From 0d50f0d60ac14b73c0a6e6e059fc7f4dd255534e Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Wed, 3 Jun 2026 23:24:32 -0400
Subject: [PATCH 01/27] fix: Do not close icon picker on choice (#12573)

---
 app/components/IconPicker/index.tsx | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/components/IconPicker/index.tsx b/app/components/IconPicker/index.tsx
index 531187d786..00459e5c40 100644
--- a/app/components/IconPicker/index.tsx
+++ b/app/components/IconPicker/index.tsx
@@ -107,7 +107,6 @@ const IconPicker = ({
 
   const handleIconChange = React.useCallback(
     (ic: string) => {
-      setOpen(false);
       const icType = determineIconType(ic);
       const finalColor = icType === IconType.SVG ? chosenColor : null;
       onChange(ic, finalColor);

From a21ddc4999c2a110fce216b97a7f12e2f4338b42 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Wed, 3 Jun 2026 23:51:09 -0400
Subject: [PATCH 02/27] Add tagging of outgoing emails (#12570)

* Add tagging of outgoing emails

* Detect SES configured via well-known service key

The isSES check only matched "amazonaws" in the host, so SES configured
through SMTP_SERVICE (e.g. "SES" or "SES-US-EAST-1") was not detected and
tagging headers were not applied.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
---
 server/emails/mailer.tsx              | 84 +++++++++++++++++++++++++++
 server/emails/templates/BaseEmail.tsx |  1 +
 2 files changed, 85 insertions(+)

diff --git a/server/emails/mailer.tsx b/server/emails/mailer.tsx
index c5a72fb1fb..0c6517a38c 100644
--- a/server/emails/mailer.tsx
+++ b/server/emails/mailer.tsx
@@ -12,17 +12,37 @@ import { baseStyles } from "./templates/components/EmailLayout";
 const useTestEmailService = env.isDevelopment && !env.SMTP_USERNAME;
 
 type SendMailOptions = {
+  /** The email address being sent to. */
   to: string;
+  /** The address the email is sent from. */
   from: EmailAddress;
+  /** An address to set as the reply-to for the email. */
   replyTo?: string;
+  /** A unique identifier for the message, used for threading. */
   messageId?: string;
+  /** Message IDs this email is a reply to, used for threading. */
   references?: string[];
+  /** The subject line of the email. */
   subject: string;
+  /** Preview text shown in email client list views. */
   previewText?: string;
+  /** The plain-text version of the email body. */
   text: string;
+  /** The React element rendered to produce the HTML body. */
   component: JSX.Element;
+  /** Additional CSS to inject into the head of the email. */
   headCSS?: string;
+  /** The URL used to unsubscribe from these emails. */
   unsubscribeUrl?: string;
+  /** Tags used for reporting, where supported by the email provider. */
+  tags?: EmailTags;
+};
+
+type EmailTags = {
+  /** The broad category of the email, e.g. "notification". */
+  category: string;
+  /** The specific template name, e.g. "InviteEmail". */
+  template: string;
 };
 
 /**
@@ -167,6 +187,7 @@ export class Mailer {
         references: data.references,
         inReplyTo: data.references?.at(-1),
         subject: data.subject,
+        headers: this.tagHeaders(data.tags),
         html,
         text: data.text,
         list: data.unsubscribeUrl
@@ -200,6 +221,69 @@ export class Mailer {
     }
   };
 
+  /**
+   * Builds the provider-specific headers used to tag a message for reporting.
+   * Each supported provider expects a different header name and format; for
+   * providers that do not support tagging, or when no tags are given, no
+   * headers are returned.
+   *
+   * @param tags The tags to apply to the message.
+   * @returns A map of headers to set on the message, or undefined.
+   */
+  private tagHeaders(
+    tags?: EmailTags
+  ): Record<string, string | string[]> | undefined {
+    if (!tags) {
+      return undefined;
+    }
+
+    // Mailgun: up to three tags via repeated X-Mailgun-Tag headers.
+    // https://documentation.mailgun.com/docs/mailgun/user-manual/tracking-messages/#tagging
+    if (this.isMailgun) {
+      return { "X-Mailgun-Tag": Object.values(tags).slice(0, 3) };
+    }
+
+    // SES: comma-separated name=value pairs via X-SES-MESSAGE-TAGS.
+    // https://docs.aws.amazon.com/ses/latest/dg/event-publishing-send-email.html
+    if (this.isSES) {
+      return {
+        "X-SES-MESSAGE-TAGS": Object.entries(tags)
+          .map(([name, value]) => `${name}=${value}`)
+          .join(", "),
+      };
+    }
+
+    // Postmark: a single tag per message via X-PM-Tag.
+    // https://postmarkapp.com/support/article/1117-add-link-tracking-to-a-message
+    if (this.isPostmark) {
+      return { "X-PM-Tag": tags.template };
+    }
+
+    return undefined;
+  }
+
+  /** The configured SMTP host and service name, for provider detection. */
+  private get provider(): string {
+    return `${env.SMTP_HOST ?? ""} ${env.SMTP_SERVICE ?? ""}`;
+  }
+
+  /** Whether the configured SMTP provider is Mailgun. */
+  private get isMailgun(): boolean {
+    return /mailgun/i.test(this.provider);
+  }
+
+  /** Whether the configured SMTP provider is Amazon SES. */
+  private get isSES(): boolean {
+    // Detected by the SES SMTP host (email-smtp.<region>.amazonaws.com) or a
+    // well-known Nodemailer service key (SES, SES-US-EAST-1, etc.).
+    return /amazonaws|(?:^|\s)ses\b/i.test(this.provider);
+  }
+
+  /** Whether the configured SMTP provider is Postmark. */
+  private get isPostmark(): boolean {
+    return /postmark/i.test(this.provider);
+  }
+
   private getOptions(): SMTPTransport.Options {
     // nodemailer will use the service config to determine host/port
     if (env.SMTP_SERVICE) {
diff --git a/server/emails/templates/BaseEmail.tsx b/server/emails/templates/BaseEmail.tsx
index 85801c1c23..03fa1b3a3a 100644
--- a/server/emails/templates/BaseEmail.tsx
+++ b/server/emails/templates/BaseEmail.tsx
@@ -177,6 +177,7 @@ export default abstract class BaseEmail<
         text: this.renderAsText(data),
         headCSS: this.headCSS?.(data),
         unsubscribeUrl: this.unsubscribeUrl?.(data),
+        tags: { category: this.category, template: templateName },
       });
       Metrics.increment("email.sent", {
         templateName,

From 4126b94f7c8ea70c883767a66663c7698d5b5351 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Wed, 3 Jun 2026 23:52:18 -0400
Subject: [PATCH 03/27] fix: Add gap between search input and New doc button on
 mobile (#12578)

Co-authored-by: Claude <noreply@anthropic.com>
---
 app/components/InputSearchPage.tsx | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/components/InputSearchPage.tsx b/app/components/InputSearchPage.tsx
index 6e898de5e9..d73601bb36 100644
--- a/app/components/InputSearchPage.tsx
+++ b/app/components/InputSearchPage.tsx
@@ -4,6 +4,7 @@ import * as React from "react";
 import { useTranslation } from "react-i18next";
 import { useHistory } from "react-router-dom";
 import styled, { useTheme } from "styled-components";
+import breakpoint from "styled-components-breakpoint";
 import { s } from "@shared/styles";
 import {
   isModKey,
@@ -117,6 +118,12 @@ function InputSearchPage({
 
 const InputMaxWidth = styled(Input).attrs({ round: true })`
   max-width: min(calc(30vw + 20px), 100%);
+
+  /* On mobile the input grows to fill the header, so add a gap before the
+   * adjacent action button (e.g. "New doc"). */
+  ${breakpoint("mobile", "tablet")`
+    margin-inline-end: 8px;
+  `}
 `;
 
 const Shortcut = styled.span<{ $visible: boolean }>`

From e9e565dc2b1817132a69c85c53b861fbb3991c3d Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Thu, 4 Jun 2026 08:24:51 -0400
Subject: [PATCH 04/27] fix: Access request logic for collection managers
 (#12579)

* fix: Access request logic for collection managers

* test: Exercise collection-manager path in access request regression tests

Grant the non-workspace-admin manager a collection-level Admin membership
instead of a direct document-level membership, so authorization flows
through the collection-manager path being tested for #12567.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
---
 .../api/accessRequests/accessRequests.test.ts | 90 ++++++++++++++++++-
 .../api/accessRequests/accessRequests.ts      | 12 +--
 2 files changed, 95 insertions(+), 7 deletions(-)

diff --git a/server/routes/api/accessRequests/accessRequests.test.ts b/server/routes/api/accessRequests/accessRequests.test.ts
index 1173295911..2fed31a0ff 100644
--- a/server/routes/api/accessRequests/accessRequests.test.ts
+++ b/server/routes/api/accessRequests/accessRequests.test.ts
@@ -1,4 +1,4 @@
-import { DocumentPermission } from "@shared/types";
+import { CollectionPermission, DocumentPermission } from "@shared/types";
 import { AccessRequest, UserMembership } from "@server/models";
 import { AccessRequestStatus } from "@server/models/AccessRequest";
 import {
@@ -313,6 +313,54 @@ describe("#accessRequests.approve", () => {
     expect(membership?.permission).toEqual(DocumentPermission.ReadWrite);
   });
 
+  it("should allow a document manager who is not a workspace admin to approve", async () => {
+    const team = await buildTeam();
+    const requester = await buildUser({ teamId: team.id });
+    const manager = await buildUser({ teamId: team.id });
+    const collection = await buildCollection({
+      teamId: team.id,
+      userId: manager.id,
+      permission: null,
+    });
+    const document = await buildDocument({
+      teamId: team.id,
+      createdById: manager.id,
+      collectionId: collection.id,
+    });
+
+    await UserMembership.create({
+      userId: manager.id,
+      collectionId: collection.id,
+      createdById: manager.id,
+      permission: CollectionPermission.Admin,
+    });
+
+    const accessRequest = await AccessRequest.create({
+      documentId: document.id,
+      userId: requester.id,
+      teamId: team.id,
+      status: AccessRequestStatus.Pending,
+    });
+
+    const res = await server.post("/api/accessRequests.approve", manager, {
+      body: {
+        id: accessRequest.id,
+        permission: DocumentPermission.Read,
+      },
+    });
+
+    expect(res.status).toEqual(200);
+
+    const membership = await UserMembership.findOne({
+      where: {
+        userId: requester.id,
+        documentId: document.id,
+      },
+    });
+    expect(membership).toBeTruthy();
+    expect(membership?.permission).toEqual(DocumentPermission.Read);
+  });
+
   it("should not allow non-managers to approve requests", async () => {
     const team = await buildTeam();
     const requester = await buildUser({ teamId: team.id });
@@ -461,6 +509,46 @@ describe("#accessRequests.dismiss", () => {
     expect(membership).toBeNull();
   });
 
+  it("should allow a document manager who is not a workspace admin to dismiss", async () => {
+    const team = await buildTeam();
+    const requester = await buildUser({ teamId: team.id });
+    const manager = await buildUser({ teamId: team.id });
+    const collection = await buildCollection({
+      teamId: team.id,
+      userId: manager.id,
+      permission: null,
+    });
+    const document = await buildDocument({
+      teamId: team.id,
+      createdById: manager.id,
+      collectionId: collection.id,
+    });
+
+    await UserMembership.create({
+      userId: manager.id,
+      collectionId: collection.id,
+      createdById: manager.id,
+      permission: CollectionPermission.Admin,
+    });
+
+    const accessRequest = await AccessRequest.create({
+      documentId: document.id,
+      userId: requester.id,
+      teamId: team.id,
+    });
+
+    const res = await server.post("/api/accessRequests.dismiss", manager, {
+      body: {
+        id: accessRequest.id,
+      },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(200);
+    expect(body.data.status).toEqual(AccessRequestStatus.Dismissed);
+    expect(body.data.responderId).toEqual(manager.id);
+  });
+
   it("should not allow non-managers to dismiss requests", async () => {
     const team = await buildTeam();
     const requester = await buildUser({ teamId: team.id });
diff --git a/server/routes/api/accessRequests/accessRequests.ts b/server/routes/api/accessRequests/accessRequests.ts
index ffc8af0cac..e6dd152d8a 100644
--- a/server/routes/api/accessRequests/accessRequests.ts
+++ b/server/routes/api/accessRequests/accessRequests.ts
@@ -101,8 +101,6 @@ router.post(
       transaction,
       lock: { level: transaction.LOCK.UPDATE, of: AccessRequest },
     });
-    authorize(user, "update", accessRequest);
-    authorize(user, "read", accessRequest.user);
 
     if (accessRequest.status !== AccessRequestStatus.Pending) {
       throw InvalidRequestError("Access request has already been responded to");
@@ -111,8 +109,10 @@ router.post(
     const document = await Document.findByPk(accessRequest.documentId, {
       userId: user.id,
       transaction,
+      rejectOnEmpty: true,
     });
-    authorize(user, "share", document);
+    authorize(user, "manageUsers", document);
+    authorize(user, "read", accessRequest.user);
 
     const membership = await UserMembership.findOne({
       where: {
@@ -157,14 +157,14 @@ router.post(
       transaction,
       lock: { level: transaction.LOCK.UPDATE, of: AccessRequest },
     });
-    authorize(user, "update", accessRequest);
-    authorize(user, "read", accessRequest.user);
 
     const document = await Document.findByPk(accessRequest.documentId, {
       userId: user.id,
       transaction,
+      rejectOnEmpty: true,
     });
-    authorize(user, "share", document);
+    authorize(user, "manageUsers", document);
+    authorize(user, "read", accessRequest.user);
 
     if (accessRequest.status === AccessRequestStatus.Pending) {
       await accessRequest.dismiss(ctx);

From 02c5c93bd884e43840fd55c2bc814be6d3c8fcfa Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Thu, 4 Jun 2026 09:13:50 -0400
Subject: [PATCH 05/27] Account for screen safe area in mobile drawer bottom
 padding (#12577)

Co-authored-by: Claude <noreply@anthropic.com>
---
 app/components/primitives/Drawer.tsx | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/components/primitives/Drawer.tsx b/app/components/primitives/Drawer.tsx
index 9fdd6af6a4..d556d400d3 100644
--- a/app/components/primitives/Drawer.tsx
+++ b/app/components/primitives/Drawer.tsx
@@ -102,6 +102,7 @@ const StyledContent = styled(m.div)`
 
 const StyledInnerContent = styled(Flex)`
   padding: 6px;
+  padding-bottom: calc(6px + var(--sab, 0px));
   height: 100%;
 `;
 

From 2aff3907c587792b98b620ad3e1d32657f8ee782 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Thu, 4 Jun 2026 09:14:04 -0400
Subject: [PATCH 06/27] Make collection title and icon inline editable like
 documents (#12574)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Collection title/icon editing was gated by `isEditRoute && separateEditMode`,
which meant that in the default inline editing mode (separateEditMode off) the
title and icon were never editable inline — even though the collection
description was. This diverged from documents and from the collection
description editor.

Align the Header editing gate with documents (DataLoader) and the Overview
description editor: `isEditRoute || !separateEditMode`, so title and icon are
seamlessly editable inline whenever the user has update permission.

Co-authored-by: Claude <noreply@anthropic.com>
---
 app/scenes/Collection/index.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/scenes/Collection/index.tsx b/app/scenes/Collection/index.tsx
index 40646e22b1..39f2d72554 100644
--- a/app/scenes/Collection/index.tsx
+++ b/app/scenes/Collection/index.tsx
@@ -179,7 +179,7 @@ const CollectionScene = observer(function CollectionScene_() {
           <Notices collection={collection} />
           <Header
             collection={collection}
-            isEditing={isEditRoute && !!user?.separateEditMode}
+            isEditing={isEditRoute || !user?.separateEditMode}
           />
 
           <PinnedDocuments

From ce3d710888486f8db21068e223d778ec43ed4e4e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Jun 2026 17:33:06 -0400
Subject: [PATCH 07/27] chore(deps): bump hono from 4.12.18 to 4.12.23 (#12584)

Bumps [hono](https://github.com/honojs/hono) from 4.12.18 to 4.12.23.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.18...v4.12.23)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.12.23
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index b25f0ca8d6..b213a17b70 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -11907,9 +11907,9 @@ __metadata:
   linkType: hard
 
 "hono@npm:^4.11.4":
-  version: 4.12.18
-  resolution: "hono@npm:4.12.18"
-  checksum: 10c0/b0b9688fd9e41a1847b077d579dc0e92a28b67c247c6ee7d1e751c0bae269824c30c7773feff1a2874e40ea36a3d2f9d1fc5ba618a28ecdf2ca1b33ed2473864
+  version: 4.12.23
+  resolution: "hono@npm:4.12.23"
+  checksum: 10c0/58945bb3aeb16d710b4a6c2809ba02b86b7269f6a3a67e126fc81cee5e9ae8ad2d9aa553db03c4f1a104ec03e423072e33932cb23eb3bbc48774acc72fc9c346
   languageName: node
   linkType: hard
 

From 1cc10f5fffca7155c48e03ce406bf9fcbd87b52d Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Thu, 4 Jun 2026 23:30:55 -0400
Subject: [PATCH 08/27] fix: Increase valid user-supplied URL length to 1024
 (#12585)

* fix: Increase valid user-supplied URL length to 1024

* fix: Wrap URL length migration in a transaction

Wrap the multi-column changeColumn operations in a transaction so a
failure on any column rolls back the whole migration rather than leaving
the database partially migrated.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
---
 .../components/WebhookSubscriptionForm.tsx    |   7 +-
 plugins/webhooks/server/api/schema.ts         |   4 +
 ...60604140753-increase-url-column-lengths.js | 106 ++++++++++++++++++
 shared/validations.ts                         |   8 +-
 4 files changed, 120 insertions(+), 5 deletions(-)
 create mode 100644 server/migrations/20260604140753-increase-url-column-lengths.js

diff --git a/plugins/webhooks/client/components/WebhookSubscriptionForm.tsx b/plugins/webhooks/client/components/WebhookSubscriptionForm.tsx
index 61d0fc24fd..74295b2b00 100644
--- a/plugins/webhooks/client/components/WebhookSubscriptionForm.tsx
+++ b/plugins/webhooks/client/components/WebhookSubscriptionForm.tsx
@@ -7,6 +7,7 @@ import { useTranslation, Trans } from "react-i18next";
 import styled from "styled-components";
 import { randomString } from "@shared/random";
 import { TeamPreference } from "@shared/types";
+import { WebhookSubscriptionValidation } from "@shared/validations";
 import type WebhookSubscription from "~/models/WebhookSubscription";
 import Button from "~/components/Button";
 import Input from "~/components/Input";
@@ -229,6 +230,7 @@ function WebhookSubscriptionForm({ handleSubmit, webhookSubscription }: Props) {
           required
           flex
           pattern={isCloudHosted ? "https://.*" : "https?://.*"}
+          maxLength={WebhookSubscriptionValidation.maxUrlLength}
           placeholder="https://…"
           label={t("URL")}
           error={
@@ -238,7 +240,10 @@ function WebhookSubscriptionForm({ handleSubmit, webhookSubscription }: Props) {
                 )
               : undefined
           }
-          {...register("url", { required: true })}
+          {...register("url", {
+            required: true,
+            maxLength: WebhookSubscriptionValidation.maxUrlLength,
+          })}
         />
         <Input
           flex
diff --git a/plugins/webhooks/server/api/schema.ts b/plugins/webhooks/server/api/schema.ts
index 9e3f995815..88c2fe3b2c 100644
--- a/plugins/webhooks/server/api/schema.ts
+++ b/plugins/webhooks/server/api/schema.ts
@@ -1,10 +1,14 @@
 import { z } from "zod";
+import { WebhookSubscriptionValidation } from "@shared/validations";
 import env from "@server/env";
 import { WebhookSubscription } from "@server/models";
 import { BaseSchema } from "@server/routes/api/schema";
 
 const webhookUrl = z
   .url()
+  .max(WebhookSubscriptionValidation.maxUrlLength, {
+    error: `Webhook url must be ${WebhookSubscriptionValidation.maxUrlLength} characters or less`,
+  })
   .refine((val) => !env.isCloudHosted || val.startsWith("https://"), {
     error: "Webhook url must use https",
   });
diff --git a/server/migrations/20260604140753-increase-url-column-lengths.js b/server/migrations/20260604140753-increase-url-column-lengths.js
new file mode 100644
index 0000000000..450c6bda22
--- /dev/null
+++ b/server/migrations/20260604140753-increase-url-column-lengths.js
@@ -0,0 +1,106 @@
+"use strict";
+
+/** @type {import('sequelize-cli').Migration} */
+module.exports = {
+  async up(queryInterface, Sequelize) {
+    await queryInterface.sequelize.transaction(async (transaction) => {
+      await queryInterface.changeColumn(
+        "webhook_subscriptions",
+        "url",
+        {
+          type: Sequelize.STRING(1024),
+          allowNull: false,
+        },
+        { transaction }
+      );
+      await queryInterface.changeColumn(
+        "oauth_clients",
+        "developerUrl",
+        {
+          type: Sequelize.STRING(1024),
+          allowNull: true,
+        },
+        { transaction }
+      );
+      await queryInterface.changeColumn(
+        "oauth_clients",
+        "avatarUrl",
+        {
+          type: Sequelize.STRING(1024),
+          allowNull: true,
+        },
+        { transaction }
+      );
+      await queryInterface.changeColumn(
+        "oauth_clients",
+        "redirectUris",
+        {
+          type: Sequelize.ARRAY(Sequelize.STRING(1024)),
+          allowNull: false,
+          defaultValue: [],
+        },
+        { transaction }
+      );
+      await queryInterface.changeColumn(
+        "oauth_authorization_codes",
+        "redirectUri",
+        {
+          type: Sequelize.STRING(1024),
+          allowNull: false,
+        },
+        { transaction }
+      );
+    });
+  },
+
+  async down(queryInterface, Sequelize) {
+    await queryInterface.sequelize.transaction(async (transaction) => {
+      await queryInterface.changeColumn(
+        "oauth_authorization_codes",
+        "redirectUri",
+        {
+          type: Sequelize.STRING(255),
+          allowNull: false,
+        },
+        { transaction }
+      );
+      await queryInterface.changeColumn(
+        "oauth_clients",
+        "redirectUris",
+        {
+          type: Sequelize.ARRAY(Sequelize.STRING(255)),
+          allowNull: false,
+          defaultValue: [],
+        },
+        { transaction }
+      );
+      await queryInterface.changeColumn(
+        "oauth_clients",
+        "avatarUrl",
+        {
+          type: Sequelize.STRING(255),
+          allowNull: true,
+        },
+        { transaction }
+      );
+      await queryInterface.changeColumn(
+        "oauth_clients",
+        "developerUrl",
+        {
+          type: Sequelize.STRING(255),
+          allowNull: true,
+        },
+        { transaction }
+      );
+      await queryInterface.changeColumn(
+        "webhook_subscriptions",
+        "url",
+        {
+          type: Sequelize.STRING(255),
+          allowNull: false,
+        },
+        { transaction }
+      );
+    });
+  },
+};
diff --git a/shared/validations.ts b/shared/validations.ts
index d97da1b1e7..612f6cc26f 100644
--- a/shared/validations.ts
+++ b/shared/validations.ts
@@ -89,13 +89,13 @@ export const OAuthClientValidation = {
   maxDeveloperNameLength: 100,
 
   /** The maximum length of the OAuth client developer URL */
-  maxDeveloperUrlLength: 255,
+  maxDeveloperUrlLength: 1024,
 
   /** The maximum length of the OAuth client avatar URL */
-  maxAvatarUrlLength: 255,
+  maxAvatarUrlLength: 1024,
 
   /** The maximum length of an OAuth client redirect URI */
-  maxRedirectUriLength: 255,
+  maxRedirectUriLength: 1024,
 
   /** The allowed OAuth client types */
   clientTypes: ["confidential", "public"] as const,
@@ -170,7 +170,7 @@ export const WebhookSubscriptionValidation = {
   /** The maximum length of the webhook name */
   maxNameLength: 255,
   /** The maximum length of the webhook url */
-  maxUrlLength: 255,
+  maxUrlLength: 1024,
 };
 
 export const EmojiValidation = {

From bfddf4bb4c3da05e560a1b5669162f8a2862af07 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Thu, 4 Jun 2026 23:31:16 -0400
Subject: [PATCH 09/27] fix: Unhandled server error in MCP route (#12586)

---
 server/routes/mcp/index.test.ts | 11 +++++++++++
 server/routes/mcp/index.ts      | 31 ++++++++++++++++++++++++++++++-
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/server/routes/mcp/index.test.ts b/server/routes/mcp/index.test.ts
index 4cdcd8231c..02c5e82481 100644
--- a/server/routes/mcp/index.test.ts
+++ b/server/routes/mcp/index.test.ts
@@ -92,6 +92,17 @@ describe("POST /mcp/", () => {
       expect(result?.serverInfo?.name).toEqual("outline");
     });
 
+    it("should return 202 for the notifications/initialized lifecycle message", async () => {
+      const { accessToken } = await buildOAuthUser();
+
+      const res = await server.post("/mcp/", {
+        headers: mcpHeaders(accessToken),
+        body: { jsonrpc: "2.0", method: "notifications/initialized" },
+      });
+
+      expect(res.status).toEqual(202);
+    });
+
     it("should set the MCP flag on the user after a successful request", async () => {
       const { user, accessToken } = await buildOAuthUser();
       expect(user.getFlag(UserFlag.MCP)).toEqual(0);
diff --git a/server/routes/mcp/index.ts b/server/routes/mcp/index.ts
index 36d81e56e3..c80aa1f58c 100644
--- a/server/routes/mcp/index.ts
+++ b/server/routes/mcp/index.ts
@@ -4,6 +4,7 @@ import Router from "koa-router";
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import type { AuthInfo } from "@modelcontextprotocol/sdk/server/auth/types.js";
+import { ErrorCode } from "@modelcontextprotocol/sdk/types.js";
 import { TeamPreference } from "@shared/types";
 import { NotFoundError } from "@server/errors";
 import Logger from "@server/logging/Logger";
@@ -113,7 +114,35 @@ router.post(
     };
 
     ctx.respond = false;
-    await transport.handleRequest(ctx.req, ctx.res, ctx.request.body);
+
+    // The SDK's handleRequest answers known protocol failures itself (4xx with a
+    // JSON-RPC body) via the transport. Anything that escapes here is unexpected.
+    try {
+      await transport.handleRequest(ctx.req, ctx.res, ctx.request.body);
+    } catch (error) {
+      Logger.error(
+        "MCP request handling failed",
+        error instanceof Error ? error : new Error(String(error)),
+        undefined,
+        ctx.req
+      );
+
+      if (!ctx.res.headersSent) {
+        ctx.res.writeHead(500, { "Content-Type": "application/json" });
+        ctx.res.end(
+          JSON.stringify({
+            jsonrpc: "2.0",
+            error: {
+              code: ErrorCode.InternalError,
+              message: "Internal server error",
+            },
+            id: null,
+          })
+        );
+      } else {
+        ctx.res.end();
+      }
+    }
   }
 );
 

From c808bed7122d392f92248d1db0b78720eba1e17f Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Fri, 5 Jun 2026 07:42:15 -0400
Subject: [PATCH 10/27] Add mobile drawer UI for FilterOptions component
 (#12576)

* Render filter options as drawer popover on mobile

Filter options on the search page (and other FilterOptions consumers)
previously rendered as a Radix dropdown on all viewports. On mobile this
now renders as a bottom-sheet Drawer, matching the popover style already
used by context menus.

https://claude.ai/code/session_01MSjTD67PWfGbwgNA5FFoSH

* Fix filter drawer search input overlapping first option on mobile

The Input wrapper uses flex: 0 (a 0% basis), which collapsed the search
input inside the drawer's flex column so its content painted over the
first list item. Use flex: none to retain the input's natural height.

---------

Co-authored-by: Claude <noreply@anthropic.com>
---
 app/components/FilterOptions.tsx | 161 +++++++++++++++++++++++--------
 1 file changed, 122 insertions(+), 39 deletions(-)

diff --git a/app/components/FilterOptions.tsx b/app/components/FilterOptions.tsx
index 049902be2e..30f1bd293c 100644
--- a/app/components/FilterOptions.tsx
+++ b/app/components/FilterOptions.tsx
@@ -1,16 +1,26 @@
 import { deburr } from "es-toolkit/compat";
+import { CheckmarkIcon } from "outline-icons";
 import * as React from "react";
 import { useTranslation } from "react-i18next";
 import styled from "styled-components";
 import { s } from "@shared/styles";
 import type { FetchPageParams } from "~/stores/base/Store";
 import Button, { Inner } from "~/components/Button";
+import Scrollable from "~/components/Scrollable";
 import Text from "~/components/Text";
+import useMobile from "~/hooks/useMobile";
 import Input, { NativeInput, Outline } from "./Input";
 import type { PaginatedItem } from "./PaginatedList";
 import PaginatedList from "./PaginatedList";
+import {
+  Drawer,
+  DrawerContent,
+  DrawerTitle,
+  DrawerTrigger,
+} from "./primitives/Drawer";
 import { MenuProvider } from "./primitives/Menu/MenuContext";
 import { Menu, MenuContent, MenuTrigger, MenuButton } from "./primitives/Menu";
+import * as MenuComponents from "./primitives/components/Menu";
 import { MenuIconWrapper } from "./primitives/components/Menu";
 
 interface TFilterOption extends PaginatedItem {
@@ -45,6 +55,7 @@ const FilterOptions = ({
   ...rest
 }: Props) => {
   const { t } = useTranslation();
+  const isMobile = useMobile();
   const searchInputRef = React.useRef<HTMLInputElement>(null);
   const listRef = React.useRef<HTMLDivElement | null>(null);
   const [open, setOpen] = React.useState(false);
@@ -58,23 +69,45 @@ const FilterOptions = ({
     : "";
 
   const renderItem = React.useCallback(
-    (option) => (
-      <MenuButton
-        key={option.key}
-        icon={
-          option.icon && showIcons ? (
-            <MenuIconWrapper aria-hidden>{option.icon}</MenuIconWrapper>
-          ) : undefined
-        }
-        label={option.label}
-        onClick={() => {
-          onSelect(option.key);
-          setOpen(false);
-        }}
-        selected={selectedKeys.includes(option.key)}
-      />
-    ),
-    [onSelect, showIcons, selectedKeys]
+    (option) => {
+      const handleClick = () => {
+        onSelect(option.key);
+        setOpen(false);
+      };
+
+      const icon =
+        option.icon && showIcons ? (
+          <MenuIconWrapper aria-hidden>{option.icon}</MenuIconWrapper>
+        ) : undefined;
+
+      // On mobile the options render inside a Drawer (bottom sheet) rather than
+      // a Radix dropdown menu, so use the raw menu components directly instead
+      // of the dropdown-bound MenuButton which expects a menu root context.
+      if (isMobile) {
+        return (
+          <MenuComponents.MenuButton key={option.key} onClick={handleClick}>
+            {icon}
+            <MenuComponents.MenuLabel>{option.label}</MenuComponents.MenuLabel>
+            <MenuComponents.SelectedIconWrapper aria-hidden>
+              {selectedKeys.includes(option.key) ? (
+                <CheckmarkIcon size={18} />
+              ) : null}
+            </MenuComponents.SelectedIconWrapper>
+          </MenuComponents.MenuButton>
+        );
+      }
+
+      return (
+        <MenuButton
+          key={option.key}
+          icon={icon}
+          label={option.label}
+          onClick={handleClick}
+          selected={selectedKeys.includes(option.key)}
+        />
+      );
+    },
+    [onSelect, showIcons, selectedKeys, isMobile]
   );
 
   const handleFilter = React.useCallback(
@@ -169,39 +202,73 @@ const FilterOptions = ({
 
   React.useEffect(() => {
     if (open) {
-      searchInputRef.current?.focus();
+      // Avoid auto-focusing on mobile as it immediately pops the on-screen
+      // keyboard over the drawer.
+      if (!isMobile) {
+        searchInputRef.current?.focus();
+      }
     } else {
       setQuery("");
     }
-  }, [open]);
+  }, [open, isMobile]);
 
   const showFilterInput = showFilter || options.length > 10;
   const defaultLabel = rest.defaultLabel || t("Filter options");
 
+  const trigger = (
+    <StyledButton
+      className={className}
+      icon={selectedItems[0]?.key && selectedItems[0]?.icon}
+      disclosure={disclosure}
+      neutral
+    >
+      {selectedItems.length ? selectedLabel : defaultLabel}
+    </StyledButton>
+  );
+
+  const list = (
+    <PaginatedList<TFilterOption>
+      listRef={listRef}
+      options={{ query, ...fetchQueryOptions }}
+      items={filteredOptions}
+      fetch={fetchQuery}
+      renderItem={renderItem}
+      onEscape={handleEscapeFromList}
+      heading={showFilterInput && !isMobile ? <Spacer /> : undefined}
+      empty={<Empty />}
+    />
+  );
+
+  // On mobile render the options inside a Drawer (bottom sheet) to match the
+  // popover style used by context menus across the app.
+  if (isMobile) {
+    return (
+      <Drawer open={open} onOpenChange={setOpen}>
+        <DrawerTrigger asChild>{trigger}</DrawerTrigger>
+        <DrawerContent aria-label={defaultLabel} aria-describedby={undefined}>
+          <DrawerTitle>{defaultLabel}</DrawerTitle>
+          {showFilterInput && (
+            <MobileSearchInput
+              ref={searchInputRef}
+              value={query}
+              onChange={handleFilter}
+              onKeyDown={handleKeyDown}
+              placeholder={`${t("Filter")}…`}
+              margin={0}
+            />
+          )}
+          <StyledScrollable hiddenScrollbars>{list}</StyledScrollable>
+        </DrawerContent>
+      </Drawer>
+    );
+  }
+
   return (
     <MenuProvider variant="dropdown">
       <Menu open={open} onOpenChange={setOpen}>
-        <MenuTrigger>
-          <StyledButton
-            className={className}
-            icon={selectedItems[0]?.key && selectedItems[0]?.icon}
-            disclosure={disclosure}
-            neutral
-          >
-            {selectedItems.length ? selectedLabel : defaultLabel}
-          </StyledButton>
-        </MenuTrigger>
+        <MenuTrigger>{trigger}</MenuTrigger>
         <MenuContent aria-label={defaultLabel} align="start">
-          <PaginatedList<TFilterOption>
-            listRef={listRef}
-            options={{ query, ...fetchQueryOptions }}
-            items={filteredOptions}
-            fetch={fetchQuery}
-            renderItem={renderItem}
-            onEscape={handleEscapeFromList}
-            heading={showFilterInput ? <Spacer /> : undefined}
-            empty={<Empty />}
-          />
+          {list}
           {showFilterInput && (
             <SearchInput
               ref={searchInputRef}
@@ -260,6 +327,22 @@ const SearchInput = styled(Input)`
   }
 `;
 
+const MobileSearchInput = styled(Input)`
+  /* "none" keeps an auto basis so the input retains its natural height; a
+     flexible/0% basis would collapse it and overlap the list below. */
+  flex: none;
+  margin: 0 6px 6px;
+
+  ${NativeInput} {
+    /* 16px avoids iOS zooming the viewport when the input is focused. */
+    font-size: 16px;
+  }
+`;
+
+const StyledScrollable = styled(Scrollable)`
+  max-height: 75vh;
+`;
+
 export const StyledButton = styled(Button)`
   box-shadow: none;
   text-transform: none;

From 985038525c4b22732fe48944bb9225a10b652d51 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Fri, 5 Jun 2026 07:42:26 -0400
Subject: [PATCH 11/27] fix: Sticky table header styling in Safari (#12590)

* fix: Sticky table header styling in Safari

* feedback
---
 shared/editor/components/Styles.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/shared/editor/components/Styles.ts b/shared/editor/components/Styles.ts
index 672f4907f5..b16353f0b9 100644
--- a/shared/editor/components/Styles.ts
+++ b/shared/editor/components/Styles.ts
@@ -2437,6 +2437,11 @@ table {
   > .${EditorStyleHelper.tableScrollable} > table > tbody > tr:first-child {
     position: relative;
     z-index: 2;
+
+    > th {
+      // Safari requires the header cell to have raised z-index too
+      z-index: 2;
+    }
   }
 
   > .${EditorStyleHelper.tableScrollable} > table > tbody > tr:first-child > th {

From 88de417a21c260e32ecc9c89d756661c54064603 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Fri, 5 Jun 2026 08:27:10 -0400
Subject: [PATCH 12/27] Refactor drag-and-drop to support dragging from
 document lists (#12587)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Allow dragging documents from list views into the sidebar

Previously the react-dnd provider was scoped to the sidebar, so only
sidebar rows could be dragged. This lifts the DndProvider up to the
authenticated layout so both the main content and the sidebar share a
single drag-and-drop context, and makes DocumentListItem a drag source.

