Git submodule: Bump libs/hbb_common from 42af0f0 to f4ef3bc

Bumps [libs/hbb_common](https://github.com/rustdesk/hbb_common) from `42af0f0` to `f4ef3bc`.
- [Release notes](https://github.com/rustdesk/hbb_common/releases)
- [Commits](42af0f0aed...f4ef3bca2d)

---
updated-dependencies:
- dependency-name: libs/hbb_common
  dependency-version: f4ef3bca2dd2c0d74af23096a3bddb9455cf1dab
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/winget.yml

@@ -1,15 +0,0 @@
-name: Publish to WinGet
-on:
-  release:
-    types: [released]
-  workflow_dispatch:
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: vedantmgoyal9/winget-releaser@main
-        with:
-          identifier: RustDesk.RustDesk
-          version: "1.4.6"
-          release-tag: "1.4.6"
-          token: ${{ secrets.WINGET_TOKEN }}

AGENTS.md

@@ -0,0 +1,62 @@
+# RustDesk Guide
+
+## Project Layout
+
+### Directory Structure
+* `src/` Rust app
+* `src/server/` audio / clipboard / input / video / network
+* `src/platform/` platform-specific code
+* `src/ui/` legacy Sciter UI (deprecated)
+* `flutter/` current UI
+* `libs/hbb_common/` config / proto / shared utils
+* `libs/scrap/` screen capture
+* `libs/enigo/` input control
+* `libs/clipboard/` clipboard
+* `libs/hbb_common/src/config.rs` all options
+
+### Key Components
+- **Remote Desktop Protocol**: Custom protocol implemented in `src/rendezvous_mediator.rs` for communicating with rustdesk-server
+- **Screen Capture**: Platform-specific screen capture in `libs/scrap/`
+- **Input Handling**: Cross-platform input simulation in `libs/enigo/`
+- **Audio/Video Services**: Real-time audio/video streaming in `src/server/`
+- **File Transfer**: Secure file transfer implementation in `libs/hbb_common/`
+
+### UI Architecture
+- **Legacy UI**: Sciter-based (deprecated) - files in `src/ui/`
+- **Modern UI**: Flutter-based - files in `flutter/`
+  - Desktop: `flutter/lib/desktop/`
+  - Mobile: `flutter/lib/mobile/`
+  - Shared: `flutter/lib/common/` and `flutter/lib/models/`
+
+## Rust Rules
+
+* Avoid `unwrap()` / `expect()` in production code.
+* Exceptions:
+
+  * tests;
+  * lock acquisition where failure means poisoning, not normal control flow.
+* Otherwise prefer `Result` + `?` or explicit handling.
+* Do not ignore errors silently.
+* Avoid unnecessary `.clone()`.
+* Prefer borrowing when practical.
+* Do not add dependencies unless needed.
+* Keep code simple and idiomatic.
+
+## Tokio Rules
+
+* Assume a Tokio runtime already exists.
+* Never create nested runtimes.
+* Never call `Runtime::block_on()` inside Tokio / async code.
+* Do not hide runtime creation inside helpers or libraries.
+* Do not hold locks across `.await`.
+* Prefer `.await`, `tokio::spawn`, channels.
+* Use `spawn_blocking` or dedicated threads for blocking work.
+* Do not use `std::thread::sleep()` in async code.
+
+## Editing Hygiene
+
+* Change only what is required.
+* Prefer the smallest valid diff.
+* Do not refactor unrelated code.
+* Do not make formatting-only changes.
+* Keep naming/style consistent with nearby code.

CLAUDE.md

@@ -1,91 +1 @@
-# CLAUDE.md
-
-This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
-
-## Development Commands
-
-### Build Commands
-- `cargo run` - Build and run the desktop application (requires libsciter library)
-- `python3 build.py --flutter` - Build Flutter version (desktop)
-- `python3 build.py --flutter --release` - Build Flutter version in release mode
-- `python3 build.py --hwcodec` - Build with hardware codec support
-- `python3 build.py --vram` - Build with VRAM feature (Windows only)
-- `cargo build --release` - Build Rust binary in release mode
-- `cargo build --features hwcodec` - Build with specific features
-
-### Flutter Mobile Commands
-- `cd flutter && flutter build android` - Build Android APK
-- `cd flutter && flutter build ios` - Build iOS app
-- `cd flutter && flutter run` - Run Flutter app in development mode
-- `cd flutter && flutter test` - Run Flutter tests
-
-### Testing
-- `cargo test` - Run Rust tests
-- `cd flutter && flutter test` - Run Flutter tests
-
-### Platform-Specific Build Scripts
-- `flutter/build_android.sh` - Android build script
-- `flutter/build_ios.sh` - iOS build script
-- `flutter/build_fdroid.sh` - F-Droid build script
-
-## Project Architecture
-
-### Directory Structure
-- **`src/`** - Main Rust application code
-  - `src/ui/` - Legacy Sciter UI (deprecated, use Flutter instead)
-  - `src/server/` - Audio/clipboard/input/video services and network connections
-  - `src/client.rs` - Peer connection handling
-  - `src/platform/` - Platform-specific code
-- **`flutter/`** - Flutter UI code for desktop and mobile
-- **`libs/`** - Core libraries
-  - `libs/hbb_common/` - Video codec, config, network wrapper, protobuf, file transfer utilities
-  - `libs/scrap/` - Screen capture functionality
-  - `libs/enigo/` - Platform-specific keyboard/mouse control
-  - `libs/clipboard/` - Cross-platform clipboard implementation
-
-### Key Components
-- **Remote Desktop Protocol**: Custom protocol implemented in `src/rendezvous_mediator.rs` for communicating with rustdesk-server
-- **Screen Capture**: Platform-specific screen capture in `libs/scrap/`
-- **Input Handling**: Cross-platform input simulation in `libs/enigo/`
-- **Audio/Video Services**: Real-time audio/video streaming in `src/server/`
-- **File Transfer**: Secure file transfer implementation in `libs/hbb_common/`
-
-### UI Architecture
-- **Legacy UI**: Sciter-based (deprecated) - files in `src/ui/`
-- **Modern UI**: Flutter-based - files in `flutter/`
-  - Desktop: `flutter/lib/desktop/`
-  - Mobile: `flutter/lib/mobile/`
-  - Shared: `flutter/lib/common/` and `flutter/lib/models/`
-
-## Important Build Notes
-
-### Dependencies
-- Requires vcpkg for C++ dependencies: `libvpx`, `libyuv`, `opus`, `aom`
-- Set `VCPKG_ROOT` environment variable
-- Download appropriate Sciter library for legacy UI support
-
-### Ignore Patterns
-When working with files, ignore these directories:
-- `target/` - Rust build artifacts
-- `flutter/build/` - Flutter build output
-- `flutter/.dart_tool/` - Flutter tooling files
-
-### Cross-Platform Considerations
-- Windows builds require additional DLLs and virtual display drivers
-- macOS builds need proper signing and notarization for distribution
-- Linux builds support multiple package formats (deb, rpm, AppImage)
-- Mobile builds require platform-specific toolchains (Android SDK, Xcode)
-
-### Feature Flags
-- `hwcodec` - Hardware video encoding/decoding
-- `vram` - VRAM optimization (Windows only)
-- `flutter` - Enable Flutter UI
-- `unix-file-copy-paste` - Unix file clipboard support
-- `screencapturekit` - macOS ScreenCaptureKit (macOS only)
-
-### Config
-All configurations or options are under `libs/hbb_common/src/config.rs` file, 4 types:
-- Settings
-- Local
-- Display
-- Built-in
+AGENTS.md

Cargo.lock

@@ -5996,8 +5996,8 @@ dependencies = [
 
 [[package]]
 name = "parity-tokio-ipc"
-version = "0.7.3-5"
-source = "git+https://github.com/rustdesk-org/parity-tokio-ipc#c8c8bbcbabf9be1201c53afb0269b92b9b02d291"
+version = "0.7.3-6"
+source = "git+https://github.com/rustdesk-org/parity-tokio-ipc#d0ae39bffe5d5a3e8d82a1b6bcb1ca5a9b2f1c01"
 dependencies = [
  "futures",
  "libc",

Cargo.toml

@@ -245,3 +245,6 @@ panic = 'abort'
 strip = true
 #opt-level = 'z' # only have smaller size after strip
 rpath = true
+
+[profile.dev]
+debug = 1

GEMINI.md

@@ -0,0 +1 @@
+AGENTS.md

build.py

@@ -512,7 +512,7 @@ def main():
         system2('pip3 install -r requirements.txt')
         system2(
             f'python3 ./generate.py -f ../../{res_dir} -o . -e ../../{res_dir}/rustdesk-{version}-win7-install.exe')
-        system2('mv ../../{res_dir}/rustdesk-{version}-win7-install.exe ../..')
+        system2(f'mv ../../{res_dir}/rustdesk-{version}-win7-install.exe ../..')
     elif os.path.isfile('/usr/bin/pacman'):
         # pacman -S -needed base-devel
         system2("sed -i 's/pkgver=.*/pkgver=%s/g' res/PKGBUILD" % version)

docs/CODE_OF_CONDUCT-FR.md

@@ -0,0 +1,143 @@
+
+# Code de conduite des contributeurs
+
+## Notre engagement
+
+En tant que membres, contributeurs et responsables, nous nous engageons à faire
+de la participation à notre communauté une expérience exempte de harcèlement pour
+tous, indépendamment de l'âge, de la taille corporelle, du handicap visible ou
+invisible, de l'origine ethnique, des caractéristiques sexuelles, de l'identité
+et de l'expression de genre, du niveau d'expérience, de l'éducation, du statut
+socio-économique, de la nationalité, de l'apparence personnelle, de la race, de
+la religion ou de l'identité et de l'orientation sexuelle.
+
+Nous nous engageons à agir et à interagir de manière à contribuer à une
+communauté ouverte, accueillante, diversifiée, inclusive et saine.
+
+## Nos standards
+
+Exemples de comportements qui contribuent à un environnement positif pour notre
+communauté :
+
+* Faire preuve d'empathie et de bienveillance envers les autres
+* Respecter les opinions, les points de vue et les expériences différents
+* Donner et accepter gracieusement les retours constructifs
+* Assumer ses responsabilités, s'excuser auprès des personnes affectées par nos
+  erreurs et apprendre de l'expérience
+* Se concentrer sur ce qui est le mieux non seulement pour nous en tant
+  qu'individus, mais pour l'ensemble de la communauté
+
+Exemples de comportements inacceptables :
+
+* L'utilisation de langage ou d'images à caractère sexuel, et les attentions ou
+  avances sexuelles de quelque nature que ce soit
+* Le trolling, les commentaires insultants ou désobligeants, et les attaques
+  personnelles ou politiques
+* Le harcèlement public ou privé
+* La publication d'informations privées d'autrui, telles qu'une adresse physique
+  ou électronique, sans autorisation explicite
+* Tout autre comportement qui pourrait raisonnablement être considéré comme
+  inapproprié dans un cadre professionnel
+
+## Responsabilités en matière d'application
+
+Les responsables de la communauté sont chargés de clarifier et d'appliquer nos
+standards de comportement acceptable et prendront des mesures correctives
+appropriées et équitables en réponse à tout comportement qu'ils jugent
+inapproprié, menaçant, offensant ou nuisible.
+
+Les responsables de la communauté ont le droit et la responsabilité de
+supprimer, modifier ou rejeter les commentaires, commits, code, modifications
+du wiki, issues et autres contributions qui ne sont pas conformes à ce Code de
+conduite, et communiqueront les raisons de leurs décisions de modération le cas
+échéant.
+
+## Portée
+
+Ce Code de conduite s'applique dans tous les espaces communautaires, et
+s'applique également lorsqu'une personne représente officiellement la communauté
+dans les espaces publics. Les exemples de représentation de notre communauté
+incluent l'utilisation d'une adresse e-mail officielle, la publication via un
+compte de réseau social officiel, ou le fait d'agir en tant que représentant
+désigné lors d'un événement en ligne ou hors ligne.
+
+## Application
+
+Les cas de comportements abusifs, harcelants ou autrement inacceptables peuvent
+être signalés aux responsables de la communauté chargés de l'application à
+[info@rustdesk.com](mailto:info@rustdesk.com).
+Toutes les plaintes seront examinées et feront l'objet d'une enquête rapide et
+équitable.
+
+Tous les responsables de la communauté sont tenus de respecter la vie privée et
+la sécurité de la personne ayant signalé un incident.
+
+## Directives d'application
+
+Les responsables de la communauté suivront ces Directives d'impact communautaire
+pour déterminer les conséquences de toute action qu'ils jugent en violation de ce
+Code de conduite :
+
+### 1. Correction
+
+**Impact communautaire** : Utilisation d'un langage inapproprié ou autre
+comportement jugé non professionnel ou indésirable dans la communauté.
+
+**Conséquence** : Un avertissement écrit et privé de la part des responsables de
+la communauté, expliquant la nature de la violation et pourquoi le comportement
+était inapproprié. Des excuses publiques peuvent être demandées.
+
+### 2. Avertissement
+
+**Impact communautaire** : Une violation par un incident isolé ou une série
+d'actions.
+
+**Conséquence** : Un avertissement avec des conséquences en cas de comportement
+répété. Aucune interaction avec les personnes impliquées, y compris les
+interactions non sollicitées avec les personnes chargées d'appliquer le Code de
+conduite, pendant une période déterminée. Cela inclut d'éviter les interactions
+dans les espaces communautaires ainsi que dans les canaux externes comme les
+réseaux sociaux. Le non-respect de ces conditions peut entraîner une exclusion
+temporaire ou permanente.
+
+### 3. Exclusion temporaire
+
+**Impact communautaire** : Une violation grave des standards communautaires, y
+compris un comportement inapproprié persistant.
+
+**Conséquence** : Une exclusion temporaire de toute interaction ou communication
+publique avec la communauté pendant une période déterminée. Aucune interaction
+publique ou privée avec les personnes impliquées, y compris les interactions non
+sollicitées avec les personnes chargées d'appliquer le Code de conduite, n'est
+autorisée pendant cette période. Le non-respect de ces conditions peut entraîner
+une exclusion permanente.
+
+### 4. Exclusion permanente
+
+**Impact communautaire** : Démontrer un schéma de violation des standards
+communautaires, y compris un comportement inapproprié persistant, le harcèlement
+d'une personne, ou une agression envers des catégories de personnes ou leur
+dénigrement.
+
+**Conséquence** : Une exclusion permanente de toute interaction publique au sein
+de la communauté.
+
+## Attribution
+
+Ce Code de conduite est adapté du [Contributor Covenant][homepage], version 2.0,
+disponible à l'adresse
+[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0].
+
+Les Directives d'impact communautaire ont été inspirées par
+[l'échelle d'application du code de conduite de Mozilla][Mozilla CoC].
+
+Pour des réponses aux questions fréquentes sur ce code de conduite, consultez la
+FAQ à l'adresse [https://www.contributor-covenant.org/faq][FAQ]. Des traductions
+sont disponibles à l'adresse
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

docs/CONTRIBUTING-FR.md

@@ -0,0 +1,55 @@
+
+# Contribuer à RustDesk
+
+RustDesk accueille les contributions de tous. Voici les directives si vous
+envisagez de nous aider :
+
+## Contributions
+
+Les contributions à RustDesk ou à ses dépendances doivent être soumises sous
+forme de pull requests GitHub. Chaque pull request sera examinée par un
+contributeur principal (une personne ayant la permission d'intégrer des
+correctifs) et sera soit intégrée dans la branche principale, soit accompagnée
+de retours sur les modifications requises. Toutes les contributions doivent
+suivre ce format, même celles des contributeurs principaux.
+
+Si vous souhaitez travailler sur une issue, veuillez d'abord la revendiquer en
+commentant sur l'issue GitHub indiquant que vous souhaitez la traiter. Cela
+permet d'éviter les efforts en double de la part des contributeurs sur la même
+issue.
+
+## Liste de vérification pour les pull requests
+
+- Partez de la branche master et, si nécessaire, effectuez un rebase sur la
+  branche master actuelle avant de soumettre votre pull request. Si elle ne
+  fusionne pas proprement avec master, il vous sera peut-être demandé de
+  rebaser vos modifications.
+
+- Les commits doivent être aussi petits que possible, tout en s'assurant que
+  chaque commit est correct de manière indépendante (c.-à-d. que chaque commit
+  doit compiler et passer les tests).
+
+- Les commits doivent être accompagnés d'une signature Developer Certificate of
+  Origin (http://developercertificate.org), indiquant que vous (et votre
+  employeur le cas échéant) acceptez d'être liés par les termes de la
+  [licence du projet](../LICENCE). Dans git, il s'agit de l'option `-s` de
+  `git commit`.
+
+- Si votre correctif n'est pas examiné ou si vous avez besoin qu'une personne
+  spécifique l'examine, vous pouvez @-mentionner un relecteur pour demander une
+  revue dans la pull request ou un commentaire, ou vous pouvez demander une
+  revue par [e-mail](mailto:info@rustdesk.com).
+
+- Ajoutez des tests relatifs au bug corrigé ou à la nouvelle fonctionnalité.
+
+Pour des instructions git spécifiques, consultez le
+[GitHub workflow 101](https://github.com/servo/servo/wiki/GitHub-workflow).
+
+## Conduite
+
+https://github.com/rustdesk/rustdesk/blob/master/docs/CODE_OF_CONDUCT.md
+
+## Communication
+
+Les contributeurs de RustDesk se retrouvent fréquemment sur
+[Discord](https://discord.gg/nDceKgxnkV).

docs/README-FR.md

@@ -34,9 +34,9 @@ Les versions de bureau utilisent [sciter](https://sciter.com/) pour l'interface
 - Installez [vcpkg](https://github.com/microsoft/vcpkg), et définissez correctement la variable d'environnement `VCPKG_ROOT`.
 
   - Windows : vcpkg install libvpx:x64-windows-static libyuv:x64-windows-static opus:x64-windows-static aom:x64-windows-static
-  - Linux/Osx : vcpkg install libvpx libyuv opus aom
+  - Linux/macOS : vcpkg install libvpx libyuv opus aom
 
