Merge remote-tracking branch 'origin/master' into feat-settings-ui

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-02 14:14:29 +10:00 · 2023-04-02 14:14:29 +10:00 · 1ba4f705f0
parent 4f46514fdf 04ba3e6d6b
commit 1ba4f705f0
45 changed files with 2647 additions and 1882 deletions
--- a/.buildkite/hooks/post-artifact
+++ b/.buildkite/hooks/post-artifact
@ -0,0 +1,8 @@
 #!/usr/bin/env bash
 set +u
 if [[ "${BUILDKITE_LABEL}" == ":docker: Build Image [coverage]" && "${BUILDKITE_AGENT_NAME}" =~ ^vega[0-9]+$ ]]; then
  mv authelia-image-coverage.tar.zst authelia-image-coverage-vega.tar.zst
  BUILDKITE_S3_ENDPOINT="${S3_ENDPOINT}" BUILDKITE_ARTIFACT_UPLOAD_DESTINATION="${S3_BUCKET}" BUILDKITE_S3_ACCESS_URL="${S3_ACCESS_URL}" BUILDKITE_S3_ACCESS_KEY_ID="${S3_ACCESS_KEY_ID}" BUILDKITE_S3_SECRET_ACCESS_KEY="${S3_SECRET_ACCESS_KEY}" buildkite-agent artifact upload authelia-image-coverage-vega.tar.zst
 fi
--- a/.buildkite/hooks/pre-artifact
+++ b/.buildkite/hooks/pre-artifact
@ -21,7 +21,6 @@ if [[ "${BUILDKITE_LABEL}" == ":hammer_and_wrench: Unit Test" ]]; then
 fi
 if [[ "${BUILDKITE_LABEL}" == ":docker: Build Image [coverage]" ]]; then
  # Saving image for docker push
  docker save "${DOCKER_IMAGE}" | zstdmt -T0 -12 > "authelia-image-coverage.tar.zst"
 fi
--- a/.buildkite/hooks/pre-command
+++ b/.buildkite/hooks/pre-command
@ -29,14 +29,20 @@ if [[ "${BUILDKITE_LABEL}" =~ ":debian: Build Package" ]]; then
 fi
 if [[ "${BUILDKITE_LABEL}" =~ ":selenium:" ]]; then
  DEFAULT_ARCH=coverage
  echo "--- :docker: Extract and load build container"
  mkdir coverage
-  buildkite-agent artifact download "authelia-image-${DEFAULT_ARCH}*" .
+
-  if [[ "${SUITE}" == "Kubernetes" ]]; then
+  if [[ "${BUILDKITE_AGENT_NAME}" =~ ^vega[0-9]+$ ]]; then
-    zstd -d authelia-image-coverage.tar.zst --stdout > ./internal/suites/example/kube/authelia-image-${DEFAULT_ARCH}.tar
+    BUILDKITE_S3_ENDPOINT="${S3_ENDPOINT}" BUILDKITE_ARTIFACT_UPLOAD_DESTINATION="${S3_BUCKET}" BUILDKITE_S3_ACCESS_URL="${S3_ACCESS_URL}" BUILDKITE_S3_ACCESS_KEY_ID="${S3_ACCESS_KEY_ID}" BUILDKITE_S3_SECRET_ACCESS_KEY="${S3_SECRET_ACCESS_KEY}" buildkite-agent artifact download "authelia-image-coverage-vega*" .
    mv authelia-image-coverage-vega.tar.zst authelia-image-coverage.tar.zst
  else
-    zstdcat "authelia-image-${DEFAULT_ARCH}.tar.zst" | docker load
+    buildkite-agent artifact download "authelia-image-coverage.*" .
  fi
  if [[ "${SUITE}" == "Kubernetes" ]]; then
    zstd -d authelia-image-coverage.tar.zst --stdout > ./internal/suites/example/kube/authelia-image-coverage.tar
  else
    zstdcat "authelia-image-coverage.tar.zst" | docker load
  fi
  if [[ "${BUILD_DUO}" == "true" ]] && [[ "${SUITE}" == "DuoPush" ]]; then
@ -55,13 +61,13 @@ if [[ "${BUILDKITE_LABEL}" =~ ":selenium:" ]]; then
 fi
 if [[ "${BUILDKITE_LABEL}" == ":docker: Build and Deploy" ]]; then
-  echo ${DOCKER_PASSWORD} | docker login -u ${DOCKER_USERNAME} --password-stdin
+  echo "${DOCKER_PASSWORD}" | docker login -u "${DOCKER_USERNAME}" --password-stdin
 fi
 if [[ "${BUILDKITE_LABEL}" == ":docker: Deploy Manifest" ]]; then
  echo "--- :go: :react: :swagger: Extract pre-built binary"
  buildkite-agent artifact download "authelia-linux-*-musl.tar.gz" .
-  for archive in authelia-linux-*-musl.tar.gz; do tar xzf ${archive} --wildcards "authelia-linux-*"; done
+  for archive in authelia-linux-*-musl.tar.gz; do tar xzf "${archive}" --wildcards "authelia-linux-*"; done
 fi
 if [[ "${BUILDKITE_LABEL}" == ":github: Deploy Artifacts" ]]; then
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -18,7 +18,9 @@ repository (but search first in case a similar issue already exists).
 If you would like to fix a bug or implement a feature, please fork the repository and create a Pull Request.
 More information on getting set up locally can be found in the
-[Development Contribution](https://www.authelia.com/contributing/development/introduction/) documentation.
+[Development Contribution](https://www.authelia.com/contributing/development/introduction/) documentation, in addition
 the [Contribution Guidelines](https://www.authelia.com/contributing/guidelines/introduction/) documentation includes
 several contribution guidelines.
 Before you start any Pull Request, it's recommended that you create an issue to discuss first if you have any doubts
 about requirement or implementation. That way you can be sure that the maintainer(s) agree on what to change and how,
--- a/2
+++ b/2
@ -1,7 +1,7 @@
 # ===================================
 # ===== Authelia official image =====
 # ===================================
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 ARG TARGETOS
 ARG TARGETARCH
--- a/Dockerfile.coverage
+++ b/Dockerfile.coverage
@ -46,7 +46,7 @@ RUN \
 # ===================================
 # ===== Authelia official image =====
 # ===================================
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 RUN apk --no-cache add ca-certificates tzdata
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@ -43,7 +43,7 @@ RUN \
 # ===================================
 # ===== Authelia official image =====
 # ===================================
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 WORKDIR /app
--- a/README.md
+++ b/README.md
@ -3,10 +3,12 @@
 </p>
  [![Build](https://img.shields.io/buildkite/d6543d3ece3433f46dbe5fd9fcfaf1f68a6dbc48eb1048bc22/master?logo=buildkite&style=flat-square&color=brightgreen)](https://buildkite.com/authelia/authelia)
  [![OpenSSF Best Practices](https://img.shields.io/static/v1?label=openssf%20best%20practices&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEYAAABGCAYAAABxLuKEAAAK/UlEQVR4nOxcD2wb1Rn/pXE5lxRfYQPiLXdsA48/SSG+eRPBKYg/ZeIqGIwyTWWAkKPWhYxIgw2GNhXB0JiAsdCMHRBro5rKAG3TgFwZdGv542UF75xhWmkYunFnuPBv41wDZ2q300veZW7+2e98l6rSflKaq+Pve19++d73vu997zmwf/9+/B8zESD/tLS0HJTB+XjicACfBXAMgMX0ZQvAW7auvVs2svsOimGEE+IxfhPDCdGjAJwTFKXlAE4E8HkAHQDaASyaQ6wM4F/063Vb13YBGKtY5o5qcbziq8F+E8PHE6cCuBnAJQAO80jtbgB32bq2qWxkP/RI5wx4TgwnRI8O8OFkgA9fBKDbma4+4F0AWyuW+Ttb135fLY5XvVTuGTFtXfLKAB9eC+AC8l9PrGsc/wCwyda1h8pG9k0vFHpCDB9PrAOgeGFQk3jH1rVY2cgazSpqipi2Lvn0AB++BcB5AFqbNcYjvAXg3lJuRKkWxy23SlwRwwnR44OidDuAS32MIc2CrGYbSrmRzW5WMWZiOCF6WFCUXgEQYR3sIOFWK53awCo0Vw4xKzghuiwoSo8dQqQQfL+tS76SVahhjyFJWlCUXqaZ6qEGspT3WOnUS40KNOQxnBBtC4rSrw9RUgh+YetahkWgbuBs65K7Anx4C03hvQCpf3QAxPt22rpG8o4igI/pHyoE4NNBUSLjfQnAaQCWNDHeUCk38u1qcZxJqC4xAT58j0ek7AXwWwC3WenUrnpvLhvZie98PEHIuprIAQgzjrnZ1rXrWElBvRjT1iVfGODDjzNrPRAmzUo3Ts9KO+TkkZT0ZQAOp7GAeM/bxXzGLOYznzjv5YQoMfLMoCjdSLPrehgipJSNrKt9lXmJ4eOJHIAuN4opSFy6ykqnprYPOuTkEkFOriavAzh3HtmPSGwAcP9of3d+ml1xAI/N40HEU77llhTMRUxrqL116fJV9wNIuNQ7ZuvahoplqiS5CkVirR1ycjUfiV0G4CwSQxj1kXmlGqrym4KqkByKeJAQFKUbqI21tVlTnuJgVmLauuRrA3x4yKXOzaXcSKJaHLdDkdgRnQPDawD0N+l5Dsgvu8lQlbscguji8CSA49wG2tkwKzF8PEGC48ku9D1q69qaspGt9gyNEaVP0zrKD1wx2t9NpirxntODotRv69oVzXqKgxnE0EFGXegatnVtLTHslIHhs/hI7AEAX/TCyDlAlvf7dg723VbMZ1wXi3NhRoJHoz4r/lzKjaynpKzkI7EtPpMCmttc3zkwvN4P5QfkMXw8QZbNVaxKbF27ngTZnqExEgQfajIhY8EThqrc6Yfi6R5zR81ufSMg5fy6spEd65CTpFx40UUS5hYPGqpySUFVPN3SdDBFDCdESbK1jlF+m5VOkVgCQU6SpfMUzy2cHcRT1vtFCqZ5TC+rcMUyJ0gJRWIkL2Eu7V3CV09xMBVjgqIkM8qqtq6R2gedA8M3AzjKc+tm4sGdg33rivmM7+3T2uAbZZQlxZlj4DebsOE1AI8AIOUHB+BCumU6vU6ZmD4LQQocYjgh2grgJAa5rJVOvU4eeobG1rkMuC8YqnJDQVV2THt9U4ec5EOR2Df4SOzHAD5Fp4+vMWU6JmJMUJQ6yWrNIPc8JgvCFrodwIqnDFU5t5YUPp5YTP9AKKiKtWuw70EAly1EoJ0NzlQ6k0XI1rUcfSSEHs045qOGqqwhv2hbl9wb4MPraeAXg6K0NyhKGQB/KOVGhkf7u7d1yMntBVVZ8CMZDjHzlf+z4UX6nXUle5UGT0LK6gAffnhanCM5VA/5Wrp8VV8pN3JGQVXeZRzDEzjLNWv6XsBk7nIco9y1xXzmA0zuDN5VZwfxhKXLV13LqN8zOMSwbHLvrVjmf+hzO4OcaajKnzAZT9bTbYJ6WM2g31M4xLAE3j01yzSL3K6aWNFoodrJxxOfYxjDMzA13ChqVweWfvXemmcWQlne6xkcYliOdNVWzmUGudrM+G8Nyti2rr3OMIZncIh5n0FmCd2xB93RbxQn1jxvbFBmrGxkSwxjeAaHGJbzJGT6HEserHymwCDH9wyNXYPJPOhxJ0mcDxXLHGbQ7ykcYv7KKDexvVDMZ/7OKLfxlIHhFWUju7+UGyErzly95AqAH9m6lmLU7xkcYhpudlM4O/6sxCziI7GfkodqcfwdW9dW0BXKrHnPUySvstKpH3qx2+8WE5vhy3r7yJL4Twa5X1np1NWhSGxR58AwqXdijOPusPKZ/l2DfRON9tZQeyDAh0lw3ls2shM5UigSa+mQkzfykdjFhqpcXlCVBQ3CU10CPp4Yd2JHA9htpVPHY7K6vgCA6mJssqJdNNrf/fT0H/QMjS2mXUin4ffCaH/3ChdjuEYtMSQrPYdB9nwrnXqmQ04uEuTkGIDlLsYnaUIewE4Ab9PATlavL9Nedi1e2DnYd1Uxn9ntYhxmTCV4Fcvcyij7CCdEjymoyj4rn7m9ifEJEV8HQMqEtbSFO50Ugt7OgeFtoUjsCy7HYjZsAhXLZF2ZjgyK0qWYXJ0eBbAQkVLsHBh+aAHGOYCYFwG8xyif5IQoR2ogK5/5iffmzYrenqGx5/32nCliqsXxDwHczSh/alCU7sGk12x0kQ+5Ra/fnnNAEWnr2s9pEGTB+rYu+eKCqlQNVTkfwLPemjgnfPWcA4gpG9k9Fcu8j1VJgA//sq1LPrmgKnt2DvZdSFYQT62cG2d0yElfTlPM2HaoWOZmF3qWBfjwRPOtmM/sMVSFkFP3nF2TsAHIuwb7HvBD+Qxiykb2NQDbXejq5eOJ5zkhGimoygeGqkStfOYWAF7fKSK5z3NWPvPV0f7uP2Ly8FCSjye2t4baPZtWsx4c4oRolJ6R4VzofK9imWs+fEV9BpMtFi4Uia3lI7GbAHymSXu3G6pyk9N24YTokqAo3QbgevpzvZQbObNaHH+jyXHmPpzIxxPXARh0qbcK4CZb1+52Tjh1yMkjBDlJCsZrSA7EqO8vAAZG+7unDjFzQvSEoCg9OwvZW610aqVLu6cwJzGcEG0JitKTZB43of9ZW9furVjmlmpx/GNMEhQC8JVQJNbNR2LStOOs++hl0XcAvGGoCiHkpWI+86rTmqWEJOjZ37lqu630HKDu1vB5j7NyQpTkKaxbC7MhZ+uaXDayLBtbM8DHE5cB2AQg2MDbm/Kcupcs+HjiflrDNIuPAOyoWOa2imVqAF6e7yYa3Yo4DcBpQVE6gzYFWTsGrj2nLjGtofbFS5ev2gDge4ynrRpBEcCbAPZQ4kh1vZS2fY/1aLzdpdzI2azkNHwth48nhgActM5gk2CeVg33lUq5kR/QC6G+Xwb3ASInRJkuijBf/ePjCVJofseNdQcJVXqzdoxFiLkTWcqN3AzATdlwMDCRbLKSAre3aFtD7aRwXBEUpTtIIcc66ALgk4pl3lmxzFvLRvYTNwqaunfNCVEuKEokKPe5UuAPyOpznpVO5ZtR4slN/bYu+fwAH/6Zy4sZXoFkzQ/buvbdspE1m1Xm2Wc70ISsNyhKVwK43MNP/6iHQsUy765Y5qaykf23V0p9+ZgUPp6I0gLUz17Q+wDuJLVY2ch+7LVyXz8/hhOiJwE4m6b0KxkaerOhSs8CP2Xr2nMVy0xXi+Mspy2YsCCfOIT/VeudAL5G654YgCPqiL1GT0VsAfCElU7ZvhtKsWDETEdrqL0lwIePpSemDqebYvvoBa0SmSplI+ubR9TDfwMAAP//J8ZWGNO8y2EAAAAASUVORK5CYII=&message=passing&style=flat-square&color=brightgreen)](https://bestpractices.coreinfrastructure.org/projects/7128)
  [![Go Report Card](https://goreportcard.com/badge/github.com/authelia/authelia/v4?logo=go&style=flat-square)](https://goreportcard.com/report/github.com/authelia/authelia/v4)
  [![GitHub Release](https://img.shields.io/github/release/authelia/authelia.svg?logo=github&style=flat-square&color=blue)](https://github.com/authelia/authelia/releases)
  [![Docker Tag](https://img.shields.io/docker/v/authelia/authelia/latest?logo=docker&style=flat-square&color=blue&sort=semver)](https://hub.docker.com/r/authelia/authelia/tags)
  [![Docker Size](https://img.shields.io/docker/image-size/authelia/authelia/latest?logo=docker&style=flat-square&color=blue&sort=semver)](https://hub.docker.com/r/authelia/authelia/tags)
-  [![GitHub Release](https://img.shields.io/github/release/authelia/authelia.svg?logo=github&style=flat-square&color=blue)](https://github.com/authelia/authelia/releases)
+  ![Docker Pulls](https://img.shields.io/docker/pulls/authelia/authelia?logo=docker&label=pulls&style=flat-square&color=blue)
  [![AUR source version](https://img.shields.io/aur/version/authelia?logo=arch-linux&label=authelia&style=flat-square&color=blue)](https://aur.archlinux.org/packages/authelia/)
  [![AUR binary version](https://img.shields.io/aur/version/authelia-bin?logo=arch-linux&label=authelia-bin&style=flat-square&color=blue)](https://aur.archlinux.org/packages/authelia-bin/)
  [![AUR development version](https://img.shields.io/aur/version/authelia-git?logo=arch-linux&label=authelia-git&style=flat-square&color=blue)](https://aur.archlinux.org/packages/authelia-git/)
--- a/SECURITY.md
+++ b/SECURITY.md
@ -2,46 +2,83 @@
 ## Prologue
-Authelia takes security very seriously. We follow the rule of
+The __Authelia__ team takes security very seriously. Because __Authelia__ is intended as a security product a lot of
-[responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure), and we urge our community to do so as
+decisions are made with security being the priority and we always aim to implement security by design.
 well instead of making the vulnerability public. This allows time for the security issue to be patched quickly.
-If you discover a vulnerability in Authelia, please first contact one of the maintainers privately  as described in the
+## Coordinated vulnerability disclosure
 [contact options](#contact-options) below.
-We urge you not to disclose the bug publicly at least until we've had a
+__Authelia__ follows the [coordinated vulnerability disclosure] model when dealing with security vulnerabilities. This
-reasonable chance to fix it, and to clearly communicate any public disclosure timeline in your initial contact with us.
+was previously known as responsible disclosure. We strongly urge anyone reporting vulnerabilities to __Authelia__ or any
-If you do not have a particular public disclosure timeline, we will clearly communicate ours as we publish security
+other project to follow this model as it is considered as a best practice by many in the security industry.
 advisories.
-For more information about [security](https://www.authelia.com/information/security/) related matters, please read
+If you believe you have identified a security vulnerability or security related bug with __Authelia__ please make every
-[the documentation](https://www.authelia.com/information/security/).
+effort to contact us privately using one of the [contact options](#contact-options) below. Please do not open an issue,
 do not notify us in public, and do not disclose this issue to third parties.
 Using this process helps ensure that users affected have an avenue to fixing the issue as close to the issue being
 made public as possible. This mitigates the increasing the attack surface (via improving attacker knowledge) for
 diligent administrators simply via the act of disclosing the security issue.
 For more information about [security](https://www.authelia.com/security/) related matters, please read
 [the documentation](https://www.authelia.com/security/).
 ## Contact Options
-Several [contact options](README.md#contact-options) exist, it's important to make sure you contact the maintainers
+Several contact options exist however it's important you specifically use a security contact method when reporting a
-privately which is described in each available contact method. The methods include our [security email](README.md#security),
+security vulnerability or security related bug. These methods are clearly documented below.
 [Matrix](README.md#matrix), and [Discord](README.md#discord).