Now any document in search results or paginated lists (Home, Drafts,
Collections, etc.) can be dragged into the sidebar to move it between
collections, reparent it under another document, star it, or archive it
— reusing the existing sidebar drop targets.

* Make the whole Starred section a drop target to star documents

Previously the only "create star" drop targets in the Starred section
were the thin cursors between items, so dragging a document onto the
section header or a starred row showed the drop cursor but did nothing.

Wrap the section in a catch-all drop target (mirroring the Archive
section) so dropping anywhere in Starred stars the document, while the
precise inter-item cursors still control ordering. A didDrop guard on
useDropToCreateStar prevents the catch-all from double-starring when a
nested cursor already handled the drop, and the hover highlight uses a
shallow isOver check so it only lights up when not over a nested target.

* Let document list drag ghost follow the cursor

The sidebar drag placeholder tethers the ghost near its starting x so it
stays aligned with the sidebar during reordering. When a drag starts out
in the main content (a document list item), that clamp pinned the ghost
to a narrow band, making it look stuck in a small area.

Thread a constrainToSidebar flag through the drag item (true for sidebar
drags, false for document list drags) and let the placeholder follow the
cursor freely when the drag originated outside the sidebar.

* Clarify constrainToSidebar JSDoc to match placeholder behavior

The placeholder treats an unset flag as tethered (constrainToSidebar
!== false), so external drags must set it explicitly to false rather
than leaving it unset. Update the comment to reflect that.

* css
---
 app/components/AuthenticatedLayout.tsx        |  20 ++-
 app/components/DocumentListItem.tsx           |  25 ++-
 app/components/Sidebar/App.tsx                | 155 ++++++++----------
 .../Sidebar/components/DragPlaceholder.tsx    |  24 ++-
 app/components/Sidebar/components/Starred.tsx |  97 ++++++-----
 .../Sidebar/hooks/useDragAndDrop.tsx          |  21 ++-
 6 files changed, 202 insertions(+), 140 deletions(-)

diff --git a/app/components/AuthenticatedLayout.tsx b/app/components/AuthenticatedLayout.tsx
index 4aa0c01ba4..d04c171c7d 100644
--- a/app/components/AuthenticatedLayout.tsx
+++ b/app/components/AuthenticatedLayout.tsx
@@ -1,5 +1,7 @@
 import { observer } from "mobx-react";
 import * as React from "react";
+import { DndProvider } from "react-dnd";
+import { HTML5Backend } from "react-dnd-html5-backend";
 import { useLocation } from "react-router-dom";
 import ErrorSuspended from "~/scenes/Errors/ErrorSuspended";
 import Layout from "~/components/Layout";
@@ -104,14 +106,16 @@ const AuthenticatedLayout: React.FC = ({ children }: Props) => {
     <DocumentContextProvider>
       <RightSidebarProvider>
         <PortalContext.Provider value={layoutRef.current}>
-          <Layout title={team.name} sidebar={sidebar} ref={layoutRef}>
-            <RegisterKeyDown trigger="n" handler={goToNewDocument} />
-            <RegisterKeyDown trigger="t" handler={goToSearch} />
-            <RegisterKeyDown trigger="/" handler={goToSearch} />
-            {children}
-            <CommandBar />
-            <NotificationBadge />
-          </Layout>
+          <DndProvider backend={HTML5Backend}>
+            <Layout title={team.name} sidebar={sidebar} ref={layoutRef}>
+              <RegisterKeyDown trigger="n" handler={goToNewDocument} />
+              <RegisterKeyDown trigger="t" handler={goToSearch} />
+              <RegisterKeyDown trigger="/" handler={goToSearch} />
+              {children}
+              <CommandBar />
+              <NotificationBadge />
+            </Layout>
+          </DndProvider>
         </PortalContext.Provider>
       </RightSidebarProvider>
     </DocumentContextProvider>
diff --git a/app/components/DocumentListItem.tsx b/app/components/DocumentListItem.tsx
index 8df3789913..2453e68750 100644
--- a/app/components/DocumentListItem.tsx
+++ b/app/components/DocumentListItem.tsx
@@ -5,6 +5,7 @@ import {
 import { observer } from "mobx-react";
 import * as React from "react";
 import { useTranslation } from "react-i18next";
+import { mergeRefs } from "react-merge-refs";
 import { Link } from "react-router-dom";
 import { DocumentIcon } from "outline-icons";
 import styled, { css, useTheme } from "styled-components";
@@ -27,6 +28,7 @@ import { useLocationSidebarContext } from "~/hooks/useLocationSidebarContext";
 import DocumentMenu from "~/menus/DocumentMenu";
 import { documentPath } from "~/utils/routeHelpers";
 import { determineSidebarContext } from "./Sidebar/components/SidebarContext";
+import { useDragDocument } from "./Sidebar/hooks/useDragAndDrop";
 import { ActionContextProvider } from "~/hooks/useActionContext";
 import { useDocumentMenuAction } from "~/hooks/useDocumentMenuAction";
 import { ContextMenu } from "./Menu/ContextMenu";
@@ -98,6 +100,23 @@ function DocumentListItem(
 
   const contextMenuAction = useDocumentMenuAction({ documentId: document.id });
 
+  const [{ isDragging }, draggableRef] = useDragDocument(
+    document.asNavigationNode,
+    0,
+    document,
+    false,
+    false
+  );
+
+  const mergedRef = React.useMemo(
+    () =>
+      mergeRefs<HTMLAnchorElement>([
+        itemRef,
+        draggableRef,
+      ] as React.Ref<HTMLAnchorElement>[]),
+    [itemRef, draggableRef]
+  );
+
   return (
     <ActionContextProvider
       value={{
@@ -114,9 +133,10 @@ function DocumentListItem(
         onClose={handleMenuClose}
       >
         <DocumentLink
-          ref={itemRef}
+          ref={mergedRef}
           dir={document.dir}
           $isStarred={document.isStarred}
+          $isDragging={isDragging}
           $menuOpen={menuOpen}
           to={{
             pathname: documentPath(document),
@@ -227,6 +247,7 @@ const Actions = styled(EventBoundary)`
 
 const DocumentLink = styled(Link)<{
   $isStarred?: boolean;
+  $isDragging?: boolean;
   $menuOpen?: boolean;
 }>`
   display: flex;
@@ -237,6 +258,8 @@ const DocumentLink = styled(Link)<{
   max-height: 50vh;
   width: calc(100vw - 8px);
   cursor: var(--pointer);
+  transition: opacity 250ms ease;
+  opacity: ${(props) => (props.$isDragging ? 0.1 : 1)};
 
   &:focus-visible {
     outline: none;
diff --git a/app/components/Sidebar/App.tsx b/app/components/Sidebar/App.tsx
index eda645e509..703fcc2198 100644
--- a/app/components/Sidebar/App.tsx
+++ b/app/components/Sidebar/App.tsx
@@ -1,8 +1,6 @@
 import { observer } from "mobx-react";
 import { SearchIcon, HomeIcon, SidebarIcon } from "outline-icons";
-import { useEffect, useState, useCallback, useMemo, useRef } from "react";
-import { DndProvider } from "react-dnd";
-import { HTML5Backend } from "react-dnd-html5-backend";
+import { useEffect, useState, useCallback, useRef } from "react";
 import {
   DragActiveProvider,
   SidebarScrollProvider,
@@ -62,15 +60,6 @@ function AppSidebar() {
     }
   }, [documents, collections, user.isViewer]);
 
-  const [dndArea, setDndArea] = useState();
-  const handleSidebarRef = useCallback((node) => setDndArea(node), []);
-  const html5Options = useMemo(
-    () => ({
-      rootElement: dndArea,
-    }),
-    [dndArea]
-  );
-
   // Scrollable reads ref.current internally for its shadow/ResizeObserver
   // logic, so we must pass an object ref — a callback ref would leave those
   // reads undefined. We mirror the attached node into state so the
@@ -82,83 +71,79 @@ function AppSidebar() {
   }, []);
 
   return (
-    <Sidebar hidden={!ui.readyToShow} ref={handleSidebarRef}>
-      {dndArea && (
-        <DndProvider backend={HTML5Backend} options={html5Options}>
-          <DragActiveProvider>
-            <DragPlaceholder />
+    <Sidebar hidden={!ui.readyToShow}>
+      <DragActiveProvider>
+        <DragPlaceholder />
 
-            <TeamMenu>
-              <SidebarButton
-                title={team.name}
-                image={<TeamLogo model={team} size={24} alt={t("Logo")} />}
+        <TeamMenu>
+          <SidebarButton
+            title={team.name}
+            image={<TeamLogo model={team} size={24} alt={t("Logo")} />}
+          >
+            {isMobile ? null : (
+              <Tooltip
+                content={t("Toggle sidebar")}
+                shortcut={`${metaDisplay}+.`}
               >
-                {isMobile ? null : (
-                  <Tooltip
-                    content={t("Toggle sidebar")}
-                    shortcut={`${metaDisplay}+.`}
-                  >
-                    <ToggleButton
-                      position="bottom"
-                      image={<SidebarIcon />}
-                      aria-label={
-                        ui.sidebarCollapsed
-                          ? t("Expand sidebar")
-                          : t("Collapse sidebar")
-                      }
-                      style={{ paddingInline: 4 }}
-                      onClick={() => {
-                        ui.toggleCollapsedSidebar();
-                        (document.activeElement as HTMLElement)?.blur();
-                      }}
-                    />
-                  </Tooltip>
-                )}
-              </SidebarButton>
-            </TeamMenu>
-            <Overflow>
-              <Section>
-                <SidebarLink
-                  to={homePath()}
-                  icon={<HomeIcon />}
-                  exact={false}
-                  label={t("Home")}
+                <ToggleButton
+                  position="bottom"
+                  image={<SidebarIcon />}
+                  aria-label={
+                    ui.sidebarCollapsed
+                      ? t("Expand sidebar")
+                      : t("Collapse sidebar")
+                  }
+                  style={{ paddingInline: 4 }}
+                  onClick={() => {
+                    ui.toggleCollapsedSidebar();
+                    (document.activeElement as HTMLElement)?.blur();
+                  }}
                 />
-                <SidebarLink
-                  to={searchPath()}
-                  icon={<SearchIcon />}
-                  label={t("Search")}
-                  exact={false}
-                  onClick={handleSearchClick}
-                />
-                {can.createDocument && <DraftsLink />}
+              </Tooltip>
+            )}
+          </SidebarButton>
+        </TeamMenu>
+        <Overflow>
+          <Section>
+            <SidebarLink
+              to={homePath()}
+              icon={<HomeIcon />}
+              exact={false}
+              label={t("Home")}
+            />
+            <SidebarLink
+              to={searchPath()}
+              icon={<SearchIcon />}
+              label={t("Search")}
+              exact={false}
+              onClick={handleSearchClick}
+            />
+            {can.createDocument && <DraftsLink />}
+          </Section>
+        </Overflow>
+        <Scrollable flex shadow ref={scrollRef}>
+          <SidebarScrollProvider value={scrollArea}>
+            <Section>
+              <Starred />
+            </Section>
+            <Section>
+              <SharedWithMe />
+            </Section>
+            <Section>
+              <Collections />
+            </Section>
+            {can.createDocument && (
+              <Section auto>
+                <ArchiveLink />
               </Section>
-            </Overflow>
-            <Scrollable flex shadow ref={scrollRef}>
-              <SidebarScrollProvider value={scrollArea}>
-                <Section>
-                  <Starred />
-                </Section>
-                <Section>
-                  <SharedWithMe />
-                </Section>
-                <Section>
-                  <Collections />
-                </Section>
-                {can.createDocument && (
-                  <Section auto>
-                    <ArchiveLink />
-                  </Section>
-                )}
-                <Section>
-                  {can.createDocument && <TrashLink />}
-                  <SidebarAction action={inviteUser} />
-                </Section>
-              </SidebarScrollProvider>
-            </Scrollable>
-          </DragActiveProvider>
-        </DndProvider>
-      )}
+            )}
+            <Section>
+              {can.createDocument && <TrashLink />}
+              <SidebarAction action={inviteUser} />
+            </Section>
+          </SidebarScrollProvider>
+        </Scrollable>
+      </DragActiveProvider>
       <HistoryNavigation />
     </Sidebar>
   );
diff --git a/app/components/Sidebar/components/DragPlaceholder.tsx b/app/components/Sidebar/components/DragPlaceholder.tsx
index f81cbdb3f0..b6c98972b0 100644
--- a/app/components/Sidebar/components/DragPlaceholder.tsx
+++ b/app/components/Sidebar/components/DragPlaceholder.tsx
@@ -19,7 +19,8 @@ const layerStyles: React.CSSProperties = {
 function getItemStyles(
   initialOffset: XYCoord | null,
   currentOffset: XYCoord | null,
-  sidebarWidth: number
+  sidebarWidth: number,
+  constrainToSidebar: boolean
 ) {
   if (!initialOffset || !currentOffset) {
     return {
@@ -27,10 +28,14 @@ function getItemStyles(
     };
   }
   const { y } = currentOffset;
-  const x = Math.max(
-    initialOffset.x,
-    Math.min(initialOffset.x + sidebarWidth / 4, currentOffset.x)
-  );
+  // Sidebar drags keep the ghost tethered near its origin, but drags from
+  // outside the sidebar should follow the cursor freely.
+  const x = constrainToSidebar
+    ? Math.max(
+        initialOffset.x,
+        Math.min(initialOffset.x + sidebarWidth / 4, currentOffset.x)
+      )
+    : currentOffset.x;
 
   const transform = `translate(${x}px, ${y}px)`;
   return {
@@ -60,7 +65,14 @@ const DragPlaceholder = () => {
 
   return (
     <div style={layerStyles}>
-      <div style={getItemStyles(initialOffset, currentOffset, ui.sidebarWidth)}>
+      <div
+        style={getItemStyles(
+          initialOffset,
+          currentOffset,
+          ui.sidebarWidth,
+          item.constrainToSidebar !== false
+        )}
+      >
         <GhostLink
           icon={item.icon}
           label={item.title || t("Untitled")}
diff --git a/app/components/Sidebar/components/Starred.tsx b/app/components/Sidebar/components/Starred.tsx
index eb5f87a7df..13015168fd 100644
--- a/app/components/Sidebar/components/Starred.tsx
+++ b/app/components/Sidebar/components/Starred.tsx
@@ -2,6 +2,8 @@ import { observer } from "mobx-react";
 import { useEffect } from "react";
 import { useTranslation } from "react-i18next";
 import { toast } from "sonner";
+import styled, { css } from "styled-components";
+import { s } from "@shared/styles";
 import type Star from "~/models/Star";
 import DelayedMount from "~/components/DelayedMount";
 import Flex from "~/components/Flex";
@@ -29,6 +31,7 @@ function Starred() {
   );
   const [reorderStarProps, dropToReorder] = useDropToReorderStar();
   const [createStarProps, dropToStarRef] = useDropToCreateStar();
+  const [sectionStarProps, dropToSectionRef] = useDropToCreateStar();
 
   useEffect(() => {
     if (error) {
@@ -42,46 +45,64 @@ function Starred() {
 
   return (
     <Flex column>
-      <Header id="starred" title={t("Starred")}>
-        <Relative>
-          {reorderStarProps.isDragging && (
-            <DropCursor
-              isActiveDrop={reorderStarProps.isOverCursor}
-              innerRef={dropToReorder}
-              position="top"
-            />
-          )}
-          {createStarProps.isDragging && (
-            <DropCursor
-              isActiveDrop={createStarProps.isOverCursor}
-              innerRef={dropToStarRef}
-              position="top"
-            />
-          )}
-          {stars.orderedData
-            .slice(0, page * STARRED_PAGINATION_LIMIT)
-            .map((star) => (
-              <StarredLink key={star.id} star={star} />
-            ))}
-          {!loading && !end && (
-            <SidebarLink
-              onClick={next}
-              label={`${t("Show more")}…`}
-              disabled={stars.isFetching}
-              depth={0}
-            />
-          )}
-          {loading && (
-            <Flex column>
-              <DelayedMount>
-                <PlaceholderCollections />
-              </DelayedMount>
-            </Flex>
-          )}
-        </Relative>
-      </Header>
+      <Section
+        ref={dropToSectionRef}
+        $isActiveDrop={
+          sectionStarProps.isDragging && sectionStarProps.isOverCursor
+        }
+      >
+        <Header id="starred" title={t("Starred")}>
+          <Relative>
+            {reorderStarProps.isDragging && (
+              <DropCursor
+                isActiveDrop={reorderStarProps.isOverCursor}
+                innerRef={dropToReorder}
+                position="top"
+              />
+            )}
+            {createStarProps.isDragging && (
+              <DropCursor
+                isActiveDrop={createStarProps.isOverCursor}
+                innerRef={dropToStarRef}
+                position="top"
+              />
+            )}
+            {stars.orderedData
+              .slice(0, page * STARRED_PAGINATION_LIMIT)
+              .map((star) => (
+                <StarredLink key={star.id} star={star} />
+              ))}
+            {!loading && !end && (
+              <SidebarLink
+                onClick={next}
+                label={`${t("Show more")}…`}
+                disabled={stars.isFetching}
+                depth={0}
+              />
+            )}
+            {loading && (
+              <Flex column>
+                <DelayedMount>
+                  <PlaceholderCollections />
+                </DelayedMount>
+              </Flex>
+            )}
+          </Relative>
+        </Header>
+      </Section>
     </Flex>
   );
 }
 
+const Section = styled.div<{ $isActiveDrop?: boolean }>`
+  border-radius: 8px;
+  transition: background 100ms ease-in-out;
+
+  ${(props) =>
+    props.$isActiveDrop &&
+    css`
+      background: ${s("sidebarActiveBackground")};
+    `}
+`;
+
 export default observer(Starred);
diff --git a/app/components/Sidebar/hooks/useDragAndDrop.tsx b/app/components/Sidebar/hooks/useDragAndDrop.tsx
index 558132a05a..88e2896c16 100644
--- a/app/components/Sidebar/hooks/useDragAndDrop.tsx
+++ b/app/components/Sidebar/hooks/useDragAndDrop.tsx
@@ -22,6 +22,12 @@ import { useSidebarLabelAndIcon } from "./useSidebarLabelAndIcon";
 export type DragObject = NavigationNode & {
   depth: number;
   collectionId: string;
+  /**
+   * Whether the drag ghost should stay tethered to the sidebar. Defaults to
+   * tethered when unset — the placeholder only lets the ghost follow the
+   * cursor when this is explicitly `false` (e.g. drags from a document list).
+   */
+  constrainToSidebar?: boolean;
 };
 
 function useHover(
@@ -105,6 +111,12 @@ export function useDropToCreateStar(getIndex?: () => string) {
   >({
     accept,
     drop: async (item, monitor) => {
+      // A more specific drop target (e.g. a reorder cursor) has already
+      // handled this drop, so avoid creating a duplicate star.
+      if (monitor.didDrop()) {
+        return;
+      }
+
       const type = monitor.getItemType();
       let model;
 
@@ -122,7 +134,7 @@ export function useDropToCreateStar(getIndex?: () => string) {
       );
     },
     collect: (monitor) => ({
-      isOverCursor: !!monitor.isOver(),
+      isOverCursor: !!monitor.isOver({ shallow: true }),
       isDragging: accept.includes(String(monitor.getItemType())),
     }),
   });
@@ -163,12 +175,16 @@ export function useDropToReorderStar(getIndex?: () => string) {
  * @param depth The depth of the node in the sidebar.
  * @param document The related Document model.
  * @param isEditing Whether the sidebar item is currently being edited.
+ * @param constrainToSidebar Whether the drag ghost should stay tethered to the
+ * sidebar. Defaults to true; pass false when dragging from outside the sidebar
+ * (e.g. a document list) so the ghost follows the cursor.
  */
 export function useDragDocument(
   node: NavigationNode,
   depth: number,
   document?: Document,
-  isEditing?: boolean
+  isEditing?: boolean,
+  constrainToSidebar = true
 ) {
   const icon = document?.icon || node.icon || node.emoji;
   const color = document?.color || node.color;
@@ -188,6 +204,7 @@ export function useDragDocument(
           <Icon initial={initial} value={icon} color={color} />
         ) : undefined,
         collectionId: document?.collectionId || "",
+        constrainToSidebar,
       }) as DragObject,
     canDrag: () => !!document?.isActive && !isEditing,
     collect: (monitor) => ({

From e864684d569c81ca2b03c816d22e0c80e2ff6466 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Fri, 5 Jun 2026 09:19:05 -0400
Subject: [PATCH 13/27] fix: Private IP lookup should be invalid request rather
 than internal error (#12592)

---
 server/utils/fetch.ts | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/server/utils/fetch.ts b/server/utils/fetch.ts
index c6fc3f95d2..6c59e6a555 100644
--- a/server/utils/fetch.ts
+++ b/server/utils/fetch.ts
@@ -11,7 +11,7 @@ import nodeFetch, {
 import { getProxyForUrl } from "proxy-from-env";
 import tunnelAgent, { type TunnelAgent } from "tunnel-agent";
 import env from "@server/env";
-import { InternalError } from "@server/errors";
+import { InvalidRequestError } from "@server/errors";
 import Logger from "@server/logging/Logger";
 import { capitalize } from "es-toolkit/compat";
 import {
@@ -184,9 +184,11 @@ export default async function fetch(
     if (err.name === "AbortError") {
       throw new Error(`Request timeout after ${timeout}ms`);
     }
-    if (!env.isCloudHosted && err.message?.startsWith("DNS lookup")) {
-      throw InternalError(
-        `${err.message}\n\nTo allow this request, add the IP address or CIDR range to the ALLOWED_PRIVATE_IP_ADDRESSES environment variable.`
+    if (err.message?.startsWith("DNS lookup")) {
+      throw InvalidRequestError(
+        env.isCloudHosted
+          ? err.message
+          : `${err.message}\n\nTo allow this request, add the IP address or CIDR range to the ALLOWED_PRIVATE_IP_ADDRESSES environment variable.`
       );
     }
     throw err;

From 0c0facc2a187f2e9caea95cf18115d8fc5ad6761 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Fri, 5 Jun 2026 17:53:40 -0400
Subject: [PATCH 14/27] perf: Avoid empty webhook processor work via cached
 subscription lookup (#12593)

* Avoid empty webhook processor work via cached subscription lookup

WebhookProcessor ran for every event but most teams have no matching
webhook subscription, costing an empty processor job and a database query
per event.

Cache a team's enabled subscriptions ({ id, events }) in Redis, invalidated
by model lifecycle hooks, and add an optional BaseProcessor.shouldQueue hook
consulted by the global event queue so the webhook processor only enqueues a
job when a matching subscription exists.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feedback

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
---
 .../processors/WebhookProcessor.test.ts       |  47 ++++++++
 .../server/processors/WebhookProcessor.ts     |  35 ++++--
 server/models/WebhookSubscription.test.ts     |  94 ++++++++++++++++
 server/models/WebhookSubscription.ts          | 104 +++++++++++++++---
 server/queues/processors/BaseProcessor.ts     |  23 ++++
 server/services/worker.ts                     |   9 +-
 server/utils/RedisPrefixHelper.ts             |  10 ++
 7 files changed, 299 insertions(+), 23 deletions(-)
 create mode 100644 server/models/WebhookSubscription.test.ts

diff --git a/plugins/webhooks/server/processors/WebhookProcessor.test.ts b/plugins/webhooks/server/processors/WebhookProcessor.test.ts
index e7c34edf97..dae000d664 100644
--- a/plugins/webhooks/server/processors/WebhookProcessor.test.ts
+++ b/plugins/webhooks/server/processors/WebhookProcessor.test.ts
@@ -86,4 +86,51 @@ describe("WebhookProcessor", () => {
       subscriptionId: subscriptionTwo.id,
     });
   });
+
+  describe("shouldQueue", () => {
+    it("returns true when a matching subscription exists", async () => {
+      const subscription = await buildWebhookSubscription({
+        url: "http://example.com",
+        events: ["users"],
+      });
+      const event: UserEvent = {
+        name: "users.signin",
+        userId: subscription.createdById,
+        teamId: subscription.teamId,
+        actorId: subscription.createdById,
+        ip,
+      };
+
+      expect(await WebhookProcessor.shouldQueue(event)).toBe(true);
+    });
+
+    it("returns false when no subscription matches the event", async () => {
+      const subscription = await buildWebhookSubscription({
+        url: "http://example.com",
+        events: ["documents.create"],
+      });
+      const event: UserEvent = {
+        name: "users.signin",
+        userId: subscription.createdById,
+        teamId: subscription.teamId,
+        actorId: subscription.createdById,
+        ip,
+      };
+
+      expect(await WebhookProcessor.shouldQueue(event)).toBe(false);
+    });
+
+    it("returns false when the team has no subscriptions", async () => {
+      const user = await buildUser();
+      const event: UserEvent = {
+        name: "users.signin",
+        userId: user.id,
+        teamId: user.teamId,
+        actorId: user.id,
+        ip,
+      };
+
+      expect(await WebhookProcessor.shouldQueue(event)).toBe(false);
+    });
+  });
 });
diff --git a/plugins/webhooks/server/processors/WebhookProcessor.ts b/plugins/webhooks/server/processors/WebhookProcessor.ts
index a9c410cf02..1a4b14097f 100644
--- a/plugins/webhooks/server/processors/WebhookProcessor.ts
+++ b/plugins/webhooks/server/processors/WebhookProcessor.ts
@@ -6,20 +6,39 @@ import DeliverWebhookTask from "../tasks/DeliverWebhookTask";
 export default class WebhookProcessor extends BaseProcessor {
   static applicableEvents: ["*"] = ["*"];
 
+  /**
+   * Only queue an event when the team has an enabled webhook subscription that
+   * matches it. The vast majority of events belong to teams with no applicable
+   * subscriptions, so this avoids creating and running an empty job for them.
+   *
+   * @param event The event about to be queued.
+   * @returns true if a matching subscription exists.
+   */
+  static async shouldQueue(event: Event): Promise<boolean> {
+    if (!event.teamId) {
+      return false;
+    }
+
+    const subscriptions = await WebhookSubscription.findEnabledByTeamId(
+      event.teamId
+    );
+
+    return subscriptions.some((subscription) =>
+      WebhookSubscription.matchEvent(subscription.events, event.name)
+    );
+  }
+
   async perform(event: Event) {
     if (!event.teamId) {
       return;
     }
 
-    const webhookSubscriptions = await WebhookSubscription.findAll({
-      where: {
-        enabled: true,
-        teamId: event.teamId,
-      },
-    });
+    const subscriptions = await WebhookSubscription.findEnabledByTeamId(
+      event.teamId
+    );
 
-    const applicableSubscriptions = webhookSubscriptions.filter((webhook) =>
-      webhook.validForEvent(event)
+    const applicableSubscriptions = subscriptions.filter((subscription) =>
+      WebhookSubscription.matchEvent(subscription.events, event.name)
     );
 
     await Promise.all(
diff --git a/server/models/WebhookSubscription.test.ts b/server/models/WebhookSubscription.test.ts
new file mode 100644
index 0000000000..a6665f27a3
--- /dev/null
+++ b/server/models/WebhookSubscription.test.ts
@@ -0,0 +1,94 @@
+import { buildTeam, buildWebhookSubscription } from "@server/test/factories";
+import WebhookSubscription from "./WebhookSubscription";
+
+describe("WebhookSubscription", () => {
+  describe("matchEvent", () => {
+    it("matches everything for a wildcard subscription", () => {
+      expect(WebhookSubscription.matchEvent(["*"], "users.signin")).toBe(true);
+    });
+
+    it("matches an exact event name", () => {
+      expect(
+        WebhookSubscription.matchEvent(["users.signin"], "users.signin")
+      ).toBe(true);
+    });
+
+    it("matches a namespace prefix", () => {
+      expect(WebhookSubscription.matchEvent(["users"], "users.signin")).toBe(
+        true
+      );
+    });
+
+    it("does not match unrelated events", () => {
+      expect(
+        WebhookSubscription.matchEvent(["documents"], "users.signin")
+      ).toBe(false);
+    });
+  });
+
+  describe("findEnabledByTeamId", () => {
+    it("returns only enabled subscriptions for the team", async () => {
+      const subscription = await buildWebhookSubscription({
+        events: ["users"],
+      });
+      const disabled = await buildWebhookSubscription({
+        teamId: subscription.teamId,
+        events: ["documents"],
+      });
+      await disabled.disable();
+
+      const result = await WebhookSubscription.findEnabledByTeamId(
+        subscription.teamId
+      );
+
+      expect(result).toHaveLength(1);
+      expect(result[0].id).toEqual(subscription.id);
+      expect(result[0].events).toEqual(["users"]);
+    });
+
+    it("returns an empty array when the team has no subscriptions", async () => {
+      const team = await buildTeam();
+
+      const result = await WebhookSubscription.findEnabledByTeamId(team.id);
+
+      expect(result).toEqual([]);
+    });
+
+    it("reflects changes after a subscription is disabled", async () => {
+      const subscription = await buildWebhookSubscription({
+        events: ["users"],
+      });
+
+      // prime the cache
+      const before = await WebhookSubscription.findEnabledByTeamId(
+        subscription.teamId
+      );
+      expect(before).toHaveLength(1);
+
+      await subscription.disable();
+
+      const after = await WebhookSubscription.findEnabledByTeamId(
+        subscription.teamId
+      );
+      expect(after).toHaveLength(0);
+    });
+
+    it("reflects changes after a subscription is destroyed", async () => {
+      const subscription = await buildWebhookSubscription({
+        events: ["users"],
+      });
+
+      const before = await WebhookSubscription.findEnabledByTeamId(
+        subscription.teamId
+      );
+      expect(before).toHaveLength(1);
+
+      await subscription.destroy();
+
+      const after = await WebhookSubscription.findEnabledByTeamId(
+        subscription.teamId
+      );
+      expect(after).toHaveLength(0);
+    });
+  });
+});
diff --git a/server/models/WebhookSubscription.ts b/server/models/WebhookSubscription.ts
index 4c000adf22..9ec423e3ab 100644
--- a/server/models/WebhookSubscription.ts
+++ b/server/models/WebhookSubscription.ts
@@ -4,6 +4,7 @@ import type {
   InferAttributes,
   InferCreationAttributes,
   InstanceUpdateOptions,
+  Transaction,
 } from "sequelize";
 import {
   Column,
@@ -14,12 +15,19 @@ import {
   DataType,
   IsUrl,
   BeforeCreate,
+  AfterCreate,
+  AfterUpdate,
+  AfterDestroy,
+  AfterRestore,
   DefaultScope,
   AllowNull,
 } from "sequelize-typescript";
+import { Hour } from "@shared/utils/time";
 import { WebhookSubscriptionValidation } from "@shared/validations";
 import { ValidationError } from "@server/errors";
 import type { Event } from "@server/types";
+import { CacheHelper } from "@server/utils/CacheHelper";
+import { RedisPrefixHelper } from "@server/utils/RedisPrefixHelper";
 import Team from "./Team";
 import User from "./User";
 import ParanoidModel from "./base/ParanoidModel";
@@ -47,6 +55,60 @@ class WebhookSubscription extends ParanoidModel<
 > {
   static eventNamespace = "webhookSubscriptions";
 
+  /**
+   * Returns the enabled webhook subscriptions for a team, caching the
+   * lightweight { id, events } projection in Redis to avoid a database query on
+   * every event. The cache is invalidated by model lifecycle hooks whenever a
+   * team's subscriptions change.
+   *
+   * @param teamId The team to load subscriptions for.
+   * @returns the enabled subscriptions' ids and subscribed event names.
+   */
+  public static async findEnabledByTeamId(
+    teamId: string
+  ): Promise<Array<{ id: string; events: string[] }>> {
+    return (
+      (await CacheHelper.getDataOrSet<Array<{ id: string; events: string[] }>>(
+        RedisPrefixHelper.getWebhookSubscriptionsKey(teamId),
+        async () => {
+          const subscriptions = await this.unscoped().findAll({
+            attributes: ["id", "events"],
+            where: { enabled: true, teamId },
+            raw: true,
+          });
+          return subscriptions.map((subscription) => ({
+            id: subscription.id,
+            events: subscription.events,
+          }));
+        },
+        Hour.seconds
+      )) ?? []
+    );
+  }
+
+  /**
+   * Determines whether a subscription configured for the given event names
+   * should receive an event with the given name. Pure so it can run against the
+   * cached projection as well as model instances.
+   *
+   * @param events The event names a subscription is configured for.
+   * @param eventName The name of the event being processed.
+   * @returns true if the event matches the subscription configuration.
+   */
+  public static matchEvent(events: string[], eventName: string): boolean {
+    if (events.length === 1 && events[0] === "*") {
+      return true;
+    }
+
+    for (const e of events) {
+      if (e === eventName || eventName.startsWith(e + ".")) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
   @NotEmpty
   @Length({
     max: WebhookSubscriptionValidation.maxNameLength,
@@ -105,6 +167,31 @@ class WebhookSubscription extends ParanoidModel<
     }
   }
 
+  @AfterCreate
+  @AfterUpdate
+  @AfterDestroy
+  @AfterRestore
+  static async invalidateCache(
+    model: WebhookSubscription,
+    options: { transaction?: Transaction | null }
+  ) {
+    const invalidate = () =>
+      CacheHelper.removeData(
+        RedisPrefixHelper.getWebhookSubscriptionsKey(model.teamId)
+      );
+
+    // Defer invalidation until after the transaction commits so that a rollback
+    // does not leave the cache out of sync, and so a stale pre-commit read is
+    // not re-cached by a concurrent reader. Walk to the parent transaction when
+    // nested so the callback isn't lost when a savepoint releases.
+    if (options.transaction) {
+      const transaction = options.transaction.parent || options.transaction;
+      transaction.afterCommit(invalidate);
+    } else {
+      await invalidate();
+    }
+  }
+
   // instance methods
 
   /**
@@ -130,22 +217,11 @@ class WebhookSubscription extends ParanoidModel<
    * Determines if an event should be processed for this webhook subscription
    * based on the event configuration.
    *
-   * @param event Event to ceck
+   * @param event Event to check
    * @returns true if event is valid
    */
-  public validForEvent = (event: Event): boolean => {
-    if (this.events.length === 1 && this.events[0] === "*") {
-      return true;
-    }
-
-    for (const e of this.events) {
-      if (e === event.name || event.name.startsWith(e + ".")) {
-        return true;
-      }
-    }
-
-    return false;
-  };
+  public validForEvent = (event: Event): boolean =>
+    WebhookSubscription.matchEvent(this.events, event.name);
 
   /**
    * Calculates the signature for a webhook payload if the webhook subscription
diff --git a/server/queues/processors/BaseProcessor.ts b/server/queues/processors/BaseProcessor.ts
index 4406d26c3f..c33e405804 100644
--- a/server/queues/processors/BaseProcessor.ts
+++ b/server/queues/processors/BaseProcessor.ts
@@ -1,8 +1,31 @@
 import type { Event } from "@server/types";
 
 export default abstract class BaseProcessor {
+  /**
+   * The event names this processor handles. The global event queue only creates
+   * a job for the processor when an event's name is listed here, or when it
+   * contains the `"*"` wildcard to match every event.
+   */
   static applicableEvents: (Event["name"] | "*")[] = [];
 
+  /**
+   * Optional hook run in the global event queue before a job is created for this
+   * processor. Implement it to cheaply opt out of events the processor will not
+   * act on and avoid the cost of an empty job. When omitted, every applicable
+   * event is queued.
+   *
+   * @param event The event about to be queued.
+   * @returns true if a job should be queued for this processor.
+   */
+  static shouldQueue?: (event: Event) => Promise<boolean>;
+
+  /**
+   * Handle an applicable event. Called once per queued job, with retries on
+   * failure.
+   *
+   * @param event The event to process.
+   * @returns A promise that resolves once the event has been processed.
+   */
   public abstract perform(event: Event): Promise<void>;
 
   /**
diff --git a/server/services/worker.ts b/server/services/worker.ts
index a62e90cf02..9d58ace917 100644
--- a/server/services/worker.ts
+++ b/server/services/worker.ts
@@ -57,7 +57,14 @@ export default async function init() {
               ProcessorClass.applicableEvents.includes(event.name) ||
               ProcessorClass.applicableEvents.includes("*")
             ) {
-              await processorEventQueue().add({ event, name });
+              // A processor may optionally opt out of an event before a job is
+              // created, avoiding the cost of an empty job.
+              if (
+                !ProcessorClass.shouldQueue ||
+                (await ProcessorClass.shouldQueue(event))
+              ) {
+                await processorEventQueue().add({ event, name });
+              }
             }
           } catch (error) {
             Logger.error(
diff --git a/server/utils/RedisPrefixHelper.ts b/server/utils/RedisPrefixHelper.ts
index 9a0b2d0ce1..5510bdb26c 100644
--- a/server/utils/RedisPrefixHelper.ts
+++ b/server/utils/RedisPrefixHelper.ts
@@ -43,6 +43,16 @@ export class RedisPrefixHelper {
     return `uc:${userId}`;
   }
 
+  /**
+   * Gets key for caching a team's enabled webhook subscriptions.
+   *
+   * @param teamId The team ID to generate a key for.
+   * @returns the cache key string.
+   */
+  public static getWebhookSubscriptionsKey(teamId: string) {
+    return `whs:${teamId}`;
+  }
+
   /**
    * Gets key for caching the count of a relationship managed by the
    * `CounterCache` decorator.

