Merge branch 'master' into gnous

2022-02-16 09:40:41 +01:00 · 2022-02-16 09:40:41 +01:00 · 7ab96b5e3d
commit 7ab96b5e3d
parent a04e3de161 89fdd1986d
86 changed files with 3174 additions and 2394 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -28,6 +28,7 @@ steps:
  when:
    branch:
    - master
    - staging
    event:
    - push
@ -39,6 +40,7 @@ steps:
  when:
    branch:
    - master
    - staging
    event:
    - push
@ -55,6 +57,7 @@ steps:
  when:
    branch:
    - master
    - staging
    event:
    - push
@ -71,6 +74,7 @@ steps:
  when:
    branch:
    - master
    - staging
    event:
    - push
@ -86,6 +90,7 @@ steps:
  when:
    branch:
    - master
    - staging
    event:
    - push
@ -101,6 +106,7 @@ steps:
  when:
    branch:
    - master
    - staging
    event:
    - push
    status:
@ -109,6 +115,6 @@ steps:
 ---
 kind: signature
-hmac: 78793b0d115828cf74f6dbac3341205c6d48ef2e59661529f3412f2fac3831a9
+hmac: f6619243fe2a27563291c9f2a46d93ffbc3b6dced9a05f23e64b555ce03a31e5
 ...
--- a/.github/workflows/close_old_issues_and_prs.yml
+++ b/.github/workflows/close_old_issues_and_prs.yml
@ -25,10 +25,11 @@ jobs:
          stale-pr-message: >
            This pull request has been automatically marked as stale because it has not had
            recent activity. It will be closed if no further activity occurs.
-          exempt-issue-labels: "pinned,security,enhancement,investigating"
+          exempt-issue-labels: "pinned,security,enhancement,investigating,neverstale"
-          exempt-pr-labels: "pinned,security,enhancement,investigating"
+          exempt-pr-labels: "pinned,security,enhancement,investigating,neverstale"
          stale-issue-label: "stale"
          stale-pr-label: "stale"
          exempt-draft-pr: "true"
          operations-per-run: "250"
          ascending: "true"
          #DRY-RUN
--- a/.gitignore
+++ b/.gitignore
@ -56,6 +56,7 @@ data/web/templates/cache/*
 data/web/.well-known/acme-challenge
 data/web/css/build/0081-custom-mailcow.css
 data/web/inc/vars.local.inc.php
 data/web/inc/app_info.inc.php
 data/web/nextcloud*/
 data/web/rc*/
 docker-compose.override.yml
--- a/README.md
+++ b/README.md
@ -1,4 +1,6 @@
 # mailcow: dockerized - 🐮 + 🐋 = 💕
 [![master build status](https://img.shields.io/drone/build/mailcow/mailcow-dockerized/master?label=master%20build&server=https%3A%2F%2Fdrone.mailcow.email)](https://drone.mailcow.email/mailcow/mailcow-dockerized) [![staging build status](https://img.shields.io/drone/build/mailcow/mailcow-dockerized/staging?label=staging%20build&server=https%3A%2F%2Fdrone.mailcow.email)](https://drone.mailcow.email/mailcow/mailcow-dockerized) [![Translation status](https://translate.mailcow.email/widgets/mailcow-dockerized/-/translation/svg-badge.svg)](https://translate.mailcow.email/engage/mailcow-dockerized/)
 [![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/mailcow_email.svg?style=social&label=Follow%20%40mailcow_email)](https://twitter.com/mailcow_email)
 ## Want to support mailcow?
@ -22,6 +24,8 @@ Please see [the official documentation](https://mailcow.github.io/mailcow-docker
 [Telegram mailcow Off-Topic channel](https://t.me/mailcowOfftopic)
 [Official Twitter Account](https://twitter.com/mailcow_email)
 Telegram desktop clients are available for [multiple platforms](https://desktop.telegram.org). You can search the groups history for keywords.
 ## Misc
--- a/data/Dockerfiles/acme/Dockerfile
+++ b/data/Dockerfiles/acme/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:3.14
+FROM alpine:3.15
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
--- a/data/Dockerfiles/acme/obtain-certificate.sh
+++ b/data/Dockerfiles/acme/obtain-certificate.sh
@ -80,7 +80,7 @@ fi
 printf "[SAN]\nsubjectAltName=" > /tmp/_SAN
 printf "DNS:%s," "${CERT_DOMAINS[@]}" >> /tmp/_SAN
 sed -i '$s/,$//' /tmp/_SAN
-openssl req -new -sha256 -key ${KEY} -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf /tmp/_SAN) > ${CSR}
+openssl req -new -sha256 -key ${KEY} -subj "/" -reqexts SAN -config <(cat "$(openssl version -d | sed 's/.*"\(.*\)"/\1/g')/openssl.cnf" /tmp/_SAN) > ${CSR}
 # acme-tiny writes info to stderr and ceritifcate to stdout
 # The redirects will do the following:
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@ -1,9 +1,8 @@
-FROM debian:buster-slim
+FROM debian:bullseye-slim
 LABEL maintainer "André Peters <andre.peters@servercow.de>"
-ARG CLAMAV=0.103.3
+ARG CLAMAV=0.103.5
 RUN apt-get update && apt-get install -y --no-install-recommends \
  ca-certificates \
  zlib1g-dev \
--- a/data/Dockerfiles/dockerapi/Dockerfile
+++ b/data/Dockerfiles/dockerapi/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:3.14
+FROM alpine:3.15
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@ -2,7 +2,7 @@ FROM debian:buster-slim
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 ARG DEBIAN_FRONTEND=noninteractive
-ARG DOVECOT=2.3.16
+ARG DOVECOT=2.3.17.1
 ENV LC_ALL C
 ENV GOSU_VERSION 1.12
--- a/data/Dockerfiles/netfilter/Dockerfile
+++ b/data/Dockerfiles/netfilter/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:3.14
+FROM alpine:3.15
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 ENV XTABLES_LIBDIR /usr/lib/xtables
@ -13,10 +13,11 @@ RUN apk add --virtual .build-deps \
 && apk add -U python3 \
  iptables \
  ip6tables \
  xtables-addons \
  tzdata \
  py3-pip \
  musl-dev \
-&& pip3 install --upgrade pip \
+&& pip3 install --ignore-installed --upgrade pip \
  python-iptables \
  redis \
  ipaddress \
--- a/data/Dockerfiles/olefy/Dockerfile
+++ b/data/Dockerfiles/olefy/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:3.14
+FROM alpine:3.15
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 WORKDIR /app
@ -12,7 +12,7 @@ RUN apk add --virtual .build-deps gcc musl-dev python3-dev libffi-dev openssl-de
  && apk del .build-deps
 #  && sed -i 's/decompress_stream(bytearray(compressed_code))/bytes2str(decompress_stream(bytearray(compressed_code)))/g' /usr/lib/python3.8/site-packages/oletools/olevba.py
-ADD https://raw.githubusercontent.com/HeinleinSupport/olefy/master/olefy.py /app/
+ADD olefy.py /app/
 RUN chown -R nobody:nobody /app /tmp
--- a/data/Dockerfiles/olefy/olefy.py
+++ b/data/Dockerfiles/olefy/olefy.py
@ -0,0 +1,220 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 # Copyright (c) 2020, Dennis Kalbhen <d.kalbhen@heinlein-support.de>
 # Copyright (c) 2020, Carsten Rosenberg <c.rosenberg@heinlein-support.de>
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ###
 #
 #  olefy is a little helper socket to use oletools with rspamd. (https://rspamd.com)
 #  Please find updates and issues here: https://github.com/HeinleinSupport/olefy
 #
 ###
 from subprocess import Popen, PIPE
 import sys
 import os
 import logging
 import asyncio
 import time
 import magic
 import re
 # merge variables from /etc/olefy.conf and the defaults
 olefy_listen_addr_string = os.getenv('OLEFY_BINDADDRESS', '127.0.0.1,::1')
 olefy_listen_port = int(os.getenv('OLEFY_BINDPORT', '10050'))
 olefy_tmp_dir = os.getenv('OLEFY_TMPDIR', '/tmp')
 olefy_python_path = os.getenv('OLEFY_PYTHON_PATH', '/usr/bin/python3')
 olefy_olevba_path = os.getenv('OLEFY_OLEVBA_PATH', '/usr/local/bin/olevba3')
 # 10:DEBUG, 20:INFO, 30:WARNING, 40:ERROR, 50:CRITICAL
 olefy_loglvl = int(os.getenv('OLEFY_LOGLVL', 20))
 olefy_min_length = int(os.getenv('OLEFY_MINLENGTH', 500))
 olefy_del_tmp = int(os.getenv('OLEFY_DEL_TMP', 1))
 olefy_del_tmp_failed = int(os.getenv('OLEFY_DEL_TMP_FAILED', 1))
 # internal used variables
 request_time = '0000000000.000000'
 olefy_protocol = 'OLEFY'
 olefy_ping = 'PING'
 olefy_protocol_sep = '\n\n'
 olefy_headers = {}
 # init logging
 logger = logging.getLogger('olefy')
 logging.basicConfig(stream=sys.stdout, level=olefy_loglvl, format='olefy %(levelname)s %(funcName)s %(message)s')
 logger.debug('olefy listen address string: {} (type {})'.format(olefy_listen_addr_string, type(olefy_listen_addr_string)))
 if not olefy_listen_addr_string:
    olefy_listen_addr = ""
 else:
    addr_re = re.compile('[\[" \]]')
    olefy_listen_addr = addr_re.sub('', olefy_listen_addr_string.replace("'", "")).split(',')
 # log runtime variables
 logger.info('olefy listen address: {} (type: {})'.format(olefy_listen_addr, type(olefy_listen_addr)))
 logger.info('olefy listen port: {}'.format(olefy_listen_port))
 logger.info('olefy tmp dir: {}'.format(olefy_tmp_dir))
 logger.info('olefy python path: {}'.format(olefy_python_path))
 logger.info('olefy olvba path: {}'.format(olefy_olevba_path))
 logger.info('olefy log level: {}'.format(olefy_loglvl))
 logger.info('olefy min file length: {}'.format(olefy_min_length))
 logger.info('olefy delete tmp file: {}'.format(olefy_del_tmp))
 logger.info('olefy delete tmp file when failed: {}'.format(olefy_del_tmp_failed))
 if not os.path.isfile(olefy_python_path):
    logger.critical('python path not found: {}'.format(olefy_python_path))
    exit(1)
 if not os.path.isfile(olefy_olevba_path):
    logger.critical('olevba path not found: {}'.format(olefy_olevba_path))
    exit(1)
 # olefy protocol function
 def protocol_split( olefy_line ):
    header_lines = olefy_line.split('\n')
    for line in header_lines:
        if line == 'OLEFY/1.0':
            olefy_headers['olefy'] = line
        elif line != '':
            kv = line.split(': ')
            if kv[0] != '' and kv[1] != '':
                olefy_headers[kv[0]] = kv[1]
    logger.debug('olefy_headers: {}'.format(olefy_headers))
 # calling oletools
 def oletools( stream, tmp_file_name, lid ):
    if olefy_min_length > stream.__len__():
        logger.error('{} {} bytes (Not Scanning! File smaller than {!r})'.format(lid, stream.__len__(), olefy_min_length))
        out = b'[ { "error": "File too small" } ]'
    else:
        tmp_file = open(tmp_file_name, 'wb')
        tmp_file.write(stream)
        tmp_file.close()
        file_magic = magic.Magic(mime=True, uncompress=True)
        file_mime = file_magic.from_file(tmp_file_name)
        logger.info('{} {} (libmagic output)'.format(lid, file_mime))
        # do the olefy
        cmd_tmp = Popen([olefy_python_path, olefy_olevba_path, '-a', '-j' , '-l', 'error', tmp_file_name], stdout=PIPE, stderr=PIPE)
        out, err = cmd_tmp.communicate()
        out = bytes(out.decode('utf-8', 'ignore').replace('  ', ' ').replace('\t', '').replace('\n', '').replace('XLMMacroDeobfuscator: pywin32 is not installed (only is required if you want to use MS Excel)', ''), encoding="utf-8")
        failed = False
        if out.__len__() < 30:
            logger.error('{} olevba returned <30 chars - rc: {!r}, response: {!r}, error: {!r}'.format(lid,cmd_tmp.returncode, 
                out.decode('utf-8', 'ignore'), err.decode('utf-8', 'ignore')))
            out = b'[ { "error": "Unhandled error - too short olevba response" } ]'
            failed = True
        elif err.__len__() > 10 and cmd_tmp.returncode == 9:
            logger.error("{} olevba stderr >10 chars - rc: {!r}, response: {!r}".format(lid, cmd_tmp.returncode, err.decode("utf-8", "ignore")))
            out = b'[ { "error": "Decrypt failed" } ]'
            failed = True
        elif err.__len__() > 10 and cmd_tmp.returncode > 9:
            logger.error('{} olevba stderr >10 chars - rc: {!r}, response: {!r}'.format(lid, cmd_tmp.returncode, err.decode('utf-8', 'ignore')))
            out = b'[ { "error": "Unhandled oletools error" } ]'
            failed = True
        elif cmd_tmp.returncode != 0:
            logger.error('{} olevba exited with code {!r}; err: {!r}'.format(lid, cmd_tmp.returncode, err.decode('utf-8', 'ignore')))
            failed = True
        if failed and olefy_del_tmp_failed == 0:
            logger.debug('{} {} FAILED: not deleting tmp file'.format(lid, tmp_file_name))
        elif olefy_del_tmp == 1:
            logger.debug('{} {} deleting tmp file'.format(lid, tmp_file_name))
            os.remove(tmp_file_name)
    logger.debug('{} response: {}'.format(lid, out.decode('utf-8', 'ignore')))
    return out + b'\t\n\n\t'
 # Asyncio data handling, default AIO-Functions
 class AIO(asyncio.Protocol):
    def __init__(self):
        self.extra = bytearray()
    def connection_made(self, transport):
        global request_time
        peer = transport.get_extra_info('peername')
        logger.debug('{} new connection was made'.format(peer))
        self.transport = transport
        request_time = str(time.time())
    def data_received(self, request, msgid=1):
        peer = self.transport.get_extra_info('peername')
        logger.debug('{} data received from new connection'.format(peer))
        self.extra.extend(request)
    def eof_received(self):
        peer = self.transport.get_extra_info('peername')
        olefy_protocol_err = False
        proto_ck = self.extra[0:2000].decode('utf-8', 'ignore')
        headers = proto_ck[0:proto_ck.find(olefy_protocol_sep)]
        if olefy_protocol == headers[0:5]:
            self.extra = bytearray(self.extra[len(headers)+2:len(self.extra)])
            protocol_split(headers)
        else:
            olefy_protocol_err = True
        if olefy_ping == headers[0:4]:
            is_ping = True
        else:
            is_ping = False
            rspamd_id = olefy_headers['Rspamd-ID'][:6] or ''
            lid = 'Rspamd-ID' in olefy_headers and '<'+rspamd_id+'>'
            tmp_file_name = olefy_tmp_dir+'/'+request_time+'.'+str(peer[1])+'.'+rspamd_id
            logger.debug('{} {} choosen as tmp filename'.format(lid, tmp_file_name))
        if not is_ping or olefy_loglvl == 10:
            logger.info('{} {} bytes (stream size)'.format(lid, self.extra.__len__()))
        if olefy_ping == headers[0:4]:
            logger.debug('{} PING request'.format(peer))
            out = b'PONG'
        elif olefy_protocol_err == True or olefy_headers['olefy'] != 'OLEFY/1.0':
            logger.error('{} Protocol ERROR: no OLEFY/1.0 found'.format(lid))
            out = b'[ { "error": "Protocol error" } ]'
        elif 'Method' in olefy_headers:
            if olefy_headers['Method'] == 'oletools':
                out = oletools(self.extra, tmp_file_name, lid)
        else:
            logger.error('Protocol ERROR: Method header not found')
            out = b'[ { "error": "Protocol error: Method header not found" } ]'
        self.transport.write(out)
        if not is_ping or olefy_loglvl == 10:
            logger.info('{} {} response send: {!r}'.format(lid, peer, out))
        self.transport.close()
 # start the listeners
 loop = asyncio.get_event_loop()
 # each client connection will create a new protocol instance
 coro = loop.create_server(AIO, olefy_listen_addr, olefy_listen_port)
 server = loop.run_until_complete(coro)
 for sockets in server.sockets:
    logger.info('serving on {}'.format(sockets.getsockname()))
 # XXX serve requests until KeyboardInterrupt, not needed for production
 try:
    loop.run_forever()
 except KeyboardInterrupt:
    pass
 # graceful shutdown/reload
 server.close()
 loop.run_until_complete(server.wait_closed())
 loop.close()
 logger.info('stopped serving')
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@ -1,10 +1,10 @@
-FROM debian:buster-slim
+FROM debian:bullseye-slim
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 ARG DEBIAN_FRONTEND=noninteractive
 ARG SOGO_DEBIAN_REPOSITORY=http://packages.inverse.ca/SOGo/nightly/5/debian/
 ENV LC_ALL C
-ENV GOSU_VERSION 1.12
+ENV GOSU_VERSION 1.14
 # Prerequisites
 RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
@ -31,7 +31,7 @@ RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
  && mkdir /usr/share/doc/sogo \
  && touch /usr/share/doc/sogo/empty.sh \
  && apt-key adv --keyserver keyserver.ubuntu.com --recv-key 0x810273C4 \
-  && echo "deb ${SOGO_DEBIAN_REPOSITORY} buster buster" > /etc/apt/sources.list.d/sogo.list \
+  && echo "deb ${SOGO_DEBIAN_REPOSITORY} bullseye bullseye" > /etc/apt/sources.list.d/sogo.list \
  && apt-get update && apt-get install -y --no-install-recommends \
    sogo \
    sogo-activesync \
--- a/data/Dockerfiles/sogo/syslog-ng-redis_slave.conf
+++ b/data/Dockerfiles/sogo/syslog-ng-redis_slave.conf
@ -1,4 +1,4 @@
-@version: 3.19
+@version: 3.28
@include "scl.conf"
 options {
  chain_hostnames(off);
--- a/data/Dockerfiles/sogo/syslog-ng.conf
+++ b/data/Dockerfiles/sogo/syslog-ng.conf
@ -1,4 +1,4 @@
-@version: 3.19
+@version: 3.28
@include "scl.conf"
 options {
  chain_hostnames(off);
--- a/data/Dockerfiles/solr/Dockerfile
+++ b/data/Dockerfiles/solr/Dockerfile
@ -16,10 +16,15 @@ RUN dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
  tzdata \
  curl \
  bash \
  zip \
  && apt-get autoclean \
  && rm -rf /var/lib/apt/lists/* \
  && chmod +x /solr.sh \
  && sync \
  && bash /solr.sh --bootstrap
 RUN zip -q -d /opt/solr/server/lib/ext/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
 RUN apt remove zip -y  
 CMD ["/solr.sh"]
--- a/data/Dockerfiles/unbound/Dockerfile
+++ b/data/Dockerfiles/unbound/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:3.14
+FROM alpine:3.15
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
--- a/data/Dockerfiles/watchdog/Dockerfile
+++ b/data/Dockerfiles/watchdog/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:3.14
+FROM alpine:3.15
 LABEL maintainer "André Peters <andre.peters@servercow.de>"
 # Installation
--- a/data/conf/mysql/my.cnf
+++ b/data/conf/mysql/my.cnf
@ -7,7 +7,7 @@ collation-server               = utf8mb4_unicode_ci
 #innodb_large_prefix            = TRUE
 #sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
 max_allowed_packet      = 192M
-max-connections         = 350
+max-connections         = 550
 key_buffer_size         = 0
 read_buffer_size        = 192K
 sort_buffer_size        = 2M
--- a/data/conf/rspamd/local.d/mime_types.conf
+++ b/data/conf/rspamd/local.d/mime_types.conf
@ -14,7 +14,7 @@ bad_extensions = {
  ps1 = 4,
  ace = 4,
  arj = 4,
-  cab = 3,
+  cab = 20,
  vbs = 20,
  hta = 4,
  shs = 4,
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@ -77,6 +77,9 @@
    SOGoMaximumFailedLoginInterval = 900;
    SOGoFailedLoginBlockInterval = 900;
    GCSChannelCollectionTimer = 60;
    GCSChannelExpireAge = 60;
    MySQL4Encoding = "utf8mb4";
  //SOGoDebugRequests = YES;
  //SoDebugBaseURL = YES;
--- a/data/web/_status.502.html
+++ b/data/web/_status.502.html
@ -16,8 +16,9 @@
    <pre>docker-compose logs --tail=200 php-fpm-mailcow nginx-mailcow</pre>
    <p>Make sure your SQL credentials in mailcow.conf (a link to .env) do fit your initialized SQL volume. If you see an access denied, you might have the wrong mailcow.conf:</p>
    <pre>source mailcow.conf ; docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}</pre>
-    <p>In case of a previous failed installation, remove all volumes and start over (<b>NEVER</b> do this with a production system, it will remove <b>ALL</b> data):</p>
+    <p>In case of a previous failed installation, create a backup of your existing data, followed by removing all volumes and starting over (<b>NEVER</b> do this with a production system, it will remove <b>ALL</b> data):</p>
-    <pre>docker-compose down -v ; docker-compose up -d</pre>
+    <pre>BACKUP_LOCATION=/tmp/ ./helper-scripts/backup_and_restore.sh backup all</pre>
    <pre>docker-compose down --volumes ; docker-compose up -d</pre>
    <p>Make sure your timezone is correct. Use "America/New_York" for example, do not use spaces. Check <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones">here</a> for a list.</p>
    <br>Click to learn more about <a style="color:red;text-decoration:none;" href="https://mailcow.github.io/mailcow-dockerized-docs/#get-support" target="_blank">getting support.</a>
  </body>
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@ -131,6 +131,69 @@ paths:
                  type: boolean
              type: object
      summary: Create alias
  /api/v1/add/time_limited_alias:
    post:
      responses:
        "401":
          $ref: "#/components/responses/Unauthorized"
        "200":
          content:
            application/json:
              examples:
                response:
                  value:
                    - log:
                        - mailbox
                        - add
                        - time_limited_alias
                        - address: info@domain.tld
                          domain: domain.tld
                        - null
                      msg:
                        - mailbox_modified
                        - info@domain.tld
                      type: success
              schema:
                properties:
                  log:
                    description: contains request object
                    items: {}
                    type: array
                  msg:
                    items: {}
                    type: array
                  type:
                    enum:
                      - success
                      - danger
                      - error
                    type: string
                type: object
          description: OK
          headers: {}
      tags:
        - Aliases
      description: >-
        You may create a time limited alias using this action. It takes a JSON
        object containing a domain and mailbox informations.
        Mailcow will generate a random alias.
      operationId: Create time limited alias
      requestBody:
        content:
          application/json:
            schema:
              example:
                username: info@domain.tld
                domain: domain.tld
              properties:
                username:
                  description: 'the mailbox an alias should be created for'
                  type: string
                domain:
                  description: "the domain"
                  type: string
              type: object
      summary: Create time limited alias
  /api/v1/add/app-passwd:
    post:
      responses:
@ -1535,7 +1598,7 @@ paths:
                  type: string
              type: object
      summary: Create TLS Policy Map
-  /api/v1/add/transport/all:
+  /api/v1/add/transport:
    post:
      responses:
        "401":
@ -3520,6 +3583,44 @@ paths:
      description: You can list mailbox aliases existing in system.
      operationId: Get aliases
      summary: Get aliases
  "/api/v1/get/time_limited_aliases/{mailbox}":
    get:
      parameters:
        - description: mailbox you want to get aliasses from
          example: domain.tld
          in: path
          schema:
            type: string
          name: mailbox
          required: true
        - description: e.g. api-key-string
          example: api-key-string
          in: header
          name: X-API-Key
          required: false
          schema:
            type: string
      responses:
        "401":
          $ref: "#/components/responses/Unauthorized"
        "200":
          content:
            application/json:
              examples:
                response:
                  value:
                    - address: alias@domain.tld
                      goto: destination@domain.tld
                      validity: 1668251246
                      created: "2021-11-12 12:07:26"
                      modified: null
          description: OK
          headers: {}
      tags:
        - Aliases
      description: You can list time limited mailbox aliases existing in system.
      operationId: Get time limited aliases
      summary: Get time limited aliases
  "/api/v1/get/app-passwd/all/{mailbox}":
    get:
      parameters:
@ -4704,7 +4805,7 @@ paths:
            schema:
              example:
                attr:
-                  rl_vlaue: "10"
+                  rl_value: "10"
                  rl_frame: "h"
                items:
                  - info@domain.tld
@ -4714,7 +4815,7 @@ paths:
                    rl_frame:
                      description: contains the frame for the ratelimit h,s,m
                      type: string
-                    rl_vlaue:
+                    rl_value:
                      description: contains the rate for the ratelimit 10,20,50,1
                      type: number
                  type: object
@ -4775,7 +4876,7 @@ paths:
            schema:
              example:
                attr:
-                  rl_vlaue: "10"
+                  rl_value: "10"
                  rl_frame: "h"
                items:
                  - domain.tld
@ -4785,7 +4886,7 @@ paths:
                    rl_frame:
                      description: contains the frame for the ratelimit h,s,m
                      type: string
-                    rl_vlaue:
+                    rl_value:
                      description: contains the rate for the ratelimit 10,20,50,1
                      type: number
                  type: object
--- a/data/web/css/build/008-mailcow.css
+++ b/data/web/css/build/008-mailcow.css
@ -202,6 +202,11 @@ legend {
  margin-top: 27px;
  margin-bottom: 20px;
  color: #959595;
  display: flex;
  flex-direction: column;
 }
 .footer .version {
    margin-left: auto;
 }
 .slave-info {
  padding: 15px 0px 15px 15px;
--- a/data/web/inc/footer.inc.php
+++ b/data/web/inc/footer.inc.php
@ -12,16 +12,23 @@ $alertbox_log_parser = alertbox_log_parser($_SESSION);
 $alerts = [];
 if (is_array($alertbox_log_parser)) {
  foreach ($alertbox_log_parser as $log) {
-    $alerts[trim($log['type'], '"')][] = trim($log['msg'], '"');
+    $message = strtr($log['msg'], ["\n" => '', "\r" => '', "\t" => '<br>']);
    $alerts[trim($log['type'], '"')][] = trim($message, '"');
  }
  $alert = array_filter(array_unique($alerts));
  foreach($alert as $alert_type => $alert_msg) {
-    $alerts[$alert_type] = implode('<hr class="alert-hr">', $alert_msg);
+    // html breaks from mysql alerts, replace ` with '
    $alerts[$alert_type] = implode('<hr class="alert-hr">', str_replace("`", "'", $alert_msg));
  }
  unset($_SESSION['return']);
 }
 // globals
 $globalVariables = [
  'mailcow_info' => array(
    'version_tag' => $GLOBALS['MAILCOW_GIT_VERSION'],
    'git_project_url' => $GLOBALS['MAILCOW_GIT_URL']
  ),
  'js_path' => '/cache/'.basename($JSPath),
  'pending_tfa_method' => @$_SESSION['pending_tfa_method'],
  'pending_mailcow_cc_username' => @$_SESSION['pending_mailcow_cc_username'],
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@ -1140,7 +1140,6 @@ function is_valid_domain_name($domain_name) {
 function set_tfa($_data) {
  global $pdo;
  global $yubi;
  global $u2f;
  global $tfa;
  $_data_log = $_data;
  !isset($_data_log['confirm_password']) ?: $_data_log['confirm_password'] = '*';
@ -1183,6 +1182,8 @@ function set_tfa($_data) {
      return false;
    }
  }
  switch ($_data["tfa_method"]) {
    case "yubi_otp":
      $key_id = (!isset($_data["key_id"])) ? 'unidentified' : $_data["key_id"];
@ -1240,31 +1241,6 @@ function set_tfa($_data) {
        'msg' => array('object_modified', htmlspecialchars($username))
      );
    break;
    case "u2f":
      $key_id = (!isset($_data["key_id"])) ? 'unidentified' : $_data["key_id"];
      try {
        $reg = $u2f->doRegister(json_decode($_SESSION['regReq']), json_decode($_data['token']));
        $stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username AND `authmech` != 'u2f'");
        $stmt->execute(array(':username' => $username));
        $stmt = $pdo->prepare("INSERT INTO `tfa` (`username`, `key_id`, `authmech`, `keyHandle`, `publicKey`, `certificate`, `counter`, `active`) VALUES (?, ?, 'u2f', ?, ?, ?, ?, '1')");
        $stmt->execute(array($username, $key_id, $reg->keyHandle, $reg->publicKey, $reg->certificate, $reg->counter));
        $_SESSION['return'][] =  array(
          'type' => 'success',
          'log' => array(__FUNCTION__, $_data_log),
          'msg' => array('object_modified', $username)
        );
        $_SESSION['regReq'] = null;
      }
      catch (Exception $e) {
        $_SESSION['return'][] =  array(
          'type' => 'danger',
          'log' => array(__FUNCTION__, $_data_log),
          'msg' => array('u2f_verification_failed', $e->getMessage())
        );
        $_SESSION['regReq'] = null;
        return false;
      }
    break;
    case "totp":
      $key_id = (!isset($_data["key_id"])) ? 'unidentified' : $_data["key_id"];
      if ($tfa->verifyCode($_POST['totp_secret'], $_POST['totp_confirm_token']) === true) {
@ -1286,6 +1262,29 @@ function set_tfa($_data) {
        );
      }
    break;
    case "webauthn":
        $key_id = (!isset($_data["key_id"])) ? 'unidentified' : $_data["key_id"];
        $stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username AND `authmech` != 'webauthn'");
        $stmt->execute(array(':username' => $username));
        $stmt = $pdo->prepare("INSERT INTO `tfa` (`username`, `key_id`, `authmech`, `keyHandle`, `publicKey`, `certificate`, `counter`, `active`)
        VALUES (?, ?, 'webauthn', ?, ?, ?, ?, '1')");
        $stmt->execute(array(
            $username,
            $key_id,
            base64_encode($_data['registration']->credentialId),
            $_data['registration']->credentialPublicKey,
            $_data['registration']->certificate,
            0
        ));
        $_SESSION['return'][] =  array(
            'type' => 'success',
            'log' => array(__FUNCTION__, $_data_log),
            'msg' => array('object_modified', $username)
        );
    break;
    case "none":
      $stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username");
      $stmt->execute(array(':username' => $username));
@ -1360,8 +1359,8 @@ function fido2($_data) {
      if (!isset($_data['cid']) || empty($_data['cid'])) {
        return false;
      }
-      $stmt = $pdo->prepare("SELECT `certificateSubject`, `username`, `credentialPublicKey`, SHA2(`credentialId`, 256) AS `cid` FROM `fido2` WHERE TO_BASE64(`credentialId`) = :cid");
+      $stmt = $pdo->prepare("SELECT `certificateSubject`, `username`, `credentialPublicKey`, SHA2(`credentialId`, 256) AS `cid` FROM `fido2` WHERE `credentialId` = :cid");
-      $stmt->execute(array(':cid' => $_data['cid']));
+      $stmt->execute(array(':cid' => base64_decode($_data['cid'])));
      $row = $stmt->fetch(PDO::FETCH_ASSOC);
      if (empty($row) || empty($row['credentialPublicKey']) || empty($row['username'])) {
        return false;
@ -1516,6 +1515,7 @@ function get_tfa($username = null) {
        }
        return $data;
      break;
      // u2f - deprecated, should be removed
      case "u2f":
        $data['name'] = "u2f";
        $data['pretty'] = "Fido U2F";
@ -1547,6 +1547,19 @@ function get_tfa($username = null) {
        }
        return $data;
      break;
      case "webauthn":
        $data['name'] = "webauthn";
        $data['pretty'] = "WebAuthn";
        $stmt = $pdo->prepare("SELECT `id`, `key_id` FROM `tfa` WHERE `authmech` = 'webauthn' AND `username` = :username");
        $stmt->execute(array(
          ':username' => $username,
        ));
        $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
        while($row = array_shift($rows)) {
          $data['additional'][] = $row;
        }
        return $data;
      break;
      default:
        $data['name'] = 'none';
        $data['pretty'] = "-";
@ -1560,7 +1573,7 @@ function get_tfa($username = null) {
    return $data;
  }
 }
-function verify_tfa_login($username, $token) {
+function verify_tfa_login($username, $_data, $WebAuthn) {
    global $pdo;
    global $yubi;
    global $u2f;
@ -1572,7 +1585,7 @@ function verify_tfa_login($username, $token) {
    switch ($row["authmech"]) {
        case "yubi_otp":
-      if (!ctype_alnum($token) || strlen($token) != 44) {
+            if (!ctype_alnum($_data['token']) || strlen($_data['token']) != 44) {
                $_SESSION['return'][] =  array(
                    'type' => 'danger',
                    'log' => array(__FUNCTION__, $username, '*'),
@ -1580,7 +1593,7 @@ function verify_tfa_login($username, $token) {
                );
                return false;
            }
-      $yubico_modhex_id = substr($token, 0, 12);
+            $yubico_modhex_id = substr($_data['token'], 0, 12);
            $stmt = $pdo->prepare("SELECT `id`, `secret` FROM `tfa`
                WHERE `username` = :username
                AND `authmech` = 'yubi_otp'
@ -1590,7 +1603,7 @@ function verify_tfa_login($username, $token) {
            $row = $stmt->fetch(PDO::FETCH_ASSOC);
            $yubico_auth = explode(':', $row['secret']);
            $yubi = new Auth_Yubico($yubico_auth[0], $yubico_auth[1]);
-      $yauth = $yubi->verify($token);
+            $yauth = $yubi->verify($_data['token']);
            if (PEAR::isError($yauth)) {
                $_SESSION['return'][] =  array(
                    'type' => 'danger',
@ -1615,37 +1628,6 @@ function verify_tfa_login($username, $token) {
            );
            return false;
        break;
  case "u2f":
    try {
      $reg = $u2f->doAuthenticate(json_decode($_SESSION['authReq']), get_u2f_registrations($username), json_decode($token));
      $stmt = $pdo->prepare("SELECT `id` FROM `tfa` WHERE `keyHandle` = ?");
      $stmt->execute(array($reg->keyHandle));
      $row_key_id = $stmt->fetch(PDO::FETCH_ASSOC);
      $_SESSION['tfa_id'] = $row_key_id['id'];
      $_SESSION['authReq'] = null;
      $_SESSION['return'][] =  array(
        'type' => 'success',
        'log' => array(__FUNCTION__, $username, '*'),
        'msg' => 'verified_u2f_login'
      );
      return true;
    }
    catch (Exception $e) {
      $_SESSION['return'][] =  array(
        'type' => 'danger',
        'log' => array(__FUNCTION__, $username, '*'),
        'msg' => array('u2f_verification_failed', $e->getMessage())
      );
      $_SESSION['regReq'] = null;
      return false;
    }
    $_SESSION['return'][] =  array(
      'type' => 'danger',
      'log' => array(__FUNCTION__, $username, '*'),
      'msg' => array('u2f_verification_failed', 'unknown')
    );
    return false;
  break;
        case "hotp":
            return false;
        break;
@ -1658,7 +1640,7 @@ function verify_tfa_login($username, $token) {
            $stmt->execute(array(':username' => $username));
            $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
            foreach ($rows as $row) {
-        if ($tfa->verifyCode($row['secret'], $_POST['token']) === true) {
+                if ($tfa->verifyCode($row['secret'], $_data['token']) === true) {
                $_SESSION['tfa_id'] = $row['id'];
                $_SESSION['return'][] =  array(
                    'type' => 'success',
@ -1684,6 +1666,88 @@ function verify_tfa_login($username, $token) {
            return false;
            }
        break;
        // u2f - deprecated, should be removed
        case "u2f":
            // delete old keys that used u2f
            $stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `authmech` = :authmech AND `username` = :username");
            $stmt->execute(array(':authmech' => 'u2f', ':username' => $username));
            return true;
        case "webauthn":
            $tokenData = json_decode($_data['token']);
            $clientDataJSON = base64_decode($tokenData->clientDataJSON);
            $authenticatorData = base64_decode($tokenData->authenticatorData);
            $signature = base64_decode($tokenData->signature);
            $id = base64_decode($tokenData->id);
            $challenge = $_SESSION['challenge'];
            $stmt = $pdo->prepare("SELECT `key_id`, `keyHandle`, `username`, `publicKey` FROM `tfa` WHERE `keyHandle` = :tokenId");
            $stmt->execute(array(':tokenId' => $tokenData->id));
            $process_webauthn = $stmt->fetch(PDO::FETCH_ASSOC);
            if (empty($process_webauthn) || empty($process_webauthn['publicKey']) || empty($process_webauthn['username'])) return false;
            if ($process_webauthn['publicKey'] === false) {
                $_SESSION['return'][] =  array(
                    'type' => 'danger',
                    'log' => array(__FUNCTION__, $username, '*'),
                    'msg' => array('webauthn_verification_failed', 'publicKey not found')
                );
                return false;
            }
            try {
                $WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $process_webauthn['publicKey'], $challenge, null, $GLOBALS['WEBAUTHN_UV_FLAG_LOGIN'], $GLOBALS['WEBAUTHN_USER_PRESENT_FLAG']);
            }
            catch (Throwable $ex) {
                $_SESSION['return'][] =  array(
                    'type' => 'danger',
                    'log' => array(__FUNCTION__, $username, '*'),
                    'msg' => array('webauthn_verification_failed', $ex->getMessage())
                );
                return false;
            }
            $stmt = $pdo->prepare("SELECT `superadmin` FROM `admin` WHERE `username` = :username");
            $stmt->execute(array(':username' => $process_webauthn['username']));
            $obj_props = $stmt->fetch(PDO::FETCH_ASSOC);
            if ($obj_props['superadmin'] === 1) {
                $_SESSION["mailcow_cc_role"] = "admin";
            }
            elseif ($obj_props['superadmin'] === 0) {
                $_SESSION["mailcow_cc_role"] = "domainadmin";
            }
            else {
                $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `username` = :username");
                $stmt->execute(array(':username' => $process_webauthn['username']));
                $row = $stmt->fetch(PDO::FETCH_ASSOC);
                if ($row['username'] == $process_webauthn['username']) {
                $_SESSION["mailcow_cc_role"] = "user";
                }
            }
            if ($process_webauthn['username'] != $_SESSION['pending_mailcow_cc_username']){
                $_SESSION['return'][] =  array(
                    'type' => 'danger',
                    'log' => array(__FUNCTION__, $username, '*'),
                    'msg' => array('webauthn_verification_failed', 'user who requests does not match with sql entry')
                );
                return false;
            }
            $_SESSION["mailcow_cc_username"] = $process_webauthn['username'];
            $_SESSION['tfa_id'] = $process_webauthn['key_id'];
            $_SESSION['authReq'] = null;
            unset($_SESSION["challenge"]);
            $_SESSION['return'][] =  array(
                'type' => 'success',
                'log' => array("webauthn_login"),
                'msg' => array('logged_in_as', $process_webauthn['username'])
            );
            return true;
        break;
        default:
            $_SESSION['return'][] =  array(
            'type' => 'danger',
@ -1693,6 +1757,7 @@ function verify_tfa_login($username, $token) {
            return false;
        break;
    }
    return false;
 }
 function admin_api($access, $action, $data = null) {
@ -1955,12 +2020,7 @@ function rspamd_ui($action, $data = null) {
    break;
  }
 }
-function get_u2f_registrations($username) {
+
  global $pdo;
  $sel = $pdo->prepare("SELECT * FROM `tfa` WHERE `authmech` = 'u2f' AND `username` = ? AND `active` = '1'");
  $sel->execute(array($username));
  return $sel->fetchAll(PDO::FETCH_OBJ);
 }
 function get_logs($application, $lines = false) {
  if ($lines === false) {
    $lines = $GLOBALS['LOG_LINES'] - 1;
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@ -3,7 +3,7 @@ function init_db_schema() {
  try {
    global $pdo;
-    $db_version = "31102021_0620";
+    $db_version = "18012022_1020";
    $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@ -696,7 +696,7 @@ function init_db_schema() {
          "id" => "INT NOT NULL AUTO_INCREMENT",
          "key_id" => "VARCHAR(255) NOT NULL",
          "username" => "VARCHAR(255) NOT NULL",
-          "authmech" => "ENUM('yubi_otp', 'u2f', 'hotp', 'totp')",
+          "authmech" => "ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')",
          "secret" => "VARCHAR(255) DEFAULT NULL",
          "keyHandle" => "VARCHAR(255) DEFAULT NULL",
          "publicKey" => "VARCHAR(255) DEFAULT NULL",
@ -1190,6 +1190,9 @@ function init_db_schema() {
    // Mitigate imapsync pipemess issue
    $pdo->query("UPDATE `imapsync` SET `custom_params` = '' WHERE `custom_params` LIKE '%pipemess%';");
    // Migrate webauthn tfa
    $stmt = $pdo->query("ALTER TABLE `tfa` MODIFY COLUMN `authmech` ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')");
    // Inject admin if not exists
    $stmt = $pdo->query("SELECT NULL FROM `admin`"); 
    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
--- a/data/web/inc/lib/WebAuthn/Attestation/AttestationObject.php
+++ b/data/web/inc/lib/WebAuthn/Attestation/AttestationObject.php
@ -1,9 +1,9 @@
 <?php
-namespace WebAuthn\Attestation;
+namespace lbuchs\WebAuthn\Attestation;
-use WebAuthn\WebAuthnException;
+use lbuchs\WebAuthn\WebAuthnException;
-use WebAuthn\CBOR\CborDecoder;
+use lbuchs\WebAuthn\CBOR\CborDecoder;
-use WebAuthn\Binary\ByteBuffer;
+use lbuchs\WebAuthn\Binary\ByteBuffer;
 /**
 * @author Lukas Buchs
@ -12,6 +12,7 @@ use WebAuthn\Binary\ByteBuffer;
 class AttestationObject {
    private $_authenticatorData;
    private $_attestationFormat;
    private $_attestationFormatName;
    public function __construct($binary , $allowedFormats) {
        $enc = CborDecoder::decode($binary);
@ -29,13 +30,15 @@ class AttestationObject {
        }
        $this->_authenticatorData = new AuthenticatorData($enc['authData']->getBinaryString());
        $this->_attestationFormatName = $enc['fmt'];
        // Format ok?