-- Exécuter `cargo run`
+- Exécutez `cargo run`
 
 ## Comment compiler/build sous Linux
 
@@ -93,7 +93,7 @@ cd rustdesk
 mkdir -p target/debug
 wget https://raw.githubusercontent.com/c-smile/sciter-sdk/master/bin.lnx/x64/libsciter-gtk.so
 mv libsciter-gtk.so target/debug
-Exécution du cargo
+cargo run
 ```
 
 ## Comment construire avec Docker

docs/SECURITY-FR.md

@@ -0,0 +1,16 @@
+
+# Politique de sécurité
+
+## Signaler une vulnérabilité
+
+Nous accordons une très grande importance à la sécurité du projet. Nous
+encourageons tous les utilisateurs à nous signaler toute vulnérabilité qu'ils
+découvrent.
+
+Si vous trouvez une vulnérabilité de sécurité dans le projet RustDesk, veuillez
+la signaler de manière responsable en envoyant un e-mail à info@rustdesk.com.
+
+À ce stade, nous n'avons pas de programme de bug bounty. Nous sommes une petite
+équipe qui s'attaque à un grand défi. Nous vous encourageons vivement à signaler
+toute vulnérabilité de manière responsable afin que nous puissions continuer à
+développer une application sécurisée pour l'ensemble de la communauté.

flatpak/com.rustdesk.RustDesk.metainfo.xml

@@ -18,7 +18,7 @@
       <li> Supports VP8 / VP9 / AV1 software codecs, and H264 / H265 hardware codecs. </li>
       <li> Own your data, easily set up self-hosting solution on your infrastructure. </li>
       <li> P2P connection with end-to-end encryption based on NaCl. </li>
-      <li> No administrative privileges or installation needed for Windows, elevate priviledge locally or from remote on demand. </li>
+      <li> No administrative privileges or installation needed for Windows, elevate privilege locally or from remote on demand. </li>
       <li> We like to keep things simple and will strive to make simpler where possible. </li>
     </ul>
     <p>
@@ -56,4 +56,4 @@
     <control>pointing</control>
   </supports>
   <content_rating type="oars-1.1"/>
-</component>
+</component>

flutter/android/app/src/main/kotlin/com/carriez/flutter_hbb/AudioRecordHandle.kt

@@ -62,7 +62,13 @@ class AudioRecordHandle(private var context: Context, private var isVideoStart:
                 return false
             }
         }
-        audioRecorder = builder.build()
+        val recorder = try {
+            builder.build()
+        } catch (e: Exception) {
+            Log.e(logTag, "createAudioRecorder failed", e)
+            return false
+        }
+        audioRecorder = recorder
         Log.d(logTag, "createAudioRecorder done,minBufferSize:$minBufferSize")
         return true
     }

flutter/assets/auth-microsoft.svg

@@ -0,0 +1 @@
+<svg width="48" height="48" viewBox="0 0 48 48" xmlns="http://www.w3.org/2000/svg"><rect x="4" y="4" width="19" height="19" fill="#f25022"/><rect x="25" y="4" width="19" height="19" fill="#7fba00"/><rect x="4" y="25" width="19" height="19" fill="#00a4ef"/><rect x="25" y="25" width="19" height="19" fill="#ffb900"/></svg>

flutter/lib/common.dart

@@ -716,6 +716,17 @@ closeConnection({String? id}) {
       stateGlobal.isInMainPage = true;
     } else {
       final controller = Get.find<DesktopTabController>();
+      if (controller.tabType == DesktopTabType.terminal &&
+          controller.onCloseWindow != null) {
+        // Terminal windows are scoped to one peer. The optional id passed to
+        // closeConnection() is that peer id, not a terminal tab key
+        // (${peerId}_${terminalId}). Closing from terminal dialogs should close
+        // the peer's whole terminal window, including all terminal tabs.
+        unawaited(controller.onCloseWindow!().catchError((e, _) {
+          debugPrint('[closeConnection] Failed to close terminal window: $e');
+        }));
+        return;
+      }
       controller.closeBy(id);
     }
   }
@@ -2365,6 +2376,19 @@ List<String>? urlLinkToCmdArgs(Uri uri) {
     id = uri.path.substring("/new/".length);
   } else if (uri.authority == "config") {
     if (isAndroid || isIOS) {
+      final allowDeepLinkServerSettings =
+          bind.mainGetBuildinOption(key: kOptionAllowDeepLinkServerSettings) ==
+              'Y';
+      if (!allowDeepLinkServerSettings) {
+        debugPrint(
+            "Ignore rustdesk://config because $kOptionAllowDeepLinkServerSettings is not enabled.");
+        // Keep the user-facing error generic; detailed rejection reason is in debug logs.
+        // Delay toast to avoid missing overlay during cold-start deeplink handling.
+        Timer(Duration(seconds: 1), () {
+          showToast(translate('Failed'));
+        });
+        return null;
+      }
       final config = uri.path.substring("/".length);
       // add a timer to make showToast work
       Timer(Duration(seconds: 1), () {
@@ -2374,11 +2398,24 @@ List<String>? urlLinkToCmdArgs(Uri uri) {
     return null;
   } else if (uri.authority == "password") {
     if (isAndroid || isIOS) {
+      final allowDeepLinkPassword =
+          bind.mainGetBuildinOption(key: kOptionAllowDeepLinkPassword) == 'Y';
+      if (!allowDeepLinkPassword) {
+        debugPrint(
+            "Ignore rustdesk://password because $kOptionAllowDeepLinkPassword is not enabled.");
+        // Keep the user-facing error generic; detailed rejection reason is in debug logs.
+        // Delay toast to avoid missing overlay during cold-start deeplink handling.
+        Timer(Duration(seconds: 1), () {
+          showToast(translate('Failed'));
+        });
+        return null;
+      }
       final password = uri.path.substring("/".length);
       if (password.isNotEmpty) {
         Timer(Duration(seconds: 1), () async {
-          await bind.mainSetPermanentPassword(password: password);
-          showToast(translate('Successful'));
+          final ok =
+              await bind.mainSetPermanentPasswordWithResult(password: password);
+          showToast(translate(ok ? 'Successful' : 'Failed'));
         });
       }
     }
@@ -4153,8 +4190,7 @@ Widget? buildAvatarWidget({
       width: size,
       height: size,
       fit: BoxFit.cover,
-      errorBuilder: (_, __, ___) =>
-          fallback ?? SizedBox.shrink(),
+      errorBuilder: (_, __, ___) => fallback ?? SizedBox.shrink(),
     ),
   );
 }

flutter/lib/common/widgets/address_book.dart

@@ -54,9 +54,9 @@ class _AddressBookState extends State<AddressBook> {
                 const LinearProgressIndicator(),
               buildErrorBanner(context,
                   loading: gFFI.abModel.currentAbLoading,
-                  err: gFFI.abModel.currentAbPullError,
+                  err: gFFI.abModel.abPullError,
                   retry: null,
-                  close: () => gFFI.abModel.currentAbPullError.value = ''),
+                  close: gFFI.abModel.clearPullErrors),
               buildErrorBanner(context,
                   loading: gFFI.abModel.currentAbLoading,
                   err: gFFI.abModel.currentAbPushError,

flutter/lib/common/widgets/login.dart

@@ -20,7 +20,8 @@ const kOpSvgList = [
   'okta',
   'facebook',
   'azure',
-  'auth0'
+  'auth0',
+  'microsoft'
 ];
 
 class _IconOP extends StatelessWidget {
@@ -224,21 +225,59 @@ class _WidgetOPState extends State<WidgetOP> {
           return Offstage(
             offstage:
                 _failedMsg.isEmpty && widget.curOP.value != widget.config.op,
-            child: RichText(
-              text: TextSpan(
-                text: '$_stateMsg  ',
-                style:
-                    DefaultTextStyle.of(context).style.copyWith(fontSize: 12),
-                children: <TextSpan>[
-                  TextSpan(
-                    text: _failedMsg,
-                    style: DefaultTextStyle.of(context).style.copyWith(
-                          fontSize: 14,
-                          color: Colors.red,
-                        ),
+            child: Column(
+              crossAxisAlignment: CrossAxisAlignment.center,
+              children: [
+                if (_stateMsg.isNotEmpty && _failedMsg.isEmpty)
+                  Padding(
+                    padding: const EdgeInsets.only(top: 8.0),
+                    child: SelectableText(
+                      translate(_stateMsg),
+                      style: DefaultTextStyle.of(context)
+                          .style
+                          .copyWith(fontSize: 12),
+                    ),
                   ),
-                ],
-              ),
+                if (_failedMsg.isNotEmpty)
+                  Padding(
+                    padding: const EdgeInsets.only(top: 8.0),
+                    child: Builder(builder: (context) {
+                      final errorColor =
+                          Theme.of(context).colorScheme.error;
+                      final bgColor = Theme.of(context)
+                          .colorScheme
+                          .errorContainer
+                          .withOpacity(0.3);
+                      return Container(
+                        padding: const EdgeInsets.symmetric(
+                            horizontal: 8.0, vertical: 6.0),
+                        decoration: BoxDecoration(
+                          color: bgColor,
+                          borderRadius: BorderRadius.circular(4.0),
+                        ),
+                        child: Row(
+                          mainAxisSize: MainAxisSize.min,
+                          children: [
+                            Icon(Icons.error_outline,
+                                color: errorColor, size: 16),
+                            const SizedBox(width: 6),
+                            Flexible(
+                              child: SelectableText(
+                                translate(_failedMsg),
+                                style: DefaultTextStyle.of(context)
+                                    .style
+                                    .copyWith(
+                                      fontSize: 13,
+                                      color: errorColor,
+                                    ),
+                              ),
+                            ),
+                          ],
+                        ),
+                      );
+                    }),
+                  ),
+              ],
             ),
           );
         }),

flutter/lib/common/widgets/remote_input.dart

@@ -31,7 +31,7 @@ class RawKeyFocusScope extends StatelessWidget {
     // https://github.com/flutter/flutter/issues/154053
     final useRawKeyEvents = isLinux && !isWeb;
     // FIXME: On Windows, `AltGr` will generate `Alt` and `Control` key events,
-    // while `Alt` and `Control` are seperated key events for en-US input method.
+    // while `Alt` and `Control` are separated key events for en-US input method.
     return FocusScope(
         autofocus: true,
         child: Focus(
@@ -532,7 +532,9 @@ class _RawTouchGestureDetectorRegionState
       // Official
       TapGestureRecognizer:
           GestureRecognizerFactoryWithHandlers<TapGestureRecognizer>(
-              () => TapGestureRecognizer(), (instance) {
+              () => TapGestureRecognizer(
+                    supportedDevices: kTouchBasedDeviceKinds,
+                  ), (instance) {
         instance
           ..onTapDown = onTapDown
           ..onTapUp = onTapUp
@@ -540,14 +542,18 @@ class _RawTouchGestureDetectorRegionState
       }),
       DoubleTapGestureRecognizer:
           GestureRecognizerFactoryWithHandlers<DoubleTapGestureRecognizer>(
-              () => DoubleTapGestureRecognizer(), (instance) {
+              () => DoubleTapGestureRecognizer(
+                    supportedDevices: kTouchBasedDeviceKinds,
+                  ), (instance) {
         instance
           ..onDoubleTapDown = onDoubleTapDown
           ..onDoubleTap = onDoubleTap;
       }),
       LongPressGestureRecognizer:
           GestureRecognizerFactoryWithHandlers<LongPressGestureRecognizer>(
-              () => LongPressGestureRecognizer(), (instance) {
+              () => LongPressGestureRecognizer(
+                    supportedDevices: kTouchBasedDeviceKinds,
+                  ), (instance) {
         instance
           ..onLongPressDown = onLongPressDown
           ..onLongPressUp = onLongPressUp
@@ -557,7 +563,9 @@ class _RawTouchGestureDetectorRegionState
       // Customized
       HoldTapMoveGestureRecognizer:
           GestureRecognizerFactoryWithHandlers<HoldTapMoveGestureRecognizer>(
-              () => HoldTapMoveGestureRecognizer(),
+              () => HoldTapMoveGestureRecognizer(
+                    supportedDevices: kTouchBasedDeviceKinds,
+                  ),
               (instance) => instance
                 ..onHoldDragStart = onHoldDragStart
                 ..onHoldDragUpdate = onHoldDragUpdate
@@ -565,14 +573,18 @@ class _RawTouchGestureDetectorRegionState
                 ..onHoldDragEnd = onHoldDragEnd),
       DoubleFinerTapGestureRecognizer:
           GestureRecognizerFactoryWithHandlers<DoubleFinerTapGestureRecognizer>(
-              () => DoubleFinerTapGestureRecognizer(), (instance) {
+              () => DoubleFinerTapGestureRecognizer(
+                    supportedDevices: kTouchBasedDeviceKinds,
+                  ), (instance) {
         instance
           ..onDoubleFinerTap = onDoubleFinerTap
           ..onDoubleFinerTapDown = onDoubleFinerTapDown;
       }),
       CustomTouchGestureRecognizer:
           GestureRecognizerFactoryWithHandlers<CustomTouchGestureRecognizer>(
-              () => CustomTouchGestureRecognizer(), (instance) {
+              () => CustomTouchGestureRecognizer(
+                    supportedDevices: kTouchBasedDeviceKinds,
+                  ), (instance) {
         instance.onOneFingerPanStart =
             (DragStartDetails d) => onOneFingerPanStart(context, d);
         instance

flutter/lib/common/widgets/toolbar.dart

@@ -16,6 +16,12 @@ import 'package:get/get.dart';
 
 bool isEditOsPassword = false;
 
+// macOS privacy mode blacks out all online displays, so switching the remote
+// display does not weaken the local privacy protection.
+bool allowDisplaySwitchInPrivacyMode(PeerInfo pi) {
+  return pi.platform == kPeerPlatformMacOS;
+}
+
 class TTextMenu {
   final Widget child;
   final VoidCallback? onPressed;
@@ -275,7 +281,6 @@ List<TTextMenu> toolbarControls(BuildContext context, String id, FFI ffi) {
       isDesktop &&
       ffiModel.keyboard &&
       pi.platform != kPeerPlatformAndroid &&
-      pi.platform != kPeerPlatformMacOS &&
       versionCmp(pi.version, '1.2.0') >= 0 &&
       bind.peerGetSessionsCount(id: id, connType: ffi.connType.index) == 1) {
     v.add(TTextMenu(
@@ -685,8 +690,9 @@ Future<List<TToggleMenu>> toolbarDisplayToggle(
         child: Text(translate('Lock after session end'))));
   }
 
+  final privacyModeState = PrivacyModeState.find(id);
   if (pi.isSupportMultiDisplay &&
-      PrivacyModeState.find(id).isEmpty &&
+      (privacyModeState.isEmpty || allowDisplaySwitchInPrivacyMode(pi)) &&
       pi.displaysCount.value > 1 &&
       bind.mainGetUserDefaultOption(key: kKeyShowMonitorsToolbar) == 'Y') {
     final value =
@@ -760,15 +766,25 @@ List<TToggleMenu> toolbarPrivacyMode(
   final ffiModel = ffi.ffiModel;
   final pi = ffiModel.pi;
   final sessionId = ffi.sessionId;
+  final hasPrivacyModePermission = ffiModel.permissions['privacy_mode'] != false;
+
+  // Backend revocation already attempts to turn privacy mode off.
+  // Still keep this menu when privacy mode is active, so users can turn it off
+  // if there is a sync delay, version mismatch, or off attempt failure.
+  if (!hasPrivacyModePermission && privacyModeState.isEmpty) {
+    return []; // No permission and not active, hide options.
+  }
 
   getDefaultMenu(Future<void> Function(SessionID sid, String opt) toggleFunc) {
-    final enabled = !ffi.ffiModel.viewOnly;
+    final enabled =
+        !ffiModel.viewOnly && (hasPrivacyModePermission || privacyModeState.isNotEmpty);
     return TToggleMenu(
         value: privacyModeState.isNotEmpty,
         onChanged: enabled
             ? (value) {
                 if (value == null) return;
-                if (ffiModel.pi.currentDisplay != 0 &&
+                if (!allowDisplaySwitchInPrivacyMode(pi) &&
+                    ffiModel.pi.currentDisplay != 0 &&
                     ffiModel.pi.currentDisplay != kAllDisplayValue) {
                   msgBox(
                       sessionId,
@@ -811,18 +827,29 @@ List<TToggleMenu> toolbarPrivacyMode(
       })
     ];
   } else {
-    return privacyModeImpls.map((e) {
+    final visibleImpls = hasPrivacyModePermission
+        ? privacyModeImpls
+        : privacyModeImpls.where((e) {
+            final implKey = (e as List<dynamic>)[0] as String;
+            return privacyModeState.value == implKey;
+          }).toList();
+    return visibleImpls.map((e) {
       final implKey = (e as List<dynamic>)[0] as String;
       final implName = (e)[1] as String;
+      final enabled = !ffiModel.viewOnly &&
+          (hasPrivacyModePermission || privacyModeState.value == implKey);
       return TToggleMenu(
           child: Text(translate(implName)),
           value: privacyModeState.value == implKey,
-          onChanged: (value) {
-            if (value == null) return;
-            togglePrivacyModeTime = DateTime.now();
-            bind.sessionTogglePrivacyMode(
-                sessionId: sessionId, implKey: implKey, on: value);
-          });
+          onChanged: enabled
+              ? (value) {
+                  if (value == null) return;
+                  if (value && !hasPrivacyModePermission) return;
+                  togglePrivacyModeTime = DateTime.now();
+                  bind.sessionTogglePrivacyMode(
+                      sessionId: sessionId, implKey: implKey, on: value);
+                }
+              : null);
     }).toList();
   }
 }

flutter/lib/consts.dart

@@ -114,6 +114,9 @@ const String kOptionTerminalPersistent = "terminal-persistent";
 const String kOptionEnableTunnel = "enable-tunnel";
 const String kOptionEnableRemoteRestart = "enable-remote-restart";
 const String kOptionEnableBlockInput = "enable-block-input";
+const String kOptionEnablePrivacyMode = "enable-privacy-mode";
+const String kOptionEnablePermChangeInAcceptWindow =
+    "enable-perm-change-in-accept-window";
 const String kOptionAllowRemoteConfigModification =
     "allow-remote-config-modification";
 const String kOptionVerificationMethod = "verification-method";
@@ -187,6 +190,9 @@ const String kOptionDisableChangeId = "disable-change-id";
 const String kOptionDisableUnlockPin = "disable-unlock-pin";
 const kHideUsernameOnCard = "hide-username-on-card";
 const String kOptionHideHelpCards = "hide-help-cards";
+const String kOptionAllowDeepLinkPassword = "allow-deep-link-password";
+const String kOptionAllowDeepLinkServerSettings =
+    "allow-deep-link-server-settings";
 
 const String kOptionToggleViewOnly = "view-only";
 const String kOptionToggleShowMyCursor = "show-my-cursor";

flutter/lib/desktop/pages/desktop_home_page.dart

@@ -908,12 +908,17 @@ class _DesktopHomePageState extends State<DesktopHomePage>
 }
 
 void setPasswordDialog({VoidCallback? notEmptyCallback}) async {
-  final pw = await bind.mainGetPermanentPassword();
-  final p0 = TextEditingController(text: pw);
-  final p1 = TextEditingController(text: pw);
+  final p0 = TextEditingController(text: "");
+  final p1 = TextEditingController(text: "");
   var errMsg0 = "";
   var errMsg1 = "";
-  final RxString rxPass = pw.trim().obs;
+  final localPasswordSet =
+      (await bind.mainGetCommon(key: "local-permanent-password-set")) == "true";
+  final permanentPasswordSet =
+      (await bind.mainGetCommon(key: "permanent-password-set")) == "true";
+  final presetPassword = permanentPasswordSet && !localPasswordSet;
+  var canSubmit = false;
+  final RxString rxPass = "".obs;
   final rules = [
     DigitValidationRule(),
     UppercaseValidationRule(),
@@ -922,9 +927,21 @@ void setPasswordDialog({VoidCallback? notEmptyCallback}) async {
     MinCharactersValidationRule(8),
   ];
   final maxLength = bind.mainMaxEncryptLen();
+  final statusTip = localPasswordSet
+      ? translate('password-hidden-tip')
+      : (presetPassword ? translate('preset-password-in-use-tip') : '');
+  final showStatusTipOnMobile =
+      statusTip.isNotEmpty && !isDesktop && !isWebDesktop;
 
   gFFI.dialogManager.show((setState, close, context) {
-    submit() {
+    updateCanSubmit() {
+      canSubmit = p0.text.trim().isNotEmpty || p1.text.trim().isNotEmpty;
+    }
+
+    submit() async {
+      if (!canSubmit) {
+        return;
+      }
       setState(() {
         errMsg0 = "";
         errMsg1 = "";
@@ -947,7 +964,13 @@ void setPasswordDialog({VoidCallback? notEmptyCallback}) async {
         });
         return;
       }
-      bind.mainSetPermanentPassword(password: pass);
+      final ok = await bind.mainSetPermanentPasswordWithResult(password: pass);
+      if (!ok) {
+        setState(() {
+          errMsg0 = '${translate('Prompt')}: ${translate("Failed")}';
+        });
+        return;
+      }
       if (pass.isNotEmpty) {
         notEmptyCallback?.call();
       }
@@ -955,14 +978,20 @@ void setPasswordDialog({VoidCallback? notEmptyCallback}) async {
     }
 
     return CustomAlertDialog(
-      title: Text(translate("Set Password")),
+      title: Row(
+        mainAxisAlignment: MainAxisAlignment.center,
+        children: [
+          Icon(Icons.key, color: MyTheme.accent),
+          Text(translate("Set Password")).paddingOnly(left: 10),
+        ],
+      ),
       content: ConstrainedBox(
         constraints: const BoxConstraints(minWidth: 500),
         child: Column(
           crossAxisAlignment: CrossAxisAlignment.start,
           children: [
-            const SizedBox(
-              height: 8.0,
+            SizedBox(
+              height: showStatusTipOnMobile ? 0.0 : 6.0,
             ),
             Row(
               children: [
@@ -978,6 +1007,7 @@ void setPasswordDialog({VoidCallback? notEmptyCallback}) async {
                       rxPass.value = value.trim();
                       setState(() {
                         errMsg0 = '';
+                        updateCanSubmit();
                       });
                     },
                     maxLength: maxLength,
@@ -989,9 +1019,9 @@ void setPasswordDialog({VoidCallback? notEmptyCallback}) async {
               children: [
                 Expanded(child: PasswordStrengthIndicator(password: rxPass)),
               ],
-            ).marginSymmetric(vertical: 8),
-            const SizedBox(
-              height: 8.0,
+            ).marginOnly(top: 2, bottom: showStatusTipOnMobile ? 2 : 8),
+            SizedBox(
+              height: showStatusTipOnMobile ? 0.0 : 8.0,
             ),
             Row(
               children: [
@@ -1005,6 +1035,7 @@ void setPasswordDialog({VoidCallback? notEmptyCallback}) async {
                     onChanged: (value) {
                       setState(() {
                         errMsg1 = '';
+                        updateCanSubmit();
                       });
                     },
                     maxLength: maxLength,
@@ -1012,11 +1043,23 @@ void setPasswordDialog({VoidCallback? notEmptyCallback}) async {
                 ),
               ],
             ),
-            const SizedBox(
-              height: 8.0,
+            if (statusTip.isNotEmpty)
+              Row(
+                children: [
+                  Icon(Icons.info, color: Colors.amber, size: 18)
+                      .marginOnly(right: 6),
+                  Expanded(
+                      child: Text(
+                    statusTip,
+                    style: const TextStyle(fontSize: 13, height: 1.1),
+                  ))
+                ],
+              ).marginOnly(top: 6, bottom: 2),
+            SizedBox(
+              height: showStatusTipOnMobile ? 0.0 : 8.0,
             ),
             Obx(() => Wrap(
-                  runSpacing: 8,
+                  runSpacing: showStatusTipOnMobile ? 2.0 : 8.0,
                   spacing: 4,
                   children: rules.map((e) {
                     var checked = e.validate(rxPass.value.trim());
@@ -1036,11 +1079,67 @@ void setPasswordDialog({VoidCallback? notEmptyCallback}) async {
           ],
         ),
       ),
-      actions: [
-        dialogButton("Cancel", onPressed: close, isOutline: true),
-        dialogButton("OK", onPressed: submit),
-      ],
-      onSubmit: submit,
+      actions: (() {
+        final cancelButton = dialogButton(
+          "Cancel",
+          icon: Icon(Icons.close_rounded),
+          onPressed: close,
+          isOutline: true,
+        );
+        final removeButton = dialogButton(
+          "Remove",
+          icon: Icon(Icons.delete_outline_rounded),
+          onPressed: () async {
+            setState(() {
+              errMsg0 = "";
+              errMsg1 = "";
+            });
+            final ok =
+                await bind.mainSetPermanentPasswordWithResult(password: "");
+            if (!ok) {
+              setState(() {
+                errMsg0 = '${translate('Prompt')}: ${translate("Failed")}';
+              });
+              return;
+            }
+            close();
+          },
+          buttonStyle: ButtonStyle(
+              backgroundColor: MaterialStatePropertyAll(Colors.red)),
+        );
+        final okButton = dialogButton(
+          "OK",
+          icon: Icon(Icons.done_rounded),
+          onPressed: canSubmit ? submit : null,
+        );
+        if (!isDesktop && !isWebDesktop && localPasswordSet) {
+          return [
+            Align(
+              alignment: Alignment.centerRight,
+              child: FittedBox(
+                fit: BoxFit.scaleDown,
+                alignment: Alignment.centerRight,
+                child: Row(
+                  mainAxisSize: MainAxisSize.min,
+                  children: [
+                    cancelButton,
+                    const SizedBox(width: 4),
+                    removeButton,
+                    const SizedBox(width: 4),
+                    okButton,
+                  ],
+                ),
+              ),
+            ),
+          ];
+        }
+        return [
+          cancelButton,
+          if (localPasswordSet) removeButton,
+          okButton,
+        ];
+      })(),
+      onSubmit: canSubmit ? submit : null,
       onCancel: close,
     );
   });

flutter/lib/desktop/pages/desktop_setting_page.dart

@@ -1062,6 +1062,10 @@ class _SafetyState extends State<_Safety> with AutomaticKeepAliveClientMixin {
               _OptionCheckBox(context, 'Enable blocking user input',
                   kOptionEnableBlockInput,
                   enabled: enabled, fakeValue: fakeValue),
+            if (bind.mainSupportedPrivacyModeImpls() != '[]')
+              _OptionCheckBox(
+                  context, 'Enable privacy mode', kOptionEnablePrivacyMode,
+                  enabled: enabled, fakeValue: fakeValue),
             _OptionCheckBox(context, 'Enable remote configuration modification',
                 kOptionAllowRemoteConfigModification,
                 enabled: enabled, fakeValue: fakeValue),
@@ -1109,8 +1113,9 @@ class _SafetyState extends State<_Safety> with AutomaticKeepAliveClientMixin {
                             if (value ==
                                     passwordValues[passwordKeys
                                         .indexOf(kUsePermanentPassword)] &&
-                                (await bind.mainGetPermanentPassword())
-                                    .isEmpty) {
+                                (await bind.mainGetCommon(
+                                        key: "permanent-password-set")) !=
+                                    "true") {
                               if (isChangePermanentPasswordDisabled()) {
                                 await callback();
                                 return;

flutter/lib/desktop/pages/server_page.dart

@@ -610,19 +610,24 @@ class _PrivilegeBoard extends StatefulWidget {
 class _PrivilegeBoardState extends State<_PrivilegeBoard> {
   late final client = widget.client;
   Widget buildPermissionIcon(bool enabled, IconData iconData,
-      Function(bool)? onTap, String tooltipText) {
+      Function(bool)? onTap, String tooltipText,
+      {required bool canModify}) {
     return Tooltip(
       message: "$tooltipText: ${enabled ? "ON" : "OFF"}",
       waitDuration: Duration.zero,
       child: Container(
         decoration: BoxDecoration(
-          color: enabled ? MyTheme.accent : Colors.grey[700],
+          color: enabled
+              ? (canModify ? MyTheme.accent : MyTheme.accent.withOpacity(0.6))
+              : Colors.grey[700],
           borderRadius: BorderRadius.circular(10.0),
         ),
         padding: EdgeInsets.all(8.0),
         child: InkWell(
-          onTap: () =>
-              checkClickTime(widget.client.id, () => onTap?.call(!enabled)),
+          onTap: canModify
+              ? () =>
+                  checkClickTime(widget.client.id, () => onTap?.call(!enabled))
+              : null,
           child: Column(
             mainAxisAlignment: MainAxisAlignment.spaceAround,
             children: [
@@ -643,6 +648,9 @@ class _PrivilegeBoardState extends State<_PrivilegeBoard> {
   Widget build(BuildContext context) {
     final crossAxisCount = 4;
     final spacing = 10.0;
+    final canModifyPermission =
+        bind.mainGetBuildinOption(key: kOptionEnablePermChangeInAcceptWindow) !=
+            'N';
     return Container(
       width: double.infinity,
       height: 160.0,
@@ -689,6 +697,7 @@ class _PrivilegeBoardState extends State<_PrivilegeBoard> {
                           });
                         },
                         translate('Enable audio'),
+                        canModify: canModifyPermission,
                       ),
                       buildPermissionIcon(
                         client.recording,
@@ -703,6 +712,7 @@ class _PrivilegeBoardState extends State<_PrivilegeBoard> {
                           });
                         },
                         translate('Enable recording session'),
+                        canModify: canModifyPermission,
                       ),
                     ]
                   : [
@@ -719,6 +729,7 @@ class _PrivilegeBoardState extends State<_PrivilegeBoard> {
                           });
                         },
                         translate('Enable keyboard/mouse'),
+                        canModify: canModifyPermission,
                       ),
                       buildPermissionIcon(
                         client.clipboard,
@@ -733,6 +744,7 @@ class _PrivilegeBoardState extends State<_PrivilegeBoard> {
                           });
                         },
                         translate('Enable clipboard'),
+                        canModify: canModifyPermission,
                       ),
                       buildPermissionIcon(
                         client.audio,
@@ -747,6 +759,7 @@ class _PrivilegeBoardState extends State<_PrivilegeBoard> {
                           });
                         },
                         translate('Enable audio'),
+                        canModify: canModifyPermission,
                       ),
                       buildPermissionIcon(
                         client.file,
@@ -761,6 +774,7 @@ class _PrivilegeBoardState extends State<_PrivilegeBoard> {
                           });
                         },
                         translate('Enable file copy and paste'),
+                        canModify: canModifyPermission,
                       ),
                       buildPermissionIcon(
                         client.restart,
@@ -775,6 +789,7 @@ class _PrivilegeBoardState extends State<_PrivilegeBoard> {
                           });
                         },
                         translate('Enable remote restart'),
+                        canModify: canModifyPermission,
                       ),
                       buildPermissionIcon(
                         client.recording,
@@ -789,6 +804,7 @@ class _PrivilegeBoardState extends State<_PrivilegeBoard> {
                           });
                         },
                         translate('Enable recording session'),
+                        canModify: canModifyPermission,
                       ),
                       // only windows support block input
                       if (isWindows)
@@ -805,6 +821,23 @@ class _PrivilegeBoardState extends State<_PrivilegeBoard> {
                             });
                           },
                           translate('Enable blocking user input'),
+                          canModify: canModifyPermission,
+                        ),
+                      if (bind.mainSupportedPrivacyModeImpls() != '[]')
+                        buildPermissionIcon(
+                          client.privacyMode,
+                          Icons.visibility_off,
+                          (enabled) {
+                            bind.cmSwitchPermission(
+                                connId: client.id,
+                                name: "privacy_mode",
+                                enabled: enabled);
+                            setState(() {
+                              client.privacyMode = enabled;
+                            });
+                          },
+                          translate('Enable privacy mode'),
+                          canModify: canModifyPermission,
                         )
                     ],
             ),

flutter/lib/desktop/pages/terminal_page.dart

@@ -27,6 +27,7 @@ class TerminalPage extends StatefulWidget {
   final bool? isSharedPassword;
   final String? connToken;
   final int terminalId;
+
   /// Tab key for focus management, passed from parent to avoid duplicate construction
   final String tabKey;
   final SimpleWrapper<State<TerminalPage>?> _lastState = SimpleWrapper(null);
@@ -43,6 +44,9 @@ class TerminalPage extends StatefulWidget {
 
 class _TerminalPageState extends State<TerminalPage>
     with AutomaticKeepAliveClientMixin {
+  static const EdgeInsets _defaultTerminalPadding =
+      EdgeInsets.symmetric(horizontal: 5.0, vertical: 2.0);
+
   late FFI _ffi;
   late TerminalModel _terminalModel;
   double? _cellHeight;
@@ -155,13 +159,27 @@ class _TerminalPageState extends State<TerminalPage>
   // extra space left after dividing the available height by the height of a single
   // terminal row (`_cellHeight`) and distributing it evenly as top and bottom padding.
   EdgeInsets _calculatePadding(double heightPx) {
-    if (_cellHeight == null) {
-      return const EdgeInsets.symmetric(horizontal: 5.0, vertical: 2.0);
+    final cellHeight = _cellHeight;
+    if (!heightPx.isFinite ||
+        heightPx <= 0 ||
+        cellHeight == null ||
+        !cellHeight.isFinite ||
+        cellHeight <= 0) {
+      return _defaultTerminalPadding;
+    }
+    final rows = (heightPx / cellHeight).floor();
+    if (rows <= 0) {
+      return _defaultTerminalPadding;
+    }
+    final extraSpace = heightPx - rows * cellHeight;
+    if (!extraSpace.isFinite || extraSpace < 0) {
+      return _defaultTerminalPadding;
     }
-    final rows = (heightPx / _cellHeight!).floor();
-    final extraSpace = heightPx - rows * _cellHeight!;
     final topBottom = extraSpace / 2.0;
-    return EdgeInsets.symmetric(horizontal: 5.0, vertical: topBottom);
+    return EdgeInsets.symmetric(
+      horizontal: _defaultTerminalPadding.horizontal / 2,
+      vertical: topBottom,
+    );
   }
 
   @override

flutter/lib/desktop/pages/terminal_tab_page.dart

@@ -46,6 +46,7 @@ class _TerminalTabPageState extends State<TerminalTabPage> {
           .setTitle(getWindowNameWithId(id));
     };
     tabController.onRemoved = (_, id) => onRemoveId(id);
+    tabController.onCloseWindow = _closeWindowFromConnection;
     final terminalId = params['terminalId'] ?? _nextTerminalId++;
     tabController.add(_createTerminalTab(
       peerId: params['id'],
@@ -144,6 +145,8 @@ class _TerminalTabPageState extends State<TerminalTabPage> {
     _windowClosing = true;
     final tabKeys = tabController.state.value.tabs.map((t) => t.key).toList();
     // Remove all UI tabs immediately (same instant behavior as the old tabController.clear())
+    // Keep the cleanup target lookup below synchronous before its first await:
+    // it relies on the current frame still retaining each TerminalPage's FFI/model.
     tabController.clear();
     // Run session cleanup in parallel with bounded timeout (closeTerminal() has internal 3s timeout).
     // Skip tabs already being closed by a concurrent _closeTab() to avoid duplicate FFI calls.
@@ -368,8 +371,34 @@ class _TerminalTabPageState extends State<TerminalTabPage> {
     final persistentSessions =
         args['persistent_sessions'] as List<dynamic>? ?? [];
     final sortedSessions = persistentSessions.whereType<int>().toList()..sort();
+    var peerId = args['peer_id'] as String? ?? '';
+    if (peerId.isEmpty) {
+      if (tabController.state.value.tabs.isEmpty ||
+          tabController.state.value.selected >=
+              tabController.state.value.tabs.length) {
+        debugPrint('[TerminalTabPage] Skip restore: no selected tab');
+        return;
+      }
+      final currentTab = tabController.state.value.selectedTabInfo;
+      final parsed = _parseTabKey(currentTab.key);
+      if (parsed == null) return;
+      peerId = parsed.$1;
+    }
+    final existingTerminalIds = tabController.state.value.tabs
+        .map((tab) => _parseTabKey(tab.key))
+        .where((parsed) => parsed != null && parsed.$1 == peerId)
+        .map((parsed) => parsed!.$2)
+        .toSet();
+    if (existingTerminalIds.isEmpty) {
+      debugPrint(
+          '[TerminalTabPage] Skip restore: no seed tab for peer $peerId');
+      return;
+    }
     for (final terminalId in sortedSessions) {
-      _addNewTerminalForCurrentPeer(terminalId: terminalId);
+      if (!existingTerminalIds.add(terminalId)) {
+        continue;
+      }
+      _addNewTerminal(peerId, terminalId: terminalId);
       // A delay is required to ensure the UI has sufficient time to update
       // before adding the next terminal. Without this delay, `_TerminalPageState::dispose()`
       // may be called prematurely while the tab widget is still in the tab controller.
@@ -546,6 +575,11 @@ class _TerminalTabPageState extends State<TerminalTabPage> {
     }
   }
 
+  Future<void> _closeWindowFromConnection() async {
+    await _closeAllTabs();
+    await WindowController.fromWindowId(windowId()).close();
+  }
+
   int windowId() {
     return widget.params["windowId"];
   }

flutter/lib/desktop/widgets/remote_toolbar.dart

@@ -376,7 +376,8 @@ class _RemoteToolbarState extends State<RemoteToolbar> {
     }
 
     toolbarItems.add(Obx(() {
-      if (PrivacyModeState.find(widget.id).isEmpty &&
+      if ((PrivacyModeState.find(widget.id).isEmpty ||
+              allowDisplaySwitchInPrivacyMode(pi)) &&
           pi.displaysCount.value > 1) {
         return _MonitorMenu(
             id: widget.id,
@@ -996,10 +997,10 @@ class _DisplayMenuState extends State<_DisplayMenu> {
         toggles(),
       ];
       // privacy mode
+      final privacyModeState = PrivacyModeState.find(id);
       if (ffi.connType == ConnType.defaultConn &&
-          ffiModel.keyboard &&
-          pi.features.privacyMode) {
-        final privacyModeState = PrivacyModeState.find(id);
+          (pi.features.privacyMode || privacyModeState.isNotEmpty) &&
+          (ffiModel.keyboard || privacyModeState.isNotEmpty)) {
         final privacyModeList =
             toolbarPrivacyMode(privacyModeState, context, id, ffi);
         if (privacyModeList.length == 1) {

flutter/lib/desktop/widgets/tabbar_widget.dart

@@ -99,6 +99,7 @@ class DesktopTabController {
   /// index, key
   Function(int, String)? onRemoved;
   Function(String)? onSelected;
+  Future<void> Function()? onCloseWindow;
 
   DesktopTabController(
       {required this.tabType, this.onRemoved, this.onSelected});
@@ -592,13 +593,13 @@ class _DesktopTabState extends State<DesktopTab>
   }
 
   Widget _buildBar() {
+    final isIncomingHomePage = bind.isIncomingOnly() && isInHomePage();
     return Row(
       children: [
         Expanded(
             child: GestureDetector(
                 // custom double tap handler
-                onTap: !(bind.isIncomingOnly() && isInHomePage()) &&
-                        showMaximize
+                onTap: !isIncomingHomePage && showMaximize
                     ? () {
                         final current = DateTime.now().millisecondsSinceEpoch;
                         final elapsed = current - _lastClickTime;
@@ -609,7 +610,7 @@ class _DesktopTabState extends State<DesktopTab>
                               .then((value) => stateGlobal.setMaximized(value));
                         }
                       }
-                    : null,
+                    : (isIncomingHomePage ? () {} : null), // Keep tap recognizer for Windows touch.
                 onPanStart: (_) => startDragging(isMainWindow),
                 onPanCancel: () {
                   // We want to disable dragging of the tab area in the tab bar.

flutter/lib/mobile/pages/remote_page.dart

@@ -426,12 +426,10 @@ class _RemotePageState extends State<RemotePage> with WidgetsBindingObserver {
                               }
                               return Container(
                                 color: MyTheme.canvasColor,
-                                child: inputModel.isPhysicalMouse.value
-                                    ? getBodyForMobile()
-                                    : RawTouchGestureDetectorRegion(
-                                        child: getBodyForMobile(),
-                                        ffi: gFFI,
-                                      ),
+                                child: RawTouchGestureDetectorRegion(
+                                  child: getBodyForMobile(),
+                                  ffi: gFFI,
+                                ),
                               );
                             }),
                           ),
@@ -1185,7 +1183,8 @@ void showOptions(
   List<TToggleMenu> privacyModeList = [];
   // privacy mode
   final privacyModeState = PrivacyModeState.find(id);
-  if (gFFI.ffiModel.keyboard && gFFI.ffiModel.pi.features.privacyMode) {
+  if ((gFFI.ffiModel.pi.features.privacyMode && gFFI.ffiModel.keyboard) ||
+      privacyModeState.isNotEmpty) {
     privacyModeList = toolbarPrivacyMode(privacyModeState, context, id, gFFI);
     if (privacyModeList.length == 1) {
       displayToggles.add(privacyModeList[0]);

flutter/lib/mobile/pages/server_page.dart

@@ -150,7 +150,8 @@ class _DropDownAction extends StatelessWidget {
             }
 
             if (value == kUsePermanentPassword &&
-                (await bind.mainGetPermanentPassword()).isEmpty) {
+                (await bind.mainGetCommon(key: "permanent-password-set")) !=
+                    "true") {
               if (isChangePermanentPasswordDisabled()) {
                 callback();
                 return;
@@ -582,9 +583,16 @@ class _PermissionCheckerState extends State<PermissionChecker> {
   Widget build(BuildContext context) {
     final serverModel = Provider.of<ServerModel>(context);
     final hasAudioPermission = androidVersion >= 30;
-    final hideStopService =
-        isAndroid &&
-            bind.mainGetBuildinOption(key: kOptionHideStopService) == 'Y';
+    final hideStopService = isAndroid &&
+        bind.mainGetBuildinOption(key: kOptionHideStopService) == 'Y';
+    final allowPermChangeInAcceptWindow = option2bool(
+        kOptionEnablePermChangeInAcceptWindow,
+        bind.mainGetBuildinOption(
+          key: kOptionEnablePermChangeInAcceptWindow,
+        ));
+    final permissionChangeLocked = isAndroid &&
+        serverModel.clients.any((c) => !c.disconnected) &&
+        !allowPermChangeInAcceptWindow;
     return PaddingCard(
         title: translate("Permissions"),
         child: Column(crossAxisAlignment: CrossAxisAlignment.start, children: [
@@ -607,13 +615,21 @@ class _PermissionCheckerState extends State<PermissionChecker> {
                         bind.mainGetLocalOption(key: "show-scam-warning") != "N"
                     ? () => showScamWarning(context, serverModel)
                     : serverModel.toggleService),
-          PermissionRow(translate("Input Control"), serverModel.inputOk,
-              serverModel.toggleInput),
-          PermissionRow(translate("Transfer file"), serverModel.fileOk,
-              serverModel.toggleFile),
+          PermissionRow(
+            translate("Input Control"),
+            serverModel.inputOk,
+            serverModel.toggleInput,
+          ),
+          PermissionRow(
+            translate("Transfer file"),
+            serverModel.fileOk,
+            serverModel.toggleFile,
+            enabled: !permissionChangeLocked,
+          ),
           hasAudioPermission
               ? PermissionRow(translate("Audio Capture"), serverModel.audioOk,
-                  serverModel.toggleAudio)
+                  serverModel.toggleAudio,
+                  enabled: !permissionChangeLocked)
               : Row(children: [
                   Icon(Icons.info_outline).marginOnly(right: 15),
                   Expanded(
@@ -622,19 +638,25 @@ class _PermissionCheckerState extends State<PermissionChecker> {
                     style: const TextStyle(color: MyTheme.darkGray),
                   ))
                 ]),
-          PermissionRow(translate("Enable clipboard"), serverModel.clipboardOk,
-              serverModel.toggleClipboard),
+          PermissionRow(
+            translate("Enable clipboard"),
+            serverModel.clipboardOk,
+            serverModel.toggleClipboard,
+            enabled: !permissionChangeLocked,
+          ),
         ]));
   }
 }
 
 class PermissionRow extends StatelessWidget {
-  const PermissionRow(this.name, this.isOk, this.onPressed, {Key? key})
+  const PermissionRow(this.name, this.isOk, this.onPressed,
+      {Key? key, this.enabled = true})
       : super(key: key);
 
   final String name;
   final bool isOk;
   final VoidCallback onPressed;
+  final bool enabled;
 
   @override
   Widget build(BuildContext context) {
@@ -643,9 +665,11 @@ class PermissionRow extends StatelessWidget {
         contentPadding: EdgeInsets.all(0),
         title: Text(name),
         value: isOk,
-        onChanged: (bool value) {
-          onPressed();
-        });
+        onChanged: enabled
+            ? (bool value) {
+                onPressed();
+              }
+            : null);
   }
 }
 

flutter/lib/mobile/pages/view_camera_page.dart

@@ -259,13 +259,11 @@ class _ViewCameraPageState extends State<ViewCameraPage>
                         }
                         return Container(
                           color: MyTheme.canvasColor,
-                          child: inputModel.isPhysicalMouse.value
-                              ? getBodyForMobile()
-                              : RawTouchGestureDetectorRegion(
-                                  child: getBodyForMobile(),
-                                  ffi: gFFI,
-                                  isCamera: true,
-                                ),
+                          child: RawTouchGestureDetectorRegion(
+                            child: getBodyForMobile(),
+                            ffi: gFFI,
+                            isCamera: true,
+                          ),
                         );
                       }),
                     ),

flutter/lib/mobile/widgets/dialog.dart

@@ -12,100 +12,6 @@ void _showSuccess() {
   showToast(translate("Successful"));
 }
 
-void _showError() {
-  showToast(translate("Error"));
-}
-
-void setPermanentPasswordDialog(OverlayDialogManager dialogManager) async {
-  final pw = await bind.mainGetPermanentPassword();
-  final p0 = TextEditingController(text: pw);
-  final p1 = TextEditingController(text: pw);
-  var validateLength = false;
-  var validateSame = false;
-  dialogManager.show((setState, close, context) {
-    submit() async {
-      close();
-      dialogManager.showLoading(translate("Waiting"));
-      if (await gFFI.serverModel.setPermanentPassword(p0.text)) {
-        dialogManager.dismissAll();
-        _showSuccess();
-      } else {
-        dialogManager.dismissAll();
-        _showError();
-      }
-    }
-
-    return CustomAlertDialog(
-      title: Column(
-        mainAxisAlignment: MainAxisAlignment.center,
-        children: [
-          Icon(Icons.password_rounded, color: MyTheme.accent),
-          Text(translate('Set your own password')).paddingOnly(left: 10),
-        ],
-      ),
-      content: Form(
-          autovalidateMode: AutovalidateMode.onUserInteraction,
-          child: Column(mainAxisSize: MainAxisSize.min, children: [
-            TextFormField(
-              autofocus: true,
-              obscureText: true,
-              keyboardType: TextInputType.visiblePassword,
-              decoration: InputDecoration(
-                labelText: translate('Password'),
-              ),
-              controller: p0,
-              validator: (v) {
-                if (v == null) return null;
-                final val = v.trim().length > 5;
-                if (validateLength != val) {
-                  // use delay to make setState success
-                  Future.delayed(Duration(microseconds: 1),
-                      () => setState(() => validateLength = val));
-                }
-                return val
-                    ? null
-                    : translate('Too short, at least 6 characters.');
-              },
-            ).workaroundFreezeLinuxMint(),
-            TextFormField(
-              obscureText: true,
-              keyboardType: TextInputType.visiblePassword,
-              decoration: InputDecoration(
-                labelText: translate('Confirmation'),
-              ),
-              controller: p1,
-              validator: (v) {
-                if (v == null) return null;
-                final val = p0.text == v;
-                if (validateSame != val) {
-                  Future.delayed(Duration(microseconds: 1),
-                      () => setState(() => validateSame = val));
-                }
-                return val
-                    ? null
-                    : translate('The confirmation is not identical.');
-              },
-            ).workaroundFreezeLinuxMint(),
-          ])),
-      onCancel: close,
-      onSubmit: (validateLength && validateSame) ? submit : null,
-      actions: [
-        dialogButton(
-          'Cancel',
-          icon: Icon(Icons.close_rounded),
-          onPressed: close,
-          isOutline: true,
-        ),
-        dialogButton(
-          'OK',
-          icon: Icon(Icons.done_rounded),
-          onPressed: (validateLength && validateSame) ? submit : null,
-        ),
-      ],
-    );
-  });
-}
-
 void setTemporaryPasswordLengthDialog(
     OverlayDialogManager dialogManager) async {
   List<String> lengths = ['6', '8', '10'];

flutter/lib/models/ab_model.dart

@@ -1,6 +1,5 @@
 import 'dart:async';
 import 'dart:convert';
-import 'dart:io';
 
 import 'package:flutter/material.dart';
 import 'package:flutter_hbb/common/hbbs/hbbs.dart';
@@ -53,7 +52,9 @@ class AbModel {
 
   RxBool get currentAbLoading => current.abLoading;
   bool get currentAbEmpty => current.peers.isEmpty && current.tags.isEmpty;
-  RxString get currentAbPullError => current.pullError;
+  final _listPullError = ''.obs;
+  RxString get abPullError =>
+      _listPullError.value.isNotEmpty ? _listPullError : current.pullError;
   RxString get currentAbPushError => current.pushError;
   String? _personalAbGuid;
   RxBool legacyMode = false.obs;
@@ -68,6 +69,7 @@ class AbModel {
   var _syncFromRecentLock = false;
   var _timerCounter = 0;
   var _cacheLoadOnceFlag = false;
+  var _pulledOnce = false;
   var listInitialized = false;
   var _maxPeerOneAb = 0;
 
@@ -97,10 +99,17 @@ class AbModel {
     print("reset ab model");
     addressbooks.clear();
     _currentName.value = '';
+    _listPullError.value = '';
+    _pulledOnce = false;
     await bind.mainClearAb();
     listInitialized = false;
   }
 
+  void clearPullErrors() {
+    _listPullError.value = '';
+    current.pullError.value = '';
+  }
+
 // #region ab
   /// Pulls the address book data from the server.
   ///
@@ -110,31 +119,41 @@ class AbModel {
   var _pulling = false;
   Future<void> pullAb(
       {required ForcePullAb? force, required bool quiet}) async {
+    if (bind.isDisableAb()) return;
+    if (!gFFI.userModel.isLogin) return;
+    if (gFFI.userModel.networkError.isNotEmpty) return;
     if (_pulling) return;
+    if (force == null && _pulledOnce) {
+      return;
+    }
     _pulling = true;
+    if (!quiet) {
+      _listPullError.value = '';
+      current.pullError.value = '';
+    }
     try {
       await _pullAb(force: force, quiet: quiet);
       _refreshTab();
     } catch (_) {}
     _pulling = false;
+    _pulledOnce = true;
   }
 
   Future<void> _pullAb(
       {required ForcePullAb? force, required bool quiet}) async {
-    if (bind.isDisableAb()) return;
-    if (!gFFI.userModel.isLogin) return;
-    if (gFFI.userModel.networkError.isNotEmpty) return;
     if (force == null && listInitialized && current.initialized) return;
     debugPrint("pullAb, force: $force, quiet: $quiet");
     if (!listInitialized || force == ForcePullAb.listAndCurrent) {
       try {
         // Read personal guid every time to avoid upgrading the server without closing the main window
         _personalAbGuid = null;
-        await _getPersonalAbGuid();
-        // Determine legacy mode based on whether _personalAbGuid is null
+        // `true`: continue init. `false`: stop, error already recorded.
+        if (!await _getPersonalAbGuid(quiet: quiet)) {
+          return;
+        }
         legacyMode.value = _personalAbGuid == null;
         if (!legacyMode.value && _maxPeerOneAb == 0) {
-          await _getAbSettings();
+          await _getAbSettings(quiet: quiet);
         }
         if (_personalAbGuid != null) {
           debugPrint("pull ab list");
@@ -142,7 +161,7 @@ class AbModel {
           abProfiles.add(AbProfile(_personalAbGuid!, _personalAddressBookName,
               gFFI.userModel.userName.value, null, ShareRule.read.value, null));
           // get all address book name
-          await _getSharedAbProfiles(abProfiles);
+          await _getSharedAbProfiles(abProfiles, quiet: quiet);
           addressbooks.removeWhere((key, value) =>
               abProfiles.firstWhereOrNull((e) => e.name == key) == null);
           for (int i = 0; i < abProfiles.length; i++) {
@@ -182,6 +201,7 @@ class AbModel {
         }
       } catch (e) {
         debugPrint("pull ab list error: $e");
+        _setListPullError(e, quiet: quiet);
       }
     } else if (listInitialized &&
         (!current.initialized || force == ForcePullAb.current)) {
@@ -197,14 +217,26 @@ class AbModel {
     }
   }
 
-  Future<bool> _getAbSettings() async {
+  void _setListPullError(Object err, {required bool quiet, int? statusCode}) {
+    if (!quiet) {
+      _listPullError.value =
+          '${translate('pull_ab_failed_tip')}: ${translate(err.toString())}';
+    }
+    if (statusCode == 401) {
+      gFFI.userModel.reset(resetOther: true);
+    }
+  }
+
+  Future<bool> _getAbSettings({required bool quiet}) async {