From aad2483ff9ec2a21d0b3ea8872917ea410ae605b Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Fri, 5 Jun 2026 17:57:09 -0400
Subject: [PATCH 15/27] fix: Search term highlights missing (#12598)

---
 app/editor/extensions/FindAndReplace.tsx | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/app/editor/extensions/FindAndReplace.tsx b/app/editor/extensions/FindAndReplace.tsx
index d82fa7a3e6..01ae8505b9 100644
--- a/app/editor/extensions/FindAndReplace.tsx
+++ b/app/editor/extensions/FindAndReplace.tsx
@@ -604,13 +604,26 @@ export default class FindAndReplaceExtension extends Extension<FindAndReplaceOpt
         return {
           update: (view) => {
             const generation = pluginKey.getState(view.state) as number;
-            if (generation !== lastGeneration) {
+            // Rebuild highlights when the results change (generation bump) or,
+            // while a search is active, on any view update. The CSS Custom
+            // Highlight API relies on static DOM ranges that become detached
+            // when the editor re-renders its DOM — e.g. content settling after
+            // sync when navigating from search results, collaboration cursors,
+            // or node views mounting — none of which bump the generation. This
+            // keeps the highlights tracking the live DOM, as decorations do.
+            if (generation !== lastGeneration || this.searchTerm) {
               lastGeneration = generation;
               this.updateHighlights();
             }
           },
           destroy: () => {
-            this.clearHighlights();
+            // The highlight registry is global and keyed by fixed names, so
+            // only tear down highlights when this editor actually owns an
+            // active search — otherwise an unmounting editor could wipe the
+            // highlights another editor just set during a route transition.
+            if (this.searchTerm) {
+              this.clearHighlights();
+            }
           },
         };
       },

From 9ec6b8309d5d4b4a6992433ad15276342ae43495 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Fri, 5 Jun 2026 18:00:37 -0400
Subject: [PATCH 16/27] chore: Improve handling of 'expected' network errors
 from webhooks (#12599)

---
 .../server/tasks/DeliverWebhookTask.test.ts   | 65 ++++++++++++++++++-
 .../server/tasks/DeliverWebhookTask.ts        | 52 ++++++++++++++-
 2 files changed, 115 insertions(+), 2 deletions(-)

diff --git a/plugins/webhooks/server/tasks/DeliverWebhookTask.test.ts b/plugins/webhooks/server/tasks/DeliverWebhookTask.test.ts
index 0381365aec..0b007ea601 100644
--- a/plugins/webhooks/server/tasks/DeliverWebhookTask.test.ts
+++ b/plugins/webhooks/server/tasks/DeliverWebhookTask.test.ts
@@ -1,3 +1,4 @@
+import { FetchError } from "node-fetch";
 import {
   http,
   HttpResponse,
@@ -12,7 +13,9 @@ import {
   buildWebhookSubscription,
 } from "@server/test/factories";
 import type { UserEvent } from "@server/types";
-import DeliverWebhookTask from "./DeliverWebhookTask";
+import DeliverWebhookTask, {
+  isExpectedNetworkError,
+} from "./DeliverWebhookTask";
 
 const ip = "127.0.0.1";
 
@@ -243,3 +246,63 @@ describe("DeliverWebhookTask", () => {
     expect(delivery.responseBody).toEqual('{"message":"Failure"}');
   });
 });
+
+describe("isExpectedNetworkError", () => {
+  test("treats node-fetch FetchError as expected", () => {
+    expect(
+      isExpectedNetworkError(
+        new FetchError("request to https://example.com failed", "system")
+      )
+    ).toBe(true);
+  });
+
+  test("treats raw socket errors as expected", () => {
+    expect(isExpectedNetworkError(new Error("socket hang up"))).toBe(true);
+    expect(
+      isExpectedNetworkError(
+        Object.assign(new Error("read ECONNRESET"), { code: "ECONNRESET" })
+      )
+    ).toBe(true);
+  });
+
+  test("treats connection error codes as expected", () => {
+    for (const code of [
+      "ECONNREFUSED",
+      "ETIMEDOUT",
+      "EHOSTUNREACH",
+      "ENOTFOUND",
+      "EAI_AGAIN",
+    ]) {
+      expect(
+        isExpectedNetworkError(Object.assign(new Error("boom"), { code }))
+      ).toBe(true);
+    }
+  });
+
+  test("treats invalid certificate errors as expected", () => {
+    expect(
+      isExpectedNetworkError(
+        Object.assign(new Error("self signed certificate"), {
+          code: "DEPTH_ZERO_SELF_SIGNED_CERT",
+        })
+      )
+    ).toBe(true);
+  });
+
+  test("treats the request timeout thrown by the fetch wrapper as expected", () => {
+    expect(
+      isExpectedNetworkError(new Error("Request timeout after 5000ms"))
+    ).toBe(true);
+  });
+
+  test("does not treat unrelated errors as expected", () => {
+    expect(
+      isExpectedNetworkError(new TypeError("undefined is not a function"))
+    ).toBe(false);
+    expect(
+      isExpectedNetworkError(new Error("Cannot read property foo of undefined"))
+    ).toBe(false);
+    expect(isExpectedNetworkError("socket hang up")).toBe(false);
+    expect(isExpectedNetworkError(undefined)).toBe(false);
+  });
+});
diff --git a/plugins/webhooks/server/tasks/DeliverWebhookTask.ts b/plugins/webhooks/server/tasks/DeliverWebhookTask.ts
index f2b8c2e41b..7fe6f088f0 100644
--- a/plugins/webhooks/server/tasks/DeliverWebhookTask.ts
+++ b/plugins/webhooks/server/tasks/DeliverWebhookTask.ts
@@ -78,6 +78,56 @@ function assertUnreachable(event: never) {
   Logger.warn(`DeliverWebhookTask did not handle ${(event as Event).name}`);
 }
 
+/**
+ * Node connection-level error codes that are expected when delivering to
+ * arbitrary, user-supplied webhook URLs. These indicate a misconfigured or
+ * unreachable destination rather than a bug in Outline.
+ */
+const expectedNetworkErrorCodes = new Set([
+  "ECONNRESET",
+  "ECONNREFUSED",
+  "ECONNABORTED",
+  "ETIMEDOUT",
+  "EHOSTUNREACH",
+  "ENETUNREACH",
+  "ENOTFOUND",
+  "EAI_AGAIN",
+  "EPIPE",
+  "EPROTO",
+  "DEPTH_ZERO_SELF_SIGNED_CERT",
+  "SELF_SIGNED_CERT_IN_CHAIN",
+  "UNABLE_TO_VERIFY_LEAF_SIGNATURE",
+  "CERT_HAS_EXPIRED",
+  "ERR_TLS_CERT_ALTNAME_INVALID",
+]);
+
+/**
+ * Determine whether an error thrown while delivering a webhook is an expected
+ * network failure caused by the user-supplied destination URL (connection
+ * reset, timeout, unreachable host, invalid certificate, etc) rather than an
+ * unexpected bug. Such failures are noisy and do not need error tracking.
+ *
+ * @param err The error that occurred during delivery.
+ * @returns true if the error is an expected network failure.
+ */
+export function isExpectedNetworkError(err: unknown): boolean {
+  if (err instanceof FetchError) {
+    return true;
+  }
+  if (err instanceof Error) {
+    const code = (err as NodeJS.ErrnoException).code;
+    if (code && expectedNetworkErrorCodes.has(code)) {
+      return true;
+    }
+    // node-fetch surfaces some low-level socket failures (and our fetch wrapper
+    // converts aborted requests into timeouts) without a structured code.
+    return /socket hang up|request timeout|network|ECONNRESET/i.test(
+      err.message
+    );
+  }
+  return false;
+}
+
 type Props = {
   subscriptionId: string;
   event: Event;
@@ -765,7 +815,7 @@ export default class DeliverWebhookTask extends BaseTask<Props> {
       });
       status = response.ok ? "success" : "failed";
     } catch (err) {
-      if (err instanceof FetchError && env.isCloudHosted) {
+      if (isExpectedNetworkError(err) && env.isCloudHosted) {
         Logger.warn(`Failed to send webhook: ${err.message}`, {
           event,
           deliveryId: delivery.id,

From b5465376ae5c57db02bfcda8823fc91f5cb43ba2 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Fri, 5 Jun 2026 22:33:03 -0400
Subject: [PATCH 17/27] fix: Mermaid persisted as last used language (#12601)

* fix: Mermaid persisted as last used language

* Suppress mermaid in getFrequentCodeLanguages too
---
 shared/editor/lib/code.test.ts | 52 +++++++++++++++++++++++++++++++++-
 shared/editor/lib/code.ts      | 34 ++++++++++++++++------
 2 files changed, 77 insertions(+), 9 deletions(-)

diff --git a/shared/editor/lib/code.test.ts b/shared/editor/lib/code.test.ts
index 1764ef4ac4..8d60da26e4 100644
--- a/shared/editor/lib/code.test.ts
+++ b/shared/editor/lib/code.test.ts
@@ -1,4 +1,11 @@
-import { getRefractorLangForLanguage, getLabelForLanguage } from "./code";
+import Storage from "../../utils/Storage";
+import {
+  getRefractorLangForLanguage,
+  getLabelForLanguage,
+  setRecentlyUsedCodeLanguage,
+  getRecentlyUsedCodeLanguage,
+  getFrequentCodeLanguages,
+} from "./code";
 
 describe("getRefractorLangForLanguage", () => {
   it("should return the correct lang identifier for a given language", () => {
@@ -26,3 +33,46 @@ describe("getLabelForLanguage", () => {
     expect(getLabelForLanguage("")).toBe("Plain text");
   });
 });
+
+describe("setRecentlyUsedCodeLanguage", () => {
+  beforeEach(() => {
+    Storage.clear();
+  });
+
+  it("should remember the last selected code language", () => {
+    setRecentlyUsedCodeLanguage("javascript");
+    expect(getRecentlyUsedCodeLanguage()).toBe("javascript");
+  });
+
+  it("should not remember mermaid as the last selected code language", () => {
+    setRecentlyUsedCodeLanguage("javascript");
+    setRecentlyUsedCodeLanguage("mermaid");
+    expect(getRecentlyUsedCodeLanguage()).toBe("javascript");
+  });
+
+  it("should not remember mermaidjs as the last selected code language", () => {
+    setRecentlyUsedCodeLanguage("javascript");
+    setRecentlyUsedCodeLanguage("mermaidjs");
+    expect(getRecentlyUsedCodeLanguage()).toBe("javascript");
+  });
+
+  it("should ignore mermaid that was already persisted", () => {
+    Storage.set("rme-code-language", "mermaid");
+    expect(getRecentlyUsedCodeLanguage()).toBeUndefined();
+  });
+});
+
+describe("getFrequentCodeLanguages", () => {
+  beforeEach(() => {
+    Storage.clear();
+  });
+
+  it("should exclude mermaid that was already persisted", () => {
+    Storage.set("frequent-code-languages", {
+      javascript: 3,
+      mermaid: 5,
+      mermaidjs: 2,
+    });
+    expect(getFrequentCodeLanguages()).toEqual(["javascript"]);
+  });
+});
diff --git a/shared/editor/lib/code.ts b/shared/editor/lib/code.ts
index 9e56ccca09..4e09076115 100644
--- a/shared/editor/lib/code.ts
+++ b/shared/editor/lib/code.ts
@@ -374,12 +374,23 @@ export const getRefractorLangForLanguage = (
 export const getLoaderForLanguage = (language: string) =>
   codeLanguages[language as keyof typeof codeLanguages]?.loader;
 
+// Mermaid diagrams have a separate insertion entry point, so they should never
+// be remembered as a recently or frequently used code language.
+const nonPersistableLanguages = ["mermaid", "mermaidjs"];
+
+const isPersistableCodeLanguage = (language: string) =>
+  !nonPersistableLanguages.includes(language);
+
 /**
  * Set the most recent code language used.
  *
  * @param language The language identifier.
  */
 export const setRecentlyUsedCodeLanguage = (language: string) => {
+  if (!isPersistableCodeLanguage(language)) {
+    return;
+  }
+
   const frequentLangs = (Storage.get(StorageKey) ?? {}) as Record<
     string,
     number
@@ -416,8 +427,12 @@ export const setRecentlyUsedCodeLanguage = (language: string) => {
  *
  * @returns The most recent code language used, or undefined if none is set.
  */
-export const getRecentlyUsedCodeLanguage = () =>
-  Storage.get(RecentlyUsedStorageKey) as keyof typeof codeLanguages | undefined;
+export const getRecentlyUsedCodeLanguage = () => {
+  const language = Storage.get(RecentlyUsedStorageKey) as
+    | keyof typeof codeLanguages
+    | undefined;
+  return language && isPersistableCodeLanguage(language) ? language : undefined;
+};
 
 /**
  * Get the most frequent code languages used.
@@ -425,17 +440,20 @@ export const getRecentlyUsedCodeLanguage = () =>
  * @returns An array of the most frequent code languages used.
  */
 export const getFrequentCodeLanguages = () => {
-  const recentLang = Storage.get(RecentlyUsedStorageKey);
-  const frequentLangEntries = Object.entries(Storage.get(StorageKey) ?? {}) as [
-    keyof typeof codeLanguages,
-    number,
-  ][];
+  const recentLang = getRecentlyUsedCodeLanguage();
+  const frequentLangEntries = (
+    Object.entries(Storage.get(StorageKey) ?? {}) as [
+      keyof typeof codeLanguages,
+      number,
+    ][]
+  ).filter(([lang]) => isPersistableCodeLanguage(lang));
 
   const frequentLangs = sortFrequencies(frequentLangEntries)
     .slice(0, frequentLanguagesToGet)
     .map(([lang]) => lang);
 
-  const isRecentLangPresent = frequentLangs.includes(recentLang);
+  const isRecentLangPresent =
+    !!recentLang && frequentLangs.includes(recentLang);
   if (recentLang && !isRecentLangPresent) {
     frequentLangs.pop();
     frequentLangs.push(recentLang);

From 997d38a6ac0c851e6ea7cd864edcc544c9fffc9b Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Fri, 5 Jun 2026 23:16:45 -0400
Subject: [PATCH 18/27] fix: document.collaboratorIds iterable error (#12602)

---
 app/components/Collaborators.tsx | 4 ++--
 server/presenters/document.ts    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/components/Collaborators.tsx b/app/components/Collaborators.tsx
index 360e33ffd9..0f554e9b51 100644
--- a/app/components/Collaborators.tsx
+++ b/app/components/Collaborators.tsx
@@ -79,10 +79,10 @@ function Collaborators(props: Props) {
   // Memoize ids to avoid unnecessary effect executions
   const missingUserIds = useMemo(
     () =>
-      uniq([...document.collaboratorIds, ...Array.from(presentIds)])
+      uniq([...collaboratorIdsSet, ...presentIds])
         .filter((userId) => !users.get(userId))
         .sort(),
-    [document.collaboratorIds, presentIds, users]
+    [collaboratorIdsSet, presentIds, users]
   );
 
   useEffect(() => {
diff --git a/server/presenters/document.ts b/server/presenters/document.ts
index 7daf3e63e9..6f93f7fa42 100644
--- a/server/presenters/document.ts
+++ b/server/presenters/document.ts
@@ -109,7 +109,7 @@ async function presentDocument(
     res.parentDocumentId = document.parentDocumentId;
     res.createdBy = presentUser(document.createdBy);
     res.updatedBy = presentUser(document.updatedBy);
-    res.collaboratorIds = document.collaboratorIds;
+    res.collaboratorIds = document.collaboratorIds ?? [];
     res.templateId = document.templateId;
     res.insightsEnabled = document.insightsEnabled;
     res.popularityScore = document.popularityScore;

From be3f28afeaaa8b92137685376fe17fff94e62255 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Fri, 5 Jun 2026 23:42:40 -0400
Subject: [PATCH 19/27] fix: Remove parsing rules when not supported in editor
 (#12604)

* fix: Remove table markdown parsing rule when not supported in editor

* Additional nodes, tests
---
 shared/editor/lib/markdown/rules.test.ts | 37 ++++++++++++++++++++++++
 shared/editor/lib/markdown/rules.ts      | 10 ++++++-
 2 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 shared/editor/lib/markdown/rules.test.ts

diff --git a/shared/editor/lib/markdown/rules.test.ts b/shared/editor/lib/markdown/rules.test.ts
new file mode 100644
index 0000000000..6d90e159a5
--- /dev/null
+++ b/shared/editor/lib/markdown/rules.test.ts
@@ -0,0 +1,37 @@
+import type { Schema } from "prosemirror-model";
+import makeRules from "./rules";
+
+const tableMarkdown = "| a | b |\n| --- | --- |\n| 1 | 2 |";
+
+const schemaWith = (nodes: string[]) =>
+  ({
+    nodes: Object.fromEntries(nodes.map((name) => [name, {}])),
+  }) as unknown as Schema;
+
+describe("makeRules", () => {
+  it("parses tables when the schema supports them", () => {
+    const md = makeRules({ schema: schemaWith(["table"]) });
+    const types = md.parse(tableMarkdown, {}).map((token) => token.type);
+    expect(types).toContain("table_open");
+  });
+
+  it("does not emit table tokens when the schema lacks table support", () => {
+    const md = makeRules({ schema: schemaWith([]) });
+    const types = md.parse(tableMarkdown, {}).map((token) => token.type);
+    expect(types).not.toContain("table_open");
+  });
+
+  it("does not emit heading tokens for setext headings when the schema lacks heading support", () => {
+    const md = makeRules({ schema: schemaWith([]) });
+    const types = md.parse("Title\n=====\n", {}).map((token) => token.type);
+    expect(types).not.toContain("heading_open");
+  });
+
+  it("does not emit code_block tokens when the schema lacks code block support", () => {
+    const md = makeRules({ schema: schemaWith([]) });
+    const indented = md.parse("    foo\n", {}).map((token) => token.type);
+    const fenced = md.parse("```\nfoo\n```\n", {}).map((token) => token.type);
+    expect(indented).not.toContain("code_block");
+    expect(fenced).not.toContain("fence");
+  });
+});
diff --git a/shared/editor/lib/markdown/rules.ts b/shared/editor/lib/markdown/rules.ts
index b6ec30936a..e37f56b5b9 100644
--- a/shared/editor/lib/markdown/rules.ts
+++ b/shared/editor/lib/markdown/rules.ts
@@ -36,7 +36,15 @@ export default function makeRules({
     markdownIt.disable("hr");
   }
   if (!schema?.nodes.heading) {
-    markdownIt.disable("heading");
+    // "heading" is ATX (# Title), "lheading" is setext (Title\n=====).
+    markdownIt.disable(["heading", "lheading"]);
+  }
+  if (!schema?.nodes.table) {
+    markdownIt.disable("table");
+  }
+  if (!schema?.nodes.code_block) {
+    // "code" is indented code blocks, "fence" is ``` delimited blocks.
+    markdownIt.disable(["code", "fence"]);
   }
 
   plugins.forEach((plugin) => markdownIt.use(plugin));

From f329b56d0edbbd687728c7436713f2c99e8ec722 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Sat, 6 Jun 2026 07:24:16 -0400
Subject: [PATCH 20/27] fix: Hard break serialization for commonMark (#12603)

* fix: Hard break serialization for commonMark

* tests
---
 .../extensions/ClipboardTextSerializer.ts     |  2 +-
 app/models/helpers/ProsemirrorHelper.ts       |  2 +-
 shared/editor/lib/markdown/serializer.ts      | 13 ++-
 shared/editor/nodes/HardBreak.ts              |  4 +-
 shared/editor/nodes/Paragraph.ts              |  2 +-
 .../editor/rules}/checkboxes.test.ts          |  8 +-
 shared/editor/rules/hardbreaks.test.ts        | 88 +++++++++++++++++++
 7 files changed, 113 insertions(+), 6 deletions(-)
 rename {server/editor => shared/editor/rules}/checkboxes.test.ts (90%)
 create mode 100644 shared/editor/rules/hardbreaks.test.ts

diff --git a/app/editor/extensions/ClipboardTextSerializer.ts b/app/editor/extensions/ClipboardTextSerializer.ts
index b5a05a7f70..c1146c87fa 100644
--- a/app/editor/extensions/ClipboardTextSerializer.ts
+++ b/app/editor/extensions/ClipboardTextSerializer.ts
@@ -61,7 +61,7 @@ export default class ClipboardTextSerializer extends Extension {
                   .map((node) => ProsemirrorHelper.toPlainText(node))
                   .join("\n")
               : mdSerializer.serialize(slice.content, {
-                  softBreak: true,
+                  commonMark: true,
                 });
           },
         },
diff --git a/app/models/helpers/ProsemirrorHelper.ts b/app/models/helpers/ProsemirrorHelper.ts
index c48534e231..8e268fd051 100644
--- a/app/models/helpers/ProsemirrorHelper.ts
+++ b/app/models/helpers/ProsemirrorHelper.ts
@@ -29,7 +29,7 @@ export class ProsemirrorHelper {
     );
 
     const markdown = serializer.serialize(doc, {
-      softBreak: true,
+      commonMark: true,
     });
     return markdown;
   };
diff --git a/shared/editor/lib/markdown/serializer.ts b/shared/editor/lib/markdown/serializer.ts
index 85a1d82ad3..5eec8aba7a 100644
--- a/shared/editor/lib/markdown/serializer.ts
+++ b/shared/editor/lib/markdown/serializer.ts
@@ -3,7 +3,18 @@
 // https://raw.githubusercontent.com/ProseMirror/prosemirror-markdown/master/src/to_markdown.js
 // forked for table support
 
-type Options = { tightLists?: boolean; softBreak?: boolean };
+/** Options that control how a ProseMirror document is serialized to Markdown. */
+type Options = {
+  /** Whether list items are rendered without blank lines between them. */
+  tightLists?: boolean;
+  /**
+   * Whether to emit portable, standard CommonMark intended to leave Outline,
+   * such as when copying to the clipboard or exporting. When false the
+   * serializer uses Outline's internal escaped representation, which round-trips
+   * losslessly through its own parser but is not standard Markdown.
+   */
+  commonMark?: boolean;
+};
 
 // ::- A specification for serializing a ProseMirror document as
 // Markdown/CommonMark text.
diff --git a/shared/editor/nodes/HardBreak.ts b/shared/editor/nodes/HardBreak.ts
index 2ce830c0c1..34292759e1 100644
--- a/shared/editor/nodes/HardBreak.ts
+++ b/shared/editor/nodes/HardBreak.ts
@@ -55,8 +55,10 @@ export default class HardBreak extends Node {
   }
 
   toMarkdown(state: MarkdownSerializerState) {
+    // Two trailing spaces is a CommonMark hard break that survives a
+    // copy/export round-trip, unlike a bare newline.
     state.write(
-      state.inTable ? "<br>" : state.options.softBreak ? "\n" : "\\n"
+      state.inTable ? "<br>" : state.options.commonMark ? "  \n" : "\\n"
     );
   }
 
diff --git a/shared/editor/nodes/Paragraph.ts b/shared/editor/nodes/Paragraph.ts
index d458cea4ee..6b91cee92d 100644
--- a/shared/editor/nodes/Paragraph.ts
+++ b/shared/editor/nodes/Paragraph.ts
@@ -58,7 +58,7 @@ export default class Paragraph extends Node {
       node.childCount === 0 &&
       !state.inTable
     ) {
-      state.write(state.options.softBreak ? "\n" : "\\\n");
+      state.write(state.options.commonMark ? "\n" : "\\\n");
     } else {
       state.renderInline(node);
       state.closeBlock(node);
diff --git a/server/editor/checkboxes.test.ts b/shared/editor/rules/checkboxes.test.ts
similarity index 90%
rename from server/editor/checkboxes.test.ts
rename to shared/editor/rules/checkboxes.test.ts
index 3a31ff25e2..c9db14d8da 100644
--- a/server/editor/checkboxes.test.ts
+++ b/shared/editor/rules/checkboxes.test.ts
@@ -1,4 +1,10 @@
-import { parser, serializer } from "@server/editor";
+import { extensionManager, schema } from "../../test/editor";
+
+const serializer = extensionManager.serializer();
+const parser = extensionManager.parser({
+  schema,
+  plugins: extensionManager.rulePlugins,
+});
 
 interface ProsemirrorNode {
   type: string;
diff --git a/shared/editor/rules/hardbreaks.test.ts b/shared/editor/rules/hardbreaks.test.ts
new file mode 100644
index 0000000000..0c4984c6de
--- /dev/null
+++ b/shared/editor/rules/hardbreaks.test.ts
@@ -0,0 +1,88 @@
+import { extensionManager, schema } from "../../test/editor";
+
+const serializer = extensionManager.serializer();
+const parser = extensionManager.parser({
+  schema,
+  plugins: extensionManager.rulePlugins,
+});
+
+const docWithHardBreak = schema.nodeFromJSON({
+  type: "doc",
+  content: [
+    {
+      type: "paragraph",
+      content: [
+        { type: "text", text: "Line one" },
+        { type: "br" },
+        { type: "text", text: "Line two" },
+      ],
+    },
+  ],
+});
+
+it("parses two trailing spaces as a hard break", () => {
+  const ast = parser.parse("Line one  \nLine two");
+
+  expect(ast?.toJSON()).toEqual(docWithHardBreak.toJSON());
+});
+
+it("parses a backslash line ending as a hard break", () => {
+  const ast = parser.parse("Line one\\\nLine two");
+
+  expect(ast?.toJSON()).toEqual(docWithHardBreak.toJSON());
+});
+
+it("serializes hard breaks as a CommonMark break when commonMark is set", () => {
+  // The commonMark option is used when copying to the clipboard and exporting
+  // documents – two trailing spaces are a standard Markdown hard break that
+  // renders in external viewers and parses back into a `br`, unlike a bare
+  // newline.
+  expect(serializer.serialize(docWithHardBreak, { commonMark: true })).toBe(
+    "Line one  \nLine two"
+  );
+});
+
+it("round-trips hard breaks through the copy/export serializer", () => {
+  let node = docWithHardBreak;
+
+  for (let i = 0; i < 3; i++) {
+    const markdown = serializer.serialize(node, { commonMark: true });
+    node = parser.parse(markdown)!;
+    expect(node.toJSON()).toEqual(docWithHardBreak.toJSON());
+  }
+});
+
+it("serializes hard breaks inside tables as a literal break tag", () => {
+  const docWithTable = schema.nodeFromJSON({
+    type: "doc",
+    content: [
+      {
+        type: "table",
+        content: [
+          {
+            type: "tr",
+            content: [
+              {
+                type: "td",
+                content: [
+                  {
+                    type: "paragraph",
+                    content: [
+                      { type: "text", text: "Line one" },
+                      { type: "br" },
+                      { type: "text", text: "Line two" },
+                    ],
+                  },
+                ],
+              },
+            ],
+          },
+        ],
+      },
+    ],
+  });
+
+  expect(serializer.serialize(docWithTable, { commonMark: true })).toContain(
+    "Line one<br>Line two"
+  );
+});

From b23a39bd39e28d5f67d52ce5c084ae27a1d40e4a Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Sat, 6 Jun 2026 08:01:26 -0400
Subject: [PATCH 21/27] Add email verification check during sign-in flow
 (#12605)

* Add email verification check during sign-in flow

* Add support for Entra External ID with OIDC standard verification claim
---
 plugins/azure/server/auth/azure.ts            | 13 ++++
 plugins/discord/server/auth/discord.ts        |  1 +
 plugins/google/server/auth/google.ts          |  2 +
 plugins/oidc/server/auth/oidcRouter.ts        | 11 ++++
 plugins/slack/server/auth/slack.ts            |  2 +
 server/commands/accountProvisioner.test.ts    | 51 +++++++++++++++
 server/commands/accountProvisioner.ts         |  7 ++
 server/commands/userProvisioner.test.ts       | 65 +++++++++++++++++++
 server/commands/userProvisioner.ts            | 27 +++++++-
 server/models/helpers/AuthenticationHelper.ts | 13 ++++
 10 files changed, 191 insertions(+), 1 deletion(-)

diff --git a/plugins/azure/server/auth/azure.ts b/plugins/azure/server/auth/azure.ts
index 6b0deee13d..33d39543db 100644
--- a/plugins/azure/server/auth/azure.ts
+++ b/plugins/azure/server/auth/azure.ts
@@ -102,6 +102,18 @@ if (env.AZURE_CLIENT_ID && env.AZURE_CLIENT_SECRET) {
         const user =
           context.state?.auth?.user ?? (await getUserFromOAuthState(context));
 
+        // Microsoft's email claim is mutable, only trust it when a verification
+        // claim confirms it — xms_edov for workforce tenants, or the standard
+        // email_verified claim in External ID / OIDC scenarios.
+        // https://learn.microsoft.com/en-us/entra/identity-platform/reference-claims-customization
+        const verificationClaims = [profile.xms_edov, profile.email_verified];
+        const presentClaims = verificationClaims.filter(
+          (claim) => claim !== undefined
+        );
+        const emailVerified = presentClaims.length
+          ? presentClaims.some((claim) => claim === true || claim === "true")
+          : undefined;
+
         const domain = parseEmail(email).domain;
         const subdomain = slugifyDomain(domain);
 
@@ -121,6 +133,7 @@ if (env.AZURE_CLIENT_ID && env.AZURE_CLIENT_SECRET) {
           user: {
             name: profile.name,
             email,
+            emailVerified,
             avatarUrl: profile.picture,
           },
           authenticationProvider: {
diff --git a/plugins/discord/server/auth/discord.ts b/plugins/discord/server/auth/discord.ts
index 00d940243e..c2a9e73f87 100644
--- a/plugins/discord/server/auth/discord.ts
+++ b/plugins/discord/server/auth/discord.ts
@@ -201,6 +201,7 @@ if (env.DISCORD_CLIENT_ID && env.DISCORD_CLIENT_SECRET) {
             },
             user: {
               email,
+              emailVerified: profile.verified,
               name: userName,
               language,
               avatarUrl: userAvatarUrl,
diff --git a/plugins/google/server/auth/google.ts b/plugins/google/server/auth/google.ts
index dbf241a8fa..26c197e3e6 100644
--- a/plugins/google/server/auth/google.ts
+++ b/plugins/google/server/auth/google.ts
@@ -127,6 +127,8 @@ if (env.GOOGLE_CLIENT_ID && env.GOOGLE_CLIENT_SECRET) {
             },
             user: {
               email: profile.email,
+              // Google only returns confirmed workspace email addresses.
+              emailVerified: true,
               name: profile.displayName,
               language,
               avatarUrl,
diff --git a/plugins/oidc/server/auth/oidcRouter.ts b/plugins/oidc/server/auth/oidcRouter.ts
index 4d8a98ca11..131b5300eb 100644
--- a/plugins/oidc/server/auth/oidcRouter.ts
+++ b/plugins/oidc/server/auth/oidcRouter.ts
@@ -105,6 +105,7 @@ export function createOIDCRouter(
 
               return decoded as {
                 email?: string;
+                email_verified?: boolean | string;
                 preferred_username?: string;
                 sub?: string;
               };
@@ -122,6 +123,15 @@ export function createOIDCRouter(
             );
           }
 
+          // The email_verified claim is part of the OIDC standard claims.
+          // https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
+          const emailVerifiedClaim =
+            profile.email_verified ?? token.email_verified;
+          const emailVerified =
+            emailVerifiedClaim === undefined
+              ? undefined
+              : emailVerifiedClaim === true || emailVerifiedClaim === "true";
+
           const team = await getTeamFromContext(context);
           const client = getClientFromOAuthState(context);
           const user =
@@ -206,6 +216,7 @@ export function createOIDCRouter(
             user: {
               name,
               email,
+              emailVerified,
               avatarUrl,
             },
             authenticationProvider: {
diff --git a/plugins/slack/server/auth/slack.ts b/plugins/slack/server/auth/slack.ts
index 6906702fe2..b33c6cf53f 100644
--- a/plugins/slack/server/auth/slack.ts
+++ b/plugins/slack/server/auth/slack.ts
@@ -110,6 +110,8 @@ if (env.SLACK_CLIENT_ID && env.SLACK_CLIENT_SECRET) {
           user: {
             name: profile.user.name,
             email: profile.user.email,
+            // Slack only returns confirmed workspace email addresses.
+            emailVerified: true,
             avatarUrl: profile.user.image_192,
           },
           authenticationProvider: {
diff --git a/server/commands/accountProvisioner.test.ts b/server/commands/accountProvisioner.test.ts
index 4d1e33baed..9be87981d2 100644
--- a/server/commands/accountProvisioner.test.ts
+++ b/server/commands/accountProvisioner.test.ts
@@ -115,6 +115,7 @@ describe("accountProvisioner", () => {
         user: {
           name: userWithoutAuth.name,
           email,
+          emailVerified: true,
           avatarUrl: userWithoutAuth.avatarUrl,
         },
         team: {
@@ -138,6 +139,54 @@ describe("accountProvisioner", () => {
       expect(isNewUser).toEqual(false);
     });
 