-## Credit
+### GitHub Security
-Users who report bugs will optionally be credited for the discovery. Both in the [security advisory] and in our
+Users can utilize GitHub's security vulnerability system to privately [report a vulnerability]. This is an easy method
-[all contributors](README.md#contribute) configuration/documentation.
+for users who have a GitHub account.
 ### Email
 Users can utilize the [security@authelia.com](mailto:security@authelia.com) email address to privately report a
 vulnerability. This is an easy method of users who do not have a GitHub account.
 This email address is only accessible by members of the [core team] for the purpose of disclosing security
 vulnerabilities and issues within the __Authelia__ code base.
 ### Chat
 If you wish to chat directly instead of sending an email please use either [Matrix](README.md#matrix) or
 [Discord](README.md#discord) to direct / private message one of the [core team] members.
 Please avoid this method unless absolutely necessary. We generally prefer that users use either the
 [GitHub Security](#github-security) or [Email](#email) option rather than this option as it both allows multiple team
 members to deal with the report and prevents mistakes when contacting a [core team] member.
 The [core team] members are identified in [Matrix](README.md#matrix) as room admins, and in [Discord](README.md#discord)
 with the `Core Team` role.
 ## Process
-1. User privately reports a potential vulnerability.
+1. The user privately reports a potential vulnerability.
-2. The core team reviews the report and ascertain if additional information is required.
+2. The report is acknowledged as received.
-3. The core team reproduces the bug.
+3. The report is reviewed to ascertain if additional information is required. If it is required:
-4. The bug is patched, and if possible the user reporting te bug is given access to a fixed version or git patch.
+   1. The user is informed that the additional information is required.
-5. The fix is confirmed to resolve the vulnerability.
+   2. The user privately adds the additional information.
-6. The fix is released.
+   3. The process begins at step 3 again, proceeding to step 4 if the additional information provided is sufficient.
-7. The [security advisory] is published sometime after users have had a chance to update.
+4. The vulnerability is reproduced.
 5. The vulnerability is patched, and if possible the user reporting the bug is given access to a fixed binary, docker
   image, and git patch.
 6. The patch is confirmed to resolve the vulnerability.
 7. The fix is released and users are notified that they should update urgently.
 8. The [security advisory] is published when (whichever happens sooner):
   - The CVE details are published by [MITRE], [NIST], etc.
   - Roughly 7 days after users have been notified the update is available.
-## Help Wanted
+[MITRE]: https://www.mitre.org/
 [NIST]: https://www.nist.gov/
-We are actively looking for sponsorship to obtain either a code security audit, penetration testing, or other audits
+## Credit
 related to improving the security of Authelia. If your company or you personally are willing to offer discounts, pro
 bono, or funding towards services like these please feel free to contact us on *any* of the methods above.
 Users who report bugs will at their discretion (i.e. they do not have to be if they wish to remain anonymous) be
 credited for the discovery. Both in the [security advisory] and in our [all contributors](README.md#contribute)
 documentation.
 [coordinated vulnerability disclosure]: https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure
 [security advisory]: https://github.com/authelia/authelia/security/advisories
 [report a vulnerability]: https://github.com/authelia/authelia/security/advisories/new
 [core team]: https://www.authelia.com/information/about/#core-team
--- a/docs/config/_default/menus/menus.en.toml
+++ b/docs/config/_default/menus/menus.en.toml
@ -62,7 +62,12 @@
  url = "/code-of-conduct"
  weight = 30
 [[footer]]
  name = "About"
  url = "/information/about"
  weight = 40
 [[footer]]
  name = "Contact"
  url = "/information/contact"
-  weight = 40
+  weight = 50
--- a/docs/content/en/contributing/development/build-and-test.md
+++ b/docs/content/en/contributing/development/build-and-test.md
@ -94,6 +94,49 @@ authelia-scripts suites test Standalone
 The suite will be spawned, tests will be run and then the suite will be torn down automatically.
 ## Manually Building
 ### Binary
 If you want to manually build the binary from source you will require the open source software described in the
 [Development Environment](./environment.md#setup) documentation. Then you can follow the below steps on Linux (you may
 have to adapt them on other systems).
 Clone the Repository:
 ```bash
 git clone https://github.com/authelia/authelia.git
 ```
 Download the Dependencies:
 ```bash
 cd authelia && go mod download
 cd web && pnpm install
 cd ..
 ```
 Build the Web Frontend:
 ```bash
 cd web && pnpm build
 cd ..
 ```
 Build the Binary (with debug symbols):
 ```bash
 CGO_ENABLED=1 CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-strong" CGO_LDFLAGS="-Wl,-z,relro,-z,now" \
 go build -ldflags "-linkmode=external" -trimpath -buildmode=pie -o authelia ./cmd/authelia
 ```
 Build the Binary (without debug symbols):
 ```bash
 CGO_ENABLED=1 CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-strong" CGO_LDFLAGS="-Wl,-z,relro,-z,now" \
 go build -ldflags "-linkmode=external -s -w" -trimpath -buildmode=pie -o authelia ./cmd/authelia
 ```
 [suites]: ./integration-suites.md
 [React]: https://reactjs.org/
 [go]: https://go.dev/dl/
--- a/docs/content/en/contributing/guidelines/introduction.md
+++ b/docs/content/en/contributing/guidelines/introduction.md
@ -19,3 +19,12 @@ those which are automated and those which are not in this section.
 While it's expected that people aim to follow all of these guidelines we understand that there are logical exceptions to
 all guidelines and if it makes sense we're likely to agree with you. So if you find a situation where it doesn't make
 sense to follow one just let us know your reasoning when you make a PR if it's not obvious.
 ## General Guidelines
 Some general guidelines include:
 - It's recommended people wishing to contribute discuss their intended changes prior to contributing
  - This helps avoid people doubling up on contributions
  - This helps avoid conflicts between contributions
  - This helps avoid contributors wasting their percussion time in a contribution that may not be accepted
--- a/docs/content/en/contributing/guidelines/pull-request.md
+++ b/docs/content/en/contributing/guidelines/pull-request.md
@ -31,3 +31,32 @@ the [master] branch.
 Every [Pull Request] will undergo a formal review process. This process is heavily complicated if you rewrite history
 and/or perform a force push, especially after a maintainer has started a review. As such we request that any action that
 you merge `origin/master` into your branch to synchronize your commit after the initial review and any other action that
 rewrites history.
 ### Requirements
 The following requirements must be met for a pull request to be accepted. This list also acts as a checklist for
 maintainers in their review process.
 - The changes must be [documented](../prologue/documentation-contributions.md) if they add or change behaviour
 - The changes must meet the following guidelines:
  - [General](introduction.md#general-guidelines)
  - [Commit Message](commit-message.md)
  - [Database Schema](database-schema.md)
  - [Documentation](documentation.md)
  - [Testing](testing.md)
  - [Accessibility](accessibiliy.md)
  - [Style](style.md)
 - The changes adhere to all of the relevant linting and quality testing automations
 - The pull request closes related issues by mentioning them appropriately
 - The contribution adhere to the security by design principles by:
  - Setting secure defaults
  - Disallows critically insecure settings
  - Requires explicit awareness by users that specific settings may reduce security
 - Potential future items:
  - Contribution includes DCO
  - Contribution includes REUSE-compliance requirements
 [Pull Request]: https://github.com/authelia/authelia/pulls
 [master]: https://github.com/authelia/authelia/tree/master/
--- a/docs/content/en/contributing/guidelines/testing.md
+++ b/docs/content/en/contributing/guidelines/testing.md
@ -0,0 +1,27 @@
 ---
 title: "Testing"
 description: "Authelia Development Testing Guidelines"
 lead: "This section covers the testing guidelines."
 date: 2022-06-15T17:51:47+10:00
 draft: false
 images: []
 menu:
  contributing:
    parent: "guidelines"
 weight: 320
 toc: true
 ---
 The following outlines the specific requirements we have for testing the Authelia code contributions.
 - While we aim for 100% coverage on changes and additions, we do not enforce this where it doesn't make practical sense:
  - A test which just marks a line as tested is not necessarily an effectual test
  - Sometimes there is limited ways in which tests can be performed and the limitation makes the test ineffectual
 - Tests should be named to reflect what they testing for and which part of the code they are testing
 - It's required for bug fixes that contributors create a test that fails prior to and passes
  subsequent to the fix being applied, this test must be included in the contribution, excluding this test will likely
  result in the fix being rejected unless explicitly agreed and advised otherwise by the
  [core team](../../information/about.md#core-team)
 - It's strongly encouraged for features that contributors create have as much testing as is reasonable i.e. any line
  that can be tested should be tested, if the line can't be tested generally this is an indication a refactor may be
  required
--- a/docs/content/en/contributing/prologue/financial.md
+++ b/docs/content/en/contributing/prologue/financial.md
@ -44,40 +44,6 @@ We are currently directly looking for someone to sponsor:
 * [Security Audit](../../policies/security.md#help-wanted)
-### Balto
+To see a list of our sponsors please see the [sponsors section](../../information/about.md#sponsors) on the about page.
 Our [apt repository](https://apt.authelia.com) is hosted thanks to [Balto](https://www.getbalto.com/?from=Authelia).
 {{< figure src="/images/logos/balto.svg" alt="Balto" width="193" style="padding-right: 10px"  ignoreStaticImages="false" >}}
 ### Buildkite
 Our [continuous integration and continuous deployment pipelines](https://buildkite.com/authelia/?from=Authelia) are hosted by
 [Buildkite](https://buildkite.com/features?from=Authelia).
 ### Crowdin
 Our [localization platform](https://translate.authelia.com) is hosted by [Crowdin](https://crowdin.com/?from=Authelia).
 ### JetBrains
 Our development IDE's are provided by [JetBrains](https://www.jetbrains.com/?from=Authelia).
 {{< figure src="/images/logos/jetbrains.svg" alt="JetBrains" width="50" style="padding-right: 10px" ignoreStaticImages="false" >}}
 ### Microsoft
 Our pipeline agents which we rely on for productivity are hosted on [Azure](https://azure.microsoft.com/?from=Authelia)
 and our [git repositories](https://github.com/authelia) are hosted on [GitHub](https://github.com/?from=Authela)
 which are both [Microsoft](https://www.microsoft.com/?from=Authelia) products.