-        if (!in_array($enc['fmt'], $allowedFormats)) {
+        if (!in_array($this->_attestationFormatName, $allowedFormats)) {
-            throw new WebAuthnException('invalid atttestation format: ' . $enc['fmt'], WebAuthnException::INVALID_DATA);
+            throw new WebAuthnException('invalid atttestation format: ' . $this->_attestationFormatName, WebAuthnException::INVALID_DATA);
        }
-        switch ($enc['fmt']) {
+
        switch ($this->_attestationFormatName) {
            case 'android-key': $this->_attestationFormat = new Format\AndroidKey($enc, $this->_authenticatorData); break;
            case 'android-safetynet': $this->_attestationFormat = new Format\AndroidSafetyNet($enc, $this->_authenticatorData); break;
            case 'apple': $this->_attestationFormat = new Format\Apple($enc, $this->_authenticatorData); break;
@ -47,6 +50,14 @@ class AttestationObject {
        }
    }
    /**
     * returns the attestation format name
     * @return string
     */
    public function getAttestationFormatName() {
        return $this->_attestationFormatName;
    }
    /**
     * returns the attestation public key in PEM format
     * @return AuthenticatorData
@ -72,16 +83,19 @@ class AttestationObject {
        $issuer = '';
        if ($pem) {
            $certInfo = \openssl_x509_parse($pem);
-            if (\is_array($certInfo) && \is_array($certInfo['issuer'])) {
+            if (\is_array($certInfo) && \array_key_exists('issuer', $certInfo) && \is_array($certInfo['issuer'])) {
-                if ($certInfo['issuer']['CN']) {
+
-                    $issuer .= \trim($certInfo['issuer']['CN']);
+                $cn = $certInfo['issuer']['CN'] ?? '';
                $o = $certInfo['issuer']['O'] ?? '';
                $ou = $certInfo['issuer']['OU'] ?? '';
                if ($cn) {
                    $issuer .= $cn;
                }
-                if ($certInfo['issuer']['O'] || $certInfo['issuer']['OU']) {
+                if ($issuer && ($o || $ou)) {
-                    if ($issuer) {
+                    $issuer .= ' (' . trim($o . ' ' . $ou) . ')';
                        $issuer .= ' (' . \trim($certInfo['issuer']['O'] . ' ' . $certInfo['issuer']['OU']) . ')';
                } else {
-                        $issuer .= \trim($certInfo['issuer']['O'] . ' ' . $certInfo['issuer']['OU']);
+                    $issuer .= trim($o . ' ' . $ou);
                    }
                }
            }
        }
@ -98,16 +112,19 @@ class AttestationObject {
        $subject = '';
        if ($pem) {
            $certInfo = \openssl_x509_parse($pem);
-            if (\is_array($certInfo) && \is_array($certInfo['subject'])) {
+            if (\is_array($certInfo) && \array_key_exists('subject', $certInfo) && \is_array($certInfo['subject'])) {
-                if ($certInfo['subject']['CN']) {
+
-                    $subject .= \trim($certInfo['subject']['CN']);
+                $cn = $certInfo['subject']['CN'] ?? '';
                $o = $certInfo['subject']['O'] ?? '';
                $ou = $certInfo['subject']['OU'] ?? '';
                if ($cn) {
                    $subject .= $cn;
                }
-                if ($certInfo['subject']['O'] || $certInfo['subject']['OU']) {
+                if ($subject && ($o || $ou)) {
-                    if ($subject) {
+                    $subject .= ' (' . trim($o . ' ' . $ou) . ')';
                        $subject .= ' (' . \trim($certInfo['subject']['O'] . ' ' . $certInfo['subject']['OU']) . ')';
                } else {
-                        $subject .= \trim($certInfo['subject']['O'] . ' ' . $certInfo['subject']['OU']);
+                    $subject .= trim($o . ' ' . $ou);
                    }
                }
            }
        }
--- a/data/web/inc/lib/WebAuthn/Attestation/AuthenticatorData.php
+++ b/data/web/inc/lib/WebAuthn/Attestation/AuthenticatorData.php
@ -1,9 +1,9 @@
 <?php
-namespace WebAuthn\Attestation;
+namespace lbuchs\WebAuthn\Attestation;
-use WebAuthn\WebAuthnException;
+use lbuchs\WebAuthn\WebAuthnException;
-use WebAuthn\CBOR\CborDecoder;
+use lbuchs\WebAuthn\CBOR\CborDecoder;
-use WebAuthn\Binary\ByteBuffer;
+use lbuchs\WebAuthn\Binary\ByteBuffer;
 /**
 * @author Lukas Buchs
--- a/data/web/inc/lib/WebAuthn/Attestation/Format/AndroidKey.php
+++ b/data/web/inc/lib/WebAuthn/Attestation/Format/AndroidKey.php
@ -1,15 +1,16 @@
 <?php
-namespace WebAuthn\Attestation\Format;
+namespace lbuchs\WebAuthn\Attestation\Format;
-use WebAuthn\WebAuthnException;
+use lbuchs\WebAuthn\Attestation\AuthenticatorData;
-use WebAuthn\Binary\ByteBuffer;
+use lbuchs\WebAuthn\WebAuthnException;
 use lbuchs\WebAuthn\Binary\ByteBuffer;
 class AndroidKey extends FormatBase {
    private $_alg;
    private $_signature;
    private $_x5c;
-    public function __construct($AttestionObject, \WebAuthn\Attestation\AuthenticatorData $authenticatorData) {
+    public function __construct($AttestionObject, AuthenticatorData $authenticatorData) {
        parent::__construct($AttestionObject, $authenticatorData);
        // check u2f data
--- a/data/web/inc/lib/WebAuthn/Attestation/Format/AndroidSafetyNet.php
+++ b/data/web/inc/lib/WebAuthn/Attestation/Format/AndroidSafetyNet.php
@ -1,9 +1,10 @@
 <?php
-namespace WebAuthn\Attestation\Format;
+namespace lbuchs\WebAuthn\Attestation\Format;
-use WebAuthn\WebAuthnException;
+use lbuchs\WebAuthn\Attestation\AuthenticatorData;
-use WebAuthn\Binary\ByteBuffer;
+use lbuchs\WebAuthn\WebAuthnException;
 use lbuchs\WebAuthn\Binary\ByteBuffer;
 class AndroidSafetyNet extends FormatBase {
    private $_signature;
@ -11,7 +12,7 @@ class AndroidSafetyNet extends FormatBase {
    private $_x5c;
    private $_payload;
-    public function __construct($AttestionObject, \WebAuthn\Attestation\AuthenticatorData $authenticatorData) {
+    public function __construct($AttestionObject, AuthenticatorData $authenticatorData) {
        parent::__construct($AttestionObject, $authenticatorData);
        // check data
--- a/data/web/inc/lib/WebAuthn/Attestation/Format/Apple.php
+++ b/data/web/inc/lib/WebAuthn/Attestation/Format/Apple.php
@ -1,14 +1,15 @@
 <?php
-namespace WebAuthn\Attestation\Format;
+namespace lbuchs\WebAuthn\Attestation\Format;
-use WebAuthn\WebAuthnException;
+use lbuchs\WebAuthn\Attestation\AuthenticatorData;
-use WebAuthn\Binary\ByteBuffer;
+use lbuchs\WebAuthn\WebAuthnException;
 use lbuchs\WebAuthn\Binary\ByteBuffer;
 class Apple extends FormatBase {
    private $_x5c;
-    public function __construct($AttestionObject, \WebAuthn\Attestation\AuthenticatorData $authenticatorData) {
+    public function __construct($AttestionObject, AuthenticatorData $authenticatorData) {
        parent::__construct($AttestionObject, $authenticatorData);
        // check packed data
--- a/data/web/inc/lib/WebAuthn/Attestation/Format/FormatBase.php
+++ b/data/web/inc/lib/WebAuthn/Attestation/Format/FormatBase.php
@ -1,8 +1,9 @@
 <?php
-namespace WebAuthn\Attestation\Format;
+namespace lbuchs\WebAuthn\Attestation\Format;
-use WebAuthn\WebAuthnException;
+use lbuchs\WebAuthn\WebAuthnException;
 use lbuchs\WebAuthn\Attestation\AuthenticatorData;
 abstract class FormatBase {
@ -14,9 +15,9 @@ abstract class FormatBase {
    /**
     *
     * @param Array $AttestionObject
-     * @param \WebAuthn\Attestation\AuthenticatorData $authenticatorData
+     * @param AuthenticatorData $authenticatorData
     */
-    public function __construct($AttestionObject, \WebAuthn\Attestation\AuthenticatorData $authenticatorData) {
+    public function __construct($AttestionObject, AuthenticatorData $authenticatorData) {
        $this->_attestationObject = $AttestionObject;
        $this->_authenticatorData = $authenticatorData;
    }
@ -26,7 +27,7 @@ abstract class FormatBase {
     */
    public function __destruct() {
        // delete X.509 chain certificate file after use
-        if (\is_file($this->_x5c_tempFile)) {
+        if ($this->_x5c_tempFile && \is_file($this->_x5c_tempFile)) {
            \unlink($this->_x5c_tempFile);
        }
    }
@ -36,7 +37,7 @@ abstract class FormatBase {
     * @return string|null
     */
    public function getCertificateChain() {
-        if (\is_file($this->_x5c_tempFile)) {
+        if ($this->_x5c_tempFile && \is_file($this->_x5c_tempFile)) {
            return \file_get_contents($this->_x5c_tempFile);
        }
        return null;
--- a/data/web/inc/lib/WebAuthn/Attestation/Format/None.php
+++ b/data/web/inc/lib/WebAuthn/Attestation/Format/None.php
@ -1,13 +1,14 @@
 <?php
-namespace WebAuthn\Attestation\Format;
+namespace lbuchs\WebAuthn\Attestation\Format;
-use WebAuthn\WebAuthnException;
+use lbuchs\WebAuthn\Attestation\AuthenticatorData;
 use lbuchs\WebAuthn\WebAuthnException;
 class None extends FormatBase {
-    public function __construct($AttestionObject, \WebAuthn\Attestation\AuthenticatorData $authenticatorData) {
+    public function __construct($AttestionObject, AuthenticatorData $authenticatorData) {
        parent::__construct($AttestionObject, $authenticatorData);
    }
@ -28,12 +29,13 @@ class None extends FormatBase {
    }
    /**
-     * validates the certificate against root certificates
+     * validates the certificate against root certificates.
     * Format 'none' does not contain any ca, so always false.
     * @param array $rootCas
     * @return boolean
     * @throws WebAuthnException
     */
    public function validateRootCertificate($rootCas) {
-        return true;
+        return false;
    }
 }
--- a/data/web/inc/lib/WebAuthn/Attestation/Format/Packed.php
+++ b/data/web/inc/lib/WebAuthn/Attestation/Format/Packed.php
@ -1,16 +1,17 @@
 <?php
-namespace WebAuthn\Attestation\Format;
+namespace lbuchs\WebAuthn\Attestation\Format;
-use WebAuthn\WebAuthnException;
+use lbuchs\WebAuthn\Attestation\AuthenticatorData;
-use WebAuthn\Binary\ByteBuffer;
+use lbuchs\WebAuthn\WebAuthnException;
 use lbuchs\WebAuthn\Binary\ByteBuffer;
 class Packed extends FormatBase {
    private $_alg;
    private $_signature;
    private $_x5c;
-    public function __construct($AttestionObject, \WebAuthn\Attestation\AuthenticatorData $authenticatorData) {
+    public function __construct($AttestionObject, AuthenticatorData $authenticatorData) {
        parent::__construct($AttestionObject, $authenticatorData);
        // check packed data
--- a/data/web/inc/lib/WebAuthn/Attestation/Format/Tpm.php
+++ b/data/web/inc/lib/WebAuthn/Attestation/Format/Tpm.php
@ -1,9 +1,10 @@
 <?php
-namespace WebAuthn\Attestation\Format;
+namespace lbuchs\WebAuthn\Attestation\Format;
-use WebAuthn\WebAuthnException;
+use lbuchs\WebAuthn\Attestation\AuthenticatorData;
-use WebAuthn\Binary\ByteBuffer;
+use lbuchs\WebAuthn\WebAuthnException;
 use lbuchs\WebAuthn\Binary\ByteBuffer;
 class Tpm extends FormatBase {
    private $_TPM_GENERATED_VALUE = "\xFF\x54\x43\x47";
@ -19,7 +20,7 @@ class Tpm extends FormatBase {
    private $_certInfo;
-    public function __construct($AttestionObject, \WebAuthn\Attestation\AuthenticatorData $authenticatorData) {
+    public function __construct($AttestionObject, AuthenticatorData $authenticatorData) {
        parent::__construct($AttestionObject, $authenticatorData);
        // check packed data
--- a/data/web/inc/lib/WebAuthn/Attestation/Format/U2f.php
+++ b/data/web/inc/lib/WebAuthn/Attestation/Format/U2f.php
@ -1,9 +1,10 @@
 <?php
-namespace WebAuthn\Attestation\Format;
+namespace lbuchs\WebAuthn\Attestation\Format;
-use WebAuthn\WebAuthnException;
+use lbuchs\WebAuthn\Attestation\AuthenticatorData;
-use WebAuthn\Binary\ByteBuffer;
+use lbuchs\WebAuthn\WebAuthnException;
 use lbuchs\WebAuthn\Binary\ByteBuffer;
 class U2f extends FormatBase {
    private $_alg = -7;
--- a/data/web/inc/lib/WebAuthn/Binary/ByteBuffer.php
+++ b/data/web/inc/lib/WebAuthn/Binary/ByteBuffer.php
@ -1,8 +1,8 @@
 <?php
-namespace WebAuthn\Binary;
+namespace lbuchs\WebAuthn\Binary;
-use WebAuthn\WebAuthnException;
+use lbuchs\WebAuthn\WebAuthnException;
 /**
 * Modified version of https://github.com/madwizard-thomas/webauthn-server/blob/master/src/Format/ByteBuffer.php
@ -39,7 +39,7 @@ class ByteBuffer implements \JsonSerializable, \Serializable {
    /**
     * create a ByteBuffer from a base64 url encoded string
     * @param string $base64url
-     * @return \WebAuthn\Binary\ByteBuffer
+     * @return ByteBuffer
     */
    public static function fromBase64Url($base64url) {
        $bin = self::_base64url_decode($base64url);
@ -52,7 +52,7 @@ class ByteBuffer implements \JsonSerializable, \Serializable {
    /**
     * create a ByteBuffer from a base64 url encoded string
     * @param string $hex
-     * @return \WebAuthn\Binary\ByteBuffer
+     * @return ByteBuffer
     */
    public static function fromHex($hex) {
        $bin = \hex2bin($hex);
@ -65,7 +65,7 @@ class ByteBuffer implements \JsonSerializable, \Serializable {
    /**
     * create a random ByteBuffer
     * @param string $length
-     * @return \WebAuthn\Binary\ByteBuffer
+     * @return ByteBuffer
     */
    public static function randomBuffer($length) {
        if (\function_exists('random_bytes')) { // >PHP 7.0
@ -97,6 +97,14 @@ class ByteBuffer implements \JsonSerializable, \Serializable {
        return \ord(\substr($this->_data, $offset, 1));
    }
    public function getJson($jsonFlags=0) {
        $data = \json_decode($this->getBinaryString(), null, 512, $jsonFlags);
        if (\json_last_error() !== JSON_ERROR_NONE) {
            throw new WebAuthnException(\json_last_error_msg(), WebAuthnException::BYTEBUFFER);
        }
        return $data;
    }
    public function getLength() {
        return $this->_length;
    }
@ -203,7 +211,7 @@ class ByteBuffer implements \JsonSerializable, \Serializable {
    /**
     * jsonSerialize interface
     * return binary data in RFC 1342-Like serialized string
-     * @return \stdClass
+     * @return string
     */
    public function jsonSerialize() {
        if (ByteBuffer::$useBase64UrlEncoding) {
@ -231,6 +239,36 @@ class ByteBuffer implements \JsonSerializable, \Serializable {
        $this->_length = \strlen($this->_data);
    }
    /**
     * (PHP 8 deprecates Serializable-Interface)
     * @return array
     */
    public function __serialize() {
        return [
            'data' => \serialize($this->_data)
        ];
    }
    /**
     * object to string
     * @return string
     */
    public function __toString() {
        return $this->getHex();
    }
    /**
     * (PHP 8 deprecates Serializable-Interface)
     * @param array $data
     * @return void
     */
    public function __unserialize($data) {
        if ($data && isset($data['data'])) {
            $this->_data = \unserialize($data['data']);
            $this->_length = \strlen($this->_data);
        }
    }
    // -----------------------
    // PROTECTED STATIC
    // -----------------------
--- a/data/web/inc/lib/WebAuthn/CBOR/CborDecoder.php
+++ b/data/web/inc/lib/WebAuthn/CBOR/CborDecoder.php
@ -1,9 +1,9 @@
 <?php
-namespace WebAuthn\CBOR;
+namespace lbuchs\WebAuthn\CBOR;
-use WebAuthn\WebAuthnException;
+use lbuchs\WebAuthn\WebAuthnException;
-use WebAuthn\Binary\ByteBuffer;
+use lbuchs\WebAuthn\Binary\ByteBuffer;
 /**
 * Modified version of https://github.com/madwizard-thomas/webauthn-server/blob/master/src/Format/CborDecoder.php
--- a/data/web/inc/lib/WebAuthn/LICENSE
+++ b/data/web/inc/lib/WebAuthn/LICENSE
@ -1,22 +0,0 @@
 MIT License
 Copyright © 2019 Lukas Buchs
 Copyright © 2018 Thomas Bleeker (CBOR & ByteBuffer part)
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/data/web/inc/lib/WebAuthn/WebAuthn.php
+++ b/data/web/inc/lib/WebAuthn/WebAuthn.php
@ -1,7 +1,7 @@
 <?php
-namespace WebAuthn;
+namespace lbuchs\WebAuthn;
-use WebAuthn\Binary\ByteBuffer;
+use lbuchs\WebAuthn\Binary\ByteBuffer;
 require_once 'WebAuthnException.php';
 require_once 'Binary/ByteBuffer.php';
 require_once 'Attestation/AttestationObject.php';
@ -69,16 +69,20 @@ class WebAuthn {
    /**
     * add a root certificate to verify new registrations
     * @param string $path file path of / directory with root certificates
     * @param array|null $certFileExtensions if adding a direction, all files with provided extension are added. default: pem, crt, cer, der
     */
-    public function addRootCertificates($path) {
+    public function addRootCertificates($path, $certFileExtensions=null) {
        if (!\is_array($this->_caFiles)) {
            $this->_caFiles = array();
        }
        if ($certFileExtensions === null) {
            $certFileExtensions = array('pem', 'crt', 'cer', 'der');
        }
        $path = \rtrim(\trim($path), '\\/');
        if (\is_dir($path)) {
            foreach (\scandir($path) as $ca) {
-                if (\is_file($path . '/' . $ca)) {
+                if (\is_file($path . DIRECTORY_SEPARATOR . $ca) && \in_array(\strtolower(\pathinfo($ca, PATHINFO_EXTENSION)), $certFileExtensions)) {
-                    $this->addRootCertificates($path . '/' . $ca);
+                    $this->addRootCertificates($path . DIRECTORY_SEPARATOR . $ca);
                }
            }
        } else if (\is_file($path) && !\in_array(\realpath($path), $this->_caFiles)) {
@ -273,10 +277,11 @@ class WebAuthn {
     * @param string|ByteBuffer $challenge binary used challange
     * @param bool $requireUserVerification true, if the device must verify user (e.g. by biometric data or pin)
     * @param bool $requireUserPresent false, if the device must NOT check user presence (e.g. by pressing a button)
     * @param bool $failIfRootMismatch false, if there should be no error thrown if root certificate doesn't match
     * @return \stdClass
     * @throws WebAuthnException
     */
-    public function processCreate($clientDataJSON, $attestationObject, $challenge, $requireUserVerification=false, $requireUserPresent=true) {
+    public function processCreate($clientDataJSON, $attestationObject, $challenge, $requireUserVerification=false, $requireUserPresent=true, $failIfRootMismatch=true) {
        $clientDataHash = \hash('sha256', $clientDataJSON, true);
        $clientData = \json_decode($clientDataJSON);
        $challenge = $challenge instanceof ByteBuffer ? $challenge : new ByteBuffer($challenge);
@ -318,18 +323,21 @@ class WebAuthn {
        }
        // 15. If validation is successful, obtain a list of acceptable trust anchors
-        if (is_array($this->_caFiles) && !$attestationObject->validateRootCertificate($this->_caFiles)) {
+        $rootValid = is_array($this->_caFiles) ? $attestationObject->validateRootCertificate($this->_caFiles) : null;
        if ($failIfRootMismatch && is_array($this->_caFiles) && !$rootValid) {
            throw new WebAuthnException('invalid root certificate', WebAuthnException::CERTIFICATE_NOT_TRUSTED);
        }
        // 10. Verify that the User Present bit of the flags in authData is set.
-        if ($requireUserPresent && !$attestationObject->getAuthenticatorData()->getUserPresent()) {
+        $userPresent = $attestationObject->getAuthenticatorData()->getUserPresent();
        if ($requireUserPresent && !$userPresent) {
            throw new WebAuthnException('user not present during authentication', WebAuthnException::USER_PRESENT);
        }
        // 11. If user verification is required for this registration, verify that the User Verified bit of the flags in authData is set.
-        if ($requireUserVerification && !$attestationObject->getAuthenticatorData()->getUserVerified()) {
+        $userVerified = $attestationObject->getAuthenticatorData()->getUserVerified();
-            throw new WebAuthnException('user not verificated during authentication', WebAuthnException::USER_VERIFICATED);
+        if ($requireUserVerification && !$userVerified) {
            throw new WebAuthnException('user not verified during authentication', WebAuthnException::USER_VERIFICATED);
        }
        $signCount = $attestationObject->getAuthenticatorData()->getSignCount();
@ -340,6 +348,7 @@ class WebAuthn {
        // prepare data to store for future logins
        $data = new \stdClass();
        $data->rpId = $this->_rpId;
        $data->attestationFormat = $attestationObject->getAttestationFormatName();
        $data->credentialId = $attestationObject->getAuthenticatorData()->getCredentialId();
        $data->credentialPublicKey = $attestationObject->getAuthenticatorData()->getPublicKeyPem();
        $data->certificateChain = $attestationObject->getCertificateChain();
@ -348,6 +357,9 @@ class WebAuthn {
        $data->certificateSubject = $attestationObject->getCertificateSubject();
        $data->signatureCounter = $this->_signatureCounter;
        $data->AAGUID = $attestationObject->getAuthenticatorData()->getAAGUID();
        $data->rootValid = $rootValid;
        $data->userPresent = $userPresent;
        $data->userVerified = $userVerified;
        return $data;
    }
@ -453,6 +465,92 @@ class WebAuthn {
        return true;
    }
    /**
     * Downloads root certificates from FIDO Alliance Metadata Service (MDS) to a specific folder
     * https://fidoalliance.org/metadata/
     * @param string $certFolder Folder path to save the certificates in PEM format.
     * @param bool $deleteCerts=true
     * @return int number of cetificates
     * @throws WebAuthnException
     */
    public function queryFidoMetaDataService($certFolder, $deleteCerts=true) {
        $url = 'https://mds.fidoalliance.org/';
        $raw = null;
        if (\function_exists('curl_init')) {
            $ch = \curl_init($url);
            \curl_setopt($ch, CURLOPT_HEADER, false);
            \curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            \curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
            \curl_setopt($ch, CURLOPT_USERAGENT, 'github.com/lbuchs/WebAuthn - A simple PHP WebAuthn server library');
            $raw = \curl_exec($ch);
            \curl_close($ch);
        } else {
            $raw = \file_get_contents($url);
        }
        $certFolder = \rtrim(\realpath($certFolder), '\\/');
        if (!is_dir($certFolder)) {
            throw new WebAuthnException('Invalid folder path for query FIDO Alliance Metadata Service');
        }
        if (!\is_string($raw)) {
            throw new WebAuthnException('Unable to query FIDO Alliance Metadata Service');
        }
        $jwt = \explode('.', $raw);
        if (\count($jwt) !== 3) {
            throw new WebAuthnException('Invalid JWT from FIDO Alliance Metadata Service');
        }
        if ($deleteCerts) {
            foreach (\scandir($certFolder) as $ca) {
                if (\substr($ca, -4) === '.pem') {
                    if (\unlink($certFolder . DIRECTORY_SEPARATOR . $ca) === false) {
                        throw new WebAuthnException('Cannot delete certs in folder for FIDO Alliance Metadata Service');
                    }
                }
            }
        }
        list($header, $payload, $hash) = $jwt;
        $payload = Binary\ByteBuffer::fromBase64Url($payload)->getJson();
        $count = 0;
        if (\is_object($payload) && \property_exists($payload, 'entries') && \is_array($payload->entries)) {
            foreach ($payload->entries as $entry) {
                if (\is_object($entry) && \property_exists($entry, 'metadataStatement') && \is_object($entry->metadataStatement)) {
                    $description = $entry->metadataStatement->description ?? null;
                    $attestationRootCertificates = $entry->metadataStatement->attestationRootCertificates ?? null;
                    if ($description && $attestationRootCertificates) {
                        // create filename
                        $certFilename = \preg_replace('/[^a-z0-9]/i', '_', $description);
                        $certFilename = \trim(\preg_replace('/\_{2,}/i', '_', $certFilename),'_') . '.pem';
                        $certFilename = \strtolower($certFilename);
                        // add certificate
                        $certContent = $description . "\n";
                        $certContent .= \str_repeat('-', \mb_strlen($description)) . "\n";
                        foreach ($attestationRootCertificates as $attestationRootCertificate) {
                            $count++;
                            $certContent .= "\n-----BEGIN CERTIFICATE-----\n";
                            $certContent .= \chunk_split(\trim($attestationRootCertificate), 64, "\n");
                            $certContent .= "-----END CERTIFICATE-----\n";
                        }
                        if (\file_put_contents($certFolder . DIRECTORY_SEPARATOR . $certFilename, $certContent) === false) {
                            throw new WebAuthnException('unable to save certificate from FIDO Alliance Metadata Service');
                        }
                    }
                }
            }
        }
        return $count;
    }
    // -----------------------------------------------
    // PRIVATE
    // -----------------------------------------------
--- a/data/web/inc/lib/WebAuthn/WebAuthnException.php
+++ b/data/web/inc/lib/WebAuthn/WebAuthnException.php
@ -1,5 +1,5 @@
 <?php
-namespace WebAuthn;
+namespace lbuchs\WebAuthn;
 /**
 * @author Lukas Buchs
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@ -10,11 +10,17 @@ $DEV_MODE = (getenv('DEV_MODE') == 'y');
 }*/
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.inc.php';
 $default_autodiscover_config = $autodiscover_config;
 if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/inc/vars.local.inc.php')) {
  include_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.local.inc.php';
 }
 // auto-generated by generate-config.sh and update.sh
 if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/inc/app_info.inc.php')) {
    require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/app_info.inc.php';
 }
 unset($https_port);
 $autodiscover_config = array_merge($default_autodiscover_config, $autodiscover_config);
@ -54,24 +60,16 @@ foreach ($css_dir as $css_file) {
 }
 // U2F API + T/HOTP API
 // u2f - deprecated, should be removed
 $u2f = new u2flib_server\U2F('https://' . $_SERVER['HTTP_HOST']);
 $qrprovider = new RobThree\Auth\Providers\Qr\QRServerProvider();
 $tfa = new RobThree\Auth\TwoFactorAuth($OTP_LABEL, 6, 30, 'sha1', $qrprovider);
 // FIDO2
 $formats = $GLOBALS['FIDO2_FORMATS'];
-$WebAuthn = new \WebAuthn\WebAuthn('WebAuthn Library', $_SERVER['HTTP_HOST'], $formats);
+$WebAuthn = new lbuchs\WebAuthn\WebAuthn('WebAuthn Library', $_SERVER['HTTP_HOST'], $formats);
-$WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/solo.pem');
+// only include root ca's when needed
-$WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/apple.pem');
+if (getenv('WEBAUTHN_ONLY_TRUSTED_VENDORS') == 'y') $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates');
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/nitro.pem');
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/yubico.pem');
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/hypersecu.pem');
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/globalSign.pem');
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/googleHardware.pem');
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/microsoftTpmCollection.pem');
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/huawei.pem');
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/trustkey.pem');
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/bsi.pem');
 // Redis
 $redis = new Redis();
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@ -1,15 +1,28 @@
 <?php
 if (isset($_POST["verify_tfa_login"])) {
-  if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST["token"])) {
+  if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST, $WebAuthn)) {
    $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
    $_SESSION['mailcow_cc_role'] = $_SESSION['pending_mailcow_cc_role'];
    unset($_SESSION['pending_mailcow_cc_username']);
    unset($_SESSION['pending_mailcow_cc_role']);
    unset($_SESSION['pending_tfa_method']);
    header("Location: /user");
  } else {
    unset($_SESSION['pending_mailcow_cc_username']);
    unset($_SESSION['pending_mailcow_cc_role']);
    unset($_SESSION['pending_tfa_method']);
  }
 }
 if (isset($_GET["cancel_tfa_login"])) {
    unset($_SESSION['pending_mailcow_cc_username']);
    unset($_SESSION['pending_mailcow_cc_role']);
    unset($_SESSION['pending_tfa_method']);
    header("Location: /");
 }
 if (isset($_POST["quick_release"])) {
 	quarantine('quick_release', $_POST["quick_release"]);
 }
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@ -175,6 +175,9 @@ $MAILBOX_DEFAULT_ATTRIBUTES['pop3_access'] = true;
 // Mailbox has SMTP access by default
 $MAILBOX_DEFAULT_ATTRIBUTES['smtp_access'] = true;
 // Mailbox has sieve access by default
 $MAILBOX_DEFAULT_ATTRIBUTES['sieve_access'] = true;
 // Mailbox receives notifications about...
 // "add_header" - mail that was put into the Junk folder
 // "reject" - mail that was rejected
@ -192,11 +195,17 @@ $SHOW_LAST_LOGIN = true;
 // true = required
 // false = preferred
 // string 'required' 'preferred' 'discouraged'
 $WEBAUTHN_UV_FLAG_REGISTER = false;
 $WEBAUTHN_UV_FLAG_LOGIN = false;
 $WEBAUTHN_USER_PRESENT_FLAG = true;
 $FIDO2_UV_FLAG_REGISTER = 'preferred';
 $FIDO2_UV_FLAG_LOGIN = 'preferred'; // iOS ignores the key via NFC if required - known issue
 $FIDO2_USER_PRESENT_FLAG = true;
 $FIDO2_FORMATS = array('apple', 'android-key', 'android-safetynet', 'fido-u2f', 'none', 'packed', 'tpm');
 // Set visible Rspamd maps in mailcow UI, do not change unless you know what you are doing
 $RSPAMD_MAPS = array(
  'regex' => array(
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@ -117,12 +117,12 @@ if (isset($_GET['query'])) {
          echo isset($_SESSION['return']) ? json_encode($_SESSION['return']) : $generic_success;
        }
      }
-      if (!isset($_POST['attr']) && $category != "fido2-registration") {
+      if (!isset($_POST['attr']) && $category != "fido2-registration" && $category != "webauthn-tfa-registration") {
        echo $request_incomplete;
        exit;
      }
      else {
-        if ($category != "fido2-registration") {
+        if ($category != "fido2-registration" && $category != "webauthn-tfa-registration") {
          $attr = (array)json_decode($_POST['attr'], true);
        }
        unset($attr['csrf_token']);
@ -170,6 +170,48 @@ if (isset($_GET['query'])) {
            exit;
          }
        break;
        case "webauthn-tfa-registration":
            if (isset($_SESSION["mailcow_cc_role"])) {
              // parse post data
              $post = trim(file_get_contents('php://input'));
              if ($post) $post = json_decode($post);
              // decode base64 strings
              $clientDataJSON = base64_decode($post->clientDataJSON);
              $attestationObject = base64_decode($post->attestationObject);             
              // process registration data from authenticator
              try {
                // processCreate($clientDataJSON, $attestationObject, $challenge, $requireUserVerification=false, $requireUserPresent=true, $failIfRootMismatch=true)
                $data = $WebAuthn->processCreate($clientDataJSON, $attestationObject, $_SESSION['challenge'], false, true);
              }
              catch (Throwable $ex) {
                // err
                $return = new stdClass();
                $return->success = false;
                $return->msg = $ex->getMessage();
                echo json_encode($return);
                exit;
              }
              // safe authenticator in mysql `tfa` table
              $_data['tfa_method'] = $post->tfa_method;
              $_data['key_id'] = $post->key_id;
              $_data['registration'] = $data;
              set_tfa($_data);
              // send response
              $return = new stdClass();
              $return->success = true;
              echo json_encode($return);
              exit;
            }
            else {
              // err - request incomplete
              echo $request_incomplete;
              exit;
            }
        break;
        case "time_limited_alias":
          process_add_return(mailbox('add', 'time_limited_alias', $attr));
        break;
@ -350,29 +392,13 @@ if (isset($_GET['query'])) {
        exit();
      }
      switch ($category) {
-        case "u2f-registration":
+        // fido2
          header('Content-Type: application/javascript');
          if (isset($_SESSION["mailcow_cc_role"]) && $_SESSION["mailcow_cc_username"] == $object) {
            list($req, $sigs) = $u2f->getRegisterData(get_u2f_registrations($object));
            $_SESSION['regReq'] = json_encode($req);
            $_SESSION['regSigs'] = json_encode($sigs);
            echo 'var req = ' . json_encode($req) . ';';
            echo 'var registeredKeys = ' . json_encode($sigs) . ';';
            echo 'var appId = req.appId;';
            echo 'var registerRequests = [{version: req.version, challenge: req.challenge}];';
            return;
          }
          else {
            return;
          }
        break;
        // fido2-registration via GET
        case "fido2-registration":
          header('Content-Type: application/json');
          if (isset($_SESSION["mailcow_cc_role"])) {
              // Exclude existing CredentialIds, if any
              $excludeCredentialIds = fido2(array("action" => "get_user_cids"));
-              $createArgs = $WebAuthn->getCreateArgs($_SESSION["mailcow_cc_username"], $_SESSION["mailcow_cc_username"], $_SESSION["mailcow_cc_username"], 30, true, $GLOBALS['FIDO2_UV_FLAG_REGISTER'], $excludeCredentialIds);
+              $createArgs = $WebAuthn->getCreateArgs($_SESSION["mailcow_cc_username"], $_SESSION["mailcow_cc_username"], $_SESSION["mailcow_cc_username"], 30, true, $GLOBALS['FIDO2_UV_FLAG_REGISTER'], null, $excludeCredentialIds);
              print(json_encode($createArgs));
              $_SESSION['challenge'] = $WebAuthn->getChallenge();
              return;
@ -381,28 +407,6 @@ if (isset($_GET['query'])) {
            return;
          }
        break;
        case "u2f-authentication":
          header('Content-Type: application/javascript');
          if (isset($_SESSION['pending_mailcow_cc_username']) && $_SESSION['pending_mailcow_cc_username'] == $object) {
            $auth_data = $u2f->getAuthenticateData(get_u2f_registrations($object));
            $challenge = $auth_data[0]->challenge;
            $appId = $auth_data[0]->appId;
            foreach ($auth_data as $each) {
              $key = array(); // Empty array
              $key['version']   = $each->version;
              $key['keyHandle'] = $each->keyHandle;
              $registeredKey[]  = $key;
            }
            $_SESSION['authReq']  = json_encode($auth_data);
            echo 'var appId = "' . $appId . '";';
            echo 'var challenge = ' . json_encode($challenge) . ';';
            echo 'var registeredKeys = ' . json_encode($registeredKey) . ';';
            return;
          }
          else {
            return;
          }
        break;
        case "fido2-get-args":
          header('Content-Type: application/json');
          // Login without username, no ids!
