: python .github/scripts/check_duplicates.py
        language: python
        files: ^(src)/.+\.properties$
  - repo: local
    hooks:
      - id: check-html-tabs
        name: Check HTML for tabs
        description: Ensures HTML/CSS/JS files do not contain tab characters
        # args: ["--replace_with=  "]
        entry: python .github/scripts/check_tabulator.py
        language: python
-        exclude: ^(.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js$)
+        exclude: ^(src/main/resources/static/pdfjs|src/main/resources/static/pdfjs-legacy)
-        files: ^.*(\.html|\.css|\.js)$
+        files: ^.*(\.html|\.css|\.js)$
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -49,7 +49,5 @@
  "editor.indentSize": "tabSize",
  "editor.stickyScroll.enabled": false,
  "editor.minimap.enabled": false,
-  "editor.formatOnSave": true,
+  "editor.formatOnSave": true
  "java.format.settings.google.mode": "jar-file",
  "java.format.settings.google.extra": "--aosp --skip-sorting-imports"
 }
--- a/DATABASE.md
+++ b/DATABASE.md
@@ -1,5 +1,12 @@
 # New Database Backup and Import Functionality
 > [!IMPORTANT]
 > **Full activation will take place on approximately January 5th, 2025!**
 Why is the waiting time six months?
 There are users who only install updates sporadically; if they skip the preparation, it can/will lead to data loss in the database.
 ## Functionality Overview
 The newly introduced feature enhances the application with robust database backup and import capabilities. This feature is designed to ensure data integrity and provide a straightforward way to manage database backups. Here's how it works:
--- a/2
+++ b/2
@@ -1,5 +1,5 @@
 # Main stage
-FROM alpine:3.20.3@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a
+FROM alpine:3.20.3
 # Copy necessary files
 COPY scripts /scripts
--- a/2
+++ b/2
@@ -1,5 +1,5 @@
 # Build the application
-FROM gradle:8.12-jdk17 AS build
+FROM gradle:8.11-jdk17 AS build
 # Set the working directory
 WORKDIR /app
--- a/2
+++ b/2
@@ -1,5 +1,5 @@
 # use alpine
-FROM alpine:3.21.0
+FROM alpine:3.20.3
 ARG VERSION_TAG
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 <h1 align="center">Stirling-PDF</h1>
 [![Docker Pulls](https://img.shields.io/docker/pulls/frooodle/s-pdf)](https://hub.docker.com/r/frooodle/s-pdf)
-[![Discord](https://img.shields.io/discord/1068636748814483718?label=Discord)](https://discord.gg/HYmhKj45pU)
+[![Discord](https://img.shields.io/discord/1068636748814483718?label=Discord)](https://discord.gg/Cn8pWhQRxZ)
 [![Docker Image Version (tag latest semver)](https://img.shields.io/docker/v/frooodle/s-pdf/latest)](https://github.com/Stirling-Tools/Stirling-PDF/)
 [![GitHub Repo stars](https://img.shields.io/github/stars/stirling-tools/stirling-pdf?style=social)](https://github.com/Stirling-Tools/stirling-pdf)
@@ -11,13 +11,15 @@
 [Stirling-PDF](https://www.stirlingpdf.com) is a robust, locally hosted web-based PDF manipulation tool using Docker. It enables you to carry out various operations on PDF files, including splitting, merging, converting, reorganizing, adding images, rotating, compressing, and more. This locally hosted web application has evolved to encompass a comprehensive set of features, addressing all your PDF requirements.
 Stirling-PDF does not initiate any outbound calls for record-keeping or tracking purposes.
 All files and PDFs exist either exclusively on the client side, reside in server memory only during task execution, or temporarily reside in a file solely for the execution of the task. Any file downloaded by the user will have been deleted from the server by that point.
 ![stirling-home](images/stirling-home.jpg)
 ## Features
- Enterprise features like SSO Check [here](https://docs.stirlingpdf.com/Enterprise%20Edition)
+- Enterprise features like SSO Check [here](https://docs.stirlingpdf.com/Enterprise%20Edition) 
 - Dark mode support
 - Custom download options
 - Parallel file processing and downloads
@@ -185,48 +187,47 @@ Certain functionality like `Sign` supports pre-saved files stored at `/customFil
 ## Supported Languages
-Stirling-PDF currently supports 38 languages!
+Stirling-PDF currently supports 37 languages!
 | Language                                     | Progress                               |
 | -------------------------------------------- | -------------------------------------- |
-| Arabic (العربية) (ar_AR)                        | ![94%](https://geps.dev/progress/94)   |
+| Arabic (العربية) (ar_AR)                        | ![99%](https://geps.dev/progress/99)   |
-| Azerbaijani (Azərbaycan Dili) (az_AZ)        | ![92%](https://geps.dev/progress/92)   |
+| Azerbaijani (Azərbaycan Dili) (az_AZ)        | ![76%](https://geps.dev/progress/76)   |
-| Basque (Euskara) (eu_ES)                     | ![53%](https://geps.dev/progress/53)   |
+| Basque (Euskara) (eu_ES)                     | ![54%](https://geps.dev/progress/54)   |
-| Bulgarian (Български) (bg_BG)                | ![89%](https://geps.dev/progress/89)   |
+| Bulgarian (Български) (bg_BG)                | ![95%](https://geps.dev/progress/95)   |
-| Catalan (Català) (ca_CA)                     | ![84%](https://geps.dev/progress/84)   |
+| Catalan (Català) (ca_CA)                     | ![89%](https://geps.dev/progress/89)   |
-| Croatian (Hrvatski) (hr_HR)                  | ![91%](https://geps.dev/progress/91)   |
+| Croatian (Hrvatski) (hr_HR)                  | ![96%](https://geps.dev/progress/96)   |
-| Czech (Česky) (cs_CZ)                        | ![90%](https://geps.dev/progress/90)   |
+| Czech (Česky) (cs_CZ)                        | ![96%](https://geps.dev/progress/96)   |
-| Danish (Dansk) (da_DK)                       | ![89%](https://geps.dev/progress/89)   |
+| Danish (Dansk) (da_DK)                       | ![95%](https://geps.dev/progress/95)   |
-| Dutch (Nederlands) (nl_NL)                   | ![89%](https://geps.dev/progress/89)   |
+| Dutch (Nederlands) (nl_NL)                   | ![94%](https://geps.dev/progress/94)   |
 | English (English) (en_GB)                    | ![100%](https://geps.dev/progress/100) |
 | English (US) (en_US)                         | ![100%](https://geps.dev/progress/100) |
-| French (Français) (fr_FR)                    | ![92%](https://geps.dev/progress/92)   |
+| French (Français) (fr_FR)                    | ![98%](https://geps.dev/progress/98)   |
-| German (Deutsch) (de_DE)                     | ![100%](https://geps.dev/progress/100)   |
+| German (Deutsch) (de_DE)                     | ![98%](https://geps.dev/progress/98)   |
-| Greek (Ελληνικά) (el_GR)                     | ![90%](https://geps.dev/progress/90)   |
+| Greek (Ελληνικά) (el_GR)                     | ![96%](https://geps.dev/progress/96)   |
-| Hindi (हिंदी) (hi_IN)                          | ![88%](https://geps.dev/progress/88)   |
+| Hindi (हिंदी) (hi_IN)                          | ![93%](https://geps.dev/progress/93)   |
-| Hungarian (Magyar) (hu_HU)                   | ![91%](https://geps.dev/progress/91)   |
+| Hungarian (Magyar) (hu_HU)                   | ![96%](https://geps.dev/progress/96)   |
-| Indonesian (Bahasa Indonesia) (id_ID)        | ![90%](https://geps.dev/progress/90)   |
+| Indonesian (Bahasa Indonesia) (id_ID)        | ![96%](https://geps.dev/progress/96)   |
-| Irish (Gaeilge) (ga_IE)                      | ![82%](https://geps.dev/progress/82)   |
+| Irish (Gaeilge) (ga_IE)                      | ![86%](https://geps.dev/progress/86)   |
 | Italian (Italiano) (it_IT)                   | ![99%](https://geps.dev/progress/99)   |
-| Japanese (日本語) (ja_JP)                    | ![93%](https://geps.dev/progress/93)   |
+| Japanese (日本語) (ja_JP)                    | ![84%](https://geps.dev/progress/84)   |
-| Korean (한국어) (ko_KR)                      | ![89%](https://geps.dev/progress/89)   |
+| Korean (한국어) (ko_KR)                      | ![94%](https://geps.dev/progress/94)   |
-| Norwegian (Norsk) (no_NB)                    | ![82%](https://geps.dev/progress/82)   |
+| Norwegian (Norsk) (no_NB)                    | ![86%](https://geps.dev/progress/86)   |
-| Persian (فارسی) (fa_IR)                      | ![99%](https://geps.dev/progress/99)   |
+| Polish (Polski) (pl_PL)                      | ![95%](https://geps.dev/progress/95)   |
-| Polish (Polski) (pl_PL)                      | ![90%](https://geps.dev/progress/90)   |
+| Portuguese (Português) (pt_PT)               | ![96%](https://geps.dev/progress/96)   |
-| Portuguese (Português) (pt_PT)               | ![90%](https://geps.dev/progress/90)   |
+| Portuguese Brazilian (Português) (pt_BR)     | ![96%](https://geps.dev/progress/96)   |
-| Portuguese Brazilian (Português) (pt_BR)     | ![98%](https://geps.dev/progress/98)   |
+| Romanian (Română) (ro_RO)                    | ![89%](https://geps.dev/progress/89)   |
-| Romanian (Română) (ro_RO)                    | ![84%](https://geps.dev/progress/84)   |
+| Russian (Русский) (ru_RU)                    | ![95%](https://geps.dev/progress/95)   |
-| Russian (Русский) (ru_RU)                    | ![90%](https://geps.dev/progress/90)   |
+| Serbian Latin alphabet (Srpski) (sr_LATN_RS) | ![69%](https://geps.dev/progress/69)   |
-| Serbian Latin alphabet (Srpski) (sr_LATN_RS) | ![67%](https://geps.dev/progress/67)   |
+| Simplified Chinese (简体中文) (zh_CN)         | ![90%](https://geps.dev/progress/90)   |
-| Simplified Chinese (简体中文) (zh_CN)         | ![93%](https://geps.dev/progress/93)   |
+| Slovakian (Slovensky) (sk_SK)                | ![81%](https://geps.dev/progress/81)   |
-| Slovakian (Slovensky) (sk_SK)                | ![78%](https://geps.dev/progress/78)   |
+| Spanish (Español) (es_ES)                    | ![96%](https://geps.dev/progress/96)   |
-| Spanish (Español) (es_ES)                    | ![91%](https://geps.dev/progress/91)   |
+| Swedish (Svenska) (sv_SE)                    | ![95%](https://geps.dev/progress/95)   |
-| Swedish (Svenska) (sv_SE)                    | ![90%](https://geps.dev/progress/90)   |
+| Thai (ไทย) (th_TH)                           | ![94%](https://geps.dev/progress/94)   |
-| Thai (ไทย) (th_TH)                           | ![90%](https://geps.dev/progress/90)   |
+| Traditional Chinese (繁體中文) (zh_TW)        | ![97%](https://geps.dev/progress/97)   |
-| Traditional Chinese (繁體中文) (zh_TW)        | ![99%](https://geps.dev/progress/99)   |
+| Turkish (Türkçe) (tr_TR)                     | ![90%](https://geps.dev/progress/90)   |
-| Turkish (Türkçe) (tr_TR)                     | ![86%](https://geps.dev/progress/86)   |
+| Ukrainian (Українська) (uk_UA)               | ![79%](https://geps.dev/progress/79)   |
-| Ukrainian (Українська) (uk_UA)               | ![76%](https://geps.dev/progress/76)   |
+| Vietnamese (Tiếng Việt) (vi_VN)              | ![87%](https://geps.dev/progress/87)   |
 | Vietnamese (Tiếng Việt) (vi_VN)              | ![83%](https://geps.dev/progress/83)   |
 ## Contributing (Creating Issues, Translations, Fixing Bugs, etc.)
@@ -239,7 +240,7 @@ Stirling PDF offers a Enterprise edition of its software, This is the same great
 ### Whats included
 - Prioritised Support tickets via support@stirlingpdf.com to reach directly to Stirling-PDF team for support and 1:1 meetings where applicable (Provided they come from same email domain registered with us)
- Prioritised Enhancements to Stirling-PDF where applicable
+- Prioritised Enhancements to Stirling-PDF where applicable 
 - Base SSO support
 - Advanced SSO such as automated login handling (Coming very soon)
 - SAML SSO (Coming very soon)
@@ -403,7 +404,7 @@ To access your account settings, go to Account Settings in the settings cog menu
 To add new users, go to the bottom of Account Settings and hit 'Admin Settings'. Here you can add new users. The different roles mentioned within this are for rate limiting. This is a work in progress and will be expanded on more in the future.
-For API usage, you must provide a header with `X-API-KEY` and the associated API key for that user.
+For API usage, you must provide a header with `X-API-Key` and the associated API key for that user.
 ## FAQ
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,63 +0,0 @@
 # Security Policy
 ## Reporting a Vulnerability
 The Stirling-PDF team takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings.
 ### How to Report
 You can report security vulnerabilities through two channels:
 1. **GitHub Security Advisory**: 
   - Navigate to the [Security tab](https://github.com/Stirling-Tools/Stirling-PDF/security) in our repository
   - Click on "Report a vulnerability"
   - Provide a detailed description of the vulnerability
 2. **Direct Email**:
   - Send your report to security@stirlingpdf.com
   - Please include as much information as possible about the vulnerability
 ### What to Include
 When reporting a vulnerability, please provide:
 - A clear description of the vulnerability
 - Steps to reproduce the issue
 - Any potential impact
 - If possible, suggestions for addressing the vulnerability
 - Your contact information for follow-up questions
 ### Response Time
 We aim to acknowledge receipt of your vulnerability report within 48 hours
 ### Process
 1. Submit your report through one of the channels above
 2. Receive an acknowledgment from our team
 3. Our team will investigate and validate the issue
 4. We will work on a fix and keep you updated on our progress
 5. Once resolved, we will publish the fix and acknowledge your contribution (if desired)
 ### Bug Bounty
 At this time, we do not offer a bug bounty program. However, we greatly appreciate your efforts in making Stirling-PDF more secure and will acknowledge your contribution in our release notes (unless you prefer to remain anonymous).
 ## Supported Versions
 Only the latest version of Stirling-PDF is supported for security updates. We do not backport security fixes to older versions.
 | Version | Supported          |
 | ------- | ------------------ |
 | Latest  | :white_check_mark: |
 | Older   | :x:               |
 **Please note:** Before reporting a security issue, ensure you are using the latest version of Stirling-PDF. Security reports for older versions will not be accepted.
 ## Security Best Practices
 When deploying Stirling-PDF:
 1. Always use the latest version
 2. Follow our deployment guidelines
 3. Regularly check for and apply updates
--- a/build.gradle
+++ b/build.gradle
@@ -1,14 +1,13 @@
 plugins {
    id "java"
-    id "org.springframework.boot" version "3.4.1"
+    id "org.springframework.boot" version "3.4.0"
-    id "io.spring.dependency-management" version "1.1.7"
+    id "io.spring.dependency-management" version "1.1.6"
    id "org.springdoc.openapi-gradle-plugin" version "1.8.0"
    id "io.swagger.swaggerhub" version "1.3.2"
    id "edu.sc.seis.launch4j" version "3.0.6"
    id "com.diffplug.spotless" version "6.25.0"
    id "com.github.jk1.dependency-license-report" version "2.9"
 	//id "nebula.lint" version "19.0.3"
 	id("org.panteleyev.jpackageplugin") version "1.6.0"
 }
@@ -16,18 +15,16 @@ plugins {
 import com.github.jk1.license.render.*
 ext {
-    springBootVersion = "3.4.1"
+    springBootVersion = "3.4.0"
    pdfboxVersion = "3.0.3"
    logbackVersion = "1.5.7"
    imageioVersion = "3.12.0"
    lombokVersion = "1.18.36"
    bouncycastleVersion = "1.79"
    springSecuritySamlVersion = "6.4.2"
    openSamlVersion = "4.3.2"
 }
 group = "stirling.software"
-version = "0.36.5"
+version = "0.35.0"
 java {
@@ -38,9 +35,10 @@ java {
 repositories {
    mavenCentral()
    maven { url "https://jitpack.io" }
-    maven { url "https://build.shibboleth.net/maven/releases" }
+    maven { url "https://build.shibboleth.net/nexus/content/repositories/releases/" }
-    maven { url "https://maven.pkg.github.com/jcefmaven/jcefmaven" }
+    maven {
-
+        url 'https://build.shibboleth.net/maven/releases'
    }
 }
 licenseReport {
@@ -64,12 +62,6 @@ sourceSets {
                exclude "stirling/software/SPDF/model/User.java"
                exclude "stirling/software/SPDF/repository/**"
            }
            if (System.getenv("STIRLING_PDF_DESKTOP_UI") == "false") {
            	exclude "stirling/software/SPDF/UI/impl/**"
            }
        }
    }
 }
@@ -80,153 +72,16 @@ openApi {
    outputFileName = "SwaggerDoc.json"
 }
 //0.11.5 to 2024.11.5
 def getMacVersion(String version) {
    def currentYear = java.time.Year.now().getValue()
    def versionParts = version.split("\\.", 2)
    return "${currentYear}.${versionParts.length > 1 ? versionParts[1] : versionParts[0]}"
 }
 jpackage {
    input = "build/libs"
    appName = "Stirling-PDF"
    appVersion = project.version
    vendor = "Stirling-Software"
 	appDescription = "Stirling PDF - Your Local PDF Editor"
    mainJar = "Stirling-PDF-${project.version}.jar"
    mainClass = "org.springframework.boot.loader.launch.JarLauncher"
    icon = "src/main/resources/static/favicon.ico"
    // JVM Options
    javaOptions = [
        "-DBROWSER_OPEN=true",
        "-DSTIRLING_PDF_DESKTOP_UI=true",
        "-Djava.awt.headless=false",
        "-Dapple.awt.UIElement=true",
        "--add-opens", "java.base/java.lang=ALL-UNNAMED",
        "--add-opens", "java.desktop/java.awt.event=ALL-UNNAMED",
        "--add-opens", "java.desktop/sun.awt=ALL-UNNAMED"
    ]
    verbose = true
    destination = "${projectDir}/build/jpackage"
    // Windows-specific configuration
    windows {
    	launcherAsService = false
    	appVersion = project.version
        winConsole = false
        winDirChooser = true
        winMenu = true
        winShortcut = true
        winPerUserInstall = true
        winMenuGroup = "Stirling Software"
        winUpgradeUuid = "2a43ed0c-b8c2-40cf-89e1-751129b87641" // Unique identifier for updates
        winHelpUrl = "https://github.com/Stirling-Tools/Stirling-PDF"
        winUpdateUrl = "https://github.com/Stirling-Tools/Stirling-PDF/releases"
        type = "exe"
        installDir = "C:/Program Files/Stirling-PDF"
    }
    // macOS-specific configuration
    mac {
    	appVersion = getMacVersion(project.version.toString())
        icon = "src/main/resources/static/favicon.icns"
        type = "dmg"
        macPackageIdentifier = "com.stirling.software.pdf"
        macPackageName = "Stirling-PDF"
        macAppCategory = "public.app-category.productivity"
        macSign = false // Enable signing
        macAppStore = false // Not targeting App Store initially
        //installDir = "Applications"
        // Add license and other documentation to DMG
        /*macDmgContent = [
            "README.md",
            "LICENSE",
            "CHANGELOG.md"
        ]*/
        // Enable Mac-specific entitlements
        //macEntitlements = "entitlements.plist" // You'll need to create this file
    }
    // Linux-specific configuration
    linux {
    	appVersion = project.version
        icon = "src/main/resources/static/favicon.png"
        type = "deb" // Can also use "rpm" for Red Hat-based systems
        // Debian package configuration
        //linuxPackageName = "stirlingpdf"
        linuxDebMaintainer = "support@stirlingpdf.com"
        linuxMenuGroup = "Office;PDF;Productivity"
        linuxAppCategory = "Office"
        linuxAppRelease = "1"
        linuxPackageDeps = true
        installDir = "/opt/Stirling-PDF"
        // RPM-specific settings
        //linuxRpmLicenseType = "MIT"
    }
    // Common additional options
    //jLinkOptions = [
    //    "--strip-debug",
    //    "--compress=2",
    //    "--no-header-files",
    //    "--no-man-pages"
    //]
    // Add any additional modules required
    /*addModules = [
        "java.base",
        "java.desktop",
        "java.logging",
        "java.sql",
        "java.xml",
        "jdk.crypto.ec"
    ]*/
    // Add copyright and license information
    copyright = "Copyright © 2024 Stirling Software"
    licenseFile = "LICENSE"
 }
 launch4j {
    icon = "${projectDir}/src/main/resources/static/favicon.ico"
    outfile="Stirling-PDF.exe"
-
+    headerType="console"
    if(System.getenv("STIRLING_PDF_DESKTOP_UI") == 'true') {
    	headerType = "gui"
    } else {
    	headerType = "console"
    }
    jarTask = tasks.bootJar
    errTitle="Encountered error, Do you have Java 21?"
