Hardening suggestions for Stirling-PDF / multipleFix (#1743 )

Sandboxed URL creation to prevent SSRF attacks Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
fix
2024-08-23 09:18:08 +01:00 · 2024-08-23 09:08:38 +01:00 · 2024-08-23 09:06:33 +01:00 · 2024-08-23 00:02:25 +01:00 · 2024-08-22 21:47:37 +01:00 · 2024-08-22 11:54:55 +01:00
791 changed files with 167670 additions and 6208 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -3,6 +3,8 @@
 # Ignore all JavaScript files in a directory
 src/main/resources/static/pdfjs/* linguist-vendored
 src/main/resources/static/pdfjs/** linguist-vendored
+src/main/resources/static/pdfjs-legacy/* linguist-vendored
+src/main/resources/static/pdfjs-legacy/** linguist-vendored
 src/main/resources/static/css/bootstrap-icons.css linguist-vendored
 src/main/resources/static/css/bootstrap.min.css linguist-vendored
 src/main/resources/static/css/fonts/* linguist-vendored
--- a/.github/ISSUE_TEMPLATE/1-bug.yml
+++ b/.github/ISSUE_TEMPLATE/1-bug.yml
@@ -0,0 +1,130 @@
+name: Bug Report
+description: File a bug report.
+title: "[Bug]: "
+body:
+  - type: markdown
+    attributes:
+      value: |
+        ## Bug Report
+
+        Thanks for taking the time to fill out this bug report!
+
+        This issue form is for reporting bugs only. Please fill out the following sections to help us understand the issue you are facing.
+
+  - type: dropdown
+    id: installation-method
+    attributes:
+      label: Installation Method
+      description: |
+        Indicate whether you are using Docker or a local installation.
+      options:
+        - Docker
+        - Docker ultra lite
+        - Docker fat
+        - Local Installation
+      validations:
+        required: true
+
+  - type: textarea
+    id: problem
+    validations:
+      required: true
+    attributes:
+      label: The Problem
+      description: |
+        Describe the issue you are experiencing here. Tell us what you were trying to do and what happened.
+
+        Provide a clear and concise description of what the problem is.
+      placeholder: Provide a detailed description of the issue.
+
+  - type: markdown
+    attributes:
+      value: |
+        ## Environment
+
+  - type: input
+    id: version
+    validations:
+      required: true
+    attributes:
+      label: Version of Stirling-PDF
+      placeholder: e.g., 0.0.2
+      description: What version of Stirling-PDF has the issue?
+
+  - type: input
+    id: last-working-version
+    attributes:
+      label: Last Working Version of Stirling-PDF
+      placeholder: e.g., 0.0.1
+      description: |
+        If known, please provide the last version where the issue did not occur. Otherwise, leave blank.
+
+  - type: input
+    id: url
+    attributes:
+      label: Page Where the Problem Occurred
+      placeholder: e.g., http://localhost:8080/pdf/pipeline
+      description: |
+        If applicable, provide the URL where the issue occurred. Otherwise, leave blank.
+
+  - type: textarea
+    id: docker
+    attributes:
+      label: Docker Configuration
+      description: |
+        Enter your Docker configuration here if it is relevant to the error. Remove any personal data. Otherwise, leave the field blank.
+      render: txt
+
+  - type: markdown
+    attributes:
+      value: |
+        ## Logs
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant Log Output
+      description: |
+        Provide any log output that might help us diagnose the issue, such as error messages or stack traces.
+      render: txt
+
+  - type: markdown
+    attributes:
+      value: |
+        ## Additional Information
+
+  - type: textarea
+    id: additional-info
+    attributes:
+      label: Additional Information
+      description: |
+        If you have any additional information that might help us understand and resolve the issue, provide it here.
+
+  - type: markdown
+    attributes:
+      value: |
+        ## Browser Information
+
+  - type: dropdown
+    id: browsers
+    attributes:
+      label: Browsers Affected
+      description: |
+        If applicable, select the browsers where you are experiencing the issue. Otherwise, leave blank.
+      multiple: true
+      options:
+        - Firefox
+        - Chrome
+        - Safari
+        - Microsoft Edge
+        - Other
+
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: No Duplicate of the Issue
+      description: |
+        Please confirm that you have searched for similar issues and none of them match your problem.
+      options:
+        - label: I have verified that there are no existing issues raised related to my problem.
+          required: true
--- a/.github/ISSUE_TEMPLATE/2-feature.yml
+++ b/.github/ISSUE_TEMPLATE/2-feature.yml
@@ -0,0 +1,78 @@
+name: Feature Request
+description: Submit a new feature request.
+title: "[Feature Request]: "
+labels:
+  - enhancement
+body:
+  - type: markdown
+    attributes:
+      value: |
+        ## Feature Request
+
+        Thank you for taking the time to suggest a new feature!
+
+        This form is for proposing features or enhancements. Please fill out the following sections to help us understand your idea or suggestion.
+
+  - type: textarea
+    id: feature-description
+    validations:
+      required: true
+    attributes:
+      label: Feature Description
+      description: |
+        Describe the feature you would like to see. Tell us what the feature should do and the problem it would solve.
+
+        Provide a clear and concise description of what you want to happen.
+      placeholder: Provide a detailed description of the desired feature.
+
+  - type: markdown
+    attributes:
+      value: |
+        ## Motivation
+
+  - type: textarea
+    id: motivation
+    attributes:
+      label: Why is this feature valuable?
+      description: |
+        Explain why this feature is valuable to you or others. How would it improve the tool or process?
+
+        Describe any relevant scenarios that would benefit from this feature.
+      placeholder: Describe why this feature is important.
+
+  - type: markdown
+    attributes:
+      value: |
+        ## Possible Implementation
+
+  - type: textarea
+    id: implementation
+    attributes:
+      label: Suggested Implementation
+      description: |
+        If you have ideas about how this feature could be implemented, describe them here.
+
+        This section is optional but can be helpful to guide initial discussions.
+      placeholder: Describe how this feature might be implemented.
+
+  - type: markdown
+    attributes:
+      value: |
+        ## Additional Information
+
+  - type: textarea
+    id: additional-info
+    attributes:
+      label: Additional Information
+      description: |
+        If you have any additional information, comments, or resources you think would support or be relevant to your feature request, include them here.
+
+  - type: checkboxes
+    id: search-confirmation
+    attributes:
+      label: No Duplicate of the Feature
+      description: |
+        Please confirm that you have searched for similar features in our repository and found none that match your request.
+      options:
+        - label: I have verified that there are no existing features requests similar to my request.
+          required: true
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,5 @@
+blank_issues_enabled: true
+contact_links:
+  - name: 💬 Discord Server
+    url: https://discord.gg/Cn8pWhQRxZ
+    about: You can join our Discord server for real time discussion and support
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -9,6 +9,8 @@ updates:
    directory: "/" # Location of package manifests
    schedule:
      interval: "weekly"
+    open-pull-requests-limit: 10
+    rebase-strategy: "auto"
  - package-ecosystem: "docker"
    directory: "/" # Location of Dockerfile
    schedule:
--- a/.github/labeler-config.yml
+++ b/.github/labeler-config.yml
@@ -0,0 +1,54 @@
+Translation:
+  - changed-files:
+    - any-glob-to-any-file: 'src/main/resources/messages_*_*.properties'
+    - any-glob-to-any-file: 'scripts/ignore_translation.toml'
+    - any-glob-to-any-file: 'src/main/resources/templates/fragments/languages.html'
+
+Front End:
+  - changed-files:
+    - any-glob-to-any-file: 'src/main/resources/templates/**/*'
+    - any-glob-to-any-file: 'src/main/resources/static/**/*'
+    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/controller/web/**'
+
+Java:
+  - changed-files:
+    - any-glob-to-any-file: 'src/main/java/**/*.java'
+
+Back End:
+  - changed-files:
+    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/config/security/**/*'
+    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/config/model/provider/**/*'
+    - any-glob-to-any-file: 'src/main/resources/settings.yml.template'
+    - any-glob-to-any-file: 'src/main/resources/banner.txt'
+
+Security:
+  - changed-files:
+    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/config/security/**/*'
+    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/config/model/provider/**/*'
+    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/config/model/AuthenticationType.java'
+
+API:
+  - changed-files:
+    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/controller/web/MetricsController.java'
+    - any-glob-to-any-file: 'src/main/java/stirling/software/SPDF/controller/api/**/*'
+
+Documentation:
+  - changed-files:
+    - any-glob-to-any-file: '**/*.md'
+    - any-glob-to-any-file: 'scripts/counter_translation.py'
+    - any-glob-to-any-file: 'scripts/ignore_translation.toml'
+
+Docker:
+  - changed-files:
+    - any-glob-to-any-file: 'Dockerfile'
+    - any-glob-to-any-file: 'Dockerfile-*'
+    - any-glob-to-any-file: 'exampleYmlFiles/*.yml'
+
+Test:
+  - changed-files:
+    - any-glob-to-any-file: 'cucumber/**/*'
+    - any-glob-to-any-file: 'src/test**/*'
+
+Github:
+  - changed-files:
+    - any-glob-to-any-file: '.github/**/*'
--- a/.github/labels.yml
+++ b/.github/labels.yml
@@ -0,0 +1,93 @@
+# Labels names are important as they are used by Release Drafter to decide
+# regarding where to record them in changelog or if to skip them.
+#
+# The repository labels will be automatically configured using this file and
+# the GitHub Action https://github.com/marketplace/actions/github-labeler.
+- name: "Back End"
+  color: "20CE6C"
+  description: "Issues related to back-end development"
+  from_name: "Back end"
+- name: "Bug"
+  description: "Something isn't working"
+  color: "EB9CA6"
+  from_name: "bug"
+- name: "dependencies"
+  description: "Pull requests that update a dependency file"
+  color: "5AA8FC"
+- name: "Docker"
+  description: "Pull requests that update Docker code"
+  color: "1FCEFF"
+  from_name: "docker"
+- name: "Documentation"
+  description: "Improvements or additions to documentation"
+  color: "35ABFF"
+  from_name: "documentation"
+- name: "Done for next release"
+  color: "0CDBD1"
+- name: "Done"
+  color: "60F13B"
+- name: "duplicate"
+  description: "This issue or pull request already exists"
+  color: "CDD1D5"
+- name: "enhancement"
+  description: "New feature or request"
+  color: "A0EEEE"
+- name: "fix needs confirmation"
+  color: "60A1E7"
+  description: "Fix needs to be confirmed"
+- name: "Front End"
+  color: "BBD2F1"
+  description: "Issues related to front-end development"
+- name: "github-actions"
+  description: "Pull requests that update GitHub Actions code"
+  color: "999999"
+  from_name: "github_actions"
+- name: "good first issue"
+  description: "Good for newcomers"
+  color: "C1B8FF"
+- name: "help wanted"
+  description: "Extra attention is needed"
+  color: "00E6C4"
+- name: "invalid"
+  description: "This doesn't seem right"
+  color: "E5E566"
+- name: "Java"
+  description: "Pull requests that update Java code"
+  color: "FF9E1F"
+  from_name: "java"
+- name: "Long-term Enhancement"
+  color: "BFDEC3"
+  description: "Enhancements planned for the long term"
+- name: "more-info-needed"
+  color: "00E4F8"
+  description: "More information is needed"
+- name: "needs investigation"
+  color: "B8C3A7"
+  description: "Issues that require further investigation"
+- name: "Prioritised enhancement"
+  color: "4BA2EE"
+  description: "High-priority enhancements"
+- name: "question"
+  description: "Further information is requested"
+  color: "D97EE5"
+- name: "Translation"
+  color: "9FABF9"
+  from_name: "translation"
+- name: "upstream"
+  color: "DEDEDE"
+- name: "v2"
+  color: "FFFF00"
+- name: "wontfix"
+  description: "This will not be worked on"
+  color: "FFFFFF"
+- name: "Security"
+  color: "000000"
+  description: "Security-related issues or pull requests"
+- name: "API"
+  color: "FFFF00"
+  description: "API-related issues or pull requests"
+- name: "Test"
+  color: "FF9E1F"
+  description: "Testing-related issues or pull requests"
+- name: "Stale"
+  color: "000000"
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -10,9 +10,3 @@ Closes #(issue_number)
 - [ ] I have performed a self-review of my own code
 - [ ] I have commented my code, particularly in hard-to-understand areas
 - [ ] My changes generate no new warnings
-
-## Contributor License Agreement
-
-By submitting this pull request, I acknowledge and agree that my contributions will be included in Stirling-PDF and that they can be relicensed in the future under the MPL 2.0 (Mozilla Public License Version 2.0) license.
-
-(This does not change the general open-source nature of Stirling-PDF, simply moving from one license to another license)
--- a/.github/release.yml
+++ b/.github/release.yml
@@ -0,0 +1,32 @@
+changelog:
+  exclude:
+    labels:
+      - Documentation
+      - Test
+      - Github
+
+  categories:
+    - title: Bug Fixes
+      labels:
+        - Bug
+    
+    - title: Enhancements
+      labels:
+        - enhancement
+
+    - title: Minor Enhancements
+      labels:
+        - Java
+        - Front End
+
+    - title: Docker Updates
+      labels:
+        - Docker
+
+    - title: Translation Changes
+      labels:
+        - Translation
+    
+    - title: Other Changes
+      labels:
+        - "*"
--- a/.github/scripts/check_tabulator.py
+++ b/.github/scripts/check_tabulator.py
@@ -1,4 +1,5 @@
 """check_tabulator.py"""
+
 import argparse
 import sys

--- a/.github/workflows/auto-labeler.yml
+++ b/.github/workflows/auto-labeler.yml
@@ -0,0 +1,20 @@
+name: "Pull Request Labeler"
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+
+jobs:
+  labeler:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Apply Labels
+        uses: actions/labeler@v5
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          configuration-path: .github/labeler-config.yml
+          sync-labels: true
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,4 +1,4 @@
-name: "Build repo"
+name: Build repo

 on:
  push:
@@ -17,20 +17,72 @@ jobs:

    strategy:
      fail-fast: false
+      matrix:
+        jdk-version: [17, 21]

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

-      - name: Set up JDK 17
+      - name: Set up JDK ${{ matrix.jdk-version }}
        uses: actions/setup-java@v4
        with:
-          java-version: "17"
+          java-version: ${{ matrix.jdk-version }}
          distribution: "temurin"

-      - uses: gradle/actions/setup-gradle@v3
+      - name: Set up Gradle
+        uses: gradle/actions/setup-gradle@v4
        with:
          gradle-version: 8.7

      - name: Build with Gradle
        run: ./gradlew build --no-build-cache
+
+  docker-compose-tests:
+    # if: github.event_name == 'push' && github.ref == 'refs/heads/main' ||
+    #     (github.event_name == 'pull_request' &&
+    #     contains(github.event.pull_request.labels.*.name, 'licenses') == false &&
+    #     (
+    #       contains(github.event.pull_request.labels.*.name, 'Front End') ||
+    #       contains(github.event.pull_request.labels.*.name, 'Java') ||
+    #       contains(github.event.pull_request.labels.*.name, 'Back End') ||
+    #       contains(github.event.pull_request.labels.*.name, 'Security') ||
+    #       contains(github.event.pull_request.labels.*.name, 'API') ||
+    #       contains(github.event.pull_request.labels.*.name, 'Docker') ||
+    #       contains(github.event.pull_request.labels.*.name, 'Test')
+    #     )
+    #     )
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Set up Java 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: "17"
+          distribution: "adopt"
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Install Docker Compose
+        run: |
+          sudo curl -SL "https://github.com/docker/compose/releases/download/v2.29.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+          sudo chmod +x /usr/local/bin/docker-compose
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.7"
+
+      - name: Pip requirements
+        run: |
+           pip install -r ./cucumber/requirements.txt
+
+      - name: Run Docker Compose Tests
+        run: |
+          chmod +x ./test.sh
+          ./test.sh
--- a/.github/workflows/licenses-update.yml
+++ b/.github/workflows/licenses-update.yml
@@ -25,7 +25,7 @@ jobs:
          java-version: "17"
          distribution: "adopt"

-      - uses: gradle/actions/setup-gradle@v3
+      - uses: gradle/actions/setup-gradle@v4

      - name: Run Gradle Command
        run: ./gradlew clean generateLicenseReport
@@ -45,6 +45,7 @@ jobs:
          git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV

      - name: Create Pull Request
+        id: cpr
        if: env.CHANGES_DETECTED == 'true'
        uses: peter-evans/create-pull-request@v6
        with:
@@ -57,6 +58,22 @@ jobs:
          title: "Update 3rd Party Licenses"
          body: |
            Auto-generated by [create-pull-request][1]
+
            [1]: https://github.com/peter-evans/create-pull-request
+          labels: licenses
          draft: false
          delete-branch: true
+
+      - name: Auto approve
+        if: steps.cpr.outputs.pull-request-operation == 'created'
+        run: gh pr review --approve "${{ steps.cpr.outputs.pull-request-number }}"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Enable auto-merge
+        if: steps.cpr.outputs.pull-request-operation == 'created'
+        uses: peter-evans/enable-pull-request-automerge@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
+          merge-method: squash  # Choose the merge method: merge, squash, or rebase
--- a/.github/workflows/manage-label.yml
+++ b/.github/workflows/manage-label.yml
@@ -0,0 +1,24 @@
+name: Manage labels
+
+on:
+  schedule:
+    - cron: "30 20 * * *"
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  labeler:
+    name: Labeler
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v4
+
+      - name: Run Labeler
+        uses: crazy-max/ghaction-github-labeler@v5
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          yaml-file: .github/labels.yml
+          skip-delete: true
--- a/.github/workflows/push-docker.yml
+++ b/.github/workflows/push-docker.yml
@@ -22,7 +22,7 @@ jobs:
          java-version: "17"
          distribution: "temurin"

-      - uses: gradle/actions/setup-gradle@v3
+      - uses: gradle/actions/setup-gradle@v4
        with:
          gradle-version: 8.7

@@ -72,7 +72,7 @@ jobs:
            type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/main' }}

      - name: Build and push main Dockerfile
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: .
@@ -98,7 +98,7 @@ jobs:
            type=raw,value=latest-ultra-lite,enable=${{ github.ref == 'refs/heads/master' }}

      - name: Build and push Dockerfile-ultra-lite
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        if: github.ref != 'refs/heads/main'
        with:
          context: .
@@ -110,3 +110,30 @@ jobs:
          labels: ${{ steps.meta2.outputs.labels }}
          build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }}
          platforms: linux/amd64,linux/arm64/v8
+
+      - name: Generate tags fat
+        id: meta3
+        uses: docker/metadata-action@v5
+        if: github.ref != 'refs/heads/main'
+        with:
+          images: |
+            ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf
+            ghcr.io/${{ steps.repoowner.outputs.lowercase }}/s-pdf
+          tags: |
+            type=raw,value=${{ steps.versionNumber.outputs.versionNumber }}-fat,enable=${{ github.ref == 'refs/heads/master' }}
+            type=raw,value=latest-fat,enable=${{ github.ref == 'refs/heads/master' }}
+
+      - name: Build and push main Dockerfile fat
+        uses: docker/build-push-action@v6
+        if: github.ref != 'refs/heads/main'
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: .
+          file: ./Dockerfile-fat
+          push: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: ${{ steps.meta3.outputs.tags }}
+          labels: ${{ steps.meta3.outputs.labels }}
+          build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }}
+          platforms: linux/amd64,linux/arm64/v8
--- a/.github/workflows/releaseArtifacts.yml
+++ b/.github/workflows/releaseArtifacts.yml
@@ -27,7 +27,7 @@ jobs:
          java-version: "17"
          distribution: "temurin"

-      - uses: gradle/actions/setup-gradle@v3
+      - uses: gradle/actions/setup-gradle@v4
        with:
          gradle-version: 8.7

--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -0,0 +1,32 @@
+name: Close stale issues
+
+on:
+  schedule:
+    - cron: "30 0 * * *"
+  workflow_dispatch:
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - name: 30 days stale issues
+        uses: actions/stale@v9
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          days-before-stale: 30
+          days-before-close: 7
+          stale-issue-message: >
+            This issue has been automatically marked as stale because it has had no recent activity.
+            It will be closed if no further activity occurs. Thank you for your contributions.
+          close-issue-message: >
+            This issue has been automatically closed because it has had no recent activity after being marked as stale.
+            Please reopen if you need further assistance.
+          stale-issue-label: "Stale"
+          remove-stale-when-updated: true
+          only-issue-labels: "more-info-needed"
+          days-before-pr-stale: -1 # Prevents PRs from being marked as stale
+          days-before-pr-close: -1 # Prevents PRs from being closed
+          start-date: '2024-07-06T00:00:00Z'  # ISO 8601 Format
--- a/.github/workflows/swagger.yml
+++ b/.github/workflows/swagger.yml
@@ -18,7 +18,7 @@ jobs:
          java-version: "17"
          distribution: "temurin"

-      - uses: gradle/actions/setup-gradle@v3
+      - uses: gradle/actions/setup-gradle@v4

      - name: Generate Swagger documentation
        run: ./gradlew generateOpenApiDocs
--- a/.github/workflows/sync_files.yml
+++ b/.github/workflows/sync_files.yml
@@ -7,7 +7,7 @@ on:
    paths:
      - "build.gradle"
      - "src/main/resources/messages_*.properties"
-      - "scripts/translation_status.toml"
+      - "scripts/ignore_translation.toml"

 permissions:
  contents: write
@@ -17,9 +17,9 @@ jobs:
  sync-versions:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@v4
      - name: Set up Python
-        uses: actions/setup-python@v5.1.0
+        uses: actions/setup-python@v5
        with:
          python-version: "3.x"
      - name: Install dependencies
@@ -36,7 +36,7 @@ jobs:
          git diff --staged --quiet || git commit -m ":floppy_disk: Sync Versions
          > Made via sync_files.yml" || echo "no changes"
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6.0.1
+        uses: peter-evans/create-pull-request@v6
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: Update files
@@ -51,12 +51,13 @@ jobs:
            [1]: https://github.com/peter-evans/create-pull-request
          draft: false
          delete-branch: true
+          labels: github-actions
  sync-readme:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@v4
      - name: Set up Python
-        uses: actions/setup-python@v5.1.0
+        uses: actions/setup-python@v5
        with:
          python-version: "3.x"
      - name: Install dependencies
@@ -73,7 +74,7 @@ jobs:
          git diff --staged --quiet || git commit -m ":memo: Sync README
          > Made via sync_files.yml" || echo "no changes"
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6.0.1
+        uses: peter-evans/create-pull-request@v6
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: Update files
@@ -88,3 +89,4 @@ jobs:
            [1]: https://github.com/peter-evans/create-pull-request
          draft: false
          delete-branch: true
+          labels: Documentation,Translation,github-actions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,47 +0,0 @@
-name: Docker Compose Tests
-
-on:
-  pull_request:
-    paths:
-      - "src/**"
-      - "**.gradle"
-      - "!src/main/java/resources/messages*"
-      - "exampleYmlFiles/**"
-      - "Dockerfile"
-      - "Dockerfile**"
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v4
-
-      - name: Set up Java 17
-        uses: actions/setup-java@v4
-        with:
-          java-version: "17"
-          distribution: "adopt"
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Install Docker Compose
-        run: |
-          sudo curl -SL "https://github.com/docker/compose/releases/download/v2.26.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-          # sudo chmod +x /usr/local/bin/docker-compose
-
-      - name: Set up Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: "3.7"
-          
-      - name: Pip requirements
-        run: |
-           pip install -r ./cucumber/requirements.txt
-              
-      - name: Run Docker Compose Tests
-        run: |
-          chmod +x ./test.sh
-          ./test.sh
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,3 @@
-
-
 ### Eclipse ###
 .metadata
 bin/
@@ -22,7 +20,6 @@ customFiles/
 configs/
 watchedFolders/

-
 # Gradle
 .gradle
 .lock
@@ -119,12 +116,48 @@ watchedFolders/
 *.db
 /build

-/.vscode
-/.idea
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*.pyo
+
+# Virtual environments
+.env*
+.venv*
+env*/
+venv*/
+ENV/
+env.bak/
+venv.bak/
+
+# VS Code
+/.vscode/**/*
+!/.vscode/settings.json
+
+# IntelliJ IDEA
+.idea/
+*.iml
+out/

 # Ignore Mac DS_Store files
 .DS_Store
 **/.DS_Store

-#cucumber
-/cucumber/reports/**
+# cucumber
+/cucumber/reports/**
+
+# Certs
+*.p12
+*.pem
+*.crt
+*.cer
+*.der
+*.key
+*.csr
+
+# cache
+.ruff_cache
+.mypy_cache
+.pytest_cache
+.ipynb_checkpoints
+
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -6,9 +6,11 @@ repos:
        args:
          - --fix
          - --line-length=127
-        files: ^((.github/scripts)/.+)?[^/]+\.py$
+        files: ^((.github/scripts|scripts)/.+)?[^/]+\.py$
+        exclude: (split_photos.py)
      - id: ruff-format
-        files: ^((.github/scripts)/.+)?[^/]+\.py$
+        files: ^((.github/scripts|scripts)/.+)?[^/]+\.py$
+        exclude: (split_photos.py)
  - repo: https://github.com/codespell-project/codespell
    rev: v2.2.6
    hooks:
@@ -33,5 +35,5 @@ repos:
        # args: ["--replace_with=  "]
        entry: python .github/scripts/check_tabulator.py
        language: python
-        exclude: ^src/main/resources/static/pdfjs/
+        exclude: ^(src/main/resources/static/pdfjs|src/main/resources/static/pdfjs-legacy)
        files: ^.*(\.html|\.css|\.js)$
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -0,0 +1,53 @@
+{
+  "java.compile.nullAnalysis.mode": "automatic",
+  "files.eol": "auto",
+  "java.configuration.updateBuildConfiguration": "interactive",
+  "black-formatter.args": ["--line-length", "127"],
+  "flake8.args": ["--max-line-length", "127"],
+  "pylint.args": ["max-line-length", "127"],
+  "[java]": {
+    "editor.tabSize": 4,
+    "editor.detectIndentation": false,
+    "editor.rulers": [127]
+  },
+  "[python]": {
+    "editor.tabSize": 2,
+    "editor.detectIndentation": false,
+    "editor.rulers": [127]
+  },
+  "[gradle-build]": {
+    "editor.tabSize": 4,
+    "editor.detectIndentation": false,
+    "editor.rulers": [127]
+  },
+  "[gradle]": {
+    "editor.tabSize": 4,
+    "editor.detectIndentation": false,
+    "editor.rulers": [127]
+  },
+  "[html]": {
+    "editor.tabSize": 2,
+    "editor.rulers": [127],
+    "files.trimFinalNewlines": false,
+    "files.insertFinalNewline": false
+  },
+  "[javascript]": {
+    "editor.tabSize": 2,
+    "editor.rulers": [127]
+  },
+  "[yaml]": {
+    "files.trimFinalNewlines": false,
+    "files.insertFinalNewline": false
+  },
+  "diffEditor.maxComputationTime": 0,
+  "editor.wordSegmenterLocales": null,
+  "editor.guides.bracketPairs": "active",
+  "editor.guides.bracketPairsHorizontal": "active",
+  "files.insertFinalNewline": true,
+  "files.trimFinalNewlines": true,
+  "files.trimTrailingWhitespace": true,
+  "editor.indentSize": "tabSize",
+  "editor.stickyScroll.enabled": false,
+  "editor.minimap.enabled": false,
+  "editor.formatOnSave": true
+}
--- a/DATABASE.md
+++ b/DATABASE.md
@@ -0,0 +1,40 @@
+# New Database Backup and Import Functionality
+
+**Full activation will take place on approximately January 5th, 2025!**
+
+Why is the waiting time six months?
+
+There are users who only install updates sporadically; if they skip the preparation, it can/will lead to data loss in the database.
+
+## Functionality Overview
+
+The newly introduced feature enhances the application with robust database backup and import capabilities. This feature is designed to ensure data integrity and provide a straightforward way to manage database backups. Here's how it works:
+
+1. Automatic Backup Creation
+   - The system automatically creates a database backup every day at midnight. This ensures that there is always a recent backup available, minimizing the risk of data loss.
+2. Manual Backup Export
+   - Admin actions that modify the user database trigger a manual export of the database. This keeps the backup up-to-date with the latest changes and provides an extra layer of data security.
+3. Importing Database Backups
+   - Admin users can import a database backup either via the web interface or API endpoints. This allows for easy restoration of the database to a previous state in case of data corruption or other issues.
+   - The import process ensures that the database structure and data are correctly restored, maintaining the integrity of the application.
+4. Managing Backup Files
+   - Admins can view a list of all existing backup files, along with their creation dates and sizes. This helps in managing storage and identifying the most recent or relevant backups.
+   - Backup files can be downloaded for offline storage or transferred to other environments, providing flexibility in database management.
+   - Unnecessary backup files can be deleted through the interface to free up storage space and maintain an organized backup directory.
+
+## User Interface
+
+### Web Interface
+
+1. Upload SQL files to import database backups.
+2. View details of existing backups, such as file names, creation dates, and sizes.
+3. Download backup files for offline storage.
+4. Delete outdated or unnecessary backup files.
+
+### API Endpoints
+
+1. Import database backups by uploading SQL files.
+2. Download backup files.
+3. Delete backup files.
+
+This new functionality streamlines database management, ensuring that backups are always available and easy to manage, thus improving the reliability and resilience of the application.
--- a/10
+++ b/10
@@ -1,5 +1,5 @@
 # Main stage
-FROM alpine:3.20.0
+FROM alpine:3.20.2