+    int? statusCode;
     try {
       final api = "${await bind.mainGetApiServer()}/api/ab/settings";
       var headers = getHttpHeaders();
       headers['Content-Type'] = "application/json";
       _setEmptyBody(headers);
       final resp = await http.post(Uri.parse(api), headers: headers);
-      if (resp.statusCode == 404) {
+      statusCode = resp.statusCode;
+      if (statusCode == 404) {
         debugPrint("HTTP 404, api server doesn't support shared address book");
         return false;
       }
@@ -213,46 +245,57 @@ class AbModel {
       if (json.containsKey('error')) {
         throw json['error'];
       }
-      if (resp.statusCode != 200) {
-        throw 'HTTP ${resp.statusCode}';
+      if (statusCode != 200) {
+        throw 'HTTP $statusCode';
       }
       _maxPeerOneAb = json['max_peer_one_ab'] ?? 0;
       return true;
     } catch (err) {
       debugPrint('get ab settings err: ${err.toString()}');
+      _setListPullError(err, quiet: quiet, statusCode: statusCode);
     }
     return false;
   }
 
-  Future<bool> _getPersonalAbGuid() async {
+  /// Loads `/api/ab/personal`.
+  /// Returns `true` to continue init, `false` to stop after a real error.
+  Future<bool> _getPersonalAbGuid({required bool quiet}) async {
+    int? statusCode;
     try {
       final api = "${await bind.mainGetApiServer()}/api/ab/personal";
       var headers = getHttpHeaders();
       headers['Content-Type'] = "application/json";
       _setEmptyBody(headers);
       final resp = await http.post(Uri.parse(api), headers: headers);
-      if (resp.statusCode == 404) {
+      statusCode = resp.statusCode;
+      if (statusCode == 404) {
         debugPrint("HTTP 404, current api server is legacy mode");
-        return false;
+        // Old server: keep `_personalAbGuid` null and continue in legacy mode.
+        return true;
       }
       Map<String, dynamic> json =
           _jsonDecodeRespMap(decode_http_response(resp), resp.statusCode);
       if (json.containsKey('error')) {
         throw json['error'];
       }
-      if (resp.statusCode != 200) {
-        throw 'HTTP ${resp.statusCode}';
+      if (statusCode != 200) {
+        throw 'HTTP $statusCode';
       }
       _personalAbGuid = json['guid'];
+      // New server: guid is available, continue in non-legacy mode.
       return true;
     } catch (err) {
       debugPrint('get personal ab err: ${err.toString()}');
+      _setListPullError(err, quiet: quiet, statusCode: statusCode);
     }
+    // Real error: stop the current pull.
     return false;
   }
 
-  Future<bool> _getSharedAbProfiles(List<AbProfile> profiles) async {
+  Future<bool> _getSharedAbProfiles(List<AbProfile> profiles,
+      {required bool quiet}) async {
     final api = "${await bind.mainGetApiServer()}/api/ab/shared/profiles";
+    int? statusCode;
     try {
       var uri0 = Uri.parse(api);
       final pageSize = 100;
@@ -273,13 +316,19 @@ class AbModel {
         headers['Content-Type'] = "application/json";
         _setEmptyBody(headers);
         final resp = await http.post(uri, headers: headers);
+        statusCode = resp.statusCode;
+        if (statusCode == 404) {
+          debugPrint(
+              "HTTP 404, api server doesn't support shared address book");
+          return false;
+        }
         Map<String, dynamic> json =
             _jsonDecodeRespMap(decode_http_response(resp), resp.statusCode);
         if (json.containsKey('error')) {
           throw json['error'];
         }
-        if (resp.statusCode != 200) {
-          throw 'HTTP ${resp.statusCode}';
+        if (statusCode != 200) {
+          throw 'HTTP $statusCode';
         }
         if (json.containsKey('total')) {
           if (total == 0) total = json['total'];
@@ -302,6 +351,7 @@ class AbModel {
       return true;
     } catch (err) {
       debugPrint('_getSharedAbProfiles err: ${err.toString()}');
+      _setListPullError(err, quiet: quiet, statusCode: statusCode);
     }
     return false;
   }

flutter/lib/models/file_model.dart

@@ -391,14 +391,30 @@ class FileController {
 
     await Future.delayed(Duration(milliseconds: 100));
 
-    final dir = (await bind.sessionGetPeerOption(
+    final savedDir = (await bind.sessionGetPeerOption(
         sessionId: sessionId, name: isLocal ? "local_dir" : "remote_dir"));
-    openDirectory(dir.isEmpty ? options.value.home : dir);
+    Future<bool> tryOpenReadyDirs() async {
+      final dirs = <String>{
+        if (directory.value.path.isNotEmpty) directory.value.path,
+        if (savedDir.isNotEmpty) savedDir,
+        options.value.home,
+      };
+      for (final dir in dirs) {
+        if (await _openDirectoryPath(dir, isBack: true)) {
+          return true;
+        }
+      }
+      return false;
+    }
+
+    var opened = await tryOpenReadyDirs();
 
     await Future.delayed(Duration(seconds: 1));
 
-    if (directory.value.path.isEmpty) {
-      openDirectory(options.value.home);
+    if (!opened) {
+      // The peer may become ready during the reconnect delay, so retry the
+      // same candidates instead of only retrying the default home directory.
+      await tryOpenReadyDirs();
     }
   }
 
@@ -429,19 +445,23 @@ class FileController {
     });
   }
 
-  Future<void> refresh() async {
-    await openDirectory(directory.value.path);
+  Future<bool> refresh() async {
+    // "." can be both a refresh command and a real remote directory path.
+    // Refresh must bypass openDirectory's command dispatch to avoid recursion.
+    return await _openDirectoryPath(directory.value.path, isBack: true);
   }
 
-  Future<void> openDirectory(String path, {bool isBack = false}) async {
-    if (path == ".") {
-      refresh();
-      return;
+  Future<bool> openDirectory(String path, {bool isBack = false}) async {
+    if (!isBack && path == ".") {
+      return await refresh();
     }
-    if (path == "..") {
-      goToParentDirectory();
-      return;
+    if (!isBack && path == "..") {
+      return await _goToParentDirectory(isBack: isBack);
     }
+    return await _openDirectoryPath(path, isBack: isBack);
+  }
+
+  Future<bool> _openDirectoryPath(String path, {bool isBack = false}) async {
     if (!isBack) {
       pushHistory();
     }
@@ -458,8 +478,10 @@ class FileController {
       final fd = await fileFetcher.fetchDirectory(path, isLocal, showHidden);
       fd.format(isWindows, sort: sortBy.value);
       directory.value = fd;
+      return true;
     } catch (e) {
       debugPrint("Failed to openDirectory $path: $e");
+      return false;
     }
   }
 
@@ -487,19 +509,22 @@ class FileController {
       goBack();
       return;
     }
-    openDirectory(path, isBack: true);
+    unawaited(_openDirectoryPath(path, isBack: true).then<void>((_) {}));
   }
 
   void goToParentDirectory() {
+    unawaited(_goToParentDirectory().then<void>((_) {}));
+  }
+
+  Future<bool> _goToParentDirectory({bool isBack = false}) async {
     final isWindows = options.value.isWindows;
     final dirPath = directory.value.path;
     var parent = PathUtil.dirname(dirPath, isWindows);
     // specially for C:\, D:\, goto '/'
     if (parent == dirPath && isWindows) {
-      openDirectory('/');
-      return;
+      return await _openDirectoryPath('/', isBack: isBack);
     }
-    openDirectory(parent);
+    return await _openDirectoryPath(parent, isBack: isBack);
   }
 
   // TODO deprecated this

flutter/lib/models/group_model.dart

@@ -343,6 +343,7 @@ class GroupModel {
   }
 
   reset() async {
+    initialized = false;
     groupLoadError.value = '';
     deviceGroups.clear();
     users.clear();

flutter/lib/models/input_model.dart

@@ -2,6 +2,7 @@ import 'dart:async';
 import 'dart:convert';
 import 'dart:io';
 import 'dart:math';
+import 'package:flutter/foundation.dart';
 import 'dart:ui' as ui;
 
 import 'package:desktop_multi_window/desktop_multi_window.dart';
@@ -15,12 +16,13 @@ import 'package:get/get.dart';
 import '../../models/model.dart';
 import '../../models/platform_model.dart';
 import '../../models/state_model.dart';
+import 'input_modifier_utils.dart';
 import 'relative_mouse_model.dart';
 import '../common.dart';
 import '../consts.dart';
 
 /// Mouse button enum.
-enum MouseButtons { left, right, wheel, back }
+enum MouseButtons { left, right, wheel, back, forward }
 
 const _kMouseEventDown = 'mousedown';
 const _kMouseEventUp = 'mouseup';
@@ -157,6 +159,8 @@ extension ToString on MouseButtons {
         return 'wheel';
       case MouseButtons.back:
         return 'back';
+      case MouseButtons.forward:
+        return 'forward';
     }
   }
 }
@@ -327,6 +331,80 @@ class ToReleaseKeys {
 }
 
 class InputModel {
+  // Side mouse button support for Linux.
+  // Flutter's Linux embedder drops X11 button 8/9 events, so we capture them
+  // natively via GDK and forward through the platform channel.
+  static InputModel? _activeSideButtonModel;
+  // Tracks per-button which model received a side button down event, so the
+  // matching up event is routed there even if the pointer has left the view
+  // or a different button was pressed in between.
+  static final Map<MouseButtons, InputModel> _sideButtonDownModels = {};
+  static bool _sideButtonChannelInitialized = false;
+
+  /// Each Flutter engine (main window + sub-windows from desktop_multi_window)
+  /// runs its own Dart isolate with its own statics. Called from initEnv()
+  /// which runs per-engine, so each isolate registers its own handler tied
+  /// to its own set of InputModels.
+  static void initSideButtonChannel() {
+    if (!Platform.isLinux) return;
+    if (_sideButtonChannelInitialized) return;
+    _sideButtonChannelInitialized = true;
+
+    const channel = MethodChannel('org.rustdesk.rustdesk/side_buttons');
+    channel.setMethodCallHandler((call) async {
+      if (call.method == 'onSideMouseButton') {
+        final args = call.arguments as Map<dynamic, dynamic>;
+        final button = args['button'] as String;
+        final type = args['type'] as String;
+        final mb = button == 'back' ? MouseButtons.back : MouseButtons.forward;
+
+        if (type == 'down') {
+          final model = _activeSideButtonModel;
+          if (model != null &&
+              !(model.isViewOnly && !model.showMyCursor) &&
+              model.keyboardPerm &&
+              !model.isViewCamera) {
+            _sideButtonDownModels[mb] = model;
+            // Fire-and-forget to avoid blocking the platform channel handler.
+            unawaited(model._sendMouseUnchecked(type, mb).catchError((Object e) {
+              debugPrint('[InputModel] failed to send side button $type for $mb: $e');
+            }));
+          }
+        } else {
+          // Only route 'up' when we recorded the matching 'down';
+          // dropping avoids sending unpaired 'up' to an unrelated session.
+          // Use _sendMouseUnchecked to bypass permission checks so the
+          // release always goes through even if permissions changed.
+          final model = _sideButtonDownModels.remove(mb);
+          if (model != null) {
+            unawaited(model._sendMouseUnchecked(type, mb).catchError((Object e) {
+              debugPrint('[InputModel] failed to send side button $type for $mb: $e');
+            }));
+          }
+        }
+      }
+      return null;
+    });
+  }
+
+  /// Clear any static references to this model (prevents stale routing).
+  /// Releases any held side buttons on the peer so closing a session
+  /// mid-press does not leave a stuck button.
+  void disposeSideButtonTracking() {
+    if (_activeSideButtonModel == this) _activeSideButtonModel = null;
+    final held = _sideButtonDownModels.entries
+        .where((e) => e.value == this)
+        .map((e) => e.key)
+        .toList();
+    for (final mb in held) {
+      _sideButtonDownModels.remove(mb);
+      // Best-effort release; session may already be tearing down.
+      unawaited(_sendMouseUnchecked('up', mb).catchError((Object e) {
+        debugPrint('[InputModel] failed to release side button $mb: $e');
+      }));
+    }
+  }
+
   final WeakReference<FFI> parent;
   String keyboardMode = '';
 
@@ -412,6 +490,7 @@ class InputModel {
   bool get isRelativeMouseModeSupported => _relativeMouse.isSupported;
 
   InputModel(this.parent) {
+    initSideButtonChannel();
     sessionId = parent.target!.sessionId;
     _relativeMouse = RelativeMouseModel(
       sessionId: sessionId,
@@ -620,6 +699,38 @@ class InputModel {
     }
   }
 
+  // Safe: this only re-dispatches synthesized Shift key-up events.
+  // The key-up path clears the tracked Shift state so this does not loop.
+  void _releaseTrackedShiftKeyEventIfNeeded() {
+    final leftShift = toReleaseKeys.lastLShiftKeyEvent;
+    final rightShift = toReleaseKeys.lastRShiftKeyEvent;
+    if (leftShift != null) {
+      handleKeyEvent(leftShift);
+    }
+    if (rightShift != null) {
+      handleKeyEvent(rightShift);
+    }
+  }
+
+  // Safe: this only re-dispatches synthesized Shift key-up events.
+  // The raw key-up path clears the tracked Shift state so this does not loop.
+  void _releaseTrackedRawShiftKeyEventIfNeeded() {
+    final leftShift = toReleaseRawKeys.lastLShiftKeyEvent;
+    final rightShift = toReleaseRawKeys.lastRShiftKeyEvent;
+    if (leftShift != null) {
+      handleRawKeyEvent(RawKeyUpEvent(
+        data: leftShift.data,
+        character: leftShift.character,
+      ));
+    }
+    if (rightShift != null) {
+      handleRawKeyEvent(RawKeyUpEvent(
+        data: rightShift.data,
+        character: rightShift.character,
+      ));
+    }
+  }
+
   KeyEventResult handleRawKeyEvent(RawKeyEvent e) {
     if (isViewOnly) return KeyEventResult.handled;
     if (isViewCamera) return KeyEventResult.handled;
@@ -674,6 +785,27 @@ class InputModel {
       toReleaseRawKeys.updateKeyUp(key, e);
     }
 
+    // On some mobile soft-keyboard paths, Flutter may leave cached Shift state
+    // set even though the current raw key event is not shifted anymore.
+    if (e is RawKeyDownEvent &&
+        shouldReleaseStaleMobileShift(
+          isMobile: isMobile,
+          cachedShiftPressed: shift,
+          actualShiftPressed: e.isShiftPressed,
+          logicalKey: e.logicalKey,
+          hasTrackedShiftKeyDown: toReleaseRawKeys.lastLShiftKeyEvent != null ||
+              toReleaseRawKeys.lastRShiftKeyEvent != null,
+        )) {
+      if (kDebugMode) {
+        debugPrint(
+          'input: releasing stale mobile Shift before replaying tracked raw '
+          'key-up (logicalKey=${e.logicalKey.keyLabel}, '
+          'actualShiftPressed=${e.isShiftPressed}, cachedShiftPressed=$shift)',
+        );
+      }
+      _releaseTrackedRawShiftKeyEventIfNeeded();
+    }
+
     // * Currently mobile does not enable map mode
     if ((isDesktop || isWebDesktop) && keyboardMode == kKeyMapMode) {
       mapKeyboardModeRaw(e, iosCapsLock);
@@ -717,6 +849,8 @@ class InputModel {
       iosCapsLock = _getIosCapsFromCharacter(e);
     }
 
+    // Update cached modifier state before sending the event. The stale mobile
+    // Shift release check below relies on this cached state.
     if (e is KeyUpEvent) {
       handleKeyUpEventModifiers(e);
     } else if (e is KeyDownEvent) {
@@ -754,6 +888,21 @@ class InputModel {
         }
       }
     }
+
+    // On some mobile soft-keyboard paths, Flutter may leave cached Shift state
+    // set even though the current key event is not shifted anymore.
+    if (e is KeyDownEvent &&
+        shouldReleaseStaleMobileShift(
+          isMobile: isMobile,
+          cachedShiftPressed: shift,
+          actualShiftPressed: HardwareKeyboard.instance.isShiftPressed,
+          logicalKey: e.logicalKey,
+          hasTrackedShiftKeyDown: toReleaseKeys.lastLShiftKeyEvent != null ||
+              toReleaseKeys.lastRShiftKeyEvent != null,
+        )) {
+      _releaseTrackedShiftKeyEventIfNeeded();
+    }
+
     final isDesktopAndMapMode =
         isDesktop || (isWebDesktop && keyboardMode == kKeyMapMode);
     if (isMobileAndMapMode || isDesktopAndMapMode) {
@@ -966,13 +1115,20 @@ class InputModel {
     return evt;
   }
 
+  /// Send mouse event unconditionally (no permission checks).
+  /// Used for side button releases that must go through even if permissions
+  /// changed after the matching down was sent.
+  Future<void> _sendMouseUnchecked(String type, MouseButtons button) async {
+    await bind.sessionSendMouse(
+        sessionId: sessionId,
+        msg: json.encode(modify({'type': type, 'buttons': button.value})));
+  }
+
   /// Send mouse press event.
   Future<void> sendMouse(String type, MouseButtons button) async {
     if (!keyboardPerm) return;
     if (isViewCamera) return;
-    await bind.sessionSendMouse(
-        sessionId: sessionId,
-        msg: json.encode(modify({'type': type, 'buttons': button.value})));
+    await _sendMouseUnchecked(type, button);
   }
 
   void enterOrLeave(bool enter) {
@@ -982,6 +1138,13 @@ class InputModel {
     _pointerInsideImage = enter;
     _lastWheelTsUs = 0;
 
+    // Track active model for side button events (Linux).
+    if (enter) {
+      _activeSideButtonModel = this;
+    } else if (_activeSideButtonModel == this) {
+      _activeSideButtonModel = null;
+    }
+
     // Fix status
     if (!enter) {
       resetModifiers();
@@ -1332,6 +1495,16 @@ class InputModel {
     return false;
   }
 
+  /// iOS may emit a synthesized touch event after a real mouse click.
+  /// This helper ignores touch-down events that arrive shortly after a mouse down,
+  /// even when the position is far (e.g., near the top edge).
+  bool _shouldIgnoreTouchAfterMouse(int nowMs) {
+    if (!isIOS) return false;
+    const int kTouchAfterMouseWindowMs = 700;
+    final dt = nowMs - _lastMouseDownTimeMs;
+    return dt >= 0 && dt < kTouchAfterMouseWindowMs;
+  }
+
   void onPointDownImage(PointerDownEvent e) {
     debugPrint("onPointDownImage ${e.kind}");
     _stopFling = true;
@@ -1344,6 +1517,9 @@ class InputModel {
     // Track mouse down events for duplicate detection on iOS.
     final nowMs = DateTime.now().millisecondsSinceEpoch;
     if (e.kind == ui.PointerDeviceKind.mouse) {
+      if (!isPhysicalMouse.value) {
+        isPhysicalMouse.value = true;
+      }
       _lastMouseDownTimeMs = nowMs;
       _lastMouseDownPos = e.position;
     }
@@ -1353,6 +1529,10 @@ class InputModel {
     }
 
     if (e.kind != ui.PointerDeviceKind.mouse) {
+      // Ignore duplicate touch events that follow a recent mouse click (iOS Magic Mouse issue).
+      if (isPhysicalMouse.value && _shouldIgnoreTouchAfterMouse(nowMs)) {
+        return;
+      }
       if (isPhysicalMouse.value) {
         isPhysicalMouse.value = false;
       }

flutter/lib/models/input_modifier_utils.dart

@@ -0,0 +1,38 @@
+import 'package:flutter/services.dart';
+
+/// Returns true when a stale mobile one-shot Shift state should be released
+/// by replaying a tracked Shift key-down as a synthesized key-up.
+///
+/// This is only valid on mobile when Flutter's cached Shift state is still on
+/// (`cachedShiftPressed == true`) but the current hardware/raw event reports
+/// Shift as off (`actualShiftPressed == false`).
+///
+/// A tracked Shift key-down is required so the caller can safely synthesize the
+/// matching key-up. Both `shiftLeft` and `shiftRight` are excluded because the
+/// Shift key event itself must be processed first; otherwise we could release
+/// the tracked key while still handling the original Shift press/release.
+/// Callers should evaluate this only after their cached modifier state has been
+/// updated for the current event.
+///
+/// When this returns true, the caller logs a line like:
+/// `input: releasing stale mobile Shift before replaying tracked raw key-up`
+/// immediately before calling `_releaseTrackedRawShiftKeyEventIfNeeded()`.
+bool shouldReleaseStaleMobileShift({
+  required bool isMobile,
+  required bool cachedShiftPressed,
+  required bool actualShiftPressed,
+  required LogicalKeyboardKey logicalKey,
+  required bool hasTrackedShiftKeyDown,
+}) {
+  if (!isMobile || !cachedShiftPressed || actualShiftPressed) {
+    return false;
+  }
+  if (!hasTrackedShiftKeyDown) {
+    return false;
+  }
+  if (logicalKey == LogicalKeyboardKey.shiftLeft ||
+      logicalKey == LogicalKeyboardKey.shiftRight) {
+    return false;
+  }
+  return true;
+}

flutter/lib/models/model.dart

@@ -3932,6 +3932,7 @@ class FFI {
     inputModel.resetModifiers();
     // Dispose relative mouse mode resources to ensure cursor is restored
     inputModel.disposeRelativeMouseMode();
+    inputModel.disposeSideButtonTracking();
     if (closeSession) {
       await bind.sessionClose(sessionId: sessionId);
     }

flutter/lib/models/server_model.dart

@@ -298,7 +298,7 @@ class ServerModel with ChangeNotifier {
   }
 
   toggleAudio() async {
-    if (clients.isNotEmpty) {
+    if (clients.any((c) => !c.disconnected)) {
       await showClientsMayNotBeChangedAlert(parent.target);
     }
     if (!_audioOk && !await AndroidPermissionManager.check(kRecordAudio)) {
@@ -316,7 +316,7 @@ class ServerModel with ChangeNotifier {
   }
 
   toggleFile() async {
-    if (clients.isNotEmpty) {
+    if (clients.any((c) => !c.disconnected)) {
       await showClientsMayNotBeChangedAlert(parent.target);
     }
     if (!_fileOk &&
@@ -345,7 +345,7 @@ class ServerModel with ChangeNotifier {
   }
 
   toggleInput() async {
-    if (clients.isNotEmpty) {
+    if (clients.any((c) => !c.disconnected)) {
       await showClientsMayNotBeChangedAlert(parent.target);
     }
     if (_inputOk) {
@@ -471,17 +471,6 @@ class ServerModel with ChangeNotifier {
     WakelockManager.disable(_wakelockKey);
   }
 
-  Future<bool> setPermanentPassword(String newPW) async {
-    await bind.mainSetPermanentPassword(password: newPW);
-    await Future.delayed(Duration(milliseconds: 500));
-    final pw = await bind.mainGetPermanentPassword();
-    if (newPW == pw) {
-      return true;
-    } else {
-      return false;
-    }
-  }
-
   fetchID() async {
     final id = await bind.mainGetMyId();
     if (id != _serverId.id) {
@@ -560,10 +549,19 @@ class ServerModel with ChangeNotifier {
         if (index < 0) {
           _clients.add(client);
         } else {
+          if (_clients[index].authorized) {
+            _clients[index].privacyMode = client.privacyMode;
+            notifyListeners();
+            return;
+          }
           _clients[index].authorized = true;
+          _clients[index].privacyMode = client.privacyMode;
         }
       } else {
-        if (_clients.any((c) => c.id == client.id)) {
+        final index = _clients.indexWhere((c) => c.id == client.id);
+        if (index >= 0) {
+          _clients[index].privacyMode = client.privacyMode;
+          notifyListeners();
           return;
         }
         _clients.add(client);
@@ -829,6 +827,7 @@ class Client {
   bool restart = false;
   bool recording = false;
   bool blockInput = false;
+  bool privacyMode = false;
   bool disconnected = false;
   bool fromSwitch = false;
   bool inVoiceCall = false;
@@ -857,6 +856,7 @@ class Client {
     restart = json['restart'];
     recording = json['recording'];
     blockInput = json['block_input'];
+    privacyMode = json['privacy_mode'] ?? privacyMode;
     disconnected = json['disconnected'];
     fromSwitch = json['from_switch'];
     inVoiceCall = json['in_voice_call'];
@@ -881,6 +881,7 @@ class Client {
     data['restart'] = restart;
     data['recording'] = recording;
     data['block_input'] = blockInput;
+    data['privacy_mode'] = privacyMode;
     data['disconnected'] = disconnected;
     data['from_switch'] = fromSwitch;
     data['in_voice_call'] = inVoiceCall;

flutter/lib/models/terminal_model.dart

@@ -27,25 +27,30 @@ class TerminalModel with ChangeNotifier {
   // Buffer for output data received before terminal view has valid dimensions.
   // This prevents NaN errors when writing to terminal before layout is complete.
   final _pendingOutputChunks = <String>[];
+  final _pendingOutputSuppressFlags = <bool>[];
   int _pendingOutputSize = 0;
   static const int _kMaxOutputBufferChars = 8 * 1024;
   // View ready state: true when terminal has valid dimensions, safe to write
   bool _terminalViewReady = false;
-
-  bool get isPeerWindows => parent.ffiModel.pi.platform == kPeerPlatformWindows;
+  bool _markViewReadyScheduled = false;
+  bool _suppressTerminalOutput = false;
+  bool _suppressNextTerminalDataOutput = false;
 
   void Function(int w, int h, int pw, int ph)? onResizeExternal;
 
   Future<void> _handleInput(String data) async {
-    // If we press the `Enter` button on Android,
-    // `data` can be '\r' or '\n' when using different keyboards.
-    // Android -> Windows. '\r' works, but '\n' does not. '\n' is just a newline.
-    // Android -> Linux. Both '\r' and '\n' work as expected (execute a command).
-    // So when we receive '\n', we may need to convert it to '\r' to ensure compatibility.
-    // Desktop -> Desktop works fine.
-    // Check if we are on mobile or web(mobile), and convert '\n' to '\r'.
+    // Soft keyboards (notably iOS) emit '\n' when Enter is pressed, while a
+    // real keyboard's Enter sends '\r'. Some Android keyboards also emit '\n'.
+    // - Peer Windows: '\r' works, '\n' is just a newline.
+    // - Peer Linux: canonical-mode shells accept both, but raw-mode apps
+    //   (readline, prompt_toolkit, vim, TUI frameworks) expect '\r'.
+    // - Peer macOS: same as Linux, raw-mode apps expect '\r'
+    //   (https://github.com/rustdesk/rustdesk/issues/14907).
+    // So on mobile / web-mobile, always normalize a lone '\n' to '\r'.
+    // We deliberately do not touch multi-character payloads (e.g. pasted text)
+    // so embedded newlines in pasted content are preserved.
     final isMobileOrWebMobile = (isMobile || (isWeb && !isWebDesktop));
-    if (isMobileOrWebMobile && isPeerWindows && data == '\n') {
+    if (isMobileOrWebMobile && data == '\n') {
       data = '\r';
     }
     if (_terminalOpened) {
@@ -70,7 +75,10 @@ class TerminalModel with ChangeNotifier {
     terminalController = TerminalController();
 
     // Setup terminal callbacks
-    terminal.onOutput = _handleInput;
+    terminal.onOutput = (data) {
+      if (_suppressTerminalOutput) return;
+      _handleInput(data);
+    };
 
     terminal.onResize = (w, h, pw, ph) async {
       // Validate all dimensions before using them
@@ -84,7 +92,7 @@ class TerminalModel with ChangeNotifier {
         // Mark terminal view as ready and flush any buffered output on first valid resize.
         // Must be after onResizeExternal so the view layer has valid dimensions before flushing.
         if (!_terminalViewReady) {
-          _markViewReady();
+          _scheduleMarkViewReady();
         }
 
         if (_terminalOpened) {
@@ -110,14 +118,16 @@ class TerminalModel with ChangeNotifier {
   void onReady() {
     parent.dialogManager.dismissAll();
 
-    // Fire and forget - don't block onReady
-    openTerminal().catchError((e) {
+    // Fire and forget - don't block onReady. If the transport reconnects while
+    // this model is still open, re-send OpenTerminal so the remote service marks
+    // the persistent session active again and resumes output streaming.
+    openTerminal(force: _terminalOpened).catchError((e) {
       debugPrint('[TerminalModel] Error opening terminal: $e');
     });
   }
 
-  Future<void> openTerminal() async {
-    if (_terminalOpened) return;
+  Future<void> openTerminal({bool force = false}) async {
+    if (_terminalOpened && !force) return;
     // Request the remote side to open a terminal with default shell
     // The remote side will decide which shell to use based on its OS
 
@@ -275,9 +285,12 @@ class TerminalModel with ChangeNotifier {
     if (success) {
       _terminalOpened = true;
 
-      // On reconnect ("Reconnected to existing terminal"), server may replay recent output.
-      // If this TerminalView instance is reused (not rebuilt), duplicate lines can appear.
-      // We intentionally accept this tradeoff for now to keep logic simple.
+      // On reconnect, the server may replay recent output. That replay can include
+      // terminal queries like DSR/DA; xterm answers them through onOutput as
+      // "^[[1;1R^[[2;2R^[[>0;0;0c", which must not be sent back to the peer.
+      final replayTerminalOutput = evt['replay_terminal_output'];
+      _suppressNextTerminalDataOutput = replayTerminalOutput == true ||
+          message == 'Reconnected to existing terminal with pending output';
 
       // Fallback: if terminal view is not yet ready but already has valid
       // dimensions (e.g. layout completed before open response arrived),
@@ -285,7 +298,7 @@ class TerminalModel with ChangeNotifier {
       if (!_terminalViewReady &&
           terminal.viewWidth > 0 &&
           terminal.viewHeight > 0) {
-        _markViewReady();
+        _scheduleMarkViewReady();
       }
 
       // Process any buffered input
@@ -297,12 +310,16 @@ class TerminalModel with ChangeNotifier {
       });
 
       final persistentSessions =
-          evt['persistent_sessions'] as List<dynamic>? ?? [];
+          (evt['persistent_sessions'] as List<dynamic>? ?? [])
+              .whereType<int>()
+              .where((id) => !parent.terminalModels.containsKey(id))
+              .toList();
       if (kWindowId != null && persistentSessions.isNotEmpty) {
         DesktopMultiWindow.invokeMethod(
             kWindowId!,
             kWindowEventRestoreTerminalSessions,
             jsonEncode({
+              'peer_id': id,
               'persistent_sessions': persistentSessions,
             }));
       }
@@ -332,6 +349,8 @@ class TerminalModel with ChangeNotifier {
     final data = evt['data'];
 
     if (data != null) {
+      final suppressTerminalOutput = _suppressNextTerminalDataOutput;
+      _suppressNextTerminalDataOutput = false;
       try {
         String text = '';
         if (data is String) {
@@ -351,7 +370,7 @@ class TerminalModel with ChangeNotifier {
           return;
         }
 
-        _writeToTerminal(text);
+        _writeToTerminal(text, suppressTerminalOutput: suppressTerminalOutput);
       } catch (e) {
         debugPrint('[TerminalModel] Failed to process terminal data: $e');
       }
@@ -361,7 +380,10 @@ class TerminalModel with ChangeNotifier {
   /// Write text to terminal, buffering if the view is not yet ready.
   /// All terminal output should go through this method to avoid NaN errors
   /// from writing before the terminal view has valid layout dimensions.
-  void _writeToTerminal(String text) {
+  void _writeToTerminal(
+    String text, {
+    bool suppressTerminalOutput = false,
+  }) {
     if (!_terminalViewReady) {
       // If a single chunk exceeds the cap, keep only its tail.
       // Note: truncation may split a multi-byte ANSI escape sequence,
@@ -373,34 +395,73 @@ class TerminalModel with ChangeNotifier {
         _pendingOutputChunks
           ..clear()
           ..add(truncated);
+        _pendingOutputSuppressFlags
+          ..clear()
+          ..add(suppressTerminalOutput);
         _pendingOutputSize = truncated.length;
       } else {
         _pendingOutputChunks.add(text);
+        _pendingOutputSuppressFlags.add(suppressTerminalOutput);
         _pendingOutputSize += text.length;
         // Drop oldest chunks if exceeds limit (whole chunks to preserve ANSI sequences)
         while (_pendingOutputSize > _kMaxOutputBufferChars &&
             _pendingOutputChunks.length > 1) {
           final removed = _pendingOutputChunks.removeAt(0);
+          _pendingOutputSuppressFlags.removeAt(0);
           _pendingOutputSize -= removed.length;
         }
       }
       return;
     }
-    terminal.write(text);
+    _writeTerminalChunk(text, suppressTerminalOutput: suppressTerminalOutput);
   }
 
   void _flushOutputBuffer() {
     if (_pendingOutputChunks.isEmpty) return;
     debugPrint(
         '[TerminalModel] Flushing $_pendingOutputSize buffered chars (${_pendingOutputChunks.length} chunks)');
-    for (final chunk in _pendingOutputChunks) {
-      terminal.write(chunk);
+    for (var i = 0; i < _pendingOutputChunks.length; i++) {
+      _writeTerminalChunk(
+        _pendingOutputChunks[i],
+        suppressTerminalOutput: _pendingOutputSuppressFlags[i],
+      );
     }
     _pendingOutputChunks.clear();
+    _pendingOutputSuppressFlags.clear();
     _pendingOutputSize = 0;
   }
 
+  void _writeTerminalChunk(
+    String text, {
+    required bool suppressTerminalOutput,
+  }) {
+    if (!suppressTerminalOutput) {
+      terminal.write(text);
+      return;
+    }
+    final previous = _suppressTerminalOutput;
+    _suppressTerminalOutput = true;
+    try {
+      terminal.write(text);
+    } finally {
+      _suppressTerminalOutput = previous;
+    }
+  }
+
   /// Mark terminal view as ready and flush buffered output.
+  void _scheduleMarkViewReady() {
+    if (_disposed || _terminalViewReady || _markViewReadyScheduled) return;
+    _markViewReadyScheduled = true;
+    WidgetsBinding.instance.addPostFrameCallback((_) {
+      _markViewReadyScheduled = false;
+      if (_disposed || _terminalViewReady) return;
+      if (terminal.viewWidth > 0 && terminal.viewHeight > 0) {
+        _markViewReady();
+      }
+    });
+    WidgetsBinding.instance.ensureVisualUpdate();
+  }
+
   void _markViewReady() {
     if (_terminalViewReady) return;
     _terminalViewReady = true;
@@ -426,7 +487,10 @@ class TerminalModel with ChangeNotifier {
     // Clear buffers to free memory
     _inputBuffer.clear();
     _pendingOutputChunks.clear();
+    _pendingOutputSuppressFlags.clear();
     _pendingOutputSize = 0;
+    _markViewReadyScheduled = false;
+    _suppressNextTerminalDataOutput = false;
     // Terminal cleanup is handled server-side when service closes
     super.dispose();
   }

flutter/lib/web/bridge.dart

@@ -1159,10 +1159,6 @@ class RustdeskImpl {
     return Future.value('');
   }
 
-  Future<String> mainGetPermanentPassword({dynamic hint}) {
-    return Future.value('');
-  }
-
   Future<String> mainGetFingerprint({dynamic hint}) {
     return Future.value('');
   }
@@ -1346,9 +1342,9 @@ class RustdeskImpl {
     throw UnimplementedError("mainUpdateTemporaryPassword");
   }
 
-  Future<void> mainSetPermanentPassword(
+  Future<bool> mainSetPermanentPasswordWithResult(
       {required String password, dynamic hint}) {
-    throw UnimplementedError("mainSetPermanentPassword");
+    throw UnimplementedError("mainSetPermanentPasswordWithResult");
   }
 
   Future<bool> mainCheckSuperUserPermission({dynamic hint}) {
@@ -1542,7 +1538,10 @@ class RustdeskImpl {
 
   Future<void> mainAccountAuth(
       {required String op, required bool rememberMe, dynamic hint}) {
-    return Future(() => js.context.callMethod('setByName', [
+    // Safari only allows auth popups while handling the original user gesture.
+    // Use Future.sync so the JS call runs synchronously (pre-opening the OIDC
+    // window) while any interop error still surfaces as a Future error.
+    return Future.sync(() => js.context.callMethod('setByName', [
           'account_auth',
           jsonEncode({'op': op, 'remember': rememberMe})
         ]));
@@ -1730,7 +1729,7 @@ class RustdeskImpl {
   }
 
   String mainSupportedPrivacyModeImpls({dynamic hint}) {
-    throw UnimplementedError("mainSupportedPrivacyModeImpls");
+    return '[]';
   }
 
   String mainSupportedInputSource({dynamic hint}) {

flutter/linux/my_application.cc

@@ -29,6 +29,80 @@ void try_set_transparent(GtkWindow* window, GdkScreen* screen, FlView* view);
 
 extern bool gIsConnectionManager;
 
+// --- Side mouse button support (back/forward) ---
+// Flutter's Linux embedder doesn't deliver X11 button 8/9 events to Dart.
+// We intercept them via GDK and forward through a dedicated platform channel.
+
+static const char* kSideButtonChannelName = "org.rustdesk.rustdesk/side_buttons";
+
+static gboolean on_side_button_event(GtkWidget* widget, GdkEventButton* event, gpointer user_data) {
+  if (event->button != 8 && event->button != 9) {
+    return FALSE;
+  }
+  // Ignore GDK_2BUTTON_PRESS / GDK_3BUTTON_PRESS (double/triple-click synthetic
+  // events) - only handle real press and release.
+  if (event->type != GDK_BUTTON_PRESS && event->type != GDK_BUTTON_RELEASE) {
+    return FALSE;
+  }
+
+  FlMethodChannel* channel = FL_METHOD_CHANNEL(user_data);
+  if (channel == NULL) return FALSE;
+
+  g_autoptr(FlValue) args = fl_value_new_map();
+  fl_value_set_string_take(args, "button",
+    fl_value_new_string(event->button == 8 ? "back" : "forward"));
+  fl_value_set_string_take(args, "type",
+    fl_value_new_string(event->type == GDK_BUTTON_PRESS ? "down" : "up"));
+
+  fl_method_channel_invoke_method(channel, "onSideMouseButton", args,
+    NULL, NULL, NULL);
+
+  return TRUE;
+}
+
+static FlMethodChannel* side_buttons_create_channel(FlEngine* engine) {
+  g_autoptr(FlStandardMethodCodec) codec = fl_standard_method_codec_new();
+  return fl_method_channel_new(
+    fl_engine_get_binary_messenger(engine),
+    kSideButtonChannelName,
+    FL_METHOD_CODEC(codec));
+}
+
+static void side_buttons_channel_destroy(gpointer data) {
+  g_object_unref(data);
+}
+
+static void side_buttons_init_for_window(GtkWindow* window, FlMethodChannel* channel) {
+  // Guard against double-initialization (would leave dangling signal user_data).
+  if (g_object_get_data(G_OBJECT(window), "side-buttons-channel") != NULL) return;
+
+  gtk_widget_add_events(GTK_WIDGET(window),
+    GDK_BUTTON_PRESS_MASK | GDK_BUTTON_RELEASE_MASK);
+  // Store channel on the window so it stays alive and is freed with the window.
+  g_object_set_data_full(G_OBJECT(window), "side-buttons-channel",
+    g_object_ref(channel), side_buttons_channel_destroy);
+  g_signal_connect(window, "button-press-event",
+    G_CALLBACK(on_side_button_event), channel);
+  g_signal_connect(window, "button-release-event",
+    G_CALLBACK(on_side_button_event), channel);
+}
+
+static void on_subwindow_created(FlPluginRegistry* registry) {
+#if defined(GDK_WINDOWING_WAYLAND) && defined(HAS_KEYBOARD_SHORTCUTS_INHIBIT)
+  wayland_shortcuts_inhibit_init_for_subwindow(registry);
+#endif
+  // Set up side button forwarding for sub-windows.
+  if (registry == NULL || !FL_IS_VIEW(registry)) return;
+  FlView* view = FL_VIEW(registry);
+  GtkWidget* toplevel = gtk_widget_get_toplevel(GTK_WIDGET(view));
+  if (toplevel != NULL && GTK_IS_WINDOW(toplevel)) {
+    FlMethodChannel* channel = side_buttons_create_channel(fl_view_get_engine(view));
+    if (channel == NULL) return;
+    side_buttons_init_for_window(GTK_WINDOW(toplevel), channel);
+    g_object_unref(channel);  // window now owns a ref via g_object_set_data_full
+  }
+}
+
 GtkWidget *find_gl_area(GtkWidget *widget);
 
 // Implements GApplication::activate.
@@ -96,12 +170,12 @@ static void my_application_activate(GApplication* application) {
   gtk_widget_show(GTK_WIDGET(window));
   gtk_widget_show(GTK_WIDGET(view));
 
-#if defined(GDK_WINDOWING_WAYLAND) && defined(HAS_KEYBOARD_SHORTCUTS_INHIBIT)
-  // Register callback for sub-windows created by desktop_multi_window plugin
-  // Only sub-windows (remote windows) need keyboard shortcuts inhibition
+  // Register callback for sub-windows created by desktop_multi_window plugin.
+  // Handles both Wayland shortcuts inhibition (guarded inside) and side button
+  // forwarding. Safe to call on X11-only builds - the plugin just stores the
+  // callback pointer regardless of windowing system.
   desktop_multi_window_plugin_set_window_created_callback(
-      (WindowCreatedCallback)wayland_shortcuts_inhibit_init_for_subwindow);
-#endif
+      (WindowCreatedCallback)on_subwindow_created);
 
   fl_register_plugins(FL_PLUGIN_REGISTRY(view));
 
@@ -116,6 +190,11 @@ static void my_application_activate(GApplication* application) {
     self,
     nullptr);
 
+  // Forward side mouse button events (back/forward) to Dart on the main window.
+  FlMethodChannel* side_channel = side_buttons_create_channel(fl_view_get_engine(view));
+  side_buttons_init_for_window(window, side_channel);
+  g_object_unref(side_channel);
+
   gtk_widget_grab_focus(GTK_WIDGET(view));
 }
 

flutter/pubspec.yaml

@@ -113,8 +113,8 @@ dependencies:
 
 dev_dependencies:
   icons_launcher: ^2.0.4
-  #flutter_test:
-  #sdk: flutter
+  flutter_test:
+    sdk: flutter
   build_runner: ^2.4.6
   freezed: ^2.4.2
   flutter_lints: ^2.0.2

flutter/test/input_modifier_utils_test.dart

@@ -0,0 +1,125 @@
+import 'package:flutter/services.dart';
+import 'package:flutter_test/flutter_test.dart';
+import 'package:flutter_hbb/models/input_modifier_utils.dart';
+
+void main() {
+  group('shouldReleaseStaleMobileShift', () {
+    test('does not release when cached shift is already false', () {
+      expect(
+        shouldReleaseStaleMobileShift(
+          isMobile: true,
+          cachedShiftPressed: false,
+          actualShiftPressed: false,
+          logicalKey: LogicalKeyboardKey.keyD,
+          hasTrackedShiftKeyDown: true,
+        ),
+        isFalse,
+      );
+    });
+
+    test('releases one-shot mobile shift after a text key', () {
+      expect(
+        shouldReleaseStaleMobileShift(
+          isMobile: true,
+          cachedShiftPressed: true,
+          actualShiftPressed: false,
+          logicalKey: LogicalKeyboardKey.keyD,
+          hasTrackedShiftKeyDown: true,
+        ),
+        isTrue,
+      );
+    });
+
+    test('does not release manually toggled shift without tracked key down',
+        () {
+      expect(
+        shouldReleaseStaleMobileShift(
+          isMobile: true,
+          cachedShiftPressed: true,
+          actualShiftPressed: false,
+          logicalKey: LogicalKeyboardKey.keyD,
+          hasTrackedShiftKeyDown: false,
+        ),
+        isFalse,
+      );
+    });
+
+    test('does not release when shift is still physically pressed', () {
+      expect(
+        shouldReleaseStaleMobileShift(
+          isMobile: true,
+          cachedShiftPressed: true,
+          actualShiftPressed: true,
+          logicalKey: LogicalKeyboardKey.keyD,
+          hasTrackedShiftKeyDown: true,
+        ),
+        isFalse,
+      );
+    });
+
+    test('does not release on non-mobile platforms', () {
+      expect(
+        shouldReleaseStaleMobileShift(
+          isMobile: false,
+          cachedShiftPressed: true,
+          actualShiftPressed: false,
+          logicalKey: LogicalKeyboardKey.keyD,
+          hasTrackedShiftKeyDown: true,
+        ),
+        isFalse,
+      );
+    });
+
+    test('releases on enter key', () {
+      expect(
+        shouldReleaseStaleMobileShift(
+          isMobile: true,
+          cachedShiftPressed: true,
+          actualShiftPressed: false,
+          logicalKey: LogicalKeyboardKey.enter,
+          hasTrackedShiftKeyDown: true,
+        ),
+        isTrue,
+      );
+    });
+
+    test('releases on arrow key', () {
+      expect(
+        shouldReleaseStaleMobileShift(
+          isMobile: true,
+          cachedShiftPressed: true,
+          actualShiftPressed: false,
+          logicalKey: LogicalKeyboardKey.arrowLeft,
+          hasTrackedShiftKeyDown: true,
+        ),
+        isTrue,
+      );
+    });
+
+    test('does not release on modifier events', () {
+      expect(
+        shouldReleaseStaleMobileShift(
+          isMobile: true,
+          cachedShiftPressed: true,
+          actualShiftPressed: false,
+          logicalKey: LogicalKeyboardKey.shiftLeft,
+          hasTrackedShiftKeyDown: true,
+        ),
+        isFalse,
+      );
+    });
+
+    test('does not release on shiftRight modifier events', () {
+      expect(
+        shouldReleaseStaleMobileShift(
+          isMobile: true,
+          cachedShiftPressed: true,
+          actualShiftPressed: false,
+          logicalKey: LogicalKeyboardKey.shiftRight,
+          hasTrackedShiftKeyDown: true,
+        ),
+        isFalse,
+      );
+    });
+  });
+}

libs/clipboard/src/platform/unix/fuse/cs.rs

@@ -12,7 +12,7 @@
 //!
 //! For now, we transfer all file names with windows separators, UTF-16 encoded.
 //! *Need a way to transfer file names with '\' safely*.
-//! Maybe we can use URL encoded file names and '/' seperators as a new standard, while keep the support to old schemes.
+//! Maybe we can use URL encoded file names and '/' separators as a new standard, while keep the support to old schemes.
 //!
 //! # Note
 //! - all files on FS should be read only, and mark the owner to be the current user

libs/clipboard/src/windows/wf_cliprdr.c

@@ -624,6 +624,7 @@ void CliprdrStream_Delete(CliprdrStream *instance)
 	if (instance)
 	{
 		free(instance->iStream.lpVtbl);
+		instance->iStream.lpVtbl = NULL;
 		free(instance);
 	}
 }
@@ -2160,7 +2161,7 @@ static BOOL wf_cliprdr_add_to_file_arrays(wfClipboard *clipboard, WCHAR *full_fi
 		return FALSE;
 
 	/* add to name array */
-	clipboard->file_names[clipboard->nFiles] = (LPWSTR)malloc(MAX_PATH * 2);
+	clipboard->file_names[clipboard->nFiles] = (LPWSTR)malloc((size_t)MAX_PATH * sizeof(WCHAR));
 
 	if (!clipboard->file_names[clipboard->nFiles])
 		return FALSE;

libs/enigo/src/linux/xdo.rs

@@ -8,6 +8,7 @@
 use crate::{Key, KeyboardControllable, MouseButton, MouseControllable};
 
 use hbb_common::libc::c_int;
+use hbb_common::x11::xlib::{Display, XCloseDisplay, XGetPointerMapping, XOpenDisplay};
 use libxdo_sys::{self, xdo_t, CURRENTWINDOW};
 use std::{borrow::Cow, ffi::CString};
 
@@ -32,6 +33,51 @@ fn mousebutton(button: MouseButton) -> c_int {
     }
 }
 
+/// Minimum number of buttons the X11 core pointer must support.
+/// Buttons 8 (Back) and 9 (Forward) are needed for mouse side buttons.
+const MIN_POINTER_BUTTONS: usize = 9;
+
+/// Check that the X11 core pointer's button map includes at least 9 buttons
+/// so that `XTestFakeButtonEvent` can simulate Back (8) and Forward (9).
+///
+/// RustDesk's uinput "Mouse passthrough" device normally provides enough
+/// buttons, but we log a warning if the map is too small so the issue is
+/// diagnosable. `XSetPointerMapping` cannot extend the button count (its
+/// length must match `XGetPointerMapping`), so we only diagnose here.
+fn check_x11_button_map() {
+    // Skip on non-X11 sessions to avoid noisy "XOpenDisplay failed" warnings
+    // on pure Wayland or headless environments without $DISPLAY.
+    if std::env::var_os("DISPLAY").is_none() {
+        return;
+    }
+
+    let display: *mut Display = unsafe { XOpenDisplay(std::ptr::null()) };
+    if display.is_null() {
+        log::warn!("XOpenDisplay failed, cannot check button map");
+        return;
+    }
+
+    let mut current_map = [0u8; 32];
+    let nbuttons =
+        unsafe { XGetPointerMapping(display, current_map.as_mut_ptr(), current_map.len() as i32) };
+    unsafe { XCloseDisplay(display) };
+
+    if nbuttons < 0 {
+        log::warn!("XGetPointerMapping failed (returned {nbuttons})");
+        return;
+    }
+
+    let nbuttons = nbuttons as usize;
+    if nbuttons >= MIN_POINTER_BUTTONS {
+        log::info!("X11 pointer has {nbuttons} buttons, side buttons supported");
+    } else {
+        log::warn!(
+            "X11 pointer has only {nbuttons} buttons (need {MIN_POINTER_BUTTONS}); \
+             back/forward side buttons may not work until a device with more buttons is added"
+        );
+    }
+}
+
 /// The main struct for handling the event emitting
 pub(super) struct EnigoXdo {
     xdo: *mut xdo_t,
@@ -52,6 +98,7 @@ impl Default for EnigoXdo {
             log::warn!("Failed to create xdo context, xdo functions will be disabled");
         } else {
             log::info!("xdo context created successfully");
+            check_x11_button_map();
         }
         Self {
             xdo,

libs/scrap/src/common/mediacodec.rs

@@ -151,7 +151,7 @@ fn create_media_codec(name: &str, direction: MediaCodecDirection) -> Option<Medi
         log::error!("Failed to start decoder: {:?}", e);
         return None;
     };
-    log::debug!("Init decoder successed!: {:?}", name);
+    log::debug!("Init decoder succeeded!: {:?}", name);
     return Some(MediaCodecDecoder {
         decoder: codec,
         name: name.to_owned(),

libs/scrap/src/wayland/capturable.rs

@@ -24,7 +24,7 @@ impl<'a> PixelProvider<'a> {
 }
 
 pub trait Recorder {
-    fn capture(&mut self, timeout_ms: u64) -> Result<PixelProvider, Box<dyn Error>>;
+    fn capture(&mut self, timeout_ms: u64) -> Result<PixelProvider<'_>, Box<dyn Error>>;
 }
 
 pub trait BoxCloneCapturable {

libs/scrap/src/wayland/pipewire.rs

@@ -346,7 +346,7 @@ impl PipeWireRecorder {
 }
 
 impl Recorder for PipeWireRecorder {
-    fn capture(&mut self, timeout_ms: u64) -> Result<PixelProvider, Box<dyn Error>> {
+    fn capture(&mut self, timeout_ms: u64) -> Result<PixelProvider<'_>, Box<dyn Error>> {
         if let Some(sample) = self
             .appsink
             .try_pull_sample(gst::ClockTime::from_mseconds(timeout_ms))

libs/virtual_display/dylib/README.md

@@ -29,4 +29,4 @@ TODO
 
 ## X11
 
-## OSX
+## macOS

res/audits.py

@@ -43,7 +43,7 @@ def get_connection_type_name(conn_type):
     """Convert connection type number to readable name"""
     type_map = {
         0: "Remote Desktop",
-        1: "File Transfer", 
+        1: "File Transfer",
         2: "Port Transfer",
         3: "View Camera",
         4: "Terminal"
@@ -55,7 +55,7 @@ def get_console_type_name(console_type):
     """Convert console audit type number to readable name"""
     type_map = {
         0: "Group Management",
-        1: "User Management", 
+        1: "User Management",
         2: "Device Management",
         3: "Address Book Management"
     }
@@ -67,7 +67,7 @@ def get_console_operation_name(operation_code):
     operation_map = {
         0: "User Login",
         1: "Add Group",
-        2: "Add User", 
+        2: "Add User",
         3: "Add Device",
         4: "Delete Groups",
         5: "Disconnect Device",
@@ -95,7 +95,7 @@ def get_console_operation_name(operation_code):
 def get_alarm_type_name(alarm_type):
     """Convert alarm type number to readable name"""
     type_map = {
-        0: "Access attempt outside the IP whiltelist",
+        0: "Access attempt outside the IP whitelist",
         1: "Over 30 consecutive access attempts",
         2: "Multiple access attempts within one minute",
         3: "Over 30 consecutive login attempts",
@@ -109,24 +109,24 @@ def enhance_audit_data(data, audit_type):
     """Enhance audit data with readable formats"""
     if not data:
         return data
-    
+
     enhanced_data = []
     for item in data:
         enhanced_item = item.copy()
-        
+
         # Convert timestamps - replace original values
         if 'created_at' in enhanced_item:
             enhanced_item['created_at'] = format_timestamp(enhanced_item['created_at'])
         if 'end_time' in enhanced_item:
             enhanced_item['end_time'] = format_timestamp(enhanced_item['end_time'])
-        
+
         # Add type-specific enhancements - replace original values
         if audit_type == 'conn':
             if 'conn_type' in enhanced_item:
                 enhanced_item['conn_type'] = get_connection_type_name(enhanced_item['conn_type'])
             else:
                 enhanced_item['conn_type'] = "Not Logged In"
-        
+
         elif audit_type == 'console':
             if 'typ' in enhanced_item:
                 # Replace typ field with type and convert to readable name
@@ -136,14 +136,14 @@ def enhance_audit_data(data, audit_type):
                 # Replace iop field with operation and convert to readable name
                 enhanced_item['operation'] = get_console_operation_name(enhanced_item['iop'])
                 del enhanced_item['iop']
-        
+
         elif audit_type == 'alarm' and 'typ' in enhanced_item:
             # Replace typ field with type and convert to readable name
             enhanced_item['type'] = get_alarm_type_name(enhanced_item['typ'])
             del enhanced_item['typ']
-        
+
         enhanced_data.append(enhanced_item)
-    
+
     return enhanced_data
 
 
@@ -152,7 +152,7 @@ def check_response(response):
     if response.status_code != 200:
         print(f"Error: HTTP {response.status_code} - {response.text}")
         exit(1)
-    
+
     try:
         response_json = response.json()
         if "error" in response_json:
@@ -163,28 +163,28 @@ def check_response(response):
         return response.text or "Success"
 
 
-def view_audits_common(url, token, endpoint, filters=None, page_size=None, current=None, 
+def view_audits_common(url, token, endpoint, filters=None, page_size=None, current=None,
                        created_at=None, days_ago=None, non_wildcard_fields=None):
     """Common function for viewing audits"""
     headers = {"Authorization": f"Bearer {token}"}
-    
+
     # Set default page size and current page
     if page_size is None:
         page_size = 10
     if current is None:
         current = 1
-    
+
     params = {
         "pageSize": page_size,
         "current": current
     }
-    
+
     # Add filter parameters if provided
     if filters:
         for key, value in filters.items():
             if value is not None:
                 params[key] = value
-    
+
     # Handle time filters
     if days_ago is not None:
         # Calculate datetime from days ago
@@ -205,10 +205,10 @@ def view_audits_common(url, token, endpoint, filters=None, page_size=None, curre
     # Apply wildcard patterns for string fields (excluding specific fields)
     if non_wildcard_fields is None:
         non_wildcard_fields = set()
-    
+
     # Always exclude these fields from wildcard treatment
     non_wildcard_fields.update(["created_at", "pageSize", "current"])
-    
+
     string_params = {}
     for k, v in params.items():
         if isinstance(v, str) and k not in non_wildcard_fields:
@@ -221,10 +221,10 @@ def view_audits_common(url, token, endpoint, filters=None, page_size=None, curre
 
     response = requests.get(f"{url}/api/audits/{endpoint}", headers=headers, params=string_params)
     response_json = check_response(response)
-    
+
     # Enhance the data with readable formats
     data = enhance_audit_data(response_json.get("data", []), endpoint)
-    
+
     return {
         "data": data,
         "total": response_json.get("total", 0),
@@ -233,7 +233,7 @@ def view_audits_common(url, token, endpoint, filters=None, page_size=None, curre
     }
 
 
-def view_conn_audits(url, token, remote=None, conn_type=None, 
+def view_conn_audits(url, token, remote=None, conn_type=None,
                      page_size=None, current=None, created_at=None, days_ago=None):
     """View connection audits"""
     filters = {
@@ -241,7 +241,7 @@ def view_conn_audits(url, token, remote=None, conn_type=None,
         "conn_type": conn_type
     }
     non_wildcard_fields = {"conn_type"}
-    
+
     return view_audits_common(
         url, token, "conn", filters, page_size, current, created_at, days_ago, non_wildcard_fields
     )
@@ -254,7 +254,7 @@ def view_file_audits(url, token, remote=None,
         "remote": remote
     }
     non_wildcard_fields = set()
-    
+
     return view_audits_common(
         url, token, "file", filters, page_size, current, created_at, days_ago, non_wildcard_fields
     )
@@ -267,7 +267,7 @@ def view_alarm_audits(url, token, device=None,
         "device": device
     }
     non_wildcard_fields = set()
-    
+
     return view_audits_common(
         url, token, "alarm", filters, page_size, current, created_at, days_ago, non_wildcard_fields