    downloadUrl="https://download.oracle.com/java/21/latest/jdk-21_windows-x64_bin.exe"
-
+    variables=["BROWSER_OPEN=true"]
    if(System.getenv("STIRLING_PDF_DESKTOP_UI") == 'true') {
    	variables=["BROWSER_OPEN=true", "STIRLING_PDF_DESKTOP_UI=true"]
    } else {
    	variables=["BROWSER_OPEN=true"]
    }
    jreMinVersion="17"
    mutexName="Stirling-PDF"
@@ -243,7 +98,7 @@ spotless {
    java {
        target project.fileTree('src/main/java')
-        googleJavaFormat("1.25.2").aosp().reorderImports(false)
+        googleJavaFormat("1.22.0").aosp().reorderImports(false)
        importOrder("java", "javax", "org", "com", "net", "io")
        toggleOffOn()
@@ -266,17 +121,10 @@ configurations.all {
    exclude group: "org.springframework.boot", module: "spring-boot-starter-tomcat"
 }
 dependencies {
 	if (System.getenv("STIRLING_PDF_DESKTOP_UI") != "false") {
 		implementation "me.friwi:jcefmaven:127.3.1"
 	    implementation "org.openjfx:javafx-controls:21"
 	    implementation "org.openjfx:javafx-swing:21"
    }
    //security updates
-    implementation "org.springframework:spring-webmvc:6.2.1"
+    implementation "org.springframework:spring-webmvc:6.2.0"
-    implementation("io.github.pixee:java-security-toolkit:1.2.1")
+    implementation("io.github.pixee:java-security-toolkit:1.2.0")
    // implementation "org.yaml:snakeyaml:2.2"
    implementation 'com.github.Carleslc.Simple-YAML:Simple-Yaml:1.8.4'
@@ -292,22 +140,21 @@ dependencies {
    if (System.getenv("DOCKER_ENABLE_SECURITY") != "false") {
        implementation "org.springframework.boot:spring-boot-starter-security:$springBootVersion"
-        implementation "org.thymeleaf.extras:thymeleaf-extras-springsecurity5:3.1.3.RELEASE"
+        implementation "org.thymeleaf.extras:thymeleaf-extras-springsecurity5:3.1.2.RELEASE"
        implementation "org.springframework.boot:spring-boot-starter-data-jpa:$springBootVersion"
        implementation "org.springframework.boot:spring-boot-starter-oauth2-client:$springBootVersion"
-		implementation "org.springframework.session:spring-session-core:$springBootVersion"
+		implementation 'org.springframework.security:spring-security-saml2-service-provider:6.4.1'
 	    implementation 'com.unboundid.product.scim2:scim2-sdk-client:2.3.5'
        // Don't upgrade h2database
        runtimeOnly "com.h2database:h2:2.3.232"
        constraints {
-            implementation "org.opensaml:opensaml-core:$openSamlVersion"
+            implementation "org.opensaml:opensaml-core"
-            implementation "org.opensaml:opensaml-saml-api:$openSamlVersion"
+            implementation "org.opensaml:opensaml-saml-api"
-            implementation "org.opensaml:opensaml-saml-impl:$openSamlVersion"
+            implementation "org.opensaml:opensaml-saml-impl"
        }
-        implementation "org.springframework.security:spring-security-saml2-service-provider:$springSecuritySamlVersion"
+        implementation "org.springframework.security:spring-security-saml2-service-provider"
-//		implementation 'org.springframework.security:spring-security-core:$springSecuritySamlVersion'
+
        implementation 'com.coveo:saml-client:5.0.0'
@@ -339,7 +186,7 @@ dependencies {
    // Image metadata extractor
    implementation "com.drewnoakes:metadata-extractor:2.19.0"
-    implementation "commons-io:commons-io:2.18.0"
+    implementation "commons-io:commons-io:2.17.0"
    implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.2.0"
    //general PDF
@@ -368,7 +215,7 @@ dependencies {
    implementation "org.bouncycastle:bcprov-jdk18on:$bouncycastleVersion"
    implementation "org.bouncycastle:bcpkix-jdk18on:$bouncycastleVersion"
    implementation "org.springframework.boot:spring-boot-starter-actuator:$springBootVersion"
-    implementation "io.micrometer:micrometer-core:1.14.2"
+    implementation "io.micrometer:micrometer-core:1.14.1"
    implementation group: "com.google.zxing", name: "core", version: "3.5.3"
    // https://mvnrepository.com/artifact/org.commonmark/commonmark
    implementation "org.commonmark:commonmark:0.24.0"
@@ -421,14 +268,7 @@ jar {
 tasks.named("test") {
    useJUnitPlatform()
 }
 task printVersion {
    doLast {
        println project.version
    }
 }
-task printMacVersion {
+task printVersion {
-    doLast {
+    println project.version
        println getMacVersion(project.version.toString())
    }
 }
--- a/cucumber/features/external.feature
+++ b/cucumber/features/external.feature
@@ -48,6 +48,24 @@ Feature: API Validation
 	And the response status code should be 200
  @ocr @negative
  Scenario: Process PDF with text and OCR with type normal 
    Given I generate a PDF file as "fileInput"
    And the pdf contains 3 pages with random text
    And the request data includes
      | parameter        | value       |
      | languages        | eng         |
      | sidecar          | false        |
      | deskew           | true        |
      | clean            | true        |
      | cleanFinal       | true        |
      | ocrType          | Normal      |
      | ocrRenderType    | hocr        |
      | removeImagesAfter| false       |
    When I send the API request to the endpoint "/api/v1/misc/ocr-pdf"
 	Then the response status code should be 500
  @ocr @positive
  Scenario: Process PDF with OCR
    Given I generate a PDF file as "fileInput"
@@ -65,6 +83,26 @@ Feature: API Validation
    Then the response content type should be "application/pdf"
    And the response file should have size greater than 0
 	And the response status code should be 200
  @ocr @positive
  Scenario: Process PDF with OCR with sidecar
    Given I generate a PDF file as "fileInput"
    And the request data includes
      | parameter        | value       |
      | languages        | eng         |
      | sidecar          | true        |
      | deskew           | true        |
      | clean            | true        |
      | cleanFinal       | true        |
      | ocrType          | Force      |
      | ocrRenderType    | hocr        |
      | removeImagesAfter| false       |
    When I send the API request to the endpoint "/api/v1/misc/ocr-pdf"
    Then the response content type should be "application/octet-stream"
 	And the response file should have extension ".zip"
 	And the response ZIP should contain 2 files
    And the response file should have size greater than 0
 	And the response status code should be 200
  @libre @positive
--- a/cucumber/features/steps/step_definitions.py
+++ b/cucumber/features/steps/step_definitions.py
@@ -15,10 +15,6 @@ import shutil
 import re
 from PIL import Image, ImageDraw
 API_HEADERS = {
    'X-API-KEY': '123456789'
 }
 #########
 # GIVEN #
 #########
@@ -231,7 +227,7 @@ def save_generated_pdf(context, filename):
 def step_send_get_request(context, endpoint):
    base_url = "http://localhost:8080"
    full_url = f"{base_url}{endpoint}"
-    response = requests.get(full_url, headers=API_HEADERS)
+    response = requests.get(full_url)
    context.response = response
@when('I send a GET request to "{endpoint}" with parameters')
@@ -239,7 +235,7 @@ def step_send_get_request_with_params(context, endpoint):
    base_url = "http://localhost:8080"
    params = {row['parameter']: row['value'] for row in context.table}
    full_url = f"{base_url}{endpoint}"
-    response = requests.get(full_url, params=params, headers=API_HEADERS)
+    response = requests.get(full_url, params=params)
    context.response = response
@when('I send the API request to the endpoint "{endpoint}"')
@@ -260,7 +256,7 @@ def step_send_api_request(context, endpoint):
        print(f"form_data {file.name} with {mime_type}")
        form_data.append((key, (file.name, file, mime_type)))
-    response = requests.post(url, files=form_data, headers=API_HEADERS)
+    response = requests.post(url, files=form_data)
    context.response = response
 ########
--- a/exampleYmlFiles/test_cicd.yml
+++ b/exampleYmlFiles/test_cicd.yml
@@ -1,34 +0,0 @@
 services:
  stirling-pdf:
    container_name: Stirling-PDF-Security-Fat
    image: stirlingtools/stirling-pdf:latest-fat
    deploy:
      resources:
        limits:
          memory: 4G
    healthcheck:
      test: ["CMD-SHELL", "curl -f -H 'X-API-KEY: 123456789' http://localhost:8080/api/v1/info/status | grep -q 'UP'"]
      interval: 5s
      timeout: 10s
      retries: 16
    ports:
      - 8080:8080
    volumes:
      - /stirling/latest/data:/usr/share/tessdata:rw
      - /stirling/latest/config:/configs:rw
      - /stirling/latest/logs:/logs:rw
    environment:
      DOCKER_ENABLE_SECURITY: "true"
      SECURITY_ENABLELOGIN: "true"
      PUID: 1002
      PGID: 1002
      UMASK: "022"
      SYSTEM_DEFAULTLOCALE: en-US
      UI_APPNAME: Stirling-PDF
      UI_HOMEDESCRIPTION: Demo site for Stirling-PDF Latest-fat with Security
      UI_APPNAMENAVBAR: Stirling-PDF Latest-fat
      SYSTEM_MAXFILESIZE: "100"
      METRICS_ENABLED: "true"
      SYSTEM_GOOGLEVISIBILITY: "true"
      SECURITY_CUSTOMGLOBALAPIKEY: "123456789"
    restart: on-failure:5
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.12-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
--- a/scripts/ignore_translation.toml
+++ b/scripts/ignore_translation.toml
@@ -42,19 +42,14 @@ ignore = [
    'addPageNumbers.selectText.3',
    'alphabet',
    'certSign.name',
    'fileChooser.dragAndDrop',
    'home.pipeline.title',
    'language.direction',
    'legal.impressum',
    'licenses.version',
    'pipeline.title',
    'pipelineOptions.pipelineHeader',
    'pro',
    'sponsor',
    'text',
    'validateSignature.cert.bits',
    'validateSignature.cert.version',
    'validateSignature.status',
    'watermark.type.1',
 ]
@@ -66,6 +61,7 @@ ignore = [
 [es_ES]
 ignore = [
    'adminUserSettings.roles',
    'color',
    'error',
    'language.direction',
    'no',
@@ -77,11 +73,6 @@ ignore = [
    'language.direction',
 ]
 [fa_IR]
 ignore = [
    'language.direction',
 ]
 [fr_FR]
 ignore = [
    'AddStampRequest.alphabet',
--- a/scripts/init.sh
+++ b/scripts/init.sh
@@ -16,10 +16,10 @@ fi
 # Check if TESSERACT_LANGS environment variable is set and is not empty
 if [[ -n "$TESSERACT_LANGS" ]]; then
  # Convert comma-separated values to a space-separated list
-  SPACE_SEPARATED_LANGS=$(echo $TESSERACT_LANGS | tr ',' ' ')
+  LANGS=$(echo $TESSERACT_LANGS | tr ',' ' ')
  pattern='^[a-zA-Z]{2,4}(_[a-zA-Z]{2,4})?$'
  # Install each language pack
-  for LANG in $SPACE_SEPARATED_LANGS; do
+  for LANG in $LANGS; do
     if [[ $LANG =~ $pattern ]]; then
      apk add --no-cache "tesseract-ocr-data-$LANG"
     else
--- a/src/main/java/stirling/software/SPDF/EE/EEAppConfig.java
+++ b/src/main/java/stirling/software/SPDF/EE/EEAppConfig.java
@@ -3,14 +3,13 @@ package stirling.software.SPDF.EE;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.core.Ordered;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.core.annotation.Order;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.ApplicationProperties;
@Configuration
-@Order(Ordered.HIGHEST_PRECEDENCE)
+@Lazy
@Slf4j
 public class EEAppConfig {
--- a/src/main/java/stirling/software/SPDF/EE/LicenseKeyChecker.java
+++ b/src/main/java/stirling/software/SPDF/EE/LicenseKeyChecker.java
@@ -25,10 +25,9 @@ public class LicenseKeyChecker {
            KeygenLicenseVerifier licenseService, ApplicationProperties applicationProperties) {
        this.licenseService = licenseService;
        this.applicationProperties = applicationProperties;
        this.checkLicense();
    }
-    @Scheduled(initialDelay = 604800000, fixedRate = 604800000) // 7 days in milliseconds
+    @Scheduled(fixedRate = 604800000, initialDelay = 1000) // 7 days in milliseconds
    public void checkLicensePeriodically() {
        checkLicense();
    }
--- a/src/main/java/stirling/software/SPDF/LibreOfficeListener.java
+++ b/src/main/java/stirling/software/SPDF/LibreOfficeListener.java
@@ -6,6 +6,9 @@ import java.net.Socket;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import io.github.pixee.security.SystemCommand;
 import lombok.extern.slf4j.Slf4j;
@@ -13,6 +16,7 @@ import lombok.extern.slf4j.Slf4j;
@Slf4j
 public class LibreOfficeListener {
    private static final Logger logger = LoggerFactory.getLogger(LibreOfficeListener.class);
    private static final long ACTIVITY_TIMEOUT = 20L * 60 * 1000; // 20 minutes
    private static final LibreOfficeListener INSTANCE = new LibreOfficeListener();
@@ -83,7 +87,7 @@ public class LibreOfficeListener {
                Thread.sleep(1000);
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
-                log.error("exception", e);
+                logger.error("exception", e);
            } // Check every 1 second
        }
    }
--- a/src/main/java/stirling/software/SPDF/SPdfApplication.java
+++ b/src/main/java/stirling/software/SPDF/SPdfApplication.java
@@ -1,6 +1,5 @@
 package stirling.software.SPDF;
 import java.awt.*;
 import java.io.IOException;
 import java.net.ServerSocket;
 import java.nio.file.Files;
@@ -9,10 +8,9 @@ import java.nio.file.Paths;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Properties;
 import javax.swing.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.SpringApplication;
@@ -23,17 +21,15 @@ import org.springframework.scheduling.annotation.EnableScheduling;
 import io.github.pixee.security.SystemCommand;
 import jakarta.annotation.PostConstruct;
 import jakarta.annotation.PreDestroy;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.UI.WebBrowser;
 import stirling.software.SPDF.config.ConfigInitializer;
 import stirling.software.SPDF.model.ApplicationProperties;
@SpringBootApplication
@EnableScheduling
@Slf4j
 public class SPdfApplication {
    private static final Logger logger = LoggerFactory.getLogger(SPdfApplication.class);
    @Autowired private Environment env;
    @Autowired ApplicationProperties applicationProperties;
@@ -71,19 +67,36 @@ public class SPdfApplication {
        }
    }
    @PostConstruct
    public void init() {
        baseUrlStatic = this.baseUrl;
        // Check if the BROWSER_OPEN environment variable is set to true
        String browserOpenEnv = env.getProperty("BROWSER_OPEN");
        boolean browserOpen = browserOpenEnv != null && "true".equalsIgnoreCase(browserOpenEnv);
        if (browserOpen) {
            try {
                String url = baseUrl + ":" + getStaticPort();
                String os = System.getProperty("os.name").toLowerCase();
                Runtime rt = Runtime.getRuntime();
                if (os.contains("win")) {
                    // For Windows
                    SystemCommand.runCommand(rt, "rundll32 url.dll,FileProtocolHandler " + url);
                } else if (os.contains("mac")) {
                    SystemCommand.runCommand(rt, "open " + url);
                } else if (os.contains("nix") || os.contains("nux")) {
                    SystemCommand.runCommand(rt, "xdg-open " + url);
                }
            } catch (Exception e) {
                logger.error("Error opening browser: {}", e.getMessage());
            }
        }
        logger.info("Running configs {}", applicationProperties.toString());
    }
    public static void main(String[] args) throws IOException, InterruptedException {
        SpringApplication app = new SpringApplication(SPdfApplication.class);
        Properties props = new Properties();
        if (Boolean.parseBoolean(System.getProperty("STIRLING_PDF_DESKTOP_UI", "false"))) {
            System.setProperty("java.awt.headless", "false");
            app.setHeadless(false);
            props.put("java.awt.headless", "false");
            props.put("spring.main.web-application-type", "servlet");
        }
        app.setAdditionalProfiles("default");
        app.addInitializers(new ConfigInitializer());
        Map<String, String> propertyFiles = new HashMap<>();
@@ -92,7 +105,7 @@ public class SPdfApplication {
        if (Files.exists(Paths.get("configs/settings.yml"))) {
            propertyFiles.put("spring.config.additional-location", "file:configs/settings.yml");
        } else {
-            log.warn("External configuration file 'configs/settings.yml' does not exist.");
+            logger.warn("External configuration file 'configs/settings.yml' does not exist.");
        }
        if (Files.exists(Paths.get("configs/custom_settings.yml"))) {
@@ -105,22 +118,16 @@ public class SPdfApplication {
                    "spring.config.additional-location",
                    existingLocation + "file:configs/custom_settings.yml");
        } else {
-            log.warn("Custom configuration file 'configs/custom_settings.yml' does not exist.");
+            logger.warn("Custom configuration file 'configs/custom_settings.yml' does not exist.");
        }
        Properties finalProps = new Properties();
        if (!propertyFiles.isEmpty()) {
-            finalProps.putAll(
+            app.setDefaultProperties(
                    Collections.singletonMap(
                            "spring.config.additional-location",
                            propertyFiles.get("spring.config.additional-location")));
        }
        if (!props.isEmpty()) {
            finalProps.putAll(props);
        }
        app.setDefaultProperties(finalProps);
        app.run(args);
        // Ensure directories are created
@@ -128,56 +135,16 @@ public class SPdfApplication {
            Files.createDirectories(Path.of("customFiles/static/"));
            Files.createDirectories(Path.of("customFiles/templates/"));
        } catch (Exception e) {
-            log.error("Error creating directories: {}", e.getMessage());
+            logger.error("Error creating directories: {}", e.getMessage());
        }
        printStartupLogs();
    }
    private static void printStartupLogs() {
-        log.info("Stirling-PDF Started.");
+        logger.info("Stirling-PDF Started.");
        String url = baseUrlStatic + ":" + getStaticPort();
-        log.info("Navigate to {}", url);
+        logger.info("Navigate to {}", url);
    }
    @Autowired(required = false)
    private WebBrowser webBrowser;
    @PostConstruct
    public void init() {
        baseUrlStatic = this.baseUrl;
        String url = baseUrl + ":" + getStaticPort();
        if (webBrowser != null
                && Boolean.parseBoolean(System.getProperty("STIRLING_PDF_DESKTOP_UI", "false"))) {
            webBrowser.initWebUI(url);
        } else {
            String browserOpenEnv = env.getProperty("BROWSER_OPEN");
            boolean browserOpen = browserOpenEnv != null && "true".equalsIgnoreCase(browserOpenEnv);
            if (browserOpen) {
                try {
                    String os = System.getProperty("os.name").toLowerCase();
                    Runtime rt = Runtime.getRuntime();
                    if (os.contains("win")) {
                        // For Windows
                        SystemCommand.runCommand(rt, "rundll32 url.dll,FileProtocolHandler " + url);
                    } else if (os.contains("mac")) {
                        SystemCommand.runCommand(rt, "open " + url);
                    } else if (os.contains("nix") || os.contains("nux")) {
                        SystemCommand.runCommand(rt, "xdg-open " + url);
                    }
                } catch (Exception e) {
                    log.error("Error opening browser: {}", e.getMessage());
                }
            }
        }
        log.info("Running configs {}", applicationProperties.toString());
    }
    @PreDestroy
    public void cleanup() {
        if (webBrowser != null) {
            webBrowser.cleanup();
        }
    }
    public static String getStaticBaseUrl() {
--- a/src/main/java/stirling/software/SPDF/UI/WebBrowser.java
+++ b/src/main/java/stirling/software/SPDF/UI/WebBrowser.java
@@ -1,7 +0,0 @@
 package stirling.software.SPDF.UI;
 public interface WebBrowser {
    void initWebUI(String url);
    void cleanup();
 }
--- a/src/main/java/stirling/software/SPDF/UI/impl/DesktopBrowser.java
+++ b/src/main/java/stirling/software/SPDF/UI/impl/DesktopBrowser.java
@@ -1,354 +0,0 @@
 package stirling.software.SPDF.UI.impl;
 import java.awt.AWTException;
 import java.awt.BorderLayout;
 import java.awt.Frame;
 import java.awt.Image;
 import java.awt.MenuItem;
 import java.awt.PopupMenu;
 import java.awt.SystemTray;
 import java.awt.TrayIcon;
 import java.awt.event.WindowEvent;
 import java.awt.event.WindowStateListener;
 import java.io.File;
 import java.io.InputStream;
 import java.util.Objects;
 import java.util.concurrent.CompletableFuture;
 import javax.imageio.ImageIO;
 import javax.swing.JFrame;
 import javax.swing.JPanel;
 import javax.swing.SwingUtilities;
 import javax.swing.Timer;
 import org.cef.CefApp;
 import org.cef.CefClient;
 import org.cef.CefSettings;
 import org.cef.browser.CefBrowser;
 import org.cef.callback.CefBeforeDownloadCallback;
 import org.cef.callback.CefDownloadItem;
 import org.cef.callback.CefDownloadItemCallback;
 import org.cef.handler.CefDownloadHandlerAdapter;
 import org.cef.handler.CefLoadHandlerAdapter;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.stereotype.Component;
 import jakarta.annotation.PreDestroy;
 import lombok.extern.slf4j.Slf4j;
 import me.friwi.jcefmaven.CefAppBuilder;
 import me.friwi.jcefmaven.EnumProgress;
 import me.friwi.jcefmaven.MavenCefAppHandlerAdapter;
 import me.friwi.jcefmaven.impl.progress.ConsoleProgressHandler;
 import stirling.software.SPDF.UI.WebBrowser;
@Component
@Slf4j
@ConditionalOnProperty(
        name = "STIRLING_PDF_DESKTOP_UI",
        havingValue = "true",
        matchIfMissing = false)
 public class DesktopBrowser implements WebBrowser {
    private static CefApp cefApp;
    private static CefClient client;
    private static CefBrowser browser;
    private static JFrame frame;
    private static LoadingWindow loadingWindow;
    private static volatile boolean browserInitialized = false;
    private static TrayIcon trayIcon;
    private static SystemTray systemTray;
    public DesktopBrowser() {
        SwingUtilities.invokeLater(
                () -> {
                    loadingWindow = new LoadingWindow(null, "Initializing...");
                    loadingWindow.setVisible(true);
                });
    }
    public void initWebUI(String url) {
        CompletableFuture.runAsync(
                () -> {
                    try {
                        CefAppBuilder builder = new CefAppBuilder();
                        configureCefSettings(builder);
                        builder.setProgressHandler(createProgressHandler());
                        // Build and initialize CEF
                        cefApp = builder.build();
                        client = cefApp.createClient();
                        // Set up download handler
                        setupDownloadHandler();
                        // Create browser and frame on EDT
                        SwingUtilities.invokeAndWait(
                                () -> {
                                    browser = client.createBrowser(url, false, false);
                                    setupMainFrame();
                                    setupLoadHandler();
                                    // Show the frame immediately but transparent
                                    frame.setVisible(true);
                                });
                    } catch (Exception e) {
                        log.error("Error initializing JCEF browser: ", e);
                        cleanup();
                    }
                });
    }
    private void configureCefSettings(CefAppBuilder builder) {
        CefSettings settings = builder.getCefSettings();
        settings.cache_path = new File("jcef-bundle").getAbsolutePath();
        settings.root_cache_path = new File("jcef-bundle").getAbsolutePath();
        settings.persist_session_cookies = true;
        settings.windowless_rendering_enabled = false;
        settings.log_severity = CefSettings.LogSeverity.LOGSEVERITY_INFO;
        builder.setAppHandler(
                new MavenCefAppHandlerAdapter() {
                    @Override
                    public void stateHasChanged(org.cef.CefApp.CefAppState state) {
                        log.info("CEF state changed: " + state);
                        if (state == CefApp.CefAppState.TERMINATED) {
                            System.exit(0);
                        }
                    }
                });
    }
    private void setupDownloadHandler() {
        client.addDownloadHandler(
                new CefDownloadHandlerAdapter() {
                    @Override
                    public boolean onBeforeDownload(
                            CefBrowser browser,
                            CefDownloadItem downloadItem,
                            String suggestedName,
                            CefBeforeDownloadCallback callback) {
                        callback.Continue("", true);
                        return true;
                    }
                    @Override
                    public void onDownloadUpdated(
                            CefBrowser browser,
                            CefDownloadItem downloadItem,
                            CefDownloadItemCallback callback) {
                        if (downloadItem.isComplete()) {
                            log.info("Download completed: " + downloadItem.getFullPath());
                        } else if (downloadItem.isCanceled()) {
                            log.info("Download canceled: " + downloadItem.getFullPath());
                        }
                    }
                });
    }
    private ConsoleProgressHandler createProgressHandler() {
        return new ConsoleProgressHandler() {
            @Override
            public void handleProgress(EnumProgress state, float percent) {
                Objects.requireNonNull(state, "state cannot be null");
                SwingUtilities.invokeLater(
                        () -> {
                            if (loadingWindow != null) {
                                switch (state) {
                                    case LOCATING:
                                        loadingWindow.setStatus("Locating Files...");
                                        loadingWindow.setProgress(0);
                                        break;
                                    case DOWNLOADING:
                                        if (percent >= 0) {
                                            loadingWindow.setStatus(
                                                    String.format(
                                                            "Downloading additional files: %.0f%%",
                                                            percent));
                                            loadingWindow.setProgress((int) percent);
                                        }
                                        break;
                                    case EXTRACTING:
                                        loadingWindow.setStatus("Extracting files...");
                                        loadingWindow.setProgress(60);
                                        break;
                                    case INITIALIZING:
                                        loadingWindow.setStatus("Initializing UI...");
                                        loadingWindow.setProgress(80);
                                        break;
                                    case INITIALIZED:
                                        loadingWindow.setStatus("Finalising startup...");
                                        loadingWindow.setProgress(90);
                                        break;
                                }
                            }
                        });
            }
        };
    }
    private void setupMainFrame() {
        frame = new JFrame("Stirling-PDF");