 {{< figure src="/images/logos/microsoft.svg" alt="Microsoft" width="234.45" style="padding-right: 10px" ignoreStaticImages="false" >}}
 {{< figure src="/images/logos/azure.svg" alt="Azure" width="173.55" style="padding-right: 10px" ignoreStaticImages="false" >}}
 ### Netlify
 Our [website and documentation](https://www.authelia.com) are built and hosted by
 [Netlify](https://www.netlify.com/?from=Authelia).
 [Open Collective]: https://opencollective.com/authelia-sponsors
--- a/docs/content/en/contributors/amir-zarrinkafsh/_index.md
+++ b/docs/content/en/contributors/amir-zarrinkafsh/_index.md
@ -0,0 +1,8 @@
 ---
 title: "Amir Zarrinkafsh"
 date: 2022-06-15T17:51:47+10:00
 draft: false
 images: []
 ---
 {{< profile-details name="amir-zarrinkafsh" >}}
--- a/docs/content/en/contributors/clement-michaud/_index.md
+++ b/docs/content/en/contributors/clement-michaud/_index.md
@ -0,0 +1,8 @@
 ---
 title: "Clément Michaud"
 date: 2022-06-15T17:51:47+10:00
 draft: false
 images: []
 ---
 {{< profile-details name="clement-michaud" >}}
--- a/docs/content/en/contributors/james-elliott/_index.md
+++ b/docs/content/en/contributors/james-elliott/_index.md
@ -1,15 +1,8 @@
 ---
 title: "James Elliott"
 description: "Authelia Core Team"
 date: 2022-06-15T17:51:47+10:00
 draft: false
 images: []
 ---
-*__Authelia Core Team Member.__*
+{{< profile-details name="james-elliott" >}}
 __GitHub:__ [james-d-elliott](https://github.com/james-d-elliott)
 __Email:__ [james.elliott@authelia.com](mailto:james.elliott@authelia.com)
 __Matrix:__ [@james:authelia.com](https://matrix.to/#/@james:authelia.com) __Discord:__ [James#6549](https://discord.com/users/209869584814047232/)
--- a/docs/content/en/contributors/manuel-nunez/_index.md
+++ b/docs/content/en/contributors/manuel-nunez/_index.md
@ -0,0 +1,8 @@
 ---
 title: "Manuel Nuñez"
 date: 2022-06-15T17:51:47+10:00
 draft: false
 images: []
 ---
 {{< profile-details name="manuel-nunez" >}}
--- a/docs/content/en/information/about.md
+++ b/docs/content/en/information/about.md
@ -0,0 +1,104 @@
 ---
 title: "About"
 description: "About Authelia and the Authelia Team"
 date: 2022-06-15T17:51:47+10:00
 draft: false
 images: []
 aliases:
 - /about
 - /about.html
 ---
 ## What is Authelia?
 Authelia is a project with several open source developers who contribute to the project in their free time. We are not
 a company or another type of incorporated entity, and do not have any monetization model. Individuals and Organizations
 are free to contribute [financially](../contributing/prologue/financial.md) or with their time to the
 [documentation](../contributing/prologue/documentation-contributions.md) or
 [code base](../contributing/development/introduction.md).
 ## Teams
 The following section describes the various teams within the Authelia project.
 ### Core Team
 {{% profile-team name="core" %}}
 ### Maintainers Team
 {{% profile-team name="maintainers" %}}
 ## Sponsors
 Authelia is sponsored by the organizations listed below. The organizations below sponsor us completely voluntarily
 and do not expect anything additional other than us mentioning them or having a code of conduct, and some do not even
 require either of those things.
 Please see the [sponsorship section](../contributing/prologue/financial.md#sponsorship) of the financial contributing
 page for more information on how to become a sponsor.
 ### Balto
 Our [apt repository](https://apt.authelia.com) is hosted thanks to [Balto](https://www.getbalto.com/?from=Authelia).
 {{< figure src="/images/logos/balto.svg" alt="Balto" width="193" style="padding-right: 10px"  ignoreStaticImages="false" >}}
 ### Buildkite
 Our [continuous integration and continuous deployment pipelines](https://buildkite.com/authelia/?from=Authelia) are hosted by
 [Buildkite](https://buildkite.com/features?from=Authelia).
 ### Crowdin
 Our [localization platform](https://translate.authelia.com) is hosted by [Crowdin](https://crowdin.com/?from=Authelia).
 ### JetBrains
 Our development IDE's are provided by [JetBrains](https://www.jetbrains.com/?from=Authelia).
 {{< figure src="/images/logos/jetbrains.svg" alt="JetBrains" width="50" style="padding-right: 10px" ignoreStaticImages="false" >}}
 ### Microsoft
 Our pipeline agents which we rely on for productivity are hosted on [Azure](https://azure.microsoft.com/?from=Authelia)
 and our [git repositories](https://github.com/authelia) are hosted on [GitHub](https://github.com/?from=Authela)
 which are both [Microsoft](https://www.microsoft.com/?from=Authelia) products.
 {{< figure src="/images/logos/microsoft.svg" alt="Microsoft" width="234.45" style="padding-right: 10px" ignoreStaticImages="false" >}}
 {{< figure src="/images/logos/azure.svg" alt="Azure" width="173.55" style="padding-right: 10px" ignoreStaticImages="false" >}}
 ### Netlify
 Our [website and documentation](https://www.authelia.com) are built and hosted by
 [Netlify](https://www.netlify.com/?from=Authelia).
 [Open Collective]: https://opencollective.com/authelia-sponsors
 ## Governance and Affiliations
 Authelia is free from any outside governance and is entirely governed as outlined on this page, in addition we do not
 have any affiliations which have ever asked this of us.
 Our affiliations with external companies will be transparently communicated in this section and the
 [sponsors](#sponsors) section.
 ## Compliance
 The following section contains various compliance related information.
 ### Key Individuals
 There is no key individual who if they were incapacitated or unavailable would prevent future operations of the project.
 All of the following areas can be reset or are otherwise accessible to all of the members of the [Core Team](#core-team):
 - Private Keys
 - Access Rights
 - Passwords
 ### Bus Factor
 The Authelia team has a bus factor of 3. Meaning that the project would stall if 3 team members were suddenly hit by a
 bus.
--- a/docs/content/en/information/contact.md
+++ b/docs/content/en/information/contact.md
@ -11,15 +11,25 @@ aliases:
 ## Security
-If you believe you have identified a security related bug with Authelia please visit the
+If you believe you have identified a security vulnerability or security related bug with __Authelia__ please view our
-[security policy](../policies/security.md) documentation.
+[security policy](../policies/security.md).
 ## Individual Team Members
 If you're interested in contacting an individual team member for any reason please see the [About](about.md)
 informational page.
 ## GitHub
 ### Discussions
-If you have a general question or want to discuss an idea that's not entirely hashed out please visit
+The [GitHub Discussions](https://github.com/authelia/authelia/discussions) forum is the correct location to discus
-[GitHub Discussions](https://github.com/authelia/authelia/discussions) and start a new discussion.
+anything that is not a bug or feature request such as:
 - Ideas about future features where it's not clear most people can use it (allows users to vote on it)
 - Questions / Support Requests
 - Sharing configuration or utilization ideas (i.e. show your setup) for things that are not obvious
 - Any issue you're experiencing that may or may not be a bug (i.e you're unsure if it's a bug)
 ### Issues
@ -55,7 +65,7 @@ are bridged to the [Matrix Rooms](#matrix) with the same names providing they ex
 To contact the team for anything not security related you can utilize [team@authelia.com](mailto:team@authelia.com).
-For all security related matters over email please ensure you use [security@authelia.com](mailto:team@authelia.com).
+For all security related matters over email please ensure you use [security@authelia.com](mailto:security@authelia.com).
 [Discord]: https://discord.com/
 [Matrix]: https://matrix.org/
--- a/docs/content/en/integration/openid-connect/firezone/firezone.png
+++ b/docs/content/en/integration/openid-connect/firezone/firezone.png
--- a/docs/content/en/integration/openid-connect/firezone/index.md
+++ b/docs/content/en/integration/openid-connect/firezone/index.md
@ -0,0 +1,96 @@
 ---
 title: "Firezone"
 description: "Integrating Firezone with the Authelia OpenID Connect Provider."
 lead: ""
 date: 2023-03-25T13:07:02+10:00
 draft: false
 images: []
 menu:
  integration:
    parent: "openid-connect"
 weight: 620
 toc: true
 community: true
 ---
 ## Tested Versions
 * [Authelia]
  * [v4.37.5](https://github.com/authelia/authelia/releases/tag/v4.37.5)
 * [Firezone]
  * [0.7.25](https://github.com/firezone/firezone/releases/tag/0.7.25)
 ## Before You Begin
 {{% oidc-common %}}
 ### Assumptions
 This example makes the following assumptions:
 * __Application Root URL:__ `https://firezone.example.com`
 * __Authelia Root URL:__ `https://auth.example.com`
 * __Client ID:__ `firezone`
 * __Client Secret:__ `insecure_secret`
 * __Config ID (Firezone):__ `authelia`:
    * This option determines the redirect URI in the format of
      `https://firezone.example.com/auth/oidc/<Config ID>/callback`.
      This means if you change this value you need to update the redirect URI.
 ## Configuration
 ### Application
 To configure [Firezone] to utilize Authelia as an [OpenID Connect 1.0] Provider:
 1. Visit your [Firezone] site
 2. Sign in as an admin
 3. Visit:
    1. Settings
    2. Security
 4. In the `Single Sign-On` section, click on the `Add OpenID Connect Provider` button
 5. Configure:
   1. Config ID: `authelia`
   2. Label: `Authelia`
   3. Scope: `openid email profile`
   4. Client ID: `firezone`
   5. Client secret: `insecure_secret`
   6. Discovery Document URI: `https://auth.example.com/.well-known/openid-configuration`
   7. Redirect URI (optional): `https://firezone.example.com/auth/oidc/authelia/callback`
   8. Auto-create users (checkbox): `true`
 {{< figure src="firezone.png" alt="Firezone" width="500" >}}
 Take a look at the [See Also](#see-also) section for the cheatsheets corresponding to the sections above for their
 descriptions.