@ -411,11 +415,57 @@ if (isset($_GET['query'])) {
            // return;
          // }
          $ids = NULL;
          $getArgs = $WebAuthn->getGetArgs($ids, 30, true, true, true, true, $GLOBALS['FIDO2_UV_FLAG_LOGIN']);
          print(json_encode($getArgs));
          $_SESSION['challenge'] = $WebAuthn->getChallenge();
          return;
        break;
        // webauthn two factor authentication
        case "webauthn-tfa-registration":
          if (isset($_SESSION["mailcow_cc_role"])) {
              // Exclude existing CredentialIds, if any
              $stmt = $pdo->prepare("SELECT `keyHandle` FROM `tfa` WHERE username = :username");
              $stmt->execute(array(':username' => $_SESSION['mailcow_cc_username']));
              $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
              while($row = array_shift($rows)) {
                $excludeCredentialIds[] = base64_decode($row['keyHandle']);
              }
              // getCreateArgs($userId, $userName, $userDisplayName, $timeout=20, $requireResidentKey=false, $requireUserVerification=false, $crossPlatformAttachment=null, $excludeCredentialIds=array())
              // cross-platform: true, if type internal is not allowed
              //        false, if only internal is allowed
              //        null, if internal and cross-platform is allowed
              $createArgs = $WebAuthn->getCreateArgs($_SESSION["mailcow_cc_username"], $_SESSION["mailcow_cc_username"], $_SESSION["mailcow_cc_username"], 30, false, $GLOBALS['WEBAUTHN_UV_FLAG_REGISTER'], null, $excludeCredentialIds);
              print(json_encode($createArgs));
              $_SESSION['challenge'] = $WebAuthn->getChallenge();
              return;
          }
          else {
            return;
          }
        break;
        case "webauthn-tfa-get-args":
          $stmt = $pdo->prepare("SELECT `keyHandle` FROM `tfa` WHERE username = :username");
          $stmt->execute(array(':username' => $_SESSION['pending_mailcow_cc_username']));
          $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
          while($row = array_shift($rows)) {
            $cids[] = base64_decode($row['keyHandle']);
          }
          if (count($cids) == 0) {
            print(json_encode(array(
                'type' => 'error',
                'msg' => 'Cannot find matching credentialIds'
            )));
          }
          $getArgs = $WebAuthn->getGetArgs($cids, 30, true, true, true, true, $GLOBALS['WEBAUTHN_UV_FLAG_LOGIN']);
          $getArgs->publicKey->extensions = array('appid' => "https://".$getArgs->publicKey->rpId);
          print(json_encode($getArgs));
          $_SESSION['challenge'] = $WebAuthn->getChallenge();
          return;
        break;
      }
      if (isset($_SESSION['mailcow_cc_role'])) {
        switch ($category) {
--- a/data/web/lang/lang.ca.json
+++ b/data/web/lang/lang.ca.json
@ -66,7 +66,6 @@
        "add_domain_admin": "Afegir Administrador del dominio",
        "add_forwarding_host": "Afegir Forwarding Host",
        "add_relayhost": "Afegir Relayhost",
        "add_relayhost_add_hint": "Tingues en compte que les dades d'autenticació al relayhost es desaran sense xifrar.",
        "add_row": "Afegir fila",
        "additional_rows": " files addicionals afegides",
        "admin": "Administrador",
@ -118,10 +117,6 @@
        "password": "Contrasenya",
        "password_repeat": "Confirmació de la contrasenya (repetir)",
        "private_key": "Clau privada",
        "quarantaine": "Quarantena",
        "quarantaine_exclude_domains": "Excloure els dominis i àlies de domini:",
        "quarantaine_max_size": "Mida màxima en MiB (més grans es descarten):",
        "quarantaine_retention_size": "Retentions per mailbox:",
        "quarantine": "Quarantena",
        "recipients": "Recipients",
        "refresh": "Refrescar",
@ -269,8 +264,7 @@
        "delete_these_items": "Si et plau confirma els canvis al objecte amb id:",
        "loading": "Si et plau espera ...",
        "restart_container_info": "<b>Important:</b> Un reinici pot trigar una estona, si et plau espera a que acabi.",
-        "restart_now": "Reiniciar ara",
+        "restart_now": "Reiniciar ara"
        "restart_sogo": "Reiniciar SOGo"
    },
    "header": {
        "administration": "Administració",
@ -304,7 +298,6 @@
        "add_mailbox": "Afegir bústia",
        "add_recipient_map_entry": "Afegir 'Recipient map'",
        "add_resource": "Afegir recurs",
        "add_sender_map_entry": "Afegir 'Sender map'",
        "address_rewriting": "Re-escriptura d'adreces",
        "alias": "Àlies",
        "aliases": "Àlies",
@ -450,9 +443,9 @@
        "set_tfa": "Definir el mètode d'autenticació de dos factors",
        "tfa": "Autenticació de dos factors",
        "totp": "OTP basat en temps (Google Authenticator etc.)",
-        "u2f": "Autenticació U2F",
+        "webauthn": "Autenticació WebAuthn",
-        "waiting_usb_auth": "<i>Esperant el dispositiu USB...</i><br><br>Apreta el botó del teu dispositiu USB U2F ara.",
+        "waiting_usb_auth": "<i>Esperant el dispositiu USB...</i><br><br>Apreta el botó del teu dispositiu USB WebAuthn ara.",
-        "waiting_usb_register": "<i>Esperant el dispositiu USB...</i><br><br>Posa el teu password i confirma el registre del teu U2F apretant el botó del teu dispositiiu USB U2F.",
+        "waiting_usb_register": "<i>Esperant el dispositiu USB...</i><br><br>Posa el teu password i confirma el registre del teu WebAuthn apretant el botó del teu dispositiiu USB WebAuthn.",
        "yubi_otp": "Autenticació OTP de Yubico"
    },
    "user": {
@ -492,7 +485,6 @@
        "mailbox_details": "Detalls de la bústia",
        "messages": "missatges",
        "new_password": "Contrasenya nova:",
        "new_password_description": "Requisits: 6 caracters, lletres i números.",
        "new_password_repeat": "Confirmació de la contrasenya nova:",
        "no_active_filter": "Actualment no hi ha cap filtre",
        "no_record": "Sense registre",
--- a/data/web/lang/lang.cs.json
+++ b/data/web/lang/lang.cs.json
@ -454,7 +454,7 @@
        "tls_policy_map_parameter_invalid": "Parametr pravidel TLS je neplatný",
        "totp_verification_failed": "TOTP ověření selhalo",
        "transport_dest_exists": "Transportní cíl \"%s\" již existuje",
-        "u2f_verification_failed": "U2F ověření selhalo: %s",
+        "webauthn_verification_failed": "WebAuthn ověření selhalo: %s",
        "unknown": "Došlo k neznámé chybě",
        "unknown_tfa_method": "Neznámá 2FA metoda",
        "unlimited_quota_acl": "Neomeznou kvótu nepovoluje seznam oprávnění ACL",
@ -467,7 +467,7 @@
        "chart_this_server": "Graf (tento server)",
        "containers_info": "Informace o kontejnerech",
        "disk_usage": "Využití disku",
-        "docs": "Dokumentace",
+        "docs": "Dokumentů",
        "external_logs": "Externí logy",
        "history_all_servers": "Záznam (všechny servery)",
        "in_memory_logs": "Logy v paměti",
@ -703,11 +703,11 @@
        "bcc_to_rcpt": "Přepnout typ na Přijatý e-mail",
        "bcc_to_sender": "Přepnout typ na Odeslaný e-mail",
        "bcc_type": "Typ skryté kopie",
-        "booking_0": "Vždy volno",
+        "booking_null": "Vždy volno",
        "booking_0_short": "Vždy volno",
        "booking_custom": "Omezeno na pevný počet rezervací",
        "booking_custom_short": "Pevný limit",
-        "booking_lt0": "Neomezeno, ale po rezervaci se ukazuje jako obsazené",
+        "booking_ltnull": "Neomezeno, ale po rezervaci se ukazuje jako obsazené",
        "booking_lt0_short": "Volný limit",
        "catch_all": "Doménový koš",
        "daily": "Každý den",
@ -972,7 +972,7 @@
        "upload_success": "Soubor úspěšně nahrán",
        "verified_fido2_login": "Ověřené FIDO2 přihlášení",
        "verified_totp_login": "TOTP přihlášení ověřeno",
-        "verified_u2f_login": "U2F přihlášení ověřeno",
+        "verified_webauthn_login": "WebAuthn přihlášení ověřeno",
        "verified_yotp_login": "Yubico OTP přihlášení ověřeno"
    },
    "tfa": {
@ -983,7 +983,7 @@
        "disable_tfa": "Zakázat 2FA do příštího úspěšného přihlášení",
        "enter_qr_code": "Kód TOTP, pokud zařízení neumí číst QR kódy",
        "error_code": "Kód chyby",
-        "init_u2f": "Probíhá inicializace, čekejte...",
+        "init_webauthn": "Probíhá inicializace, čekejte...",
        "key_id": "Identifikátor YubiKey",
        "key_id_totp": "Identifikátor klíče",
        "none": "Deaktivovat",
@ -991,13 +991,13 @@
        "scan_qr_code": "Prosím načtěte následující kód svou aplikací na ověření nebo zadejte kód ručně.",
        "select": "Prosím vyberte...",
        "set_tfa": "Nastavení způsobu dvoufaktorového ověření",
-        "start_u2f_validation": "Zahájit inicializaci",
+        "start_webauthn_validation": "Zahájit inicializaci",
        "tfa": "Dvoufaktorové ověření (TFA)",
        "tfa_token_invalid": "Neplatný TFA token",
        "totp": "Časově založené OTP (Google Authenticator, Authy apod.)",
-        "u2f": "U2F ověření",
+        "webauthn": "WebAuthn ověření",
-        "waiting_usb_auth": "<i>Čeká se na USB zařízení...</i><br><br>Prosím stiskněte tlačítko na svém U2F USB zařízení.",
+        "waiting_usb_auth": "<i>Čeká se na USB zařízení...</i><br><br>Prosím stiskněte tlačítko na svém WebAuthn USB zařízení.",
-        "waiting_usb_register": "<i>Čeká se na USB zařízení...</i><br><br>Prosím zadejte své heslo výše a potvrďte U2F registraci stiskem tlačítka na svém U2F USB zařízení.",
+        "waiting_usb_register": "<i>Čeká se na USB zařízení...</i><br><br>Prosím zadejte své heslo výše a potvrďte WebAuthn registraci stiskem tlačítka na svém WebAuthn USB zařízení.",
        "yubi_otp": "Yubico OTP ověření"
    },
    "user": {
@ -1067,7 +1067,6 @@
        "months": "měsíce",
        "never": "Nikdy",
        "new_password": "Nové heslo",
        "new_password_description": "Požadavek: min. délka 6 znaků, písmena a čísla.",
        "new_password_repeat": "Potvrzení nového hesla (opakujte)",
        "no_active_filter": "Není k dispozici žádný aktivní filtr",
        "no_last_login": "Žádný záznam o přihlášení",
--- a/data/web/lang/lang.da.json
+++ b/data/web/lang/lang.da.json
@ -426,7 +426,7 @@
        "tls_policy_map_parameter_invalid": "Politikparameter er ugyldig",
        "totp_verification_failed": "Bekræftelse af TOTP mislykkedes",
        "transport_dest_exists": "Transport destination \"%s\" eksisterer",
-        "u2f_verification_failed": "U2F-bekræftelse mislykkedes: %s",
+        "webauthn_verification_failed": "WebAuthn-bekræftelse mislykkedes: %s",
        "fido2_verification_failed": "Bekræftelse af FIDO2 mislykkedes: %s",
        "unknown": "Der opstod en ukendt fejl",
        "unknown_tfa_method": "Ukendt TFA-metode",
@ -448,12 +448,7 @@
        "logs": "Logs",
        "restart_container": "Genstart",
        "solr_dead": "Solr starter, deaktiveres eller døde.",
        "solr_docs": "Dokumenter",
        "solr_last_modified": "Sidst ændret",
        "solr_size": "Størrelse",
        "solr_started_at": "Startede kl",
        "solr_status": "Solr-status",
        "solr_uptime": "Oppetid",
        "started_on": "Startede den",
        "static_logs": "Statiske logfiler",
        "system_containers": "System og Beholdere"
@ -644,11 +639,11 @@
        "bcc_to_rcpt": "Skift til modtagerens korttype",
        "bcc_to_sender": "Skift til afsenderkorttype",
        "bcc_type": "BCC-type",
-        "booking_0": "Vis altid som gratis",
+        "booking_null": "Vis altid som gratis",
        "booking_0_short": "Altid gratis",
        "booking_custom": "Hard-limit til et brugerdefineret antal bookinger",
        "booking_custom_short": "Hård grænse",
-        "booking_lt0": "Ubegrænset, men vis som optaget, når booket",
+        "booking_ltnull": "Ubegrænset, men vis som optaget, når booket",
        "booking_lt0_short": "Blød grænse",
        "daily": "Daglige",
        "deactivate": "Deaktiver",
@ -886,7 +881,7 @@
        "ui_texts": "Gemte ændringer til UI-tekster",
        "upload_success": "Filen blev uploadet",
        "verified_totp_login": "Bekræftet TOTP-login",
-        "verified_u2f_login": "Bekræftet U2F-login",
+        "verified_webauthn_login": "Bekræftet WebAuthn-login",
        "verified_fido2_login": "Bekræftet FIDO2-login",
        "verified_yotp_login": "Bekræftet Yubico OTP-login"
    },
@ -898,7 +893,7 @@
        "disable_tfa": "Deaktiver TFA indtil næste vellykkede login",
        "enter_qr_code": "Din TOTP kode hvis din enhed ikke kan scanne QR-koder",
        "error_code": "Fejl kode",
-        "init_u2f": "Initialiserer, vent venligst...",
+        "init_webauthn": "Initialiserer, vent venligst...",
        "key_id": "En identifikator til din YubiKey",
        "key_id_totp": "En identifikator for din nøgle",
        "none": "Deaktivere",
@ -906,11 +901,11 @@
        "scan_qr_code": "Scan venligst følgende kode med din godkendelsesapp, eller indtast koden manuelt.",
        "select": "Vælg venligst",
        "set_tfa": "Set 2-faktor godkendelses metoden",
-        "start_u2f_validation": "Start validering",
+        "start_webauthn_validation": "Start validering",
        "tfa": "2-faktor godkendelse",
        "tfa_token_invalid": "TFA nøgle ugyldig",
        "totp": "Tids-baseret OTP (Google Authenticator, Authy, etc.)",
-        "u2f": "U2F godkendelse",
+        "webauthn": "WebAuthn godkendelse",
        "waiting_usb_auth": "<i>Venter på USB-enhed...</i><br><br>Tryk let på knappen på din USB-enhed nu.",
        "waiting_usb_register": "<i>Venter på USB-enhed...</i><br><br>Indtast din adgangskode ovenfor, og bekræft din registrering ved at trykke på knappen på din USB-enhed.",
        "yubi_otp": "Yubico OTP godkendelse"
@ -983,7 +978,6 @@
        "messages": "beskeder",
        "never": "Aldrig",
        "new_password": "Nyt kodeord",
        "new_password_description": "Krav: 6 tegn lange, bogstaver og tal.",
        "new_password_repeat": "Bekræftelsesadgangskode (gentag)",
        "no_active_filter": "Intet aktivt filter tilgængeligt",
        "no_last_login": "Ingen sidste UI-loginoplysninger",
--- a/data/web/lang/lang.de.json
+++ b/data/web/lang/lang.de.json
@ -86,7 +86,7 @@
        "public_comment": "Öffentlicher Kommentar",
        "quota_mb": "Speicherplatz (MiB)",
        "relay_all": "Alle Empfänger-Adressen relayen",
-        "relay_all_info": "↪ Wenn <b>nicht</b> alle Empfänger-Adressen relayt werden sollen, müssen \"blinde\" Mailboxen für jede Adresse, die relayt werden soll, erstellen werden.",
+        "relay_all_info": "↪ Wenn <b>nicht</b> alle Empfänger-Adressen relayt werden sollen, müssen \"blinde\" Mailboxen für jede Adresse, die relayt werden soll, erstellt werden.",
        "relay_domain": "Diese Domain relayen",
        "relay_transport_info": "<div class=\"label label-info\">Info</div> Transport-Maps können erstellt werden, um individuelle Ziele für eine Relay-Domain zu definieren.",
        "relay_unknown_only": "Nur nicht-lokale Mailboxen relayen. Existente Mailboxen werden weiterhin lokal zugestellt.",
@ -120,7 +120,7 @@
        "add_domain_admin": "Domain-Administrator hinzufügen",
        "add_forwarding_host": "Weiterleitungs-Host hinzufügen",
        "add_relayhost": "Senderabhängigen Transport hinzufügen",
-        "add_relayhost_hint": "Bitte beachten Sie, dass Anmeldedaten unverschlüsselt gespeichert werden.<br>\r\n  Angelegte Transporte dieser Art sind <b>senderabhängig</b> und müssen erst einer Domain zugewiesen werden, bevor sie als Transport verwendet werden.<br>\r\n  Diese Einstellungen entsprechen demnach <i>nicht</i> dem \"relayhost\" Parameter in Postfix.",
+        "add_relayhost_hint": "Bitte beachten Sie, dass Anmeldedaten unverschlüsselt gespeichert werden.<br>\nAngelegte Transporte dieser Art sind <b>senderabhängig</b> und müssen erst einer Domain zugewiesen werden, bevor sie als Transport verwendet werden.<br>\nDiese Einstellungen entsprechen demnach <i>nicht</i> dem \"relayhost\" Parameter in Postfix.",
        "add_row": "Reihe hinzufügen",
        "add_settings_rule": "Rspamd-Regel hinzufügen",
        "add_transport": "Transport hinzufügen",
@ -339,7 +339,11 @@
        "username": "Benutzername",
        "validate_license_now": "GUID erneut verifizieren",
        "verify": "Verifizieren",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
        "oauth2_add_client": "Füge OAuth2 Client hinzu",
        "api_read_only": "Schreibgeschützter Zugriff",
        "api_read_write": "Lese-Schreib-Zugriff",
        "oauth2_apps": "OAuth2 Apps"
    },
    "danger": {
        "access_denied": "Zugriff verweigert oder unvollständige/ungültige Daten",
@ -451,7 +455,7 @@
        "tls_policy_map_parameter_invalid": "Parameter ist ungültig",
        "totp_verification_failed": "TOTP-Verifizierung fehlgeschlagen",
        "transport_dest_exists": "Transport-Maps-Ziel \"%s\" existiert bereits",
-        "u2f_verification_failed": "U2F-Verifizierung fehlgeschlagen: %s",
+        "webauthn_verification_failed": "WebAuthn-Verifizierung fehlgeschlagen: %s",
        "unknown": "Ein unbekannter Fehler trat auf",
        "unknown_tfa_method": "Unbekannte TFA-Methode",
        "unlimited_quota_acl": "Unendliche Quota untersagt durch ACL",
@ -638,7 +642,8 @@
        "restart_container": "Container neustarten",
        "restart_container_info": "<b>Wichtig:</b> Der Neustart eines Containers kann eine Weile in Anspruch nehmen.",
        "restart_now": "Jetzt neustarten",
-        "restarting_container": "Container wird neugestartet, bitte warten..."
+        "restarting_container": "Container wird neugestartet, bitte warten...",
        "hibp_check": "Gegen haveibeenpwned.com prüfen"
    },
    "header": {
        "administration": "Server-Konfiguration",
@ -703,11 +708,11 @@
        "bcc_to_rcpt": "Map empfängerabhängig verwenden",
        "bcc_to_sender": "Map senderabhängig verwenden",
        "bcc_type": "BCC-Typ",
-        "booking_0": "Immer als verfügbar anzeigen",
+        "booking_null": "Immer als verfügbar anzeigen",
        "booking_0_short": "Immer verfügbar",
        "booking_custom": "Benutzerdefiniertes Limit",
        "booking_custom_short": "Hartes Limit",
-        "booking_lt0": "Unbegrenzt, jedoch anzeigen, wenn gebucht",
+        "booking_ltnull": "Unbegrenzt, jedoch anzeigen, wenn gebucht",
        "booking_lt0_short": "Weiches Limit",
        "daily": "Täglich",
        "deactivate": "Deaktivieren",
@ -805,7 +810,23 @@
        "username": "Benutzername",
        "waiting": "Wartend",
        "weekly": "Wöchentlich",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
        "goto_ham": "Lerne als <b>Ham</b>",
        "goto_spam": "Lerne als <b>Spam</b>",
        "open_logs": "Öffne Logs",
        "recipient": "Empfänger",
        "sender": "Sender",
        "syncjob_EX_OK": "Erfolg",
        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Falscher Benutzername oder Passwort",
        "syncjob_check_log": "Logs überprüfen",
        "all_domains": "Alle Domains",
        "catch_all": "Catch-All",
        "syncjob_last_run_result": "Letztes Ausführungsergebnis",
        "syncjob_EXIT_CONNECTION_FAILURE": "Verbindungsproblem",
        "syncjob_EXIT_TLS_FAILURE": "Problem mit verschlüsselter Verbindung",
        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Authentifizierungsproblem",
        "syncjob_EXIT_OVERQUOTA": "Ziel Mailbox ist über dem Limit",
        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Kann keine Verbindung zum Zielserver herstellen"
    },
    "oauth2": {
        "access_denied": "Bitte als Mailbox-Nutzer einloggen, um den Zugriff via OAuth2 zu erlauben.",
@ -950,7 +971,7 @@
        "upload_success": "Datei wurde erfolgreich hochgeladen",
        "verified_fido2_login": "FIDO2-Anmeldung verifiziert",
        "verified_totp_login": "TOTP-Anmeldung verifiziert",
-        "verified_u2f_login": "U2F-Anmeldung verifiziert",
+        "verified_webauthn_login": "WebAuthn-Anmeldung verifiziert",
        "verified_yotp_login": "Yubico-OTP-Anmeldung verifiziert"
    },
    "tfa": {
@ -961,19 +982,21 @@
        "disable_tfa": "Deaktiviere 2FA bis zur nächsten erfolgreichen Anmeldung",
        "enter_qr_code": "Falls Sie den angezeigten QR-Code nicht scannen können, verwenden Sie bitte nachstehenden Sicherheitsschlüssel",
        "error_code": "Fehlercode",
-        "init_u2f": "Initialisiere, bitte warten...",
+        "init_webauthn": "Initialisiere, bitte warten...",
-        "key_id": "Ein Namen für diesen YubiKey",
+        "key_id": "Ein Namen für dieses Gerät",
        "key_id_totp": "Ein eindeutiger Name",
        "none": "Deaktiviert",
        "reload_retry": "- (bei persistierendem Fehler, bitte Browserfenster neu laden)",
        "scan_qr_code": "Bitte scannen Sie jetzt den angezeigten QR-Code:",
        "select": "Bitte auswählen",
        "set_tfa": "Konfiguriere Zwei-Faktor-Authentifizierungsmethode",
-        "start_u2f_validation": "Starte Validierung",
+        "start_webauthn_validation": "Starte Validierung",
        "tfa": "Zwei-Faktor-Authentifizierung",
        "tfa_token_invalid": "TFA-Token ungültig!",
        "totp": "Time-based-OTP (Google Authenticator etc.)",
-        "u2f": "U2F-Authentifizierung",
+        "u2f_deprecated": "Es sieht so aus als wurde der Schlüssel mit der alten U2F Methode registriert. Wir werden die Zwei-Faktor-Authentifizierung deaktivieren und deinen Schlüssel löschen.",
        "u2f_deprecated_important": "Bitte registriere den Schlüssel im Adminbereich mit der neuen WebAuthn Methode.",
        "webauthn": "WebAuthn-Authentifizierung",
        "waiting_usb_auth": "<i>Warte auf USB-Gerät...</i><br><br>Bitte jetzt den vorgesehenen Taster des USB-Gerätes berühren.",
        "waiting_usb_register": "<i>Warte auf USB-Gerät...</i><br><br>Bitte zuerst das obere Passwortfeld ausfüllen und erst dann den vorgesehenen Taster des USB-Gerätes berühren.",
        "yubi_otp": "Yubico OTP-Authentifizierung"
@ -1000,7 +1023,9 @@
        "apple_connection_profile": "Apple-Verbindungsprofil",
        "apple_connection_profile_complete": "Dieses Verbindungsprofil beinhaltet neben IMAP- und SMTP-Konfigurationen auch Pfade für die Konfiguration von CalDAV (Kalender) und CardDAV (Adressbücher) für ein Apple-Gerät.",
        "apple_connection_profile_mailonly": "Dieses Verbindungsprofil beinhaltet IMAP- und SMTP-Konfigurationen für ein Apple-Gerät.",
        "apple_connection_profile_with_app_password": "Es wird ein neues App-Passwort erzeugt und in das Profil eingefügt, damit bei der Einrichtung kein Passwort eingegeben werden muss. Geben Sie das Profil nicht weiter, da es einen vollständigen Zugriff auf Ihr Postfach ermöglicht.",
        "change_password": "Passwort ändern",
        "change_password_hint_app_passwords": "Ihre Mailbox hat {{number_of_app_passwords}} App-Passwörter, die nicht geändert werden. Um diese zu verwalten, gehen Sie bitte zum App-Passwörter-Tab.",
        "clear_recent_successful_connections": "Alle erfolgreichen Verbindungen bereinigen",
        "client_configuration": "Konfigurationsanleitungen für E-Mail-Programme und Smartphones anzeigen",
        "create_app_passwd": "Erstelle App-Passwort",
@ -1123,8 +1148,19 @@
        "week": "Woche",
        "weekly": "Wöchentlich",
        "weeks": "Wochen",
        "with_app_password": "mit App-Passwort",
        "year": "Jahr",
-        "years": "Jahren"
+        "years": "Jahren",
        "syncjob_EX_OK": "Erfolg",
        "open_logs": "Öffne Logs",
        "syncjob_check_log": "Logs überprüfen",
        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Kann keine Verbindung zum Zielserver herstellen",
        "syncjob_EXIT_OVERQUOTA": "Ziel Mailbox ist über dem Limit",
        "syncjob_last_run_result": "Letztes Ausführungsergebnis",
        "syncjob_EXIT_CONNECTION_FAILURE": "Verbindungsproblem",
        "syncjob_EXIT_TLS_FAILURE": "Problem mit verschlüsselter Verbindung",
        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Authentifizierungsproblem",
        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Falscher Benutzername oder Passwort"
    },
    "warning": {
        "cannot_delete_self": "Kann derzeit eingeloggten Benutzer nicht entfernen",
@ -1138,5 +1174,12 @@
        "quota_exceeded_scope": "Domain-Quota erschöpft: Es können nur noch unlimitierte Mailboxen in dieser Domain erstellt werden.",
        "session_token": "Formular-Token ungültig: Token stimmt nicht überein",
        "session_ua": "Formular-Token ungültig: User-Agent-Validierungsfehler"
    },
    "ratelimit": {
        "disabled": "Deaktiviert",
        "minute": "Nachrichten / Minute",
        "second": "Nachrichten / Sekunde",
        "hour": "Nachrichten / Stunde",
        "day": "Nachrichten / Tag"
    }
 }
--- a/data/web/lang/lang.en.json
+++ b/data/web/lang/lang.en.json
@ -455,7 +455,7 @@
        "tls_policy_map_parameter_invalid": "Policy parameter is invalid",
        "totp_verification_failed": "TOTP verification failed",
        "transport_dest_exists": "Transport destination \"%s\" exists",
-        "u2f_verification_failed": "U2F verification failed: %s",
+        "webauthn_verification_failed": "WebAuthn verification failed: %s",
        "unknown": "An unknown error occurred",
        "unknown_tfa_method": "Unknown TFA method",
        "unlimited_quota_acl": "Unlimited quota prohibited by ACL",
@ -489,9 +489,7 @@
        "success": "Success",
        "system_containers": "System & Containers",
        "uptime": "Uptime",
-        "username": "Username",
+        "username": "Username"
        "xmpp_dead": "XMPP is starting, disabled or died.",
        "xmpp_status": "XMPP status"
    },
    "diagnostics": {
        "cname_from_a": "Value derived from A/AAAA record. This is supported as long as the record points to the correct resource.",
@ -615,16 +613,7 @@
        "title": "Edit object",
        "unchanged_if_empty": "If unchanged leave blank",
        "username": "Username",
-        "validate_save": "Validate and save",
+        "validate_save": "Validate and save"
        "xmpp": "Activate XMPP for this domain",
        "xmpp_access": "XMPP access",
        "xmpp_access_info": "XMPP must be enabled for this domain.",
        "xmpp_admin": "XMPP administrator",
        "xmpp_admin_info": "<b>Danger:</b> Promotes a user to an XMPP administrator of this domain.",
        "xmpp_example_jid": "<b>Example JID</b> (login with mailbox password)",
        "xmpp_info": "This function will enable chat functionality for this domain.",
        "xmpp_prefix": "XMPP prefix for domain (\"im\" to use <b>im</b>.example.org)",
        "xmpp_prefix_info": "To request certificates for XMPP, two CNAME DNS records should point from <b>im</b>.example.org as well as <b>*.im</b>.example.org to <b>%s</b>. Please also run the DNS check for this domain after enabling XMPP."
    },
    "fido2": {
        "confirm": "Confirm",
@ -720,11 +709,11 @@
        "bcc_to_rcpt": "Switch to recipient map type",
        "bcc_to_sender": "Switch to sender map type",
        "bcc_type": "BCC type",
-        "booking_0": "Always show as free",
+        "booking_null": "Always show as free",
        "booking_0_short": "Always free",
        "booking_custom": "Hard-limit to a custom amount of bookings",
        "booking_custom_short": "Hard limit",
-        "booking_lt0": "Unlimited, but show as busy when booked",
+        "booking_ltnull": "Unlimited, but show as busy when booked",
        "booking_lt0_short": "Soft limit",
        "catch_all": "Catch-All",
        "daily": "Daily",
@ -989,11 +978,8 @@
        "upload_success": "File uploaded successfully",
        "verified_fido2_login": "Verified FIDO2 login",
        "verified_totp_login": "Verified TOTP login",
-        "verified_u2f_login": "Verified U2F login",
+        "verified_webauthn_login": "Verified WebAuthn login",
-        "verified_yotp_login": "Verified Yubico OTP login",
+        "verified_yotp_login": "Verified Yubico OTP login"
        "xmpp_maps_updated": "XMPP maps were updated",
        "xmpp_reloaded": "XMPP service was reloaded",
        "xmpp_restarted": "XMPP service was restarted"
    },
    "tfa": {
        "api_register": "%s uses the Yubico Cloud API. Please get an API key for your key <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">here</a>",
@ -1003,19 +989,21 @@
        "disable_tfa": "Disable TFA until next successful login",
        "enter_qr_code": "Your TOTP code if your device cannot scan QR codes",
        "error_code": "Error code",
-        "init_u2f": "Initializing, please wait...",
+        "init_webauthn": "Initializing, please wait...",
-        "key_id": "An identifier for your YubiKey",
+        "key_id": "An identifier for your Device",
        "key_id_totp": "An identifier for your key",
        "none": "Deactivate",
        "reload_retry": "- (reload browser if the error persists)",
        "scan_qr_code": "Please scan the following code with your authenticator app or enter the code manually.",
        "select": "Please select",
        "set_tfa": "Set two-factor authentication method",
-        "start_u2f_validation": "Start validation",
+        "start_webauthn_validation": "Start validation",
        "tfa": "Two-factor authentication",
        "tfa_token_invalid": "TFA token invalid",
        "totp": "Time-based OTP (Google Authenticator, Authy, etc.)",
-        "u2f": "U2F authentication",
+        "u2f_deprecated": "It seems that your Key was registered using the deprecated U2F method. We will deactivate Two-Factor-Authenticaiton for you and delete your Key.",
        "u2f_deprecated_important": "Please register your Key in the admin panel with the new WebAuthn method.",
        "webauthn": "WebAuthn authentication",
        "waiting_usb_auth": "<i>Waiting for USB device...</i><br><br>Please tap the button on your USB device now.",
        "waiting_usb_register": "<i>Waiting for USB device...</i><br><br>Please enter your password above and confirm your registration by tapping the button on your USB device.",
        "yubi_otp": "Yubico OTP authentication"
@ -1042,7 +1030,9 @@
        "apple_connection_profile": "Apple connection profile",
        "apple_connection_profile_complete": "This connection profile includes IMAP and SMTP parameters as well as CalDAV (calendars) and CardDAV (contacts) paths for an Apple device.",
        "apple_connection_profile_mailonly": "This connection profile includes IMAP and SMTP configuration parameters for an Apple device.",
        "apple_connection_profile_with_app_password": "A new app password is generated and added to the profile so that no password needs to be entered when setting up your device. Please do not share the file as it grants full access to your mailbox.",
        "change_password": "Change password",
        "change_password_hint_app_passwords": "Your account has {{number_of_app_passwords}} app passwords that will not be changed. To manage these, go to the App passwords tab.",
        "clear_recent_successful_connections": "Clear seen successful connections",
        "client_configuration": "Show configuration guides for email clients and smartphones",
        "create_app_passwd": "Create app password",
@ -1175,6 +1165,7 @@
        "week": "week",
        "weekly": "Weekly",
        "weeks": "weeks",
        "with_app_password": "with app password",
        "year": "year",
        "years": "years"
    },
--- a/data/web/lang/lang.es.json
+++ b/data/web/lang/lang.es.json
@ -263,9 +263,6 @@
        "domain_not_empty": "No se puede eliminar un dominio que no esté vacío",
        "domain_not_found": "Dominio no encontrado",
        "domain_quota_m_in_use": "Cuota del dominio debe ser mayor o igual a %d MiB",
        "fetchmail_active": "Un proceso ya se está ejecutando, por favor espera a que termine.",
        "fetchmail_dest_empty": "Por favor define una carpeta destino",
        "fetchmail_source_empty": "Por favor define una carpeta fuente",
        "filter_type": "Tipo de filtro incorrecto",
        "from_invalid": "Remitente no puede estar vacío",
        "goto_empty": "Dirección \"goto\" no debe estar vacía",
@ -326,7 +323,7 @@
        "tls_policy_map_parameter_invalid": "El parámetro de póliza no es válido.",
        "totp_verification_failed": "Verificación TOTP fallida",
        "transport_dest_exists": "Destino de la regla de transporte ya existe",
-        "u2f_verification_failed": "Verificación U2F fallida: %s",
+        "webauthn_verification_failed": "Verificación WebAuthn fallida: %s",
        "unknown": "Se produjo un error desconocido",
        "unknown_tfa_method": "Método TFA desconocido",
        "unlimited_quota_acl": "Cuota ilimitada restringida por controles administrativos",
@ -434,9 +431,7 @@
        "hibp_nok": "¡Se encontró coincidencia - esta es una contraseña <b>no segura</b>, selecciona otra!",
        "hibp_ok": "No se encontraron coincidencias",
        "loading": "Espera por favor...",
-        "restart_now": "Reiniciar ahora",
+        "restart_now": "Reiniciar ahora"
        "restart_sogo": "Reiniciar SOGo",
        "restart_sogo_info": "Algunas tareas, por ejemplo agregar un dominio, requieren que se reinicie SOGo para detectar cambios hechos en la UI de mailcow.<br><br><b>Importante:</b> Un reinicio sencillo puede tardar un poco en completarse, por favor espera a que termine."