        frame.setDefaultCloseOperation(JFrame.DO_NOTHING_ON_CLOSE);
        frame.setUndecorated(true);
        frame.setOpacity(0.0f);
        JPanel contentPane = new JPanel(new BorderLayout());
        contentPane.setDoubleBuffered(true);
        contentPane.add(browser.getUIComponent(), BorderLayout.CENTER);
        frame.setContentPane(contentPane);
        frame.addWindowListener(
                new java.awt.event.WindowAdapter() {
                    @Override
                    public void windowClosing(java.awt.event.WindowEvent windowEvent) {
                        cleanup();
                        System.exit(0);
                    }
                });
        frame.setSize(1280, 768);
        frame.setLocationRelativeTo(null);
        loadIcon();
    }
    private void setupLoadHandler() {
        client.addLoadHandler(
                new CefLoadHandlerAdapter() {
                    @Override
                    public void onLoadingStateChange(
                            CefBrowser browser,
                            boolean isLoading,
                            boolean canGoBack,
                            boolean canGoForward) {
                        if (!isLoading && !browserInitialized) {
                            browserInitialized = true;
                            SwingUtilities.invokeLater(
                                    () -> {
                                        if (loadingWindow != null) {
                                            Timer timer =
                                                    new Timer(
                                                            500,
                                                            e -> {
                                                                loadingWindow.dispose();
                                                                loadingWindow = null;
                                                                frame.dispose();
                                                                frame.setOpacity(1.0f);
                                                                frame.setUndecorated(false);
                                                                frame.pack();
                                                                frame.setSize(1280, 800);
                                                                frame.setLocationRelativeTo(null);
                                                                frame.setVisible(true);
                                                                frame.requestFocus();
                                                                frame.toFront();
                                                                browser.getUIComponent()
                                                                        .requestFocus();
                                                            });
                                            timer.setRepeats(false);
                                            timer.start();
                                        }
                                    });
                        }
                    }
                });
    }
    private void setupTrayIcon(Image icon) {
        if (!SystemTray.isSupported()) {
            log.warn("System tray is not supported");
            return;
        }
        try {
            systemTray = SystemTray.getSystemTray();
            // Create popup menu
            PopupMenu popup = new PopupMenu();
            // Create menu items
            MenuItem showItem = new MenuItem("Show");
            showItem.addActionListener(
                    e -> {
                        frame.setVisible(true);
                        frame.setState(Frame.NORMAL);
                    });
            MenuItem exitItem = new MenuItem("Exit");
            exitItem.addActionListener(
                    e -> {
                        cleanup();
                        System.exit(0);
                    });
            // Add menu items to popup menu
            popup.add(showItem);
            popup.addSeparator();
            popup.add(exitItem);
            // Create tray icon
            trayIcon = new TrayIcon(icon, "Stirling-PDF", popup);
            trayIcon.setImageAutoSize(true);
            // Add double-click behavior
            trayIcon.addActionListener(
                    e -> {
                        frame.setVisible(true);
                        frame.setState(Frame.NORMAL);
                    });
            // Add tray icon to system tray
            systemTray.add(trayIcon);
            // Modify frame behavior to minimize to tray
            frame.addWindowStateListener(
                    new WindowStateListener() {
                        public void windowStateChanged(WindowEvent e) {
                            if (e.getNewState() == Frame.ICONIFIED) {
                                frame.setVisible(false);
                            }
                        }
                    });
        } catch (AWTException e) {
            log.error("Error setting up system tray icon", e);
        }
    }
    private void loadIcon() {
        try {
            Image icon = null;
            String[] iconPaths = {"/static/favicon.ico"};
            for (String path : iconPaths) {
                if (icon != null) break;
                try {
                    try (InputStream is = getClass().getResourceAsStream(path)) {
                        if (is != null) {
                            icon = ImageIO.read(is);
                            break;
                        }
                    }
                } catch (Exception e) {
                    log.debug("Could not load icon from " + path, e);
                }
            }
            if (icon != null) {
                frame.setIconImage(icon);
                setupTrayIcon(icon);
            } else {
                log.warn("Could not load icon from any source");
            }
        } catch (Exception e) {
            log.error("Error loading icon", e);
        }
    }
    @PreDestroy
    public void cleanup() {
        if (browser != null) browser.close(true);
        if (client != null) client.dispose();
        if (cefApp != null) cefApp.dispose();
        if (loadingWindow != null) loadingWindow.dispose();
    }
 }
--- a/src/main/java/stirling/software/SPDF/UI/impl/LoadingWindow.java
+++ b/src/main/java/stirling/software/SPDF/UI/impl/LoadingWindow.java
@@ -1,114 +0,0 @@
 package stirling.software.SPDF.UI.impl;
 import java.awt.*;
 import java.io.InputStream;
 import javax.imageio.ImageIO;
 import javax.swing.*;
 import lombok.extern.slf4j.Slf4j;
@Slf4j
 public class LoadingWindow extends JDialog {
    private final JProgressBar progressBar;
    private final JLabel statusLabel;
    private final JPanel mainPanel;
    private final JLabel brandLabel;
    public LoadingWindow(Frame parent, String initialUrl) {
        super(parent, "Initializing Stirling-PDF", true);
        // Initialize components
        mainPanel = new JPanel();
        mainPanel.setBackground(Color.WHITE);
        mainPanel.setBorder(BorderFactory.createEmptyBorder(20, 30, 20, 30));
        mainPanel.setLayout(new GridBagLayout());
        GridBagConstraints gbc = new GridBagConstraints();
        // Configure GridBagConstraints
        gbc.gridwidth = GridBagConstraints.REMAINDER;
        gbc.fill = GridBagConstraints.HORIZONTAL;
        gbc.insets = new Insets(5, 5, 5, 5);
        gbc.weightx = 1.0; // Add horizontal weight
        gbc.weighty = 0.0; // Add vertical weight
        // Add icon
        try {
            try (InputStream is = getClass().getResourceAsStream("/static/favicon.ico")) {
                if (is != null) {
                    Image img = ImageIO.read(is);
                    if (img != null) {
                        Image scaledImg = img.getScaledInstance(48, 48, Image.SCALE_SMOOTH);
                        JLabel iconLabel = new JLabel(new ImageIcon(scaledImg));
                        iconLabel.setHorizontalAlignment(SwingConstants.CENTER);
                        gbc.gridy = 0;
                        mainPanel.add(iconLabel, gbc);
                    }
                }
            }
        } catch (Exception e) {
            log.error("Failed to load icon", e);
        }
        // URL Label with explicit size
        brandLabel = new JLabel(initialUrl);
        brandLabel.setHorizontalAlignment(SwingConstants.CENTER);
        brandLabel.setPreferredSize(new Dimension(300, 25));
        brandLabel.setText("Stirling-PDF");
        gbc.gridy = 1;
        mainPanel.add(brandLabel, gbc);
        // Status label with explicit size
        statusLabel = new JLabel("Initializing...");
        statusLabel.setHorizontalAlignment(SwingConstants.CENTER);
        statusLabel.setPreferredSize(new Dimension(300, 25));
        gbc.gridy = 2;
        mainPanel.add(statusLabel, gbc);
        // Progress bar with explicit size
        progressBar = new JProgressBar(0, 100);
        progressBar.setStringPainted(true);
        progressBar.setPreferredSize(new Dimension(300, 25));
        gbc.gridy = 3;
        mainPanel.add(progressBar, gbc);
        // Set dialog properties
        setContentPane(mainPanel);
        setDefaultCloseOperation(JDialog.DO_NOTHING_ON_CLOSE);
        setResizable(false);
        setUndecorated(false);
        // Set size and position
        setSize(400, 200);
        setLocationRelativeTo(parent);
        setAlwaysOnTop(true);
        setProgress(0);
        setStatus("Starting...");
    }
    public void setProgress(final int progress) {
        SwingUtilities.invokeLater(
                () -> {
                    try {
                        progressBar.setValue(Math.min(Math.max(progress, 0), 100));
                        progressBar.setString(progress + "%");
                        mainPanel.revalidate();
                        mainPanel.repaint();
                    } catch (Exception e) {
                        log.error("Error updating progress", e);
                    }
                });
    }
    public void setStatus(final String status) {
        log.info(status);
        SwingUtilities.invokeLater(
                () -> {
                    try {
                        statusLabel.setText(status != null ? status : "");
                        mainPanel.revalidate();
                        mainPanel.repaint();
                    } catch (Exception e) {
                        log.error("Error updating status", e);
                    }
                });
    }
 }
--- a/src/main/java/stirling/software/SPDF/config/AppConfig.java
+++ b/src/main/java/stirling/software/SPDF/config/AppConfig.java
@@ -7,6 +7,8 @@ import java.nio.file.Paths;
 import java.util.Properties;
 import java.util.function.Predicate;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -19,14 +21,14 @@ import org.springframework.core.io.Resource;
 import org.springframework.core.io.ResourceLoader;
 import org.thymeleaf.spring6.SpringTemplateEngine;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.ApplicationProperties;
@Configuration
@Lazy
@Slf4j
 public class AppConfig {
    private static final Logger logger = LoggerFactory.getLogger(AppConfig.class);
    @Autowired ApplicationProperties applicationProperties;
    @Bean
@@ -59,7 +61,7 @@ public class AppConfig {
            props.load(resource.getInputStream());
            return props.getProperty("version");
        } catch (IOException e) {
-            log.error("exception", e);
+            logger.error("exception", e);
        }
        return "0.0.0";
    }
@@ -99,27 +101,6 @@ public class AppConfig {
        return Files.exists(Paths.get("/.dockerenv"));
    }
    @Bean(name = "configDirMounted")
    public boolean isRunningInDockerWithConfig() {
        Path dockerEnv = Paths.get("/.dockerenv");
        // default to true if not docker
        if (!Files.exists(dockerEnv)) {
            return true;
        }
        Path mountInfo = Paths.get("/proc/1/mountinfo");
        // this should always exist, if not some unknown usecase
        if (!Files.exists(mountInfo)) {
            return true;
        }
        try {
            return Files.lines(mountInfo).anyMatch(line -> line.contains(" /configs "));
        } catch (IOException e) {
            return false;
        }
    }
    @Bean(name = "bookAndHtmlFormatsInstalled")
    public boolean bookAndHtmlFormatsInstalled() {
        String installOps = System.getProperty("INSTALL_BOOK_AND_ADVANCED_HTML_OPS");
--- a/src/main/java/stirling/software/SPDF/config/ConfigInitializer.java
+++ b/src/main/java/stirling/software/SPDF/config/ConfigInitializer.java
@@ -16,15 +16,16 @@ import org.simpleyaml.configuration.comments.CommentType;
 import org.simpleyaml.configuration.file.YamlFile;
 import org.simpleyaml.configuration.implementation.SimpleYamlImplementation;
 import org.simpleyaml.configuration.implementation.snakeyaml.lib.DumperOptions;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.context.ApplicationContextInitializer;
 import org.springframework.context.ConfigurableApplicationContext;
 import lombok.extern.slf4j.Slf4j;
@Slf4j
 public class ConfigInitializer
        implements ApplicationContextInitializer<ConfigurableApplicationContext> {
    private static final Logger logger = LoggerFactory.getLogger(ConfigInitializer.class);
    @Override
    public void initialize(ConfigurableApplicationContext applicationContext) {
        try {
@@ -148,7 +149,7 @@ public class ConfigInitializer
                    .commentSide(settingsTemplateFile.getComment(path, CommentType.SIDE));
        } else {
            // Log if the key is not found in both YAML files
-            log.info("Key not found in both YAML files: " + path);
+            logger.info("Key not found in both YAML files: " + path);
        }
    }
 }
--- a/src/main/java/stirling/software/SPDF/config/EndpointConfiguration.java
+++ b/src/main/java/stirling/software/SPDF/config/EndpointConfiguration.java
@@ -7,19 +7,19 @@ import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.stream.Collectors;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.DependsOn;
 import org.springframework.stereotype.Service;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.ApplicationProperties;
@Service
@Slf4j
@DependsOn({"bookAndHtmlFormatsInstalled"})
 public class EndpointConfiguration {
-
+    private static final Logger logger = LoggerFactory.getLogger(EndpointConfiguration.class);
    private Map<String, Boolean> endpointStatuses = new ConcurrentHashMap<>();
    private Map<String, Set<String>> endpointGroups = new ConcurrentHashMap<>();
@@ -43,7 +43,7 @@ public class EndpointConfiguration {
    public void disableEndpoint(String endpoint) {
        if (!endpointStatuses.containsKey(endpoint) || endpointStatuses.get(endpoint) != false) {
-            log.debug("Disabling {}", endpoint);
+            logger.debug("Disabling {}", endpoint);
            endpointStatuses.put(endpoint, false);
        }
    }
@@ -87,7 +87,7 @@ public class EndpointConfiguration {
                        .collect(Collectors.toList());
        if (!disabledList.isEmpty()) {
-            log.info(
+            logger.info(
                    "Total disabled endpoints: {}. Disabled endpoints: {}",
                    disabledList.size(),
                    String.join(", ", disabledList));
@@ -260,9 +260,6 @@ public class EndpointConfiguration {
        // Pdftohtml dependent endpoints
        addEndpointToGroup("Pdftohtml", "pdf-to-html");
        // disabled for now while we resolve issues
        disableEndpoint("pdf-to-pdfa");
    }
    private void processEnvironmentConfigs() {
--- a/src/main/java/stirling/software/SPDF/config/ExternalAppDepConfig.java
+++ b/src/main/java/stirling/software/SPDF/config/ExternalAppDepConfig.java
@@ -43,6 +43,7 @@ public class ExternalAppDepConfig {
                    put("unoconv", List.of("Unoconv"));
                    put("qpdf", List.of("qpdf"));
                    put("tesseract", List.of("tesseract"));
                }
            };
@@ -97,7 +98,7 @@ public class ExternalAppDepConfig {
    public void checkDependencies() {
        // Check core dependencies
-        checkDependencyAndDisableGroup("tesseract");
+    	checkDependencyAndDisableGroup("tesseract");
        checkDependencyAndDisableGroup("soffice");
        checkDependencyAndDisableGroup("qpdf");
        checkDependencyAndDisableGroup("weasyprint");
--- a/src/main/java/stirling/software/SPDF/config/InitialSetup.java
+++ b/src/main/java/stirling/software/SPDF/config/InitialSetup.java
@@ -1,14 +1,11 @@
 package stirling.software.SPDF.config;
 import java.io.IOException;
 import java.util.Properties;
 import java.util.UUID;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
 import org.springframework.stereotype.Component;
 import io.micrometer.common.util.StringUtils;
@@ -26,18 +23,6 @@ public class InitialSetup {
    @Autowired private ApplicationProperties applicationProperties;
    @PostConstruct
    public void init() throws IOException {
        initUUIDKey();
        initSecretKey();
        initEnableCSRFSecurity();
        initLegalUrls();
        initSetAppVersion();
    }
    public void initUUIDKey() throws IOException {
        String uuid = applicationProperties.getAutomaticallyGenerated().getUUID();
        if (!GeneralUtils.isValidUUID(uuid)) {
@@ -47,6 +32,7 @@ public class InitialSetup {
        }
    }
    @PostConstruct
    public void initSecretKey() throws IOException {
        String secretKey = applicationProperties.getAutomaticallyGenerated().getKey();
        if (!GeneralUtils.isValidUUID(secretKey)) {
@@ -56,24 +42,13 @@ public class InitialSetup {
        }
    }
-    public void initEnableCSRFSecurity() throws IOException {
+    @PostConstruct
        if (GeneralUtils.isVersionHigher(
                "0.36.0", applicationProperties.getAutomaticallyGenerated().getAppVersion())) {
            Boolean csrf = applicationProperties.getSecurity().getCsrfDisabled();
            if (!csrf) {
                GeneralUtils.saveKeyToConfig("security.csrfDisabled", false, false);
                GeneralUtils.saveKeyToConfig("system.enableAnalytics", "true", false);
                applicationProperties.getSecurity().setCsrfDisabled(false);
            }
        }
    }
    public void initLegalUrls() throws IOException {
        // Initialize Terms and Conditions
        String termsUrl = applicationProperties.getLegal().getTermsAndConditions();
        if (StringUtils.isEmpty(termsUrl)) {
            String defaultTermsUrl = "https://www.stirlingpdf.com/terms-and-conditions";
-            GeneralUtils.saveKeyToConfig("legal.termsAndConditions", defaultTermsUrl, false);
+            GeneralUtils.saveKeyToConfig("legal.termsAndConditions", defaultTermsUrl);
            applicationProperties.getLegal().setTermsAndConditions(defaultTermsUrl);
        }
@@ -81,23 +56,8 @@ public class InitialSetup {
        String privacyUrl = applicationProperties.getLegal().getPrivacyPolicy();
        if (StringUtils.isEmpty(privacyUrl)) {
            String defaultPrivacyUrl = "https://www.stirlingpdf.com/privacy-policy";
-            GeneralUtils.saveKeyToConfig("legal.privacyPolicy", defaultPrivacyUrl, false);
+            GeneralUtils.saveKeyToConfig("legal.privacyPolicy", defaultPrivacyUrl);
            applicationProperties.getLegal().setPrivacyPolicy(defaultPrivacyUrl);
        }
    }
    public void initSetAppVersion() throws IOException {
        String appVersion = "0.0.0";
        Resource resource = new ClassPathResource("version.properties");
        Properties props = new Properties();
        try {
            props.load(resource.getInputStream());
            appVersion = props.getProperty("version");
        } catch (Exception e) {
        }
        applicationProperties.getAutomaticallyGenerated().setAppVersion(appVersion);
        GeneralUtils.saveKeyToConfig("AutomaticallyGenerated.appVersion", appVersion, false);
    }
 }
--- a/src/main/java/stirling/software/SPDF/config/interfaces/DatabaseBackupInterface.java
+++ b/src/main/java/stirling/software/SPDF/config/interfaces/DatabaseBackupInterface.java
@@ -6,7 +6,6 @@ import java.util.List;
 import stirling.software.SPDF.utils.FileInfo;
 public interface DatabaseBackupInterface {
    void exportDatabase() throws IOException;
    boolean importDatabase();
--- a/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java
+++ b/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java
@@ -30,7 +30,6 @@ public class InitialSecuritySetup {
            initializeAdminUser();
        } else {
            databaseBackupHelper.exportDatabase();
            userService.migrateOauth2ToSSO();
        }
        initializeInternalApiUser();
    }
@@ -75,6 +74,5 @@ public class InitialSecuritySetup {
            userService.addApiKeyToUser(Role.INTERNAL_API_USER.getRoleId());
            log.info("Internal API user created: " + Role.INTERNAL_API_USER.getRoleId());
        }
        userService.syncCustomApiUser(applicationProperties.getSecurity().getCustomGlobalAPIKey());
    }
 }
--- a/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
+++ b/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
@@ -3,16 +3,14 @@ package stirling.software.SPDF.config.security;
 import java.security.cert.X509Certificate;
 import java.util.*;
 import org.opensaml.saml.saml2.core.AuthnRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.DependsOn;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.core.io.Resource;
-import org.springframework.security.authentication.ProviderManager;
+import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -34,8 +32,7 @@ import org.springframework.security.saml2.provider.service.authentication.OpenSa
 import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
-import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
+import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter;
 import org.springframework.security.saml2.provider.service.web.authentication.OpenSaml4AuthenticationRequestResolver;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
@@ -44,7 +41,6 @@ import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;
 import org.springframework.security.web.savedrequest.NullRequestCache;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.config.security.oauth2.CustomOAuth2AuthenticationFailureHandler;
 import stirling.software.SPDF.config.security.oauth2.CustomOAuth2AuthenticationSuccessHandler;
@@ -68,7 +64,6 @@ import stirling.software.SPDF.repository.JPATokenRepositoryImpl;
@EnableWebSecurity
@EnableMethodSecurity
@Slf4j
@DependsOn("runningEE")
 public class SecurityConfiguration {
    @Autowired private CustomUserDetailsService userDetailsService;
@@ -84,10 +79,6 @@ public class SecurityConfiguration {
    @Qualifier("loginEnabled")
    public boolean loginEnabledValue;
    @Autowired
    @Qualifier("runningEE")
    public boolean runningEE;
    @Autowired ApplicationProperties applicationProperties;
    @Autowired private UserAuthenticationFilter userAuthenticationFilter;
@@ -99,14 +90,13 @@ public class SecurityConfiguration {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        if (applicationProperties.getSecurity().getCsrfDisabled() || !loginEnabledValue) {
            http.csrf(csrf -> csrf.disable());
        }
        if (loginEnabledValue) {
            http.addFilterBefore(
                    userAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
-            if (!applicationProperties.getSecurity().getCsrfDisabled()) {
+            if (applicationProperties.getSecurity().getCsrfDisabled()) {
                http.csrf(csrf -> csrf.disable());
            } else {
                CookieCsrfTokenRepository cookieRepo =
                        CookieCsrfTokenRepository.withHttpOnlyFalse();
                CsrfTokenRequestAttributeHandler requestHandler =
@@ -116,7 +106,7 @@ public class SecurityConfiguration {
                        csrf ->
                                csrf.ignoringRequestMatchers(
                                                request -> {
-                                                    String apiKey = request.getHeader("X-API-KEY");
+                                                    String apiKey = request.getHeader("X-API-Key");
                                                    // If there's no API key, don't ignore CSRF
                                                    // (return false)
@@ -255,22 +245,12 @@ public class SecurityConfiguration {
            }
            // Handle SAML
-            if (applicationProperties.getSecurity().isSaml2Activ()) { // && runningEE
+            if (applicationProperties.getSecurity().isSaml2Activ()
-                // Configure the authentication provider
+                    && applicationProperties.getSystem().getEnableAlphaFunctionality()) {
-                OpenSaml4AuthenticationProvider authenticationProvider =
+                http.authenticationProvider(samlAuthenticationProvider());
-                        new OpenSaml4AuthenticationProvider();
+                http.saml2Login(
-                authenticationProvider.setResponseAuthenticationConverter(
+                                saml2 ->
                        new CustomSaml2ResponseAuthenticationConverter(userService));
                http.authenticationProvider(authenticationProvider)
                        .saml2Login(
                                saml2 -> {
                                    try {
                                        saml2.loginPage("/saml2")
                                                .relyingPartyRegistrationRepository(
                                                        relyingPartyRegistrations())
                                                .authenticationManager(
                                                        new ProviderManager(authenticationProvider))
                                                .successHandler(
                                                        new CustomSaml2AuthenticationSuccessHandler(
                                                                loginAttemptService,
@@ -278,34 +258,44 @@ public class SecurityConfiguration {
                                                                userService))
                                                .failureHandler(
                                                        new CustomSaml2AuthenticationFailureHandler())
-                                                .authenticationRequestResolver(
+                                                .permitAll())
-                                                        authenticationRequestResolver(
+                        .addFilterBefore(
-                                                                relyingPartyRegistrations()));
+                                userAuthenticationFilter, Saml2WebSsoAuthenticationFilter.class);
                                    } catch (Exception e) {
                                        log.error("Error configuring SAML2 login", e);
                                        throw new RuntimeException(e);
                                    }
                                });
            }
        } else {
-            //            if (!applicationProperties.getSecurity().getCsrfDisabled()) {
+            if (applicationProperties.getSecurity().getCsrfDisabled()) {
-            //                CookieCsrfTokenRepository cookieRepo =
+                http.csrf(csrf -> csrf.disable());
-            //                        CookieCsrfTokenRepository.withHttpOnlyFalse();
+            } else {
-            //                CsrfTokenRequestAttributeHandler requestHandler =