 ### Authelia
 The following YAML configuration is an example __Authelia__
 [client configuration](../../../configuration/identity-providers/open-id-connect.md#clients) for use with [Firezone] which
 will operate with the above example:
 ```yaml
 - id: firezone
  description: Firezone
  secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'  # The digest of 'insecure_secret'.
  public: false
  authorization_policy: two_factor
  enforce_pkce: true
  pkce_challenge_method: S256
  redirect_uris:
    - https://firezone.example.com/auth/oidc/authelia/callback
  scopes:
    - openid
    - email
    - profile
  userinfo_signing_algorithm: none
 ```
 ## See Also
 - [Firezone OIDC documentation](https://www.firezone.dev/docs/authenticate/oidc/)
 [Authelia]: https://www.authelia.com
 [Firezone]: https://www.firezone.dev
 [OpenID Connect 1.0]: ../../openid-connect/introduction.md
--- a/docs/content/en/integration/openid-connect/minio/index.md
+++ b/docs/content/en/integration/openid-connect/minio/index.md
@ -0,0 +1,91 @@
 ---
 title: "MinIO"
 description: "Integrating MinIO with the Authelia OpenID Connect Provider."
 lead: ""
 date: 2022-06-15T17:51:47+10:00
 draft: false
 images: []
 menu:
  integration:
    parent: "openid-connect"
 weight: 620
 toc: true
 community: true
 ---
 ## Tested Versions
 * [Authelia]
  * [v4.37.5](https://github.com/authelia/authelia/releases/tag/v4.37.5)
 * [MinIO]
  * [2023-03-13T19:46:17Z](https://github.com/minio/minio/releases/tag/RELEASE.2023-03-13T19-46-17Z)
 ## Before You Begin
 {{% oidc-common %}}
 ### Assumptions
 This example makes the following assumptions:
 * __Application Root URL:__ `https://minio.example.com`
 * __Authelia Root URL:__ `https://auth.example.com`
 * __Client ID:__ `minio`
 * __Client Secret:__ `insecure_secret`
 ## Configuration
 ### Application
 To configure [MinIO] to utilize Authelia as an [OpenID Connect 1.0] Provider:
 1. Login to [MinIO]
 2. On the left hand menu, go to `Identity`, then `OpenID`
 3. On the top right, click `Create Configuration`
 4. On the screen that appears, enter the following information:
    - Name: `authelia`
    - Config URL: `https://auth.example.com/.well-known/openid-configuration`
    - Client ID: `minio`
    - Client Secret: `insecure_secret`
    - Claim Name: Leave Empty
    - Display Name: `Authelia`
    - Claim Prefix: `authelia`
    - Scopes: `openid,profile,email`
    - Redirect URI: `https://minio.example.com/oauth_callback`
    - Role Policy: `readonly`
    - Claim User Info: Disabled
    - Redirect URI Dynamic: Disabled
 5. Press `Save` at the bottom
 6. Accept the offer of a server restart at the top
 7. When the login screen appears again, click the `Other Authentication Methods` open, then select `Authelia` from the list.
 8. Login
 ### Authelia
 The following YAML configuration is an example __Authelia__
 [client configuration](../../../configuration/identity-providers/open-id-connect.md#clients) for use with [MinIO]
 which will operate with the above example:
 ```yaml
 - id: minio
  description: MinIO
  secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'  # The digest of 'insecure_secret'.
  public: false
  authorization_policy: two_factor
  redirect_uris:
    - https://minio.example.com/apps/oidc_login/oidc
  scopes:
    - openid
    - profile
    - email
    - groups
  userinfo_signing_algorithm: none
 ```
 ## See Also
 - [MinIO OpenID Identiy Management](https://min.io/docs/minio/linux/reference/minio-server/minio-server.html#minio-server-envvar-external-identity-management-openid)
 [MinIO]: https://minio.com/
 [Authelia]: https://www.authelia.com
 [OpenID Connect 1.0]: ../../openid-connect/introduction.md 
--- a/docs/content/en/integration/proxies/caddy.md
+++ b/docs/content/en/integration/proxies/caddy.md
@ -81,7 +81,7 @@ support to ensure the basic example covers your use case in a secure way.
 {{< details "Caddyfile" >}}
 ```caddyfile
 ## It is important to read the following document before enabling this section:
-##     https://www.authelia.com/integration/proxies/caddy/#forwarded-header-trust#trusted-proxies
+##     https://www.authelia.com/integration/proxies/caddy/#trusted-proxies
 (trusted_proxy_list) {
       ## Uncomment & adjust the following line to configure specific ranges which should be considered as trustworthy.
       # trusted_proxies 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 fc00::/7
@ -120,7 +120,7 @@ nextcloud.example.com {
 {{< details "Caddyfile" >}}
 ```caddyfile
 ## It is important to read the following document before enabling this section:
-##     https://www.authelia.com/integration/proxies/caddy/#forwarded-header-trust#trusted-proxies
+##     https://www.authelia.com/integration/proxies/caddy/#trusted-proxies
 (trusted_proxy_list) {
       ## Uncomment & adjust the following line to configure specific ranges which should be considered as trustworthy.
       # trusted_proxies 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 fc00::/7
@ -165,7 +165,7 @@ preferred in *most* situations. If you are unsure of what you're doing please do
 {{< details "Caddyfile" >}}
 ```caddyfile
 ## It is important to read the following document before enabling this section:
-##     https://www.authelia.com/integration/proxies/caddy/#forwarded-header-trust#trusted-proxies
+##     https://www.authelia.com/integration/proxies/caddy/#trusted-proxies
 (trusted_proxy_list) {
       ## Uncomment & adjust the following line to configure specific ranges which should be considered as trustworthy.
       # trusted_proxies 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 fc00::/7
--- a/docs/content/en/overview/security/introduction.md
+++ b/docs/content/en/overview/security/introduction.md
@ -15,12 +15,22 @@ aliases:
 ---
 The __Authelia__ team takes security very seriously. Because __Authelia__ is intended as a security product a lot of
-decisions are made with security being the priority. This section discusses these decisions as well as considerations
+decisions are made with security being the priority and we always aim to implement security by design.
 users should make when implementing __Authelia__.
 ## Coordinated vulnerability disclosure
-__Authelia__ follows the [coordinated vulnerability disclosure](https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure)
+__Authelia__ follows the [coordinated vulnerability disclosure] model when dealing with security vulnerabilities. This
-model when dealing with security vulnerabilities. This was previously known as responsible disclosure. We strongly
+was previously known as responsible disclosure. We strongly urge anyone reporting vulnerabilities to __Authelia__ or any
-urge anyone reporting vulnerabilities to __Authelia__ or any other project to follow this model as it is considered
+other project to follow this model as it is considered as a best practice by many in the security industry.
-as a best practice by many in the security industry.
+
 If you believe you have identified a security vulnerability or security related bug with __Authelia__ please make every
 effort to contact us privately using one of the [contact options](../../policies/security.md#contact-options) below.
 Please do not open an issue, do not notify us in public, and do not disclose this issue to third parties.
 Using this process helps ensure that users affected have an avenue to fixing the issue as close to the issue being
 made public as possible. This mitigates the increasing the attack surface (via improving attacker knowledge) for
 diligent administrators simply via the act of disclosing the security issue.
 ## Policy
 Please view our [security policy](../../policies/security.md) for more information.
--- a/docs/content/en/overview/security/measures.md
+++ b/docs/content/en/overview/security/measures.md
@ -75,6 +75,14 @@ Lastly Authelia's implementation of Argon2id is highly tunable. You can tune the
 (time), parallelism, and memory usage. To read more about this please read how to
 [configure](../../configuration/first-factor/file.md) file authentication.
 ## Protections against return oriented programming attacks and general hardening
 Authelia is built as a position independent executable which makes Return Oriented Programming (ROP) attacks
 significantly more difficult to execute reliably.
 In addition it is built as a static binary with full relocation read-only support making this and several other
 traditional binary weaknesses significantly more difficult to exploit.
 ## User profile and group membership always kept up-to-date (LDAP authentication provider)
 This measure is unrelated to the File authentication provider.
--- a/docs/content/en/policies/security.md
+++ b/docs/content/en/policies/security.md
@ -11,58 +11,82 @@ aliases:
 ---
 The __Authelia__ team takes security very seriously. Because __Authelia__ is intended as a security product a lot of
-decisions are made with security being the priority.
+decisions are made with security being the priority and we always aim to implement security by design.
 ## Coordinated vulnerability disclosure
-__Authelia__ follows the
+__Authelia__ follows the [coordinated vulnerability disclosure] model when dealing with security vulnerabilities. This
-[coordinated vulnerability disclosure](https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure) model when
+was previously known as responsible disclosure. We strongly urge anyone reporting vulnerabilities to __Authelia__ or any
-dealing with security vulnerabilities. This was previously known as responsible disclosure. We strongly urge anyone
+other project to follow this model as it is considered as a best practice by many in the security industry.
 reporting vulnerabilities to __Authelia__ or any other project to follow this model as it is considered as a best
 practice by many in the security industry.
-If you believe you have identified a security related bug with Authelia please do not open an issue, do not notify us in
+If you believe you have identified a security vulnerability or security related bug with __Authelia__ please make every
-public, and do not disclose this issue to third parties. Please use one of the [contact options](#contact-options)
+effort to contact us privately using one of the [contact options](#contact-options) below. Please do not open an issue,
-below.
+do not notify us in public, and do not disclose this issue to third parties.
 Using this process helps ensure that users affected have an avenue to fixing the issue as close to the issue being
 made public as possible. This mitigates the increasing the attack surface (via improving attacker knowledge) for
 diligent administrators simply via the act of disclosing the security issue.