    },
    "header": {
        "administration": "Administración",
@ -449,18 +444,12 @@
    },
    "info": {
        "awaiting_tfa_confirmation": "En espera de confirmación de TFA",
        "fetchmail_planned": "La tarea para buscar correos se ha planeado. Por favor verifica el proceso más tarde.",
        "no_action": "No hay acción aplicable"
    },
    "login": {
        "confirm": "Confirmar",
        "delayed": "El inicio de sesión ha sido retrasado %s segundos.",
        "login": "Inicio de sesión",
        "otp": "Contraseña de un solo uso",
        "password": "Contraseña",
        "tfa": "Autenticación de dos factores",
        "tfa_details": "Por favor confirma tu contraseña de un solo uso en el campo de abajo",
        "trash_login": "Inicio de sesión basura",
        "username": "Nombre de usuario"
    },
    "mailbox": {
@ -495,11 +484,11 @@
        "bcc_to_rcpt": "Cambiar tipo de regla a 'Destinatario'",
        "bcc_to_sender": "Cambiar tipo de regla a 'Remitente'",
        "bcc_type": "Tipo de BCC",
-        "booking_0": "Mostrar siempre disponible",
+        "booking_null": "Mostrar siempre disponible",
        "booking_0_short": "Siempre disponible",
        "booking_custom": "Límite pre-establecido de reservas",
        "booking_custom_short": "Límite estricto",
-        "booking_lt0": "Sín limite, pero mostrar ocupado cuando esté reservado",
+        "booking_ltnull": "Sín limite, pero mostrar ocupado cuando esté reservado",
        "booking_lt0_short": "Ocupado cuando en uso",
        "daily": "Cada día",
        "deactivate": "Desactivar",
@ -660,7 +649,7 @@
        "tls_policy_map_entry_deleted": "Regla de póliza de TLS con ID %s ha sido elimindada",
        "tls_policy_map_entry_saved": "Regla de póliza de TLS \"%s\" ha sido guardada",
        "verified_totp_login": "Inicio de sesión TOTP verificado",
-        "verified_u2f_login": "Inicio de sesión U2F verificado",
+        "verified_webauthn_login": "Inicio de sesión WebAuthn verificado",
        "verified_yotp_login": "Inicio de sesión Yubico OTP verificado"
    },
    "tfa": {
@ -678,9 +667,9 @@
        "set_tfa": "Establecer el método de autenticación de dos factores",
        "tfa": "Autenticación de dos factores",
        "totp": "OTP basado en tiempo (Google Authenticator, Authy, etc.)",
-        "u2f": "Autenticación U2F",
+        "webauthn": "Autenticación WebAuthn",
-        "waiting_usb_auth": "<i>Esperando al dispositivo USB...</i><br><br>Toque el botón en su dispositivo USB U2F ahora.",
+        "waiting_usb_auth": "<i>Esperando al dispositivo USB...</i><br><br>Toque el botón en su dispositivo USB WebAuthn ahora.",
-        "waiting_usb_register": "<i>Esperando al dispositivo USB....</i><br><br>Ingrese su contraseña arriba y confirme su registro U2F tocando el botón en su dispositivo USB U2F.",
+        "waiting_usb_register": "<i>Esperando al dispositivo USB....</i><br><br>Ingrese su contraseña arriba y confirme su registro WebAuthn tocando el botón en su dispositivo USB WebAuthn.",
        "yubi_otp": "Yubico OTP"
    },
    "user": {
@ -717,7 +706,6 @@
        "mailbox_details": "Detalles del buzón",
        "never": "Nunca",
        "new_password": "Nueva contraseña:",
        "new_password_description": "Requisitos: longitud de 6 caracteres, letras y números.",
        "new_password_repeat": "Confirmación de contraseña (repetir):",
        "no_record": "Sin registro",
        "password_now": "Contraseña actual (confirmar cambios):",
--- a/data/web/lang/lang.fi.json
+++ b/data/web/lang/lang.fi.json
@ -370,7 +370,7 @@
        "tls_policy_map_parameter_invalid": "Käytäntö parametri ei kelpaa",
        "totp_verification_failed": "TOTP-vahvistus epäonnistui",
        "transport_dest_exists": "Kuljetuksen määränpää \"%s\" olemassa",
-        "u2f_verification_failed": "U2F vahvistaminen epäonnistui: %s",
+        "webauthn_verification_failed": "WebAuthn vahvistaminen epäonnistui: %s",
        "unknown": "Ilmeni tuntematon virhe",
        "unknown_tfa_method": "Tuntematon TFA-menetelmä",
        "unlimited_quota_acl": "Rajoittamaton kiintiö kielletty ACL",
@ -557,11 +557,11 @@
        "bcc_to_rcpt": "Siirry vastaanottajan yhdistämis kartan tyyppi",
        "bcc_to_sender": "Vaihda lähettäjän kartan tyyppi",
        "bcc_type": "Piilo kopio-tyyppi",
-        "booking_0": "Näytä aina vapaana",
+        "booking_null": "Näytä aina vapaana",
        "booking_0_short": "Aina ilmainen",
        "booking_custom": "Rajoitettu määrä varauksia mukautettuun määrään",
        "booking_custom_short": "Kova raja",
-        "booking_lt0": "Rajoittamaton, mutta näytä varattu, kun varattu",
+        "booking_ltnull": "Rajoittamaton, mutta näytä varattu, kun varattu",
        "booking_lt0_short": "Pehmeä rajoitus",
        "daily": "Päivittäin",
        "deactivate": "Deaktivoi",
@ -754,7 +754,7 @@
        "ui_texts": "Tallennettu käyttöliittymätekstien muutokset",
        "upload_success": "Tiedosto ladattu onnistuneesti",
        "verified_totp_login": "Vahvistettu TOTP-kirjautuminen",
-        "verified_u2f_login": "Vahvistettu U2F kirjautuminen",
+        "verified_webauthn_login": "Vahvistettu WebAuthn kirjautuminen",
        "verified_yotp_login": "Vahvistettu Yubico OTP kirjautuminen"
    },
    "tfa": {
@ -765,7 +765,7 @@
        "disable_tfa": "Poista TFA käytöstä seuraavaan onnistuneen kirjautumisen jälkeen",
        "enter_qr_code": "TOTP-koodisi, jos laitteesi ei pysty tarkistamaan QR-koodeja",
        "error_code": "Virhekoodi",
-        "init_u2f": "Alustetaan, odota...",
+        "init_webauthn": "Alustetaan, odota...",
        "key_id": "Tunniste YubiKey",
        "key_id_totp": "Avaimen tunnus",
        "none": "Poista",
@ -773,12 +773,12 @@
        "scan_qr_code": "Tarkista seuraava koodi Authenticator-sovelluksella tai Syötä koodi manuaalisesti.",
        "select": "Valitse",
        "set_tfa": "Määritä kaksiosainen todennus menetelmä",
-        "start_u2f_validation": "Aloita oikeellisuus tarkistus",
+        "start_webauthn_validation": "Aloita oikeellisuus tarkistus",
        "tfa": "Kaksiosainen todennus",
        "totp": "Aikapohjainen OTP (Google Authenticator, Authy jne.)",
-        "u2f": "U2F todennus",
+        "webauthn": "WebAuthn todennus",
-        "waiting_usb_auth": "<i>Odotetaan USB-laitetta...</i><br><br>Napauta painiketta U2F USB-laitteessa nyt",
+        "waiting_usb_auth": "<i>Odotetaan USB-laitetta...</i><br><br>Napauta painiketta WebAuthn USB-laitteessa nyt",
-        "waiting_usb_register": "<i>Odotetaan USB-laitetta...</i><br><br>Anna salasanasi yltä ja vahvista U2F-rekisteröinti napauttamalla painiketta U2F USB-laitteessa.",
+        "waiting_usb_register": "<i>Odotetaan USB-laitetta...</i><br><br>Anna salasanasi yltä ja vahvista WebAuthn-rekisteröinti napauttamalla painiketta WebAuthn USB-laitteessa.",
        "yubi_otp": "Yubico OTP-todennus"
    },
    "user": {
@ -822,7 +822,6 @@
        "messages": "Kpl viestejä yhteensä",
        "never": "Ei koskaan",
        "new_password": "Uusi salasana",
        "new_password_description": "Vaatimus: 6 merkkiä pitkä, kirjaimia ja numeroita.",
        "new_password_repeat": "Vahvista salasana (anna uudelleen)",
        "no_active_filter": "Aktiivisia suodattimia ei ole käytettävissä",
        "no_record": "Ei tietuetta",
--- a/data/web/lang/lang.fr.json
+++ b/data/web/lang/lang.fr.json
@ -259,7 +259,7 @@
        "recipients": "Destinataires",
        "refresh": "Rafraîchir",
        "regen_api_key": "Regénérer la clé API",
-		"regex_maps": "Cartes Regex (Regex = expression régulière)",
+        "regex_maps": "Cartes Regex (expression régulière)",
        "relay_from": "\"De:\" adresse",
        "relay_run": "Lancer le test",
        "relayhosts": "Transports  de l’expéditeur",
@ -430,7 +430,7 @@
        "tls_policy_map_parameter_invalid": "Le paramètre Policy est invalide",
        "totp_verification_failed": "Echec de la vérification TOTP",
        "transport_dest_exists": "La destination de transport \"%s\" existe",
-		"u2f_verification_failed": "Echec de la vérification U2F: %s",
+        "webauthn_verification_failed": "Echec de la vérification WebAuthn: %s",
        "fido2_verification_failed": "La vérification FIDO2 a échoué: %s",
        "unknown": "Une erreur inconnue est survenue",
        "unknown_tfa_method": "Methode TFA inconnue",
@ -651,11 +651,11 @@
        "bcc_to_rcpt": "Passer au type de carte de destinataire",
        "bcc_to_sender": "Passer au type de carte de l'expéditeur",
        "bcc_type": "Type de BCC",
-		"booking_0": "Toujours montrer comme libre",
+        "booking_null": "Toujours montrer comme libre",
        "booking_0_short": "Toujours libre",
        "booking_custom": "Limite rigide à un nombre de réservations personnalisé",
        "booking_custom_short": "Limite rigide",
-		"booking_lt0": "Illimité, mais afficher aussi occupé lorsque réservé",
+        "booking_ltnull": "Illimité, mais afficher aussi occupé lorsque réservé",
        "booking_lt0_short": "Limite souple",
        "daily": "Quotidiennement",
        "deactivate": "Désactiver",
@ -699,7 +699,7 @@
        "private_comment": "Commentaire privé",
        "public_comment": "Commentaire public",
        "q_add_header": "Courriers indésirables",
-		"q_all": "Toutes les catégories",
+        "q_all": " quand déplacé dans le dossier spam ou rejeté",
        "q_reject": "Rejecté",
        "quarantine_notification": "Avis de quarantaine",
        "quarantine_category": "Catégorie de la notification de quarantaine",
@ -729,7 +729,7 @@
        "sogo_visible": "Alias visible dans SOGo",
        "sogo_visible_n": "Masquer alias dans SOGo",
        "sogo_visible_y": "Afficher alias dans SOGo",
-		"spam_aliases": "Alias temp.",
+        "spam_aliases": "Alias temporaire",
        "stats": "Statistiques",
        "status": "Statut",
        "sync_jobs": "Tâches de synchronisation",
@ -895,7 +895,7 @@
        "ui_texts": "Enregistrement des modifications apportées aux textes de l’interface utilisateur",
        "upload_success": "Fichier téléchargé avec succès",
        "verified_totp_login": "Authentification TOTP vérifiée",
-		"verified_u2f_login": "Authentification U2F vérifiée",
+        "verified_webauthn_login": "Authentification WebAuthn vérifiée",
        "verified_fido2_login": "Authentification FIDO2 vérifiée",
        "verified_yotp_login": "Authentification Yubico OTP vérifiée"
    },
@ -907,7 +907,7 @@
        "disable_tfa": "Désactiver TFA jusqu’à la prochaine ouverture de session réussie",
        "enter_qr_code": "Votre code TOTP si votre appareil ne peut pas scanner les codes QR",
        "error_code": "Code d'erreur",
-		"init_u2f": "Initialisation, veuillez patienter...",
+        "init_webauthn": "Initialisation, veuillez patienter...",
        "key_id": "Un identifiant pour votre Yubikey",
        "key_id_totp": "Un identifiant pour votre clé",
        "none": "Désactiver",
@ -915,13 +915,13 @@
        "scan_qr_code": "Veuillez scanner le code suivant avec votre application d’authentification ou entrer le code manuellement.",
        "select": "Veuillez sélectionner",
        "set_tfa": "Définir une méthode d’authentification à deux facteurs",
-		"start_u2f_validation": "Début de la validation",
+        "start_webauthn_validation": "Début de la validation",
        "tfa": "Authentification à deux facteurs",
        "tfa_token_invalid": "Token TFA invalide",
        "totp": "OTP (One Time Password = Mot de passe à usage unique : Google Authenticator, Authy, etc.)",
-		"u2f": "Authentification U2F",
+        "webauthn": "Authentification WebAuthn",
-		"waiting_usb_auth": "<i>En attente d’un périphérique USB...</i><br><br>S’il vous plaît appuyez maintenant sur le bouton de votre périphérique USB U2F.",
+        "waiting_usb_auth": "<i>En attente d’un périphérique USB...</i><br><br>S’il vous plaît appuyez maintenant sur le bouton de votre périphérique USB WebAuthn.",
-		"waiting_usb_register": "<i>En attente d’un périphérique USB...</i><br><br>Veuillez entrer votre mot de passe ci-dessus et confirmer votre inscription U2F en appuyant sur le bouton de votre périphérique USB U2F.",
+        "waiting_usb_register": "<i>En attente d’un périphérique USB...</i><br><br>Veuillez entrer votre mot de passe ci-dessus et confirmer votre inscription WebAuthn en appuyant sur le bouton de votre périphérique USB WebAuthn.",
        "yubi_otp": "Authentification OTP Yubico"
    },
    "fido2": {
@ -992,7 +992,6 @@
        "messages": "messages",
        "never": "jamais",
        "new_password": "Nouveau mot de passe",
 		"new_password_description": "Exigence: longueur de 6 caractères, lettres et nombres.",
        "new_password_repeat": "Confirmer le mot de passe (répéter)",
        "no_active_filter": "Aucun filtre actif disponible",
        "no_last_login": "Aucune dernière information de connexion à l'interface",
@ -1071,7 +1070,7 @@
    "warning": {
        "cannot_delete_self": "Impossible de supprimer l’utilisateur connecté",
        "domain_added_sogo_failed": "Ajout d’un domaine mais échec du redémarrage de Sogo, veuillez vérifier les journaux de votre serveur.",
-		"dovecot_restart_failed": "Dovecot n’a pas pu redémarrer, veuillez vérifier les journaux de votre serveur.",
+        "dovecot_restart_failed": "Dovecot n’a pas pu redémarrer, veuillez vérifier les journaux",
        "fuzzy_learn_error": "Erreur d’apprentissage du hachage flou: %s",
        "hash_not_found": "Hachage non trouvé ou déjà supprimé",
        "ip_invalid": "IP non valide ignorée: %s",
--- a/data/web/lang/lang.hu.json
+++ b/data/web/lang/lang.hu.json
@ -315,7 +315,6 @@
        "messages": "üzenetek",
        "never": "Soha",
        "new_password": "Új jelszó",
        "new_password_description": "Minimum követelmény: 6 karakter, betűk és számok.",
        "new_password_repeat": "Jelszó megerősítése",
        "no_active_filter": "Nincs aktív szűrő",
        "no_last_login": "Nincs információ az utolsó belépésről a felhasználói felületen",
@ -378,5 +377,13 @@
        "quota_exceeded_scope": "Domain kvóta átlépve: csak korlátok nélküli postafiókok hozhatók létre ebben a domain-ben.",
        "session_token": "Űrlap-token érvénytelen: Tokenek nem egyeznek",
        "session_ua": "Űrlap-token érvénytelen: User-Agent hitelesítési probléma"
    },
    "acl": {
        "delimiter_action": "Elhatárolás",
        "alias_domains": "Alias domainek hozzáadása",
        "app_passwds": "Alkalmazás jelszavak kezelése"
    },
    "diagnostics": {
        "dns_records": "DNS bejegyzések"
    }
 }
--- a/data/web/lang/lang.it.json
+++ b/data/web/lang/lang.it.json
@ -18,8 +18,8 @@
        "quarantine_attachments": "Allegati in quarantena",
        "quarantine_category": "Modifica la categoria delle notifiche di quarantena",
        "quarantine_notification": "Modifica notifiche quarantena",
-        "ratelimit": "Rate limit",
+        "ratelimit": "Limite di invio",
-        "recipient_maps": "Recipient maps",
+        "recipient_maps": "Mappe dei destinatari",
        "smtp_ip_access": "Modifica gli host consentiti per SMTP",
        "sogo_access": "Consenti la gestione dell'accesso SOGo",
        "sogo_profile_reset": "Ripristina profilo SOGo",
@ -27,7 +27,7 @@
        "spam_policy": "Blacklist/Whitelist",
        "spam_score": "Punteggio SPAM",
        "syncjobs": "Processi di sync",
-        "tls_policy": "TLS policy",
+        "tls_policy": "Politica TLS",
        "unlimited_quota": "Spazio illimitato per le caselle di posta"
    },
    "add": {
@ -82,9 +82,9 @@
        "post_domain_add": "Il container di SOGo, \"sogo-mailcow\", deve essere riavviato dopo aver aggiunto un nuovo dominio!<br><br>Inoltre la configurazione dei DNS del dominio verrà riesaminata. Quando la configurazione dei DNS sarà attiva, riavvia \"acme-mailcow\" per generare automaticamente i certificati per il nuovo dominio (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Quest'ultimo passaggio è facoltativo, in quanto il sistema si aggiorna ogni 24 ore.",
        "private_comment": "Commento privato",
        "public_comment": "Commento pubblico",
-        "quota_mb": "Spazio (MiB):",
+        "quota_mb": "Spazio (MiB)",
        "relay_all": "Trasmettere a tutti i destinatari",
-        "relay_all_info": "<small>Se si sceglie di <b>non</b> inviare a tutti i destinatari, è necessario aggiungere una casella di posta (\"blind\") per ogni singolo destinatario a cui deve essere inoltrato.</small>",
+        "relay_all_info": "↪ Se si sceglie di <b>non</b> inviare a tutti i destinatari, è necessario aggiungere una casella di posta (\"blind\") per ogni singolo destinatario a cui deve essere inoltrato.",
        "relay_domain": "Trasmetti questo dominio",
        "relay_transport_info": "<div class=\"label label-info\">Info</div> Puoi definire mappe di trasporto verso una destinazione a tua scelta per questo dominio. Se non viene impostata, si guarderà il record MX.",
        "relay_unknown_only": "Inoltra solo caselle di posta inesistenti. I messaggi per gli indirizzi esistenti verranno consegnati localmente.",
@ -102,9 +102,11 @@
        "target_domain": "Dominio di destinazione",
        "timeout1": "Timeout per la connessione all'host remoto",
        "timeout2": "Timeout per la connessione all'host locale",
-        "username": "Username",
+        "username": "Nome utente",
        "validate": "Convalida",
-        "validation_success": "Convalidato con successo"
+        "validation_success": "Convalidato con successo",
        "bcc_dest_format": "Il destinatario in copia nascosta deve essere un singolo indirizzo email.<br>Se si vuole spedire una copia del messaggio a più destinatari, bisogna creare un alias ed utilizzarlo per questa opzione.",
        "app_passwd_protocols": "Protocolli consentiti per la password dell'app"
    },
    "admin": {
        "access": "Accedi",
@ -132,18 +134,18 @@
        "advanced_settings": "Impostazioni avanzate",
        "api_allow_from": "Allow API access from these IPs/CIDR network notations",
        "api_info": "The API is a work in progress. The documentation can be found at <a href=\"/api\">/api</a>",
-        "api_key": "API key",
+        "api_key": "Chiave API",
-        "api_skip_ip_check": "Skip IP check for API",
+        "api_skip_ip_check": "Salta il controllo dell'IP per l'API",
        "app_links": "App links",
-        "app_name": "App name",
+        "app_name": "Nome dell'app",
-        "apps_name": "\"mailcow Apps\" name",
+        "apps_name": "Nome \"mailcow Apps\"",
-        "arrival_time": "Arrival time (server time)",
+        "arrival_time": "Ora di arrivo (ora del server)",
        "authed_user": "Auth. user",
        "ays": "Sei sicuro di voler procedere?",
        "ban_list_info": "See a list of banned IPs below: <b>network (remaining ban time) - [actions]</b>.<br />IPs queued to be unbanned will be removed from the active ban list within a few seconds.<br />Red labels indicate active permanent bans by blacklisting.",
        "change_logo": "Cambia logo",
        "configuration": "Configurazione",
-        "convert_html_to_text": "Convert HTML to plain text",
+        "convert_html_to_text": "Converti HTML in testo semplice",
        "credentials_transport_warning": "<b>Warning</b>: Adding a new transport map entry will update the credentials for all entries with a matching next hop column.",
        "customer_id": "ID cliente",
        "customize": "Personalizzare",
@ -189,7 +191,7 @@
        "forwarding_hosts_add_hint": "È possibile specificare indirizzi IPv4 / IPv6, reti nella notazione CIDR, nomi host (che verranno risolti in indirizzi IP) o nomi di dominio (che verranno risolti agli indirizzi IP richiamando i record SPF o, in assenza, i record MX) .",
        "forwarding_hosts_hint": "I messaggi in entrata sono accettati in maniera incondizionata da tutti gli host qui elencati. Questi host sono quindi non controllati tramite DNSBL o sottoposti a greylisting. Lo spam ricevuto da questi host non viene mai rifiutato, ma potrebbe essere archiviato nella cartella Posta indesiderata. L'utilizzo più comune è quello di specificare i server di posta elettronica su cui è stata impostata una regola che inoltra le email in arrivo al server mailcow.",
        "from": "Da",
-        "generate": "generate",
+        "generate": "generare",
        "guid": "GUID - ID istanza univoco",
        "guid_and_license": "GUID & Licenza",
        "hash_remove_info": "Removing a ratelimit hash (if still existing) will reset its counter completely.<br>\r\n  Each hash is indicated by an individual color.",
@ -204,7 +206,7 @@
        "include_exclude_info": "Di default - se nessuna voce viene selezionata - <b>tutte le caselle di posta</b> risultano attivate",
        "includes": "Includi questi destinatari",
        "is_mx_based": "Basato sul record MX",
-        "last_applied": "Last applied",
+        "last_applied": "Ultima applicazione",
        "license_info": "Non è necessario essere in possesso di una licenza ma aiuta gli sviluppatori a far crescere il prodotto.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">Registra qui il tuo GUID </a> oppure <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">acquista il supporto per la tua installazione di mailcow.</a>",
        "link": "Link",
        "loading": "Caricamento in corso...",
@ -229,7 +231,7 @@
        "optional": "facoltativo",
        "password": "Password",
        "password_length": "Lunghezza password",
-        "password_policy": "Password policy",
+        "password_policy": "Criteri della password",
        "password_policy_chars": "Deve contenere almeno un carattere alfabetico",
        "password_policy_length": "La lunghezza minima della password è %d caratteri",
        "password_policy_lowerupper": "Deve contenere caratteri minuscoli e maiuscoli",
@ -281,7 +283,7 @@
        "remove": "Rimuovi",
        "remove_row": "Elimina riga",
        "reset_default": "Riporta alle condizioni di default",
-        "reset_limit": "Remove hash",
+        "reset_limit": "Rimuovi hash",
        "routing": "Routing",
        "rsetting_add_rule": "Aggiungi regola",
        "rsetting_content": "Contenuto della regola",
@ -333,10 +335,15 @@
        "unban_pending": "unban pending",
        "unchanged_if_empty": "Se immutato lasciare vuoto",
        "upload": "Upload",
-        "username": "Username",
+        "username": "Nome utente",
        "validate_license_now": "Validate GUID against license server",
        "verify": "Verifica",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
        "api_read_only": "Accesso in sola lettura",
        "api_read_write": "Accesso in lettura-scrittura",
        "oauth2_apps": "App OAuth2",
        "oauth2_add_client": "Aggiungere il client OAuth2",
        "rsettings_preset_4": "Disattivare Rspamd per un dominio"
    },
    "danger": {
        "access_denied": "Accesso negato o form di login non corretto",
@ -360,7 +367,7 @@
        "domain_exists": "Dominio %s esiste già",
        "domain_invalid": "Il nome di dominio non è valido",
        "domain_not_empty": "Non posso rimuovere domini in non vuoti",
-        "domain_not_found": "Dominio non trovato.",
+        "domain_not_found": "Dominio %s non trovato",
        "domain_quota_m_in_use": "Lo spazio del dominio deve essere maggiore o uguale a %s MiB",
        "extra_acl_invalid": "External sender address \"%s\" is invalid",
        "extra_acl_invalid_domain": "External sender \"%s\" uses an invalid domain",
@ -388,9 +395,9 @@
        "invalid_recipient_map_old": "Invalid original recipient specified: %s",
        "ip_list_empty": "L'elenco degli IP consentiti non può essere vuoto",
        "is_alias": "%s è già presente come alias",
-        "is_alias_or_mailbox": "%s è già presente come alias, casella di posta oppure come alias di dominio",
+        "is_alias_or_mailbox": "%s è già presente come alias, casella di posta oppure come alias di dominio.",
        "is_spam_alias": "%s è già presente come indirizzo spam alias",
-        "last_key": "L'ultima chiave non può essere rimossa",
+        "last_key": "L'ultima chiave non può essere rimossa, si raccomanda la disattivazione del TFA.",
        "login_failed": "Login fallito",
        "mailbox_defquota_exceeds_mailbox_maxquota": "Default quota exceeds max quota limit",
        "mailbox_invalid": "Il nome della casella non è valido",
@ -448,17 +455,14 @@
        "tls_policy_map_parameter_invalid": "Policy parameter is invalid",
        "totp_verification_failed": "TOTP verification failed",
        "transport_dest_exists": "Transport destination \"%s\" exists",
-        "u2f_verification_failed": "U2F verification failed: %s",
+        "webauthn_verification_failed": "WebAuthn verification failed: %s",
        "unknown": "An unknown error occurred",
        "unknown_tfa_method": "Unknown TFA method",
        "unlimited_quota_acl": "Unlimited quota prohibited by ACL",
        "username_invalid": "Username %s non può essere utilizzato",
        "validity_missing": "Assegnare un periodo di validità",
-        "value_missing": "Please provide all values",
+        "value_missing": "Si prega di fornire tutti i valori",
-        "xmpp_map_write_error": "Could not write XMPP map: %s",
+        "yotp_verification_failed": "Verifica OTP Yubico fallita: %s"
        "xmpp_reload_failed": "XMPP could not be reloaded",
        "xmpp_restart_failed": "XMPP could not be restarted",
        "yotp_verification_failed": "Yubico OTP verification failed: %s"
    },
    "debug": {
        "chart_this_server": "Grafico (questo server)",
@ -485,9 +489,7 @@
        "success": "Successo",
        "system_containers": "System & Containers",
        "uptime": "Tempo di attività",
-        "username": "Username",
+        "username": "Username"
        "xmpp_dead": "XMPP is starting, disabled or died.",
        "xmpp_status": "Stato XMPP"
    },
    "diagnostics": {
        "cname_from_a": "Valore letto dal record A/AAAA. Questo è supportato finché il record punta alla risorsa corretta.",
@ -575,7 +577,7 @@
        "ratelimit": "Rate limit",
        "redirect_uri": "Redirect/Callback URL",
        "relay_all": "Relay tutti i destinatari",
-        "relay_all_info": "<small>Se si sceglie di <b>non</b> inviare a tutti i destinatari, è necessario aggiungere una casella di posta (\"blind\") per ogni singolo destinatario a cui deve essere inoltrato.</small>",
+        "relay_all_info": "↪ Se si sceglie di <b>non</b> inviare a tutti i destinatari, è necessario aggiungere una casella di posta (\"blind\") per ogni singolo destinatario a cui deve essere inoltrato.",
        "relay_domain": "Relay dominio",
        "relay_transport_info": "<div class=\"label label-info\">Info</div> You can define transport maps for a custom destination for this domain. If not set, a MX lookup will be made.",
        "relay_unknown_only": "Relay non-existing mailboxes only. Existing mailboxes will be delivered locally.",
@ -606,15 +608,12 @@
        "unchanged_if_empty": "Se immutato lasciare vuoto",
        "username": "Username",
        "validate_save": "Convalida e salva",
-        "xmpp": "Activate XMPP for this domain",
+        "pushover": "Pushover",
-        "xmpp_access": "XMPP access",
+        "sogo_access_info": "Il single-sign-on dall'interno dell'interfaccia di posta rimane funzionante. Questa impostazione non influisce sull'accesso a tutti gli altri servizi né cancella o modifica il profilo SOGo esistente dell'utente.",
-        "xmpp_access_info": "XMPP must be enabled for this domain.",
+        "none_inherit": "Nessuno / Eredita",
-        "xmpp_admin": "XMPP administrator",
+        "sogo_access": "Concedere l'accesso diretto a SOGo",
-        "xmpp_admin_info": "<b>Danger:</b> Promotes a user to an XMPP administrator of this domain.",
+        "acl": "ACL (autorizzazione)",
-        "xmpp_example_jid": "<b>Example JID</b> (login with mailbox password)",
+        "app_passwd_protocols": "Protocolli consentiti per la password dell'app"
        "xmpp_info": "This function will enable chat functionality for this domain.",
        "xmpp_prefix": "XMPP prefix for domain (\"im\" to use <b>im</b>.example.org)",
        "xmpp_prefix_info": "To request certificates for XMPP, two CNAME DNS records should point from <b>im</b>.example.org as well as <b>*.im</b>.example.org to <b>%s</b>. Please also run the DNS check for this domain after enabling XMPP."
    },
    "fido2": {
        "confirm": "Confirm",
@ -628,20 +627,23 @@
        "rename": "Rename",
        "set_fido2": "Register FIDO2 device",
        "set_fn": "Set friendly name",
-        "start_fido2_validation": "Start FIDO2 validation"
+        "start_fido2_validation": "Start FIDO2 validation",
        "set_fido2_touchid": "Registrare il Touch ID su Apple M1"
    },
    "footer": {
        "cancel": "Annulla",
        "confirm_delete": "Conferma eliminazione",
        "delete_now": "Elimina ora",
-        "delete_these_items": "Sicuro di voler eliminare gli oggetti selezionati?",
+        "delete_these_items": "Conferma di voler eliminare gli oggetti selezionati",
        "hibp_nok": "Matched! This is a potentially dangerous password!",
        "hibp_ok": "Nessuna corrispondenza trovata.",
        "loading": "Caricamento in corso...",
        "restart_container": "Riavvia il container",
        "restart_container_info": "<b>Importante:</b> Il completamento di un normale riavvio potrebbe richiedere diversi minuti, ti consigliamo di attendere.",
        "restart_now": "Riavvia adesso",
-        "restarting_container": "Riavvia il container, potrebbe richiedere diversi minuti"
+        "restarting_container": "Riavvia il container, potrebbe richiedere diversi minuti",
        "hibp_check": "Verifica con haveibeenpwned.com",
        "nothing_selected": "Niente di selezionato"
    },
    "header": {
        "administration": "Amministrazione",
@ -676,7 +678,7 @@
        "add_alias": "Aggiungi alias",
        "add_alias_expand": "Expand alias over alias domains",
        "add_bcc_entry": "Add BCC map",
-        "add_domain": "Aggiungi Ddminio",
+        "add_domain": "Aggiungi dominio",
        "add_domain_alias": "Aggiungi alias di dominio",
        "add_domain_record_first": "Per favore aggiungi il dominio prima",
        "add_filter": "Aggiungi filtro",
@ -690,14 +692,14 @@
        "alias_domain_backupmx": "Alias domain inactive for relay domain",
        "aliases": "Alias",
        "allow_from_smtp": "Consenti solo l'uso di questi IP per l'<b>SMTP</b>",
-        "allow_from_smtp_info": "Leave empty to allow all senders.<br>IPv4/IPv6 addresses and networks.",
+        "allow_from_smtp_info": "Da lasciare vuoto per consentire tutti i mittenti.<br>Indirizzi e reti IPv4/IPv6.",
        "allowed_protocols": "Protocolli consentiti",
        "backup_mx": "Backup MX",
        "bcc": "CCN",
        "bcc_destination": "Destinatario CCN",
        "bcc_destinations": "Destinatari CCN",
        "bcc_info": "BCC maps are used to silently forward copies of all messages to another address. A recipient map type entry is used, when the local destination acts as recipient of a mail. Sender maps conform to the same principle.<br/>\r\n  The local destination will not be informed about a failed delivery.",
-        "bcc_local_dest": "Local destination",
+        "bcc_local_dest": "Destinatario locale",
        "bcc_map": "BCC map",
        "bcc_map_type": "BCC type",
        "bcc_maps": "BCC maps",
@ -706,11 +708,11 @@
        "bcc_to_rcpt": "Switch to recipient map type",
        "bcc_to_sender": "Switch to sender map type",
        "bcc_type": "BCC type",
-        "booking_0": "Always show as free",
+        "booking_null": "Mostra sempre come libero",
        "booking_0_short": "Always free",
        "booking_custom": "Hard-limit to a custom amount of bookings",
        "booking_custom_short": "Hard limit",
-        "booking_lt0": "Unlimited, but show as busy when booked",
+        "booking_ltnull": "Unlimited, but show as busy when booked",
        "booking_lt0_short": "Soft limit",
        "daily": "Giornaliero",
        "deactivate": "Disattiva",
@ -808,7 +810,23 @@
        "username": "Nome utente",
        "waiting": "In attesa",
        "weekly": "Settimanale",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nome utente o password errati",
        "goto_ham": "Apprendi come <b>ham</b>",
        "goto_spam": "Apprendi come <b>spam</b>",
        "open_logs": "Apri i log",
        "syncjob_check_log": "Controlla il log",
        "syncjob_last_run_result": "Risultato dell'ultima esecuzione",
        "syncjob_EXIT_TLS_FAILURE": "Problema con la connessione criptata",
        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Problema di autenticazione",
        "syncjob_EXIT_OVERQUOTA": "La casella di posta del destinatario ha superato la quota",
        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Impossibile connettersi al server remoto",
        "syncjob_EXIT_CONNECTION_FAILURE": "Problema di connessione",
        "catch_all": "Catch-All",
        "sender": "Mittente",
        "all_domains": "Tutti i domini",
        "recipient": "Destinatario",
        "syncjob_EX_OK": "Successo"
    },
    "oauth2": {
        "access_denied": "Effettua il login alla casella di posta per garantire l'accesso tramite OAuth2.",
@ -953,11 +971,8 @@
        "upload_success": "File caricato con successo",
        "verified_fido2_login": "Verified FIDO2 login",
        "verified_totp_login": "Verified TOTP login",
-        "verified_u2f_login": "Verified U2F login",
+        "verified_webauthn_login": "Verified WebAuthn login",
-        "verified_yotp_login": "Verified Yubico OTP login",
+        "verified_yotp_login": "Verified Yubico OTP login"
        "xmpp_maps_updated": "XMPP maps were updated",
        "xmpp_reloaded": "Il servizio XMPP è stato ricaricato",
        "xmpp_restarted": "Il servizio XMPP è stato riavviato"
    },
    "tfa": {
        "api_register": "%s usa le API Yubico Cloud. Richiedi una chiave API <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">qui</a>",
@ -967,7 +982,7 @@
        "disable_tfa": "Disabilita TFA fino al prossimo accesso",
        "enter_qr_code": "Il codice TOTP se il tuo dispositivo non è in grado di acquisire i codici QR",
        "error_code": "Codice di errore",
-        "init_u2f": "Inizializzazione, attendere prego...",
+        "init_webauthn": "Inizializzazione, attendere prego...",
        "key_id": "Identificatore per il tuo YubiKey",
        "key_id_totp": "Identificatore per la tua chiave",
        "none": "Disattivato",
@ -975,14 +990,14 @@
        "scan_qr_code": "Esegui la scansione del seguente codice con l'applicazione di autenticazione o inserisci manualmente il codice.",
        "select": "Seleziona",
        "set_tfa": "Imposta il metodo di autenticazione a due fattori",
-        "start_u2f_validation": "Avvia convalida",
+        "start_webauthn_validation": "Avvia convalida",
        "set_tfa": "Imposta il metodo di autenticazione a due fattori",
        "tfa": "Autenticazione a due fattori",
        "totp": "Time-based OTP (Google Authenticator etc.)",
-        "u2f": "Autenticazione U2F",
+        "webauthn": "Autenticazione WebAuthn",
-        "waiting_usb_auth": "<i>In attesa del device USB...</i><br /><br />Tocca ora il pulsante sul dispositivo U2F USB.",
+        "waiting_usb_auth": "<i>In attesa del device USB...</i><br /><br />Tocca ora il pulsante sul dispositivo WebAuthn USB.",
-        "waiting_usb_register": "<i>In attesa del device USB...</i><br /><br />Inserisci la tua password qui sopra e conferma la tua registrazione U2F toccando il pulsante del dispositivo U2F USB.",
+        "waiting_usb_register": "<i>In attesa del device USB...</i><br /><br />Inserisci la tua password qui sopra e conferma la tua registrazione WebAuthn toccando il pulsante del dispositivo WebAuthn USB.",
-        "yubi_otp": "Autenticazione Yubico OTP"
+        "yubi_otp": "Autenticazione Yubico OTP",
        "tfa_token_invalid": "Token TFA non valido"
    },
    "user": {
        "action": "Azione",
@ -1092,7 +1107,7 @@
        "spamfilter": "Filtri spam",
        "spamfilter_behavior": "Punteggio",
        "spamfilter_bl": "Blacklist",
-        "spamfilter_bl_desc": "Email inserita nella blacklisted per <b>essere sempre</b> riconosciuta come spam e rifiutata. Si possono usare le wildcards.",
+        "spamfilter_bl_desc": "Email inserita nella blacklist per <b>essere sempre</b> riconosciuta come spam e rifiutata. Le mail rifiutate <b>non</b> verranno copiate nella quarantena. Si consiglia l'utilizzo delle wildcards. Un filtro viene applicato solo agli alias diretti (alias con una singola cassetta postale di destinazione) esclusi gli alias catch-all e la cassetta postale stessa.",
        "spamfilter_default_score": "Valori di default",
        "spamfilter_green": "Verde: Questo messaggio non è spam",
        "spamfilter_hint": "Il primo valore rappresenta un \"basso punteggio di spam\", il secondo rappresenta un \"alto punteggio di spam\".",
@ -1128,12 +1143,27 @@
        "weekly": "Settimanale",
        "weeks": "settimane",
        "year": "anno",
-        "years": "anni"
+        "years": "anni",
        "change_password_hint_app_passwords": "Il tuo account ha {{number_of_app_passwords}} password delle app che non verranno modificate. Per gestirle, vai alla scheda App passwords.",
        "syncjob_check_log": "Controlla i log",
        "syncjob_last_run_result": "Risultato dell'ultima esecuzione",
        "open_logs": "Apri i log",
        "apple_connection_profile_with_app_password": "Una nuova password dell'app è stata generata ed aggiunta al profilo così che non sia più necessario inserire alcuna password quando si imposta il dispositivo. Si prega di non condividere il file in quanto concede l'accesso completo alla tua casella di posta elettronica.",
        "allowed_protocols": "Protocolli consentiti",
        "syncjob_EX_OK": "Successo",
        "syncjob_EXIT_CONNECTION_FAILURE": "Problema di connessione",
        "syncjob_EXIT_TLS_FAILURE": "Problema con la connessione criptata",
        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Problema di autenticazione",
        "syncjob_EXIT_OVERQUOTA": "La casella di posta del destinatario ha superato la quota",
        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Impossibile connettersi al server remoto",
        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nome utente o password errati",
        "with_app_password": "con password dell'app",
        "direct_protocol_access": "Questo utente della mailbox ha <b>accesso diretto ed esterno</b> ai seguenti protocolli e applicazioni. Questa impostazione è controllata dal tuo amministratore. Le password delle applicazioni possono essere create per garantire l'accesso ai singoli protocolli e applicazioni.<br>Il pulsante \"Accedi alla webmail\" fornisce un singolo accesso a SOGo ed è sempre disponibile."