     )
@@ -280,7 +280,7 @@ def view_console_audits(url, token, operator=None,
         "operator": operator
     }
     non_wildcard_fields = set()
-    
+
     return view_audits_common(
         url, token, "console", filters, page_size, current, created_at, days_ago, non_wildcard_fields
     )
@@ -295,15 +295,15 @@ def main():
     )
     parser.add_argument("--url", required=True, help="URL of the API")
     parser.add_argument("--token", required=True, help="Bearer token for authentication")
-    
+
     # Pagination parameters
     parser.add_argument("--page-size", type=int, default=10, help="Number of records per page (default: 10)")
     parser.add_argument("--current", type=int, default=1, help="Current page number (default: 1)")
-    
+
     # Time filtering parameters
     parser.add_argument("--created-at", help="Filter by creation time in local time (format: 2025-09-16 14:15:57 or 2025-09-16 14:15:57.000)")
     parser.add_argument("--days-ago", type=int, help="Filter by days ago (e.g., 7 for last 7 days)")
-    
+
     # Audit filters (simplified)
     parser.add_argument("--remote", help="Remote peer ID filter (for conn/file audits)")
     parser.add_argument("--device", help="Device ID filter (for alarm audits)")
@@ -319,9 +319,9 @@ def main():
     if args.command == "view-conn":
         # View connection audits
         result = view_conn_audits(
-            args.url, 
-            args.token, 
-            args.remote, 
+            args.url,
+            args.token,
+            args.remote,
             args.conn_type,
             args.page_size,
             args.current,
@@ -329,12 +329,12 @@ def main():
             args.days_ago
         )
         print(json.dumps(result, indent=2))
-    
+
     elif args.command == "view-file":
         # View file audits
         result = view_file_audits(
-            args.url, 
-            args.token, 
+            args.url,
+            args.token,
             args.remote,
             args.page_size,
             args.current,
@@ -342,12 +342,12 @@ def main():
             args.days_ago
         )
         print(json.dumps(result, indent=2))
-    
+
     elif args.command == "view-alarm":
         # View alarm audits
         result = view_alarm_audits(
-            args.url, 
-            args.token, 
+            args.url,
+            args.token,
             args.device,
             args.page_size,
             args.current,
@@ -355,12 +355,12 @@ def main():
             args.days_ago
         )
         print(json.dumps(result, indent=2))
-    
+
     elif args.command == "view-console":
         # View console audits
         result = view_console_audits(
-            args.url, 
-            args.token, 
+            args.url,
+            args.token,
             args.operator,
             args.page_size,
             args.current,

res/msi/CustomActions/CustomActions.cpp

@@ -616,10 +616,10 @@ UINT __stdcall TryStopDeleteService(__in MSIHANDLE hInstall)
     }
 
     if (IsServiceRunningW(svcName)) {
-        WcaLog(LOGMSG_STANDARD, "Service \"%ls\" is not stoped after 1000 ms.", svcName);
+        WcaLog(LOGMSG_STANDARD, "Service \"%ls\" is not stopped after 1000 ms.", svcName);
     }
     else {
-        WcaLog(LOGMSG_STANDARD, "Service \"%ls\" is stoped.", svcName);
+        WcaLog(LOGMSG_STANDARD, "Service \"%ls\" is stopped.", svcName);
     }
 
     if (MyDeleteServiceW(svcName)) {
@@ -645,7 +645,7 @@ UINT __stdcall TryStopDeleteService(__in MSIHANDLE hInstall)
     }
 
     // It's really strange that we need sleep here.
-    // But the upgrading may be stucked at "copying new files" because the file is in using.
+    // But the upgrading may be stuck at "copying new files" because the file is in using.
     // Steps to reproduce: Install -> stop service in tray --> start service -> upgrade
     // Sleep(300);
 
@@ -758,7 +758,7 @@ UINT __stdcall AddRegSoftwareSASGeneration(__in MSIHANDLE hInstall)
     }
 
     // Why RegSetValueExW always return 998?
-    // 
+    //
     result = RegCreateKeyExW(HKEY_LOCAL_MACHINE, subKey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hKey, NULL);
     if (result != ERROR_SUCCESS) {
         WcaLog(LOGMSG_STANDARD, "Failed to create or open registry key: %d", result);
@@ -874,7 +874,7 @@ void TryCreateStartServiceByShell(LPWSTR svcName, LPWSTR svcBinary, LPWSTR szSvc
     i = 0;
     j = 0;
     // svcBinary is a string with double quotes, we need to escape it for shell arguments.
-    // It is orignal used for `CreateServiceW`.
+    // It is original used for `CreateServiceW`.
     // eg. "C:\Program Files\MyApp\MyApp.exe" --service -> \"C:\Program Files\MyApp\MyApp.exe\" --service
     while (true) {
         if (svcBinary[j] == L'"') {

src/cli.rs

@@ -25,7 +25,13 @@ impl Session {
     pub fn new(id: &str, sender: mpsc::UnboundedSender<Data>) -> Self {
         let mut password = "".to_owned();
         if PeerConfig::load(id).password.is_empty() {
-            password = rpassword::prompt_password("Enter password: ").unwrap();
+            match rpassword::prompt_password("Enter password: ") {
+                Ok(p) => password = p,
+                Err(e) => {
+                    log::error!("Failed to read password: {:?}", e);
+                    password = "".to_owned();
+                }
+            }
         }
         let session = Self {
             id: id.to_owned(),

src/client.rs

@@ -1745,6 +1745,9 @@ pub struct LoginConfigHandler {
     pub direct: Option<bool>,
     pub received: bool,
     switch_uuid: Option<String>,
+    #[cfg(feature = "flutter")]
+    #[cfg(not(any(target_os = "android", target_os = "ios")))]
+    switch_back_allowed: bool,
     pub save_ab_password_to_recent: bool, // true: connected with ab password
     pub other_server: Option<(String, String, String)>,
     pub custom_fps: Arc<Mutex<Option<usize>>>,
@@ -1861,6 +1864,11 @@ impl LoginConfigHandler {
 
         self.direct = None;
         self.received = false;
+        #[cfg(feature = "flutter")]
+        #[cfg(not(any(target_os = "android", target_os = "ios")))]
+        {
+            self.switch_back_allowed = false;
+        }
         self.switch_uuid = switch_uuid;
         self.adapter_luid = adapter_luid;
         self.selected_windows_session_id = None;
@@ -1874,6 +1882,23 @@ impl LoginConfigHandler {
         self.is_terminal_admin = is_terminal_admin;
     }
 
+    #[cfg(feature = "flutter")]
+    #[cfg(not(any(target_os = "android", target_os = "ios")))]
+    pub fn allow_switch_back_once(&mut self) {
+        self.switch_back_allowed = true;
+    }
+
+    #[cfg(feature = "flutter")]
+    #[cfg(not(any(target_os = "android", target_os = "ios")))]
+    pub fn consume_switch_back_permission(&mut self) -> bool {
+        if self.switch_back_allowed {
+            self.switch_back_allowed = false;
+            true
+        } else {
+            false
+        }
+    }
+
     /// Check if the client should auto login.
     /// Return password if the client should auto login, otherwise return empty string.
     pub fn should_auto_login(&self) -> String {
@@ -3377,6 +3402,36 @@ pub fn handle_login_error(
     }
 }
 
+#[cfg(feature = "flutter")]
+#[cfg(not(any(target_os = "android", target_os = "ios")))]
+async fn consume_local_switch_sides_uuid(id: &str, uuid: &Uuid) -> bool {
+    let Ok(mut conn) = crate::ipc::connect(1000, "").await else {
+        return false;
+    };
+    let uuid = uuid.to_string();
+    if conn
+        .send(&crate::ipc::Data::SwitchSidesUuid(
+            uuid.clone(),
+            id.to_owned(),
+            None,
+        ))
+        .await
+        .is_err()
+    {
+        return false;
+    }
+    match conn.next_timeout(1000).await {
+        Ok(Some(crate::ipc::Data::SwitchSidesUuid(
+            returned_uuid,
+            returned_id,
+            Some(true),
+        ))) => {
+            returned_uuid == uuid && returned_id == id
+        }
+        _ => false,
+    }
+}
+
 /// Handle hash message sent by peer.
 /// Hash will be used for login.
 ///
@@ -3397,12 +3452,22 @@ pub async fn handle_hash(
     // Take care of password application order
 
     // switch_uuid
-    let uuid = lc.write().unwrap().switch_uuid.take();
-    if let Some(uuid) = uuid {
-        if let Ok(uuid) = uuid::Uuid::from_str(&uuid) {
-            send_switch_login_request(lc.clone(), peer, uuid).await;
-            lc.write().unwrap().password_source = Default::default();
-            return;
+    #[cfg(feature = "flutter")]
+    #[cfg(not(any(target_os = "android", target_os = "ios")))]
+    {
+        let uuid = lc.write().unwrap().switch_uuid.take();
+        if let Some(uuid) = uuid {
+            if let Ok(uuid) = uuid::Uuid::from_str(&uuid) {
+                let id = lc.read().unwrap().id.clone();
+                if !consume_local_switch_sides_uuid(&id, &uuid).await {
+                    log::warn!("Ignored untrusted switch_uuid");
+                } else {
+                    lc.write().unwrap().allow_switch_back_once();
+                    send_switch_login_request(lc.clone(), peer, uuid).await;
+                    lc.write().unwrap().password_source = Default::default();
+                    return;
+                }
+            }
         }
     }
     // last password
@@ -3870,6 +3935,7 @@ pub fn check_if_retry(msgtype: &str, title: &str, text: &str, retry_for_relay: b
                 && !text.to_lowercase().contains("resolve")
                 && !text.to_lowercase().contains("mismatch")
                 && !text.to_lowercase().contains("manually")
+                && !text.to_lowercase().contains("restricted")
                 && !text.to_lowercase().contains("not allowed")))
 }
 

src/client/io_loop.rs

@@ -586,7 +586,6 @@ impl<T: InvokeUiSession> Remote<T> {
                         file_num,
                         include_hidden,
                         is_remote,
-                        Vec::new(),
                         od,
                     ));
                     allow_err!(
@@ -659,7 +658,6 @@ impl<T: InvokeUiSession> Remote<T> {
                         file_num,
                         include_hidden,
                         is_remote,
-                        Vec::new(),
                         od,
                     );
                     job.is_last_job = true;
@@ -845,19 +843,7 @@ impl<T: InvokeUiSession> Remote<T> {
                 }
             }
             Data::CancelJob(id) => {
-                let mut msg_out = Message::new();
-                let mut file_action = FileAction::new();
-                file_action.set_cancel(FileTransferCancel {
-                    id: id,
-                    ..Default::default()
-                });
-                msg_out.set_file_action(file_action);
-                allow_err!(peer.send(&msg_out).await);
-                if let Some(job) = fs::remove_job(id, &mut self.write_jobs) {
-                    job.remove_download_file();
-                }
-                let _ = fs::remove_job(id, &mut self.read_jobs);
-                self.remove_jobs.remove(&id);
+                self.cancel_transfer_job(id, peer).await;
             }
             Data::RemoveDir((id, path)) => {
                 let mut msg_out = Message::new();
@@ -1053,6 +1039,22 @@ impl<T: InvokeUiSession> Remote<T> {
         }
     }
 
+    async fn cancel_transfer_job(&mut self, id: i32, peer: &mut Stream) {
+        let mut msg_out = Message::new();
+        let mut file_action = FileAction::new();
+        file_action.set_cancel(FileTransferCancel {
+            id,
+            ..Default::default()
+        });
+        msg_out.set_file_action(file_action);
+        allow_err!(peer.send(&msg_out).await);
+        if let Some(job) = fs::remove_job(id, &mut self.write_jobs) {
+            job.remove_download_file();
+        }
+        let _ = fs::remove_job(id, &mut self.read_jobs);
+        self.remove_jobs.remove(&id);
+    }
+
     pub async fn sync_jobs_status_to_local(&mut self) -> bool {
         if !self.is_connected {
             return false;
@@ -1446,6 +1448,23 @@ impl<T: InvokeUiSession> Remote<T> {
                     if !self.handler.lc.read().unwrap().disable_clipboard.v {
                         #[cfg(not(any(target_os = "android", target_os = "ios")))]
                         update_clipboard(_mcb.clipboards, ClipboardSide::Client);
+                        #[cfg(target_os = "ios")]
+                        {
+                            if let Some(cb) = _mcb
+                                .clipboards
+                                .iter()
+                                .find(|c| c.format.enum_value() == Ok(ClipboardFormat::Text))
+                            {
+                                let content = if cb.compress {
+                                    hbb_common::compress::decompress(&cb.content)
+                                } else {
+                                    cb.content.to_vec()
+                                };
+                                if let Ok(content) = String::from_utf8(content) {
+                                    self.handler.clipboard(content);
+                                }
+                            }
+                        }
                         #[cfg(target_os = "android")]
                         crate::clipboard::handle_msg_multi_clipboards(_mcb);
                     }
@@ -1470,14 +1489,43 @@ impl<T: InvokeUiSession> Remote<T> {
                                     fs::transform_windows_path(&mut entries);
                                 }
                             }
-                            self.handler
-                                .update_folder_files(fd.id, &entries, fd.path, false, false);
+                            // We cannot call cancel_transfer_job/handle_job_status while holding
+                            // a mutable borrow from fs::get_job(&mut self.write_jobs), so defer
+                            // the error handling until after the borrow scope ends.
+                            let mut set_files_err = None;
                             if let Some(job) = fs::get_job(fd.id, &mut self.write_jobs) {
                                 log::info!("job set_files: {:?}", entries);
-                                job.set_files(entries);
-                                job.set_finished_size_on_resume();
+                                if let Err(err) = job.set_files(entries) {
+                                    set_files_err = Some(err.to_string());
+                                } else {
+                                    job.set_finished_size_on_resume();
+                                    self.handler.update_folder_files(
+                                        fd.id,
+                                        job.files(),
+                                        fd.path,
+                                        false,
+                                        false,
+                                    );
+                                }
                             } else if let Some(job) = self.remove_jobs.get_mut(&fd.id) {
+                                // Intentionally keep raw entries here:
+                                // - remote remove flow executes deletions on peer side;
+                                // - local remove flow is populated from local get_recursive_files().
                                 job.files = entries;
+                                self.handler
+                                    .update_folder_files(fd.id, &job.files, fd.path, false, false);
+                            } else {
+                                self.handler
+                                    .update_folder_files(fd.id, &entries, fd.path, false, false);
+                            }
+                            if let Some(err) = set_files_err {
+                                log::warn!(
+                                    "Rejected unsafe file list from remote peer for job {}: {}",
+                                    fd.id,
+                                    err
+                                );
+                                self.cancel_transfer_job(fd.id, peer).await;
+                                self.handle_job_status(fd.id, -1, Some(err));
                             }
                         }
                         Some(file_response::Union::Digest(digest)) => {
@@ -1749,6 +1797,9 @@ impl<T: InvokeUiSession> Remote<T> {
                             Ok(Permission::BlockInput) => {
                                 self.handler.set_permission("block_input", p.enabled);
                             }
+                            Ok(Permission::PrivacyMode) => {
+                                self.handler.set_permission("privacy_mode", p.enabled);
+                            }
                             _ => {}
                         }
                     }
@@ -1872,9 +1923,23 @@ impl<T: InvokeUiSession> Remote<T> {
                             );
                         }
                     }
+                    #[cfg(feature = "flutter")]
+                    #[cfg(not(any(target_os = "android", target_os = "ios")))]
                     Some(misc::Union::SwitchBack(_)) => {
-                        #[cfg(feature = "flutter")]
-                        self.handler.switch_back(&self.handler.get_id());
+                        let allow_switch_back = self
+                            .handler
+                            .lc
+                            .write()
+                            .unwrap()
+                            .consume_switch_back_permission();
+                        if allow_switch_back {
+                            self.handler.switch_back(&self.handler.get_id());
+                        } else {
+                            log::warn!(
+                                "Ignored unsolicited SwitchBack from {}",
+                                self.handler.get_id()
+                            );
+                        }
                     }
                     #[cfg(all(feature = "flutter", feature = "plugin_framework"))]
                     #[cfg(not(any(target_os = "android", target_os = "ios")))]

src/common.rs

@@ -39,7 +39,7 @@ use hbb_common::{
 
 use crate::{
     hbbs_http::{create_http_client_async, get_url_for_tls},
-    ui_interface::{get_option, is_installed, set_option},
+    ui_interface::{get_api_server as ui_get_api_server, get_option, is_installed, set_option},
 };
 
 #[derive(Debug, Eq, PartialEq)]
@@ -1086,6 +1086,7 @@ fn get_api_server_(api: String, custom: String) -> String {
 
 #[inline]
 pub fn is_public(url: &str) -> bool {
+    let url = url.to_ascii_lowercase();
     url.contains("rustdesk.com/") || url.ends_with("rustdesk.com")
 }
 
@@ -1123,22 +1124,286 @@ pub fn get_audit_server(api: String, custom: String, typ: String) -> String {
     format!("{}/api/audit/{}", url, typ)
 }
 
-pub async fn post_request(url: String, body: String, header: &str) -> ResultType<String> {
+/// Check if we should use raw TCP proxy for API calls.
+/// Returns true if USE_RAW_TCP_FOR_API builtin option is "Y", WebSocket is off,
+/// and the target URL belongs to the configured non-public API host.
+#[inline]
+fn should_use_raw_tcp_for_api(url: &str) -> bool {
+    get_builtin_option(keys::OPTION_USE_RAW_TCP_FOR_API) == "Y"
+        && !use_ws()
+        && is_tcp_proxy_api_target(url)
+}
+
+/// Check if we can attempt raw TCP proxy fallback for this target URL.
+#[inline]
+fn can_fallback_to_raw_tcp(url: &str) -> bool {
+    !use_ws() && is_tcp_proxy_api_target(url)
+}
+
+#[inline]
+fn should_use_tcp_proxy_for_api_url(url: &str, api_url: &str) -> bool {
+    if api_url.is_empty() || is_public(api_url) {
+        return false;
+    }
+
+    let target_host = url::Url::parse(url)
+        .ok()
+        .and_then(|parsed| parsed.host_str().map(|host| host.to_ascii_lowercase()));
+    let api_host = url::Url::parse(api_url)
+        .ok()
+        .and_then(|parsed| parsed.host_str().map(|host| host.to_ascii_lowercase()));
+
+    matches!((target_host, api_host), (Some(target), Some(api)) if target == api)
+}
+
+#[inline]
+fn is_tcp_proxy_api_target(url: &str) -> bool {
+    should_use_tcp_proxy_for_api_url(url, &ui_get_api_server())
+}
+
+fn tcp_proxy_log_target(url: &str) -> String {
+    url::Url::parse(url)
+        .ok()
+        .map(|parsed| {
+            let mut redacted = format!("{}://", parsed.scheme());
+            let Some(host) = parsed.host() else {
+                return "<invalid-url>".to_owned();
+            };
+            redacted.push_str(&host.to_string());
+            if let Some(port) = parsed.port() {
+                redacted.push(':');
+                redacted.push_str(&port.to_string());
+            }
+            redacted.push_str(parsed.path());
+            redacted
+        })
+        .unwrap_or_else(|| "<invalid-url>".to_owned())
+}
+
+#[inline]
+fn get_tcp_proxy_addr() -> String {
+    check_port(Config::get_rendezvous_server(), RENDEZVOUS_PORT)
+}
+
+/// Send an HTTP request via the rendezvous server's TCP proxy using protobuf.
+/// Connects with `connect_tcp` + `secure_tcp`, sends `HttpProxyRequest`,
+/// receives `HttpProxyResponse`.
+///
+/// The entire operation (connect + handshake + send + receive) is wrapped in
+/// an overall timeout of `CONNECT_TIMEOUT + READ_TIMEOUT` so that a stall at
+/// any stage cannot block the caller indefinitely.
+async fn tcp_proxy_request(
+    method: &str,
+    url: &str,
+    body: &[u8],
+    headers: Vec<HeaderEntry>,
+) -> ResultType<HttpProxyResponse> {
+    let tcp_addr = get_tcp_proxy_addr();
+    if tcp_addr.is_empty() {
+        bail!("No rendezvous server configured for TCP proxy");
+    }
+
+    let parsed = url::Url::parse(url)?;
+    let path = if let Some(query) = parsed.query() {
+        format!("{}?{}", parsed.path(), query)
+    } else {
+        parsed.path().to_string()
+    };
+
+    log::debug!(
+        "Sending {} {} via TCP proxy to {}",
+        method,
+        parsed.path(),
+        tcp_addr
+    );
+
+    let overall_timeout = CONNECT_TIMEOUT + READ_TIMEOUT;
+    timeout(overall_timeout, async {
+        let mut conn = socket_client::connect_tcp(&*tcp_addr, CONNECT_TIMEOUT).await?;
+        let key = crate::get_key(true).await;
+        secure_tcp_silent(&mut conn, &key).await?;
+
+        let mut req = HttpProxyRequest::new();
+        req.method = method.to_uppercase();
+        req.path = path;
+        req.headers = headers.into();
+        req.body = Bytes::from(body.to_vec());
+
+        let mut msg_out = RendezvousMessage::new();
+        msg_out.set_http_proxy_request(req);
+        conn.send(&msg_out).await?;
+
+        match conn.next().await {
+            Some(Ok(bytes)) => {
+                let msg_in = RendezvousMessage::parse_from_bytes(&bytes)?;
+                match msg_in.union {
+                    Some(rendezvous_message::Union::HttpProxyResponse(resp)) => Ok(resp),
+                    _ => bail!("Unexpected response from TCP proxy"),
+                }
+            }
+            Some(Err(e)) => bail!("TCP proxy read error: {}", e),
+            None => bail!("TCP proxy connection closed without response"),
+        }
+    })
+    .await?
+}
+
+/// Build HeaderEntry list from "Key: Value" style header string (used by post_request).
+/// If the caller supplies a Content-Type header it overrides the default `application/json`.
+fn parse_simple_header(header: &str) -> Vec<HeaderEntry> {
+    let mut entries = Vec::new();
+    let mut has_content_type = false;
+    if !header.is_empty() {
+        let tmp: Vec<&str> = header.splitn(2, ": ").collect();
+        if tmp.len() == 2 {
+            if tmp[0].eq_ignore_ascii_case("Content-Type") {
+                has_content_type = true;
+            }
+            entries.push(HeaderEntry {
+                name: tmp[0].into(),
+                value: tmp[1].into(),
+                ..Default::default()
+            });
+        }
+    }
+    if !has_content_type {
+        entries.insert(
+            0,
+            HeaderEntry {
+                name: "Content-Type".into(),
+                value: "application/json".into(),
+                ..Default::default()
+            },
+        );
+    }
+    entries
+}
+
+/// POST request via TCP proxy.
+async fn post_request_via_tcp_proxy(url: &str, body: &str, header: &str) -> ResultType<String> {
+    let headers = parse_simple_header(header);
+    let resp = tcp_proxy_request("POST", url, body.as_bytes(), headers).await?;
+    if !resp.error.is_empty() {
+        bail!("TCP proxy error: {}", resp.error);
+    }
+    Ok(String::from_utf8_lossy(&resp.body).to_string())
+}
+
+fn http_proxy_response_to_json(resp: HttpProxyResponse) -> ResultType<String> {
+    if !resp.error.is_empty() {
+        bail!("TCP proxy error: {}", resp.error);
+    }
+
+    let mut response_headers = Map::new();
+    for entry in resp.headers.iter() {
+        response_headers.insert(entry.name.to_lowercase(), json!(entry.value));
+    }
+
+    let mut result = Map::new();
+    result.insert("status_code".to_string(), json!(resp.status));
+    result.insert("headers".to_string(), Value::Object(response_headers));
+    result.insert(
+        "body".to_string(),
+        json!(String::from_utf8_lossy(&resp.body)),
+    );
+
+    serde_json::to_string(&result).map_err(|e| anyhow!("Failed to serialize response: {}", e))
+}
+
+fn parse_json_header_entries(header: &str) -> ResultType<Vec<HeaderEntry>> {
+    let v: Value = serde_json::from_str(header)?;
+    if let Value::Object(obj) = v {
+        Ok(obj
+            .iter()
+            .map(|(key, value)| HeaderEntry {
+                name: key.clone(),
+                value: value.as_str().unwrap_or_default().into(),
+                ..Default::default()
+            })
+            .collect())
+    } else {
+        Err(anyhow!("HTTP header information parsing failed!"))
+    }
+}
+
+/// Returns (status_code, body_text). Separating status so the wrapper can decide on fallback.
+async fn post_request_http(url: &str, body: &str, header: &str) -> ResultType<(u16, String)> {
     let proxy_conf = Config::get_socks();
-    let tls_url = get_url_for_tls(&url, &proxy_conf);
+    let tls_url = get_url_for_tls(url, &proxy_conf);
     let tls_type = get_cached_tls_type(tls_url);
     let danger_accept_invalid_cert = get_cached_tls_accept_invalid_cert(tls_url);
     let response = post_request_(
-        &url,
+        url,
         tls_url,
-        body.clone(),
+        body.to_owned(),
         header,
         tls_type,
         danger_accept_invalid_cert,
         danger_accept_invalid_cert,
     )
     .await?;
-    Ok(response.text().await?)
+    let status = response.status().as_u16();
+    let text = response.text().await?;
+    Ok((status, text))
+}
+
+/// Try `http_fn` first; on connection failure or 5xx, fall back to `tcp_fn`
+/// if the URL is eligible. 4xx responses are returned as-is.
+async fn with_tcp_proxy_fallback<HttpFut, TcpFut>(
+    url: &str,
+    method: &str,
+    http_fn: HttpFut,
+    tcp_fn: TcpFut,
+) -> ResultType<String>
+where
+    HttpFut: Future<Output = ResultType<(u16, String)>>,
+    TcpFut: Future<Output = ResultType<String>>,
+{
+    if should_use_raw_tcp_for_api(url) {
+        return tcp_fn.await;
+    }
+
+    let http_result = http_fn.await;
+    let should_fallback = match &http_result {
+        Err(_) => true,
+        Ok((status, _)) => *status >= 500,
+    };
+
+    if should_fallback && can_fallback_to_raw_tcp(url) {
+        log::warn!(
+            "HTTP {} to {} failed or 5xx (result: {:?}), trying TCP proxy fallback",
+            method,
+            tcp_proxy_log_target(url),
+            http_result
+                .as_ref()
+                .map(|(s, _)| *s)
+                .map_err(|e| e.to_string()),
+        );
+        match tcp_fn.await {
+            Ok(resp) => return Ok(resp),
+            Err(tcp_err) => {
+                log::warn!("TCP proxy fallback also failed: {:?}", tcp_err);
+            }
+        }
+    }
+
+    http_result.map(|(_status, text)| text)
+}
+
+/// POST request with raw TCP proxy support.
+/// - If `USE_RAW_TCP_FOR_API` is "Y" and WS is off, goes directly through TCP proxy.
+/// - Otherwise tries HTTP first; on connection failure or 5xx status,
+///   falls back to TCP proxy if WS is off.
+/// - 4xx responses are returned as-is (server is reachable, business logic error).
+/// - If fallback also fails, returns the original HTTP result (text or error).
+pub async fn post_request(url: String, body: String, header: &str) -> ResultType<String> {
+    with_tcp_proxy_fallback(
+        &url,
+        "POST",
+        post_request_http(&url, &body, header),
+        post_request_via_tcp_proxy(&url, &body, header),
+    )
+    .await
 }
 
 #[async_recursion]
@@ -1246,21 +1511,16 @@ async fn get_http_response_async(
         tls_type.unwrap_or(TlsType::Rustls),
         danger_accept_invalid_cert.unwrap_or(false),
     );
-    let mut http_client = match method {
+    let normalized_method = method.to_ascii_lowercase();
+    let mut http_client = match normalized_method.as_str() {
         "get" => http_client.get(url),
         "post" => http_client.post(url),
         "put" => http_client.put(url),
         "delete" => http_client.delete(url),
         _ => return Err(anyhow!("The HTTP request method is not supported!")),
     };
-    let v = serde_json::from_str(header)?;
-
-    if let Value::Object(obj) = v {
-        for (key, value) in obj.iter() {
-            http_client = http_client.header(key, value.as_str().unwrap_or_default());
-        }
-    } else {
-        return Err(anyhow!("HTTP header information parsing failed!"));
+    for entry in parse_json_header_entries(header)? {
+        http_client = http_client.header(entry.name, entry.value);
     }
 
     if tls_type.is_some() && danger_accept_invalid_cert.is_some() {
@@ -1340,6 +1600,51 @@ async fn get_http_response_async(
     }
 }
 
+/// Returns (status_code, json_string) so the caller can inspect the status
+/// without re-parsing the serialized JSON.
+async fn http_request_http(
+    url: &str,
+    method: &str,
+    body: Option<String>,
+    header: &str,
+) -> ResultType<(u16, String)> {
+    let proxy_conf = Config::get_socks();
+    let tls_url = get_url_for_tls(url, &proxy_conf);
+    let tls_type = get_cached_tls_type(tls_url);
+    let danger_accept_invalid_cert = get_cached_tls_accept_invalid_cert(tls_url);
+    let response = get_http_response_async(
+        url,
+        tls_url,
+        method,
+        body,
+        header,
+        tls_type,
+        danger_accept_invalid_cert,
+        danger_accept_invalid_cert,
+    )
+    .await?;
+    // Serialize response headers
+    let mut response_headers = Map::new();
+    for (key, value) in response.headers() {
+        response_headers.insert(key.to_string(), json!(value.to_str().unwrap_or("")));
+    }
+
+    let status_code = response.status().as_u16();
+    let response_body = response.text().await?;
+
+    // Construct the JSON object
+    let mut result = Map::new();
+    result.insert("status_code".to_string(), json!(status_code));
+    result.insert("headers".to_string(), Value::Object(response_headers));
+    result.insert("body".to_string(), json!(response_body));
+
+    // Convert map to JSON string
+    let json_str = serde_json::to_string(&result)
+        .map_err(|e| anyhow!("Failed to serialize response: {}", e))?;
+    Ok((status_code, json_str))
+}
+
+/// HTTP request with raw TCP proxy support.
 #[tokio::main(flavor = "current_thread")]
 pub async fn http_request_sync(
     url: String,
@@ -1347,44 +1652,28 @@ pub async fn http_request_sync(
     body: Option<String>,
     header: String,
 ) -> ResultType<String> {
-    let proxy_conf = Config::get_socks();
-    let tls_url = get_url_for_tls(&url, &proxy_conf);
-    let tls_type = get_cached_tls_type(tls_url);
-    let danger_accept_invalid_cert = get_cached_tls_accept_invalid_cert(tls_url);
-    let response = get_http_response_async(
+    with_tcp_proxy_fallback(
         &url,
-        tls_url,
         &method,
-        body.clone(),
-        &header,
-        tls_type,
-        danger_accept_invalid_cert,
-        danger_accept_invalid_cert,
+        http_request_http(&url, &method, body.clone(), &header),
+        http_request_via_tcp_proxy(&url, &method, body.as_deref(), &header),
     )
-    .await?;
-    // Serialize response headers
-    let mut response_headers = serde_json::map::Map::new();
-    for (key, value) in response.headers() {
-        response_headers.insert(
-            key.to_string(),
-            serde_json::json!(value.to_str().unwrap_or("")),
-        );
-    }
+    .await
+}
 
-    let status_code = response.status().as_u16();
-    let response_body = response.text().await?;
+/// General HTTP request via TCP proxy. Header is a JSON string (used by http_request_sync).
+/// Returns a JSON string with status_code, headers, body (same format as http_request_sync).
+async fn http_request_via_tcp_proxy(
+    url: &str,
+    method: &str,
+    body: Option<&str>,
+    header: &str,
+) -> ResultType<String> {
+    let headers = parse_json_header_entries(header)?;
+    let body_bytes = body.unwrap_or("").as_bytes();
 
-    // Construct the JSON object
-    let mut result = serde_json::map::Map::new();
-    result.insert("status_code".to_string(), serde_json::json!(status_code));
-    result.insert(
-        "headers".to_string(),
-        serde_json::Value::Object(response_headers),
-    );
-    result.insert("body".to_string(), serde_json::json!(response_body));
-
-    // Convert map to JSON string
-    serde_json::to_string(&result).map_err(|e| anyhow!("Failed to serialize response: {}", e))
+    let resp = tcp_proxy_request(method, url, body_bytes, headers).await?;
+    http_proxy_response_to_json(resp)
 }
 
 #[inline]
@@ -1647,7 +1936,7 @@ pub fn check_process(arg: &str, mut same_uid: bool) -> bool {
     false
 }
 
-pub async fn secure_tcp(conn: &mut Stream, key: &str) -> ResultType<()> {
+async fn secure_tcp_impl(conn: &mut Stream, key: &str, log_on_success: bool) -> ResultType<()> {
     // Skip additional encryption when using WebSocket connections (wss://)
     // as WebSocket Secure (wss://) already provides transport layer encryption.
     // This doesn't affect the end-to-end encryption between clients,
@@ -1680,7 +1969,9 @@ pub async fn secure_tcp(conn: &mut Stream, key: &str) -> ResultType<()> {
                         });
                         timeout(CONNECT_TIMEOUT, conn.send(&msg_out)).await??;
                         conn.set_key(key);
-                        log::info!("Connection secured");
+                        if log_on_success {
+                            log::info!("Connection secured");
+                        }
                     }
                     _ => {}
                 }
@@ -1691,6 +1982,14 @@ pub async fn secure_tcp(conn: &mut Stream, key: &str) -> ResultType<()> {
     Ok(())
 }
 
+pub async fn secure_tcp(conn: &mut Stream, key: &str) -> ResultType<()> {
+    secure_tcp_impl(conn, key, true).await
+}
+
+async fn secure_tcp_silent(conn: &mut Stream, key: &str) -> ResultType<()> {
+    secure_tcp_impl(conn, key, false).await
+}
+
 #[inline]
 fn get_pk(pk: &[u8]) -> Option<[u8; 32]> {
     if pk.len() == 32 {
@@ -2468,11 +2767,13 @@ mod tests {
         assert!(is_public("https://rustdesk.com/"));
         assert!(is_public("https://www.rustdesk.com/"));
         assert!(is_public("https://api.rustdesk.com/v1"));
+        assert!(is_public("https://API.RUSTDESK.COM/v1"));
         assert!(is_public("https://rustdesk.com/path"));
 
         // Test URLs ending with "rustdesk.com"
         assert!(is_public("rustdesk.com"));
         assert!(is_public("https://rustdesk.com"));
+        assert!(is_public("https://RustDesk.com"));
         assert!(is_public("http://www.rustdesk.com"));
         assert!(is_public("https://api.rustdesk.com"));
 
@@ -2485,6 +2786,193 @@ mod tests {
         assert!(!is_public("rustdesk.comhello.com"));
     }
 
+    #[test]
+    fn test_should_use_tcp_proxy_for_api_url() {
+        assert!(should_use_tcp_proxy_for_api_url(
+            "https://admin.example.com/api/login",
+            "https://admin.example.com"
+        ));
+        assert!(should_use_tcp_proxy_for_api_url(
+            "https://admin.example.com:21114/api/login",
+            "https://admin.example.com"
+        ));
+        assert!(!should_use_tcp_proxy_for_api_url(
+            "https://api.telegram.org/bot123/sendMessage",
+            "https://admin.example.com"
+        ));
+        assert!(!should_use_tcp_proxy_for_api_url(
+            "https://admin.rustdesk.com/api/login",
+            "https://admin.rustdesk.com"
+        ));
+        assert!(!should_use_tcp_proxy_for_api_url(
+            "https://admin.example.com/api/login",
+            "not a url"
+        ));
+        assert!(!should_use_tcp_proxy_for_api_url(
+            "not a url",
+            "https://admin.example.com"
+        ));
+    }
+
+    #[test]
+    fn test_get_tcp_proxy_addr_normalizes_bare_ipv6_host() {
+        struct RestoreCustomRendezvousServer(String);
+
+        impl Drop for RestoreCustomRendezvousServer {
+            fn drop(&mut self) {
+                Config::set_option(
+                    keys::OPTION_CUSTOM_RENDEZVOUS_SERVER.to_string(),
+                    self.0.clone(),
+                );
+            }
+        }
+
+        let _restore = RestoreCustomRendezvousServer(Config::get_option(
+            keys::OPTION_CUSTOM_RENDEZVOUS_SERVER,
+        ));
+        Config::set_option(
+            keys::OPTION_CUSTOM_RENDEZVOUS_SERVER.to_string(),
+            "1:2".to_string(),
+        );
+
+        assert_eq!(get_tcp_proxy_addr(), format!("[1:2]:{RENDEZVOUS_PORT}"));
+    }
+
+    #[tokio::test]
+    async fn test_http_request_via_tcp_proxy_rejects_invalid_header_json() {
+        let result = http_request_via_tcp_proxy("not a url", "get", None, "{").await;
+        assert!(result.is_err());
+    }
+
+    #[tokio::test]
+    async fn test_http_request_via_tcp_proxy_rejects_non_object_header_json() {
+        let err = http_request_via_tcp_proxy("not a url", "get", None, "[]")
+            .await
+            .unwrap_err()
+            .to_string();
+        assert!(err.contains("HTTP header information parsing failed!"));
+    }
+
+    #[test]
+    fn test_parse_json_header_entries_preserves_single_content_type() {
+        let headers = parse_json_header_entries(
+            r#"{"Content-Type":"text/plain","Authorization":"Bearer token"}"#,
+        )
+        .unwrap();
+
+        assert_eq!(
+            headers
+                .iter()
+                .filter(|entry| entry.name.eq_ignore_ascii_case("Content-Type"))
+                .count(),
+            1
+        );
+        assert_eq!(
+            headers
+                .iter()
+                .find(|entry| entry.name.eq_ignore_ascii_case("Content-Type"))
+                .map(|entry| entry.value.as_str()),
+            Some("text/plain")
+        );
+    }
+
+    #[test]
+    fn test_parse_json_header_entries_does_not_add_default_content_type() {
+        let headers = parse_json_header_entries(r#"{"Authorization":"Bearer token"}"#).unwrap();
+
+        assert!(!headers
+            .iter()
+            .any(|entry| entry.name.eq_ignore_ascii_case("Content-Type")));
+    }
+
+    #[test]
+    fn test_parse_simple_header_respects_custom_content_type() {
+        let headers = parse_simple_header("Content-Type: text/plain");
+
+        assert_eq!(
+            headers
+                .iter()
+                .filter(|entry| entry.name.eq_ignore_ascii_case("Content-Type"))
+                .count(),
+            1
+        );
+        assert_eq!(
+            headers
+                .iter()
+                .find(|entry| entry.name.eq_ignore_ascii_case("Content-Type"))
+                .map(|entry| entry.value.as_str()),
+            Some("text/plain")
+        );
+    }
+
+    #[test]
+    fn test_parse_simple_header_preserves_non_content_type_header() {
+        let headers = parse_simple_header("Authorization: Bearer token");
+
+        assert!(headers.iter().any(|entry| {
+            entry.name.eq_ignore_ascii_case("Authorization")
+                && entry.value.as_str() == "Bearer token"
+        }));
+        assert_eq!(
+            headers
+                .iter()
+                .filter(|entry| entry.name.eq_ignore_ascii_case("Content-Type"))
+                .count(),
+            1
+        );
+        assert_eq!(
+            headers
+                .iter()
+                .find(|entry| entry.name.eq_ignore_ascii_case("Content-Type"))
+                .map(|entry| entry.value.as_str()),
+            Some("application/json")
+        );
+    }
+
+    #[test]
+    fn test_tcp_proxy_log_target_redacts_query_only() {
+        assert_eq!(
+            tcp_proxy_log_target("https://example.com/api/heartbeat?token=secret"),
+            "https://example.com/api/heartbeat"
+        );
+    }
+
+    #[test]
+    fn test_tcp_proxy_log_target_brackets_ipv6_host_with_port() {
+        assert_eq!(
+            tcp_proxy_log_target("https://[2001:db8::1]:21114/api/heartbeat?token=secret"),
+            "https://[2001:db8::1]:21114/api/heartbeat"
+        );
+    }
+
+    #[test]
+    fn test_http_proxy_response_to_json() {
+        let mut resp = HttpProxyResponse {
+            status: 200,
+            body: br#"{"ok":true}"#.to_vec().into(),
+            ..Default::default()
+        };
+        resp.headers.push(HeaderEntry {
+            name: "Content-Type".into(),
+            value: "application/json".into(),
+            ..Default::default()
+        });
+
+        let json = http_proxy_response_to_json(resp).unwrap();
+        let value: Value = serde_json::from_str(&json).unwrap();
+        assert_eq!(value["status_code"], 200);
+        assert_eq!(value["headers"]["content-type"], "application/json");
+        assert_eq!(value["body"], r#"{"ok":true}"#);
+
+        let err = http_proxy_response_to_json(HttpProxyResponse {
+            error: "dial failed".into(),
+            ..Default::default()
+        })
+        .unwrap_err()
+        .to_string();
+        assert!(err.contains("TCP proxy error: dial failed"));
+    }
+
     #[test]
     fn test_mouse_event_constants_and_mask_layout() {
         use super::input::*;

src/core_main.rs

@@ -146,7 +146,13 @@ pub fn core_main() -> Option<Vec<String>> {
         crate::portable_service::client::set_quick_support(_is_quick_support);
     }
     let mut log_name = "".to_owned();
-    if args.len() > 0 && args[0].starts_with("--") {
+    // Keep portable-service logs under a stable directory name.
+    let has_portable_service_shmem_arg = args
+        .iter()
+        .any(|arg| arg.starts_with("--portable-service-shmem-name="));
+    if has_portable_service_shmem_arg {
+        log_name = "portable-service".to_owned();
+    } else if args.len() > 0 && args[0].starts_with("--") {
         let name = args[0].replace("--", "");
         if !name.is_empty() {
             log_name = name;

src/flutter.rs

@@ -1135,6 +1135,10 @@ impl InvokeUiSession for FlutterHandler {
                     ("message", json!(&opened.message)),
                     ("pid", json!(opened.pid)),
                     ("service_id", json!(&opened.service_id)),
+                    (
+                        "replay_terminal_output",
+                        json!(opened.replay_terminal_output),
+                    ),
                 ];
                 if !opened.persistent_sessions.is_empty() {
                     event_data.push(("persistent_sessions", json!(opened.persistent_sessions)));

src/flutter_ffi.rs

@@ -605,21 +605,30 @@ pub fn session_handle_flutter_raw_key_event(
     }
 }
 
-// SyncReturn<()> is used to make sure enter() and leave() are executed in the sequence this function is called.
-//
 // If the cursor jumps between remote page of two connections, leave view and enter view will be called.
 // session_enter_or_leave() will be called then.
-// As rust is multi-thread, it is possible that enter() is called before leave().
-// This will cause the keyboard input to take no effect.
+// As Rust is multi-threaded, enter() can be called before leave().
+// The Rust-side grab ownership state filters stale transitions.
 pub fn session_enter_or_leave(_session_id: SessionID, _enter: bool) -> SyncReturn<()> {
     #[cfg(not(any(target_os = "android", target_os = "ios")))]
     if let Some(session) = sessions::get_session_by_session_id(&_session_id) {
         let keyboard_mode = session.get_keyboard_mode();
+        // Use the full per-window UUID (not lc.session_id which is per-connection)
+        // so that two windows viewing the same peer get distinct grab owners.
+        let window_id = _session_id.as_u128();
         if _enter {
             set_cur_session_id_(_session_id, &keyboard_mode);
-            session.enter(keyboard_mode);
+            crate::keyboard::client::change_grab_status(
+                crate::common::GrabState::Run,
+                &keyboard_mode,
+                window_id,
+            );
         } else {
-            session.leave(keyboard_mode);
+            crate::keyboard::client::change_grab_status(
+                crate::common::GrabState::Wait,
+                &keyboard_mode,
+                window_id,
+            );
         }
     }
     SyncReturn(())
@@ -963,6 +972,27 @@ pub fn main_show_option(_key: String) -> SyncReturn<bool> {
 }
 
 pub fn main_set_option(key: String, value: String) {
+    #[cfg(target_os = "android")]
+    {
+        let is_permission_option = key.eq(config::keys::OPTION_ENABLE_CLIPBOARD)
+            || key.eq(config::keys::OPTION_ENABLE_FILE_TRANSFER)
+            || key.eq(config::keys::OPTION_ENABLE_AUDIO);
+        let allow_perm_change_in_accept_window = config::option2bool(
+            config::keys::OPTION_ENABLE_PERM_CHANGE_IN_ACCEPT_WINDOW,
+            &crate::get_builtin_option(config::keys::OPTION_ENABLE_PERM_CHANGE_IN_ACCEPT_WINDOW),
+        );
+        if is_permission_option
+            && !allow_perm_change_in_accept_window
+            && crate::ui_cm_interface::has_active_clients()
+        {
+            log::info!(
+                "blocked main_set_option by policy, key={}, value={}",
+                key,
+                value
+            );
+            return;
+        }
+    }
     #[cfg(target_os = "android")]
     if key.eq(config::keys::OPTION_ENABLE_KEYBOARD) {
         crate::ui_cm_interface::switch_permission_all(
@@ -1010,7 +1040,29 @@ pub fn main_get_options_sync() -> SyncReturn<String> {
 }
 
 pub fn main_set_options(json: String) {
-    let map: HashMap<String, String> = serde_json::from_str(&json).unwrap_or(HashMap::new());
+    let mut map: HashMap<String, String> = serde_json::from_str(&json).unwrap_or(HashMap::new());
+    #[cfg(target_os = "android")]
+    {
+        let allow_perm_change_in_accept_window = config::option2bool(
+            config::keys::OPTION_ENABLE_PERM_CHANGE_IN_ACCEPT_WINDOW,
+            &crate::get_builtin_option(config::keys::OPTION_ENABLE_PERM_CHANGE_IN_ACCEPT_WINDOW),
+        );
+        if !allow_perm_change_in_accept_window && crate::ui_cm_interface::has_active_clients() {
+            for key in [
+                config::keys::OPTION_ENABLE_CLIPBOARD,
+                config::keys::OPTION_ENABLE_FILE_TRANSFER,
+                config::keys::OPTION_ENABLE_AUDIO,
+            ] {
+                if let Some(value) = map.remove(key) {
+                    log::info!(
+                        "blocked main_set_options item by policy, key={}, value={}",
+                        key,
+                        value
+                    );
+                }
+            }
+        }
+    }
     if !map.is_empty() {
         set_options(map)
     }
@@ -1693,8 +1745,8 @@ pub fn main_get_temporary_password() -> String {
     ui_interface::temporary_password()
 }
 
-pub fn main_get_permanent_password() -> String {
-    ui_interface::permanent_password()
+pub fn main_set_permanent_password_with_result(password: String) -> bool {
+    ui_interface::set_permanent_password_with_result(password)
 }
 
 pub fn main_get_fingerprint() -> String {
@@ -2072,10 +2124,6 @@ pub fn main_update_temporary_password() {
     update_temporary_password();
 }
 
-pub fn main_set_permanent_password(password: String) {
-    set_permanent_password(password);
-}
-
 pub fn main_check_super_user_permission() -> bool {
     check_super_user_permission()
 }
@@ -2165,7 +2213,7 @@ pub fn cm_elevate_portable(conn_id: i32) {
 }
 
 pub fn cm_switch_back(conn_id: i32) {
-    #[cfg(not(any(target_os = "ios")))]
+    #[cfg(not(any(target_os = "android", target_os = "ios")))]
     crate::ui_cm_interface::switch_back(conn_id);
 }
 
@@ -2423,16 +2471,23 @@ pub fn is_disable_installation() -> SyncReturn<bool> {
 }
 
 pub fn is_preset_password() -> bool {
-    config::HARD_SETTINGS
+    let hard = config::HARD_SETTINGS
         .read()
         .unwrap()
         .get("password")
-        .map_or(false, |p| {
-            #[cfg(not(any(target_os = "android", target_os = "ios")))]
-            return p == &crate::ipc::get_permanent_password();
-            #[cfg(any(target_os = "android", target_os = "ios"))]
-            return p == &config::Config::get_permanent_password();
-        })
+        .cloned()
+        .unwrap_or_default();
+    if hard.is_empty() {
+        return false;
+    }
+
+    // On desktop, service owns the authoritative config; query it via IPC and return only a boolean.
+    #[cfg(not(any(target_os = "android", target_os = "ios")))]
+    return crate::ipc::is_permanent_password_preset();
+
+    // On mobile, we have no service IPC; verify against local storage.
+    #[cfg(any(target_os = "android", target_os = "ios"))]
+    return config::Config::matches_permanent_password_plain(&hard);
 }
 
 // Don't call this function for desktop version.
@@ -2768,6 +2823,10 @@ pub fn main_get_common(key: String) -> String {
         return crate::platform::linux::has_gnome_shortcuts_inhibitor_permission().to_string();
         #[cfg(not(target_os = "linux"))]
         return false.to_string();
+    } else if key == "permanent-password-set" {
+        return ui_interface::is_permanent_password_set().to_string();
+    } else if key == "local-permanent-password-set" {
+        return ui_interface::is_local_permanent_password_set().to_string();
     } else {
         if key.starts_with("download-data-") {
             let id = key.replace("download-data-", "");
@@ -2877,7 +2936,7 @@ pub fn main_set_common(_key: String, _value: String) {
         } else if _key == "update-me" {
             if let Some(new_version_file) = get_download_file_from_url(&_value) {
                 log::debug!(
-                    "New version file is downloaed, update begin, {:?}",
+                    "New version file is downloaded, update begin, {:?}",
                     new_version_file.to_str()
                 );
                 if let Some(f) = new_version_file.to_str() {

src/hbbs_http.rs

@@ -1,4 +1,4 @@
-use reqwest::blocking::Response;
+use hbb_common::ResultType;
 use serde::de::DeserializeOwned;
 use serde_json::{Map, Value};
 
@@ -21,11 +21,9 @@ pub enum HbbHttpResponse<T> {
     Data(T),
 }
 
-impl<T: DeserializeOwned> TryFrom<Response> for HbbHttpResponse<T> {
-    type Error = reqwest::Error;
-
-    fn try_from(resp: Response) -> Result<Self, <Self as TryFrom<Response>>::Error> {
-        let map = resp.json::<Map<String, Value>>()?;
+impl<T: DeserializeOwned> HbbHttpResponse<T> {
+    pub fn parse(body: &str) -> ResultType<Self> {
+        let map = serde_json::from_str::<Map<String, Value>>(body)?;
         if let Some(error) = map.get("error") {
             if let Some(err) = error.as_str() {
                 Ok(Self::Error(err.to_owned()))

src/hbbs_http/account.rs

@@ -1,7 +1,6 @@
 use super::HbbHttpResponse;
 use crate::hbbs_http::create_http_client_with_url;
 use hbb_common::{config::LocalConfig, log, ResultType};
-use reqwest::blocking::Client;
 use serde_derive::{Deserialize, Serialize};
 use serde_repr::{Deserialize_repr, Serialize_repr};
 use std::{
@@ -109,7 +108,7 @@ pub struct AuthBody {
 }
 
 pub struct OidcSession {
-    client: Option<Client>,
+    warmed_api_server: Option<String>,
     state_msg: &'static str,
     failed_msg: String,
     code_url: Option<OidcAuthUrl>,
@@ -136,7 +135,7 @@ impl Default for UserStatus {
 impl OidcSession {
     fn new() -> Self {
         Self {
-            client: None,
+            warmed_api_server: None,
             state_msg: REQUESTING_ACCOUNT_AUTH,
             failed_msg: "".to_owned(),
             code_url: None,
@@ -149,12 +148,13 @@ impl OidcSession {
 
     fn ensure_client(api_server: &str) {
         let mut write_guard = OIDC_SESSION.write().unwrap();
-        if write_guard.client.is_none() {
-            // This URL is used to detect the appropriate TLS implementation for the server.
-            let login_option_url = format!("{}/api/login-options", &api_server);
-            let client = create_http_client_with_url(&login_option_url);
-            write_guard.client = Some(client);
+        if write_guard.warmed_api_server.as_deref() == Some(api_server) {
+            return;
         }
+        // This URL is used to detect the appropriate TLS implementation for the server.
+        let login_option_url = format!("{}/api/login-options", api_server);
+        let _ = create_http_client_with_url(&login_option_url);
+        write_guard.warmed_api_server = Some(api_server.to_owned());
     }
 
     fn auth(
@@ -164,26 +164,15 @@ impl OidcSession {
         uuid: &str,
     ) -> ResultType<HbbHttpResponse<OidcAuthUrl>> {
         Self::ensure_client(api_server);
-        let resp = if let Some(client) = &OIDC_SESSION.read().unwrap().client {
-            client
-                .post(format!("{}/api/oidc/auth", api_server))
-                .json(&serde_json::json!({
-                    "op": op,
-                    "id": id,
-                    "uuid": uuid,
-                    "deviceInfo": crate::ui_interface::get_login_device_info(),
-                }))
-                .send()?
-        } else {
-            hbb_common::bail!("http client not initialized");
-        };
-        let status = resp.status();
-        match resp.try_into() {
-            Ok(v) => Ok(v),
-            Err(err) => {
-                hbb_common::bail!("Http status: {}, err: {}", status, err);
-            }
-        }
+        let body = serde_json::json!({
+            "op": op,
+            "id": id,
+            "uuid": uuid,
+            "deviceInfo": crate::ui_interface::get_login_device_info(),
+        })
+        .to_string();
+        let resp = crate::post_request_sync(format!("{}/api/oidc/auth", api_server), body, "")?;
+        HbbHttpResponse::parse(&resp)
     }
 
     fn query(
@@ -197,11 +186,19 @@ impl OidcSession {
             &[("code", code), ("id", id), ("uuid", uuid)],
         )?;
         Self::ensure_client(api_server);
-        if let Some(client) = &OIDC_SESSION.read().unwrap().client {
-            Ok(client.get(url).send()?.try_into()?)
-        } else {
-            hbb_common::bail!("http client not initialized")
+        #[derive(Deserialize)]
+        struct HttpResponseBody {
+            body: String,
         }
+