 ## Contact Options
 Several contact options exist however it's important you specifically use a security contact method when reporting a
 security vulnerability or security related bug. These methods are clearly documented below.
 ### GitHub Security
 Users can utilize GitHub's security vulnerability system to privately [report a vulnerability]. This is an easy method
 for users who have a GitHub account.
 ### Email
-Please utilize the [security@authelia.com](mailto:team@authelia.com) email address for security issues discovered. This
+Users can utilize the [security@authelia.com](mailto:security@authelia.com) email address to privately report a
-email address is only accessible by key members of the team for the purpose of disclosing security issues within the
+vulnerability. This is an easy method of users who do not have a GitHub account.
 __Authelia__ code base.
-This is the preferred method of reporting.
+This email address is only accessible by members of the [core team] for the purpose of disclosing security
 vulnerabilities and issues within the __Authelia__ code base.
 ### Chat
 If you wish to chat directly instead of sending an email please use one of the
-[chat options](../information/contact.md#chat) but it is vital that when you do that you only do so privately with one
+[chat options](../information/contact.md#chat) to direct / private message one of the [core team] members.
 of the maintainers. In order to start a private discussion you should ask to have a private discussion with a team
 member without mentioning the reason why you wish to have a private discussion so that provided the bug is confirmed we
 can coordinate the release of fixes and information responsibly.
-## Credit
+Please avoid this method unless absolutely necessary. We generally prefer that users use either the
 [GitHub Security](#github-security) or [Email](#email) option rather than this option as it both allows multiple team
 members to deal with the report and prevents mistakes when contacting a [core team] member.
-Users who report bugs will optionally be credited for the discovery in the
+The [core team] members are identified in [Matrix](../information/contact.md#matrix) as room admins, and in
-[security advisory](https://github.com/authelia/authelia/security/advisories) and/or in our
+[Discord](../information/contact.md#discord) with the `Core Team` role.
 [all contributors](https://github.com/authelia/authelia/blob/master/README.md#contribute) configuration/documentation.
 ## Process
-1. User privately reports a potential vulnerability.
+1. The user privately reports a potential vulnerability.
-2. The core team reviews the report and ascertain if additional information is required.
+2. The report is acknowledged as received.
-3. The core team reproduces the bug.
+3. The report is reviewed to ascertain if additional information is required. If it is required:
-4. The bug is patched, and if possible the user reporting te bug is given access to a fixed version or git patch.
+   1. The user is informed that the additional information is required.
-5. The fix is confirmed to resolve the vulnerability.
+   2. The user privately adds the additional information.
-6. The fix is released.
+   3. The process begins at step 3 again, proceeding to step 4 if the additional information provided is sufficient.
-7. The security advisory is published sometime after users have had a chance to update.
+4. The vulnerability is reproduced.
 5. The vulnerability is patched, and if possible the user reporting the bug is given access to a fixed binary, docker
   image, and git patch.
 6. The patch is confirmed to resolve the vulnerability.
 7. The fix is released and users are notified that they should update urgently.
 8. The [security advisory] is published when (whichever happens sooner):
  - The CVE details are published by [MITRE], [NIST], etc.
  - Roughly 7 days after users have been notified the update is available.
 [MITRE]: https://www.mitre.org/
 [NIST]: https://www.nist.gov/
 ## Credit
 Users who report bugs will at their discretion (i.e. they do not have to be if they wish to remain anonymous) be
 credited for the discovery. Both in the [security advisory] and in our
 [all contributors] documentation.
 ## Help wanted
-We are actively looking for sponsorship to obtain security audits to comprehensively ensure the security of Authelia.
+We are actively looking for sponsorship to obtain security audits to comprehensively ensure the security of _Authelia_.
-As security is imperative to us we see this as one of the main financial priorities.
+As security is really important to us we see this as one of the main financial priorities.
 We believe that we should obtain the following categories of security audits:
@ -70,5 +94,11 @@ We believe that we should obtain the following categories of security audits:
 * Penetration Testing
 If you know of a company which either performs these kinds of audits and would be willing to sponsor the audit in some
-way such as doing it pro bono or at a discounted rate, or wants to help improve Authelia in a meaningful way and is
+way such as doing it pro bono or at a discounted rate, or wants to help improve _Authelia_ in a meaningful way and is
 willing to make a financial contribution towards this then please feel free to contact us.
 [coordinated vulnerability disclosure]: https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure
 [security advisory]: https://github.com/authelia/authelia/security/advisories
 [report a vulnerability]: https://github.com/authelia/authelia/security/advisories/new
 [core team]: ../information/about.md#core-team
 [all contributors]: https://github.com/authelia/authelia/blob/master/README.md#contribute
--- a/docs/content/en/policies/versioning.md
+++ b/docs/content/en/policies/versioning.md
@ -22,6 +22,17 @@ prevent automatic upgrade of the `major` version.
 We generally do not recommend automated upgrades of critical systems but instead recommend ensuring you are notified an
 upgrade exists.
 ## Supported Versions
 The following information is indicative of our support policy:
 - We provide support to user questions for 3 `minor` versions at minimum
 - We provide bug fixes (as a `patch`) to the latest `minor` version
 - We provide vulnerability fixes:
  - As workarounds in the [security advisory](https://github.com/authelia/authelia/security/advisories) (if possible)
  - As patches in the [security advisory](https://github.com/authelia/authelia/security/advisories)
  - To the last 3 `minor` versions upon request
 ## Major Version Zero
 A major version of `v0.x.x` indicates as per the [Semantic Versioning 2.0.0](https://semver.org/spec/v2.0.0.html) policy
@ -35,6 +46,7 @@ It is important to note that each component has its own version, for example the
 v4.40.0 but another component such as the [Helm Chart](https://charts.authelia.com) version may be v0.9.0.
 This means that a breaking change may occur to one but not the other as these components do not share a version.
 ## Exceptions
 There are exceptions to this versioning policy.
--- a/docs/data/profiles.json
+++ b/docs/data/profiles.json
@ -0,0 +1,81 @@
 {
  "people": {
    "clement-michaud": {
      "display": "Clément Michaud",
      "description": "",
      "team": "core",
      "location": "Paris",
      "github": "clems4ever",
      "email": "",
      "discord": {
        "id": "",
        "tag": ""
      },
      "matrix": ""
    },
    "amir-zarrinkafsh": {
      "display": "Amir Zarrinkafsh",
      "description": "",
      "team": "core",
      "location": "Melbourne, Australia",
      "github": "nightah",
      "email": "",
      "discord": {
        "id": "",
        "tag": ""
      },
      "matrix": ""
    },
    "james-elliott": {
      "display": "James Elliott",
      "description": "",
      "team": "core",
      "location": "Melbourne, Australia",
      "github": "james-d-elliott",
      "email": "james.elliott@authelia.com",
      "discord": {
        "id": "209869584814047232",
        "tag": "James#6549"
      },
      "matrix": "@james:authelia.com"
    },
    "manuel-nunez": {
      "display": "Manuel Nuñez",
      "description": "",
      "team": "maintainers",
      "location": "Argentina",
      "github": "mind-ar",
      "email": "",
      "discord": {
        "id": "",
        "tag": ""
      },
      "matrix": ""
    }
  },
  "teams": {
    "core": {
      "display": "Core",
      "description": "The Core Team are effectively members of the Maintainers Team with extra responsibilities.",