    },
    "warning": {
        "cannot_delete_self": "Cannot delete logged in user",
        "domain_added_sogo_failed": "Il dominio è stato aggiunto ma non è stato possibile riavviare SOGo, controlla i log del tuo server.",
-        "dovecot_restart_failed": "Non è stato possibile riavviare Dovecot, controlla i log del tuo server.",
+        "dovecot_restart_failed": "Non è stato possibile riavviare Dovecot, controlla i log del tuo server",
        "fuzzy_learn_error": "Fuzzy hash learn error: %s",
        "hash_not_found": "Hash not found or already deleted",
        "ip_invalid": "Skipped invalid IP: %s",
@ -1142,5 +1172,12 @@
        "quota_exceeded_scope": "Domain quota exceeded: Only unlimited mailboxes can be created in this domain scope.",
        "session_token": "Form token invalid: Token mismatch",
        "session_ua": "Form token invalid: User-Agent validation error"
    },
    "ratelimit": {
        "minute": "messaggi / minuto",
        "disabled": "Disabilitato",
        "second": "messaggi / secondo",
        "hour": "messaggi / ora",
        "day": "messaggi / giorno"
    }
 }
--- a/data/web/lang/lang.ko.json
+++ b/data/web/lang/lang.ko.json
@ -1,31 +1,31 @@
 {
-   "acl":{
+    "acl": {
-      "alias_domains":"도메인 별칭 추가",
+        "alias_domains": "도메인 별칭 추가",
-      "app_passwds":"앱 비밀번호 관리",
+        "app_passwds": "앱 비밀번호 관리",
-      "bcc_maps":"BCC 맵",
+        "bcc_maps": "BCC 맵",
-      "delimiter_action":"구분 기호 동작",
+        "delimiter_action": "구분 기호 동작",
-      "eas_reset":"EAS 장치 초기화",
+        "eas_reset": "EAS 장치 초기화",
-      "extend_sender_acl":"외부 주소별로 발신자 ACL 확장 허용",
+        "extend_sender_acl": "외부 주소별로 발신자 ACL 확장 허용",
-      "filters":"필터",
+        "filters": "필터",
-      "login_as":"메일 사용자로 로그인",
+        "login_as": "메일 사용자로 로그인",
-      "prohibited":" ACL에 의해 금지",
+        "prohibited": " ACL에 의해 금지",
-      "protocol_access":"프로토콜 접근 변경",
+        "protocol_access": "프로토콜 접근 변경",
-      "pushover":"Pushover",
+        "pushover": "Pushover",
-      "quarantine":"검열 작동",
+        "quarantine": "검열 작동",
-      "quarantine_attachments":"첨부파일 검열",
+        "quarantine_attachments": "첨부파일 검열",
-      "quarantine_notification":"검열 알림 변경",
+        "quarantine_notification": "검열 알림 변경",
-      "ratelimit":"요청 제한",
+        "ratelimit": "요청 제한",
-      "recipient_maps":"수신자 맵",
+        "recipient_maps": "수신자 맵",
-      "smtp_ip_access":"SMTP에 허용된 호스트 변경",
+        "smtp_ip_access": "SMTP에 허용된 호스트 변경",
-      "sogo_access":"SOGo 접근 관리 허용",
+        "sogo_access": "SOGo 접근 관리 허용",
-      "sogo_profile_reset":"SOGo 프로필 초기화",
+        "sogo_profile_reset": "SOGo 프로필 초기화",
-      "spam_alias":"일임시 별칭",
+        "spam_alias": "일임시 별칭",
-      "spam_policy":"블랙리스트/화이트리스트",
+        "spam_policy": "블랙리스트/화이트리스트",
-      "spam_score":"스팸 점수",
+        "spam_score": "스팸 점수",
-      "syncjobs":"동기화 작업",
+        "syncjobs": "동기화 작업",
-      "tls_policy":"TLS 정책",
+        "tls_policy": "TLS 정책",
-      "unlimited_quota":"메일에 무제한 할당",
+        "unlimited_quota": "메일에 무제한 할당",
-      "domain_desc":"도메인 설명 변경"
+        "domain_desc": "도메인 설명 변경"
    },
    "add": {
        "activate_filter_warn": "활성화가 체크되어 있으면 모든 다른 필터들은 비활성화됩니다.",
@ -103,328 +103,328 @@
        "validate": "확인하기",
        "validation_success": "성공적으로 확인됨"
    },
-    "admin":{
+    "admin": {
-      "access":"접근",
+        "access": "접근",
-      "action":"동작",
+        "action": "동작",
-      "activate_api":"API 활성화",
+        "activate_api": "API 활성화",
-      "activate_send":"발신 버튼 활성화",
+        "activate_send": "발신 버튼 활성화",
-      "active":"활성화",
+        "active": "활성화",
-      "active_rspamd_settings_map":"설정 맵 활성화",
+        "active_rspamd_settings_map": "설정 맵 활성화",
-      "add":"추가",
+        "add": "추가",
-      "add_admin":"관리자 추가",
+        "add_admin": "관리자 추가",
-      "add_domain_admin":"도메인 관리자 추가",
+        "add_domain_admin": "도메인 관리자 추가",
-      "add_forwarding_host":"포워딩 호스트 추가",
+        "add_forwarding_host": "포워딩 호스트 추가",
-      "add_relayhost":"발신자 의존 전송",
+        "add_relayhost": "발신자 의존 전송",
-      "add_relayhost_hint":"인증 데이터가 있는 경우 일반 텍스트로 저장되는 것을 주의해주세요.",
+        "add_relayhost_hint": "인증 데이터가 있는 경우 일반 텍스트로 저장되는 것을 주의해주세요.",
-      "add_row":"행 추가",
+        "add_row": "행 추가",
-      "add_settings_rule":"설정 규칙 추가",
+        "add_settings_rule": "설정 규칙 추가",
-      "add_transport":"전송 추가",
+        "add_transport": "전송 추가",
-      "add_transports_hint":"인증 데이터가 있는 경우 일반 텍스트로 저장되는 것을 주의해주세요.",
+        "add_transports_hint": "인증 데이터가 있는 경우 일반 텍스트로 저장되는 것을 주의해주세요.",
-      "additional_rows":" 행이 추가되었습니다.",
+        "additional_rows": " 행이 추가되었습니다.",
-      "admin":"관리자",
+        "admin": "관리자",
-      "admin_details":"관리자 상세 정보 수정",
+        "admin_details": "관리자 상세 정보 수정",
-      "admin_domains":"도메인 할당",
+        "admin_domains": "도메인 할당",
-      "advanced_settings":"고급 설정",
+        "advanced_settings": "고급 설정",
-      "api_allow_from":"다음 IPs/CIDR 네트워크 이름에서 API 접근 허용",
+        "api_allow_from": "다음 IPs/CIDR 네트워크 이름에서 API 접근 허용",
-      "api_info":"API는 현재 WIP상태에 있습니다. <a href=\"/api\">/api</a>에서 문서를 찾을 수 있습니다",
+        "api_info": "API는 현재 WIP상태에 있습니다. <a href=\"/api\">/api</a>에서 문서를 찾을 수 있습니다",
-      "api_key":"API 키",
+        "api_key": "API 키",
-      "api_skip_ip_check":"API를 위한 IP 검사 건너뛰기",
+        "api_skip_ip_check": "API를 위한 IP 검사 건너뛰기",
-      "app_links":"앱 링크",
+        "app_links": "앱 링크",
-      "app_name":"앱 이름",
+        "app_name": "앱 이름",
-      "apps_name":"\"mailcow Apps\" 이름",
+        "apps_name": "\"mailcow Apps\" 이름",
-      "arrival_time":"도착 시간 (서버 시간)",
+        "arrival_time": "도착 시간 (서버 시간)",
-      "authed_user":"인증된 사용자",
+        "authed_user": "인증된 사용자",
-      "ays":"계속 진행하시겠습니까?",
+        "ays": "계속 진행하시겠습니까?",
-      "ban_list_info":"차단된 IP 목록 확인: <b>네트워크 (남은 차단 시간) - [actions]</b>.<br />차단이 풀릴 IP는 현재 차단된 IP리스트에서 곧 삭제됩니다.<br />빨간색 라벨은 블랙리스트에 의해서 금지된 것을 가리킵니다.",
+        "ban_list_info": "차단된 IP 목록 확인: <b>네트워크 (남은 차단 시간) - [actions]</b>.<br />차단이 풀릴 IP는 현재 차단된 IP리스트에서 곧 삭제됩니다.<br />빨간색 라벨은 블랙리스트에 의해서 금지된 것을 가리킵니다.",
-      "change_logo":"로고 변경",
+        "change_logo": "로고 변경",
-      "configuration":"설정",
+        "configuration": "설정",
-      "credentials_transport_warning":"<b>Warning</b>: Adding a new transport map entry will update the credentials for all entries with a matching nexthop column.",
+        "credentials_transport_warning": "<b>Warning</b>: Adding a new transport map entry will update the credentials for all entries with a matching nexthop column.",
-      "customer_id":"고객 ID",
+        "customer_id": "고객 ID",
-      "customize":"사용자 정의",
+        "customize": "사용자 정의",
-      "delete_queue":"전부 삭제",
+        "delete_queue": "전부 삭제",
-      "destination":"목적지",
+        "destination": "목적지",
-      "dkim_add_key":"ARC/DKIM key 추가",
+        "dkim_add_key": "ARC/DKIM key 추가",
-      "dkim_domains_selector":"선택기",
+        "dkim_domains_selector": "선택기",
-      "dkim_domains_wo_keys":"누락된 키가 있는 도메인 선택",
+        "dkim_domains_wo_keys": "누락된 키가 있는 도메인 선택",
-      "dkim_from":"from",
+        "dkim_from": "from",
-      "dkim_from_title":"데이터를 복사할 원본 데이터",
+        "dkim_from_title": "데이터를 복사할 원본 데이터",
-      "dkim_key_length":"DKIM key 길이 (bits)",
+        "dkim_key_length": "DKIM key 길이 (bits)",
-      "dkim_key_missing":"Key가 누락됨",
+        "dkim_key_missing": "Key가 누락됨",
-      "dkim_key_unused":"Key 미사용",
+        "dkim_key_unused": "Key 미사용",
-      "dkim_key_valid":"유효한 key",
+        "dkim_key_valid": "유효한 key",
-      "dkim_keys":"ARC/DKIM keys",
+        "dkim_keys": "ARC/DKIM keys",
-      "dkim_private_key":"개인 key",
+        "dkim_private_key": "개인 key",
-      "dkim_to":"To",
+        "dkim_to": "To",
-      "dkim_to_title":"덮어 쓰여 질 대상 도메인(들)",
+        "dkim_to_title": "덮어 쓰여 질 대상 도메인(들)",
-      "domain":"도메인",
+        "domain": "도메인",
-      "domain_admins":"도메인 관리자",
+        "domain_admins": "도메인 관리자",
-      "domain_s":"도메인(들)",
+        "domain_s": "도메인(들)",
-      "duplicate":"중복",
+        "duplicate": "중복",
-      "duplicate_dkim":"중복 DKIM 레코드",
+        "duplicate_dkim": "중복 DKIM 레코드",
-      "edit":"편집",
+        "edit": "편집",
-      "empty":"값이 없음",
+        "empty": "값이 없음",
-      "excludes":"다음 수신자 제외",
+        "excludes": "다음 수신자 제외",
-      "f2b_ban_time":"차단 시간 (s)",
+        "f2b_ban_time": "차단 시간 (s)",
-      "f2b_blacklist":"블랙리스트에 기록된 네트워크/호스트",
+        "f2b_blacklist": "블랙리스트에 기록된 네트워크/호스트",
-      "f2b_list_info":"블랙리스트에 기록된 호스트 혹은 네트워크는 항상 화이트 리스트보다 먼저 고려됩니다. <b>리스트를 업데이트하면 적용되는데 시간이 조금 걸릴 수 있습니다.</b>",
+        "f2b_list_info": "블랙리스트에 기록된 호스트 혹은 네트워크는 항상 화이트 리스트보다 먼저 고려됩니다. <b>리스트를 업데이트하면 적용되는데 시간이 조금 걸릴 수 있습니다.</b>",
-      "f2b_max_attempts":"최대 시도 횟수",
+        "f2b_max_attempts": "최대 시도 횟수",
-      "f2b_netban_ipv4":"차단할 IPv4 서브넷 크기 (8-32)",
+        "f2b_netban_ipv4": "차단할 IPv4 서브넷 크기 (8-32)",
-      "f2b_netban_ipv6":"차단할 IPv6 서브넷 크기 (8-128)",
+        "f2b_netban_ipv6": "차단할 IPv6 서브넷 크기 (8-128)",
-      "f2b_parameters":"Fail2ban 변수",
+        "f2b_parameters": "Fail2ban 변수",
-      "f2b_retry_window":"최대 시도 횟수",
+        "f2b_retry_window": "최대 시도 횟수",
-      "f2b_whitelist":"화이트리스트에 저장된 네트워크/호스트",
+        "f2b_whitelist": "화이트리스트에 저장된 네트워크/호스트",
-      "filter_table":"필터 테이블",
+        "filter_table": "필터 테이블",
-      "flush_queue":"큐 비우기",
+        "flush_queue": "큐 비우기",
-      "forwarding_hosts":"포워딩 호스트",
+        "forwarding_hosts": "포워딩 호스트",
-      "forwarding_hosts_add_hint":"IPv4/IPv6 주소, CIDR 방식의 네트워크, 호스트 이름 (IP 주소로 확인된 호스트 이름), 또는 도메인 이름 (SPF 레코드를 쿼리하거나 MX레코드가 없는 경우 IP 주소로 확인된 도메인 이름)을 지정할 수 있습니다.",
+        "forwarding_hosts_add_hint": "IPv4/IPv6 주소, CIDR 방식의 네트워크, 호스트 이름 (IP 주소로 확인된 호스트 이름), 또는 도메인 이름 (SPF 레코드를 쿼리하거나 MX레코드가 없는 경우 IP 주소로 확인된 도메인 이름)을 지정할 수 있습니다.",
-      "forwarding_hosts_hint":"수신된 메시지는 여기에 나열된 모든 호스트에 무조건 허용됩니다. 받은 다음에 이 호스트들은 DNSML에 대해 검사되지 않거나 그레이리스트에 포함되지 않습니다. 이들에게서 받은 스팸은 절대 거부되지 않지만, 선택적으로 정크 폴더에 저장될 수 있습니다. 일반적으로 수신받은 메일을 mailcow 서버로 전달하는 메일 서버를 지정하는 용도로 사용됩니다.",
+        "forwarding_hosts_hint": "수신된 메시지는 여기에 나열된 모든 호스트에 무조건 허용됩니다. 받은 다음에 이 호스트들은 DNSML에 대해 검사되지 않거나 그레이리스트에 포함되지 않습니다. 이들에게서 받은 스팸은 절대 거부되지 않지만, 선택적으로 정크 폴더에 저장될 수 있습니다. 일반적으로 수신받은 메일을 mailcow 서버로 전달하는 메일 서버를 지정하는 용도로 사용됩니다.",
-      "from":"From",
+        "from": "From",
-      "generate":"생성",
+        "generate": "생성",
-      "guid":"GUID – 고유 인스턴스 ID",
+        "guid": "GUID – 고유 인스턴스 ID",
-      "guid_and_license":"GUID & License",
+        "guid_and_license": "GUID & License",
-      "hash_remove_info":"속도 제한 해시를 제거하면(만약 여전히 존재한다면) 카운터가 완전히 재설정 됩니다. 각 해시는 다른 색상으로 표기됩니다.",
+        "hash_remove_info": "속도 제한 해시를 제거하면(만약 여전히 존재한다면) 카운터가 완전히 재설정 됩니다. 각 해시는 다른 색상으로 표기됩니다.",
-      "help_text":"로그인 마스크 아래에 있는 도움말 덮어쓰기 (HTML 허용)",
+        "help_text": "로그인 마스크 아래에 있는 도움말 덮어쓰기 (HTML 허용)",
-      "host":"호스트",
+        "host": "호스트",
-      "import":"Import",
+        "import": "Import",
-      "import_private_key":"개인키 가져오기",
+        "import_private_key": "개인키 가져오기",
-      "in_use_by":"In use by",
+        "in_use_by": "In use by",
-      "inactive":"비활성화",
+        "inactive": "비활성화",
-      "include_exclude":"포함/제외",
+        "include_exclude": "포함/제외",
-      "include_exclude_info":"선택한 것이 없으면 모든 메일함이 지정됩니다.",
+        "include_exclude_info": "선택한 것이 없으면 모든 메일함이 지정됩니다.",
-      "includes":"다음 수신인 포함",
+        "includes": "다음 수신인 포함",
-      "last_applied":"마지막 적용",
+        "last_applied": "마지막 적용",
-      "license_info":"라이선스가 필수는 아니지만 향후 개발에 도움이 됩니다. <br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\"> GUID 등록 </a> 혹은 <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">mailocw 설치를 위한 지원을 구매할 수 있습니다.</a>",
+        "license_info": "라이선스가 필수는 아니지만 향후 개발에 도움이 됩니다. <br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\"> GUID 등록 </a> 혹은 <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">mailocw 설치를 위한 지원을 구매할 수 있습니다.</a>",
-      "link":"Link",
+        "link": "Link",
-      "loading":"잠시만 기다려주세요...",
+        "loading": "잠시만 기다려주세요...",
-      "logo_info":"이미지 크기는 상단 탐색 막대의 경우 40px, 시작 페이지의 경우 최대 너비 250px로 조정됩니다. 확장 가능한 그래픽을 권장합니다.",
+        "logo_info": "이미지 크기는 상단 탐색 막대의 경우 40px, 시작 페이지의 경우 최대 너비 250px로 조정됩니다. 확장 가능한 그래픽을 권장합니다.",
-      "lookup_mx":"MX와 목적지 일치 (.outlook.com이 홉을 통해서 MX *.outlook.com을 대상으로 하는 모든 메일을 라우트한다.)",
+        "lookup_mx": "MX와 목적지 일치 (.outlook.com이 홉을 통해서 MX *.outlook.com을 대상으로 하는 모든 메일을 라우트한다.)",
-      "main_name":"\"mailcow UI\" 이름",
+        "main_name": "\"mailcow UI\" 이름",
-      "merged_vars_hint":"회색으로 표시된 행은 <code>vars.(local.)php</code> 에서 병합되었고 이는 수정할 수 없습니다.",
+        "merged_vars_hint": "회색으로 표시된 행은 <code>vars.(local.)php</code> 에서 병합되었고 이는 수정할 수 없습니다.",
-      "message":"메세지",
+        "message": "메세지",
-      "message_size":"메시지 크기",
+        "message_size": "메시지 크기",
-      "nexthop":"다음 홉",
+        "nexthop": "다음 홉",
-      "no":"&#10005;",
+        "no": "&#10005;",
-      "no_active_bans":"차단 없음",
+        "no_active_bans": "차단 없음",
-      "no_new_rows":"추가 행 없음",
+        "no_new_rows": "추가 행 없음",
-      "no_record":"레코드 없음",
+        "no_record": "레코드 없음",
-      "oauth2_client_id":"클라이언트 ID",
+        "oauth2_client_id": "클라이언트 ID",
-      "oauth2_client_secret":"클라이언트 기밀",
+        "oauth2_client_secret": "클라이언트 기밀",
-      "oauth2_info":"The OAuth2 implementation supports the grant type \"Authorization Code\" and issues refresh tokens.<br>\r\nThe server also automatically issues new refresh tokens, after a refresh token has been used.<br><br>\r\n→ The default scope is <i>profile</i>. Only mailbox users can be authenticated against OAuth2. If the scope parameter is omitted, it falls back to <i>profile</i>.<br>\r\n→ The <i>state</i> parameter is required to be sent by the client as part of the authorize request.<br><br>\r\nPaths for requests to the OAuth2 API: <br>\r\n<ul>\r\n  <li>Authorization endpoint: <code>/oauth/authorize</code></li>\r\n  <li>Token endpoint: <code>/oauth/token</code></li>\r\n  <li>Resource page:  <code>/oauth/profile</code></li>\r\n</ul>\r\nRegenerating the client secret will not expire existing authorization codes, but they will fail to renew their token.<br><br>\r\nRevoking client tokens will cause immediate termination of all active sessions. All clients need to re-authenticate.",
+        "oauth2_info": "The OAuth2 implementation supports the grant type \"Authorization Code\" and issues refresh tokens.<br>\r\nThe server also automatically issues new refresh tokens, after a refresh token has been used.<br><br>\r\n→ The default scope is <i>profile</i>. Only mailbox users can be authenticated against OAuth2. If the scope parameter is omitted, it falls back to <i>profile</i>.<br>\r\n→ The <i>state</i> parameter is required to be sent by the client as part of the authorize request.<br><br>\r\nPaths for requests to the OAuth2 API: <br>\r\n<ul>\r\n  <li>Authorization endpoint: <code>/oauth/authorize</code></li>\r\n  <li>Token endpoint: <code>/oauth/token</code></li>\r\n  <li>Resource page:  <code>/oauth/profile</code></li>\r\n</ul>\r\nRegenerating the client secret will not expire existing authorization codes, but they will fail to renew their token.<br><br>\r\nRevoking client tokens will cause immediate termination of all active sessions. All clients need to re-authenticate.",
-      "oauth2_redirect_uri":"리다이렉트 URI",
+        "oauth2_redirect_uri": "리다이렉트 URI",
-      "oauth2_renew_secret":"새로운 클라이언트 기밀 생성",
+        "oauth2_renew_secret": "새로운 클라이언트 기밀 생성",
-      "oauth2_revoke_tokens":"모든 클라이언트 토큰 취소",
+        "oauth2_revoke_tokens": "모든 클라이언트 토큰 취소",
-      "password":"비밀번호",
+        "password": "비밀번호",
-      "password_repeat":"(재입력)",
+        "password_repeat": "(재입력)",
-      "priority":"우선 순위",
+        "priority": "우선 순위",
-      "private_key":"개인 키",
+        "private_key": "개인 키",
-      "quarantine":"검역소",
+        "quarantine": "검역소",
-      "quarantine_bcc":"모든 알림(BCC)의 복사본을 이 수신자에게 발송: 비우면 사용하지 않습니다. 서명이 없거나 검증되지 않은 메일은 내부적으로만 전송되어야 합니다.",
+        "quarantine_bcc": "모든 알림(BCC)의 복사본을 이 수신자에게 발송: 비우면 사용하지 않습니다. 서명이 없거나 검증되지 않은 메일은 내부적으로만 전송되어야 합니다.",
-      "quarantine_exclude_domains":"도메인과 별칭 도메인 제외",
+        "quarantine_exclude_domains": "도메인과 별칭 도메인 제외",
-      "quarantine_max_age":"최대 보관 기간:<br><small>최소한 1일 이상이어야 합니다.</small>",
+        "quarantine_max_age": "최대 보관 기간:<br><small>최소한 1일 이상이어야 합니다.</small>",
-      "quarantine_max_size":"최대 크기 (단위: MiB): <br><small>0이어도 <b>무제한이 아닙니다.</b></small>",
+        "quarantine_max_size": "최대 크기 (단위: MiB): <br><small>0이어도 <b>무제한이 아닙니다.</b></small>",
-      "quarantine_notification_html":"이메일 템플릿 알림: 비우면 기본값으로 복원됩니다.",
+        "quarantine_notification_html": "이메일 템플릿 알림: 비우면 기본값으로 복원됩니다.",
-      "quarantine_notification_sender":"이메일 발신자 알림",
+        "quarantine_notification_sender": "이메일 발신자 알림",
-      "quarantine_notification_subject":"이메일 주제 알림",
+        "quarantine_notification_subject": "이메일 주제 알림",
-      "quarantine_redirect":"<b>모든 알림</b>을 이 수신자에게 리다이렉트:<br><small>비우면 비활성화됩니다. 서명이 없거나 검증되지 않은 메일은 내부적으로만 전송되어야 합니다.</small>",
+        "quarantine_redirect": "<b>모든 알림</b>을 이 수신자에게 리다이렉트:<br><small>비우면 비활성화됩니다. 서명이 없거나 검증되지 않은 메일은 내부적으로만 전송되어야 합니다.</small>",
-      "quarantine_release_format":"릴리즈된 항목 형식",
+        "quarantine_release_format": "릴리즈된 항목 형식",
-      "quarantine_release_format_att":"첨부 파일",
+        "quarantine_release_format_att": "첨부 파일",
-      "quarantine_release_format_raw":"수정되지 않은 원본",
+        "quarantine_release_format_raw": "수정되지 않은 원본",
-      "quarantine_retention_size":"메일함당 보관:<br><small>0은 <b>비활성</b>을 나타냅니다.</small>",
+        "quarantine_retention_size": "메일함당 보관:<br><small>0은 <b>비활성</b>을 나타냅니다.</small>",
-      "queue_ays":"현재 대기열에서 모든 항목을 삭제할지 확인하십시오.",
+        "queue_ays": "현재 대기열에서 모든 항목을 삭제할지 확인하십시오.",
-      "queue_deliver_mail":"Deliver",
+        "queue_deliver_mail": "Deliver",
-      "queue_hold_mail":"Hold",
+        "queue_hold_mail": "Hold",
-      "queue_manager":"대기열 관리자",
+        "queue_manager": "대기열 관리자",
-      "queue_unban":"대기열 밴 해제",
+        "queue_unban": "대기열 밴 해제",
-      "queue_unhold_mail":"Unhold",
+        "queue_unhold_mail": "Unhold",
-      "queue_show_message":"메시지 표시",
+        "queue_show_message": "메시지 표시",
-      "quota_notification_html":"알림 이메일 탬플릿:<br><small>없으면 기본 템플릿이 복구됩니다.</small>",
+        "quota_notification_html": "알림 이메일 탬플릿:<br><small>없으면 기본 템플릿이 복구됩니다.</small>",
-      "quota_notification_sender":"이메일 발신자 알림",
+        "quota_notification_sender": "이메일 발신자 알림",
-      "quota_notification_subject":"이메일 주제 알림",
+        "quota_notification_subject": "이메일 주제 알림",
-      "quota_notifications":"할당량 알림",
+        "quota_notifications": "할당량 알림",
-      "quota_notifications_info":"할당량 알림은 80% 넘을 때 한 번, 95% 넘을 때 한 번 사용자에게 발송됩니다.",
+        "quota_notifications_info": "할당량 알림은 80% 넘을 때 한 번, 95% 넘을 때 한 번 사용자에게 발송됩니다.",
-      "quota_notifications_vars":"{{percent}}는 사용자의 현재 할당량입니다.<br>{{username}}은 메일함의 이름입니다.",
+        "quota_notifications_vars": "{{percent}}는 사용자의 현재 할당량입니다.<br>{{username}}은 메일함의 이름입니다.",
-      "r_active":"활성화된 제한",
+        "r_active": "활성화된 제한",
-      "r_inactive":"사용하고 있지 않는 제한",
+        "r_inactive": "사용하고 있지 않는 제한",
-      "r_info":"Greyed out/disabled elements on the list of active restrictions are not known as valid restrictions to mailcow and cannot be moved. Unknown restrictions will be set in order of appearance anyway. <br>You can add new elements in <code>inc/vars.local.inc.php</code> to be able to toggle them.",
+        "r_info": "Greyed out/disabled elements on the list of active restrictions are not known as valid restrictions to mailcow and cannot be moved. Unknown restrictions will be set in order of appearance anyway. <br>You can add new elements in <code>inc/vars.local.inc.php</code> to be able to toggle them.",
-      "rate_name":"Rate name",
+        "rate_name": "Rate name",
-      "recipients":"수신자",
+        "recipients": "수신자",
-      "refresh":"새로 고침",
+        "refresh": "새로 고침",
-      "regen_api_key":"API 키 재생성",
+        "regen_api_key": "API 키 재생성",
-      "regex_maps":"정규 표현식",
+        "regex_maps": "정규 표현식",
-      "relay_from":"\"From:\" 주소",
+        "relay_from": "\"From:\" 주소",
-      "relay_run":"테스트 실행",
+        "relay_run": "테스트 실행",
-      "relayhosts":"발신자 의존 전송",
+        "relayhosts": "발신자 의존 전송",
        "relayhosts_hint": "Define sender-dependent transports to be able to select them in a domains configuration dialog.<br>\r\n  The transport service is always \"smtp:\" and will therefore try TLS when offered. Wrapped TLS (SMTPS) is not supported. A users individual outbound TLS policy setting is taken into account.<br>\r\n  Affects selected domains including alias domains.",
-      "remove":"제거",
+        "remove": "제거",
-      "remove_row":"행 제거",
+        "remove_row": "행 제거",
-      "reset_default":"기본값으로 초기화",
+        "reset_default": "기본값으로 초기화",
-      "reset_limit":"해시 제거",
+        "reset_limit": "해시 제거",
-      "routing":"라우팅",
+        "routing": "라우팅",
-      "rsetting_add_rule":"규칙 추가",
+        "rsetting_add_rule": "규칙 추가",
-      "rsetting_content":"규칙 내용",
+        "rsetting_content": "규칙 내용",
-      "rsetting_desc":"간단한 설명",
+        "rsetting_desc": "간단한 설명",
-      "rsetting_no_selection":"규칙을 선택해 주세요.",
+        "rsetting_no_selection": "규칙을 선택해 주세요.",
-      "rsetting_none":"사용가능한 규칙이 없음",
+        "rsetting_none": "사용가능한 규칙이 없음",
-      "rsettings_insert_preset":"사전 설정 예제 삽입",
+        "rsettings_insert_preset": "사전 설정 예제 삽입",
-      "rsettings_preset_1":"인증된 사용자에 대해 DKIM과 속도 제한을 제외한 모든 것을 비활성화",
+        "rsettings_preset_1": "인증된 사용자에 대해 DKIM과 속도 제한을 제외한 모든 것을 비활성화",
-      "rsettings_preset_2":"포스트 마스터가 스팸을 원함",
+        "rsettings_preset_2": "포스트 마스터가 스팸을 원함",
-      "rsettings_preset_3":"메일박스에 특정 발신자만 허용 (i.e. 서버 내부 메일함으로만 이용)",
+        "rsettings_preset_3": "메일박스에 특정 발신자만 허용 (i.e. 서버 내부 메일함으로만 이용)",
-      "rspamd-com_settings":"설정 이름은 자동으로 생성되며 아래 사전 설정 예제를 참고하세요. 자세한 내용은 <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd 문서</a>를 참조하세요.",
+        "rspamd-com_settings": "설정 이름은 자동으로 생성되며 아래 사전 설정 예제를 참고하세요. 자세한 내용은 <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd 문서</a>를 참조하세요.",
-      "rspamd_global_filters":"글로벌 필터 맵",
+        "rspamd_global_filters": "글로벌 필터 맵",
-      "rspamd_global_filters_agree":"조심할게!",
+        "rspamd_global_filters_agree": "조심할게!",
-      "rspamd_global_filters_info":"글로벌 필터 맵은 다른 종류의 글로벌 블랙리스트와 화이트리스트를 포함합니다.",
+        "rspamd_global_filters_info": "글로벌 필터 맵은 다른 종류의 글로벌 블랙리스트와 화이트리스트를 포함합니다.",
-      "rspamd_global_filters_regex":"각 이름이 사용 용도를 설명합니다. 모든 내용은 \"/pattern/options\" 과 같은 형식을 포함해야 합니다. (예시: <code>/.+@domain\\.tld/i</code>).<br>\r\n 기본적인 체킹이 각 줄에 적용되지만, Rspand가 문법을 제대로 못 읽으면 기능이 망가질 수 있습니다.<br>\r\n  Rspamd는 맵 정보가 바뀔 때마다 읽기를 시도합니다. 문제가 발생한다면 <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">Rspamd을 재시작</a>하여 맵을 강제로 다시 불러오도록 할 수 있습니다.",
+        "rspamd_global_filters_regex": "각 이름이 사용 용도를 설명합니다. 모든 내용은 \"/pattern/options\" 과 같은 형식을 포함해야 합니다. (예시: <code>/.+@domain\\.tld/i</code>).<br>\r\n 기본적인 체킹이 각 줄에 적용되지만, Rspand가 문법을 제대로 못 읽으면 기능이 망가질 수 있습니다.<br>\r\n  Rspamd는 맵 정보가 바뀔 때마다 읽기를 시도합니다. 문제가 발생한다면 <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">Rspamd을 재시작</a>하여 맵을 강제로 다시 불러오도록 할 수 있습니다.",
-      "rspamd_settings_map":"Rspamd 설정 맵",
+        "rspamd_settings_map": "Rspamd 설정 맵",
-      "sal_level":"Moo 레벨",
+        "sal_level": "Moo 레벨",
-      "save":"변경 저장",
+        "save": "변경 저장",
-      "search_domain_da":"도메인 검색",
+        "search_domain_da": "도메인 검색",
-      "send":"보내기",
+        "send": "보내기",
-      "sender":"발신자",
+        "sender": "발신자",
-      "service_id":"서비스 ID",
+        "service_id": "서비스 ID",
-      "source":"소스",
+        "source": "소스",
-      "spamfilter":"스팸 필터",
+        "spamfilter": "스팸 필터",
-      "subject":"목적",
+        "subject": "목적",
-      "sys_mails":"시스템 메일",
+        "sys_mails": "시스템 메일",
-      "text":"문자",
+        "text": "문자",
-      "time":"시간",
+        "time": "시간",
-      "title":"제목",
+        "title": "제목",
-      "title_name":"\"mailcow UI\" 웹사이트 제목",
+        "title_name": "\"mailcow UI\" 웹사이트 제목",
-      "to_top":"맨 위로 돌아가기",
+        "to_top": "맨 위로 돌아가기",
-      "transport_dest_format":"구문: example.org, .example.org, *, box@example.org (쉼표로 구분됨)",
+        "transport_dest_format": "구문: example.org, .example.org, *, box@example.org (쉼표로 구분됨)",
-      "transport_maps":"전송 맵",
+        "transport_maps": "전송 맵",
-      "transports_hint":"→ A transport map entry <b>overrules</b> a sender-dependent transport map</b>.<br>\r\n→ Outbound TLS policy settings per-user are ignored and can only be enforced by TLS policy map entries.<br>\r\n→ The transport service for defined transports is always \"smtp:\" and will therefore try TLS when offered. Wrapped TLS (SMTPS) is not supported.<br>\r\n→ Addresses matching \"/localhost$/\" will always be transported via \"local:\", therefore a \"*\" destination will not apply to those addresses.<br>\r\n→ To determine credentials for an exemplary next hop \"[host]:25\", Postfix <b>always</b> queries for \"host\" before searching for \"[host]:25\". This behavior makes it impossible to use \"host\" and \"[host]:25\" at the same time.",
+        "transports_hint": "→ A transport map entry <b>overrules</b> a sender-dependent transport map</b>.<br>\r\n→ Outbound TLS policy settings per-user are ignored and can only be enforced by TLS policy map entries.<br>\r\n→ The transport service for defined transports is always \"smtp:\" and will therefore try TLS when offered. Wrapped TLS (SMTPS) is not supported.<br>\r\n→ Addresses matching \"/localhost$/\" will always be transported via \"local:\", therefore a \"*\" destination will not apply to those addresses.<br>\r\n→ To determine credentials for an exemplary next hop \"[host]:25\", Postfix <b>always</b> queries for \"host\" before searching for \"[host]:25\". This behavior makes it impossible to use \"host\" and \"[host]:25\" at the same time.",
-      "ui_footer":"footer (HTML 허용)",
+        "ui_footer": "footer (HTML 허용)",
-      "ui_header_announcement":"공지 사항",
+        "ui_header_announcement": "공지 사항",
-      "ui_header_announcement_active":"공지 사항 활성화",
+        "ui_header_announcement_active": "공지 사항 활성화",
-      "ui_header_announcement_content":"내용 (HTML 허용)",
+        "ui_header_announcement_content": "내용 (HTML 허용)",
-      "ui_header_announcement_help":"로그인한 모든 사용자가 볼 수 있고 UI의 로그인 화면에 표시됩니다.",
+        "ui_header_announcement_help": "로그인한 모든 사용자가 볼 수 있고 UI의 로그인 화면에 표시됩니다.",
-      "ui_header_announcement_select":"공지사항 타입 선택",
+        "ui_header_announcement_select": "공지사항 타입 선택",
-      "ui_header_announcement_type":"타입",
+        "ui_header_announcement_type": "타입",
-      "ui_header_announcement_type_info":"정보",
+        "ui_header_announcement_type_info": "정보",
-      "ui_header_announcement_type_warning":"중요함",
+        "ui_header_announcement_type_warning": "중요함",
-      "ui_header_announcement_type_danger":"매우 중요함",
+        "ui_header_announcement_type_danger": "매우 중요함",
-      "ui_texts":"UI 라벨과 문자",
+        "ui_texts": "UI 라벨과 문자",
-      "unban_pending":"보류중인 밴 해제",
+        "unban_pending": "보류중인 밴 해제",
-      "unchanged_if_empty":"변경되지 않은 경우 비워두십시오.",
+        "unchanged_if_empty": "변경되지 않은 경우 비워두십시오.",
-      "upload":"업로드",
+        "upload": "업로드",
-      "username":"사용자 이름",
+        "username": "사용자 이름",
-      "validate_license_now":"라이선스 서버와 GUID 확인",
+        "validate_license_now": "라이선스 서버와 GUID 확인",
-      "verify":"확인",
+        "verify": "확인",
-      "yes":"&#10003;"
+        "yes": "&#10003;"
    },
-    "danger":{
+    "danger": {
-      "access_denied":"접근이 거부되거나 잘못된 데이터 양식",
+        "access_denied": "접근이 거부되거나 잘못된 데이터 양식",
-      "alias_domain_invalid":"유효하지 않은 도메인 별칭 %s",
+        "alias_domain_invalid": "유효하지 않은 도메인 별칭 %s",
-      "alias_empty":"별칭 주소는 비어있을 수 없습니다.",
+        "alias_empty": "별칭 주소는 비어있을 수 없습니다.",
-      "alias_goto_identical":"별칭과 goto 주소가 동일할 수 없습니다.",
+        "alias_goto_identical": "별칭과 goto 주소가 동일할 수 없습니다.",
-      "alias_invalid":"유효하지 않은 별칭 주소 %s",
+        "alias_invalid": "유효하지 않은 별칭 주소 %s",
-      "aliasd_targetd_identical":"별칭 도메인은 타겟 도메인과 같을 수 없습니다.: %s",
+        "aliasd_targetd_identical": "별칭 도메인은 타겟 도메인과 같을 수 없습니다.: %s",
-      "aliases_in_use":"최대 별칭은 %d보다 크거나 같아야합니다.",
+        "aliases_in_use": "최대 별칭은 %d보다 크거나 같아야합니다.",
-      "app_name_empty":"앱 이름이 비어있을 수 없습니다.",
+        "app_name_empty": "앱 이름이 비어있을 수 없습니다.",
-      "app_passwd_id_invalid":"앱 비밀번호 ID %s 가 유효하지 않습니다.",
+        "app_passwd_id_invalid": "앱 비밀번호 ID %s 가 유효하지 않습니다.",
-      "bcc_empty":"BCC 목적지가 비어있을 수 없습니다.",
+        "bcc_empty": "BCC 목적지가 비어있을 수 없습니다.",
-      "bcc_exists":"%s 유형에 대한 BCC 맵 %s이 존재합니다.",
+        "bcc_exists": "%s 유형에 대한 BCC 맵 %s이 존재합니다.",
-      "bcc_must_be_email":"BCC 목적지 %s는 유효한 이메일 주소가 아닙니다.",
+        "bcc_must_be_email": "BCC 목적지 %s는 유효한 이메일 주소가 아닙니다.",
-      "comment_too_long":"코멘트의 최대 길이는 160자입니다.",
+        "comment_too_long": "코멘트의 최대 길이는 160자입니다.",
-      "defquota_empty":"메일함의 기본 할당이 0일 수 없습니다.",
+        "defquota_empty": "메일함의 기본 할당이 0일 수 없습니다.",
-      "description_invalid":"%의 리소스 설명이 유효하지 않습니다.",
+        "description_invalid": "%의 리소스 설명이 유효하지 않습니다.",
-      "dkim_domain_or_sel_invalid":"DKIM 도메인 또는 선택기가 잘못되었습니다. : %s",
+        "dkim_domain_or_sel_invalid": "DKIM 도메인 또는 선택기가 잘못되었습니다. : %s",
-      "domain_cannot_match_hostname":"도메인이 호스트 이름과 일치할 수 없습니다.",
+        "domain_cannot_match_hostname": "도메인이 호스트 이름과 일치할 수 없습니다.",
-      "domain_exists":"도메인 %s은 이미 존재합니다.",
+        "domain_exists": "도메인 %s은 이미 존재합니다.",
-      "domain_invalid":"도메인 이름이 비어있거나 유효하지 않습니다.",
+        "domain_invalid": "도메인 이름이 비어있거나 유효하지 않습니다.",
-      "domain_not_empty":"비어있지 않은 domain %s은 제거할 수 없습니다.",
+        "domain_not_empty": "비어있지 않은 domain %s은 제거할 수 없습니다.",
-      "domain_not_found":"도메인 %s을 찾을 수 없습니다.",
+        "domain_not_found": "도메인 %s을 찾을 수 없습니다.",
-      "domain_quota_m_in_use":"도메인 할당량은 %s MiB보다 크거나 같아야 합니다.",
+        "domain_quota_m_in_use": "도메인 할당량은 %s MiB보다 크거나 같아야 합니다.",
-      "extra_acl_invalid":"유효하지 않은 외부 발신자 주소 \"%s\"",
+        "extra_acl_invalid": "유효하지 않은 외부 발신자 주소 \"%s\"",
-      "extra_acl_invalid_domain":"유효한 도메인을 사용하지 않은 외부 발신자\"%s\"",
+        "extra_acl_invalid_domain": "유효한 도메인을 사용하지 않은 외부 발신자\"%s\"",
-      "file_open_error":"쓰기 위해 파일을 열 수 없습니다.",
+        "file_open_error": "쓰기 위해 파일을 열 수 없습니다.",
-      "filter_type":"잘못된 필터 타입",
+        "filter_type": "잘못된 필터 타입",
-      "from_invalid":"발신자는 비어있으면 안됩니다.",
+        "from_invalid": "발신자는 비어있으면 안됩니다.",
-      "global_filter_write_error":"작성할 수 없는 필터 파일: %s",
+        "global_filter_write_error": "작성할 수 없는 필터 파일: %s",
-      "global_map_invalid":"유효하지 않은 글로벌 맵 아이디 %s",
+        "global_map_invalid": "유효하지 않은 글로벌 맵 아이디 %s",
-      "global_map_write_error":"작성할 수 없는 글로벌 맵 아이디 %s: %s",
+        "global_map_write_error": "작성할 수 없는 글로벌 맵 아이디 %s: %s",
-      "goto_empty":"별칭 도메인은 적어도 하나의 유효한 goto 주소를 포함해야 합니다.",
+        "goto_empty": "별칭 도메인은 적어도 하나의 유효한 goto 주소를 포함해야 합니다.",
-      "goto_invalid":"유효하지 않은 Goto 주소 %s",
+        "goto_invalid": "유효하지 않은 Goto 주소 %s",
-      "ham_learn_error":"Ham 학습 에러: %s",
+        "ham_learn_error": "Ham 학습 에러: %s",
-      "imagick_exception":"경고: 이미지를 읽는 동안 Imagick 예외 발생",
+        "imagick_exception": "경고: 이미지를 읽는 동안 Imagick 예외 발생",
-      "img_invalid":"이미지 파일의 유효성을 확인할 수 없습니다.",
+        "img_invalid": "이미지 파일의 유효성을 확인할 수 없습니다.",
-      "img_tmp_missing":"이미지 파일의 유효성 확인 실패: 임시 파일을 찾을 수 없습니다.",
+        "img_tmp_missing": "이미지 파일의 유효성 확인 실패: 임시 파일을 찾을 수 없습니다.",
-      "invalid_bcc_map_type":"유효하지 않은 BCC 맵 타입",
+        "invalid_bcc_map_type": "유효하지 않은 BCC 맵 타입",
-      "invalid_destination":"유효하지 않은 목적지 포맷 \"%s\"",
+        "invalid_destination": "유효하지 않은 목적지 포맷 \"%s\"",
-      "invalid_filter_type":"유효하지 않은 필터 타입",
+        "invalid_filter_type": "유효하지 않은 필터 타입",
-      "invalid_host":"잘못된 호스트가 지정됨: %s",
+        "invalid_host": "잘못된 호스트가 지정됨: %s",
-      "invalid_mime_type":"잘못된 mime 타입",
+        "invalid_mime_type": "잘못된 mime 타입",
-      "invalid_nexthop":"다음 홉 형식이 유효하지 않습니다.",
+        "invalid_nexthop": "다음 홉 형식이 유효하지 않습니다.",
-      "invalid_nexthop_authenticated":"다음 홉이 다른 자격 증명을 가지고 있습니다, 먼저 다음 홉을 위해 자격 증명을 업데이트 해주세요.",
+        "invalid_nexthop_authenticated": "다음 홉이 다른 자격 증명을 가지고 있습니다, 먼저 다음 홉을 위해 자격 증명을 업데이트 해주세요.",
-      "invalid_recipient_map_new":"잘못된 새 수신인이 지정됨: %s",
+        "invalid_recipient_map_new": "잘못된 새 수신인이 지정됨: %s",
-      "invalid_recipient_map_old":"잘못된 기존 수신인이 지정됨: %s",
+        "invalid_recipient_map_old": "잘못된 기존 수신인이 지정됨: %s",
-      "ip_list_empty":"허용된 IP 리스트가 비어있을 수 없습니다.",
+        "ip_list_empty": "허용된 IP 리스트가 비어있을 수 없습니다.",
-      "is_alias":"%s은 이미 알려진 별칭 주소입니다.",
+        "is_alias": "%s은 이미 알려진 별칭 주소입니다.",
-      "is_alias_or_mailbox":"%s은 이미 별칭, 메일함, 별칭 도메인으로부터 나온 별칭 주소로 사용되고 있습니다.",
+        "is_alias_or_mailbox": "%s은 이미 별칭, 메일함, 별칭 도메인으로부터 나온 별칭 주소로 사용되고 있습니다.",
-      "is_spam_alias":"%s은 사용중인 임시 별칭 주소 입니다.(스팸 별칭 주소)",
+        "is_spam_alias": "%s은 사용중인 임시 별칭 주소 입니다.(스팸 별칭 주소)",
-      "last_key":"마지막 키를 삭제할 수 없습니다. TFA를 먼저 비활성화 해주세요.",
+        "last_key": "마지막 키를 삭제할 수 없습니다. TFA를 먼저 비활성화 해주세요.",
-      "login_failed":"로그인 실패",
+        "login_failed": "로그인 실패",
-      "mailbox_defquota_exceeds_mailbox_maxquota":"기본 할당량이 최대 할당량을 초과하였습니다.",
+        "mailbox_defquota_exceeds_mailbox_maxquota": "기본 할당량이 최대 할당량을 초과하였습니다.",
-      "mailbox_invalid":"유효하지 않은 메일함 이름",
+        "mailbox_invalid": "유효하지 않은 메일함 이름",
-      "mailbox_quota_exceeded":"할당량이 도메인 제한을 초과하였습니다. (max. %d MiB)",
+        "mailbox_quota_exceeded": "할당량이 도메인 제한을 초과하였습니다. (max. %d MiB)",
-      "mailbox_quota_exceeds_domain_quota":"최대 할당량이 도메인 할당량 제한을 초과하였습니다.",
+        "mailbox_quota_exceeds_domain_quota": "최대 할당량이 도메인 할당량 제한을 초과하였습니다.",
-      "mailbox_quota_left_exceeded":"충분한 공간이 남아있지 않습니다. (남은 디스크: %d MiB)",
+        "mailbox_quota_left_exceeded": "충분한 공간이 남아있지 않습니다. (남은 디스크: %d MiB)",
-      "mailboxes_in_use":"최대 메일함은 %d와 같거나 커야 합니다,",
+        "mailboxes_in_use": "최대 메일함은 %d와 같거나 커야 합니다,",
-      "malformed_username":"잘못된 형식의 사용자 이름",
+        "malformed_username": "잘못된 형식의 사용자 이름",
-      "map_content_empty":"맵 컨텐츠는 비어있을 수 없습니다.",
+        "map_content_empty": "맵 컨텐츠는 비어있을 수 없습니다.",
-      "max_alias_exceeded":"최대 별칭 초과",
+        "max_alias_exceeded": "최대 별칭 초과",
-      "max_mailbox_exceeded":"최대 메일함 초과(%d of %d)",
+        "max_mailbox_exceeded": "최대 메일함 초과(%d of %d)",
-      "max_quota_in_use":"메일함 할당량이 %d MiB보다 크거나 같아야 합니다.",
+        "max_quota_in_use": "메일함 할당량이 %d MiB보다 크거나 같아야 합니다.",
-      "maxquota_empty":"메일함당 최대 할당량은 0일 수 없습니다.",
+        "maxquota_empty": "메일함당 최대 할당량은 0일 수 없습니다.",
-      "mysql_error":"MySQL 에러: %s",
+        "mysql_error": "MySQL 에러: %s",
-      "network_host_invalid":"유효하지 않은 네트워크 혹은 호스트: %s",
+        "network_host_invalid": "유효하지 않은 네트워크 혹은 호스트: %s",
-      "next_hop_interferes":"%s이 다음 홉 %s을 간섭합니다.",
+        "next_hop_interferes": "%s이 다음 홉 %s을 간섭합니다.",
-      "next_hop_interferes_any":"%s을 간섭하는 다음 홉이 존재합니다.",
+        "next_hop_interferes_any": "%s을 간섭하는 다음 홉이 존재합니다.",
-      "no_user_defined":"정의되지 않은 유저",
+        "no_user_defined": "정의되지 않은 유저",
-      "object_exists":"객체 %s가 이미 존재합니다.",
+        "object_exists": "객체 %s가 이미 존재합니다.",
-      "object_is_not_numeric":" %s은 숫자가 아닙니다.",
+        "object_is_not_numeric": " %s은 숫자가 아닙니다.",
-      "password_complexity":"암호가 정책을 충족하지 않습니다.",
+        "password_complexity": "암호가 정책을 충족하지 않습니다.",
-      "password_empty":"암호가 공백일 수 없습니다.",
+        "password_empty": "암호가 공백일 수 없습니다.",
-      "password_mismatch":"확인 암호가 일치하지 않습니다.",
+        "password_mismatch": "확인 암호가 일치하지 않습니다.",
-      "policy_list_from_exists":"같은 이름을 가진 레코드가 존재합니다.",
+        "policy_list_from_exists": "같은 이름을 가진 레코드가 존재합니다.",
-      "policy_list_from_invalid":"유효하지 않은 포맷의 레코드",
+        "policy_list_from_invalid": "유효하지 않은 포맷의 레코드",
-      "private_key_error":"개인 키 오류: %s",
+        "private_key_error": "개인 키 오류: %s",
-      "pushover_credentials_missing":"Pushover 토큰 혹은 키를 찾을 수 없습니다.",
+        "pushover_credentials_missing": "Pushover 토큰 혹은 키를 찾을 수 없습니다.",
-      "pushover_key":"Pushover 키 포맷이 잘못되었습니다.",
+        "pushover_key": "Pushover 키 포맷이 잘못되었습니다.",
-      "pushover_token":"Pushover 토큰 포맷이 잘못되었습니다.",
+        "pushover_token": "Pushover 토큰 포맷이 잘못되었습니다.",
-      "quota_not_0_not_numeric":"할당량은 숫자이여야 하고 0보다 크거나 같아야 합니다.",
+        "quota_not_0_not_numeric": "할당량은 숫자이여야 하고 0보다 크거나 같아야 합니다.",
-      "recipient_map_entry_exists":"수신자 맵 항목 \"%s\"이 존재합니다",
+        "recipient_map_entry_exists": "수신자 맵 항목 \"%s\"이 존재합니다",
-      "redis_error":"Redis 에러: %s",
+        "redis_error": "Redis 에러: %s",
-      "relayhost_invalid":"유효하지 않은 맵 기록 %s",
+        "relayhost_invalid": "유효하지 않은 맵 기록 %s",
-      "release_send_failed":"메시지를 릴리즈할 수 없습니다.: %s",
+        "release_send_failed": "메시지를 릴리즈할 수 없습니다.: %s",
-      "resource_invalid":"리소스 이름 %s이 유효하지 않습니다.",
+        "resource_invalid": "리소스 이름 %s이 유효하지 않습니다.",
-      "rl_timeframe":"속도 제한 시간 프레임이 올바르지 않습니다.",
+        "rl_timeframe": "속도 제한 시간 프레임이 올바르지 않습니다.",
-      "rspamd_ui_pw_length":"Rspamd UI 비밀번호는 최소 6 자리여야 합니다.",
+        "rspamd_ui_pw_length": "Rspamd UI 비밀번호는 최소 6 자리여야 합니다.",
-      "script_empty":"스크립트는 비어있을 수 없습니다.",
+        "script_empty": "스크립트는 비어있을 수 없습니다.",
-      "sender_acl_invalid":"유효하지 않은 발신자 ACL 값 %s",
+        "sender_acl_invalid": "유효하지 않은 발신자 ACL 값 %s",
-      "set_acl_failed":"ACL 설정 실패",
+        "set_acl_failed": "ACL 설정 실패",
-      "settings_map_invalid":"유효하지 않은 맵 아이디 설정 %s",
+        "settings_map_invalid": "유효하지 않은 맵 아이디 설정 %s",
-      "sieve_error":"Sieve 파서 에러: %s",
+        "sieve_error": "Sieve 파서 에러: %s",
-      "spam_learn_error":"Spam 학습 에러: %s",
+        "spam_learn_error": "Spam 학습 에러: %s",
-      "subject_empty":"제목이 비어있을 수 없습니다.",
+        "subject_empty": "제목이 비어있을 수 없습니다.",
-      "target_domain_invalid":"목표 도메인 %s이 유효하지 않습니다.",
+        "target_domain_invalid": "목표 도메인 %s이 유효하지 않습니다.",
-      "targetd_not_found":"목표 도메인 %s을 찾을 수 없습니다.",
+        "targetd_not_found": "목표 도메인 %s을 찾을 수 없습니다.",
-      "targetd_relay_domain":"목표 도메인은 %s은 릴레이 도메인입니다.",
+        "targetd_relay_domain": "목표 도메인은 %s은 릴레이 도메인입니다.",
-      "temp_error":"일시적인 오류",
+        "temp_error": "일시적인 오류",
-      "text_empty":"문자가 비어서는 안 됩니다.",
+        "text_empty": "문자가 비어서는 안 됩니다.",
-      "tls_policy_map_dest_invalid":"유효하지 않은 정책 대상",
+        "tls_policy_map_dest_invalid": "유효하지 않은 정책 대상",
-      "tls_policy_map_entry_exists":"TLS 정책 맵 기록 \"%s\"가 존재합니다.",
+        "tls_policy_map_entry_exists": "TLS 정책 맵 기록 \"%s\"가 존재합니다.",
-      "tls_policy_map_parameter_invalid":"유효하지 않은 정책 매개변수",
+        "tls_policy_map_parameter_invalid": "유효하지 않은 정책 매개변수",
-      "totp_verification_failed":"TOTP 확인 실패",
+        "totp_verification_failed": "TOTP 확인 실패",
-      "transport_dest_exists":"전송 목적지 \"%s\"가 존재합니다.",
+        "transport_dest_exists": "전송 목적지 \"%s\"가 존재합니다.",
-      "u2f_verification_failed":"U2F 검증 실패: %s",
+        "webauthn_verification_failed": "WebAuthn 검증 실패: %s",
-      "unknown":"알 수 없는 오류 발생",
+        "unknown": "알 수 없는 오류 발생",
-      "unknown_tfa_method":"알 수 없는 TFA 방식",
+        "unknown_tfa_method": "알 수 없는 TFA 방식",
-      "unlimited_quota_acl":"ACL에 따라 할당량을 무제한으로 둘 수 없습니다.",
+        "unlimited_quota_acl": "ACL에 따라 할당량을 무제한으로 둘 수 없습니다.",
-      "username_invalid":"%s는 사용지 이름으로 사용할 수 없습니다.",
+        "username_invalid": "%s는 사용지 이름으로 사용할 수 없습니다.",
-      "validity_missing":"유효 기간을 지정해주세요.",
+        "validity_missing": "유효 기간을 지정해주세요.",
-      "value_missing":"모든 값을 입력해주세요.",
+        "value_missing": "모든 값을 입력해주세요.",
-      "yotp_verification_failed":"Yubico OTP 검증 실패: %s"
+        "yotp_verification_failed": "Yubico OTP 검증 실패: %s"
    },
    "debug": {
        "chart_this_server": "Chart (this server)",
@ -625,11 +625,11 @@
        "bcc_to_rcpt": "수신자 맵 타입으로 변경",
        "bcc_to_sender": "발신자 맵 타입으로 변경",
        "bcc_type": "BCC 종류",
-        "booking_0": "Always show as free",
+        "booking_null": "Always show as free",
        "booking_0_short": "Always free",
        "booking_custom": "Hard-limit to a custom amount of bookings",
        "booking_custom_short": "Hard limit",
-        "booking_lt0": "Unlimited, but show as busy when booked",
+        "booking_ltnull": "Unlimited, but show as busy when booked",
        "booking_lt0_short": "Soft limit",
        "daily": "매일",
        "deactivate": "비활성화",
@ -852,7 +852,7 @@
        "ui_texts": "Saved changes to UI texts",
        "upload_success": "File uploaded successfully",
        "verified_totp_login": "Verified TOTP login",
-        "verified_u2f_login": "Verified U2F login",
+        "verified_webauthn_login": "Verified WebAuthn login",
        "verified_yotp_login": "Verified Yubico OTP login"
    },
    "tfa": {
@ -863,7 +863,7 @@
        "disable_tfa": "Disable TFA until next successful login",
        "enter_qr_code": "Your TOTP code if your device cannot scan QR codes",
        "error_code": "Error code",
-        "init_u2f": "Initializing, please wait...",
+        "init_webauthn": "Initializing, please wait...",
        "key_id": "An identifier for your YubiKey",
        "key_id_totp": "An identifier for your key",
        "none": "Deactivate",
@ -871,12 +871,12 @@
        "scan_qr_code": "Please scan the following code with your authenticator app or enter the code manually.",
        "select": "Please select",
        "set_tfa": "Set two-factor authentication method",
-        "start_u2f_validation": "Start validation",
+        "start_webauthn_validation": "Start validation",
        "tfa": "Two-factor authentication",
        "totp": "Time-based OTP (Google Authenticator, Authy, etc.)",