+        let resp = crate::http_request_sync(
+            url.to_string(),
+            "GET".to_owned(),
+            None,
+            "{}".to_owned(),
+        )?;
+        let resp = serde_json::from_str::<HttpResponseBody>(&resp)?;
+        HbbHttpResponse::parse(&resp.body)
     }
 
     fn reset(&mut self) {

src/ipc.rs

@@ -1,33 +1,28 @@
-use crate::{
-    common::CheckTestNatType,
-    privacy_mode::PrivacyModeState,
-    ui_interface::{get_local_option, set_local_option},
-};
-use bytes::Bytes;
-use parity_tokio_ipc::{
-    Connection as Conn, ConnectionClient as ConnClient, Endpoint, Incoming, SecurityAttributes,
-};
-use serde_derive::{Deserialize, Serialize};
-use std::{
-    collections::HashMap,
-    sync::atomic::{AtomicBool, Ordering},
-};
-#[cfg(not(windows))]
-use std::{fs::File, io::prelude::*};
+#[path = "ipc/auth.rs"]
+mod ipc_auth;
+#[cfg(any(target_os = "linux", target_os = "macos"))]
+#[path = "ipc/fs.rs"]
+mod ipc_fs;
 
 #[cfg(all(feature = "flutter", feature = "plugin_framework"))]
 #[cfg(not(any(target_os = "android", target_os = "ios")))]
 use crate::plugin::ipc::Plugin;
+use crate::{
+    common::{is_server, CheckTestNatType},
+    privacy_mode,
+    privacy_mode::PrivacyModeState,
+    rendezvous_mediator::RendezvousMediator,
+    ui_interface::{get_local_option, set_local_option},
+};
+use bytes::Bytes;
 #[cfg(not(any(target_os = "android", target_os = "ios")))]
 pub use clipboard::ClipboardFile;
+#[cfg(target_os = "linux")]
+use hbb_common::anyhow;
 use hbb_common::{
     allow_err, bail, bytes,
     bytes_codec::BytesCodec,
-    config::{
-        self,
-        keys::{self, OPTION_ALLOW_WEBSOCKET},
-        Config, Config2,
-    },
+    config::{self, keys::OPTION_ALLOW_WEBSOCKET, Config, Config2},
     futures::StreamExt as _,
     futures_util::sink::SinkExt,
     log, password_security as password, timeout,
@@ -38,13 +33,55 @@ use hbb_common::{
     tokio_util::codec::Framed,
     ResultType,
 };
-
-use crate::{common::is_server, privacy_mode, rendezvous_mediator::RendezvousMediator};
+#[cfg(any(target_os = "linux", target_os = "macos"))]
+use ipc_auth::authorize_service_scoped_ipc_connection;
+#[cfg(windows)]
+pub(crate) use ipc_auth::authorize_windows_portable_service_ipc_connection;
+#[cfg(windows)]
+pub(crate) use ipc_auth::ensure_peer_executable_matches_current_by_pid_opt;
+#[cfg(windows)]
+pub(crate) use ipc_auth::log_rejected_windows_ipc_connection;
+#[cfg(target_os = "linux")]
+pub(crate) use ipc_auth::{
+    active_uid, ensure_peer_executable_matches_current_by_fd, is_allowed_service_peer_uid,
+    log_rejected_uinput_connection, peer_uid_from_fd,
+};
+#[cfg(windows)]
+use ipc_auth::{
+    authorize_windows_main_ipc_connection, portable_service_listener_security_attributes,
+    should_allow_everyone_create_on_windows,
+};
+#[cfg(target_os = "linux")]
+use ipc_fs::terminal_count_candidate_uids;
+#[cfg(any(target_os = "linux", target_os = "macos"))]
+use ipc_fs::{
+    check_pid, ensure_secure_ipc_parent_dir, scrub_secure_ipc_parent_dir,
+    should_scrub_parent_entries_after_check_pid, write_pid,
+};
+use parity_tokio_ipc::{
+    Connection as Conn, ConnectionClient as ConnClient, Endpoint, Incoming, SecurityAttributes,
+};
+use serde_derive::{Deserialize, Serialize};
+#[cfg(any(target_os = "linux", target_os = "macos"))]
+use std::os::unix::fs::PermissionsExt;
+use std::{
+    collections::HashMap,
+    sync::atomic::{AtomicBool, Ordering},
+};
 
 // IPC actions here.
 pub const IPC_ACTION_CLOSE: &str = "close";
+const PORTABLE_SERVICE_IPC_HANDSHAKE_TIMEOUT_MS: u64 = 3_000;
+pub(crate) const IPC_TOKEN_LEN: usize = 64;
+const IPC_TOKEN_RANDOM_BYTES: usize = IPC_TOKEN_LEN / 2;
+const _: () = assert!(IPC_TOKEN_LEN % 2 == 0);
 pub static EXIT_RECV_CLOSE: AtomicBool = AtomicBool::new(true);
 
+#[inline]
+pub async fn connect_service(ms_timeout: u64) -> ResultType<ConnectionTmpl<ConnClient>> {
+    connect(ms_timeout, crate::POSTFIX_SERVICE).await
+}
+
 #[derive(Debug, Serialize, Deserialize, Clone)]
 #[serde(tag = "t", content = "c")]
 pub enum FS {
@@ -207,6 +244,8 @@ pub enum DataControl {
 pub enum DataPortableService {
     Ping,
     Pong,
+    AuthToken(String),
+    AuthResult(bool),
     ConnCount(Option<usize>),
     Mouse((Vec<u8>, i32, String, u32, bool, bool)),
     Pointer((Vec<u8>, i32)),
@@ -237,6 +276,7 @@ pub enum Data {
         restart: bool,
         recording: bool,
         block_input: bool,
+        privacy_mode: bool,
         from_switch: bool,
     },
     ChatMessage {
@@ -284,7 +324,14 @@ pub enum Data {
     Empty,
     Disconnected,
     DataPortableService(DataPortableService),
+    #[cfg(feature = "flutter")]
+    #[cfg(not(any(target_os = "android", target_os = "ios")))]
     SwitchSidesRequest(String),
+    #[cfg(feature = "flutter")]
+    #[cfg(not(any(target_os = "android", target_os = "ios")))]
+    SwitchSidesUuid(String, String, Option<bool>),
+    #[cfg(feature = "flutter")]
+    #[cfg(not(any(target_os = "android", target_os = "ios")))]
     SwitchSidesBack,
     UrlLink(String),
     VoiceCallIncoming,
@@ -403,6 +450,22 @@ pub async fn start(postfix: &str) -> ResultType<()> {
                 Ok(stream) => {
                     let mut stream = Connection::new(stream);
                     let postfix = postfix.to_owned();
+                    #[cfg(any(target_os = "linux", target_os = "macos"))]
+                    if config::is_service_ipc_postfix(&postfix) {
+                        if !authorize_service_scoped_ipc_connection(&stream, &postfix) {
+                            continue;
+                        }
+                    }
+                    #[cfg(windows)]
+                    if postfix.is_empty() {
+                        // Windows main IPC (`postfix == ""`) is authorized here.
+                        // Other security-sensitive channels use dedicated authorization paths:
+                        // - `_portable_service`: portable-service listener + handshake policy
+                        // - service-scoped postfixes: service-specific listener/authorization
+                        if !authorize_windows_main_ipc_connection(&stream, &postfix) {
+                            continue;
+                        }
+                    }
                     tokio::spawn(async move {
                         loop {
                             match stream.next().await {
@@ -411,9 +474,48 @@ pub async fn start(postfix: &str) -> ResultType<()> {
                                     break;
                                 }
                                 Ok(Some(data)) => {
+                                    // On Linux/macOS, the protected `_service` channel is used only for
+                                    // syncing config between root service and the active user process.
+                                    //
+                                    // NOTE: `is_service_ipc_postfix()` also includes `_uinput_*`, but those
+                                    // channels are handled by the dedicated uinput listener/protocol in
+                                    // `src/server/uinput.rs` and therefore do not share this Data enum
+                                    // allowlist. The SyncConfig allowlist here is intentionally scoped to the
+                                    // `_service` channel only.
+                                    //
+                                    // Keep this explicit branch to avoid policy drift between `_service` and
+                                    // uinput IPC paths while still minimizing exposed message surface here.
+                                    #[cfg(any(target_os = "linux", target_os = "macos"))]
+                                    if postfix == crate::POSTFIX_SERVICE {
+                                        if matches!(&data, Data::SyncConfig(_)) {
+                                            handle(data, &mut stream).await;
+                                        } else {
+                                            log::warn!(
+                                                "Rejected non-sync data on protected _service IPC channel: postfix={}, data_kind={:?}, peer_uid={:?}",
+                                                postfix,
+                                                std::mem::discriminant(&data),
+                                                stream.peer_uid()
+                                            );
+                                            // Close the connection to avoid keeping a protected channel
+                                            // alive while repeatedly receiving invalid traffic.
+                                            break;
+                                        }
+                                        continue;
+                                    }
                                     handle(data, &mut stream).await;
                                 }
-                                _ => {}
+                                Ok(None) => {
+                                    // `Ok(None)` means a complete frame arrived but did not
+                                    // deserialize into `Data`. Peer close/reset is returned as
+                                    // `Err` by `ConnectionTmpl::next()`. Keep the historical
+                                    // ignore behavior except on the protected `_service` channel.
+                                    #[cfg(any(target_os = "linux", target_os = "macos"))]
+                                    {
+                                        if postfix == crate::POSTFIX_SERVICE {
+                                            break;
+                                        }
+                                    }
+                                }
                             }
                         }
                     });
@@ -428,20 +530,77 @@ pub async fn start(postfix: &str) -> ResultType<()> {
 
 pub async fn new_listener(postfix: &str) -> ResultType<Incoming> {
     let path = Config::ipc_path(postfix);
-    #[cfg(not(any(windows, target_os = "android", target_os = "ios")))]
-    check_pid(postfix).await;
+    #[cfg(any(target_os = "linux", target_os = "macos"))]
+    let should_scrub_parent_entries = ensure_secure_ipc_parent_dir(&path, postfix)?;
+    #[cfg(any(target_os = "linux", target_os = "macos"))]
+    let existing_listener_alive = check_pid(postfix).await;
+    #[cfg(any(target_os = "linux", target_os = "macos"))]
+    if should_scrub_parent_entries_after_check_pid(
+        should_scrub_parent_entries,
+        existing_listener_alive,
+    ) {
+        scrub_secure_ipc_parent_dir(&path, postfix)?;
+    }
     let mut endpoint = Endpoint::new(path.clone());
-    match SecurityAttributes::allow_everyone_create() {
+    let security_attrs = {
+        #[cfg(windows)]
+        {
+            if postfix == "_portable_service" {
+                portable_service_listener_security_attributes()
+            } else if should_allow_everyone_create_on_windows(postfix) {
+                SecurityAttributes::allow_everyone_create()
+            } else {
+                Ok(SecurityAttributes::empty())
+            }
+        }
+        #[cfg(not(windows))]
+        {
+            SecurityAttributes::allow_everyone_create()
+        }
+    };
+    match security_attrs {
         Ok(attr) => endpoint.set_security_attributes(attr),
-        Err(err) => log::error!("Failed to set ipc{} security: {}", postfix, err),
+        Err(err) => {
+            log::error!("Failed to set ipc{} security: {}", postfix, err);
+            #[cfg(windows)]
+            if postfix == "_portable_service" {
+                // Fail closed for `_portable_service` when SDDL construction fails.
+                // This endpoint is security-critical and must not start with default ACLs.
+                return Err(err.into());
+            }
+        }
     };
     match endpoint.incoming() {
         Ok(incoming) => {
-            log::info!("Started ipc{} server at path: {}", postfix, &path);
-            #[cfg(not(windows))]
+            if postfix == crate::POSTFIX_SERVICE {
+                log::info!("Started protected ipc service server: postfix={}", postfix);
+            } else {
+                log::info!("Started ipc{} server at path: {}", postfix, &path);
+            }
+            #[cfg(any(target_os = "linux", target_os = "macos"))]
             {
-                use std::os::unix::fs::PermissionsExt;
-                std::fs::set_permissions(&path, std::fs::Permissions::from_mode(0o0777)).ok();
+                // NOTE: On Linux/macOS, some IPC sockets are intentionally world-connectable
+                // (0666) so the active (non-root) user process can connect. Authorization is
+                // enforced at accept-time for these channels, and the protected `_service`
+                // channel is further restricted by an explicit message allowlist (SyncConfig
+                // only).
+                let socket_mode = if config::is_service_ipc_postfix(postfix) {
+                    0o0666
+                } else {
+                    0o0600
+                };
+                if let Err(err) =
+                    std::fs::set_permissions(&path, std::fs::Permissions::from_mode(socket_mode))
+                {
+                    log::error!(
+                        "Failed to set permissions on ipc{} socket at path {}: {}",
+                        postfix,
+                        &path,
+                        err
+                    );
+                    std::fs::remove_file(&path).ok();
+                    return Err(err.into());
+                }
                 write_pid(postfix);
             }
             Ok(incoming)
@@ -632,8 +791,29 @@ async fn handle(data: Data, stream: &mut Connection) {
                     value = Some(Config::get_id());
                 } else if name == "temporary-password" {
                     value = Some(password::temporary_password());
-                } else if name == "permanent-password" {
-                    value = Some(Config::get_permanent_password());
+                } else if name == "permanent-password-storage-and-salt" {
+                    let (storage, salt) = Config::get_local_permanent_password_storage_and_salt();
+                    value = Some(storage + "\n" + &salt);
+                } else if name == "permanent-password-set" {
+                    value = Some(if Config::has_permanent_password() {
+                        "Y".to_owned()
+                    } else {
+                        "N".to_owned()
+                    });
+                } else if name == "permanent-password-is-preset" {
+                    let hard = config::HARD_SETTINGS
+                        .read()
+                        .unwrap()
+                        .get("password")
+                        .cloned()
+                        .unwrap_or_default();
+                    let is_preset =
+                        !hard.is_empty() && Config::matches_permanent_password_plain(&hard);
+                    value = Some(if is_preset {
+                        "Y".to_owned()
+                    } else {
+                        "N".to_owned()
+                    });
                 } else if name == "salt" {
                     value = Some(Config::get_salt());
                 } else if name == "rendezvous_server" {
@@ -669,13 +849,24 @@ async fn handle(data: Data, stream: &mut Connection) {
                 allow_err!(stream.send(&Data::Config((name, value))).await);
             }
             Some(value) => {
+                let mut updated = true;
                 if name == "id" {
                     Config::set_key_confirmed(false);
                     Config::set_id(&value);
                 } else if name == "temporary-password" {
                     password::update_temporary_password();
                 } else if name == "permanent-password" {
-                    Config::set_permanent_password(&value);
+                    if Config::is_disable_change_permanent_password() {
+                        log::warn!("Changing permanent password is disabled");
+                        updated = false;
+                    } else {
+                        Config::set_permanent_password(&value);
+                    }
+                    // Explicitly ACK/NACK permanent-password writes. This allows UIs/FFI to
+                    // distinguish "accepted by daemon" vs "IPC send succeeded" without
+                    // reading back any secret.
+                    let ack = if updated { "Y" } else { "N" }.to_owned();
+                    allow_err!(stream.send(&Data::Config((name.clone(), Some(ack)))).await);
                 } else if name == "salt" {
                     Config::set_salt(&value);
                 } else if name == "voice-call-input" {
@@ -685,7 +876,9 @@ async fn handle(data: Data, stream: &mut Connection) {
                 } else {
                     return;
                 }
-                log::info!("{} updated", name);
+                if updated {
+                    log::info!("{} updated", name);
+                }
             }
         },
         Data::Options(value) => match value {
@@ -736,6 +929,8 @@ async fn handle(data: Data, stream: &mut Connection) {
         Data::TestRendezvousServer => {
             crate::test_rendezvous_server();
         }
+        #[cfg(feature = "flutter")]
+        #[cfg(not(any(target_os = "android", target_os = "ios")))]
         Data::SwitchSidesRequest(id) => {
             let uuid = uuid::Uuid::new_v4();
             crate::server::insert_switch_sides_uuid(id, uuid.clone());
@@ -745,6 +940,19 @@ async fn handle(data: Data, stream: &mut Connection) {
                     .await
             );
         }
+        #[cfg(feature = "flutter")]
+        #[cfg(not(any(target_os = "android", target_os = "ios")))]
+        Data::SwitchSidesUuid(uuid, id, None) => {
+            let allowed = uuid
+                .parse::<uuid::Uuid>()
+                .map(|uuid| crate::server::remove_pending_switch_sides_uuid(&id, &uuid))
+                .unwrap_or(false);
+            allow_err!(
+                stream
+                    .send(&Data::SwitchSidesUuid(uuid, id, Some(allowed)))
+                    .await
+            );
+        }
         #[cfg(all(feature = "flutter", feature = "plugin_framework"))]
         #[cfg(not(any(target_os = "android", target_os = "ios")))]
         Data::Plugin(plugin) => crate::plugin::ipc::handle_plugin(plugin, stream).await,
@@ -896,15 +1104,116 @@ async fn handle(data: Data, stream: &mut Connection) {
             );
         }
         _ => {}
-    }
+    };
 }
 
 pub async fn connect(ms_timeout: u64, postfix: &str) -> ResultType<ConnectionTmpl<ConnClient>> {
     let path = Config::ipc_path(postfix);
-    let client = timeout(ms_timeout, Endpoint::connect(&path)).await??;
+    connect_with_path(ms_timeout, &path).await
+}
+
+pub(crate) fn generate_one_time_ipc_token() -> ResultType<String> {
+    use hbb_common::rand::{rngs::OsRng, RngCore as _};
+    use std::fmt::Write as _;
+
+    let mut random_bytes = [0u8; IPC_TOKEN_RANDOM_BYTES];
+    let mut rng = OsRng;
+    rng.try_fill_bytes(&mut random_bytes).map_err(|err| {
+        hbb_common::anyhow::anyhow!(
+            "failed to generate portable service ipc token from OsRng: {}",
+            err
+        )
+    })?;
+
+    let mut token = String::with_capacity(IPC_TOKEN_LEN);
+    for byte in random_bytes {
+        let _ = write!(token, "{:02x}", byte);
+    }
+    Ok(token)
+}
+
+pub(crate) fn constant_time_ipc_token_eq(expected: &str, candidate: &str) -> bool {
+    if expected.len() != IPC_TOKEN_LEN || candidate.len() != IPC_TOKEN_LEN {
+        return false;
+    }
+    expected
+        .as_bytes()
+        .iter()
+        .zip(candidate.as_bytes().iter())
+        .fold(0u8, |diff, (left, right)| diff | (*left ^ *right))
+        == 0
+}
+
+pub(crate) async fn portable_service_ipc_handshake_as_client<T>(
+    stream: &mut ConnectionTmpl<T>,
+    token: &str,
+) -> ResultType<()>
+where
+    T: AsyncRead + AsyncWrite + std::marker::Unpin,
+{
+    stream
+        .send(&Data::DataPortableService(DataPortableService::AuthToken(
+            token.to_owned(),
+        )))
+        .await?;
+    match stream
+        .next_timeout(PORTABLE_SERVICE_IPC_HANDSHAKE_TIMEOUT_MS)
+        .await?
+    {
+        Some(Data::DataPortableService(DataPortableService::AuthResult(true))) => Ok(()),
+        Some(Data::DataPortableService(DataPortableService::AuthResult(false))) => {
+            bail!("portable service ipc handshake was rejected by server")
+        }
+        Some(_) | None => bail!("portable service ipc handshake returned an unexpected response"),
+    }
+}
+
+pub(crate) async fn portable_service_ipc_handshake_as_server<T, F>(
+    stream: &mut ConnectionTmpl<T>,
+    mut validate_token: F,
+) -> ResultType<()>
+where
+    T: AsyncRead + AsyncWrite + std::marker::Unpin,
+    // Token validators must use `constant_time_ipc_token_eq` or an equivalent
+    // fixed-length comparison; this handshake is part of the privilege boundary.
+    F: FnMut(&str) -> bool,
+{
+    let authorized = match stream
+        .next_timeout(PORTABLE_SERVICE_IPC_HANDSHAKE_TIMEOUT_MS)
+        .await?
+    {
+        Some(Data::DataPortableService(DataPortableService::AuthToken(token))) => {
+            validate_token(&token)
+        }
+        Some(_) | None => false,
+    };
+    stream
+        .send(&Data::DataPortableService(DataPortableService::AuthResult(
+            authorized,
+        )))
+        .await?;
+    if !authorized {
+        bail!("portable service ipc handshake failed")
+    }
+    Ok(())
+}
+
+#[inline]
+async fn connect_with_path(ms_timeout: u64, path: &str) -> ResultType<ConnectionTmpl<ConnClient>> {
+    let client = timeout(ms_timeout, Endpoint::connect(path)).await??;
     Ok(ConnectionTmpl::new(client))
 }
 
+#[cfg(target_os = "linux")]
+pub async fn connect_for_uid(
+    ms_timeout: u64,
+    uid: u32,
+    postfix: &str,
+) -> ResultType<ConnectionTmpl<ConnClient>> {
+    let path = Config::ipc_path_for_uid(uid, postfix);
+    connect_with_path(ms_timeout, &path).await
+}
+
 #[cfg(target_os = "linux")]
 #[tokio::main(flavor = "current_thread")]
 pub async fn start_pa() {
@@ -982,54 +1291,6 @@ pub async fn start_pa() {
     }
 }
 
-#[inline]
-#[cfg(not(windows))]
-fn get_pid_file(postfix: &str) -> String {
-    let path = Config::ipc_path(postfix);
-    format!("{}.pid", path)
-}
-
-#[cfg(not(any(windows, target_os = "android", target_os = "ios")))]
-async fn check_pid(postfix: &str) {
-    let pid_file = get_pid_file(postfix);
-    if let Ok(mut file) = File::open(&pid_file) {
-        let mut content = String::new();
-        file.read_to_string(&mut content).ok();
-        let pid = content.parse::<usize>().unwrap_or(0);
-        if pid > 0 {
-            use hbb_common::sysinfo::System;
-            let mut sys = System::new();
-            sys.refresh_processes();
-            if let Some(p) = sys.process(pid.into()) {
-                if let Some(current) = sys.process((std::process::id() as usize).into()) {
-                    if current.name() == p.name() {
-                        // double check with connect
-                        if connect(1000, postfix).await.is_ok() {
-                            return;
-                        }
-                    }
-                }
-            }
-        }
-    }
-    // if not remove old ipc file, the new ipc creation will fail
-    // if we remove a ipc file, but the old ipc process is still running,
-    // new connection to the ipc will connect to new ipc, old connection to old ipc still keep alive
-    std::fs::remove_file(&Config::ipc_path(postfix)).ok();
-}
-
-#[inline]
-#[cfg(not(windows))]
-fn write_pid(postfix: &str) {
-    let path = get_pid_file(postfix);
-    if let Ok(mut file) = File::create(&path) {
-        use std::os::unix::fs::PermissionsExt;
-        std::fs::set_permissions(&path, std::fs::Permissions::from_mode(0o0777)).ok();
-        file.write_all(&std::process::id().to_string().into_bytes())
-            .ok();
-    }
-}
-
 pub struct ConnectionTmpl<T> {
     inner: Framed<T, BytesCodec>,
 }
@@ -1143,13 +1404,57 @@ pub fn update_temporary_password() -> ResultType<()> {
     set_config("temporary-password", "".to_owned())
 }
 
-pub fn get_permanent_password() -> String {
-    if let Ok(Some(v)) = get_config("permanent-password") {
-        Config::set_permanent_password(&v);
-        v
-    } else {
-        Config::get_permanent_password()
+fn apply_permanent_password_storage_and_salt_payload(payload: Option<&str>) -> ResultType<()> {
+    let Some(payload) = payload else {
+        return Ok(());
+    };
+    let Some((storage, salt)) = payload.split_once('\n') else {
+        bail!("Invalid permanent-password-storage-and-salt payload");
+    };
+
+    if storage.is_empty() {
+        Config::set_permanent_password_storage_for_sync("", "")?;
+        return Ok(());
     }
+
+    Config::set_permanent_password_storage_for_sync(storage, salt)?;
+    Ok(())
+}
+
+pub fn sync_permanent_password_storage_from_daemon() -> ResultType<()> {
+    let v = get_config("permanent-password-storage-and-salt")?;
+    apply_permanent_password_storage_and_salt_payload(v.as_deref())
+}
+
+async fn sync_permanent_password_storage_from_daemon_async() -> ResultType<()> {
+    let ms_timeout = 1_000;
+    let v = get_config_async("permanent-password-storage-and-salt", ms_timeout).await?;
+    apply_permanent_password_storage_and_salt_payload(v.as_deref())
+}
+
+pub fn is_permanent_password_set() -> bool {
+    match get_config("permanent-password-set") {
+        Ok(Some(v)) => {
+            let v = v.trim();
+            return v == "Y";
+        }
+        Ok(None) => {
+            // No response/value (timeout).
+        }
+        Err(_) => {
+            // Connection error.
+        }
+    }
+    log::warn!("Failed to query permanent password state from daemon");
+    false
+}
+
+pub fn is_permanent_password_preset() -> bool {
+    if let Ok(Some(v)) = get_config("permanent-password-is-preset") {
+        let v = v.trim();
+        return v == "Y";
+    }
+    false
 }
 
 pub fn get_fingerprint() -> String {
@@ -1159,8 +1464,41 @@ pub fn get_fingerprint() -> String {
 }
 
 pub fn set_permanent_password(v: String) -> ResultType<()> {
-    Config::set_permanent_password(&v);
-    set_config("permanent-password", v)
+    if Config::is_disable_change_permanent_password() {
+        bail!("Changing permanent password is disabled");
+    }
+    if set_permanent_password_with_ack(v)? {
+        Ok(())
+    } else {
+        bail!("Changing permanent password was rejected by daemon");
+    }
+}
+
+#[tokio::main(flavor = "current_thread")]
+pub async fn set_permanent_password_with_ack(v: String) -> ResultType<bool> {
+    set_permanent_password_with_ack_async(v).await
+}
+
+async fn set_permanent_password_with_ack_async(v: String) -> ResultType<bool> {
+    // The daemon ACK/NACK is expected quickly since it applies the config in-process.
+    let ms_timeout = 1_000;
+    let mut c = connect(ms_timeout, "").await?;
+    c.send_config("permanent-password", v).await?;
+    if let Some(Data::Config((name2, Some(v)))) = c.next_timeout(ms_timeout).await? {
+        if name2 == "permanent-password" {
+            let v = v.trim();
+            let ok = v == "Y";
+            if ok {
+                // Ensure the hashed permanent password storage is written to the user config file.
+                // This sync must not affect the daemon ACK outcome.
+                if let Err(err) = sync_permanent_password_storage_from_daemon_async().await {
+                    log::warn!("Failed to sync permanent password storage from daemon: {err}");
+                }
+            }
+            return Ok(ok);
+        }
+    }
+    Ok(false)
 }
 
 #[cfg(feature = "flutter")]
@@ -1416,9 +1754,10 @@ pub fn close_all_instances() -> ResultType<bool> {
     }
 }
 
+#[cfg(windows)]
 #[tokio::main(flavor = "current_thread")]
 pub async fn connect_to_user_session(usid: Option<u32>) -> ResultType<()> {
-    let mut stream = crate::ipc::connect(1000, crate::POSTFIX_SERVICE).await?;
+    let mut stream = crate::ipc::connect_service(1000).await?;
     timeout(1000, stream.send(&crate::ipc::Data::UserSid(usid))).await??;
     Ok(())
 }
@@ -1544,13 +1883,76 @@ pub async fn update_controlling_session_count(count: usize) -> ResultType<()> {
 #[cfg(target_os = "linux")]
 #[tokio::main(flavor = "current_thread")]
 pub async fn get_terminal_session_count() -> ResultType<usize> {
-    let ms_timeout = 1_000;
-    let mut c = connect(ms_timeout, "").await?;
-    c.send(&Data::TerminalSessionCount(0)).await?;
-    if let Some(Data::TerminalSessionCount(c)) = c.next_timeout(ms_timeout).await? {
-        return Ok(c);
+    let timeout_ms = 1_000;
+    let effective_uid = unsafe { hbb_common::libc::geteuid() as u32 };
+    let candidate_uids = terminal_count_candidate_uids(effective_uid);
+    let mut last_err: Option<anyhow::Error> = None;
+    for candidate_uid in candidate_uids {
+        let socket_path = Config::ipc_path_for_uid(candidate_uid, "");
+        let connect_result = timeout(timeout_ms, Endpoint::connect(&socket_path))
+            .await
+            .map_err(|err| {
+                anyhow::anyhow!(
+                    "Timeout connecting to terminal ipc at {}: {}",
+                    socket_path,
+                    err
+                )
+            });
+        let connection = match connect_result {
+            Ok(Ok(connection)) => connection,
+            Ok(Err(err)) => {
+                last_err = Some(anyhow::anyhow!(
+                    "Failed to connect to terminal ipc at {}: {}",
+                    socket_path,
+                    err
+                ));
+                continue;
+            }
+            Err(err) => {
+                last_err = Some(err);
+                continue;
+            }
+        };
+        let mut ipc_conn = ConnectionTmpl::new(connection);
+        if let Err(err) = ipc_conn.send(&Data::TerminalSessionCount(0)).await {
+            last_err = Some(anyhow::anyhow!(
+                "Failed to request terminal session count via ipc at {}: {}",
+                socket_path,
+                err
+            ));
+            continue;
+        }
+        match ipc_conn.next_timeout(timeout_ms).await {
+            Ok(Some(Data::TerminalSessionCount(session_count))) => {
+                return Ok(session_count);
+            }
+            Ok(None) => {
+                last_err = Some(anyhow::anyhow!(
+                    "Invalid response when requesting terminal session count via ipc at {}",
+                    socket_path
+                ));
+            }
+            Ok(other) => {
+                last_err = Some(anyhow::anyhow!(
+                    "Unexpected response when requesting terminal session count via ipc at {}: {:?}",
+                    socket_path,
+                    other.map(|v| std::mem::discriminant(&v))
+                ));
+            }
+            Err(err) => {
+                last_err = Some(anyhow::anyhow!(
+                    "Failed to read terminal session count via ipc at {}: {}",
+                    socket_path,
+                    err
+                ));
+            }
+        }
+    }
+    if let Some(err) = last_err {
+        Err(err.into())
+    } else {
+        Ok(0)
     }
-    Ok(0)
 }
 
 async fn handle_wayland_screencast_restore_token(
@@ -1581,9 +1983,30 @@ pub async fn set_install_option(k: String, v: String) -> ResultType<()> {
 #[cfg(test)]
 mod test {
     use super::*;
+
     #[test]
     fn verify_ffi_enum_data_size() {
         println!("{}", std::mem::size_of::<Data>());
         assert!(std::mem::size_of::<Data>() <= 120);
     }
+
+    #[cfg(target_os = "linux")]
+    #[test]
+    fn test_ipc_path_differs_by_uid_for_cm() {
+        let effective_uid = unsafe { hbb_common::libc::geteuid() as u32 };
+        let other_uid = effective_uid.saturating_add(1);
+        let postfix = "_cm";
+
+        // Default connect path targets the current effective uid.
+        assert_eq!(
+            Config::ipc_path(postfix),
+            Config::ipc_path_for_uid(effective_uid, postfix)
+        );
+        // A different uid yields a different socket path - this is the root cause of the
+        // cross-user regression when root spawns a user process but still connects as uid 0.
+        assert_ne!(
+            Config::ipc_path(postfix),
+            Config::ipc_path_for_uid(other_uid, postfix)
+        );
+    }
 }

src/ipc/fs.rs

@@ -0,0 +1,951 @@
+#[cfg(target_os = "linux")]
+use super::ipc_auth::active_uid;
+use crate::ipc::{connect, Data};
+use hbb_common::{config, log, ResultType};
+use std::{
+    ffi::CString,
+    io::{Error, ErrorKind},
+    os::unix::ffi::OsStrExt,
+    path::Path,
+};
+
+struct FdGuard(i32);
+impl Drop for FdGuard {
+    fn drop(&mut self) {
+        unsafe {
+            hbb_common::libc::close(self.0);
+        }
+    }
+}
+
+#[cfg(target_os = "linux")]
+#[inline]
+pub(crate) fn terminal_count_candidate_uids(effective_uid: u32) -> Vec<u32> {
+    if effective_uid != 0 {
+        return vec![effective_uid];
+    }
+    let mut candidates = Vec::with_capacity(2);
+    if let Some(uid) = active_uid().filter(|uid| *uid != 0) {
+        candidates.push(uid);
+    }
+    candidates.push(0);
+    candidates
+}
+
+#[inline]
+fn expected_ipc_parent_mode(postfix: &str) -> u32 {
+    if config::is_service_ipc_postfix(postfix) {
+        0o0711
+    } else {
+        0o0700
+    }
+}
+
+fn open_ipc_parent_dir_fd(parent_c: &CString) -> std::io::Result<i32> {
+    let fd = unsafe {
+        hbb_common::libc::open(
+            parent_c.as_ptr(),
+            hbb_common::libc::O_RDONLY
+                | hbb_common::libc::O_DIRECTORY
+                | hbb_common::libc::O_CLOEXEC
+                | hbb_common::libc::O_NOFOLLOW,
+        )
+    };
+    if fd < 0 {
+        Err(std::io::Error::last_os_error())
+    } else {
+        Ok(fd)
+    }
+}
+
+// Remove one preexisting IPC artifact via an already-opened parent directory FD.
+//
+// Security intent:
+// - Bind cleanup to the exact parent inode that passed O_NOFOLLOW + fstat checks.
+// - Avoid path-based TOCTOU during scrub (e.g., parent path rename/swap race).
+//
+// Flow:
+// 1) fstatat(..., AT_SYMLINK_NOFOLLOW) to inspect the target entry under parent_fd.
+// 2) Decide file vs directory from st_mode.
+// 3) unlinkat relative to parent_fd (AT_REMOVEDIR for directories).
+//
+// Error policy:
+// - NotFound is treated as benign (already removed / raced away).
+// - Other errors are surfaced explicitly.
+fn remove_parent_entry_via_fd(
+    parent_fd: i32,
+    parent_dir: &Path,
+    entry_name: &str,
+) -> ResultType<()> {
+    if entry_name.contains('/') {
+        return Err(Error::new(
+            ErrorKind::InvalidInput,
+            format!(
+                "invalid ipc parent entry name (contains '/'): parent={}, entry={}",
+                parent_dir.display(),
+                entry_name
+            ),
+        )
+        .into());
+    }
+    let entry_c = CString::new(entry_name.as_bytes().to_vec()).map_err(|err| {
+        Error::new(
+            ErrorKind::InvalidInput,
+            format!(
+                "invalid ipc parent entry name: parent={}, entry={}, err={}",
+                parent_dir.display(),
+                entry_name,
+                err
+            ),
+        )
+    })?;
+    let mut stat: hbb_common::libc::stat = unsafe { std::mem::zeroed() };
+    let stat_rc = unsafe {
+        hbb_common::libc::fstatat(
+            parent_fd,
+            entry_c.as_ptr(),
+            &mut stat,
+            hbb_common::libc::AT_SYMLINK_NOFOLLOW,
+        )
+    };
+    if stat_rc != 0 {
+        let err = std::io::Error::last_os_error();
+        if err.kind() == ErrorKind::NotFound {
+            return Ok(());
+        }
+        return Err(Error::new(
+            err.kind(),
+            format!(
+                "failed to stat preexisting ipc parent dir entry by fd: parent={}, entry={}, err={}",
+                parent_dir.display(),
+                entry_name,
+                err
+            ),
+        )
+        .into());
+    }
+
+    let is_dir = (stat.st_mode & (hbb_common::libc::S_IFMT as hbb_common::libc::mode_t))
+        == hbb_common::libc::S_IFDIR;
+    let unlink_flags = if is_dir {
+        hbb_common::libc::AT_REMOVEDIR
+    } else {
+        0
+    };
+    let unlink_rc =
+        unsafe { hbb_common::libc::unlinkat(parent_fd, entry_c.as_ptr(), unlink_flags) };
+    if unlink_rc != 0 {
+        let err = std::io::Error::last_os_error();
+        if err.kind() == ErrorKind::NotFound {
+            return Ok(());
+        }
+        return Err(Error::new(
+            err.kind(),
+            format!(
+                "failed to remove preexisting ipc parent dir entry by fd: parent={}, entry={}, err={}",
+                parent_dir.display(),
+                entry_name,
+                err
+            ),
+        )
+        .into());
+    }
+    Ok(())
+}
+
+fn scrub_preexisting_ipc_parent_entries(
+    parent_fd: i32,
+    parent_dir: &Path,
+    postfix: &str,
+) -> ResultType<()> {
+    let ipc_basename = format!("ipc{}", postfix);
+    remove_parent_entry_via_fd(parent_fd, parent_dir, &ipc_basename)?;
+    remove_parent_entry_via_fd(parent_fd, parent_dir, &format!("{}.pid", ipc_basename))?;
+    Ok(())
+}
+
+fn remove_ipc_socket_via_secure_parent_fd(postfix: &str) -> ResultType<()> {
+    let path = config::Config::ipc_path(postfix);
+    let parent_dir = Path::new(&path)
+        .parent()
+        .ok_or_else(|| Error::new(ErrorKind::InvalidInput, format!("invalid ipc path: {path}")))?;
+    let parent_c = CString::new(parent_dir.as_os_str().as_bytes().to_vec())?;
+    let fd = match open_ipc_parent_dir_fd(&parent_c) {
+        Ok(fd) => fd,
+        Err(open_err) => {
+            if open_err.kind() == ErrorKind::NotFound {
+                return Ok(());
+            }
+            return Err(Error::new(
+                open_err.kind(),
+                format!(
+                    "failed to open ipc parent dir for stale socket cleanup (no-follow): postfix={}, parent={}, err={}",
+                    postfix,
+                    parent_dir.display(),
+                    open_err
+                ),
+            )
+            .into());
+        }
+    };
+    let _fd_guard = FdGuard(fd);
+    remove_parent_entry_via_fd(fd, parent_dir, &format!("ipc{}", postfix))
+}
+
+// Purpose:
+// - Harden the IPC parent directory before creating/listening socket files.
+// - Prevent symlink/path-race abuse and reject unsafe owner/mode.
+//
+// Approach:
+// - Open parent dir with O_NOFOLLOW/O_DIRECTORY and operate on that fd.
+// - Validate inode type/owner/mode via fstat.
+// - For protected service postfix, optionally adopt owner (root only), then scrub stale
+//   rustdesk IPC artifacts when directory trust boundary changed.
+//
+// Main steps:
+// 1) Resolve parent path and open/create directory securely.
+// 2) Verify directory inode type and owner uid.
+// 3) Enforce expected mode via fchmod on opened fd.
+// 4) Scrub stale IPC artifacts when owner/mode was unsafe before hardening.
+//
+// References:
+// - open(2): O_NOFOLLOW/O_DIRECTORY/O_CLOEXEC
+//   https://man7.org/linux/man-pages/man2/open.2.html
+// - fstat(2): verify file type/metadata on opened fd
+//   https://man7.org/linux/man-pages/man2/fstat.2.html
+// - fchown(2): adopt ownership when running as root
+//   https://man7.org/linux/man-pages/man2/chown.2.html
+// - fchmod(2): enforce exact mode on opened fd
+//   https://man7.org/linux/man-pages/man2/fchmod.2.html
+pub(crate) fn ensure_secure_ipc_parent_dir(path: &str, postfix: &str) -> ResultType<bool> {
+    let parent_dir = Path::new(path)
+        .parent()
+        .ok_or_else(|| Error::new(ErrorKind::InvalidInput, format!("invalid ipc path: {path}")))?;
+    // Harden against common TOCTOU by opening the parent directory with O_NOFOLLOW (so the parent
+    // itself cannot be a symlink) and then operating on its FD (fstat/fchown/fchmod). This ensures
+    // we mutate the inode we opened, though it does not protect against symlinks in ancestor path
+    // components.
+    let parent_c = CString::new(parent_dir.as_os_str().as_bytes().to_vec())?;
+    let fd = match open_ipc_parent_dir_fd(&parent_c) {
+        Ok(fd) => fd,
+        Err(open_err) => {
+            // If the directory doesn't exist yet, create it with the expected mode. The parent
+            // dir is intended to be a single-level /tmp path, so mkdir is sufficient here.
+            if open_err.raw_os_error() == Some(hbb_common::libc::ENOENT) {
+                let expected_mode = expected_ipc_parent_mode(postfix);
+                let rc = unsafe {
+                    hbb_common::libc::mkdir(
+                        parent_c.as_ptr(),
+                        expected_mode as hbb_common::libc::mode_t,
+                    )
+                };
+                if rc != 0 {
+                    let mkdir_err = std::io::Error::last_os_error();
+                    // Handle a race where another process created the directory first.
+                    if mkdir_err.raw_os_error() != Some(hbb_common::libc::EEXIST) {
+                        return Err(Error::new(
+                            mkdir_err.kind(),
+                            format!(
+                                "failed to mkdir ipc parent dir: postfix={}, parent={}, err={}",
+                                postfix,
+                                parent_dir.display(),
+                                mkdir_err
+                            ),
+                        )
+                        .into());
+                    }
+                }
+                match open_ipc_parent_dir_fd(&parent_c) {
+                    Ok(fd) => fd,
+                    Err(err) => {
+                        return Err(Error::new(
+                            err.kind(),
+                            format!(
+                                "failed to open ipc parent dir (no-follow): postfix={}, parent={}, err={}",
+                                postfix,
+                                parent_dir.display(),
+                                err
+                            ),
+                        )
+                        .into());
+                    }
+                }
+            } else {
+                return Err(Error::new(
+                    open_err.kind(),
+                    format!(
+                        "failed to open ipc parent dir (no-follow): postfix={}, parent={}, err={}",
+                        postfix,
+                        parent_dir.display(),
+                        open_err
+                    ),
+                )
+                .into());
+            }
+        }
+    };
+    let _fd_guard = FdGuard(fd);
+
+    let mut st: hbb_common::libc::stat = unsafe { std::mem::zeroed() };
+    if unsafe { hbb_common::libc::fstat(fd, &mut st as *mut _) } != 0 {
+        let os_err = std::io::Error::last_os_error();
+        return Err(Error::new(
+            os_err.kind(),
+            format!(
+                "failed to stat ipc parent dir: postfix={}, parent={}, err={}",
+                postfix,
+                parent_dir.display(),
+                os_err
+            ),
+        )
+        .into());
+    }
+    let mode = st.st_mode as u32;
+    let is_dir = (mode & (hbb_common::libc::S_IFMT as u32)) == (hbb_common::libc::S_IFDIR as u32);
+    if !is_dir {
+        return Err(Error::new(
+            ErrorKind::PermissionDenied,
+            format!(
+                "ipc parent is not directory: postfix={}, parent={}",
+                postfix,
+                parent_dir.display()
+            ),
+        )
+        .into());
+    }
+
+    let expected_uid = unsafe { hbb_common::libc::geteuid() as u32 };
+    let mut owner_uid = st.st_uid as u32;
+    let mut adopted_foreign_service_parent = false;
+    // Service-scoped IPC may be created by different privilege contexts historically.
+    // If running as root on protected service postfix, try adopting ownership first.
+    if owner_uid != expected_uid && expected_uid == 0 && config::is_service_ipc_postfix(postfix) {
+        let rc = unsafe {
+            hbb_common::libc::fchown(
+                fd,
+                expected_uid as hbb_common::libc::uid_t,
+                hbb_common::libc::gid_t::MAX,
+            )
+        };
+        if rc == 0 {
+            let mut st2: hbb_common::libc::stat = unsafe { std::mem::zeroed() };
+            if unsafe { hbb_common::libc::fstat(fd, &mut st2 as *mut _) } == 0 {
+                owner_uid = st2.st_uid as u32;
+                st = st2;
+                adopted_foreign_service_parent = true;
+            }
+        } else {
+            // Keep behavior unchanged; capture errno to ease diagnosing why chown failed.
+            let err = std::io::Error::last_os_error();
+            log::warn!(
+                "Failed to chown ipc parent dir, parent={}, postfix={}, expected_uid={}, rc={}, err={:?}",
+                parent_dir.display(),
+                postfix,
+                expected_uid,
+                rc,
+                err
+            );
+        }
+    }
+    if owner_uid != expected_uid {
+        return Err(Error::new(
+            ErrorKind::PermissionDenied,
+            format!(
+                "unsafe ipc parent owner, postfix={}, expected uid {expected_uid}, got {owner_uid}: {}",
+                postfix,
+                parent_dir.display()
+            ),
+        )
+        .into());
+    }
+
+    let expected_mode = expected_ipc_parent_mode(postfix);
+    // Include special bits (setuid/setgid/sticky) to ensure the directory is hardened to the exact
+    // expected mode.
+    let current_mode = (st.st_mode as u32) & 0o7777;
+    let repaired_parent_mode = current_mode != expected_mode;
+    let had_untrusted_parent_mode = (current_mode & 0o022) != 0;
+    if repaired_parent_mode {
+        // Use fchmod on the opened fd to avoid path-race between check and chmod.
+        if unsafe { hbb_common::libc::fchmod(fd, expected_mode as hbb_common::libc::mode_t) } != 0 {
+            let os_err = std::io::Error::last_os_error();
+            return Err(Error::new(
+                os_err.kind(),
+                format!(
+                    "failed to chmod ipc parent dir: postfix={}, parent={}, err={}",
+                    postfix,
+                    parent_dir.display(),
+                    os_err
+                ),
+            )
+            .into());
+        }
+    }
+    let should_scrub =
+        repaired_parent_mode || adopted_foreign_service_parent || had_untrusted_parent_mode;
+    Ok(should_scrub)
+}
+
+pub(crate) fn scrub_secure_ipc_parent_dir(path: &str, postfix: &str) -> ResultType<()> {
+    let parent_dir = Path::new(path)
+        .parent()
+        .ok_or_else(|| Error::new(ErrorKind::InvalidInput, format!("invalid ipc path: {path}")))?;
+    let parent_c = CString::new(parent_dir.as_os_str().as_bytes().to_vec())?;
+    let fd = open_ipc_parent_dir_fd(&parent_c).map_err(|err| {
+        Error::new(
+            err.kind(),
+            format!(
+                "failed to open ipc parent dir for scrub (no-follow): postfix={}, parent={}, err={}",
+                postfix,
+                parent_dir.display(),
+                err
+            ),
+        )
+    })?;
+    let _fd_guard = FdGuard(fd);
+    scrub_preexisting_ipc_parent_entries(fd, parent_dir, postfix)
+}
+
+#[inline]
+pub(crate) fn get_pid_file(postfix: &str) -> String {
+    let path = config::Config::ipc_path(postfix);
+    format!("{}.pid", path)
+}
+
+// Purpose:
+// - Write current process pid to pid file without following attacker-controlled symlinks.
+// - Ensure the pid file is a regular file owned by the opened inode path.
+//
+// Approach:
+// - Use libc open/fstat/write syscalls (FFI) so flags and inode validation are explicit.
+// - Open file with O_NOFOLLOW/O_CLOEXEC and verify S_IFREG with fstat before write.
+// - Keep unsafe scopes minimal and check syscall return values immediately.
+//
+// Main steps:
+// 1) Secure-open pid file (without truncation).
+// 2) Validate opened inode is a regular file owned by current euid.
+// 3) Enforce pid file mode to 0600 and truncate via ftruncate after validation.
+// 4) Write process id bytes through fd.
+//
+// Why not plain std::fs::write?
+// - std::fs helpers cannot enforce this exact open-time hardening sequence
+//   (especially "open with O_NOFOLLOW, then fstat the same opened inode").
+//
+// References:
+// - open(2): O_NOFOLLOW/O_CLOEXEC/O_NONBLOCK
+//   https://man7.org/linux/man-pages/man2/open.2.html
+// - fstat(2): verify file type on opened fd
+//   https://man7.org/linux/man-pages/man2/fstat.2.html
+// - fchmod(2): enforce secure mode on reused pid file
+//   https://man7.org/linux/man-pages/man2/fchmod.2.html
+// - ftruncate(2): truncate after validation
+//   https://man7.org/linux/man-pages/man2/ftruncate.2.html
+// - write(2): write bytes via fd
+//   https://man7.org/linux/man-pages/man2/write.2.html
+fn write_pid_file(path: &Path) -> ResultType<()> {
+    let path_c = CString::new(path.as_os_str().as_bytes().to_vec()).map_err(|err| {
+        Error::new(
+            ErrorKind::InvalidInput,
+            format!("invalid pid file path '{}': {}", path.display(), err),
+        )
+    })?;
+    let flags = hbb_common::libc::O_WRONLY
+        | hbb_common::libc::O_CREAT
+        | hbb_common::libc::O_CLOEXEC
+        | hbb_common::libc::O_NOFOLLOW
+        | hbb_common::libc::O_NONBLOCK;
+    let fd = unsafe { hbb_common::libc::open(path_c.as_ptr(), flags, 0o0600) };
+    if fd < 0 {
+        let os_err = std::io::Error::last_os_error();
+        return Err(Error::new(
+            os_err.kind(),
+            format!(
+                "failed to open pid file with no-follow '{}': {}",
+                path.display(),
+                os_err
+            ),
+        )
+        .into());
+    }
+    let _fd_guard = FdGuard(fd);
+    let mut stat: hbb_common::libc::stat = unsafe { std::mem::zeroed() };
+    if unsafe { hbb_common::libc::fstat(fd, &mut stat) } != 0 {
+        let os_err = std::io::Error::last_os_error();
+        return Err(Error::new(
+            os_err.kind(),
+            format!("failed to stat pid file '{}': {}", path.display(), os_err),
+        )
+        .into());
+    }
+    if (stat.st_mode & (hbb_common::libc::S_IFMT as hbb_common::libc::mode_t))
+        != (hbb_common::libc::S_IFREG as hbb_common::libc::mode_t)
+    {
+        return Err(Error::new(
+            ErrorKind::PermissionDenied,
+            format!("pid file path is not a regular file: '{}'", path.display()),
+        )
+        .into());
+    }
+    let expected_uid = unsafe { hbb_common::libc::geteuid() as u32 };
+    if stat.st_uid as u32 != expected_uid {
+        return Err(Error::new(
+            ErrorKind::PermissionDenied,
+            format!(
+                "pid file owner mismatch: expected uid {}, got {} for '{}'",
+                expected_uid,
+                stat.st_uid,
+                path.display()
+            ),
+        )
+        .into());
+    }
+    if unsafe { hbb_common::libc::fchmod(fd, 0o600) } != 0 {
+        let os_err = std::io::Error::last_os_error();
+        return Err(Error::new(
+            os_err.kind(),
+            format!("failed to chmod pid file '{}': {}", path.display(), os_err),
+        )
+        .into());
+    }
+    if unsafe { hbb_common::libc::ftruncate(fd, 0) } != 0 {
+        let os_err = std::io::Error::last_os_error();
+        return Err(Error::new(
+            os_err.kind(),
+            format!(
+                "failed to truncate pid file '{}': {}",
+                path.display(),
+                os_err
+            ),
+        )
+        .into());
+    }
+
+    let bytes = std::process::id().to_string();
+    let buf = bytes.as_bytes();
+    // `write(2)` is allowed to return a short write even for regular files.
+    // PID content is tiny and usually written in one shot, but we still loop
+    // until all bytes are persisted so this path is semantically correct.
+    let mut written = 0usize;
+    while written < buf.len() {
+        let rc = unsafe {
+            hbb_common::libc::write(
+                fd,
+                buf[written..].as_ptr() as *const hbb_common::libc::c_void,
+                buf.len() - written,
+            )
+        };
+        if rc < 0 {
+            let os_err = std::io::Error::last_os_error();
+            return Err(Error::new(
+                os_err.kind(),
+                format!("failed to write pid file '{}': {}", path.display(), os_err),
+            )
+            .into());
+        }
+        if rc == 0 {
+            return Err(Error::new(
+                ErrorKind::WriteZero,
+                format!(
+                    "failed to write pid file '{}': write returned 0 bytes",
+                    path.display()
+                ),
+            )
+            .into());
+        }
+        written += rc as usize;
+    }
+    Ok(())
+}
+
+#[inline]
+pub(crate) fn write_pid(postfix: &str) {
+    let path = std::path::PathBuf::from(get_pid_file(postfix));
+    if let Err(err) = write_pid_file(&path) {
+        log::warn!(
+            "Failed to write pid file for postfix '{}', path='{}', err={}",
+            postfix,
+            path.display(),
+            err
+        );
+    }
+}
+
+// Purpose:
+// - Read pid file safely and avoid trusting symlink/non-regular files.
+//
+// Approach:
+// - Use libc open/fstat/read syscalls (FFI) to control flags and inode checks.
+// - Open path with O_NOFOLLOW, validate opened fd via fstat, then read and parse.
+// - Keep unsafe scopes minimal and check syscall return values immediately.
+//
+// Main steps:
+// 1) Secure-open pid file read-only.
+// 2) Ensure fd points to regular file.
+// 3) Read bytes and parse usize pid.
+//
+// References:
+// - open(2): O_NOFOLLOW/O_CLOEXEC/O_NONBLOCK
+//   https://man7.org/linux/man-pages/man2/open.2.html
+// - fstat(2): validate S_IFREG on opened fd
+//   https://man7.org/linux/man-pages/man2/fstat.2.html
+// - read(2): read bytes via fd
+//   https://man7.org/linux/man-pages/man2/read.2.html
+#[inline]
+fn read_pid_file_secure(path: &Path) -> Option<usize> {
+    let path_c = CString::new(path.as_os_str().as_bytes().to_vec()).ok()?;
+    let flags = hbb_common::libc::O_RDONLY
+        | hbb_common::libc::O_CLOEXEC
+        | hbb_common::libc::O_NOFOLLOW
+        | hbb_common::libc::O_NONBLOCK;
+    let fd = unsafe { hbb_common::libc::open(path_c.as_ptr(), flags) };
+    if fd < 0 {
+        return None;
+    }
+    let _fd_guard = FdGuard(fd);
+
+    let mut stat: hbb_common::libc::stat = unsafe { std::mem::zeroed() };
+    if unsafe { hbb_common::libc::fstat(fd, &mut stat) } != 0 {
+        return None;
+    }
+    if (stat.st_mode & (hbb_common::libc::S_IFMT as hbb_common::libc::mode_t))
+        != (hbb_common::libc::S_IFREG as hbb_common::libc::mode_t)
+    {
+        return None;
+    }
+
+    let mut buffer = [0u8; 64];
+    let read_len = unsafe {
+        hbb_common::libc::read(
+            fd,
+            buffer.as_mut_ptr() as *mut hbb_common::libc::c_void,
+            buffer.len(),
+        )
+    };
+    if read_len <= 0 {