+    it("should not allow authentication by email matching when email is unverified", async () => {
+      const subdomain = faker.internet.domainWord();
+      const existingTeam = await buildTeam({
+        subdomain,
+      });
+
+      const providers = await existingTeam.$get("authenticationProviders");
+      const authenticationProvider = providers[0];
+      const email = faker.internet.email();
+      const userWithoutAuth = await buildUser({
+        email,
+        teamId: existingTeam.id,
+        authentications: [],
+      });
+
+      let error;
+      try {
+        await accountProvisioner(ctx, {
+          user: {
+            name: userWithoutAuth.name,
+            email,
+            emailVerified: false,
+            avatarUrl: userWithoutAuth.avatarUrl,
+          },
+          team: {
+            teamId: existingTeam.id,
+            name: existingTeam.name,
+            avatarUrl: existingTeam.avatarUrl,
+            subdomain,
+          },
+          authenticationProvider: {
+            name: authenticationProvider.name,
+            providerId: authenticationProvider.providerId,
+          },
+          authentication: {
+            providerId: randomUUID(),
+            accessToken: "123",
+            scopes: ["read"],
+          },
+        });
+      } catch (err) {
+        error = err;
+      }
+
+      expect(error).toBeTruthy();
+      expect(error.id).toEqual("invalid_authentication");
+    });
+
     it("should throw an error when authentication provider is disabled", async () => {
       const existingTeam = await buildTeam();
       const providers = await existingTeam.$get("authenticationProviders");
@@ -250,6 +299,7 @@ describe("accountProvisioner", () => {
           user: {
             name: "Jenny Tester",
             email,
+            emailVerified: true,
             avatarUrl: faker.image.avatar(),
           },
           team: {
@@ -291,6 +341,7 @@ describe("accountProvisioner", () => {
         user: {
           name: "Jenny Tester",
           email,
+          emailVerified: true,
           avatarUrl: faker.image.avatar(),
         },
         team: {
diff --git a/server/commands/accountProvisioner.ts b/server/commands/accountProvisioner.ts
index 5992b0cc33..7a81d1231d 100644
--- a/server/commands/accountProvisioner.ts
+++ b/server/commands/accountProvisioner.ts
@@ -17,6 +17,7 @@ import {
   Event,
   Team,
 } from "@server/models";
+import AuthenticationHelper from "@server/models/helpers/AuthenticationHelper";
 import { DocumentHelper } from "@server/models/helpers/DocumentHelper";
 import { sequelize } from "@server/storage/database";
 import { PluginManager } from "@server/utils/PluginManager";
@@ -34,6 +35,8 @@ type Props = {
     name: string;
     /** The email address of the user */
     email: string;
+    /** Whether the provider has verified the user owns the email address */
+    emailVerified?: boolean;
     /** The public url of an image representing the user */
     avatarUrl?: string | null;
     /** The language of the user, if known */
@@ -178,6 +181,10 @@ async function accountProvisioner(
   result = await userProvisioner(ctx, {
     name: userParams.name,
     email: userParams.email,
+    emailVerified: userParams.emailVerified,
+    authenticationProviderName: AuthenticationHelper.getProviderName(
+      authenticationProviderParams.name
+    ),
     language: userParams.language,
     role: isNewTeam ? UserRole.Admin : undefined,
     avatarUrl: userParams.avatarUrl,
diff --git a/server/commands/userProvisioner.test.ts b/server/commands/userProvisioner.test.ts
index eac4c3bb9d..a41d3df189 100644
--- a/server/commands/userProvisioner.test.ts
+++ b/server/commands/userProvisioner.test.ts
@@ -57,6 +57,7 @@ describe("userProvisioner", () => {
     const result = await userProvisioner(ctx, {
       name: existing.name,
       email,
+      emailVerified: true,
       avatarUrl: existing.avatarUrl,
       teamId: existing.teamId,
       authentication: {
@@ -77,6 +78,34 @@ describe("userProvisioner", () => {
     expect(isNewUser).toEqual(false);
   });
 
+  it("should not match an existing user by email when email is unverified", async () => {
+    const team = await buildTeam();
+    const teamAuthProviders = await team.$get("authenticationProviders");
+    const authenticationProvider = teamAuthProviders[0];
+
+    const email = "mynam@email.com";
+    await buildUser({
+      email,
+      teamId: team.id,
+      authentications: [],
+    });
+
+    await expect(
+      userProvisioner(ctx, {
+        name: "Imposter",
+        email,
+        emailVerified: false,
+        teamId: team.id,
+        authentication: {
+          authenticationProviderId: authenticationProvider.id,
+          providerId: randomUUID(),
+          accessToken: "123",
+          scopes: ["read"],
+        },
+      })
+    ).rejects.toThrow("has not been verified by");
+  });
+
   it("should add authentication provider to invited users", async () => {
     const team = await buildTeam({ inviteRequired: true });
     const teamAuthProviders = await team.$get("authenticationProviders");
@@ -91,6 +120,7 @@ describe("userProvisioner", () => {
     const result = await userProvisioner(ctx, {
       name: existing.name,
       email,
+      emailVerified: true,
       avatarUrl: existing.avatarUrl,
       teamId: existing.teamId,
       authentication: {
@@ -264,6 +294,7 @@ describe("userProvisioner", () => {
     const result = await userProvisioner(ctx, {
       name: invite.name,
       email: "invite@ExamPle.com",
+      emailVerified: true,
       teamId: invite.teamId,
       authentication: {
         authenticationProviderId: authenticationProvider.id,
@@ -295,6 +326,7 @@ describe("userProvisioner", () => {
     const result = await userProvisioner(ctx, {
       name: invite.name,
       email: "external@ExamPle.com", // ensure that email is case insensistive
+      emailVerified: true,
       teamId: invite.teamId,
     });
     const { user, authentication, isNewUser } = result;
@@ -340,6 +372,7 @@ describe("userProvisioner", () => {
     const result = await userProvisioner(ctx, {
       name: faker.person.fullName(),
       email,
+      emailVerified: true,
       teamId: team.id,
       authentication: {
         authenticationProviderId: authenticationProvider.id,
@@ -357,6 +390,36 @@ describe("userProvisioner", () => {
     expect(isNewUser).toEqual(true);
   });
 
+  it("should reject an unverified email when the team has allowed domains", async () => {
+    const team = await buildTeam();
+    const admin = await buildAdmin({ teamId: team.id });
+    const domain = faker.internet.domainName();
+    await TeamDomain.create({
+      teamId: team.id,
+      name: domain,
+      createdById: admin.id,
+    });
+
+    const authenticationProviders = await team.$get("authenticationProviders");
+    const authenticationProvider = authenticationProviders[0];
+    const email = faker.internet.email({ provider: domain });
+
+    await expect(
+      userProvisioner(ctx, {
+        name: faker.person.fullName(),
+        email,
+        emailVerified: false,
+        teamId: team.id,
+        authentication: {
+          authenticationProviderId: authenticationProvider.id,
+          providerId: "fake-service-id",
+          accessToken: "123",
+          scopes: ["read"],
+        },
+      })
+    ).rejects.toThrow("has not been verified by");
+  });
+
   it("should create a user from allowed domain with emailMatchOnly", async () => {
     const team = await buildTeam();
     const admin = await buildAdmin({ teamId: team.id });
@@ -372,6 +435,7 @@ describe("userProvisioner", () => {
     const result = await userProvisioner(ctx, {
       name: "Test Name",
       email,
+      emailVerified: true,
       teamId: team.id,
     });
     const { user, authentication, isNewUser } = result;
@@ -408,6 +472,7 @@ describe("userProvisioner", () => {
       userProvisioner(ctx, {
         name: "Bad Domain User",
         email: faker.internet.email(),
+        emailVerified: true,
         teamId: team.id,
         authentication: {
           authenticationProviderId: authenticationProvider.id,
diff --git a/server/commands/userProvisioner.ts b/server/commands/userProvisioner.ts
index d2d15cece9..1977faec10 100644
--- a/server/commands/userProvisioner.ts
+++ b/server/commands/userProvisioner.ts
@@ -25,6 +25,13 @@ type Props = {
   name: string;
   /** The email address of the user */
   email: string;
+  /**
+   * Whether the provider has verified the user owns the email address.
+   * Matching an existing account by email only happens when explicitly true.
+   */
+  emailVerified?: boolean;
+  /** The display name of the authentication provider, eg "Google". */
+  authenticationProviderName?: string;
   /** The language of the user, if known */
   language?: string;
   /** The role for new user, Member if none is provided */
@@ -54,7 +61,17 @@ type Props = {
 
 export default async function userProvisioner(
   ctx: APIContext,
-  { name, email, role, language, avatarUrl, teamId, authentication }: Props
+  {
+    name,
+    email,
+    emailVerified,
+    authenticationProviderName,
+    role,
+    language,
+    avatarUrl,
+    teamId,
+    authentication,
+  }: Props
 ): Promise<UserProvisionerResult> {
   const auth = authentication
     ? await UserAuthentication.findOne({
@@ -135,6 +152,14 @@ export default async function userProvisioner(
     attributes: ["defaultUserRole", "inviteRequired", "id"],
   });
 
+  // Unverified emails cannot match an existing account or pass allow listed domains
+  if (emailVerified !== true && (existingUser || team?.allowedDomains.length)) {
+    const providerName = authenticationProviderName ?? "your identity provider";
+    throw InvalidAuthenticationError(
+      `Your email address has not been verified by ${providerName}. Please verify your email and try signing in again.`
+    );
+  }
+
   // We have an existing user, so we need to update it with our
   // new details and count this as a new user creation.
   if (existingUser) {
diff --git a/server/models/helpers/AuthenticationHelper.ts b/server/models/helpers/AuthenticationHelper.ts
index cdb32fdb1d..9550e4e3a2 100644
--- a/server/models/helpers/AuthenticationHelper.ts
+++ b/server/models/helpers/AuthenticationHelper.ts
@@ -17,6 +17,19 @@ export default class AuthenticationHelper {
     return PluginManager.getHooks(Hook.AuthProvider);
   }
 
+  /**
+   * Returns the human-readable display name for an authentication provider.
+   *
+   * @param id The authentication provider id, eg "google".
+   * @returns The display name if known, otherwise the provided id.
+   */
+  public static getProviderName(id: string): string {
+    const provider = AuthenticationHelper.providers.find(
+      (hook) => hook.value.id === id
+    );
+    return provider?.name ?? id;
+  }
+
   /**
    * Returns the enabled authentication provider configurations for a team,
    * if given otherwise all enabled providers are returned.

From 33e3680782b5e46f2a7f68a1f79506d01a65deac Mon Sep 17 00:00:00 2001
From: Translate-O-Tron
 <75237327+outline-translations@users.noreply.github.com>
Date: Sat, 6 Jun 2026 08:43:35 -0400
Subject: [PATCH 22/27] New Crowdin updates (#12464)

* fix: New Czech translations from Crowdin [ci skip]

* fix: New French translations from Crowdin [ci skip]

* fix: New Danish translations from Crowdin [ci skip]

* fix: New Japanese translations from Crowdin [ci skip]

* fix: New Korean translations from Crowdin [ci skip]

* fix: New Portuguese, Brazilian translations from Crowdin [ci skip]

* fix: New Catalan translations from Crowdin [ci skip]

* fix: New Spanish translations from Crowdin [ci skip]

* fix: New Czech translations from Crowdin [ci skip]

* fix: New Romanian translations from Crowdin [ci skip]

* fix: New German translations from Crowdin [ci skip]

* fix: New Hebrew translations from Crowdin [ci skip]

* fix: New Hungarian translations from Crowdin [ci skip]

* fix: New Italian translations from Crowdin [ci skip]

* fix: New Dutch translations from Crowdin [ci skip]

* fix: New Polish translations from Crowdin [ci skip]

* fix: New Portuguese translations from Crowdin [ci skip]

* fix: New Swedish translations from Crowdin [ci skip]

* fix: New Turkish translations from Crowdin [ci skip]

* fix: New Ukrainian translations from Crowdin [ci skip]

* fix: New Chinese Simplified translations from Crowdin [ci skip]

* fix: New Chinese Traditional translations from Crowdin [ci skip]

* fix: New Vietnamese translations from Crowdin [ci skip]

* fix: New Indonesian translations from Crowdin [ci skip]

* fix: New Persian translations from Crowdin [ci skip]

* fix: New Thai translations from Crowdin [ci skip]

* fix: New English, United Kingdom translations from Crowdin [ci skip]

* fix: New Norwegian Bokmal translations from Crowdin [ci skip]

* fix: New French translations from Crowdin [ci skip]

* fix: New Danish translations from Crowdin [ci skip]

* fix: New Japanese translations from Crowdin [ci skip]

* fix: New Korean translations from Crowdin [ci skip]

* fix: New Portuguese, Brazilian translations from Crowdin [ci skip]

* fix: New Catalan translations from Crowdin [ci skip]

* fix: New Spanish translations from Crowdin [ci skip]

* fix: New Czech translations from Crowdin [ci skip]

* fix: New Romanian translations from Crowdin [ci skip]

* fix: New German translations from Crowdin [ci skip]

* fix: New Hebrew translations from Crowdin [ci skip]

* fix: New Hungarian translations from Crowdin [ci skip]

* fix: New Italian translations from Crowdin [ci skip]

* fix: New Dutch translations from Crowdin [ci skip]

* fix: New Polish translations from Crowdin [ci skip]

* fix: New Portuguese translations from Crowdin [ci skip]

* fix: New Swedish translations from Crowdin [ci skip]

* fix: New Turkish translations from Crowdin [ci skip]

* fix: New Ukrainian translations from Crowdin [ci skip]

* fix: New Chinese Simplified translations from Crowdin [ci skip]

* fix: New Chinese Traditional translations from Crowdin [ci skip]

* fix: New Vietnamese translations from Crowdin [ci skip]

* fix: New Indonesian translations from Crowdin [ci skip]

* fix: New Persian translations from Crowdin [ci skip]

* fix: New Thai translations from Crowdin [ci skip]

* fix: New English, United Kingdom translations from Crowdin [ci skip]

* fix: New Norwegian Bokmal translations from Crowdin [ci skip]

* fix: New French translations from Crowdin [ci skip]

* fix: New Danish translations from Crowdin [ci skip]

* fix: New Japanese translations from Crowdin [ci skip]

* fix: New Korean translations from Crowdin [ci skip]

* fix: New Portuguese, Brazilian translations from Crowdin [ci skip]

* fix: New Catalan translations from Crowdin [ci skip]

* fix: New Spanish translations from Crowdin [ci skip]

* fix: New Czech translations from Crowdin [ci skip]

* fix: New Romanian translations from Crowdin [ci skip]

* fix: New German translations from Crowdin [ci skip]

* fix: New Hebrew translations from Crowdin [ci skip]

* fix: New Hungarian translations from Crowdin [ci skip]

* fix: New Italian translations from Crowdin [ci skip]

* fix: New Dutch translations from Crowdin [ci skip]

* fix: New Polish translations from Crowdin [ci skip]

* fix: New Portuguese translations from Crowdin [ci skip]

* fix: New Swedish translations from Crowdin [ci skip]

* fix: New Turkish translations from Crowdin [ci skip]

* fix: New Ukrainian translations from Crowdin [ci skip]

* fix: New Chinese Simplified translations from Crowdin [ci skip]

* fix: New Chinese Traditional translations from Crowdin [ci skip]

* fix: New Vietnamese translations from Crowdin [ci skip]

* fix: New Indonesian translations from Crowdin [ci skip]

* fix: New Persian translations from Crowdin [ci skip]

* fix: New Thai translations from Crowdin [ci skip]

* fix: New English, United Kingdom translations from Crowdin [ci skip]

* fix: New Norwegian Bokmal translations from Crowdin [ci skip]

* fix: New French translations from Crowdin [ci skip]

* fix: New Danish translations from Crowdin [ci skip]

* fix: New Japanese translations from Crowdin [ci skip]

* fix: New Korean translations from Crowdin [ci skip]

* fix: New Portuguese, Brazilian translations from Crowdin [ci skip]

* fix: New Catalan translations from Crowdin [ci skip]

* fix: New Spanish translations from Crowdin [ci skip]

* fix: New Czech translations from Crowdin [ci skip]

* fix: New Romanian translations from Crowdin [ci skip]

* fix: New German translations from Crowdin [ci skip]

* fix: New Hebrew translations from Crowdin [ci skip]

* fix: New Hungarian translations from Crowdin [ci skip]

* fix: New Italian translations from Crowdin [ci skip]

* fix: New Dutch translations from Crowdin [ci skip]

* fix: New Polish translations from Crowdin [ci skip]

* fix: New Portuguese translations from Crowdin [ci skip]

* fix: New Swedish translations from Crowdin [ci skip]

* fix: New Turkish translations from Crowdin [ci skip]

* fix: New Ukrainian translations from Crowdin [ci skip]

* fix: New Chinese Simplified translations from Crowdin [ci skip]

* fix: New Chinese Traditional translations from Crowdin [ci skip]

* fix: New Vietnamese translations from Crowdin [ci skip]

* fix: New Indonesian translations from Crowdin [ci skip]

* fix: New Persian translations from Crowdin [ci skip]

* fix: New Thai translations from Crowdin [ci skip]

* fix: New English, United Kingdom translations from Crowdin [ci skip]

* fix: New Norwegian Bokmal translations from Crowdin [ci skip]

* fix: New Italian translations from Crowdin [ci skip]

* fix: New French translations from Crowdin [ci skip]

* fix: New Danish translations from Crowdin [ci skip]

* fix: New Japanese translations from Crowdin [ci skip]

* fix: New Korean translations from Crowdin [ci skip]

* fix: New Portuguese, Brazilian translations from Crowdin [ci skip]

* fix: New Catalan translations from Crowdin [ci skip]

* fix: New Spanish translations from Crowdin [ci skip]

* fix: New Czech translations from Crowdin [ci skip]

* fix: New Romanian translations from Crowdin [ci skip]

* fix: New German translations from Crowdin [ci skip]

* fix: New Hebrew translations from Crowdin [ci skip]

* fix: New Hungarian translations from Crowdin [ci skip]

* fix: New Italian translations from Crowdin [ci skip]

* fix: New Dutch translations from Crowdin [ci skip]

* fix: New Polish translations from Crowdin [ci skip]

* fix: New Portuguese translations from Crowdin [ci skip]

* fix: New Swedish translations from Crowdin [ci skip]

* fix: New Turkish translations from Crowdin [ci skip]

* fix: New Ukrainian translations from Crowdin [ci skip]

* fix: New Chinese Simplified translations from Crowdin [ci skip]

* fix: New Chinese Traditional translations from Crowdin [ci skip]

* fix: New Vietnamese translations from Crowdin [ci skip]

* fix: New Indonesian translations from Crowdin [ci skip]

* fix: New Persian translations from Crowdin [ci skip]

* fix: New Thai translations from Crowdin [ci skip]

* fix: New English, United Kingdom translations from Crowdin [ci skip]

* fix: New Norwegian Bokmal translations from Crowdin [ci skip]

* fix: New Italian translations from Crowdin [ci skip]
---
 shared/i18n/locales/ca_ES/translation.json |  16 ++-
 shared/i18n/locales/cs_CZ/translation.json | 110 +++++++++++----------
 shared/i18n/locales/da_DK/translation.json |  16 ++-
 shared/i18n/locales/de_DE/translation.json |  16 ++-
 shared/i18n/locales/en_GB/translation.json |  16 ++-
 shared/i18n/locales/es_ES/translation.json |  18 ++--
 shared/i18n/locales/fa_IR/translation.json |  16 ++-
 shared/i18n/locales/fr_FR/translation.json |  16 ++-
 shared/i18n/locales/he_IL/translation.json |  16 ++-
 shared/i18n/locales/hu_HU/translation.json |  16 ++-
 shared/i18n/locales/id_ID/translation.json |  16 ++-
 shared/i18n/locales/it_IT/translation.json |  16 ++-
 shared/i18n/locales/ja_JP/translation.json |  16 ++-
 shared/i18n/locales/ko_KR/translation.json |  16 ++-
 shared/i18n/locales/nb_NO/translation.json |  16 ++-
 shared/i18n/locales/nl_NL/translation.json |  16 ++-
 shared/i18n/locales/pl_PL/translation.json |  16 ++-
 shared/i18n/locales/pt_BR/translation.json |  16 ++-
 shared/i18n/locales/pt_PT/translation.json |  16 ++-
 shared/i18n/locales/ro_RO/translation.json |  16 ++-
 shared/i18n/locales/sv_SE/translation.json |  16 ++-
 shared/i18n/locales/th_TH/translation.json |  16 ++-
 shared/i18n/locales/tr_TR/translation.json |  16 ++-
 shared/i18n/locales/uk_UA/translation.json |  16 ++-
 shared/i18n/locales/vi_VN/translation.json |  16 ++-
 shared/i18n/locales/zh_CN/translation.json |  16 ++-
 shared/i18n/locales/zh_TW/translation.json |  16 ++-
 27 files changed, 345 insertions(+), 183 deletions(-)