+                CookieCsrfTokenRepository cookieRepo =
-            //                        new CsrfTokenRequestAttributeHandler();
+                        CookieCsrfTokenRepository.withHttpOnlyFalse();
-            //                requestHandler.setCsrfRequestAttributeName(null);
+                CsrfTokenRequestAttributeHandler requestHandler =
-            //                http.csrf(
+                        new CsrfTokenRequestAttributeHandler();
-            //                        csrf ->
+                requestHandler.setCsrfRequestAttributeName(null);
-            //                                csrf.csrfTokenRepository(cookieRepo)
+                http.csrf(
-            //                                        .csrfTokenRequestHandler(requestHandler));
+                        csrf ->
-            //            }
+                                csrf.csrfTokenRepository(cookieRepo)
                                        .csrfTokenRequestHandler(requestHandler));
            }
            http.authorizeHttpRequests(authz -> authz.anyRequest().permitAll());
        }
        return http.build();
    }
    @Bean
    @ConditionalOnProperty(
            name = "security.saml2.enabled",
            havingValue = "true",
            matchIfMissing = false)
    public AuthenticationProvider samlAuthenticationProvider() {
        OpenSaml4AuthenticationProvider authenticationProvider =
                new OpenSaml4AuthenticationProvider();
        authenticationProvider.setResponseAuthenticationConverter(
                new CustomSaml2ResponseAuthenticationConverter(userService));
        return authenticationProvider;
    }
    // Client Registration Repository for OAUTH2 OIDC Login
    @Bean
    @ConditionalOnProperty(
            value = "security.oauth2.enabled",
@@ -442,12 +432,11 @@ public class SecurityConfiguration {
            havingValue = "true",
            matchIfMissing = false)
    public RelyingPartyRegistrationRepository relyingPartyRegistrations() throws Exception {
        SAML2 samlConf = applicationProperties.getSecurity().getSaml2();
        X509Certificate idpCert = CertificateUtils.readCertificate(samlConf.getidpCert());
        Saml2X509Credential verificationCredential = Saml2X509Credential.verification(idpCert);
        Resource privateKeyResource = samlConf.getPrivateKey();
        Resource certificateResource = samlConf.getSpCert();
        Saml2X509Credential signingCredential =
@@ -456,97 +445,26 @@ public class SecurityConfiguration {
                        CertificateUtils.readCertificate(certificateResource),
                        Saml2X509CredentialType.SIGNING);
        X509Certificate idpCert = CertificateUtils.readCertificate(samlConf.getidpCert());
        Saml2X509Credential verificationCredential = Saml2X509Credential.verification(idpCert);
        RelyingPartyRegistration rp =
                RelyingPartyRegistration.withRegistrationId(samlConf.getRegistrationId())
-                        .signingX509Credentials(c -> c.add(signingCredential))
+                        .signingX509Credentials((c) -> c.add(signingCredential))
                        .assertingPartyMetadata(
-                                metadata ->
+                                (details) ->
-                                        metadata.entityId(samlConf.getIdpIssuer())
+                                        details.entityId(samlConf.getIdpIssuer())
                                                .singleSignOnServiceLocation(
                                                        samlConf.getIdpSingleLoginUrl())
                                                .verificationX509Credentials(
-                                                        c -> c.add(verificationCredential))
+                                                        (c) -> c.add(verificationCredential))
                                                .singleSignOnServiceBinding(
                                                        Saml2MessageBinding.POST)
                                                .wantAuthnRequestsSigned(true))
                        .build();
        return new InMemoryRelyingPartyRegistrationRepository(rp);
    }
    @Bean
    @ConditionalOnProperty(
            name = "security.saml2.enabled",
            havingValue = "true",
            matchIfMissing = false)
    public OpenSaml4AuthenticationRequestResolver authenticationRequestResolver(
            RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
        OpenSaml4AuthenticationRequestResolver resolver =
                new OpenSaml4AuthenticationRequestResolver(relyingPartyRegistrationRepository);
        resolver.setAuthnRequestCustomizer(
                customizer -> {
                    log.debug("Customizing SAML Authentication request");
                    AuthnRequest authnRequest = customizer.getAuthnRequest();
                    log.debug("AuthnRequest ID: {}", authnRequest.getID());
                    if (authnRequest.getID() == null) {
                        authnRequest.setID("ARQ" + UUID.randomUUID().toString());
                    }
                    log.debug("AuthnRequest new ID after set: {}", authnRequest.getID());
                    log.debug("AuthnRequest IssueInstant: {}", authnRequest.getIssueInstant());
                    log.debug(
                            "AuthnRequest Issuer: {}",
                            authnRequest.getIssuer() != null
                                    ? authnRequest.getIssuer().getValue()
                                    : "null");
                    HttpServletRequest request = customizer.getRequest();
                    // Log HTTP request details
                    log.debug("HTTP Request Method: {}", request.getMethod());
                    log.debug("Request URI: {}", request.getRequestURI());
                    log.debug("Request URL: {}", request.getRequestURL().toString());
                    log.debug("Query String: {}", request.getQueryString());
                    log.debug("Remote Address: {}", request.getRemoteAddr());
                    // Log headers
                    Collections.list(request.getHeaderNames())
                            .forEach(
                                    headerName -> {
                                        log.debug(
                                                "Header - {}: {}",
                                                headerName,
                                                request.getHeader(headerName));
                                    });
                    // Log SAML specific parameters
                    log.debug("SAML Request Parameters:");
                    log.debug("SAMLRequest: {}", request.getParameter("SAMLRequest"));
                    log.debug("RelayState: {}", request.getParameter("RelayState"));
                    // Log session debugrmation if exists
                    if (request.getSession(false) != null) {
                        log.debug("Session ID: {}", request.getSession().getId());
                    }
                    // Log any assertions consumer service details if present
                    if (authnRequest.getAssertionConsumerServiceURL() != null) {
                        log.debug(
                                "AssertionConsumerServiceURL: {}",
                                authnRequest.getAssertionConsumerServiceURL());
                    }
                    // Log NameID policy if present
                    if (authnRequest.getNameIDPolicy() != null) {
                        log.debug(
                                "NameIDPolicy Format: {}",
                                authnRequest.getNameIDPolicy().getFormat());
                    }
                });
        return resolver;
    }
    public DaoAuthenticationProvider daoAuthenticationProvider() {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setUserDetailsService(userDetailsService);
--- a/src/main/java/stirling/software/SPDF/config/security/UserAuthenticationFilter.java
+++ b/src/main/java/stirling/software/SPDF/config/security/UserAuthenticationFilter.java
@@ -71,7 +71,7 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
        // Check for API key in the request headers if no authentication exists
        if (authentication == null || !authentication.isAuthenticated()) {
-            String apiKey = request.getHeader("X-API-KEY");
+            String apiKey = request.getHeader("X-API-Key");
            if (apiKey != null && !apiKey.trim().isEmpty()) {
                try {
                    // Use API key to authenticate. This requires you to have an authentication
--- a/src/main/java/stirling/software/SPDF/config/security/UserBasedRateLimitingFilter.java
+++ b/src/main/java/stirling/software/SPDF/config/security/UserBasedRateLimitingFilter.java
@@ -59,7 +59,7 @@ public class UserBasedRateLimitingFilter extends OncePerRequestFilter {
        String identifier = null;
        // Check for API key in the request headers
-        String apiKey = request.getHeader("X-API-KEY");
+        String apiKey = request.getHeader("X-API-Key");
        if (apiKey != null && !apiKey.trim().isEmpty()) {
            identifier =
                    "API_KEY_" + apiKey; // Prefix to distinguish between API keys and usernames
@@ -79,7 +79,7 @@ public class UserBasedRateLimitingFilter extends OncePerRequestFilter {
        Role userRole =
                getRoleFromAuthentication(SecurityContextHolder.getContext().getAuthentication());
-        if (request.getHeader("X-API-KEY") != null) {
+        if (request.getHeader("X-API-Key") != null) {
            // It's an API call
            processRequest(
                    userRole.getApiCallsPerDay(),
--- a/src/main/java/stirling/software/SPDF/config/security/UserService.java
+++ b/src/main/java/stirling/software/SPDF/config/security/UserService.java
@@ -18,7 +18,6 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.config.interfaces.DatabaseBackupInterface;
@@ -51,19 +50,8 @@ public class UserService implements UserServiceInterface {
    @Autowired ApplicationProperties applicationProperties;
    @Transactional
    public void migrateOauth2ToSSO() {
        userRepository
                .findByAuthenticationTypeIgnoreCase("OAUTH2")
                .forEach(
                        user -> {
                            user.setAuthenticationType(AuthenticationType.SSO);
                            userRepository.save(user);
                        });
    }
    // Handle OAUTH2 login and user auto creation.
-    public boolean processSSOPostLogin(String username, boolean autoCreateUser)
+    public boolean processOAuth2PostLogin(String username, boolean autoCreateUser)
            throws IllegalArgumentException, IOException {
        if (!isUsernameValid(username)) {
            return false;
@@ -73,7 +61,7 @@ public class UserService implements UserServiceInterface {
            return true;
        }
        if (autoCreateUser) {
-            saveUser(username, AuthenticationType.SSO);
+            saveUser(username, AuthenticationType.OAUTH2);
            return true;
        }
        return false;
@@ -390,37 +378,6 @@ public class UserService implements UserServiceInterface {
        }
    }
    @Transactional
    public void syncCustomApiUser(String customApiKey) throws IOException {
        if (customApiKey == null || customApiKey.trim().length() == 0) {
            return;
        }
        String username = "CUSTOM_API_USER";
        Optional<User> existingUser = findByUsernameIgnoreCase(username);
        if (!existingUser.isPresent()) {
            // Create new user with API role
            User user = new User();
            user.setUsername(username);
            user.setPassword(UUID.randomUUID().toString());
            user.setEnabled(true);
            user.setFirstLogin(false);
            user.setAuthenticationType(AuthenticationType.WEB);
            user.setApiKey(customApiKey);
            user.addAuthority(new Authority(Role.INTERNAL_API_USER.getRoleId(), user));
            userRepository.save(user);
            databaseBackupHelper.exportDatabase();
        } else {
            // Update API key if it has changed
            User user = existingUser.get();
            if (!customApiKey.equals(user.getApiKey())) {
                user.setApiKey(customApiKey);
                userRepository.save(user);
                databaseBackupHelper.exportDatabase();
            }
        }
    }
    @Override
    public long getTotalUsersCount() {
        return userRepository.count();
--- a/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2AuthenticationSuccessHandler.java
+++ b/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2AuthenticationSuccessHandler.java
@@ -82,7 +82,8 @@ public class CustomOAuth2AuthenticationSuccessHandler
            }
            if (userService.usernameExistsIgnoreCase(username)
                    && userService.hasPassword(username)
-                    && !userService.isAuthenticationTypeByUsername(username, AuthenticationType.SSO)
+                    && !userService.isAuthenticationTypeByUsername(
                            username, AuthenticationType.OAUTH2)
                    && oAuth.getAutoCreateUser()) {
                response.sendRedirect(contextPath + "/logout?oauth2AuthenticationErrorWeb=true");
                return;
@@ -94,7 +95,7 @@ public class CustomOAuth2AuthenticationSuccessHandler
                    return;
                }
                if (principal instanceof OAuth2User) {
-                    userService.processSSOPostLogin(username, oAuth.getAutoCreateUser());
+                    userService.processOAuth2PostLogin(username, oAuth.getAutoCreateUser());
                }
                response.sendRedirect(contextPath + "/");
                return;
--- a/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2UserService.java
+++ b/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2UserService.java
@@ -2,6 +2,8 @@ package stirling.software.SPDF.config.security.oauth2;
 import java.util.Optional;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.LockedException;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
@@ -11,7 +13,6 @@ import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.config.security.LoginAttemptService;
 import stirling.software.SPDF.config.security.UserService;
 import stirling.software.SPDF.model.ApplicationProperties;
@@ -19,7 +20,6 @@ import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
 import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2.Client;
 import stirling.software.SPDF.model.User;
@Slf4j
 public class CustomOAuth2UserService implements OAuth2UserService<OidcUserRequest, OidcUser> {
    private final OidcUserService delegate = new OidcUserService();
@@ -30,6 +30,8 @@ public class CustomOAuth2UserService implements OAuth2UserService<OidcUserReques
    private ApplicationProperties applicationProperties;
    private static final Logger logger = LoggerFactory.getLogger(CustomOAuth2UserService.class);
    public CustomOAuth2UserService(
            ApplicationProperties applicationProperties,
            UserService userService,
@@ -80,10 +82,10 @@ public class CustomOAuth2UserService implements OAuth2UserService<OidcUserReques
                    user.getUserInfo(),
                    usernameAttribute);
        } catch (IllegalArgumentException e) {
-            log.error("Error loading OIDC user: {}", e.getMessage());
+            logger.error("Error loading OIDC user: {}", e.getMessage());
            throw new OAuth2AuthenticationException(new OAuth2Error(e.getMessage()), e);
        } catch (Exception e) {
-            log.error("Unexpected error loading OIDC user", e);
+            logger.error("Unexpected error loading OIDC user", e);
            throw new OAuth2AuthenticationException("Unexpected error during authentication");
        }
    }
--- a/src/main/java/stirling/software/SPDF/config/security/saml2/CertificateUtils.java
+++ b/src/main/java/stirling/software/SPDF/config/security/saml2/CertificateUtils.java
@@ -3,14 +3,12 @@ package stirling.software.SPDF.config.security.saml2;
 import java.io.ByteArrayInputStream;
 import java.io.InputStreamReader;
 import java.nio.charset.StandardCharsets;
 import java.security.KeyFactory;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.spec.PKCS8EncodedKeySpec;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.openssl.PEMKeyPair;
 import org.bouncycastle.openssl.PEMParser;
 import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
 import org.bouncycastle.util.io.pem.PemObject;
 import org.bouncycastle.util.io.pem.PemReader;
 import org.springframework.core.io.Resource;
@@ -30,26 +28,15 @@ public class CertificateUtils {
    }
    public static RSAPrivateKey readPrivateKey(Resource privateKeyResource) throws Exception {
-        try (PEMParser pemParser =
+        try (PemReader pemReader =
-                new PEMParser(
+                new PemReader(
                        new InputStreamReader(
                                privateKeyResource.getInputStream(), StandardCharsets.UTF_8))) {
-
+            PemObject pemObject = pemReader.readPemObject();
-            Object object = pemParser.readObject();
+            byte[] decodedKey = pemObject.getContent();
-            JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
+            return (RSAPrivateKey)
-
+                    KeyFactory.getInstance("RSA")
-            if (object instanceof PEMKeyPair) {
+                            .generatePrivate(new PKCS8EncodedKeySpec(decodedKey));
                // Handle traditional RSA private key format
                PEMKeyPair keypair = (PEMKeyPair) object;
                return (RSAPrivateKey) converter.getPrivateKey(keypair.getPrivateKeyInfo());
            } else if (object instanceof PrivateKeyInfo) {
                // Handle PKCS#8 format
                return (RSAPrivateKey) converter.getPrivateKey((PrivateKeyInfo) object);
            } else {
                throw new IllegalArgumentException(
                        "Unsupported key format: "
                                + (object != null ? object.getClass().getName() : "null"));
            }
        }
    }
 }
--- a/src/main/java/stirling/software/SPDF/config/security/saml2/CustomSaml2AuthenticationSuccessHandler.java
+++ b/src/main/java/stirling/software/SPDF/config/security/saml2/CustomSaml2AuthenticationSuccessHandler.java
@@ -12,7 +12,6 @@ import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import jakarta.servlet.http.HttpSession;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.config.security.LoginAttemptService;
 import stirling.software.SPDF.config.security.UserService;
 import stirling.software.SPDF.model.ApplicationProperties;
@@ -21,11 +20,11 @@ import stirling.software.SPDF.model.AuthenticationType;
 import stirling.software.SPDF.utils.RequestUriUtils;
@AllArgsConstructor
@Slf4j
 public class CustomSaml2AuthenticationSuccessHandler
        extends SavedRequestAwareAuthenticationSuccessHandler {
    private LoginAttemptService loginAttemptService;
    private ApplicationProperties applicationProperties;
    private UserService userService;
@@ -35,12 +34,10 @@ public class CustomSaml2AuthenticationSuccessHandler
            throws ServletException, IOException {
        Object principal = authentication.getPrincipal();
        log.debug("Starting SAML2 authentication success handling");
        if (principal instanceof CustomSaml2AuthenticatedPrincipal) {
            String username = ((CustomSaml2AuthenticatedPrincipal) principal).getName();
-            log.debug("Authenticated principal found for user: {}", username);
+            // Get the saved request
            HttpSession session = request.getSession(false);
            String contextPath = request.getContextPath();
            SavedRequest savedRequest =
@@ -48,77 +45,46 @@ public class CustomSaml2AuthenticationSuccessHandler
                            ? (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST")
                            : null;
            log.debug(
                    "Session exists: {}, Saved request exists: {}",
                    session != null,
                    savedRequest != null);
            if (savedRequest != null
                    && !RequestUriUtils.isStaticResource(
                            contextPath, savedRequest.getRedirectUrl())) {
-                log.debug(
+                // Redirect to the original destination
                        "Valid saved request found, redirecting to original destination: {}",
                        savedRequest.getRedirectUrl());
                super.onAuthenticationSuccess(request, response, authentication);
            } else {
                SAML2 saml2 = applicationProperties.getSecurity().getSaml2();
                log.debug(
                        "Processing SAML2 authentication with autoCreateUser: {}",
                        saml2.getAutoCreateUser());
                if (loginAttemptService.isBlocked(username)) {
                    log.debug("User {} is blocked due to too many login attempts", username);
                    if (session != null) {
                        session.removeAttribute("SPRING_SECURITY_SAVED_REQUEST");
                    }
                    throw new LockedException(
                            "Your account has been locked due to too many failed login attempts.");
                }
-
+                if (userService.usernameExistsIgnoreCase(username)
-                boolean userExists = userService.usernameExistsIgnoreCase(username);
+                        && userService.hasPassword(username)
-                boolean hasPassword = userExists && userService.hasPassword(username);
+                        && !userService.isAuthenticationTypeByUsername(
-                boolean isSSOUser =
+                                username, AuthenticationType.OAUTH2)
-                        userExists
+                        && saml2.getAutoCreateUser()) {
                                && userService.isAuthenticationTypeByUsername(
                                        username, AuthenticationType.SSO);
                log.debug(
                        "User status - Exists: {}, Has password: {}, Is SSO user: {}",
                        userExists,
                        hasPassword,
                        isSSOUser);
                if (userExists && hasPassword && !isSSOUser && saml2.getAutoCreateUser()) {
                    log.debug(
                            "User {} exists with password but is not SSO user, redirecting to logout",
                            username);
                    response.sendRedirect(
                            contextPath + "/logout?oauth2AuthenticationErrorWeb=true");
                    return;
                }
                try {
-                    if (saml2.getBlockRegistration() && !userExists) {
+                    if (saml2.getBlockRegistration()
-                        log.debug("Registration blocked for new user: {}", username);
+                            && !userService.usernameExistsIgnoreCase(username)) {
                        response.sendRedirect(
                                contextPath + "/login?erroroauth=oauth2_admin_blocked_user");
                        return;
                    }
-                    log.debug("Processing SSO post-login for user: {}", username);
+                    userService.processOAuth2PostLogin(username, saml2.getAutoCreateUser());
                    userService.processSSOPostLogin(username, saml2.getAutoCreateUser());
                    log.debug("Successfully processed authentication for user: {}", username);
                    response.sendRedirect(contextPath + "/");
                    return;
                } catch (IllegalArgumentException e) {
                    log.debug(
                            "Invalid username detected for user: {}, redirecting to logout",
                            username);
                    response.sendRedirect(contextPath + "/logout?invalidUsername=true");
                    return;
                }
            }
        } else {
            log.debug("Non-SAML2 principal detected, delegating to parent handler");
            super.onAuthenticationSuccess(request, response, authentication);
        }
    }
--- a/src/main/java/stirling/software/SPDF/config/security/saml2/CustomSaml2ResponseAuthenticationConverter.java
+++ b/src/main/java/stirling/software/SPDF/config/security/saml2/CustomSaml2ResponseAuthenticationConverter.java
@@ -3,6 +3,8 @@ package stirling.software.SPDF.config.security.saml2;
 import java.util.*;
 import org.opensaml.core.xml.XMLObject;
 import org.opensaml.core.xml.schema.XSBoolean;
 import org.opensaml.core.xml.schema.XSString;
 import org.opensaml.saml.saml2.core.Assertion;
 import org.opensaml.saml.saml2.core.Attribute;
 import org.opensaml.saml.saml2.core.AttributeStatement;
@@ -28,60 +30,15 @@ public class CustomSaml2ResponseAuthenticationConverter
        this.userService = userService;
    }
    private Map<String, List<Object>> extractAttributes(Assertion assertion) {
        Map<String, List<Object>> attributes = new HashMap<>();
        for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
            for (Attribute attribute : attributeStatement.getAttributes()) {
                String attributeName = attribute.getName();
                List<Object> values = new ArrayList<>();
                for (XMLObject xmlObject : attribute.getAttributeValues()) {
                    // Get the text content directly
                    String value = xmlObject.getDOM().getTextContent();
                    if (value != null && !value.trim().isEmpty()) {
                        values.add(value);
                    }
                }
                if (!values.isEmpty()) {
                    // Store with both full URI and last part of the URI
                    attributes.put(attributeName, values);
                    String shortName = attributeName.substring(attributeName.lastIndexOf('/') + 1);
                    attributes.put(shortName, values);
                }
            }
        }
        return attributes;
    }
    @Override
    public Saml2Authentication convert(ResponseToken responseToken) {
        // Extract the assertion from the response
        Assertion assertion = responseToken.getResponse().getAssertions().get(0);
        Map<String, List<Object>> attributes = extractAttributes(assertion);
-        // Debug log with actual values
+        // Extract the NameID
-        log.debug("Extracted SAML Attributes: " + attributes);
+        String nameId = assertion.getSubject().getNameID().getValue();
-        // Try to get username/identifier in order of preference
+        Optional<User> userOpt = userService.findByUsernameIgnoreCase(nameId);
        String userIdentifier = null;
        if (hasAttribute(attributes, "username")) {
            userIdentifier = getFirstAttributeValue(attributes, "username");
        } else if (hasAttribute(attributes, "emailaddress")) {
            userIdentifier = getFirstAttributeValue(attributes, "emailaddress");
        } else if (hasAttribute(attributes, "name")) {
            userIdentifier = getFirstAttributeValue(attributes, "name");
        } else if (hasAttribute(attributes, "upn")) {
            userIdentifier = getFirstAttributeValue(attributes, "upn");
        } else if (hasAttribute(attributes, "uid")) {
            userIdentifier = getFirstAttributeValue(attributes, "uid");
        } else {
            userIdentifier = assertion.getSubject().getNameID().getValue();
        }
        // Rest of your existing code...