+        return None;
+    }
+    let content = String::from_utf8_lossy(&buffer[..read_len as usize]).to_string();
+    content.trim().parse::<usize>().ok()
+}
+
+#[inline]
+async fn probe_existing_listener(postfix: &str) -> bool {
+    let Ok(mut stream) = connect(1000, postfix).await else {
+        return false;
+    };
+    if postfix != crate::POSTFIX_SERVICE {
+        return true;
+    }
+    if stream.send(&Data::SyncConfig(None)).await.is_err() {
+        return false;
+    }
+    matches!(
+        stream.next_timeout(1000).await,
+        Ok(Some(Data::SyncConfig(Some(_))))
+    )
+}
+
+pub(crate) async fn check_pid(postfix: &str) -> bool {
+    let pid_file = std::path::PathBuf::from(get_pid_file(postfix));
+    if let Some(pid) = read_pid_file_secure(&pid_file) {
+        if pid > 0 {
+            let mut sys = hbb_common::sysinfo::System::new();
+            sys.refresh_processes();
+            if let Some(p) = sys.process(pid.into()) {
+                if let Some(current) = sys.process((std::process::id() as usize).into()) {
+                    if current.name() == p.name() && probe_existing_listener(postfix).await {
+                        return true;
+                    }
+                }
+            }
+        }
+    }
+    if probe_existing_listener(postfix).await {
+        return true;
+    }
+    // if not remove old ipc file, the new ipc creation will fail
+    // if we remove a ipc file, but the old ipc process is still running,
+    // new connection to the ipc will connect to new ipc, old connection to old ipc still keep alive
+    if let Err(err) = remove_ipc_socket_via_secure_parent_fd(postfix) {
+        log::debug!(
+            "Failed to remove stale ipc socket via secure parent fd: postfix={}, err={}",
+            postfix,
+            err
+        );
+    }
+    false
+}
+
+#[inline]
+pub(crate) fn should_scrub_parent_entries_after_check_pid(
+    should_scrub_parent_entries: bool,
+    existing_listener_alive: bool,
+) -> bool {
+    should_scrub_parent_entries && !existing_listener_alive
+}
+
+#[cfg(test)]
+mod tests {
+    #[test]
+    fn test_write_pid_file_rejects_symlink() {
+        use std::os::unix::fs::symlink;
+
+        let unique = format!(
+            "rustdesk-ipc-pid-file-test-{}-{}",
+            std::process::id(),
+            std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .unwrap_or_default()
+                .as_nanos()
+        );
+        let base = std::env::temp_dir().join(unique);
+        std::fs::create_dir_all(&base).unwrap();
+
+        let target = base.join("target_pid");
+        std::fs::write(&target, b"origin").unwrap();
+        let link = base.join("pid_link");
+        symlink(&target, &link).unwrap();
+
+        let res = super::write_pid_file(&link);
+        assert!(res.is_err());
+        assert_eq!(std::fs::read_to_string(&target).unwrap(), "origin");
+
+        std::fs::remove_file(&link).ok();
+        std::fs::remove_file(&target).ok();
+        std::fs::remove_dir_all(&base).ok();
+    }
+
+    #[test]
+    fn test_ensure_secure_ipc_parent_dir_rejects_symlink_parent() {
+        use std::os::unix::fs::symlink;
+
+        let unique = format!(
+            "rustdesk-ipc-secure-dir-test-{}-{}",
+            std::process::id(),
+            std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .unwrap_or_default()
+                .as_nanos()
+        );
+        let base = std::env::temp_dir().join(unique);
+        let real_dir = base.join("real");
+        let link_dir = base.join("link");
+        std::fs::create_dir_all(&real_dir).unwrap();
+        symlink(&real_dir, &link_dir).unwrap();
+        let ipc_path = link_dir.join("ipc_service");
+        let res =
+            super::ensure_secure_ipc_parent_dir(ipc_path.to_string_lossy().as_ref(), "_service");
+        assert!(res.is_err());
+        std::fs::remove_file(&link_dir).ok();
+        std::fs::remove_dir_all(&real_dir).ok();
+        std::fs::remove_dir_all(&base).ok();
+    }
+
+    #[test]
+    fn test_ensure_secure_ipc_parent_dir_creates_parent_with_expected_mode() {
+        use std::os::unix::fs::PermissionsExt;
+
+        let unique = format!(
+            "rustdesk-ipc-secure-dir-create-test-{}-{}",
+            std::process::id(),
+            std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .unwrap_or_default()
+                .as_nanos()
+        );
+        let base = std::env::temp_dir().join(unique);
+        std::fs::create_dir_all(&base).unwrap();
+
+        // Intentionally choose a parent that does not exist to exercise the ENOENT -> mkdir branch.
+        let parent_dir = base.join("parent");
+        assert!(!parent_dir.exists());
+        let ipc_path = parent_dir.join("ipc");
+
+        let res = super::ensure_secure_ipc_parent_dir(ipc_path.to_string_lossy().as_ref(), "");
+        // Restrictive umask can make mkdir create a stricter initial mode. In that case
+        // ensure_secure_ipc_parent_dir repairs it with fchmod and may request a scrub.
+        res.unwrap();
+
+        let md = std::fs::metadata(&parent_dir).unwrap();
+        assert!(md.is_dir());
+        let mode = md.permissions().mode() & 0o777;
+        assert_eq!(mode, 0o0700);
+
+        std::fs::remove_dir_all(&base).ok();
+    }
+
+    #[test]
+    fn test_scrub_preexisting_ipc_parent_entries_only_removes_target_postfix_artifacts() {
+        use std::os::unix::ffi::OsStrExt;
+
+        let unique = format!(
+            "rustdesk-ipc-scrub-test-{}-{}",
+            std::process::id(),
+            std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .unwrap_or_default()
+                .as_nanos()
+        );
+        let base = std::env::temp_dir().join(unique);
+        std::fs::create_dir_all(&base).unwrap();
+
+        let ipc_file = base.join("ipc_service");
+        let ipc_pid_file = base.join("ipc_service.pid");
+        let ipc_other_postfix_file = base.join("ipc_uinput_1");
+        let keep_file = base.join("keep.txt");
+        let keep_dir = base.join("keep_dir");
+
+        std::fs::write(&ipc_file, b"socket-placeholder").unwrap();
+        std::fs::write(&ipc_pid_file, b"1234").unwrap();
+        std::fs::write(&ipc_other_postfix_file, b"other-postfix").unwrap();
+        std::fs::write(&keep_file, b"keep").unwrap();
+        std::fs::create_dir_all(&keep_dir).unwrap();
+
+        let base_c = std::ffi::CString::new(base.as_os_str().as_bytes().to_vec()).unwrap();
+        let base_fd = super::open_ipc_parent_dir_fd(&base_c).unwrap();
+        let _base_guard = super::FdGuard(base_fd);
+        super::scrub_preexisting_ipc_parent_entries(base_fd, &base, "_service").unwrap();
+
+        assert!(!ipc_file.exists());
+        assert!(!ipc_pid_file.exists());
+        assert!(ipc_other_postfix_file.exists());
+        assert!(keep_file.exists());
+        assert!(keep_dir.exists());
+
+        std::fs::remove_file(&ipc_other_postfix_file).ok();
+        std::fs::remove_file(&keep_file).ok();
+        std::fs::remove_dir_all(&keep_dir).ok();
+        std::fs::remove_dir_all(&base).ok();
+    }
+
+    #[test]
+    fn test_scrub_preexisting_ipc_parent_entries_should_bind_to_opened_inode_not_path() {
+        use std::os::unix::ffi::OsStrExt;
+
+        let unique = format!(
+            "rustdesk-ipc-scrub-fd-bind-test-{}-{}",
+            std::process::id(),
+            std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .unwrap_or_default()
+                .as_nanos()
+        );
+        let base = std::env::temp_dir().join(unique);
+        std::fs::create_dir_all(&base).unwrap();
+
+        let trusted_parent = base.join("trusted_parent");
+        let trusted_parent_moved = base.join("trusted_parent_moved");
+        let attacker_parent = base.join("attacker_parent");
+        std::fs::create_dir_all(&trusted_parent).unwrap();
+        std::fs::create_dir_all(&attacker_parent).unwrap();
+
+        let trusted_ipc_file = trusted_parent.join("ipc_service");
+        let attacker_ipc_file = attacker_parent.join("ipc_service");
+        std::fs::write(&trusted_ipc_file, b"trusted").unwrap();
+        std::fs::write(&attacker_ipc_file, b"attacker").unwrap();
+
+        let trusted_parent_c =
+            std::ffi::CString::new(trusted_parent.as_os_str().as_bytes().to_vec()).unwrap();
+        let trusted_parent_fd = super::open_ipc_parent_dir_fd(&trusted_parent_c).unwrap();
+        let _trusted_parent_guard = super::FdGuard(trusted_parent_fd);
+
+        // Swap the path after the trusted inode has been opened.
+        std::fs::rename(&trusted_parent, &trusted_parent_moved).unwrap();
+        std::fs::rename(&attacker_parent, &trusted_parent).unwrap();
+
+        super::scrub_preexisting_ipc_parent_entries(trusted_parent_fd, &trusted_parent, "_service")
+            .unwrap();
+
+        // Expected secure behavior: scrub should target the inode that was opened before path swap.
+        assert!(
+            !trusted_parent_moved.join("ipc_service").exists(),
+            "trusted inode artifact should be removed even after path swap"
+        );
+        assert!(
+            trusted_parent.join("ipc_service").exists(),
+            "path-swapped attacker directory should not be scrubbed"
+        );
+
+        std::fs::remove_dir_all(&base).ok();
+    }
+
+    #[test]
+    fn test_ensure_secure_ipc_parent_dir_keeps_service_artifacts_before_liveness_probe() {
+        use std::os::unix::fs::PermissionsExt;
+
+        let unique = format!(
+            "rustdesk-ipc-secure-dir-order-test-{}-{}",
+            std::process::id(),
+            std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .unwrap_or_default()
+                .as_nanos()
+        );
+        let base = std::env::temp_dir().join(unique);
+        std::fs::create_dir_all(&base).unwrap();
+
+        let parent_dir = base.join("service_parent");
+        std::fs::create_dir_all(&parent_dir).unwrap();
+        // Trigger "had_untrusted_service_parent_mode".
+        std::fs::set_permissions(&parent_dir, std::fs::Permissions::from_mode(0o777)).unwrap();
+
+        let ipc_file = parent_dir.join("ipc_service");
+        let ipc_pid_file = parent_dir.join("ipc_service.pid");
+        std::fs::write(&ipc_file, b"socket-placeholder").unwrap();
+        std::fs::write(&ipc_pid_file, b"1234").unwrap();
+
+        let res =
+            super::ensure_secure_ipc_parent_dir(ipc_file.to_string_lossy().as_ref(), "_service");
+        assert_eq!(res.unwrap(), true);
+
+        // Parent hardening should run first; artifacts should stay until liveness probe completes.
+        assert!(ipc_file.exists(), "ipc socket marker should be preserved");
+        assert!(ipc_pid_file.exists(), "pid marker should be preserved");
+
+        std::fs::remove_dir_all(&base).ok();
+    }
+
+    #[test]
+    fn test_ensure_secure_ipc_parent_dir_marks_non_service_mode_repair_for_scrub() {
+        use std::os::unix::fs::PermissionsExt;
+
+        let unique = format!(
+            "rustdesk-ipc-nonservice-mode-repair-test-{}-{}",
+            std::process::id(),
+            std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .unwrap_or_default()
+                .as_nanos()
+        );
+        let base = std::env::temp_dir().join(unique);
+        std::fs::create_dir_all(&base).unwrap();
+
+        let parent_dir = base.join("non_service_parent");
+        std::fs::create_dir_all(&parent_dir).unwrap();
+        std::fs::set_permissions(&parent_dir, std::fs::Permissions::from_mode(0o755)).unwrap();
+
+        let ipc_file = parent_dir.join("ipc");
+        std::fs::write(&ipc_file, b"socket-placeholder").unwrap();
+
+        let res = super::ensure_secure_ipc_parent_dir(ipc_file.to_string_lossy().as_ref(), "");
+        assert_eq!(res.unwrap(), true);
+
+        std::fs::remove_dir_all(&base).ok();
+    }
+
+    #[test]
+    fn test_should_scrub_parent_entries_after_check_pid_only_when_requested_and_not_alive() {
+        assert!(!super::should_scrub_parent_entries_after_check_pid(
+            false, false
+        ));
+        assert!(!super::should_scrub_parent_entries_after_check_pid(
+            false, true
+        ));
+        assert!(super::should_scrub_parent_entries_after_check_pid(
+            true, false
+        ));
+        assert!(!super::should_scrub_parent_entries_after_check_pid(
+            true, true
+        ));
+    }
+}

src/keyboard.rs

@@ -82,8 +82,67 @@ lazy_static::lazy_static! {
 pub mod client {
     use super::*;
 
+    /// Tracks grab ownership and serializes transitions across threads.
+    ///
+    /// Multiple Flutter isolates (one per session window) call
+    /// `change_grab_status(Run/Wait)` concurrently. Without serialization a
+    /// stale `Wait` from session A can clobber session B's freshly acquired
+    /// grab on any desktop OS.
+    ///
+    /// Windows and macOS are less susceptible in practice because the Flutter
+    /// side triggers `enterView` only after a mouse click inside the window,
+    /// but we cannot rely on that. On Linux/X11, `XGrabKeyboard` can also
+    /// cause a focus-change feedback loop (~10 Hz), so `last_grab` debounces
+    /// spurious `Wait` events that arrive shortly after a `Run`.
+    #[derive(Default)]
+    struct GrabOwnerState {
+        owner: Option<u128>,
+        last_grab: Option<std::time::Instant>,
+        /// True while a deferred-release thread is in flight. Prevents
+        /// spawning redundant threads during the X11 feedback loop.
+        deferred_pending: bool,
+    }
+
+    /// How long after a grab acquisition we suppress Wait from the same session.
+    /// Must exceed one full X11 feedback cycle (~100 ms: 50 ms enable + 50 ms disable).
+    #[cfg(target_os = "linux")]
+    const GRAB_DEBOUNCE_MS: u128 = 300;
+
     lazy_static::lazy_static! {
         static ref IS_GRAB_STARTED: Arc<Mutex<bool>> = Arc::new(Mutex::new(false));
+        static ref GRAB_STATE: Arc<Mutex<GrabOwnerState>> = Arc::new(Mutex::new(GrabOwnerState::default()));
+    }
+
+    #[cfg(target_os = "linux")]
+    lazy_static::lazy_static! {
+        static ref GRAB_OP_LOCK: Mutex<()> = Mutex::new(());
+    }
+
+    #[cfg(target_os = "linux")]
+    fn apply_run_grab_if_owner(session_id: u128, disable_first: bool) {
+        let _lock = GRAB_OP_LOCK.lock().unwrap();
+        let gs = GRAB_STATE.lock().unwrap();
+        if gs.owner != Some(session_id) {
+            return;
+        }
+        drop(gs);
+        if disable_first {
+            log::debug!("[grab] handoff: disable_grab before re-grab");
+            rdev::disable_grab();
+        }
+        rdev::enable_grab();
+    }
+
+    #[cfg(target_os = "linux")]
+    fn disable_grab_if_released() {
+        let _lock = GRAB_OP_LOCK.lock().unwrap();
+        let should_disable = {
+            let gs = GRAB_STATE.lock().unwrap();
+            gs.owner.is_none() && gs.last_grab.is_none()
+        };
+        if should_disable {
+            rdev::disable_grab();
+        }
     }
 
     pub fn start_grab_loop() {
@@ -96,36 +155,167 @@ pub mod client {
     }
 
     #[cfg(not(any(target_os = "android", target_os = "ios")))]
-    pub fn change_grab_status(state: GrabState, keyboard_mode: &str) {
+    pub fn change_grab_status(state: GrabState, keyboard_mode: &str, session_id: u128) {
         #[cfg(feature = "flutter")]
         if !IS_RDEV_ENABLED.load(Ordering::SeqCst) {
             return;
         }
+        // Serialize transitions so a stale `Wait` from a previous owner cannot
+        // clobber a fresh `Run` from a different session window.
+        let mut release_after_unlock = None;
+        #[cfg(target_os = "linux")]
+        let mut run_grab_after_unlock = None;
+        #[cfg(target_os = "linux")]
+        let mut disable_after_unlock = false;
+        let mut gs = GRAB_STATE.lock().unwrap();
         match state {
             GrabState::Ready => {}
             GrabState::Run => {
                 #[cfg(windows)]
                 update_grab_get_key_name(keyboard_mode);
+
+                // Idempotent: if this session already owns the grab, just
+                // refresh the debounce timer (proves the session is still
+                // actively focused) and skip the actual grab call.
+                if gs.owner == Some(session_id) {
+                    gs.last_grab = Some(std::time::Instant::now());
+                    // Reset so the next Wait can spawn a fresh deferred-release
+                    // timer with an up-to-date snapshot of last_grab.
+                    gs.deferred_pending = false;
+                    log::debug!(
+                        "[grab] Run(0x{:x}): already owner, refresh debounce",
+                        session_id
+                    );
+                    return;
+                }
+
+                log::debug!(
+                    "[grab] Run(0x{:x}): prev_owner={}, mode={}",
+                    session_id,
+                    gs.owner
+                        .map_or("none".to_string(), |id| format!("0x{:x}", id)),
+                    keyboard_mode,
+                );
+
                 #[cfg(any(target_os = "windows", target_os = "macos", target_os = "linux"))]
-                KEYBOARD_HOOKED.swap(true, Ordering::SeqCst);
+                KEYBOARD_HOOKED.store(true, Ordering::SeqCst);
 
                 #[cfg(target_os = "linux")]
-                rdev::enable_grab();
+                let had_owner = gs.owner.is_some();
+                gs.owner = Some(session_id);
+                gs.last_grab = Some(std::time::Instant::now());
+                // Invalidate any in-flight deferred release from the previous
+                // owner so it cannot suppress a fresh timer for the new owner.
+                gs.deferred_pending = false;
+                #[cfg(target_os = "linux")]
+                {
+                    run_grab_after_unlock = Some(had_owner);
+                }
             }
             GrabState::Wait => {
+                // Drop stale `Wait` events that do not correspond to the
+                // current grab owner. This prevents a late PointerExit from
+                // session A from releasing session B's freshly acquired grab.
+                if gs.owner != Some(session_id) {
+                    log::debug!(
+                        "[grab] Wait(0x{:x}): ignored, owner={}",
+                        session_id,
+                        gs.owner
+                            .map_or("none".to_string(), |id| format!("0x{:x}", id)),
+                    );
+                    return;
+                }
+
+                // Debounce: on Linux/X11, XGrabKeyboard causes a focus-change
+                // feedback loop (grab -> PointerExit -> ungrab -> PointerEnter ->
+                // grab -> ...). Suppress Wait if the grab was acquired recently
+                // by this same session -- it is X11 feedback, not a real leave.
+                // A deferred release is scheduled so that a genuine leave within
+                // the debounce window is not permanently lost.
+                #[cfg(target_os = "linux")]
+                if let Some(t) = gs.last_grab {
+                    let elapsed = t.elapsed().as_millis();
+                    if elapsed < GRAB_DEBOUNCE_MS {
+                        if !gs.deferred_pending {
+                            log::debug!(
+                                "[grab] Wait(0x{:x}): debounced ({}ms < {}ms), scheduling deferred release",
+                                session_id, elapsed, GRAB_DEBOUNCE_MS,
+                            );
+                            gs.deferred_pending = true;
+                            let remaining = (GRAB_DEBOUNCE_MS - elapsed) as u64 + 50;
+                            let snapshot = gs.last_grab;
+                            let mode = keyboard_mode.to_string();
+                            std::thread::spawn(move || {
+                                std::thread::sleep(std::time::Duration::from_millis(remaining));
+                                let release_keys = {
+                                    let mut gs = GRAB_STATE.lock().unwrap();
+                                    // Release only if no new Run has refreshed the grab since.
+                                    if gs.owner == Some(session_id) && gs.last_grab == snapshot {
+                                        let to_release = take_remote_keys();
+                                        gs.deferred_pending = false;
+                                        log::debug!(
+                                            "[grab] Wait(0x{:x}): deferred release",
+                                            session_id
+                                        );
+                                        KEYBOARD_HOOKED.store(false, Ordering::SeqCst);
+                                        gs.owner = None;
+                                        gs.last_grab = None;
+                                        Some(to_release)
+                                    } else {
+                                        log::debug!(
+                                            "[grab] Wait(0x{:x}): deferred release cancelled (grab refreshed)",
+                                            session_id,
+                                        );
+                                        None
+                                    }
+                                };
+                                if let Some(to_release) = release_keys {
+                                    disable_grab_if_released();
+                                    release_remote_keys_for_events(&mode, to_release);
+                                }
+                            });
+                        } else {
+                            log::debug!(
+                                "[grab] Wait(0x{:x}): debounced, deferred release already pending",
+                                session_id,
+                            );
+                        }
+                        return;
+                    }
+                }
+
+                log::debug!("[grab] Wait(0x{:x}): releasing grab", session_id);
+
                 #[cfg(windows)]
                 rdev::set_get_key_unicode(false);
 
-                release_remote_keys(keyboard_mode);
-
                 #[cfg(any(target_os = "windows", target_os = "macos", target_os = "linux"))]
-                KEYBOARD_HOOKED.swap(false, Ordering::SeqCst);
+                KEYBOARD_HOOKED.store(false, Ordering::SeqCst);
 
+                gs.owner = None;
+                gs.last_grab = None;
+                gs.deferred_pending = false;
+                release_after_unlock = Some(take_remote_keys());
                 #[cfg(target_os = "linux")]
-                rdev::disable_grab();
+                {
+                    disable_after_unlock = true;
+                }
             }
             GrabState::Exit => {}
         }
+        drop(gs);
+        #[cfg(target_os = "linux")]
+        {
+            if disable_after_unlock {
+                disable_grab_if_released();
+            }
+            if let Some(disable_first) = run_grab_after_unlock {
+                apply_run_grab_if_owner(session_id, disable_first);
+            }
+        }
+        if let Some(to_release) = release_after_unlock {
+            release_remote_keys_for_events(keyboard_mode, to_release);
+        }
     }
 
     pub fn process_event(keyboard_mode: &str, event: &Event, lock_modes: Option<i32>) {
@@ -341,7 +531,6 @@ fn notify_exit_relative_mouse_mode() {
     flutter::push_session_event(&session_id, "exit_relative_mouse_mode", vec![]);
 }
 
-
 /// Handle relative mouse mode shortcuts in the rdev grab loop.
 /// Returns true if the event should be blocked from being sent to the peer.
 #[cfg(feature = "flutter")]
@@ -540,10 +729,12 @@ pub fn is_long_press(event: &Event) -> bool {
     return false;
 }
 
-pub fn release_remote_keys(keyboard_mode: &str) {
-    // todo!: client quit suddenly, how to release keys?
-    let to_release = TO_RELEASE.lock().unwrap().clone();
-    TO_RELEASE.lock().unwrap().clear();
+fn take_remote_keys() -> HashMap<Key, Event> {
+    let mut to_release = TO_RELEASE.lock().unwrap();
+    std::mem::take(&mut *to_release)
+}
+
+fn release_remote_keys_for_events(keyboard_mode: &str, to_release: HashMap<Key, Event>) {
     for (key, mut event) in to_release.into_iter() {
         event.event_type = EventType::KeyRelease(key);
         client::process_event(keyboard_mode, &event, None);
@@ -558,6 +749,12 @@ pub fn release_remote_keys(keyboard_mode: &str) {
     }
 }
 
+#[allow(dead_code)]
+pub fn release_remote_keys(keyboard_mode: &str) {
+    // todo!: client quit suddenly, how to release keys?
+    release_remote_keys_for_events(keyboard_mode, take_remote_keys());
+}
+
 pub fn get_keyboard_mode_enum(keyboard_mode: &str) -> KeyboardMode {
     match keyboard_mode {
         "map" => KeyboardMode::Map,
@@ -748,7 +945,6 @@ pub fn event_to_key_events(
 ) -> Vec<KeyEvent> {
     peer.retain(|c| !c.is_whitespace());
 
-    let mut key_event = KeyEvent::new();
     update_modifiers_state(event);
 
     match event.event_type {
@@ -761,6 +957,7 @@ pub fn event_to_key_events(
         _ => {}
     }
 
+    let mut key_event = KeyEvent::new();
     key_event.mode = keyboard_mode.into();
 
     let mut key_events = match keyboard_mode {

src/lang.rs

@@ -16,8 +16,10 @@ mod es;
 mod et;
 mod eu;
 mod fa;
+mod gu;
 mod fr;
 mod he;
+mod hi;
 mod hr;
 mod hu;
 mod id;
@@ -47,6 +49,7 @@ mod vi;
 mod ta;
 mod ge;
 mod fi;
+mod ml;
 
 pub const LANGS: &[(&str, &str)] = &[
     ("en", "English"),
@@ -95,6 +98,9 @@ pub const LANGS: &[(&str, &str)] = &[
     ("ta", "தமிழ்"),
     ("ge", "ქართული"),
     ("fi", "Suomi"),
+    ("ml", "മലയാളം"),
+    ("hi", "हिंदी"),
+    ("gu", "ગુજરાતી"),
 ];
 
 #[cfg(not(any(target_os = "android", target_os = "ios")))]
@@ -173,6 +179,9 @@ pub fn translate_locale(name: String, locale: &str) -> String {
         "sc" => sc::T.deref(),
         "ta" => ta::T.deref(),
         "ge" => ge::T.deref(),
+        "ml" => ml::T.deref(),
+        "hi" => hi::T.deref(),
+        "gu" => gu::T.deref(),
         _ => en::T.deref(),
     };
     let (name, placeholder_value) = extract_placeholder(&name);

src/lang/ar.rs

@@ -729,17 +729,20 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("server-oss-not-support-tip", "هذه الميزة غير مدعومة من قبل خادمك"),
         ("input note here", "أدخل الملاحظة هنا"),
         ("note-at-conn-end-tip", "سيتم عرض هذه الملاحظة عند نهاية الاتصال"),
-        ("Show terminal extra keys", ""),
-        ("Relative mouse mode", ""),
-        ("rel-mouse-not-supported-peer-tip", ""),
-        ("rel-mouse-not-ready-tip", ""),
-        ("rel-mouse-lock-failed-tip", ""),
-        ("rel-mouse-exit-{}-tip", ""),
-        ("rel-mouse-permission-lost-tip", ""),
-        ("Changelog", ""),
-        ("keep-awake-during-outgoing-sessions-label", ""),
-        ("keep-awake-during-incoming-sessions-label", ""),
+        ("Show terminal extra keys", "إظهار مفاتيح إضافية في الطرفية"),
+        ("Relative mouse mode", "وضع الماوس النسبي"),
+        ("rel-mouse-not-supported-peer-tip", "وضع الماوس النسبي غير مدعوم على الجهاز الآخر"),
+        ("rel-mouse-not-ready-tip", "وضع الماوس النسبي غير جاهز"),
+        ("rel-mouse-lock-failed-tip", "فشل قفل الماوس النسبي"),
+        ("rel-mouse-exit-{}-tip", "للخروج من وضع الماوس النسبي اضغط على {}"),
+        ("rel-mouse-permission-lost-tip", "تم فقدان إذن الماوس النسبي"),
+        ("Changelog", "سجل التغييرات"),
+        ("keep-awake-during-outgoing-sessions-label", "إبقاء الجهاز نشطًا أثناء الجلسات الصادرة"),
+        ("keep-awake-during-incoming-sessions-label", "إبقاء الجهاز نشطًا أثناء الجلسات الواردة"),
         ("Continue with {}", "متابعة مع {}"),
-        ("Display Name", ""),
+        ("Display Name", "اسم العرض"),
+        ("password-hidden-tip", "كلمة المرور مخفية"),
+        ("preset-password-in-use-tip", "كلمة المرور المحددة مسبقًا قيد الاستخدام"),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/bg.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", "Продължи с {}"),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/ca.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", "Continua amb {}"),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/cn.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", "传入会话期间保持屏幕常亮"),
         ("Continue with {}", "使用 {} 登录"),
         ("Display Name", "显示名称"),
+        ("password-hidden-tip", "永久密码已设置（已隐藏）"),
+        ("preset-password-in-use-tip", "当前使用预设密码"),
+        ("Enable privacy mode", "允许隐私模式"),
     ].iter().cloned().collect();
 }

src/lang/cs.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", "Pokračovat s {}"),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/da.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", "Fortsæt med {}"),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/de.rs

@@ -379,8 +379,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("Screen Share", "Bildschirmfreigabe"),
         ("ubuntu-21-04-required", "Wayland erfordert Ubuntu 21.04 oder eine höhere Version."),
         ("wayland-requires-higher-linux-version", "Wayland erfordert eine höhere Version der Linux-Distribution. Bitte versuchen Sie den X11-Desktop oder ändern Sie Ihr Betriebssystem."),
-        ("xdp-portal-unavailable", ""),
-        ("JumpLink", "View"),
+        ("xdp-portal-unavailable", "Die Bildschirmaufnahme mit Wayland ist fehlgeschlagen. Das XDG-Desktop-Portal ist möglicherweise abgestürzt oder nicht verfügbar. Versuchen Sie, es mit `systemctl --user restart xdg-desktop-portal` neu zu starten."),
+        ("JumpLink", "Anzeigen"),
         ("Please Select the screen to be shared(Operate on the peer side).", "Bitte wählen Sie den freizugebenden Bildschirm aus (Bedienung auf der Gegenseite)."),
         ("Show RustDesk", "RustDesk anzeigen"),
         ("This PC", "Dieser PC"),
@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", "Bildschirm während eingehender Sitzungen aktiv halten"),
         ("Continue with {}", "Fortfahren mit {}"),
         ("Display Name", "Anzeigename"),
+        ("password-hidden-tip", "Ein permanentes Passwort wurde festgelegt (ausgeblendet)."),
+        ("preset-password-in-use-tip", "Das voreingestellte Passwort wird derzeit verwendet."),
+        ("Enable privacy mode", "Datenschutzmodus aktivieren"),
     ].iter().cloned().collect();
 }

src/lang/el.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", "Διατήρηση ενεργής οθόνης κατά τη διάρκεια των εισερχόμενων συνεδριών"),
         ("Continue with {}", "Συνέχεια με {}"),
         ("Display Name", "Εμφανιζόμενο όνομα"),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/en.rs

@@ -272,5 +272,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("rel-mouse-permission-lost-tip", "Keyboard permission was revoked. Relative Mouse Mode has been disabled."),
         ("keep-awake-during-outgoing-sessions-label", "Keep screen awake during outgoing sessions"),
         ("keep-awake-during-incoming-sessions-label", "Keep screen awake during incoming sessions"),
+        ("password-hidden-tip", "Permanent password is set (hidden)."),
+        ("preset-password-in-use-tip", "Preset password is currently in use."),
     ].iter().cloned().collect();
 }

src/lang/eo.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", ""),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/es.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", "Continuar con {}"),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/et.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", "Jätka koos {}"),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/eu.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", "{} honekin jarraitu"),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/fa.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", "ادامه با {}"),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/fi.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", "Jatka käyttäen {}"),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/fr.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", "Maintenir l’écran allumé lors des sessions entrantes"),
         ("Continue with {}", "Continuer avec {}"),
         ("Display Name", "Nom d’affichage"),
+        ("password-hidden-tip", "Le mot de passe permanent est défini (masqué)."),
+        ("preset-password-in-use-tip", "Le mot de passe prédéfini est actuellement utilisé."),
+        ("Enable privacy mode", "Activer le mode de confidentialité"),
     ].iter().cloned().collect();
 }

src/lang/ge.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", "{}-ით გაგრძელება"),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/gu.rs

@@ -0,0 +1,747 @@
+lazy_static::lazy_static! {
+pub static ref T: std::collections::HashMap<&'static str, &'static str> =
+    [
+        ("Status", "સ્થિતિ"),
+        ("Your Desktop", "તમારું ડેસ્કટોપ"),
+        ("desk_tip", "તમારું ડેસ્કટોપ આ ID અને પાસવર્ડ દ્વારા એક્સેસ કરી શકાય છે."),
+        ("Password", "પાસવર્ડ"),
+        ("Ready", "તૈયાર"),
+        ("Established", "સ્થાપિત"),
+        ("connecting_status", "નેટવર્ક સાથે જોડાઈ રહ્યું છે..."),
+        ("Enable service", "સેવા સક્ષમ કરો"),
+        ("Start service", "સેવા શરૂ કરો"),
+        ("Service is running", "સેવા કાર્યરત છે"),
+        ("Service is not running", "સેવા કાર્યરત નથી"),
+        ("not_ready_status", "તૈયાર નથી. કૃપા કરીને તમારું કનેક્શન તપાસો"),
+        ("Control Remote Desktop", "રિમોટ ડેસ્કટોપ નિયંત્રિત કરો"),
+        ("Transfer file", "ફાઇલ ટ્રાન્સફર"),
+        ("Connect", "કનેક્ટ કરો"),
+        ("Recent sessions", "તાજેતરના સત્રો"),
+        ("Address book", "એડ્રેસ બુક"),
+        ("Confirmation", "પુષ્ટિકરણ"),
+        ("TCP tunneling", "TCP ટનલિંગ"),
+        ("Remove", "દૂર કરો"),
+        ("Refresh random password", "રેન્ડમ પાસવર્ડ બદલો"),
+        ("Set your own password", "તમારો પોતાનો પાસવર્ડ સેટ કરો"),
+        ("Enable keyboard/mouse", "કીબોર્ડ/માઉસ સક્ષમ કરો"),
+        ("Enable clipboard", "ક્લિપબોર્ડ સક્ષમ કરો"),
+        ("Enable file transfer", "ફાઇલ ટ્રાન્સફર સક્ષમ કરો"),
+        ("Enable TCP tunneling", "TCP ટનલિંગ સક્ષમ કરો"),
+        ("IP Whitelisting", "IP વ્હાઇટલિસ્ટિંગ"),
+        ("ID/Relay Server", "ID/રિલે સર્વર"),
+        ("Import server config", "સર્વર કોન્ફિગ ઈમ્પોર્ટ કરો"),
+        ("Export Server Config", "સર્વર કોન્ફિગ એક્સપોર્ટ કરો"),
+        ("Import server configuration successfully", "સર્વર કોન્ફિગરેશન સફળતાપૂર્વક ઈમ્પોર્ટ થયું"),
+        ("Export server configuration successfully", "સર્વર કોન્ફિગરેશન સફળતાપૂર્વક એક્સપોર્ટ થયું"),
+        ("Invalid server configuration", "અમાન્ય સર્વર કોન્ફિગરેશન"),
+        ("Clipboard is empty", "ક્લિપબોર્ડ ખાલી છે"),
+        ("Stop service", "સેવા બંધ કરો"),
+        ("Change ID", "ID બદલો"),
+        ("Your new ID", "તમારું નવું ID"),
+        ("length %min% to %max%", "લંબાઈ %min% થી %max% સુધી"),
+        ("starts with a letter", "અક્ષરથી શરૂ થાય છે"),
+        ("allowed characters", "માન્ય અક્ષરો"),
+        ("id_change_tip", "ID બદલ્યા પછી વર્તમાન કનેક્શન તૂટી જશે."),
+        ("Website", "વેબસાઇટ"),
+        ("About", "વિશે"),
+        ("Slogan_tip", "વધુ સારા અનુભવ માટે બનાવેલ રિમોટ ડેસ્કટોપ સોફ્ટવેર"),
+        ("Privacy Statement", "ગોપનીયતા નિવેદન"),
+        ("Mute", "મ્યૂટ કરો"),
+        ("Build Date", "બિલ્ડ તારીખ"),
+        ("Version", "સંસ્કરણ (Version)"),
+        ("Home", "હોમ"),
+        ("Audio Input", "ઓડિયો ઇનપુટ"),
+        ("Enhancements", "વધારાની સુવિધાઓ"),
+        ("Hardware Codec", "હાર્ડવેર કોડેક"),
+        ("Adaptive bitrate", "એડેપ્ટિવ બિટરેટ"),
+        ("ID Server", "ID સર્વર"),
+        ("Relay Server", "રિલે સર્વર"),
+        ("API Server", "API સર્વર"),
+        ("invalid_http", "અમાન્ય HTTP લિંક"),
+        ("Invalid IP", "અમાન્ય IP"),
+        ("Invalid format", "અમાન્ય ફોર્મેટ"),
+        ("server_not_support", "સર્વર દ્વારા સમર્થિત નથી"),
+        ("Not available", "ઉપલબ્ધ નથી"),
+        ("Too frequent", "ખૂબ વારંવાર"),
+        ("Cancel", "રદ કરો"),
+        ("Skip", "રહેવા દો (Skip)"),
+        ("Close", "બંધ કરો"),
+        ("Retry", "ફરી પ્રયાસ કરો"),
+        ("OK", "બરાબર"),
+        ("Password Required", "પાસવર્ડ જરૂરી છે"),
+        ("Please enter your password", "કૃપા કરીને તમારો પાસવર્ડ દાખલ કરો"),
+        ("Remember password", "પાસવર્ડ યાદ રાખો"),
+        ("Wrong Password", "ખોટો પાસવર્ડ"),
+        ("Do you want to enter again?", "શું તમે ફરીથી દાખલ કરવા માંગો છો?"),
+        ("Connection Error", "કનેક્શન ભૂલ"),
+        ("Error", "ભૂલ"),
+        ("Reset by the peer", "સામેના છેડેથી રિસેટ કરવામાં આવ્યું"),
+        ("Connecting...", "જોડાઈ રહ્યું છે..."),
+        ("Connection in progress. Please wait.", "કનેક્શન ચાલુ છે. કૃપા કરીને રાહ જુઓ."),
+        ("Please try 1 minute later", "કૃપા કરીને 1 મિનિટ પછી ફરી પ્રયાસ કરો"),
+        ("Login Error", "લોગિન ભૂલ"),
+        ("Successful", "સફળ"),
+        ("Connected, waiting for image...", "જોડાયેલ, ઇમેજની રાહ જોવાય છે..."),
+        ("Name", "નામ"),
+        ("Type", "પ્રકાર"),
+        ("Modified", "સુધારેલ"),
+        ("Size", "કદ (Size)"),
+        ("Show Hidden Files", "છુપાયેલી ફાઇલો બતાવો"),
+        ("Receive", "મેળવો"),
+        ("Send", "મોકલો"),
+        ("Refresh File", "ફાઇલ રિફ્રેશ કરો"),
+        ("Local", "લોકલ"),
+        ("Remote", "રિમોટ"),
+        ("Remote Computer", "રિમોટ કોમ્પ્યુટર"),
+        ("Local Computer", "લોકલ કોમ્પ્યુટર"),
+        ("Confirm Delete", "કાઢી નાખવાની પુષ્ટિ કરો"),
+        ("Delete", "કાઢી નાખો"),
+        ("Properties", "ગુણધર્મો (Properties)"),
+        ("Multi Select", "બહુ-પસંદગી"),
+        ("Select All", "બધું પસંદ કરો"),
+        ("Unselect All", "બધું નાપસંદ કરો"),
+        ("Empty Directory", "ખાલી ડિરેક્ટરી"),
+        ("Not an empty directory", "ડિરેક્ટરી ખાલી નથી"),
+        ("Are you sure you want to delete this file?", "શું તમે ખરેખર આ ફાઇલ કાઢી નાખવા માંગો છો?"),
+        ("Are you sure you want to delete this empty directory?", "શું તમે ખરેખર આ ખાલી ડિરેક્ટરી કાઢી નાખવા માંગો છો?"),
+        ("Are you sure you want to delete the file of this directory?", "શું તમે ખરેખર આ ડિરેક્ટરીની ફાઇલ કાઢી નાખવા માંગો છો?"),
+        ("Do this for all conflicts", "તમામ વિવાદો માટે આ કરો"),
+        ("This is irreversible!", "આ બદલી શકાશે નહીં!"),
+        ("Deleting", "કાઢી નાખવામાં આવી રહ્યું છે"),
+        ("files", "ફાઇલો"),
+        ("Waiting", "રાહ જુઓ"),
+        ("Finished", "પૂરું થયું"),
+        ("Speed", "ગતિ"),
+        ("Custom Image Quality", "કસ્ટમ ઇમેજ ગુણવત્તા"),
+        ("Privacy mode", "પ્રાઇવસી મોડ"),
+        ("Block user input", "યુઝર ઇનપુટ બ્લોક કરો"),
+        ("Unblock user input", "યુઝર ઇનપુટ અનબ્લોક કરો"),
+        ("Adjust Window", "વિન્ડો એડજસ્ટ કરો"),
+        ("Original", "મૂળ (Original)"),
+        ("Shrink", "સંકોચો (Shrink)"),
+        ("Stretch", "ખેંચો (Stretch)"),
+        ("Scrollbar", "સ્ક્રોલબાર"),
+        ("ScrollAuto", "ઓટો સ્ક્રોલ"),
+        ("Good image quality", "સારી ઇમેજ ગુણવત્તા"),
+        ("Balanced", "સંતુલિત"),
+        ("Optimize reaction time", "પ્રતિક્રિયા સમય શ્રેષ્ઠ બનાવો"),
+        ("Custom", "કસ્ટમ"),
+        ("Show remote cursor", "રિમોટ કર્સર બતાવો"),
+        ("Show quality monitor", "ક્વોલિટી મોનિટર બતાવો"),
+        ("Disable clipboard", "ક્લિપબોર્ડ અક્ષમ કરો"),
+        ("Lock after session end", "સત્ર સમાપ્ત થયા પછી લોક કરો"),
+        ("Insert Ctrl + Alt + Del", "Ctrl + Alt + Del દાખલ કરો"),
+        ("Insert Lock", "લોક દાખલ કરો"),
+        ("Refresh", "રિફ્રેશ કરો"),
+        ("ID does not exist", "ID અસ્તિત્વમાં નથી"),
+        ("Failed to connect to rendezvous server", "Rendezvous સર્વર સાથે જોડવામાં નિષ્ફળ"),
+        ("Please try later", "કૃપા કરીને પછી પ્રયાસ કરો"),
+        ("Remote desktop is offline", "રિમોટ ડેસ્કટોપ ઓફલાઇન છે"),
+        ("Key mismatch", "કી મેળ ખાતી નથી"),
+        ("Timeout", "સમય સમાપ્ત"),
+        ("Failed to connect to relay server", "રિલે સર્વર સાથે જોડવામાં નિષ્ફળ"),
+        ("Failed to connect via rendezvous server", "Rendezvous સર્વર દ્વારા જોડવામાં નિષ્ફળ"),
+        ("Failed to connect via relay server", "રિલે સર્વર દ્વારા જોડવામાં નિષ્ફળ"),
+        ("Failed to make direct connection to remote desktop", "રિમોટ ડેસ્કટોપ સાથે સીધું જોડાણ કરવામાં નિષ્ફળ"),
+        ("Set Password", "પાસવર્ડ સેટ કરો"),
+        ("OS Password", "OS પાસવર્ડ"),
+        ("install_tip", "શ્રેષ્ઠ પ્રદર્શન માટે, કૃપા કરીને ઇન્સ્ટોલ કરો."),
+        ("Click to upgrade", "અપગ્રેડ કરવા માટે ક્લિક કરો"),
+        ("Configure", "કોન્ફિગર કરો"),
+        ("config_acc", "એક્સેસિબિલિટી કોન્ફિગર કરો"),
+        ("config_screen", "સ્ક્રીન કોન્ફિગર કરો"),
+        ("Installing ...", "ઇન્સ્ટોલ થઈ રહ્યું છે..."),
+        ("Install", "ઇન્સ્ટોલ કરો"),
+        ("Installation", "ઇન્સ્ટોલેશન"),
+        ("Installation Path", "ઇન્સ્ટોલેશન પાથ"),
+        ("Create start menu shortcuts", "સ્ટાર્ટ મેનૂ શોર્ટકટ બનાવો"),
+        ("Create desktop icon", "ડેસ્કટોપ આઇકોન બનાવો"),
+        ("agreement_tip", "ઇન્સ્ટોલ કરીને તમે લાયસન્સ કરાર સ્વીકારો છો."),
+        ("Accept and Install", "સ્વીકારો અને ઇન્સ્ટોલ કરો"),
+        ("End-user license agreement", "અંતિમ વપરાશકર્તા લાયસન્સ કરાર"),
+        ("Generating ...", "જનરેટ થઈ રહ્યું છે..."),
+        ("Your installation is lower version.", "તમારું ઇન્સ્ટોલેશન જૂનું સંસ્કરણ છે."),
+        ("not_close_tcp_tip", "ટનલનો ઉપયોગ કરતી વખતે આ વિન્ડો બંધ કરશો નહીં."),
+        ("Listening ...", "સાંભળી રહ્યું છે..."),
+        ("Remote Host", "રિમોટ હોસ્ટ"),
+        ("Remote Port", "રિમોટ પોર્ટ"),
+        ("Action", "ક્રિયા"),
+        ("Add", "ઉમેરો"),
+        ("Local Port", "લોકલ પોર્ટ"),
+        ("Local Address", "લોકલ સરનામું"),
+        ("Change Local Port", "લોકલ પોર્ટ બદલો"),
+        ("setup_server_tip", "ઝડપી કનેક્શન માટે તમારું પોતાનું સર્વર સેટ કરો"),
+        ("Too short, at least 6 characters.", "ખૂબ ટૂંકું, ઓછામાં ઓછા 6 અક્ષરો હોવા જોઈએ."),
+        ("The confirmation is not identical.", "પુષ્ટિકરણ સરખું નથી."),
+        ("Permissions", "પરવાનગીઓ"),
+        ("Accept", "સ્વીકારો"),
+        ("Dismiss", "ખારીજ કરો"),
+        ("Disconnect", "ડિસ્કનેક્ટ કરો"),
+        ("Enable file copy and paste", "ફાઇલ કોપી અને પેસ્ટ સક્ષમ કરો"),
+        ("Connected", "જોડાયેલ"),
+        ("Direct and encrypted connection", "સીધું અને એન્ક્રિપ્ટેડ કનેક્શન"),
+        ("Relayed and encrypted connection", "રિલે અને એન્ક્રિપ્ટેડ કનેક્શન"),
+        ("Direct and unencrypted connection", "સીધું અને અનએન્ક્રિપ્ટેડ કનેક્શન"),
+        ("Relayed and unencrypted connection", "રિલે અને અનએન્ક્રિપ્ટેડ કનેક્શન"),
+        ("Enter Remote ID", "રિમોટ ID દાખલ કરો"),
+        ("Enter your password", "તમારો પાસવર્ડ દાખલ કરો"),
+        ("Logging in...", "લોગિન થઈ રહ્યું છે..."),
+        ("Enable RDP session sharing", "RDP સત્ર શેરિંગ સક્ષમ કરો"),
+        ("Auto Login", "ઓટો લોગિન"),
+        ("Enable direct IP access", "સીધું IP એક્સેસ સક્ષમ કરો"),
+        ("Rename", "નામ બદલો"),
+        ("Space", "જગ્યા (Space)"),
+        ("Create desktop shortcut", "ડેસ્કટોપ શોર્ટકટ બનાવો"),
+        ("Change Path", "પાથ બદલો"),
+        ("Create Folder", "ફોલ્ડર બનાવો"),
+        ("Please enter the folder name", "કૃપા કરીને ફોલ્ડરનું નામ દાખલ કરો"),
+        ("Fix it", "તેને ઠીક કરો"),
+        ("Warning", "ચેતવણી"),
+        ("Login screen using Wayland is not supported", "Wayland ઉપયોગ કરતી લોગિન સ્ક્રીન સમર્થિત નથી"),
+        ("Reboot required", "રિબૂટ જરૂરી છે"),
+        ("Unsupported display server", "અસમર્થિત ડિસ્પ્લે સર્વર"),
+        ("x11 expected", "x11 અપેક્ષિત છે"),
+        ("Port", "પોર્ટ"),
+        ("Settings", "સેટિંગ્સ"),
+        ("Username", "વપરાશકર્તા નામ"),
+        ("Invalid port", "અમાન્ય પોર્ટ"),
+        ("Closed manually by the peer", "સામેથી મેન્યુઅલી બંધ કરવામાં આવ્યું"),
+        ("Enable remote configuration modification", "રિમોટ કોન્ફિગરેશન ફેરફાર સક્ષમ કરો"),
+        ("Run without install", "ઇન્સ્ટોલ કર્યા વગર ચલાવો"),
+        ("Connect via relay", "રિલે દ્વારા કનેક્ટ કરો"),
+        ("Always connect via relay", "હંમેશા રિલે દ્વારા કનેક્ટ કરો"),
+        ("whitelist_tip", "માત્ર વ્હાઇટલિસ્ટ કરેલ IP જ મને એક્સેસ કરી શકે છે"),
+        ("Login", "લોગિન"),
+        ("Verify", "ચકાસો"),
+        ("Remember me", "મને યાદ રાખો"),
+        ("Trust this device", "આ ઉપકરણ પર વિશ્વાસ કરો"),
+        ("Verification code", "વેરિફિકેશન કોડ"),
+        ("verification_tip", "વેરિફિકેશન કોડ તમારા ઇમેઇલ પર મોકલવામાં આવ્યો છે"),
+        ("Logout", "લોગઆઉટ"),
+        ("Tags", "ટેગ્સ"),
+        ("Search ID", "ID શોધો"),
+        ("whitelist_sep", "અલ્પવિરામ, અર્ધવિરામ અથવા સ્પેસ દ્વારા અલગ કરો"),
+        ("Add ID", "ID ઉમેરો"),
+        ("Add Tag", "ટેગ ઉમેરો"),
+        ("Unselect all tags", "તમામ ટેગ નાપસંદ કરો"),
+        ("Network error", "નેટવર્ક ભૂલ"),
+        ("Username missed", "વપરાશકર્તા નામ બાકી છે"),
+        ("Password missed", "પાસવર્ડ બાકી છે"),
+        ("Wrong credentials", "ખોટી વિગતો"),
+        ("The verification code is incorrect or has expired", "વેરિફિકેશન કોડ ખોટો છે અથવા તેની મર્યાદા પૂરી થઈ ગઈ છે"),
+        ("Edit Tag", "ટેગ સુધારો"),
+        ("Forget Password", "પાસવર્ડ ભૂલી ગયા"),
+        ("Favorites", "પસંદગીના"),
+        ("Add to Favorites", "પસંદગીમાં ઉમેરો"),
+        ("Remove from Favorites", "પસંદગીમાંથી દૂર કરો"),
+        ("Empty", "ખાલી"),
+        ("Invalid folder name", "અમાન્ય ફોલ્ડર નામ"),
+        ("Socks5 Proxy", "Socks5 પ્રોક્સી"),
+        ("Socks5/Http(s) Proxy", "Socks5/Http(s) પ્રોક્સી"),
+        ("Discovered", "શોધાયેલ"),
+        ("install_daemon_tip", "બૂટ વખતે શરૂ કરવા માટે સેવા ઇન્સ્ટોલ કરો"),
+        ("Remote ID", "રિમોટ ID"),
+        ("Paste", "પેસ્ટ કરો"),
+        ("Paste here?", "અહીં પેસ્ટ કરવું છે?"),
+        ("Are you sure to close the connection?", "શું તમે ખરેખર કનેક્શન બંધ કરવા માંગો છો?"),
+        ("Download new version", "નવું સંસ્કરણ ડાઉનલોડ કરો"),
+        ("Touch mode", "ટચ મોડ"),
+        ("Mouse mode", "માઉસ મોડ"),
+        ("One-Finger Tap", "એક આંગળીથી ટેપ"),
+        ("Left Mouse", "ડાબું માઉસ બટન"),
+        ("One-Long Tap", "એક લાંબો ટેપ"),
+        ("Two-Finger Tap", "બે આંગળીથી ટેપ"),
+        ("Right Mouse", "જમણું માઉસ બટન"),
+        ("One-Finger Move", "એક આંગળીથી હલનચલન"),
+        ("Double Tap & Move", "ડબલ ટેપ અને હલનચલન"),
+        ("Mouse Drag", "માઉસ ડ્રેગ"),
+        ("Three-Finger vertically", "ત્રણ આંગળી ઊભી રીતે"),
+        ("Mouse Wheel", "માઉસ વ્હીલ"),
+        ("Two-Finger Move", "બે આંગળીથી હલનચલન"),
+        ("Canvas Move", "કેનવાસ ખસેડો"),
+        ("Pinch to Zoom", "ઝૂમ કરવા માટે પિંચ કરો"),
+        ("Canvas Zoom", "કેનવાસ ઝૂમ"),
+        ("Reset canvas", "કેનવાસ રિસેટ કરો"),
+        ("No permission of file transfer", "ફાઇલ ટ્રાન્સફરની પરવાનગી નથી"),
+        ("Note", "નોંધ"),
+        ("Connection", "કનેક્શન"),
+        ("Share screen", "સ્ક્રીન શેર કરો"),
+        ("Chat", "ચેટ"),
+        ("Total", "કુલ"),
+        ("items", "વસ્તુઓ"),
+        ("Selected", "પસંદ કરેલ"),
+        ("Screen Capture", "સ્ક્રીન કેપ્ચર"),
+        ("Input Control", "ઇનપુટ નિયંત્રણ"),
+        ("Audio Capture", "ઓડિયો કેપ્ચર"),
+        ("Do you accept?", "શું તમે સ્વીકારો છો?"),
+        ("Open System Setting", "સિસ્ટમ સેટિંગ ખોલો"),
+        ("How to get Android input permission?", "Android ઇનપુટ પરવાનગી કેવી રીતે મેળવવી?"),
+        ("android_input_permission_tip1", "ઇનપુટ પરવાનગી મેળવવા માટે એક્સેસિબિલિટી સેવા સક્ષમ કરો."),
+        ("android_input_permission_tip2", "કૃપા કરીને સેટિંગ્સમાં RustDesk શોધો અને તેને ચાલુ કરો."),
+        ("android_new_connection_tip", "નવો કંટ્રોલ વિનંતી પ્રાપ્ત થઈ છે."),
+        ("android_service_will_start_tip", "સ્ક્રીન કેપ્ચર ચાલુ કરવાથી સેવા આપમેળે શરૂ થશે."),
+        ("android_stop_service_tip", "સેવા બંધ કરવાથી તમામ કનેક્શન બંધ થઈ જશે."),
+        ("android_version_audio_tip", "ઓડિયો કેપ્ચર માત્ર Android 10 કે તેથી ઉપરના વર્ઝનમાં ઉપલબ્ધ છે."),
+        ("android_start_service_tip", "સ્ક્રીન શેરિંગ સેવા શરૂ કરવા ક્લિક કરો."),
+        ("android_permission_may_not_change_tip", "પરવાનગીઓ પછીથી બદલી શકાશે નહીં, કૃપા કરીને કાળજીપૂર્વક પસંદ કરો."),
+        ("Account", "ખાતું"),
+        ("Overwrite", "ઓવરરાઇટ કરો"),
+        ("This file exists, skip or overwrite this file?", "આ ફાઇલ અસ્તિત્વમાં છે, રહેવા દેવી છે કે ઓવરરાઇટ કરવી છે?"),
+        ("Quit", "બહાર નીકળો"),
+        ("Help", "મદદ"),
+        ("Failed", "નિષ્ફળ"),
+        ("Succeeded", "સફળ"),
+        ("Someone turns on privacy mode, exit", "કોઈએ પ્રાઇવસી મોડ ચાલુ કર્યો છે, બહાર નીકળો"),
+        ("Unsupported", "અસમર્થિત"),
+        ("Peer denied", "સામેથી નકારવામાં આવ્યું"),
+        ("Please install plugins", "કૃપા કરીને પ્લગઇન્સ ઇન્સ્ટોલ કરો"),
+        ("Peer exit", "સામેથી કોઈ બહાર નીકળી ગયું"),
+        ("Failed to turn off", "બંધ કરવામાં નિષ્ફળ"),
+        ("Turned off", "બંધ કરવામાં આવ્યું"),
+        ("Language", "ભાષા"),
+        ("Keep RustDesk background service", "RustDesk બેકગ્રાઉન્ડ સેવા ચાલુ રાખો"),
+        ("Ignore Battery Optimizations", "બેટરી ઓપ્ટિમાઇઝેશન અવગણો"),
+        ("android_open_battery_optimizations_tip", "ડિસ્કનેક્શન ટાળવા માટે બેટરી ઓપ્ટિમાઇઝેશન સેટિંગ ખોલો"),
+        ("Start on boot", "બૂટ પર શરૂ કરો"),
+        ("Start the screen sharing service on boot, requires special permissions", "બૂટ પર સ્ક્રીન શેરિંગ શરૂ કરો, ખાસ પરવાનગીની જરૂર છે"),
+        ("Connection not allowed", "કનેક્શનની પરવાનગી નથી"),
+        ("Legacy mode", "લેગસી મોડ"),
+        ("Map mode", "મેપ મોડ"),
+        ("Translate mode", "અનુવાદ મોડ"),
+        ("Use permanent password", "કાયમી પાસવર્ડનો ઉપયોગ કરો"),
+        ("Use both passwords", "બંને પાસવર્ડનો ઉપયોગ કરો"),
+        ("Set permanent password", "કાયમી પાસવર્ડ સેટ કરો"),
+        ("Enable remote restart", "રિમોટ રિસ્ટાર્ટ સક્ષમ કરો"),
+        ("Restart remote device", "રિમોટ ઉપકરણ રિસ્ટાર્ટ કરો"),
+        ("Are you sure you want to restart", "શું તમે ખરેખર રિસ્ટાર્ટ કરવા માંગો છો?"),
+        ("Restarting remote device", "રિમોટ ઉપકરણ રિસ્ટાર્ટ થઈ રહ્યું છે"),
+        ("remote_restarting_tip", "રિમોટ ઉપકરણ રિસ્ટાર્ટ થઈ રહ્યું છે, કૃપા કરીને રાહ જુઓ..."),
+        ("Copied", "કોપી થઈ ગયું"),
+        ("Exit Fullscreen", "ફુલસ્ક્રીનમાંથી બહાર નીકળો"),
+        ("Fullscreen", "ફુલસ્ક્રીન"),
+        ("Mobile Actions", "મોબાઇલ ક્રિયાઓ"),
+        ("Select Monitor", "મોનિટર પસંદ કરો"),
+        ("Control Actions", "નિયંત્રણ ક્રિયાઓ"),
+        ("Display Settings", "ડિસ્પ્લે સેટિંગ્સ"),
+        ("Ratio", "રેશિયો (Ratio)"),
+        ("Image Quality", "ઇમેજ ગુણવત્તા"),
+        ("Scroll Style", "સ્ક્રોલ શૈલી"),
+        ("Show Toolbar", "ટૂલબાર બતાવો"),
+        ("Hide Toolbar", "ટૂલબાર છુપાવો"),
+        ("Direct Connection", "સીધું કનેક્શન"),
+        ("Relay Connection", "રિલે કનેક્શન"),
+        ("Secure Connection", "સુરક્ષિત કનેક્શન"),
+        ("Insecure Connection", "અસુરક્ષિત કનેક્શન"),
+        ("Scale original", "મૂળ સ્કેલ"),
+        ("Scale adaptive", "એડેપ્ટિવ સ્કેલ"),
+        ("General", "સામાન્ય"),
+        ("Security", "સુરક્ષા"),
+        ("Theme", "થીમ"),
+        ("Dark Theme", "ડાર્ક થીમ"),
+        ("Light Theme", "લાઇટ થીમ"),
+        ("Dark", "ડાર્ક"),
+        ("Light", "લાઇટ"),
+        ("Follow System", "સિસ્ટમ મુજબ"),
+        ("Enable hardware codec", "હાર્ડવેર કોડેક સક્ષમ કરો"),
+        ("Unlock Security Settings", "સુરક્ષા સેટિંગ્સ અનલોક કરો"),
+        ("Enable audio", "ઓડિયો સક્ષમ કરો"),
+        ("Unlock Network Settings", "નેટવર્ક સેટિંગ્સ અનલોક કરો"),
+        ("Server", "સર્વર"),
+        ("Direct IP Access", "સીધું IP એક્સેસ"),
+        ("Proxy", "પ્રોક્સી"),
+        ("Apply", "લાગુ કરો"),
+        ("Disconnect all devices?", "તમામ ઉપકરણો ડિસ્કનેક્ટ કરવા છે?"),
+        ("Clear", "સાફ કરો"),
+        ("Audio Input Device", "ઓડિયો ઇનપુટ ઉપકરણ"),
+        ("Use IP Whitelisting", "IP વ્હાઇટલિસ્ટિંગનો ઉપયોગ કરો"),
+        ("Network", "નેટવર્ક"),
+        ("Pin Toolbar", "ટૂલબાર પિન કરો"),
+        ("Unpin Toolbar", "ટૂલબાર અનપિન કરો"),
+        ("Recording", "રેકોર્ડિંગ"),
+        ("Directory", "ડિરેક્ટરી"),
+        ("Automatically record incoming sessions", "આવતા સત્રો આપમેળે રેકોર્ડ કરો"),
+        ("Automatically record outgoing sessions", "જતા સત્રો આપમેળે રેકોર્ડ કરો"),
+        ("Change", "બદલો"),
+        ("Start session recording", "સત્ર રેકોર્ડિંગ શરૂ કરો"),
+        ("Stop session recording", "સત્ર રેકોર્ડિંગ બંધ કરો"),
+        ("Enable recording session", "સત્ર રેકોર્ડિંગ સક્ષમ કરો"),
+        ("Enable LAN discovery", "LAN ડિસ્કવરી સક્ષમ કરો"),
+        ("Deny LAN discovery", "LAN ડિસ્કવરી નકારો"),
+        ("Write a message", "સંદેશ લખો"),
+        ("Prompt", "પ્રોમ્પ્ટ"),
+        ("Please wait for confirmation of UAC...", "કૃપા કરીને UAC પુષ્ટિની રાહ જુઓ..."),
+        ("elevated_foreground_window_tip", "રિમોટની વર્તમાન વિન્ડોને વધારે પરવાનગીની જરૂર છે."),
+        ("Disconnected", "ડિસ્કનેક્ટ થઈ ગયું"),
+        ("Other", "અન્ય"),
+        ("Confirm before closing multiple tabs", "બહુવિધ ટેબ્સ બંધ કરતા પહેલા પુષ્ટિ કરો"),
+        ("Keyboard Settings", "કીબોર્ડ સેટિંગ્સ"),
+        ("Full Access", "પૂર્ણ એક્સેસ"),
+        ("Screen Share", "સ્ક્રીન શેર"),
+        ("ubuntu-21-04-required", "Ubuntu 21.04 કે તેથી ઉપર જરૂરી છે"),
+        ("wayland-requires-higher-linux-version", "Wayland માટે ઉચ્ચ Linux વર્ઝન જરૂરી છે"),
+        ("xdp-portal-unavailable", "XDP પોર્ટલ અનુપલબ્ધ છે"),
+        ("JumpLink", "JumpLink"),
+        ("Please Select the screen to be shared(Operate on the peer side).", "કૃપા કરીને શેર કરવાની સ્ક્રીન પસંદ કરો (સામેના છેડે કાર્ય કરો)."),
+        ("Show RustDesk", "RustDesk બતાવો"),
+        ("This PC", "આ PC"),
+        ("or", "અથવા"),
+        ("Elevate", "એલિવેટ કરો"),
+        ("Zoom cursor", "ઝૂમ કર્સર"),
+        ("Accept sessions via password", "પાસવર્ડ દ્વારા સત્રો સ્વીકારો"),
+        ("Accept sessions via click", "ક્લિક દ્વારા સત્રો સ્વીકારો"),
+        ("Accept sessions via both", "બંને દ્વારા સત્રો સ્વીકારો"),
+        ("Please wait for the remote side to accept your session request...", "કૃપા કરીને સામેનો છેડો વિનંતી સ્વીકારે તેની રાહ જુઓ..."),
+        ("One-time Password", "વન-ટાઇમ પાસવર્ડ (OTP)"),
+        ("Use one-time password", "વન-ટાઇમ પાસવર્ડનો ઉપયોગ કરો"),
+        ("One-time password length", "OTP ની લંબાઈ"),
+        ("Request access to your device", "તમારા ઉપકરણના એક્સેસ માટે વિનંતી"),
+        ("Hide connection management window", "કનેક્શન મેનેજમેન્ટ વિન્ડો છુપાવો"),
+        ("hide_cm_tip", "જો પાસવર્ડ દ્વારા કનેક્શન હોય તો જ છુપાવો"),
+        ("wayland_experiment_tip", "Wayland સપોર્ટ હજુ પ્રાયોગિક ધોરણે છે"),
+        ("Right click to select tabs", "ટેબ્સ પસંદ કરવા રાઇટ ક્લિક કરો"),
+        ("Skipped", "રહેવા દીધું (Skipped)"),
+        ("Add to address book", "એડ્રેસ બુકમાં ઉમેરો"),
+        ("Group", "ગ્રુપ"),
+        ("Search", "શોધો"),
+        ("Closed manually by web console", "વેબ કન્સોલ દ્વારા મેન્યુઅલી બંધ કરવામાં આવ્યું"),
+        ("Local keyboard type", "લોકલ કીબોર્ડ પ્રકાર"),
+        ("Select local keyboard type", "લોકલ કીબોર્ડ પ્રકાર પસંદ કરો"),
+        ("software_render_tip", "જો સ્ક્રીન કાળી દેખાય, તો આ અજમાવો"),
+        ("Always use software rendering", "હંમેશા સોફ્ટવેર રેન્ડરિંગનો ઉપયોગ કરો"),
+        ("config_input", "ઇનપુટ કોન્ફિગર કરો"),
+        ("config_microphone", "માઇક્રોફોન કોન્ફિગર કરો"),
+        ("request_elevation_tip", "સામેથી ઉચ્ચ પરવાનગી (Elevation) માટે વિનંતી કરો"),
+        ("Wait", "રાહ જુઓ"),
+        ("Elevation Error", "એલિવેશન ભૂલ"),
+        ("Ask the remote user for authentication", "સામેના યુઝરને ઓથેન્ટિકેશન માટે પૂછો"),
+        ("Choose this if the remote account is administrator", "જો સામેનું ખાતું એડમિનિસ્ટ્રેટર હોય તો આ પસંદ કરો"),
+        ("Transmit the username and password of administrator", "એડમિનિસ્ટ્રેટરનું નામ અને પાસવર્ડ મોકલો"),