-        "u2f": "U2F authentication",
+        "webauthn": "WebAuthn authentication",
-        "waiting_usb_auth": "<i>Waiting for USB device...</i><br><br>Please tap the button on your U2F USB device now.",
+        "waiting_usb_auth": "<i>Waiting for USB device...</i><br><br>Please tap the button on your WebAuthn USB device now.",
-        "waiting_usb_register": "<i>Waiting for USB device...</i><br><br>Please enter your password above and confirm your U2F registration by tapping the button on your U2F USB device.",
+        "waiting_usb_register": "<i>Waiting for USB device...</i><br><br>Please enter your password above and confirm your WebAuthn registration by tapping the button on your WebAuthn USB device.",
        "yubi_otp": "Yubico OTP authentication"
    },
    "user": {
@ -933,7 +933,6 @@
        "messages": "메세지",
        "never": "보내지 않음",
        "new_password": "새 비밀번호",
        "new_password_description": "요구 사항: 최소 6자리의 숫자와 문자의 조합.",
        "new_password_repeat": "비밀번호 확인 (재입력)",
        "no_active_filter": "No active filter available",
        "no_last_login": "마지막 UI 로그인 정보 없음",
--- a/data/web/lang/lang.lv.json
+++ b/data/web/lang/lang.lv.json
@ -66,7 +66,6 @@
        "add_domain_admin": "Pievienot domēna administratoru",
        "add_forwarding_host": "Pievienot pāradresācijas hostu",
        "add_relayhost": "Pievienot Relayhost",
        "add_relayhost_add_hint": "Lūdzu, ņemiet vērā, ka relejhostu autentifikācijas dati tiks saglabāti kā vienkāršs teksts.",
        "add_row": "Pievienot rindu",
        "admin": "Administrators",
        "admin_details": "Labot administratora detaļas",
@ -278,7 +277,6 @@
    "header": {
        "administration": "Administrēšana",
        "debug": "Atkļūdošana",
        "logged_in_as_logout_dual": "Ielogojies kā <b>%s <span class=\"text-info\">[%s]</span></b>",
        "mailboxes": "Pastkastes",
        "mailcow_settings": "Configurācija",
        "quarantine": "Karantīna",
@ -452,9 +450,9 @@
        "set_tfa": "Uzstādīt difi faktoru autentifik;acijas metodi",
        "tfa": "Divu faktoru autentifikācija",
        "totp": "Uz laiku bāzēta vienreizēja parole (Google Autentifikātors utt.)",
-        "u2f": "U2F autentifikācija",
+        "webauthn": "WebAuthn autentifikācija",
-        "waiting_usb_auth": "<i>Gaida USB ierīci...</i><br><br>Lūdzu, tagad nospiežiet pogu uz Jūsu U2F USB ierīces.",
+        "waiting_usb_auth": "<i>Gaida USB ierīci...</i><br><br>Lūdzu, tagad nospiežiet pogu uz Jūsu WebAuthn USB ierīces.",
-        "waiting_usb_register": "<i>Gaida USB ierīci...</i><br><br>Lūdzu augšā ievadiet Jūsu paroli un apstipriniet U2F reģistrāciju nospiežot pogu uz Jūsu U2F USB ierīces.",
+        "waiting_usb_register": "<i>Gaida USB ierīci...</i><br><br>Lūdzu augšā ievadiet Jūsu paroli un apstipriniet WebAuthn reģistrāciju nospiežot pogu uz Jūsu WebAuthn USB ierīces.",
        "yubi_otp": "Yubico OTP autentifikators"
    },
    "user": {
@ -494,7 +492,6 @@
        "mailbox_details": "Pastkastes detaļas",
        "messages": "vēstules",
        "new_password": "Jauna parole",
        "new_password_description": "Prasība: vismaz 6 simboli gara, burti un cipari.",
        "new_password_repeat": "Paroles apstiprinājums (atkārtoti)",
        "no_active_filter": "Nav pieejami aktīvi filtri",
        "no_record": "Nav ieraksta",
@ -502,7 +499,6 @@
        "remove": "Noņemt",
        "running": "Running",
        "save_changes": "Saglabāt izmaiņas",
        "save_Izmaiņas": "Saglabāt Izmaiņas",
        "shared_aliases": "Koplietotās alias adreses",
        "shared_aliases_desc": "Koplietotais alias netiek ietekmēts no lietotāju darbībām. Pielāgots spam filtra iestatījums var būt arhivēts no domēna ietvaros uzstādīta noteikuma no administrātora..",
        "show_sieve_filters": "Parādīt aktīvā lietotāja Sieve filtru",
--- a/data/web/lang/lang.nl.json
+++ b/data/web/lang/lang.nl.json
@ -351,7 +351,6 @@
        "global_filter_write_error": "Filter kon niet opgeslagen worden: %s",
        "global_map_invalid": "Globaal filter %s is ongeldig",
        "global_map_write_error": "Globaal filter %s kon niet opgeslagen worden: %s",
        "xmpp_map_write_error": "XMPP-map kon niet opgeslagen worden: %s",
        "goto_empty": "Een aliasadres dient ten minste één doeladres te hebben",
        "goto_invalid": "Doeladres %s is ongeldig",
        "ham_learn_error": "Ham training-error: %s",
@ -429,7 +428,7 @@
        "tls_policy_map_parameter_invalid": "Beleidsparameter is ongeldig",
        "totp_verification_failed": "TOTP-verificatie mislukt",
        "transport_dest_exists": "Transportbestemming \"%s\" bestaat reeds",
-        "u2f_verification_failed": "U2F-verificatie mislukt: %s",
+        "webauthn_verification_failed": "WebAuthn-verificatie mislukt: %s",
        "fido2_verification_failed": "FIDO2-verificatie mislukt: %s",
        "unknown": "Er is een onbekende fout opgetreden",
        "unknown_tfa_method": "Onbekende tweefactorauthenticatiemethode",
@ -437,9 +436,7 @@
        "username_invalid": "Gebruikersnaam %s kan niet worden gebruikt",
        "validity_missing": "Wijs een geldigheidstermijn toe",
        "value_missing": "Niet alle waarden zijn ingevuld",
-        "yotp_verification_failed": "Yubico OTP-verificatie mislukt: %s",
+        "yotp_verification_failed": "Yubico OTP-verificatie mislukt: %s"
        "xmpp_restart_failed": "XMPP herstart mislukt",
        "xmpp_reload_failed": "XMPP reload mislukt"
    },
    "debug": {
        "chart_this_server": "Grafiek (deze server)",
@ -453,7 +450,6 @@
        "logs": "Logs",
        "restart_container": "Herstart",
        "solr_dead": "Solr is uitgeschakeld, uitgevallen of nog bezig met opstarten.",
        "xmpp_dead": "XMPP is uitgeschakeld, uitgevallen of nog bezig met opstarten.",
        "docs": "Documenten",
        "last_modified": "Voor het laatst bijgewerkt op",
        "online_users": "Gebruikers online",
@ -463,8 +459,7 @@
        "uptime": "Uptime",
        "started_on": "Gestart op",
        "static_logs": "Statische logs",
-        "system_containers": "Systeem & containers",
+        "system_containers": "Systeem & containers"
        "xmpp_status": "XMPP-status"
    },
    "diagnostics": {
        "cname_from_a": "Waarde afgeleid van een A- of AAAA-vermelding.",
@ -513,17 +508,6 @@
        "full_name": "Volledige naam",
        "gal": "Globale adreslijst",
        "gal_info": "De globale adreslijst bevat alle objecten van een domein. Deze kunnen door geen enkele gebruiker worden bewerkt. <b>Herstart SOGo om wijzigingen door te voeren.</b>",
        "xmpp": "Activeer XMPP voor dit domein",
        "xmpp_prefix": "XMPP-prefix (\"im\" om <b>im</b>.example.org te gebruiken)",
        "xmpp_prefix_info": "Om certificaten voor XMPP aan te vragen, dienen twee CNAME records te verwijzen van <b>im</b>.example.org en <b>*.im</b>.example.org naar <b>%s</b>. Controleer na het inschakelen van XMPP de DNS-configuratie in het Domeinen-overzicht.",
        "xmpp_info": "Deze optie activeert de chatfunctionaliteit voor dit domein.",
        "xmpp_access": "XMPP-toegang",
        "xmpp_access_info": "XMPP dient ingeschakeld te zijn voor dit domein.",
        "xmpp_admin": "XMPP-administrator",
        "xmpp_admin_info": "<b>Waarschuwing:</b> Promoveert een gebruiker tot XMPP-administrator van dit domein.",
        "xmpp_example_jid": "<b>Voorbeeld JID</b> (log in met mailboxwachtwoord)",
        "generate": "genereer",
        "grant_types": "Grant types",
        "hostname": "Hostname",
@ -665,11 +649,11 @@
        "bcc_to_rcpt": "Schakel over naar ontvanger-map",
        "bcc_to_sender": "Schakel over naar afzender-map",
        "bcc_type": "BCC-type",
-        "booking_0": "Toon altijd als vrij",
+        "booking_null": "Toon altijd als vrij",
        "booking_0_short": "Altijd vrij",
        "booking_custom": "Zet vast op een specifiek aantal boekingen",
        "booking_custom_short": "Hard limit",
-        "booking_lt0": "Onbeperkt, maar toon als bezet wanneer geboekt",
+        "booking_ltnull": "Onbeperkt, maar toon als bezet wanneer geboekt",
        "booking_lt0_short": "Soft limit",
        "daily": "Dagelijks",
        "deactivate": "Deactiveer",
@ -907,12 +891,9 @@
        "ui_texts": "Wijzigingen aan labels en teksten zijn opgeslagen",
        "upload_success": "Bestand succesvol geupload",
        "verified_totp_login": "TOTP succesvol geverifieerd",
-        "verified_u2f_login": "U2F succesvol geverifieerd",
+        "verified_webauthn_login": "WebAuthn succesvol geverifieerd",
        "verified_fido2_login": "FIDO2 succesvol geverifieerd",
-        "verified_yotp_login": "Yubico OTP succesvol geverifieerd",
+        "verified_yotp_login": "Yubico OTP succesvol geverifieerd"
        "xmpp_restarted": "XMPP-service is hestart",
        "xmpp_reloaded": "XMPP-service is herladen",
        "xmpp_maps_updated": "XMPP-maps zijn bijgewerkt"
    },
    "tfa": {
        "api_register": "%s maakt gebruik van de Yubico Cloud API. Om dit te benutten is er een API-key van Yubico vereist, deze kan <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">hier</a> opgevraagd worden",
@ -922,7 +903,7 @@
        "disable_tfa": "Pauzeer tweefactorauthenticatie tot de eerstvolgende succesvolle login",
        "enter_qr_code": "Voer deze code in als je apparaat geen QR-codes kan scannen:",
        "error_code": "Errorcode",
-        "init_u2f": "Even geduld aub...",
+        "init_webauthn": "Even geduld aub...",
        "key_id": "Geef deze YubiKey een naam",
        "key_id_totp": "Geef deze key een naam",
        "none": "Deactiveer",
@ -930,13 +911,13 @@
        "scan_qr_code": "Scan de volgende QR-code met je authenticatie-app:",
        "select": "Selecteer...",
        "set_tfa": "Kies methode voor tweefactorauthenticatie",
-        "start_u2f_validation": "Start validatie",
+        "start_webauthn_validation": "Start validatie",
        "tfa": "Tweefactorauthenticatie",
        "tfa_token_invalid": "Tweefactorauthenticatietoken is ongeldig",
        "totp": "TOTP (Step Two, Authy, etc.)",
-        "u2f": "U2F",
+        "webauthn": "WebAuthn",
-        "waiting_usb_auth": "<i>In afwachting van USB-apparaat...</i><br><br>Druk nu op de knop van je U2F-apparaat.",
+        "waiting_usb_auth": "<i>In afwachting van USB-apparaat...</i><br><br>Druk nu op de knop van je WebAuthn-apparaat.",
-        "waiting_usb_register": "<i>In afwachting van USB-apparaat...</i><br><br>Voer je wachtwoord hierboven in en bevestig de registratie van het U2F-apparaat door op de knop van het apparaat te drukken.",
+        "waiting_usb_register": "<i>In afwachting van USB-apparaat...</i><br><br>Voer je wachtwoord hierboven in en bevestig de registratie van het WebAuthn-apparaat door op de knop van het apparaat te drukken.",
        "yubi_otp": "Yubico OTP"
    },
    "fido2": {
@ -1007,7 +988,6 @@
        "messages": "berichten",
        "never": "Nooit",
        "new_password": "Nieuw wachtwoord",
        "new_password_description": "Vereisten: 6 tekens lang, letters en nummers",
        "new_password_repeat": "Herhaal wachtwoord",
        "no_active_filter": "Geen actieve filters gevonden",
        "no_last_login": "Geen informatie over laatste login",
--- a/data/web/lang/lang.pl.json
+++ b/data/web/lang/lang.pl.json
@ -197,9 +197,7 @@
        "delete_now": "Usuń teraz",
        "delete_these_items": "Czy jesteś pewien, że chcesz usunąć następujące elementy?",
        "loading": "Proszę czekać...",
-        "restart_now": "Uruchom ponownie teraz",
+        "restart_now": "Uruchom ponownie teraz"
        "restart_sogo": "Uruchom ponownie SOGo",
        "restart_sogo_info": "Niektóre zadania, np. dodanie domeny, wymagają ponownego uruchomienia SOGo, aby zastosować zmiany wprowadzone do Mailcow UI.<br><br><b>Important:</b> Bezpieczne, ponowne uruchomienie może chwilę potrwać, proszę czekać do zakończenia procesu."
    },
    "header": {
        "administration": "Administrowanie",
@ -331,9 +329,9 @@
        "set_tfa": "Ustaw metodę uwierzytelniania dwuetapowego",
        "tfa": "Uwierzytelnianie dwuetapowe",
        "totp": "Time-based OTP (Google Authenticator itd.)",
-        "u2f": "Uwierzytelnianie U2F",
+        "webauthn": "Uwierzytelnianie WebAuthn",
-        "waiting_usb_auth": "<i>Czekam na urządzenie USB...</i><br><br>Wciśnij teraz przycisk na urządzeniu U2F USB.",
+        "waiting_usb_auth": "<i>Czekam na urządzenie USB...</i><br><br>Wciśnij teraz przycisk na urządzeniu WebAuthn USB.",
-        "waiting_usb_register": "<i> Czekam na urządzenie USB...</i><br><br>Wprowadź swoje  hasło powyżej i potwierdź rejestrację U2F przez naciśnięcie przycisku na urządzeniu U2F USB.",
+        "waiting_usb_register": "<i> Czekam na urządzenie USB...</i><br><br>Wprowadź swoje  hasło powyżej i potwierdź rejestrację WebAuthn przez naciśnięcie przycisku na urządzeniu WebAuthn USB.",
        "yubi_otp": "Uwierzytelnianie Yubico OTP"
    },
    "user": {
@ -375,7 +373,6 @@
        "messages": "wiadomości",
        "never": "Nigdy",
        "new_password": "Nowe hasło",
        "new_password_description": "Wymagania: 6 znaków, litery i liczby.",
        "new_password_repeat": "Potwierdź hasło(powtórz)",
        "no_active_filter": "Brak aktywnego filtra",
        "no_record": "Brak rekordu",
--- a/data/web/lang/lang.pt.json
+++ b/data/web/lang/lang.pt.json
@ -68,17 +68,12 @@
        "alias_invalid": "O endereço digitado como Apelido é inválido",
        "aliasd_targetd_identical": "o Encaminhamento de Domínio não pode ser igual ao Domínio Destino",
        "aliases_in_use": "O máximo de Apelidos deve ser maior ou igual a %d",
        "blacklist_exists": "O registro já existe na BlackList",
        "blacklist_from_invalid": "O registro Blacklist possui formato inválido",
        "dkim_domain_or_sel_invalid": " Registro DKIM inválido",
        "domain_exists": "Domínio %s já existe",
        "domain_invalid": "Domínio inválido",
        "domain_not_empty": "Não é possível remover um domínio com Contas/Apelidos/Direcionamentos",
        "domain_not_found": "Domínio não encontrado.",
        "domain_quota_m_in_use": "Espaço do Domínio deve ser maior ou igual a %s MiB",
        "fetchmail_active": "O processo esta em andamento, aguarde o seu término.",
        "fetchmail_dest_empty": "Definir a pasta de destino",
        "fetchmail_source_empty": "Definir a pasta de origem",
        "goto_empty": "Você deve preencher o campo Encaminhar para",
        "goto_invalid": "O endereço digitado como Encaminhar para é inválido",
        "is_alias": "o endereço %s já é um Apelido",
@ -139,9 +134,6 @@
    "footer": {
        "loading": "Aguarde..."
    },
    "getmail": {
        "no_status": "Nenhum registro anterior encontrado"
    },
    "header": {
        "administration": "Administração",
        "mailboxes": "Contas",
@ -149,18 +141,12 @@
        "user_settings": "Configurações do usuário"
    },
    "info": {
        "fetchmail_planned": "Procedimento de retirada de emails foi agendado. Verifique o processo mais tarde.",
        "no_action": "Nenhuma ação foi definida"
    },
    "login": {
        "confirm": "Confirmar",
        "delayed": "Sua entrada será atrasada por %s segundos.",
        "login": "Entrar",
        "otp": "Senha única",
        "password": "Senha",
        "tfa": "Autenticação em duas etapas",
        "tfa_details": "Confirme sua senha no campo abaixo",
        "trash_login": "Tentativas de entrada",
        "username": "Usuário"
    },
    "mailbox": {
@ -246,7 +232,6 @@
        "hours": "Horas",
        "mailbox_details": "Detalhes da conta",
        "new_password": "Nova senha",
        "new_password_description": "Requerido: mínimo de 6 characteres com letras e números.",
        "new_password_repeat": "Confirmar senha (repetir)",
        "no_record": "Nenhum registro",
        "password_now": "Senha atual (confirme a alteração)",
--- a/data/web/lang/lang.ro.json
+++ b/data/web/lang/lang.ro.json
@ -42,8 +42,10 @@
        "alias_domain_info": "<small>Doar nume de domenii valide (separate prin virgulă).</small>",
        "app_name": "Nume aplicație",
        "app_password": "Adaugă parolă aplicație",
        "app_passwd_protocols": "Protocoale permise pentru parola aplicației",
        "automap": "Încearcă maparea automată a folderelor (\"Obiecte trimise\", \"Trimise\" => \"Trimise\" etc.)",
        "backup_mx_options": "Opțiuni backup MX",
        "bcc_dest_format": "Destinația BCC trebuie să fie o singură adresă de email validă.",
        "comment_info": "Un comentariu privat nu este vizibil pentru utilizator, în timp ce un comentariu public este afișat ca un tooltip când se trece peste el într-o privire de ansamblu asupra utilizatorilor",
        "custom_params": "Parametri personalizați",
        "custom_params_hint": "Corect: --param=xy, greşit: --param xy",
@ -133,6 +135,8 @@
        "api_allow_from": "Permite accesul API de la aceste adrese IP/CIDR",
        "api_info": "API-ul este în dezvoltare. Documentația se găsește la adresa: <a href=\"/api\">/api</a>",
        "api_key": "Cheie API",
        "api_read_only": "Acces doar pentru citire",
        "api_read_write": "Acces pentru citire și scriere",
        "api_skip_ip_check": "Săriți verificarea IP pentru API",
        "app_links": "Linkuri aplicație",
        "app_name": "Nume aplicație",
@ -220,6 +224,8 @@
        "no_active_bans": "Nu există interdicții active",
        "no_new_rows": "Nu există alte rânduri disponibile",
        "no_record": "Nici o înregistrare",
        "oauth2_apps": "Aplicații OAuth2",
        "oauth2_add_client": "Adaugă client OAuth2",
        "oauth2_client_id": "ID client",
        "oauth2_client_secret": "Secret client",
        "oauth2_info": "Implementarea OAuth2 suportă tipul de acces \"Cod de autorizare\" și emite jetoane de actualizare.<br>\r\nServerul emite automat noi jetoane de actualizare, după ce a fost folosit un jeton de actualizare.<br><br>\r\n→ Scopul implicit este <i>profil</i>. Doar utilizatorii căsuței poștale pot fi autentificați cu OAuth2. Dacă parametrul scop este omis, acesta revine la <i>profil</i>.<br>\r\n→ Parametrul <i>stare</i> trebuie să fie trimis de client ca parte a cererii de autorizare.<br><br>\r\nCăile pentru cereri către API-ul OAuth2:<br>\r\n<ul>\r\n  <li>Calea de autorizare: <code>/oauth/autorize</code ></li>\r\n  <li>Calea jetonului: <code>/oauth/token</code></li>\r\n  <li>Calea pentru resursă: <code>/oauth/profile</code></li>\r\n</ul>\r\nRegenerarea secretului clientului nu va expira codurile de autorizare existente, dar vor eșua să-și reînnoiască jetonul.<br><br>\r\nRevocarea jetoanelor clientului va cauza încheierea imediată a tuturor sesiunilor active. Toți clienții trebuie să se autentifice din nou.",
@ -371,7 +377,6 @@
        "global_filter_write_error": "Nu se poate scrie fișier filtru: %s",
        "global_map_invalid": "ID hartă globală %s invalid",
        "global_map_write_error": "Nu se poate scrie ID hartă globală %s: %s",
        "xmpp_map_write_error": "Harta XMPP nu poate fi scrisă: %s",
        "goto_empty": "Adresa goto nu trebuie să fie goală",
        "goto_invalid": "Adresa goto %s este invalidă",
        "ham_learn_error": "Eroare de învățare Ham: %s",
@ -449,7 +454,7 @@
        "tls_policy_map_parameter_invalid": "Parametrul politicii este invalid",
        "totp_verification_failed": "Verificarea TOTP a eșuat",
        "transport_dest_exists": "Destinația transportului \"%s\" există",
-        "u2f_verification_failed": "Verificarea U2F a eșuat: %s",
+        "webauthn_verification_failed": "Verificarea WebAuthn a eșuat: %s",
        "fido2_verification_failed": "Verificarea FIDO2 a eșuat: %s",
        "unknown": "A apărut o eroare necunoscută",
        "unknown_tfa_method": "Metodă TFA necunoscută",
@ -457,9 +462,7 @@
        "username_invalid": "Numele de utilizator %s nu poate fi utilizat",
        "validity_missing": "Atribuie o perioadă de valabilitate",
        "value_missing": "Furnizează toate valorile",
-        "yotp_verification_failed": "Verificarea Yubico OTP a eșuat: %s",
+        "yotp_verification_failed": "Verificarea Yubico OTP a eșuat: %s"
        "xmpp_restart_failed": "XMPP nu a putut fi repornit",
        "xmpp_reload_failed": "XMPP nu a putut fi reîncărcat"
    },
    "debug": {
        "chart_this_server": "Grafic (acest server)",
@ -486,9 +489,7 @@
        "success": "Succes",
        "system_containers": "Sistem și Containere",
        "uptime": "Timp de funcționare",
-        "username": "Utilizator",
+        "username": "Utilizator"
        "xmpp_dead": "XMPP pornește, este dezactivat sau nefuncțional.",
        "xmpp_status": "Stare XMPP"
    },
    "diagnostics": {
        "cname_from_a": "Valoare derivată din înregistrarea A/AAAA. Acest lucru este acceptat atâta timp cât înregistrarea indică resursele corecte.",
@ -502,6 +503,7 @@
        "optional": "Această înregistrare este opțională."
    },
    "edit": {
        "acl": "ACL (Permisiune)",
        "active": "Activ",
        "admin": "Editează administrator",
        "advanced_settings": "Setări avansate",
@ -511,9 +513,10 @@
        "allowed_protocols": "Protocoale permise",
        "app_name": "Nume aplicație",
        "app_passwd": "Parolă apicație",
        "app_passwd_protocols": "Protocoale permise pentru parola aplicației",
        "automap": "Încearcă maparea automată a folderelor (\"Obiecte trimise\", \"Trimise\" => \"Trimise\" etc.)",
        "backup_mx_options": "Opțiuni backup MX",
-        "bcc_dest_format": "Destinația BCC trebuie să fie o singură adresă de email validă.",
+        "bcc_dest_format": "Destinația BCC trebuie să fie o singură adresă de email validă.<br>Dacă trebuie să trimiteți o copie la mai multe adrese, creați un alias și utilizați-l aici.",
        "client_id": "ID Client",
        "client_secret": "Secret client",
        "comment_info": "Un comentariu privat nu este vizibil pentru utilizator, în timp ce un comentariu public este afișat ca un tooltip când se trece peste el într-o privire de ansamblu asupra utilizatorilor",
@ -538,15 +541,6 @@
        "full_name": "Nume complet",
        "gal": "Listă globală de adrese",
        "gal_info": "GAL-ul conține toate obiectele dintr-un domeniu și nu poate fi editată de nici un utilizator. <b>Repornește SOGo pentru a aplica modificările.</b>",
        "xmpp": "Activează XMPP pentru acest domeniu",
        "xmpp_prefix": "Prefixul XMPP pentru domeniu (\"im\" pentru <b>im</b>.example.org)",
        "xmpp_prefix_info": "Pentru a solicita certificate pentru XMPP, două înregistrări DNS CNAME ar trebui să trimită de la <b>im</b>.example.org precum și <b>*.im</b>.example.org la <b>%s</b>. De asemenea, rulați verificarea DNS pentru acest domeniu după activarea XMPP.",
        "xmpp_info": "Această funcție va activa mesageria pentru acest domeniu.",
        "xmpp_access": "Acces XMPP",
        "xmpp_access_info": "XMPP trebuie să fie activ pentru acest domeniu.",
        "xmpp_admin": "Administrator XMPP",
        "xmpp_admin_info": "<b>Atenție:</b> Promovează un utilizator ca administrator XMPP pentru acest domeniu.",
        "xmpp_example_jid": "<b>Exemplu JID</b> (autentificare cu parolă email)",
        "generate": "Generează",
        "grant_types": "Tipuri de subvenții",
        "hostname": "Nume gazdă",
@ -564,12 +558,14 @@
        "mbox_rl_info": "Această limitare de rată se aplică pe numele de conectare SASL, se potrivește cu orice adresă „de la” folosită de către utilizatorul autentificat. O limitare a ratei căsuței poștale înlocuiește limitarea ratei la nivel de domeniu.",
        "mins_interval": "Interval (min)",
        "multiple_bookings": "Rezervări multiple",
        "none_inherit": "Nici una / Moștenește",
        "nexthop": "Următorul hop",
        "password": "Parolă",
        "password_repeat": "Confirmă parolă (repetă)",
        "previous": "Pagina precedentă",
        "private_comment": "Comentariu privat",
        "public_comment": "Comentariu public",
        "pushover": "Pushover",
        "pushover_evaluate_x_prio": "Escalează e-mailurile cu prioritate înaltă [<code>X-Priority: 1</code>]",
        "pushover_info": "Setările de notificare push se vor aplica tuturor e-mailurilor curate (non-spam) livrate la <b>% s </b> inclusiv aliasuri (partajate, care nu sunt partajate, etichetate).",
        "pushover_only_x_prio": "Luați în considerare doar e-mailurile cu prioritate înaltă [<code>X-Priority: 1</code>]",
@ -600,6 +596,8 @@
        "sieve_desc": "Descriere scurtă",
        "sieve_type": "Tip filtru",
        "skipcrossduplicates": "Sari peste mesajele duplicate din toate folderele (primul venit, primul servit)",
        "sogo_access": "Acordați acces direct de conectare la SOGo",
        "sogo_access_info": "Conectarea unică din interfața de administrare a e-mailului continuă să funcționeze. Această setare nu afectează accesul la toate celelalte servicii și nici nu șterge sau modifică profilul SOGo existent al unui utilizator.",
        "sogo_visible": "Aliasul este vizibil în SOGo",
        "sogo_visible_info": "Această opțiune afectează doar obiecte, care pot fi afișate în SOGo (adrese alias partajate sau ne-partajate cu cel puțin o căsuță poștală locală). Dacă este ascuns, un alias nu va apărea ca expeditor selectabil în SOGo.",
        "spam_alias": "Crează sau modifică adrese alias limitate în funcție de timp",
@ -617,6 +615,21 @@
        "username": "Nume de utilizator",
        "validate_save": "Validează și salvează"
    },
    "fido2": {
        "set_fn": "Setați un nume prietenos",
        "fn": "Nume prietenos",
        "rename": "redenumiți",
        "confirm": "Confirmați",
        "register_status": "Starea înregistrării",
        "known_ids": "ID-uri cunoscute",
        "none": "Dezactivat",
        "set_fido2": "Înregistrați dispozitivul FIDO2",
        "set_fido2_touchid": "Înregistrați Touch ID pe Apple M1",
        "start_fido2_validation": "Începeți validarea FIDO2",
        "fido2_auth": "Conectați-vă cu FIDO2",
        "fido2_success": "Dispozitivul a fost înregistrat cu succes",
        "fido2_validation_failed": "Validarea a eșuat"
    },
    "footer": {
        "cancel": "Anulează",
        "confirm_delete": "Confirmă ștergerea",
@ -678,6 +691,7 @@
        "alias_domain_alias_hint": "Aliasurile <b>nu</b> sunt aplicate automat pe domeniile alias. O adresă alias <code>aliasul-meu@domeniu</code> <b>nu</b> acoperă adresa <code>aliasul-meu@domeniu-alias</code> (unde \"domeniu-alias\" este un domeniu alias imaginar pentru \"domeniu\").<br>Vă rugăm să utilizați un filtru sită pentru a redirecționa poșta către o căsuță poștală externă (consultați zona \"Filtre\" sau utilizați SOGo -> Redirecționare).",
        "alias_domain_backupmx": "Alias domeniu inactiv pentru domeniu releu",
        "aliases": "Aliasuri",
        "all_domains": "Toate Domeniile",
        "allow_from_smtp": "Permiteți acestor adrese IP să utilizeze numai <b>SMTP</b>",
        "allow_from_smtp_info": "Lăsați gol pentru a permite tuturor expeditorilor.<br>Adrese și rețele IPv4/IPv6.",
        "allowed_protocols": "Protocoale permise",
@ -695,12 +709,13 @@
        "bcc_to_rcpt": "Comută la tipul hărții destinatarului",
        "bcc_to_sender": "Comută la tipul hărții expeditorului",
        "bcc_type": "Tip BCC",
-        "booking_0": "Afișează întotdeauna liber",
+        "booking_null": "Afișează întotdeauna liber",
        "booking_0_short": "Întotdeauna liber",
        "booking_custom": "Limita maximă la o sumă personalizată de rezervări",
        "booking_custom_short": "Limită maximă",
-        "booking_lt0": "Nelimitat, dar arată ca ocupat atunci când este rezervat",
+        "booking_ltnull": "Nelimitat, dar arată ca ocupat atunci când este rezervat",
        "booking_lt0_short": "Limită redusă",
        "catch_all": "Prinde-Tot",
        "daily": "Zilnic",
        "deactivate": "Deactivează",
        "description": "Descriere",
@ -718,6 +733,8 @@
        "filter_table": "Tabel filtre",
        "filters": "Filtre",
        "fname": "Nume complet",
        "goto_ham": "Învață ca <b>ham</b>",
        "goto_spam": "Învață ca <b>spam</b>",
        "hourly": "Din oră în oră",
        "in_use": "În uz (%)",
        "inactive": "Inactiv",
@ -750,6 +767,7 @@
        "quarantine_notification": "Notificări de carantină",
        "quarantine_category": "Categoria notificărilor despre carantină",
        "quick_actions": "Acţiuni",
        "recipient": "Destinatar",
        "recipient_map": "Hartă destinatar",
        "recipient_map_info": "Hărțile destinatarilor sunt folosite pentru a înlocui adresa de destinație a unui mesaj înainte de a fi livrat.",
        "recipient_map_new": "Destinatar nou",
@ -760,6 +778,7 @@
        "remove": "Elimină",
        "resources": "Resurse",
        "running": "Rulare",
        "sender": "Expeditor",
        "set_postfilter": "Marchează ca postfiltru",
        "set_prefilter": "Marchează ca prefiltru",
        "sieve_info": "Poți stoca mai multe filtre pentru fiecare utilizator, dar numai un singur prefiltru și un singur postfiltru pot fi active în același timp.<br>\nFiecare filtru va fi procesat în ordinea descrisă. Nici un script eșuat, nici un \"keep;\" emis nu va opri procesarea altor scripturi.Modificările aduse scripturilor sită globale vor declanșa o repornire a Dovecot.<br>\nPrefilter → User scripts → Postfilter → <a href=\"https://github.com/mailcow/mailcow-dockerized/blob/master/data/conf/dovecot/sieve_after\" target=\"_blank\">global sieve postfilter</a>",
@ -779,6 +798,15 @@
        "stats": "Statistici",
        "status": "Stare",
        "sync_jobs": "Lucrări de sincronizare",
        "syncjob_check_log": "Verificați jurnalul",
        "syncjob_last_run_result": "Rezultatul ultimei rulări",
        "syncjob_EX_OK": "Succes",
        "syncjob_EXIT_CONNECTION_FAILURE": "Problemă de conectare",
        "syncjob_EXIT_TLS_FAILURE": "Problemă cu conexiunea criptată",
        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Problemă de autentificare",
        "syncjob_EXIT_OVERQUOTA": "Cutia poștală țintă depășește cota maximă",
        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Nu se poate conecta la server",
        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nume de utilizator sau parolă greșite",
        "table_size": "Mărime tabel",
        "table_size_show_n": "Arată %s articole",
        "target_address": "Adresă goto",
@ -862,6 +890,13 @@
        "text_plain_content": "Conținut (text/simplu)",
        "toggle_all": "Comută toate"
    },
    "ratelimit": {
        "disabled": "Dezactivat",
        "second": "mesaje / sec",
        "minute": "mesaje / min",
        "hour": "mesaje / ora",
        "day": "mesaje / zi"
    },
    "start": {
        "help": "Afișează/Ascunde panoul de ajutor",
        "imap_smtp_server_auth_info": "Utilizează adresa completă de email și mecanismul de autentificare SIMPLU.<br>\nDatele tale de conectare vor fi criptate prin criptarea obligatorie de la server.",
@ -942,12 +977,9 @@
        "ui_texts": "Modificări salvate în textele UI",
        "upload_success": "Fișier încărcat cu succes",
        "verified_totp_login": "Autentificarea TOTP verificată",
-        "verified_u2f_login": "Autentificarea U2F verificată",
+        "verified_webauthn_login": "Autentificarea WebAuthn verificată",
        "verified_fido2_login": "Conectare FIDO2 verificată",
-        "verified_yotp_login": "Autentificarea Yubico OTP verificată",
+        "verified_yotp_login": "Autentificarea Yubico OTP verificată"
        "xmpp_restarted": "Serviciul XMPP a fost repornit",
        "xmpp_reloaded": "Serviciul XMPP a fost reîncărcat",
        "xmpp_maps_updated": "Hărțile serviciului XMPP au fost actualizate"
    },
    "tfa": {
        "api_register": "%s utilizează API-ul Yubico Cloud. Obțineți o cheie API pentru cheia dvs. de <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">aici</a>",
@ -957,7 +989,7 @@
        "disable_tfa": "Dezactivează TFA până la următoarea conectare reușită",
        "enter_qr_code": "Codul tău TOTP dacă dispozitivul tău nu poate scana codurile QR",
        "error_code": "Cod de eroare",
-        "init_u2f": "Inițializare, vă rugăm așteptați...",
+        "init_webauthn": "Inițializare, vă rugăm așteptați...",
        "key_id": "Un identificator pentru YubiKey",
        "key_id_totp": "Un identificator pentru cheia ta",
        "none": "Dezactivează",
@ -965,29 +997,15 @@
        "scan_qr_code": "Scanează codul următor cu aplicația ta de autentificare sau introdu manual codul.",
        "select": "Te rog selectează",
        "set_tfa": "Setează metoda de autentificare cu doi factori",
-        "start_u2f_validation": "Începi validarea",
+        "start_webauthn_validation": "Începi validarea",
        "tfa": "Autentificare cu doi factori",
        "tfa_token_invalid": "Jeton TFA invalid",
        "totp": "OTP pe bază de timp (Google Authenticator etc.)",
-        "u2f": "Autentificare U2F",
+        "webauthn": "Autentificare WebAuthn",
-        "waiting_usb_auth": "<i>În așteptarea dispozitivului USB...</i><br><br>Apasă acum butonul de pe dispozitivul tău USB U2F.",
+        "waiting_usb_auth": "<i>În așteptarea dispozitivului USB...</i><br><br>Apasă acum butonul de pe dispozitivul tău USB WebAuthn.",
-        "waiting_usb_register": "<i>În așteptarea dispozitivului USB...</i><br><br>Introdu parola ta mai sus și confirmă înregistrarea ta U2F atingând butonul de pe dispozitivul tău USB U2F.",
+        "waiting_usb_register": "<i>În așteptarea dispozitivului USB...</i><br><br>Introdu parola ta mai sus și confirmă înregistrarea ta WebAuthn atingând butonul de pe dispozitivul tău USB WebAuthn.",
        "yubi_otp": "Autentificare Yubico OTP"
    },
    "fido2": {
        "set_fn": "Setați un nume prietenos",
        "fn": "Nume prietenos",
        "rename": "redenumiți",
        "confirm": "Confirmați",
        "register_status": "Starea înregistrării",
        "known_ids": "ID-uri cunoscute",
        "none": "Dezactivat",
        "set_fido2": "Înregistrați dispozitivul FIDO2",
        "start_fido2_validation": "Începeți validarea FIDO2",
        "fido2_auth": "Conectați-vă cu FIDO2",
        "fido2_success": "Dispozitivul a fost înregistrat cu succes",
        "fido2_validation_failed": "Validarea a esuat"
    },
    "user": {
        "action": "Acțiune",
        "active": "Activ",
@ -1004,12 +1022,15 @@
        "aliases_also_send_as": "De asemenea, este permis să trimită ca utilizator",
        "aliases_send_as_all": "Nu se verifică accesul expeditorului pentru următorul(arele) domeniu(i) și domeniile sale alias",
        "app_hint": "Parolele aplicației sunt parole alternative pentru autentificarea IMAP, SMTP, CalDAV, CardDAV și EAS. Numele de utilizator rămâne neschimbat.<br>SOGo nu este disponibil prin parolele aplicației.",
        "allowed_protocols": "Protocoale permise",
        "app_name": "Nume aplicație",
        "app_passwds": "Parole aplicație",
        "apple_connection_profile": "Profil de conexiune Apple",
        "apple_connection_profile_complete": "Acest profil de conexiune include parametrii IMAP și SMTP, precum și calDAV (calendar) și carduri CardDAV (contacte) pentru dispozitivele Apple.",
        "apple_connection_profile_mailonly": "Acest profil de conexiune include parametrii de configurare IMAP și SMTP pentru dispozitivele Apple.",
        "apple_connection_profile_with_app_password": "O nouă parolă pentru aplicație este generată și adăugată la profil, astfel încât să nu fie necesară introducerea unei parole la configurarea dispozitivului. Vă rugăm să nu partajați fișierul, deoarece oferă acces deplin la căsuța dvs. poștală.",
        "change_password": "Schimbă parola",
        "change_password_hint_app_passwords": "Contul dvs. are {{number_of_app_passwords}} parole de aplicație care nu vor fi modificate. Pentru a le gestiona, accesați secțiunea Parole aplicație.",
        "clear_recent_successful_connections": "Ștergeți conexiunile reușite văzute",
        "client_configuration": "Afișează ghidurile de configurare pentru clienții de email și smartphone-uri",
        "create_app_passwd": "Crează parola aplicației",
@ -1020,6 +1041,7 @@
        "delete_ays": "Vă rugăm să confirmați stergerea.",
        "direct_aliases": "Adrese alias directe",
        "direct_aliases_desc": "Adresele alias directe sunt afectate de setările filtrului de spam și ale politicii TLS.",
        "direct_protocol_access": "Acest utilizator are <b>acces direct, extern</b> la următoarele protocoale și aplicații. Această setare este controlată de administratorul dvs. Parolele pentru aplicații pot fi create pentru a acorda acces la protocoale și aplicații individuale.<br>Butonul \"Conectați-vă la webmail\" oferă conectare unică la SOGo și este întotdeauna disponibil.",
        "eas_reset": "Resetează memoria cache a dispozitivului ActiveSync",
        "eas_reset_help": "În multe cazuri, resetarea cache-ului dispozitivului va ajuta la recuperarea unui profil ActiveSync defect.<br><b>Atenţie:</b> Toate elementele vor fi descărcate din nou!",
        "eas_reset_now": "Resetează acum",
@ -1113,6 +1135,15 @@
        "spamfilter_yellow": "Galben: acest mesaj poate fi spam, va fi etichetat ca spam și va fi mutat în dosarul de junk",
        "status": "Stare",
        "sync_jobs": "Lucrări de sincronizare",
        "syncjob_check_log": "Verificați jurnalul",
        "syncjob_last_run_result": "Rezultatul ultimei rulări",
        "syncjob_EX_OK": "Succes",
        "syncjob_EXIT_CONNECTION_FAILURE": "Problemă de conectare",
        "syncjob_EXIT_TLS_FAILURE": "Problemă cu conexiunea criptată",
        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Problemă de autentificare",
        "syncjob_EXIT_OVERQUOTA": "Cutia poștală țintă depășește cota maximă",
        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Nu se poate conecta la server",
        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nume de utilizator sau parolă greșite",
        "tag_handling": "Setează manevrarea pentru mailurile etichetate",
        "tag_help_example": "Exemplu pentru o adresă de email etichetată: me<b>+Facebook</b>@example.org",
        "tag_help_explain": "În subfolder: un nou subfolder numit după etichetă va fi creat sub INBOX (\"INBOX/Facebook\").<br>\nÎn subiect: numele etichetelor va fi prefixat la subiectul mailurilor, de exemplu: \"[Facebook] My News\".",
@ -1132,6 +1163,7 @@
        "week": "săptămână",
        "weekly": "Săptămânal",
        "weeks": "săptămâni",
        "with_app_password": "cu parola aplicație",
        "year": "an",
        "years": "ani"
    },
--- a/data/web/lang/lang.ru.json
+++ b/data/web/lang/lang.ru.json
@ -454,17 +454,13 @@
        "tls_policy_map_parameter_invalid": "Недопустимое значение параметра политики",
        "totp_verification_failed": "Ошибка валидации TOTP",
        "transport_dest_exists": "Назначение для отправки \"%s\" уже существует",
-        "u2f_verification_failed": "Ошибка валидации U2F: %s",
+        "webauthn_verification_failed": "Ошибка валидации WebAuthn: %s",
        "unknown": "Произошла неизвестная ошибка",
        "unknown_tfa_method": "Неизвестный метод TFA",
        "unlimited_quota_acl": "Неограниченная квота запрещена политикой доступа",
        "username_invalid": "Имя пользователя %s нельзя использовать",
        "validity_missing": "Пожалуйста, назначьте срок действия",
-        "value_missing": "Пожалуйста заполните все поля",
+        "value_missing": "Пожалуйста заполните все поля"
        "xmpp_map_write_error": "Ошибка записи настроек XMPP: %s",
        "xmpp_reload_failed": "Обновление конфигурации Dovecot не удалось",
        "xmpp_restart_failed": "Перезагрузка XMPP не удалась",
        "yotp_verification_failed": "Ошибка валидации Yubico OTP: %s"
    },
    "debug": {
        "chart_this_server": "Диаграмма (текущий сервер)",
@ -491,9 +487,7 @@
        "success": "Успех",
        "system_containers": "Система и контейнеры",
        "uptime": "Время работы",
-        "username": "Имя пользователя",
+        "username": "Имя пользователя"
        "xmpp_dead": "XMPP не запущен. Если вы включили XMPP в настройках домена и это сообщение отображается более получаса, скорее всего XMPP сломан.",
        "xmpp_status": "Статус XMPP"
    },
    "diagnostics": {
        "cname_from_a": "Значение, полученное из записи A/AAAA. Это поддерживается до тех пор, пока запись указывает на правильный ресурс.",
@ -614,16 +608,7 @@
        "title": "Изменение объекта",
        "unchanged_if_empty": "Если без изменений - оставьте пустым",
        "username": "Имя пользователя",
-        "validate_save": "Подтвердить и сохранить",
+        "validate_save": "Подтвердить и сохранить"
        "xmpp": "Включить поддержку XMPP для этого домена",
        "xmpp_access": "Пользователь XMPP",
        "xmpp_access_info": "XMPP должен быть включен для этого домена.",
        "xmpp_admin": "Администратор XMPP",
        "xmpp_admin_info": "Повысить пользователя XMPP до <span class=\"text-danger\">администратора домена</span>.",
        "xmpp_example_jid": "<b>Пример JID</b> (используя пароль почтового аккаунта)",
        "xmpp_info": "Эта опция добавит функциональность чата для этого домена.",
        "xmpp_prefix": "Префикс домена XMPP",
        "xmpp_prefix_info": "Для получения SSL сертификатов для XMPP сервера необходимо настроить дополнительные CNAME DNS записи <b>im</b>.example.org и <b>*.im</b>.example.org, указывающие на <b>%s</b>. Пожалуйста, посетите страницу проверки DNS записей домена после включения XMPP сервера в mailcow UI."