diff --git a/shared/i18n/locales/ca_ES/translation.json b/shared/i18n/locales/ca_ES/translation.json
index 7fd5a0f8fc..891f5d544f 100644
--- a/shared/i18n/locales/ca_ES/translation.json
+++ b/shared/i18n/locales/ca_ES/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Els lectors només poden veure i comentar documents.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Esteu segur que voleu fer que {{ userName }} sigui {{ role }}?",
   "I understand, delete": "Entenc, elimina",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Esteu segur que voleu eliminar permanentment {{ userName }}? Aquesta operació és irrecuperable, considereu suspendre l'usuari.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Esteu segur que voleu suspendre {{ userName }}? S'evitarà que els usuaris suspesos iniciïn sessió.",
   "New name": "Nom nou",
   "Name can't be empty": "El nom no es pot deixar buit",
+  "Profile picture updated": "Foto de perfil actualitzada",
+  "Unable to upload new profile picture": "No s'ha pogut penjar la nova foto de perfil",
+  "Profile picture": "Foto de perfil",
+  "Done": "Done",
   "Check your email to verify the new address.": "Comproveu el vostre correu electrònic per verificar la nova adreça.",
   "The email will be changed once verified.": "El correu electrònic es canviarà un cop verificat.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "Rebreu un correu electrònic per verificar la teva nova adreça. Ha de ser únic en l'espai de treball.",
@@ -575,7 +579,6 @@
   "Paste a link": "Enganxa un enllaç",
   "Delete embed": "Elimina l'incrustació",
   "Delete image": "Elimina la imatge",
-  "Profile picture": "Foto de perfil",
   "Create a new doc": "Crea un document",
   "Create a nested doc": "Crea un document niat",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} no serà notificat, ja que no te accés a aquest document",
@@ -680,6 +683,7 @@
   "Embeds": "Incrustacions",
   "Configure which embed providers are available in the editor.": "Configura quins proveïdors d'incrustació estan disponibles a l'editor.",
   "Install": "Instal·lar",
+  "Change profile picture": "Change profile picture",
   "Change name": "Canvia el nom",
   "Change email": "Canvia el correu electrònic",
   "Suspend user": "Suspèn l'usuari",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "Se us redirigirà a <em>{{ redirectUri }}</em> després d'autoritzar. Assegureu-vos que confieu en aquest URL.",
   "read": "llegir",
   "write": "escriure",
+  "create": "create",
   "read and write": "llegir i escriure",
   "API keys": "Claus API",
   "attachments": "adjunts",
@@ -1052,8 +1057,10 @@
   "users": "usuaris",
   "teams": "equips",
   "workspace": "espai de treball",
+  "Full access": "Full access",
   "Read all data": "Llegeix totes les dades",
   "Write all data": "Escriu totes les dades",
+  "Create all data": "Create all data",
   "Any collection": "Qualsevol col·lecció",
   "All time": "Des de sempre",
   "Past day": "El darrer dia",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "S'està processant la vostra importació, podeu sortir d'aquesta pàgina",
   "File not supported – please upload a valid ZIP file": "El fitxer no és compatible – pugeu un fitxer ZIP vàlid",
   "Set the default permission level for collections created from the import": "Estableix el nivell de permisos per defecte per a les col·leccions creades a partir de la importació",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Inicia la importació",
   "Added by": "Afegit per",
   "Date added": "Data d'addició",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Trieu com s'indiquen les notificacions sense llegir a la icona de l'aplicació.",
   "You may delete your account at any time, note that this is unrecoverable": "Podeu eliminar el vostre compte en qualsevol moment, tingueu en compte que això no es pot recuperar",
   "Profile saved": "S'ha desat el perfil",
-  "Profile picture updated": "Foto de perfil actualitzada",
-  "Unable to upload new profile picture": "No s'ha pogut penjar la nova foto de perfil",
   "Manage how you appear to other members of the workspace.": "Gestioneu com apareixeu a altres membres de l'espai de treball.",
   "Photo": "Foto",
   "Choose a photo or image to represent yourself.": "Trieu una foto o una imatge per a representar-te.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "Encara no s'ha creat cap plantilla",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} està utilitzant {{ appName }} per compartir documents, inicieu la sessió per continuar.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "S'ha enviat un codi de confirmació a la vostra adreça de correu electrònic. Si us plau, introduïu el codi de sota per eliminar permanentment aquest espai de treball.",
-  "Confirmation code": "Codi de confirmació",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Suprimint l'espai de treball <1>{{workspaceName}}</1> es destruiran totes les col·leccions, documents, usuaris i dades associades. Se us tancarà la sessió immediatament de {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Tingueu en compte que els espais de treball estan completament separats. Poden tenir un domini diferent, configuració, usuaris i facturació.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "Esteu creant un espai de treball nou utilitzant el vostre compte actual — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Proporcioneu un nom descriptiu per a aquest webhook i l'URL a la qual hauríem d'enviar una sol·licitud POST quan es creïn esdeveniments coincidents.",
   "A memorable identifer": "Un identificador memorable",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Clau de la signatura",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Subscriu-te a tots els esdeveniments, grups o esdeveniments individuals. Recomanem només subscriure's a la quantitat mínima d'esdeveniments que la teva aplicació necessita per funcionar.",
   "All events": "Tots els esdeveniments",
diff --git a/shared/i18n/locales/cs_CZ/translation.json b/shared/i18n/locales/cs_CZ/translation.json
index 67051ea38e..8e44e004cf 100644
--- a/shared/i18n/locales/cs_CZ/translation.json
+++ b/shared/i18n/locales/cs_CZ/translation.json
@@ -1,7 +1,7 @@
 {
   "New API key": "Nový API klíč",
   "Copy": "Kopírovat",
-  "API key copied": "API key copied",
+  "API key copied": "API klíč byl zkopírován",
   "Delete": "Odstranit",
   "Revoke": "Odebrat",
   "Revoke API key": "Odebrat API klíč",
@@ -169,7 +169,7 @@
   "New workspace": "Nový pracovní prostor",
   "Create a workspace": "Vytvořit pracovní prostor",
   "Login to workspace": "Přihlásit se do pracovního prostoru",
-  "template": "template",
+  "template": "šablona",
   "Template deleted": "Šablona byla odstraněna",
   "Deleting": "Odstraňování…",
   "Are you sure about that? Deleting the <em>{{ templateName }}</em> template is permanent.": "Jste si jisti? Smazání šablony <em>{{ templateName }}</em> je trvalé.",
@@ -386,15 +386,15 @@
   "Sorry, an error occurred.": "Došlo k chybě.",
   "Click to retry": "Zkuste to znovu",
   "Back": "Zpět",
-  "Can view the document": "Can view the document",
-  "Can view and edit the document": "Can view and edit the document",
+  "Can view the document": "Může prohlížet dokument",
+  "Can view and edit the document": "Může prohlížet a upravovat dokument",
   "Manage": "Spravovat",
-  "Full access including sharing": "Full access including sharing",
+  "Full access including sharing": "Plný přístup včetně sdílení",
   "Permissions for {{ userName }} updated": "Oprávnění pro uživatele {{ userName }} byla aktualizována",
-  "Failed to approve access request": "Failed to approve access request",
-  "Access request dismissed": "Access request dismissed",
-  "Failed to dismiss access request": "Failed to dismiss access request",
-  "Approve": "Approve",
+  "Failed to approve access request": "Schválení žádosti o přístup se nezdařilo",
+  "Access request dismissed": "Žádost o přístup byla zamítnuta",
+  "Failed to dismiss access request": "Zamítnutí žádosti o přístup se nezdařilo",
+  "Approve": "Schválit",
   "Notification options": "Možnosti oznámení",
   "Unknown": "Neznámý",
   "Mentions": "Zmínky",
@@ -434,7 +434,7 @@
   "Public link copied to clipboard": "Veřejný odkaz byl zkopírován do schránky",
   "Only lowercase letters, digits and dashes allowed": "Jsou povolena pouze malá písmena, číslice a pomlčky",
   "Sorry, this link has already been used": "Odkaz již byl použit.",
-  "Publish to web": "Publish to web",
+  "Publish to web": "Zveřejnit na webu",
   "Allow anyone with the link to access": "Povolit přístup komukoli s odkazem",
   "Publish to internet": "Zveřejnit na internetu",
   "All documents in this collection will be shared on the web, including any new documents added later": "Všechny dokumenty v této kolekci budou sdíleny na webu, včetně nových dokumentů přidaných později.",
@@ -450,12 +450,12 @@
   "Logo": "Logo",
   "Add": "Přidat",
   "Add or invite": "Přidat nebo pozvat",
-  "Sharing settings updated": "Sharing settings updated",
-  "Display settings": "Display settings",
-  "Customize how the published document is displayed": "Customize how the published document is displayed",
-  "Image options": "Image options",
-  "Upload": "Upload",
-  "Site title": "Site title",
+  "Sharing settings updated": "Nastavení sdílení bylo aktualizováno",
+  "Display settings": "Nastavení zobrazení",
+  "Customize how the published document is displayed": "Přizpůsobit zobrazení zveřejněného dokumentu",
+  "Image options": "Možnosti obrázku",
+  "Upload": "Nahrát",
+  "Site title": "Název webu",
   "Show last modified": "Zobrazit poslední úpravu",
   "Display the last modified timestamp on the shared page": "Zobrazit čas poslední úpravy na sdílené stránce",
   "Show table of contents": "Zobrazit obsah",
@@ -509,7 +509,7 @@
   "Expand": "Rozbalit",
   "Document not supported – try Markdown, Plain text, HTML, or Word": "Dokument není podporován – zkuste Markdown, čistý text, HTML nebo Word.",
   "Import files": "Importovat soubory",
-  "Recent": "Recent",
+  "Recent": "Nedávné",
   "Go back": "Zpět",
   "Go forward": "Vpřed",
   "Could not load shared documents": "Sdílené dokumenty se nepodařilo načíst",
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Prohlížející mohou dokumenty pouze prohlížet a komentovat.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Opravdu chcete uživateli {{ userName }} nastavit roli {{ role }}?",
   "I understand, delete": "Rozumím, odstranit",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Opravdu chcete uživatele {{ userName }} trvale odstranit? Tuto operaci nelze vrátit zpět, zvažte jeho pozastavení.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Opravdu chcete pozastavit uživatele {{ userName }}? Pozastavení uživatelé se nebudou moci přihlásit.",
   "New name": "Nový název",
   "Name can't be empty": "Název nemůže být prázdný",
+  "Profile picture updated": "Profilový obrázek byl aktualizován",
+  "Unable to upload new profile picture": "Nový profilový obrázek se nepodařilo nahrát",
+  "Profile picture": "Profilový obrázek",
+  "Done": "Done",
   "Check your email to verify the new address.": "Pro ověření nové adresy zkontrolujte e-mail.",
   "The email will be changed once verified.": "E-mail bude změněn po ověření.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "Obdržíte e-mail k ověření nové adresy. Adresa musí být v rámci pracovního prostoru unikátní.",
@@ -575,7 +579,6 @@
   "Paste a link": "Vložit odkaz",
   "Delete embed": "Odstranit vložený prvek",
   "Delete image": "Odstranit obrázek",
-  "Profile picture": "Profilový obrázek",
   "Create a new doc": "Vytvořit nový dokument",
   "Create a nested doc": "Vytvořit zanořený dokument",
   "{{ userName }} won't be notified, as they do not have access to this document": "Uživatel {{ userName }} nebude upozorněn, protože nemá k dokumentu přístup.",
@@ -680,6 +683,7 @@
   "Embeds": "Embedy",
   "Configure which embed providers are available in the editor.": "Nastavit, kteří poskytovatelé vložených prvků jsou k dispozici v editoru.",
   "Install": "Instalovat",
+  "Change profile picture": "Change profile picture",
   "Change name": "Změnit jméno",
   "Change email": "Změnit e-mail",
   "Suspend user": "Pozastavit uživatele",
@@ -727,9 +731,9 @@
   "reacted {{ emoji }} to your comment on": "reagoval {{ emoji }} na komentář v",
   "shared": "sdíleno",
   "invited you to": "vás pozval do",
-  "was granted access to": "was granted access to",
-  "requested access to": "requested access to",
-  "is requesting access to": "is requesting access to",
+  "was granted access to": "získal přístup k",
+  "requested access to": "požádal o přístup k",
+  "is requesting access to": "žádá o přístup k",
   "Choose a date": "Vybrat datum",
   "API key created. Please copy the value now as it will not be shown again.": "API klíč byl vytvořen. Hodnotu si ihned zkopírujte, znovu se již nezobrazí.",
   "Scopes": "Rozsahy",
@@ -826,9 +830,9 @@
   "{{userName}} published": "{{userName}} zveřejnil",
   "{{userName}} unpublished": "Uživatel {{userName}} zrušil zveřejnění",
   "{{userName}} moved": "{{userName}} přesunul",
-  "Previous version": "Previous version",
+  "Previous version": "Předchozí verze",
   "Highlight changes": "Zvýraznit změny",
-  "Compare to": "Compare to",
+  "Compare to": "Porovnat s",
   "No history yet": "Zatím žádná historie",
   "Revision deleted": "Revize byla odstraněna",
   "Current version": "Aktuální verze",
@@ -867,10 +871,10 @@
   "Add content to your document, then use headings or dividers to separate it into slides.": "Přidejte do dokumentu obsah a poté použijte nadpisy nebo oddělovače pro jeho rozdělení do snímků pro prezentaci.",
   "Learn more": "Zjistit více",
   "Backlinks": "Zpětné odkazy",
-  "Clear search highlight": "Clear search highlight",
+  "Clear search highlight": "Zrušit zvýraznění hledání",
   "Warning": "Varování",
   "This document is large which may affect performance": "Dokument je rozsáhlý, což může ovlivnit výkon aplikace.",
-  "Are you sure about that? Deleting the <em>{{ documentTitle }}</em> document will delete all of its history</em>.": "Opravdu chcete pokračovat? Odstraněním dokumentu <em>{{ documentTitle }}</em> smažete i celou jeho historii.",
+  "Are you sure about that? Deleting the <em>{{ documentTitle }}</em> document will delete all of its history</em>.": "Opravdu chcete pokračovat? Odstraněním dokumentu <em>{{ documentTitle }}</em> smažete i celou jeho historii</em>.",
   "Are you sure about that? Deleting the <em>{{ documentTitle }}</em> document will delete all of its history and <em>{{ any }} nested document</em>.": "Opravdu chcete pokračovat? Odstraněním dokumentu <em>{{ documentTitle }}</em> smažete celou jeho historii i <em>{{ any }} vnořený dokument</em>.",
   "Are you sure about that? Deleting the <em>{{ documentTitle }}</em> document will delete all of its history and <em>{{ any }} nested document</em>._plural": "Opravdu chcete pokračovat? Odstraněním dokumentu <em>{{ documentTitle }}</em> smažete celou jeho historii i <em>{{ any }} vnořené dokumenty</em>.",
   "If you’d like the option of referencing or restoring the {{noun}} in the future, consider archiving it instead.": "Pokud chcete mít možnost se k {{noun}} v budoucnu vrátit, zvažte místo odstranění archivaci.",
@@ -885,13 +889,13 @@
   "No documents found for your filters.": "Pro vybrané filtry nebyly nalezeny žádné dokumenty.",
   "You’ve not got any drafts at the moment.": "Momentálně nemáte žádné koncepty.",
   "Payment Required": "Vyžadována platba",
-  "Access request sent": "Access request sent",
+  "Access request sent": "Žádost o přístup byla odeslána",
   "No access to this doc": "K tomuto dokumentu nemáte přístup",
-  "Your request to access this document has been sent. You will be notified once access is granted.": "Your request to access this document has been sent. You will be notified once access is granted.",
-  "It doesn't look like you have permission to access this document. You can request access.": "It doesn't look like you have permission to access this document. You can request access.",
-  "Access requested": "Access requested",
-  "Requesting…": "Requesting…",
-  "Request access": "Request access",
+  "Your request to access this document has been sent. You will be notified once access is granted.": "Vaše žádost o přístup k tomuto dokumentu byla odeslána. Jakmile vám bude přístup udělen, obdržíte upozornění.",
+  "It doesn't look like you have permission to access this document. You can request access.": "Vypadá to, že nemáte oprávnění k přístupu do tohoto dokumentu. Můžete o přístup požádat.",
+  "Access requested": "Přístup vyžádán",
+  "Requesting…": "Odesílání žádosti…",
+  "Request access": "Požádat o přístup",
   "Not found": "Nenalezeno",
   "The page you’re looking for cannot be found. It might have been deleted or the link is incorrect.": "Hledaná stránka nebyla nalezena. Mohla být odstraněna nebo je odkaz neplatný.",
   "We were unable to load the document while offline.": "V režimu offline se dokument nepodařilo načíst.",
@@ -983,8 +987,8 @@
   "Continue": "Pokračovat",
   "Sorry, the code you entered is invalid or has expired.": "Zadaný kód je neplatný nebo jeho platnost vypršela.",
   "The domain associated with your email address has not been allowed for this workspace.": "Doména spojená s e-mailem není pro pracovní prostor povolena.",
-  "Unable to sign-in. Please navigate to your workspace's custom URL, then try to sign-in again.<1></1>If you were invited to a workspace, you will find a link to it in the invite email.": "Přihlášení se nezdařilo. Přejděte prosím na vlastní URL adresu pracovního prostoru a zkuste to znovu. Pokud jste obdrželi pozvánku, odkaz najdete v e-mailu.",
-  "Sorry, a new account cannot be created with a personal Gmail address.<1></1>Please use a Google Workspaces account instead.": "Nový účet nelze vytvořit s osobní Gmail adresou. Použijte prosím firemní účet Google Workspace.",
+  "Unable to sign-in. Please navigate to your workspace's custom URL, then try to sign-in again.<1></1>If you were invited to a workspace, you will find a link to it in the invite email.": "Přihlášení se nezdařilo. Přejdete prosím na vlastní URL adresu pracovního prostoru a zkuste to znovu.<1></1>Pokud jste obdrželi pozvánku, odkaz k němu najdete v e-mailu s pozvánkou.",
+  "Sorry, a new account cannot be created with a personal Gmail address.<1></1>Please use a Google Workspaces account instead.": "Nový účet nelze vytvořit s osobním Gmailem.<1></1>Místo toho prosím použijte účet Google Workspace.",
   "The workspace associated with your user is scheduled for deletion and cannot be accessed at this time.": "Pracovní prostor spojený s účtem je naplánován k odstranění a momentálně není přístupný.",
   "The workspace you authenticated with is not authorized on this installation. Try another?": "Pracovní prostor, přes který jste se ověřili, není v této instalaci autorizován.",
   "We could not read the user info supplied by your identity provider.": "Nepodařilo se načíst informace o uživateli od poskytovatele identity.",
@@ -996,7 +1000,7 @@
   "Your account has been suspended. To re-activate your account, please contact a workspace admin.": "Účet byl pozastaven. Pro reaktivaci kontaktujte správce pracovního prostoru.",
   "This workspace has been suspended. Please contact support to restore access.": "Pracovní prostor byl pozastaven. Pro obnovení přístupu kontaktujte podporu.",
   "Authentication failed – this login method was disabled by a workspace admin.": "Ověření selhalo – způsob přihlášení byl správcem zakázán.",
-  "The workspace you are trying to join requires an invite before you can create an account.<1></1>Please request an invite from your workspace admin and try again.": "Pracovní prostor vyžaduje před vytvořením účtu pozvánku. Požádejte správce o pozvánku a zkuste to znovu.",
+  "The workspace you are trying to join requires an invite before you can create an account.<1></1>Please request an invite from your workspace admin and try again.": "Pracovní prostor, ke kterému se pokoušíte připojit, vyžaduje před vytvořením účtu pozvání.<1></1>Požádejte prosím správce pracovního prostoru o pozvánku a zkuste to znovu.",
   "Sorry, an unknown error occurred.": "Došlo k neznámé chybě.",
   "Choose a workspace": "Vybrat pracovní prostor",
   "Choose an {{ appName }} workspace or login to continue connecting this app": "Pro připojení aplikace vyberte pracovní prostor {{ appName }} nebo se přihlaste.",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "Po autorizaci budete přesměrováni na <em>{{ redirectUri }}</em> . Ujistěte se, že důvěřujete této URL.",
   "read": "čtení",
   "write": "zápis",
+  "create": "create",
   "read and write": "čtení a zápis",
   "API keys": "API klíče",
   "attachments": "přílohy",
@@ -1052,8 +1057,10 @@
   "users": "uživatelé",
   "teams": "týmy",
   "workspace": "pracovní prostor",
+  "Full access": "Full access",
   "Read all data": "Číst všechna data",
   "Write all data": "Zapisovat všechna data",
+  "Create all data": "Create all data",
   "Any collection": "Jakákoliv kolekce",
   "All time": "Celá doba",
   "Past day": "Posledních 24 hodin",
@@ -1074,12 +1081,12 @@
   "Search titles only": "Hledat pouze v názvech",
   "Please try again or contact support if the problem persists": "Zkuste to znovu, nebo v případě přetrvávajících potíží kontaktujte podporu.",
   "No documents found for your search filters.": "Pro vybrané filtry nebyly nalezeny žádné dokumenty.",
-  "Personal keys": "Personal keys",
+  "Personal keys": "Osobní klíče",
   "Create personal API keys to authenticate with the API and programatically control\n      your workspace's data. For more details see the <em>developer documentation</em>.": "Vytvořte si osobní API klíče pro autentizaci a programové řízení dat v pracovním prostoru. Podrobnosti najdete ve <em>vývojářské dokumentaci</em>.",
   "API keys have been disabled by an admin for your account": "API klíče pro váš účet byly deaktivovány správcem",
   "Application access": "Přístup k aplikacím",
   "Manage which third-party and internal applications have been granted access to your {{ appName }} account.": "Spravujte aplikace třetích stran a interní aplikace s přístupem k účtu {{ appName }}.",
-  "Could not load API keys": "Could not load API keys",
+  "Could not load API keys": "API klíče se nepodařilo načíst",
   "API": "API",
   "API keys can be used to authenticate with the API and programatically control\n          your workspace's data. For more details see the <em>developer documentation</em>.": "API klíče slouží k autentizaci a programové správě dat v pracovním prostoru. Podrobnosti najdete ve <em>vývojářské dokumentaci</em>.",
   "Application published": "Aplikace byla zveřejněna",
@@ -1140,15 +1147,15 @@
   "API key copied to clipboard": "API klíč byl zkopírován do schránky",
   "Copied": "Zkopírováno",
   "Are you sure you want to revoke the {{ tokenName }} token?": "Opravdu chcete odebrat token {{ tokenName }}?",
-  "Key": "Key",
-  "Created by": "Created by",
-  "Never": "Never",
-  "Expires": "Expires",
-  "Could not load preference": "Could not load preference",
+  "Key": "Klíč",
+  "Created by": "Vytvořil(a)",
+  "Never": "Nikdy",
+  "Expires": "Vyprší",
+  "Could not load preference": "Předvolbu se nepodařilo načíst",
   "Preferences saved": "Předvolby byly uloženy",
-  "Could not save preference": "Could not save preference",
-  "Open on startup": "Open on startup",
-  "Automatically launch {{ appName }} when you sign in to your computer.": "Automatically launch {{ appName }} when you sign in to your computer.",
+  "Could not save preference": "Předvolbu se nepodařilo uložit",
+  "Open on startup": "Otevřít při spuštění",
+  "Automatically launch {{ appName }} when you sign in to your computer.": "Automaticky spustit {{ appName }} po přihlášení k počítači.",
   "Disconnect integration": "Odpojit integraci",
   "Disconnecting": "Odpojování…",
   "Are you sure you want to disconnect the <em>{{ service }}</em> integration?": "Opravdu chcete odpojit integraci <em>{{ service }}</em>?",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Import se zpracovává, tuto stránku můžete opustit.",
   "File not supported – please upload a valid ZIP file": "Soubor není podporován – nahrajte prosím platný ZIP soubor.",
   "Set the default permission level for collections created from the import": "Nastavte výchozí úroveň oprávnění pro kolekce vytvořené z importu.",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Spustit import",
   "Added by": "Přidal",
   "Date added": "Dne",
@@ -1327,8 +1335,8 @@
   "Receive a notification when you are given access to a collection": "Dostávat upozornění, když získáte přístup ke kolekci",
   "Export completed": "Export byl dokončen",
   "Receive a notification when an export you requested has been completed": "Dostávat upozornění na dokončení požadovaného exportu",
-  "Document access requested": "Document access requested",
-  "Receive a notification when a user requests access to a document you manage": "Receive a notification when a user requests access to a document you manage",
+  "Document access requested": "Byl vyžádán přístup k dokumentu",
+  "Receive a notification when a user requests access to a document you manage": "Dostávat upozornění, když uživatel požádá o přístup k dokumentu, který spravujete",
   "Getting started": "Začínáme",
   "Tips on getting started with features and functionality": "Tipy, jak začít pracovat s funkcemi aplikace",
   "New features": "Nové funkce",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Vyberte si, jak se budou zobrazovat nepřečtená oznámení v ikoně aplikace.",
   "You may delete your account at any time, note that this is unrecoverable": "Účet můžete kdykoli odstranit. Tuto akci nelze vrátit zpět.",
   "Profile saved": "Profil byl uložen",
-  "Profile picture updated": "Profilový obrázek byl aktualizován",
-  "Unable to upload new profile picture": "Nový profilový obrázek se nepodařilo nahrát",
   "Manage how you appear to other members of the workspace.": "Správa údajů, které vidí ostatní členové pracovního prostoru.",
   "Photo": "Fotografie",
   "Choose a photo or image to represent yourself.": "Vyberte si profilovou fotografii nebo obrázek.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "Zatím nebyly vytvořeny žádné šablony",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "Tým {{ teamName }} používá ke sdílení dokumentů aplikaci {{ appName }}. Pro pokračování se prosím přihlaste.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "Na e-mail byl odeslán potvrzovací kód. Zadejte jej níže pro trvalé odstranění pracovního prostoru.",
-  "Confirmation code": "Potvrzovací kód",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Odstraněním pracovního prostoru <1>{{workspaceName}}</1> budou smazány veškeré kolekce, dokumenty, uživatelé i související data. Budete okamžitě odhlášeni z {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Upozorňujeme, že pracovní prostory jsou zcela oddělené a mohou mít vlastní doménu, nastavení, uživatele i fakturaci.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "Vytváříte nový pracovní prostor pod aktuálním účtem — <em>{{email}}</em>.",
@@ -1530,7 +1535,7 @@
   "Measurement ID": "ID měření",
   "Create a \"Web\" stream in your Google Analytics admin dashboard and copy the measurement ID from the generated code snippet to install.": "V administraci Google Analytics vytvořte stream typu „Web“ a zkopírujte ID měření k instalaci.",
   "Whoops, you need to accept the permissions in Linear to connect {{appName}} to your workspace. Try again?": "Pro připojení {{appName}} musíte v Linear udělit potřebná oprávnění. Zkusit znovu?",
-  "Enable previews of Linear issues in documents by connecting a Linear workspace to {{appName}}.": "Propojením s pracovním prostorem Linear povolíte náhledy úkolů (issues) přímo v dokumentech.",
+  "Enable previews of Linear issues in documents by connecting a Linear workspace to {{appName}}.": "Propojením pracovního prostoru Linear s aplikací {{appName}} povolíte náhledy úkolů (issues) přímo v dokumentech.",
   "Disconnecting will prevent previewing Linear links from this workspace in documents. Are you sure?": "Odpojením přijdete o náhledy odkazů z Linear v dokumentech. Opravdu?",
   "The Linear integration is currently disabled. Please set the associated environment variables and restart the server to enable the integration.": "Integrace s Linear je deaktivována. Pro její aktivaci nastavte proměnné prostředí a restartujte server.",
   "Configure a Matomo installation to send views and analytics from the workspace to your own Matomo instance.": "Nakonfigurujte Matomo pro odesílání analytických dat do vaší vlastní instance.",
@@ -1607,13 +1612,14 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Zadejte název webhooku a URL adresu, na kterou má být odeslán požadavek POST při vzniku vybraných událostí.",
   "A memorable identifer": "Snadno rozpoznatelný název",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Podpisový klíč (signing secret)",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Přihlaste se k odběru událostí. Doporučujeme odebírat pouze nezbytné minimum událostí potřebných pro fungování aplikace.",
   "All events": "Všechny události",
   "All {{ groupName }} events": "Všechny události skupiny {{ groupName }}",
   "Webhook": "Webhook",
   "Webhook created": "Webhook byl vytvořen",
-  "Could not load webhooks": "Could not load webhooks",
+  "Could not load webhooks": "Webhooky se nepodařilo načíst",
   "Webhooks": "Webhooky",
   "Webhooks can be used to notify your application when events happen in {{appName}}. Events are sent as a https request with a JSON payload in near real-time.": "Webhooky slouží k zasílání upozornění do vaší aplikace při událostech v {{appName}}. Události jsou odesílány jako HTTPS požadavky s JSON daty v reálném čase.",
   "Zapier is a platform that allows {{appName}} to easily integrate with thousands of other business tools. Automate your workflows, sync data, and more.": "Zapier umožňuje snadno propojit {{appName}} s tisíci dalších nástrojů. Automatizujte své procesy a synchronizujte data.",
diff --git a/shared/i18n/locales/da_DK/translation.json b/shared/i18n/locales/da_DK/translation.json
index cbaf167523..2c563fe826 100644
--- a/shared/i18n/locales/da_DK/translation.json
+++ b/shared/i18n/locales/da_DK/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Seere kan kun se og kommentere på dokumenter.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Er du sikker på, at du vil gøre {{ userName }} til {{ role }}?",
   "I understand, delete": "Jeg forstår, slet",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Er du sikker på, at du vil slette {{ userName }} permanent? Denne handling kan ikke fortrydes, overvej at suspendere brugeren i stedet.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Er du sikker på, at du vil suspendere {{ userName }}? Suspenderede brugere vil blive forhindret i at logge ind.",
   "New name": "Nyt navn",
   "Name can't be empty": "Navn skal udfyldes.",
+  "Profile picture updated": "Profilbillede opdateret",
+  "Unable to upload new profile picture": "Kunne ikke uploade nyt profilbillede",
+  "Profile picture": "Profilbillede",
+  "Done": "Done",
   "Check your email to verify the new address.": "Tjek din e-mail for at bekræfte den nye adresse.",
   "The email will be changed once verified.": "E-mailen vil blive ændret når den er bekræftet.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "Du vil modtage en e-mail for at bekræfte din nye adresse. Den skal være unik i arbejdsområdet.",
@@ -575,7 +579,6 @@
   "Paste a link": "Indsæt et link",
   "Delete embed": "Delete embed",
   "Delete image": "Slet billede",
-  "Profile picture": "Profilbillede",
   "Create a new doc": "Opret et nyt dokument",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} bliver ikke underrettet, da de ikke har adgang til dette dokument",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "Install",
+  "Change profile picture": "Change profile picture",
   "Change name": "Change name",
   "Change email": "Change email",
   "Suspend user": "Suspend user",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "read",
   "write": "write",
+  "create": "create",
   "read and write": "read and write",
   "API keys": "API keys",
   "attachments": "attachments",
@@ -1052,8 +1057,10 @@
   "users": "users",
   "teams": "teams",
   "workspace": "workspace",
+  "Full access": "Full access",
   "Read all data": "Read all data",
   "Write all data": "Write all data",
+  "Create all data": "Create all data",
   "Any collection": "Any collection",
   "All time": "All time",
   "Past day": "Past day",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Your import is being processed, you can safely leave this page",
   "File not supported – please upload a valid ZIP file": "File not supported – please upload a valid ZIP file",
   "Set the default permission level for collections created from the import": "Set the default permission level for collections created from the import",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Start import",
   "Added by": "Added by",
   "Date added": "Date added",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "Du kan til enhver tid slette din konto, bemærk, at dette ikke kan genskabes",
   "Profile saved": "Profil gemt",
-  "Profile picture updated": "Profilbillede opdateret",
-  "Unable to upload new profile picture": "Kunne ikke uploade nyt profilbillede",
   "Manage how you appear to other members of the workspace.": "Administrer hvordan du vises for andre medlemmer af arbejdsområdet.",
   "Photo": "Foto",
   "Choose a photo or image to represent yourself.": "Vælg et foto eller billede til at repræsentere dig selv.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} bruger {{ appName }} til at dele dokumenter, log venligst ind for at fortsætte.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "En bekræftelseskode er blevet sendt til din e-mailadresse, angiv koden nedenfor for permanent at ødelægge dette arbejdsområde.",
-  "Confirmation code": "Bekræftelseskode",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Sletning af arbejdsrummet <1>{{workspaceName}}</1> vil ødelægge alle samlinger, dokumenter, brugere og tilknyttede data. Du vil straks blive logget ud af {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Bemærk venligst, at arbejdsområder er helt adskilt. De kan have et andet domæne, indstillinger, brugere og fakturering.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "Du opretter et nyt arbejdsområde ved hjælp af din nuværende konto — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Angiv et beskrivende navn til denne webhook og URL-adressen vi skal sende en POST-anmodning til, når matchende hændelser forekommer.",
   "A memorable identifer": "En mindeværdig identitet",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Signeringshemmelighed",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Abonner på alle hændelser, grupper eller individuelle hændelser. Vi anbefaler kun at abonnere på det minimum af hændelser, som din applikation behøver for at fungere.",
   "All events": "Alle hændelser",
diff --git a/shared/i18n/locales/de_DE/translation.json b/shared/i18n/locales/de_DE/translation.json
index 1dd943df6e..5902350ea4 100644
--- a/shared/i18n/locales/de_DE/translation.json
+++ b/shared/i18n/locales/de_DE/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Betrachter können nur Dokumente sehen und kommentieren.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Sind Sie sicher, dass Sie {{ userName }} zu einem {{ role }} machen möchten?",
   "I understand, delete": "Ich verstehe, löschen",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Bist du sicher {{ userName }} dauerhaft zu löschen? Dieser Vorgang ins nicht umkehrbar, erwäge stattdessen, den Nutzer zu sperren.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Möchtest du das Konto {{ userName }} sperren? Gesperrte Nutzer können sich nicht anmelden.",
   "New name": "Neuer Name",
   "Name can't be empty": "Der Name darf nicht leer sein",
+  "Profile picture updated": "Profilbild wurde aktualisiert",
+  "Unable to upload new profile picture": "Neues Profilbild kann nicht hochgeladen werden",
+  "Profile picture": "Profilbild",
+  "Done": "Done",
   "Check your email to verify the new address.": "Überprüfen Sie Ihren Posteingang, um die neue E-Mail-Adresse zu bestätigen.",
   "The email will be changed once verified.": "Die E-Mail wird geändert, sobald sie bestätigt wurde.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "Sie erhalten eine E-Mail zur Bestätigung Ihrer neuen Adresse. Sie muss im Arbeitsbereich einmalig sein.",
@@ -575,7 +579,6 @@
   "Paste a link": "Link einfügen",
   "Delete embed": "Einbindung löschen",
   "Delete image": "Bild löschen",
-  "Profile picture": "Profilbild",
   "Create a new doc": "Neues Dokument erstellen",
   "Create a nested doc": "Neues untergeordnetes Dokument erstellen",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} wird nicht benachrichtigt, da sie keinen Zugriff auf dieses Dokument haben",
@@ -680,6 +683,7 @@
   "Embeds": "Einbettungen",
   "Configure which embed providers are available in the editor.": "Konfigurieren Sie, welche Anbieter für Einbettungen im Editor verfügbar sind.",
   "Install": "Installieren",
+  "Change profile picture": "Change profile picture",
   "Change name": "Namen ändern",
   "Change email": "E-Mail-Adresse ändern",
   "Suspend user": "Benutzer sperren",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "Sie werden nach der Autorisierung zu <em>{{ redirectUri }}</em> weitergeleitet. Stellen Sie sicher, dass Sie der URL vertrauen.",
   "read": "lesen",
   "write": "schreiben",
+  "create": "create",
   "read and write": "lesen und schreiben",
   "API keys": "API Schlüssel",
   "attachments": "Anhänge",
@@ -1052,8 +1057,10 @@
   "users": "Benutzer",
   "teams": "Teams",
   "workspace": "Arbeitsbereich",
+  "Full access": "Full access",
   "Read all data": "Alle Daten lesen",
   "Write all data": "Alle Daten schreiben",
+  "Create all data": "Create all data",
   "Any collection": "Beliebige Sammlung",
   "All time": "Gesamter Zeitraum",
   "Past day": "Letzter Tag",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Dein Import wird bearbeitet, du kannst diese Seite sicher verlassen",
   "File not supported – please upload a valid ZIP file": "Datei wird nicht unterstützt – bitte lade eine gültige ZIP-Datei hoch",
   "Set the default permission level for collections created from the import": "Legen Sie die Standardberechtigung für Sammlungen fest, die vom Import erstellt wurden",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Import starten",
   "Added by": "Hinzugefügt von",
   "Date added": "Hinzugefügt am",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Wählen Sie, wie ungelesene Benachrichtigungen auf dem App-Symbol angezeigt werden.",
   "You may delete your account at any time, note that this is unrecoverable": "Sie können Ihren Account jederzeit löschen, beachten Sie, dass dies nicht wiederhergestellt werden kann",
   "Profile saved": "Profil gespeichert",
-  "Profile picture updated": "Profilbild wurde aktualisiert",
-  "Unable to upload new profile picture": "Neues Profilbild kann nicht hochgeladen werden",
   "Manage how you appear to other members of the workspace.": "Erscheinungsbild für andere Mitglieder des Arbeitsbereiches verwalten.",
   "Photo": "Foto",
   "Choose a photo or image to represent yourself.": "Wählen Sie ein Foto oder Bild, um sich selbst darzustellen.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "Es wurden noch keine Vorlagen erstellt",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} verwendet {{ appName }}, um Dokumente zu teilen. Bitte melde dich an, um fortzufahren.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "Ein Bestätigungscode wurde an deine E-Mail-Adresse gesendet. Bitte gebe diesen Code unten ein, um diesen Arbeitsbereich endgültig zu löschen.",
-  "Confirmation code": "Bestätigungscode",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Das Löschen des <1>{{workspaceName}}</1>-Arbeitsbereichs entfernt alle Sammlungen, Dokumente, Benutzer und zugehörigen Daten. Du wirst sofort von {{appName}} abgemeldet.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Bitte beachten Sie, dass die Arbeitsbereiche vollständig getrennt sind. Sie können eine andere Domäne, Einstellungen, Benutzer und Abrechnungen haben.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "Du erstellst einen neuen Arbeitsbereich mit deinem aktuellen Konto - <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Geben Sie einen aussagekräftigen Namen für diesen Webhook und die URL an, an die wir beim Erstellen passender Events einen POST-Request senden sollen.",
   "A memorable identifer": "Ein einprägsamer Identifer",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Signaturgeheimnis",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Abonnieren Sie alle Events, Gruppen oder einzelne Events. Wir empfehlen nur die Mindestanzahl an Events, die Ihre Anwendung benötigt, um zu funktionieren.",
   "All events": "Alle Ereignisse",
diff --git a/shared/i18n/locales/en_GB/translation.json b/shared/i18n/locales/en_GB/translation.json
index ecf6dadea5..b8d99d0c9e 100644
--- a/shared/i18n/locales/en_GB/translation.json
+++ b/shared/i18n/locales/en_GB/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Viewers can only view and comment on documents.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Are you sure you want to make {{ userName }} a {{ role }}?",
   "I understand, delete": "I understand, delete",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.",
   "New name": "New name",
   "Name can't be empty": "Name can’t be empty",
+  "Profile picture updated": "Profile picture updated",
+  "Unable to upload new profile picture": "Unable to upload new profile picture",
+  "Profile picture": "Profile picture",
+  "Done": "Done",
   "Check your email to verify the new address.": "Check your email to verify the new address.",
   "The email will be changed once verified.": "The email will be changed once verified.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "You will receive an email to verify your new address. It must be unique in the workspace.",
@@ -575,7 +579,6 @@
   "Paste a link": "Paste a link",
   "Delete embed": "Delete embed",
   "Delete image": "Delete image",
-  "Profile picture": "Profile picture",
   "Create a new doc": "Create a new doc",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} won't be notified, as they do not have access to this document",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "Install",
+  "Change profile picture": "Change profile picture",
   "Change name": "Change name",
   "Change email": "Change email",
   "Suspend user": "Suspend user",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "read",
   "write": "write",
+  "create": "create",
   "read and write": "read and write",
   "API keys": "API keys",
   "attachments": "attachments",
@@ -1052,8 +1057,10 @@
   "users": "users",
   "teams": "teams",
   "workspace": "workspace",
+  "Full access": "Full access",
   "Read all data": "Read all data",
   "Write all data": "Write all data",
+  "Create all data": "Create all data",
   "Any collection": "Any collection",
   "All time": "All time",
   "Past day": "Past day",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Your import is being processed, you can safely leave this page",
   "File not supported – please upload a valid ZIP file": "File not supported – please upload a valid ZIP file",
   "Set the default permission level for collections created from the import": "Set the default permission level for collections created from the import",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Start import",
   "Added by": "Added by",
   "Date added": "Date added",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "You may delete your account at any time, note that this is unrecoverable",
   "Profile saved": "Profile saved",
-  "Profile picture updated": "Profile picture updated",
-  "Unable to upload new profile picture": "Unable to upload new profile picture",
   "Manage how you appear to other members of the workspace.": "Manage how you appear to other members of the workspace.",
   "Photo": "Photo",
   "Choose a photo or image to represent yourself.": "Choose a photo or image to represent yourself.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} is using {{ appName }} to share documents, please login to continue.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "A confirmation code has been sent to your email address; please enter the code below to permanently destroy this workspace.",
-  "Confirmation code": "Confirmation code",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "You are creating a new workspace using your current account — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.",
   "A memorable identifer": "A memorable identifer",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Signing secret",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.",
   "All events": "All events",
diff --git a/shared/i18n/locales/es_ES/translation.json b/shared/i18n/locales/es_ES/translation.json
index a9f9a5d1dc..9587340ff0 100644
--- a/shared/i18n/locales/es_ES/translation.json
+++ b/shared/i18n/locales/es_ES/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Los visualizadores sólo pueden ver y comentar documentos.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "¿Estás seguro de que quieres hacer de {{ userName }} un {{ role }}?",
   "I understand, delete": "Lo entiendo, eliminar",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "¿Estás seguro de que quieres eliminar permanentemente a {{ userName }}? Esta operación es irreversible, considera suspender al usuario en su lugar.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "¿Estás seguro de que quieres suspender a {{ userName }}? Los usuarios suspendidos no podrán iniciar sesión.",
   "New name": "Nuevo nombre",
   "Name can't be empty": "El nombre no puede estar vacío",
+  "Profile picture updated": "Foto de perfil guardada",
+  "Unable to upload new profile picture": "No se pudo cargar una nueva foto de perfil",
+  "Profile picture": "Foto de perfil",
+  "Done": "Done",
   "Check your email to verify the new address.": "Revisa tu correo para verificar la nueva dirección.",
   "The email will be changed once verified.": "El correo electrónico se cambiará una vez verificado.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "Recibirás un correo electrónico para verificar tu nueva dirección. Debe ser único en el espacio de trabajo.",
@@ -575,7 +579,6 @@
   "Paste a link": "Pegar un enlace",
   "Delete embed": "Eliminar incrustado",
   "Delete image": "Eliminar imagen",
-  "Profile picture": "Foto de perfil",
   "Create a new doc": "Crea un nuevo documento",
   "Create a nested doc": "Crear un documento anidado",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} no será notificado, ya que no tiene acceso a este documento",
@@ -680,6 +683,7 @@
   "Embeds": "Incrustaciones",
   "Configure which embed providers are available in the editor.": "Configurar qué proveedores embebidos están disponibles en el editor.",
   "Install": "Instalar",
+  "Change profile picture": "Change profile picture",
   "Change name": "Cambiar nombre",
   "Change email": "Modificar correo electrónico",
   "Suspend user": "Suspender usuario",
@@ -1028,7 +1032,7 @@
   "The OAuth client could not be loaded, please check the redirect URI is valid": "El cliente OAuth no pudo ser cargado, por favor compruebe que la URI de redirección es válida",
   "The OAuth client could not be loaded, please check your workspace subdomain is correct": "El cliente OAuth no pudo ser cargado, por favor compruebe que su subdominio del área de trabajo es correcto",
   "Required OAuth parameters are missing": "Faltan parámetros OAuth requeridos",
-  "Authorize": " Ocurrió un error",
+  "Authorize": "Authorize",
   "{{ appName }} wants to access {{ teamName }}": "",
   "By <em>{{ developerName }}</em>": "Por <em>{{ developerName }}</em>",
   "{{ appName }} will be able to access your account and perform the following actions": "{{ appName }} podrá acceder a su cuenta y realizar las siguientes acciones",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "Serás redirigido a <em>{{ redirectUri }}</em> después de autorizar. Asegúrate de confiar en esta URL.",
   "read": "leer",
   "write": "escribir",
+  "create": "create",
   "read and write": "leer y escribir",
   "API keys": "Claves API",
   "attachments": "adjuntos",
@@ -1052,8 +1057,10 @@
   "users": "usuarios",
   "teams": "equipos",
   "workspace": "espacio de trabajo",
+  "Full access": "Full access",
   "Read all data": "Leer todos los datos",
   "Write all data": "Escribir todos los datos",
+  "Create all data": "Create all data",
   "Any collection": "Cualquier colección",
   "All time": "Desde siempre",
   "Past day": "Último día",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Su importación está siendo procesada, puede salir de esta página de manera segura",
   "File not supported – please upload a valid ZIP file": "Archivo no soportado - por favor sube un archivo ZIP válido",
   "Set the default permission level for collections created from the import": "Establecer el nivel de permisos por defecto para las colecciones creadas a partir de la importación",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Iniciar importación",
   "Added by": "Agregado por",
   "Date added": "Agregado en la fecha",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Elija cómo se indican las notificaciones sin leer en el icono de la aplicación.",
   "You may delete your account at any time, note that this is unrecoverable": "Puedes eliminar tu cuenta en cualquier momento, ten en cuenta que esta es una operación irreversible",
   "Profile saved": "Perfil guardado",
-  "Profile picture updated": "Foto de perfil guardada",
-  "Unable to upload new profile picture": "No se pudo cargar una nueva foto de perfil",
   "Manage how you appear to other members of the workspace.": "Gestiona cómo apareces ante otros miembros del espacio de trabajo.",
   "Photo": "Foto",
   "Choose a photo or image to represent yourself.": "Elige una foto o imagen para representarte.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "Aún no se han creado plantillas",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} está usando {{ appName }} para compartir documentos, inicia sesión para continuar.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "Un código de confirmación ha sido enviado a tu dirección de correo electrónico, por favor ingresa el código a continuación para eliminar permanentemente este espacio de trabajo.",
-  "Confirmation code": "Código de confirmación",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Eliminar el espacio de trabajo <1>{{workspaceName}}</1> eliminará todas las colecciones, documentos, usuarios y datos asociados. Se cerrará inmediatamente la sesión de {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Ten en cuenta que los espacios de trabajo están completamente separados. Pueden tener dominios, configuración, usuarios y facturación diferentes.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "Estás creando un nuevo espacio de trabajo usando tu cuenta actual — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Proporciona un nombre descriptivo para este webhook y la URL a la que deberíamos enviar una solicitud POST cuando se creen eventos coincidentes.",