+        ("still_click_uac_tip", "રિમોટ યુઝરે હજુ પણ UAC વિન્ડોમાં 'હા' ક્લિક કરવું પડશે."),
+        ("Request Elevation", "એલિવેશન માટે વિનંતી કરો"),
+        ("wait_accept_uac_tip", "કૃપા કરીને સામેનો યુઝર UAC સ્વીકારે તેની રાહ જુઓ."),
+        ("Elevate successfully", "સફળતાપૂર્વક એલિવેટ થયું"),
+        ("uppercase", "મોટા અક્ષરો (Uppercase)"),
+        ("lowercase", "નાના અક્ષરો (Lowercase)"),
+        ("digit", "અંક (Digit)"),
+        ("special character", "ખાસ અક્ષર"),
+        ("length>=8", "લંબાઈ >= 8"),
+        ("Weak", "નબળું"),
+        ("Medium", "મધ્યમ"),
+        ("Strong", "મજબૂત"),
+        ("Switch Sides", "બાજુઓ બદલો"),
+        ("Please confirm if you want to share your desktop?", "શું તમે તમારું ડેસ્કટોપ શેર કરવા માંગો છો?"),
+        ("Display", "ડિસ્પ્લે"),
+        ("Default View Style", "ડિફોલ્ટ વ્યુ શૈલી"),
+        ("Default Scroll Style", "ડિફોલ્ટ સ્ક્રોલ શૈલી"),
+        ("Default Image Quality", "ડિફોલ્ટ ઇમેજ ગુણવત્તા"),
+        ("Default Codec", "ડિફોલ્ટ કોડેક"),
+        ("Bitrate", "બિટરેટ"),
+        ("FPS", "FPS"),
+        ("Auto", "ઓટો"),
+        ("Other Default Options", "અન્ય ડિફોલ્ટ વિકલ્પો"),
+        ("Voice call", "વોઇસ કોલ"),
+        ("Text chat", "ટેક્સ્ટ ચેટ"),
+        ("Stop voice call", "વોઇસ કોલ બંધ કરો"),
+        ("relay_hint_tip", "સીધું કનેક્શન શક્ય નથી; તમે રિલે દ્વારા પ્રયાસ કરી શકો છો."),
+        ("Reconnect", "ફરી કનેક્ટ કરો"),
+        ("Codec", "કોડેક"),
+        ("Resolution", "રિઝોલ્યુશન"),
+        ("No transfers in progress", "કોઈ ટ્રાન્સફર ચાલુ નથી"),
+        ("Set one-time password length", "OTP લંબાઈ સેટ કરો"),
+        ("RDP Settings", "RDP સેટિંગ્સ"),
+        ("Sort by", "ક્રમબદ્ધ કરો"),
+        ("New Connection", "નવું કનેક્શન"),
+        ("Restore", "રીસ્ટોર"),
+        ("Minimize", "મિનિમાઇઝ"),
+        ("Maximize", "મેક્સિમાઇઝ"),
+        ("Your Device", "તમારું ઉપકરણ"),
+        ("empty_recent_tip", "તાજેતરના સત્રો અહીં દેખાશે."),
+        ("empty_favorite_tip", "પસંદગીના ઉપકરણો અહીં દેખાશે."),
+        ("empty_lan_tip", "નેટવર્ક પરના ઉપકરણો અહીં દેખાશે."),
+        ("empty_address_book_tip", "તમારી એડ્રેસ બુક ખાલી છે."),
+        ("Empty Username", "ખાલી યુઝરનેમ"),
+        ("Empty Password", "ખાલી પાસવર્ડ"),
+        ("Me", "હું"),
+        ("identical_file_tip", "આ ફાઇલ પહેલેથી જ અસ્તિત્વમાં છે."),
+        ("show_monitors_tip", "ટૂલબારમાં મોનિટર બતાવો"),
+        ("View Mode", "વ્યુ મોડ"),
+        ("login_linux_tip", "રિમોટ Linux સત્ર માટે તમારે લોગિન કરવું પડશે"),
+        ("verify_rustdesk_password_tip", "RustDesk પાસવર્ડ ચકાસો"),
+        ("remember_account_tip", "આ ખાતું યાદ રાખો"),
+        ("os_account_desk_tip", "એક્સેસ માટે OS ખાતાનો ઉપયોગ કરો"),
+        ("OS Account", "OS ખાતું"),
+        ("another_user_login_title_tip", "બીજો યુઝર પહેલેથી લોગિન છે"),
+        ("another_user_login_text_tip", "ડિસ્કનેક્ટ કરો અને ફરી પ્રયાસ કરો"),
+        ("xorg_not_found_title_tip", "Xorg મળ્યું નથી"),
+        ("xorg_not_found_text_tip", "કૃપા કરીને Xorg ઇન્સ્ટોલ કરો"),
+        ("no_desktop_title_tip", "કોઈ ડેસ્કટોપ ઉપલબ્ધ નથી"),
+        ("no_desktop_text_tip", "કૃપા કરીને Linux ડેસ્કટોપ ઇન્સ્ટોલ કરો"),
+        ("No need to elevate", "એલિવેટ કરવાની જરૂર નથી"),
+        ("System Sound", "સિસ્ટમ સાઉન્ડ"),
+        ("Default", "ડિફોલ્ટ"),
+        ("New RDP", "નવું RDP"),
+        ("Fingerprint", "ફિંગરપ્રિન્ટ"),
+        ("Copy Fingerprint", "ફિંગરપ્રિન્ટ કોપી કરો"),
+        ("no fingerprints", "કોઈ ફિંગરપ્રિન્ટ નથી"),
+        ("Select a peer", "એક પીઅર પસંદ કરો"),
+        ("Select peers", "પીઅર્સ પસંદ કરો"),
+        ("Plugins", "પ્લગઇન્સ"),
+        ("Uninstall", "અનઇન્સ્ટોલ કરો"),
+        ("Update", "અપડેટ કરો"),
+        ("Enable", "સક્ષમ કરો"),
+        ("Disable", "અક્ષમ કરો"),
+        ("Options", "વિકલ્પો"),
+        ("resolution_original_tip", "મૂળ રિઝોલ્યુશન"),
+        ("resolution_fit_local_tip", "સ્ક્રીન મુજબ ફીટ કરો"),
+        ("resolution_custom_tip", "કસ્ટમ રિઝોલ્યુશન"),
+        ("Collapse toolbar", "ટૂલબાર નાનું કરો"),
+        ("Accept and Elevate", "સ્વીકારો અને એલિવેટ કરો"),
+        ("accept_and_elevate_btn_tooltip", "કનેક્શન સ્વીકારો અને UAC પરવાનગીઓ મેળવો."),
+        ("clipboard_wait_response_timeout_tip", "ક્લિપબોર્ડ પ્રતિક્રિયા માટે સમય સમાપ્ત થયો."),
+        ("Incoming connection", "આવતું કનેક્શન"),
+        ("Outgoing connection", "જતું કનેક્શન"),
+        ("Exit", "બહાર નીકળો"),
+        ("Open", "ખોલો"),
+        ("logout_tip", "શું તમે ખરેખર લોગઆઉટ કરવા માંગો છો?"),
+        ("Service", "સેવા"),
+        ("Start", "શરૂ કરો"),
+        ("Stop", "બંધ કરો"),
+        ("exceed_max_devices", "તમે ઉપકરણોની મહત્તમ મર્યાદા વટાવી દીધી છે."),
+        ("Sync with recent sessions", "તાજેતરના સત્રો સાથે સિંક કરો"),
+        ("Sort tags", "ટેગ્સ ક્રમબદ્ધ કરો"),
+        ("Open connection in new tab", "નવી ટેબમાં કનેક્શન ખોલો"),
+        ("Move tab to new window", "ટેબને નવી વિન્ડોમાં ખસેડો"),
+        ("Can not be empty", "ખાલી ન હોઈ શકે"),
+        ("Already exists", "પહેલેથી અસ્તિત્વમાં છે"),
+        ("Change Password", "પાસવર્ડ બદલો"),
+        ("Refresh Password", "પાસવર્ડ રિફ્રેશ કરો"),
+        ("ID", "ID"),
+        ("Grid View", "ગ્રીડ વ્યુ"),
+        ("List View", "લિસ્ટ વ્યુ"),
+        ("Select", "પસંદ કરો"),
+        ("Toggle Tags", "ટેગ્સ ચાલુ/બંધ કરો"),
+        ("pull_ab_failed_tip", "એડ્રેસ બુક અપડેટ કરવામાં નિષ્ફળ."),
+        ("push_ab_failed_tip", "એડ્રેસ બુક સિંક કરવામાં નિષ્ફળ."),
+        ("synced_peer_readded_tip", "તાજેતરના સત્રોના ઉપકરણો એડ્રેસ બુકમાં સિંક થયા."),
+        ("Change Color", "રંગ બદલો"),
+        ("Primary Color", "પ્રાથમિક રંગ"),
+        ("HSV Color", "HSV રંગ"),
+        ("Installation Successful!", "ઇન્સ્ટોલેશન સફળ!"),
+        ("Installation failed!", "ઇન્સ્ટોલેશન નિષ્ફળ!"),
+        ("Reverse mouse wheel", "માઉસ વ્હીલ ઊલટું કરો"),
+        ("{} sessions", "{} સત્રો"),
+        ("scam_title", "છેતરપિંડીની ચેતવણી!"),
+        ("scam_text1", "જો તમે અજાણી વ્યક્તિ સાથે વાત કરી રહ્યા હો અને તેણે RustDesk વાપરવા કહ્યું હોય, તો તરત ડિસ્કનેક્ટ કરો."),
+        ("scam_text2", "આ એક છેતરપિંડી હોઈ શકે છે. કોઈને પાસવર્ડ આપશો નહીં."),
+        ("Don't show again", "ફરીથી ના બતાવશો"),
+        ("I Agree", "હું સહમત છું"),
+        ("Decline", "અસ્વીકાર"),
+        ("Timeout in minutes", "મિનિટોમાં ટાઇમઆઉટ"),
+        ("auto_disconnect_option_tip", "નિષ્ક્રિયતા પર આપમેળે ડિસ્કનેક્ટ કરો"),
+        ("Connection failed due to inactivity", "નિષ્ક્રિયતાને કારણે કનેક્શન નિષ્ફળ"),
+        ("Check for software update on startup", "શરૂઆતમાં અપડેટ તપાસો"),
+        ("upgrade_rustdesk_server_pro_to_{}_tip", "સર્વર પ્રો ને {} માં અપગ્રેડ કરો"),
+        ("pull_group_failed_tip", "ગ્રુપ ખેંચવામાં (Pull) નિષ્ફળ"),
+        ("Filter by intersection", "ઇન્ટરસેક્શન દ્વારા ફિલ્ટર કરો"),
+        ("Remove wallpaper during incoming sessions", "કનેક્શન દરમિયાન વોલપેપર હટાવો"),
+        ("Test", "ટેસ્ટ"),
+        ("display_is_plugged_out_msg", "ડિસ્પ્લે કાઢી નાખવામાં આવ્યું છે."),
+        ("No displays", "કોઈ ડિસ્પ્લે નથી"),
+        ("Open in new window", "નવી વિન્ડોમાં ખોલો"),
+        ("Show displays as individual windows", "દરેક ડિસ્પ્લે અલગ વિન્ડોમાં બતાવો"),
+        ("Use all my displays for the remote session", "તમામ ડિસ્પ્લેનો ઉપયોગ કરો"),
+        ("selinux_tip", "SELinux ઉપકરણ પર સક્ષમ છે."),
+        ("Change view", "વ્યુ બદલો"),
+        ("Big tiles", "મોટી ટાઇલ્સ"),
+        ("Small tiles", "નાની ટાઇલ્સ"),
+        ("List", "લિસ્ટ"),
+        ("Virtual display", "વર્ચ્યુઅલ ડિસ્પ્લે"),
+        ("Plug out all", "બધું કાઢી નાખો (Plug out)"),
+        ("True color (4:4:4)", "ટ્રુ કલર (4:4:4)"),
+        ("Enable blocking user input", "યુઝર ઇનપુટ બ્લોકિંગ સક્ષમ કરો"),
+        ("id_input_tip", "તમે ID, Alias અથવા IP એડ્રેસ દાખલ કરી શકો છો."),
+        ("privacy_mode_impl_mag_tip", "મેગ્નિફાયર પ્રાઇવસી મોડ"),
+        ("privacy_mode_impl_virtual_display_tip", "વર્ચ્યુઅલ ડિસ્પ્લે પ્રાઇવસી મોડ"),
+        ("Enter privacy mode", "પ્રાઇવસી મોડમાં પ્રવેશ કરો"),
+        ("Exit privacy mode", "પ્રાઇવસી મોડમાંથી બહાર નીકળો"),
+        ("idd_not_support_under_win10_2004_tip", "વર્ચ્યુઅલ ડિસ્પ્લે Windows 10 (2004) કે તેથી ઉપર જ સક્ષમ છે."),
+        ("input_source_1_tip", "ઇનપુટ સ્ત્રોત ૧"),
+        ("input_source_2_tip", "ઇનપુટ સ્ત્રોત ૨"),
+        ("Swap control-command key", "Control અને Command કી બદલો"),
+        ("swap-left-right-mouse", "ડાબું અને જમણું માઉસ બટન બદલો"),
+        ("2FA code", "2FA કોડ"),
+        ("More", "વધારે"),
+        ("enable-2fa-title", "2FA સક્ષમ કરો"),
+        ("enable-2fa-desc", "તમારું ઓથેન્ટિકેટર એપ સેટ કરો."),
+        ("wrong-2fa-code", "ખોટો 2FA કોડ."),
+        ("enter-2fa-title", "2FA કોડ દાખલ કરો"),
+        ("Email verification code must be 6 characters.", "ઇમેઇલ કોડ 6 અક્ષરનો હોવો જોઈએ."),
+        ("2FA code must be 6 digits.", "2FA કોડ 6 અંકનો હોવો જોઈએ."),
+        ("Multiple Windows sessions found", "બહુવિધ Windows સત્રો મળ્યા"),
+        ("Please select the session you want to connect to", "કૃપા કરીને જે સત્ર સાથે જોડાવું હોય તે પસંદ કરો"),
+        ("powered_by_me", "મારા દ્વારા સંચાલિત"),
+        ("outgoing_only_desk_tip", "આ માત્ર આઉટગોઇંગ મોડ છે"),
+        ("preset_password_warning", "સુરક્ષા માટે પાસવર્ડ બદલો."),
+        ("Security Alert", "સુરક્ષા ચેતવણી"),
+        ("My address book", "મારી એડ્રેસ બુક"),
+        ("Personal", "વ્યક્તિગત"),
+        ("Owner", "માલિક"),
+        ("Set shared password", "શેર કરેલ પાસવર્ડ સેટ કરો"),
+        ("Exist in", "માં અસ્તિત્વ ધરાવે છે"),
+        ("Read-only", "માત્ર વાંચવા માટે"),
+        ("Read/Write", "વાંચવા/લખવા માટે"),
+        ("Full Control", "પૂર્ણ નિયંત્રણ"),
+        ("share_warning_tip", "તમે તમારો એક્સેસ શેર કરી રહ્યા છો."),
+        ("Everyone", "દરેક વ્યક્તિ"),
+        ("ab_web_console_tip", "વેબ કન્સોલ એડ્રેસ બુક"),
+        ("allow-only-conn-window-open-tip", "માત્ર RustDesk વિન્ડો ખુલ્લી હોય ત્યારે જ કનેક્શનની મંજૂરી આપો"),
+        ("no_need_privacy_mode_no_physical_displays_tip", "ભૌતિક ડિસ્પ્લે નથી, પ્રાઇવસી મોડની જરૂર નથી."),
+        ("Follow remote cursor", "રિમોટ કર્સરને અનુસરો"),
+        ("Follow remote window focus", "રિમોટ વિન્ડો ફોકસને અનુસરો"),
+        ("default_proxy_tip", "ડિફોલ્ટ પ્રોક્સી સેટિંગ"),
+        ("no_audio_input_device_tip", "કોઈ ઓડિયો ઇનપુટ મળ્યું નથી."),
+        ("Incoming", "આવતું"),
+        ("Outgoing", "જતું"),
+        ("Clear Wayland screen selection", "Wayland સ્ક્રીન સિલેક્શન સાફ કરો"),
+        ("clear_Wayland_screen_selection_tip", "સ્ક્રીન સિલેક્શન રીસેટ કરો."),
+        ("confirm_clear_Wayland_screen_selection_tip", "શું તમે સિલેક્શન સાફ કરવા માંગો છો?"),
+        ("android_new_voice_call_tip", "નવો વોઇસ કોલ વિનંતી"),
+        ("texture_render_tip", "ટેક્સચર રેન્ડરિંગ વાપરો"),
+        ("Use texture rendering", "ટેક્સચર રેન્ડરિંગનો ઉપયોગ કરો"),
+        ("Floating window", "ફ્લોટિંગ વિન્ડો"),
+        ("floating_window_tip", "બેકગ્રાઉન્ડમાં હોય ત્યારે RustDesk બતાવો"),
+        ("Keep screen on", "સ્ક્રીન ચાલુ રાખો"),
+        ("Never", "ક્યારેય નહીં"),
+        ("During controlled", "નિયંત્રણ દરમિયાન"),
+        ("During service is on", "જ્યારે સેવા ચાલુ હોય ત્યારે"),
+        ("Capture screen using DirectX", "DirectX દ્વારા સ્ક્રીન કેપ્ચર કરો"),
+        ("Back", "પાછળ"),
+        ("Apps", "એપ્સ"),
+        ("Volume up", "અવાજ વધારો"),
+        ("Volume down", "અવાજ ઘટાડો"),
+        ("Power", "પાવર"),
+        ("Telegram bot", "Telegram બોટ"),
+        ("enable-bot-tip", "સૂચનાઓ માટે બોટ સક્ષમ કરો"),
+        ("enable-bot-desc", "સૂચનાઓ માટે ટેલિગ્રામ બોટ સેટ કરો."),
+        ("cancel-2fa-confirm-tip", "શું તમે 2FA રદ કરવા માંગો છો?"),
+        ("cancel-bot-confirm-tip", "શું તમે બોટ રદ કરવા માંગો છો?"),
+        ("About RustDesk", "RustDesk વિશે"),
+        ("Send clipboard keystrokes", "ક્લિપબોર્ડ કી-સ્ટ્રોક્સ મોકલો"),
+        ("network_error_tip", "નેટવર્ક ભૂલ, ફરી પ્રયાસ કરો."),
+        ("Unlock with PIN", "PIN થી અનલોક કરો"),
+        ("Requires at least {} characters", "ઓછામાં ઓછા {} અક્ષર જરૂરી"),
+        ("Wrong PIN", "ખોટો PIN"),
+        ("Set PIN", "PIN સેટ કરો"),
+        ("Enable trusted devices", "વિશ્વાસપાત્ર ઉપકરણો સક્ષમ કરો"),
+        ("Manage trusted devices", "વિશ્વાસપાત્ર ઉપકરણો સંચાલિત કરો"),
+        ("Platform", "પ્લેટફોર્મ"),
+        ("Days remaining", "બાકી દિવસો"),
+        ("enable-trusted-devices-tip", "માત્ર વિશ્વાસપાત્ર ઉપકરણો જ પાસવર્ડ વગર જોડાઈ શકે"),
+        ("Parent directory", "પેરન્ટ ડિરેક્ટરી"),
+        ("Resume", "ફરી શરૂ કરો"),
+        ("Invalid file name", "અમાન્ય ફાઇલ નામ"),
+        ("one-way-file-transfer-tip", "માત્ર એકતરફી ફાઇલ ટ્રાન્સફરની મંજૂરી છે"),
+        ("Authentication Required", "ઓથેન્ટિકેશન જરૂરી"),
+        ("Authenticate", "ઓથેન્ટિકેટ કરો"),
+        ("web_id_input_tip", "રિમોટ ID દાખલ કરો"),
+        ("Download", "ડાઉનલોડ"),
+        ("Upload folder", "ફોલ્ડર અપલોડ કરો"),
+        ("Upload files", "ફાઇલો અપલોડ કરો"),
+        ("Clipboard is synchronized", "ક્લિપબોર્ડ સિંક થયેલ છે"),
+        ("Update client clipboard", "ક્લાયન્ટ ક્લિપબોર્ડ અપડેટ કરો"),
+        ("Untagged", "ટેગ વગરનું"),
+        ("new-version-of-{}-tip", "{} નું નવું વર્ઝન ઉપલબ્ધ છે"),
+        ("Accessible devices", "એક્સેસિબલ ઉપકરણો"),
+        ("upgrade_remote_rustdesk_client_to_{}_tip", "રિમોટ ક્લાયન્ટને {} માં અપગ્રેડ કરો"),
+        ("d3d_render_tip", "D3D રેન્ડરિંગ વાપરો"),
+        ("Printer", "પ્રિન્ટર"),
+        ("printer-os-requirement-tip", "પ્રિન્ટિંગ માટે Windows જરૂરી છે."),
+        ("printer-requires-installed-{}-client-tip", "આ માટે {} ક્લાયન્ટ ઇન્સ્ટોલ હોવું જોઈએ."),
+        ("printer-{}-not-installed-tip", "પ્રિન્ટર {} ઇન્સ્ટોલ નથી."),
+        ("printer-{}-ready-tip", "પ્રિન્ટર {} તૈયાર છે."),
+        ("Install {} Printer", "{} પ્રિન્ટર ઇન્સ્ટોલ કરો"),
+        ("Outgoing Print Jobs", "જતા પ્રિન્ટ કાર્યો"),
+        ("Incoming Print Jobs", "આવતા પ્રિન્ટ કાર્યો"),
+        ("Incoming Print Job", "આવતું પ્રિન્ટ કાર્ય"),
+        ("use-the-default-printer-tip", "ડિફોલ્ટ પ્રિન્ટર વાપરો"),
+        ("use-the-selected-printer-tip", "પસંદ કરેલ પ્રિન્ટર વાપરો"),
+        ("auto-print-tip", "આપમેળે પ્રિન્ટ કરો"),
+        ("print-incoming-job-confirm-tip", "પ્રિન્ટ કરતા પહેલા પુષ્ટિ કરો"),
+        ("remote-printing-disallowed-tile-tip", "રિમોટ પ્રિન્ટિંગની મંજૂરી નથી"),
+        ("remote-printing-disallowed-text-tip", "સેટિંગ્સમાં રિમોટ પ્રિન્ટિંગ સક્ષમ કરો."),
+        ("save-settings-tip", "સેટિંગ્સ સાચવો"),
+        ("dont-show-again-tip", "ફરીથી ના બતાવશો"),
+        ("Take screenshot", "સ્ક્રીનશોટ લો"),
+        ("Taking screenshot", "સ્ક્રીનશોટ લેવાઈ રહ્યો છે"),
+        ("screenshot-merged-screen-not-supported-tip", "મર્જ કરેલ સ્ક્રીનશોટ સપોર્ટેડ નથી."),
+        ("screenshot-action-tip", "સ્ક્રીનશોટ પછીની ક્રિયા"),
+        ("Save as", "તરીકે સાચવો"),
+        ("Copy to clipboard", "ક્લિપબોર્ડમાં કોપી કરો"),
+        ("Enable remote printer", "રિમોટ પ્રિન્ટર સક્ષમ કરો"),
+        ("Downloading {}", "{} ડાઉનલોડ થઈ રહ્યું છે"),
+        ("{} Update", "{} અપડેટ"),
+        ("{}-to-update-tip", "અપડેટ કરવા માટે {}"),
+        ("download-new-version-failed-tip", "નવું વર્ઝન ડાઉનલોડ કરવામાં નિષ્ફળ."),
+        ("Auto update", "ઓટો અપડેટ"),
+        ("update-failed-check-msi-tip", "અપડેટ નિષ્ફળ, MSI ફાઇલ તપાસો."),
+        ("websocket_tip", "જો પોર્ટ બ્લોક હોય તો WebSocket વાપરો."),
+        ("Use WebSocket", "WebSocket નો ઉપયોગ કરો"),
+        ("Trackpad speed", "ટ્રેકપેડ સ્પીડ"),
+        ("Default trackpad speed", "ડિફોલ્ટ ટ્રેકપેડ સ્પીડ"),
+        ("Numeric one-time password", "ન્યુમેરિક OTP"),
+        ("Enable IPv6 P2P connection", "IPv6 P2P કનેક્શન સક્ષમ કરો"),
+        ("Enable UDP hole punching", "UDP હોલ પંચિંગ સક્ષમ કરો"),
+        ("View camera", "કેમેરા જુઓ"),
+        ("Enable camera", "કેમેરા સક્ષમ કરો"),
+        ("No cameras", "કોઈ કેમેરા મળ્યો નથી"),
+        ("view_camera_unsupported_tip", "રિમોટ કેમેરા સપોર્ટેડ નથી."),
+        ("Terminal", "ટર્મિનલ"),
+        ("Enable terminal", "ટર્મિનલ સક્ષમ કરો"),
+        ("New tab", "નવી ટેબ"),
+        ("Keep terminal sessions on disconnect", "ડિસ્કનેક્ટ વખતે ટર્મિનલ ચાલુ રાખો"),
+        ("Terminal (Run as administrator)", "ટર્મિનલ (એડમિનિસ્ટ્રેટર તરીકે)"),
+        ("terminal-admin-login-tip", "એડમિન લોગિન જરૂરી છે."),
+        ("Failed to get user token.", "યુઝર ટોકન મેળવવામાં નિષ્ફળ."),
+        ("Incorrect username or password.", "ખોટું યુઝરનેમ કે પાસવર્ડ."),
+        ("The user is not an administrator.", "યુઝર એડમિનિસ્ટ્રેટર નથી."),
+        ("Failed to check if the user is an administrator.", "યુઝર એડમિન છે કે નહીં તે ચકાસવામાં નિષ્ફળ."),
+        ("Supported only in the installed version.", "માત્ર ઇન્સ્ટોલ કરેલ વર્ઝનમાં ઉપલબ્ધ."),
+        ("elevation_username_tip", "એડમિનિસ્ટ્રેટર નામ દાખલ કરો"),
+        ("Preparing for installation ...", "ઇન્સ્ટોલેશનની તૈયારી..."),
+        ("Show my cursor", "મારું કર્સર બતાવો"),
+        ("Scale custom", "કસ્ટમ સ્કેલ"),
+        ("Custom scale slider", "કસ્ટમ સ્કેલ સ્લાઇડર"),
+        ("Decrease", "ઘટાડો"),
+        ("Increase", "વધારો"),
+        ("Show virtual mouse", "વર્ચ્યુઅલ માઉસ બતાવો"),
+        ("Virtual mouse size", "વર્ચ્યુઅલ માઉસ કદ"),
+        ("Small", "નાનું"),
+        ("Large", "મોટું"),
+        ("Show virtual joystick", "વર્ચ્યુઅલ જોયસ્ટિક બતાવો"),
+        ("Edit note", "નોંધ સુધારો"),
+        ("Alias", "Alias (ઉપનામ)"),
+        ("ScrollEdge", "સ્ક્રોલ એજ"),
+        ("Allow insecure TLS fallback", "અસુરક્ષિત TLS ફોલબેકની મંજૂરી આપો"),
+        ("allow-insecure-tls-fallback-tip", "જૂના સર્વર માટે વાપરો."),
+        ("Disable UDP", "UDP અક્ષમ કરો"),
+        ("disable-udp-tip", "કનેક્શન સમસ્યાઓ માટે UDP બંધ કરો."),
+        ("server-oss-not-support-tip", "OSS સર્વર આને સપોર્ટ કરતું નથી."),
+        ("input note here", "અહીં નોંધ લખો"),
+        ("note-at-conn-end-tip", "કનેક્શનના અંતે નોંધ બતાવો"),
+        ("Show terminal extra keys", "ટર્મિનલની વધારાની કી બતાવો"),
+        ("Relative mouse mode", "રીલેટિવ માઉસ મોડ"),
+        ("rel-mouse-not-supported-peer-tip", "સામેથી સપોર્ટેડ નથી."),
+        ("rel-mouse-not-ready-tip", "તૈયાર નથી."),
+        ("rel-mouse-lock-failed-tip", "માઉસ લોક નિષ્ફળ."),
+        ("rel-mouse-exit-{}-tip", "બહાર નીકળવા {} દબાવો"),
+        ("rel-mouse-permission-lost-tip", "પરવાનગી ગુમાવી દીધી."),
+        ("Changelog", "Changelog (ફેરફારો)"),
+        ("keep-awake-during-outgoing-sessions-label", "આઉટગોઇંગ સત્ર વખતે જાગૃત રાખો"),
+        ("keep-awake-during-incoming-sessions-label", "ઇનકમિંગ સત્ર વખતે જાગૃત રાખો"),
+        ("Continue with {}", "{} સાથે આગળ વધો"),
+        ("Display Name", "ડિસ્પ્લે નામ"),
+        ("password-hidden-tip", "સુરક્ષા માટે પાસવર્ડ છુપાવેલ છે."),
+        ("preset-password-in-use-tip", "પ્રીસેટ પાસવર્ડ વપરાશમાં છે."),
+        ("Enable privacy mode", ""),
+    ].iter().cloned().collect();
+}

src/lang/he.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", "המשך עם {}"),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/hi.rs

@@ -0,0 +1,746 @@
+lazy_static::lazy_static! {
+pub static ref T: std::collections::HashMap<&'static str, &'static str> =
+    [
+        ("Status", "स्थिति"),
+        ("Your Desktop", "आपका डेस्कटॉप"),
+        ("desk_tip", "आपका डेस्कटॉप इस आईडी और पासवर्ड से एक्सेस किया जा सकता है।"),
+        ("Password", "पासवर्ड"),
+        ("Ready", "तैयार"),
+        ("Established", "स्थापित"),
+        ("connecting_status", "नेटवर्क से जुड़ रहा है..."),
+        ("Enable service", "सेवा सक्षम करें"),
+        ("Start service", "सेवा शुरू करें"),
+        ("Service is running", "सेवा चल रही है"),
+        ("Service is not running", "सेवा नहीं चल रही है"),
+        ("not_ready_status", "तैयार नहीं। कृपया अपना कनेक्शन जांचें"),
+        ("Control Remote Desktop", "रिमोट डेस्कटॉप नियंत्रित करें"),
+        ("Transfer file", "फ़ाइल स्थानांतरण"),
+        ("Connect", "जुड़ें"),
+        ("Recent sessions", "हाल के सत्र"),
+        ("Address book", "पता पुस्तिका"),
+        ("Confirmation", "पुष्टि"),
+        ("TCP tunneling", "TCP टनलिंग"),
+        ("Remove", "हटाएं"),
+        ("Refresh random password", "यादृच्छिक (Random) पासवर्ड बदलें"),
+        ("Set your own password", "अपना पासवर्ड सेट करें"),
+        ("Enable keyboard/mouse", "कीबोर्ड/माउस सक्षम करें"),
+        ("Enable clipboard", "क्लिपबोर्ड सक्षम करें"),
+        ("Enable file transfer", "फ़ाइल स्थानांतरण सक्षम करें"),
+        ("Enable TCP tunneling", "TCP टनलिंग सक्षम करें"),
+        ("IP Whitelisting", "IP श्वेतसूची (Whitelisting)"),
+        ("ID/Relay Server", "ID/रिले सर्वर"),
+        ("Import server config", "सर्वर कॉन्फ़िगरेशन इम्पोर्ट करें"),
+        ("Export Server Config", "सर्वर कॉन्फ़िगरेशन एक्सपोर्ट करें"),
+        ("Import server configuration successfully", "सर्वर कॉन्फ़िगरेशन सफलतापूर्वक इम्पोर्ट किया गया"),
+        ("Export server configuration successfully", "सर्वर कॉन्फ़िगरेशन सफलतापूर्वक एक्सपोर्ट किया गया"),
+        ("Invalid server configuration", "अमान्य सर्वर कॉन्फ़िगरेशन"),
+        ("Clipboard is empty", "क्लिपबोर्ड खाली है"),
+        ("Stop service", "सेवा रोकें"),
+        ("Change ID", "ID बदलें"),
+        ("Your new ID", "आपकी नई ID"),
+        ("length %min% to %max%", "लंबाई %min% से %max% तक"),
+        ("starts with a letter", "एक अक्षर से शुरू होता है"),
+        ("allowed characters", "अनुमत अक्षर"),
+        ("id_change_tip", "ID बदलने के बाद वर्तमान कनेक्शन टूट जाएगा।"),
+        ("Website", "वेबसाइट"),
+        ("About", "के बारे में"),
+        ("Slogan_tip", "बेहतर अनुभव के लिए बनाया गया रिमोट डेस्कटॉप सॉफ़्टवेयर"),
+        ("Privacy Statement", "गोपनीयता कथन"),
+        ("Mute", "म्यूट करें"),
+        ("Build Date", "निर्माण तिथि"),
+        ("Version", "संस्करण"),
+        ("Home", "होम"),
+        ("Audio Input", "ऑडियो इनपुट"),
+        ("Enhancements", "वृद्धि (Enhancements)"),
+        ("Hardware Codec", "हार्डवेयर कोडेक"),
+        ("Adaptive bitrate", "अनुकूली (Adaptive) बिटरेट"),
+        ("ID Server", "ID सर्वर"),
+        ("Relay Server", "रिले सर्वर"),
+        ("API Server", "API सर्वर"),
+        ("invalid_http", "अमान्य HTTP लिंक"),
+        ("Invalid IP", "अमान्य IP"),
+        ("Invalid format", "अमान्य प्रारूप"),
+        ("server_not_support", "सर्वर द्वारा समर्थित नहीं"),
+        ("Not available", "उपलब्ध नहीं"),
+        ("Too frequent", "बहुत बार-बार"),
+        ("Cancel", "रद्द करें"),
+        ("Skip", "छोड़ें"),
+        ("Close", "बंद करें"),
+        ("Retry", "पुनः प्रयास करें"),
+        ("OK", "ठीक है"),
+        ("Password Required", "पासवर्ड आवश्यक है"),
+        ("Please enter your password", "कृपया अपना पासवर्ड दर्ज करें"),
+        ("Remember password", "पासवर्ड याद रखें"),
+        ("Wrong Password", "गलत पासवर्ड"),
+        ("Do you want to enter again?", "क्या आप दोबारा दर्ज करना चाहते हैं?"),
+        ("Connection Error", "कनेक्शन त्रुटि"),
+        ("Error", "त्रुटि"),
+        ("Reset by the peer", "दूसरे सिस्टम द्वारा रिसेट किया गया"),
+        ("Connecting...", "जुड़ रहा है..."),
+        ("Connection in progress. Please wait.", "कनेक्शन जारी है। कृपया प्रतीक्षा करें।"),
+        ("Please try 1 minute later", "कृपया 1 मिनट बाद पुनः प्रयास करें"),
+        ("Login Error", "लॉगिन त्रुटि"),
+        ("Successful", "सफल"),
+        ("Connected, waiting for image...", "जुड़ गया, इमेज की प्रतीक्षा कर रहा है..."),
+        ("Name", "नाम"),
+        ("Type", "प्रकार"),
+        ("Modified", "संशोधित"),
+        ("Size", "आकार"),
+        ("Show Hidden Files", "छिपी हुई फाइलें दिखाएं"),
+        ("Receive", "प्राप्त करें"),
+        ("Send", "भेजें"),
+        ("Refresh File", "फ़ाइल रिफ्रेश करें"),
+        ("Local", "स्थानीय (Local)"),
+        ("Remote", "रिमोट"),
+        ("Remote Computer", "रिमोट कंप्यूटर"),
+        ("Local Computer", "स्थानीय कंप्यूटर"),
+        ("Confirm Delete", "हटाने की पुष्टि करें"),
+        ("Delete", "हटाएं"),
+        ("Properties", "गुण (Properties)"),
+        ("Multi Select", "बहु-चयन"),
+        ("Select All", "सभी चुनें"),
+        ("Unselect All", "सभी अचयनित करें"),
+        ("Empty Directory", "खाली निर्देशिका"),
+        ("Not an empty directory", "निर्देशिका खाली नहीं है"),
+        ("Are you sure you want to delete this file?", "क्या आप वाकई इस फ़ाइल को हटाना चाहते हैं?"),
+        ("Are you sure you want to delete this empty directory?", "क्या आप वाकई इस खाली निर्देशिका को हटाना चाहते हैं?"),
+        ("Are you sure you want to delete the file of this directory?", "क्या आप वाकई इस निर्देशिका की फ़ाइल को हटाना चाहते हैं?"),
+        ("Do this for all conflicts", "सभी विवादों के लिए यह करें"),
+        ("This is irreversible!", "इसे वापस नहीं लिया जा सकता!"),
+        ("Deleting", "हटाया जा रहा है"),
+        ("files", "फाइलें"),
+        ("Waiting", "प्रतीक्षा कर रहा है"),
+        ("Finished", "पूरा हुआ"),
+        ("Speed", "गति"),
+        ("Custom Image Quality", "कस्टम इमेज गुणवत्ता"),
+        ("Privacy mode", "गोपनीयता मोड"),
+        ("Block user input", "उपयोगकर्ता इनपुट ब्लॉक करें"),
+        ("Unblock user input", "उपयोगकर्ता इनपुट अनब्लॉक करें"),
+        ("Adjust Window", "विंडो समायोजित करें"),
+        ("Original", "मूल (Original)"),
+        ("Shrink", "सिकुड़ें"),
+        ("Stretch", "खिंचाव (Stretch)"),
+        ("Scrollbar", "स्क्रोलबार"),
+        ("ScrollAuto", "ऑटो स्क्रॉल"),
+        ("Good image quality", "अच्छी इमेज गुणवत्ता"),
+        ("Balanced", "संतुलित"),
+        ("Optimize reaction time", "प्रतिक्रिया समय अनुकूलित करें"),
+        ("Custom", "कस्टम"),
+        ("Show remote cursor", "रिमोट कर्सर दिखाएं"),
+        ("Show quality monitor", "गुणवत्ता मॉनिटर दिखाएं"),
+        ("Disable clipboard", "क्लिपबोर्ड अक्षम करें"),
+        ("Lock after session end", "सत्र समाप्त होने के बाद लॉक करें"),
+        ("Insert Ctrl + Alt + Del", "Ctrl + Alt + Del डालें"),
+        ("Insert Lock", "लॉक डालें"),
+        ("Refresh", "रिफ्रेश करें"),
+        ("ID does not exist", "ID मौजूद नहीं है"),
+        ("Failed to connect to rendezvous server", "Rendezvous सर्वर से जुड़ने में विफल"),
+        ("Please try later", "कृपया बाद में प्रयास करें"),
+        ("Remote desktop is offline", "रिमोट डेस्कटॉप ऑफ़लाइन है"),
+        ("Key mismatch", "कुंजी बेमेल (Key mismatch)"),
+        ("Timeout", "समय समाप्त"),
+        ("Failed to connect to relay server", "रिले सर्वर से जुड़ने में विफल"),
+        ("Failed to connect via rendezvous server", "Rendezvous सर्वर के माध्यम से जुड़ने में विफल"),
+        ("Failed to connect via relay server", "रिले सर्वर के माध्यम से जुड़ने में विफल"),
+        ("Failed to make direct connection to remote desktop", "रिमोट डेस्कटॉप से सीधा कनेक्शन बनाने में विफल"),
+        ("Set Password", "पासवर्ड सेट करें"),
+        ("OS Password", "OS पासवर्ड"),
+        ("install_tip", "सर्वोत्तम प्रदर्शन के लिए, इसे इंस्टॉल करें।"),
+        ("Click to upgrade", "अपग्रेड करने के लिए क्लिक करें"),
+        ("Configure", "कॉन्फ़िगर करें"),
+        ("config_acc", "एक्सेसिबिलिटी कॉन्फ़िगर करें"),
+        ("config_screen", "स्क्रीन कॉन्फ़िगर करें"),
+        ("Installing ...", "इंस्टॉल हो रहा है..."),
+        ("Install", "इंस्टॉल करें"),
+        ("Installation", "इंस्टॉलेशन"),
+        ("Installation Path", "इंस्टॉलेशन पाथ"),
+        ("Create start menu shortcuts", "स्टार्ट मेनू शॉर्टकट बनाएं"),
+        ("Create desktop icon", "डेस्कटॉप आइकन बनाएं"),
+        ("agreement_tip", "इंस्टॉल करके आप लाइसेंस समझौते को स्वीकार करते हैं।"),
+        ("Accept and Install", "स्वीकार करें और इंस्टॉल करें"),
+        ("End-user license agreement", "अंतिम उपयोगकर्ता लाइसेंस समझौता"),
+        ("Generating ...", "बनाया जा रहा है..."),
+        ("Your installation is lower version.", "आपका वर्तमान इंस्टॉलेशन पुराना संस्करण है।"),
+        ("not_close_tcp_tip", "टनल का उपयोग करते समय इस विंडो को बंद न करें।"),
+        ("Listening ...", "सुन रहा है (Listening)..."),
+        ("Remote Host", "रिमोट होस्ट"),
+        ("Remote Port", "रिमोट पोर्ट"),
+        ("Action", "कार्य"),
+        ("Add", "जोड़ें"),
+        ("Local Port", "स्थानीय पोर्ट"),
+        ("Local Address", "स्थानीय पता"),
+        ("Change Local Port", "स्थानीय पोर्ट बदलें"),
+        ("setup_server_tip", "तेज़ कनेक्शन के लिए अपना खुद का सर्वर सेटअप करें"),
+        ("Too short, at least 6 characters.", "बहुत छोटा, कम से कम 6 अक्षर होने चाहिए।"),
+        ("The confirmation is not identical.", "पुष्टि समान नहीं है।"),
+        ("Permissions", "अनुमतियाँ"),
+        ("Accept", "स्वीकार करें"),
+        ("Dismiss", "खारिज करें"),
+        ("Disconnect", "डिस्कनेक्ट करें"),
+        ("Enable file copy and paste", "फ़ाइल कॉपी और पेस्ट सक्षम करें"),
+        ("Connected", "जुड़ गया"),
+        ("Direct and encrypted connection", "सीधा और एन्क्रिप्टेड कनेक्शन"),
+        ("Relayed and encrypted connection", "रिले और एन्क्रिप्टेड कनेक्शन"),
+        ("Direct and unencrypted connection", "सीधा और अनएन्क्रिप्टेड कनेक्शन"),
+        ("Relayed and unencrypted connection", "रिले और अनएन्क्रिप्टेड कनेक्शन"),
+        ("Enter Remote ID", "रिमोट ID दर्ज करें"),
+        ("Enter your password", "अपना पासवर्ड दर्ज करें"),
+        ("Logging in...", "लॉग इन हो रहा है..."),
+        ("Enable RDP session sharing", "RDP सत्र साझाकरण सक्षम करें"),
+        ("Auto Login", "ऑटो लॉगिन"),
+        ("Enable direct IP access", "सीधी IP पहुंच सक्षम करें"),
+        ("Rename", "नाम बदलें"),
+        ("Space", "स्थान (Space)"),
+        ("Create desktop shortcut", "डेस्कटॉप शॉर्टकट बनाएं"),
+        ("Change Path", "पाथ बदलें"),
+        ("Create Folder", "फ़ोल्डर बनाएं"),
+        ("Please enter the folder name", "कृपया फ़ोल्डर का नाम दर्ज करें"),
+        ("Fix it", "इसे ठीक करें"),
+        ("Warning", "चेतावनी"),
+        ("Login screen using Wayland is not supported", "Wayland का उपयोग करने वाली लॉगिन स्क्रीन समर्थित नहीं है"),
+        ("Reboot required", "रीबूट आवश्यक है"),
+        ("Unsupported display server", "असमर्थित डिस्प्ले सर्वर"),
+        ("x11 expected", "x11 अपेक्षित है"),
+        ("Port", "पोर्ट"),
+        ("Settings", "सेटिंग्स"),
+        ("Username", "उपयोगकर्ता नाम"),
+        ("Invalid port", "अमान्य पोर्ट"),
+        ("Closed manually by the peer", "दूसरे सिस्टम द्वारा मैन्युअल रूप से बंद किया गया"),
+        ("Enable remote configuration modification", "रिमोट कॉन्फ़िगरेशन संशोधन सक्षम करें"),
+        ("Run without install", "बिना इंस्टॉल किए चलाएं"),
+        ("Connect via relay", "रिले के माध्यम से जुड़ें"),
+        ("Always connect via relay", "हमेशा रिले के माध्यम से जुड़ें"),
+        ("whitelist_tip", "केवल श्वेतसूचीबद्ध IP ही मुझ तक पहुंच सकते हैं"),
+        ("Login", "लॉगिन"),
+        ("Verify", "सत्यापित करें"),
+        ("Remember me", "मुझे याद रखें"),
+        ("Trust this device", "इस डिवाइस पर भरोसा करें"),
+        ("Verification code", "सत्यापन कोड"),
+        ("verification_tip", "एक सत्यापन कोड आपके ईमेल पर भेजा गया है"),
+        ("Logout", "लॉगआउट"),
+        ("Tags", "टैग"),
+        ("Search ID", "ID खोजें"),
+        ("whitelist_sep", "अल्पविराम, अर्धविराम या रिक्त स्थान द्वारा अलग किया गया"),
+        ("Add ID", "ID जोड़ें"),
+        ("Add Tag", "टैग जोड़ें"),
+        ("Unselect all tags", "सभी टैग अचयनित करें"),
+        ("Network error", "नेटवर्क त्रुटि"),
+        ("Username missed", "उपयोगकर्ता नाम छूट गया"),
+        ("Password missed", "पासवर्ड छूट गया"),
+        ("Wrong credentials", "गलत क्रेडेंशियल"),
+        ("The verification code is incorrect or has expired", "सत्यापन कोड गलत है या समाप्त हो गया है"),
+        ("Edit Tag", "टैग संपादित करें"),
+        ("Forget Password", "पासवर्ड भूल गए"),
+        ("Favorites", "पसंदीदा"),
+        ("Add to Favorites", "पसंदीदा में जोड़ें"),
+        ("Remove from Favorites", "पसंदीदा से हटाएं"),
+        ("Empty", "खाली"),
+        ("Invalid folder name", "अमान्य फ़ोल्डर नाम"),
+        ("Socks5 Proxy", "Socks5 प्रॉक्सी"),
+        ("Socks5/Http(s) Proxy", "Socks5/Http(s) प्रॉक्सी"),
+        ("Discovered", "खोजा गया"),
+        ("install_daemon_tip", "बूट पर शुरू करने के लिए सेवा इंस्टॉल करें"),
+        ("Remote ID", "रिमोट ID"),
+        ("Paste", "पेस्ट करें"),
+        ("Paste here?", "यहाँ पेस्ट करें?"),
+        ("Are you sure to close the connection?", "क्या आप वाकई कनेक्शन बंद करना चाहते हैं?"),
+        ("Download new version", "नया संस्करण डाउनलोड करें"),
+        ("Touch mode", "टच मोड"),
+        ("Mouse mode", "माउस मोड"),
+        ("One-Finger Tap", "एक उंगली से टैप"),
+        ("Left Mouse", "बायां माउस"),
+        ("One-Long Tap", "एक लंबा टैप"),
+        ("Two-Finger Tap", "दो उंगलियों से टैप"),
+        ("Right Mouse", "दायां माउस"),
+        ("One-Finger Move", "एक उंगली से हिलाएं"),
+        ("Double Tap & Move", "डबल टैप और हिलाएं"),
+        ("Mouse Drag", "माउस ड्रैग"),
+        ("Three-Finger vertically", "तीन उंगलियां लंबवत"),
+        ("Mouse Wheel", "माउस व्हील"),
+        ("Two-Finger Move", "दो उंगलियों से हिलाएं"),
+        ("Canvas Move", "कैनवास मूव"),
+        ("Pinch to Zoom", "ज़ूम करने के लिए पिंच करें"),
+        ("Canvas Zoom", "कैनवास ज़ूम"),
+        ("Reset canvas", "कैनवास रिसेट करें"),
+        ("No permission of file transfer", "फ़ाइल स्थानांतरण की अनुमति नहीं है"),
+        ("Note", "नोट"),
+        ("Connection", "कनेक्शन"),
+        ("Share screen", "स्क्रीन शेयर करें"),
+        ("Chat", "चैट"),
+        ("Total", "कुल"),
+        ("items", "आइटम"),
+        ("Selected", "चयनित"),
+        ("Screen Capture", "स्क्रीन कैप्चर"),
+        ("Input Control", "इनपुट नियंत्रण"),
+        ("Audio Capture", "ऑडियो कैप्चर"),
+        ("Do you accept?", "क्या आप स्वीकार करते हैं?"),
+        ("Open System Setting", "सिस्टम सेटिंग खोलें"),
+        ("How to get Android input permission?", "Android इनपुट अनुमति कैसे प्राप्त करें?"),
+        ("android_input_permission_tip1", "इनपुट अनुमति प्राप्त करने के लिए एक्सेसिबिलिटी सेवा सक्षम करें।"),
+        ("android_input_permission_tip2", "कृपया सिस्टम सेटिंग में RustDesk खोजें और इसे चालू करें।"),
+        ("android_new_connection_tip", "एक नया नियंत्रण अनुरोध प्राप्त हुआ है।"),
+        ("android_service_will_start_tip", "स्क्रीन कैप्चर चालू करने से सेवा अपने आप शुरू हो जाएगी।"),
+        ("android_stop_service_tip", "सेवा बंद करने से सभी कनेक्शन टूट जाएंगे।"),
+        ("android_version_audio_tip", "ऑडियो कैप्चर केवल Android 10 या उच्चतर पर समर्थित है।"),
+        ("android_start_service_tip", "स्क्रीन शेयरिंग सेवा शुरू करने के लिए क्लिक करें।"),
+        ("android_permission_may_not_change_tip", "अनुमतियाँ बाद में नहीं बदली जा सकती हैं, कृपया ध्यान से चुनें।"),
+        ("Account", "खाता"),
+        ("Overwrite", "ओवरराइट (Overwrite) करें"),
+        ("This file exists, skip or overwrite this file?", "यह फ़ाइल मौजूद है, छोड़ें या ओवरराइट करें?"),
+        ("Quit", "बाहर निकलें"),
+        ("Help", "सहायता"),
+        ("Failed", "विफल"),
+        ("Succeeded", "सफल"),
+        ("Someone turns on privacy mode, exit", "किसी ने गोपनीयता मोड चालू किया है, बाहर निकल रहे हैं"),
+        ("Unsupported", "असमर्थित"),
+        ("Peer denied", "दूसरे सिस्टम ने मना कर दिया"),
+        ("Please install plugins", "कृपया प्लगइन्स इंस्टॉल करें"),
+        ("Peer exit", "दूसरा सिस्टम बाहर निकल गया"),
+        ("Failed to turn off", "बंद करने में विफल"),
+        ("Turned off", "बंद कर दिया गया"),
+        ("Language", "भाषा"),
+        ("Keep RustDesk background service", "RustDesk बैकग्राउंड सेवा चालू रखें"),
+        ("Ignore Battery Optimizations", "बैटरी ऑप्टिमाइजेशन को अनदेखा करें"),
+        ("android_open_battery_optimizations_tip", "डिस्कनेक्शन से बचने के लिए बैटरी ऑप्टिमाइजेशन सेटिंग खोलें"),
+        ("Start on boot", "बूट पर शुरू करें"),
+        ("Start the screen sharing service on boot, requires special permissions", "बूट पर स्क्रीन शेयरिंग सेवा शुरू करें, विशेष अनुमतियों की आवश्यकता है"),
+        ("Connection not allowed", "कनेक्शन की अनुमति नहीं है"),
+        ("Legacy mode", "लेगेसी (Legacy) मोड"),
+        ("Map mode", "मैप मोड"),
+        ("Translate mode", "अनुवाद मोड"),
+        ("Use permanent password", "स्थायी पासवर्ड का उपयोग करें"),
+        ("Use both passwords", "दोनों पासवर्ड का उपयोग करें"),
+        ("Set permanent password", "स्थायी पासवर्ड सेट करें"),
+        ("Enable remote restart", "रिमोट रीस्टार्ट सक्षम करें"),
+        ("Restart remote device", "रिमोट डिवाइस रीस्टार्ट करें"),
+        ("Are you sure you want to restart", "क्या आप वाकई रीस्टार्ट करना चाहते हैं?"),
+        ("Restarting remote device", "रिमोट डिवाइस रीस्टार्ट हो रहा है"),
+        ("remote_restarting_tip", "रिमोट डिवाइस रीस्टार्ट हो रहा है, कृपया प्रतीक्षा करें..."),
+        ("Copied", "कॉपी किया गया"),
+        ("Exit Fullscreen", "फुलस्क्रीन से बाहर निकलें"),
+        ("Fullscreen", "फुलस्क्रीन"),
+        ("Mobile Actions", "मोबाइल क्रियाएं"),
+        ("Select Monitor", "मॉनिटर चुनें"),
+        ("Control Actions", "नियंत्रण क्रियाएं"),
+        ("Display Settings", "डिस्प्ले सेटिंग्स"),
+        ("Ratio", "अनुपात (Ratio)"),
+        ("Image Quality", "इमेज गुणवत्ता"),
+        ("Scroll Style", "स्क्रॉल शैली"),
+        ("Show Toolbar", "टूलबार दिखाएं"),
+        ("Hide Toolbar", "टूलबार छुपाएं"),
+        ("Direct Connection", "सीधा कनेक्शन"),
+        ("Relay Connection", "रिले कनेक्शन"),
+        ("Secure Connection", "सुरक्षित कनेक्शन"),
+        ("Insecure Connection", "असुरक्षित कनेक्शन"),
+        ("Scale original", "मूल पैमाना"),
+        ("Scale adaptive", "अनुकूली पैमाना"),
+        ("General", "सामान्य"),
+        ("Security", "सुरक्षा"),
+        ("Theme", "थीम"),
+        ("Dark Theme", "डार्क थीम"),
+        ("Light Theme", "लाइट थीम"),
+        ("Dark", "डार्क"),
+        ("Light", "लाइट"),
+        ("Follow System", "सिस्टम का पालन करें"),
+        ("Enable hardware codec", "हार्डवेयर कोडेक सक्षम करें"),
+        ("Unlock Security Settings", "सुरक्षा सेटिंग्स अनलॉक करें"),
+        ("Enable audio", "ऑडियो सक्षम करें"),
+        ("Unlock Network Settings", "नेटवर्क सेटिंग्स अनलॉक करें"),
+        ("Server", "सर्वर"),
+        ("Direct IP Access", "सीधी IP पहुंच"),
+        ("Proxy", "प्रॉक्सी"),
+        ("Apply", "लागू करें"),
+        ("Disconnect all devices?", "सभी डिवाइस डिस्कनेक्ट करें?"),
+        ("Clear", "साफ करें"),
+        ("Audio Input Device", "ऑडियो इनपुट डिवाइस"),
+        ("Use IP Whitelisting", "IP श्वेतसूची का उपयोग करें"),
+        ("Network", "नेटवर्क"),
+        ("Pin Toolbar", "टूलबार पिन करें"),
+        ("Unpin Toolbar", "टूलबार अनपिन करें"),
+        ("Recording", "रिकॉर्डिंग"),
+        ("Directory", "निर्देशिका"),
+        ("Automatically record incoming sessions", "आने वाले सत्रों को स्वचालित रूप से रिकॉर्ड करें"),
+        ("Automatically record outgoing sessions", "जाने वाले सत्रों को स्वचालित रूप से रिकॉर्ड करें"),
+        ("Change", "बदलें"),
+        ("Start session recording", "सत्र रिकॉर्डिंग शुरू करें"),
+        ("Stop session recording", "सत्र रिकॉर्डिंग रोकें"),
+        ("Enable recording session", "सत्र रिकॉर्डिंग सक्षम करें"),
+        ("Enable LAN discovery", "LAN खोज सक्षम करें"),
+        ("Deny LAN discovery", "LAN खोज अस्वीकार करें"),
+        ("Write a message", "संदेश लिखें"),
+        ("Prompt", "प्रॉम्प्ट"),
+        ("Please wait for confirmation of UAC...", "कृपया UAC की पुष्टि की प्रतीक्षा करें..."),
+        ("elevated_foreground_window_tip", "रिमोट डेस्कटॉप की वर्तमान विंडो को उच्च अनुमतियों की आवश्यकता है।"),
+        ("Disconnected", "डिस्कनेक्ट हो गया"),
+        ("Other", "अन्य"),
+        ("Confirm before closing multiple tabs", "एकाधिक टैब बंद करने से पहले पुष्टि करें"),
+        ("Keyboard Settings", "कीबोर्ड सेटिंग्स"),
+        ("Full Access", "पूर्ण पहुंच (Full Access)"),
+        ("Screen Share", "स्क्रीन शेयर"),
+        ("ubuntu-21-04-required", "Ubuntu 21.04 या उच्चतर आवश्यक है"),
+        ("wayland-requires-higher-linux-version", "Wayland के लिए उच्च Linux संस्करण आवश्यक है"),
+        ("xdp-portal-unavailable", "XDP पोर्टल अनुपलब्ध है"),
+        ("JumpLink", "JumpLink"),
+        ("Please Select the screen to be shared(Operate on the peer side).", "कृपया साझा की जाने वाली स्क्रीन चुनें (दूसरे सिस्टम पर संचालित करें)।"),
+        ("Show RustDesk", "RustDesk दिखाएं"),
+        ("This PC", "यह PC"),
+        ("or", "या"),
+        ("Elevate", "एलीवेट (Elevate) करें"),
+        ("Zoom cursor", "ज़ूम कर्सर"),
+        ("Accept sessions via password", "पासवर्ड के माध्यम से सत्र स्वीकार करें"),
+        ("Accept sessions via click", "क्लिक के माध्यम से सत्र स्वीकार करें"),
+        ("Accept sessions via both", "दोनों के माध्यम से सत्र स्वीकार करें"),
+        ("Please wait for the remote side to accept your session request...", "कृपया रिमोट साइड द्वारा आपके सत्र अनुरोध को स्वीकार करने की प्रतीक्षा करें..."),
+        ("One-time Password", "वन-टाइम पासवर्ड"),
+        ("Use one-time password", "वन-टाइम पासवर्ड का उपयोग करें"),
+        ("One-time password length", "वन-टाइम पासवर्ड की लंबाई"),
+        ("Request access to your device", "आपके डिवाइस तक पहुंच का अनुरोध"),
+        ("Hide connection management window", "कनेक्शन प्रबंधन विंडो छुपाएं"),
+        ("hide_cm_tip", "केवल तभी छुपाएं जब पासवर्ड से कनेक्शन की अनुमति हो"),
+        ("wayland_experiment_tip", "Wayland समर्थन अभी परीक्षण मोड में है"),
+        ("Right click to select tabs", "टैब चुनने के लिए राइट क्लिक करें"),
+        ("Skipped", "छोड़ दिया गया"),
+        ("Add to address book", "पता पुस्तिका में जोड़ें"),
+        ("Group", "समूह"),
+        ("Search", "खोजें"),
+        ("Closed manually by web console", "वेब कंसोल द्वारा मैन्युअल रूप से बंद किया गया"),
+        ("Local keyboard type", "स्थानीय कीबोर्ड प्रकार"),
+        ("Select local keyboard type", "स्थानीय कीबोर्ड प्रकार चुनें"),
+        ("software_render_tip", "यदि आपकी स्क्रीन काली है, तो इसे आज़माएं"),
+        ("Always use software rendering", "हमेशा सॉफ़्टवेयर रेंडरिंग का उपयोग करें"),
+        ("config_input", "इनपुट कॉन्फ़िगर करें"),
+        ("config_microphone", "माइक्रोफ़ोन कॉन्फ़िगर करें"),
+        ("request_elevation_tip", "रिमोट साइड से उच्च अनुमतियों का अनुरोध करें"),
+        ("Wait", "प्रतीक्षा करें"),
+        ("Elevation Error", "एलीवेशन (Elevation) त्रुटि"),
+        ("Ask the remote user for authentication", "रिमोट उपयोगकर्ता से प्रमाणीकरण मांगें"),
+        ("Choose this if the remote account is administrator", "यदि रिमोट खाता व्यवस्थापक (Admin) है तो इसे चुनें"),
+        ("Transmit the username and password of administrator", "व्यवस्थापक का उपयोगकर्ता नाम और पासवर्ड भेजें"),
+        ("still_click_uac_tip", "रिमोट उपयोगकर्ता को अभी भी UAC विंडो पर 'हाँ' क्लिक करना होगा।"),
+        ("Request Elevation", "एलीवेशन का अनुरोध करें"),
+        ("wait_accept_uac_tip", "कृपया रिमोट उपयोगकर्ता द्वारा UAC स्वीकार करने की प्रतीक्षा करें।"),
+        ("Elevate successfully", "सफलतापूर्वक एलीवेट किया गया"),
+        ("uppercase", "बड़े अक्षर (Uppercase)"),
+        ("lowercase", "छोटे अक्षर (Lowercase)"),
+        ("digit", "अंक (Digit)"),
+        ("special character", "विशेष वर्ण"),
+        ("length>=8", "लंबाई >= 8"),
+        ("Weak", "कमजोर"),
+        ("Medium", "मध्यम"),
+        ("Strong", "मजबूत"),
+        ("Switch Sides", "साइड्स बदलें"),
+        ("Please confirm if you want to share your desktop?", "कृपया पुष्टि करें कि क्या आप अपना डेस्कटॉप साझा करना चाहते हैं?"),
+        ("Display", "डिस्प्ले"),
+        ("Default View Style", "डिफ़ॉल्ट व्यू शैली"),
+        ("Default Scroll Style", "डिफ़ॉल्ट स्क्रॉल शैली"),
+        ("Default Image Quality", "डिफ़ॉल्ट इमेज गुणवत्ता"),
+        ("Default Codec", "डिफ़ॉल्ट कोडेक"),
+        ("Bitrate", "बिटरेट"),
+        ("FPS", "FPS"),
+        ("Auto", "ऑटो"),
+        ("Other Default Options", "अन्य डिफ़ॉल्ट विकल्प"),
+        ("Voice call", "वॉयस कॉल"),
+        ("Text chat", "टेक्स्ट चैट"),
+        ("Stop voice call", "वॉयस कॉल बंद करें"),
+        ("relay_hint_tip", "सीधा कनेक्शन संभव नहीं हो सकता; आप रिले के माध्यम से जुड़ने का प्रयास कर सकते हैं।"),
+        ("Reconnect", "पुनः कनेक्ट करें"),
+        ("Codec", "कोडेक"),
+        ("Resolution", "रिज़ॉल्यूशन"),
+        ("No transfers in progress", "कोई स्थानांतरण जारी नहीं है"),
+        ("Set one-time password length", "वन-टाइम पासवर्ड की लंबाई सेट करें"),
+        ("RDP Settings", "RDP सेटिंग्स"),
+        ("Sort by", "इसके अनुसार क्रमबद्ध करें"),
+        ("New Connection", "नया कनेक्शन"),
+        ("Restore", "पुनर्स्थापित करें"),
+        ("Minimize", "मिनिमाइज करें"),
+        ("Maximize", "मैक्सिमाइज करें"),
+        ("Your Device", "आपका डिवाइस"),
+        ("empty_recent_tip", "हाल के सत्र यहाँ दिखाई देंगे।"),
+        ("empty_favorite_tip", "पसंदीदा डिवाइस यहाँ दिखाई देंगे।"),
+        ("empty_lan_tip", "खोजे गए डिवाइस यहाँ दिखाई देंगे।"),
+        ("empty_address_book_tip", "आपके पता पुस्तिका में वर्तमान में कोई डिवाइस नहीं है।"),
+        ("Empty Username", "खाली उपयोगकर्ता नाम"),
+        ("Empty Password", "खाली पासवर्ड"),
+        ("Me", "मैं"),
+        ("identical_file_tip", "यह फ़ाइल पहले से ही मौजूद है।"),
+        ("show_monitors_tip", "टूलबार में मॉनिटर दिखाएं"),
+        ("View Mode", "व्यू मोड"),
+        ("login_linux_tip", "रिमोट Linux सत्र शुरू करने के लिए आपको लॉगिन करना होगा"),
+        ("verify_rustdesk_password_tip", "RustDesk पासवर्ड सत्यापित करें"),
+        ("remember_account_tip", "इस खाते को याद रखें"),
+        ("os_account_desk_tip", "रिमोट डेस्कटॉप को एक्सेस करने के लिए OS खाते का उपयोग करें"),
+        ("OS Account", "OS खाता"),
+        ("another_user_login_title_tip", "एक अन्य उपयोगकर्ता पहले से ही लॉगिन है"),
+        ("another_user_login_text_tip", "डिस्कनेक्ट करें और पुनः प्रयास करें"),
+        ("xorg_not_found_title_tip", "Xorg नहीं मिला"),
+        ("xorg_not_found_text_tip", "कृपया Xorg इंस्टॉल करें"),
+        ("no_desktop_title_tip", "कोई डेस्कटॉप उपलब्ध नहीं है"),
+        ("no_desktop_text_tip", "कृपया Linux डेस्कटॉप इंस्टॉल करें"),
+        ("No need to elevate", "एलीवेट करने की आवश्यकता नहीं है"),
+        ("System Sound", "सिस्टम साउंड"),
+        ("Default", "डिफ़ॉल्ट"),
+        ("New RDP", "नया RDP"),
+        ("Fingerprint", "फिंगरप्रिंट"),
+        ("Copy Fingerprint", "फिंगरप्रिंट कॉपी करें"),
+        ("no fingerprints", "कोई फिंगरप्रिंट नहीं"),
+        ("Select a peer", "एक पीयर (Peer) चुनें"),
+        ("Select peers", "पीयर्स चुनें"),
+        ("Plugins", "प्लगइन्स"),
+        ("Uninstall", "अनइंस्टॉल करें"),
+        ("Update", "अपडेट करें"),
+        ("Enable", "सक्षम करें"),
+        ("Disable", "अक्षम करें"),
+        ("Options", "विकल्प"),
+        ("resolution_original_tip", "मूल रिज़ॉल्यूशन"),
+        ("resolution_fit_local_tip", "स्थानीय स्क्रीन में फिट करें"),
+        ("resolution_custom_tip", "कस्टम रिज़ॉल्यूशन"),
+        ("Collapse toolbar", "टूलबार समेटें"),
+        ("Accept and Elevate", "स्वीकार करें और एलीवेट करें"),
+        ("accept_and_elevate_btn_tooltip", "कनेक्शन स्वीकार करें और UAC अनुमतियाँ मांगें।"),
+        ("clipboard_wait_response_timeout_tip", "क्लिपबोर्ड प्रतिक्रिया के लिए समय समाप्त हो गया।"),
+        ("Incoming connection", "आने वाला कनेक्शन"),
+        ("Outgoing connection", "जाने वाला कनेक्शन"),
+        ("Exit", "बाहर निकलें"),
+        ("Open", "खोलें"),
+        ("logout_tip", "क्या आप वाकई लॉगआउट करना चाहते हैं?"),
+        ("Service", "सेवा"),
+        ("Start", "शुरू करें"),
+        ("Stop", "रोकें"),
+        ("exceed_max_devices", "आप डिवाइस की अधिकतम सीमा को पार कर चुके हैं।"),
+        ("Sync with recent sessions", "हाल के सत्रों के साथ सिंक करें"),
+        ("Sort tags", "टैग क्रमबद्ध करें"),
+        ("Open connection in new tab", "नये टैब में कनेक्शन खोलें"),
+        ("Move tab to new window", "टैब को नयी विंडो में ले जाएं"),
+        ("Can not be empty", "खाली नहीं हो सकता"),
+        ("Already exists", "पहले से मौजूद है"),
+        ("Change Password", "पासवर्ड बदलें"),
+        ("Refresh Password", "पासवर्ड रिफ्रेश करें"),
+        ("ID", "ID"),
+        ("Grid View", "ग्रिड व्यू"),
+        ("List View", "लिस्ट व्यू"),
+        ("Select", "चुनें"),
+        ("Toggle Tags", "टैग टॉगल करें"),
+        ("pull_ab_failed_tip", "पता पुस्तिका अपडेट करने में विफल।"),
+        ("push_ab_failed_tip", "सर्वर पर पता पुस्तिका सिंक करने में विफल।"),
+        ("synced_peer_readded_tip", "हाल के सत्रों में मौजूद डिवाइस पता पुस्तिका में सिंक किए गए थे।"),
+        ("Change Color", "रंग बदलें"),
+        ("Primary Color", "प्राथमिक रंग"),
+        ("HSV Color", "HSV रंग"),
+        ("Installation Successful!", "इंस्टॉलेशन सफल रहा!"),
+        ("Installation failed!", "इंस्टॉलेशन विफल रहा!"),
+        ("Reverse mouse wheel", "माउस व्हील उल्टा करें"),
+        ("{} sessions", "{} सत्र"),
+        ("scam_title", "धोखाधड़ी की चेतावनी!"),
+        ("scam_text1", "यदि आप किसी ऐसे व्यक्ति से बात कर रहे हैं जिसे आप नहीं जानते और जिसने आपसे RustDesk उपयोग करने को कहा है, तो तुरंत डिस्कनेक्ट कर दें।"),
+        ("scam_text2", "यह एक घोटाला हो सकता है। अपना आईडी या पासवर्ड किसी को न दें।"),
+        ("Don't show again", "दोबारा न दिखाएं"),
+        ("I Agree", "मैं सहमत हूँ"),
+        ("Decline", "अस्वीकार करें"),
+        ("Timeout in minutes", "मिनटों में टाइमआउट"),
+        ("auto_disconnect_option_tip", "निष्क्रियता पर स्वचालित रूप से डिस्कनेक्ट करें"),
+        ("Connection failed due to inactivity", "निष्क्रियता के कारण कनेक्शन विफल रहा"),
+        ("Check for software update on startup", "स्टार्टअप पर सॉफ़्टवेयर अपडेट की जांच करें"),
+        ("upgrade_rustdesk_server_pro_to_{}_tip", "RustDesk सर्वर प्रो को संस्करण {} में अपग्रेड करें"),
+        ("pull_group_failed_tip", "समूह खींचने (Pull) में विफल"),
+        ("Filter by intersection", "इंटरसेक्शन द्वारा फ़िल्टर करें"),
+        ("Remove wallpaper during incoming sessions", "आने वाले सत्रों के दौरान वॉलपेपर हटा दें"),
+        ("Test", "परीक्षण"),
+        ("display_is_plugged_out_msg", "डिस्प्ले हटा दिया गया है।"),
+        ("No displays", "कोई डिस्प्ले नहीं"),
+        ("Open in new window", "नयी विंडो में खोलें"),
+        ("Show displays as individual windows", "डिस्प्ले को व्यक्तिगत विंडो के रूप में दिखाएं"),
+        ("Use all my displays for the remote session", "रिमोट सत्र के लिए मेरे सभी डिस्प्ले का उपयोग करें"),
+        ("selinux_tip", "डिवाइस पर SELinux सक्षम है।"),
+        ("Change view", "व्यू बदलें"),
+        ("Big tiles", "बड़ी टाइलें"),
+        ("Small tiles", "छोटी टाइलें"),
+        ("List", "लिस्ट"),
+        ("Virtual display", "वर्चुअल डिस्प्ले"),
+        ("Plug out all", "सभी अनप्लग करें"),
+        ("True color (4:4:4)", "सच्चा रंग (4:4:4)"),
+        ("Enable blocking user input", "उपयोगकर्ता इनपुट को ब्लॉक करना सक्षम करें"),
+        ("id_input_tip", "आप ID, उपनाम (Alias) या IP पता दर्ज कर सकते हैं।"),
+        ("privacy_mode_impl_mag_tip", "मैग्निफायर (Magnifier) गोपनीयता मोड"),
+        ("privacy_mode_impl_virtual_display_tip", "वर्चुअल डिस्प्ले गोपनीयता मोड"),
+        ("Enter privacy mode", "गोपनीयता मोड में प्रवेश करें"),
+        ("Exit privacy mode", "गोपनीयता मोड से बाहर निकलें"),
+        ("idd_not_support_under_win10_2004_tip", "वर्चुअल डिस्प्ले Windows 10 संस्करण 2004 या उच्चतर पर समर्थित है।"),
+        ("input_source_1_tip", "इनपुट स्रोत 1"),
+        ("input_source_2_tip", "इनपुट स्रोत 2"),
+        ("Swap control-command key", "Control और Command कुंजियों को बदलें"),
+        ("swap-left-right-mouse", "बाएं और दाएं माउस बटन को बदलें"),
+        ("2FA code", "2FA कोड"),
+        ("More", "अधिक"),
+        ("enable-2fa-title", "द्वि-कारक प्रमाणीकरण (2FA) सक्षम करें"),
+        ("enable-2fa-desc", "कृपया अपना ऑथेंटिकेटर ऐप सेट करें।"),
+        ("wrong-2fa-code", "गलत 2FA कोड।"),
+        ("enter-2fa-title", "2FA कोड दर्ज करें"),
+        ("Email verification code must be 6 characters.", "ईमेल सत्यापन कोड 6 अक्षरों का होना चाहिए।"),
+        ("2FA code must be 6 digits.", "2FA कोड 6 अंकों का होना चाहिए।"),
+        ("Multiple Windows sessions found", "एकाधिक Windows सत्र मिले"),
+        ("Please select the session you want to connect to", "कृपया वह सत्र चुनें जिससे आप जुड़ना चाहते हैं"),
+        ("powered_by_me", "मेरे द्वारा संचालित"),
+        ("outgoing_only_desk_tip", "यह केवल आउटगोइंग मोड है"),
+        ("preset_password_warning", "सुरक्षा के लिए, कृपया डिफ़ॉल्ट पासवर्ड बदलें।"),
+        ("Security Alert", "सुरक्षा चेतावनी"),
+        ("My address book", "मेरी पता पुस्तिका"),
+        ("Personal", "व्यक्तिगत"),
+        ("Owner", "स्वामी"),
+        ("Set shared password", "साझा पासवर्ड सेट करें"),
+        ("Exist in", "इसमें मौजूद है"),
+        ("Read-only", "केवल पढ़ने के लिए"),
+        ("Read/Write", "पढ़ना/लिखना"),
+        ("Full Control", "पूर्ण नियंत्रण"),
+        ("share_warning_tip", "सावधानी: आप अपना एक्सेस साझा कर रहे हैं।"),
+        ("Everyone", "हर कोई"),
+        ("ab_web_console_tip", "वेब कंसोल पता पुस्तिका"),
+        ("allow-only-conn-window-open-tip", "केवल तभी कनेक्शन की अनुमति दें जब RustDesk विंडो खुली हो"),
+        ("no_need_privacy_mode_no_physical_displays_tip", "कोई भौतिक डिस्प्ले नहीं मिला, गोपनीयता मोड की आवश्यकता नहीं है।"),
+        ("Follow remote cursor", "रिमोट कर्सर का पालन करें"),
+        ("Follow remote window focus", "रिमोट विंडो फोकस का पालन करें"),
+        ("default_proxy_tip", "डिफ़ॉल्ट प्रॉक्सी सेटिंग"),
+        ("no_audio_input_device_tip", "कोई ऑडियो इनपुट डिवाइस नहीं मिला।"),
+        ("Incoming", "आने वाली"),
+        ("Outgoing", "जाने वाली"),
+        ("Clear Wayland screen selection", "Wayland स्क्रीन चयन साफ़ करें"),
+        ("clear_Wayland_screen_selection_tip", "Wayland के स्क्रीन चयन को रीसेट करें।"),
+        ("confirm_clear_Wayland_screen_selection_tip", "क्या आप वाकई स्क्रीन चयन साफ़ करना चाहते हैं?"),
+        ("android_new_voice_call_tip", "नया वॉयस कॉल अनुरोध"),
+        ("texture_render_tip", "टेक्सचर रेंडरिंग का उपयोग करें"),
+        ("Use texture rendering", "टेक्सचर रेंडरिंग का उपयोग करें"),
+        ("Floating window", "फ्लोटिंग विंडो"),
+        ("floating_window_tip", "बैकग्राउंड में रहने के दौरान RustDesk को दिखाएं"),
+        ("Keep screen on", "स्क्रीन चालू रखें"),
+        ("Never", "कभी नहीं"),
+        ("During controlled", "नियंत्रण के दौरान"),
+        ("During service is on", "जब सेवा चालू हो"),
+        ("Capture screen using DirectX", "DirectX का उपयोग करके स्क्रीन कैप्चर करें"),
+        ("Back", "पीछे"),
+        ("Apps", "ऐप्स"),
+        ("Volume up", "आवाज़ बढ़ाएं"),
+        ("Volume down", "आवाज़ कम करें"),
+        ("Power", "पावर"),
+        ("Telegram bot", "Telegram बॉट"),
+        ("enable-bot-tip", "सूचनाओं के लिए बोट सक्षम करें"),
+        ("enable-bot-desc", "निर्देशों के लिए हमारे टेलीग्राम बोट को देखें।"),
+        ("cancel-2fa-confirm-tip", "क्या आप वाकई 2FA रद्द करना चाहते हैं?"),
+        ("cancel-bot-confirm-tip", "क्या आप वाकई बोट रद्द करना चाहते हैं?"),
+        ("About RustDesk", "RustDesk के बारे में"),
+        ("Send clipboard keystrokes", "क्लिपबोर्ड कीस्ट्रोक्स भेजें"),
+        ("network_error_tip", "नेटवर्क कनेक्शन त्रुटि, कृपया पुनः प्रयास करें।"),
+        ("Unlock with PIN", "PIN से अनलॉक करें"),
+        ("Requires at least {} characters", "कम से कम {} अक्षरों की आवश्यकता है"),
+        ("Wrong PIN", "गलत PIN"),
+        ("Set PIN", "PIN सेट करें"),
+        ("Enable trusted devices", "विश्वसनीय डिवाइस सक्षम करें"),
+        ("Manage trusted devices", "विश्वसनीय डिवाइस प्रबंधित करें"),
+        ("Platform", "प्लेटफ़ॉर्म"),
+        ("Days remaining", "शेष दिन"),
+        ("enable-trusted-devices-tip", "केवल विश्वसनीय डिवाइस ही पासवर्ड के बिना जुड़ सकते हैं"),
+        ("Parent directory", "पैरेंट निर्देशिका"),
+        ("Resume", "फिर से शुरू करें"),
+        ("Invalid file name", "अमान्य फ़ाइल नाम"),
+        ("one-way-file-transfer-tip", "केवल एकतरफा फ़ाइल स्थानांतरण की अनुमति है"),
+        ("Authentication Required", "प्रमाणीकरण आवश्यक"),
+        ("Authenticate", "प्रमाणित करें"),
+        ("web_id_input_tip", "रिमोट आईडी दर्ज करें"),
+        ("Download", "डाउनलोड करें"),
+        ("Upload folder", "फ़ोल्डर अपलोड करें"),
+        ("Upload files", "फाइलें अपलोड करें"),
+        ("Clipboard is synchronized", "क्लिपबोर्ड सिंक हो गया है"),
+        ("Update client clipboard", "क्लाइंट क्लिपबोर्ड अपडेट करें"),