 # Copy necessary files
 COPY scripts /scripts
@@ -39,16 +39,16 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et
        libreoffice \
 # pdftohtml
        poppler-utils \
-# OCR MY PDF (unpaper for descew and other advanced featues)
+# OCR MY PDF (unpaper for descew and other advanced features)
        ocrmypdf \
        tesseract-ocr-data-eng \
 # CV
        py3-opencv \
 # python3/pip
-        python3 && \
-    wget https://bootstrap.pypa.io/get-pip.py -qO - | python3 - --break-system-packages --no-cache-dir --upgrade && \
+        python3 \
+        py3-pip && \
 # uno unoconv and HTML
-    pip install --break-system-packages --no-cache-dir --upgrade unoconv WeasyPrint && \
+    pip install --break-system-packages --no-cache-dir --upgrade unoconv WeasyPrint pdf2image pillow && \
    mv /usr/share/tessdata /usr/share/tessdata-original && \
    mkdir -p $HOME /configs /logs /customFiles /pipeline/watchedFolders /pipeline/finishedFolders && \
    fc-cache -f -v && \
--- a/83
+++ b/83
@@ -0,0 +1,83 @@
+# Build the application
+FROM gradle:8.7-jdk17 AS build
+
+# Set the working directory
+WORKDIR /app
+
+# Copy the entire project to the working directory
+COPY . .
+
+# Build the application with DOCKER_ENABLE_SECURITY=false
+RUN DOCKER_ENABLE_SECURITY=true \
+./gradlew clean build
+
+# Main stage
+FROM alpine:3.20.2
+
+# Copy necessary files
+COPY scripts /scripts
+COPY pipeline /pipeline
+COPY src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto/
+COPY --from=build /app/build/libs/*.jar app.jar
+
+ARG VERSION_TAG
+
+# Set Environment Variables
+ENV DOCKER_ENABLE_SECURITY=false \
+    VERSION_TAG=$VERSION_TAG \
+    JAVA_TOOL_OPTIONS="$JAVA_TOOL_OPTIONS -XX:MaxRAMPercentage=75" \
+    HOME=/home/stirlingpdfuser \
+    PUID=1000 \
+    PGID=1000 \
+    UMASK=022 \
+    FAT_DOCKER=true \
+    INSTALL_BOOK_AND_ADVANCED_HTML_OPS=false
+
+
+# JDK for app
+RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \
+    echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \
+    echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a /etc/apk/repositories && \
+    apk upgrade --no-cache -a && \
+    apk add --no-cache \
+        ca-certificates \
+        tzdata \
+        tini \
+        bash \
+        curl \
+        shadow \
+        su-exec \
+        openssl \
+        openssl-dev \
+        openjdk21-jre \
+# Doc conversion
+        libreoffice \
+# pdftohtml
+        poppler-utils \
+# OCR MY PDF (unpaper for descew and other advanced featues)
+        ocrmypdf \
+        tesseract-ocr-data-eng \
+        font-terminus font-dejavu font-noto font-noto-cjk font-awesome font-noto-extra \
+# CV
+        py3-opencv \
+# python3/pip
+        python3 \
+    py3-pip && \
+# uno unoconv and HTML
+    pip install --break-system-packages --no-cache-dir --upgrade unoconv WeasyPrint pdf2image pillow && \
+    mv /usr/share/tessdata /usr/share/tessdata-original && \
+    mkdir -p $HOME /configs /logs /customFiles /pipeline/watchedFolders /pipeline/finishedFolders && \
+    fc-cache -f -v && \
+    chmod +x /scripts/* && \
+    chmod +x /scripts/init.sh && \
+# User permissions
+    addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
+    chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline && \
+    chown stirlingpdfuser:stirlingpdfgroup /app.jar && \
+    tesseract --list-langs
+
+EXPOSE 8080/tcp
+
+# Set user and run command
+ENTRYPOINT ["tini", "--", "/scripts/init.sh"]
+CMD ["java", "-Dfile.encoding=UTF-8", "-jar", "/app.jar"]
--- a/2
+++ b/2
@@ -1,5 +1,5 @@
 # use alpine
-FROM alpine:3.20.0
+FROM alpine:3.20.2

 ARG VERSION_TAG

--- a/Endpoint-groups.md
+++ b/Endpoint-groups.md
@@ -1,46 +1,47 @@
-| Operation           | PageOps | Convert | Security | Other | CLI  | Python | OpenCV | LibreOffice | OCRmyPDF | Java     | Javascript |
-|---------------------|---------|---------|----------|-------|------|--------|--------|-------------|----------|----------|------------|
-| adjust-contrast     |    ✔️    |         |          |       |      |        |        |             |          |           |    ✔️      |
-| auto-split-pdf      |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| crop                |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| extract-page        |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| merge-pdfs          |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| multi-page-layout   |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| pdf-organizer       |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |    ✔️       |
-| pdf-to-single-page  |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| remove-pages        |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| rotate-pdf          |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| scale-pages         |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| split-pdfs          |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| file-to-pdf         |         |    ✔️    |          |       |  ✔️   |        |        |     ✔️       |          |          |            |
-| img-to-pdf          |         |    ✔️    |          |       |      |        |        |             |          |    ✔️     |            |
-| pdf-to-html         |         |    ✔️    |          |       |  ✔️   |        |        |     ✔️       |          |          |            |
-| pdf-to-img          |         |    ✔️    |          |       |      |        |        |             |          |    ✔️     |            |
-| pdf-to-pdfa         |         |    ✔️    |          |       |  ✔️   |        |        |             |    ✔️     |          |            |
-| pdf-to-markdown     |         |    ✔️    |          |       |      |        |        |             |            |    ✔️      |            |
-| pdf-to-presentation |         |    ✔️    |          |       |  ✔️   |        |        |     ✔️       |          |          |            |
-| pdf-to-text         |         |    ✔️    |          |       |  ✔️   |        |        |     ✔️       |          |          |            |
-| pdf-to-word         |         |    ✔️    |          |       |  ✔️   |        |        |     ✔️       |          |          |            |
-| pdf-to-xml          |         |    ✔️    |          |       |  ✔️   |        |        |     ✔️       |          |          |            |
-| xlsx-to-pdf         |         |    ✔️    |          |       |  ✔️   |        |        |     ✔️       |          |          |            |
-| add-password        |         |         |    ✔️     |       |      |        |        |             |          |    ✔️     |            |
-| add-watermark       |         |         |    ✔️     |       |      |        |        |             |          |    ✔️     |            |
-| cert-sign           |         |         |    ✔️     |       |      |        |        |             |          |    ✔️     |            |
-| change-permissions  |         |         |    ✔️     |       |      |        |        |             |          |    ✔️     |            |
-| remove-password     |         |         |    ✔️     |       |      |        |        |             |          |    ✔️     |            |
-| sanitize-pdf        |         |         |    ✔️     |       |      |        |        |             |          |    ✔️     |            |
-| add-image           |         |         |          |  ✔️    |      |        |        |             |          |    ✔️     |            |
-| add-page-numbers    |         |         |          |  ✔️    |      |        |        |             |          |    ✔️     |            |
-| auto-rename         |         |         |          |  ✔️    |      |        |        |             |          |    ✔️     |            |
-| change-metadata     |         |         |          |  ✔️    |      |        |        |             |          |    ✔️     |            |
-| compare             |         |         |          |  ✔️    |      |        |        |             |          |          |    ✔️       |
-| compress-pdf        |         |         |          |  ✔️    |  ✔️   |        |        |             |    ✔️     |          |            |
-| extract-image-scans |         |         |          |  ✔️    |  ✔️   |   ✔️    |   ✔️    |             |          |          |            |
-| extract-images      |         |         |          |  ✔️    |      |        |        |             |          |    ✔️     |            |
-| flatten             |         |         |          |  ✔️    |      |        |        |             |          |          |      ✔️      |
-| get-info-on-pdf     |         |         |          |  ✔️    |      |        |        |             |          |    ✔️      |            |
-| ocr-pdf             |         |         |          |  ✔️    |  ✔️   |        |        |             |    ✔️     |          |            |
-| remove-blanks       |         |         |          |  ✔️    |  ✔️   |   ✔️    |   ✔️    |             |          |          |            |
-| repair              |         |         |          |  ✔️    |  ✔️   |        |        |     ✔️       |          |          |            |
-| show-javascript     |         |         |          |  ✔️    |      |        |        |             |          |          |    ✔️       |
-| sign                |         |         |          |  ✔️    |      |        |        |             |          |          |    ✔️       |
+| Operation           | PageOps | Convert | Security | Other | CLI | Python | OpenCV | LibreOffice | OCRmyPDF | Java | Javascript |
+| ------------------- | ------- | ------- | -------- | ----- | --- | ------ | ------ | ----------- | -------- | ---- | ---------- |
+| adjust-contrast     | ✔️       |         |          |       |     |        |        |             |          |      | ✔️          |
+| auto-split-pdf      | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| crop                | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| extract-page        | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| merge-pdfs          | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| multi-page-layout   | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| pdf-organizer       | ✔️       |         |          |       |     |        |        |             |          | ✔️    | ✔️          |
+| pdf-to-single-page  | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| remove-pages        | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| rotate-pdf          | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| scale-pages         | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| split-pdfs          | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| file-to-pdf         |         | ✔️       |          |       | ✔️   |        |        | ✔️           |          |      |            |
+| img-to-pdf          |         | ✔️       |          |       |     |        |        |             |          | ✔️    |            |
+| pdf-to-html         |         | ✔️       |          |       | ✔️   |        |        | ✔️           |          |      |            |
+| pdf-to-img          |         | ✔️       |          |       |     | ✔️      |        |             |          | ✔️    |            |
+| pdf-to-pdfa         |         | ✔️       |          |       | ✔️   |        |        |             | ✔️        |      |            |
+| pdf-to-markdown     |         | ✔️       |          |       |     |        |        |             |          | ✔️    |            |
+| pdf-to-presentation |         | ✔️       |          |       | ✔️   |        |        | ✔️           |          |      |            |
+| pdf-to-text         |         | ✔️       |          |       | ✔️   |        |        | ✔️           |          |      |            |
+| pdf-to-word         |         | ✔️       |          |       | ✔️   |        |        | ✔️           |          |      |            |
+| pdf-to-xml          |         | ✔️       |          |       | ✔️   |        |        | ✔️           |          |      |            |
+| xlsx-to-pdf         |         | ✔️       |          |       | ✔️   |        |        | ✔️           |          |      |            |
+| add-password        |         |         | ✔️        |       |     |        |        |             |          | ✔️    |            |
+| add-watermark       |         |         | ✔️        |       |     |        |        |             |          | ✔️    |            |
+| cert-sign           |         |         | ✔️        |       |     |        |        |             |          | ✔️    |            |
+| remove-cert-sign    |         |         | ✔️        |       |     |        |        |             |          | ✔️    |            |
+| change-permissions  |         |         | ✔️        |       |     |        |        |             |          | ✔️    |            |
+| remove-password     |         |         | ✔️        |       |     |        |        |             |          | ✔️    |            |
+| sanitize-pdf        |         |         | ✔️        |       |     |        |        |             |          | ✔️    |            |
+| add-image           |         |         |          | ✔️     |     |        |        |             |          | ✔️    |            |
+| add-page-numbers    |         |         |          | ✔️     |     |        |        |             |          | ✔️    |            |
+| auto-rename         |         |         |          | ✔️     |     |        |        |             |          | ✔️    |            |
+| change-metadata     |         |         |          | ✔️     |     |        |        |             |          | ✔️    |            |
+| compare             |         |         |          | ✔️     |     |        |        |             |          |      | ✔️          |
+| compress-pdf        |         |         |          | ✔️     | ✔️   |        |        |             | ✔️        |      |            |
+| extract-image-scans |         |         |          | ✔️     | ✔️   | ✔️      | ✔️      |             |          |      |            |
+| extract-images      |         |         |          | ✔️     |     |        |        |             |          | ✔️    |            |
+| flatten             |         |         |          | ✔️     |     |        |        |             |          |      | ✔️          |
+| get-info-on-pdf     |         |         |          | ✔️     |     |        |        |             |          | ✔️    |            |
+| ocr-pdf             |         |         |          | ✔️     | ✔️   |        |        |             | ✔️        |      |            |
+| remove-blanks       |         |         |          | ✔️     | ✔️   | ✔️      | ✔️      |             |          |      |            |
+| repair              |         |         |          | ✔️     | ✔️   |        |        | ✔️           |          |      |            |
+| show-javascript     |         |         |          | ✔️     |     |        |        |             |          |      | ✔️          |
+| sign                |         |         |          | ✔️     |     |        |        |             |          |      | ✔️          |
--- a/README.md
+++ b/README.md
@@ -9,6 +9,7 @@
 [![Github Sponsor](https://img.shields.io/badge/Github%20Sponsor-yellow?style=flat&logo=github)](https://github.com/sponsors/Frooodle)

 [![Deploy to DO](https://www.deploytodo.com/do-btn-blue.svg)](https://cloud.digitalocean.com/apps/new?repo=https://github.com/Stirling-Tools/Stirling-PDF/tree/digitalOcean&refcode=c3210994b1af)
+[<img src="https://www.ssdnodes.com/wp-content/uploads/2023/11/footer-logo.svg" alt="Name" height="40">](https://www.ssdnodes.com/manage/aff.php?aff=2216&register=true)

 This is a robust, locally hosted web-based PDF manipulation tool using Docker. It enables you to carry out various operations on PDF files, including splitting, merging, converting, reorganizing, adding images, rotating, compressing, and more. This locally hosted web application has evolved to encompass a comprehensive set of features, addressing all your PDF requirements.

@@ -21,10 +22,11 @@ All files and PDFs exist either exclusively on the client side, reside in server
 ## Features

 - Dark mode support.
- Custom download options (see [here](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/images/settings.png) for example)
+- Custom download options
 - Parallel file processing and downloads
 - API for integration with external scripts
 - Optional Login and Authentication support (see [here](https://github.com/Stirling-Tools/Stirling-PDF/tree/main#login-authentication) for documentation)
+- Database Backup and Import (see [here](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DATABASE.md) for documentation)

 ## **PDF Features**

@@ -82,7 +84,8 @@ All files and PDFs exist either exclusively on the client side, reside in server
 - Get all information on a PDF to view or export as JSON.

 For a overview of the tasks and the technology each uses please view [Endpoint-groups.md](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/Endpoint-groups.md)
-Demo of the app is available [here](https://stirlingpdf.io). username: demo, password: demo
+
+Demo of the app is available [here](https://stirlingpdf.io).

 ## Technologies used

@@ -105,33 +108,36 @@ Please view https://github.com/Stirling-Tools/Stirling-PDF/blob/main/LocalRunGui

 https://hub.docker.com/r/frooodle/s-pdf

-Stirling PDF has 2 different versions, a Full version and ultra-Lite version. Depending on the types of features you use you may want a smaller image to save on space.
+Stirling PDF has 3 different versions, a Full version and ultra-Lite version as well as a 'Fat' version. Depending on the types of features you use you may want a smaller image to save on space.
 To see what the different versions offer please look at our [version mapping](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/Version-groups.md)
 For people that don't mind about space optimization just use the latest tag.
 ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/frooodle/s-pdf/latest?label=Stirling-PDF%20Full)
 ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/frooodle/s-pdf/latest-ultra-lite?label=Stirling-PDF%20Ultra-Lite)
+![Docker Image Size (tag)](https://img.shields.io/docker/image-size/frooodle/s-pdf/latest-fat?label=Stirling-PDF%20Fat)

-Docker Run
+Please note in below examples you may need to change the volume paths as needed, current examples install them to the current working directory
+eg ``./extraConfigs:/configs`` to ``/opt/stirlingpdf/extraConfigs:/configs``
+
+### Docker Run

 ```bash
 docker run -d \
  -p 8080:8080 \
-  -v /location/of/trainingData:/usr/share/tessdata \
-  -v /location/of/extraConfigs:/configs \
-  -v /location/of/logs:/logs \
+  -v ./trainingData:/usr/share/tessdata \
+  -v ./extraConfigs:/configs \
+  -v ./logs:/logs \
  -e DOCKER_ENABLE_SECURITY=false \
  -e INSTALL_BOOK_AND_ADVANCED_HTML_OPS=false \
  -e LANGS=en_GB \
  --name stirling-pdf \
  frooodle/s-pdf:latest

-
  Can also add these for customisation but are not required

  -v /location/of/customFiles:/customFiles \
 ```

-Docker Compose
+### Docker Compose

 ```yaml
 version: '3.3'
@@ -141,10 +147,10 @@ services:
    ports:
      - '8080:8080'
    volumes:
-      - /location/of/trainingData:/usr/share/tessdata #Required for extra OCR languages
-      - /location/of/extraConfigs:/configs
-#      - /location/of/customFiles:/customFiles/
-#      - /location/of/logs:/logs/
+      - ./trainingData:/usr/share/tessdata #Required for extra OCR languages
+      - ./extraConfigs:/configs
+#      - ./customFiles:/customFiles/
+#      - ./logs:/logs/
    environment:
      - DOCKER_ENABLE_SECURITY=false
      - INSTALL_BOOK_AND_ADVANCED_HTML_OPS=false
@@ -159,39 +165,46 @@ Please view https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToUseOCR

 ## Supported Languages

-Stirling PDF currently supports 28!
+Stirling PDF currently supports 38!

 | Language                                    | Progress                               |
 | ------------------------------------------- | -------------------------------------- |
+| Arabic (العربية) (ar_AR)                    | ![44%](https://geps.dev/progress/44)   |
+| Basque (Euskara) (eu_ES)                    | ![60%](https://geps.dev/progress/60)   |
+| Bulgarian (Български) (bg_BG)               | ![92%](https://geps.dev/progress/92)   |
+| Catalan (Català) (ca_CA)                    | ![47%](https://geps.dev/progress/47)   |
+| Croatian (Hrvatski) (hr_HR)                 | ![92%](https://geps.dev/progress/92)   |
+| Czech (Česky) (cs_CZ)                       | ![88%](https://geps.dev/progress/88)   |
+| Danish (Dansk) (da_DK)                      | ![9%](https://geps.dev/progress/9)   |
+| Dutch (Nederlands) (nl_NL)                  | ![94%](https://geps.dev/progress/94)   |
 | English (English) (en_GB)                   | ![100%](https://geps.dev/progress/100) |
 | English (US) (en_US)                        | ![100%](https://geps.dev/progress/100) |
-| Arabic (العربية) (ar_AR)                    | ![41%](https://geps.dev/progress/41)   |
-| German (Deutsch) (de_DE)                    | ![100%](https://geps.dev/progress/100)   |
-| French (Français) (fr_FR)                   | ![94%](https://geps.dev/progress/94)   |
-| Spanish (Español) (es_ES)                   | ![96%](https://geps.dev/progress/96)   |
-| Simplified Chinese (简体中文) (zh_CN)       | ![96%](https://geps.dev/progress/96)   |
-| Traditional Chinese (繁體中文) (zh_TW)      | ![95%](https://geps.dev/progress/95)   |
-| Catalan (Català) (ca_CA)                    | ![49%](https://geps.dev/progress/49)   |
+| French (Français) (fr_FR)                   | ![91%](https://geps.dev/progress/91)   |
+| German (Deutsch) (de_DE)                    | ![98%](https://geps.dev/progress/98) |
+| Greek (Ελληνικά) (el_GR)                    | ![80%](https://geps.dev/progress/80)   |
+| Hindi (हिंदी) (hi_IN)                          | ![75%](https://geps.dev/progress/75)   |
+| Hungarian (Magyar) (hu_HU)                  | ![74%](https://geps.dev/progress/74)   |
+| Indonesia (Bahasa Indonesia) (id_ID)        | ![74%](https://geps.dev/progress/74)   |
+| Irish (Gaeilge) (ga_IE)                     | ![96%](https://geps.dev/progress/96)   |
 | Italian (Italiano) (it_IT)                  | ![99%](https://geps.dev/progress/99)   |
-| Swedish (Svenska) (sv_SE)                   | ![41%](https://geps.dev/progress/41)   |
-| Polish (Polski) (pl_PL)                     | ![43%](https://geps.dev/progress/43)   |
-| Romanian (Română) (ro_RO)                   | ![40%](https://geps.dev/progress/40)   |
-| Korean (한국어) (ko_KR)                     | ![88%](https://geps.dev/progress/88)   |
-| Portuguese Brazilian (Português) (pt_BR)    | ![62%](https://geps.dev/progress/62)   |
-| Russian (Русский) (ru_RU)                   | ![88%](https://geps.dev/progress/88)   |
-| Basque (Euskara) (eu_ES)                    | ![64%](https://geps.dev/progress/64)   |
-| Japanese (日本語) (ja_JP)                   | ![88%](https://geps.dev/progress/88)   |
-| Dutch (Nederlands) (nl_NL)                  | ![86%](https://geps.dev/progress/86)   |
-| Greek (Ελληνικά) (el_GR)                    | ![86%](https://geps.dev/progress/86)   |
-| Turkish (Türkçe) (tr_TR)                    | ![98%](https://geps.dev/progress/98)   |
-| Indonesia (Bahasa Indonesia) (id_ID)        | ![79%](https://geps.dev/progress/79)   |
-| Hindi (हिंदी) (hi_IN)                          | ![80%](https://geps.dev/progress/80)   |
-| Hungarian (Magyar) (hu_HU)                  | ![79%](https://geps.dev/progress/79)   |
-| Bulgarian (Български) (bg_BG)               | ![96%](https://geps.dev/progress/96)   |
-| Sebian Latin alphabet (Srpski) (sr_LATN_RS) | ![81%](https://geps.dev/progress/81)   |
-| Ukrainian (Українська) (uk_UA)              | ![87%](https://geps.dev/progress/87)   |
-| Slovakian (Slovensky) (sk_SK)               | ![96%](https://geps.dev/progress/96)   |
-| Czech (Česky) (cs_CZ)                       | ![94%](https://geps.dev/progress/94)   |
+| Japanese (日本語) (ja_JP)                   | ![90%](https://geps.dev/progress/90)   |
+| Korean (한국어) (ko_KR)                     | ![82%](https://geps.dev/progress/82)   |
+| Norwegian (Norsk) (no_NB)                   | ![96%](https://geps.dev/progress/96)   |
+| Polish (Polski) (pl_PL)                     | ![90%](https://geps.dev/progress/90)   |
+| Portuguese (Português) (pt_PT)              | ![76%](https://geps.dev/progress/76)   |
+| Portuguese Brazilian (Português) (pt_BR)    | ![99%](https://geps.dev/progress/99)   |
+| Romanian (Română) (ro_RO)                   | ![38%](https://geps.dev/progress/38)   |
+| Russian (Русский) (ru_RU)                   | ![82%](https://geps.dev/progress/82)   |
+| Serbian Latin alphabet (Srpski) (sr_LATN_RS) | ![76%](https://geps.dev/progress/76)   |
+| Simplified Chinese (简体中文) (zh_CN)       | ![97%](https://geps.dev/progress/97)   |
+| Slovakian (Slovensky) (sk_SK)               | ![90%](https://geps.dev/progress/90)   |
+| Spanish (Español) (es_ES)                   | ![96%](https://geps.dev/progress/96)   |
+| Swedish (Svenska) (sv_SE)                   | ![38%](https://geps.dev/progress/38)   |
+| Thai (ไทย) (th_TH)                          | ![97%](https://geps.dev/progress/97) |
+| Traditional Chinese (繁體中文) (zh_TW)      | ![96%](https://geps.dev/progress/96)   |
+| Turkish (Türkçe) (tr_TR)                    | ![97%](https://geps.dev/progress/97)   |
+| Ukrainian (Українська) (uk_UA)              | ![88%](https://geps.dev/progress/88)   |
+| Vietnamese (Tiếng Việt) (vi_VN)             | ![97%](https://geps.dev/progress/97)   |

 ## Contributing (creating issues, translations, fixing bugs, etc.)

@@ -203,7 +216,7 @@ Stirling PDF allows easy customization of the app.
 Includes things like

 - Custom application name
- Custom slogans, icons, HTML, images CSS etc (via file overrides) 
+- Custom slogans, icons, HTML, images CSS etc (via file overrides)

 There are two options for this, either using the generated settings file ``settings.yml``
 This file is located in the ``/configs`` directory and follows standard YAML formatting
@@ -212,11 +225,11 @@ Environment variables are also supported and would override the settings file
 For example in the settings.yml you have