    },
    "fido2": {
        "confirm": "Подтвердить",
@ -719,11 +704,11 @@
        "bcc_to_rcpt": "Переключиться на тип \"получатель\"",
        "bcc_to_sender": "Переключиться на тип \"отправитель\"",
        "bcc_type": "Тип BCC",
-        "booking_0": "Всегда показывать как свободный",
+        "booking_null": "Всегда показывать как свободный",
        "booking_0_short": "Всегда свободнен",
        "booking_custom": "Лимит на количество бронирований",
        "booking_custom_short": "Жесткий лимит",
-        "booking_lt0": "Неограниченный, занят при бронировании",
+        "booking_ltnull": "Неограниченный, занят при бронировании",
        "booking_lt0_short": "Неограниченный лимит",
        "catch_all": "Catch-all",
        "daily": "Раз в день",
@ -988,11 +973,8 @@
        "upload_success": "Файл загружен успешно",
        "verified_fido2_login": "Авторизация FIDO2 пройдена",
        "verified_totp_login": "Авторизация TOTP пройдена",
-        "verified_u2f_login": "Авторизация U2F пройдена",
+        "verified_webauthn_login": "Авторизация WebAuthn пройдена",
-        "verified_yotp_login": "Авторизация Yubico OTP пройдена",
+        "verified_yotp_login": "Авторизация Yubico OTP пройдена"
        "xmpp_maps_updated": "Настройки XMPP обновлены",
        "xmpp_reloaded": "Обновление конфигурация XMPP закончено",
        "xmpp_restarted": "Сервис XMPP перезагружен"
    },
    "tfa": {
        "api_register": "%s использует Yubico Cloud API. Пожалуйста, получите ключ API для вашего ключа <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">здесь</a>",
@ -1002,7 +984,7 @@
        "disable_tfa": "Отключить TFA до следующего успешного входа",
        "enter_qr_code": "Ваш код TOTP, если устройство не может отсканировать QR-код",
        "error_code": "Код ошибки",
-        "init_u2f": "Инициализация, пожалуйста, подождите...",
+        "init_webauthn": "Инициализация, пожалуйста, подождите...",
        "key_id": "Идентификатор YubiKey ключа",
        "key_id_totp": "Идентификатор TOTP ключа",
        "none": "Отключить",
@ -1010,11 +992,11 @@
        "scan_qr_code": "Пожалуйста, отсканируйте QR-код с помощью приложения или введите его вручную.",
        "select": "Пожалуйста, выберите",
        "set_tfa": "Задать метод двухфакторной проверки",
-        "start_u2f_validation": "Начать проверку",
+        "start_webauthn_validation": "Начать проверку",
        "tfa": "Двухфакторная проверка подлинности",
        "tfa_token_invalid": "Неправильный TFA токен",
        "totp": "OTP (Authy, Google Authenticator и др.)",
-        "u2f": "U2F аутентификация",
+        "webauthn": "WebAuthn аутентификация",
        "waiting_usb_auth": "<i>Ожидание устройства USB...</i><br><br>Пожалуйста, нажмите кнопку на USB устройстве сейчас.",
        "waiting_usb_register": "<i>Ожидание устройства USB...</i><br><br>Пожалуйста, введите пароль выше и подтвердите регистрацию, нажав кнопку на USB устройстве.",
        "yubi_otp": "Yubico OTP аутентификация"
--- a/data/web/lang/lang.sk.json
+++ b/data/web/lang/lang.sk.json
@ -80,7 +80,7 @@
        "password": "Heslo",
        "password_repeat": "Potvrdzovacie heslo (zopakovať)",
        "port": "Port",
-        "post_domain_add": "SOGo kontajner, \"sogo-mailcow\", musí byť reštartovaný po pridaní novej domény!<br>",
+        "post_domain_add": "SOGo kontajner, \"sogo-mailcow\", musí byť reštartovaný po pridaní novej domény!<br><br>Okrem toho by sa mala skontrolovať konfigurácia DNS domény. Ak je konfigurácia v poriadku, reštartujte \"acme-mailcow\", aby sa automaticky vygenerovali certifikáty pre vašu novú doménu (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Tento krok je voliteľný a bude sa opakovať každých 24 hodín.",
        "private_comment": "Súkromný komentár",
        "public_comment": "Verejný komentár",
        "quota_mb": "Kvóta (MiB)",
@ -323,7 +323,7 @@
        "to_top": "Naspať navrch",
        "transport_dest_format": "Regulárny výraz alebo syntax: example.org, .example.org, *, box@example.org (viacero hodnôt môžu byť oddelené čiarkou)",
        "transport_maps": "Transportné Mapy",
-        "transport_test_rcpt_info": "&#8226; Na otestovanie odchádzajúcej pošty je možné použiť null@hosted.mailcow.de ako adresáta",
+        "transport_test_rcpt_info": "&#8226; Na otestovanie odchádzajúcej pošty je možné použiť null@hosted.mailcow.de ako adresáta.",
        "transports_hint": "&#8226; Záznam v transportnej mape <b>prevažuje</b> nad transportnou mapou pre odosielanie</b>.<br>\r\n&#8226; Prenos na základe MX je preferovaná voľba.<br>\r\n&#8226; Nastavenie TLS pre používateľa je ignorované a môže byť vynútené TLS mapovaním.<br>\r\n&#8226; Transportná služba je definovaná vždy \"smtp:\" a použije TLS ak to bude umožnené. Wrapped TLS (SMTPS) nie je podporované.<br>\r\n&#8226; Adresy ktoré sa rovnajú hodnote \"/localhost$/\" budú vždy transportované cez \"local:\" a nebudú použité pre cieľový záznam \"*\".<br>\r\n&#8226; Po zadaní prihlasovacích údajov pre ďalší skok \"[host]:25\", Postfix <b>vždy</b> hľadá \"host\" a následne \"[host]:25\". Táto vlastnosť znemožňuje používať \"host\" a \"[host]:25\" naraz.",
        "ui_footer": "Pätička (HTML povolené)",
        "ui_header_announcement": "Oznámenie",
@ -394,9 +394,9 @@
        "invalid_recipient_map_old": "Neplatná pôvodná mapa príjemcu: %s",
        "ip_list_empty": "Zoznam povolených IP nemôže byť prázdny",
        "is_alias": "%s je už používané ako alias adresa",
-        "is_alias_or_mailbox": "%s je už používaná ako adresa aliasu, mailovej schránky alebo aliasu odvodeného z aliasu domény",
+        "is_alias_or_mailbox": "%s je už používaná ako adresa aliasu, mailovej schránky alebo aliasu odvodeného z aliasu domény.",
        "is_spam_alias": "%s je už používaná ako adresa dočasného aliasu (spam alias adresa)",
-        "last_key": "Posledný kľúč nemôže byť vymazaný, deaktivujte najprv TFA",
+        "last_key": "Posledný kľúč nemôže byť vymazaný, deaktivujte najprv TFA.",
        "login_failed": "Prihlásenie zlyhalo",
        "mailbox_defquota_exceeds_mailbox_maxquota": "Predvolená kvóta presahuje max. kvótu mailovej schránky",
        "mailbox_invalid": "Meno mailovej schránky je neplatné",
@ -454,17 +454,13 @@
        "tls_policy_map_parameter_invalid": "Podmienkový parameter mapy TLS pravidiel je neplatný",
        "totp_verification_failed": "TOTP overenie zlyhalo",
        "transport_dest_exists": "Transportný cieľ \"%s\" už existuje",
-        "u2f_verification_failed": "U2F overenie zlyhalo: %s",
+        "webauthn_verification_failed": "WebAuthn overenie zlyhalo: %s",
        "unknown": "Nastala neznáma chyba",
        "unknown_tfa_method": "Neznáma TFA metóda",
        "unlimited_quota_acl": "Neobmedzené kvóta je zakázaná cez ACL",
        "username_invalid": "Používateľské meno %s nemôže byť použité",
        "validity_missing": "Zadajte periódu platnosti",
-        "value_missing": "Prosím poskytnite všetky hodnoty",
+        "value_missing": "Prosím poskytnite všetky hodnoty"
        "xmpp_map_write_error": "Nemožno zapísať XMPP mapu: %s",
        "xmpp_reload_failed": "Reloadnutie XMPP zlyhalo",
        "xmpp_restart_failed": "Reštartovanie XMPP zlyhalo",
        "yotp_verification_failed": "Yubico OTP overenie zlyhalo: %s"
    },
    "debug": {
        "chart_this_server": "Graf (tento server)",
@ -491,9 +487,7 @@
        "success": "Úspech",
        "system_containers": "Systém & Kontajnery",
        "uptime": "Doba behu",
-        "username": "Používateľské meno",
+        "username": "Používateľské meno"
        "xmpp_dead": "XMPP štartuje, je vypnutý alebo nebeží.",
        "xmpp_status": "XMPP status"
    },
    "diagnostics": {
        "cname_from_a": "Hodnota odvodená od A/AAAA záznamu. Toto je podporené len v prípade ak záznam poukazuje na správny zdroj.",
@ -614,16 +608,7 @@
        "title": "Upraviť objekt",
        "unchanged_if_empty": "Ak nemeníte, nechajte prázdne",
        "username": "Používateľské meno",
-        "validate_save": "Validovať a uložiť",
+        "validate_save": "Validovať a uložiť"
        "xmpp": "Aktivovať XMPP pre túto doménu",
        "xmpp_access": "XMPP prístup",
        "xmpp_access_info": "XMPP musí byť aktivované pre túto doménu.",
        "xmpp_admin": "XMPP administrátor",
        "xmpp_admin_info": "<b>Upozornenie:</b> Povýši užívateľa na XMPP administrátora pre túto doménu.",
        "xmpp_example_jid": "<b>Príklad JID</b> (prihlásenie s mail heslom)",
        "xmpp_info": "Aktivovanie tejto funkcie umožní četovanie v tejto doméne.",
        "xmpp_prefix": "XMPP prefix pre doménu (\"im\" bude použitý ako <b>im</b>.example.org)",
        "xmpp_prefix_info": "Pre vyžiadanie certifikátov pre XMPP by mali smerovať dva CNAME DNS záznamy z <b>im</b>.example.org ako aj <b>*.im</b>.example.org na <b>%s</b>. Prosím spustie DNS kontrolu po zapnutí XMPP."
    },
    "fido2": {
        "confirm": "Potvrdiť",
@ -653,7 +638,7 @@
        "restart_container": "Reštartovať kontajner",
        "restart_container_info": "<b>Dôležité:</b> Reštartovanie môže trvať dlhšie, čakajte prosím ...",
        "restart_now": "Reštartuj teraz",
-        "restarting_container": "Prebieha reštartovanie kontajnera, čakajte prosím ..."
+        "restarting_container": "Prebieha reštartovanie kontajnera, čakajte prosím"
    },
    "header": {
        "administration": "Konfigurácia & Detaily",
@ -719,11 +704,11 @@
        "bcc_to_rcpt": "Prepnúť typ na Prijatý e-mail",
        "bcc_to_sender": "Prepnúť typ na Odoslaný e-mail",
        "bcc_type": "Typ skrytej kópie",
-        "booking_0": "Vždy zobraziť ako voľný",
+        "booking_null": "Vždy zobraziť ako voľný",
        "booking_0_short": "Neustále voľný",
        "booking_custom": "Limitované na pevný počet rezervácií",
        "booking_custom_short": "Tvrdý limit",
-        "booking_lt0": "Bez limitu, ale zobraziť obsadené po rezervácii",
+        "booking_ltnull": "Bez limitu, ale zobraziť obsadené po rezervácii",
        "booking_lt0_short": "Voľný limit",
        "catch_all": "Doménový kôš",
        "daily": "Denný",
@ -756,7 +741,7 @@
        "last_run_reset": "Znovu naplánovať",
        "mailbox": "Mailová schránka",
        "mailbox_defaults": "Predvolené nastavenia",
-        "mailbox_defaults_info": "Definuje predvolené nastavenia pre nové schránky",
+        "mailbox_defaults_info": "Definuje predvolené nastavenia pre nové schránky.",
        "mailbox_defquota": "Predvolená veľkosť schránky",
        "mailbox_quota": "Max. veľkosť schránky",
        "mailboxes": "Mailové schránky",
@ -830,7 +815,7 @@
        "tls_map_policy": "Podmienky",
        "tls_policy_maps": "Mapy TLS pravidiel",
        "tls_policy_maps_enforced_tls": "Tieto politiky prepisujú používateľské nastavenia pre mailové schránky ktoré majú vynútene odchodzie TLS pripojenie. Ak nižšie nie sú uvedené žiadne pravidlá, budú použité ako východzie pravidlá <code>smtp_tls_mandatory_protocols</code> a <code>smtp_tls_mandatory_ciphers</code>.",
-        "tls_policy_maps_info": "Táto mapa prevažuje nad TLS pravidlami nezávisle od TLS pravidiel jednotlivých používateľov.<br>\r\n  Viac informácií navštívte <a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\"> info k \"smtp_tls_policy_maps\" </a>",
+        "tls_policy_maps_info": "Táto mapa prevažuje nad TLS pravidlami nezávisle od TLS pravidiel jednotlivých používateľov.<br>\nPre viac informácií navštívte <a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\"> postfix \"smtp_tls_policy_maps\"</a>.",
        "tls_policy_maps_long": "Prepisovanie TLS pravidiel pre odosielanie",
        "toggle_all": "Označiť všetky",
        "username": "Používateľské meno",
@ -988,11 +973,8 @@
        "upload_success": "Súbor úspešne nahratý",
        "verified_fido2_login": "Overené FIDO2 prihlásenie",
        "verified_totp_login": "Overené TOTP prihlásenie",
-        "verified_u2f_login": "Overené U2F prihlásenie",
+        "verified_webauthn_login": "Overené WebAuthn prihlásenie",
-        "verified_yotp_login": "Overené Yubico OTP prihlásenie",
+        "verified_yotp_login": "Overené Yubico OTP prihlásenie"
        "xmpp_maps_updated": "XMPP mapy boli aktualizované",
        "xmpp_reloaded": "XMPP služba sa reloadla",
        "xmpp_restarted": "XMPP služba sa reštartovala"
    },
    "tfa": {
        "api_register": "%s využíva Yubico Cloud API. Prosím, zaobstarajte si API kľúč pre váš kľúč <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">tu</a>",
@ -1002,7 +984,7 @@
        "disable_tfa": "Vypnúť TFA do ďalšieho úspešného prihlásenia",
        "enter_qr_code": "Zadajte váš TOTP kód, ak vaše zariadenie nedokáže skenovať QR kódy",
        "error_code": "Chyba kódu",
-        "init_u2f": "Inicializácia, prosím čakajte...",
+        "init_webauthn": "Inicializácia, prosím čakajte...",
        "key_id": "Identifikátor pre váš YubiKey",
        "key_id_totp": "Identifikátor pre váš kľúč",
        "none": "Deaktivovať",
@ -1010,11 +992,11 @@
        "scan_qr_code": "Prosím oskenujte nasledovný kód pomocou vašej autentizačnej aplikácie alebo zadajte kód manuálne.",
        "select": "Prosím vyberte",
        "set_tfa": "Nastaviť dvojúrovňovú autentifikačnú metódu",
-        "start_u2f_validation": "Spustiť validáciu",
+        "start_webauthn_validation": "Spustiť validáciu",
        "tfa": "Dvojúrovňová autentifikácia (TFA)",
        "tfa_token_invalid": "Neplatný TFA token",
        "totp": "Časovo-založený OTP (Google Authenticator, Authy, atď.)",
-        "u2f": "U2F autentifikácia",
+        "webauthn": "WebAuthn autentifikácia",
        "waiting_usb_auth": "<i>Čakanie na USB zariadenie...</i><br><br>Prosím stlačte tlačidlo na vašom USB zariadení.",
        "waiting_usb_register": "<i>Čakanie na USB zariadenie...</i><br><br>Prosím zadajte vaše heslo a potvrďte registráciu stlačením tlačidla na vašom USB zariadení.",
        "yubi_otp": "Yubico OTP autentifikácia"
@ -1087,8 +1069,8 @@
        "never": "Nikdy",
        "new_password": "Nové heslo",
        "new_password_repeat": "Potvrdiť heslo (opakovať)",
-        "no_active_filter": "Nie je dostupný žiadny aktívny filter.",
+        "no_active_filter": "Nie je dostupný žiadny aktívny filter",
-        "no_last_login": "Žiadne informácie o UI prihlásení.",
+        "no_last_login": "Žiadny záznam o prihlásení cez web",
        "no_record": "Žiaden záznam",
        "open_logs": "Otvoriť záznam",
        "open_webmail_sso": "Prihláste sa do webmailu",
--- a/data/web/lang/lang.sv.json
+++ b/data/web/lang/lang.sv.json
@ -364,7 +364,6 @@
        "global_filter_write_error": "Kan inte skriva till filterfilen: %s",
        "global_map_invalid": "Rspamd kartan med ID %s är felaktig",
        "global_map_write_error": "Kunde inte skapa en global-koppling med ID %s: %s",
        "xmpp_map_write_error": "Kunde inte skapa en XMPP-koppling: %s",
        "goto_empty": "En aliasadress måste peka mot minst en giltig destinationsadress",
        "goto_invalid": "Destinationsadressen %s är ogiltig",
        "ham_learn_error": "Felaktigt-Spam inlärningsfel: %s",
@ -442,17 +441,15 @@
        "tls_policy_map_parameter_invalid": "Policy parameter är ogiltig",
        "totp_verification_failed": "TOTP-verifiering misslyckades",
        "transport_dest_exists": "Transportdestinationen \"%s\" existerar redan",
-        "u2f_verification_failed": "U2F-verifiering misslyckades: %s",
+        "webauthn_verification_failed": "WebAuthn-verifiering misslyckades: %s",
-        "fido2_verification_failed": "U2F-verifiering misslyckades: %s",
+        "fido2_verification_failed": "WebAuthn-verifiering misslyckades: %s",
        "unknown": "Ett fel har inträffat",
        "unknown_tfa_method": "Okänd TFA method",
        "unlimited_quota_acl": "På grund av en åtkomstlista tillåts inte en obegränsad kvot",
        "username_invalid": "Användarnamnet %s kan inte användas",
        "validity_missing": "Ange en giltighetsperiod",
        "value_missing": "Ange alla värden",
-        "yotp_verification_failed": "Yubico OTP-verifiering misslyckades: %s",
+        "yotp_verification_failed": "Yubico OTP-verifiering misslyckades: %s"
        "xmpp_restart_failed": "Misslyckades att starta om XMPP",
        "xmpp_reload_failed": "Misslyckades att ladda om XMPP"
    },
    "debug": {
        "chart_this_server": "Tabell (denna server)",
@ -466,7 +463,6 @@
        "logs": "Loggar",
        "restart_container": "Omstart",
        "solr_dead": "Solr är i uppstart, har inaktiveras eller är tillfälligt avstängd.",
        "xmpp_dead": "XMPP startet, ist deaktiviert oder temporär nicht erreichbar.",
        "online_users": "Användare online",
        "docs": "Dokumentation",
        "last_modified": "Senast ändrad",
@ -476,8 +472,7 @@
        "uptime": "Upptid",
        "started_on": "Startades",
        "static_logs": "Statiska loggar",
-        "system_containers": "System & behållare",
+        "system_containers": "System & behållare"
        "xmpp_status": "XMPP Status"
    },
    "diagnostics": {
        "cname_from_a": "Värde härstammar från A/AAAA-uppslaget. Detta stöds så länge som uppslaget pekar mot rätt resurs.",
@ -527,15 +522,6 @@
        "full_name": "Fullständigt namn",
        "gal": "Global adressbok",
        "gal_info": "Den global adressboken innehåller alla objekt i en domän och kan inte redigeras av någon användare. Informationen om tillgänglighet i SOGo är endast synlig när den globala adressboken är påslagen.  <b>Starta om SOGo för att tillämpa ändringar.</b>",
        "xmpp": "Aktivera XMPP funktion på denna domän",
        "xmpp_prefix": "XMPP-prefix för domänen (Exempelvis \"im\" för <b>im</b>.example.org)",
        "xmpp_prefix_info": "För att tillhandahålla ett säkerhetscertifikat måste vissa DNS-uppslag skapas, exempelvis två CNAME uppslag, ett för <b>im</b>.example.org och ett för <b>*.im</b>.example.org, som pekar mot <b>%s</b>. Efter att denna funktion har aktiverats, utför en DNS-kontroll för att testa att uppslagen är korrekt uppsatta.",
        "xmpp_info": "Denna funktion aktiverar chatt-funktionalitet på denna domän.",
        "xmpp_access": "XMPP-åtkomst",
        "xmpp_access_info": "XMPP måste aktiveras på den här domänen.",
        "xmpp_admin": "XMPP Administratör",
        "xmpp_admin_info": "<b>Varning:</b> Befodrar en användare till XMPP-administratör på den här domänen.",
        "xmpp_example_jid": "<b>Exempel JID</b> (Använd samma lösenord som på postlådan)",
        "generate": "generera",
        "grant_types": "Grant-typer",
        "hostname": "Värdnamn",
@ -680,11 +666,11 @@
        "bcc_to_rcpt": "Byt till mottagarberoende",
        "bcc_to_sender": "Byt till avsändarberoende",
        "bcc_type": "Vilken typ av koppling",
-        "booking_0": "Visa alltid som tillgängligt",
+        "booking_null": "Visa alltid som tillgängligt",
        "booking_0_short": "Alltid tillgängligt",
        "booking_custom": "Sätt en fast gräns för antalet möjliga bokningar",
        "booking_custom_short": "Hård gräns",
-        "booking_lt0": "Obegränsad antal, men visa resursen som upptagen när den är bokad",
+        "booking_ltnull": "Obegränsad antal, men visa resursen som upptagen när den är bokad",
        "booking_lt0_short": "Mjuk gräns",
        "daily": "Dagligen",
        "deactivate": "Inaktivera",
@ -925,12 +911,9 @@
        "ui_texts": "Ändringarna på texter och rubriker i gränssnittet sparade",
        "upload_success": "Filen har laddats upp",
        "verified_totp_login": "Verifierad TOTP inloggning",
-        "verified_u2f_login": "Verifierad U2F inloggning",
+        "verified_webauthn_login": "Verifierad WebAuthn inloggning",
        "verified_fido2_login": "Verifierad FIDO2 inloggning",
-        "verified_yotp_login": "Verifierad Yubico OTP inloggning",
+        "verified_yotp_login": "Verifierad Yubico OTP inloggning"
        "xmpp_restarted": "XMPP-tjänsten har startat om",
        "xmpp_reloaded": "XMPP-tjänsten har laddats om",
        "xmpp_maps_updated": "XMPP-kopplingen har aktiverats"
    },
    "tfa": {
        "api_register": "%s använder Yubico Moln-API. Vänligen skaffa en API-nyckel för din nyckel <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">här</a>",
@ -940,7 +923,7 @@
        "disable_tfa": "Inaktivera tvåfaktorsautentisering tills nästa lyckade inloggning",
        "enter_qr_code": "Om du inte kan skanna den QR-kod som visas, använd säkerhetsnyckeln som visas nedan",
        "error_code": "Felkod",
-        "init_u2f": "Initierar, vänta...",
+        "init_webauthn": "Initierar, vänta...",
        "key_id": "En identifierare för din YubiKey",
        "key_id_totp": "En identifierare för din nyckel",
        "none": "Avaktivera",
@ -948,11 +931,11 @@
        "scan_qr_code": "Skanna nu den QR-kod som visas på skärmen.",
        "select": "Välj",
        "set_tfa": "Metod för tvåfaktorsautentisering",
-        "start_u2f_validation": "Startar validering",
+        "start_webauthn_validation": "Startar validering",
        "tfa": "Tvåfaktorsautentisering",
        "tfa_token_invalid": "TFA nyckeln är ogiltig!",
        "totp": "Tidsbaserad OTP (Google Authenticator, Authy, mm)",
-        "u2f": "U2F-autentisering",
+        "webauthn": "WebAuthn-autentisering",
        "waiting_usb_auth": "<i>Väntar på USB-enhet...</i><br><br>Tryck på knappen på USB-enheten nu.",
        "waiting_usb_register": "<i>Väntar på USB-enhet...</i><br><br>Vänligen fyll i det övre lösenordsfältet först och tryck sedan på knappen på USB-enheten.",
        "yubi_otp": "Yubico OTP-autentisering"
--- a/data/web/lang/lang.zh.json
+++ b/data/web/lang/lang.zh.json
@ -424,7 +424,7 @@
        "tls_policy_map_parameter_invalid": "策略参数非法",
        "totp_verification_failed": "TOTP认证失败",
        "transport_dest_exists": "传输目标 \"%s\" 已存在",
-        "u2f_verification_failed": "U2F认证失败: %s",
+        "webauthn_verification_failed": "WebAuthn认证失败: %s",
        "unknown": "发生未知错误",
        "unknown_tfa_method": "未知TFA方法",
        "unlimited_quota_acl": "ACL设置禁止了无限配额",
@ -638,11 +638,11 @@
        "bcc_to_rcpt": "切换到收件人映射",
        "bcc_to_sender": "切换到发件人映射",
        "bcc_type": "BCC类型",
-        "booking_0": "永远显示为空闲",
+        "booking_null": "永远显示为空闲",
        "booking_0_short": "永远空闲",
        "booking_custom": "严格限制登记数",
        "booking_custom_short": "严格限制",
-        "booking_lt0": "不限制登记数，但会在被登记后显示为繁忙",
+        "booking_ltnull": "不限制登记数，但会在被登记后显示为繁忙",
        "booking_lt0_short": "宽松限制",
        "daily": "每天",
        "deactivate": "禁用",
@ -875,7 +875,7 @@
        "ui_texts": "已保存UI文本更改",
        "upload_success": "成功上传文件",
        "verified_totp_login": "TOTP登录验证成功",
-        "verified_u2f_login": "U2F登录验证成功",
+        "verified_webauthn_login": "WebAuthn登录验证成功",
        "verified_yotp_login": "Yubico OTP登录验证成功"
    },
    "tfa": {
@ -886,7 +886,7 @@
        "disable_tfa": "在下一次成功登录前关闭两步验证",
        "enter_qr_code": "如果你的设备不能扫描QR码，输入此TOTP码",
        "error_code": "错误码",
-        "init_u2f": "初始化中，请等待...",
+        "init_webauthn": "初始化中，请等待...",
        "key_id": "你的YubiKey的标识",
        "key_id_totp": "你的密钥的标识",
        "none": "禁用",
@ -894,12 +894,12 @@
        "scan_qr_code": "请用你认证应用扫描或手动输入此码。",
        "select": "请选择",
        "set_tfa": "设置两步验证方法",
-        "start_u2f_validation": "开始认证",
+        "start_webauthn_validation": "开始认证",
        "tfa": "两步验证(2FA)",
        "totp": "TOTP认证 (Google Authenticator、Authy等)",
-        "u2f": "U2F认证",
+        "webauthn": "WebAuthn认证",
-        "waiting_usb_auth": "<i>等待USB设备...</i><br><br>现在请触碰你的U2F USB设备上的按钮。",
+        "waiting_usb_auth": "<i>等待USB设备...</i><br><br>现在请触碰你的WebAuthn USB设备上的按钮。",
-        "waiting_usb_register": "<i>等待USB设备...</i><br><br>请在上方输入你的密码并请触碰你的U2F USB设备上的按钮以确认注册U2F设备。",
+        "waiting_usb_register": "<i>等待USB设备...</i><br><br>请在上方输入你的密码并请触碰你的WebAuthn USB设备上的按钮以确认注册WebAuthn设备。",
        "yubi_otp": "Yubico OTP认证"
    },
    "user": {
@ -956,7 +956,6 @@
        "messages": "消息",
        "never": "从不",
        "new_password": "新密码",
        "new_password_description": "要求: 至少6字符长的字母或数字",
        "new_password_repeat": "确认密码 (重复)",
        "no_active_filter": "没有启用的过滤器",
        "no_last_login": "没有最后UI登录信息",
--- a/data/web/mobileconfig.php
+++ b/data/web/mobileconfig.php
@ -8,6 +8,7 @@ if (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != 'use
  session_destroy();
  // probably better than appending the whole current http query string
  $append_get = (isset($_GET['only_email'])) ? '&only_email' : '';
  $append_get .= (isset($_GET['app_password'])) ? '&app_password' : '';
  header('Location: index.php?mobileconfig' . $append_get);
  die();
 }
@ -38,6 +39,34 @@ if (isset($_GET['only_email'])) {
  $onlyEmailAccount = false;
  $description = 'IMAP, CalDAV, CardDAV'; 
 }
 if (isset($_GET['app_password'])) {
  $app_password = true;
  $description .= ' with application password';
  if (strpos($_SERVER['HTTP_USER_AGENT'], 'iPad') !== FALSE)
      $platform = 'iPad';
  elseif (strpos($_SERVER['HTTP_USER_AGENT'], 'iPhone') !== FALSE)
      $platform = 'iPhone';
  elseif (strpos($_SERVER['HTTP_USER_AGENT'], 'Macintosh') !== FALSE)
      $platform = 'Mac';
  else
      $platform = $_SERVER['HTTP_USER_AGENT'];
  $password = bin2hex(openssl_random_pseudo_bytes(16));
  $attr = array(
      'app_name' => $platform,
      'app_passwd' => $password,
      'app_passwd2' => $password,
      'active' => 1,
      'protocols' => array('imap_access', 'smtp_access'),
  );
  if (!$onlyEmailAccount) {
      $attr['protocols'][] = 'dav_access';
  }
  app_passwd("add", $attr);
 } else {
  $app_password = false;
 }
 echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
 ?>
@ -65,6 +94,10 @@ echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
        <true/>
        <key>IncomingMailServerUsername</key>
        <string><?=$email?></string>
        <?php if($app_password === true): ?>
        <key>IncomingPassword</key>
        <string><?=$password?></string>
        <?php endif; ?>
        <key>OutgoingMailServerAuthentication</key>
        <string>EmailAuthPassword</string>
        <key>OutgoingMailServerHostName</key>
@ -120,6 +153,10 @@ echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
        <true/>
        <key>CalDAVUsername</key>
        <string><?=$email?></string>
        <?php if($app_password === true): ?>
        <key>CalDAVPassword</key>
        <string><?=$password?></string>
        <?php endif; ?>
        <key>PayloadDescription</key>
        <string>Configures CalDAV account.</string>
        <key>PayloadDisplayName</key>
@ -148,6 +185,10 @@ echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
        <true/>
        <key>CardDAVUsername</key>
        <string><?=$email?></string>
        <?php if($app_password === true): ?>
        <key>CardDAVPassword</key>
        <string><?=$password?></string>
        <?php endif; ?>
        <key>PayloadDescription</key>
        <string>Configures CardDAV accounts</string>
        <key>PayloadDisplayName</key>
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@ -75,7 +75,12 @@ elseif (isset($_SERVER['HTTP_X_ORIGINAL_URI']) && strcasecmp(substr($_SERVER['HT
  session_start();
  // extract email address from "/SOGo/so/user@domain/xy"
  $url_parts = explode("/", $_SERVER['HTTP_X_ORIGINAL_URI']);
-  $email = $url_parts[3];
+  $email_list = array(
      $url_parts[3],                                // Requested mailbox
      ($_SESSION['mailcow_cc_username'] ?? ''),     // Current user
      ($_SESSION["dual-login"]["username"] ?? ''),  // Dual login user
  );
  foreach($email_list as $email) {
    // check if this email is in session allowed list
    if (
        !empty($email) &&
@ -90,6 +95,7 @@ elseif (isset($_SERVER['HTTP_X_ORIGINAL_URI']) && strcasecmp(substr($_SERVER['HT
      header("X-Auth-Type: Basic");
      exit;
    }
  }
 }
 // if username is empty, SOGo will use the normal login methods / login form
--- a/data/web/templates/admin.twig
+++ b/data/web/templates/admin.twig
@ -38,6 +38,7 @@
 <div class="row">
  <div class="col-md-12">
    <div class="tab-content" style="padding-top:20px">
      {% include 'admin/tab-config-admins.twig' %}
      {% include 'admin/tab-ldap.twig' %}
      {% include 'admin/tab-config-oauth2.twig' %}
@ -54,6 +55,7 @@
      {% include 'admin/tab-sys-mails.twig' %}
      {% include 'admin/tab-mailq.twig' %}
      {% include 'admin/tab-globalfilter-regex.twig' %}
    </div>
  </div> <!-- /col-md-12 -->
 </div> <!-- /row -->
--- a/data/web/templates/admin/tab-config-admins.twig
+++ b/data/web/templates/admin/tab-config-admins.twig
@ -1,5 +1,4 @@
-<div class="tab-content" style="padding-top:20px">
+<div role="tabpanel" class="tab-pane active" id="tab-config-admins">
  <div role="tabpanel" class="tab-pane active" id="tab-config-admins">
    <div class="panel panel-danger">
      <div class="panel-heading xs-show">{{ lang.admin.admin_details }}</div>
      <div class="panel-body">
@ -40,7 +39,7 @@
          <div class="col-sm-9 col-xs-7">
            <select data-style="btn btn-sm dropdown-toggle bs-placeholder btn-default" data-width="fit" id="selectTFA" class="selectpicker" title="{{ lang.tfa.select }}">
              <option value="yubi_otp">{{ lang.tfa.yubi_otp }}</option>
-              <option value="u2f">{{ lang.tfa.u2f }}</option>
+              <option value="webauthn">{{ lang.tfa.webauthn }}</option>
              <option value="totp">{{ lang.tfa.totp }}</option>
              <option value="none">{{ lang.tfa.none }}</option>
            </select>
@ -63,6 +62,7 @@
                {% include 'fido2.twig' %}
              </table>
            </div>
          </div>
          <br>
        </div>
      </div>
@ -221,8 +221,6 @@
        </div>
      </div>
    </div>
  </div>
  <div class="panel panel-default">
    <div class="panel-heading xs-show">{{ lang.admin.domain_admins }}</div>
    <div class="panel-body">
@ -248,3 +246,4 @@
    </div>
  </div>
 </div>
--- a/data/web/templates/admin/tab-config-customize.twig
+++ b/data/web/templates/admin/tab-config-customize.twig
@ -29,7 +29,7 @@
        </div>
      {% endif %}
      <legend>{{ lang.admin.app_links }}</legend>
-      <p class="help-block">{{ lang.admin.merged_vars_hint }}</p>
+      <p class="help-block">{{ lang.admin.merged_vars_hint|raw }}</p>
      <form class="form-inline" data-id="app_links" role="form" method="post">
        <table class="table table-condensed" style="white-space: nowrap;" id="app_link_table">
          <tr>
--- a/data/web/templates/admin/tab-routing.twig
+++ b/data/web/templates/admin/tab-routing.twig
@ -20,7 +20,7 @@
        </div>
      </div>
      <legend>{{ lang.admin.add_relayhost }}</legend>
-      <p class="help-block">{{ lang.admin.add_relayhost_hint }}</p>
+      <p class="help-block">{{ lang.admin.add_relayhost_hint|raw }}</p>
      <div class="row">
        <div class="col-md-8">
          <form class="form" data-id="rlyhost" role="form" method="post">
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@ -160,7 +160,7 @@ function recursiveBase64StrToArrayBuffer(obj) {
      }
    }
  }
-  }
+}
  $(window).load(function() {
    $(".overlay").hide();
  });
@ -172,7 +172,7 @@ function recursiveBase64StrToArrayBuffer(obj) {
    // TFA, CSRF, Alerts in footer.inc.php
    // Other general functions in mailcow.js
    {% for alert_type, alert_msg in alerts %}
-    mailcow_alert_box('{{ alert_msg|raw|replace({"\n": "", "\r": "", "\t": "<br>"}) }}', '{{ alert_type }}');
+    mailcow_alert_box('{{ alert_msg|raw }}', '{{ alert_type }}');
    {% endfor %}
    // Confirm TFA modal
@ -181,34 +181,52 @@ function recursiveBase64StrToArrayBuffer(obj) {
      backdrop: 'static',
      keyboard: false
    });
-    $('#u2f_status_auth').html('<p><i class="bi bi-arrow-repeat icon-spin"></i> ' + lang_tfa.init_u2f + '</p>');
+
-    $('#ConfirmTFAModal').on('shown.bs.modal', function(){
+    // validate WebAuthn tfa
    $('#start_webauthn_confirmation').click(function(){
      $('#webauthn_status_auth').html('<p><i class="bi bi-arrow-repeat icon-spin"></i> ' + lang_tfa.init_webauthn + '</p>');
      $(this).find('input[name=token]').focus();
-      // If U2F
+      if(document.getElementById("webauthn_auth_data") !== null) {
-      if(document.getElementById("u2f_auth_data") !== null) {
+        // Check Browser support
-        $.ajax({
+        if (!window.fetch || !navigator.credentials || !navigator.credentials.create) {
-          type: "GET",
+            window.alert('Browser not supported for WebAuthn.');
-          cache: false,