      "people": ["clement-michaud", "amir-zarrinkafsh", "james-elliott"],
      "responsibilities": [
        "All responsibilities of the Maintainers Team",
        "Review and merge pull requests from all other teams",
        "Handle vulnerability and security related bug reports",
        "Handle project governance unanimously",
        "Maintain the project roadmap",
        "Coordinate collaboration",
        "Maintain the continuous integration and delivery pipelines and related mechanisms"
      ]
    },
    "maintainers": {
      "display": "Maintainers",
      "description": "The Maintainer Team are traditional repository maintainers.",
      "people": ["manuel-nunez"],
      "responsibilities": [
        "Review and merge pull requests from external parties",
        "Respond to bug reports, feature requests, discussions, and support chat rooms"
      ]
    }
  }
 }
--- a/docs/layouts/index.headers
+++ b/docs/layouts/index.headers
@ -3,7 +3,7 @@
  Strict-Transport-Security: max-age=31536000; includeSubDomains
  X-Content-Type-Options: nosniff
  X-XSS-Protection: 1; mode=block
-  Content-Security-Policy: default-src 'self'; script-src 'self' https://*.netlify.app 'unsafe-inline' 'sha512-RGGByJUOP98hE4wFZM78RM/3MijWJs0Tm0DbfrFhCDCXKXfDx60fii+syp5iMs3UcNX/1H4zJNgmqSejfhHrYw==' 'sha512-+T2H7TEv2U6umnIOWYijvTIrzdCZUYhm/FZo4YYQzKAHf8NWs+38cn3t9fdz2rCm2HqHDkthZZXnY4EWPdWnMA==' 'sha512-okYuGnNmmUuCX64AD7FVra0445z43U8riOY3jZue+WZ2KeVOWLo17hE/wZXGUIJh9WBiSHZ2epTd36MMP6R66w==' 'sha512-bv9WRsSROhTW5djDurORNUCGITVeRfjDXkhqg4Ez/4vTY6FcaVBPy4MXpn4EGC3J3oZNcxpfQIScElDKlmiLhw==' 'sha512-RBYr6Ld4w1yVqaACrgrBLQfPgGhj/1jyacA74WxJ1KM6KVcSWymwrdDwb3HDcdpwiNJ5yssot1He0U9vXoQVlg==' 'sha256-aWZ3y/RxbBYKHXH0z8+8ljrHG1mSBvyzSfxSMjBSaXk=' 'sha256-vOgyKS2vkH4n5TxBJpeh9SgzrE6LVGsAeOAvEST6oCc='; style-src 'self' https://*.netlify.app 'unsafe-inline'; img-src 'self' https://*.netlify.app data:; connect-src 'self' https://*.netlify.app; font-src 'self' https://*.netlify.app; manifest-src 'self' https://*.netlify.app; object-src 'none'; frame-src https://app.netlify.com; frame-ancestors 'none'; base-uri 'none'
+  Content-Security-Policy: default-src 'self'; script-src 'self' https://*.netlify.app 'unsafe-inline' 'sha512-RGGByJUOP98hE4wFZM78RM/3MijWJs0Tm0DbfrFhCDCXKXfDx60fii+syp5iMs3UcNX/1H4zJNgmqSejfhHrYw==' 'sha512-+T2H7TEv2U6umnIOWYijvTIrzdCZUYhm/FZo4YYQzKAHf8NWs+38cn3t9fdz2rCm2HqHDkthZZXnY4EWPdWnMA==' 'sha512-okYuGnNmmUuCX64AD7FVra0445z43U8riOY3jZue+WZ2KeVOWLo17hE/wZXGUIJh9WBiSHZ2epTd36MMP6R66w==' 'sha512-bv9WRsSROhTW5djDurORNUCGITVeRfjDXkhqg4Ez/4vTY6FcaVBPy4MXpn4EGC3J3oZNcxpfQIScElDKlmiLhw==' 'sha512-RBYr6Ld4w1yVqaACrgrBLQfPgGhj/1jyacA74WxJ1KM6KVcSWymwrdDwb3HDcdpwiNJ5yssot1He0U9vXoQVlg==' 'sha256-aWZ3y/RxbBYKHXH0z8+8ljrHG1mSBvyzSfxSMjBSaXk=' 'sha256-vOgyKS2vkH4n5TxBJpeh9SgzrE6LVGsAeOAvEST6oCc='; style-src 'self' https://*.netlify.app 'unsafe-inline'; img-src 'self' https://*.netlify.app https://github.com https://avatars.githubusercontent.com data:; connect-src 'self' https://*.netlify.app; font-src 'self' https://*.netlify.app; manifest-src 'self' https://*.netlify.app; object-src 'none'; frame-src https://app.netlify.com; frame-ancestors 'none'; base-uri 'none'
  X-Frame-Options: SAMEORIGIN
  Referrer-Policy: strict-origin
  Feature-Policy: geolocation 'self'
--- a/docs/layouts/partials/content/profile-card.html
+++ b/docs/layouts/partials/content/profile-card.html
@ -0,0 +1,46 @@
 {{- $profile := index $.Site.Data.profiles.people .Profile }}
 {{- if $profile }}
 {{- $team := "" }}
 {{- if $profile.team }}
 {{- $team = index $.Site.Data.profiles.teams $profile.team }}
 {{- end }}
 <div class="card" style="border-radius: 15px;">
  <div class="card-body text-center">
    {{- if $profile.github }}
    <div class="mt-3 mb-4">
      <img src="https://github.com/{{ $profile.github }}.png"
           class="rounded-circle img-fluid" style="width: 100px;" />
    </div>
    {{- end }}
    <h4 class="mb-2">{{ $profile.display }}</h4>
    {{- if $team }}
    <p class="text-muted mb-4"><a href="{{ printf "%s#%s-team" (absURL "information/about") ($profile.team | lower) }}" target="_self">{{ $team.display }} Team</a></p>
    {{- end }}
    <div class="mb-4 pb-2">
      {{- if $profile.email }}
      <a role="button" class="btn btn-outline-primary btn-floating rounded-circle" href="mailto:{{ $profile.email }}" data-toggle="tooltip" data-placement="bottom" title="Email {{ $profile.display }} ({{ $profile.email }})">
        <i class="bi bi-envelope-fill"></i>
      </a>
      {{- end }}
      {{- if $profile.github }}
      <a role="button" class="btn btn-outline-primary btn-floating rounded-circle" href="https://github.com/{{ $profile.github }}/" target="_blank" rel="noopener" data-toggle="tooltip" data-placement="bottom" title="Checkout {{ $profile.display }} on GitHub ({{ $profile.github }})">
        <i class="bi bi-github"></i>
      </a>
      {{- end }}
      {{- if $profile.matrix }}
      <a role="button" class="btn btn-outline-primary btn-floating rounded-circle" href="https://matrix.to/#/{{ $profile.matrix }}" target="_blank" rel="noopener" data-toggle="tooltip" data-placement="bottom" title="Message {{ $profile.display }} on Matrix ({{ $profile.matrix }})">
        <i class="bi bi-chat-right-quote-fill"></i>
      </a>
      {{- end }}
      {{- if (and $profile.discord $profile.discord.id) }}
      <a role="button" class="btn btn-outline-primary btn-floating rounded-circle" href="https://discord.com/users/{{ $profile.discord.id }}" target="_blank" rel="noopener" data-toggle="tooltip" data-placement="bottom" title="Message {{ $profile.display}} on Discord ({{ $profile.discord.tag }})">
        <i class="bi bi-discord"></i>
      </a>
      {{- end }}
    </div>
    <a role="button" class="btn btn-primary btn-rounded btn-lg" href="{{ printf "%s/%s/" (absURL "contributors") .Profile }}">
    Profile Details
    </a>
  </div>
 </div>
 {{- end }}
--- a/docs/layouts/shortcodes/profile-card.html
+++ b/docs/layouts/shortcodes/profile-card.html
@ -0,0 +1,10 @@
 {{- $key := .Get "name" }}
 <section class="vh-100">
  <div class="container py-5 h-100">
    <div class="row d-flex justify-content-center align-items-center h-100">
      <div class="col-md-12">
 {{ partial "content/profile-card.html" (dict "Site" .Site "Profile" $key) }}
      </div>
    </div>
  </div>
 </section>
--- a/docs/layouts/shortcodes/profile-details.html
+++ b/docs/layouts/shortcodes/profile-details.html
@ -0,0 +1,49 @@
 {{- $key := .Get "name" }}
 {{- $profile := index $.Site.Data.profiles.people $key }}
 {{- if $profile }}
 {{- $team := "" }}
 {{- if $profile.team }}
 {{- $team = index $.Site.Data.profiles.teams $profile.team }}
 {{- end }}
 {{- $email := false }}
 {{- if $profile.email }}{{ $email = true }}{{ end }}
 {{- $matrix := false }}
 {{- if $profile.matrix }}{{ $matrix = true }}{{ end }}
 {{- $discord := false }}
 {{- if (and $profile.discord $profile.discord.id) }}{{ $discord = true }}{{ end }}
 {{- if $profile.github }}
 <div class="mt-3 mb-4">
  <img src="https://github.com/{{ $profile.github }}.png"
       class="rounded-circle img-fluid" style="width: 100px;" />
 </div>
 {{- if $team }}
 <p class="text-muted mb-4"><a href="{{ printf "%s#%s-team" (absURL "information/about") ($profile.team | lower) }}" target="_self">{{ $team.display }} Team</a></p>
 {{- end }}
 <p class="text-muted mb-4">
  <i class="bi bi-geo-alt"></i> {{ $profile.location }}
 </p>
 {{- if $profile.description }}
 <p class="text-muted mb-4">{{ $profile.description }}</p>
 {{- end }}
 {{- if $profile.github }}
 <p>
  <i class="bi bi-github"></i> <a href="https://github.com/{{ $profile.github }}/" target="_blank" rel="noopener" data-toggle="tooltip" data-placement="bottom" title="Checkout {{ $profile.display }} on GitHub ({{ $profile.github }})">{{ $profile.github }}</a>
 </p>
 {{- end }}
 {{- if $email }}
 <p>
  <i class="bi bi-envelope"></i> <a href="mailto:{{ $profile.email }}" data-toggle="tooltip" data-placement="bottom" title="Email {{ $profile.display }} ({{ $profile.email }})">{{ $profile.email }}</a>
 </p>
 {{- end }}
 {{- if (or $matrix $discord) }}
 <p>
  {{- if $matrix }}
  <i class="bi bi-chat-right-quote"></i> <a href="https://matrix.to/#/{{ $profile.matrix }}" target="_blank" rel="noopener" data-toggle="tooltip" data-placement="bottom" title="Message {{ $profile.display }} on Matrix ({{ $profile.matrix }})">{{ $profile.matrix }}</a>
  {{- end }}
  {{- if $discord }}