 ```yaml
-system:
-  defaultLocale: 'en-US'
+security:
+  enableLogin: 'true'
 ```

-To have this via an environment variable you would have ``SYSTEM_DEFAULTLOCALE``
+To have this via an environment variable you would have ``SECURITY_ENABLELOGIN``

 The Current list of settings is

@@ -226,35 +239,37 @@ security:
  csrfDisabled: true # Set to 'true' to disable CSRF protection (not recommended for production)
  loginAttemptCount: 5 # lock user account after 5 tries
  loginResetTimeMinutes: 120 # lock account for 2 hours after x attempts
-#  initialLogin:
-#    username: "admin" # Initial username for the first login
-#    password: "stirling" # Initial password for the first login
-#  oauth2:
-#    enabled: false # set to 'true' to enable login (Note: enableLogin must also be 'true' for this to work)
-#    issuer: "" # set to any provider that supports OpenID Connect Discovery (/.well-known/openid-configuration) end-point
-#    clientId: "" # Client ID from your provider
-#    clientSecret: "" # Client Secret from your provider
-#    autoCreateUser: false # set to 'true' to allow auto-creation of non-existing users
-#    useAsUsername: "email" # Default is 'email'; custom fields can be used as the username
-#    scopes: "openid, profile, email" # Specify the scopes for which the application will request permissions
-#    provider: "google" # Set this to your OAuth provider's name, e.g., 'google' or 'keycloak'
-#    client:
-#      google:
-#        clientId: "" # Client ID for Google OAuth2
-#        clientSecret: "" # Client Secret for Google OAuth2
-#        scopes: "https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile" # Scopes for Google OAuth2
-#        useAsUsername: "email" # Field to use as the username for Google OAuth2
-#      github:
-#        clientId: "" # Client ID for GitHub OAuth2
-#        clientSecret: "" # Client Secret for GitHub OAuth2
-#        scopes: "read:user" # Scope for GitHub OAuth2
-#        useAsUsername: "login" # Field to use as the username for GitHub OAuth2
-#      keycloak:
-#        issuer: "http://192.168.0.123:8888/realms/stirling-pdf" # URL of the Keycloak realm's OpenID Connect Discovery endpoint
-#        clientId: "stirling-pdf" # Client ID for Keycloak OAuth2
-#        clientSecret: "" # Client Secret for Keycloak OAuth2
-#        scopes: "openid, profile, email" # Scopes for Keycloak OAuth2
-#        useAsUsername: "email" # Field to use as the username for Keycloak OAuth2
+  loginMethod: all # 'all' (Login Username/Password and OAuth2[must be enabled and configured]), 'normal'(only Login with Username/Password) or 'oauth2'(only Login with OAuth2)
+  initialLogin:
+    username: '' # Initial username for the first login
+    password: '' # Initial password for the first login
+  oauth2:
+    enabled: false # set to 'true' to enable login (Note: enableLogin must also be 'true' for this to work)
+    client:
+      keycloak:
+        issuer: '' # URL of the Keycloak realm's OpenID Connect Discovery endpoint
+        clientId: '' # Client ID for Keycloak OAuth2
+        clientSecret: '' # Client Secret for Keycloak OAuth2
+        scopes: openid, profile, email # Scopes for Keycloak OAuth2
+        useAsUsername: preferred_username # Field to use as the username for Keycloak OAuth2
+      google:
+        clientId: '' # Client ID for Google OAuth2
+        clientSecret: '' # Client Secret for Google OAuth2
+        scopes: https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile # Scopes for Google OAuth2
+        useAsUsername: email # Field to use as the username for Google OAuth2
+      github:
+        clientId: '' # Client ID for GitHub OAuth2
+        clientSecret: '' # Client Secret for GitHub OAuth2
+        scopes: read:user # Scope for GitHub OAuth2
+        useAsUsername: login # Field to use as the username for GitHub OAuth2
+    issuer: '' # set to any provider that supports OpenID Connect Discovery (/.well-known/openid-configuration) end-point
+    clientId: '' # Client ID from your provider
+    clientSecret: '' # Client Secret from your provider
+    autoCreateUser: false # set to 'true' to allow auto-creation of non-existing users
+    blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin
+    useAsUsername: email # Default is 'email'; custom fields can be used as the username
+    scopes: openid, profile, email # Specify the scopes for which the application will request permissions
+    provider: google # Set this to your OAuth provider's name, e.g., 'google' or 'keycloak'

 system:
  defaultLocale: 'en-US' # Set the default language (e.g. 'de-DE', 'fr-FR', etc)
@@ -265,9 +280,9 @@ system:
  customHTMLFiles: false # enable to have files placed in /customFiles/templates override the existing template html files

 ui:
-  appName: null # Application's visible name
-  homeDescription: null # Short description or tagline shown on homepage.
-  appNameNavbar: null # Name displayed on the navigation bar
+  appName: '' # Application's visible name
+  homeDescription: '' # Short description or tagline shown on homepage.
+  appNameNavbar: '' # Name displayed on the navigation bar

 endpoints:
  toRemove: [] # List endpoints to disable (e.g. ['img-to-pdf', 'remove-pages'])
@@ -301,7 +316,7 @@ For those wanting to use Stirling-PDFs backend API to link with their own custom

 ![stirling-login](images/login-light.png)

-### Prerequisites:
+### Prerequisites

 - User must have the folder ./configs volumed within docker so that it is retained during updates.
 - Docker users must download the security jar version by setting ``DOCKER_ENABLE_SECURITY`` to ``true`` in environment variables.
--- a/Version-groups.md
+++ b/Version-groups.md
@@ -1,52 +1,56 @@
-| Technology     | Ultra-Lite | Full |
-|----------------|:----------:|:----:|
-| Java           |     ✔️      |  ✔️  |
-| JavaScript     |     ✔️      |  ✔️  |
-| Libre          |            |  ✔️  |
-| Python         |            |  ✔️  |
-| OpenCV         |            |  ✔️  |
-| OCRmyPDF       |            |  ✔️  |
+|All versions in a Docker environment can download Calibre as a optional extra at runtime to support `book-to-pdf` and `pdf-to-book` using parameter ``INSTALL_BOOK_AND_ADVANCED_HTML_OPS``.
+The 'Fat' container contains all those found in 'Full' with security jar along with this Calibre install. 

-Operation                | Ultra-Lite | Full
-------------------------|------------|-----
-add-page-numbers         |     ✔️      |  ✔️
-add-password             |     ✔️      |  ✔️
-add-image                |     ✔️      |  ✔️
-add-watermark            |     ✔️      |  ✔️
-adjust-contrast          |     ✔️      |  ✔️
-auto-split-pdf           |     ✔️      |  ✔️
-auto-redact              |     ✔️      |  ✔️
-auto-rename              |     ✔️      |  ✔️
-cert-sign                |     ✔️      |  ✔️
-crop                     |     ✔️      |  ✔️
-change-metadata          |     ✔️      |  ✔️
-change-permissions       |     ✔️      |  ✔️
-compare                  |     ✔️      |  ✔️
-extract-page             |     ✔️      |  ✔️
-extract-images           |     ✔️      |  ✔️
-flatten                  |     ✔️      |  ✔️
-get-info-on-pdf          |     ✔️      |  ✔️
-img-to-pdf               |     ✔️      |  ✔️
-markdown-to-pdf          |     ✔️      |  ✔️
-merge-pdfs               |     ✔️      |  ✔️
-multi-page-layout        |     ✔️      |  ✔️
-overlay-pdf              |     ✔️      |  ✔️
-pdf-organizer            |     ✔️      |  ✔️
-pdf-to-csv               |     ✔️      |  ✔️
-pdf-to-img               |     ✔️      |  ✔️
-pdf-to-single-page       |     ✔️      |  ✔️
-remove-pages             |     ✔️      |  ✔️
-remove-password          |     ✔️      |  ✔️
-rotate-pdf               |     ✔️      |  ✔️
-sanitize-pdf             |     ✔️      |  ✔️
-scale-pages              |     ✔️      |  ✔️
-sign                     |     ✔️      |  ✔️
-show-javascript          |     ✔️      |  ✔️
-split-by-size-or-count   |     ✔️      |  ✔️
-split-pdf-by-sections    |     ✔️      |  ✔️
-split-pdfs               |     ✔️      |  ✔️
-compress-pdf             |            |  ✔️
-extract-image-scans      |            |  ✔️
-ocr-pdf                  |            |  ✔️
-pdf-to-pdfa              |            |  ✔️
-remove-blanks            |            |  ✔️
+Technology | Ultra-Lite | Full  |
+| ---------- | :--------: | :---: |
+| Java       |     ✔️      |   ✔️   |
+| JavaScript |     ✔️      |   ✔️   |
+| Libre      |            |   ✔️   |
+| Python     |            |   ✔️   |
+| OpenCV     |            |   ✔️   |
+| OCRmyPDF   |            |   ✔️   |
+
+| Operation              | Ultra-Lite | Full |
+| ---------------------- | ---------- | ---- |
+| add-page-numbers       | ✔️          | ✔️    |
+| add-password           | ✔️          | ✔️    |
+| add-image              | ✔️          | ✔️    |
+| add-watermark          | ✔️          | ✔️    |
+| adjust-contrast        | ✔️          | ✔️    |
+| auto-split-pdf         | ✔️          | ✔️    |
+| auto-redact            | ✔️          | ✔️    |
+| auto-rename            | ✔️          | ✔️    |
+| cert-sign              | ✔️          | ✔️    |
+| remove-cert-sign       | ✔️          | ✔️    |
+| crop                   | ✔️          | ✔️    |
+| change-metadata        | ✔️          | ✔️    |
+| change-permissions     | ✔️          | ✔️    |
+| compare                | ✔️          | ✔️    |
+| extract-page           | ✔️          | ✔️    |
+| extract-images         | ✔️          | ✔️    |
+| flatten                | ✔️          | ✔️    |
+| get-info-on-pdf        | ✔️          | ✔️    |
+| img-to-pdf             | ✔️          | ✔️    |
+| markdown-to-pdf        | ✔️          | ✔️    |
+| merge-pdfs             | ✔️          | ✔️    |
+| multi-page-layout      | ✔️          | ✔️    |
+| overlay-pdf            | ✔️          | ✔️    |
+| pdf-organizer          | ✔️          | ✔️    |
+| pdf-to-csv             | ✔️          | ✔️    |
+| pdf-to-img             | ✔️          | ✔️    |
+| pdf-to-single-page     | ✔️          | ✔️    |
+| remove-pages           | ✔️          | ✔️    |
+| remove-password        | ✔️          | ✔️    |
+| rotate-pdf             | ✔️          | ✔️    |
+| sanitize-pdf           | ✔️          | ✔️    |
+| scale-pages            | ✔️          | ✔️    |
+| sign                   | ✔️          | ✔️    |
+| show-javascript        | ✔️          | ✔️    |
+| split-by-size-or-count | ✔️          | ✔️    |
+| split-pdf-by-sections  | ✔️          | ✔️    |
+| split-pdfs             | ✔️          | ✔️    |
+| compress-pdf           |            | ✔️    |
+| extract-image-scans    |            | ✔️    |
+| ocr-pdf                |            | ✔️    |
+| pdf-to-pdfa            |            | ✔️    |
+| remove-blanks          |            | ✔️    |
--- a/build.gradle
+++ b/build.gradle
@@ -1,27 +1,38 @@
 plugins {
-    id 'java'
-    id 'org.springframework.boot' version '3.2.4'
-    id 'io.spring.dependency-management' version '1.1.3'
-    id 'org.springdoc.openapi-gradle-plugin' version '1.8.0'
+    id "java"
+    id "org.springframework.boot" version "3.3.2"
+    id "io.spring.dependency-management" version "1.1.6"
+    id "org.springdoc.openapi-gradle-plugin" version "1.8.0"
    id "io.swagger.swaggerhub" version "1.3.2"
-    id 'edu.sc.seis.launch4j' version '3.0.5'
-    id 'com.diffplug.spotless' version '6.25.0'
-    id 'com.github.jk1.dependency-license-report' version '2.6'
+    id "edu.sc.seis.launch4j" version "3.0.6"
+    id "com.diffplug.spotless" version "6.25.0"
+    id "com.github.jk1.dependency-license-report" version "2.9"
 }

 import com.github.jk1.license.render.*

-group = 'stirling.software'
-version = '0.25.0'
+ext {
+    springBootVersion = "3.3.2"
+    pdfboxVersion = "3.0.3"
+    logbackVersion = "1.5.7"
+    imageioVersion = "3.11.0"
+    lombokVersion = "1.18.34"
+    bouncycastleVersion = "1.78.1"	
+}

-//17 is lowest but we support and recommend 21
-sourceCompatibility = '17'
+group = "stirling.software"
+version = "0.28.2"
+
+java {
+    // 17 is lowest but we support and recommend 21
+    sourceCompatibility = JavaVersion.VERSION_17
+}

 repositories {
    mavenCentral()
+    maven { url "https://jitpack.io" }
 }

-
 licenseReport {
    renderers = [new JsonReportRenderer()]
 }
@@ -29,15 +40,19 @@ licenseReport {
 sourceSets {
    main {
        java {
-            if (System.getenv('DOCKER_ENABLE_SECURITY') == 'false') {
-                exclude 'stirling/software/SPDF/config/security/**'
-                exclude 'stirling/software/SPDF/controller/api/UserController.java'
-                exclude 'stirling/software/SPDF/controller/web/AccountWebController.java'
-                exclude 'stirling/software/SPDF/model/ApiKeyAuthenticationToken.java'
-                exclude 'stirling/software/SPDF/model/Authority.java'
-                exclude 'stirling/software/SPDF/model/PersistentLogin.java'
-                exclude 'stirling/software/SPDF/model/User.java'
-                exclude 'stirling/software/SPDF/repository/**'
+            if (System.getenv("DOCKER_ENABLE_SECURITY") == "false") {
+                exclude "stirling/software/SPDF/config/security/**"
+                exclude "stirling/software/SPDF/controller/api/UserController.java"
+                exclude "stirling/software/SPDF/controller/api/DatabaseController.java"
+                exclude "stirling/software/SPDF/controller/web/AccountWebController.java"
+                exclude "stirling/software/SPDF/controller/web/DatabaseWebController.java"
+                exclude "stirling/software/SPDF/model/ApiKeyAuthenticationToken.java"
+                exclude "stirling/software/SPDF/model/AttemptCounter.java"
+                exclude "stirling/software/SPDF/model/Authority.java"
+                exclude "stirling/software/SPDF/model/PersistentLogin.java"
+                exclude "stirling/software/SPDF/model/SessionEntity.java"
+                exclude "stirling/software/SPDF/model/User.java"
+                exclude "stirling/software/SPDF/repository/**"
            }
        }
    }
@@ -50,34 +65,34 @@ openApi {
 }

 launch4j {
-  icon = "${projectDir}/src/main/resources/static/favicon.ico"
+    icon = "${projectDir}/src/main/resources/static/favicon.ico"

-  outfile="Stirling-PDF.exe"
-  headerType="console"
-  jarTask = tasks.bootJar
+    outfile="Stirling-PDF.exe"
+    headerType="console"
+    jarTask = tasks.bootJar

-  errTitle="Encountered error, Do you have Java 21?"
-  downloadUrl="https://download.oracle.com/java/21/latest/jdk-21_windows-x64_bin.exe"
-  variables=["BROWSER_OPEN=true", "ENDPOINTS_GROUPS_TO_REMOVE=CLI"]
-  jreMinVersion="17"
+    errTitle="Encountered error, Do you have Java 21?"
+    downloadUrl="https://download.oracle.com/java/21/latest/jdk-21_windows-x64_bin.exe"
+    variables=["BROWSER_OPEN=true", "ENDPOINTS_GROUPS_TO_REMOVE=CLI"]
+    jreMinVersion="17"

-  mutexName="Stirling-PDF"
-  windowTitle="Stirling-PDF"
+    mutexName="Stirling-PDF"
+    windowTitle="Stirling-PDF"

-  messagesStartupError="An error occurred while starting Stirling-PDF"
-  //messagesJreNotFoundError="This application requires a Java Runtime Environment, Please download Java 17."
-  messagesJreVersionError="You are running the wrong version of Java, Please download Java 21."
-  messagesLauncherError="Java is corrupted. Please uninstall and then install  Java 21."
-  messagesInstanceAlreadyExists="Stirling-PDF is already running."
+    messagesStartupError="An error occurred while starting Stirling-PDF"
+    // messagesJreNotFoundError="This application requires a Java Runtime Environment, Please download Java 17."
+    messagesJreVersionError="You are running the wrong version of Java, Please download Java 21."
+    messagesLauncherError="Java is corrupted. Please uninstall and then install  Java 21."
+    messagesInstanceAlreadyExists="Stirling-PDF is already running."
 }

 spotless {
    java {
        target project.fileTree('src/main/java')

-        googleJavaFormat('1.19.1').aosp().reorderImports(false)
+        googleJavaFormat("1.22.0").aosp().reorderImports(false)

-        importOrder('java', 'javax', 'org', 'com', 'net', 'io')
+        importOrder("java", "javax", "org", "com", "net", "io")
        toggleOffOn()
        trimTrailingWhitespace()
        indentWithSpaces()
@@ -85,132 +100,143 @@ spotless {
    }
 }

+tasks.wrapper {
+    gradleVersion = "8.7"
+}
+
 dependencies {
    //security updates
-    implementation 'ch.qos.logback:logback-classic:1.5.3'
-    implementation 'ch.qos.logback:logback-core:1.5.3'
-    implementation 'org.springframework:spring-webmvc:6.1.5'
+    implementation "ch.qos.logback:logback-classic:$logbackVersion"
+    implementation "ch.qos.logback:logback-core:$logbackVersion"
+    implementation "org.springframework:spring-webmvc:6.1.9"

-    implementation("io.github.pixee:java-security-toolkit:1.1.3")
+    implementation("io.github.pixee:java-security-toolkit:1.2.0")
+
+    // implementation "org.yaml:snakeyaml:2.2"
+    implementation 'com.github.Carleslc.Simple-YAML:Simple-Yaml:1.8.4'

-    implementation 'org.yaml:snakeyaml:2.2'
-    
    // Exclude Tomcat and include Jetty
-    implementation('org.springframework.boot:spring-boot-starter-web:3.2.4') {
-        exclude group: 'org.springframework.boot', module: 'spring-boot-starter-tomcat'
+    implementation("org.springframework.boot:spring-boot-starter-web:$springBootVersion") {
+        exclude group: "org.springframework.boot", module: "spring-boot-starter-tomcat"
    }
-    implementation 'org.springframework.boot:spring-boot-starter-jetty:3.2.4'
-    
-    implementation 'org.springframework.boot:spring-boot-starter-thymeleaf:3.2.4'
+    implementation "org.springframework.boot:spring-boot-starter-jetty:$springBootVersion"

-    if (System.getenv('DOCKER_ENABLE_SECURITY') != 'false') {
-        implementation 'org.springframework.boot:spring-boot-starter-security:3.2.4'
-        implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5:3.1.2.RELEASE'
-        implementation "org.springframework.boot:spring-boot-starter-data-jpa:3.2.4"
-        implementation 'org.springframework.boot:spring-boot-starter-oauth2-client:3.2.4'
+    implementation "org.springframework.boot:spring-boot-starter-thymeleaf:$springBootVersion"
+
+    if (System.getenv("DOCKER_ENABLE_SECURITY") != "false") {
+        implementation "org.springframework.boot:spring-boot-starter-security:$springBootVersion"
+        implementation "org.thymeleaf.extras:thymeleaf-extras-springsecurity5:3.1.2.RELEASE"
+        implementation "org.springframework.boot:spring-boot-starter-data-jpa:$springBootVersion"
+        implementation "org.springframework.boot:spring-boot-starter-oauth2-client:$springBootVersion"

        //2.2.x requires rebuild of DB file.. need migration path
        implementation "com.h2database:h2:2.1.214"
+        // implementation "com.h2database:h2:2.2.224"
    }

-    testImplementation 'org.springframework.boot:spring-boot-starter-test:3.2.4'
+    testImplementation "org.springframework.boot:spring-boot-starter-test:$springBootVersion"

    // Batik
-    implementation 'org.apache.xmlgraphics:batik-all:1.17'
+    implementation "org.apache.xmlgraphics:batik-all:1.17"

    // TwelveMonkeys
-    implementation 'com.twelvemonkeys.imageio:imageio-batik:3.10.1'
-    implementation 'com.twelvemonkeys.imageio:imageio-bmp:3.10.1'
-    // implementation 'com.twelvemonkeys.imageio:imageio-hdr:3.10.1'
-    // implementation 'com.twelvemonkeys.imageio:imageio-icns:3.10.1'
-    // implementation 'com.twelvemonkeys.imageio:imageio-iff:3.10.1'
-    implementation 'com.twelvemonkeys.imageio:imageio-jpeg:3.10.1'
-    // implementation 'com.twelvemonkeys.imageio:imageio-pcx:3.10.1'
-    // implementation 'com.twelvemonkeys.imageio:imageio-pict:3.10.1'
-    // implementation 'com.twelvemonkeys.imageio:imageio-pnm:3.10.1'
-    // implementation 'com.twelvemonkeys.imageio:imageio-psd:3.10.1'
-    // implementation 'com.twelvemonkeys.imageio:imageio-sgi:3.10.1'
-    // implementation 'com.twelvemonkeys.imageio:imageio-tga:3.10.1'
-    // implementation 'com.twelvemonkeys.imageio:imageio-thumbsdb:3.10.1'
-    implementation 'com.twelvemonkeys.imageio:imageio-tiff:3.10.1'
-    implementation 'com.twelvemonkeys.imageio:imageio-webp:3.10.1'
-    // implementation 'com.twelvemonkeys.imageio:imageio-xwd:3.10.1'
+    implementation "com.twelvemonkeys.imageio:imageio-batik:$imageioVersion"
+    implementation "com.twelvemonkeys.imageio:imageio-bmp:$imageioVersion"
+    // implementation "com.twelvemonkeys.imageio:imageio-hdr:$imageioVersion"
+    // implementation "com.twelvemonkeys.imageio:imageio-icns:$imageioVersion"
+    // implementation "com.twelvemonkeys.imageio:imageio-iff:$imageioVersion"
+    implementation "com.twelvemonkeys.imageio:imageio-jpeg:$imageioVersion"
+    // implementation "com.twelvemonkeys.imageio:imageio-pcx:$imageioVersion@
+    // implementation "com.twelvemonkeys.imageio:imageio-pict:$imageioVersion"
+    // implementation "com.twelvemonkeys.imageio:imageio-pnm:$imageioVersion"
+    // implementation "com.twelvemonkeys.imageio:imageio-psd:$imageioVersion"
+    // implementation "com.twelvemonkeys.imageio:imageio-sgi:$imageioVersion"
+    // implementation "com.twelvemonkeys.imageio:imageio-tga:$imageioVersion"
+    // implementation "com.twelvemonkeys.imageio:imageio-thumbsdb:$imageioVersion"
+    implementation "com.twelvemonkeys.imageio:imageio-tiff:$imageioVersion"
+    implementation "com.twelvemonkeys.imageio:imageio-webp:$imageioVersion"
+    // implementation "com.twelvemonkeys.imageio:imageio-xwd:$imageioVersion"

-    implementation 'commons-io:commons-io:2.15.1'
-    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.2.0'
+    implementation "commons-io:commons-io:2.16.1"
+    implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.2.0"

    //general PDF

    // https://mvnrepository.com/artifact/com.opencsv/opencsv
-    implementation ('com.opencsv:opencsv:5.9') {
-        exclude group: 'commons-logging', module: 'commons-logging'
+    implementation ("com.opencsv:opencsv:5.9") {
+        exclude group: "commons-logging", module: "commons-logging"
    }

-    implementation ('org.apache.pdfbox:pdfbox:3.0.2'){
-        exclude group: 'commons-logging', module: 'commons-logging'
+    implementation ("org.apache.pdfbox:pdfbox:$pdfboxVersion") {
+        exclude group: "commons-logging", module: "commons-logging"
    }

-    implementation ('org.apache.pdfbox:xmpbox:3.0.2'){
-        exclude group: 'commons-logging', module: 'commons-logging'
+    implementation ("org.apache.pdfbox:xmpbox:$pdfboxVersion") {
+        exclude group: "commons-logging", module: "commons-logging"
    }

-    implementation 'org.bouncycastle:bcprov-jdk18on:1.77'
-    implementation 'org.bouncycastle:bcpkix-jdk18on:1.77'
-    implementation 'org.springframework.boot:spring-boot-starter-actuator:3.2.4'
-    implementation 'io.micrometer:micrometer-core:1.12.4'
-    implementation group: 'com.google.zxing', name: 'core', version: '3.5.3'
+    implementation 'org.apache.pdfbox:jbig2-imageio:3.0.4'
+
+	
+    implementation "com.github.Carleslc.Simple-YAML:Simple-Yaml:1.8.4"
+
+    implementation "org.bouncycastle:bcprov-jdk18on:$bouncycastleVersion"
+    implementation "org.bouncycastle:bcpkix-jdk18on:$bouncycastleVersion"
+    implementation "org.springframework.boot:spring-boot-starter-actuator:$springBootVersion"
+    implementation "io.micrometer:micrometer-core:1.13.3"
+    implementation group: "com.google.zxing", name: "core", version: "3.5.3"
    // https://mvnrepository.com/artifact/org.commonmark/commonmark
-    implementation 'org.commonmark:commonmark:0.22.0'
-    implementation 'org.commonmark:commonmark-ext-gfm-tables:0.22.0'
-    // https://mvnrepository.com/artifact/com.github.vladimir-bukhtoyarov/bucket4j-core
-    implementation 'com.github.vladimir-bukhtoyarov:bucket4j-core:7.6.0'
+    implementation "org.commonmark:commonmark:0.22.0"
+    implementation "org.commonmark:commonmark-ext-gfm-tables:0.22.0"
+    // https://mvnrepository.com/artifact/com.bucket4j/bucket4j_jdk17
+    implementation "com.bucket4j:bucket4j_jdk17-core:8.14.0"
+    implementation "com.fathzer:javaluator:3.0.4"

-	implementation 'com.fathzer:javaluator:3.0.3'
+    developmentOnly("org.springframework.boot:spring-boot-devtools:$springBootVersion")
+    compileOnly "org.projectlombok:lombok:$lombokVersion"
+    annotationProcessor "org.projectlombok:lombok:$lombokVersion"

-    developmentOnly("org.springframework.boot:spring-boot-devtools:3.2.4")
-    compileOnly 'org.projectlombok:lombok:1.18.32'
-    annotationProcessor 'org.projectlombok:lombok:1.18.32'
+    testImplementation 'org.mockito:mockito-inline:5.2.0'
 }

-tasks.withType(JavaCompile) {
-    dependsOn 'spotlessApply'
+tasks.withType(JavaCompile).configureEach {
+    options.encoding = "UTF-8"
+    dependsOn "spotlessApply"
 }
 compileJava {
-    options.compilerArgs << '-parameters'
+    options.compilerArgs << "-parameters"
 }

 task writeVersion {
-    def propsFile = file('src/main/resources/version.properties')
+    def propsFile = file("src/main/resources/version.properties")
    def props = new Properties()
-    props.setProperty('version', version)
+    props.setProperty("version", version)
    props.store(propsFile.newWriter(), null)
 }

 swaggerhubUpload {
    //dependsOn generateOpenApiDocs  // Depends on your task generating Swagger docs
-    api 'Stirling-PDF'  // The name of your API on SwaggerHub
-    owner 'Frooodle'  // Your SwaggerHub username (or organization name)
+    api "Stirling-PDF"  // The name of your API on SwaggerHub
+    owner "Frooodle"  // Your SwaggerHub username (or organization name)
    version project.version  // The version of your API
-    inputFile './SwaggerDoc.json'  // The path to your Swagger docs
-    token  "${System.getenv('SWAGGERHUB_API_KEY')}"  // Your SwaggerHub API key, passed as an environment variable
-    oas '3.0.0'  // The version of the OpenAPI Specification you're using
+    inputFile "./SwaggerDoc.json"  // The path to your Swagger docs
+    token  "${System.getenv("SWAGGERHUB_API_KEY")}"  // Your SwaggerHub API key, passed as an environment variable
+    oas "3.0.0"  // The version of the OpenAPI Specification you"re using
 }

-
-
 jar {
    enabled = false
    manifest {
-        attributes 'Implementation-Title': 'Stirling-PDF',
-                   'Implementation-Version': project.version
+        attributes "Implementation-Title": "Stirling-PDF",
+                   "Implementation-Version": project.version
    }

 }

-tasks.named('test') {
+tasks.named("test") {
    useJUnitPlatform()
 }

 task printVersion {
-  println project.version
+    println project.version
 }
--- a/chart/stirling-pdf/Chart.yaml
+++ b/chart/stirling-pdf/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 0.25.0
+appVersion: 0.28.2
 description: locally hosted web application that allows you to perform various operations
  on PDF files
 home: https://github.com/Stirling-Tools/Stirling-PDF
--- a/chart/stirling-pdf/templates/deployment.yaml
+++ b/chart/stirling-pdf/templates/deployment.yaml
@@ -62,8 +62,10 @@ spec:
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        securityContext:
          {{- toYaml .Values.containerSecurityContext | nindent 10 }}
-{{- if .Values.envs }}
        env:
+        - name: SYSTEM_ROOTURIPATH
+          value: {{ .Values.rootPath}}
+{{- if .Values.envs }}
 {{ toYaml .Values.envs | indent 8 }}
 {{- end }}
 {{- if .Values.extraArgs }}
@@ -75,13 +77,13 @@ spec:
          containerPort: 8080
        livenessProbe:
          httpGet:
-            path: /
+            path: {{ .Values.rootPath}}
            port: http
 {{ toYaml .Values.probes.livenessHttpGetConfig | indent 12 }}
 {{ toYaml .Values.probes.liveness | indent 10 }}
        readinessProbe:
          httpGet:
-            path: /
+            path: {{ .Values.rootPath}}
            port: http
 {{ toYaml .Values.probes.readinessHttpGetConfig | indent 12 }}
 {{ toYaml .Values.probes.readiness | indent 10 }}
--- a/chart/stirling-pdf/values.yaml
+++ b/chart/stirling-pdf/values.yaml
@@ -15,6 +15,9 @@ secret:
 commonLabels: {}
 # team_name: dev

+# rootpath for the application
+rootPath: /
+
 envs: []
 # - name: UI_APP_NAME
 #   value: "Stirling PDF"
@@ -24,8 +27,6 @@ envs: []
 #   value: "Stirling PDF"
 # - name: ALLOW_GOOGLE_VISIBILITY
 #   value: "true"
-# - name: APP_ROOT_PATH
-#   value: "/"
 # - name: APP_LOCALE
 #   value: "en_GB"

--- a/cucumber/exampleFiles/ghost1.pdf
+++ b/cucumber/exampleFiles/ghost1.pdf
@@ -0,0 +1,106 @@
+%PDF-1.3
+%“Œ‹ž ReportLab Generated PDF document http://www.reportlab.com
+1 0 obj
+<<
+/F1 2 0 R
+>>
+endobj
+2 0 obj
+<<
+/BaseFont /Helvetica /Encoding /WinAnsiEncoding /Name /F1 /Subtype /Type1 /Type /Font
+>>
+endobj
+3 0 obj
+<<
+/Contents 9 0 R /MediaBox [ 0 0 612 792 ] /Parent 8 0 R /Resources <<
+/Font 1 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
+>> /Rotate 0 /Trans <<
+
+>> 
+  /Type /Page
+>>
+endobj
+4 0 obj
+<<
+/Contents 10 0 R /MediaBox [ 0 0 612 792 ] /Parent 8 0 R /Resources <<
+/Font 1 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
+>> /Rotate 0 /Trans <<
+
+>> 
+  /Type /Page
+>>
+endobj
+5 0 obj
+<<
+/Contents 11 0 R /MediaBox [ 0 0 612 792 ] /Parent 8 0 R /Resources <<
+/Font 1 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
+>> /Rotate 0 /Trans <<
+
+>> 
+  /Type /Page
+>>
+endobj
+6 0 obj
+<<
+/PageMode /UseNone /Pages 8 0 R /Type /Catalog
+>>
+endobj
+7 0 obj
+<<
+/Author (anonymous) /CreationDate (D:20240718233034+00'00') /Creator (ReportLab PDF Library - www.reportlab.com) /Keywords () /ModDate (D:20240718233034+00'00') /Producer (ReportLab PDF Library - www.reportlab.com) 
+  /Subject (unspecified) /Title (untitled) /Trapped /False
+>>
+endobj
+8 0 obj
+<<
+/Count 3 /Kids [ 3 0 R 4 0 R 5 0 R ] /Type /Pages
+>>
+endobj
+9 0 obj
+<<
+/Filter [ /ASCII85Decode /FlateDecode ] /Length 210
+>>
+stream
+Gap@Gb79+X'F"5[`EfJOD4:mD<%*=m+N>oDG,>NK`<U'B^0WYY,dWl^i_UcRk`<"L=<NPC$BtQ<5l$3<Y!?BuoCSYQ6GSt25lpqr0IrP?S[b)9%M"e'HHFqcRO'9eRaR0'DYi*Y.:nEMFAoTM;rPL%EF]`CfoELVl_Q,"LS:%iI;Nc[&bG.*65O]ecfK1'*<>5P_s[usI/ph*0pV~>endstream
+endobj
+10 0 obj
+<<
+/Filter [ /ASCII85Decode /FlateDecode ] /Length 209
+>>
+stream
+Gap@Gb79+X'F"5Y`EfJOV2A9=!fB]F'tK1LS`,]G+MiTenb&V2-^hqa(5IE#Nr59/!"Qm*5_(BdF!0&h!Yhk/A+\iS'%6tuO$O)9LaZS+flr([1p2&#RS1p/gT[B;rDj-=&=iqUlj(P^/5U@eCFqn4:<lU`l`.HXqG-',hJH.DI.(6L\luSAW`Q'oje[qgVLVIXg%PXe+,<$7('~>endstream
+endobj
+11 0 obj
+<<
+/Filter [ /ASCII85Decode /FlateDecode ] /Length 209
+>>
+stream
+Gap@GbmK%f(e+0_`ODoa2.):e/i+N3r(.o*Qf\gSNb(bt4FIubi@GIOE=p8Ir3;CbQ@KuG^cdJhODZKQ*upt+*rdZ%!mFmN$*.P)K;`s#]G=8AO3s3DGB.RCOn?[F]bEIg,a>25?B%dh\Z/C6opFE'el@I,P\u\V\]:*JYrrsNJ&d,11VL;$h!43eGu&1X6$+5-h\Vr6!+>4Je,~>endstream
+endobj
+xref
+0 12
+0000000000 65535 f 
+0000000073 00000 n 
+0000000104 00000 n 
+0000000211 00000 n 
+0000000404 00000 n 
+0000000598 00000 n 
+0000000792 00000 n 
+0000000860 00000 n 
+0000001156 00000 n 
+0000001227 00000 n 
+0000001527 00000 n 
+0000001827 00000 n 
+trailer
+<<
+/ID 
+[<0d5cf047e754e05f8d574f067785875c><0d5cf047e754e05f8d574f067785875c>]
+% ReportLab generated PDF document -- digest (http://www.reportlab.com)
+
+/Info 7 0 R
+/Root 6 0 R
+/Size 12
+>>
+startxref
+2127
+%%EOF
--- a/cucumber/exampleFiles/ghost2.pdf
+++ b/cucumber/exampleFiles/ghost2.pdf
@@ -0,0 +1,106 @@
+%PDF-1.3
+%“Œ‹ž ReportLab Generated PDF document http://www.reportlab.com
+1 0 obj
+<<
+/F1 2 0 R
+>>
+endobj
+2 0 obj
+<<
+/BaseFont /Helvetica /Encoding /WinAnsiEncoding /Name /F1 /Subtype /Type1 /Type /Font
+>>
+endobj
+3 0 obj
+<<
+/Contents 9 0 R /MediaBox [ 0 0 612 792 ] /Parent 8 0 R /Resources <<
+/Font 1 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
+>> /Rotate 0 /Trans <<
+
+>> 
+  /Type /Page
+>>
+endobj
+4 0 obj
+<<
+/Contents 10 0 R /MediaBox [ 0 0 612 792 ] /Parent 8 0 R /Resources <<
+/Font 1 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
+>> /Rotate 0 /Trans <<
+
+>> 
+  /Type /Page
+>>
+endobj
+5 0 obj
+<<
+/Contents 11 0 R /MediaBox [ 0 0 612 792 ] /Parent 8 0 R /Resources <<
+/Font 1 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
+>> /Rotate 0 /Trans <<
+
+>> 
+  /Type /Page
+>>
+endobj
+6 0 obj
+<<
+/PageMode /UseNone /Pages 8 0 R /Type /Catalog
+>>
+endobj
+7 0 obj
+<<
+/Author (anonymous) /CreationDate (D:20240718233034+00'00') /Creator (ReportLab PDF Library - www.reportlab.com) /Keywords () /ModDate (D:20240718233034+00'00') /Producer (ReportLab PDF Library - www.reportlab.com) 
+  /Subject (unspecified) /Title (untitled) /Trapped /False
+>>
+endobj
+8 0 obj
+<<
+/Count 3 /Kids [ 3 0 R 4 0 R 5 0 R ] /Type /Pages
+>>
+endobj
+9 0 obj
+<<
+/Filter [ /ASCII85Decode /FlateDecode ] /Length 207
+>>
+stream