        Optional<User> userOpt = userService.findByUsernameIgnoreCase(userIdentifier);
        SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority("ROLE_USER");
        if (userOpt.isPresent()) {
            User user = userOpt.get();
@@ -91,27 +48,39 @@ public class CustomSaml2ResponseAuthenticationConverter
            }
        }
        // Extract the SessionIndexes
        List<String> sessionIndexes = new ArrayList<>();
        for (AuthnStatement authnStatement : assertion.getAuthnStatements()) {
            sessionIndexes.add(authnStatement.getSessionIndex());
        }
-        CustomSaml2AuthenticatedPrincipal principal =
+        // Extract the Attributes
-                new CustomSaml2AuthenticatedPrincipal(
+        Map<String, List<Object>> attributes = extractAttributes(assertion);
                        userIdentifier, attributes, userIdentifier, sessionIndexes);
        // Create the custom principal
        CustomSaml2AuthenticatedPrincipal principal =
                new CustomSaml2AuthenticatedPrincipal(nameId, attributes, nameId, sessionIndexes);
        // Create the Saml2Authentication
        return new Saml2Authentication(
                principal,
                responseToken.getToken().getSaml2Response(),
                Collections.singletonList(simpleGrantedAuthority));
    }
-    private boolean hasAttribute(Map<String, List<Object>> attributes, String name) {
+    private Map<String, List<Object>> extractAttributes(Assertion assertion) {
-        return attributes.containsKey(name) && !attributes.get(name).isEmpty();
+        Map<String, List<Object>> attributes = new HashMap<>();
-    }
+        for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
-
+            for (Attribute attribute : attributeStatement.getAttributes()) {
-    private String getFirstAttributeValue(Map<String, List<Object>> attributes, String name) {
+                String attributeName = attribute.getName();
-        List<Object> values = attributes.get(name);
+                List<Object> values = new ArrayList<>();
-        return values != null && !values.isEmpty() ? values.get(0).toString() : null;
+                for (XMLObject xmlObject : attribute.getAttributeValues()) {
                    log.info("BOOL: " + ((XSBoolean) xmlObject).getValue());
                    values.add(((XSString) xmlObject).getValue());
                }
                attributes.put(attributeName, values);
            }
        }
        return attributes;
    }
 }
--- a/src/main/java/stirling/software/SPDF/controller/api/CropController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/CropController.java
@@ -11,6 +11,8 @@ import org.apache.pdfbox.pdmodel.PDPageContentStream;
 import org.apache.pdfbox.pdmodel.PDPageContentStream.AppendMode;
 import org.apache.pdfbox.pdmodel.common.PDRectangle;
 import org.apache.pdfbox.pdmodel.graphics.form.PDFormXObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -31,6 +33,8 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@Tag(name = "General", description = "General APIs")
 public class CropController {
    private static final Logger logger = LoggerFactory.getLogger(CropController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    private final PostHogService postHogService;
--- a/src/main/java/stirling/software/SPDF/controller/api/DatabaseController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/DatabaseController.java
@@ -25,7 +25,6 @@ import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 import io.swagger.v3.oas.annotations.Hidden;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
@@ -35,28 +34,24 @@ import stirling.software.SPDF.config.security.database.DatabaseBackupHelper;
@Controller
@RequestMapping("/api/v1/database")
@PreAuthorize("hasRole('ROLE_ADMIN')")
-@Tag(name = "Database", description = "Database APIs for backup, import, and management")
+@Tag(name = "Database", description = "Database APIs")
 public class DatabaseController {
    @Autowired DatabaseBackupHelper databaseBackupHelper;
-    @Operation(
+    @Hidden
            summary = "Import a database backup file",
            description = "Uploads and imports a database backup SQL file.")
    @PostMapping(consumes = "multipart/form-data", value = "import-database")
    @Operation(
            summary = "Import database backup",
            description = "This endpoint imports a database backup from a SQL file.")
    public String importDatabase(
-            @Parameter(description = "SQL file to import", required = true)
+            @RequestParam("fileInput") MultipartFile file, RedirectAttributes redirectAttributes)
-                    @RequestParam("fileInput")
+            throws IllegalArgumentException, IOException {
                    MultipartFile file,
            RedirectAttributes redirectAttributes)
            throws IOException {
        if (file == null || file.isEmpty()) {
            redirectAttributes.addAttribute("error", "fileNullOrEmpty");
            return "redirect:/database";
        }
        log.info("Received file: {}", file.getOriginalFilename());
        Path tempTemplatePath = Files.createTempFile("backup_", ".sql");
        try (InputStream in = file.getInputStream()) {
            Files.copy(in, tempTemplatePath, StandardCopyOption.REPLACE_EXISTING);
@@ -74,15 +69,9 @@ public class DatabaseController {
    }
    @Hidden
    @Operation(
            summary = "Import database backup by filename",
            description = "Imports a database backup file from the server using its file name.")
    @GetMapping("/import-database-file/{fileName}")
-    public String importDatabaseFromBackupUI(
+    public String importDatabaseFromBackupUI(@PathVariable String fileName)
-            @Parameter(description = "Name of the file to import", required = true) @PathVariable
+            throws IllegalArgumentException, IOException {
                    String fileName)
            throws IOException {
        if (fileName == null || fileName.isEmpty()) {
            return "redirect:/database?error=fileNullOrEmpty";
        }
@@ -96,7 +85,6 @@ public class DatabaseController {
            return "redirect:/database?error=fileNotFound";
        }
        log.info("Received file: {}", fileName);
        if (databaseBackupHelper.importDatabaseFromUI(fileName)) {
            log.info("File {} imported to database", fileName);
            return "redirect:/database?infoMessage=importIntoDatabaseSuccessed";
@@ -105,14 +93,12 @@ public class DatabaseController {
    }
    @Hidden
    @GetMapping("/delete/{fileName}")
    @Operation(
            summary = "Delete a database backup file",
-            description = "Deletes a specified database backup file from the server.")
+            description =
-    @GetMapping("/delete/{fileName}")
+                    "This endpoint deletes a database backup file with the specified file name.")
-    public String deleteFile(
+    public String deleteFile(@PathVariable String fileName) {
            @Parameter(description = "Name of the file to delete", required = true) @PathVariable
                    String fileName) {
        if (fileName == null || fileName.isEmpty()) {
            throw new IllegalArgumentException("File must not be null or empty");
        }
@@ -131,13 +117,12 @@ public class DatabaseController {
    }
    @Hidden
    @GetMapping("/download/{fileName}")
    @Operation(
            summary = "Download a database backup file",
-            description = "Downloads the specified database backup file from the server.")
+            description =
-    @GetMapping("/download/{fileName}")
+                    "This endpoint downloads a database backup file with the specified file name.")
-    public ResponseEntity<?> downloadFile(
+    public ResponseEntity<?> downloadFile(@PathVariable String fileName) {
            @Parameter(description = "Name of the file to download", required = true) @PathVariable
                    String fileName) {
        if (fileName == null || fileName.isEmpty()) {
            throw new IllegalArgumentException("File must not be null or empty");
        }
@@ -156,22 +141,4 @@ public class DatabaseController {
                    .build();
        }
    }
    @Operation(
            summary = "Create a database backup",
            description =
                    "This endpoint triggers the creation of a database backup and redirects to the"
                            + " database management page.")
    @GetMapping("/createDatabaseBackup")
    public String createDatabaseBackup() {
        try {
            log.info("Starting database backup creation...");
            databaseBackupHelper.exportDatabase();
            log.info("Database backup successfully created.");
        } catch (IOException e) {
            log.error("Error creating database backup: {}", e.getMessage(), e);
            return "redirect:/database?error=" + e.getMessage();
        }
        return "redirect:/database?infoMessage=backupCreated";
    }
 }
--- a/src/main/java/stirling/software/SPDF/controller/api/MergeController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/MergeController.java
@@ -20,6 +20,8 @@ import org.apache.pdfbox.pdmodel.PDPage;
 import org.apache.pdfbox.pdmodel.interactive.form.PDAcroForm;
 import org.apache.pdfbox.pdmodel.interactive.form.PDField;
 import org.apache.pdfbox.pdmodel.interactive.form.PDSignatureField;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -31,18 +33,18 @@ import org.springframework.web.multipart.MultipartFile;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.general.MergePdfsRequest;
 import stirling.software.SPDF.service.CustomPDDocumentFactory;
 import stirling.software.SPDF.utils.GeneralUtils;
 import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@Slf4j
@RequestMapping("/api/v1/general")
@Tag(name = "General", description = "General APIs")
 public class MergeController {
    private static final Logger logger = LoggerFactory.getLogger(MergeController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
@@ -182,7 +184,7 @@ public class MergeController {
                    baos.toByteArray(), mergedFileName); // Return the modified PDF
        } catch (Exception ex) {
-            log.error("Error in merge pdf process", ex);
+            logger.error("Error in merge pdf process", ex);
            throw ex;
        } finally {
            for (File file : filesToDelete) {
--- a/src/main/java/stirling/software/SPDF/controller/api/MultiPageLayoutController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/MultiPageLayoutController.java
@@ -12,6 +12,8 @@ import org.apache.pdfbox.pdmodel.PDPageContentStream;
 import org.apache.pdfbox.pdmodel.common.PDRectangle;
 import org.apache.pdfbox.pdmodel.graphics.form.PDFormXObject;
 import org.apache.pdfbox.util.Matrix;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -33,6 +35,8 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@Tag(name = "General", description = "General APIs")
 public class MultiPageLayoutController {
    private static final Logger logger = LoggerFactory.getLogger(MultiPageLayoutController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
--- a/src/main/java/stirling/software/SPDF/controller/api/RearrangePagesPDFController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/RearrangePagesPDFController.java
@@ -8,6 +8,8 @@ import java.util.List;
 import org.apache.pdfbox.Loader;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.PDPage;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -20,7 +22,6 @@ import io.github.pixee.security.Filenames;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.SortTypes;
 import stirling.software.SPDF.model.api.PDFWithPageNums;
 import stirling.software.SPDF.model.api.general.RearrangePagesRequest;
@@ -30,10 +31,11 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/general")
@Slf4j
@Tag(name = "General", description = "General APIs")
 public class RearrangePagesPDFController {
    private static final Logger logger = LoggerFactory.getLogger(RearrangePagesPDFController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
@@ -200,7 +202,7 @@ public class RearrangePagesPDFController {
                    throw new IllegalArgumentException("Unsupported custom mode");
            }
        } catch (IllegalArgumentException e) {
-            log.error("Unsupported custom mode", e);
+            logger.error("Unsupported custom mode", e);
            return null;
        }
    }
@@ -228,8 +230,8 @@ public class RearrangePagesPDFController {
            } else {
                newPageOrder = GeneralUtils.parsePageList(pageOrderArr, totalPages, false);
            }
-            log.info("newPageOrder = " + newPageOrder);
+            logger.info("newPageOrder = " + newPageOrder);
-            log.info("totalPages = " + totalPages);
+            logger.info("totalPages = " + totalPages);
            // Create a new list to hold the pages in the new order
            List<PDPage> newPages = new ArrayList<>();
            for (int i = 0; i < newPageOrder.size(); i++) {
@@ -252,7 +254,7 @@ public class RearrangePagesPDFController {
                                    .replaceFirst("[.][^.]+$", "")
                            + "_rearranged.pdf");
        } catch (IOException e) {
-            log.error("Failed rearranging documents", e);
+            logger.error("Failed rearranging documents", e);
            return null;
        }
    }
--- a/src/main/java/stirling/software/SPDF/controller/api/RotationController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/RotationController.java
@@ -5,6 +5,8 @@ import java.io.IOException;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.PDPage;
 import org.apache.pdfbox.pdmodel.PDPageTree;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -26,6 +28,8 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@Tag(name = "General", description = "General APIs")
 public class RotationController {
    private static final Logger logger = LoggerFactory.getLogger(RotationController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
--- a/src/main/java/stirling/software/SPDF/controller/api/ScalePagesController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/ScalePagesController.java
@@ -13,6 +13,8 @@ import org.apache.pdfbox.pdmodel.PDPageContentStream;
 import org.apache.pdfbox.pdmodel.common.PDRectangle;
 import org.apache.pdfbox.pdmodel.graphics.form.PDFormXObject;
 import org.apache.pdfbox.util.Matrix;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -34,6 +36,8 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@Tag(name = "General", description = "General APIs")
 public class ScalePagesController {
    private static final Logger logger = LoggerFactory.getLogger(ScalePagesController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
--- a/src/main/java/stirling/software/SPDF/controller/api/SplitPDFController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/SplitPDFController.java
@@ -13,6 +13,8 @@ import java.util.zip.ZipOutputStream;
 import org.apache.pdfbox.Loader;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.PDPage;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -26,17 +28,16 @@ import io.github.pixee.security.Filenames;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.PDFWithPageNums;
 import stirling.software.SPDF.service.CustomPDDocumentFactory;
 import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/general")
@Slf4j
@Tag(name = "General", description = "General APIs")
 public class SplitPDFController {
    private static final Logger logger = LoggerFactory.getLogger(SplitPDFController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
@@ -51,114 +52,84 @@ public class SplitPDFController {
                    "This endpoint splits a given PDF file into separate documents based on the specified page numbers or ranges. Users can specify pages using individual numbers, ranges, or 'all' for every page. Input:PDF Output:PDF Type:SIMO")
    public ResponseEntity<byte[]> splitPdf(@ModelAttribute PDFWithPageNums request)
            throws IOException {
        MultipartFile file = request.getFileInput();
        String pages = request.getPageNumbers();
        // open the pdf document
-        PDDocument document = null;
+        PDDocument document = Loader.loadPDF(file.getBytes());
-        Path zipFile = null;
+        // PdfMetadata metadata = PdfMetadataService.extractMetadataFromPdf(document);
        int totalPages = document.getNumberOfPages();
        List<Integer> pageNumbers = request.getPageNumbersList(document, false);
        if (!pageNumbers.contains(totalPages - 1)) {
            // Create a mutable ArrayList so we can add to it
            pageNumbers = new ArrayList<>(pageNumbers);
            pageNumbers.add(totalPages - 1);
        }
        logger.info(
                "Splitting PDF into pages: {}",
                pageNumbers.stream().map(String::valueOf).collect(Collectors.joining(",")));
        // split the document
        List<ByteArrayOutputStream> splitDocumentsBoas = new ArrayList<>();
-
+        int previousPageNumber = 0;
-        try {
+        for (int splitPoint : pageNumbers) {
-
+            try (PDDocument splitDocument =
-            MultipartFile file = request.getFileInput();
+                    pdfDocumentFactory.createNewDocumentBasedOnOldDocument(document)) {
-            String pages = request.getPageNumbers();
+                for (int i = previousPageNumber; i <= splitPoint; i++) {
-            // open the pdf document
+                    PDPage page = document.getPage(i);
-
+                    splitDocument.addPage(page);
-            document = Loader.loadPDF(file.getBytes());
+                    logger.info("Adding page {} to split document", i);
            // PdfMetadata metadata = PdfMetadataService.extractMetadataFromPdf(document);
            int totalPages = document.getNumberOfPages();
            List<Integer> pageNumbers = request.getPageNumbersList(document, false);
            if (!pageNumbers.contains(totalPages - 1)) {
                // Create a mutable ArrayList so we can add to it
                pageNumbers = new ArrayList<>(pageNumbers);
                pageNumbers.add(totalPages - 1);
            }
            log.info(
                    "Splitting PDF into pages: {}",
                    pageNumbers.stream().map(String::valueOf).collect(Collectors.joining(",")));
            // split the document
            splitDocumentsBoas = new ArrayList<>();
            int previousPageNumber = 0;
            for (int splitPoint : pageNumbers) {
                try (PDDocument splitDocument =
                        pdfDocumentFactory.createNewDocumentBasedOnOldDocument(document)) {
                    for (int i = previousPageNumber; i <= splitPoint; i++) {
                        PDPage page = document.getPage(i);
                        splitDocument.addPage(page);
                        log.info("Adding page {} to split document", i);
                    }
                    previousPageNumber = splitPoint + 1;
                    // Transfer metadata to split pdf
                    // PdfMetadataService.setMetadataToPdf(splitDocument, metadata);
                    ByteArrayOutputStream baos = new ByteArrayOutputStream();
                    splitDocument.save(baos);
                    splitDocumentsBoas.add(baos);
                } catch (Exception e) {
                    log.error("Failed splitting documents and saving them", e);
                    throw e;
                }
-            }
+                previousPageNumber = splitPoint + 1;
-            // closing the original document
+                // Transfer metadata to split pdf
-            document.close();
+                // PdfMetadataService.setMetadataToPdf(splitDocument, metadata);
-            zipFile = Files.createTempFile("split_documents", ".zip");
+                ByteArrayOutputStream baos = new ByteArrayOutputStream();
                splitDocument.save(baos);
-            String filename =
+                splitDocumentsBoas.add(baos);
                    Filenames.toSimpleFileName(file.getOriginalFilename())
                            .replaceFirst("[.][^.]+$", "");
            try (ZipOutputStream zipOut = new ZipOutputStream(Files.newOutputStream(zipFile))) {
                // loop through the split documents and write them to the zip file
                for (int i = 0; i < splitDocumentsBoas.size(); i++) {
                    String fileName = filename + "_" + (i + 1) + ".pdf";
                    ByteArrayOutputStream baos = splitDocumentsBoas.get(i);
                    byte[] pdf = baos.toByteArray();
                    // Add PDF file to the zip
                    ZipEntry pdfEntry = new ZipEntry(fileName);
                    zipOut.putNextEntry(pdfEntry);
                    zipOut.write(pdf);
                    zipOut.closeEntry();
                    log.info("Wrote split document {} to zip file", fileName);
                }
            } catch (Exception e) {
-                log.error("Failed writing to zip", e);
+                logger.error("Failed splitting documents and saving them", e);
                throw e;
            }
            log.info("Successfully created zip file with split documents: {}", zipFile.toString());
            byte[] data = Files.readAllBytes(zipFile);
            Files.deleteIfExists(zipFile);
            // return the Resource in the response
            return WebResponseUtils.bytesToWebResponse(
                    data, filename + ".zip", MediaType.APPLICATION_OCTET_STREAM);
        } finally {
            try {
                // Close the main document
                if (document != null) {
                    document.close();
                }
                // Close all ByteArrayOutputStreams
                for (ByteArrayOutputStream baos : splitDocumentsBoas) {
                    if (baos != null) {
                        baos.close();
                    }
                }
                // Delete temporary zip file
                if (zipFile != null) {
                    Files.deleteIfExists(zipFile);
                }
            } catch (Exception e) {
                log.error("Error while cleaning up resources", e);
            }
        }
        // closing the original document
        document.close();
        Path zipFile = Files.createTempFile("split_documents", ".zip");
        String filename =
                Filenames.toSimpleFileName(file.getOriginalFilename())
                        .replaceFirst("[.][^.]+$", "");
        try (ZipOutputStream zipOut = new ZipOutputStream(Files.newOutputStream(zipFile))) {
            // loop through the split documents and write them to the zip file
            for (int i = 0; i < splitDocumentsBoas.size(); i++) {
                String fileName = filename + "_" + (i + 1) + ".pdf";
                ByteArrayOutputStream baos = splitDocumentsBoas.get(i);
                byte[] pdf = baos.toByteArray();
                // Add PDF file to the zip
                ZipEntry pdfEntry = new ZipEntry(fileName);
                zipOut.putNextEntry(pdfEntry);
                zipOut.write(pdf);
                zipOut.closeEntry();
                logger.info("Wrote split document {} to zip file", fileName);
            }
        } catch (Exception e) {
            logger.error("Failed writing to zip", e);
            throw e;
        }
        logger.info("Successfully created zip file with split documents: {}", zipFile.toString());
        byte[] data = Files.readAllBytes(zipFile);
        Files.deleteIfExists(zipFile);
        // return the Resource in the response
        return WebResponseUtils.bytesToWebResponse(
                data, filename + ".zip", MediaType.APPLICATION_OCTET_STREAM);
    }
 }
--- a/src/main/java/stirling/software/SPDF/controller/api/SplitPdfByChaptersController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/SplitPdfByChaptersController.java
@@ -13,6 +13,8 @@ import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.PDPage;
 import org.apache.pdfbox.pdmodel.interactive.documentnavigation.outline.PDDocumentOutline;
 import org.apache.pdfbox.pdmodel.interactive.documentnavigation.outline.PDOutlineItem;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -30,7 +32,6 @@ import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import lombok.NoArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.PdfMetadata;
 import stirling.software.SPDF.model.api.SplitPdfByChaptersRequest;
 import stirling.software.SPDF.service.PdfMetadataService;
@@ -38,10 +39,12 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/general")
@Slf4j
@Tag(name = "General", description = "General APIs")
 public class SplitPdfByChaptersController {
    private static final Logger logger =
            LoggerFactory.getLogger(SplitPdfByChaptersController.class);
    private final PdfMetadataService pdfMetadataService;
    @Autowired
@@ -56,86 +59,70 @@ public class SplitPdfByChaptersController {
    public ResponseEntity<byte[]> splitPdf(@ModelAttribute SplitPdfByChaptersRequest request)
            throws Exception {
        MultipartFile file = request.getFileInput();
-        PDDocument sourceDocument = null;
+        boolean includeMetadata = request.getIncludeMetadata();
-        Path zipFile = null;
+        Integer bookmarkLevel =
-
+                request.getBookmarkLevel(); // levels start from 0 (top most bookmarks)
-        try {
+        if (bookmarkLevel < 0) {
-            boolean includeMetadata = request.getIncludeMetadata();
+            return ResponseEntity.badRequest().body("Invalid bookmark level".getBytes());
            Integer bookmarkLevel =
                    request.getBookmarkLevel(); // levels start from 0 (top most bookmarks)
            if (bookmarkLevel < 0) {
                return ResponseEntity.badRequest().body("Invalid bookmark level".getBytes());
            }
            sourceDocument = Loader.loadPDF(file.getBytes());
            PDDocumentOutline outline = sourceDocument.getDocumentCatalog().getDocumentOutline();
            if (outline == null) {
                log.warn("No outline found for {}", file.getOriginalFilename());
                return ResponseEntity.badRequest().body("No outline found".getBytes());
            }
            List<Bookmark> bookmarks = new ArrayList<>();
            try {
                bookmarks =
                        extractOutlineItems(
                                sourceDocument,
                                outline.getFirstChild(),
                                bookmarks,
                                outline.getFirstChild().getNextSibling(),
                                0,
                                bookmarkLevel);
                // to handle last page edge case
                bookmarks.get(bookmarks.size() - 1).setEndPage(sourceDocument.getNumberOfPages());
                Bookmark lastBookmark = bookmarks.get(bookmarks.size() - 1);
            } catch (Exception e) {
                log.error("Unable to extract outline items", e);
                return ResponseEntity.internalServerError()
                        .body("Unable to extract outline items".getBytes());
            }
            boolean allowDuplicates = request.getAllowDuplicates();
            if (!allowDuplicates) {
                /*
                duplicates are generated when multiple bookmarks correspond to the same page,
                if the user doesn't want duplicates mergeBookmarksThatCorrespondToSamePage() method will merge the titles of all