  <i class="bi bi-discord"></i> <a href="https://discord.com/users/{{ $profile.discord.id }}" target="_blank" rel="noopener" data-toggle="tooltip" data-placement="bottom" title="Message {{ $profile.display}} on Discord ({{ $profile.discord.tag }})">{{ $profile.discord.tag }}</a>
  {{- end }}
 </p>
 {{- end }}
 {{- end }}
 {{- end }}
--- a/docs/layouts/shortcodes/profile-team.html
+++ b/docs/layouts/shortcodes/profile-team.html
@ -0,0 +1,23 @@
 {{- $key := .Get "name" }}
 {{- $team := index $.Site.Data.profiles.teams $key }}
 {{- if $team }}
 {{- $header := .Get "header" }}
 {{- if not $header }}{{ $header = "####" }}{{ end }}
 {{ $team.description }}
 {{ $header }} Responsibilities
 {{- range $team.responsibilities }}
 - {{ . }}
 {{- end }}
 {{ $header }} Members
 <div class="row row-cols-1 row-cols-md-2 row-cols-xl-3 g-4">
 {{- range $team.people }}
  <div class="col col-align-c">
  {{ partial "content/profile-card.html" (dict "Site" $.Site "Profile" .) }}
  </div>
 {{- end }}
 </div>
 {{- end }}
--- a/examples/compose/lite/docker-compose.yml
+++ b/examples/compose/lite/docker-compose.yml
@ -45,7 +45,7 @@ services:
      - TZ=Australia/Melbourne
  traefik:
-    image: traefik:v2.9.8
+    image: traefik:v2.9.9
    container_name: traefik
    volumes:
      - ./traefik:/etc/traefik
--- a/examples/compose/local/docker-compose.yml
+++ b/examples/compose/local/docker-compose.yml
@ -32,7 +32,7 @@ services:
      - TZ=Australia/Melbourne
  traefik:
-    image: traefik:v2.9.8
+    image: traefik:v2.9.9
    container_name: traefik
    volumes:
      - ./traefik:/etc/traefik
--- a/go.mod
+++ b/go.mod
@ -13,7 +13,7 @@ require (
 	github.com/go-asn1-ber/asn1-ber v1.5.4
 	github.com/go-crypt/crypt v0.2.6
 	github.com/go-ldap/ldap/v3 v3.4.4
-	github.com/go-rod/rod v0.112.6
+	github.com/go-rod/rod v0.112.8
 	github.com/go-sql-driver/mysql v1.7.0
 	github.com/go-webauthn/webauthn v0.8.2
 	github.com/golang-jwt/jwt/v4 v4.5.0
@ -33,7 +33,7 @@ require (
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
 	github.com/ory/fosite v0.44.0
 	github.com/ory/herodot v0.9.13
-	github.com/ory/x v0.0.543
+	github.com/ory/x v0.0.545
 	github.com/otiai10/copy v1.9.0
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.4.0
--- a/go.sum
+++ b/go.sum
@ -160,8 +160,8 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG
 github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI=
 github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
-github.com/go-rod/rod v0.112.6 h1:zMirUmhsBeshMWyf285BD0UGtGq54HfThLDGSjcP3lU=
+github.com/go-rod/rod v0.112.8 h1:lYFnHv/lFyjW/Ye0IhyKLeHw/zfhHbSTqawoCi2z/nI=
-github.com/go-rod/rod v0.112.6/go.mod h1:ElViL9ABbcshNQw93+11FrYRH92RRhMKleuILo6+5V0=
+github.com/go-rod/rod v0.112.8/go.mod h1:ElViL9ABbcshNQw93+11FrYRH92RRhMKleuILo6+5V0=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc=
 github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
@ -372,8 +372,8 @@ github.com/ory/go-convenience v0.1.0/go.mod h1:uEY/a60PL5c12nYz4V5cHY03IBmwIAEm8
 github.com/ory/herodot v0.9.13 h1:cN/Z4eOkErl/9W7hDIDLb79IO/bfsH+8yscBjRpB4IU=
 github.com/ory/herodot v0.9.13/go.mod h1:IWDs9kSvFQqw/cQ8zi5ksyYvITiUU4dI7glUrhZcJYo=
 github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM=
-github.com/ory/x v0.0.543 h1:I6bl6IV2Ok07io6M2dnaRaJHP5oRU096T9FYoe8m48U=
+github.com/ory/x v0.0.545 h1:B2zw7LrQwtdzbaRo0nz4EvDukH7A2UK+IdeYQF2iXBw=
-github.com/ory/x v0.0.543/go.mod h1:ktXUvx51Ok1gMGr3ysvktanqr+eiB4FXglt4nF4w2Uo=
+github.com/ory/x v0.0.545/go.mod h1:x0n1bElGPQeONaKO++izk4CIOhiDhan+i1MUygjrlfM=
 github.com/otiai10/copy v1.9.0 h1:7KFNiCgZ91Ru4qW4CWPf/7jqtxLagGRmIxWldPP9VY4=
 github.com/otiai10/copy v1.9.0/go.mod h1:hsfX19wcn0UWIHUQ3/4fHuehhk2UyArQ9dVFAn3FczI=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
@ -507,8 +507,6 @@ github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6Kllzaw
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasthttp v1.45.0 h1:zPkkzpIn8tdHZUrVa6PzYd0i5verqiPSkgTd3bSUcpA=
 github.com/valyala/fasthttp v1.45.0/go.mod h1:k2zXd82h/7UZc3VOdJ2WaUqt1uZ/XpXAfE9i+HBC3lA=
 github.com/wneessen/go-mail v0.3.8 h1:ja5D/o/RVwrtRIYFlrO7GmtcjDNeMakGQuwQRZYv0JM=
 github.com/wneessen/go-mail v0.3.8/go.mod h1:m25lkU2GYQnlVr6tdwK533/UXxo57V0kLOjaFYmub0E=
 github.com/wneessen/go-mail v0.3.9 h1:Q4DbCk3htT5DtDWKeMgNXCiHc4bBY/vv/XQPT6XDXzc=
 github.com/wneessen/go-mail v0.3.9/go.mod h1:zxOlafWCP/r6FEhAaRgH4IC1vg2YXxO0Nar9u0IScZ8=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
--- a/internal/suites/example/compose/envoy/docker-compose.yml
+++ b/internal/suites/example/compose/envoy/docker-compose.yml
@ -2,7 +2,7 @@
 version: '3'
 services:
  envoy:
-    image: envoyproxy/envoy:v1.25.2
+    image: envoyproxy/envoy:v1.25.3
    volumes:
      - ./example/compose/envoy/envoy.yaml:/etc/envoy/envoy.yaml
      - ./common/pki:/pki
--- a/internal/suites/example/compose/haproxy/Dockerfile
+++ b/internal/suites/example/compose/haproxy/Dockerfile
@ -1,4 +1,4 @@
-FROM haproxy:2.7.4-alpine
+FROM haproxy:2.7.6-alpine
 USER root
 RUN \
--- a/internal/suites/example/compose/samba/Dockerfile
+++ b/internal/suites/example/compose/samba/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 RUN \
 apk add --no-cache \
--- a/internal/suites/example/compose/traefik2/docker-compose.yml
+++ b/internal/suites/example/compose/traefik2/docker-compose.yml
@ -2,7 +2,7 @@
 version: '3'
 services:
  traefik:
-    image: traefik:v2.9.8
+    image: traefik:v2.9.9
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock'
    labels:
--- a/web/package.json
+++ b/web/package.json
@ -4,7 +4,7 @@
  "private": true,
  "engines": {
    "node": ">=18.4.0",
-    "pnpm": "7"
+    "pnpm": "8"
  },
  "pnpm": {
    "peerDependencyRules": {
@ -25,19 +25,19 @@
    "@emotion/cache": "11.10.5",
    "@emotion/react": "11.10.6",
    "@emotion/styled": "11.10.6",
-    "@fortawesome/fontawesome-svg-core": "6.3.0",
+    "@fortawesome/fontawesome-svg-core": "6.4.0",
-    "@fortawesome/free-regular-svg-icons": "6.3.0",
+    "@fortawesome/free-regular-svg-icons": "6.4.0",
-    "@fortawesome/free-solid-svg-icons": "6.3.0",
+    "@fortawesome/free-solid-svg-icons": "6.4.0",
    "@fortawesome/react-fontawesome": "0.2.0",
    "@mui/icons-material": "5.11.11",
-    "@mui/material": "5.11.13",
+    "@mui/material": "5.11.15",
    "@mui/styles": "5.11.13",
    "@simplewebauthn/browser": "7.2.0",
    "@simplewebauthn/typescript-types": "7.0.0",
    "axios": "1.3.4",
-    "broadcast-channel": "4.20.2",
+    "broadcast-channel": "5.0.3",
    "classnames": "2.3.2",
-    "i18next": "22.4.12",
+    "i18next": "22.4.13",
    "i18next-browser-languagedetector": "7.0.1",
    "i18next-http-backend": "2.2.0",
    "qrcode.react": "3.1.0",
@ -45,7 +45,7 @@
    "react-dom": "18.2.0",
    "react-i18next": "12.2.0",
    "react-loading": "2.0.3",
-    "react-router-dom": "6.9.0",
+    "react-router-dom": "6.10.0",
    "react18-input-otp": "1.1.3",
    "zxcvbn": "4.4.2"
  },
@ -148,27 +148,27 @@
    ]
  },
  "devDependencies": {
-    "@commitlint/cli": "17.4.4",
+    "@commitlint/cli": "17.5.1",
    "@commitlint/config-conventional": "17.4.4",
    "@limegrass/eslint-plugin-import-alias": "1.0.6",
    "@testing-library/jest-dom": "5.16.5",
    "@testing-library/react": "14.0.0",
    "@types/jest": "29.5.0",
-    "@types/node": "18.15.3",
+    "@types/node": "18.15.11",
    "@types/qrcode.react": "1.0.2",
-    "@types/react": "18.0.28",
+    "@types/react": "18.0.31",
    "@types/react-dom": "18.0.11",
    "@types/zxcvbn": "4.4.1",
-    "@typescript-eslint/eslint-plugin": "5.55.0",
+    "@typescript-eslint/eslint-plugin": "5.57.0",
-    "@typescript-eslint/parser": "5.55.0",
+    "@typescript-eslint/parser": "5.57.0",
    "@vitejs/plugin-react": "3.1.0",
-    "esbuild": "0.17.12",
+    "esbuild": "0.17.14",
    "esbuild-jest": "0.5.0",
-    "eslint": "8.36.0",
+    "eslint": "8.37.0",
-    "eslint-config-prettier": "8.7.0",
+    "eslint-config-prettier": "8.8.0",
    "eslint-config-react-app": "7.0.1",
    "eslint-formatter-rdjson": "1.0.5",
-    "eslint-import-resolver-typescript": "3.5.3",
+    "eslint-import-resolver-typescript": "3.5.4",
    "eslint-plugin-import": "2.27.5",
    "eslint-plugin-jsx-a11y": "6.7.1",
    "eslint-plugin-prettier": "4.2.1",
@ -179,10 +179,10 @@
    "jest-environment-jsdom": "29.5.0",
    "jest-transform-stub": "2.0.0",
    "jest-watch-typeahead": "2.2.2",
-    "prettier": "2.8.4",
+    "prettier": "2.8.7",
    "react-test-renderer": "18.2.0",
-    "typescript": "5.0.2",
+    "typescript": "5.0.3",
-    "vite": "4.2.0",
+    "vite": "4.2.1",
    "vite-plugin-eslint": "1.8.1",
    "vite-plugin-istanbul": "4.0.1",
    "vite-plugin-svgr": "2.4.0",
--- a/web/pnpm-lock.yaml
+++ b/web/pnpm-lock.yaml