+Gap@G:CDb.*/<p2MVk["e@)7*Z0@"b%+@f/9pA%_U<oOkVp?PnGRb81iPg?0i?(]%^_CSf##%;<!7Ne/-%RR^p@t7hKYZ9eJVHV]fjjHIB:6DrW+2\p16@*`r^CpQZZH'2Pjqd<.&hM2UO%$Wi$te%4QmS;<E"QS\!deQG_XtuEK>b(UbS>%`/0S`k\\5'TNY0mmgH?`8]i_0~>endstream
+endobj
+10 0 obj
+<<
+/Filter [ /ASCII85Decode /FlateDecode ] /Length 207
+>>
+stream
+Gap@G]afWJ'Lm;=if<;s>V*7BTJ]oQ@P!(q5S+WG1%>L@?8Ue;c>[fY&&IOd5@t@TY@+q.5T<Z'81"J("KhsBa+&u4"n'#6)AjfImh)%$0tVC:aGk",=aJJH#/4]i.WJr9c"cibYm:M-44<%FFlG0Cl\Z'nmo7C"TR+7dk3T#iD(9Pq'\;rQku%o>A_`50SO&7M04=8M'O<Am~>endstream
+endobj
+11 0 obj
+<<
+/Filter [ /ASCII85Decode /FlateDecode ] /Length 209
+>>
+stream
+Gap@GYmu@>'Ld5[if35r/JNaJ.A.7fP9RpSN*8k^-sEER0,enq1Rsuo@R/uCO-^&Y`F'9d^a?9)?ns+F&dXm[HMgPn6Ep+%TRk5Nh+!(+[H#H:U^.^(YL,PKS'%j/:3O\hJVEK-UUekJTd[A$N^((K^#0Du`i@,/^f5KiUISGr")3/+f9NF8NO1+iUgm^b"X\cE^+[:s!0]Gu6i~>endstream
+endobj
+xref
+0 12
+0000000000 65535 f 
+0000000073 00000 n 
+0000000104 00000 n 
+0000000211 00000 n 
+0000000404 00000 n 
+0000000598 00000 n 
+0000000792 00000 n 
+0000000860 00000 n 
+0000001156 00000 n 
+0000001227 00000 n 
+0000001524 00000 n 
+0000001822 00000 n 
+trailer
+<<
+/ID 
+[<407fc55425168745e56176202aad30c9><407fc55425168745e56176202aad30c9>]
+% ReportLab generated PDF document -- digest (http://www.reportlab.com)
+
+/Info 7 0 R
+/Root 6 0 R
+/Size 12
+>>
+startxref
+2122
+%%EOF
--- a/cucumber/exampleFiles/ghost3.pdf
+++ b/cucumber/exampleFiles/ghost3.pdf
@@ -0,0 +1,106 @@
+%PDF-1.3
+%“Œ‹ž ReportLab Generated PDF document http://www.reportlab.com
+1 0 obj
+<<
+/F1 2 0 R
+>>
+endobj
+2 0 obj
+<<
+/BaseFont /Helvetica /Encoding /WinAnsiEncoding /Name /F1 /Subtype /Type1 /Type /Font
+>>
+endobj
+3 0 obj
+<<
+/Contents 9 0 R /MediaBox [ 0 0 612 792 ] /Parent 8 0 R /Resources <<
+/Font 1 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
+>> /Rotate 0 /Trans <<
+
+>> 
+  /Type /Page
+>>
+endobj
+4 0 obj
+<<
+/Contents 10 0 R /MediaBox [ 0 0 612 792 ] /Parent 8 0 R /Resources <<
+/Font 1 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
+>> /Rotate 0 /Trans <<
+
+>> 
+  /Type /Page
+>>
+endobj
+5 0 obj
+<<
+/Contents 11 0 R /MediaBox [ 0 0 612 792 ] /Parent 8 0 R /Resources <<
+/Font 1 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
+>> /Rotate 0 /Trans <<
+
+>> 
+  /Type /Page
+>>
+endobj
+6 0 obj
+<<
+/PageMode /UseNone /Pages 8 0 R /Type /Catalog
+>>
+endobj
+7 0 obj
+<<
+/Author (anonymous) /CreationDate (D:20240718233034+00'00') /Creator (ReportLab PDF Library - www.reportlab.com) /Keywords () /ModDate (D:20240718233034+00'00') /Producer (ReportLab PDF Library - www.reportlab.com) 
+  /Subject (unspecified) /Title (untitled) /Trapped /False
+>>
+endobj
+8 0 obj
+<<
+/Count 3 /Kids [ 3 0 R 4 0 R 5 0 R ] /Type /Pages
+>>
+endobj
+9 0 obj
+<<
+/Filter [ /ASCII85Decode /FlateDecode ] /Length 209
+>>
+stream
+Gap@G]+0EH(e/_@iZH]:>:>hu1e>07BJg5<'#:.C1n)e#(QJ6R1Rsuo_gpn.+0-H5$/#"iYR[B.9\'>7!aDAC*rf/t&6O#aH<?-7IT'\?X(&TcABG=ON*Nq`4k=o&p@3,0*31r<)TAP2Pk94p0\"R-_sY1$AYo[8B\?4R>feLAB\mpjZhp"`@J3;"Fm97#9+W,"eb95\+#p\^HN~>endstream
+endobj
+10 0 obj
+<<
+/Filter [ /ASCII85Decode /FlateDecode ] /Length 209
+>>
+stream
+Gap@G]+0EX'Eriuig+>QHNeD'#n%Sq#n%BW`C'uDUOYK)HdS4E9JMsp+HUmDj&H-t*4?UamXX0peVspk"i_@ba+&u"J>UYDKV_^G,7V==aTZZ<YO7:sNSQ[6"Ja-29NtYjd#=`J@D'h+[QW=:EEb?A<k!f+\`g^?,Vgp7_)91[lR\f.Tkf7VIPLVYM&deF!aYt9Ip^"N",3F'*W~>endstream
+endobj
+11 0 obj
+<<
+/Filter [ /ASCII85Decode /FlateDecode ] /Length 209
+>>
+stream
+Gap@G]+0EH(e/_@iZH]:>J`g!jPCLm;?AgU"fdk"PQZD\d?lRI_oWc[$tp^]O\:3fK8kWeX2&Jcg0+RoJ]j;2j*upu!b4.o&f)b$I@7CfIYjP^#\VjhC=QhQ]^lV-@<0Tam!0.+Dn@("AK%N,Uc7hb+6VoQ$q2q[7]BB92RoY/.j2N028i1jNf'@<1+Fqf$1&"8omHk`#DHP>OT~>endstream
+endobj
+xref
+0 12
+0000000000 65535 f 
+0000000073 00000 n 
+0000000104 00000 n 
+0000000211 00000 n 
+0000000404 00000 n 
+0000000598 00000 n 
+0000000792 00000 n 
+0000000860 00000 n 
+0000001156 00000 n 
+0000001227 00000 n 
+0000001526 00000 n 
+0000001826 00000 n 
+trailer
+<<
+/ID 
+[<80da26147a484f2b7573da8151a93d2e><80da26147a484f2b7573da8151a93d2e>]
+% ReportLab generated PDF document -- digest (http://www.reportlab.com)
+
+/Info 7 0 R
+/Root 6 0 R
+/Size 12
+>>
+startxref
+2126
+%%EOF
--- a/cucumber/exampleFiles/images.pdf
+++ b/cucumber/exampleFiles/images.pdf
--- a/cucumber/exampleFiles/pdfa1.pdf
+++ b/cucumber/exampleFiles/pdfa1.pdf
@@ -0,0 +1,106 @@
+%PDF-1.3
+%“Œ‹ž ReportLab Generated PDF document http://www.reportlab.com
+1 0 obj
+<<
+/F1 2 0 R
+>>
+endobj
+2 0 obj
+<<
+/BaseFont /Helvetica /Encoding /WinAnsiEncoding /Name /F1 /Subtype /Type1 /Type /Font
+>>
+endobj
+3 0 obj
+<<
+/Contents 9 0 R /MediaBox [ 0 0 612 792 ] /Parent 8 0 R /Resources <<
+/Font 1 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
+>> /Rotate 0 /Trans <<
+
+>> 
+  /Type /Page
+>>
+endobj
+4 0 obj
+<<
+/Contents 10 0 R /MediaBox [ 0 0 612 792 ] /Parent 8 0 R /Resources <<
+/Font 1 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
+>> /Rotate 0 /Trans <<
+
+>> 
+  /Type /Page
+>>
+endobj
+5 0 obj
+<<
+/Contents 11 0 R /MediaBox [ 0 0 612 792 ] /Parent 8 0 R /Resources <<
+/Font 1 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
+>> /Rotate 0 /Trans <<
+
+>> 
+  /Type /Page
+>>
+endobj
+6 0 obj
+<<
+/PageMode /UseNone /Pages 8 0 R /Type /Catalog
+>>
+endobj
+7 0 obj
+<<
+/Author (anonymous) /CreationDate (D:20240718233034+00'00') /Creator (ReportLab PDF Library - www.reportlab.com) /Keywords () /ModDate (D:20240718233034+00'00') /Producer (ReportLab PDF Library - www.reportlab.com) 
+  /Subject (unspecified) /Title (untitled) /Trapped /False
+>>
+endobj
+8 0 obj
+<<
+/Count 3 /Kids [ 3 0 R 4 0 R 5 0 R ] /Type /Pages
+>>
+endobj
+9 0 obj
+<<
+/Filter [ /ASCII85Decode /FlateDecode ] /Length 206
+>>
+stream
+Gap@G\IO3f&4Lr[@S4&T2aReWZ3N'9",Ncra>5AuK^J(o@r?=EP>b]h[L@XZ8q7#[c:#H2:^/=b,p3^,&f-Q.'H%!U?%N\iVa1pLMlh/41\A8@dF5@0al:-1?L;D%LpL3g\9`.3c6N/Mp=sE/nO%^@%Cc3`]e`qqS@[pkUWemMZC<P\fkqa55u)*hIUoU437-gb!e_*&B/,&~>endstream
+endobj
+10 0 obj
+<<
+/Filter [ /ASCII85Decode /FlateDecode ] /Length 209
+>>
+stream
+Gap@G\IO3V'LdA_ig"8P1PS=kA5Q_GQ\P]*S3\>Q`jHYt?8UdkV`6]UV*On)+1VMV+A@.iF:*6sWfM9f"s.NmVuMto!p7-+,Rb<.h,pdi-&OQ5KO\RRFj.j"A)ScTQ7$hudF^TnZ'XuQA5"O]rYkt><-DJmj'"Ri>n!4`^m409XX`e)AR'*rGsn6m79.18+^ba=qRuss"-A3k+9~>endstream
+endobj
+11 0 obj
+<<
+/Filter [ /ASCII85Decode /FlateDecode ] /Length 210
+>>
+stream
+Gap@G]+0EH(e/_@iZH]:.1fBHK`Xl'[i1&AjX(\k8hbgo(QJ6R1Rsuo6_I1A5Gg$JL;D#$J2CX;+Cf*cUHk2%H1XmpWe+qZ5moJ#B]>b%%[d,mfSSkS4A:Q4NlOFfrL7eA,s45"eUSakM;927AA,1"-LZ)&nZ/ah=8_X7:?ZMj@J@;r7d`t]Z0\d39M%:$k8[S5D"2oSap4s80l?~>endstream
+endobj
+xref
+0 12
+0000000000 65535 f 
+0000000073 00000 n 
+0000000104 00000 n 
+0000000211 00000 n 
+0000000404 00000 n 
+0000000598 00000 n 
+0000000792 00000 n 
+0000000860 00000 n 
+0000001156 00000 n 
+0000001227 00000 n 
+0000001523 00000 n 
+0000001823 00000 n 
+trailer
+<<
+/ID 
+[<88edee24ee67bd7d6b7cf53cfa2222b0><88edee24ee67bd7d6b7cf53cfa2222b0>]
+% ReportLab generated PDF document -- digest (http://www.reportlab.com)
+
+/Info 7 0 R
+/Root 6 0 R
+/Size 12
+>>
+startxref
+2124
+%%EOF
--- a/cucumber/exampleFiles/pdfa2.pdf
+++ b/cucumber/exampleFiles/pdfa2.pdf
@@ -0,0 +1,106 @@
+%PDF-1.3
+%“Œ‹ž ReportLab Generated PDF document http://www.reportlab.com
+1 0 obj
+<<
+/F1 2 0 R
+>>
+endobj
+2 0 obj
+<<
+/BaseFont /Helvetica /Encoding /WinAnsiEncoding /Name /F1 /Subtype /Type1 /Type /Font
+>>
+endobj
+3 0 obj
+<<
+/Contents 9 0 R /MediaBox [ 0 0 612 792 ] /Parent 8 0 R /Resources <<
+/Font 1 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
+>> /Rotate 0 /Trans <<
+
+>> 
+  /Type /Page
+>>
+endobj
+4 0 obj
+<<
+/Contents 10 0 R /MediaBox [ 0 0 612 792 ] /Parent 8 0 R /Resources <<
+/Font 1 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
+>> /Rotate 0 /Trans <<
+
+>> 
+  /Type /Page
+>>
+endobj
+5 0 obj
+<<
+/Contents 11 0 R /MediaBox [ 0 0 612 792 ] /Parent 8 0 R /Resources <<
+/Font 1 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
+>> /Rotate 0 /Trans <<
+
+>> 
+  /Type /Page
+>>
+endobj
+6 0 obj
+<<
+/PageMode /UseNone /Pages 8 0 R /Type /Catalog
+>>
+endobj
+7 0 obj
+<<
+/Author (anonymous) /CreationDate (D:20240718233034+00'00') /Creator (ReportLab PDF Library - www.reportlab.com) /Keywords () /ModDate (D:20240718233034+00'00') /Producer (ReportLab PDF Library - www.reportlab.com) 
+  /Subject (unspecified) /Title (untitled) /Trapped /False
+>>
+endobj
+8 0 obj
+<<
+/Count 3 /Kids [ 3 0 R 4 0 R 5 0 R ] /Type /Pages
+>>
+endobj
+9 0 obj
+<<
+/Filter [ /ASCII85Decode /FlateDecode ] /Length 209
+>>
+stream
+Gap@GYmu@>'Ld5[if35rI0]sG)F[U^"c>T)"\\os-r:1V0,enq1Rsuo,*67.@k7U.LRF-P.e"CM2V!>iYi<g`nXh!K?n@$t^rY1$+^0'>=B8H6e;F1WmG#,(eS00(Qe9&:O@nI879DTsT,njXAB?`8:>,Hn3*RV!qh4;&@6%]<9Y*>QZ].Z5o;RAZXg7d[#+bphHs_Ep!QR2TZ2~>endstream
+endobj
+10 0 obj
+<<
+/Filter [ /ASCII85Decode /FlateDecode ] /Length 210
+>>
+stream
+Gap@G]+0EH(e/_@iZH]:>=,iY1bE)XN?M;1'J/>i&HY;gks]*rj:!DKpb8@`prC#N+9E#o#-<G*!#p7e6j-1sX2k5S,6XmM"taYkfK^k">%usEeEk=sR<UT"dm`rXD;!S`_jS9LU+(R%e'V%WSMfHP.pXZEQqTQq=&D[I[PS(41(NIAZ1R/U?:Z=hSXu!NDF)bpG2F+/I/q/u1-Y~>endstream
+endobj
+11 0 obj
+<<
+/Filter [ /ASCII85Decode /FlateDecode ] /Length 209
+>>
+stream
+Gap@G_$YcZ'LhbF`EQB$nqi=8S<;#HbK3&f>rnodRPo`Vf4P[3cJidY(I=[K5NWCT'<lHgci?oCRVNST&[k#q4oSC0FWgAt1pD4d_(hIRjn_Nt+cFgJlfm[1U8@/M4r^Pk<@F!@e?%/!-Vq;]nfdLi9]P2M)ck9?)%oNXa_\N<-d"(pjlH%-G`T@Sj&P(j6.@#Xh\Vr6!1iI2/H~>endstream
+endobj
+xref
+0 12
+0000000000 65535 f 
+0000000073 00000 n 
+0000000104 00000 n 
+0000000211 00000 n 
+0000000404 00000 n 
+0000000598 00000 n 
+0000000792 00000 n 
+0000000860 00000 n 
+0000001156 00000 n 
+0000001227 00000 n 
+0000001526 00000 n 
+0000001827 00000 n 
+trailer
+<<
+/ID 
+[<4fcc82a085fe71e34a32d1b23c8b939f><4fcc82a085fe71e34a32d1b23c8b939f>]
+% ReportLab generated PDF document -- digest (http://www.reportlab.com)
+
+/Info 7 0 R
+/Root 6 0 R
+/Size 12
+>>
+startxref
+2127
+%%EOF
--- a/cucumber/features/environment.py
+++ b/cucumber/features/environment.py
@@ -14,3 +14,8 @@ def after_scenario(context, scenario):
        os.remove('response_file')
    if hasattr(context, 'file_name') and os.path.exists(context.file_name):
        os.remove(context.file_name)
+
+    # Remove any temporary files
+    for temp_file in os.listdir('.'):
+        if temp_file.startswith('genericNonCustomisableName') or temp_file.startswith('temp_image_'):
+            os.remove(temp_file)
--- a/cucumber/features/examples.feature
+++ b/cucumber/features/examples.feature
@@ -1,4 +1,4 @@
-@example
+@example @general
 Feature: API Validation

  @positive @password
@@ -92,10 +92,10 @@ Feature: API Validation
      | threshold    | 90          |
      | whitePercent | 99.9        |
    When I send the API request to the endpoint "/api/v1/misc/remove-blanks"
-    Then the response content type should be "application/pdf"
+    Then the response content type should be "application/octet-stream"
+    And the response file should have extension ".zip"
+    And the response ZIP should contain 1 files
    And the response file should have size greater than 0
-    And the response PDF should contain 0 pages
-	And the response status code should be 200

  @positive @flatten
  Scenario: Flatten PDF
@@ -127,4 +127,4 @@ Feature: API Validation
 	And the response PDF metadata should include "Title" as "Sample Title"
 	And the response status code should be 200

-  
+  
--- a/cucumber/features/external.feature
+++ b/cucumber/features/external.feature
@@ -32,7 +32,7 @@ Feature: API Validation
  @ocr @positive
  Scenario: Extract Image Scans
    Given I generate a PDF file as "fileInput"
-	And the pdf contains 3 images on 2 pages
+	And the pdf contains 3 images of size 300x300 on 2 pages
    And the request data includes
      | parameter        | value       |
      | angleThreshold        | 5         |
@@ -125,8 +125,7 @@ Feature: API Validation

  @ocr
  Scenario: PDFA
-    Given I generate a PDF file as "fileInput"
-    And the pdf contains 3 pages with random text
+    Given I use an example file at "exampleFiles/pdfa2.pdf" as parameter "fileInput"
 	And the request data includes
      | parameter        | value     |
      | outputFormat     | pdfa       |
@@ -137,8 +136,7 @@ Feature: API Validation
 	
  @ocr
  Scenario: PDFA1
-    Given I generate a PDF file as "fileInput"
-    And the pdf contains 3 pages with random text
+    Given I use an example file at "exampleFiles/pdfa1.pdf" as parameter "fileInput"
 	And the request data includes
      | parameter        | value     |
      | outputFormat     | pdfa-1       |
@@ -149,8 +147,7 @@ Feature: API Validation
 	
  @compress @ghostscript @positive
  Scenario: Compress
-    Given I generate a PDF file as "fileInput"
-    And the pdf contains 3 pages with random text
+    Given I use an example file at "exampleFiles/ghost3.pdf" as parameter "fileInput"
 	And the request data includes
      | parameter        | value     |
      | optimizeLevel     | 4       |
@@ -161,8 +158,7 @@ Feature: API Validation
 	
  @compress @ghostscript @positive
  Scenario: Compress
-    Given I generate a PDF file as "fileInput"
-    And the pdf contains 3 pages with random text
+    Given I use an example file at "exampleFiles/ghost2.pdf" as parameter "fileInput"
 	And the request data includes
      | parameter        | value     |
      | optimizeLevel     | 1       |
@@ -175,8 +171,7 @@ Feature: API Validation
 	
  @compress @ghostscript @positive
  Scenario: Compress
-    Given I generate a PDF file as "fileInput"
-    And the pdf contains 3 pages with random text
+    Given I use an example file at "exampleFiles/ghost1.pdf" as parameter "fileInput"
 	And the request data includes
      | parameter        | value     |
      | optimizeLevel     | 1       |
--- a/cucumber/features/general.feature
+++ b/cucumber/features/general.feature
@@ -94,3 +94,23 @@ Feature: API Validation
    | 1         | 10         | 2         | 10            |


+  @extract-images
+  Scenario Outline: Extract Image Scans
+    Given I use an example file at "exampleFiles/images.pdf" as parameter "fileInput"
+    And the request data includes
+      | parameter        | value       |
+      | format        | <format>         |
+    When I send the API request to the endpoint "/api/v1/misc/extract-images"
+    Then the response content type should be "application/octet-stream"
+	And the response file should have extension ".zip"
+	And the response ZIP should contain 20 files
+    And the response file should have size greater than 0
+	And the response status code should be 200
+	
+	Examples:
+    | format | 
+    | png        | 
+    | gif         |
+    | jpeg        | 
+
+	
--- a/cucumber/features/steps/step_definitions.py
+++ b/cucumber/features/steps/step_definitions.py
@@ -6,11 +6,14 @@ import io
 import random
 import string
 from reportlab.lib.pagesizes import letter
+from reportlab.lib.utils import ImageReader
 from reportlab.pdfgen import canvas
 import mimetypes
 import requests
 import zipfile
 import shutil
+import re
+from PIL import Image, ImageDraw

 #########
 # GIVEN #
@@ -43,8 +46,6 @@ def step_use_example_file(context, filePath, fileInput):
    except FileNotFoundError:
        raise FileNotFoundError(f"The example file '{filePath}' does not exist.")

-        
-
@given('the pdf contains {page_count:d} pages')
 def step_pdf_contains_pages(context, page_count):
    writer = PdfWriter()
@@ -66,8 +67,6 @@ def step_pdf_contains_blank_pages(context, page_count):
    context.files[context.param_name].close()
    context.files[context.param_name] = open(context.file_name, 'rb')

-
-
 def create_black_box_image(file_name, size):
    can = canvas.Canvas(file_name, pagesize=size)
    width, height = size
@@ -76,36 +75,75 @@ def create_black_box_image(file_name, size):
    can.showPage()
    can.save()

-def create_pdf_with_black_boxes(file_name, image_count, page_count):
-    page_width, page_height = letter
-    box_size = 72  # 1 inch by 1 inch black box
+@given(u'the pdf contains {image_count:d} images of size {width:d}x{height:d} on {page_count:d} pages')
+def step_impl(context, image_count, width, height, page_count):
+    context.param_name = "fileInput"
+    context.file_name = "genericNonCustomisableName.pdf"
+    create_pdf_with_images_and_boxes(context.file_name, image_count, page_count, width, height)
+    if not hasattr(context, 'files'):
+        context.files = {}
+    context.files[context.param_name] = open(context.file_name, 'rb')
+
+def add_black_boxes_to_image(image):
+    if isinstance(image, str):
+        image = Image.open(image)
+
+    draw = ImageDraw.Draw(image)
+    draw.rectangle([(0, 0), image.size], fill=(0, 0, 0))  # Fill image with black
+    return image
+
+def create_pdf_with_images_and_boxes(file_name, image_count, page_count, image_width, image_height):
+    page_width, page_height = max(letter[0], image_width), max(letter[1], image_height)
    boxes_per_page = image_count // page_count + (1 if image_count % page_count != 0 else 0)
-    
+
    writer = PdfWriter()
    box_counter = 0
-    
+
    for page in range(page_count):
        packet = io.BytesIO()
-        can = canvas.Canvas(packet, pagesize=letter)
-        
+        can = canvas.Canvas(packet, pagesize=(page_width, page_height))
+
        for i in range(boxes_per_page):
            if box_counter >= image_count:
                break
-            x = (i % (page_width // box_size)) * box_size
-            y = page_height - ((i // (page_width // box_size) + 1) * box_size)
-            can.setFillColorRGB(0, 0, 0)
-            can.rect(x, y, box_size, box_size, fill=1)
+
+            # Simulating a dynamic image creation (replace this with your actual image creation logic)
+            # For demonstration, we'll create a simple black image
+            dummy_image = Image.new('RGB', (image_width, image_height), color='white')  # Create a white image
+            dummy_image = add_black_boxes_to_image(dummy_image)  # Add black boxes
+
+            # Convert the PIL Image to bytes to pass to drawImage
+            image_bytes = io.BytesIO()
+            dummy_image.save(image_bytes, format='PNG')
+            image_bytes.seek(0)
+
+            # Check if the image fits in the current page dimensions
+            x = (i % (page_width // image_width)) * image_width
+            y = page_height - (((i % (page_height // image_height)) + 1) * image_height)
+
+            if x + image_width > page_width or y < 0:
+                break
+
+            # Add the image to the PDF
+            can.drawImage(ImageReader(image_bytes), x, y, width=image_width, height=image_height)
            box_counter += 1
-            
+
        can.showPage()
        can.save()
        packet.seek(0)
        new_pdf = PdfReader(packet)
        writer.add_page(new_pdf.pages[0])
-    
+
+    # Write the PDF to file
    with open(file_name, 'wb') as f:
        writer.write(f)

+    # Clean up temporary image files
+    for i in range(image_count):
+        temp_image_path = f"temp_image_{i}.png"
+        if os.path.exists(temp_image_path):
+            os.remove(temp_image_path)
+
@given('the pdf contains {image_count:d} images on {page_count:d} pages')
 def step_pdf_contains_images(context, image_count, page_count):
    if not hasattr(context, 'param_name'):
@@ -118,7 +156,6 @@ def step_pdf_contains_images(context, image_count, page_count):
        context.files[context.param_name].close()
    context.files[context.param_name] = open(context.file_name, 'rb')

-    
@given('the pdf contains {page_count:d} pages with random text')
 def step_pdf_contains_pages_with_random_text(context, page_count):
    buffer = io.BytesIO()
@@ -186,6 +223,21 @@ def save_generated_pdf(context, filename):
 # WHEN #
 ########

+@when('I send a GET request to "{endpoint}"')
+def step_send_get_request(context, endpoint):
+    base_url = "http://localhost:8080"
+    full_url = f"{base_url}{endpoint}"
+    response = requests.get(full_url)
+    context.response = response
+
+@when('I send a GET request to "{endpoint}" with parameters')
+def step_send_get_request_with_params(context, endpoint):
+    base_url = "http://localhost:8080"
+    params = {row['parameter']: row['value'] for row in context.table}
+    full_url = f"{base_url}{endpoint}"
+    response = requests.get(full_url, params=params)
+    context.response = response
+
@when('I send the API request to the endpoint "{endpoint}"')
 def step_send_api_request(context, endpoint):
    url = f"http://localhost:8080{endpoint}"
@@ -278,7 +330,6 @@ def step_save_response_file(context, filename):
        f.write(context.response.content)
    print(f"Saved response content to {filename}")

-
@then('the response PDF should contain {page_count:d} pages')
 def step_check_response_pdf_page_count(context, page_count):
    response_file = io.BytesIO(context.response.content)
@@ -305,3 +356,26 @@ def step_check_response_zip_doc_page_count(context, doc_count, pages_per_doc):
                reader = PdfReader(pdf_file)
                actual_pages_per_doc = len(reader.pages)
                assert actual_pages_per_doc == pages_per_doc, f"Expected {pages_per_doc} pages per document but got {actual_pages_per_doc} pages in document {file_name}"
+
+@then('the JSON value of "{key}" should be "{expected_value}"')
+def step_check_json_value(context, key, expected_value):
+    actual_value = context.response.json().get(key)
+    assert actual_value == expected_value, \
+        f"Expected JSON value for '{key}' to be '{expected_value}' but got '{actual_value}'"
+
+@then('JSON list entry containing "{identifier_key}" as "{identifier_value}" should have "{target_key}" as "{target_value}"')
+def step_check_json_list_entry(context, identifier_key, identifier_self, target_key, target_value):
+    json_response = context.response.json()
+    for entry in json_response:
+        if entry.get(identifier_key) == identifier_value:
+            assert entry.get(target_key) == target_value, \
+                f"Expected {target_key} to be {target_value} in entry where {identifier_key} is {identifier_value}, but found {entry.get(target_key)}"
+            break
+    else:
+        raise AssertionError(f"No entry with {identifier_key} as {identifier_value} found")
+
+@then('the response should match the regex "{pattern}"')
+def step_response_matches_regex(context, pattern):
+    response_text = context.response.text
+    assert re.match(pattern, response_text), \
+        f"Response '{response_text}' does not match the expected pattern '{pattern}'"
--- a/docs/stirling-pdf.png
+++ b/docs/stirling-pdf.png
--- a/docs/stirling-transparent.svg
+++ b/docs/stirling-transparent.svg
--- a/docs/stirling.svg
+++ b/docs/stirling.svg
@@ -1,110 +1 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Generator: Adobe Illustrator 19.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-
-<svg
-   version="1.1"
-   id="Layer_1"
-   x="0px"
-   y="0px"
-   viewBox="0 0 512 512"
-   style="enable-background:new 0 0 512 512;"
-   xml:space="preserve"
-   sodipodi:docname="favicon.svg"
-   inkscape:version="1.2.2 (732a01da63, 2022-12-09)"
-   inkscape:export-filename="favicon.png"
-   inkscape:export-xdpi="96"
-   inkscape:export-ydpi="96"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:svg="http://www.w3.org/2000/svg"><defs
-   id="defs173">
-
-
-		<linearGradient
-   id="XMLID_5_"
-   gradientUnits="userSpaceOnUse"
-   x1="304.496"
-   y1="422.9102"
-   x2="316.036"
-   y2="326.2626">
-			<stop
-   offset="0"
-   style="stop-color:#DCF1F3"
-   id="stop156" />
-			<stop
-   offset="1"
-   style="stop-color:#C2C2C9"
-   id="stop158" />
-		</linearGradient>
-
-	</defs><sodipodi:namedview
-   id="namedview171"
-   pagecolor="#ffffff"
-   bordercolor="#000000"
-   borderopacity="0.25"
-   inkscape:showpageshadow="2"
-   inkscape:pageopacity="0.0"
-   inkscape:pagecheckerboard="0"
-   inkscape:deskcolor="#d1d1d1"
-   showgrid="false"
-   inkscape:zoom="1.4142136"
-   inkscape:cx="219.91021"
-   inkscape:cy="232.63813"
-   inkscape:window-width="3840"
-   inkscape:window-height="2054"
-   inkscape:window-x="2869"
-   inkscape:window-y="-11"
-   inkscape:window-maximized="1"
-   inkscape:current-layer="XMLID_4_" />
-<style
-   type="text/css"
-   id="style150">
-	.st0{fill:#FFFFFF;}
-	.st1{fill:#C02223;}
-	.st2{fill:#882425;}
-	.st3{fill:url(#XMLID_5_);}
-	.st4{fill:url(#XMLID_7_);}
-</style>
-
-<g
-   id="XMLID_4_">
-	<path
-   id="XMLID_131_"
-   class="st1"
-   d="M 347.01402,14.355825 98.978019,69.02261 C 73.825483,74.547445 55.942464,96.792175 55.942464,122.52628 v 315.06096 c 0,22.39012 16.719895,41.14548 38.819234,43.76251 L 224.8861,498.36042 339.48636,384.26465 455.76603,265.15425 453.73057,84.870162 C 453.43979,62.916214 433.08513,46.632491 411.71274,51.284984 l -28.78729,6.251786 0.14539,-13.666697 C 383.36162,24.678542 365.62399,10.284894 347.01402,14.355825 Z"
-   sodipodi:nodetypes="ccssccccccccc"
-   style="stroke-width:1.45391" /><path
-   id="XMLID_117_"
-   class="st2"
-   d="m 383.21622,57.53677 v 285.8375 L 456.05681,265.00885 454.02135,78.763767 C 453.87595,59.863016 436.28372,45.905539 417.81914,49.97647 Z"
-   style="stroke-width:1.45391" /><polygon
-   id="XMLID_18_"
-   class="st3"
-   points="234.7,422.6 368.5,387.7 393.5,262.2 "
-   style="fill:url(#XMLID_5_)"
-   transform="matrix(1.4556308,0,0,1.4548265,-116.73161,-116.45231)" />
-	<linearGradient
-   id="XMLID_7_"
-   gradientUnits="userSpaceOnUse"
-   x1="223.0838"
-   y1="372.7559"
-   x2="241.4174"
-   y2="114.557"
-   gradientTransform="matrix(1.4539039,0,0,1.4539039,-116.19976,-116.20474)">
-		<stop
-   offset="0"
-   style="stop-color:#DCF1F3"
-   id="stop163" />
-		<stop
-   offset="1"
-   style="stop-color:#C2C2C9"
-   id="stop165" />
-	</linearGradient>
-	<path
-   id="XMLID_6_"
-   class="st4"
-   d="m 282.89686,214.84917 c 0,0 -22.24473,-28.93269 -38.67384,-36.78377 -10.46811,-4.94327 -26.02489,-6.83335 -38.23768,-0.72695 -18.02841,9.0142 -19.91848,34.31213 -3.34397,44.34406 3.92553,2.47165 9.15959,4.50711 15.99294,6.10641 36.63838,8.43264 97.12077,25.87949 89.70587,96.10304 0,0 -4.21633,65.86185 -73.56753,73.42215 -12.2128,1.30851 -24.57098,0.43617 -36.493,-2.32625 -16.42911,-3.63476 -45.50719,-11.04967 -59.75545,-19.91849 l -2.61703,-75.16682 h 6.97875 c 0,0 13.81208,33.43978 53.06749,49.57812 7.26952,2.90781 15.26599,4.07093 22.97168,2.90781 9.74116,-1.45391 21.22699,-6.68796 25.87949,-22.53551 0,0 7.85108,-23.11707 -32.85823,-35.76604 -32.56744,-10.17733 -63.24481,-20.64543 -75.89378,-54.95757 -5.961,-16.28371 -6.97874,-34.31212 -2.90781,-51.61358 5.37944,-22.53551 20.79082,-54.23062 64.40794,-67.89732 0,0 57.28381,-15.55677 96.53922,5.52484 l -1.74468,89.70587 z"
-   style="fill:url(#XMLID_7_);stroke-width:1.45391" />
-</g>
-</svg>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:svg="http://www.w3.org/2000/svg" id="Layer_1" x="0" y="0" version="1.1" viewBox="0 0 512 512" style="enable-background:new 0 0 512 512" xml:space="preserve"><defs id="defs173"><linearGradient id="XMLID_5_" x1="304.496" x2="316.036" y1="422.91" y2="326.263" gradientUnits="userSpaceOnUse"><stop offset="0" style="stop-color:#dcf1f3" id="stop156"/><stop offset="1" style="stop-color:#c2c2c9" id="stop158"/></linearGradient></defs><style id="style150" type="text/css">.st1{fill:#c02223}.st2{fill:#882425}.st3{fill:url(#XMLID_5_)}.st4{fill:url(#XMLID_7_)}</style><g id="XMLID_4_"><path id="XMLID_131_" d="M 347.01402,14.355825 98.978019,69.02261 C 73.825483,74.547445 55.942464,96.792175 55.942464,122.52628 v 315.06096 c 0,22.39012 16.719895,41.14548 38.819234,43.76251 L 224.8861,498.36042 339.48636,384.26465 455.76603,265.15425 453.73057,84.870162 C 453.43979,62.916214 433.08513,46.632491 411.71274,51.284984 l -28.78729,6.251786 0.14539,-13.666697 C 383.36162,24.678542 365.62399,10.284894 347.01402,14.355825 Z" class="st1" style="stroke-width:1.45391"/><path id="XMLID_117_" d="m 383.21622,57.53677 v 285.8375 L 456.05681,265.00885 454.02135,78.763767 C 453.87595,59.863016 436.28372,45.905539 417.81914,49.97647 Z" class="st2" style="stroke-width:1.45391"/><polygon id="XMLID_18_" points="234.7 422.6 368.5 387.7 393.5 262.2" class="st3" style="fill:url(#XMLID_5_)" transform="matrix(1.4556308,0,0,1.4548265,-116.73161,-116.45231)"/><linearGradient id="XMLID_7_" x1="223.084" x2="241.417" y1="372.756" y2="114.557" gradientTransform="matrix(1.4539039,0,0,1.4539039,-116.19976,-116.20474)" gradientUnits="userSpaceOnUse"><stop offset="0" style="stop-color:#dcf1f3" id="stop163"/><stop offset="1" style="stop-color:#c2c2c9" id="stop165"/></linearGradient><path id="XMLID_6_" d="m 282.89686,214.84917 c 0,0 -22.24473,-28.93269 -38.67384,-36.78377 -10.46811,-4.94327 -26.02489,-6.83335 -38.23768,-0.72695 -18.02841,9.0142 -19.91848,34.31213 -3.34397,44.34406 3.92553,2.47165 9.15959,4.50711 15.99294,6.10641 36.63838,8.43264 97.12077,25.87949 89.70587,96.10304 0,0 -4.21633,65.86185 -73.56753,73.42215 -12.2128,1.30851 -24.57098,0.43617 -36.493,-2.32625 -16.42911,-3.63476 -45.50719,-11.04967 -59.75545,-19.91849 l -2.61703,-75.16682 h 6.97875 c 0,0 13.81208,33.43978 53.06749,49.57812 7.26952,2.90781 15.26599,4.07093 22.97168,2.90781 9.74116,-1.45391 21.22699,-6.68796 25.87949,-22.53551 0,0 7.85108,-23.11707 -32.85823,-35.76604 -32.56744,-10.17733 -63.24481,-20.64543 -75.89378,-54.95757 -5.961,-16.28371 -6.97874,-34.31212 -2.90781,-51.61358 5.37944,-22.53551 20.79082,-54.23062 64.40794,-67.89732 0,0 57.28381,-15.55677 96.53922,5.52484 l -1.74468,89.70587 z" class="st4" style="fill:url(#XMLID_7_);stroke-width:1.45391"/></g></svg>
--- a/exampleYmlFiles/docker-compose-latest-fat-security.yml
+++ b/exampleYmlFiles/docker-compose-latest-fat-security.yml
@@ -0,0 +1,34 @@
+version: '3.3'
+services:
+  stirling-pdf:
+    container_name: Stirling-PDF-Security-Fat
+    image: frooodle/s-pdf:latest-fat
+    deploy:
+      resources:
+        limits:
+          memory: 4G
+    healthcheck:
+      test: ["CMD-SHELL", "curl -f http://localhost:8080/api/v1/info/status | grep -q 'UP' && curl -fL http://localhost:8080/ | grep -q 'Please sign in'"]
+      interval: 5s
+      timeout: 10s
+      retries: 16
+    ports:
+      - 8080:8080
+    volumes:
+      - /stirling/latest/data:/usr/share/tessdata:rw
+      - /stirling/latest/config:/configs:rw
+      - /stirling/latest/logs:/logs:rw
+    environment:
+      DOCKER_ENABLE_SECURITY: "true"
+      SECURITY_ENABLELOGIN: "true"
+      PUID: 1002
+      PGID: 1002
+      UMASK: "022"
+      SYSTEM_DEFAULTLOCALE: en-US
+      UI_APPNAME: Stirling-PDF
+      UI_HOMEDESCRIPTION: Demo site for Stirling-PDF Latest-fat with Security
+      UI_APPNAMENAVBAR: Stirling-PDF Latest-fat
+      SYSTEM_MAXFILESIZE: "100"
+      METRICS_ENABLED: "true"
+      SYSTEM_GOOGLEVISIBILITY: "true"
+    restart: on-failure:5
--- a/exampleYmlFiles/docker-compose-latest-security-with-sso.yml
+++ b/exampleYmlFiles/docker-compose-latest-security-with-sso.yml
@@ -13,7 +13,7 @@ services:
      timeout: 10s
      retries: 16
    ports:
-      - 8080:8080
+      - "8080:8080"
    volumes:
      - /stirling/latest/data:/usr/share/tessdata:rw
      - /stirling/latest/config:/configs:rw
@@ -27,6 +27,8 @@ services:
      SECURITY_OAUTH2_CLIENTID: "<YOUR CLIENT ID>.apps.googleusercontent.com" # Client ID from your provider
      SECURITY_OAUTH2_CLIENTSECRET: "<YOUR CLIENT SECRET>"  # Client Secret from your provider
      SECURITY_OAUTH2_SCOPES: "openid,profile,email" # Expected OAuth2 Scope
+      SECURITY_OAUTH2_USEASUSERNAME: "email" # Default is 'email'; custom fields can be used as the username
+      SECURITY_OAUTH2_PROVIDER: "google" # Set this to your OAuth provider's name, e.g., 'google' or 'keycloak'
      PUID: 1002
      PGID: 1002
      UMASK: "022"
--- a/exampleYmlFiles/docker-compose-latest-security.yml
+++ b/exampleYmlFiles/docker-compose-latest-security.yml
@@ -13,7 +13,7 @@ services:
      timeout: 10s
      retries: 16
    ports:
-      - 8080:8080
+      - "8080:8080"
    volumes:
      - /stirling/latest/data:/usr/share/tessdata:rw
      - /stirling/latest/config:/configs:rw
--- a/exampleYmlFiles/docker-compose-latest-ultra-lite-security.yml
+++ b/exampleYmlFiles/docker-compose-latest-ultra-lite-security.yml
@@ -13,7 +13,7 @@ services:
      timeout: 10s
      retries: 16
    ports:
-      - 8080:8080
+      - "8080:8080"
    volumes:
      - /stirling/latest/data:/usr/share/tessdata:rw
      - /stirling/latest/config:/configs:rw
--- a/exampleYmlFiles/docker-compose-latest-ultra-lite.yml
+++ b/exampleYmlFiles/docker-compose-latest-ultra-lite.yml
@@ -13,7 +13,7 @@ services:
      timeout: 10s
      retries: 16
    ports:
-      - 8080:8080
+      - "8080:8080"
    volumes:
      - /stirling/latest/config:/configs:rw
      - /stirling/latest/logs:/logs:rw
--- a/exampleYmlFiles/docker-compose-latest.yml
+++ b/exampleYmlFiles/docker-compose-latest.yml
@@ -13,7 +13,7 @@ services:
      timeout: 10s
      retries: 16
    ports:
-      - 8080:8080
+      - "8080:8080"
    volumes:
      - /stirling/latest/data:/usr/share/tessdata:rw
      - /stirling/latest/config:/configs:rw