                the bookmarks that correspond to the same page, and treat them as a single bookmark
                */
                bookmarks = mergeBookmarksThatCorrespondToSamePage(bookmarks);
            }
            for (Bookmark bookmark : bookmarks) {
                log.info(
                        "{}::::{} to {}",
                        bookmark.getTitle(),
                        bookmark.getStartPage(),
                        bookmark.getEndPage());
            }
            List<ByteArrayOutputStream> splitDocumentsBoas =
                    getSplitDocumentsBoas(sourceDocument, bookmarks, includeMetadata);
            zipFile = createZipFile(bookmarks, splitDocumentsBoas);
            byte[] data = Files.readAllBytes(zipFile);
            Files.deleteIfExists(zipFile);
            String filename =
                    Filenames.toSimpleFileName(file.getOriginalFilename())
                            .replaceFirst("[.][^.]+$", "");
            sourceDocument.close();
            return WebResponseUtils.bytesToWebResponse(
                    data, filename + ".zip", MediaType.APPLICATION_OCTET_STREAM);
        } finally {
            try {
                if (sourceDocument != null) {
                    sourceDocument.close();
                }
                if (zipFile != null) {
                    Files.deleteIfExists(zipFile);
                }
            } catch (Exception e) {
                log.error("Error while cleaning up resources", e);
            }
        }
        PDDocument sourceDocument = Loader.loadPDF(file.getBytes());
        PDDocumentOutline outline = sourceDocument.getDocumentCatalog().getDocumentOutline();
        if (outline == null) {
            logger.warn("No outline found for {}", file.getOriginalFilename());
            return ResponseEntity.badRequest().body("No outline found".getBytes());
        }
        List<Bookmark> bookmarks = new ArrayList<>();
        try {
            bookmarks =
                    extractOutlineItems(
                            sourceDocument,
                            outline.getFirstChild(),
                            bookmarks,
                            outline.getFirstChild().getNextSibling(),
                            0,
                            bookmarkLevel);
            // to handle last page edge case
            bookmarks.get(bookmarks.size() - 1).setEndPage(sourceDocument.getNumberOfPages());
            Bookmark lastBookmark = bookmarks.get(bookmarks.size() - 1);
        } catch (Exception e) {
            logger.error("Unable to extract outline items", e);
            return ResponseEntity.internalServerError()
                    .body("Unable to extract outline items".getBytes());
        }
        boolean allowDuplicates = request.getAllowDuplicates();
        if (!allowDuplicates) {
            /*
            duplicates are generated when multiple bookmarks correspond to the same page,
            if the user doesn't want duplicates mergeBookmarksThatCorrespondToSamePage() method will merge the titles of all
            the bookmarks that correspond to the same page, and treat them as a single bookmark
            */
            bookmarks = mergeBookmarksThatCorrespondToSamePage(bookmarks);
        }
        for (Bookmark bookmark : bookmarks) {
            logger.info(
                    "{}::::{} to {}",
                    bookmark.getTitle(),
                    bookmark.getStartPage(),
                    bookmark.getEndPage());
        }
        List<ByteArrayOutputStream> splitDocumentsBoas =
                getSplitDocumentsBoas(sourceDocument, bookmarks, includeMetadata);
        Path zipFile = createZipFile(bookmarks, splitDocumentsBoas);
        byte[] data = Files.readAllBytes(zipFile);
        Files.deleteIfExists(zipFile);
        String filename =
                Filenames.toSimpleFileName(file.getOriginalFilename())
                        .replaceFirst("[.][^.]+$", "");
        sourceDocument.close();
        return WebResponseUtils.bytesToWebResponse(
                data, filename + ".zip", MediaType.APPLICATION_OCTET_STREAM);
    }
    private List<Bookmark> mergeBookmarksThatCorrespondToSamePage(List<Bookmark> bookmarks) {
@@ -253,14 +240,14 @@ public class SplitPdfByChaptersController {
                zipOut.write(pdf);
                zipOut.closeEntry();
-                log.info("Wrote split document {} to zip file", fileName);
+                logger.info("Wrote split document {} to zip file", fileName);
            }
        } catch (Exception e) {
-            log.error("Failed writing to zip", e);
+            logger.error("Failed writing to zip", e);
            throw e;
        }
-        log.info("Successfully created zip file with split documents: {}", zipFile);
+        logger.info("Successfully created zip file with split documents: {}", zipFile);
        return zipFile;
    }
@@ -281,7 +268,7 @@ public class SplitPdfByChaptersController {
                        i++) {
                    PDPage page = sourceDocument.getPage(i);
                    splitDocument.addPage(page);
-                    log.info("Adding page {} to split document", i);
+                    logger.info("Adding page {} to split document", i);
                }
                ByteArrayOutputStream baos = new ByteArrayOutputStream();
                if (includeMetadata) {
@@ -292,7 +279,7 @@ public class SplitPdfByChaptersController {
                splitDocumentsBoas.add(baos);
            } catch (Exception e) {
-                log.error("Failed splitting documents and saving them", e);
+                logger.error("Failed splitting documents and saving them", e);
                throw e;
            }
        }
--- a/src/main/java/stirling/software/SPDF/controller/api/SplitPdfBySectionsController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/SplitPdfBySectionsController.java
@@ -18,6 +18,8 @@ import org.apache.pdfbox.pdmodel.PDPageContentStream.AppendMode;
 import org.apache.pdfbox.pdmodel.common.PDRectangle;
 import org.apache.pdfbox.pdmodel.graphics.form.PDFormXObject;
 import org.apache.pdfbox.util.Matrix;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -40,6 +42,9 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@Tag(name = "General", description = "General APIs")
 public class SplitPdfBySectionsController {
    private static final Logger logger =
            LoggerFactory.getLogger(SplitPdfBySectionsController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
@@ -100,13 +105,15 @@ public class SplitPdfBySectionsController {
                if (sectionNum == horiz * verti) pageNum++;
            }
-            data = Files.readAllBytes(zipFile);
+        } catch (Exception e) {
-            return WebResponseUtils.bytesToWebResponse(
+            logger.error("exception", e);
                    data, filename + "_split.zip", MediaType.APPLICATION_OCTET_STREAM);
        } finally {
            data = Files.readAllBytes(zipFile);
            Files.deleteIfExists(zipFile);
        }
        return WebResponseUtils.bytesToWebResponse(
                data, filename + "_split.zip", MediaType.APPLICATION_OCTET_STREAM);
    }
    public List<PDDocument> splitPdfPages(
--- a/src/main/java/stirling/software/SPDF/controller/api/SplitPdfBySizeController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/SplitPdfBySizeController.java
@@ -10,6 +10,8 @@ import java.util.zip.ZipOutputStream;
 import org.apache.pdfbox.Loader;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.PDPage;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -23,7 +25,6 @@ import io.github.pixee.security.Filenames;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.general.SplitPdfBySizeOrCountRequest;
 import stirling.software.SPDF.service.CustomPDDocumentFactory;
 import stirling.software.SPDF.utils.GeneralUtils;
@@ -31,10 +32,10 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/general")
@Slf4j
@Tag(name = "General", description = "General APIs")
 public class SplitPdfBySizeController {
    private static final Logger logger = LoggerFactory.getLogger(SplitPdfBySizeController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
@@ -77,7 +78,7 @@ public class SplitPdfBySizeController {
            }
        } catch (Exception e) {
-            log.error("exception", e);
+            logger.error("exception", e);
        } finally {
            data = Files.readAllBytes(zipFile);
            Files.deleteIfExists(zipFile);
--- a/src/main/java/stirling/software/SPDF/controller/api/ToSinglePageController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/ToSinglePageController.java
@@ -11,6 +11,8 @@ import org.apache.pdfbox.pdmodel.PDPage;
 import org.apache.pdfbox.pdmodel.PDPageContentStream;
 import org.apache.pdfbox.pdmodel.common.PDRectangle;
 import org.apache.pdfbox.pdmodel.graphics.form.PDFormXObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -30,6 +32,8 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@Tag(name = "General", description = "General APIs")
 public class ToSinglePageController {
    private static final Logger logger = LoggerFactory.getLogger(ToSinglePageController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
--- a/src/main/java/stirling/software/SPDF/controller/api/UserController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/UserController.java
@@ -244,8 +244,8 @@ public class UserController {
            return new RedirectView("/addUsers?messageType=invalidRole", true);
        }
-        if (authType.equalsIgnoreCase(AuthenticationType.SSO.toString())) {
+        if (authType.equalsIgnoreCase(AuthenticationType.OAUTH2.toString())) {
-            userService.saveUser(username, AuthenticationType.SSO, role);
+            userService.saveUser(username, AuthenticationType.OAUTH2, role);
        } else {
            if (password.isBlank()) {
                return new RedirectView("/addUsers?messageType=invalidPassword", true);
--- a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertImgPDFController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertImgPDFController.java
@@ -14,6 +14,8 @@ import java.util.zip.ZipOutputStream;
 import org.apache.commons.io.FileUtils;
 import org.apache.pdfbox.rendering.ImageType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -27,7 +29,6 @@ import io.github.pixee.security.Filenames;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.converters.ConvertToImageRequest;
 import stirling.software.SPDF.model.api.converters.ConvertToPdfRequest;
 import stirling.software.SPDF.service.CustomPDDocumentFactory;
@@ -39,10 +40,11 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/convert")
@Slf4j
@Tag(name = "Convert", description = "Convert APIs")
 public class ConvertImgPDFController {
    private static final Logger logger = LoggerFactory.getLogger(ConvertImgPDFController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
@@ -63,137 +65,112 @@ public class ConvertImgPDFController {
        String colorType = request.getColorType();
        String dpi = request.getDpi();
-        Path tempFile = null;
+        byte[] pdfBytes = file.getBytes();
-        Path tempOutputDir = null;
+        ImageType colorTypeResult = ImageType.RGB;
-        Path tempPdfPath = null;
+        if ("greyscale".equals(colorType)) {
            colorTypeResult = ImageType.GRAY;
        } else if ("blackwhite".equals(colorType)) {
            colorTypeResult = ImageType.BINARY;
        }
        // returns bytes for image
        boolean singleImage = "single".equals(singleOrMultiple);
        byte[] result = null;
        String filename =
                Filenames.toSimpleFileName(file.getOriginalFilename())
                        .replaceFirst("[.][^.]+$", "");
-        try {
+        result =
-            byte[] pdfBytes = file.getBytes();
+                PdfUtils.convertFromPdf(
-            ImageType colorTypeResult = ImageType.RGB;
+                        pdfBytes,
-            if ("greyscale".equals(colorType)) {
+                        "webp".equalsIgnoreCase(imageFormat) ? "png" : imageFormat.toUpperCase(),
-                colorTypeResult = ImageType.GRAY;
+                        colorTypeResult,
-            } else if ("blackwhite".equals(colorType)) {
+                        singleImage,
-                colorTypeResult = ImageType.BINARY;
+                        Integer.valueOf(dpi),
-            }
+                        filename);
-            // returns bytes for image
+        if (result == null || result.length == 0) {
-            boolean singleImage = "single".equals(singleOrMultiple);
+            logger.error("resultant bytes for {} is null, error converting ", filename);
-            String filename =
+        }
-                    Filenames.toSimpleFileName(file.getOriginalFilename())
+        if ("webp".equalsIgnoreCase(imageFormat) && !CheckProgramInstall.isPythonAvailable()) {
-                            .replaceFirst("[.][^.]+$", "");
+            throw new IOException("Python is not installed. Required for WebP conversion.");
-
+        } else if ("webp".equalsIgnoreCase(imageFormat)
-            result =
+                && CheckProgramInstall.isPythonAvailable()) {
-                    PdfUtils.convertFromPdf(
+            // Write the output stream to a temp file
-                            pdfBytes,
+            Path tempFile = Files.createTempFile("temp_png", ".png");
-                            "webp".equalsIgnoreCase(imageFormat)
+            try (FileOutputStream fos = new FileOutputStream(tempFile.toFile())) {
-                                    ? "png"
+                fos.write(result);
-                                    : imageFormat.toUpperCase(),
+                fos.flush();
                            colorTypeResult,
                            singleImage,
                            Integer.valueOf(dpi),
                            filename);
            if (result == null || result.length == 0) {
                log.error("resultant bytes for {} is null, error converting ", filename);
            }
            if ("webp".equalsIgnoreCase(imageFormat) && !CheckProgramInstall.isPythonAvailable()) {
                throw new IOException("Python is not installed. Required for WebP conversion.");
            } else if ("webp".equalsIgnoreCase(imageFormat)
                    && CheckProgramInstall.isPythonAvailable()) {
                // Write the output stream to a temp file
                tempFile = Files.createTempFile("temp_png", ".png");
                try (FileOutputStream fos = new FileOutputStream(tempFile.toFile())) {
                    fos.write(result);
                    fos.flush();
                }
                String pythonVersion = CheckProgramInstall.getAvailablePythonCommand();
                List<String> command = new ArrayList<>();
                command.add(pythonVersion);
                command.add("./scripts/png_to_webp.py"); // Python script to handle the conversion
                // Create a temporary directory for the output WebP files
                tempOutputDir = Files.createTempDirectory("webp_output");
                if (singleImage) {
                    // Run the Python script to convert PNG to WebP
                    command.add(tempFile.toString());
                    command.add(tempOutputDir.toString());
                    command.add("--single");
                } else {
                    // Save the uploaded PDF to a temporary file
                    tempPdfPath = Files.createTempFile("temp_pdf", ".pdf");
                    file.transferTo(tempPdfPath.toFile());
                    // Run the Python script to convert PDF to WebP
                    command.add(tempPdfPath.toString());
                    command.add(tempOutputDir.toString());
                }
                command.add("--dpi");
                command.add(dpi);
                ProcessExecutorResult resultProcess =
                        ProcessExecutor.getInstance(ProcessExecutor.Processes.PYTHON_OPENCV)
                                .runCommandWithOutputHandling(command);
                // Find all WebP files in the output directory
                List<Path> webpFiles =
                        Files.walk(tempOutputDir)
                                .filter(path -> path.toString().endsWith(".webp"))
                                .collect(Collectors.toList());
                if (webpFiles.isEmpty()) {
                    log.error("No WebP files were created in: {}", tempOutputDir.toString());
                    throw new IOException(
                            "No WebP files were created. " + resultProcess.getMessages());
                }
                byte[] bodyBytes = new byte[0];
                if (webpFiles.size() == 1) {
                    // Return the single WebP file directly
                    Path webpFilePath = webpFiles.get(0);
                    bodyBytes = Files.readAllBytes(webpFilePath);
                } else {
                    // Create a ZIP file containing all WebP images
                    ByteArrayOutputStream zipOutputStream = new ByteArrayOutputStream();
                    try (ZipOutputStream zos = new ZipOutputStream(zipOutputStream)) {
                        for (Path webpFile : webpFiles) {
                            zos.putNextEntry(new ZipEntry(webpFile.getFileName().toString()));
                            Files.copy(webpFile, zos);
                            zos.closeEntry();
                        }
                    }
                    bodyBytes = zipOutputStream.toByteArray();
                }
                // Clean up the temporary files
                Files.deleteIfExists(tempFile);
                if (tempOutputDir != null) FileUtils.deleteDirectory(tempOutputDir.toFile());
                result = bodyBytes;
            }
            String pythonVersion = CheckProgramInstall.getAvailablePythonCommand();
            List<String> command = new ArrayList<>();
            command.add(pythonVersion);
            command.add("./scripts/png_to_webp.py"); // Python script to handle the conversion
            // Create a temporary directory for the output WebP files
            Path tempOutputDir = Files.createTempDirectory("webp_output");
            if (singleImage) {
-                String docName = filename + "." + imageFormat;
+                // Run the Python script to convert PNG to WebP
-                MediaType mediaType = MediaType.parseMediaType(getMediaType(imageFormat));
+                command.add(tempFile.toString());
-                return WebResponseUtils.bytesToWebResponse(result, docName, mediaType);
+                command.add(tempOutputDir.toString());
                command.add("--single");
            } else {
-                String zipFilename = filename + "_convertedToImages.zip";
+                // Save the uploaded PDF to a temporary file
-                return WebResponseUtils.bytesToWebResponse(
+                Path tempPdfPath = Files.createTempFile("temp_pdf", ".pdf");
-                        result, zipFilename, MediaType.APPLICATION_OCTET_STREAM);
+                file.transferTo(tempPdfPath.toFile());
                // Run the Python script to convert PDF to WebP
                command.add(tempPdfPath.toString());
                command.add(tempOutputDir.toString());
            }
            command.add("--dpi");
            command.add(dpi);
            ProcessExecutorResult resultProcess =
                    ProcessExecutor.getInstance(ProcessExecutor.Processes.PYTHON_OPENCV)
                            .runCommandWithOutputHandling(command);
            // Find all WebP files in the output directory
            List<Path> webpFiles =
                    Files.walk(tempOutputDir)
                            .filter(path -> path.toString().endsWith(".webp"))
                            .collect(Collectors.toList());
            if (webpFiles.isEmpty()) {
                logger.error("No WebP files were created in: {}", tempOutputDir.toString());
                throw new IOException("No WebP files were created. " + resultProcess.getMessages());
            }
-        } finally {
+            byte[] bodyBytes = new byte[0];
-            try {
+
-                // Clean up temporary files
+            if (webpFiles.size() == 1) {
-                if (tempFile != null) {
+                // Return the single WebP file directly
-                    Files.deleteIfExists(tempFile);
+                Path webpFilePath = webpFiles.get(0);
                bodyBytes = Files.readAllBytes(webpFilePath);
            } else {
                // Create a ZIP file containing all WebP images
                ByteArrayOutputStream zipOutputStream = new ByteArrayOutputStream();
                try (ZipOutputStream zos = new ZipOutputStream(zipOutputStream)) {
                    for (Path webpFile : webpFiles) {
                        zos.putNextEntry(new ZipEntry(webpFile.getFileName().toString()));
                        Files.copy(webpFile, zos);
                        zos.closeEntry();
                    }
                }
-                if (tempPdfPath != null) {
+                bodyBytes = zipOutputStream.toByteArray();
                    Files.deleteIfExists(tempPdfPath);
                }
                if (tempOutputDir != null) {
                    FileUtils.deleteDirectory(tempOutputDir.toFile());
                }
            } catch (Exception e) {
                log.error("Error cleaning up temporary files", e);
            }
            // Clean up the temporary files
            Files.deleteIfExists(tempFile);
            if (tempOutputDir != null) FileUtils.deleteDirectory(tempOutputDir.toFile());
            result = bodyBytes;
        }
        if (singleImage) {
            String docName = filename + "." + imageFormat;
            MediaType mediaType = MediaType.parseMediaType(getMediaType(imageFormat));
            return WebResponseUtils.bytesToWebResponse(result, docName, mediaType);
        } else {
            String zipFilename = filename + "_convertedToImages.zip";
            return WebResponseUtils.bytesToWebResponse(
                    result, zipFilename, MediaType.APPLICATION_OCTET_STREAM);
        }
    }
@@ -208,13 +185,7 @@ public class ConvertImgPDFController {
        String fitOption = request.getFitOption();
        String colorType = request.getColorType();
        boolean autoRotate = request.isAutoRotate();
-        // Handle Null entries for formdata
+
        if (colorType == null || colorType.isBlank()) {
            colorType = "color";
        }
        if (fitOption == null || fitOption.isEmpty()) {
            fitOption = "fillPage";
        }
        // Convert the file to PDF and get the resulting bytes
        byte[] bytes =
                PdfUtils.imageToPdf(file, fitOption, autoRotate, colorType, pdfDocumentFactory);
--- a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertPDFToPDFA.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertPDFToPDFA.java
@@ -8,6 +8,8 @@ import java.util.Arrays;
 import java.util.List;
 import org.apache.commons.io.FileUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -20,7 +22,6 @@ import io.github.pixee.security.Filenames;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.converters.PdfToPdfARequest;
 import stirling.software.SPDF.utils.ProcessExecutor;
 import stirling.software.SPDF.utils.ProcessExecutor.ProcessExecutorResult;
@@ -28,10 +29,11 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/convert")
@Slf4j
@Tag(name = "Convert", description = "Convert APIs")
 public class ConvertPDFToPDFA {
    private static final Logger logger = LoggerFactory.getLogger(ConvertPDFToPDFA.class);
    @PostMapping(consumes = "multipart/form-data", value = "/pdf/pdfa")
    @Operation(
            summary = "Convert a PDF to a PDF/A",
@@ -44,7 +46,7 @@ public class ConvertPDFToPDFA {
        // Validate input file type
        if (!"application/pdf".equals(inputFile.getContentType())) {
-            log.error("Invalid input file type: {}", inputFile.getContentType());
+            logger.error("Invalid input file type: {}", inputFile.getContentType());
            throw new IllegalArgumentException("Input file must be a PDF");
        }
@@ -94,7 +96,7 @@ public class ConvertPDFToPDFA {
                            .runCommandWithOutputHandling(command);
            if (returnCode.getRc() != 0) {
-                log.error("PDF/A conversion failed with return code: {}", returnCode.getRc());
+                logger.error("PDF/A conversion failed with return code: {}", returnCode.getRc());
                throw new RuntimeException("PDF/A conversion failed");
            }
--- a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertWebsiteToPDF.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertWebsiteToPDF.java
@@ -7,6 +7,8 @@ import java.util.ArrayList;
 import java.util.List;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -17,7 +19,6 @@ import org.springframework.web.bind.annotation.RestController;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.converters.UrlToPdfRequest;
 import stirling.software.SPDF.service.CustomPDDocumentFactory;
 import stirling.software.SPDF.utils.GeneralUtils;
@@ -27,10 +28,11 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@Tag(name = "Convert", description = "Convert APIs")
@Slf4j
@RequestMapping("/api/v1/convert")
 public class ConvertWebsiteToPDF {
    private static final Logger logger = LoggerFactory.getLogger(ConvertWebsiteToPDF.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
@@ -86,7 +88,7 @@ public class ConvertWebsiteToPDF {
                try {
                    Files.deleteIfExists(tempOutputFile);
                } catch (IOException e) {
-                    log.error("Error deleting temporary output file", e);
+                    logger.error("Error deleting temporary output file", e);
                }
            }
        }
--- a/src/main/java/stirling/software/SPDF/controller/api/converters/ExtractCSVController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/converters/ExtractCSVController.java
@@ -7,6 +7,8 @@ import org.apache.commons.csv.CSVFormat;
 import org.apache.commons.csv.QuoteMode;
 import org.apache.pdfbox.Loader;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.ContentDisposition;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
@@ -32,6 +34,8 @@ import technology.tabula.writers.Writer;
@Tag(name = "Convert", description = "Convert APIs")
 public class ExtractCSVController {
    private static final Logger logger = LoggerFactory.getLogger(ExtractCSVController.class);
    @PostMapping(value = "/pdf/csv", consumes = "multipart/form-data")
    @Operation(
            summary = "Extracts a CSV document from a PDF",
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/AutoRenameController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/AutoRenameController.java
@@ -9,6 +9,8 @@ import org.apache.pdfbox.Loader;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.text.PDFTextStripper;
 import org.apache.pdfbox.text.TextPosition;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -20,16 +22,16 @@ import io.github.pixee.security.Filenames;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.misc.ExtractHeaderRequest;
 import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/misc")
@Slf4j
@Tag(name = "Misc", description = "Miscellaneous APIs")
 public class AutoRenameController {