+            return;
          dataType: 'script',
          url: "/api/v1/get/u2f-authentication/{{ pending_mailcow_cc_username|url_encode(true)|default('null') }}",
          complete: function(data){
            $('#u2f_status_auth').html(lang_tfa.waiting_usb_auth);
            data;
            setTimeout(function() {
              console.log("Ready to authenticate");
              u2f.sign(appId, challenge, registeredKeys, function(data) {
                var form = document.getElementById('u2f_auth_form');
                var auth = document.getElementById('u2f_auth_data');
                console.log("Authenticate callback", data);
                auth.value = JSON.stringify(data);
                form.submit();
              });
            }, 1000);
        }
        // fetch webauthn auth args
        window.fetch("/api/v1/get/webauthn-tfa-get-args", {method:'GET',cache:'no-cache'}).then(response => {
            return response.json();
        }).then(json => {
            if (json.success === false) throw new Error();
            recursiveBase64StrToArrayBuffer(json);
            return json;
        }).then(getCredentialArgs => {
            // get credentials
            return navigator.credentials.get(getCredentialArgs);
        }).then(cred => {
            return {
                id: cred.rawId ? arrayBufferToBase64(cred.rawId) : null,
                clientDataJSON: cred.response.clientDataJSON  ? arrayBufferToBase64(cred.response.clientDataJSON) : null,
                authenticatorData: cred.response.authenticatorData ? arrayBufferToBase64(cred.response.authenticatorData) : null,
                signature : cred.response.signature ? arrayBufferToBase64(cred.response.signature) : null
            };
        }).then(JSON.stringify).then(function(AuthenticatorAttestationResponse) {
            // send request by submit
            var form = document.getElementById('webauthn_auth_form');
            var auth = document.getElementById('webauthn_auth_data');
            auth.value = AuthenticatorAttestationResponse;
            form.submit();
        }).catch(function(err) {
            var webauthn_return_code = document.getElementById('webauthn_return_code');
            webauthn_return_code.style.display = webauthn_return_code.style.display === 'none' ? '' : null;
            webauthn_return_code.innerHTML = lang_tfa.error_code + ': ' + err + ' ' + lang_tfa.reload_retry;
        });
      } 
    });
    $('#ConfirmTFAModal').on('hidden.bs.modal', function(){
      // cancel pending login
      $.ajax({
        type: "GET",
        cache: false,
@ -327,44 +345,55 @@ function recursiveBase64StrToArrayBuffer(obj) {
      });
      $("option:selected").prop("selected", false);
    }
-    if ($(this).val() == "u2f") {
+    if ($(this).val() == "webauthn") {
-      $('#U2FModal').modal('show');
+        // check if Browser is supported
-      $("option:selected").prop("selected", false);
+        if (!window.fetch || !navigator.credentials || !navigator.credentials.create) {
-      $("#start_u2f_register").click(function(){
+            window.alert('Browser not supported.');
        $('#u2f_return_code').html('');
        $('#u2f_return_code').hide();
        $('#u2f_status_reg').html('<p><i class="bi bi-arrow-repeat icon-spin"></i> ' + lang_tfa.init_u2f + '</p>');
        $.ajax({
          type: "GET",
          cache: false,
          dataType: 'script',
          url: "/api/v1/get/u2f-registration/{{ mailcow_cc_username|url_encode(true)|default('null') }}",
          complete: function(data){
            data;
            setTimeout(function() {
              console.log("Ready to register");
              $('#u2f_status_reg').html(lang_tfa.waiting_usb_register);
              u2f.register(appId, registerRequests, registeredKeys, function(deviceResponse) {
                var form  = document.getElementById('u2f_reg_form');
                var reg   = document.getElementById('u2f_register_data');
                console.log("Register callback: ", data);
                if (deviceResponse.errorCode && deviceResponse.errorCode != 0) {
                  var u2f_return_code = document.getElementById('u2f_return_code');
                  u2f_return_code.style.display = u2f_return_code.style.display === 'none' ? '' : null;
                  if (deviceResponse.errorCode == "4") {
                    deviceResponse.errorCode = "4 - The presented device is not eligible for this request. For a registration request this may mean that the token is already registered, and for a sign request it may mean that the token does not know the presented key handle";
                  }
                  else if (deviceResponse.errorCode == "5") {
                    deviceResponse.errorCode = "5 - Timeout reached before request could be satisfied.";
                  }
                  u2f_return_code.innerHTML = lang_tfa.error_code + ': ' + deviceResponse.errorCode + ' ' + lang_tfa.reload_retry;
            return;
        }
-                reg.value = JSON.stringify(deviceResponse);
+
-                form.submit();
+        // show modal
-              });
+        $('#WebAuthnModal').modal('show');
-            }, 1000);
+        $("option:selected").prop("selected", false);
        $("#start_webauthn_register").click(() => {
            var key_id = document.getElementsByName('key_id')[1].value;
            // fetch WebAuthn create args
            window.fetch("/api/v1/get/webauthn-tfa-registration/{{ mailcow_cc_username|url_encode(true)|default('null') }}", {method:'GET',cache:'no-cache'}).then(response => {
                return response.json();
            }).then(json => {
                if (json.success === false) throw new Error(json.msg);
                recursiveBase64StrToArrayBuffer(json);
                return json;
            }).then(createCredentialArgs => {
                // create credentials
                return navigator.credentials.create(createCredentialArgs);
            }).then(cred => {
                return {
                    clientDataJSON: cred.response.clientDataJSON  ? arrayBufferToBase64(cred.response.clientDataJSON) : null,
                    attestationObject: cred.response.attestationObject ? arrayBufferToBase64(cred.response.attestationObject) : null,
                    key_id: key_id,
                    tfa_method: "webauthn"
                };
            }).then(JSON.stringify).then(AuthenticatorAttestationResponse => {
                // send request
                return window.fetch("/api/v1/add/webauthn-tfa-registration", {method:'POST', body: AuthenticatorAttestationResponse, cache:'no-cache'});
            }).then(response => {
                return response.json();
            }).then(json => {
                if (json.success) {
                    // reload on success
                    window.location = window.location.href.split("#")[0];
                } else {
                    throw new Error(json.msg);
                }
            }).catch(function(err) {
                console.log(err);
                var webauthn_return_code = document.getElementById('webauthn_return_code');
                webauthn_return_code.style.display = webauthn_return_code.style.display === 'none' ? '' : null;
                webauthn_return_code.innerHTML = lang_tfa.error_code + ': ' + err + ' ' + lang_tfa.reload_retry;
            });
        });
    }
@ -394,6 +423,14 @@ function recursiveBase64StrToArrayBuffer(obj) {
  {% if ui_texts.ui_footer %}
  <hr><span class="rot-enc">{{ ui_texts.ui_footer|rot13|raw }}</span>
  {% endif %}
  {% if mailcow_cc_username and mailcow_info.version_tag|default %}
  <span class="version">
    🐮 + 🐋 = 💕
    <a href="{{ mailcow_info.git_project_url }}/releases/tag/{{ mailcow_info.version_tag }}" target="_blank">
        Version: {{ mailcow_info.version_tag }}
    </a>
  </span>
  {% endif %}
 </div>
 </body>
 </html>
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@ -65,7 +65,7 @@
              <option>{{ address }}</option>
            {% endfor %}
          </select>
-          <div id="sender_acl_disabled"><i class="bi bi-shield-exclamation"></i> {{ lang.edit.sender_acl_disabled }}</div>
+          <div id="sender_acl_disabled"><i class="bi bi-shield-exclamation"></i> {{ lang.edit.sender_acl_disabled|raw }}</div>
          <small class="help-block">{{ lang.edit.sender_acl_info|raw }}</small>
        </div>
      </div>
--- a/data/web/templates/edit/resource.twig
+++ b/data/web/templates/edit/resource.twig
@ -25,8 +25,8 @@
    <label class="control-label col-sm-2" for="multiple_bookings_select">{{ lang.add.multiple_bookings }}</label>
    <div class="col-sm-10">
      <select name="multiple_bookings_select" id="editSelectMultipleBookings" title="{{ lang.add.select }}" required>
-        <option value="0"{% if result.multiple_bookings == 0 %} selected{% endif %}>{{ lang.mailbox.booking_0 }}</option>
+        <option value="0"{% if result.multiple_bookings == 0 %} selected{% endif %}>{{ lang.mailbox.booking_null }}</option>
-        <option value="-1"{% if result.multiple_bookings == -1 %} selected{% endif %}>{{ lang.mailbox.booking_lt0 }}</option>
+        <option value="-1"{% if result.multiple_bookings == -1 %} selected{% endif %}>{{ lang.mailbox.booking_ltnull }}</option>
        <option value="custom"{% if result.multiple_bookings >= 1 %} selected{% endif %}>{{ lang.mailbox.booking_custom }}</option>
      </select>
      <div style="display:none" id="multiple_bookings_custom_div">
--- a/data/web/templates/mailbox/tab-resources.twig
+++ b/data/web/templates/mailbox/tab-resources.twig
@ -14,8 +14,8 @@
      </div>
    </div>
    <div class="panel-body help-block">
-      <p><span class="label label-success">{{ lang.mailbox.booking_0_short }}</span> - {{ lang.mailbox.booking_0 }}</p>
+      <p><span class="label label-success">{{ lang.mailbox.booking_0_short }}</span> - {{ lang.mailbox.booking_null }}</p>
-      <p><span class="label label-warning">{{ lang.mailbox.booking_lt0_short }}</span> - {{ lang.mailbox.booking_lt0 }}</p>
+      <p><span class="label label-warning">{{ lang.mailbox.booking_lt0_short }}</span> - {{ lang.mailbox.booking_ltnull }}</p>
      <p><span class="label label-danger">{{ lang.mailbox.booking_custom_short }}</span> - {{ lang.mailbox.booking_custom }}</p>
    </div>
 {#    <div class="mass-actions-mailbox" data-actions-header="true"></div>#}
--- a/data/web/templates/modals/footer.twig
+++ b/data/web/templates/modals/footer.twig
@ -37,15 +37,15 @@
  </div>
 </div>
-<div class="modal fade" id="U2FModal" tabindex="-1" role="dialog" aria-labelledby="U2FModalLabel">
+<div class="modal fade" id="WebAuthnModal" tabindex="-1" role="dialog" aria-labelledby="WebAuthnModalLabel">
  <div class="modal-dialog" role="document">
    <div class="modal-content">
      <div class="modal-header">
        <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span></button>
-        <h3 class="modal-title">{{ lang.tfa.u2f }}</h3>
+        <h3 class="modal-title">{{ lang.tfa.webauthn }}</h3>
      </div>
      <div class="modal-body">
-        <form role="form" method="post" id="u2f_reg_form">
+        <form role="form" method="post" id="webauthn_reg_form">
          <div class="form-group">
            <input type="text" class="form-control" name="key_id" placeholder="{{ lang.tfa.key_id }}" autocomplete="off" required>
          </div>
@ -54,18 +54,18 @@
          </div>
          <hr>
          <center>
-            <div style="cursor:pointer" id="start_u2f_register">
+            <div style="cursor:pointer" id="start_webauthn_register">
              <svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" viewBox="0 0 24 24">
                <path d="M17.81 4.47c-.08 0-.16-.02-.23-.06C15.66 3.42 14 3 12.01 3c-1.98 0-3.86.47-5.57 1.41-.24.13-.54.04-.68-.2-.13-.24-.04-.55.2-.68C7.82 2.52 9.86 2 12.01 2c2.13 0 3.99.47 6.03 1.52.25.13.34.43.21.67-.09.18-.26.28-.44.28zM3.5 9.72c-.1 0-.2-.03-.29-.09-.23-.16-.28-.47-.12-.7.99-1.4 2.25-2.5 3.75-3.27C9.98 4.04 14 4.03 17.15 5.65c1.5.77 2.76 1.86 3.75 3.25.16.22.11.54-.12.7-.23.16-.54.11-.7-.12-.9-1.26-2.04-2.25-3.39-2.94-2.87-1.47-6.54-1.47-9.4.01-1.36.7-2.5 1.7-3.4 2.96-.08.14-.23.21-.39.21zm6.25 12.07c-.13 0-.26-.05-.35-.15-.87-.87-1.34-1.43-2.01-2.64-.69-1.23-1.05-2.73-1.05-4.34 0-2.97 2.54-5.39 5.66-5.39s5.66 2.42 5.66 5.39c0 .28-.22.5-.5.5s-.5-.22-.5-.5c0-2.42-2.09-4.39-4.66-4.39-2.57 0-4.66 1.97-4.66 4.39 0 1.44.32 2.77.93 3.85.64 1.15 1.08 1.64 1.85 2.42.19.2.19.51 0 .71-.11.1-.24.15-.37.15zm7.17-1.85c-1.19 0-2.24-.3-3.1-.89-1.49-1.01-2.38-2.65-2.38-4.39 0-.28.22-.5.5-.5s.5.22.5.5c0 1.41.72 2.74 1.94 3.56.71.48 1.54.71 2.54.71.24 0 .64-.03 1.04-.1.27-.05.53.13.58.41.05.27-.13.53-.41.58-.57.11-1.07.12-1.21.12zM14.91 22c-.04 0-.09-.01-.13-.02-1.59-.44-2.63-1.03-3.72-2.1-1.4-1.39-2.17-3.24-2.17-5.22 0-1.62 1.38-2.94 3.08-2.94 1.7 0 3.08 1.32 3.08 2.94 0 1.07.93 1.94 2.08 1.94s2.08-.87 2.08-1.94c0-3.77-3.25-6.83-7.25-6.83-2.84 0-5.44 1.58-6.61 4.03-.39.81-.59 1.76-.59 2.8 0 .78.07 2.01.67 3.61.1.26-.03.55-.29.64-.26.1-.55-.04-.64-.29-.49-1.31-.73-2.61-.73-3.96 0-1.2.23-2.29.68-3.24 1.33-2.79 4.28-4.6 7.51-4.6 4.55 0 8.25 3.51 8.25 7.83 0 1.62-1.38 2.94-3.08 2.94s-3.08-1.32-3.08-2.94c0-1.07-.93-1.94-2.08-1.94s-2.08.87-2.08 1.94c0 1.71.66 3.31 1.87 4.51.95.94 1.86 1.46 3.27 1.85.27.07.42.35.35.61-.05.23-.26.38-.47.38z"></path>
              </svg>
-              <p>{{ lang.tfa.start_u2f_validation }}</p>
+              <p>{{ lang.tfa.start_webauthn_validation }}</p>
              <hr>
            </div>
          </center>
-          <p id="u2f_status_reg"></p>
+          <p id="webauthn_status_reg"></p>
-          <div class="alert alert-danger" style="display:none" id="u2f_return_code"></div>
+          <div class="alert alert-danger" style="display:none" id="webauthn_return_code"></div>
-          <input type="hidden" name="token" id="u2f_register_data"/>
+          <input type="hidden" name="token" id="webauthn_register_data"/>
-          <input type="hidden" name="tfa_method" value="u2f">
+          <input type="hidden" name="tfa_method" value="webauthn">
          <input type="hidden" name="set_tfa"/><br/>
        </form>
      </div>
@ -124,7 +124,7 @@
            <input type="password" class="form-control input-xs-lg" name="confirm_password" placeholder="{{ lang.user.password_now }}" autocomplete="off" required>
            <span class="input-group-btn">
              <input type="hidden" name="tfa_method" value="none">
-              <button class="btn btn-sm visible-xs-block visible-sm-inline visible-md-inline visible-lg-inline btn-danger" type="submit" name="set_tfa">{{ lang.tfa.delete_tfa|replace({" ": "&nbsp;"}) }}</button>
+              <button class="btn btn-sm visible-xs-block visible-sm-inline visible-md-inline visible-lg-inline btn-danger" type="submit" name="set_tfa">{{ lang.tfa.delete_tfa|replace({" ": "&nbsp;"})|raw }}</button>
            </span>
          </div>
        </form>
@ -154,24 +154,6 @@
          <button class="btn btn-sm visible-xs-block visible-sm-inline visible-md-inline visible-lg-inline btn-sm btn-default" type="submit" name="verify_tfa_login">{{ lang.login.login }}</button>
        </form>
        {% endif %}
        {% if pending_tfa_method == 'u2f' %}
        <form role="form" method="post" id="u2f_auth_form">
          <center>
            <div id="start_u2f_confirmation">
              <svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" viewBox="0 0 24 24">
                <path d="M17.81 4.47c-.08 0-.16-.02-.23-.06C15.66 3.42 14 3 12.01 3c-1.98 0-3.86.47-5.57 1.41-.24.13-.54.04-.68-.2-.13-.24-.04-.55.2-.68C7.82 2.52 9.86 2 12.01 2c2.13 0 3.99.47 6.03 1.52.25.13.34.43.21.67-.09.18-.26.28-.44.28zM3.5 9.72c-.1 0-.2-.03-.29-.09-.23-.16-.28-.47-.12-.7.99-1.4 2.25-2.5 3.75-3.27C9.98 4.04 14 4.03 17.15 5.65c1.5.77 2.76 1.86 3.75 3.25.16.22.11.54-.12.7-.23.16-.54.11-.7-.12-.9-1.26-2.04-2.25-3.39-2.94-2.87-1.47-6.54-1.47-9.4.01-1.36.7-2.5 1.7-3.4 2.96-.08.14-.23.21-.39.21zm6.25 12.07c-.13 0-.26-.05-.35-.15-.87-.87-1.34-1.43-2.01-2.64-.69-1.23-1.05-2.73-1.05-4.34 0-2.97 2.54-5.39 5.66-5.39s5.66 2.42 5.66 5.39c0 .28-.22.5-.5.5s-.5-.22-.5-.5c0-2.42-2.09-4.39-4.66-4.39-2.57 0-4.66 1.97-4.66 4.39 0 1.44.32 2.77.93 3.85.64 1.15 1.08 1.64 1.85 2.42.19.2.19.51 0 .71-.11.1-.24.15-.37.15zm7.17-1.85c-1.19 0-2.24-.3-3.1-.89-1.49-1.01-2.38-2.65-2.38-4.39 0-.28.22-.5.5-.5s.5.22.5.5c0 1.41.72 2.74 1.94 3.56.71.48 1.54.71 2.54.71.24 0 .64-.03 1.04-.1.27-.05.53.13.58.41.05.27-.13.53-.41.58-.57.11-1.07.12-1.21.12zM14.91 22c-.04 0-.09-.01-.13-.02-1.59-.44-2.63-1.03-3.72-2.1-1.4-1.39-2.17-3.24-2.17-5.22 0-1.62 1.38-2.94 3.08-2.94 1.7 0 3.08 1.32 3.08 2.94 0 1.07.93 1.94 2.08 1.94s2.08-.87 2.08-1.94c0-3.77-3.25-6.83-7.25-6.83-2.84 0-5.44 1.58-6.61 4.03-.39.81-.59 1.76-.59 2.8 0 .78.07 2.01.67 3.61.1.26-.03.55-.29.64-.26.1-.55-.04-.64-.29-.49-1.31-.73-2.61-.73-3.96 0-1.2.23-2.29.68-3.24 1.33-2.79 4.28-4.6 7.51-4.6 4.55 0 8.25 3.51 8.25 7.83 0 1.62-1.38 2.94-3.08 2.94s-3.08-1.32-3.08-2.94c0-1.07-.93-1.94-2.08-1.94s-2.08.87-2.08 1.94c0 1.71.66 3.31 1.87 4.51.95.94 1.86 1.46 3.27 1.85.27.07.42.35.35.61-.05.23-.26.38-.47.38z"></path>
              </svg>
              <p>{{ lang.tfa.start_u2f_validation }}</p>
              <hr>
            </div>
          </center>
          <p id="u2f_status_auth"></p>
          <div class="alert alert-danger" style="display:none" id="u2f_return_code"></div>
          <input type="hidden" name="token" id="u2f_auth_data"/>
          <input type="hidden" name="tfa_method" value="u2f">
          <input type="hidden" name="verify_tfa_login"/><br/>
        </form>
        {% endif %}
        {% if pending_tfa_method == 'totp' %}
        <form role="form" method="post">
          <div class="form-group">
@ -187,6 +169,36 @@
        {% if pending_tfa_method == 'hotp' %}
        <div class="empty"></div>
        {% endif %}
        {% if pending_tfa_method == 'webauthn' %}
        <form role="form" method="post" id="webauthn_auth_form">
          <center>
            <div style="cursor:pointer" id="start_webauthn_confirmation">
              <svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" viewBox="0 0 24 24">
                <path d="M17.81 4.47c-.08 0-.16-.02-.23-.06C15.66 3.42 14 3 12.01 3c-1.98 0-3.86.47-5.57 1.41-.24.13-.54.04-.68-.2-.13-.24-.04-.55.2-.68C7.82 2.52 9.86 2 12.01 2c2.13 0 3.99.47 6.03 1.52.25.13.34.43.21.67-.09.18-.26.28-.44.28zM3.5 9.72c-.1 0-.2-.03-.29-.09-.23-.16-.28-.47-.12-.7.99-1.4 2.25-2.5 3.75-3.27C9.98 4.04 14 4.03 17.15 5.65c1.5.77 2.76 1.86 3.75 3.25.16.22.11.54-.12.7-.23.16-.54.11-.7-.12-.9-1.26-2.04-2.25-3.39-2.94-2.87-1.47-6.54-1.47-9.4.01-1.36.7-2.5 1.7-3.4 2.96-.08.14-.23.21-.39.21zm6.25 12.07c-.13 0-.26-.05-.35-.15-.87-.87-1.34-1.43-2.01-2.64-.69-1.23-1.05-2.73-1.05-4.34 0-2.97 2.54-5.39 5.66-5.39s5.66 2.42 5.66 5.39c0 .28-.22.5-.5.5s-.5-.22-.5-.5c0-2.42-2.09-4.39-4.66-4.39-2.57 0-4.66 1.97-4.66 4.39 0 1.44.32 2.77.93 3.85.64 1.15 1.08 1.64 1.85 2.42.19.2.19.51 0 .71-.11.1-.24.15-.37.15zm7.17-1.85c-1.19 0-2.24-.3-3.1-.89-1.49-1.01-2.38-2.65-2.38-4.39 0-.28.22-.5.5-.5s.5.22.5.5c0 1.41.72 2.74 1.94 3.56.71.48 1.54.71 2.54.71.24 0 .64-.03 1.04-.1.27-.05.53.13.58.41.05.27-.13.53-.41.58-.57.11-1.07.12-1.21.12zM14.91 22c-.04 0-.09-.01-.13-.02-1.59-.44-2.63-1.03-3.72-2.1-1.4-1.39-2.17-3.24-2.17-5.22 0-1.62 1.38-2.94 3.08-2.94 1.7 0 3.08 1.32 3.08 2.94 0 1.07.93 1.94 2.08 1.94s2.08-.87 2.08-1.94c0-3.77-3.25-6.83-7.25-6.83-2.84 0-5.44 1.58-6.61 4.03-.39.81-.59 1.76-.59 2.8 0 .78.07 2.01.67 3.61.1.26-.03.55-.29.64-.26.1-.55-.04-.64-.29-.49-1.31-.73-2.61-.73-3.96 0-1.2.23-2.29.68-3.24 1.33-2.79 4.28-4.6 7.51-4.6 4.55 0 8.25 3.51 8.25 7.83 0 1.62-1.38 2.94-3.08 2.94s-3.08-1.32-3.08-2.94c0-1.07-.93-1.94-2.08-1.94s-2.08.87-2.08 1.94c0 1.71.66 3.31 1.87 4.51.95.94 1.86 1.46 3.27 1.85.27.07.42.35.35.61-.05.23-.26.38-.47.38z"></path>
              </svg>
              <p>{{ lang.tfa.start_webauthn_validation }}</p>
              <hr>
            </div>
          </center>
          <p id="webauthn_status_auth"></p>
          <div class="alert alert-danger" style="display:none" id="webauthn_return_code"></div>
          <input type="hidden" name="token" id="webauthn_auth_data"/>
          <input type="hidden" name="tfa_method" value="webauthn">
          <input type="hidden" name="verify_tfa_login"/><br/>
        </form>
        {% endif %}
        {# leave this here to inform users that u2f is deprecated #}
        {% if pending_tfa_method == 'u2f' %}
        <form role="form" method="post" id="u2f_auth_form">
          <p>{{ lang.tfa.u2f_deprecated }}</p>
          <p><b>{{ lang.tfa.u2f_deprecated_important }}</b></p>
          <input type="hidden" name="token" value="destroy" />
          <input type="hidden" name="tfa_method" value="u2f">
          <input type="hidden" name="verify_tfa_login"/><br/>
          <button type="submit" class="btn btn-xs-lg btn-success" value="Login">{{ lang.login.login }}</button>
        </form>
        {% endif %}
      </div>
    </div>
  </div>
--- a/data/web/templates/modals/mailbox.twig
+++ b/data/web/templates/modals/mailbox.twig
@ -245,8 +245,8 @@
            <label class="control-label col-sm-2" for="multiple_bookings_select">{{ lang.add.multiple_bookings }}</label>
            <div class="col-sm-10">
              <select name="multiple_bookings_select" id="multiple_bookings_select" title="{{ lang.add.select }}" required>
-                <option value="0">{{ lang.mailbox.booking_0 }}</option>
+                <option value="0">{{ lang.mailbox.booking_null }}</option>
-                <option value="-1" selected>{{ lang.mailbox.booking_lt0 }}</option>
+                <option value="-1" selected>{{ lang.mailbox.booking_ltnull }}</option>
                <option value="custom">{{ lang.mailbox.booking_custom }}</option>
              </select>
              <div style="display:none" id="multiple_bookings_custom_div">
--- a/data/web/templates/modals/user.twig
+++ b/data/web/templates/modals/user.twig
@ -264,6 +264,9 @@
      <div class="modal-header">
        <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span></button>
        <h3 class="modal-title">{{ lang.user.change_password }}</h3>
        {% if number_of_app_passwords > 0 %}
        <p>{{ lang.user.change_password_hint_app_passwords | replace({'{{number_of_app_passwords}}': number_of_app_passwords}) }}</p>
        {% endif %}
      </div>
      <div class="modal-body">
        <form class="form-horizontal" data-cached-form="false" data-id="pwchange" role="form" method="post" autocomplete="off">
--- a/data/web/templates/user/Pushover.twig
+++ b/data/web/templates/user/Pushover.twig
@ -39,7 +39,7 @@
            <div class="col-sm-12">
              <div class="form-group">
                <label for="text">{{ lang.user.pushover_sender_array|raw }}</label>
-                <input type="text" class="form-control" name="senders" value="{{ pushover_data.token }}" placeholder="sender1@example.com, sender2@example.com">
+                <input type="text" class="form-control" name="senders" value="{{ pushover_data.senders }}" placeholder="sender1@example.com, sender2@example.com">
              </div>
            </div>
            <div class="col-sm-12">
--- a/data/web/templates/user/tab-user-auth.twig
+++ b/data/web/templates/user/tab-user-auth.twig
@ -101,6 +101,17 @@
          {% endif %}
        </div>
      </div>
      <div class="row">
        <div class="col-md-3 col-xs-12 text-right text-xs-left space20"><i class="bi bi-file-earmark-text"></i> {{ lang.user.apple_connection_profile }}<br />{{ lang.user.with_app_password }}:</div>
        <div class="col-md-9 col-xs-12">
          <p><i class="bi bi-file-earmark-post"></i> <a href="/mobileconfig.php?only_email&amp;app_password">{{ lang.user.email }}</a> <small>IMAP, SMTP</small></p>
          <p class="help-block">{{ lang.user.apple_connection_profile_mailonly }} {{ lang.user.apple_connection_profile_with_app_password }}</p>
          {% if not skip_sogo %}
          <p><i class="bi bi-file-earmark-post"></i> <a href="/mobileconfig.php?app_password">{{ lang.user.email_and_dav }}</a> <small>IMAP, SMTP, Cal/CardDAV</small></p>
          <p class="help-block">{{ lang.user.apple_connection_profile_complete }} {{ lang.user.apple_connection_profile_with_app_password }}</p>
          {% endif %}
        </div>
      </div>
      <hr>
      <div class="row">
        <div class="col-sm-offset-3 col-sm-9">
--- a/data/web/user.php
+++ b/data/web/user.php
@ -62,6 +62,15 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
  }
  $template = 'user.twig';
  $number_of_app_passwords = 0;
  foreach (app_passwd("get") as $app_password)
  {
      $app_password = app_passwd("details", $app_password['id']);
      if ($app_password['active'])
      {
          ++$number_of_app_passwords;
      }
  }
  $template_data = [
    'acl' => $_SESSION['acl'],
    'acl_json' => json_encode($_SESSION['acl']),
@ -78,6 +87,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
    'user_domains' => $user_domains,
    'pushover_data' => $pushover_data,
    'lang_user' => json_encode($lang['user']),
    'number_of_app_passwords' => $number_of_app_passwords,
  ];
 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -2,7 +2,7 @@ version: '2.1'
 services:
    unbound-mailcow:
-      image: mailcow/unbound:1.14
+      image: mailcow/unbound:1.15
      environment:
        - TZ=${TZ}
      volumes:
@ -58,7 +58,7 @@ services:
            - redis
    clamd-mailcow:
-      image: mailcow/clamd:1.41
+      image: mailcow/clamd:1.43
      restart: always
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
@ -157,6 +157,7 @@ services:
        - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
        - MASTER=${MASTER:-y}
        - DEV_MODE=${DEV_MODE:-n}
        - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
      restart: always
      networks:
        mailcow-network:
@ -164,7 +165,7 @@ services:
            - phpfpm
    sogo-mailcow:
-      image: mailcow/sogo:1.102
+      image: mailcow/sogo:1.106
      environment:
        - DBNAME=${DBNAME}
        - DBUSER=${DBUSER}
@ -199,7 +200,7 @@ services:
        ofelia.job-exec.sogo_sessions.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool expire-sessions $${SOGO_EXPIRE_SESSION} || exit 0\""
        ofelia.job-exec.sogo_ealarms.schedule: "@every 1m"
        ofelia.job-exec.sogo_ealarms.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-ealarms-notify -p /etc/sogo/sieve.creds || exit 0\""
-        ofelia.job-exec.sogo_eautoreply.schedule: "@every 24h"
+        ofelia.job-exec.sogo_eautoreply.schedule: "@every 5m"
        ofelia.job-exec.sogo_eautoreply.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds || exit 0\""
        ofelia.job-exec.sogo_backup.schedule: "@every 24h"
        ofelia.job-exec.sogo_backup.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool backup /sogo_backup ALL || exit 0\""
@ -211,7 +212,7 @@ services:
            - sogo
    dovecot-mailcow:
-      image: mailcow/dovecot:1.158
+      image: mailcow/dovecot:1.159
      depends_on:
        - mysql-mailcow
      dns:
@ -413,7 +414,7 @@ services:
    acme-mailcow:
      depends_on:
        - nginx-mailcow
-      image: mailcow/acme:1.80
+      image: mailcow/acme:1.81
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      environment:
@ -449,7 +450,7 @@ services:
            - acme
    netfilter-mailcow:
-      image: mailcow/netfilter:1.45
+      image: mailcow/netfilter:1.46
      stop_grace_period: 30s
      depends_on:
        - dovecot-mailcow
@ -472,7 +473,7 @@ services:
        - /lib/modules:/lib/modules:ro
    watchdog-mailcow:
-      image: mailcow/watchdog:1.95
+      image: mailcow/watchdog:1.96
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      tmpfs:
@ -534,7 +535,7 @@ services:
            - watchdog
    dockerapi-mailcow:
-      image: mailcow/dockerapi:1.40
+      image: mailcow/dockerapi:1.41
      security_opt:
        - label=disable
      restart: always
@ -552,7 +553,7 @@ services:
            - dockerapi
    solr-mailcow:
-      image: mailcow/solr:1.7
+      image: mailcow/solr:1.8.1
      restart: always
      volumes:
        - solr-vol-1:/opt/solr/server/solr/dovecot-fts/data:Z
@ -568,7 +569,7 @@ services:
            - solr
    olefy-mailcow:
-      image: mailcow/olefy:1.8
+      image: mailcow/olefy:1.8.1
      restart: always
      environment:
        - TZ=${TZ}
@ -589,6 +590,7 @@ services:
      image: mcuadros/ofelia:latest
      restart: always
      command: daemon --docker
      environment:
        - TZ=${TZ}
      depends_on:
        - sogo-mailcow
--- a/generate_config.sh
+++ b/generate_config.sh
@ -341,9 +341,14 @@ DOVECOT_MASTER_PASS=
 # Optional: Leave empty for none
 # This value is only used on first order!
 # Setting it at a later point will require the following steps:
-# https://mailcow.github.io/mailcow-dockerized-docs/debug-reset-tls/
+# https://mailcow.github.io/mailcow-dockerized-docs/debug-reset_tls/
 ACME_CONTACT=
 # WebAuthn device manufacturer verification
 # After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed
 # root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
 WEBAUTHN_ONLY_TRUSTED_VENDORS=n
 EOF
 mkdir -p data/assets/ssl
@ -356,3 +361,19 @@ echo "Generating snake-oil certificate..."
 openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes
 echo "Copying snake-oil certificate..."
 cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
 # Set app_info.inc.php
 mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
 if [ $? -eq 0 ]; then
  mailcow_git_url=$(git config --get remote.origin.url)
  echo '<?php' > data/web/inc/app_info.inc.php
  echo '  $MAILCOW_GIT_VERSION="'$mailcow_git_version'";' >> data/web/inc/app_info.inc.php
  echo '  $MAILCOW_GIT_URL="'$mailcow_git_url'";' >> data/web/inc/app_info.inc.php
  echo '?>' >> data/web/inc/app_info.inc.php
 else
  echo '<?php' > data/web/inc/app_info.inc.php
  echo '  $MAILCOW_GIT_VERSION="";' >> data/web/inc/app_info.inc.php
  echo '  $MAILCOW_GIT_URL="";' >> data/web/inc/app_info.inc.php
  echo '?>' >> data/web/inc/app_info.inc.php
  echo -e "\e[33mCannot determine current git repository version...\e[0m"
 fi
--- a/update.sh
+++ b/update.sh
@ -306,6 +306,8 @@ CONFIG_ARRAY=(
  "MAILCOW_PASS_SCHEME"
  "ADDITIONAL_SERVER_NAMES"
  "ACME_CONTACT"
  "WATCHDOG_VERBOSE"
  "WEBAUTHN_ONLY_TRUSTED_VENDORS"
 )
 sed -i --follow-symlinks '$a\' mailcow.conf
@ -513,6 +515,13 @@ for option in ${CONFIG_ARRAY[@]}; do
      echo '# https://mailcow.github.io/mailcow-dockerized-docs/debug-reset-tls/' >> mailcow.conf
      echo 'ACME_CONTACT=' >> mailcow.conf
  fi
  elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
    if ! grep -q ${option} mailcow.conf; then
      echo "# WebAuthn device manufacturer verification" >> mailcow.conf
      echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
      echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
      echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
    fi
 elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then
    if ! grep -q ${option} mailcow.conf; then
      echo '# Enable watchdog verbose logging' >> mailcow.conf
@ -710,6 +719,22 @@ if [ -f "data/conf/rspamd/local.d/metrics.conf" ]; then
  mv data/conf/rspamd/local.d/metrics.conf data/conf/rspamd/local.d/metrics.conf_deprecated
 fi
 # Set app_info.inc.php
 mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
 if [ $? -eq 0 ]; then
  mailcow_git_url=$(git config --get remote.origin.url)
  echo '<?php' > data/web/inc/app_info.inc.php
  echo '  $MAILCOW_GIT_VERSION="'$mailcow_git_version'";' >> data/web/inc/app_info.inc.php
  echo '  $MAILCOW_GIT_URL="'$mailcow_git_url'";' >> data/web/inc/app_info.inc.php
  echo '?>' >> data/web/inc/app_info.inc.php
 else
  echo '<?php' > data/web/inc/app_info.inc.php
  echo '  $MAILCOW_GIT_VERSION="";' >> data/web/inc/app_info.inc.php
  echo '  $MAILCOW_GIT_URL="";' >> data/web/inc/app_info.inc.php
  echo '?>' >> data/web/inc/app_info.inc.php
  echo -e "\e[33mCannot determine current git repository version...\e[0m"
 fi
 if [[ ${SKIP_START} == "y" ]]; then
  echo -e "\e[33mNot starting mailcow, please run \"docker-compose up -d --remove-orphans\" to start mailcow.\e[0m"
 else
`@ -1,4 +1,4 @@`
	`FROM alpine:3.14`	`FROM alpine:3.15`

	`LABEL maintainer "Andre Peters <andre.peters@servercow.de>"`	`LABEL maintainer "Andre Peters <andre.peters@servercow.de>"`