@@ -22,7 +22,6 @@ services:
      DOCKER_ENABLE_SECURITY: "false"
      SECURITY_ENABLELOGIN: "false"
      LANGS: "en_GB,en_US,ar_AR,de_DE,fr_FR,es_ES,zh_CN,zh_TW,ca_CA,it_IT,sv_SE,pl_PL,ro_RO,ko_KR,pt_BR,ru_RU,el_GR,hi_IN,hu_HU,tr_TR,id_ID"
-      INSTALL_BOOK_AND_ADVANCED_HTML_OPS: "true"
      SYSTEM_DEFAULTLOCALE: en-US
      UI_APPNAME: Stirling-PDF
      UI_HOMEDESCRIPTION: Demo site for Stirling-PDF Latest
--- a/images/DemoGif.gif
+++ b/images/DemoGif.gif
--- a/images/login-dark.png
+++ b/images/login-dark.png
--- a/images/login-light.png
+++ b/images/login-light.png
--- a/images/settings-light.png
+++ b/images/settings-light.png
--- a/images/settings.png
+++ b/images/settings.png
--- a/images/stirling-home-dark.png
+++ b/images/stirling-home-dark.png
--- a/images/stirling-home-light.png
+++ b/images/stirling-home-light.png
--- a/images/stirling-home.jpg
+++ b/images/stirling-home.jpg
--- a/pipeline/defaultWebUIConfigs/OCR
+++ b/pipeline/defaultWebUIConfigs/OCR
@@ -0,0 +1,43 @@
+{
+  "name": "OCR images",
+  "pipeline": [
+    {
+      "operation": "/api/v1/convert/img/pdf",
+      "parameters": {
+        "fitOption": "fillPage",
+        "colorType": "color",
+        "autoRotate": true,
+        "fileInput": "automated"
+      }
+    },
+    {
+      "operation": "/api/v1/general/merge-pdfs",
+      "parameters": {
+        "sortType": "orderProvided",
+        "fileInput": "automated"
+      }
+    },
+    {
+      "operation": "/api/v1/misc/ocr-pdf",
+      "parameters": {
+        "languages": [
+          "eng"
+        ],
+        "sidecar": false,
+        "deskew": false,
+        "clean": false,
+        "cleanFinal": false,
+        "ocrType": "skip-text",
+        "ocrRenderType": "hocr",
+        "removeImagesAfter": false,
+        "fileInput": "automated"
+      }
+    }
+  ],
+  "_examples": {
+    "outputDir": "{outputFolder}/{folderName}",
+    "outputFileName": "{filename}-{pipelineName}-{date}-{time}"
+  },
+  "outputDir": "{outputFolder}",
+  "outputFileName": "{filename}"
+}
--- a/scripts/counter_translation.py
+++ b/scripts/counter_translation.py
@@ -79,7 +79,9 @@ def write_readme(progress_list: list[tuple[str, int]]) -> None:
        file.writelines(content)


-def compare_files(default_file_path, file_paths, translation_status_file) -> list[tuple[str, int]]:
+def compare_files(
+    default_file_path, file_paths, ignore_translation_file
+) -> list[tuple[str, int]]:
    """Compares the default properties file with other
    properties files in the directory.

@@ -92,18 +94,24 @@ def compare_files(default_file_path, file_paths, translation_status_file) -> lis
        language and progress percentage.
    """  # noqa: D205
    num_lines = sum(
-        1 for line in open(default_file_path, encoding="utf-8") if line.strip() and not line.strip().startswith("#")
+        1
+        for line in open(default_file_path, encoding="utf-8")
+        if line.strip() and not line.strip().startswith("#")
    )

    result_list = []
-    sort_translation_status: tomlkit.TOMLDocument
+    sort_ignore_translation: tomlkit.TOMLDocument

    # read toml
-    with open(translation_status_file, encoding="utf-8") as f:
-        sort_translation_status = tomlkit.parse(f.read())
+    with open(ignore_translation_file, encoding="utf-8") as f:
+        sort_ignore_translation = tomlkit.parse(f.read())

    for file_path in file_paths:
-        language = os.path.basename(file_path).split("messages_", 1)[1].split(".properties", 1)[0]
+        language = (
+            os.path.basename(file_path)
+            .split("messages_", 1)[1]
+            .split(".properties", 1)[0]
+        )

        fails = 0
        if "en_GB" in language or "en_US" in language:
@@ -111,21 +119,25 @@ def compare_files(default_file_path, file_paths, translation_status_file) -> lis
            result_list.append(("en_US", 100))
            continue

-        if language not in sort_translation_status:
-            sort_translation_status[language] = tomlkit.table()
+        if language not in sort_ignore_translation:
+            sort_ignore_translation[language] = tomlkit.table()

        if (
-            "ignore" not in sort_translation_status[language]
-            or len(sort_translation_status[language].get("ignore", [])) < 1
+            "ignore" not in sort_ignore_translation[language]
+            or len(sort_ignore_translation[language].get("ignore", [])) < 1
        ):
-            sort_translation_status[language]["ignore"] = tomlkit.array(["language.direction"])
+            sort_ignore_translation[language]["ignore"] = tomlkit.array(
+                ["language.direction"]
+            )

-        # if "missing" not in sort_translation_status[language]:
-        #     sort_translation_status[language]["missing"] = tomlkit.array()
-        # elif "language.direction" in sort_translation_status[language]["missing"]:
-        #     sort_translation_status[language]["missing"].remove("language.direction")
+        # if "missing" not in sort_ignore_translation[language]:
+        #     sort_ignore_translation[language]["missing"] = tomlkit.array()
+        # elif "language.direction" in sort_ignore_translation[language]["missing"]:
+        #     sort_ignore_translation[language]["missing"].remove("language.direction")

-        with open(default_file_path, encoding="utf-8") as default_file, open(file_path, encoding="utf-8") as file:
+        with open(default_file_path, encoding="utf-8") as default_file, open(
+            file_path, encoding="utf-8"
+        ) as file:
            for _ in range(5):
                next(default_file)
                try:
@@ -133,34 +145,45 @@ def compare_files(default_file_path, file_paths, translation_status_file) -> lis
                except StopIteration:
                    fails = num_lines

-            for line_num, (line_default, line_file) in enumerate(zip(default_file, file), start=6):
+            for line_num, (line_default, line_file) in enumerate(
+                zip(default_file, file), start=6
+            ):
                try:
                    # Ignoring empty lines and lines start with #
                    if line_default.strip() == "" or line_default.startswith("#"):
                        continue
-
                    default_key, default_value = line_default.split("=", 1)
                    file_key, file_value = line_file.split("=", 1)
                    if (
                        default_value.strip() == file_value.strip()
-                        and default_key.strip() not in sort_translation_status[language]["ignore"]
+                        and default_key.strip()
+                        not in sort_ignore_translation[language]["ignore"]
                    ):
-                        print(f"{language}: Line {line_num} is missing the translation.")
-                        # if default_key.strip() not in sort_translation_status[language]["missing"]:
+                        print(
+                            f"{language}: Line {line_num} is missing the translation."
+                        )
+                        # if default_key.strip() not in sort_ignore_translation[language]["missing"]:
                        #     missing_array = tomlkit.array()
                        #     missing_array.append(default_key.strip())
                        #     missing_array.multiline(True)
-                        #     sort_translation_status[language]["missing"].extend(missing_array)
+                        #     sort_ignore_translation[language]["missing"].extend(missing_array)
                        fails += 1
-                    # elif default_key.strip() in sort_translation_status[language]["ignore"]:
-                    #     if default_key.strip() in sort_translation_status[language]["missing"]:
-                    #         sort_translation_status[language]["missing"].remove(default_key.strip())
+                    # elif default_key.strip() in sort_ignore_translation[language]["ignore"]:
+                    #     if default_key.strip() in sort_ignore_translation[language]["missing"]:
+                    #         sort_ignore_translation[language]["missing"].remove(default_key.strip())
                    if default_value.strip() != file_value.strip():
-                        # if default_key.strip() in sort_translation_status[language]["missing"]:
-                        #     sort_translation_status[language]["missing"].remove(default_key.strip())
-                        if default_key.strip() in sort_translation_status[language]["ignore"]:
-                            sort_translation_status[language]["ignore"].remove(default_key.strip())
-
+                        # if default_key.strip() in sort_ignore_translation[language]["missing"]:
+                        #     sort_ignore_translation[language]["missing"].remove(default_key.strip())
+                        if (
+                            default_key.strip()
+                            in sort_ignore_translation[language]["ignore"]
+                        ):
+                            sort_ignore_translation[language]["ignore"].remove(
+                                default_key.strip()
+                            )
+                except ValueError:
+                    print(f"{line_default}|{line_file}")
+                    exit(1)
                except IndexError:
                    pass

@@ -171,9 +194,9 @@ def compare_files(default_file_path, file_paths, translation_status_file) -> lis
                int((num_lines - fails) * 100 / num_lines),
            )
        )
-    translation_status = convert_to_multiline(sort_translation_status)
-    with open(translation_status_file, "w", encoding="utf-8") as file:
-        file.write(tomlkit.dumps(translation_status))
+    ignore_translation = convert_to_multiline(sort_ignore_translation)
+    with open(ignore_translation_file, "w", encoding="utf-8") as file:
+        file.write(tomlkit.dumps(ignore_translation))

    unique_data = list(set(result_list))
    unique_data.sort(key=lambda x: x[1], reverse=True)
@@ -187,6 +210,8 @@ if __name__ == "__main__":
    reference_file = os.path.join(directory, "messages_en_GB.properties")

    scripts_directory = os.path.join(os.getcwd(), "scripts")
-    translation_state_file = os.path.join(scripts_directory, "translation_status.toml")
+    translation_state_file = os.path.join(scripts_directory, "ignore_translation.toml")

-    write_readme(compare_files(reference_file, messages_file_paths, translation_state_file))
+    write_readme(
+        compare_files(reference_file, messages_file_paths, translation_state_file)
+    )
--- a/scripts/ignore_translation.toml
+++ b/scripts/ignore_translation.toml
@@ -10,10 +10,22 @@ ignore = [

 [ca_CA]
 ignore = [
+    'PDFToText.tags',
+    'adminUserSettings.admin',
    'language.direction',
+    'survey.button',
+    'watermark.type.1',
 ]

 [cs_CZ]
+ignore = [
+    'info',
+    'language.direction',
+    'pipeline.header',
+    'text',
+]
+
+[da_DK]
 ignore = [
    'language.direction',
 ]
@@ -45,6 +57,7 @@ ignore = [
 ignore = [
    'adminUserSettings.roles',
    'color',
+    'error',
    'language.direction',
    'no',
    'showJS.tags',
@@ -56,6 +69,30 @@ ignore = [
 ]

 [fr_FR]
+ignore = [
+    'AddStampRequest.alphabet',
+    'AddStampRequest.position',
+    'AddStampRequest.rotation',
+    'PDFToBook.selectText.1',
+    'addPageNumbers.selectText.3',
+    'adminUserSettings.actions',
+    'alphabet',
+    'compare.document.1',
+    'compare.document.2',
+    'info',
+    'language.direction',
+    'licenses.license',
+    'licenses.module',
+    'licenses.nav',
+    'licenses.version',
+    'pdfOrganiser.mode',
+    'pipeline.title',
+    'pipelineOptions.pipelineHeader',
+    'sponsor',
+    'watermark.type.2',
+]
+
+[ga_IE]
 ignore = [
    'language.direction',
 ]
@@ -65,6 +102,17 @@ ignore = [
    'language.direction',
 ]

+[hr_HR]
+ignore = [
+    'PDFToBook.selectText.1',
+    'font',
+    'home.pipeline.title',
+    'info',
+    'language.direction',
+    'pdfOrganiser.tags',
+    'showJS.tags',
+]
+
 [hu_HU]
 ignore = [
    'language.direction',
@@ -100,17 +148,42 @@ ignore = [

 [nl_NL]
 ignore = [
+    'HTMLToPDF.print',
+    'adjustContrast.contrast',
+    'compare.document.1',
+    'compare.document.2',
+    'error',
+    'getPdfInfo.downloadJson',
+    'help',
+    'info',
    'language.direction',
+    'navbar.allTools',
+    'printFile.submit',
+    'showJS.downloadJS',
+    'sponsor',
+]
+
+[no_NB]
+ignore = [
+    'PDFToBook.selectText.1',
+    'adminUserSettings.admin',
+    'info',
+    'language.direction',
+    'oops',
+    'sponsor',
 ]

 [pl_PL]
 ignore = [
+    'PDFToBook.selectText.1',
    'language.direction',
 ]

 [pt_BR]
 ignore = [
+    'changeMetadata.trapped',
    'language.direction',
+    'pipelineOptions.pipelineHeader',
 ]

 [pt_PT]
@@ -130,12 +203,20 @@ ignore = [

 [sk_SK]
 ignore = [
+    'adminUserSettings.admin',
+    'home.multiTool.title',
+    'info',
    'language.direction',
+    'navbar.sections.security',
+    'text',
+    'watermark.type.1',
 ]

 [sr_LATN_RS]
 ignore = [
    'language.direction',
+    'licenses.version',
+    'poweredBy',
 ]

 [sv_SE]
@@ -143,6 +224,14 @@ ignore = [
    'language.direction',
 ]

+[th_TH]
+ignore = [
+    'language.direction',
+    'pipeline.title',
+    'pipelineOptions.pipelineHeader',
+    'showJS.tags',
+]
+
 [tr_TR]
 ignore = [
    'language.direction',
@@ -153,6 +242,14 @@ ignore = [
    'language.direction',
 ]

+[vi_VN]
+ignore = [
+    'language.direction',
+    'pipeline.title',
+    'pipelineOptions.pipelineHeader',
+    'showJS.tags',
+]
+
 [zh_CN]
 ignore = [
    'language.direction',
--- a/scripts/init-without-ocr.sh
+++ b/scripts/init-without-ocr.sh
@@ -11,14 +11,17 @@ if [ ! -z "$PGID" ] && [ "$PGID" != "$(getent group stirlingpdfgroup | cut -d: -
 fi
 umask "$UMASK" || true

-if [[ "$INSTALL_BOOK_AND_ADVANCED_HTML_OPS" == "true" ]]; then
-  apk add --no-cache calibre@testing
+if [[ "$INSTALL_BOOK_AND_ADVANCED_HTML_OPS" == "true" && "$FAT_DOCKER" != "true" ]]; then
+  echo "issue with calibre in current version, feature currently disabled on Stirling-PDF"
+  #apk add --no-cache calibre@testing
 fi

-/scripts/download-security-jar.sh
+if [[ "$FAT_DOCKER" != "true" ]]; then
+  /scripts/download-security-jar.sh	
+fi

 if [[ -n "$LANGS" ]]; then
-	/scripts/installFonts.sh $LANGS
+  /scripts/installFonts.sh $LANGS
 fi

 echo "Setting permissions and ownership for necessary directories..."
--- a/scripts/png_to_webp.py
+++ b/scripts/png_to_webp.py
@@ -0,0 +1,174 @@
+"""
+Author: Ludy87
+Description: This script converts a PDF file to WebP images. It includes functionality to resize images if they exceed specified dimensions and handle conversion of PDF pages to WebP format.
+
+Example
+-------
+To convert a PDF file to WebP images with each page as a separate WebP file:
+    python script.py input.pdf output_directory
+
+To convert a PDF file to a single WebP image:
+    python script.py input.pdf output_directory --single
+
+To adjust the DPI resolution for rendering PDF pages:
+    python script.py input.pdf output_directory --dpi 150
+"""
+
+import argparse
+import os
+from pdf2image import convert_from_path
+from PIL import Image
+
+
+def resize_image(input_image_path, output_image_path, max_size=(16383, 16383)):
+    """
+    Resize the image if its dimensions exceed the maximum allowed size and save it as WebP.
+
+    Parameters
+    ----------
+    input_image_path : str
+        Path to the input image file.
+    output_image_path : str
+        Path where the output WebP image will be saved.
+    max_size : tuple of int, optional
+        Maximum allowed dimensions for the image (width, height). Default is (16383, 16383).
+
+    Returns
+    -------
+    None
+    """
+    try:
+        # Open the image
+        image = Image.open(input_image_path)
+        width, height = image.size
+        max_width, max_height = max_size
+
+        # Check if the image dimensions exceed the maximum allowed dimensions
+        if width > max_width or height > max_height:
+            # Calculate the scaling ratio
+            ratio = min(max_width / width, max_height / height)
+            new_width = int(width * ratio)
+            new_height = int(height * ratio)
+
+            # Resize the image
+            resized_image = image.resize((new_width, new_height), Image.LANCZOS)
+            resized_image.save(output_image_path, format="WEBP", quality=100)
+            print(
+                f"The image was successfully resized to ({new_width}, {new_height}) and saved as WebP: {output_image_path}"
+            )
+        else:
+            # If dimensions are within the allowed limits, save the image directly
+            image.save(output_image_path, format="WEBP", quality=100)
+            print(f"The image was successfully saved as WebP: {output_image_path}")
+    except Exception as e:
+        print(f"An error occurred: {e}")
+
+
+def convert_image_to_webp(input_image, output_file):
+    """
+    Convert an image to WebP format, resizing it if it exceeds the maximum dimensions.
+
+    Parameters
+    ----------
+    input_image : str
+        Path to the input image file.
+    output_file : str
+        Path where the output WebP image will be saved.
+
+    Returns
+    -------
+    None
+    """
+    # Resize the image if it exceeds the maximum dimensions
+    resize_image(input_image, output_file, max_size=(16383, 16383))
+
+
+def pdf_to_webp(pdf_path, output_dir, dpi=300):
+    """
+    Convert each page of a PDF file to WebP images.
+
+    Parameters
+    ----------
+    pdf_path : str
+        Path to the input PDF file.
+    output_dir : str
+        Directory where the WebP images will be saved.
+    dpi : int, optional
+        DPI resolution for rendering PDF pages. Default is 300.
+
+    Returns
+    -------
+    None
+    """
+    # Convert the PDF to a list of images
+    images = convert_from_path(pdf_path, dpi=dpi)
+
+    for page_number, image in enumerate(images):
+        # Define temporary PNG path
+        temp_png_path = os.path.join(output_dir, f"temp_page_{page_number + 1}.png")
+        image.save(temp_png_path, format="PNG")
+
+        # Define the output path for WebP
+        output_path = os.path.join(output_dir, f"page_{page_number + 1}.webp")
+
+        # Convert PNG to WebP
+        convert_image_to_webp(temp_png_path, output_path)
+
+        # Delete the temporary PNG file
+        os.remove(temp_png_path)
+
+
+def main(pdf_image_path, output_dir, dpi=300, single_images_flag=False):
+    """
+    Main function to handle conversion from PDF to WebP images.
+
+    Parameters
+    ----------
+    pdf_image_path : str
+        Path to the input PDF file or image.
+    output_dir : str
+        Directory where the WebP images will be saved.
+    dpi : int, optional
+        DPI resolution for rendering PDF pages. Default is 300.
+    single_images_flag : bool, optional
+        If True, combine all pages into a single WebP image. Default is False.
+
+    Returns
+    -------
+    None
+    """
+    if single_images_flag:
+        # Combine all pages into a single WebP image
+        output_path = os.path.join(output_dir, "combined_image.webp")
+        convert_image_to_webp(pdf_image_path, output_path)
+    else:
+        # Convert each PDF page to a separate WebP image
+        pdf_to_webp(pdf_image_path, output_dir, dpi)
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description="Convert a PDF file to WebP images.")
+    parser.add_argument("pdf_path", help="The path to the input PDF file.")
+    parser.add_argument(
+        "output_dir", help="The directory where the WebP images should be saved."
+    )
+    parser.add_argument(
+        "--dpi",
+        type=int,
+        default=300,
+        help="The DPI resolution for rendering the PDF pages (default: 300).",
+    )
+    parser.add_argument(
+        "--single",
+        action="store_true",
+        help="Combine all pages into a single WebP image.",
+    )
+    args = parser.parse_args()
+
+    os.makedirs(args.output_dir, exist_ok=True)
+    main(
+        args.pdf_path,
+        args.output_dir,
+        dpi=args.dpi,
+        single_images_flag=args.single,
+    )
--- a/src/main/java/stirling/software/SPDF/LibreOfficeListener.java
+++ b/src/main/java/stirling/software/SPDF/LibreOfficeListener.java
@@ -6,11 +6,15 @@ import java.net.Socket;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;

+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import io.github.pixee.security.SystemCommand;

 public class LibreOfficeListener {

-    private static final long ACTIVITY_TIMEOUT = 20 * 60 * 1000; // 20 minutes
+    private static final Logger logger = LoggerFactory.getLogger(LibreOfficeListener.class);
+    private static final long ACTIVITY_TIMEOUT = 20L * 60 * 1000; // 20 minutes

    private static final LibreOfficeListener INSTANCE = new LibreOfficeListener();
    private static final int LISTENER_PORT = 2002;
@@ -27,14 +31,12 @@ public class LibreOfficeListener {
    private LibreOfficeListener() {}

    private boolean isListenerRunning() {
-        try {
-            System.out.println("waiting for listener to start");
-            Socket socket = new Socket();
+        System.out.println("waiting for listener to start");
+        try (Socket socket = new Socket()) {
            socket.connect(
                    new InetSocketAddress("localhost", 2002), 1000); // Timeout after 1 second
-            socket.close();
            return true;
-        } catch (IOException e) {
+        } catch (Exception e) {
            return false;
        }
    }
@@ -63,6 +65,7 @@ public class LibreOfficeListener {
                        try {
                            Thread.sleep(5000); // Check for inactivity every 5 seconds
                        } catch (InterruptedException e) {
+                            Thread.currentThread().interrupt();
                            break;
                        }
                    }
@@ -80,8 +83,8 @@ public class LibreOfficeListener {
            try {
                Thread.sleep(1000);
            } catch (InterruptedException e) {
-                // TODO Auto-generated catch block
-                e.printStackTrace();
+                Thread.currentThread().interrupt();
+                logger.error("exception", e);
            } // Check every 1 second
        }
    }
--- a/src/main/java/stirling/software/SPDF/SPdfApplication.java
+++ b/src/main/java/stirling/software/SPDF/SPdfApplication.java
@@ -45,7 +45,6 @@ public class SPdfApplication {
        // Check if the BROWSER_OPEN environment variable is set to true
        String browserOpenEnv = env.getProperty("BROWSER_OPEN");
        boolean browserOpen = browserOpenEnv != null && "true".equalsIgnoreCase(browserOpenEnv);
-
        if (browserOpen) {
            try {
                String url = "http://localhost:" + getNonStaticPort();
@@ -79,13 +78,14 @@ public class SPdfApplication {

        // custom javs settings file
        if (Files.exists(Paths.get("configs/custom_settings.yml"))) {
-            String existing = propertyFiles.getOrDefault("spring.config.additional-location", "");
-            if (!existing.isEmpty()) {
-                existing += ",";
+            String existingLocation =
+                    propertyFiles.getOrDefault("spring.config.additional-location", "");
+            if (!existingLocation.isEmpty()) {
+                existingLocation += ",";
            }
            propertyFiles.put(
                    "spring.config.additional-location",
-                    existing + "file:configs/custom_settings.yml");
+                    existingLocation + "file:configs/custom_settings.yml");
        } else {
            logger.warn("Custom configuration file 'configs/custom_settings.yml' does not exist.");
        }
--- a/src/main/java/stirling/software/SPDF/config/AppConfig.java
+++ b/src/main/java/stirling/software/SPDF/config/AppConfig.java
@@ -2,9 +2,13 @@ package stirling.software.SPDF.config;

 import java.io.IOException;
 import java.nio.file.Files;
+import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.Properties;
+import java.util.function.Predicate;

+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -22,6 +26,8 @@ import stirling.software.SPDF.model.ApplicationProperties;
@Lazy
 public class AppConfig {

+    private static final Logger logger = LoggerFactory.getLogger(AppConfig.class);
+
    @Autowired ApplicationProperties applicationProperties;

    @Bean
@@ -54,7 +60,7 @@ public class AppConfig {
            props.load(resource.getInputStream());
            return props.getProperty("version");
        } catch (IOException e) {
-            e.printStackTrace();
+            logger.error("exception", e);
        }
        return "0.0.0";
    }
@@ -108,4 +114,26 @@ public class AppConfig {
    public boolean missingActivSecurity() {
        return false;
    }
+
+    @Bean(name = "watchedFoldersDir")
+    public String watchedFoldersDir() {
+        return "./pipeline/watchedFolders/";
+    }
+
+    @Bean(name = "finishedFoldersDir")
+    public String finishedFoldersDir() {
+        return "./pipeline/finishedFolders/";
+    }
+
+    @Bean(name = "directoryFilter")
+    public Predicate<Path> processPDFOnlyFilter() {
+        return path -> {
+            if (Files.isDirectory(path)) {
+                return !path.toString().contains("processing");
+            } else {
+                String fileName = path.getFileName().toString();
+                return fileName.endsWith(".pdf");
+            }
+        };
+    }
 }
--- a/src/main/java/stirling/software/SPDF/config/CleanUrlInterceptor.java
+++ b/src/main/java/stirling/software/SPDF/config/CleanUrlInterceptor.java
@@ -22,7 +22,8 @@ public class CleanUrlInterceptor implements HandlerInterceptor {
                    "error",
                    "erroroauth",
                    "file",
-                    "messageType");
+                    "messageType",
+                    "infoMessage");

    @Override
    public boolean preHandle(
@@ -31,25 +32,25 @@ public class CleanUrlInterceptor implements HandlerInterceptor {
        String queryString = request.getQueryString();
        if (queryString != null && !queryString.isEmpty()) {
            String requestURI = request.getRequestURI();
-            Map<String, String> parameters = new HashMap<>();
+            Map<String, String> allowedParameters = new HashMap<>();

            // Keep only the allowed parameters
            String[] queryParameters = queryString.split("&");
            for (String param : queryParameters) {
-                String[] keyValue = param.split("=");
-                if (keyValue.length != 2) {
+                String[] keyValuePair = param.split("=");
+                if (keyValuePair.length != 2) {
                    continue;
                }
-                if (ALLOWED_PARAMS.contains(keyValue[0])) {
-                    parameters.put(keyValue[0], keyValue[1]);
+                if (ALLOWED_PARAMS.contains(keyValuePair[0])) {
+                    allowedParameters.put(keyValuePair[0], keyValuePair[1]);
                }
            }

            // If there are any parameters that are not allowed
-            if (parameters.size() != queryParameters.length) {
+            if (allowedParameters.size() != queryParameters.length) {
                // Construct new query string
                StringBuilder newQueryString = new StringBuilder();
-                for (Map.Entry<String, String> entry : parameters.entrySet()) {
+                for (Map.Entry<String, String> entry : allowedParameters.entrySet()) {
                    if (newQueryString.length() > 0) {
                        newQueryString.append("&");
                    }
@@ -58,7 +59,8 @@ public class CleanUrlInterceptor implements HandlerInterceptor {

                // Redirect to the URL with only allowed query parameters
                String redirectUrl = requestURI + "?" + newQueryString;
-                response.sendRedirect(redirectUrl);
+
+                response.sendRedirect(request.getContextPath() + redirectUrl);
                return false;
            }
        }
--- a/src/main/java/stirling/software/SPDF/config/ConfigInitializer.java
+++ b/src/main/java/stirling/software/SPDF/config/ConfigInitializer.java
@@ -4,18 +4,28 @@ import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URISyntaxException;
+import java.net.URL;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.util.ArrayList;
+import java.nio.file.StandardCopyOption;
+import java.util.Arrays;
 import java.util.List;

+import org.simpleyaml.configuration.comments.CommentType;
+import org.simpleyaml.configuration.file.YamlFile;
+import org.simpleyaml.configuration.implementation.SimpleYamlImplementation;
+import org.simpleyaml.configuration.implementation.snakeyaml.lib.DumperOptions;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.context.ApplicationContextInitializer;
 import org.springframework.context.ConfigurableApplicationContext;

 public class ConfigInitializer
        implements ApplicationContextInitializer<ConfigurableApplicationContext> {

+    private static final Logger logger = LoggerFactory.getLogger(ConfigInitializer.class);
+
    @Override
    public void initialize(ConfigurableApplicationContext applicationContext) {
        try {
@@ -45,94 +55,101 @@ public class ConfigInitializer
                }
            }
        } else {
-            Path templatePath =
-                    Paths.get(
-                            getClass()
-                                    .getClassLoader()
-                                    .getResource("settings.yml.template")
-                                    .toURI());
-            Path userPath = Paths.get("configs", "settings.yml");

-            List<String> templateLines = Files.readAllLines(templatePath);
-            List<String> userLines =
-                    Files.exists(userPath) ? Files.readAllLines(userPath) : new ArrayList<>();
-
-            List<String> resultLines = new ArrayList<>();
-            int position = 0;
-            for (String templateLine : templateLines) {
-                // Check if the line is a comment
-                if (templateLine.trim().startsWith("#")) {
-                    String entry = templateLine.trim().substring(1).trim();
-                    if (!entry.isEmpty()) {
-                        // Check if this comment has been uncommented in userLines
-                        String key = entry.split(":")[0].trim();
-                        addLine(resultLines, userLines, templateLine, key, position);
-                    } else {
-                        resultLines.add(templateLine);
-                    }
-                }
-                // Check if the line is a key-value pair
-                else if (templateLine.contains(":")) {
-                    String key = templateLine.split(":")[0].trim();
-                    addLine(resultLines, userLines, templateLine, key, position);
-                }
-                // Handle empty lines
-                else if (templateLine.trim().length() == 0) {
-                    resultLines.add("");
-                }
-                position++;
+            // Define the path to the config settings file
+            Path settingsPath = Paths.get("configs", "settings.yml");
+            // Load the template resource
+            URL settingsTemplateResource =
+                    getClass().getClassLoader().getResource("settings.yml.template");
+            if (settingsTemplateResource == null) {
+                throw new IOException("Resource not found: settings.yml.template");
            }

-            // Write the result to the user settings file
-            Files.write(userPath, resultLines);
+            // Create a temporary file to copy the resource content
+            Path tempTemplatePath = Files.createTempFile("settings.yml", ".template");
+
+            try (InputStream in = settingsTemplateResource.openStream()) {
+                Files.copy(in, tempTemplatePath, StandardCopyOption.REPLACE_EXISTING);
+            }
+
+            final YamlFile settingsTemplateFile = new YamlFile(tempTemplatePath.toFile());
+            DumperOptions yamlOptionsSettingsTemplateFile =
+                    ((SimpleYamlImplementation) settingsTemplateFile.getImplementation())
+                            .getDumperOptions();
+            yamlOptionsSettingsTemplateFile.setSplitLines(false);
+            settingsTemplateFile.loadWithComments();
+
+            final YamlFile settingsFile = new YamlFile(settingsPath.toFile());
+            DumperOptions yamlOptionsSettingsFile =
+                    ((SimpleYamlImplementation) settingsFile.getImplementation())