   "A memorable identifer": "Un identificador memorable",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Firma secreta",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Suscribirse a todos los eventos, grupos o eventos individuales. Recomendamos suscribirte a la cantidad mínima de eventos que tu aplicación necesita para funcionar.",
   "All events": "Todos los eventos",
diff --git a/shared/i18n/locales/fa_IR/translation.json b/shared/i18n/locales/fa_IR/translation.json
index eabc0d3fcd..839be2b137 100644
--- a/shared/i18n/locales/fa_IR/translation.json
+++ b/shared/i18n/locales/fa_IR/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "ناظران فقط می‌توانند سند را مشاهده و نظرگذاری کنند.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "آیا مطمئن هستید که می‌خواهید {{ userName }} را به {{ role }} تغییر دهید؟",
   "I understand, delete": "فهمیدم، حذف کن",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "آیا مطمئن هستید که می‌خواهید {{ userName }} را به‌طور دائمی حذف کنید؟ این عملیات قابل بازگشت نیست؛ بهتر است ابتدا کاربر را معلق کنید.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "آیا مطمئن هستید که می‌خواهید {{ userName }} را معلق کنید؟ کاربران معلق قادر به ورود نخواهند بود.",
   "New name": "نام جدید",
   "Name can't be empty": "نام نمی‌تواند خالی باشد",
+  "Profile picture updated": "تصویر پروفایل به‌روز شد",
+  "Unable to upload new profile picture": "امکان بارگذاری تصویر جدید پروفایل وجود نداشت",
+  "Profile picture": "تصویر پروفایل",
+  "Done": "Done",
   "Check your email to verify the new address.": "ایمیل خود را بررسی کنید تا آدرس جدید تأیید شود.",
   "The email will be changed once verified.": "پس از تأیید، ایمیل تغییر خواهد کرد.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "یک ایمیل برای تأیید آدرس جدید دریافت خواهید کرد. این آدرس باید در فضای کار منحصربه‌فرد باشد.",
@@ -575,7 +579,6 @@
   "Paste a link": "جایگذاری لینک",
   "Delete embed": "حذف جاسازی",
   "Delete image": "حذف تصویر",
-  "Profile picture": "تصویر پروفایل",
   "Create a new doc": "ایجاد سند جدید",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} مطلع نخواهد شد، زیرا به این سند دسترسی ندارد",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "نصب",
+  "Change profile picture": "Change profile picture",
   "Change name": "تغییر نام",
   "Change email": "تغییر ایمیل",
   "Suspend user": "تعلیق کاربر",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "خواندن",
   "write": "نوشتن",
+  "create": "create",
   "read and write": "خواندن و نوشتن",
   "API keys": "کلید های API",
   "attachments": "پیوست ها",
@@ -1052,8 +1057,10 @@
   "users": "کاربران",
   "teams": "تیم ها",
   "workspace": "فضای کاری",
+  "Full access": "Full access",
   "Read all data": "خواندن تمام داده‌ها",
   "Write all data": "نوشتن تمام داده‌ها",
+  "Create all data": "Create all data",
   "Any collection": "هر مجموعه‌ای",
   "All time": "تمام زمان‌ها",
   "Past day": "روز گذشته",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "وارد کردن شما در حال پردازش است، می توانید با خیال راحت این صفحه را ترک کنید",
   "File not supported – please upload a valid ZIP file": "فایل پشتیبانی نمی‌شود – لطفاً یک فایل ZIP معتبر بارگذاری کنید",
   "Set the default permission level for collections created from the import": "سطح دسترسی پیش‌فرض برای مجموعه‌های ایجاد شده از واردات را تنظیم کنید",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "شروع ایمپورت",
   "Added by": "Added by",
   "Date added": "Date added",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "همیشه می‌توانید حساب‌تان را حذف کنید، ولی توجه داشته باشید که این عملیات قابل بازگشت نیست",
   "Profile saved": "پروفایل ذخیره شد",
-  "Profile picture updated": "تصویر پروفایل به‌روز شد",
-  "Unable to upload new profile picture": "امکان بارگذاری تصویر جدید پروفایل وجود نداشت",
   "Manage how you appear to other members of the workspace.": "مدیریت نحوه نمایش شما به سایر اعضای فضای کاری.",
   "Photo": "عکس",
   "Choose a photo or image to represent yourself.": "یک عکس یا تصویر برای نمایندگی از خود انتخاب کنید.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} از {{ appName }} برای اشتراک‌گذاری اسناد استفاده می‌کند، لطفاً برای ادامه وارد شوید.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "کد تأیید به ایمیل شما ارسال شد. لطفاً آن را در کادر زیر وارد کنید تا این فضای کاری برای همیشه حذف شود.",
-  "Confirmation code": "کد تأیید",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "حذف فضای کاری <1>{{workspaceName}}</1> باعث از بین رفتن تمام مجموعه‌ها، اسناد، کاربران و داده‌های مرتبط خواهد شد. شما بلافاصله از {{appName}} خارج خواهید شد.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "توجه داشته باشید که فضاهای کاری کاملاً مستقل از هم هستند و می‌توانند دامنه، تنظیمات، کاربران و صورتحساب‌های متفاوتی داشته باشند.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "در حال ایجاد یک فضای کاری جدید با حساب فعلی خود هستید — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "یک نام توصیفی برای این webhook ارائه دهید و URL که باید هنگام ایجاد رویدادهای مطابقت یافته، درخواست POST را به آن ارسال کنیم، مشخص کنید.",
   "A memorable identifer": "یک شناسه به یاد ماندنی",
   "URL": "آدرس",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "کلید امضا",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "برای همه رویدادها، گروه‌ها یا رویدادهای جداگانه مشترک شوید. توصیه می‌کنیم فقط به حداقل رویدادهایی که برنامه شما برای عملکرد نیاز دارد مشترک شوید.",
   "All events": "همه رویدادها",
diff --git a/shared/i18n/locales/fr_FR/translation.json b/shared/i18n/locales/fr_FR/translation.json
index 3fde1951f4..58c7e278aa 100644
--- a/shared/i18n/locales/fr_FR/translation.json
+++ b/shared/i18n/locales/fr_FR/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Les lecteurs peuvent uniquement voir et commenter les documents.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Êtes-vous sûr de vouloir faire de {{ userName }} un {{ role }}?",
   "I understand, delete": "J’ai compris, supprimer",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Êtes-vous sûr de vouloir supprimer définitivement {{ userName }} ? Cette opération est irréversible, envisagez plutôt de suspendre l'utilisateur.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Voulez-vous vraiment suspendre {{ userName }} ? Les utilisateurs suspendus ne pourront plus se connecter.",
   "New name": "Nouveau nom",
   "Name can't be empty": "Le champ Nom ne peut pas être vide",
+  "Profile picture updated": "Photo de profil sauvegardée",
+  "Unable to upload new profile picture": "Impossible d'envoyer la nouvelle photo de profil",
+  "Profile picture": "Photo de profil",
+  "Done": "Done",
   "Check your email to verify the new address.": "Vérifiez votre e-mail pour confirmer la nouvelle adresse.",
   "The email will be changed once verified.": "Le courriel sera modifié une fois vérifié.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "Vous allez recevoir un e-mail pour vérifier votre nouvelle adresse. Il doit être unique dans l'espace de travail.",
@@ -575,7 +579,6 @@
   "Paste a link": "Coller un lien",
   "Delete embed": "Supprimer l'intégration",
   "Delete image": "Supprimer l'image",
-  "Profile picture": "Photo de profil",
   "Create a new doc": "Créer un nouveau doc",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} ne sera pas notifié, car il n'a pas accès à ce document",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "Installer",
+  "Change profile picture": "Change profile picture",
   "Change name": "Changement de nom",
   "Change email": "Modifier le courriel",
   "Suspend user": "Suspendre l'Utilisateur",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "lire",
   "write": "écrire",
+  "create": "create",
   "read and write": "lire et écrire",
   "API keys": "Clés API",
   "attachments": "pièces jointes",
@@ -1052,8 +1057,10 @@
   "users": "utilisateurs",
   "teams": "équipes",
   "workspace": "espace de travail",
+  "Full access": "Full access",
   "Read all data": "Lire toutes les données",
   "Write all data": "Écrire toutes les données",
+  "Create all data": "Create all data",
   "Any collection": "Toutes les collections",
   "All time": "Tout l'historique",
   "Past day": "Hier",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Votre importation est en cours, vous pouvez quitter cette page en toute sécurité",
   "File not supported – please upload a valid ZIP file": "Fichier non pris en charge - veuillez téléverser un fichier ZIP valide",
   "Set the default permission level for collections created from the import": "Définir le niveau de permission par défaut pour les collections créées à partir de l'importation",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Démarrer l'importation",
   "Added by": "Ajouté par",
   "Date added": "Date ajoutée",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "Vous pouvez supprimer votre compte à tout moment, notez que cela est irrécupérable",
   "Profile saved": "Profil enregistré",
-  "Profile picture updated": "Photo de profil sauvegardée",
-  "Unable to upload new profile picture": "Impossible d'envoyer la nouvelle photo de profil",
   "Manage how you appear to other members of the workspace.": "Gérer votre apparence pour les autres membres de l'espace de travail.",
   "Photo": "Photo",
   "Choose a photo or image to represent yourself.": "Choisissez une photo ou une image pour vous représenter.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} utilise {{ appName }} pour partager des documents, veuillez vous connecter pour continuer.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "Un code de confirmation a été envoyé à votre adresse e-mail, veuillez saisir le code ci-dessous pour supprimer définitivement cet espace de travail.",
-  "Confirmation code": "Code de confirmation",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Supprimer l'espace de travail <1>{{workspaceName}}</1> va détruire toutes les collections, tous les documents et utilisateurs ainsi que les données associées. Vous serez immédiatement déconnecté de {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Veuillez noter que les espaces de travail sont complètement indépendants. Ils peuvent avoir un domaine, des réglages, des utilisateurs et une facturation complètement différents.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "Vous êtes en train de créer un nouvel espace de travail avec votre compte actuel — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Indiquez un nom descriptif pour ce webhook ainsi qu'une URL sur laquelle nous devons envoyer une requête POST lors de la création des événements correspondants.",
   "A memorable identifer": "Un identifiant mémorisable",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Secret de signature",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Abonnez-vous à tous les événements, groupes ou événements individuels. Nous vous recommandons de ne vous abonner qu'au nombre minimum d'événements dont votre application a besoin pour fonctionner.",
   "All events": "Tous les évènements",
diff --git a/shared/i18n/locales/he_IL/translation.json b/shared/i18n/locales/he_IL/translation.json
index 6c203e08df..bb73085dd0 100644
--- a/shared/i18n/locales/he_IL/translation.json
+++ b/shared/i18n/locales/he_IL/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "הצופים יכולים להציג ולהגיב רק על מסמכים.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "האם אתה בטוח שברצונך להפוך את {{ userName }} ל-{{ role }}?",
   "I understand, delete": "הבנתי, מחק",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "האם אתה בטוח שברצונך למחוק לצמיתות את {{ userName }}? פעולה זו אינה ניתנת לשחזור, שקול להשעות את המשתמש במקום זאת.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "האם אתה בטוח שברצונך להשעות את {{ userName }}? משתמשים מושעים ימנעו מלהתחבר.",
   "New name": "שם חדש",
   "Name can't be empty": "השם לא יכול להיות ריק",
+  "Profile picture updated": "תמונת הפרופיל עודכנה",
+  "Unable to upload new profile picture": "לא ניתן להעלות תמונת פרופיל חדשה",
+  "Profile picture": "תמונת פרופיל",
+  "Done": "Done",
   "Check your email to verify the new address.": "בדוק את האימייל שלך כדי לאמת את הכתובת החדשה.",
   "The email will be changed once verified.": "האימייל ישתנה לאחר האימות.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "תקבל אימייל לאימות הכתובת החדשה שלך. זה חייב להיות ייחודי במרחב העבודה.",
@@ -575,7 +579,6 @@
   "Paste a link": "הדבק קישור",
   "Delete embed": "מחק הטמעה",
   "Delete image": "מחק תמונה",
-  "Profile picture": "תמונת פרופיל",
   "Create a new doc": "צור מסמך חדש",
   "Create a nested doc": "צור מסמך מקונן",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} לא יקבלו הודעה, מכיוון שאין להם גישה למסמך זה",
@@ -680,6 +683,7 @@
   "Embeds": "הטמעות",
   "Configure which embed providers are available in the editor.": "הגדר אילו ספקי הטמעה זמינים בעורך.",
   "Install": "לְהַתְקִין",
+  "Change profile picture": "Change profile picture",
   "Change name": "שנה שם",
   "Change email": "שנה אימייל",
   "Suspend user": "השעיית משתמש",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "אתה תופנה אל <em>{{ redirectUri }}</em> לאחר אישור. ודא שאתה סומך על כתובת האתר הזו.",
   "read": "לִקְרוֹא",
   "write": "לִכתוֹב",
+  "create": "create",
   "read and write": "לקרוא ולכתוב",
   "API keys": "מפתחות API",
   "attachments": "קבצים מצורפים",
@@ -1052,8 +1057,10 @@
   "users": "משתמשים",
   "teams": "צוותים",
   "workspace": "סביבת עבודה",
+  "Full access": "Full access",
   "Read all data": "קרא את כל הנתונים",
   "Write all data": "כתוב את כל הנתונים",
+  "Create all data": "Create all data",
   "Any collection": "כל אוסף",
   "All time": "כל הזמן",
   "Past day": "היום שעבר",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "הייבוא ​​שלך בעיבוד, אתה יכול לעזוב את הדף הזה בבטחה",
   "File not supported – please upload a valid ZIP file": "הקובץ אינו נתמך - אנא העלה קובץ ZIP חוקי",
   "Set the default permission level for collections created from the import": "הגדר את רמת ההרשאה המוגדרת כברירת מחדל עבור אוספים שנוצרו מהייבוא",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "התחל לייבא",
   "Added by": "נוסף על ידי",
   "Date added": "תאריך נוסף",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "בחר כיצד הודעות שלא נקראו יצוינו בסמל האפליקציה.",
   "You may delete your account at any time, note that this is unrecoverable": "אתה יכול למחוק את חשבונך בכל עת, שים לב שזה לא ניתן לשחזור",
   "Profile saved": "הפרופיל נשמר",
-  "Profile picture updated": "תמונת הפרופיל עודכנה",
-  "Unable to upload new profile picture": "לא ניתן להעלות תמונת פרופיל חדשה",
   "Manage how you appear to other members of the workspace.": "נהל איך אתה מופיע בפני חברים אחרים בסביבת העבודה.",
   "Photo": "תַצלוּם",
   "Choose a photo or image to represent yourself.": "בחר תמונה או תמונה לייצג את עצמך.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "עדיין לא נוצרו תבניות",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} משתמש ב-{{ appName }} כדי לשתף מסמכים, התחבר כדי להמשיך.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "קוד אישור נשלח לכתובת האימייל שלך, אנא הזן את הקוד למטה כדי להרוס לצמיתות את סביבת העבודה הזו.",
-  "Confirmation code": "קוד אישור",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "מחיקת סביבת העבודה <1>{{workspaceName}}</1> תהרוס את כל האוספים, המסמכים, המשתמשים והנתונים המשויכים. תנתק מיד מ{{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "שימו לב שחללי העבודה מופרדים לחלוטין. הם יכולים להיות בעלי דומיין, הגדרות, משתמשים וחיוב שונים.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "אתה יוצר סביבת עבודה חדשה באמצעות החשבון הנוכחי שלך - <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "ספק שם תיאורי ל-webhook זה ואת כתובת האתר שאליה עלינו לשלוח בקשת POST כאשר נוצרים אירועים תואמים.",
   "A memorable identifer": "מזהה בלתי נשכח",
   "URL": "כתובת אתר",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "סוד חתימה",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "הירשם לכל האירועים, הקבוצות או האירועים האישיים. אנו ממליצים להירשם רק לכמות המינימלית של אירועים שהאפליקציה שלך צריכה כדי לתפקד.",
   "All events": "כל האירועים",
diff --git a/shared/i18n/locales/hu_HU/translation.json b/shared/i18n/locales/hu_HU/translation.json
index 8c196210f6..b5d4ebebb9 100644
--- a/shared/i18n/locales/hu_HU/translation.json
+++ b/shared/i18n/locales/hu_HU/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Viewers can only view and comment on documents.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Biztosan {{ role }} szerepbe szeretné helyezni {{ userName }} felhasználót?",
   "I understand, delete": "Megértettem, töröljük",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Biztos, hogy {{ userName }} véglegesen törölve legyen? Ez a művelet nem vonható vissza, fontolja meg a felfüggesztést helyette.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Bizthogy, hogy {{ userName }} fel legyen függesztve? A felfüggesztett felhasználók belépni sem tudnak.",
   "New name": "Új név",
   "Name can't be empty": "A név nem lehet üres",
+  "Profile picture updated": "Profilkép frissítve",
+  "Unable to upload new profile picture": "Nem lehet új profilképet feltölteni",
+  "Profile picture": "Profilkép",
+  "Done": "Done",
   "Check your email to verify the new address.": "Check your email to verify the new address.",
   "The email will be changed once verified.": "The email will be changed once verified.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "You will receive an email to verify your new address. It must be unique in the workspace.",
@@ -575,7 +579,6 @@
   "Paste a link": "Szúrjon be egy hivatkozást",
   "Delete embed": "Delete embed",
   "Delete image": "Kép törlése",
-  "Profile picture": "Profilkép",
   "Create a new doc": "Új doku létrehozása",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} won't be notified, as they do not have access to this document",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "Install",
+  "Change profile picture": "Change profile picture",
   "Change name": "Név módosítása",
   "Change email": "Email-cím megváltoztatása",
   "Suspend user": "Felfüggesztett felhasználó",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "read",
   "write": "write",
+  "create": "create",
   "read and write": "read and write",
   "API keys": "API-kulcsok",
   "attachments": "attachments",
@@ -1052,8 +1057,10 @@
   "users": "users",
   "teams": "teams",
   "workspace": "workspace",
+  "Full access": "Full access",
   "Read all data": "Read all data",
   "Write all data": "Write all data",
+  "Create all data": "Create all data",
   "Any collection": "Bármelyik gyűjtemény",
   "All time": "Bármikor",
   "Past day": "Elmúlt nap",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Your import is being processed, you can safely leave this page",
   "File not supported – please upload a valid ZIP file": "File not supported – please upload a valid ZIP file",
   "Set the default permission level for collections created from the import": "Set the default permission level for collections created from the import",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Start import",
   "Added by": "Added by",
   "Date added": "Date added",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "Bármikor törölheted a fiókodat, de utána nem szerezheted vissza",
   "Profile saved": "Profil elmentve",
-  "Profile picture updated": "Profilkép frissítve",
-  "Unable to upload new profile picture": "Nem lehet új profilképet feltölteni",
   "Manage how you appear to other members of the workspace.": "Manage how you appear to other members of the workspace.",
   "Photo": "Fénykép",
   "Choose a photo or image to represent yourself.": "Az Önt ábrázoló fénykép vagy kép kiválasztása.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} is using {{ appName }} to share documents, please login to continue.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.",
-  "Confirmation code": "Megerősítő kód",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "You are creating a new workspace using your current account — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Adjon egy leíró nevet ennek a webhorognak és URL-nek, amelyre POST-kérést kell küldenünk, amikor illeszkedő események jönnek létre.",
   "A memorable identifer": "A memorable identifer",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Signing secret",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.",
   "All events": "Minden esemény",
diff --git a/shared/i18n/locales/id_ID/translation.json b/shared/i18n/locales/id_ID/translation.json
index f10dbabb6f..18c14f8148 100644
--- a/shared/i18n/locales/id_ID/translation.json
+++ b/shared/i18n/locales/id_ID/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Viewers can only view and comment on documents.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Are you sure you want to make {{ userName }} a {{ role }}?",
   "I understand, delete": "Saya mengerti, hapus",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Anda yakin ingin menghapus {{ userName }} secara permanen? Operasi ini tidak dapat dipulihkan, sebagai gantinya pertimbangkan untuk menangguhkan pengguna.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Anda yakin ingin menangguhkan {{ userName }}? Pengguna yang ditangguhkan akan dicegah untuk masuk.",
   "New name": "Nama baru",
   "Name can't be empty": "Nama tidak boleh kosong",
+  "Profile picture updated": "Gambar profil diperbarui",
+  "Unable to upload new profile picture": "Tidak dapat mengunggah gambar profil baru",
+  "Profile picture": "Gambar profil",
+  "Done": "Done",
   "Check your email to verify the new address.": "Check your email to verify the new address.",
   "The email will be changed once verified.": "The email will be changed once verified.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "You will receive an email to verify your new address. It must be unique in the workspace.",
@@ -575,7 +579,6 @@
   "Paste a link": "Tempel tautan",
   "Delete embed": "Delete embed",
   "Delete image": "Hapus gambar",
-  "Profile picture": "Gambar profil",
   "Create a new doc": "Buat dokumen baru",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} won't be notified, as they do not have access to this document",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "Install",
+  "Change profile picture": "Change profile picture",
   "Change name": "Ganti Nama",
   "Change email": "Change email",
   "Suspend user": "Tangguhkan pengguna",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "read",
   "write": "write",
+  "create": "create",
   "read and write": "read and write",
   "API keys": "API keys",
   "attachments": "attachments",
@@ -1052,8 +1057,10 @@
   "users": "users",
   "teams": "teams",
   "workspace": "workspace",
+  "Full access": "Full access",
   "Read all data": "Read all data",
   "Write all data": "Write all data",
+  "Create all data": "Create all data",
   "Any collection": "Semua koleksi",
   "All time": "All time",
   "Past day": "Kemarin",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Pengimporan Anda sedang diproses, Anda dapat meninggalkan halaman ini dengan aman",
   "File not supported – please upload a valid ZIP file": "File tidak didukung – harap unggah file ZIP yang valid",
   "Set the default permission level for collections created from the import": "Set the default permission level for collections created from the import",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Start import",
   "Added by": "Added by",
   "Date added": "Date added",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "Anda dapat menghapus akun Anda kapan saja, namun ingat bahwa ini tidak dapat dibatalkan",
   "Profile saved": "Profil disimpan",
-  "Profile picture updated": "Gambar profil diperbarui",
-  "Unable to upload new profile picture": "Tidak dapat mengunggah gambar profil baru",
   "Manage how you appear to other members of the workspace.": "Kelola bagaimana Anda terlihat oleh anggota lain dari workspace.",
   "Photo": "Foto",
   "Choose a photo or image to represent yourself.": "Pilih sebuah foto atau gambar yang mewakili diri Anda.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} menggunakan {{ appName }} untuk berbagi dokumen, silakan login untuk melanjutkan.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.",
-  "Confirmation code": "Confirmation code",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "You are creating a new workspace using your current account — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Berikan nama deskriptif untuk webhook ini dan URL yang harus kami kirimkan POST request saat event yang cocok dibuat.",
   "A memorable identifer": "Pengenal yang mudah diingat",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Signing secret",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Subscribe ke semua event, grup, atau event individu. Kami merekomendasikan hanya Subscribe jumlah minimum event yang dibutuhkan aplikasi Anda untuk berfungsi.",
   "All events": "Semua event",
diff --git a/shared/i18n/locales/it_IT/translation.json b/shared/i18n/locales/it_IT/translation.json
index b9f36b2dbc..d19b9319b4 100644
--- a/shared/i18n/locales/it_IT/translation.json
+++ b/shared/i18n/locales/it_IT/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Gli spettatori possono solo visualizzare e commentare i documenti.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Sei sicuro di voler rendere {{ userName }} un {{ role }}?",
   "I understand, delete": "Capisco, elimina",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Sei sicuro di voler eliminare definitivamente {{ userName }}? Questa operazione non è recuperabile, considera invece di sospendere l'utente.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Sei sicuro di voler eliminare permanentemente {{ userName }}? Questa operazione non è revocabile. Tutte le chiavi API, i webhook e le integrazioni da loro creati smetteranno di funzionare — considera invece di sospendere l'utente.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Sei sicuro di voler sospendere {{ userName }}? Gli utenti sospesi non potranno accedere.",
   "New name": "Nuovo nome",
   "Name can't be empty": "Il nome non può essere vuoto",
+  "Profile picture updated": "Immagine del profilo aggiornata",
+  "Unable to upload new profile picture": "Impossibile caricare la foto profilo",
+  "Profile picture": "Immagine del profilo",
+  "Done": "Fatto",
   "Check your email to verify the new address.": "Controlla la tua email per verificare il nuovo indirizzo.",
   "The email will be changed once verified.": "L'email verrà modificata una volta verificata.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "Riceverai un'email per verificare il tuo nuovo indirizzo. Deve essere univoco nello spazio di lavoro.",
@@ -575,7 +579,6 @@
   "Paste a link": "Incolla un link",
   "Delete embed": "Elimina incorporamento",
   "Delete image": "Elimina immagine",
-  "Profile picture": "Immagine del profilo",
   "Create a new doc": "Crea un nuovo documento",
   "Create a nested doc": "Crea un documento annidato",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} Non verrà notificato, in quanto Non",
@@ -680,6 +683,7 @@
   "Embeds": "Incorpora",
   "Configure which embed providers are available in the editor.": "Configurare quali provider incorporati sono disponibili nell'editor.",
   "Install": "Installa",
+  "Change profile picture": "Cambia immagine del profilo",
   "Change name": "Cambia nome",
   "Change email": "Cambia email",
   "Suspend user": "Sospendi utente",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "Dopo l'autorizzazione, verrai reindirizzato a <em>{{ redirectUri }}</em>. Assicurati che questo URL sia attendibile.",
   "read": "lettura",
   "write": "scrittura",
+  "create": "crea",
   "read and write": "lettura e scrittura",
   "API keys": "Chiavi API",
   "attachments": "allegati",
@@ -1052,8 +1057,10 @@
   "users": "utenti",
   "teams": "team",
   "workspace": "spazio di lavoro",
+  "Full access": "Accesso completo",
   "Read all data": "Leggi tutti i dati",
   "Write all data": "Scrivi tutti i dati",
+  "Create all data": "Crea tutti i dati",
   "Any collection": "Qualsiasi raccolta",
   "All time": "Sempre",
   "Past day": "Ieri",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "La tua importazione è in fase di elaborazione, puoi tranquillamente lasciare questa pagina",
   "File not supported – please upload a valid ZIP file": "File non supportato: carica un file ZIP valido",
   "Set the default permission level for collections created from the import": "Imposta il livello di autorizzazione predefinito per le raccolte create dall'importazione",
+  "Uploading {{progress}}%": "Caricamento {{progress}}%",
   "Start import": "Avvia l'importazione",
   "Added by": "Aggiunto da",
   "Date added": "Data aggiunta",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Scegli come indicare le notifiche non lette sull'icona dell'app.",
   "You may delete your account at any time, note that this is unrecoverable": "Puoi eliminare il tuo account in qualsiasi momento, tieni presente che l'azione non è reversibile",
   "Profile saved": "Profilo salvato",
-  "Profile picture updated": "Immagine del profilo aggiornata",
-  "Unable to upload new profile picture": "Impossibile caricare la foto profilo",
   "Manage how you appear to other members of the workspace.": "Gestisci il modo in cui appari agli altri membri dell'area di lavoro.",
   "Photo": "Foto",
   "Choose a photo or image to represent yourself.": "Scegli una foto o un'immagine che ti rappresenti.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "Non sono stati creati modelli",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} utilizza {{ appName }} per condividere documenti, effettua il login per continuare.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "Un codice di conferma è stato inviato al tuo indirizzo email. Inserisci il codice qui sotto per eliminare definitivamente questo spazio di lavoro.",
-  "Confirmation code": "Codice di conferma",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "L'eliminazione dell'area di lavoro <1>{{workspaceName}}</1> eliminerà tutte le raccolte, i documenti, gli utenti e i dati associati. Verrai immediatamente disconnesso da {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Si prega di notare che gli spazi di lavoro sono completamente separati. Possono avere domini, impostazioni, utenti e fatturazione diversi.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "Stai creando un nuovo spazio di lavoro utilizzando il tuo account corrente — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Fornisci un nome descrittivo per questo webhook e l'URL a cui dobbiamo inviare una richiesta POST quando vengono creati gli eventi corrispondenti.",
   "A memorable identifer": "Un identificatore memorizzabile",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "La consegna di webhook su http è insicura, usa https se possibile",
   "Signing secret": "Codice segreto per accesso",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Iscrivi a tutti gli eventi, gruppi o singoli eventi. Ti consigliamo d'iscrivere solo al numero minimo di eventi di cui la tua applicazione ha bisogno per funzionare.",
   "All events": "Tutti gli eventi",
diff --git a/shared/i18n/locales/ja_JP/translation.json b/shared/i18n/locales/ja_JP/translation.json
index 39fd42639e..1d050cc37f 100644
--- a/shared/i18n/locales/ja_JP/translation.json
+++ b/shared/i18n/locales/ja_JP/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "閲覧者はドキュメントの閲覧とコメントが可能です",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "{{ userName }} を {{ role }} にしてもよろしいですか？",
   "I understand, delete": "削除する",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "{{ userName }} を完全に削除してもよろしいですか？\nこの操作を元に戻すことはできません。\n代わりにユーザーを凍結することを検討してください。",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "{{ userName }} を凍結してもよろしいですか？ \nこれによりユーザーはログインできなくなります。",
   "New name": "新しい名前",
   "Name can't be empty": "名前を空にすることはできません",
+  "Profile picture updated": "プロフィール画像の更新に成功しました",
+  "Unable to upload new profile picture": "プロフィール画像をアップロードできませんでした",
+  "Profile picture": "プロフィール画像",
+  "Done": "Done",
   "Check your email to verify the new address.": "新しいアドレスを確認するためにメールを確認してください。",
   "The email will be changed once verified.": "確認後、メールアドレスは変更されます。",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "新しいアドレスを確認するためのメールが届きます。ワークスペース内で同じアドレスである必要があります。",
@@ -575,7 +579,6 @@
   "Paste a link": "リンクを貼り付け",
   "Delete embed": "埋め込みを削除",
   "Delete image": "画像を削除",
-  "Profile picture": "プロフィール画像",
   "Create a new doc": "ドキュメントを作成",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} はこのドキュメントへのアクセス権限がないため、通知されません",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "インストール",
+  "Change profile picture": "Change profile picture",
   "Change name": "名前を変更",
   "Change email": "メールアドレスを変更する",
   "Suspend user": "ユーザーを凍結",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "read",
   "write": "write",
+  "create": "create",
   "read and write": "read and write",
   "API keys": "APIキー",
   "attachments": "添付ファイル",
@@ -1052,8 +1057,10 @@
   "users": "ユーザー",
   "teams": "チーム",
   "workspace": "ワークスペース",
+  "Full access": "Full access",
   "Read all data": "Read all data",
   "Write all data": "Write all data",
+  "Create all data": "Create all data",
   "Any collection": "コレクション",
   "All time": "全期間",
   "Past day": "一日前",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "インポートしています\nこのページを閉じても問題ありません",
   "File not supported – please upload a valid ZIP file": "非対応ファイル - 有効な ZIP ファイルをアップロードしてください",
   "Set the default permission level for collections created from the import": "インポートから作成されたコレクションについて、デフォルトの権限レベルを設定する",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "インポートを開始",
   "Added by": "Added by",
   "Date added": "Date added",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "アカウントはいつでも削除することができます。これは取り返しのつかないことです。",
   "Profile saved": "プロフィールを保存しました",
-  "Profile picture updated": "プロフィール画像の更新に成功しました",
-  "Unable to upload new profile picture": "プロフィール画像をアップロードできませんでした",
   "Manage how you appear to other members of the workspace.": "他のメンバーに自分がどのように見えるかを管理します。",
   "Photo": "画像",
   "Choose a photo or image to represent yourself.": "あなたに関連した画像を選択してください",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} は {{ appName }} を使用してドキュメントを共有しています。続けるにはログインしてください。",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "登録されたメールアドレスに認証用のコードが送信されました。ワークスペースを永久に削除するには、メール内のコードを入力してください。",
-  "Confirmation code": "認証コード",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "<1>{{workspaceName}}</1> ワークスペースを削除すると、全てのコレクション、ドキュメント、ユーザー、および関連データが破棄されます。 {{appName}} からすぐにログアウトされます。",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "ワークスペースは完全に分離されているため、異なるドメイン・設定・ユーザー・請求書を利用することができます。",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "現在のアカウントを使用して新しいワークスペースを作成しています — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "この Webhook のわかりやすい名前と、一致するイベントが発火されたときに POST リクエストを送信する URL を指定してください。",
   "A memorable identifer": "覚えやすい識別子",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Secret",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "全てのイベント、グループ、または個別のイベントの通知を有効にします。アプリが機能するための最小限のものだけを選択することをお勧めします。",
   "All events": "全てのイベント",
diff --git a/shared/i18n/locales/ko_KR/translation.json b/shared/i18n/locales/ko_KR/translation.json
index 857721e5d8..b048f1dead 100644
--- a/shared/i18n/locales/ko_KR/translation.json
+++ b/shared/i18n/locales/ko_KR/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "열람자는 문서 열람과 댓글 작성만 가능합니다.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "정말로 {{ userName }} 에게 {{ role }} 권한을 부여 하시겠습니까?",
   "I understand, delete": "이해했으며, 삭제합니다.",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "{{ userName }} 를 영구 삭제하시겠습니까? 이 작업은 복구할 수 없으므로 대신 사용자를 일시 정지하는 것이 좋습니다.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "{{ userName }} 계정 사용을 중지 하시겠습니까? 중지된 사용자는 로그인 할 수 없습니다.",
   "New name": "새 이름",
   "Name can't be empty": "이름은 비어 있을 수 없습니다.",
+  "Profile picture updated": "프로필 사진이 업데이트 됨",
+  "Unable to upload new profile picture": "새 프로필 사진을 업로드 할 수 없습니다",
+  "Profile picture": "프로필 사진",
+  "Done": "Done",
   "Check your email to verify the new address.": "새로운 주소를 확인하려면 이메일을 확인하세요.",
   "The email will be changed once verified.": "이메일은 확인 후 변경됩니다.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "새로운 주소를 확인하기 위한 이메일을 받게 됩니다. 이 주소는 작업 공간 내에서 고유해야 합니다.",
@@ -575,7 +579,6 @@
   "Paste a link": "링크 붙여 넣기",
   "Delete embed": "임베드 삭제",
   "Delete image": "이미지 삭제",
-  "Profile picture": "프로필 사진",
   "Create a new doc": "새 문서 만들기",
   "Create a nested doc": "하위 문서 생성",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} 은(는) 이 문서에 대한 액세스 권한이 없으므로 알림을 받지 않습니다.",
@@ -680,6 +683,7 @@
   "Embeds": "임베드",
   "Configure which embed providers are available in the editor.": "편집기에서 사용할 수 있는 임베드 제공업체를 구성합니다.",
   "Install": "설치",
+  "Change profile picture": "Change profile picture",
   "Change name": "이름 변경",
   "Change email": "이메일 변경",
   "Suspend user": "사용자 일시 정지",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "인증 후 <em>{{ redirectUri }}</em> 로 리디렉션됩니다. 이 URL을 신뢰하는지 확인하십시오.",
   "read": "읽기",
   "write": "쓰기",
+  "create": "create",
   "read and write": "읽기 및 쓰기",
   "API keys": "API 키",
   "attachments": "첨부",
@@ -1052,8 +1057,10 @@
   "users": "사용자",
   "teams": "팀",
   "workspace": "작업 공간",
+  "Full access": "Full access",
   "Read all data": "모든 데이터 읽기",
   "Write all data": "모든 데이터 쓰기",
+  "Create all data": "Create all data",
   "Any collection": "모든 컬렉션",
   "All time": "모든 시간",
   "Past day": "어제",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "가져오기를 처리 중입니다. 이 페이지를 종료해도 됩니다.",
   "File not supported – please upload a valid ZIP file": "지원되지 않는 파일 – 유효한 ZIP 파일을 업로드하십시오.",
   "Set the default permission level for collections created from the import": "가져오기로 생성된 컬렉션에 대한 기본 권한 수준 설정",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "가져오기 시작",
   "Added by": "추가자",
   "Date added": "추가된 날짜",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "읽지 않은 알림이 앱 아이콘에 표시되는 방식을 선택하세요.",
   "You may delete your account at any time, note that this is unrecoverable": "계정을 언제든지 삭제할 수 있지만, 다시 복구할 수 없습니다",
   "Profile saved": "프로필이 저장되었습니다",
-  "Profile picture updated": "프로필 사진이 업데이트 됨",
-  "Unable to upload new profile picture": "새 프로필 사진을 업로드 할 수 없습니다",
   "Manage how you appear to other members of the workspace.": "워크스페이스의 다른 멤버들에게 어떻게 표시될지 관리합니다.",
   "Photo": "사진",
   "Choose a photo or image to represent yourself.": "당신을 표현하는 사진이나 그림을 선택하세요.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "아직 생성 된 템플릿이 없습니다",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} 는 {{ appName }} 사용하여 문서를 공유하고 있습니다. 계속하려면 로그인하십시오.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "귀하의 이메일 주소로 확인 코드가 전송되었습니다. 워크스페이스를 영구적으로 제거하려면 아래에 코드를 입력하세요.",
-  "Confirmation code": "확인 코드",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "워크스페이스 <1>{{workspaceName}}</1>를 지우면 모든 컬렉션, 문서, 유저, 관련된 데이터를 제거하고 즉시 {{appName}} 에서 로그아웃 됩니다.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "워크스페이스가 완전히 분리되어 있다는 것을 참고하세요. 각 워크스페이스는 다른 도메인, 설정, 사용자, 그리고 지불 설정을 가지고 있을 수 있습니다.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "현재 계정을 사용하여 새 워크스페이스를 만들고 있습니다 — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "이 Webhook에 대한 설명이 포함된 이름과 일치하는 이벤트가 생성될 때 POST 요청을 보내야 하는 URL을 제공합니다.",
   "A memorable identifer": "기억 되는 식별자",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "비밀키 서명",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "모든 이벤트, 그룹 또는 개별 이벤트를 구독하십시오. 애플리케이션이 작동하는 데 필요한 최소한의 이벤트만 구독하는 것이 좋습니다.",
   "All events": "모든 이벤트",
diff --git a/shared/i18n/locales/nb_NO/translation.json b/shared/i18n/locales/nb_NO/translation.json
index dd42680ed3..a6edbb5393 100644
--- a/shared/i18n/locales/nb_NO/translation.json
+++ b/shared/i18n/locales/nb_NO/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Seere kan kun se og kommentere dokumenter.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Er du sikker på at du vil gjøre {{ userName }} til en {{ role }}?",
   "I understand, delete": "Jeg forstår, slett",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Er du sikker på at du vil slette {{ userName }} permanent? Denne operasjonen kan ikke omgjøres, vurder å suspendere brukeren i stedet.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Er du sikker på at du vil suspendere {{ userName }}? Suspendering vil hindre brukeren i å logge inn.",
   "New name": "Nytt navn",
   "Name can't be empty": "Navn kan ikke være tomt",
+  "Profile picture updated": "Profilbilde oppdatert",
+  "Unable to upload new profile picture": "Kan ikke laste opp nytt profilbilde",
+  "Profile picture": "Profilbilde",
+  "Done": "Done",
   "Check your email to verify the new address.": "Sjekk e-posten din for å verifisere den nye adressen.",
   "The email will be changed once verified.": "E-posten vil bli endret når den er blitt verifisert.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "Du vil motta en e-post for å verifisere din nye e-postadresse. Den må være unik i arbeidsområdet.",
@@ -575,7 +579,6 @@
   "Paste a link": "Lim inn en lenke",
   "Delete embed": "Slett embed",
   "Delete image": "Slett bilde",
-  "Profile picture": "Profilbilde",
   "Create a new doc": "Lag et nytt dokument",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} vil ikke bli varslet, da de ikke har tilgang til dette dokumentet",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "Installer",
+  "Change profile picture": "Change profile picture",
   "Change name": "Endre navn",
   "Change email": "Endre e-post",
   "Suspend user": "Suspendere bruker",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "les",
   "write": "skriv",
+  "create": "create",
   "read and write": "les og skriv",
   "API keys": "API-nøkler",
   "attachments": "vedlegg",
@@ -1052,8 +1057,10 @@
   "users": "brukere",
   "teams": "lag",
   "workspace": "arbeidsområde",
+  "Full access": "Full access",
   "Read all data": "Lese alle data",
   "Write all data": "Skrive alle data",
+  "Create all data": "Create all data",
   "Any collection": "Enhver samling",
   "All time": "Når som helst",
   "Past day": "Siste dag",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Importen din blir behandlet, du kan trygt forlate denne siden",
   "File not supported – please upload a valid ZIP file": "Fil ikke støttet – vennligst last opp en gyldig ZIP-fil",
   "Set the default permission level for collections created from the import": "Angi standard tilgangsnivå for samlinger opprettet fra denne importen",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Start import",
   "Added by": "Added by",
   "Date added": "Date added",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "Du kan slette kontoen din når som helst, merk at dette er uopprettelig",
   "Profile saved": "Profil lagret",
-  "Profile picture updated": "Profilbilde oppdatert",
-  "Unable to upload new profile picture": "Kan ikke laste opp nytt profilbilde",
   "Manage how you appear to other members of the workspace.": "Administrer hvordan du fremstår for andre medlemmer av arbeidsområdet.",
   "Photo": "Bilde",
   "Choose a photo or image to represent yourself.": "Velg et bilde for å representere deg selv.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} bruker {{ appName }} til å dele dokumenter, vennligst logg inn for å fortsette.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "En bekreftelseskode har blitt sendt til din e-postadresse, vennligst skriv inn koden nedenfor for å slette dette arbeidsområdet permanent.",
-  "Confirmation code": "Bekreftelseskode",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Sletting av <1>{{workspaceName}}</1>-arbeidsområdet vil ødelegge alle samlinger, dokumenter, brukere og tilknyttede data. Du vil umiddelbart bli logget ut av {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Vær oppmerksom på at arbeidsområder er helt separate. De kan ha et annet domene, innstillinger, brukere og fakturering.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "Du oppretter et nytt arbeidsområde ved hjelp av din nåværende konto — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Gi et beskrivende navn til denne webhooken og URL-en vi bør sende en POST-forespørsel til når tilsvarende hendelser opprettes.",
   "A memorable identifer": "Et minneverdig identifikator",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Signeringshemmelighet",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Abonner på alle hendelser, grupper eller enkelthendelser. Vi anbefaler kun å abonnere på minimum antall hendelser som din applikasjon trenger for å fungere.",
   "All events": "Alle hendelser",
diff --git a/shared/i18n/locales/nl_NL/translation.json b/shared/i18n/locales/nl_NL/translation.json
index a9f4e02d80..9a292ede4d 100644
--- a/shared/i18n/locales/nl_NL/translation.json
+++ b/shared/i18n/locales/nl_NL/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Kijkers kunnen alleen bekijken en reageren op documenten.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Weet je zeker dat je {{ userName }} een {{ role }} wilt maken?",
   "I understand, delete": "Ik begrijp het, verwijder",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Weet je zeker dat je {{ userName }} definitief wilt verwijderen? Deze bewerking kan niet worden hersteld. Overweeg in plaats daarvan de gebruiker te schorsen.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Weet je zeker dat je het account {{ userName }} wilt schorsen? Geschorste gebruikers kunnen niet meer inloggen.",
   "New name": "Nieuwe naam",
   "Name can't be empty": "Naam mag niet leeg zijn",
+  "Profile picture updated": "Profielfoto gewijzigd",
+  "Unable to upload new profile picture": "Kan nieuwe profielfoto niet uploaden",
+  "Profile picture": "Profielfoto",
+  "Done": "Done",
   "Check your email to verify the new address.": "Controleer je e-mail om het nieuwe adres te verifiëren.",
   "The email will be changed once verified.": "De e-mail zal worden gewijzigd na controle.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "Je ontvangt een e-mail om je nieuwe adres te verifiëren. Het moet uniek zijn in de werkruimte.",
@@ -575,7 +579,6 @@
   "Paste a link": "Plak een link",
   "Delete embed": "Insluiting verwijderen",
   "Delete image": "Afbeelding verwijderen",
-  "Profile picture": "Profielfoto",
   "Create a new doc": "Maak een nieuw document",
   "Create a nested doc": "Een geneste doc aanmaken",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} wordt niet verwittigd omdat ze geen toegang hebben tot dit document",
@@ -680,6 +683,7 @@
   "Embeds": "Insluiting",
   "Configure which embed providers are available in the editor.": "Configureer welke insluitingsaanbieders beschikbaar zijn in de editor.",
   "Install": "Installeren",
+  "Change profile picture": "Change profile picture",
   "Change name": "Naam wijzigen",
   "Change email": "Wijzig e-mail",
   "Suspend user": "Blokkeer gebruiker",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "Na autorisatie wordt je doorverwezen naar <em>{{ redirectUri }}</em>. Zorg ervoor dat je deze URL vertrouwt.",
   "read": "lezen",
   "write": "schrijven",
+  "create": "create",
   "read and write": "lezen en schrijven",
   "API keys": "API-sleutels",
   "attachments": "bijlagen",
@@ -1052,8 +1057,10 @@
   "users": "gebruikers",
   "teams": "teams",
   "workspace": "werkruimte",
+  "Full access": "Full access",
   "Read all data": "Lees alle gegevens",
   "Write all data": "Schrijf alle gegevens",
+  "Create all data": "Create all data",
   "Any collection": "Elke collectie",
   "All time": "Gehele tijd",
   "Past day": "Afgelopen dag",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Je import wordt verwerkt, je kan deze pagina veilig verlaten",
   "File not supported – please upload a valid ZIP file": "Bestand niet ondersteund – upload een geldig ZIP-bestand",
   "Set the default permission level for collections created from the import": "Stel het standaard machtingsniveau in voor collecties vanuit de import",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Start importeren",
   "Added by": "Toegevoegd door",
   "Date added": "Datum toegevoegd",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Kies hoe ongelezen meldingen worden aangegeven op het app-pictogram.",
   "You may delete your account at any time, note that this is unrecoverable": "Je kan je account op ieder moment verwijderen. Let op: je account kan niet hersteld worden",
   "Profile saved": "Wijzigingen opgeslagen",
-  "Profile picture updated": "Profielfoto gewijzigd",
-  "Unable to upload new profile picture": "Kan nieuwe profielfoto niet uploaden",
   "Manage how you appear to other members of the workspace.": "Beheer hoe je er uit ziet voor andere deelnemers van de werkruimte.",
   "Photo": "Profielfoto",
   "Choose a photo or image to represent yourself.": "Kies een foto of afbeelding om jezelf weer te geven.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "Er zijn nog geen sjablonen aangemaakt",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} gebruikt {{ appName }} om documenten te delen, log alsjeblieft in om door te gaan.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "Een bevestigingscode is naar je e-mailadres verzonden, voer hieronder de code in om deze werkruimte definitief te verwijderen.",
-  "Confirmation code": "Bevestigingscode",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Het verwijderen van de werkruimte <1>{{workspaceName}}</1> zal alle collecties, documenten, gebruikers en bijbehorende gegevens verwijderen. Je wordt onmiddellijk uitgelogd bij {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Houd er rekening mee dat werkruimtes volledig gescheiden zijn. Ze kunnen een verschillend domein, instellingen, gebruikers en facturering hebben.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "Je maakt een nieuwe werkruimte aan met je huidige account — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Geef een beschrijvende naam op voor deze webhook en de URL waarnaar we een POST-aanvraag moeten sturen wanneer overeenkomende gebeurtenissen worden aangemaakt.",
   "A memorable identifer": "Een memorabele identifer",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Geheim voor ondertekening",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Abonneer je op alle evenementen, groepen of individuele evenementen. We raden je aan om je aan te melden voor een minimale hoeveelheid events die je sollicitatie nodig heeft.",
   "All events": "Alle gebeurtenissen",
diff --git a/shared/i18n/locales/pl_PL/translation.json b/shared/i18n/locales/pl_PL/translation.json
index e0abc9fa9e..fa555fdc3d 100644
--- a/shared/i18n/locales/pl_PL/translation.json
+++ b/shared/i18n/locales/pl_PL/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Widzowie mogą tylko wyświetlać i komentować dokumenty.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Czy na pewno chcesz uczynić {{ userName }} {{ role }}?",
   "I understand, delete": "Rozumiem, usuń",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Czy na pewno chcesz trwale usunąć {{ userName }}? Ta operacja jest nieodwracalna, zamiast tego rozważ zawieszenie użytkownika.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Czy na pewno chcesz zawiesić konto {{ userName }}? Zawieszeni użytkownicy nie będą mogli się zalogować.",
   "New name": "Nowa nazwa",
   "Name can't be empty": "Nazwa nie może być pusta",