    private static final Logger logger = LoggerFactory.getLogger(AutoRenameController.class);
    private static final float TITLE_FONT_SIZE_THRESHOLD = 20.0f;
    private static final int LINE_LIMIT = 200;
@@ -131,7 +133,7 @@ public class AutoRenameController {
            header = header.replaceAll("[/\\\\?%*:|\"<>]", "").trim();
            return WebResponseUtils.pdfDocToWebResponse(document, header + ".pdf");
        } else {
-            log.info("File has no good title to be found");
+            logger.info("File has no good title to be found");
            return WebResponseUtils.pdfDocToWebResponse(
                    document, Filenames.toSimpleFileName(file.getOriginalFilename()));
        }
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/AutoSplitPdfController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/AutoSplitPdfController.java
@@ -14,6 +14,8 @@ import java.util.zip.ZipOutputStream;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.rendering.PDFRenderer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -35,17 +37,16 @@ import io.github.pixee.security.Filenames;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.misc.AutoSplitPdfRequest;
 import stirling.software.SPDF.service.CustomPDDocumentFactory;
 import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/misc")
@Slf4j
@Tag(name = "Misc", description = "Miscellaneous APIs")
 public class AutoSplitPdfController {
    private static final Logger logger = LoggerFactory.getLogger(AutoSplitPdfController.class);
    private static final String QR_CONTENT = "https://github.com/Stirling-Tools/Stirling-PDF";
    private static final String QR_CONTENT_OLD = "https://github.com/Frooodle/Stirling-PDF";
@@ -133,7 +134,7 @@ public class AutoSplitPdfController {
                try {
                    document.close();
                } catch (IOException e) {
-                    log.error("Error closing main PDDocument", e);
+                    logger.error("Error closing main PDDocument", e);
                }
            }
@@ -141,7 +142,7 @@ public class AutoSplitPdfController {
                try {
                    splitDoc.close();
                } catch (IOException e) {
-                    log.error("Error closing split PDDocument", e);
+                    logger.error("Error closing split PDDocument", e);
                }
            }
@@ -149,7 +150,7 @@ public class AutoSplitPdfController {
                try {
                    Files.deleteIfExists(zipFile);
                } catch (IOException e) {
-                    log.error("Error deleting temporary zip file", e);
+                    logger.error("Error deleting temporary zip file", e);
                }
            }
        }
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/BlankPageController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/BlankPageController.java
@@ -14,6 +14,8 @@ import org.apache.pdfbox.pdmodel.PDPage;
 import org.apache.pdfbox.pdmodel.PDPageTree;
 import org.apache.pdfbox.rendering.PDFRenderer;
 import org.apache.pdfbox.text.PDFTextStripper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
@@ -28,7 +30,6 @@ import io.github.pixee.security.Filenames;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.misc.RemoveBlankPagesRequest;
 import stirling.software.SPDF.service.CustomPDDocumentFactory;
 import stirling.software.SPDF.utils.PdfUtils;
@@ -36,10 +37,11 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/misc")
@Slf4j
@Tag(name = "Misc", description = "Miscellaneous APIs")
 public class BlankPageController {
    private static final Logger logger = LoggerFactory.getLogger(BlankPageController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
@@ -69,7 +71,7 @@ public class BlankPageController {
            PDFRenderer pdfRenderer = new PDFRenderer(document);
            pdfRenderer.setSubsamplingAllowed(true);
            for (PDPage page : pages) {
-                log.info("checking page {}", pageIndex);
+                logger.info("checking page {}", pageIndex);
                textStripper.setStartPage(pageIndex + 1);
                textStripper.setEndPage(pageIndex + 1);
                String pageText = textStripper.getText(document);
@@ -77,12 +79,12 @@ public class BlankPageController {
                boolean blank = true;
                if (hasText) {
-                    log.info("page {} has text, not blank", pageIndex);
+                    logger.info("page {} has text, not blank", pageIndex);
                    blank = false;
                } else {
                    boolean hasImages = PdfUtils.hasImagesOnPage(page);
                    if (hasImages) {
-                        log.info("page {} has image, running blank detection", pageIndex);
+                        logger.info("page {} has image, running blank detection", pageIndex);
                        // Render image and save as temp file
                        BufferedImage image = pdfRenderer.renderImageWithDPI(pageIndex, 30);
                        blank = isBlankImage(image, threshold, whitePercent, threshold);
@@ -90,10 +92,10 @@ public class BlankPageController {
                }
                if (blank) {
-                    log.info("Skipping, Image was  blank for page #{}", pageIndex);
+                    logger.info("Skipping, Image was  blank for page #{}", pageIndex);
                    blankPages.add(page);
                } else {
-                    log.info("page {} has image which is not blank", pageIndex);
+                    logger.info("page {} has image which is not blank", pageIndex);
                    nonBlankPages.add(page);
                }
@@ -119,12 +121,12 @@ public class BlankPageController {
            zos.close();
-            log.info("Returning ZIP file: {}", filename + "_processed.zip");
+            logger.info("Returning ZIP file: {}", filename + "_processed.zip");
            return WebResponseUtils.boasToWebResponse(
                    baos, filename + "_processed.zip", MediaType.APPLICATION_OCTET_STREAM);
        } catch (IOException e) {
-            log.error("exception", e);
+            logger.error("exception", e);
            return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
        }
    }
@@ -147,7 +149,7 @@ public class BlankPageController {
    public static boolean isBlankImage(
            BufferedImage image, int threshold, double whitePercent, int blurSize) {
        if (image == null) {
-            log.info("Error: Image is null");
+            logger.info("Error: Image is null");
            return false;
        }
@@ -165,7 +167,7 @@ public class BlankPageController {
        }
        double whitePixelPercentage = (whitePixels / (double) totalPixels) * 100;
-        log.info(String.format("Page has white pixel percent of %.2f%%", whitePixelPercentage));
+        logger.info(String.format("Page has white pixel percent of %.2f%%", whitePixelPercentage));
        return whitePixelPercentage >= whitePercent;
    }
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/CompressController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/CompressController.java
@@ -17,6 +17,8 @@ import org.apache.pdfbox.pdmodel.PDPage;
 import org.apache.pdfbox.pdmodel.PDResources;
 import org.apache.pdfbox.pdmodel.graphics.PDXObject;
 import org.apache.pdfbox.pdmodel.graphics.image.PDImageXObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -29,7 +31,6 @@ import io.github.pixee.security.Filenames;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.misc.OptimizePdfRequest;
 import stirling.software.SPDF.service.CustomPDDocumentFactory;
 import stirling.software.SPDF.utils.GeneralUtils;
@@ -39,10 +40,11 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/misc")
@Slf4j
@Tag(name = "Misc", description = "Miscellaneous APIs")
 public class CompressController {
    private static final Logger logger = LoggerFactory.getLogger(CompressController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
@@ -189,7 +191,7 @@ public class CompressController {
                            incrementOptimizeLevel(
                                    optimizeLevel, outputFileSize, expectedOutputSize);
                    if (autoMode && optimizeLevel > 9) {
-                        log.info("Maximum compression level reached in auto mode");
+                        logger.info("Maximum compression level reached in auto mode");
                        sizeMet = true;
                    }
                }
@@ -201,7 +203,7 @@ public class CompressController {
            // Check if optimized file is larger than the original
            if (pdfBytes.length > inputFileSize) {
-                log.warn(
+                logger.warn(
                        "Optimized file is larger than the original. Returning the original file instead.");
                finalFile = tempInputFile;
            }
@@ -232,7 +234,7 @@ public class CompressController {
    private int incrementOptimizeLevel(int currentLevel, long currentSize, long targetSize) {
        double currentRatio = currentSize / (double) targetSize;
-        log.info("Current compression ratio: {}", String.format("%.2f", currentRatio));
+        logger.info("Current compression ratio: {}", String.format("%.2f", currentRatio));
        if (currentRatio > 2.0) {
            return Math.min(9, currentLevel + 3);
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/ExtractImageScansController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/ExtractImageScansController.java
@@ -17,6 +17,8 @@ import org.apache.commons.io.FileUtils;
 import org.apache.pdfbox.Loader;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.rendering.PDFRenderer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -29,7 +31,6 @@ import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.parameters.RequestBody;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.misc.ExtractImageScansRequest;
 import stirling.software.SPDF.utils.CheckProgramInstall;
 import stirling.software.SPDF.utils.ProcessExecutor;
@@ -38,10 +39,11 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/misc")
@Slf4j
@Tag(name = "Misc", description = "Miscellaneous APIs")
 public class ExtractImageScansController {
    private static final Logger logger = LoggerFactory.getLogger(ExtractImageScansController.class);
    @PostMapping(consumes = "multipart/form-data", value = "/extract-image-scans")
    @Operation(
            summary = "Extract image scans from an input file",
@@ -199,7 +201,7 @@ public class ExtractImageScansController {
                        try {
                            Files.deleteIfExists(path);
                        } catch (IOException e) {
-                            log.error("Failed to delete temporary image file: " + path, e);
+                            logger.error("Failed to delete temporary image file: " + path, e);
                        }
                    });
@@ -207,7 +209,7 @@ public class ExtractImageScansController {
                try {
                    Files.deleteIfExists(tempZipFile);
                } catch (IOException e) {
-                    log.error("Failed to delete temporary zip file: " + tempZipFile, e);
+                    logger.error("Failed to delete temporary zip file: " + tempZipFile, e);
                }
            }
@@ -216,7 +218,7 @@ public class ExtractImageScansController {
                        try {
                            FileUtils.deleteDirectory(dir.toFile());
                        } catch (IOException e) {
-                            log.error("Failed to delete temporary directory: " + dir, e);
+                            logger.error("Failed to delete temporary directory: " + dir, e);
                        }
                    });
        }
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/ExtractImagesController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/ExtractImagesController.java
@@ -25,6 +25,8 @@ import org.apache.pdfbox.cos.COSName;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.PDPage;
 import org.apache.pdfbox.pdmodel.graphics.image.PDImageXObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -37,17 +39,17 @@ import io.github.pixee.security.Filenames;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.PDFExtractImagesRequest;
 import stirling.software.SPDF.utils.ImageProcessingUtils;
 import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/misc")
@Slf4j
@Tag(name = "Misc", description = "Miscellaneous APIs")
 public class ExtractImagesController {
    private static final Logger logger = LoggerFactory.getLogger(ExtractImagesController.class);
    @PostMapping(consumes = "multipart/form-data", value = "/extract-images")
    @Operation(
            summary = "Extract images from a PDF file",
@@ -105,7 +107,7 @@ public class ExtractImagesController {
                                                allowDuplicates);
                                    } catch (IOException e) {
                                        // Log the error and continue processing other pages
-                                        log.error(
+                                        logger.error(
                                                "Error extracting images from page {}: {}",
                                                pageNum,
                                                e.getMessage());
@@ -165,7 +167,7 @@ public class ExtractImagesController {
        try {
            md = MessageDigest.getInstance("MD5");
        } catch (NoSuchAlgorithmException e) {
-            log.error("MD5 algorithm not available for extractImages hash.", e);
+            logger.error("MD5 algorithm not available for extractImages hash.", e);
            return;
        }
        if (page.getResources() == null || page.getResources().getXObjectNames() == null) {
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/FakeScanControllerWIP.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/FakeScanControllerWIP.java
@@ -27,6 +27,8 @@ import org.apache.pdfbox.pdmodel.graphics.image.JPEGFactory;
 import org.apache.pdfbox.pdmodel.graphics.image.PDImageXObject;
 import org.apache.pdfbox.rendering.ImageType;
 import org.apache.pdfbox.rendering.PDFRenderer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -48,6 +50,8 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@Tag(name = "Misc", description = "Miscellaneous APIs")
 public class FakeScanControllerWIP {
    private static final Logger logger = LoggerFactory.getLogger(FakeScanControllerWIP.class);
    // TODO finish
    @PostMapping(consumes = "multipart/form-data", value = "/fake-scan")
    @Hidden
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/FlattenController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/FlattenController.java
@@ -12,6 +12,8 @@ import org.apache.pdfbox.pdmodel.graphics.image.PDImageXObject;
 import org.apache.pdfbox.pdmodel.interactive.form.PDAcroForm;
 import org.apache.pdfbox.rendering.ImageType;
 import org.apache.pdfbox.rendering.PDFRenderer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -24,17 +26,17 @@ import io.github.pixee.security.Filenames;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.misc.FlattenRequest;
 import stirling.software.SPDF.service.CustomPDDocumentFactory;
 import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/misc")
@Slf4j
@Tag(name = "Misc", description = "Miscellaneous APIs")
 public class FlattenController {
    private static final Logger logger = LoggerFactory.getLogger(FlattenController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
@@ -82,7 +84,7 @@ public class FlattenController {
                        contentStream.drawImage(pdImage, 0, 0, pageWidth, pageHeight);
                    }
                } catch (IOException e) {
-                    log.error("exception", e);
+                    logger.error("exception", e);
                }
            }
            return WebResponseUtils.pdfDocToWebResponse(
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/MetadataController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/MetadataController.java
@@ -11,9 +11,9 @@ import org.apache.pdfbox.Loader;
 import org.apache.pdfbox.cos.COSName;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.PDDocumentInformation;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -24,17 +24,16 @@ import io.github.pixee.security.Filenames;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.misc.MetadataRequest;
 import stirling.software.SPDF.utils.WebResponseUtils;
 import stirling.software.SPDF.utils.propertyeditor.StringToMapPropertyEditor;
@RestController
@RequestMapping("/api/v1/misc")
@Slf4j
@Tag(name = "Misc", description = "Miscellaneous APIs")
 public class MetadataController {
    private static final Logger logger = LoggerFactory.getLogger(MetadataController.class);
    private String checkUndefined(String entry) {
        // Check if the string is "undefined"
        if ("undefined".equals(entry)) {
@@ -45,11 +44,6 @@ public class MetadataController {
        return entry;
    }
    @InitBinder
    public void initBinder(WebDataBinder binder) {
        binder.registerCustomEditor(Map.class, "allRequestParams", new StringToMapPropertyEditor());
    }
    @PostMapping(consumes = "multipart/form-data", value = "/update-metadata")
    @Operation(
            summary = "Update metadata of a PDF file",
@@ -146,7 +140,7 @@ public class MetadataController {
                creationDateCal.setTime(
                        new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse(creationDate));
            } catch (ParseException e) {
-                log.error("exception", e);
+                logger.error("exception", e);
            }
            info.setCreationDate(creationDateCal);
        } else {
@@ -158,7 +152,7 @@ public class MetadataController {
                modificationDateCal.setTime(
                        new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse(modificationDate));
            } catch (ParseException e) {
-                log.error("exception", e);
+                logger.error("exception", e);
            }
            info.setModificationDate(modificationDateCal);
        } else {
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/OCRController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/OCRController.java
@@ -1,5 +1,7 @@
 package stirling.software.SPDF.controller.api.misc;
 import io.github.pixee.security.BoundedLineReader;
 import io.github.pixee.security.Filenames;
 import java.awt.image.BufferedImage;
 import java.io.BufferedReader;
 import java.io.File;
@@ -33,8 +35,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.multipart.MultipartFile;
 import io.github.pixee.security.BoundedLineReader;
 import io.github.pixee.security.Filenames;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
@@ -87,7 +87,7 @@ public class OCRController {
        Files.createDirectories(tempOutputDir);
        Files.createDirectories(tempImagesDir);
-        Process process = null;
+
        try {
            // Save input file
            inputFile.transferTo(tempInputFile.toFile());
@@ -139,7 +139,7 @@ public class OCRController {
                        command.add("pdf"); // Always output PDF
                        ProcessBuilder pb = new ProcessBuilder(command);
-                        process = pb.start();
+                        Process process = pb.start();
                        // Capture any error output
                        try (BufferedReader reader =
@@ -176,9 +176,7 @@ public class OCRController {
            // Read the final PDF file
            byte[] pdfContent = Files.readAllBytes(finalOutputFile);
            String outputFilename =
-                    Filenames.toSimpleFileName(inputFile.getOriginalFilename())
+                    Filenames.toSimpleFileName(inputFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_OCR.pdf";
                                    .replaceFirst("[.][^.]+$", "")
                            + "_OCR.pdf";
            return ResponseEntity.ok()
                    .header(
@@ -188,10 +186,6 @@ public class OCRController {
                    .body(pdfContent);
        } finally {
            if (process != null) {
                process.destroy();
            }
            // Clean up temporary files
            deleteDirectory(tempDir);
        }
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/OverlayImageController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/OverlayImageController.java
@@ -2,6 +2,8 @@ package stirling.software.SPDF.controller.api.misc;
 import java.io.IOException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -15,7 +17,6 @@ import io.github.pixee.security.Filenames;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.misc.OverlayImageRequest;
 import stirling.software.SPDF.service.CustomPDDocumentFactory;
 import stirling.software.SPDF.utils.PdfUtils;
@@ -23,10 +24,11 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/misc")
@Slf4j
@Tag(name = "Misc", description = "Miscellaneous APIs")
 public class OverlayImageController {
    private static final Logger logger = LoggerFactory.getLogger(OverlayImageController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
@@ -58,7 +60,7 @@ public class OverlayImageController {
                                    .replaceFirst("[.][^.]+$", "")
                            + "_overlayed.pdf");
        } catch (IOException e) {
-            log.error("Failed to add image to PDF", e);
+            logger.error("Failed to add image to PDF", e);
            return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
        }
    }
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/PageNumbersController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/PageNumbersController.java
@@ -10,6 +10,8 @@ import org.apache.pdfbox.pdmodel.PDPageContentStream;
 import org.apache.pdfbox.pdmodel.common.PDRectangle;
 import org.apache.pdfbox.pdmodel.font.PDType1Font;
 import org.apache.pdfbox.pdmodel.font.Standard14Fonts;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -33,6 +35,8 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@Tag(name = "Misc", description = "Miscellaneous APIs")
 public class PageNumbersController {
    private static final Logger logger = LoggerFactory.getLogger(PageNumbersController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/RepairController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/RepairController.java
@@ -6,6 +6,8 @@ import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.List;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -29,6 +31,8 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@Tag(name = "Misc", description = "Miscellaneous APIs")
 public class RepairController {
    private static final Logger logger = LoggerFactory.getLogger(RepairController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
@@ -46,6 +50,7 @@ public class RepairController {
        MultipartFile inputFile = request.getFileInput();
        // Save the uploaded file to a temporary location
        Path tempInputFile = Files.createTempFile("input_", ".pdf");
        Path tempOutputFile = Files.createTempFile("output_", ".pdf");
        byte[] pdfBytes = null;
        inputFile.transferTo(tempInputFile.toFile());
        try {
@@ -56,13 +61,14 @@ public class RepairController {
            command.add("--qdf"); // Linearizes and normalizes PDF structure
            command.add("--object-streams=disable"); // Can help with some corruptions
            command.add(tempInputFile.toString());
            command.add(tempOutputFile.toString());
            ProcessExecutorResult returnCode =
                    ProcessExecutor.getInstance(ProcessExecutor.Processes.QPDF)
                            .runCommandWithOutputHandling(command);
            // Read the optimized PDF file
-            pdfBytes = pdfDocumentFactory.loadToBytes(tempInputFile.toFile());
+            pdfBytes = pdfDocumentFactory.loadToBytes(tempOutputFile.toFile());
            // Return the optimized PDF as a response
            String outputFilename =
@@ -73,6 +79,7 @@ public class RepairController {
        } finally {
            // Clean up the temporary files
            Files.deleteIfExists(tempInputFile);
            Files.deleteIfExists(tempOutputFile);
        }
    }
 }
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/ShowJavascript.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/ShowJavascript.java
@@ -7,6 +7,8 @@ import org.apache.pdfbox.Loader;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.common.PDNameTreeNode;
 import org.apache.pdfbox.pdmodel.interactive.action.PDActionJavaScript;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -27,6 +29,8 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@Tag(name = "Misc", description = "Miscellaneous APIs")
 public class ShowJavascript {
    private static final Logger logger = LoggerFactory.getLogger(ShowJavascript.class);
    @PostMapping(consumes = "multipart/form-data", value = "/show-javascript")
    @Operation(
            summary = "Grabs all JS from a PDF and returns a single JS file with all code",
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java
@@ -229,22 +229,10 @@ public class StampController {
                    calculatePositionY(
                            pageSize, position, calculateTextCapHeight(font, fontSize), margin);
        }
        // Split the stampText into multiple lines
        String[] lines = stampText.split("\\\\n");
        // Calculate dynamic line height based on font ascent and descent
        float ascent = font.getFontDescriptor().getAscent();
        float descent = font.getFontDescriptor().getDescent();
        float lineHeight = ((ascent - descent) / 1000) * fontSize;
        contentStream.beginText();
-        for (int i = 0; i < lines.length; i++) {
+        contentStream.setTextMatrix(Matrix.getRotateInstance(Math.toRadians(rotation), x, y));
-            String line = lines[i];
+        contentStream.showText(stampText);
            // Set the text matrix for each line with rotation
            contentStream.setTextMatrix(
                    Matrix.getRotateInstance(Math.toRadians(rotation), x, y - (i * lineHeight)));
            contentStream.showText(line);
        }
        contentStream.endText();
    }
--- a/src/main/java/stirling/software/SPDF/controller/api/pipeline/ApiDocService.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/pipeline/ApiDocService.java
@@ -7,6 +7,8 @@ import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
@@ -19,17 +21,17 @@ import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import jakarta.servlet.ServletContext;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.SPdfApplication;
 import stirling.software.SPDF.model.ApiEndpoint;
 import stirling.software.SPDF.model.Role;
@Service
@Slf4j
 public class ApiDocService {
    private final Map<String, ApiEndpoint> apiDocumentation = new HashMap<>();
    private static final Logger logger = LoggerFactory.getLogger(ApiDocService.class);
    @Autowired private ServletContext servletContext;
    private String getApiDocsUrl() {
@@ -133,7 +135,7 @@ public class ApiDocService {
                            });
        } catch (Exception e) {
            // Handle exceptions
-            log.error("Error grabbing swagger doc, body result {}", apiDocsJson);
+            logger.error("Error grabbing swagger doc, body result {}", apiDocsJson);
        }
    }
--- a/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineController.java