+                            .getDumperOptions();
+            yamlOptionsSettingsFile.setSplitLines(false);
+            settingsFile.loadWithComments();
+
+            // Load headers and comments
+            String header = settingsTemplateFile.getHeader();
+
+            // Create a new file for temporary settings
+            final YamlFile tempSettingFile = new YamlFile(settingsPath.toFile());
+            DumperOptions yamlOptionsTempSettingFile =
+                    ((SimpleYamlImplementation) tempSettingFile.getImplementation())
+                            .getDumperOptions();
+            yamlOptionsTempSettingFile.setSplitLines(false);
+            tempSettingFile.createNewFile(true);
+            tempSettingFile.setHeader(header);
+
+            // Get all keys from the template
+            List<String> keys =
+                    Arrays.asList(settingsTemplateFile.getKeys(true).toArray(new String[0]));
+
+            for (String key : keys) {
+                if (!key.contains(".")) {
+                    // Add blank lines and comments to specific sections
+                    tempSettingFile
+                            .path(key)
+                            .comment(settingsTemplateFile.getComment(key))
+                            .blankLine();
+                    continue;
+                }
+                // Copy settings from the template to the settings.yml file
+                changeConfigItemFromCommentToKeyValue(
+                        settingsTemplateFile, settingsFile, tempSettingFile, key);
+            }
+
+            // Save the settings.yml file
+            tempSettingFile.save();
        }

+        // Create custom settings file if it doesn't exist
        Path customSettingsPath = Paths.get("configs", "custom_settings.yml");
        if (!Files.exists(customSettingsPath)) {
            Files.createFile(customSettingsPath);
        }
    }

-    // TODO check parent value instead of just indent lines for duplicate keys (like enabled etc)
-    private static void addLine(
-            List<String> resultLines,
-            List<String> userLines,
-            String templateLine,
-            String key,
-            int position) {
-        boolean added = false;
-        int templateIndentationLevel = getIndentationLevel(templateLine);
-        int pos = 0;
-        for (String settingsLine : userLines) {
-            if (settingsLine.trim().startsWith(key + ":") && position == pos) {
-                int settingsIndentationLevel = getIndentationLevel(settingsLine);
-                // Check if it is correct settingsLine and has the same parent as templateLine
-                if (settingsIndentationLevel == templateIndentationLevel) {
-                    resultLines.add(settingsLine);
-                    added = true;
-                    break;
-                }
-            }
-            pos++;
+    private void changeConfigItemFromCommentToKeyValue(
+            final YamlFile settingsTemplateFile,
+            final YamlFile settingsFile,
+            final YamlFile tempSettingFile,
+            String path) {
+        if (settingsFile.get(path) == null && settingsTemplateFile.get(path) != null) {
+            // If the key is only in the template, add it to the temporary settings with comments
+            tempSettingFile
+                    .path(path)
+                    .set(settingsTemplateFile.get(path))
+                    .comment(settingsTemplateFile.getComment(path, CommentType.BLOCK))
+                    .commentSide(settingsTemplateFile.getComment(path, CommentType.SIDE));
+        } else if (settingsFile.get(path) != null && settingsTemplateFile.get(path) != null) {
+            // If the key is in both, update the temporary settings with the main settings' value
+            // and comments
+            tempSettingFile
+                    .path(path)
+                    .set(settingsFile.get(path))
+                    .comment(settingsTemplateFile.getComment(path, CommentType.BLOCK))
+                    .commentSide(settingsTemplateFile.getComment(path, CommentType.SIDE));
+        } else {
+            // Log if the key is not found in both YAML files
+            logger.info("Key not found in both YAML files: " + path);
        }
-        if (!added) {
-            resultLines.add(templateLine);
-        }
-    }
-
-    private static int getIndentationLevel(String line) {
-        int indentationLevel = 0;
-        String trimmedLine = line.trim();
-        if (trimmedLine.startsWith("#")) {
-            line = trimmedLine.substring(1);
-        }
-        for (char c : line.toCharArray()) {
-            if (c == ' ') {
-                indentationLevel++;
-            } else {
-                break;
-            }
-        }
-        return indentationLevel;
    }
 }
--- a/src/main/java/stirling/software/SPDF/config/DatabaseBackupInterface.java
+++ b/src/main/java/stirling/software/SPDF/config/DatabaseBackupInterface.java
@@ -0,0 +1,16 @@
+package stirling.software.SPDF.config;
+
+import java.io.IOException;
+import java.util.List;
+
+import stirling.software.SPDF.utils.FileInfo;
+
+public interface DatabaseBackupInterface {
+    void exportDatabase() throws IOException;
+
+    boolean importDatabase();
+
+    boolean hasBackup();
+
+    List<FileInfo> getBackupList();
+}
--- a/src/main/java/stirling/software/SPDF/config/EndpointConfiguration.java
+++ b/src/main/java/stirling/software/SPDF/config/EndpointConfiguration.java
@@ -116,6 +116,7 @@ public class EndpointConfiguration {
        addEndpointToGroup("Security", "change-permissions");
        addEndpointToGroup("Security", "add-watermark");
        addEndpointToGroup("Security", "cert-sign");
+        addEndpointToGroup("Security", "remove-cert-sign");
        addEndpointToGroup("Security", "sanitize-pdf");
        addEndpointToGroup("Security", "auto-redact");

@@ -136,6 +137,7 @@ public class EndpointConfiguration {
        addEndpointToGroup("Other", "auto-rename");
        addEndpointToGroup("Other", "get-info-on-pdf");
        addEndpointToGroup("Other", "show-javascript");
+        addEndpointToGroup("Other", "remove-image-pdf");

        // CLI
        addEndpointToGroup("CLI", "compress-pdf");
@@ -164,6 +166,7 @@ public class EndpointConfiguration {
        addEndpointToGroup("Python", REMOVE_BLANKS);
        addEndpointToGroup("Python", "html-to-pdf");
        addEndpointToGroup("Python", "url-to-pdf");
+        addEndpointToGroup("Python", "pdf-to-img");

        // openCV
        addEndpointToGroup("OpenCV", "extract-image-scans");
@@ -200,6 +203,7 @@ public class EndpointConfiguration {
        addEndpointToGroup("Java", "extract-images");
        addEndpointToGroup("Java", "change-metadata");
        addEndpointToGroup("Java", "cert-sign");
+        addEndpointToGroup("Java", "remove-cert-sign");
        addEndpointToGroup("Java", "multi-page-layout");
        addEndpointToGroup("Java", "scale-pages");
        addEndpointToGroup("Java", "add-page-numbers");
@@ -219,6 +223,7 @@ public class EndpointConfiguration {
        addEndpointToGroup("Java", "split-pdf-by-sections");
        addEndpointToGroup("Java", REMOVE_BLANKS);
        addEndpointToGroup("Java", "pdf-to-text");
+        addEndpointToGroup("Java", "remove-image-pdf");

        // Javascript
        addEndpointToGroup("Javascript", "pdf-organizer");
--- a/src/main/java/stirling/software/SPDF/config/FileFallbackTemplateResolver.java
+++ b/src/main/java/stirling/software/SPDF/config/FileFallbackTemplateResolver.java
@@ -1,16 +1,18 @@
 package stirling.software.SPDF.config;

 import java.io.IOException;
+import java.io.InputStream;
 import java.util.Map;

 import org.springframework.core.io.Resource;
 import org.springframework.core.io.ResourceLoader;
 import org.thymeleaf.IEngineConfiguration;
 import org.thymeleaf.templateresolver.AbstractConfigurableTemplateResolver;
-import org.thymeleaf.templateresource.ClassLoaderTemplateResource;
 import org.thymeleaf.templateresource.FileTemplateResource;
 import org.thymeleaf.templateresource.ITemplateResource;

+import stirling.software.SPDF.model.InputStreamTemplateResource;
+
 public class FileFallbackTemplateResolver extends AbstractConfigurableTemplateResolver {

    private final ResourceLoader resourceLoader;
@@ -40,9 +42,13 @@ public class FileFallbackTemplateResolver extends AbstractConfigurableTemplateRe

        }

-        return new ClassLoaderTemplateResource(
-                Thread.currentThread().getContextClassLoader(),
-                "classpath:/templates/" + resourceName,
-                characterEncoding);
+        InputStream inputStream =
+                Thread.currentThread()
+                        .getContextClassLoader()
+                        .getResourceAsStream("templates/" + resourceName);
+        if (inputStream != null) {
+            return new InputStreamTemplateResource(inputStream, "UTF-8");
+        }
+        return null;
    }
 }
--- a/src/main/java/stirling/software/SPDF/config/MetricsFilter.java
+++ b/src/main/java/stirling/software/SPDF/config/MetricsFilter.java
@@ -36,7 +36,6 @@ public class MetricsFilter extends OncePerRequestFilter {
                || uri.startsWith("/v1/api-docs")
                || uri.endsWith("robots.txt")
                || uri.startsWith("/images")
-                || uri.startsWith("/images")
                || uri.endsWith(".png")
                || uri.endsWith(".ico")
                || uri.endsWith(".css")
--- a/src/main/java/stirling/software/SPDF/config/security/AppUpdateAuthService.java
+++ b/src/main/java/stirling/software/SPDF/config/security/AppUpdateAuthService.java
@@ -18,6 +18,7 @@ class AppUpdateAuthService implements ShowAdminInterface {
    @Autowired private UserRepository userRepository;
    @Autowired private ApplicationProperties applicationProperties;

+    @Override
    public boolean getShowUpdateOnlyAdmins() {
        boolean showUpdate = applicationProperties.getSystem().getShowUpdate();
        if (!showUpdate) {
--- a/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java
+++ b/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java
@@ -3,9 +3,8 @@ package stirling.software.SPDF.config.security;
 import java.io.IOException;
 import java.util.Optional;

-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.DisabledException;
 import org.springframework.security.authentication.InternalAuthenticationServiceException;
 import org.springframework.security.authentication.LockedException;
 import org.springframework.security.core.AuthenticationException;
@@ -15,17 +14,16 @@ import org.springframework.security.web.authentication.SimpleUrlAuthenticationFa
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.User;

+@Slf4j
 public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {

    private LoginAttemptService loginAttemptService;

    private UserService userService;

-    private static final Logger logger =
-            LoggerFactory.getLogger(CustomAuthenticationFailureHandler.class);
-
    public CustomAuthenticationFailureHandler(
            final LoginAttemptService loginAttemptService, UserService userService) {
        this.loginAttemptService = loginAttemptService;
@@ -39,39 +37,50 @@ public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationF
            AuthenticationException exception)
            throws IOException, ServletException {

-        String ip = request.getRemoteAddr();
-        logger.error("Failed login attempt from IP: {}", ip);
+        if (exception instanceof DisabledException) {
+            log.error("User is deactivated: ", exception);
+            getRedirectStrategy().sendRedirect(request, response, "/logout?userIsDisabled=true");
+            return;
+        }

-        if (exception.getClass().isAssignableFrom(InternalAuthenticationServiceException.class)
-                || "Password must not be null".equalsIgnoreCase(exception.getMessage())) {
-            response.sendRedirect("/login?error=oauth2AuthenticationError");
+        String ip = request.getRemoteAddr();
+        log.error("Failed login attempt from IP: {}", ip);
+
+        if (exception instanceof LockedException) {
+            getRedirectStrategy().sendRedirect(request, response, "/login?error=locked");
            return;
        }

        String username = request.getParameter("username");
-        if (username != null && !isDemoUser(username)) {
-            logger.info(
+        Optional<User> optUser = userService.findByUsernameIgnoreCase(username);
+
+        if (username != null && optUser.isPresent() && !isDemoUser(optUser)) {
+            log.info(
                    "Remaining attempts for user {}: {}",
                    username,
                    loginAttemptService.getRemainingAttempts(username));
            loginAttemptService.loginFailed(username);
-            if (loginAttemptService.isBlocked(username)
-                    || exception.getClass().isAssignableFrom(LockedException.class)) {
-                response.sendRedirect("/login?error=locked");
+            if (loginAttemptService.isBlocked(username) || exception instanceof LockedException) {
+                getRedirectStrategy().sendRedirect(request, response, "/login?error=locked");
                return;
            }
        }
-        if (exception.getClass().isAssignableFrom(BadCredentialsException.class)
-                || exception.getClass().isAssignableFrom(UsernameNotFoundException.class)) {
-            response.sendRedirect("/login?error=badcredentials");
+        if (exception instanceof BadCredentialsException
+                || exception instanceof UsernameNotFoundException) {
+            getRedirectStrategy().sendRedirect(request, response, "/login?error=badcredentials");
+            return;
+        }
+        if (exception instanceof InternalAuthenticationServiceException
+                || "Password must not be null".equalsIgnoreCase(exception.getMessage())) {
+            getRedirectStrategy()
+                    .sendRedirect(request, response, "/login?error=oauth2AuthenticationError");
            return;
        }

        super.onAuthenticationFailure(request, response, exception);
    }

-    private boolean isDemoUser(String username) {
-        Optional<User> user = userService.findByUsernameIgnoreCase(username);
+    private boolean isDemoUser(Optional<User> user) {
        return user.isPresent()
                && user.get().getAuthorities().stream()
                        .anyMatch(authority -> "ROLE_DEMO_USER".equals(authority.getAuthority()));
--- a/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationSuccessHandler.java
+++ b/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationSuccessHandler.java
@@ -10,15 +10,20 @@ import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import jakarta.servlet.http.HttpSession;
+import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.utils.RequestUriUtils;

+@Slf4j
 public class CustomAuthenticationSuccessHandler
        extends SavedRequestAwareAuthenticationSuccessHandler {

    private LoginAttemptService loginAttemptService;
+    private UserService userService;

-    public CustomAuthenticationSuccessHandler(LoginAttemptService loginAttemptService) {
+    public CustomAuthenticationSuccessHandler(
+            LoginAttemptService loginAttemptService, UserService userService) {
        this.loginAttemptService = loginAttemptService;
+        this.userService = userService;
    }

    @Override
@@ -27,6 +32,10 @@ public class CustomAuthenticationSuccessHandler
            throws ServletException, IOException {

        String userName = request.getParameter("username");
+        if (userService.isUserDisabled(userName)) {
+            getRedirectStrategy().sendRedirect(request, response, "/logout?userIsDisabled=true");
+            return;
+        }
        loginAttemptService.loginSucceeded(userName);

        // Get the saved request
@@ -37,7 +46,8 @@ public class CustomAuthenticationSuccessHandler
                        : null;

        if (savedRequest != null
-                && !RequestUriUtils.isStaticResource(savedRequest.getRedirectUrl())) {
+                && !RequestUriUtils.isStaticResource(
+                        request.getContextPath(), savedRequest.getRedirectUrl())) {
            // Redirect to the original destination
            super.onAuthenticationSuccess(request, response, authentication);
        } else {
--- a/src/main/java/stirling/software/SPDF/config/security/CustomLogoutSuccessHandler.java
+++ b/src/main/java/stirling/software/SPDF/config/security/CustomLogoutSuccessHandler.java
@@ -2,32 +2,26 @@ package stirling.software.SPDF.config.security;

 import java.io.IOException;

-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.session.SessionRegistry;
 import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;

 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import jakarta.servlet.http.HttpSession;

 public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {

-    @Autowired SessionRegistry sessionRegistry;
-
    @Override
    public void onLogoutSuccess(
            HttpServletRequest request, HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException {
-        HttpSession session = request.getSession(false);
-        if (session != null) {
-            String sessionId = session.getId();
-            sessionRegistry.removeSessionInformation(sessionId);
-            session.invalidate();
-            logger.debug("Session invalidated: " + sessionId);
+
+        if (request.getParameter("userIsDisabled") != null) {
+            getRedirectStrategy()
+                    .sendRedirect(request, response, "/login?erroroauth=userIsDisabled");
+            return;
        }

-        response.sendRedirect(request.getContextPath() + "/login?logout=true");
+        getRedirectStrategy().sendRedirect(request, response, "/login?logout=true");
    }
 }
--- a/src/main/java/stirling/software/SPDF/config/security/FirstLoginFilter.java
+++ b/src/main/java/stirling/software/SPDF/config/security/FirstLoginFilter.java
@@ -28,8 +28,10 @@ public class FirstLoginFilter extends OncePerRequestFilter {
            throws ServletException, IOException {
        String method = request.getMethod();
        String requestURI = request.getRequestURI();
+        String contextPath = request.getContextPath();
+
        // Check if the request is for static resources
-        boolean isStaticResource = RequestUriUtils.isStaticResource(requestURI);
+        boolean isStaticResource = RequestUriUtils.isStaticResource(contextPath, requestURI);

        // If it's a static resource, just continue the filter chain and skip the logic below
        if (isStaticResource) {
@@ -43,8 +45,8 @@ public class FirstLoginFilter extends OncePerRequestFilter {
            if ("GET".equalsIgnoreCase(method)
                    && user.isPresent()
                    && user.get().isFirstLogin()
-                    && !"/change-creds".equals(requestURI)) {
-                response.sendRedirect("/change-creds");
+                    && !(contextPath + "/change-creds").equals(requestURI)) {
+                response.sendRedirect(contextPath + "/change-creds");
                return;
            }
        }
--- a/src/main/java/stirling/software/SPDF/config/security/IPRateLimitingFilter.java
+++ b/src/main/java/stirling/software/SPDF/config/security/IPRateLimitingFilter.java
@@ -33,7 +33,8 @@ public class IPRateLimitingFilter implements Filter {
            String method = httpRequest.getMethod();
            String requestURI = httpRequest.getRequestURI();
            // Check if the request is for static resources
-            boolean isStaticResource = RequestUriUtils.isStaticResource(requestURI);
+            boolean isStaticResource =
+                    RequestUriUtils.isStaticResource(httpRequest.getContextPath(), requestURI);

            // If it's a static resource, just continue the filter chain and skip the logic below
            if (isStaticResource) {
--- a/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java
+++ b/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java
@@ -1,34 +1,40 @@
 package stirling.software.SPDF.config.security;

 import java.io.IOException;
-import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.util.List;
 import java.util.UUID;

-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.simpleyaml.configuration.file.YamlFile;
+import org.simpleyaml.configuration.implementation.SimpleYamlImplementation;
+import org.simpleyaml.configuration.implementation.snakeyaml.lib.DumperOptions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;

 import jakarta.annotation.PostConstruct;
+import lombok.extern.slf4j.Slf4j;
+import stirling.software.SPDF.config.DatabaseBackupInterface;
 import stirling.software.SPDF.model.ApplicationProperties;
 import stirling.software.SPDF.model.Role;

@Component
+@Slf4j
 public class InitialSecuritySetup {

    @Autowired private UserService userService;

    @Autowired private ApplicationProperties applicationProperties;

-    private static final Logger logger = LoggerFactory.getLogger(InitialSecuritySetup.class);
+    @Autowired private DatabaseBackupInterface databaseBackupHelper;

    @PostConstruct
-    public void init() {
-        if (!userService.hasUsers()) {
+    public void init() throws IllegalArgumentException, IOException {
+        if (databaseBackupHelper.hasBackup() && !userService.hasUsers()) {
+            databaseBackupHelper.importDatabase();
+        } else if (!userService.hasUsers()) {
            initializeAdminUser();
+        } else {
+            databaseBackupHelper.exportDatabase();
        }
        initializeInternalApiUser();
    }
@@ -42,12 +48,11 @@ public class InitialSecuritySetup {
        }
    }

-    private void initializeAdminUser() {
+    private void initializeAdminUser() throws IOException {
        String initialUsername =
                applicationProperties.getSecurity().getInitialLogin().getUsername();
        String initialPassword =
                applicationProperties.getSecurity().getInitialLogin().getPassword();
-
        if (initialUsername != null
                && !initialUsername.isEmpty()
                && initialPassword != null
@@ -55,9 +60,9 @@ public class InitialSecuritySetup {
                && !userService.findByUsernameIgnoreCase(initialUsername).isPresent()) {
            try {
                userService.saveUser(initialUsername, initialPassword, Role.ADMIN.getRoleId());
-                logger.info("Admin user created: " + initialUsername);
+                log.info("Admin user created: " + initialUsername);
            } catch (IllegalArgumentException e) {
-                logger.error("Failed to initialize security setup", e);
+                log.error("Failed to initialize security setup", e);
                System.exit(1);
            }
        } else {
@@ -65,54 +70,41 @@ public class InitialSecuritySetup {
        }
    }

-    private void createDefaultAdminUser() {
+    private void createDefaultAdminUser() throws IllegalArgumentException, IOException {
        String defaultUsername = "admin";
        String defaultPassword = "stirling";
        if (!userService.findByUsernameIgnoreCase(defaultUsername).isPresent()) {
            userService.saveUser(defaultUsername, defaultPassword, Role.ADMIN.getRoleId(), true);
-            logger.info("Default admin user created: " + defaultUsername);
+            log.info("Default admin user created: " + defaultUsername);
        }
    }

-    private void initializeInternalApiUser() {
+    private void initializeInternalApiUser() throws IllegalArgumentException, IOException {
        if (!userService.usernameExistsIgnoreCase(Role.INTERNAL_API_USER.getRoleId())) {
            userService.saveUser(
                    Role.INTERNAL_API_USER.getRoleId(),
                    UUID.randomUUID().toString(),
                    Role.INTERNAL_API_USER.getRoleId());
            userService.addApiKeyToUser(Role.INTERNAL_API_USER.getRoleId());
-            logger.info("Internal API user created: " + Role.INTERNAL_API_USER.getRoleId());
+            log.info("Internal API user created: " + Role.INTERNAL_API_USER.getRoleId());
        }
    }

    private void saveKeyToConfig(String key) throws IOException {
        Path path = Paths.get("configs", "settings.yml"); // Target the configs/settings.yml
-        List<String> lines = Files.readAllLines(path);
-        boolean keyFound = false;

-        // Search for the existing key to replace it or place to add it
-        for (int i = 0; i < lines.size(); i++) {
-            if (lines.get(i).startsWith("AutomaticallyGenerated:")) {
-                keyFound = true;
-                if (i + 1 < lines.size() && lines.get(i + 1).trim().startsWith("key:")) {
-                    lines.set(i + 1, "  key: " + key);
-                    break;
-                } else {
-                    lines.add(i + 1, "  key: " + key);
-                    break;
-                }
-            }
-        }
+        final YamlFile settingsYml = new YamlFile(path.toFile());
+        DumperOptions yamlOptionssettingsYml =
+                ((SimpleYamlImplementation) settingsYml.getImplementation()).getDumperOptions();
+        yamlOptionssettingsYml.setSplitLines(false);

-        // If the section doesn't exist, append it
-        if (!keyFound) {
-            lines.add("# Automatically Generated Settings (Do Not Edit Directly)");
-            lines.add("AutomaticallyGenerated:");
-            lines.add("  key: " + key);
-        }
+        settingsYml.loadWithComments();

-        // Write back to the file
-        Files.write(path, lines);
+        settingsYml
+                .path("AutomaticallyGenerated.key")
+                .set(key)
+                .comment("# Automatically Generated Settings (Do Not Edit Directly)");
+        settingsYml.save();
    }

    private boolean isValidUUID(String uuid) {
--- a/src/main/java/stirling/software/SPDF/config/security/LoginAttemptService.java
+++ b/src/main/java/stirling/software/SPDF/config/security/LoginAttemptService.java
@@ -3,8 +3,6 @@ package stirling.software.SPDF.config.security;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.TimeUnit;

-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;

@@ -17,8 +15,6 @@ public class LoginAttemptService {

    @Autowired ApplicationProperties applicationProperties;

-    private static final Logger logger = LoggerFactory.getLogger(LoginAttemptService.class);
-
    private int MAX_ATTEMPT;
    private long ATTEMPT_INCREMENT_TIME;
    private ConcurrentHashMap<String, AttemptCounter> attemptsCache;
@@ -33,7 +29,6 @@ public class LoginAttemptService {
    }

    public void loginSucceeded(String key) {
-        logger.info(key + " " + attemptsCache.mappingCount());
        if (key == null || key.trim().isEmpty()) {
            return;
        }
--- a/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
+++ b/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
@@ -18,8 +18,6 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
-import org.springframework.security.core.session.SessionRegistry;
-import org.springframework.security.core.session.SessionRegistryImpl;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -37,17 +35,18 @@ import stirling.software.SPDF.config.security.oauth2.CustomOAuth2AuthenticationF
 import stirling.software.SPDF.config.security.oauth2.CustomOAuth2AuthenticationSuccessHandler;
 import stirling.software.SPDF.config.security.oauth2.CustomOAuth2LogoutSuccessHandler;
 import stirling.software.SPDF.config.security.oauth2.CustomOAuth2UserService;
+import stirling.software.SPDF.config.security.session.SessionPersistentRegistry;
 import stirling.software.SPDF.model.ApplicationProperties;
-import stirling.software.SPDF.model.ApplicationProperties.GithubProvider;
-import stirling.software.SPDF.model.ApplicationProperties.GoogleProvider;
-import stirling.software.SPDF.model.ApplicationProperties.KeycloakProvider;
 import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
 import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2.Client;
 import stirling.software.SPDF.model.User;
+import stirling.software.SPDF.model.provider.GithubProvider;
+import stirling.software.SPDF.model.provider.GoogleProvider;
+import stirling.software.SPDF.model.provider.KeycloakProvider;
 import stirling.software.SPDF.repository.JPATokenRepositoryImpl;

@Configuration
-@EnableWebSecurity()
+@EnableWebSecurity
@EnableMethodSecurity
 public class SecurityConfiguration {

@@ -73,11 +72,7 @@ public class SecurityConfiguration {
    @Autowired private LoginAttemptService loginAttemptService;

    @Autowired private FirstLoginFilter firstLoginFilter;
-
-    @Bean
-    public SessionRegistry sessionRegistry() {
-        return new SessionRegistryImpl();
-    }
+    @Autowired private SessionPersistentRegistry sessionRegistry;

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
@@ -94,7 +89,7 @@ public class SecurityConfiguration {
                                    .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                                    .maximumSessions(10)
                                    .maxSessionsPreventsLogin(false)
-                                    .sessionRegistry(sessionRegistry())
+                                    .sessionRegistry(sessionRegistry)
                                    .expiredUrl("/login?logout=true"));

            http.formLogin(
@@ -103,7 +98,7 @@ public class SecurityConfiguration {
                                            .loginPage("/login")
                                            .successHandler(
                                                    new CustomAuthenticationSuccessHandler(
-                                                            loginAttemptService))
+                                                            loginAttemptService, userService))
                                            .defaultSuccessUrl("/")
                                            .failureHandler(
                                                    new CustomAuthenticationFailureHandler(
@@ -160,7 +155,11 @@ public class SecurityConfiguration {

            // Handle OAUTH2 Logins
            if (applicationProperties.getSecurity().getOAUTH2() != null
-                    && applicationProperties.getSecurity().getOAUTH2().getEnabled()) {
+                    && applicationProperties.getSecurity().getOAUTH2().getEnabled()
+                    && !applicationProperties
+                            .getSecurity()
+                            .getLoginMethod()
+                            .equalsIgnoreCase("normal")) {

                http.oauth2Login(
                                oauth2 ->
@@ -191,10 +190,8 @@ public class SecurityConfiguration {
                        .logout(
                                logout ->
                                        logout.logoutSuccessHandler(
-                                                        new CustomOAuth2LogoutSuccessHandler(
-                                                                this.applicationProperties,
-                                                                sessionRegistry()))
-                                                .invalidateHttpSession(true));
+                                                new CustomOAuth2LogoutSuccessHandler(
+                                                        applicationProperties)));
            }
        } else {
            http.csrf(csrf -> csrf.disable())
@@ -238,7 +235,7 @@ public class SecurityConfiguration {
        GoogleProvider google = client.getGoogle();
        return google != null && google.isSettingsValid()
                ? Optional.of(
-                        ClientRegistration.withRegistrationId("google")
+                        ClientRegistration.withRegistrationId(google.getName())
                                .clientId(google.getClientId())
                                .clientSecret(google.getClientSecret())
                                .scope(google.getScopes())
@@ -246,8 +243,8 @@ public class SecurityConfiguration {
                                .tokenUri(google.getTokenuri())
                                .userInfoUri(google.getUserinfouri())
                                .userNameAttributeName(google.getUseAsUsername())
-                                .clientName("Google")
-                                .redirectUri("{baseUrl}/login/oauth2/code/google")
+                                .clientName(google.getClientName())
+                                .redirectUri("{baseUrl}/login/oauth2/code/" + google.getName())
                                .authorizationGrantType(
                                        org.springframework.security.oauth2.core