+  "Profile picture updated": "Zaktualizowano zdjęcie profilowe",
+  "Unable to upload new profile picture": "Nie można przesłać nowego zdjęcia profilowego",
+  "Profile picture": "Zdjęcie profilowe",
+  "Done": "Done",
   "Check your email to verify the new address.": "Sprawdź swój adres e-mail, aby zweryfikować nowy adres.",
   "The email will be changed once verified.": "Adres e-mail zostanie zmieniony po weryfikacji.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "Otrzymasz e-mail, aby zweryfikować swój nowy adres. Musi być unikalny w obszarze roboczym.",
@@ -575,7 +579,6 @@
   "Paste a link": "Wklej link",
   "Delete embed": "Usuń osadzenie",
   "Delete image": "Usuń obraz",
-  "Profile picture": "Zdjęcie profilowe",
   "Create a new doc": "Utwórz nowy dokument",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} nie zostanie powiadomiony, ponieważ nie mają dostępu do tego dokumentu",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "Zainstaluj",
+  "Change profile picture": "Change profile picture",
   "Change name": "Zmień nazwę",
   "Change email": "Zmień adres e-mail",
   "Suspend user": "Zawieś użytkownika",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "odczyt",
   "write": "zapis",
+  "create": "create",
   "read and write": "odczyt i zapis",
   "API keys": "Klucze API",
   "attachments": "załączniki",
@@ -1052,8 +1057,10 @@
   "users": "użytkownicy",
   "teams": "zespoły",
   "workspace": "obszar roboczy",
+  "Full access": "Full access",
   "Read all data": "Odczyt wszystkich danych",
   "Write all data": "Zapis wszystkich danych",
+  "Create all data": "Create all data",
   "Any collection": "Dowolna kolekcja",
   "All time": "Przez cały czas",
   "Past day": "Poprzedni dzień",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Twój import jest przetwarzany, możesz bezpiecznie opuścić tę stronę",
   "File not supported – please upload a valid ZIP file": "Plik nieobsługiwany – prześlij prawidłowy plik ZIP",
   "Set the default permission level for collections created from the import": "Ustaw domyślny poziom uprawnień dla kolekcji utworzonych z importu",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Rozpocznij importowanie",
   "Added by": "Added by",
   "Date added": "Date added",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "Możesz usunąć swoje konto w dowolnym momencie, pamiętaj, że jest to nie do odzyskania",
   "Profile saved": "Profil został zapisany",
-  "Profile picture updated": "Zaktualizowano zdjęcie profilowe",
-  "Unable to upload new profile picture": "Nie można przesłać nowego zdjęcia profilowego",
   "Manage how you appear to other members of the workspace.": "Zarządzaj swoim wyglądem dla innych członków obszaru roboczego.",
   "Photo": "Zdjęcie",
   "Choose a photo or image to represent yourself.": "Wybierz zdjęcie lub obraz, który będzie Cię przedstawiał.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} używa {{ appName }} do udostępniania dokumentów, zaloguj się, aby kontynuować.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "Na Twój adres e-mail został wysłany kod potwierdzający, wpisz poniżej kod, aby trwale zniszczyć ten obszar roboczy.",
-  "Confirmation code": "Kod potwierdzający",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Usunięcie obszaru roboczego <1>{{workspaceName}}</1> zniszczy wszystkie kolekcje, dokumenty, użytkowników i powiązane dane. Zostaniesz natychmiast wylogowany z {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Zauważ, że obszary robocze są całkowicie oddzielne. Mogą mieć inny domenę, ustawienia, użytkowników i rozliczenia.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "Tworzysz nowy obszar roboczy przy użyciu bieżącego konta — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Podaj opisową nazwę dla tego webhooka oraz adres URL, na który powinniśmy wysłać żądanie POST, gdy zostaną utworzone pasujące wydarzenia.",
   "A memorable identifer": "Zapamiętywalny identyfikator",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Sekret podpisu",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Subskrybuj wszystkie wydarzenia, grupy wydarzeń lub pojedyncze wydarzenia. Zalecamy subskrybowanie tylko minimalnej liczby wydarzeń, które są potrzebne Twojej aplikacji do funkcjonowania.",
   "All events": "Wszystkie wydarzenia",
diff --git a/shared/i18n/locales/pt_BR/translation.json b/shared/i18n/locales/pt_BR/translation.json
index 1c43513868..55bdab2f04 100644
--- a/shared/i18n/locales/pt_BR/translation.json
+++ b/shared/i18n/locales/pt_BR/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Visualizadores só podem visualizar e comentar em documentos.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Tem certeza que deseja tornar {{ userName }} um {{ role }}?",
   "I understand, delete": "Eu entendo, excluir",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Tem certeza que deseja excluir {{ userName }} permanentemente? Esta operação não é recuperável, considere suspender o usuário.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Tem certeza que deseja suspender {{ userName }}? Usuários suspensos serão impedidos de acessar a aplicação.",
   "New name": "Novo nome",
   "Name can't be empty": "O nome não pode estar vazio",
+  "Profile picture updated": "Imagem do perfil atualizada",
+  "Unable to upload new profile picture": "Não foi possível carregar a nova imagem de perfil",
+  "Profile picture": "Imagem do perfil",
+  "Done": "Done",
   "Check your email to verify the new address.": "Verifique seu e-mail para confirmar o novo endereço.",
   "The email will be changed once verified.": "O email será alterado depois de ser verificado.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "Você receberá um e-mail para verificar seu novo endereço. Ele deve ser único no espaço de trabalho.",
@@ -575,7 +579,6 @@
   "Paste a link": "Cole um link",
   "Delete embed": "Deletar embed",
   "Delete image": "Excluir imagem",
-  "Profile picture": "Imagem do perfil",
   "Create a new doc": "Criar um novo documento",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} não será notificado, pois não tem acesso a este documento",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "Instalar",
+  "Change profile picture": "Change profile picture",
   "Change name": "Renomear",
   "Change email": "Alterar e-mail",
   "Suspend user": "Suspender usuário",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "ler",
   "write": "escrever",
+  "create": "create",
   "read and write": "leitura e escrita",
   "API keys": "Chaves API",
   "attachments": "anexos",
@@ -1052,8 +1057,10 @@
   "users": "usuários",
   "teams": "equipes",
   "workspace": "espaço de trabalho",
+  "Full access": "Full access",
   "Read all data": "Ler todos os dados",
   "Write all data": "Escrever todos os dados",
+  "Create all data": "Create all data",
   "Any collection": "Qualquer coleção",
   "All time": "Desde o início",
   "Past day": "Dia anterior",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Sua importação está sendo processada, você pode sair dessa página com segurança",
   "File not supported – please upload a valid ZIP file": "Arquivo não suportado – faça upload de um arquivo ZIP válido",
   "Set the default permission level for collections created from the import": "Definir o nível de permissão padrão para coleções criadas a partir da importação",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Iniciar importação",
   "Added by": "Added by",
   "Date added": "Date added",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "Você pode excluir sua conta a qualquer momento, note que isso não é recuperável",
   "Profile saved": "Perfil salvo",
-  "Profile picture updated": "Imagem do perfil atualizada",
-  "Unable to upload new profile picture": "Não foi possível carregar a nova imagem de perfil",
   "Manage how you appear to other members of the workspace.": "Gerencie como você aparece para outros membros do espaço de trabalho.",
   "Photo": "Foto",
   "Choose a photo or image to represent yourself.": "Escolha uma foto ou imagem para te representar.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} Está usando {{ appName }} para compartilhar documentos, por favor, inicie a sessão para continuar.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "Um código de confirmação foi enviado para seu endereço de e-mail, por favor insira o código abaixo para destruir permanentemente este espaço de trabalho.",
-  "Confirmation code": "Código de confirmação",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Excluindo o espaço de trabalho <1>{{workspaceName}}</1> destruirá todas as coleções, documentos, usuários e dados associados. Você será desconectado imediatamente do {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Observe que os espaços de trabalho são completamente separados. Eles podem ter domínios, configurações, usuários e faturamentos diferentes.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "Você está criando um novo espaço de trabalho utilizando sua conta atual — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Forneça um nome descritivo para este webhook e a URL para a qual devemos enviar uma solicitação POST quando eventos correspondentes forem criados.",
   "A memorable identifer": "Um identificador memorável",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Segredo de assinatura",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Inscreva-se em todos os eventos, grupos, ou eventos individuais. Recomendamos que se inscreva apenas a quantidade mínima de eventos que sua aplicação precisa para funcionar.",
   "All events": "Todos eventos",
diff --git a/shared/i18n/locales/pt_PT/translation.json b/shared/i18n/locales/pt_PT/translation.json
index c304313476..89f4328d33 100644
--- a/shared/i18n/locales/pt_PT/translation.json
+++ b/shared/i18n/locales/pt_PT/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Leitores podem apenas ver e comentar documentos.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Tem certeza que quer tornar {{ userName }} um {{ role }}?",
   "I understand, delete": "Eu entendo, eliminar",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Tem certeza que deseja excluir {{ userName }} permanentemente? Esta operação não é reversível, considere apenas suspender o utilizador.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Tem certeza que quer suspender {{ userName }}? Utilizadores suspensos serão impedidos de aceder.",
   "New name": "Novo nome",
   "Name can't be empty": "Nome não pode estar vazio",
+  "Profile picture updated": "Foto de perfil foi atualizada",
+  "Unable to upload new profile picture": "Não é possível carregar uma nova foto de perfil",
+  "Profile picture": "Imagem de perfil",
+  "Done": "Done",
   "Check your email to verify the new address.": "Check your email to verify the new address.",
   "The email will be changed once verified.": "The email will be changed once verified.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "You will receive an email to verify your new address. It must be unique in the workspace.",
@@ -575,7 +579,6 @@
   "Paste a link": "Inserir um link",
   "Delete embed": "Delete embed",
   "Delete image": "Eliminar imagem",
-  "Profile picture": "Imagem de perfil",
   "Create a new doc": "Criar um novo documento",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} won't be notified, as they do not have access to this document",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "Install",
+  "Change profile picture": "Change profile picture",
   "Change name": "Alterar o nome",
   "Change email": "Change email",
   "Suspend user": "Suspender utilizador",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "read",
   "write": "write",
+  "create": "create",
   "read and write": "read and write",
   "API keys": "API keys",
   "attachments": "attachments",
@@ -1052,8 +1057,10 @@
   "users": "users",
   "teams": "teams",
   "workspace": "workspace",
+  "Full access": "Full access",
   "Read all data": "Read all data",
   "Write all data": "Write all data",
+  "Create all data": "Create all data",
   "Any collection": "Qualquer coleção",
   "All time": "All time",
   "Past day": "Último dia",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Importação está a ser processada, pode sair desta página com segurança",
   "File not supported – please upload a valid ZIP file": "Ficheiro não suportado — envie um ficheiro ZIP válido",
   "Set the default permission level for collections created from the import": "Definir o nível de permissão padrão para coleções criadas a partir da importação",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Iniciar importação",
   "Added by": "Added by",
   "Date added": "Date added",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "Pode apagar a sua conta a qualquer momento, atenção que isso é irrecuperável",
   "Profile saved": "Perfil guardado",
-  "Profile picture updated": "Foto de perfil foi atualizada",
-  "Unable to upload new profile picture": "Não é possível carregar uma nova foto de perfil",
   "Manage how you appear to other members of the workspace.": "Gerir como aparece para outros membros da área de trabalho.",
   "Photo": "Foto",
   "Choose a photo or image to represent yourself.": "Escolha uma foto ou imagem que o represente.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} está a usar {{ appName }} para partilhar documentos, entre para continuar.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "Um código de confirmação foi enviado para o seu endereço de e-mail, por favor introduza o código abaixo para eliminar permanentemente a área de trabalho.",
-  "Confirmation code": "Código de confirmação",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Excluir área de trabalho  <1>{{workspaceName}}</1> eliminará todas as coleções, documentos, utilizadores, e dados associados. Será desligado imediatamente do {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Por favor, note que as áreas de trabalho estão completamente isoladas. Elas podem ter um domínio, configurações, utilizadores e faturação distintos.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "Está a criar uma área de trabalho utilizando a conta atual — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Forneça um nome descritivo para este webhook e a URL para a qual devemos enviar um pedido POST quando os eventos correspondentes forem criados.",
   "A memorable identifer": "Um identifador memorável",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Segredo de assinatura",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Inscreva-se em todos os eventos, grupos ou eventos individuais. Recomendamos que se inscreva apenas a quantidade mínima de eventos que a aplicação precisa para funcionar.",
   "All events": "Todos os eventos",
diff --git a/shared/i18n/locales/ro_RO/translation.json b/shared/i18n/locales/ro_RO/translation.json
index 6d1355d8ed..43195a1e03 100644
--- a/shared/i18n/locales/ro_RO/translation.json
+++ b/shared/i18n/locales/ro_RO/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Viewers can only view and comment on documents.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Are you sure you want to make {{ userName }} a {{ role }}?",
   "I understand, delete": "I understand, delete",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.",
   "New name": "New name",
   "Name can't be empty": "Name can't be empty",
+  "Profile picture updated": "Profile picture updated",
+  "Unable to upload new profile picture": "Unable to upload new profile picture",
+  "Profile picture": "Profile picture",
+  "Done": "Done",
   "Check your email to verify the new address.": "Check your email to verify the new address.",
   "The email will be changed once verified.": "The email will be changed once verified.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "You will receive an email to verify your new address. It must be unique in the workspace.",
@@ -575,7 +579,6 @@
   "Paste a link": "Paste a link",
   "Delete embed": "Delete embed",
   "Delete image": "Delete image",
-  "Profile picture": "Profile picture",
   "Create a new doc": "Create a new doc",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} won't be notified, as they do not have access to this document",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "Install",
+  "Change profile picture": "Change profile picture",
   "Change name": "Change name",
   "Change email": "Change email",
   "Suspend user": "Suspend user",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "read",
   "write": "write",
+  "create": "create",
   "read and write": "read and write",
   "API keys": "API keys",
   "attachments": "attachments",
@@ -1052,8 +1057,10 @@
   "users": "users",
   "teams": "teams",
   "workspace": "workspace",
+  "Full access": "Full access",
   "Read all data": "Read all data",
   "Write all data": "Write all data",
+  "Create all data": "Create all data",
   "Any collection": "Any collection",
   "All time": "All time",
   "Past day": "Past day",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Your import is being processed, you can safely leave this page",
   "File not supported – please upload a valid ZIP file": "File not supported – please upload a valid ZIP file",
   "Set the default permission level for collections created from the import": "Set the default permission level for collections created from the import",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Start import",
   "Added by": "Added by",
   "Date added": "Date added",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "You may delete your account at any time, note that this is unrecoverable",
   "Profile saved": "Profile saved",
-  "Profile picture updated": "Profile picture updated",
-  "Unable to upload new profile picture": "Unable to upload new profile picture",
   "Manage how you appear to other members of the workspace.": "Manage how you appear to other members of the workspace.",
   "Photo": "Photo",
   "Choose a photo or image to represent yourself.": "Choose a photo or image to represent yourself.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} is using {{ appName }} to share documents, please login to continue.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.",
-  "Confirmation code": "Confirmation code",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "You are creating a new workspace using your current account — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.",
   "A memorable identifer": "A memorable identifer",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Signing secret",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.",
   "All events": "All events",
diff --git a/shared/i18n/locales/sv_SE/translation.json b/shared/i18n/locales/sv_SE/translation.json
index da970078de..53a80da7d5 100644
--- a/shared/i18n/locales/sv_SE/translation.json
+++ b/shared/i18n/locales/sv_SE/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Läsare kan bara se och kommentera dokument.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Är du säker på att du vill göra {{ userName }} till {{ role }}?",
   "I understand, delete": "Jag förstår, ta bort",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Är du säker på att du vill ta bort {{ userName }} permanent? Denna åtgärd är oåterkallelig, överväg att stänga av användaren istället.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Är du säker på att du vill stänga av {{ userName }}? Avstängda användare kommer att hindras från att logga in.",
   "New name": "Nytt namn",
   "Name can't be empty": "Namnet kan inte vara tomt",
+  "Profile picture updated": "Profilbild uppdaterades",
+  "Unable to upload new profile picture": "Det gick inte att ladda upp ny profilbild",
+  "Profile picture": "Profilbild",
+  "Done": "Done",
   "Check your email to verify the new address.": "Check your email to verify the new address.",
   "The email will be changed once verified.": "The email will be changed once verified.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "You will receive an email to verify your new address. It must be unique in the workspace.",
@@ -575,7 +579,6 @@
   "Paste a link": "Klistra in en länk",
   "Delete embed": "Ta bort inbäddning",
   "Delete image": "Ta bort bild",
-  "Profile picture": "Profilbild",
   "Create a new doc": "Skapa nytt dokument",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} won't be notified, as they do not have access to this document",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "Installera",
+  "Change profile picture": "Change profile picture",
   "Change name": "Ändra namn",
   "Change email": "Ändra e-post",
   "Suspend user": "Stäng av användaren",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "läs",
   "write": "skriv",
+  "create": "create",
   "read and write": "läs och skriv",
   "API keys": "API-nycklar",
   "attachments": "bifogade filer",
@@ -1052,8 +1057,10 @@
   "users": "användare",
   "teams": "team",
   "workspace": "arbetsyta",
+  "Full access": "Full access",
   "Read all data": "Läs all data",
   "Write all data": "Skriv all data",
+  "Create all data": "Create all data",
   "Any collection": "Valfri samling",
   "All time": "Alltid",
   "Past day": "Föregående dag",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Din import bearbetas, du kan lämna denna sidan",
   "File not supported – please upload a valid ZIP file": "Filen stöds inte – ladda upp en giltig ZIP-fil",
   "Set the default permission level for collections created from the import": "Ange standard behörighetsnivå för samlingar som skapats från importen",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Starta import",
   "Added by": "Added by",
   "Date added": "Date added",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "Du kan när som helst radera ditt konto, notera att detta inte går att återställa",
   "Profile saved": "Profilen har sparats",
-  "Profile picture updated": "Profilbild uppdaterades",
-  "Unable to upload new profile picture": "Det gick inte att ladda upp ny profilbild",
   "Manage how you appear to other members of the workspace.": "Hantera hur du visas för andra medlemmar i arbetsytan.",
   "Photo": "Foto",
   "Choose a photo or image to represent yourself.": "Välj ett foto eller en bild för att representera dig.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} använder {{ appName }} för att dela dokument, logga in för att fortsätta.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "En bekräftelsekod har skickats till din e-postadress, ange koden nedan för att permanent förstöra denna arbetsyta.",
-  "Confirmation code": "Bekräftelsekod",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Om du tar bort arbetsytan <1>{{workspaceName}}</1> kommer alla samlingar, dokument, användare och tillhörande data att förstöras. Du kommer omedelbart att loggas ut från {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Observera att arbetsytor är helt åtskilda. De kan ha olika domäner, inställningar, användare och fakturering.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "Du skapar en ny arbetsyta med ditt nuvarande konto — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Ange ett beskrivande namn för denna webhook och den URL vi bör skicka en POST-begäran till när matchande händelser skapas.",
   "A memorable identifer": "En minnesvärd identifierare",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Signeringshemlighet",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Prenumerera på alla evenemang, grupper eller enskilda evenemang. Vi rekommenderar att du endast prenumererar på det minsta antalet händelser som din applikation behöver för att fungera.",
   "All events": "Alla aktiviteter",
diff --git a/shared/i18n/locales/th_TH/translation.json b/shared/i18n/locales/th_TH/translation.json
index db121c404b..1335618b60 100644
--- a/shared/i18n/locales/th_TH/translation.json
+++ b/shared/i18n/locales/th_TH/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Viewers can only view and comment on documents.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Are you sure you want to make {{ userName }} a {{ role }}?",
   "I understand, delete": "I understand, delete",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.",
   "New name": "New name",
   "Name can't be empty": "Name can't be empty",
+  "Profile picture updated": "Profile picture updated",
+  "Unable to upload new profile picture": "Unable to upload new profile picture",
+  "Profile picture": "Profile picture",
+  "Done": "Done",
   "Check your email to verify the new address.": "Check your email to verify the new address.",
   "The email will be changed once verified.": "The email will be changed once verified.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "You will receive an email to verify your new address. It must be unique in the workspace.",
@@ -575,7 +579,6 @@
   "Paste a link": "วางลิงก์",
   "Delete embed": "Delete embed",
   "Delete image": "ลบรูป",
-  "Profile picture": "Profile picture",
   "Create a new doc": "สร้างเอกสารใหม่",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} won't be notified, as they do not have access to this document",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "Install",
+  "Change profile picture": "Change profile picture",
   "Change name": "Change name",
   "Change email": "Change email",
   "Suspend user": "Suspend user",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "read",
   "write": "write",
+  "create": "create",
   "read and write": "read and write",
   "API keys": "API keys",
   "attachments": "attachments",
@@ -1052,8 +1057,10 @@
   "users": "users",
   "teams": "teams",
   "workspace": "workspace",
+  "Full access": "Full access",
   "Read all data": "Read all data",
   "Write all data": "Write all data",
+  "Create all data": "Create all data",
   "Any collection": "Any collection",
   "All time": "All time",
   "Past day": "Past day",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Your import is being processed, you can safely leave this page",
   "File not supported – please upload a valid ZIP file": "File not supported – please upload a valid ZIP file",
   "Set the default permission level for collections created from the import": "Set the default permission level for collections created from the import",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Start import",
   "Added by": "Added by",
   "Date added": "Date added",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "You may delete your account at any time, note that this is unrecoverable",
   "Profile saved": "Profile saved",
-  "Profile picture updated": "Profile picture updated",
-  "Unable to upload new profile picture": "Unable to upload new profile picture",
   "Manage how you appear to other members of the workspace.": "Manage how you appear to other members of the workspace.",
   "Photo": "Photo",
   "Choose a photo or image to represent yourself.": "Choose a photo or image to represent yourself.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} is using {{ appName }} to share documents, please login to continue.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.",
-  "Confirmation code": "Confirmation code",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "You are creating a new workspace using your current account — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.",
   "A memorable identifer": "A memorable identifer",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Signing secret",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.",
   "All events": "All events",
diff --git a/shared/i18n/locales/tr_TR/translation.json b/shared/i18n/locales/tr_TR/translation.json
index 5d60f8125b..696ba8a046 100644
--- a/shared/i18n/locales/tr_TR/translation.json
+++ b/shared/i18n/locales/tr_TR/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Görüntüleyiciler yalnızca belgeleri görüntüleyebilir ve yorum yapabilir.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "{{ userName }} kullanıcısını {{ role }} yapmak istediğinizden emin misiniz?",
   "I understand, delete": "Anlıyorum, sil",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "{{ userName }} kullanıcısını kalıcı olarak silmek istediğinizden emin misiniz? Bu işlem geri alınamaz, bunun yerine kullanıcıyı askıya almayı düşünün.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "{{ userName }} kullanıcısını askıya almak istediğinizden emin misiniz? Askıya alınan kullanıcıların giriş yapması engellenecektir.",
   "New name": "Yeni ad",
   "Name can't be empty": "Ad boş olamaz",
+  "Profile picture updated": "Profil fotoğrafı güncellendi",
+  "Unable to upload new profile picture": "Yeni profil fotoğrafı yüklenemiyor",
+  "Profile picture": "Profil fotoğrafı",
+  "Done": "Done",
   "Check your email to verify the new address.": "Yeni adresi doğrulamak için e-postanızı kontrol edin.",
   "The email will be changed once verified.": "E-posta doğrulandıktan sonra değiştirilecektir.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "Yeni adresinizi doğrulamak için bir e-posta alacaksınız. Bu adres, çalışma alanında benzersiz olmalıdır.",
@@ -575,7 +579,6 @@
   "Paste a link": "Bir bağlantı yapıştırın",
   "Delete embed": "Yerleştirmeyi sil",
   "Delete image": "Resmi sil",
-  "Profile picture": "Profil fotoğrafı",
   "Create a new doc": "Yeni bir belge oluştur",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} bu belgeye erişimi olmadığı için bildirim almayacak",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "Yükle",
+  "Change profile picture": "Change profile picture",
   "Change name": "Adı değiştir",
   "Change email": "E-postayı değiştir",
   "Suspend user": "Kullanıcıyı askıya al",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "Yetkilendirmeyi tamamladıktan sonra <em>{{ redirectUri }}</em> adresine yönlendirileceksiniz. Bu URL'e güvenebileceğinizden emin olun.",
   "read": "oku",
   "write": "yaz",
+  "create": "create",
   "read and write": "oku ve yaz",
   "API keys": "API anahtarları",
   "attachments": "ekler",
@@ -1052,8 +1057,10 @@
   "users": "kullanıcılar",
   "teams": "ekipler",
   "workspace": "çalışma alanı",
+  "Full access": "Full access",
   "Read all data": "Tüm verileri oku",
   "Write all data": "Tüm verileri yaz",
+  "Create all data": "Create all data",
   "Any collection": "Herhangi bir koleksiyon",
   "All time": "Tüm zamanlar",
   "Past day": "Geçen gün",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "İçe aktarımınız işleniyor, bu sayfadan güvenle ayrılabilirsiniz",
   "File not supported – please upload a valid ZIP file": "Dosya desteklenmiyor – lütfen geçerli bir ZIP dosyası yükleyin",
   "Set the default permission level for collections created from the import": "İçe aktarımdan oluşturulan koleksiyonlar için varsayılan izin düzeyini belirleyin",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "İçe aktarmayı başlat",
   "Added by": "Added by",
   "Date added": "Date added",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "Hesabınızı istediğiniz zaman silebilirsiniz, bunun kurtarılamaz olduğunu unutmayın",
   "Profile saved": "Profil kaydedildi",
-  "Profile picture updated": "Profil fotoğrafı güncellendi",
-  "Unable to upload new profile picture": "Yeni profil fotoğrafı yüklenemiyor",
   "Manage how you appear to other members of the workspace.": "Çalışma alanının diğer üyelerine nasıl göründüğünüzü yönetin.",
   "Photo": "Fotoğraf",
   "Choose a photo or image to represent yourself.": "Kendinizi temsil edecek bir fotoğraf veya resim seçin.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }}, belgeleri paylaşmak için {{ appName }} kullanıyor, devam etmek için lütfen giriş yapın.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "E-posta adresinize bir onay kodu gönderildi, bu çalışma alanını kalıcı olarak yok etmek için lütfen kodu aşağıya girin.",
-  "Confirmation code": "Onay kodu",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "<1>{{workspaceName}}</1> çalışma alanını silmek, tüm koleksiyonları, belgeleri, kullanıcıları ve ilişkili verileri yok edecektir. {{appName}} uygulamasından hemen çıkışınız yapılacaktır.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Çalışma alanlarının tamamen ayrı olduğunu lütfen unutmayın. Farklı bir alan adı, ayarlar, kullanıcılar ve faturalandırmaya sahip olabilirler.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "Mevcut hesabınızı (<em>{{email}}</em>) kullanarak yeni bir çalışma alanı oluşturuyorsunuz",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Bu webhook için açıklayıcı bir ad ve eşleşen olaylar oluşturulduğunda POST isteği göndermemiz gereken URL'yi sağlayın.",
   "A memorable identifer": "Akılda kalıcı bir tanımlayıcı",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Gizli anahtar imzalama",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Tüm olaylara, gruplara veya bireysel olaylara abone olun. Uygulamanızın işlev görmesi için gereken minimum olay miktarına abone olmanızı öneririz.",
   "All events": "Tüm olaylar",
diff --git a/shared/i18n/locales/uk_UA/translation.json b/shared/i18n/locales/uk_UA/translation.json
index 33fc58278e..70b080f9aa 100644
--- a/shared/i18n/locales/uk_UA/translation.json
+++ b/shared/i18n/locales/uk_UA/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Переглядачі можуть переглядати й коментувати документи.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Ви впевнені, що хочете зробити з {{ userName }} в ролі {{ role }}?",
   "I understand, delete": "Я розумію, видалити",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Ви впевнені, що бажаєте остаточно видалити {{ userName }}? Цю операцію неможливо скасувати, подумайте натомість про деактивацію користувача.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Ви впевнені, що хочете заблокувати {{ userName }}? Заблоковані користувачі не зможуть увійти.",
   "New name": "Нова назва",
   "Name can't be empty": "Назва не може бути незаповненою",
+  "Profile picture updated": "Зображення профілю оновлено",
+  "Unable to upload new profile picture": "Не вдалося завантажити нове зображення профілю",
+  "Profile picture": "Аватар",
+  "Done": "Done",
   "Check your email to verify the new address.": "Перевірте вашу електронну пошту для підтвердження нової адреси.",
   "The email will be changed once verified.": "Електронну пошту буде змінено після перевірки.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "Ви отримаєте електронний лист для підтвердження своєї нової адреси. Вона має бути унікальною у робочій області.",
@@ -575,7 +579,6 @@
   "Paste a link": "Вставити посилання",
   "Delete embed": "Видалити вкладення",
   "Delete image": "Видалити зображення",
-  "Profile picture": "Аватар",
   "Create a new doc": "Створіть новий документ",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} не буде повідомлено, тому що він не має доступу до цього документа",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "Встановити",
+  "Change profile picture": "Change profile picture",
   "Change name": "Змінити ім'я",
   "Change email": "Змінити ел. скриньку",
   "Suspend user": "Тимчасово заблокувати користувача",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "Ви будете перенаправлені на <em>{{ redirectUri }}</em> після авторизації. Переконайтеся, що ви довіряєте цій URL-адресі.",
   "read": "читати",
   "write": "писати",
+  "create": "create",
   "read and write": "читати і писати",
   "API keys": "Ключі API",
   "attachments": "Вкладення",
@@ -1052,8 +1057,10 @@
   "users": "користувачі",
   "teams": "команди",
   "workspace": "workspace",
+  "Full access": "Full access",
   "Read all data": "Read all data",
   "Write all data": "Write all data",
+  "Create all data": "Create all data",
   "Any collection": "Будь-яка колекція",
   "All time": "Увесь час",
   "Past day": "Учора",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Ваш імпорт обробляється, ви можете спокійно покинути цю сторінку",
   "File not supported – please upload a valid ZIP file": "Файл не підтримується – завантажте дійсний файл ZIP",
   "Set the default permission level for collections created from the import": "Set the default permission level for collections created from the import",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Почати імпорт",
   "Added by": "Ким додано",
   "Date added": "Дата додавання",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "Ви можете видалити свій обліковий запис у будь-який час, зауважте, що це невиправно",
   "Profile saved": "Профіль збережено",
-  "Profile picture updated": "Зображення профілю оновлено",
-  "Unable to upload new profile picture": "Не вдалося завантажити нове зображення профілю",
   "Manage how you appear to other members of the workspace.": "Керуйте своїм виглядом для інших учасників робочого простору.",
   "Photo": "Фото",
   "Choose a photo or image to represent yourself.": "Виберіть фотографію або зображення, щоб представити себе.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} використовує {{ appName }} для обміну документами, увійдіть, щоб продовжити.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "Код підтвердження надіслано на вашу електронну пошту. Введіть код в поле нижче, щоб назавжди видалити цей робочий простір.",
-  "Confirmation code": "Код підтвердження",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "You are creating a new workspace using your current account — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Укажіть описову назву для цього вебхуку та URL-адресу, на яку ми маємо надіслати запит POST, коли створюються відповідні події.",
   "A memorable identifer": "Ідентифікатор, що запам'ятовується",
   "URL": "URL-адреса",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Секретний ключ",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Підписатись на всі події, групи або окремі події. Ми рекомендуємо підписуватися лише на мінімальну кількість подій, необхідних для роботи вашої програми.",
   "All events": "Всі події",
diff --git a/shared/i18n/locales/vi_VN/translation.json b/shared/i18n/locales/vi_VN/translation.json
index 2b44c3818b..8307b6056b 100644
--- a/shared/i18n/locales/vi_VN/translation.json
+++ b/shared/i18n/locales/vi_VN/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "Viewers can only view and comment on documents.",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "Are you sure you want to make {{ userName }} a {{ role }}?",
   "I understand, delete": "Tôi hiểu, xóa",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "Bạn có chắc muốn xóa vĩnh viễn {{ userName }}? Thao tác này không thể khôi phục được, hãy cân nhắc treo tài khoản đó.",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "Bạn có chắc chắn muốn tạm ngưng tài khoản này không? Người dùng bị treo sẽ bị ngăn đăng nhập.",
   "New name": "Tên mới",
   "Name can't be empty": "Không được để trống tên",
+  "Profile picture updated": "Đã cập nhật ảnh hồ sơ",
+  "Unable to upload new profile picture": "Không thể tải lên ảnh hồ sơ mới",
+  "Profile picture": "Ảnh đại diện",
+  "Done": "Done",
   "Check your email to verify the new address.": "Check your email to verify the new address.",
   "The email will be changed once verified.": "The email will be changed once verified.",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "You will receive an email to verify your new address. It must be unique in the workspace.",
@@ -575,7 +579,6 @@
   "Paste a link": "Dán đường link",
   "Delete embed": "Xóa phần nhúng",
   "Delete image": "Xóa ảnh",
-  "Profile picture": "Ảnh đại diện",
   "Create a new doc": "Tạo một tài liệu mới",
   "Create a nested doc": "Create a nested doc",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} sẽ không được thông báo, bởi vì họ không có quyền truy cập tài liệu này",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "Cài đặt",
+  "Change profile picture": "Change profile picture",
   "Change name": "Đổi tên",
   "Change email": "Thay đổi email",
   "Suspend user": "Treo tài khoản",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "read",
   "write": "write",
+  "create": "create",
   "read and write": "read and write",
   "API keys": "API keys",
   "attachments": "attachments",
@@ -1052,8 +1057,10 @@
   "users": "users",
   "teams": "teams",
   "workspace": "workspace",
+  "Full access": "Full access",
   "Read all data": "Read all data",
   "Write all data": "Write all data",
+  "Create all data": "Create all data",
   "Any collection": "Tất cả bộ sưu tập",
   "All time": "All time",
   "Past day": "Ngày hôm qua",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "Quá trình nhập của bạn đang được xử lý, bạn có thể rời khỏi trang này một cách an toàn",
   "File not supported – please upload a valid ZIP file": "Tệp không được hỗ trợ - vui lòng tải lên tệp ZIP hợp lệ",
   "Set the default permission level for collections created from the import": "Set the default permission level for collections created from the import",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "Start import",
   "Added by": "Added by",
   "Date added": "Date added",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "Bạn có thể xóa tài khoản của mình bất kỳ lúc nào, lưu ý rằng điều này không thể khôi phục được",
   "Profile saved": "Hồ sơ đã lưu",
-  "Profile picture updated": "Đã cập nhật ảnh hồ sơ",
-  "Unable to upload new profile picture": "Không thể tải lên ảnh hồ sơ mới",
   "Manage how you appear to other members of the workspace.": "Quản lý cách bạn xuất hiện với các thành viên khác trong không gian làm việc.",
   "Photo": "Ảnh",
   "Choose a photo or image to represent yourself.": "Chọn một bức ảnh hoặc hình ảnh để đại diện cho chính bạn.",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} đang sử dụng {{ appName }} để chia sẻ tài liệu, vui lòng đăng nhập để tiếp tục.",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.",
-  "Confirmation code": "Confirmation code",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "You are creating a new workspace using your current account — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "Cung cấp tên mô tả cho webhook này và URL mà chúng tôi sẽ gửi yêu cầu POST khi tạo các sự kiện phù hợp.",
   "A memorable identifer": "Một nhận dạng đáng nhớ",
   "URL": "Đường Dẫn URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "Chữ ký bí mật",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "Đăng ký tất cả các sự kiện, nhóm hoặc sự kiện riêng lẻ. Chúng tôi khuyên bạn chỉ nên đăng ký số lượng sự kiện tối thiểu mà ứng dụng của bạn cần để hoạt động.",
   "All events": "Tất cả các sự kiện",
diff --git a/shared/i18n/locales/zh_CN/translation.json b/shared/i18n/locales/zh_CN/translation.json
index 86febc2dd0..f141c552ed 100644
--- a/shared/i18n/locales/zh_CN/translation.json
+++ b/shared/i18n/locales/zh_CN/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "浏览者只能浏览和评论文档。",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "您确定要设置 {{ userName }} 作为 {{ role }} 吗？",
   "I understand, delete": "我了解，删除",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "你确定要永久删除 {{ userName }} 吗？此操作不可恢复，请考虑停用用户而非删除。",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "您确定要停用账户 {{ userName }} 吗？被停用的用户将无法登录。",
   "New name": "新的名称",
   "Name can't be empty": "名称不能为空",
+  "Profile picture updated": "头像已更新",
+  "Unable to upload new profile picture": "无法上传个人图片",
+  "Profile picture": "个人头像",
+  "Done": "Done",
   "Check your email to verify the new address.": "请检查您的电子邮箱以验证新的电子邮箱地址。",
   "The email will be changed once verified.": "验证后电子邮箱将被更改。",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "您将收到一封电子邮件以验证您的新的电子邮箱地址。请注意，该电子邮箱在工作区内需尚未被使用。",
@@ -575,7 +579,6 @@
   "Paste a link": "粘贴链接",
   "Delete embed": "删除嵌入",
   "Delete image": "删除图片",
-  "Profile picture": "个人头像",
   "Create a new doc": "新建文档",
   "Create a nested doc": "创建一个嵌套的文档",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }} 不会被通知，因为他们没有访问此文档的权限",
@@ -680,6 +683,7 @@
   "Embeds": "Embeds",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "安装",
+  "Change profile picture": "Change profile picture",
   "Change name": "更换名称",
   "Change email": "更换电子邮箱",
   "Suspend user": "停用用户",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "读",
   "write": "写",
+  "create": "create",
   "read and write": "读写",
   "API keys": "API 密钥",
   "attachments": "附件",
@@ -1052,8 +1057,10 @@
   "users": "用户",
   "teams": "团队",
   "workspace": "工作区",
+  "Full access": "Full access",
   "Read all data": "读所有数据",
   "Write all data": "写所有数据",
+  "Create all data": "Create all data",
   "Any collection": "文档集",
   "All time": "所有时间",
   "Past day": "过去一天",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "您的导入正在处理中，您可以放心地离开此页面",
   "File not supported – please upload a valid ZIP file": "不支持文件 - 请上传有效的 ZIP 文件",
   "Set the default permission level for collections created from the import": "为从导入创建的文档集设置默认权限级别",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "开始导入",
   "Added by": "添加自",
   "Date added": "日期已添加",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "选择应用程序图标上显示未读通知的方式。",
   "You may delete your account at any time, note that this is unrecoverable": "您可以随时删除您的帐户，请注意这不可恢复",
   "Profile saved": "配置已保存",
-  "Profile picture updated": "头像已更新",
-  "Unable to upload new profile picture": "无法上传个人图片",
   "Manage how you appear to other members of the workspace.": "管理您在工作区中的资料与显示方式。",
   "Photo": "图片",
   "Choose a photo or image to represent yourself.": "选择一张照片或图片作为您的头像。",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} 正在使用 {{ appName }} 共享文档，请登录以继续。",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "验证码已发送至您的电子邮件，请在下面输入代码以永久删除此工作区。",
-  "Confirmation code": "验证码",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "删除 <1>{{workspaceName}}</1> 工作区将销毁所有文档集、文档、用户和关联数据。 您将立即登出 {{appName}}。",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "请注意，工作区是完全分离的。它们可以有不同的域、设置、用户和账单。",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "你正在使用当前账户创建新的工作区 —— <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "提供此 Webhook 的描述性名称以及创建匹配事件时我们应向其发送 POST 请求的 URL。",
   "A memorable identifer": "一个容易记的名称",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "签名密钥",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "您可选择订阅全部事件、特定事件组或单个事件。出于安全与效率考虑，建议仅订阅您的应用运行所必需的最小事件集合。",
   "All events": "全部事件",
diff --git a/shared/i18n/locales/zh_TW/translation.json b/shared/i18n/locales/zh_TW/translation.json
index c99439cff6..cdfaa35f03 100644
--- a/shared/i18n/locales/zh_TW/translation.json
+++ b/shared/i18n/locales/zh_TW/translation.json
@@ -542,10 +542,14 @@
   "Viewers can only view and comment on documents.": "預覽者只能預覽文件與留言",
   "Are you sure you want to make {{ userName }} a {{ role }}?": "您確定要將 {{ userName }} 設定為 {{ role }} 嗎？",
   "I understand, delete": "我明白了，刪除",
-  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable, consider suspending the user instead.": "您確定要永久刪除 {{ userName }} 嗎？此操作不可恢復，請考慮使用暫停用戶。",
+  "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.": "Are you sure you want to permanently delete {{ userName }}? This operation is unrecoverable. Any API keys, webhooks, and integrations they created will stop working — consider suspending the user instead.",
   "Are you sure you want to suspend {{ userName }}? Suspended users will be prevented from logging in.": "您確定要停用 {{ userName }} 的賬號嗎？遭到停用的使用者將無法登入。",
   "New name": "新的名稱",
   "Name can't be empty": "名稱不可以空白",
+  "Profile picture updated": "大頭貼已上傳",
+  "Unable to upload new profile picture": "無法上傳新的大頭貼",
+  "Profile picture": "大頭貼",
+  "Done": "Done",
   "Check your email to verify the new address.": "檢查你的電子郵件以驗證新地址。",
   "The email will be changed once verified.": "電子郵件一旦經過驗證就會被更改。",
   "You will receive an email to verify your new address. It must be unique in the workspace.": "您將收到一封電子郵件以驗證您的新地址。它在工作空間中必須是唯一的。",
@@ -575,7 +579,6 @@
   "Paste a link": "貼上連結",
   "Delete embed": "刪除嵌入",
   "Delete image": "刪除圖片",
-  "Profile picture": "大頭貼",
   "Create a new doc": "建立新文件",
   "Create a nested doc": "建立子文件",
   "{{ userName }} won't be notified, as they do not have access to this document": "{{ userName }}不會被通知，因為他們沒有這個文件的存取權",
@@ -680,6 +683,7 @@
   "Embeds": "嵌入",
   "Configure which embed providers are available in the editor.": "Configure which embed providers are available in the editor.",
   "Install": "安裝",
+  "Change profile picture": "Change profile picture",
   "Change name": "變更名稱",
   "Change email": "更改電子郵件",
   "Suspend user": "停用使用者",
@@ -1036,6 +1040,7 @@
   "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.": "You will be redirected to <em>{{ redirectUri }}</em> after authorizing. Make sure you trust this URL.",
   "read": "瀏覽",
   "write": "編輯",
+  "create": "create",
   "read and write": "瀏覽與編輯",
   "API keys": "API 金鑰",
   "attachments": "附件",
@@ -1052,8 +1057,10 @@
   "users": "使用者",
   "teams": "團隊",
   "workspace": "工作空間",
+  "Full access": "Full access",
   "Read all data": "讀取所有資料",
   "Write all data": "寫入所有資料",
+  "Create all data": "Create all data",
   "Any collection": "任何文件集",
   "All time": "全天",
   "Past day": "過去一天",
@@ -1162,6 +1169,7 @@
   "Your import is being processed, you can safely leave this page": "您的匯入正在處理中，您可以安全地離開此頁面",
   "File not supported – please upload a valid ZIP file": "該文件不被支持 - 請上傳有效的 ZIP 壓縮文件",
   "Set the default permission level for collections created from the import": "為從匯入建立的文件集建立預設權限",
+  "Uploading {{progress}}%": "Uploading {{progress}}%",
   "Start import": "開始匯入",
   "Added by": "作者",
   "Date added": "新增於",
@@ -1357,8 +1365,6 @@
   "Choose how unread notifications are indicated on the app icon.": "Choose how unread notifications are indicated on the app icon.",
   "You may delete your account at any time, note that this is unrecoverable": "您隨時可以刪除您的使用者帳號，但此為不可回復之動作",
   "Profile saved": "個人資料已儲存",
-  "Profile picture updated": "大頭貼已上傳",
-  "Unable to upload new profile picture": "無法上傳新的大頭貼",
   "Manage how you appear to other members of the workspace.": "管理您在工作區中的樣子。",
   "Photo": "照片",
   "Choose a photo or image to represent yourself.": "選擇一張照片或圖片來代表您。",
@@ -1397,7 +1403,6 @@
   "No templates have been created yet": "No templates have been created yet",
   "{{ teamName }} is using {{ appName }} to share documents, please login to continue.": "{{ teamName }} 正在使用 {{ appName }} 分享文件，請登入以繼續。",
   "A confirmation code has been sent to your email address, please enter the code below to permanently destroy this workspace.": "確認碼已發送至您的電子郵件，請輸入確認碼以永久地刪除這個工作區。",
-  "Confirmation code": "驗證碼",
   "Deleting the <1>{{workspaceName}}</1> workspace will destroy all collections, documents, users, and associated data. You will be immediately logged out of {{appName}}.": "刪除<1>{{workspaceName}}</1>工作區會刪除所有文件集，文件，使用者，以及相關資料。您會立即從{{appName}} 登出。",
   "Please note that workspaces are completely separated. They can have a different domain, settings, users, and billing.": "請留意工作區是完全分開的。它們可以有不同的網域，設定，使用者，帳務資訊。",
   "You are creating a new workspace using your current account — <em>{{email}}</em>": "您正在使用當前帳戶建立新的工作區 — <em>{{email}}</em>",
@@ -1607,6 +1612,7 @@
   "Provide a descriptive name for this webhook and the URL we should send a POST request to when matching events are created.": "提供一個描述名稱給這個Webhook以及當符合特定事件時我們要傳送POST要求的URL。",
   "A memorable identifer": "容易記憶的辨識名稱",
   "URL": "URL",
+  "Webhook delivery over http is insecure, use https if possible": "Webhook delivery over http is insecure, use https if possible",
   "Signing secret": "簽署密鑰",
   "Subscribe to all events, groups, or individual events. We recommend only subscribing to the minimum amount of events that your application needs to function.": "訂閱所有事件、群組或個人事件。我們建議僅訂閱應用程序運行所需的最少量事件。",
   "All events": "所有活動",