@@ -8,6 +8,8 @@ import java.util.Map;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipOutputStream;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.io.Resource;
 import org.springframework.http.MediaType;
@@ -24,7 +26,6 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.ApplicationProperties;
 import stirling.software.SPDF.model.PipelineConfig;
 import stirling.software.SPDF.model.api.HandleDataRequest;
@@ -32,10 +33,11 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/pipeline")
@Slf4j
@Tag(name = "Pipeline", description = "Pipeline APIs")
 public class PipelineController {
    private static final Logger logger = LoggerFactory.getLogger(PipelineController.class);
    final String watchedFoldersDir = "./pipeline/watchedFolders/";
    final String finishedFoldersDir = "./pipeline/finishedFolders/";
    @Autowired PipelineProcessor processor;
@@ -54,7 +56,7 @@ public class PipelineController {
            return null;
        }
        PipelineConfig config = objectMapper.readValue(jsonString, PipelineConfig.class);
-        log.info("Received POST request to /handleData with {} files", files.length);
+        logger.info("Received POST request to /handleData with {} files", files.length);
        try {
            List<Resource> inputFiles = processor.generateInputFiles(files);
            if (inputFiles == null || inputFiles.size() == 0) {
@@ -69,7 +71,7 @@ public class PipelineController {
                is.read(bytes);
                is.close();
-                log.info("Returning single file response...");
+                logger.info("Returning single file response...");
                return WebResponseUtils.bytesToWebResponse(
                        bytes, singleFile.getFilename(), MediaType.APPLICATION_OCTET_STREAM);
            } else if (outputFiles == null) {
@@ -116,11 +118,11 @@ public class PipelineController {
            zipOut.close();
-            log.info("Returning zipped file response...");
+            logger.info("Returning zipped file response...");
            return WebResponseUtils.boasToWebResponse(
                    baos, "output.zip", MediaType.APPLICATION_OCTET_STREAM);
        } catch (Exception e) {
-            log.error("Error handling data: ", e);
+            logger.error("Error handling data: ", e);
            return null;
        }
    }
--- a/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineDirectoryProcessor.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineDirectoryProcessor.java
@@ -16,6 +16,8 @@ import java.util.List;
 import java.util.Optional;
 import java.util.stream.Stream;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.core.io.ByteArrayResource;
@@ -25,15 +27,14 @@ import org.springframework.stereotype.Service;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.PipelineConfig;
 import stirling.software.SPDF.model.PipelineOperation;
 import stirling.software.SPDF.utils.FileMonitor;
@Service
@Slf4j
 public class PipelineDirectoryProcessor {
    private static final Logger logger = LoggerFactory.getLogger(PipelineDirectoryProcessor.class);
    @Autowired private ObjectMapper objectMapper;
    @Autowired private ApiDocService apiDocService;
    @Autowired PipelineProcessor processor;
@@ -55,9 +56,9 @@ public class PipelineDirectoryProcessor {
        if (!Files.exists(watchedFolderPath)) {
            try {
                Files.createDirectories(watchedFolderPath);
-                log.info("Created directory: {}", watchedFolderPath);
+                logger.info("Created directory: {}", watchedFolderPath);
            } catch (IOException e) {
-                log.error("Error creating directory: {}", watchedFolderPath, e);
+                logger.error("Error creating directory: {}", watchedFolderPath, e);
                return;
            }
        }
@@ -70,21 +71,21 @@ public class PipelineDirectoryProcessor {
                                        handleDirectory(t);
                                    }
                                } catch (Exception e) {
-                                    log.error("Error handling directory: {}", t, e);
+                                    logger.error("Error handling directory: {}", t, e);
                                }
                            });
        } catch (Exception e) {
-            log.error("Error walking through directory: {}", watchedFolderPath, e);
+            logger.error("Error walking through directory: {}", watchedFolderPath, e);
        }
    }
    public void handleDirectory(Path dir) throws IOException {
-        log.info("Handling directory: {}", dir);
+        logger.info("Handling directory: {}", dir);
        Path processingDir = createProcessingDirectory(dir);
        Optional<Path> jsonFileOptional = findJsonFile(dir);
        if (!jsonFileOptional.isPresent()) {
-            log.warn("No .JSON settings file found. No processing will happen for dir {}.", dir);
+            logger.warn("No .JSON settings file found. No processing will happen for dir {}.", dir);
            return;
        }
@@ -97,7 +98,7 @@ public class PipelineDirectoryProcessor {
        Path processingDir = dir.resolve("processing");
        if (!Files.exists(processingDir)) {
            Files.createDirectory(processingDir);
-            log.info("Created processing directory: {}", processingDir);
+            logger.info("Created processing directory: {}", processingDir);
        }
        return processingDir;
    }
@@ -110,7 +111,7 @@ public class PipelineDirectoryProcessor {
    private PipelineConfig readAndParseJson(Path jsonFile) throws IOException {
        String jsonString = new String(Files.readAllBytes(jsonFile), StandardCharsets.UTF_8);
-        log.debug("Reading JSON file: {}", jsonFile);
+        logger.debug("Reading JSON file: {}", jsonFile);
        return objectMapper.readValue(jsonString, PipelineConfig.class);
    }
@@ -120,7 +121,7 @@ public class PipelineDirectoryProcessor {
            validateOperation(operation);
            File[] files = collectFilesForProcessing(dir, jsonFile, operation);
            if (files == null || files.length == 0) {
-                log.debug("No files detected for {} ", dir);
+                logger.debug("No files detected for {} ", dir);
                return;
            }
            List<File> filesToProcess = prepareFilesForProcessing(files, processingDir);
@@ -201,7 +202,7 @@ public class PipelineDirectoryProcessor {
            moveAndRenameFiles(outputFiles, config, dir);
            deleteOriginalFiles(filesToProcess, processingDir);
        } catch (Exception e) {
-            log.error("error during processing", e);
+            logger.error("error during processing", e);
            moveFilesBack(filesToProcess, processingDir);
        }
    }
@@ -214,7 +215,7 @@ public class PipelineDirectoryProcessor {
            if (!Files.exists(outputPath)) {
                Files.createDirectories(outputPath);
-                log.info("Created directory: {}", outputPath);
+                logger.info("Created directory: {}", outputPath);
            }
            Path outputFile = outputPath.resolve(outputFileName);
@@ -222,7 +223,7 @@ public class PipelineDirectoryProcessor {
                os.write(((ByteArrayResource) resource).getByteArray());
            }
-            log.info("File moved and renamed to {}", outputFile);
+            logger.info("File moved and renamed to {}", outputFile);
        }
    }
@@ -263,7 +264,7 @@ public class PipelineDirectoryProcessor {
            throws IOException {
        for (File file : filesToProcess) {
            Files.deleteIfExists(processingDir.resolve(file.getName()));
-            log.info("Deleted original file: {}", file.getName());
+            logger.info("Deleted original file: {}", file.getName());
        }
    }
@@ -271,12 +272,12 @@ public class PipelineDirectoryProcessor {
        for (File file : filesToProcess) {
            try {
                Files.move(processingDir.resolve(file.getName()), file.toPath());
-                log.info(
+                logger.info(
                        "Moved file back to original location: {} , {}",
                        file.toPath(),
                        file.getName());
            } catch (IOException e) {
-                log.error("Error moving file back to original location: {}", file.getName(), e);
+                logger.error("Error moving file back to original location: {}", file.getName(), e);
            }
        }
    }
--- a/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java
@@ -19,6 +19,8 @@ import java.util.stream.Collectors;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.io.ByteArrayResource;
 import org.springframework.core.io.Resource;
@@ -38,16 +40,16 @@ import io.github.pixee.security.Filenames;
 import io.github.pixee.security.ZipSecurity;
 import jakarta.servlet.ServletContext;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.SPdfApplication;
 import stirling.software.SPDF.model.PipelineConfig;
 import stirling.software.SPDF.model.PipelineOperation;
 import stirling.software.SPDF.model.Role;
@Service
@Slf4j
 public class PipelineProcessor {
    private static final Logger logger = LoggerFactory.getLogger(PipelineProcessor.class);
    @Autowired private ApiDocService apiDocService;
    @Autowired(required = false)
@@ -79,7 +81,7 @@ public class PipelineProcessor {
            String operation = pipelineOperation.getOperation();
            boolean isMultiInputOperation = apiDocService.isMultiInput(operation);
-            log.info(
+            logger.info(
                    "Running operation: {} isMultiInputOperation {}",
                    operation,
                    isMultiInputOperation);
@@ -122,7 +124,7 @@ public class PipelineProcessor {
                            if (operation.startsWith("filter-")
                                    && (response.getBody() == null
                                            || response.getBody().length == 0)) {
-                                log.info("Skipping file due to failing {}", operation);
+                                logger.info("Skipping file due to failing {}", operation);
                                continue;
                            }
@@ -206,7 +208,7 @@ public class PipelineProcessor {
            outputFiles = newOutputFiles;
        }
        if (hasErrors) {
-            log.error("Errors occurred during processing. Log: {}", logStream.toString());
+            logger.error("Errors occurred during processing. Log: {}", logStream.toString());
        }
        return outputFiles;
@@ -219,7 +221,7 @@ public class PipelineProcessor {
        HttpHeaders headers = new HttpHeaders();
        String apiKey = getApiKeyForUser();
-        headers.add("X-API-KEY", apiKey);
+        headers.add("X-API-Key", apiKey);
        headers.setContentType(MediaType.MULTIPART_FORM_DATA);
        // Create HttpEntity with the body and headers
@@ -308,7 +310,7 @@ public class PipelineProcessor {
    List<Resource> generateInputFiles(File[] files) throws Exception {
        if (files == null || files.length == 0) {
-            log.info("No files");
+            logger.info("No files");
            return null;
        }
@@ -316,7 +318,7 @@ public class PipelineProcessor {
        for (File file : files) {
            Path path = Paths.get(file.getAbsolutePath());
-            log.info("Reading file: " + path); // debug statement
+            logger.info("Reading file: " + path); // debug statement
            if (Files.exists(path)) {
                Resource fileResource =
@@ -328,16 +330,16 @@ public class PipelineProcessor {
                        };
                outputFiles.add(fileResource);
            } else {
-                log.info("File not found: " + path);
+                logger.info("File not found: " + path);
            }
        }
-        log.info("Files successfully loaded. Starting processing...");
+        logger.info("Files successfully loaded. Starting processing...");
        return outputFiles;
    }
    List<Resource> generateInputFiles(MultipartFile[] files) throws Exception {
        if (files == null || files.length == 0) {
-            log.info("No files");
+            logger.info("No files");
            return null;
        }
@@ -353,7 +355,7 @@ public class PipelineProcessor {
                    };
            outputFiles.add(fileResource);
        }
-        log.info("Files successfully loaded. Starting processing...");
+        logger.info("Files successfully loaded. Starting processing...");
        return outputFiles;
    }
@@ -367,7 +369,7 @@ public class PipelineProcessor {
    }
    private List<Resource> unzip(byte[] data) throws IOException {
-        log.info("Unzipping data of length: {}", data.length);
+        logger.info("Unzipping data of length: {}", data.length);
        List<Resource> unzippedFiles = new ArrayList<>();
        try (ByteArrayInputStream bais = new ByteArrayInputStream(data);
@@ -394,7 +396,7 @@ public class PipelineProcessor {
                // If the unzipped file is a zip file, unzip it
                if (isZip(baos.toByteArray())) {
-                    log.info("File {} is a zip file. Unzipping...", filename);
+                    logger.info("File {} is a zip file. Unzipping...", filename);
                    unzippedFiles.addAll(unzip(baos.toByteArray()));
                } else {
                    unzippedFiles.add(fileResource);
@@ -402,7 +404,7 @@ public class PipelineProcessor {
            }
        }
-        log.info("Unzipping completed. {} files were unzipped.", unzippedFiles.size());
+        logger.info("Unzipping completed. {} files were unzipped.", unzippedFiles.size());
        return unzippedFiles;
    }
 }
--- a/src/main/java/stirling/software/SPDF/controller/api/security/CertSignController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/security/CertSignController.java
@@ -63,6 +63,8 @@ import org.bouncycastle.operator.InputDecryptorProvider;
 import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
 import org.bouncycastle.pkcs.PKCSException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.http.ResponseEntity;
@@ -76,17 +78,17 @@ import io.github.pixee.security.Filenames;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.security.SignPDFWithCertRequest;
 import stirling.software.SPDF.service.CustomPDDocumentFactory;
 import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/security")
@Slf4j
@Tag(name = "Security", description = "Security APIs")
 public class CertSignController {
    private static final Logger logger = LoggerFactory.getLogger(CertSignController.class);
    static {
        Security.addProvider(new BouncyCastleProvider());
    }
@@ -106,7 +108,7 @@ public class CertSignController {
                logoFile = Files.createTempFile("signature", ".png").toFile();
                FileUtils.copyInputStreamToFile(is, logoFile);
            } catch (IOException e) {
-                log.error("Failed to load image signature file");
+                logger.error("Failed to load image signature file");
                throw e;
            }
        }
@@ -210,9 +212,7 @@ public class CertSignController {
    @Operation(
            summary = "Sign PDF with a Digital Certificate",
            description =
-                    "This endpoint accepts a PDF file, a digital certificate and related information to sign"
+                    "This endpoint accepts a PDF file, a digital certificate and related information to sign the PDF. It then returns the digitally signed PDF file. Input:PDF Output:PDF Type:SISO")
                            + " the PDF. It then returns the digitally signed PDF file. Input:PDF Output:PDF"
                            + " Type:SISO")
    public ResponseEntity<byte[]> signPDFWithCert(@ModelAttribute SignPDFWithCertRequest request)
            throws Exception {
        MultipartFile pdf = request.getFileInput();
@@ -308,7 +308,7 @@ public class CertSignController {
            }
            doc.saveIncremental(output);
        } catch (Exception e) {
-            log.error("exception", e);
+            logger.error("exception", e);
        }
    }
--- a/src/main/java/stirling/software/SPDF/controller/api/security/GetInfoOnPDF.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/security/GetInfoOnPDF.java
@@ -56,6 +56,8 @@ import org.apache.xmpbox.XMPMetadata;
 import org.apache.xmpbox.xml.DomXmpParser;
 import org.apache.xmpbox.xml.XmpParsingException;
 import org.apache.xmpbox.xml.XmpSerializer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -71,16 +73,16 @@ import com.fasterxml.jackson.databind.node.ObjectNode;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.api.PDFFile;
 import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/security")
@Slf4j
@Tag(name = "Security", description = "Security APIs")
 public class GetInfoOnPDF {
    private static final Logger logger = LoggerFactory.getLogger(GetInfoOnPDF.class);
    static ObjectMapper objectMapper = new ObjectMapper();
    @PostMapping(consumes = "multipart/form-data", value = "/get-info-on-pdf")
@@ -222,7 +224,7 @@ public class GetInfoOnPDF {
                            javascriptArray.add(jsNode);
                        }
                    } catch (IOException e) {
-                        log.error("exception", e);
+                        logger.error("exception", e);
                    }
                }
            }
@@ -255,7 +257,7 @@ public class GetInfoOnPDF {
                }
            } catch (Exception e) {
                // TODO Auto-generated catch block
-                log.error("exception", e);
+                logger.error("exception", e);
            }
            boolean isPdfACompliant = checkForStandard(pdfBoxDoc, "PDF/A");
@@ -307,7 +309,7 @@ public class GetInfoOnPDF {
                    new XmpSerializer().serialize(xmpMeta, os, true);
                    xmpString = new String(os.toByteArray(), StandardCharsets.UTF_8);
                } catch (XmpParsingException | IOException e) {
-                    log.error("exception", e);
+                    logger.error("exception", e);
                }
            }
@@ -320,14 +322,27 @@ public class GetInfoOnPDF {
                PDEncryption pdfEncryption = pdfBoxDoc.getEncryption();
                encryption.put("EncryptionAlgorithm", pdfEncryption.getFilter());
                encryption.put("KeyLength", pdfEncryption.getLength());
                AccessPermission ap = pdfBoxDoc.getCurrentAccessPermission();
                if (ap != null) {
                    ObjectNode permissionsNode = objectMapper.createObjectNode();
                    permissionsNode.put("CanAssembleDocument", ap.canAssembleDocument());
                    permissionsNode.put("CanExtractContent", ap.canExtractContent());
                    permissionsNode.put(
                            "CanExtractForAccessibility", ap.canExtractForAccessibility());
                    permissionsNode.put("CanFillInForm", ap.canFillInForm());
                    permissionsNode.put("CanModify", ap.canModify());
                    permissionsNode.put("CanModifyAnnotations", ap.canModifyAnnotations());
                    permissionsNode.put("CanPrint", ap.canPrint());
                    encryption.set(
                            "Permissions", permissionsNode); // set the node under "Permissions"
                }
                // Add other encryption-related properties as needed
            } else {
                encryption.put("IsEncrypted", false);
            }
            ObjectNode permissionsNode = objectMapper.createObjectNode();
            setNodePermissions(pdfBoxDoc, permissionsNode);
            ObjectNode pageInfoParent = objectMapper.createObjectNode();
            for (int pageNum = 0; pageNum < pdfBoxDoc.getNumberOfPages(); pageNum++) {
                ObjectNode pageInfo = objectMapper.createObjectNode();
@@ -569,7 +584,6 @@ public class GetInfoOnPDF {
            jsonOutput.set("DocumentInfo", docInfoNode);
            jsonOutput.set("Compliancy", compliancy);
            jsonOutput.set("Encryption", encryption);
            jsonOutput.set("Permissions", permissionsNode); // set the node under "Permissions"
            jsonOutput.set("Other", other);
            jsonOutput.set("PerPageInfo", pageInfoParent);
@@ -583,29 +597,11 @@ public class GetInfoOnPDF {
                    MediaType.APPLICATION_JSON);
        } catch (Exception e) {
-            log.error("exception", e);
+            logger.error("exception", e);
        }
        return null;
    }
    private void setNodePermissions(PDDocument pdfBoxDoc, ObjectNode permissionsNode) {
        AccessPermission ap = pdfBoxDoc.getCurrentAccessPermission();
        permissionsNode.put("Document Assembly", getPermissionState(ap.canAssembleDocument()));
        permissionsNode.put("Extracting Content", getPermissionState(ap.canExtractContent()));
        permissionsNode.put(
                "Extracting for accessibility",
                getPermissionState(ap.canExtractForAccessibility()));
        permissionsNode.put("Form Filling", getPermissionState(ap.canFillInForm()));
        permissionsNode.put("Modifying", getPermissionState(ap.canModify()));
        permissionsNode.put("Modifying annotations", getPermissionState(ap.canModifyAnnotations()));
        permissionsNode.put("Printing", getPermissionState(ap.canPrint()));
    }
    private String getPermissionState(boolean state) {
        return state ? "Allowed" : "Not Allowed";
    }
    private static void addOutlinesToArray(PDOutlineItem outline, ArrayNode arrayNode) {
        if (outline == null) return;
@@ -699,7 +695,7 @@ public class GetInfoOnPDF {
                Exception
                        e) { // Catching general exception for brevity, ideally you'd catch specific
            // exceptions.
-            log.error("exception", e);
+            logger.error("exception", e);
        }
        return false;
--- a/src/main/java/stirling/software/SPDF/controller/api/security/PasswordController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/security/PasswordController.java
@@ -5,6 +5,8 @@ import java.io.IOException;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.encryption.AccessPermission;
 import org.apache.pdfbox.pdmodel.encryption.StandardProtectionPolicy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -27,6 +29,8 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@Tag(name = "Security", description = "Security APIs")
 public class PasswordController {
    private static final Logger logger = LoggerFactory.getLogger(PasswordController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
@@ -38,8 +42,7 @@ public class PasswordController {
    @Operation(
            summary = "Remove password from a PDF file",
            description =
-                    "This endpoint removes the password from a protected PDF file. Users need to provide the"
+                    "This endpoint removes the password from a protected PDF file. Users need to provide the existing password. Input:PDF Output:PDF Type:SISO")
                            + " existing password. Input:PDF Output:PDF Type:SISO")
    public ResponseEntity<byte[]> removePassword(@ModelAttribute PDFPasswordRequest request)
            throws IOException {
        MultipartFile fileInput = request.getFileInput();
@@ -57,8 +60,7 @@ public class PasswordController {
    @Operation(
            summary = "Add password to a PDF file",
            description =
-                    "This endpoint adds password protection to a PDF file. Users can specify a set of"
+                    "This endpoint adds password protection to a PDF file. Users can specify a set of permissions that should be applied to the file. Input:PDF Output:PDF")
                            + " permissions that should be applied to the file. Input:PDF Output:PDF")
    public ResponseEntity<byte[]> addPassword(@ModelAttribute AddPasswordRequest request)
            throws IOException {
        MultipartFile fileInput = request.getFileInput();
--- a/src/main/java/stirling/software/SPDF/controller/api/security/RedactController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/security/RedactController.java
@@ -8,6 +8,8 @@ import java.util.List;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.PDPageContentStream;
 import org.apache.pdfbox.pdmodel.common.PDRectangle;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -20,7 +22,6 @@ import io.github.pixee.security.Filenames;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.PDFText;
 import stirling.software.SPDF.model.api.security.RedactPdfRequest;
 import stirling.software.SPDF.pdf.TextFinder;
@@ -30,10 +31,11 @@ import stirling.software.SPDF.utils.WebResponseUtils;
@RestController
@RequestMapping("/api/v1/security")
@Slf4j
@Tag(name = "Security", description = "Security APIs")
 public class RedactController {
    private static final Logger logger = LoggerFactory.getLogger(RedactController.class);
    private final CustomPDDocumentFactory pdfDocumentFactory;
    @Autowired
@@ -45,8 +47,7 @@ public class RedactController {
    @Operation(
            summary = "Redacts listOfText in a PDF document",
            description =
-                    "This operation takes an input PDF file and redacts the provided listOfText. Input:PDF,"
+                    "This operation takes an input PDF file and redacts the provided listOfText. Input:PDF, Output:PDF, Type:SISO")
                            + " Output:PDF, Type:SISO")
    public ResponseEntity<byte[]> redactPdf(@ModelAttribute RedactPdfRequest request)
            throws Exception {
        MultipartFile file = request.getFileInput();
@@ -67,7 +68,7 @@ public class RedactController {
            }
            redactColor = Color.decode(colorString);
        } catch (NumberFormatException e) {
-            log.warn("Invalid color string provided. Using default color BLACK for redaction.");
+            logger.warn("Invalid color string provided. Using default color BLACK for redaction.");
            redactColor = Color.BLACK;
        }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
pixeebot[bot]	5dc0a25b26	Sanitized user-provided file names in HTTP multipart uploads	2024-11-26 20:44:19 +00:00
pixeebot[bot]	128cdc90c0	Protect `readLine()` against DoS	2024-11-26 20:44:18 +00:00
pixeebot[bot]	5a67b0cfe7	Hardening suggestions for Stirling-PDF / ghostscript (#2339 ) * Protect `readLine()` against DoS * Sanitized user-provided file names in HTTP multipart uploads --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>	2024-11-26 20:44:07 +00:00
Anthony Stirling	d1acda6440	release bump	2024-11-26 20:38:23 +00:00
Anthony Stirling	5cf3798540	docs	2024-11-26 20:31:31 +00:00
Anthony Stirling	b27044016e	more	2024-11-26 20:30:35 +00:00
Anthony Stirling	4aec0bd679	more	2024-11-26 20:27:03 +00:00
Anthony Stirling	ab7610f72c	update docs	2024-11-26 20:24:46 +00:00
Anthony Stirling	748392cd29	formatting	2024-11-26 20:18:55 +00:00
Anthony Stirling	f0810f3952	cleanups	2024-11-26 20:15:13 +00:00
Anthony Stirling	298870ed7d	Merge remote-tracking branch 'origin/main' into ghostscript	2024-11-26 19:49:20 +00:00
Anthony Stirling	6ec2c34c2b	release notes and ghostscript removal	2024-11-26 19:48:42 +00:00
Anthony Stirling	73e64e5898	navbar fix multi tool and compress location	2024-11-25 21:33:23 +00:00
`@@ -1,2 +1,2 @@`
	`# All PRs to V1 must be approved by Frooodle`	`# All PRs to V1 must be approved by Frooodle`
	`* @Frooodle @reecebrowne @Ludy87 @DarioGii`	`* @Frooodle`