                                                .AuthorizationGrantType.AUTHORIZATION_CODE)
@@ -269,12 +266,12 @@ public class SecurityConfiguration {
        return keycloak != null && keycloak.isSettingsValid()
                ? Optional.of(
                        ClientRegistrations.fromIssuerLocation(keycloak.getIssuer())
-                                .registrationId("keycloak")
+                                .registrationId(keycloak.getName())
                                .clientId(keycloak.getClientId())
                                .clientSecret(keycloak.getClientSecret())
                                .scope(keycloak.getScopes())
                                .userNameAttributeName(keycloak.getUseAsUsername())
-                                .clientName("Keycloak")
+                                .clientName(keycloak.getClientName())
                                .build())
                : Optional.empty();
    }
@@ -291,7 +288,7 @@ public class SecurityConfiguration {
        GithubProvider github = client.getGithub();
        return github != null && github.isSettingsValid()
                ? Optional.of(
-                        ClientRegistration.withRegistrationId("github")
+                        ClientRegistration.withRegistrationId(github.getName())
                                .clientId(github.getClientId())
                                .clientSecret(github.getClientSecret())
                                .scope(github.getScopes())
@@ -299,8 +296,8 @@ public class SecurityConfiguration {
                                .tokenUri(github.getTokenuri())
                                .userInfoUri(github.getUserinfouri())
                                .userNameAttributeName(github.getUseAsUsername())
-                                .clientName("GitHub")
-                                .redirectUri("{baseUrl}/login/oauth2/code/github")
+                                .clientName(github.getClientName())
+                                .redirectUri("{baseUrl}/login/oauth2/code/" + github.getName())
                                .authorizationGrantType(
                                        org.springframework.security.oauth2.core
                                                .AuthorizationGrantType.AUTHORIZATION_CODE)
--- a/src/main/java/stirling/software/SPDF/config/security/UserAuthenticationFilter.java
+++ b/src/main/java/stirling/software/SPDF/config/security/UserAuthenticationFilter.java
@@ -1,6 +1,9 @@
 package stirling.software.SPDF.config.security;

 import java.io.IOException;
+import java.util.List;
+import java.util.Optional;
+import java.util.stream.Collectors;

 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -8,9 +11,11 @@ import org.springframework.context.annotation.Lazy;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.session.SessionInformation;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;

@@ -18,15 +23,17 @@ import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import stirling.software.SPDF.config.security.session.SessionPersistentRegistry;
 import stirling.software.SPDF.model.ApiKeyAuthenticationToken;
+import stirling.software.SPDF.model.User;

@Component
 public class UserAuthenticationFilter extends OncePerRequestFilter {

-    @Autowired private UserDetailsService userDetailsService;
-
    @Autowired @Lazy private UserService userService;

+    @Autowired private SessionPersistentRegistry sessionPersistentRegistry;
+
    @Autowired
    @Qualifier("loginEnabled")
    public boolean loginEnabledValue;
@@ -51,15 +58,20 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
                try {
                    // Use API key to authenticate. This requires you to have an authentication
                    // provider for API keys.
-                    UserDetails userDetails = userService.loadUserByApiKey(apiKey);
-                    if (userDetails == null) {
+                    Optional<User> user = userService.loadUserByApiKey(apiKey);
+                    if (!user.isPresent()) {
                        response.setStatus(HttpStatus.UNAUTHORIZED.value());
                        response.getWriter().write("Invalid API Key.");
                        return;
                    }
-                    authentication =
-                            new ApiKeyAuthenticationToken(
-                                    userDetails, apiKey, userDetails.getAuthorities());
+                    List<SimpleGrantedAuthority> authorities =
+                            user.get().getAuthorities().stream()
+                                    .map(
+                                            authority ->
+                                                    new SimpleGrantedAuthority(
+                                                            authority.getAuthority()))
+                                    .collect(Collectors.toList());
+                    authentication = new ApiKeyAuthenticationToken(user.get(), apiKey, authorities);
                    SecurityContextHolder.getContext().setAuthentication(authentication);
                } catch (AuthenticationException e) {
                    // If API key authentication fails, deny the request
@@ -87,6 +99,43 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
            }
        }

+        // Check if the authenticated user is disabled and invalidate their session if so
+        if (authentication != null && authentication.isAuthenticated()) {
+            Object principal = authentication.getPrincipal();
+            String username = null;
+            if (principal instanceof UserDetails) {
+                username = ((UserDetails) principal).getUsername();
+            } else if (principal instanceof OAuth2User) {
+                username = ((OAuth2User) principal).getName();
+            } else if (principal instanceof String) {
+                username = (String) principal;
+            }
+
+            List<SessionInformation> sessionsInformations =
+                    sessionPersistentRegistry.getAllSessions(principal, false);
+
+            if (username != null) {
+                boolean isUserExists = userService.usernameExistsIgnoreCase(username);
+                boolean isUserDisabled = userService.isUserDisabled(username);
+
+                if (!isUserExists || isUserDisabled) {
+                    for (SessionInformation sessionsInformation : sessionsInformations) {
+                        sessionsInformation.expireNow();
+                        sessionPersistentRegistry.expireSession(sessionsInformation.getSessionId());
+                    }
+                }
+
+                if (!isUserExists) {
+                    response.sendRedirect(request.getContextPath() + "/logout?badcredentials=true");
+                    return;
+                }
+                if (isUserDisabled) {
+                    response.sendRedirect(request.getContextPath() + "/logout?userIsDisabled=true");
+                    return;
+                }
+            }
+        }
+
        filterChain.doFilter(request, response);
    }

@@ -104,6 +153,7 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
            contextPath + "/fonts/",
            contextPath + "/js/",
            contextPath + "/pdfjs/",
+            contextPath + "/pdfjs-legacy/",
            contextPath + "/api/v1/info/status",
            contextPath + "/site.webmanifest"
        };
--- a/src/main/java/stirling/software/SPDF/config/security/UserBasedRateLimitingFilter.java
+++ b/src/main/java/stirling/software/SPDF/config/security/UserBasedRateLimitingFilter.java
@@ -19,7 +19,6 @@ import org.springframework.web.filter.OncePerRequestFilter;
 import io.github.bucket4j.Bandwidth;
 import io.github.bucket4j.Bucket;
 import io.github.bucket4j.ConsumptionProbe;
-import io.github.bucket4j.Refill;
 import io.github.pixee.security.Newlines;

 import jakarta.servlet.FilterChain;
@@ -142,7 +141,10 @@ public class UserBasedRateLimitingFilter extends OncePerRequestFilter {

    private Bucket createUserBucket(int limitPerDay) {
        Bandwidth limit =
-                Bandwidth.classic(limitPerDay, Refill.intervally(limitPerDay, Duration.ofDays(1)));
+                Bandwidth.builder()
+                        .capacity(limitPerDay)
+                        .refillIntervally(limitPerDay, Duration.ofDays(1))
+                        .build();
        return Bucket.builder().addLimit(limit).build();
    }
 }
--- a/src/main/java/stirling/software/SPDF/config/security/UserService.java
+++ b/src/main/java/stirling/software/SPDF/config/security/UserService.java
@@ -1,5 +1,6 @@
 package stirling.software.SPDF.config.security;

+import java.io.IOException;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
@@ -14,11 +15,15 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.session.SessionInformation;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.stereotype.Service;

+import stirling.software.SPDF.config.DatabaseBackupInterface;
+import stirling.software.SPDF.config.security.session.SessionPersistentRegistry;
 import stirling.software.SPDF.controller.api.pipeline.UserServiceInterface;
 import stirling.software.SPDF.model.AuthenticationType;
 import stirling.software.SPDF.model.Authority;
@@ -38,12 +43,17 @@ public class UserService implements UserServiceInterface {

    @Autowired private MessageSource messageSource;

+    @Autowired private SessionPersistentRegistry sessionRegistry;
+
+    @Autowired DatabaseBackupInterface databaseBackupHelper;
+
    // Handle OAUTH2 login and user auto creation.
-    public boolean processOAuth2PostLogin(String username, boolean autoCreateUser) {
+    public boolean processOAuth2PostLogin(String username, boolean autoCreateUser)
+            throws IllegalArgumentException, IOException {
        if (!isUsernameValid(username)) {
            return false;
        }
-        Optional<User> existingUser = userRepository.findByUsernameIgnoreCase(username);
+        Optional<User> existingUser = findByUsernameIgnoreCase(username);
        if (existingUser.isPresent()) {
            return true;
        }
@@ -55,8 +65,8 @@ public class UserService implements UserServiceInterface {
    }

    public Authentication getAuthentication(String apiKey) {
-        User user = getUserByApiKey(apiKey);
-        if (user == null) {
+        Optional<User> user = getUserByApiKey(apiKey);
+        if (!user.isPresent()) {
            throw new UsernameNotFoundException("API key is not valid");
        }

@@ -64,7 +74,7 @@ public class UserService implements UserServiceInterface {
        return new UsernamePasswordAuthenticationToken(
                user, // principal (typically the user)
                null, // credentials (we don't expose the password or API key here)
-                getAuthorities(user) // user's authorities (roles/permissions)
+                getAuthorities(user.get()) // user's authorities (roles/permissions)
                );
    }

@@ -79,18 +89,17 @@ public class UserService implements UserServiceInterface {
        String apiKey;
        do {
            apiKey = UUID.randomUUID().toString();
-        } while (userRepository.findByApiKey(apiKey) != null); // Ensure uniqueness
+        } while (userRepository.findByApiKey(apiKey).isPresent()); // Ensure uniqueness
        return apiKey;
    }

    public User addApiKeyToUser(String username) {
-        User user =
-                userRepository
-                        .findByUsernameIgnoreCase(username)
-                        .orElseThrow(() -> new UsernameNotFoundException("User not found"));
-
-        user.setApiKey(generateApiKey());
-        return userRepository.save(user);
+        Optional<User> user = findByUsernameIgnoreCase(username);
+        if (user.isPresent()) {
+            user.get().setApiKey(generateApiKey());
+            return userRepository.save(user.get());
+        }
+        throw new UsernameNotFoundException("User not found");
    }

    public User refreshApiKeyForUser(String username) {
@@ -99,39 +108,40 @@ public class UserService implements UserServiceInterface {

    public String getApiKeyForUser(String username) {
        User user =
-                userRepository
-                        .findByUsernameIgnoreCase(username)
+                findByUsernameIgnoreCase(username)
                        .orElseThrow(() -> new UsernameNotFoundException("User not found"));
        return user.getApiKey();
    }

    public boolean isValidApiKey(String apiKey) {
-        return userRepository.findByApiKey(apiKey) != null;
+        return userRepository.findByApiKey(apiKey).isPresent();
    }

-    public User getUserByApiKey(String apiKey) {
+    public Optional<User> getUserByApiKey(String apiKey) {
        return userRepository.findByApiKey(apiKey);
    }

-    public UserDetails loadUserByApiKey(String apiKey) {
-        User user = userRepository.findByApiKey(apiKey);
-        if (user != null) {
-            // Convert your User entity to a UserDetails object with authorities
-            return new org.springframework.security.core.userdetails.User(
-                    user.getUsername(),
-                    user.getPassword(), // you might not need this for API key auth
-                    getAuthorities(user));
+    public Optional<User> loadUserByApiKey(String apiKey) {
+        Optional<User> user = userRepository.findByApiKey(apiKey);
+
+        if (user.isPresent()) {
+            return user;
        }
        return null; // or throw an exception
    }

    public boolean validateApiKeyForUser(String username, String apiKey) {
-        Optional<User> userOpt = userRepository.findByUsernameIgnoreCase(username);
+        Optional<User> userOpt = findByUsernameIgnoreCase(username);
        return userOpt.isPresent() && apiKey.equals(userOpt.get().getApiKey());
    }

    public void saveUser(String username, AuthenticationType authenticationType)
-            throws IllegalArgumentException {
+            throws IllegalArgumentException, IOException {
+        saveUser(username, authenticationType, Role.USER.getRoleId());
+    }
+
+    public void saveUser(String username, AuthenticationType authenticationType, String role)
+            throws IllegalArgumentException, IOException {
        if (!isUsernameValid(username)) {
            throw new IllegalArgumentException(getInvalidUsernameMessage());
        }
@@ -139,12 +149,14 @@ public class UserService implements UserServiceInterface {
        user.setUsername(username);
        user.setEnabled(true);
        user.setFirstLogin(false);
-        user.addAuthority(new Authority(Role.USER.getRoleId(), user));
+        user.addAuthority(new Authority(role, user));
        user.setAuthenticationType(authenticationType);
        userRepository.save(user);
+        databaseBackupHelper.exportDatabase();
    }

-    public void saveUser(String username, String password) throws IllegalArgumentException {
+    public void saveUser(String username, String password)
+            throws IllegalArgumentException, IOException {
        if (!isUsernameValid(username)) {
            throw new IllegalArgumentException(getInvalidUsernameMessage());
        }
@@ -154,10 +166,11 @@ public class UserService implements UserServiceInterface {
        user.setEnabled(true);
        user.setAuthenticationType(AuthenticationType.WEB);
        userRepository.save(user);
+        databaseBackupHelper.exportDatabase();
    }

    public void saveUser(String username, String password, String role, boolean firstLogin)
-            throws IllegalArgumentException {
+            throws IllegalArgumentException, IOException {
        if (!isUsernameValid(username)) {
            throw new IllegalArgumentException(getInvalidUsernameMessage());
        }
@@ -169,15 +182,16 @@ public class UserService implements UserServiceInterface {
        user.setAuthenticationType(AuthenticationType.WEB);
        user.setFirstLogin(firstLogin);
        userRepository.save(user);
+        databaseBackupHelper.exportDatabase();
    }

    public void saveUser(String username, String password, String role)
-            throws IllegalArgumentException {
+            throws IllegalArgumentException, IOException {
        saveUser(username, password, role, false);
    }

    public void deleteUser(String username) {
-        Optional<User> userOpt = userRepository.findByUsernameIgnoreCase(username);
+        Optional<User> userOpt = findByUsernameIgnoreCase(username);
        if (userOpt.isPresent()) {
            for (Authority authority : userOpt.get().getAuthorities()) {
                if (authority.getAuthority().equals(Role.INTERNAL_API_USER.getRoleId())) {
@@ -186,28 +200,28 @@ public class UserService implements UserServiceInterface {
            }
            userRepository.delete(userOpt.get());
        }
+        invalidateUserSessions(username);
    }

    public boolean usernameExists(String username) {
-        return userRepository.findByUsername(username).isPresent();
+        return findByUsername(username).isPresent();
    }

    public boolean usernameExistsIgnoreCase(String username) {
-        return userRepository.findByUsernameIgnoreCase(username).isPresent();
+        return findByUsernameIgnoreCase(username).isPresent();
    }

    public boolean hasUsers() {
        long userCount = userRepository.count();
-        if (userRepository
-                .findByUsernameIgnoreCase(Role.INTERNAL_API_USER.getRoleId())
-                .isPresent()) {
+        if (findByUsernameIgnoreCase(Role.INTERNAL_API_USER.getRoleId()).isPresent()) {
            userCount -= 1;
        }
        return userCount > 0;
    }

-    public void updateUserSettings(String username, Map<String, String> updates) {
-        Optional<User> userOpt = userRepository.findByUsernameIgnoreCase(username);
+    public void updateUserSettings(String username, Map<String, String> updates)
+            throws IOException {
+        Optional<User> userOpt = findByUsernameIgnoreCase(username);
        if (userOpt.isPresent()) {
            User user = userOpt.get();
            Map<String, String> settingsMap = user.getSettings();
@@ -220,6 +234,7 @@ public class UserService implements UserServiceInterface {
            user.setSettings(settingsMap);

            userRepository.save(user);
+            databaseBackupHelper.exportDatabase();
        }
    }

@@ -235,28 +250,39 @@ public class UserService implements UserServiceInterface {
        return authorityRepository.findByUserId(user.getId());
    }

-    public void changeUsername(User user, String newUsername) throws IllegalArgumentException {
+    public void changeUsername(User user, String newUsername)
+            throws IllegalArgumentException, IOException {
        if (!isUsernameValid(newUsername)) {
            throw new IllegalArgumentException(getInvalidUsernameMessage());
        }
        user.setUsername(newUsername);
        userRepository.save(user);
+        databaseBackupHelper.exportDatabase();
    }

-    public void changePassword(User user, String newPassword) {
+    public void changePassword(User user, String newPassword) throws IOException {
        user.setPassword(passwordEncoder.encode(newPassword));
        userRepository.save(user);
+        databaseBackupHelper.exportDatabase();
    }

-    public void changeFirstUse(User user, boolean firstUse) {
+    public void changeFirstUse(User user, boolean firstUse) throws IOException {
        user.setFirstLogin(firstUse);
        userRepository.save(user);
+        databaseBackupHelper.exportDatabase();
    }

-    public void changeRole(User user, String newRole) {
+    public void changeRole(User user, String newRole) throws IOException {
        Authority userAuthority = this.findRole(user);
        userAuthority.setAuthority(newRole);
        authorityRepository.save(userAuthority);
+        databaseBackupHelper.exportDatabase();
+    }
+
+    public void changeUserEnabled(User user, Boolean enbeled) throws IOException {
+        user.setEnabled(enbeled);
+        userRepository.save(user);
+        databaseBackupHelper.exportDatabase();
    }

    public boolean isPasswordCorrect(User user, String currentPassword) {
@@ -280,14 +306,40 @@ public class UserService implements UserServiceInterface {
    }

    public boolean hasPassword(String username) {
-        Optional<User> user = userRepository.findByUsernameIgnoreCase(username);
+        Optional<User> user = findByUsernameIgnoreCase(username);
        return user.isPresent() && user.get().hasPassword();
    }

    public boolean isAuthenticationTypeByUsername(
            String username, AuthenticationType authenticationType) {
-        Optional<User> user = userRepository.findByUsernameIgnoreCase(username);
+        Optional<User> user = findByUsernameIgnoreCase(username);
        return user.isPresent()
                && authenticationType.name().equalsIgnoreCase(user.get().getAuthenticationType());
    }
+
+    public boolean isUserDisabled(String username) {
+        Optional<User> userOpt = findByUsernameIgnoreCase(username);
+        return userOpt.map(user -> !user.isEnabled()).orElse(false);
+    }
+
+    public void invalidateUserSessions(String username) {
+        String usernameP = "";
+        for (Object principal : sessionRegistry.getAllPrincipals()) {
+            for (SessionInformation sessionsInformation :
+                    sessionRegistry.getAllSessions(principal, false)) {
+                if (principal instanceof UserDetails) {
+                    UserDetails userDetails = (UserDetails) principal;
+                    usernameP = userDetails.getUsername();
+                } else if (principal instanceof OAuth2User) {
+                    OAuth2User oAuth2User = (OAuth2User) principal;
+                    usernameP = oAuth2User.getName();
+                } else if (principal instanceof String) {
+                    usernameP = (String) principal;
+                }
+                if (usernameP.equalsIgnoreCase(username)) {
+                    sessionRegistry.expireSession(sessionsInformation.getSessionId());
+                }
+            }
+        }
+    }
 }
--- a/src/main/java/stirling/software/SPDF/config/security/database/DatabaseBackupHelper.java
+++ b/src/main/java/stirling/software/SPDF/config/security/database/DatabaseBackupHelper.java
@@ -0,0 +1,205 @@
+package stirling.software.SPDF.config.security.database;
+
+import java.io.IOException;
+import java.nio.file.DirectoryStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.attribute.BasicFileAttributes;
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.time.format.DateTimeFormatter;
+import java.util.ArrayList;
+import java.util.Comparator;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+
+import lombok.extern.slf4j.Slf4j;
+import stirling.software.SPDF.config.DatabaseBackupInterface;
+import stirling.software.SPDF.utils.FileInfo;
+
+@Slf4j
+@Configuration
+public class DatabaseBackupHelper implements DatabaseBackupInterface {
+
+    @Value("${spring.datasource.url}")
+    private String url;
+
+    private Path backupPath = Paths.get("configs/db/backup/");
+
+    @Override
+    public boolean hasBackup() {
+        // Check if there is at least one backup
+        return !getBackupList().isEmpty();
+    }
+
+    @Override
+    public List<FileInfo> getBackupList() {
+        // Check if the backup directory exists, and create it if it does not
+        ensureBackupDirectoryExists();
+
+        List<FileInfo> backupFiles = new ArrayList<>();
+
+        // Read the backup directory and filter for files with the prefix "backup_" and suffix
+        // ".sql"
+        try (DirectoryStream<Path> stream =
+                Files.newDirectoryStream(
+                        backupPath,
+                        path ->
+                                path.getFileName().toString().startsWith("backup_")
+                                        && path.getFileName().toString().endsWith(".sql"))) {
+            for (Path entry : stream) {
+                BasicFileAttributes attrs = Files.readAttributes(entry, BasicFileAttributes.class);
+                LocalDateTime modificationDate =
+                        LocalDateTime.ofInstant(
+                                attrs.lastModifiedTime().toInstant(), ZoneId.systemDefault());
+                LocalDateTime creationDate =
+                        LocalDateTime.ofInstant(
+                                attrs.creationTime().toInstant(), ZoneId.systemDefault());
+                long fileSize = attrs.size();
+                backupFiles.add(
+                        new FileInfo(
+                                entry.getFileName().toString(),
+                                entry.toString(),
+                                modificationDate,
+                                fileSize,
+                                creationDate));
+            }
+        } catch (IOException e) {
+            log.error("Error reading backup directory: {}", e.getMessage(), e);
+        }
+        return backupFiles;
+    }
+
+    // Imports a database backup from the specified file.
+    public boolean importDatabaseFromUI(String fileName) throws IOException {
+        return this.importDatabaseFromUI(getBackupFilePath(fileName));
+    }
+
+    // Imports a database backup from the specified path.
+    public boolean importDatabaseFromUI(Path tempTemplatePath) throws IOException {
+        boolean success = executeDatabaseScript(tempTemplatePath);
+        if (success) {
+            LocalDateTime dateNow = LocalDateTime.now();
+            DateTimeFormatter myFormatObj = DateTimeFormatter.ofPattern("yyyyMMddHHmm");
+            Path insertOutputFilePath =
+                    this.getBackupFilePath("backup_user_" + dateNow.format(myFormatObj) + ".sql");
+            Files.copy(tempTemplatePath, insertOutputFilePath);
+            Files.deleteIfExists(tempTemplatePath);
+        }
+        return success;
+    }
+
+    @Override
+    public boolean importDatabase() {
+        if (!this.hasBackup()) return false;
+
+        List<FileInfo> backupList = this.getBackupList();
+        backupList.sort(Comparator.comparing(FileInfo::getModificationDate).reversed());
+
+        return executeDatabaseScript(Paths.get(backupList.get(0).getFilePath()));
+    }
+
+    @Override
+    public void exportDatabase() throws IOException {
+        // Check if the backup directory exists, and create it if it does not
+        ensureBackupDirectoryExists();
+
+        // Filter and delete old backups if there are more than 5
+        List<FileInfo> filteredBackupList =
+                this.getBackupList().stream()
+                        .filter(backup -> !backup.getFileName().startsWith("backup_user_"))
+                        .collect(Collectors.toList());
+
+        if (filteredBackupList.size() > 5) {
+            filteredBackupList.sort(
+                    Comparator.comparing(
+                            p -> p.getFileName().substring(7, p.getFileName().length() - 4)));
+            Files.deleteIfExists(Paths.get(filteredBackupList.get(0).getFilePath()));
+            log.info("Deleted oldest backup: {}", filteredBackupList.get(0).getFileName());
+        }
+
+        LocalDateTime dateNow = LocalDateTime.now();
+        DateTimeFormatter myFormatObj = DateTimeFormatter.ofPattern("yyyyMMddHHmm");
+        Path insertOutputFilePath =
+                this.getBackupFilePath("backup_" + dateNow.format(myFormatObj) + ".sql");
+        String query = "SCRIPT SIMPLE COLUMNS DROP to ?;";
+
+        try (Connection conn = DriverManager.getConnection(url, "sa", "");
+                PreparedStatement stmt = conn.prepareStatement(query)) {
+            stmt.setString(1, insertOutputFilePath.toString());
+            stmt.execute();
+            log.info("Database export completed: {}", insertOutputFilePath);
+        } catch (SQLException e) {
+            log.error("Error during database export: {}", e.getMessage(), e);
+        }
+    }
+
+    // Retrieves the H2 database version.
+    public String getH2Version() {
+        String version = "Unknown";
+        try (Connection conn = DriverManager.getConnection(url, "sa", "")) {
+            try (Statement stmt = conn.createStatement();
+                    ResultSet rs = stmt.executeQuery("SELECT H2VERSION() AS version")) {
+                if (rs.next()) {
+                    version = rs.getString("version");
+                    log.info("H2 Database Version: {}", version);
+                }
+            }
+        } catch (SQLException e) {
+            log.error("Error retrieving H2 version: {}", e.getMessage(), e);
+        }
+        return version;
+    }
+
+    // Deletes a backup file.
+    public boolean deleteBackupFile(String fileName) throws IOException {
+        Path filePath = this.getBackupFilePath(fileName);
+        if (Files.deleteIfExists(filePath)) {
+            log.info("Deleted backup file: {}", fileName);
+            return true;
+        } else {
+            log.error("File not found or could not be deleted: {}", fileName);
+            return false;
+        }
+    }
+
+    // Gets the Path object for a given backup file name.
+    public Path getBackupFilePath(String fileName) {
+        return Paths.get(backupPath.toString(), fileName);
+    }
+
+    private boolean executeDatabaseScript(Path scriptPath) {
+        String query = "RUNSCRIPT from ?;";
+
+        try (Connection conn = DriverManager.getConnection(url, "sa", "");
+                PreparedStatement stmt = conn.prepareStatement(query)) {
+            stmt.setString(1, scriptPath.toString());
+            stmt.execute();
+            log.info("Database import completed: {}", scriptPath);
+            return true;
+        } catch (SQLException e) {
+            log.error("Error during database import: {}", e.getMessage(), e);
+            return false;
+        }
+    }
+
+    private void ensureBackupDirectoryExists() {
+        if (Files.notExists(backupPath)) {
+            try {
+                Files.createDirectories(backupPath);
+            } catch (IOException e) {
+                log.error("Error creating directories: {}", e.getMessage());
+            }
+        }
+    }
+}
--- a/src/main/java/stirling/software/SPDF/config/security/database/ScheduledTasks.java
+++ b/src/main/java/stirling/software/SPDF/config/security/database/ScheduledTasks.java
@@ -0,0 +1,18 @@
+package stirling.software.SPDF.config.security.database;
+
+import java.io.IOException;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.scheduling.annotation.Scheduled;
+import org.springframework.stereotype.Component;
+
+@Component
+public class ScheduledTasks {
+
+    @Autowired private DatabaseBackupHelper databaseBackupService;
+
+    @Scheduled(cron = "0 0 0 * * ?")
+    public void performBackup() throws IOException {
+        databaseBackupService.exportDatabase();
+    }
+}
--- a/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2AuthenticationFailureHandler.java
+++ b/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2AuthenticationFailureHandler.java
@@ -2,8 +2,8 @@ package stirling.software.SPDF.config.security.oauth2;

 import java.io.IOException;

-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.DisabledException;
 import org.springframework.security.authentication.LockedException;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@@ -13,19 +13,34 @@ import org.springframework.security.web.authentication.SimpleUrlAuthenticationFa
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;

+@Slf4j
 public class CustomOAuth2AuthenticationFailureHandler
        extends SimpleUrlAuthenticationFailureHandler {

-    private static final Logger logger =
-            LoggerFactory.getLogger(CustomOAuth2AuthenticationFailureHandler.class);
-
    @Override
    public void onAuthenticationFailure(
            HttpServletRequest request,
            HttpServletResponse response,
            AuthenticationException exception)
            throws IOException, ServletException {
+
+        if (exception instanceof BadCredentialsException) {
+            log.error("BadCredentialsException", exception);
+            getRedirectStrategy().sendRedirect(request, response, "/login?error=badcredentials");
+            return;
+        }
+        if (exception instanceof DisabledException) {
+            log.error("User is deactivated: ", exception);
+            getRedirectStrategy().sendRedirect(request, response, "/logout?userIsDisabled=true");
+            return;
+        }
+        if (exception instanceof LockedException) {
+            log.error("Account locked: ", exception);
+            getRedirectStrategy().sendRedirect(request, response, "/logout?error=locked");
+            return;