From c75815b90cbbfc77fe4d1e67dc6e955741032f88 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Sat, 6 Jun 2026 08:46:07 -0400
Subject: [PATCH 23/27] v1.8.1

---
 LICENSE      | 4 ++--
 package.json | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/LICENSE b/LICENSE
index 3a2d4104df..1de4bdfea8 100644
--- a/LICENSE
+++ b/LICENSE
@@ -3,7 +3,7 @@ Business Source License 1.1
 Parameters
 
 Licensor:             General Outline, Inc.
-Licensed Work:        Outline 1.8.0
+Licensed Work:        Outline 1.8.1
                       The Licensed Work is (c) 2026 General Outline, Inc.
 Additional Use Grant: You may make use of the Licensed Work, provided that
                       you may not use the Licensed Work for a Document
@@ -15,7 +15,7 @@ Additional Use Grant: You may make use of the Licensed Work, provided that
                       Licensed Work by creating teams and documents
                       controlled by such third parties.
 
-Change Date:          2030-06-01
+Change Date:          2030-06-06
 
 Change License:       Apache License, Version 2.0
 
diff --git a/package.json b/package.json
index 61d68e5f5a..4e1c47dc79 100644
--- a/package.json
+++ b/package.json
@@ -391,6 +391,6 @@
     "ws@npm:~8.17.1": "^8.20.1",
     "uuid": "^11.1.1"
   },
-  "version": "1.8.0",
+  "version": "1.8.1",
   "packageManager": "yarn@4.11.0"
 }

From 62c0f15c06fd1f9e54e4887b7fbf616392810f9b Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Sat, 6 Jun 2026 09:02:43 -0400
Subject: [PATCH 24/27] Switch from ubicloud -> blacksmith (#12606)

---
 .github/workflows/docker-build-check.yml | 12 ++++-----
 .github/workflows/docker.yml             | 34 +++++++++---------------
 2 files changed, 18 insertions(+), 28 deletions(-)

diff --git a/.github/workflows/docker-build-check.yml b/.github/workflows/docker-build-check.yml
index 97b6709be5..f180138efe 100644
--- a/.github/workflows/docker-build-check.yml
+++ b/.github/workflows/docker-build-check.yml
@@ -15,18 +15,16 @@ env:
 
 jobs:
   build:
-    runs-on: ubicloud-standard-8
+    runs-on: blacksmith-8vcpu-ubuntu-2404
     steps:
       - name: Checkout
         uses: actions/checkout@v5
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          driver: docker
+      - name: Setup Blacksmith Builder
+        uses: useblacksmith/setup-docker-builder@v1
 
       - name: Build base image
-        uses: docker/build-push-action@v6
+        uses: useblacksmith/build-push-action@v2
         with:
           context: .
           file: Dockerfile.base
@@ -34,7 +32,7 @@ jobs:
           push: false
 
       - name: Build main image
-        uses: docker/build-push-action@v6
+        uses: useblacksmith/build-push-action@v2
         with:
           context: .
           file: Dockerfile
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index c8be149fd6..fd3b5dea49 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -11,13 +11,13 @@ env:
 
 jobs:
   build-arm:
-    runs-on: ubicloud-standard-8-arm
+    runs-on: blacksmith-8vcpu-ubuntu-2404-arm
     steps:
       - name: Checkout
         uses: actions/checkout@v5
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+      - name: Setup Blacksmith Builder
+        uses: useblacksmith/setup-docker-builder@v1
 
       - name: Docker base meta
         id: base_meta
@@ -37,7 +37,7 @@ jobs:
 
       - name: Build and push base image
         id: base_build
-        uses: docker/build-push-action@v7
+        uses: useblacksmith/build-push-action@v2
         with:
           context: .
           file: Dockerfile.base
@@ -45,8 +45,6 @@ jobs:
           tags: ${{ env.BASE_IMAGE_NAME }}
           outputs: type=image,push-by-digest=true,name-canonical=true,push=true
           platforms: linux/arm64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
           pull: false
 
       - name: Docker meta
@@ -61,7 +59,7 @@ jobs:
 
       - name: Build and push
         id: build
-        uses: docker/build-push-action@v7
+        uses: useblacksmith/build-push-action@v2
         with:
           context: .
           file: Dockerfile
@@ -69,8 +67,6 @@ jobs:
           tags: ${{ env.IMAGE_NAME }}
           outputs: type=image,push-by-digest=true,name-canonical=true,push=true
           platforms: linux/arm64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
           pull: false
           build-args: |
             BASE_IMAGE=${{ env.BASE_IMAGE_NAME }}@${{ steps.base_build.outputs.digest }}
@@ -90,13 +86,13 @@ jobs:
           retention-days: 1
 
   build-amd:
-    runs-on: ubicloud-standard-8
+    runs-on: blacksmith-8vcpu-ubuntu-2404
     steps:
       - name: Checkout
         uses: actions/checkout@v5
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+      - name: Setup Blacksmith Builder
+        uses: useblacksmith/setup-docker-builder@v1
 
       - name: Docker base meta
         id: base_meta
@@ -116,7 +112,7 @@ jobs:
 
       - name: Build and push base image
         id: base_build
-        uses: docker/build-push-action@v7
+        uses: useblacksmith/build-push-action@v2
         with:
           context: .
           file: Dockerfile.base
@@ -124,8 +120,6 @@ jobs:
           tags: ${{ env.BASE_IMAGE_NAME }}
           outputs: type=image,push-by-digest=true,name-canonical=true,push=true
           platforms: linux/amd64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
           pull: false
 
       - name: Docker meta
@@ -140,7 +134,7 @@ jobs:
 
       - name: Build and push
         id: build
-        uses: docker/build-push-action@v7
+        uses: useblacksmith/build-push-action@v2
         with:
           context: .
           file: Dockerfile
@@ -148,8 +142,6 @@ jobs:
           tags: ${{ env.IMAGE_NAME }}
           outputs: type=image,push-by-digest=true,name-canonical=true,push=true
           platforms: linux/amd64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
           pull: false
           build-args: |
             BASE_IMAGE=${{ env.BASE_IMAGE_NAME }}@${{ steps.base_build.outputs.digest }}
@@ -169,7 +161,7 @@ jobs:
           retention-days: 1
 
   merge:
-    runs-on: ubicloud-standard-8
+    runs-on: blacksmith-8vcpu-ubuntu-2404
     needs:
       - build-amd
       - build-arm
@@ -188,8 +180,8 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+      - name: Setup Blacksmith Builder
+        uses: useblacksmith/setup-docker-builder@v1
 
       - name: Docker meta
         id: meta

From c2edd41e8706531ea70ed544bc7c25b39e2563fb Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Sat, 6 Jun 2026 09:05:01 -0400
Subject: [PATCH 25/27] Enable manual runs of 'Publish build' workflow

---
 .github/workflows/docker.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index fd3b5dea49..8feaa4807b 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -4,6 +4,7 @@ on:
   push:
     tags:
       - "v*"
+  workflow_dispatch:
 
 env:
   IMAGE_NAME: outlinewiki/outline

From 58f0613b5f87f94c92a3c00aa6dab2c59749636b Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Sat, 6 Jun 2026 09:30:50 -0400
Subject: [PATCH 26/27] Delete .github/workflows/docker-build-check.yml

---
 .github/workflows/docker-build-check.yml | 41 ------------------------
 1 file changed, 41 deletions(-)
 delete mode 100644 .github/workflows/docker-build-check.yml

diff --git a/.github/workflows/docker-build-check.yml b/.github/workflows/docker-build-check.yml
deleted file mode 100644
index f180138efe..0000000000
--- a/.github/workflows/docker-build-check.yml
+++ /dev/null
@@ -1,41 +0,0 @@
-name: Docker Build Check
-
-on:
-  push:
-    paths:
-      - "Dockerfile"
-      - "Dockerfile.base"
-  pull_request:
-    paths:
-      - "Dockerfile"
-      - "Dockerfile.base"
-
-env:
-  BASE_IMAGE_NAME: outline-base
-
-jobs:
-  build:
-    runs-on: blacksmith-8vcpu-ubuntu-2404
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-
-      - name: Setup Blacksmith Builder
-        uses: useblacksmith/setup-docker-builder@v1
-
-      - name: Build base image
-        uses: useblacksmith/build-push-action@v2
-        with:
-          context: .
-          file: Dockerfile.base
-          tags: ${{ env.BASE_IMAGE_NAME }}:latest
-          push: false
-
-      - name: Build main image
-        uses: useblacksmith/build-push-action@v2
-        with:
-          context: .
-          file: Dockerfile
-          push: false
-          build-args: |
-            BASE_IMAGE=${{ env.BASE_IMAGE_NAME }}:latest

From f4b80d5301d3213dbacd1ba654f5d94f045c1fc4 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom@getoutline.com>
Date: Sat, 6 Jun 2026 10:14:35 -0400
Subject: [PATCH 27/27] fix: PDF display does not correctly scale on ombile
 (#12608)

---
 app/editor/menus/block.tsx                    |  2 -
 shared/editor/components/PDF.tsx              | 37 +++++++++++--------
 shared/editor/components/Styles.ts            | 25 -------------
 .../editor/components/hooks/useDragResize.ts  |  4 +-
 4 files changed, 24 insertions(+), 44 deletions(-)

diff --git a/app/editor/menus/block.tsx b/app/editor/menus/block.tsx
index 0ed9f5bea6..413aef9d79 100644
--- a/app/editor/menus/block.tsx
+++ b/app/editor/menus/block.tsx
@@ -124,8 +124,6 @@ export default function blockMenuItems(
       keywords: "pdf upload attach",
       attrs: {
         accept: "application/pdf",
-        width: 300,
-        height: 424,
         preview: true,
       },
     },
diff --git a/shared/editor/components/PDF.tsx b/shared/editor/components/PDF.tsx
index 02c8fe1142..184b884631 100644
--- a/shared/editor/components/PDF.tsx
+++ b/shared/editor/components/PDF.tsx
@@ -9,6 +9,13 @@ import { s } from "../../styles";
 import { Preview, Subtitle, Title } from "./Widget";
 import { EditorStyleHelper } from "../styles/EditorStyleHelper";
 
+/**
+ * Default dimensions for the PDF preview – approximately the width of a standard
+ * document with an A4 portrait aspect ratio.
+ */
+const naturalWidth = 768;
+const naturalHeight = 1086;
+
 type Props = ComponentProps & {
   /** Icon to display on the left side of the widget */
   icon: React.ReactNode;
@@ -27,16 +34,14 @@ export default function PdfViewer(props: Props) {
   const embedRef = useRef<HTMLEmbedElement>(null);
   const debounceTimerRef = useRef<NodeJS.Timeout | null>(null);
 
-  const { width, height, setSize, handlePointerDown, dragging } = useDragResize(
-    {
-      width: node.attrs.width,
-      height: node.attrs.height,
-      naturalWidth: 300,
-      naturalHeight: 424,
-      onChangeSize,
-      ref,
-    }
-  );
+  const { width, setSize, handlePointerDown, dragging } = useDragResize({
+    width: node.attrs.width,
+    height: node.attrs.height,
+    naturalWidth,
+    naturalHeight,
+    onChangeSize,
+    ref,
+  });
 
   useEffect(() => {
     if (node.attrs.width && node.attrs.width !== width) {
@@ -96,7 +101,7 @@ export default function PdfViewer(props: Props) {
           ? "pdf-wrapper ProseMirror-selectednode"
           : "pdf-wrapper"
       }
-      style={{ width: width ?? "auto" }}
+      style={{ width: width ?? "100%" }}
       $dragging={dragging}
     >
       <Flex gap={6} align="center">
@@ -110,12 +115,10 @@ export default function PdfViewer(props: Props) {
         title={name}
         src={href}
         ref={embedRef}
-        width={
-          // subtract padding and borders from width
-          width - 24
-        }
-        height={height}
         style={{
+          width: "100%",
+          height: "auto",
+          aspectRatio: `${naturalWidth} / ${naturalHeight}`,
           pointerEvents:
             !isEditable || (isSelected && !dragging) ? "initial" : "none",
           marginTop: 6,
@@ -153,6 +156,8 @@ const PDFWrapper = styled.div<{ $dragging: boolean }>`
   padding: ${EditorStyleHelper.blockRadius};
 
   embed {
+    display: block;
+    max-width: 100%;
     transition-property: width, height;
     transition-duration: ${(props) => (props.$dragging ? "0ms" : "120ms")};
     transition-timing-function: ease-in-out;
diff --git a/shared/editor/components/Styles.ts b/shared/editor/components/Styles.ts
index b16353f0b9..a199663ccd 100644
--- a/shared/editor/components/Styles.ts
+++ b/shared/editor/components/Styles.ts
@@ -822,31 +822,6 @@ iframe.embed {
   }
 }
 
-.pdf {
-  position: relative;
-  width: max-content;
-  height: max-content;
-  margin-right: auto;
-  margin-left: auto;
-  max-width: 100%;
-  clear: both;
-  z-index: 1;
-  transition-property: width, height;
-  transition-duration: 80ms;
-  transition-timing-function: ease-in-out;
-
-  embed {
-    display: block;
-    max-width: 100%;
-    contain: strict,
-    content-visibility: auto,
-    backface-visibility: hidden,
-    transition-property: width, height;
-    transition-duration: 80ms;
-    transition-timing-function: ease-in-out;
-  }
-}
-
 .image-replacement-uploading {
   img {
     opacity: 0.5;
diff --git a/shared/editor/components/hooks/useDragResize.ts b/shared/editor/components/hooks/useDragResize.ts
index 0937c5a605..29a278f854 100644
--- a/shared/editor/components/hooks/useDragResize.ts
+++ b/shared/editor/components/hooks/useDragResize.ts
@@ -192,7 +192,9 @@ export default function useDragResize(props: Params): ReturnValue {
         : Infinity;
       setMaxWidth(max);
       setSizeAtDragStart({
-        width: constrainWidth(size.width, max),
+        // When no width has been set yet the element is displayed at full width,
+        // so begin resizing from the maximum width rather than the minimum.
+        width: constrainWidth(size.width || max, max),
         height: size.height,
       });
       setOffset(