+        }
        if (exception instanceof OAuth2AuthenticationException) {
            OAuth2Error error = ((OAuth2AuthenticationException) exception).getError();

@@ -34,17 +49,13 @@ public class CustomOAuth2AuthenticationFailureHandler
            if (error.getErrorCode().equals("Password must not be null")) {
                errorCode = "userAlreadyExistsWeb";
            }
-            logger.error("OAuth2 Authentication error: " + errorCode);
+            log.error("OAuth2 Authentication error: " + errorCode);
+            log.error("OAuth2AuthenticationException", exception);
            getRedirectStrategy()
                    .sendRedirect(request, response, "/logout?erroroauth=" + errorCode);
            return;
-        } else if (exception instanceof LockedException) {
-            logger.error("Account locked: ", exception);
-            getRedirectStrategy().sendRedirect(request, response, "/logout?error=locked");
-            return;
-        } else {
-            logger.error("Unhandled authentication exception", exception);
-            super.onAuthenticationFailure(request, response, exception);
        }
+        log.error("Unhandled authentication exception", exception);
+        super.onAuthenticationFailure(request, response, exception);
    }
 }
--- a/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2AuthenticationSuccessHandler.java
+++ b/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2AuthenticationSuccessHandler.java
@@ -2,10 +2,9 @@ package stirling.software.SPDF.config.security.oauth2;

 import java.io.IOException;

-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.LockedException;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.savedrequest.SavedRequest;
@@ -26,9 +25,6 @@ public class CustomOAuth2AuthenticationSuccessHandler

    private LoginAttemptService loginAttemptService;

-    private static final Logger logger =
-            LoggerFactory.getLogger(CustomOAuth2AuthenticationSuccessHandler.class);
-
    private ApplicationProperties applicationProperties;
    private UserService userService;

@@ -46,23 +42,32 @@ public class CustomOAuth2AuthenticationSuccessHandler
            HttpServletRequest request, HttpServletResponse response, Authentication authentication)
            throws ServletException, IOException {

+        Object principal = authentication.getPrincipal();
+        String username = "";
+
+        if (principal instanceof OAuth2User) {
+            OAuth2User oauthUser = (OAuth2User) principal;
+            username = oauthUser.getName();
+        } else if (principal instanceof UserDetails) {
+            UserDetails oauthUser = (UserDetails) principal;
+            username = oauthUser.getUsername();
+        }
+
        // Get the saved request
        HttpSession session = request.getSession(false);
+        String contextPath = request.getContextPath();
        SavedRequest savedRequest =
                (session != null)
                        ? (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST")
                        : null;

        if (savedRequest != null
-                && !RequestUriUtils.isStaticResource(savedRequest.getRedirectUrl())) {
+                && !RequestUriUtils.isStaticResource(contextPath, savedRequest.getRedirectUrl())) {
            // Redirect to the original destination
            super.onAuthenticationSuccess(request, response, authentication);
        } else {
-            OAuth2User oauthUser = (OAuth2User) authentication.getPrincipal();
            OAUTH2 oAuth = applicationProperties.getSecurity().getOAUTH2();

-            String username = oauthUser.getName();
-
            if (loginAttemptService.isBlocked(username)) {
                if (session != null) {
                    session.removeAttribute("SPRING_SECURITY_SAVED_REQUEST");
@@ -75,18 +80,23 @@ public class CustomOAuth2AuthenticationSuccessHandler
                    && !userService.isAuthenticationTypeByUsername(
                            username, AuthenticationType.OAUTH2)
                    && oAuth.getAutoCreateUser()) {
-                response.sendRedirect(
-                        request.getContextPath() + "/logout?oauth2AuthenticationErrorWeb=true");
+                response.sendRedirect(contextPath + "/logout?oauth2AuthenticationErrorWeb=true");
                return;
-            } else {
-                try {
-                    userService.processOAuth2PostLogin(username, oAuth.getAutoCreateUser());
-                    response.sendRedirect("/");
-                    return;
-                } catch (IllegalArgumentException e) {
-                    response.sendRedirect("/logout?invalidUsername=true");
+            }
+            try {
+                if (oAuth.getBlockRegistration()
+                        && !userService.usernameExistsIgnoreCase(username)) {
+                    response.sendRedirect(contextPath + "/logout?oauth2_admin_blocked_user=true");
                    return;
                }
+                if (principal instanceof OAuth2User) {
+                    userService.processOAuth2PostLogin(username, oAuth.getAutoCreateUser());
+                }
+                response.sendRedirect(contextPath + "/");
+                return;
+            } catch (IllegalArgumentException e) {
+                response.sendRedirect(contextPath + "/logout?invalidUsername=true");
+                return;
            }
        }
    }
--- a/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2LogoutSuccessHandler.java
+++ b/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2LogoutSuccessHandler.java
@@ -2,33 +2,26 @@ package stirling.software.SPDF.config.security.oauth2;

 import java.io.IOException;

-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.session.SessionRegistry;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;

 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import jakarta.servlet.http.HttpSession;
+import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.ApplicationProperties;
 import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
 import stirling.software.SPDF.model.Provider;
+import stirling.software.SPDF.model.provider.UnsupportedProviderException;
 import stirling.software.SPDF.utils.UrlUtils;

+@Slf4j
 public class CustomOAuth2LogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {

-    private static final Logger logger =
-            LoggerFactory.getLogger(CustomOAuth2LogoutSuccessHandler.class);
-
-    private final SessionRegistry sessionRegistry;
    private final ApplicationProperties applicationProperties;

-    public CustomOAuth2LogoutSuccessHandler(
-            ApplicationProperties applicationProperties, SessionRegistry sessionRegistry) {
-        this.sessionRegistry = sessionRegistry;
+    public CustomOAuth2LogoutSuccessHandler(ApplicationProperties applicationProperties) {
        this.applicationProperties = applicationProperties;
    }

@@ -41,6 +34,15 @@ public class CustomOAuth2LogoutSuccessHandler extends SimpleUrlLogoutSuccessHand
        String issuer = null;
        String clientId = null;

+        if (authentication == null) {
+            if (request.getParameter("userIsDisabled") != null) {
+                response.sendRedirect(
+                        request.getContextPath() + "/login?erroroauth=userIsDisabled");
+            } else {
+                super.onLogoutSuccess(request, response, authentication);
+            }
+            return;
+        }
        OAUTH2 oauth = applicationProperties.getSecurity().getOAUTH2();

        if (authentication instanceof OAuth2AuthenticationToken) {
@@ -51,37 +53,34 @@ public class CustomOAuth2LogoutSuccessHandler extends SimpleUrlLogoutSuccessHand
                Provider provider = oauth.getClient().get(registrationId);
                issuer = provider.getIssuer();
                clientId = provider.getClientId();
-            } catch (Exception e) {
-                e.printStackTrace();
+            } catch (UnsupportedProviderException e) {
+                log.error(e.getMessage());
            }
-
        } else {
            registrationId = oauth.getProvider() != null ? oauth.getProvider() : "";
            issuer = oauth.getIssuer();
            clientId = oauth.getClientId();
        }
-
+        String errorMessage = "";
        if (request.getParameter("oauth2AuthenticationErrorWeb") != null) {
            param = "erroroauth=oauth2AuthenticationErrorWeb";
-        } else if (request.getParameter("error") != null) {
-            param = "error=" + request.getParameter("error");
-        } else if (request.getParameter("erroroauth") != null) {
-            param = "erroroauth=" + request.getParameter("erroroauth");
+        } else if ((errorMessage = request.getParameter("error")) != null) {
+            param = "error=" + sanitizeInput(errorMessage);
+        } else if ((errorMessage = request.getParameter("erroroauth")) != null) {
+            param = "erroroauth=" + sanitizeInput(errorMessage);
        } else if (request.getParameter("oauth2AutoCreateDisabled") != null) {
            param = "error=oauth2AutoCreateDisabled";
+        } else if (request.getParameter("oauth2_admin_blocked_user") != null) {
+            param = "erroroauth=oauth2_admin_blocked_user";
+        } else if (request.getParameter("userIsDisabled") != null) {
+            param = "erroroauth=userIsDisabled";
+        } else if (request.getParameter("badcredentials") != null) {
+            param = "error=badcredentials";
        }

        String redirect_url = UrlUtils.getOrigin(request) + "/login?" + param;

-        HttpSession session = request.getSession(false);
-        if (session != null) {
-            String sessionId = session.getId();
-            sessionRegistry.removeSessionInformation(sessionId);
-            session.invalidate();
-            logger.info("Session invalidated: " + sessionId);
-        }
-
-        switch (registrationId) {
+        switch (registrationId.toLowerCase()) {
            case "keycloak":
                // Add Keycloak specific logout URL if needed
                String logoutUrl =
@@ -91,13 +90,13 @@ public class CustomOAuth2LogoutSuccessHandler extends SimpleUrlLogoutSuccessHand
                                + clientId
                                + "&post_logout_redirect_uri="
                                + response.encodeRedirectURL(redirect_url);
-                logger.info("Redirecting to Keycloak logout URL: " + logoutUrl);
+                log.info("Redirecting to Keycloak logout URL: " + logoutUrl);
                response.sendRedirect(logoutUrl);
                break;
            case "github":
                // Add GitHub specific logout URL if needed
                String githubLogoutUrl = "https://github.com/logout";
-                logger.info("Redirecting to GitHub logout URL: " + githubLogoutUrl);
+                log.info("Redirecting to GitHub logout URL: " + githubLogoutUrl);
                response.sendRedirect(githubLogoutUrl);
                break;
            case "google":
@@ -105,14 +104,19 @@ public class CustomOAuth2LogoutSuccessHandler extends SimpleUrlLogoutSuccessHand
                // String googleLogoutUrl =
                // "https://accounts.google.com/Logout?continue=https://appengine.google.com/_ah/logout?continue="
                //                 + response.encodeRedirectURL(redirect_url);
-                // logger.info("Redirecting to Google logout URL: " + googleLogoutUrl);
+                log.info("Google does not have a specific logout URL");
+                // log.info("Redirecting to Google logout URL: " + googleLogoutUrl);
                // response.sendRedirect(googleLogoutUrl);
                // break;
            default:
-                String redirectUrl = request.getContextPath() + "/login?" + param;
-                logger.info("Redirecting to default logout URL: " + redirectUrl);
-                response.sendRedirect(redirectUrl);
+                String defaultRedirectUrl = request.getContextPath() + "/login?" + param;
+                log.info("Redirecting to default logout URL: " + defaultRedirectUrl);
+                response.sendRedirect(defaultRedirectUrl);
                break;
        }
    }
+
+    private String sanitizeInput(String input) {
+        return input.replaceAll("[^a-zA-Z0-9 ]", "");
+    }
 }
--- a/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2UserService.java
+++ b/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2UserService.java
@@ -16,6 +16,8 @@ import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import stirling.software.SPDF.config.security.LoginAttemptService;
 import stirling.software.SPDF.config.security.UserService;
 import stirling.software.SPDF.model.ApplicationProperties;
+import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
+import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2.Client;
 import stirling.software.SPDF.model.User;

 public class CustomOAuth2UserService implements OAuth2UserService<OidcUserRequest, OidcUser> {
@@ -41,11 +43,27 @@ public class CustomOAuth2UserService implements OAuth2UserService<OidcUserReques

    @Override
    public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
-        String usernameAttribute =
-                applicationProperties.getSecurity().getOAUTH2().getUseAsUsername();
+        OAUTH2 oauth2 = applicationProperties.getSecurity().getOAUTH2();
+        String usernameAttribute = oauth2.getUseAsUsername();
+        if (usernameAttribute == null || usernameAttribute.trim().isEmpty()) {
+            Client client = oauth2.getClient();
+            if (client != null && client.getKeycloak() != null) {
+                usernameAttribute = client.getKeycloak().getUseAsUsername();
+            } else {
+                usernameAttribute = "email";
+            }
+        }
+
        try {
            OidcUser user = delegate.loadUser(userRequest);
            String username = user.getUserInfo().getClaimAsString(usernameAttribute);
+
+            // Check if the username claim is null or empty
+            if (username == null || username.trim().isEmpty()) {
+                throw new IllegalArgumentException(
+                        "Claim '" + usernameAttribute + "' cannot be null or empty");
+            }
+
            Optional<User> duser = userService.findByUsernameIgnoreCase(username);
            if (duser.isPresent()) {
                if (loginAttemptService.isBlocked(username)) {
@@ -56,13 +74,14 @@ public class CustomOAuth2UserService implements OAuth2UserService<OidcUserReques
                    throw new IllegalArgumentException("Password must not be null");
                }
            }
+
            // Return a new OidcUser with adjusted attributes
            return new DefaultOidcUser(
                    user.getAuthorities(),
                    userRequest.getIdToken(),
                    user.getUserInfo(),
                    usernameAttribute);
-        } catch (java.lang.IllegalArgumentException e) {
+        } catch (IllegalArgumentException e) {
            logger.error("Error loading OIDC user: {}", e.getMessage());
            throw new OAuth2AuthenticationException(new OAuth2Error(e.getMessage()), e);
        } catch (Exception e) {
--- a/src/main/java/stirling/software/SPDF/config/security/session/CustomHttpSessionListener.java
+++ b/src/main/java/stirling/software/SPDF/config/security/session/CustomHttpSessionListener.java
@@ -0,0 +1,26 @@
+package stirling.software.SPDF.config.security.session;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import jakarta.servlet.http.HttpSessionEvent;
+import jakarta.servlet.http.HttpSessionListener;
+import lombok.extern.slf4j.Slf4j;
+
+@Component
+@Slf4j
+public class CustomHttpSessionListener implements HttpSessionListener {
+
+    @Autowired private SessionPersistentRegistry sessionPersistentRegistry;
+
+    @Override
+    public void sessionCreated(HttpSessionEvent se) {
+        log.info("Session created: " + se.getSession().getId());
+    }
+
+    @Override
+    public void sessionDestroyed(HttpSessionEvent se) {
+        log.info("Session destroyed: " + se.getSession().getId());
+        sessionPersistentRegistry.expireSession(se.getSession().getId());
+    }
+}
--- a/src/main/java/stirling/software/SPDF/config/security/session/SessionPersistentRegistry.java
+++ b/src/main/java/stirling/software/SPDF/config/security/session/SessionPersistentRegistry.java
@@ -0,0 +1,183 @@
+package stirling.software.SPDF.config.security.session;
+
+import java.time.Duration;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.Date;
+import java.util.List;
+import java.util.Optional;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.core.session.SessionInformation;
+import org.springframework.security.core.session.SessionRegistry;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.stereotype.Component;
+
+import jakarta.transaction.Transactional;
+import stirling.software.SPDF.model.SessionEntity;
+
+@Component
+public class SessionPersistentRegistry implements SessionRegistry {
+
+    private final SessionRepository sessionRepository;
+
+    @Value("${server.servlet.session.timeout:30m}")
+    private Duration defaultMaxInactiveInterval;
+
+    public SessionPersistentRegistry(SessionRepository sessionRepository) {
+        this.sessionRepository = sessionRepository;
+    }
+
+    @Override
+    public List<Object> getAllPrincipals() {
+        List<SessionEntity> sessions = sessionRepository.findAll();
+        List<Object> principals = new ArrayList<>();
+        for (SessionEntity session : sessions) {
+            principals.add(session.getPrincipalName());
+        }
+        return principals;
+    }
+
+    @Override
+    public List<SessionInformation> getAllSessions(
+            Object principal, boolean includeExpiredSessions) {
+        List<SessionInformation> sessionInformations = new ArrayList<>();
+        String principalName = null;
+
+        if (principal instanceof UserDetails) {
+            principalName = ((UserDetails) principal).getUsername();
+        } else if (principal instanceof OAuth2User) {
+            principalName = ((OAuth2User) principal).getName();
+        } else if (principal instanceof String) {
+            principalName = (String) principal;
+        }
+
+        if (principalName != null) {
+            List<SessionEntity> sessionEntities =
+                    sessionRepository.findByPrincipalName(principalName);
+            for (SessionEntity sessionEntity : sessionEntities) {
+                if (includeExpiredSessions || !sessionEntity.isExpired()) {
+                    sessionInformations.add(
+                            new SessionInformation(
+                                    sessionEntity.getPrincipalName(),
+                                    sessionEntity.getSessionId(),
+                                    sessionEntity.getLastRequest()));
+                }
+            }
+        }
+        return sessionInformations;
+    }
+
+    @Override
+    @Transactional
+    public void registerNewSession(String sessionId, Object principal) {
+        String principalName = null;
+
+        if (principal instanceof UserDetails) {
+            principalName = ((UserDetails) principal).getUsername();
+        } else if (principal instanceof OAuth2User) {
+            principalName = ((OAuth2User) principal).getName();
+        } else if (principal instanceof String) {
+            principalName = (String) principal;
+        }
+
+        if (principalName != null) {
+            SessionEntity sessionEntity = new SessionEntity();
+            sessionEntity.setSessionId(sessionId);
+            sessionEntity.setPrincipalName(principalName);
+            sessionEntity.setLastRequest(new Date()); // Set lastRequest to the current date
+            sessionEntity.setExpired(false);
+            sessionRepository.save(sessionEntity);
+        }
+    }
+
+    @Override
+    @Transactional
+    public void removeSessionInformation(String sessionId) {
+        sessionRepository.deleteById(sessionId);
+    }
+
+    @Override
+    @Transactional
+    public void refreshLastRequest(String sessionId) {
+        Optional<SessionEntity> sessionEntityOpt = sessionRepository.findById(sessionId);
+        if (sessionEntityOpt.isPresent()) {
+            SessionEntity sessionEntity = sessionEntityOpt.get();
+            sessionEntity.setLastRequest(new Date()); // Update lastRequest to the current date
+            sessionRepository.save(sessionEntity);
+        }
+    }
+
+    @Override
+    public SessionInformation getSessionInformation(String sessionId) {
+        Optional<SessionEntity> sessionEntityOpt = sessionRepository.findById(sessionId);
+        if (sessionEntityOpt.isPresent()) {
+            SessionEntity sessionEntity = sessionEntityOpt.get();
+            return new SessionInformation(
+                    sessionEntity.getPrincipalName(),
+                    sessionEntity.getSessionId(),
+                    sessionEntity.getLastRequest());
+        }
+        return null;
+    }
+
+    // Retrieve all non-expired sessions
+    public List<SessionEntity> getAllSessionsNotExpired() {
+        return sessionRepository.findByExpired(false);
+    }
+
+    // Retrieve all sessions
+    public List<SessionEntity> getAllSessions() {
+        return sessionRepository.findAll();
+    }
+
+    // Mark a session as expired
+    public void expireSession(String sessionId) {
+        Optional<SessionEntity> sessionEntityOpt = sessionRepository.findById(sessionId);
+        if (sessionEntityOpt.isPresent()) {
+            SessionEntity sessionEntity = sessionEntityOpt.get();
+            sessionEntity.setExpired(true); // Set expired to true
+            sessionRepository.save(sessionEntity);
+        }
+    }
+
+    // Get the maximum inactive interval for sessions
+    public int getMaxInactiveInterval() {
+        return (int) defaultMaxInactiveInterval.getSeconds();
+    }
+
+    // Retrieve a session entity by session ID
+    public SessionEntity getSessionEntity(String sessionId) {
+        return sessionRepository.findBySessionId(sessionId);
+    }
+
+    // Update session details by principal name
+    public void updateSessionByPrincipalName(
+            String principalName, boolean expired, Date lastRequest) {
+        sessionRepository.saveByPrincipalName(expired, lastRequest, principalName);
+    }
+
+    // Find the latest session for a given principal name
+    public Optional<SessionEntity> findLatestSession(String principalName) {
+        List<SessionEntity> allSessions = sessionRepository.findByPrincipalName(principalName);
+        if (allSessions.isEmpty()) {
+            return Optional.empty();
+        }
+
+        // Sort sessions by lastRequest in descending order
+        Collections.sort(
+                allSessions,
+                new Comparator<SessionEntity>() {
+                    @Override
+                    public int compare(SessionEntity s1, SessionEntity s2) {
+                        // Sort by lastRequest in descending order
+                        return s2.getLastRequest().compareTo(s1.getLastRequest());
+                    }
+                });
+
+        // The first session in the list is the latest session for the given principal name
+        return Optional.of(allSessions.get(0));
+    }
+}
--- a/src/main/java/stirling/software/SPDF/config/security/session/SessionRegistryConfig.java
+++ b/src/main/java/stirling/software/SPDF/config/security/session/SessionRegistryConfig.java
@@ -0,0 +1,20 @@
+package stirling.software.SPDF.config.security.session;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.core.session.SessionRegistryImpl;
+
+@Configuration
+public class SessionRegistryConfig {
+
+    @Bean
+    public SessionRegistryImpl sessionRegistry() {
+        return new SessionRegistryImpl();
+    }
+
+    @Bean
+    public SessionPersistentRegistry sessionPersistentRegistry(
+            SessionRepository sessionRepository) {
+        return new SessionPersistentRegistry(sessionRepository);
+    }
+}
--- a/src/main/java/stirling/software/SPDF/config/security/session/SessionRepository.java
+++ b/src/main/java/stirling/software/SPDF/config/security/session/SessionRepository.java
@@ -0,0 +1,31 @@
+package stirling.software.SPDF.config.security.session;
+
+import java.util.Date;
+import java.util.List;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Modifying;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+import org.springframework.stereotype.Repository;
+
+import jakarta.transaction.Transactional;
+import stirling.software.SPDF.model.SessionEntity;
+
+@Repository
+public interface SessionRepository extends JpaRepository<SessionEntity, String> {
+    List<SessionEntity> findByPrincipalName(String principalName);
+
+    List<SessionEntity> findByExpired(boolean expired);
+
+    SessionEntity findBySessionId(String sessionId);
+
+    @Modifying
+    @Transactional
+    @Query(
+            "UPDATE SessionEntity s SET s.expired = :expired, s.lastRequest = :lastRequest WHERE s.principalName = :principalName")
+    void saveByPrincipalName(
+            @Param("expired") boolean expired,
+            @Param("lastRequest") Date lastRequest,
+            @Param("principalName") String principalName);
+}
--- a/src/main/java/stirling/software/SPDF/config/security/session/SessionScheduled.java
+++ b/src/main/java/stirling/software/SPDF/config/security/session/SessionScheduled.java
@@ -0,0 +1,35 @@
+package stirling.software.SPDF.config.security.session;
+
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.Date;
+import java.util.List;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.scheduling.annotation.Scheduled;
+import org.springframework.security.core.session.SessionInformation;
+import org.springframework.stereotype.Component;
+
+@Component
+public class SessionScheduled {
+    @Autowired private SessionPersistentRegistry sessionPersistentRegistry;
+
+    @Scheduled(cron = "0 0/5 * * * ?")
+    public void expireSessions() {
+        Instant now = Instant.now();
+
+        for (Object principal : sessionPersistentRegistry.getAllPrincipals()) {
+            List<SessionInformation> sessionInformations =
+                    sessionPersistentRegistry.getAllSessions(principal, false);
+            for (SessionInformation sessionInformation : sessionInformations) {
+                Date lastRequest = sessionInformation.getLastRequest();
+                int maxInactiveInterval = sessionPersistentRegistry.getMaxInactiveInterval();
+                Instant expirationTime =
+                        lastRequest.toInstant().plus(maxInactiveInterval, ChronoUnit.SECONDS);
+                if (now.isAfter(expirationTime)) {
+                    sessionPersistentRegistry.expireSession(sessionInformation.getSessionId());
+                }
+            }
+        }
+    }
+}
--- a/src/main/java/stirling/software/SPDF/controller/api/DatabaseController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/DatabaseController.java
@@ -0,0 +1,144 @@
+package stirling.software.SPDF.controller.api;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.StandardCopyOption;
+
+import org.eclipse.jetty.http.HttpStatus;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.InputStreamResource;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.multipart.MultipartFile;
+import org.springframework.web.servlet.mvc.support.RedirectAttributes;
+
+import io.swagger.v3.oas.annotations.Hidden;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import lombok.extern.slf4j.Slf4j;
+import stirling.software.SPDF.config.security.database.DatabaseBackupHelper;
+
+@Slf4j
+@Controller
+@RequestMapping("/api/v1/database")
+@PreAuthorize("hasRole('ROLE_ADMIN')")
+@Tag(name = "Database", description = "Database APIs")
+public class DatabaseController {
+
+    @Autowired DatabaseBackupHelper databaseBackupHelper;
+
+    @Hidden
+    @PostMapping(consumes = "multipart/form-data", value = "import-database")
+    @Operation(
+            summary = "Import database backup",
+            description = "This endpoint imports a database backup from a SQL file.")
+    public String importDatabase(
+            @RequestParam("fileInput") MultipartFile file, RedirectAttributes redirectAttributes)
+            throws IllegalArgumentException, IOException {
+        if (file == null || file.isEmpty()) {
+            redirectAttributes.addAttribute("error", "fileNullOrEmpty");
+            return "redirect:/database";
+        }
+        log.info("Received file: {}", file.getOriginalFilename());
+        Path tempTemplatePath = Files.createTempFile("backup_", ".sql");
+        try (InputStream in = file.getInputStream()) {
+            Files.copy(in, tempTemplatePath, StandardCopyOption.REPLACE_EXISTING);
+            boolean importSuccess = databaseBackupHelper.importDatabaseFromUI(tempTemplatePath);
+            if (importSuccess) {
+                redirectAttributes.addAttribute("infoMessage", "importIntoDatabaseSuccessed");
+            } else {
+                redirectAttributes.addAttribute("error", "failedImportFile");
+            }
+        } catch (Exception e) {
+            log.error("Error importing database: {}", e.getMessage());
+            redirectAttributes.addAttribute("error", "failedImportFile");
+        }
+        return "redirect:/database";
+    }
+
+    @Hidden
+    @GetMapping("/import-database-file/{fileName}")
+    public String importDatabaseFromBackupUI(@PathVariable String fileName)
+            throws IllegalArgumentException, IOException {
+        if (fileName == null || fileName.isEmpty()) {
+            return "redirect:/database?error=fileNullOrEmpty";
+        }
+
+        // Check if the file exists in the backup list
+        boolean fileExists =
+                databaseBackupHelper.getBackupList().stream()
+                        .anyMatch(backup -> backup.getFileName().equals(fileName));
+        if (!fileExists) {
+            log.error("File {} not found in backup list", fileName);
+            return "redirect:/database?error=fileNotFound";
+        }
+        log.info("Received file: {}", fileName);
+        if (databaseBackupHelper.importDatabaseFromUI(fileName)) {
+            log.info("File {} imported to database", fileName);
+            return "redirect:/database?infoMessage=importIntoDatabaseSuccessed";
+        }
+        return "redirect:/database?error=failedImportFile";
+    }
+
+    @Hidden
+    @GetMapping("/delete/{fileName}")
+    @Operation(
+            summary = "Delete a database backup file",
+            description =
+                    "This endpoint deletes a database backup file with the specified file name.")
+    public String deleteFile(@PathVariable String fileName) {
+        if (fileName == null || fileName.isEmpty()) {
+            throw new IllegalArgumentException("File must not be null or empty");
+        }
+        try {
+            if (databaseBackupHelper.deleteBackupFile(fileName)) {
+                log.info("Deleted file: {}", fileName);
+            } else {
+                log.error("Failed to delete file: {}", fileName);
+                return "redirect:/database?error=failedToDeleteFile";
+            }
+        } catch (IOException e) {
+            log.error("Error deleting file: {}", e.getMessage());
+            return "redirect:/database?error=" + e.getMessage();
+        }
+        return "redirect:/database";
+    }
+
+    @Hidden
+    @GetMapping("/download/{fileName}")
+    @Operation(
+            summary = "Download a database backup file",
+            description =
+                    "This endpoint downloads a database backup file with the specified file name.")
+    public ResponseEntity<?> downloadFile(@PathVariable String fileName) {
+        if (fileName == null || fileName.isEmpty()) {
+            throw new IllegalArgumentException("File must not be null or empty");
+        }
+        try {
+            Path filePath = databaseBackupHelper.getBackupFilePath(fileName);
+            InputStreamResource resource = new InputStreamResource(Files.newInputStream(filePath));
+            return ResponseEntity.ok()
+                    .header(HttpHeaders.CONTENT_DISPOSITION, "attachment;filename=" + fileName)
+                    .contentType(MediaType.APPLICATION_OCTET_STREAM)
+                    .contentLength(Files.size(filePath))
+                    .body(resource);
+        } catch (IOException e) {
+            log.error("Error downloading file: {}", e.getMessage());
+            return ResponseEntity.status(HttpStatus.SEE_OTHER_303)
+                    .location(URI.create("/database?error=downloadFailed"))
+                    .build();
+        }
+    }
+}
--- a/Show More
+++ b/Show More