+        ("Untagged", "बिना टैग वाला"),
+        ("new-version-of-{}-tip", "{} का नया संस्करण उपलब्ध है"),
+        ("Accessible devices", "सुलभ डिवाइस"),
+        ("upgrade_remote_rustdesk_client_to_{}_tip", "रिमोट RustDesk क्लाइंट को संस्करण {} में अपग्रेड करें"),
+        ("d3d_render_tip", "D3D रेंडरिंग का उपयोग करें"),
+        ("Printer", "प्रिंटर"),
+        ("printer-os-requirement-tip", "प्रिंटिंग के लिए Windows आवश्यक है।"),
+        ("printer-requires-installed-{}-client-tip", "इसके लिए क्लाइंट साइड पर {} इंस्टॉल होना चाहिए।"),
+        ("printer-{}-not-installed-tip", "प्रिंटर {} इंस्टॉल नहीं है।"),
+        ("printer-{}-ready-tip", "प्रिंटर {} तैयार है।"),
+        ("Install {} Printer", "{} प्रिंटर इंस्टॉल करें"),
+        ("Outgoing Print Jobs", "आउटगोइंग प्रिंट कार्य"),
+        ("Incoming Print Jobs", "इनकमिंग प्रिंट कार्य"),
+        ("Incoming Print Job", "इनकमिंग प्रिंट कार्य"),
+        ("use-the-default-printer-tip", "डिफ़ॉल्ट प्रिंटर का उपयोग करें"),
+        ("use-the-selected-printer-tip", "चयनित प्रिंटर का उपयोग करें"),
+        ("auto-print-tip", "स्वचालित रूप से प्रिंट करें"),
+        ("print-incoming-job-confirm-tip", "प्रिंट कार्य स्वीकार करने से पहले पुष्टि करें"),
+        ("remote-printing-disallowed-tile-tip", "रिमोट प्रिंटिंग की अनुमति नहीं है"),
+        ("remote-printing-disallowed-text-tip", "कृपया सेटिंग्स में रिमोट प्रिंटिंग सक्षम करें।"),
+        ("save-settings-tip", "सेटिंग्स सुरक्षित करें"),
+        ("dont-show-again-tip", "दोबारा न दिखाएं"),
+        ("Take screenshot", "स्क्रीनशॉट लें"),
+        ("Taking screenshot", "स्क्रीनशॉट लिया जा रहा है"),
+        ("screenshot-merged-screen-not-supported-tip", "मर्ज की गई स्क्रीन के स्क्रीनशॉट समर्थित नहीं हैं।"),
+        ("screenshot-action-tip", "स्क्रीनशॉट लेने के बाद की कार्रवाई"),
+        ("Save as", "इस रूप में सहेजें"),
+        ("Copy to clipboard", "क्लिपबोर्ड पर कॉपी करें"),
+        ("Enable remote printer", "रिमोट प्रिंटर सक्षम करें"),
+        ("Downloading {}", "{} डाउनलोड हो रहा है"),
+        ("{} Update", "{} अपडेट"),
+        ("{}-to-update-tip", "अपडेट करने के लिए {}"),
+        ("download-new-version-failed-tip", "नया संस्करण डाउनलोड करने में विफल।"),
+        ("Auto update", "ऑटो अपडेट"),
+        ("update-failed-check-msi-tip", "अपडेट विफल, कृपया MSI फ़ाइल की जांच करें।"),
+        ("websocket_tip", "यदि पोर्ट ब्लॉक हैं, तो WebSocket का उपयोग करें।"),
+        ("Use WebSocket", "WebSocket का उपयोग करें"),
+        ("Trackpad speed", "ट्रैकपैड गति"),
+        ("Default trackpad speed", "डिफ़ॉल्ट ट्रैकपैड गति"),
+        ("Numeric one-time password", "संख्यात्मक वन-टाइम पासवर्ड"),
+        ("Enable IPv6 P2P connection", "IPv6 P2P कनेक्शन सक्षम करें"),
+        ("Enable UDP hole punching", "UDP होल पंचिंग सक्षम करें"),
+        ("View camera", "कैमरा देखें"),
+        ("Enable camera", "कैमरा सक्षम करें"),
+        ("No cameras", "कोई कैमरा नहीं मिला"),
+        ("view_camera_unsupported_tip", "रिमोट कैमरा समर्थित नहीं है।"),
+        ("Terminal", "टर्मिनल"),
+        ("Enable terminal", "टर्मिनल सक्षम करें"),
+        ("New tab", "नया टैब"),
+        ("Keep terminal sessions on disconnect", "डिस्कनेक्ट होने पर टर्मिनल सत्र चालू रखें"),
+        ("Terminal (Run as administrator)", "टर्मिनल (प्रशासक के रूप में चलाएं)"),
+        ("terminal-admin-login-tip", "प्रशासक लॉगिन आवश्यक है।"),
+        ("Failed to get user token.", "उपयोगकर्ता टोकन प्राप्त करने में विफल।"),
+        ("Incorrect username or password.", "गलत उपयोगकर्ता नाम या पासवर्ड।"),
+        ("The user is not an administrator.", "उपयोगकर्ता प्रशासक नहीं है।"),
+        ("Failed to check if the user is an administrator.", "जांचने में विफल कि क्या उपयोगकर्ता व्यवस्थापक है।"),
+        ("Supported only in the installed version.", "केवल इंस्टॉल किए गए संस्करण में समर्थित।"),
+        ("elevation_username_tip", "प्रशासक उपयोगकर्ता नाम दर्ज करें"),
+        ("Preparing for installation ...", "स्थापना की तैयारी..."),
+        ("Show my cursor", "मेरा कर्सर दिखाएं"),
+        ("Scale custom", "कस्टम पैमाना"),
+        ("Custom scale slider", "कस्टम स्केल स्लाइडर"),
+        ("Decrease", "घटाएं"),
+        ("Increase", "बढ़ाएं"),
+        ("Show virtual mouse", "वर्चुअल माउस दिखाएं"),
+        ("Virtual mouse size", "वर्चुअल माउस का आकार"),
+        ("Small", "छोटा"),
+        ("Large", "बड़ा"),
+        ("Show virtual joystick", "वर्चुअल जॉयस्टिक दिखाएं"),
+        ("Edit note", "नोट संपादित करें"),
+        ("Alias", "उपनाम (Alias)"),
+        ("ScrollEdge", "किनारे से स्क्रॉल"),
+        ("Allow insecure TLS fallback", "असुरक्षित TLS फ़ालबैक की अनुमति दें"),
+        ("allow-insecure-tls-fallback-tip", "पुराने सर्वर कनेक्शन के लिए उपयोग करें।"),
+        ("Disable UDP", "UDP अक्षम करें"),
+        ("disable-udp-tip", "कनेक्शन समस्याओं के लिए UDP बंद करें।"),
+        ("server-oss-not-support-tip", "OSS सर्वर इसका समर्थन नहीं करता।"),
+        ("input note here", "यहाँ नोट दर्ज करें"),
+        ("note-at-conn-end-tip", "कनेक्शन के अंत में नोट दिखाएं"),
+        ("Show terminal extra keys", "टर्मिनल की अतिरिक्त कुंजियाँ दिखाएं"),
+        ("Relative mouse mode", "सापेक्ष (Relative) माउस मोड"),
+        ("rel-mouse-not-supported-peer-tip", "रिमोट साइड पर समर्थित नहीं है।"),
+        ("rel-mouse-not-ready-tip", "तैयार नहीं है।"),
+        ("rel-mouse-lock-failed-tip", "माउस लॉक विफल।"),
+        ("rel-mouse-exit-{}-tip", "बाहर निकलने के लिए {} दबाएं"),
+        ("rel-mouse-permission-lost-tip", "अनुमति खो गई।"),
+        ("Changelog", "परिवर्तन सूची (Changelog)"),
+        ("keep-awake-during-outgoing-sessions-label", "आउटगोइंग सत्र के दौरान जागते रहें"),
+        ("keep-awake-during-incoming-sessions-label", "इनकमिंग सत्र के दौरान जागते रहें"),
+        ("Continue with {}", "{} के साथ जारी रखें"),
+        ("Display Name", "प्रदर्शित नाम"),
+        ("password-hidden-tip", "पासवर्ड सुरक्षा के लिए छिपा हुआ है।"),
+        ("preset-password-in-use-tip", "पूर्व-निर्धारित पासवर्ड उपयोग में है।"),
+    ].iter().cloned().collect();
+}

src/lang/hr.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", "Nastavi sa {}"),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/hu.rs

@@ -57,7 +57,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("ID Server", "ID-kiszolgáló"),
         ("Relay Server", "Továbbító-kiszolgáló"),
         ("API Server", "API-kiszolgáló"),
-        ("invalid_http", "A címnek mindenképpen http(s)://-el kell kezdődnie."),
+        ("invalid_http", "A címnek mindenképpen http(s)://-rel kell kezdődnie."),
         ("Invalid IP", "A megadott IP-cím érvénytelen"),
         ("Invalid format", "Érvénytelen formátum"),
         ("server_not_support", "A kiszolgáló nem támogatja"),
@@ -149,7 +149,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("Click to upgrade", "Kattintson ide a frissítés telepítéséhez"),
         ("Configure", "Beállítás"),
         ("config_acc", "A számítógép távoli vezérléséhez a RustDesknek hozzáférési jogokat kell adnia."),
-        ("config_screen", "Ahhoz, hogy távolról hozzáférhessen a számítógépéhez, meg kell adnia a RustDesknek a \"Képernyőfelvétel\" jogosultságot."),
+        ("config_screen", "Ahhoz, hogy távolról hozzáférhessen a számítógépéhez, meg kell adnia a RustDesknek a „Képernyőfelvétel” jogosultságot."),
         ("Installing ...", "Telepítés ..."),
         ("Install", "Telepítse"),
         ("Installation", "Telepítés"),
@@ -276,13 +276,13 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("Do you accept?", "Elfogadás?"),
         ("Open System Setting", "Rendszerbeállítások megnyitása"),
         ("How to get Android input permission?", "Hogyan állítható be az Androidos beviteli engedély?"),
-        ("android_input_permission_tip1", "Ahhoz, hogy egy távoli eszköz vezérelhesse Android készülékét, engedélyeznie kell a RustDesk számára a \"Hozzáférhetőség\" szolgáltatás használatát."),
-        ("android_input_permission_tip2", "A következő rendszerbeállítások oldalon a letöltött alkalmazások menüponton belül, kapcsolja be a [RustDesk Input] szolgáltatást."),
+        ("android_input_permission_tip1", "Ahhoz, hogy egy távoli eszköz vezérelhesse Android készülékét, engedélyeznie kell a RustDesk számára a „Hozzáférhetőség” szolgáltatás használatát."),
+        ("android_input_permission_tip2", "A következő rendszerbeállítások oldalon a letöltött alkalmazások menüponton belül, kapcsolja be a „RustDesk Input” szolgáltatást."),
         ("android_new_connection_tip", "Új kérés érkezett, mely vezérelni szeretné az eszközét"),
         ("android_service_will_start_tip", "A képernyőmegosztás aktiválása automatikusan elindítja a szolgáltatást, így más eszközök is vezérelhetik ezt az Android-eszközt."),
         ("android_stop_service_tip", "A szolgáltatás leállítása automatikusan szétkapcsol minden létező kapcsolatot."),
         ("android_version_audio_tip", "A jelenlegi Android verzió nem támogatja a hangrögzítést, frissítsen legalább Android 10-re, vagy egy újabb verzióra."),
-        ("android_start_service_tip", "A képernyőmegosztó szolgáltatás elindításához koppintson a \"Kapcsolási szolgáltatás indítása\" gombra, vagy aktiválja a \"Képernyőfelvétel\" engedélyt."),
+        ("android_start_service_tip", "A képernyőmegosztó szolgáltatás elindításához koppintson a „Kapcsolási szolgáltatás indítása” gombra, vagy aktiválja a „Képernyőfelvétel” engedélyt."),
         ("android_permission_may_not_change_tip", "A meglévő kapcsolatok engedélyei csak új kapcsolódás után módosulnak."),
         ("Account", "Fiók"),
         ("Overwrite", "Felülírás"),
@@ -408,15 +408,15 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("Select local keyboard type", "Helyi billentyűzet típusának kiválasztása"),
         ("software_render_tip", "Ha Nvidia grafikus kártyát használ Linux alatt, és a távoli ablak a kapcsolat létrehozása után azonnal bezáródik, akkor a Nouveau nyílt forráskódú illesztőprogramra való váltás és a szoftveres leképezés alkalmazása segíthet. A szoftvert újra kell indítani."),
         ("Always use software rendering", "Mindig szoftveres leképezést használjon"),
-        ("config_input", "Ahhoz, hogy a távoli asztalt a billentyűzettel vezérelhesse, a RustDesknek meg kell adnia a \"Bemenet figyelése\" jogosultságot."),
-        ("config_microphone", "Ahhoz, hogy távolról beszélhessen, meg kell adnia a RustDesknek a \"Hangfelvétel\" jogosultságot."),
+        ("config_input", "Ahhoz, hogy a távoli asztalt a billentyűzettel vezérelhesse, a RustDesknek meg kell adnia a „Bemenet figyelése” jogosultságot."),
+        ("config_microphone", "Ahhoz, hogy távolról beszélhessen, meg kell adnia a RustDesknek a „Hangfelvétel” jogosultságot."),
         ("request_elevation_tip", "Akkor is kérhet megnövelt jogokat, ha valaki a partneroldalon van."),
         ("Wait", "Várjon"),
         ("Elevation Error", "Emelt szintű hozzáférési hiba"),
         ("Ask the remote user for authentication", "Hitelesítés kérése a távoli felhasználótól"),
         ("Choose this if the remote account is administrator", "Akkor válassza ezt, ha a távoli fiók rendszergazda"),
         ("Transmit the username and password of administrator", "Küldje el a rendszergazda felhasználónevét és jelszavát"),
-        ("still_click_uac_tip", "A távoli felhasználónak továbbra is az \"Igen\" gombra kell kattintania a RustDesk UAC ablakában. Kattintson!"),
+        ("still_click_uac_tip", "A távoli felhasználónak továbbra is az „Igen” gombra kell kattintania a RustDesk UAC ablakában. Kattintson!"),
         ("Request Elevation", "Emelt szintű jogok igénylése"),
         ("wait_accept_uac_tip", "Várjon, amíg a távoli felhasználó elfogadja az UAC párbeszédet."),
         ("Elevate successfully", "Emelt szintű jogok megadva"),
@@ -442,7 +442,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("Voice call", "Hanghívás"),
         ("Text chat", "Szöveges csevegés"),
         ("Stop voice call", "Hanghívás leállítása"),
-        ("relay_hint_tip", "Ha a közvetlen kapcsolat nem lehetséges, megpróbálhat kapcsolatot létesíteni egy továbbító-kiszolgálón keresztül.\nHa az első próbálkozáskor továbbító-kiszolgálón keresztüli kapcsolatot szeretne létrehozni, használhatja az \"/r\" utótagot. Az azonosítóhoz vagy a \"Mindig továbbító-kiszolgálón keresztül kapcsolódom\" opcióhoz a legutóbbi munkamenetek listájában, ha van ilyen."),
+        ("relay_hint_tip", "Ha a közvetlen kapcsolat nem lehetséges, megpróbálhat kapcsolatot létesíteni egy továbbító-kiszolgálón keresztül.\nHa az első próbálkozáskor továbbító-kiszolgálón keresztüli kapcsolatot szeretne létrehozni, használhatja az „/r” utótagot. Az azonosítóhoz vagy a „Mindig továbbító-kiszolgálón keresztül kapcsolódom” opcióhoz a legutóbbi munkamenetek listájában, ha van ilyen."),
         ("Reconnect", "Újrakapcsolódás"),
         ("Codec", "Kodek"),
         ("Resolution", "Felbontás"),
@@ -559,7 +559,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("Plug out all", "Kapcsolja ki az összeset"),
         ("True color (4:4:4)", "Valódi szín (4:4:4)"),
         ("Enable blocking user input", "Engedélyezze a felhasználói bevitel blokkolását"),
-        ("id_input_tip", "Megadhat egy azonosítót, egy közvetlen IP-címet vagy egy tartományt egy porttal (<domain>:<port>).\nHa egy másik kiszolgálón lévő eszközhöz szeretne hozzáférni, adja meg a kiszolgáló címét (<id>@<kiszolgáló_cím>?key=<key_value>), például\n9123456234@192.168.16.1:21117?key=5Qbwsde3unUcJBtrx9ZkvUmwFNoExHzpryHuPUdqlWM=.\nHa egy nyilvános kiszolgálón lévő eszközhöz szeretne hozzáférni, adja meg a \"<id>@public\" lehetőséget. A kulcsra nincs szükség nyilvános kiszolgálók esetén.\n\nHa az első kapcsolathoz továbbító-kiszolgálón keresztüli kapcsolatot akar kényszeríteni, adja hozzá az \"/r\" az azonosítót a végén, például \"9123456234/r\"."),
+        ("id_input_tip", "Megadhat egy azonosítót, egy közvetlen IP-címet vagy egy tartományt egy porttal (<domain>:<port>).\nHa egy másik kiszolgálón lévő eszközhöz szeretne hozzáférni, adja meg a kiszolgáló címét (<id>@<kiszolgáló_cím>?key=<key_value>), például\n9123456234@192.168.16.1:21117?key=5Qbwsde3unUcJBtrx9ZkvUmwFNoExHzpryHuPUdqlWM=.\nHa egy nyilvános kiszolgálón lévő eszközhöz szeretne hozzáférni, adja meg a „<id>@public” lehetőséget. A kulcsra nincs szükség nyilvános kiszolgálók esetén.\n\nHa az első kapcsolathoz továbbító-kiszolgálón keresztüli kapcsolatot akar kényszeríteni, adja hozzá az „/r” az azonosítót a végén, például „9123456234/r”."),
         ("privacy_mode_impl_mag_tip", "1. mód"),
         ("privacy_mode_impl_virtual_display_tip", "2. mód"),
         ("Enter privacy mode", "Lépjen be az adatvédelmi módba"),
@@ -622,7 +622,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("Power", "Főkapcsoló"),
         ("Telegram bot", "Telegram bot"),
         ("enable-bot-tip", "Ha aktiválja ezt a funkciót, akkor a 2FA-kódot a botjától kaphatja meg. Kapcsolati értesítésként is használható."),
-        ("enable-bot-desc", "1. Nyisson csevegést @BotFather.\n2. Küldje el a \"/newbot\" parancsot. Miután ezt a lépést elvégezte, kap egy tokent.\n3. Indítson csevegést az újonnan létrehozott botjával. Küldjön egy olyan üzenetet, amely egy perjel (\"/\") kezdetű, pl. \"/hello\" az aktiváláshoz.\n"),
+        ("enable-bot-desc", "1. Nyisson csevegést @BotFather.\n2. Küldje el a „/newbot” parancsot. Miután ezt a lépést elvégezte, kap egy tokent.\n3. Indítson csevegést az újonnan létrehozott botjával. Küldjön egy olyan üzenetet, amely egy perjel („/”) kezdetű, pl. „/hello” az aktiváláshoz.\n"),
         ("cancel-2fa-confirm-tip", "Biztosan vissza akarja vonni a 2FA-hitelesítést?"),
         ("cancel-bot-confirm-tip", "Biztosan le akarja mondani a Telegram botot?"),
         ("About RustDesk", "A RustDesk névjegye"),
@@ -643,7 +643,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("one-way-file-transfer-tip", "Az egyirányú fájlátvitel engedélyezve van a vezérelt oldalon."),
         ("Authentication Required", "Hitelesítés szükséges"),
         ("Authenticate", "Hitelesítés"),
-        ("web_id_input_tip", "Azonos kiszolgálón lévő azonosítót adhat meg, a közvetlen IP elérés nem támogatott a webkliensben.\nHa egy másik kiszolgálón lévő eszközhöz szeretne hozzáférni, adja meg a kiszolgáló címét (<id>@<kiszolgáló_cím>?key=<key_value>), például\n9123456234@192.168.16.1:21117?key=5Qbwsde3unUcJBtrx9ZkvUmwFNoExHzpryHuPUdqlWM=.\nHa egy nyilvános kiszolgálón lévő eszközhöz szeretne hozzáférni, adja meg a \"<id>@public\" betűt. A kulcsra nincs szükség a nyilvános kiszolgálók esetében."),
+        ("web_id_input_tip", "Azonos kiszolgálón lévő azonosítót adhat meg, a közvetlen IP elérés nem támogatott a webkliensben.\nHa egy másik kiszolgálón lévő eszközhöz szeretne hozzáférni, adja meg a kiszolgáló címét (<id>@<kiszolgáló_cím>?key=<key_value>), például\n9123456234@192.168.16.1:21117?key=5Qbwsde3unUcJBtrx9ZkvUmwFNoExHzpryHuPUdqlWM=.\nHa egy nyilvános kiszolgálón lévő eszközhöz szeretne hozzáférni, adja meg az „<id>@public” kulcsot. A kulcsra nincs szükség a nyilvános kiszolgálók esetében."),
         ("Download", "Letöltés"),
         ("Upload folder", "Mappa feltöltése"),
         ("Upload files", "Fájlok feltöltése"),
@@ -682,9 +682,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("Downloading {}", "{} letöltése"),
         ("{} Update", "{} frissítés"),
         ("{}-to-update-tip", "{} bezárása és az új verzió telepítése."),
-        ("download-new-version-failed-tip", "Ha a letöltés sikertelen, akkor vagy újrapróbálkozhat, vagy a \"Letöltés\" gombra kattintva letöltheti a kiadási oldalról, és manuálisan frissíthet."),
+        ("download-new-version-failed-tip", "Ha a letöltés sikertelen, akkor vagy újrapróbálkozhat, vagy a „Letöltés” gombra kattintva letöltheti a kiadási oldalról, és manuálisan frissíthet."),
         ("Auto update", "Automatikus frissítés"),
-        ("update-failed-check-msi-tip", "A telepítési módszer felismerése nem sikerült. Kattintson a \"Letöltés\" gombra, hogy letöltse a kiadási oldalról, és manuálisan frissítse."),
+        ("update-failed-check-msi-tip", "A telepítési módszer felismerése nem sikerült. Kattintson a „Letöltés” gombra, hogy letöltse a kiadási oldalról, és manuálisan frissítse."),
         ("websocket_tip", "WebSocket használatakor csak a relé-kapcsolatok támogatottak."),
         ("Use WebSocket", "WebSocket használata"),
         ("Trackpad speed", "Érintőpad sebessége"),
@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", "Képernyő aktív állapotban tartása a bejövő munkamenetek során"),
         ("Continue with {}", "Folytatás ezzel: {}"),
         ("Display Name", "Kijelző név"),
+        ("password-hidden-tip", "Állandó jelszó lett beállítva (rejtett)."),
+        ("preset-password-in-use-tip", "Jelenleg az alapértelmezett jelszót használja."),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/id.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", "Lanjutkan dengan {}"),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/it.rs

@@ -379,7 +379,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("Screen Share", "Condivisione schermo"),
         ("ubuntu-21-04-required", "Wayland richiede Ubuntu 21.04 o versione successiva."),
         ("wayland-requires-higher-linux-version", "Wayland richiede una versione superiore della distribuzione Linux.\nProva X11 desktop o cambia il sistema operativo."),
-        ("xdp-portal-unavailable", ""),
+        ("xdp-portal-unavailable", "Acquisizione dello schermo di Wayland non riuscita. Il portale desktop XDG potrebbe essersi bloccato o non essere disponibile. Prova a riavviarlo con `systemctl --user restart xdg-desktop-portal`."),
         ("JumpLink", "Vai a"),
         ("Please Select the screen to be shared(Operate on the peer side).", "Seleziona lo schermo da condividere (opera sul lato dispositivo remoto)."),
         ("Show RustDesk", "Visualizza RustDesk"),
@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", "Mantieni lo schermo attivo durante le sessioni in ingresso"),
         ("Continue with {}", "Continua con {}"),
         ("Display Name", "Visualizza nome"),
+        ("password-hidden-tip", "È impostata una password permanente (nascosta)."),
+        ("preset-password-in-use-tip", "È attualmente in uso la password preimpostata."),
+        ("Enable privacy mode", "Abilita modalità privacy"),
     ].iter().cloned().collect();
 }

src/lang/ja.rs

@@ -661,9 +661,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("printer-{}-not-installed-tip", "{} のプリンターがインストールされていません。"),
         ("printer-{}-ready-tip", "{} のプリンターがインストールされ、使用可能になっています。"),
         ("Install {} Printer", " {} のプリンターをインストール"),
-        ("Outgoing Print Jobs", "送信印刷ジョブ"),
-        ("Incoming Print Jobs", "受信印刷ジョブ"),
-        ("Incoming Print Job", "受信印刷ジョブ"),
+        ("Outgoing Print Jobs", "印刷ジョブの送信"),
+        ("Incoming Print Jobs", "印刷ジョブの受信"),
+        ("Incoming Print Job", "印刷ジョブの受信"),
         ("use-the-default-printer-tip", "既定のプリンターを使用する"),
         ("use-the-selected-printer-tip", "選択したプリンターを使用する"),
         ("auto-print-tip", "選択したプリンターを使用して自動的に印刷する"),
@@ -710,7 +710,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("elevation_username_tip", "ユーザー名またはドメインのユーザー名を入力してください。"),
         ("Preparing for installation ...", "インストールの準備中です..."),
         ("Show my cursor", "自分のカーソルを表示する"),
-        ("Scale custom", "カスタムスケーリング"),
+        ("Scale custom", "カスタムスケール"),
         ("Custom scale slider", "カスタムスケールのスライダー"),
         ("Decrease", "縮小"),
         ("Increase", "拡大"),
@@ -730,16 +730,19 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("input note here", "ここにメモを入力"),
         ("note-at-conn-end-tip", "接続終了時にメモを要求する"),
         ("Show terminal extra keys", "ターミナルの追加キーを表示する"),
-        ("Relative mouse mode", ""),
-        ("rel-mouse-not-supported-peer-tip", ""),
-        ("rel-mouse-not-ready-tip", ""),
-        ("rel-mouse-lock-failed-tip", ""),
-        ("rel-mouse-exit-{}-tip", ""),
-        ("rel-mouse-permission-lost-tip", ""),
-        ("Changelog", ""),
-        ("keep-awake-during-outgoing-sessions-label", ""),
-        ("keep-awake-during-incoming-sessions-label", ""),
-        ("Continue with {}", "{} で続行"),
-        ("Display Name", ""),
+        ("Relative mouse mode", "相対マウスモード"),
+        ("rel-mouse-not-supported-peer-tip", "接続先のデバイスは相対マウスモードに対応していません。"),
+        ("rel-mouse-not-ready-tip", "相対マウスモードはまだ準備できていません。再度お試しください。"),
+        ("rel-mouse-lock-failed-tip", "カーソルをロックできませんでした。相対マウスモードは無効化されています。"),
+        ("rel-mouse-exit-{}-tip", "「{}」を押して終了します。"),
+        ("rel-mouse-permission-lost-tip", "キーボード操作の権限が取り消されました。相対マウスモードは無効化されています。"),
+        ("Changelog", "更新履歴"),
+        ("keep-awake-during-outgoing-sessions-label", "送信セッション中は、画面のスリープを無効化する"),
+        ("keep-awake-during-incoming-sessions-label", "受信セッション中は、画面のスリープを無効化する"),
+        ("Continue with {}", "{} で続行する"),
+        ("Display Name", "表示名"),
+        ("password-hidden-tip", "永続的なパスワードが設定されています (非表示)"),
+        ("preset-password-in-use-tip", "プリセットパスワードが現在使用されています"),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/ko.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", "수신 세션 중 화면 켜짐 유지"),
         ("Continue with {}", "{}(으)로 계속"),
         ("Display Name", "표시 이름"),
+        ("password-hidden-tip", "영구 비밀번호가 설정되었습니다 (숨김)."),
+        ("preset-password-in-use-tip", "현재 사전 설정된 비밀번호가 사용 중입니다."),
+        ("Enable privacy mode", "개인정보 보호 모드 사용함"),
     ].iter().cloned().collect();
 }

src/lang/kz.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", ""),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/lt.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", "Tęsti su {}"),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/lv.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", "Turpināt ar {}"),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/ml.rs

@@ -0,0 +1,746 @@
+lazy_static::lazy_static! {
+pub static ref T: std::collections::HashMap<&'static str, &'static str> =
+    [
+        ("Status", "നില"),
+        ("Your Desktop", "നിങ്ങളുടെ ഡെസ്ക്ടോപ്പ്"),
+        ("desk_tip", "ഈ ഐഡിയും പാസ്‌വേഡും ഉപയോഗിച്ച് നിങ്ങളുടെ ഡെസ്ക്ടോപ്പ് ആക്‌സസ് ചെയ്യാം."),
+        ("Password", "പാസ്‌വേഡ്"),
+        ("Ready", "തയ്യാറാണ്"),
+        ("Established", "ബന്ധം സ്ഥാപിച്ചു"),
+        ("connecting_status", "നെറ്റ്‌വർക്കുമായി ബന്ധിപ്പിക്കുന്നു..."),
+        ("Enable service", "സർവീസ് പ്രവർത്തനക്ഷമമാക്കുക"),
+        ("Start service", "സർവീസ് തുടങ്ങുക"),
+        ("Service is running", "സർവീസ് പ്രവർത്തിക്കുന്നു"),
+        ("Service is not running", "സർവീസ് പ്രവർത്തിക്കുന്നില്ല"),
+        ("not_ready_status", "തയ്യാറായിട്ടില്ല. ദയവായി നിങ്ങളുടെ കണക്ഷൻ പരിശോധിക്കുക"),
+        ("Control Remote Desktop", "റിമോട്ട് ഡെസ്ക്ടോപ്പ് നിയന്ത്രിക്കുക"),
+        ("Transfer file", "ഫയൽ കൈമാറുക"),
+        ("Connect", "കണക്ട് ചെയ്യുക"),
+        ("Recent sessions", "സമീപകാല സെഷനുകൾ"),
+        ("Address book", "അഡ്രസ് ബുക്ക്"),
+        ("Confirmation", "സ്ഥിരീകരണം"),
+        ("TCP tunneling", "TCP ടണലിംഗ്"),
+        ("Remove", "നീക്കം ചെയ്യുക"),
+        ("Refresh random password", "പുതിയ പാസ്‌വേഡ് ജനറേറ്റ് ചെയ്യുക"),
+        ("Set your own password", "സ്വന്തം പാസ്‌വേഡ് സെറ്റ് ചെയ്യുക"),
+        ("Enable keyboard/mouse", "കീബോർഡ്/മൗസ് അനുവദിക്കുക"),
+        ("Enable clipboard", "ക്ലിപ്പ്ബോർഡ് അനുവദിക്കുക"),
+        ("Enable file transfer", "ഫയൽ കൈമാറ്റം അനുവദിക്കുക"),
+        ("Enable TCP tunneling", "TCP ടണലിംഗ് അനുവദിക്കുക"),
+        ("IP Whitelisting", "IP വൈറ്റ്‌ലിസ്റ്റിംഗ്"),
+        ("ID/Relay Server", "ID/റിലേ സെർവർ"),
+        ("Import server config", "സെർവർ കോൺഫിഗറേഷൻ ഇമ്പോർട്ട് ചെയ്യുക"),
+        ("Export Server Config", "സെർവർ കോൺഫിഗറേഷൻ എക്‌സ്‌പോർട്ട് ചെയ്യുക"),
+        ("Import server configuration successfully", "സെർവർ കോൺഫിഗറേഷൻ വിജയകരമായി ഇമ്പോർട്ട് ചെയ്തു"),
+        ("Export server configuration successfully", "സെർവർ കോൺഫിഗറേഷൻ വിജയകരമായി എക്‌സ്‌പോർട്ട് ചെയ്തു"),
+        ("Invalid server configuration", "അസാധുവായ സെർവർ കോൺഫിഗറേഷൻ"),
+        ("Clipboard is empty", "ക്ലിപ്പ്ബോർഡ് ശൂന്യമാണ്"),
+        ("Stop service", "സർവീസ് നിർത്തുക"),
+        ("Change ID", "ഐഡി മാറ്റുക"),
+        ("Your new ID", "നിങ്ങളുടെ പുതിയ ഐഡി"),
+        ("length %min% to %max%", "നീളം %min% മുതൽ %max% വരെ"),
+        ("starts with a letter", "അക്ഷരത്തിൽ തുടങ്ങണം"),
+        ("allowed characters", "അനുവദനീയമായ അക്ഷരങ്ങൾ"),
+        ("id_change_tip", "ഐഡി മാറ്റിയാൽ നിലവിലുള്ള കണക്ഷൻ വിച്ഛേദിക്കപ്പെടും."),
+        ("Website", "വെബ്സൈറ്റ്"),
+        ("About", "വിവരങ്ങൾ"),
+        ("Slogan_tip", "മികച്ച അനുഭവത്തിനായി നിർമ്മിച്ച റിമോട്ട് ഡെസ്ക്ടോപ്പ് സോഫ്റ്റ്‌വെയർ"),
+        ("Privacy Statement", "സ്വകാര്യതാ പ്രസ്താവന"),
+        ("Mute", "നിശബ്ദമാക്കുക"),
+        ("Build Date", "നിർമ്മാണ തീയതി"),
+        ("Version", "പതിപ്പ്"),
+        ("Home", "ഹോം"),
+        ("Audio Input", "ഓഡിയോ ഇൻപുട്ട്"),
+        ("Enhancements", "മെച്ചപ്പെടുത്തലുകൾ"),
+        ("Hardware Codec", "ഹാർഡ്‌വെയർ കോഡെക്"),
+        ("Adaptive bitrate", "അഡാപ്റ്റീവ് ബിറ്റ്റേറ്റ്"),
+        ("ID Server", "ID സെർവർ"),
+        ("Relay Server", "റിലേ സെർവർ"),
+        ("API Server", "API സെർവർ"),
+        ("invalid_http", "അസാധുവായ HTTP ലിങ്ക്"),
+        ("Invalid IP", "അസാധുവായ IP"),
+        ("Invalid format", "അസാധുവായ ഫോർമാറ്റ്"),
+        ("server_not_support", "സെർവർ പിന്തുണയ്ക്കുന്നില്ല"),
+        ("Not available", "ലഭ്യമല്ല"),
+        ("Too frequent", "അമിതമായ തവണകൾ"),
+        ("Cancel", "റദ്ദാക്കുക"),
+        ("Skip", "ഒഴിവാക്കുക"),
+        ("Close", "അടയ്ക്കുക"),
+        ("Retry", "വീണ്ടും ശ്രമിക്കുക"),
+        ("OK", "ശരി"),
+        ("Password Required", "പാസ്‌വേഡ് ആവശ്യമാണ്"),
+        ("Please enter your password", "ദയവായി നിങ്ങളുടെ പാസ്‌വേഡ് നൽകുക"),
+        ("Remember password", "പാസ്‌വേഡ് ഓർമ്മിക്കുക"),
+        ("Wrong Password", "തെറ്റായ പാസ്‌വേഡ്"),
+        ("Do you want to enter again?", "നിങ്ങൾക്ക് വീണ്ടും ശ്രമിക്കണോ?"),
+        ("Connection Error", "കണക്ഷൻ പിശക്"),
+        ("Error", "പിശക്"),
+        ("Reset by the peer", "മറുഭാഗത്തുനിന്ന് റീസെറ്റ് ചെയ്തു"),
+        ("Connecting...", "ബന്ധിപ്പിക്കുന്നു..."),
+        ("Connection in progress. Please wait.", "കണക്ഷൻ നടക്കുന്നു. ദയവായി കാത്തിരിക്കുക."),
+        ("Please try 1 minute later", "ദയവായി ഒരു മിനിറ്റിന് ശേഷം ശ്രമിക്കുക"),
+        ("Login Error", "ലോഗിൻ പിശക്"),
+        ("Successful", "വിജയിച്ചു"),
+        ("Connected, waiting for image...", "ബന്ധിപ്പിച്ചു, ചിത്രത്തിനായി കാത്തിരിക്കുന്നു..."),
+        ("Name", "പേര്"),
+        ("Type", "തരം"),
+        ("Modified", "മാറ്റം വരുത്തിയത്"),
+        ("Size", "വലിപ്പം"),
+        ("Show Hidden Files", "മറഞ്ഞിരിക്കുന്ന ഫയലുകൾ കാണിക്കുക"),
+        ("Receive", "സ്വീകരിക്കുക"),
+        ("Send", "അയക്കുക"),
+        ("Refresh File", "ഫയൽ പുതുക്കുക"),
+        ("Local", "ലോക്കൽ"),
+        ("Remote", "റിമോട്ട്"),
+        ("Remote Computer", "റിമോട്ട് കമ്പ്യൂട്ടർ"),
+        ("Local Computer", "ലോക്കൽ കമ്പ്യൂട്ടർ"),
+        ("Confirm Delete", "ഡിലീറ്റ് ചെയ്യുന്നത് സ്ഥിരീകരിക്കുക"),
+        ("Delete", "ഡിലീറ്റ് ചെയ്യുക"),
+        ("Properties", "പ്രോപ്പർട്ടീസ്"),
+        ("Multi Select", "ഒന്നിലധികം തിരഞ്ഞെടുക്കുക"),
+        ("Select All", "എല്ലാം തിരഞ്ഞെടുക്കുക"),
+        ("Unselect All", "തിരഞ്ഞെടുത്തവ ഒഴിവാക്കുക"),
+        ("Empty Directory", "ശൂന്യമായ ഡയറക്ടറി"),
+        ("Not an empty directory", "ഡയറക്ടറി ശൂന്യമല്ല"),
+        ("Are you sure you want to delete this file?", "ഈ ഫയൽ ഡിലീറ്റ് ചെയ്യണമെന്ന് നിങ്ങൾക്ക് ഉറപ്പാണോ?"),
+        ("Are you sure you want to delete this empty directory?", "ഈ ശൂന്യമായ ഡയറക്ടറി ഡിലീറ്റ് ചെയ്യണമെന്ന് നിങ്ങൾക്ക് ഉറപ്പാണോ?"),
+        ("Are you sure you want to delete the file of this directory?", "ഈ ഡയറക്ടറിയിലെ ഫയലുകൾ ഡിലീറ്റ് ചെയ്യണമെന്ന് നിങ്ങൾക്ക് ഉറപ്പാണോ?"),
+        ("Do this for all conflicts", "എല്ലാ വൈരുദ്ധ്യങ്ങൾക്കും ഇതുതന്നെ ചെയ്യുക"),
+        ("This is irreversible!", "ഇത് പഴയപടിയാക്കാൻ കഴിയില്ല!"),
+        ("Deleting", "ഡിലീറ്റ് ചെയ്യുന്നു"),
+        ("files", "ഫയലുകൾ"),
+        ("Waiting", "കാത്തിരിക്കുന്നു"),
+        ("Finished", "പൂർത്തിയായി"),
+        ("Speed", "വേഗത"),
+        ("Custom Image Quality", "ഇമേജ് ക്വാളിറ്റി മാറ്റുക"),
+        ("Privacy mode", "സ്വകാര്യ മോഡ്"),
+        ("Block user input", "യൂസർ ഇൻപുട്ട് തടയുക"),
+        ("Unblock user input", "യൂസർ ഇൻപുട്ട് അനുവദിക്കുക"),
+        ("Adjust Window", "വിൻഡോ ക്രമീകരിക്കുക"),
+        ("Original", "ഒറിജിനൽ"),
+        ("Shrink", "ചുരുക്കുക"),
+        ("Stretch", "വലിപ്പിക്കുക"),
+        ("Scrollbar", "സ്ക്രോൾബാർ"),
+        ("ScrollAuto", "ഓട്ടോ സ്ക്രോൾ"),
+        ("Good image quality", "നല്ല ക്വാളിറ്റി"),
+        ("Balanced", "സന്തുലിതം"),
+        ("Optimize reaction time", "പ്രതികരണ സമയം മെച്ചപ്പെടുത്തുക"),
+        ("Custom", "കസ്റ്റം"),
+        ("Show remote cursor", "റിമോട്ട് കർസർ കാണിക്കുക"),
+        ("Show quality monitor", "ക്വാളിറ്റി മോണിറ്റർ കാണിക്കുക"),
+        ("Disable clipboard", "ക്ലിപ്പ്ബോർഡ് ഒഴിവാക്കുക"),
+        ("Lock after session end", "സെഷൻ കഴിഞ്ഞാൽ ലോക്ക് ചെയ്യുക"),
+        ("Insert Ctrl + Alt + Del", "Ctrl + Alt + Del നൽകുക"),
+        ("Insert Lock", "ലോക്ക് ചെയ്യുക"),
+        ("Refresh", "പുതുക്കുക"),
+        ("ID does not exist", "ഐഡി നിലവിലില്ല"),
+        ("Failed to connect to rendezvous server", "സെർവറുമായി ബന്ധിപ്പിക്കുന്നതിൽ പരാജയപ്പെട്ടു"),
+        ("Please try later", "ദയവായി പിന്നീട് ശ്രമിക്കുക"),
+        ("Remote desktop is offline", "റിമോട്ട് ഡെസ്ക്ടോപ്പ് ഓഫ്‌ലൈനാണ്"),
+        ("Key mismatch", "കീ പൊരുത്തക്കേട്"),
+        ("Timeout", "സമയം കഴിഞ്ഞു"),
+        ("Failed to connect to relay server", "റിലേ സെർവറുമായി ബന്ധിപ്പിക്കുന്നതിൽ പരാജയപ്പെട്ടു"),
+        ("Failed to connect via rendezvous server", "സെർവർ വഴി ബന്ധിപ്പിക്കുന്നതിൽ പരാജയപ്പെട്ടു"),
+        ("Failed to connect via relay server", "റിലേ സെർവർ വഴി ബന്ധിപ്പിക്കുന്നതിൽ പരാജയപ്പെട്ടു"),
+        ("Failed to make direct connection to remote desktop", "നേരിട്ട് ബന്ധിപ്പിക്കുന്നതിൽ പരാജയപ്പെട്ടു"),
+        ("Set Password", "പാസ്‌വേഡ് നൽകുക"),
+        ("OS Password", "OS പാസ്‌വേഡ്"),
+        ("install_tip", "മികച്ച പ്രകടനത്തിനായി ഇൻസ്റ്റാൾ ചെയ്യുക."),
+        ("Click to upgrade", "അപ്‌ഗ്രേഡ് ചെയ്യാൻ ക്ലിക്ക് ചെയ്യുക"),
+        ("Configure", "ക്രമീകരിക്കുക"),
+        ("config_acc", "അക്‌സസിബിലിറ്റി ക്രമീകരിക്കുക"),
+        ("config_screen", "സ്ക്രീൻ ക്രമീകരിക്കുക"),
+        ("Installing ...", "ഇൻസ്റ്റാൾ ചെയ്യുന്നു..."),
+        ("Install", "ഇൻസ്റ്റാൾ ചെയ്യുക"),
+        ("Installation", "ഇൻസ്റ്റാളേഷൻ"),
+        ("Installation Path", "ഇൻസ്റ്റാളേഷൻ പാത്ത്"),
+        ("Create start menu shortcuts", "സ്റ്റാർട്ട് മെനുവിൽ ഷോർട്ട്കട്ട് ഉണ്ടാക്കുക"),
+        ("Create desktop icon", "ഡെസ്ക്ടോപ്പ് ഐക്കൺ ഉണ്ടാക്കുക"),
+        ("agreement_tip", "ഇൻസ്റ്റാൾ ചെയ്യുന്നതിലൂടെ നിങ്ങൾ കരാറുകൾ അംഗീകരിക്കുന്നു."),
+        ("Accept and Install", "അംഗീകരിച്ച് ഇൻസ്റ്റാൾ ചെയ്യുക"),
+        ("End-user license agreement", "ലൈസൻസ് കരാർ"),
+        ("Generating ...", "ഉണ്ടാക്കുന്നു..."),
+        ("Your installation is lower version.", "നിങ്ങളുടെ ഇൻസ്റ്റാളേഷൻ പഴയ പതിപ്പാണ്."),
+        ("not_close_tcp_tip", "ടണൽ ഉപയോഗിക്കുമ്പോൾ ഈ വിൻഡോ അടയ്ക്കരുത്."),
+        ("Listening ...", "ശ്രദ്ധിക്കുന്നു..."),
+        ("Remote Host", "റിമോട്ട് ഹോസ്റ്റ്"),
+        ("Remote Port", "റിമോട്ട് പോർട്ട്"),
+        ("Action", "നടപടി"),
+        ("Add", "ചേർക്കുക"),
+        ("Local Port", "ലോക്കൽ പോർട്ട്"),
+        ("Local Address", "ലോക്കൽ അഡ്രസ്"),
+        ("Change Local Port", "ലോക്കൽ പോർട്ട് മാറ്റുക"),
+        ("setup_server_tip", "വേഗതയുള്ള കണക്ഷനായി സ്വന്തം സെർവർ സജ്ജമാക്കുക"),
+        ("Too short, at least 6 characters.", "വളരെ ചെറുതാണ്, കുറഞ്ഞത് 6 അക്ഷരങ്ങൾ വേണം."),
+        ("The confirmation is not identical.", "സ്ഥിരീകരണം ഒരേപോലെയല്ല."),
+        ("Permissions", "അനുമതികൾ"),
+        ("Accept", "സ്വീകരിക്കുക"),
+        ("Dismiss", "നിരസിക്കുക"),
+        ("Disconnect", "വിച്ഛേദിക്കുക"),
+        ("Enable file copy and paste", "ഫയൽ കോപ്പി-പേസ്റ്റ് അനുവദിക്കുക"),
+        ("Connected", "ബന്ധിപ്പിച്ചു"),
+        ("Direct and encrypted connection", "നേരിട്ടുള്ളതും എൻക്രിപ്റ്റ് ചെയ്തതുമായ കണക്ഷൻ"),
+        ("Relayed and encrypted connection", "റിലേ വഴിയുള്ള എൻക്രിപ്റ്റ് ചെയ്ത കണക്ഷൻ"),
+        ("Direct and unencrypted connection", "നേരിട്ടുള്ളതും എൻക്രിപ്റ്റ് ചെയ്യാത്തതുമായ കണക്ഷൻ"),
+        ("Relayed and unencrypted connection", "റിലേ വഴിയുള്ള എൻക്രിപ്റ്റ് ചെയ്യാത്ത കണക്ഷൻ"),
+        ("Enter Remote ID", "റിമോട്ട് ഐഡി നൽകുക"),
+        ("Enter your password", "നിങ്ങളുടെ പാസ്‌വേഡ് നൽകുക"),
+        ("Logging in...", "ലോഗിൻ ചെയ്യുന്നു..."),
+        ("Enable RDP session sharing", "RDP സെഷൻ പങ്കിടൽ അനുവദിക്കുക"),
+        ("Auto Login", "ഓട്ടോ ലോഗിൻ"),
+        ("Enable direct IP access", "നേരിട്ടുള്ള IP ആക്‌സസ് അനുവദിക്കുക"),
+        ("Rename", "പേര് മാറ്റുക"),
+        ("Space", "സ്പേസ്"),
+        ("Create desktop shortcut", "ഡെസ്ക്ടോപ്പ് ഷോർട്ട്കട്ട് ഉണ്ടാക്കുക"),
+        ("Change Path", "പാത്ത് മാറ്റുക"),
+        ("Create Folder", "ഫോൾഡർ ഉണ്ടാക്കുക"),
+        ("Please enter the folder name", "ദയവായി ഫോൾഡറിന്റെ പേര് നൽകുക"),
+        ("Fix it", "പരിഹരിക്കുക"),
+        ("Warning", "മുന്നറിയിപ്പ്"),
+        ("Login screen using Wayland is not supported", "Wayland വഴിയുള്ള ലോഗിൻ സപ്പോർട്ട് ചെയ്യുന്നില്ല"),
+        ("Reboot required", "റീബൂട്ട് ആവശ്യമാണ്"),
+        ("Unsupported display server", "പിന്തുണയ്ക്കാത്ത ഡിസ്‌പ്ലേ സെർവർ"),
+        ("x11 expected", "x11 ആവശ്യമാണ്"),
+        ("Port", "പോർട്ട്"),
+        ("Settings", "ക്രമീകരണങ്ങൾ"),
+        ("Username", "യൂസർ നെയിം"),
+        ("Invalid port", "അസാധുവായ പോർട്ട്"),
+        ("Closed manually by the peer", "മറുഭാഗത്തുനിന്നും മാനുവലായി അടച്ചു"),
+        ("Enable remote configuration modification", "റിമോട്ട് കോൺഫിഗറേഷൻ മാറ്റങ്ങൾ അനുവദിക്കുക"),
+        ("Run without install", "ഇൻസ്റ്റാൾ ചെയ്യാതെ പ്രവർത്തിപ്പിക്കുക"),
+        ("Connect via relay", "റിലേ വഴി കണക്ട് ചെയ്യുക"),
+        ("Always connect via relay", "എപ്പോഴും റിലേ വഴി കണക്ട് ചെയ്യുക"),
+        ("whitelist_tip", "വൈറ്റ്‌ലിസ്റ്റ് ചെയ്ത ഐപികൾക്ക് മാത്രമേ എന്നെ ആക്‌സസ് ചെയ്യാൻ കഴിയൂ"),
+        ("Login", "ലോഗിൻ"),
+        ("Verify", "പരിശോധിക്കുക"),
+        ("Remember me", "എന്നെ ഓർമ്മിക്കുക"),
+        ("Trust this device", "ഈ ഉപകരണം വിശ്വസിക്കുക"),
+        ("Verification code", "വെരിഫിക്കേഷൻ കോഡ്"),
+        ("verification_tip", "വെരിഫിക്കേഷൻ കോഡ് നിങ്ങളുടെ ഇമെയിലിലേക്ക് അയച്ചു"),
+        ("Logout", "ലോഗൗട്ട്"),
+        ("Tags", "ടാഗുകൾ"),
+        ("Search ID", "ഐഡി തിരയുക"),
+        ("whitelist_sep", "കോമ, സെമി കോളൻ അല്ലെങ്കിൽ സ്പേസ് ഉപയോഗിച്ച് തിരിക്കുക"),
+        ("Add ID", "ഐഡി ചേർക്കുക"),
+        ("Add Tag", "ടാഗ് ചേർക്കുക"),
+        ("Unselect all tags", "എല്ലാ ടാഗുകളും ഒഴിവാക്കുക"),
+        ("Network error", "നെറ്റ്‌വർക്ക് പിശക്"),
+        ("Username missed", "യൂസർ നെയിം നൽകിയില്ല"),
+        ("Password missed", "പാസ്‌വേഡ് നൽകിയില്ല"),
+        ("Wrong credentials", "തെറ്റായ വിവരങ്ങൾ"),
+        ("The verification code is incorrect or has expired", "കോഡ് തെറ്റാണ് അല്ലെങ്കിൽ കാലാവധി കഴിഞ്ഞു"),
+        ("Edit Tag", "ടാഗ് മാറ്റുക"),
+        ("Forget Password", "പാസ്‌വേഡ് മറന്നു"),
+        ("Favorites", "പ്രിയപ്പെട്ടവ"),
+        ("Add to Favorites", "പ്രിയപ്പെട്ടവയിലേക്ക് ചേർക്കുക"),
+        ("Remove from Favorites", "പ്രിയപ്പെട്ടവയിൽ നിന്ന് നീക്കം ചെയ്യുക"),
+        ("Empty", "ശൂന്യം"),
+        ("Invalid folder name", "അസാധുവായ ഫോൾഡർ പേര്"),
+        ("Socks5 Proxy", "Socks5 പ്രോക്സി"),
+        ("Socks5/Http(s) Proxy", "Socks5/Http(s) പ്രോക്സി"),
+        ("Discovered", "കണ്ടെത്തിയവ"),
+        ("install_daemon_tip", "കമ്പ്യൂട്ടർ തുടങ്ങുമ്പോൾ തന്നെ പ്രവർത്തിക്കാൻ സർവീസ് ഇൻസ്റ്റാൾ ചെയ്യുക"),
+        ("Remote ID", "റിമോട്ട് ഐഡി"),
+        ("Paste", "പേസ്റ്റ്"),
+        ("Paste here?", "ഇവിടെ പേസ്റ്റ് ചെയ്യണോ?"),
+        ("Are you sure to close the connection?", "കണക്ഷൻ നിർത്തണമെന്ന് നിങ്ങൾക്ക് ഉറപ്പാണോ?"),
+        ("Download new version", "പുതിയ പതിപ്പ് ഡൗൺലോഡ് ചെയ്യുക"),
+        ("Touch mode", "ടച്ച് മോഡ്"),
+        ("Mouse mode", "മൗസ് മോഡ്"),
+        ("One-Finger Tap", "ഒരു വിരൽ ടാപ്പ്"),
+        ("Left Mouse", "മൗസ് ഇടത് ബട്ടൺ"),
+        ("One-Long Tap", "ഒരു നീണ്ട ടാപ്പ്"),
+        ("Two-Finger Tap", "രണ്ട് വിരൽ ടാപ്പ്"),
+        ("Right Mouse", "മൗസ് വലത് ബട്ടൺ"),
+        ("One-Finger Move", "ഒരു വിരൽ നീക്കം"),
+        ("Double Tap & Move", "രണ്ട് ടാപ്പും നീക്കവും"),
+        ("Mouse Drag", "മൗസ് ഡ്രാഗ്"),
+        ("Three-Finger vertically", "മൂന്ന് വിരൽ ലംബമായി"),
+        ("Mouse Wheel", "മൗസ് വീൽ"),
+        ("Two-Finger Move", "രണ്ട് വിരൽ നീക്കം"),
+        ("Canvas Move", "ക്യാൻവാസ് നീക്കുക"),
+        ("Pinch to Zoom", "സൂം ചെയ്യാൻ പിഞ്ച് ചെയ്യുക"),
+        ("Canvas Zoom", "ക്യാൻവാസ് സൂം"),
+        ("Reset canvas", "ക്യാൻവാസ് റീസെറ്റ് ചെയ്യുക"),
+        ("No permission of file transfer", "ഫയൽ കൈമാറ്റത്തിന് അനുമതിയില്ല"),
+        ("Note", "കുറിപ്പ്"),
+        ("Connection", "കണക്ഷൻ"),
+        ("Share screen", "സ്ക്രീൻ പങ്കിടുക"),
+        ("Chat", "ചാറ്റ്"),
+        ("Total", "ആകെ"),
+        ("items", "ഇനങ്ങൾ"),
+        ("Selected", "തിഞ്ഞെടുത്തവ"),
+        ("Screen Capture", "സ്ക്രീൻ ക്യാപ്ചർ"),
+        ("Input Control", "ഇൻപുട്ട് നിയന്ത്രണം"),
+        ("Audio Capture", "ഓഡിയോ ക്യാപ്ചർ"),
+        ("Do you accept?", "നിങ്ങൾ അംഗീകരിക്കുന്നുണ്ടോ?"),
+        ("Open System Setting", "സിസ്റ്റം സെറ്റിംഗ്സ് തുറക്കുക"),
+        ("How to get Android input permission?", "ആൻഡ്രോയിഡ് ഇൻപുട്ട് അനുമതി എങ്ങനെ നേടാം?"),
+        ("android_input_permission_tip1", "ഇൻപുട്ട് അനുമതിക്കായി ആക്‌സസിബിലിറ്റി സർവീസ് ഓൺ ചെയ്യുക."),
+        ("android_input_permission_tip2", "സെറ്റിംഗ്സിൽ RustDesk കണ്ടെത്തി അത് ഓൺ ചെയ്യുക."),
+        ("android_new_connection_tip", "പുതിയ കണക്ഷൻ അഭ്യർത്ഥന ലഭിച്ചു."),
+        ("android_service_will_start_tip", "സ്ക്രീൻ ക്യാപ്ചർ ഓൺ ചെയ്താൽ സർവീസ് താനേ തുടങ്ങും."),
+        ("android_stop_service_tip", "സർവീസ് നിർത്തുന്നത് എല്ലാ കണക്ഷനുകളും വിച്ഛേദിക്കും."),
+        ("android_version_audio_tip", "ആൻഡ്രോയിഡ് 10-ൽ കൂടുതൽ വേണം ഓഡിയോ ക്യാപ്ചർ ചെയ്യാൻ."),
+        ("android_start_service_tip", "സ്ക്രീൻ ഷെയറിംഗ് തുടങ്ങാൻ ക്ലിക്ക് ചെയ്യുക."),
+        ("android_permission_may_not_change_tip", "അനുമതികൾ പിന്നീട് മാറ്റാൻ കഴിയില്ല, ശ്രദ്ധിച്ച് തിരഞ്ഞെടുക്കുക."),
+        ("Account", "അക്കൗണ്ട്"),
+        ("Overwrite", "തിരുത്തിയെഴുതുക (Overwrite)"),
+        ("This file exists, skip or overwrite this file?", "ഈ ഫയൽ നിലവിലുണ്ട്, ഒഴിവാക്കണോ അതോ തിരുത്തിയെഴുതണോ?"),
+        ("Quit", "പുറത്തുകടക്കുക"),
+        ("Help", "സഹായം"),
+        ("Failed", "പരാജയപ്പെട്ടു"),
+        ("Succeeded", "വിജയിച്ചു"),
+        ("Someone turns on privacy mode, exit", "ആരോ പ്രൈവസി മോഡ് ഓൺ ചെയ്തു, പുറത്തുകടക്കുന്നു"),
+        ("Unsupported", "പിന്തുണയ്ക്കുന്നില്ല"),
+        ("Peer denied", "മറുഭാഗത്തുനിന്ന് നിരസിച്ചു"),
+        ("Please install plugins", "ദയവായി പ്ലഗിനുകൾ ഇൻസ്റ്റാൾ ചെയ്യുക"),
+        ("Peer exit", "മറുഭാഗത്തുനിന്ന് പുറത്തുകടന്നു"),
+        ("Failed to turn off", "ഓഫ് ചെയ്യുന്നതിൽ പരാജയപ്പെട്ടു"),
+        ("Turned off", "ഓഫ് ചെയ്തു"),
+        ("Language", "ഭാഷ"),
+        ("Keep RustDesk background service", "RustDesk ബാക്ക്ഗ്രൗണ്ടിൽ പ്രവർത്തിപ്പിക്കുക"),
+        ("Ignore Battery Optimizations", "ബാറ്ററി ഒപ്റ്റിമൈസേഷൻ അവഗണിക്കുക"),
+        ("android_open_battery_optimizations_tip", "കണക്ഷൻ മുറിയാതിരിക്കാൻ ബാറ്ററി ഒപ്റ്റിമൈസേഷൻ സെറ്റിംഗ്സ് തുറക്കുക"),
+        ("Start on boot", "തുടങ്ങുമ്പോൾ തന്നെ പ്രവർത്തിക്കുക"),
+        ("Start the screen sharing service on boot, requires special permissions", "തുടങ്ങുമ്പോൾ തന്നെ സ്ക്രീൻ ഷെയറിംഗ് തുടങ്ങുക, പ്രത്യേക അനുമതി ആവശ്യമാണ്"),
+        ("Connection not allowed", "കണക്ഷൻ അനുവദനീയമല്ല"),
+        ("Legacy mode", "ലെഗസി മോഡ്"),
+        ("Map mode", "മാപ്പ് മോഡ്"),
+        ("Translate mode", "ട്രാൻസ്ലേറ്റ് മോഡ്"),
+        ("Use permanent password", "സ്ഥിരമായ പാസ്‌വേഡ് ഉപയോഗിക്കുക"),
+        ("Use both passwords", "രണ്ട് പാസ്‌വേഡുകളും ഉപയോഗിക്കുക"),
+        ("Set permanent password", "സ്ഥിരമായ പാസ്‌വേഡ് സജ്ജമാക്കുക"),
+        ("Enable remote restart", "റിമോട്ട് റീസ്റ്റാർട്ട് അനുവദിക്കുക"),
+        ("Restart remote device", "റിമോട്ട് ഉപകരണം റീസ്റ്റാർട്ട് ചെയ്യുക"),
+        ("Are you sure you want to restart", "റീസ്റ്റാർട്ട് ചെയ്യണമെന്ന് നിങ്ങൾക്ക് ഉറപ്പാണോ?"),
+        ("Restarting remote device", "റിമോട്ട് ഉപകരണം റീസ്റ്റാർട്ട് ചെയ്യുന്നു"),
+        ("remote_restarting_tip", "റിമോട്ട് ഉപകരണം റീസ്റ്റാർട്ട് ചെയ്യുന്നു, ദയവായി കാത്തിരിക്കുക..."),
+        ("Copied", "കോപ്പി ചെയ്തു"),
+        ("Exit Fullscreen", "ഫുൾ സ്ക്രീനിൽ നിന്ന് പുറത്തുകടക്കുക"),
+        ("Fullscreen", "ഫുൾ സ്ക്രീൻ"),
+        ("Mobile Actions", "മൊബൈൽ നടപടികൾ"),
+        ("Select Monitor", "മോണിറ്റർ തിരഞ്ഞെടുക്കുക"),
+        ("Control Actions", "നിയന്ത്രണ നടപടികൾ"),
+        ("Display Settings", "ഡിസ്‌പ്ലേ ക്രമീകരണങ്ങൾ"),
+        ("Ratio", "അനുപാതം (Ratio)"),
+        ("Image Quality", "ചിത്രത്തിന്റെ ഗുണനിലവാരം"),
+        ("Scroll Style", "സ്ക്രോൾ സ്റ്റൈൽ"),
+        ("Show Toolbar", "ടൂൾബാർ കാണിക്കുക"),
+        ("Hide Toolbar", "ടൂൾബാർ മറയ്ക്കുക"),
+        ("Direct Connection", "നേരിട്ടുള്ള കണക്ഷൻ"),
+        ("Relay Connection", "റിലേ കണക്ഷൻ"),
+        ("Secure Connection", "സുരക്ഷിതമായ കണക്ഷൻ"),
+        ("Insecure Connection", "സുരക്ഷിതമല്ലാത്ത കണക്ഷൻ"),
+        ("Scale original", "ഒറിജിനൽ വലിപ്പം"),
+        ("Scale adaptive", "അഡാപ്റ്റീവ് വലിപ്പം"),
+        ("General", "പൊതുവായവ"),
+        ("Security", "സുരക്ഷ"),
+        ("Theme", "തീം"),
+        ("Dark Theme", "ഡാർക്ക് തീം"),
+        ("Light Theme", "ലൈറ്റ് തീം"),
+        ("Dark", "ഡാർക്ക്"),
+        ("Light", "ലൈറ്റ്"),
+        ("Follow System", "സിസ്റ്റം അനുസരിച്ച്"),
+        ("Enable hardware codec", "ഹാർഡ്‌വെയർ കോഡെക് അനുവദിക്കുക"),
+        ("Unlock Security Settings", "സുരക്ഷാ ക്രമീകരണങ്ങൾ അൺലോക്ക് ചെയ്യുക"),
+        ("Enable audio", "ശബ്ദം അനുവദിക്കുക"),
+        ("Unlock Network Settings", "നെറ്റ്‌വർക്ക് ക്രമീകരണങ്ങൾ അൺലോക്ക് ചെയ്യുക"),
+        ("Server", "സെർവർ"),
+        ("Direct IP Access", "നേരിട്ടുള്ള IP ആക്‌സസ്"),
+        ("Proxy", "പ്രോക്സി"),
+        ("Apply", "പ്രയോഗിക്കുക"),
+        ("Disconnect all devices?", "എല്ലാ ഉപകരണങ്ങളും വിച്ഛേദിക്കണോ?"),
+        ("Clear", "വൃത്തിയാക്കുക"),
+        ("Audio Input Device", "ശബ്ദ ഇൻപുട്ട് ഉപകരണം"),
+        ("Use IP Whitelisting", "IP വൈറ്റ്‌ലിസ്റ്റിംഗ് ഉപയോഗിക്കുക"),
+        ("Network", "നെറ്റ്‌വർക്ക്"),
+        ("Pin Toolbar", "ടൂൾബാർ പിൻ ചെയ്യുക"),
+        ("Unpin Toolbar", "ടൂൾബാർ അൺപിൻ ചെയ്യുക"),
+        ("Recording", "റെക്കോർഡിംഗ്"),
+        ("Directory", "ഡയറക്ടറി"),
+        ("Automatically record incoming sessions", "വരുന്ന സെഷനുകൾ താനേ റെക്കോർഡ് ചെയ്യുക"),
+        ("Automatically record outgoing sessions", "പോകുന്ന സെഷനുകൾ താനേ റെക്കോർഡ് ചെയ്യുക"),
+        ("Change", "മാറ്റുക"),
+        ("Start session recording", "റെക്കോർഡിംഗ് തുടങ്ങുക"),
+        ("Stop session recording", "റെക്കോർഡിംഗ് നിർത്തുക"),
+        ("Enable recording session", "സെഷൻ റെക്കോർഡിംഗ് അനുവദിക്കുക"),
+        ("Enable LAN discovery", "LAN കണ്ടെത്തൽ അനുവദിക്കുക"),
+        ("Deny LAN discovery", "LAN കണ്ടെത്തൽ നിരസിക്കുക"),
+        ("Write a message", "സന്ദേശം എഴുതുക"),
+        ("Prompt", "പ്രോംപ്റ്റ്"),
+        ("Please wait for confirmation of UAC...", "UAC സ്ഥിരീകരണത്തിനായി കാത്തിരിക്കുക..."),
+        ("elevated_foreground_window_tip", "റിമോട്ടിലെ വിൻഡോയ്ക്ക് കൂടുതൽ അനുമതി ആവശ്യമാണ്."),
+        ("Disconnected", "വിച്ഛേദിച്ചു"),
+        ("Other", "മറ്റുള്ളവ"),
+        ("Confirm before closing multiple tabs", "ടാബുകൾ അടയ്ക്കുന്നതിന് മുൻപ് സ്ഥിരീകരിക്കുക"),
+        ("Keyboard Settings", "കീബോർഡ് ക്രമീകരണങ്ങൾ"),
+        ("Full Access", "പൂർണ്ണ ആക്‌സസ്"),
+        ("Screen Share", "സ്ക്രീൻ ഷെയർ"),
+        ("ubuntu-21-04-required", "Ubuntu 21.04 എങ്കിലും വേണം"),
+        ("wayland-requires-higher-linux-version", "Wayland-ന് പുതിയ ലിനക്സ് പതിപ്പ് ആവശ്യമാണ്"),
+        ("xdp-portal-unavailable", "XDP പോർട്ടൽ ലഭ്യമല്ല"),
+        ("JumpLink", "ജമ്പ്‌ലിങ്ക്"),
+        ("Please Select the screen to be shared(Operate on the peer side).", "പങ്കിടാനുള്ള സ്ക്രീൻ തിരഞ്ഞെടുക്കുക (മറുഭാഗത്ത് ചെയ്യുക)."),
+        ("Show RustDesk", "RustDesk കാണിക്കുക"),
+        ("This PC", "ഈ പിസി"),
+        ("or", "അല്ലെങ്കിൽ"),
+        ("Elevate", "എലിവേറ്റ് ചെയ്യുക"),
+        ("Zoom cursor", "സൂം കർസർ"),
+        ("Accept sessions via password", "പാസ്‌വേഡ് വഴി സെഷനുകൾ അനുവദിക്കുക"),
+        ("Accept sessions via click", "ക്ലിക്ക് വഴി സെഷനുകൾ അനുവദിക്കുക"),
+        ("Accept sessions via both", "രണ്ടും വഴി സെഷനുകൾ അനുവദിക്കുക"),
+        ("Please wait for the remote side to accept your session request...", "മറുഭാഗം അനുമതി നൽകാനായി കാത്തിരിക്കുക..."),
+        ("One-time Password", "ഒറ്റത്തവണ പാസ്‌വേഡ്"),
+        ("Use one-time password", "ഒറ്റത്തവണ പാസ്‌വേഡ് ഉപയോഗിക്കുക"),
+        ("One-time password length", "ഒറ്റത്തവണ പാസ്‌വേഡ് നീളം"),
+        ("Request access to your device", "നിങ്ങളുടെ ഉപകരണം ആക്‌സസ് ചെയ്യാൻ അനുമതി ചോദിക്കുന്നു"),
+        ("Hide connection management window", "കണക്ഷൻ മാനേജ്‌മെന്റ് വിൻഡോ മറയ്ക്കുക"),
+        ("hide_cm_tip", "പാസ്‌വേഡ് വഴിയുള്ള കണക്ഷൻ ആണെങ്കിൽ മാത്രം മറയ്ക്കുക"),
+        ("wayland_experiment_tip", "Wayland പിന്തുണ പരീക്ഷണാടിസ്ഥാനത്തിലാണ്"),
+        ("Right click to select tabs", "ടാബുകൾ തിരഞ്ഞെടുക്കാൻ വലത് ക്ലിക്ക് ചെയ്യുക"),
+        ("Skipped", "ഒഴിവാക്കി"),
+        ("Add to address book", "അഡ്രസ് ബുക്കിലേക്ക് ചേർക്കുക"),
+        ("Group", "ഗ്രൂപ്പ്"),
+        ("Search", "തിരയുക"),
+        ("Closed manually by web console", "വെബ് കൺസോൾ വഴി മാനുവലായി അടച്ചു"),
+        ("Local keyboard type", "ലോക്കൽ കീബോർഡ് തരം"),
+        ("Select local keyboard type", "ലോക്കൽ കീബോർഡ് തരം തിരഞ്ഞെടുക്കുക"),
+        ("software_render_tip", "സ്ക്രീൻ കറുത്തിരിക്കുകയാണെങ്കിൽ ഇത് പരീക്ഷിക്കുക"),
+        ("Always use software rendering", "എപ്പോഴും സോഫ്റ്റ്‌വെയർ റെൻഡറിംഗ് ഉപയോഗിക്കുക"),
+        ("config_input", "ഇൻപുട്ട് ക്രമീകരിക്കുക"),
+        ("config_microphone", "മൈക്രോഫോൺ ക്രമീകരിക്കുക"),
+        ("request_elevation_tip", "മറുഭാഗത്തുനിന്ന് എലവേഷൻ ആവശ്യപ്പെടുക"),
+        ("Wait", "കാത്തിരിക്കുക"),
+        ("Elevation Error", "എലവേഷൻ പിശക്"),
+        ("Ask the remote user for authentication", "റിമോട്ട് ഉപയോക്താവിനോട് അനുമതി ചോദിക്കുക"),
+        ("Choose this if the remote account is administrator", "റിമോട്ട് അക്കൗണ്ട് അഡ്മിനിസ്ട്രേറ്റർ ആണെങ്കിൽ ഇത് തിരഞ്ഞെടുക്കുക"),
+        ("Transmit the username and password of administrator", "അഡ്മിനിസ്ട്രേറ്റർ വിവരങ്ങൾ അയക്കുക"),
+        ("still_click_uac_tip", "റിമോട്ട് ഉപയോക്താവ് UAC വിൻഡോയിൽ 'അതെ' എന്ന് ക്ലിക്ക് ചെയ്യേണ്ടതുണ്ട്."),
+        ("Request Elevation", "എലവേഷൻ ആവശ്യപ്പെടുക"),
+        ("wait_accept_uac_tip", "റിമോട്ട് ഉപയോക്താവ് UAC അംഗീകരിക്കാൻ കാത്തിരിക്കുക."),
+        ("Elevate successfully", "വിജയകരമായി എലവേറ്റ് ചെയ്തു"),
+        ("uppercase", "വലിയ അക്ഷരം (Uppercase)"),
+        ("lowercase", "ചെറിയ അക്ഷരം (Lowercase)"),
+        ("digit", "അക്കം"),
+        ("special character", "പ്രത്യേക ചിഹ്നം"),
+        ("length>=8", "നീളം >= 8"),
+        ("Weak", "ദുർബലം"),
+        ("Medium", "ഇടത്തരം"),
+        ("Strong", "ശക്തം"),
+        ("Switch Sides", "വശങ്ങൾ മാറ്റുക"),
+        ("Please confirm if you want to share your desktop?", "നിങ്ങളുടെ ഡെസ്ക്ടോപ്പ് പങ്കിടണമെന്ന് നിങ്ങൾക്ക് ഉറപ്പാണോ?"),
+        ("Display", "ഡിസ്‌പ്ലേ"),
+        ("Default View Style", "സാധാരണ വ്യൂ സ്റ്റൈൽ"),
+        ("Default Scroll Style", "സാധാരണ സ്ക്രോൾ സ്റ്റൈൽ"),
+        ("Default Image Quality", "സാധാരണ ഇമേജ് ക്വാളിറ്റി"),
+        ("Default Codec", "സാധാരണ കോഡെക്"),
+        ("Bitrate", "ബിറ്റ്റേറ്റ്"),
+        ("FPS", "FPS"),
+        ("Auto", "ഓട്ടോ"),
+        ("Other Default Options", "മറ്റ് സാധാരണ ഓപ്ഷനുകൾ"),
+        ("Voice call", "വോയിസ് കോൾ"),
+        ("Text chat", "ടെക്സ്റ്റ് ചാറ്റ്"),
+        ("Stop voice call", "വോയിസ് കോൾ നിർത്തുക"),
+        ("relay_hint_tip", "നേരിട്ടുള്ള കണക്ഷൻ സാധ്യമല്ല; റിലേ വഴി ശ്രമിക്കാം."),
+        ("Reconnect", "വീണ്ടും കണക്ട് ചെയ്യുക"),
+        ("Codec", "കോഡെക്"),
+        ("Resolution", "റെസല്യൂഷൻ"),
+        ("No transfers in progress", "കൈമാറ്റങ്ങളൊന്നും നടക്കുന്നില്ല"),
+        ("Set one-time password length", "ഒറ്റത്തവണ പാസ്‌വേഡ് നീളം നിശ്ചയിക്കുക"),
+        ("RDP Settings", "RDP ക്രമീകരണങ്ങൾ"),
+        ("Sort by", "ക്രമീകരിക്കുക"),
+        ("New Connection", "പുതിയ കണക്ഷൻ"),
+        ("Restore", "പുനഃസ്ഥാപിക്കുക"),
+        ("Minimize", "ചുരുക്കുക"),
+        ("Maximize", "വലുതാക്കുക"),
+        ("Your Device", "നിങ്ങളുടെ ഉപകരണം"),
+        ("empty_recent_tip", "സമീപകാല സെഷനുകൾ ഇവിടെ കാണാം."),
+        ("empty_favorite_tip", "പ്രിയപ്പെട്ടവ ഇവിടെ കാണാം."),
+        ("empty_lan_tip", "ലോക്കൽ നെറ്റ്‌വർക്കിലെ ഉപകരണങ്ങൾ ഇവിടെ കാണാം."),
+        ("empty_address_book_tip", "അഡ്രസ് ബുക്ക് ശൂന്യമാണ്."),
+        ("Empty Username", "യൂസർ നെയിം നൽകിയില്ല"),
+        ("Empty Password", "പാസ്‌വേഡ് നൽകിയില്ല"),
+        ("Me", "ഞാൻ"),
+        ("identical_file_tip", "ഈ ഫയൽ നിലവിലുണ്ട്."),
+        ("show_monitors_tip", "ടൂൾബാറിൽ മോണിറ്ററുകൾ കാണിക്കുക"),
+        ("View Mode", "വ്യൂ മോഡ്"),
+        ("login_linux_tip", "റിമോട്ട് ലിനക്സ് സെഷനായി ലോഗിൻ ചെയ്യണം"),
+        ("verify_rustdesk_password_tip", "RustDesk പാസ്‌വേഡ് പരിശോധിക്കുക"),
+        ("remember_account_tip", "ഈ അക്കൗണ്ട് ഓർമ്മിക്കുക"),
+        ("os_account_desk_tip", "ആക്‌സസിനായി OS അക്കൗണ്ട് ഉപയോഗിക്കുക"),
+        ("OS Account", "OS അക്കൗണ്ട്"),
+        ("another_user_login_title_tip", "മറ്റൊരു ഉപയോക്താവ് ലോഗിൻ ചെയ്തിട്ടുണ്ട്"),
+        ("another_user_login_text_tip", "വിച്ഛേദിച്ച ശേഷം വീണ്ടും ശ്രമിക്കുക"),
+        ("xorg_not_found_title_tip", "Xorg കണ്ടെത്താനായില്ല"),
+        ("xorg_not_found_text_tip", "ദയവായി Xorg ഇൻസ്റ്റാൾ ചെയ്യുക"),
+        ("no_desktop_title_tip", "ഡെസ്ക്ടോപ്പ് ലഭ്യമല്ല"),
+        ("no_desktop_text_tip", "ദയവായി ലിനക്സ് ഡെസ്ക്ടോപ്പ് ഇൻസ്റ്റാൾ ചെയ്യുക"),
+        ("No need to elevate", "എലവേറ്റ് ചെയ്യേണ്ടതില്ല"),
+        ("System Sound", "സിസ്റ്റം സൗണ്ട്"),
+        ("Default", "ഡിഫോൾട്ട്"),
+        ("New RDP", "പുതിയ RDP"),
+        ("Fingerprint", "ഫിംഗർപ്രിന്റ്"),
+        ("Copy Fingerprint", "ഫിംഗർപ്രിന്റ് കോപ്പി ചെയ്യുക"),
+        ("no fingerprints", "ഫിംഗർപ്രിന്റുകൾ ഇല്ല"),
+        ("Select a peer", "ഒരാളെ തിരഞ്ഞെടുക്കുക"),
+        ("Select peers", "തിരഞ്ഞെടുക്കുക"),
+        ("Plugins", "പ്ലഗിനുകൾ"),
+        ("Uninstall", "അൺഇൻസ്റ്റാൾ ചെയ്യുക"),
+        ("Update", "അപ്ഡേറ്റ് ചെയ്യുക"),
+        ("Enable", "പ്രവർത്തനക്ഷമമാക്കുക"),
+        ("Disable", "പ്രവർത്തനരഹിതമാക്കുക"),
+        ("Options", "ഓപ്ഷനുകൾ"),
+        ("resolution_original_tip", "ഒറിജിനൽ റെസല്യൂഷൻ"),
+        ("resolution_fit_local_tip", "ലോക്കൽ സ്ക്രീനിന് അനുയോജ്യം"),
+        ("resolution_custom_tip", "കസ്റ്റം റെസല്യൂഷൻ"),
+        ("Collapse toolbar", "ടൂൾബാർ ചുരുക്കുക"),
+        ("Accept and Elevate", "അംഗീകരിച്ച് എലവേറ്റ് ചെയ്യുക"),
+        ("accept_and_elevate_btn_tooltip", "കണക്ഷൻ അംഗീകരിച്ച് UAC അനുമതികൾ നൽകുക."),
+        ("clipboard_wait_response_timeout_tip", "ക്ലിപ്പ്ബോർഡ് മറുപടിക്കായി കാത്തിരുന്നു സമയം കഴിഞ്ഞു."),
+        ("Incoming connection", "വരുന്ന കണക്ഷൻ"),
+        ("Outgoing connection", "പോകുന്ന കണക്ഷൻ"),
+        ("Exit", "പുറത്തുകടക്കുക"),
+        ("Open", "തുറക്കുക"),
+        ("logout_tip", "നിങ്ങൾക്ക് ലോഗൗട്ട് ചെയ്യണമെന്ന് ഉറപ്പാണോ?"),
+        ("Service", "സർവീസ്"),
+        ("Start", "തുടങ്ങുക"),
+        ("Stop", "നിർത്തുക"),
+        ("exceed_max_devices", "നിങ്ങൾ ഉപകരണങ്ങളുടെ പരിധി കവിഞ്ഞു."),
+        ("Sync with recent sessions", "സമീപകാല സെഷനുകളുമായി സિંക് ചെയ്യുക"),
+        ("Sort tags", "ടാഗുകൾ ക്രമീകരിക്കുക"),
+        ("Open connection in new tab", "പുതിയ ടാബിൽ തുറക്കുക"),
+        ("Move tab to new window", "ടാബ് പുതിയ വിൻഡോയിലേക്ക് മാറ്റുക"),
+        ("Can not be empty", "ശൂന്യമാകാൻ പാടില്ല"),
+        ("Already exists", "നിലവിലുണ്ട്"),
+        ("Change Password", "പാസ്‌വേഡ് മാറ്റുക"),
+        ("Refresh Password", "പാസ്‌വേഡ് പുതുക്കുക"),
+        ("ID", "ഐഡി"),
+        ("Grid View", "ഗ്രിഡ് വ്യൂ"),
+        ("List View", "ലിസ്റ്റ് വ്യൂ"),
+        ("Select", "തിരഞ്ഞെടുക്കുക"),
+        ("Toggle Tags", "ടാഗുകൾ മാറ്റുക"),
+        ("pull_ab_failed_tip", "അഡ്രസ് ബുക്ക് അപ്‌ഡേറ്റ് ചെയ്യുന്നതിൽ പരാജയപ്പെട്ടു."),
+        ("push_ab_failed_tip", "അഡ്രസ് ബുക്ക് സિંക് ചെയ്യുന്നതിൽ പരാജയപ്പെട്ടു."),
+        ("synced_peer_readded_tip", "സമീപകാല ഉപകരണം അഡ്രസ് ബുക്കിലേക്ക് സિંക് ചെയ്തു."),
+        ("Change Color", "നിറം മാറ്റുക"),
+        ("Primary Color", "പ്രധാന നിറം"),
+        ("HSV Color", "HSV നിറം"),
+        ("Installation Successful!", "ഇൻസ്റ്റാളേഷൻ വിജയിച്ചു!"),
+        ("Installation failed!", "ഇൻസ്റ്റാളേഷൻ പരാജയപ്പെട്ടു!"),
+        ("Reverse mouse wheel", "മൗസ് വീൽ തിരിക്കുക"),
+        ("{} sessions", "{} സെഷനുകൾ"),
+        ("scam_title", "തട്ടിപ്പ് മുന്നറിയിപ്പ്!"),
+        ("scam_text1", "നിങ്ങൾക്ക് പരിചയമില്ലാത്ത ആരെങ്കിലും RustDesk ഉപയോഗിക്കാൻ ആവശ്യപ്പെട്ടാൽ ഉടൻ കണക്ഷൻ വിച്ഛേദിക്കുക."),
+        ("scam_text2", "ഇതൊരു തട്ടിപ്പായിരിക്കാം. ആർക്കും പാസ്‌വേഡ് നൽകരുത്."),
+        ("Don't show again", "വീണ്ടും കാണിക്കരുത്"),
+        ("I Agree", "ഞാൻ സമ്മതിക്കുന്നു"),
+        ("Decline", "നിരസിക്കുന്നു"),
+        ("Timeout in minutes", "മിനിറ്റുകളിൽ സമയം നിശ്ചയിക്കുക"),
+        ("auto_disconnect_option_tip", "പ്രവർത്തനമില്ലെങ്കിൽ താനേ വിച്ഛേദിക്കുക"),
+        ("Connection failed due to inactivity", "പ്രവർത്തനമില്ലാത്തതിനാൽ കണക്ഷൻ വിച്ഛേദിച്ചു"),
+        ("Check for software update on startup", "തുടങ്ങുമ്പോൾ അപ്‌ഡേറ്റ് ഉണ്ടോ എന്ന് പരിശോധിക്കുക"),
+        ("upgrade_rustdesk_server_pro_to_{}_tip", "സെർവർ പ്രോ {} ലേക്ക് അപ്‌ഗ്രേഡ് ചെയ്യുക"),
+        ("pull_group_failed_tip", "ഗ്രൂപ്പ് വിവരങ്ങൾ ലഭിക്കുന്നതിൽ പരാജയപ്പെട്ടു"),
+        ("Filter by intersection", "ഇന്റർസെക്ഷൻ വഴി ഫിൽട്ടർ ചെയ്യുക"),
+        ("Remove wallpaper during incoming sessions", "കണക്ഷൻ സമയത്ത് വാൾപേപ്പർ മാറ്റുക"),
+        ("Test", "പരിശോധിക്കുക"),
+        ("display_is_plugged_out_msg", "ഡിസ്‌പ്ലേ ഊരിയിരിക്കുകയാണ്."),
+        ("No displays", "ഡിസ്‌പ്ലേകൾ ഇല്ല"),
+        ("Open in new window", "പുതിയ വിൻഡോയിൽ തുറക്കുക"),
+        ("Show displays as individual windows", "ഓരോ ഡിസ്‌പ്ലേയും ഓരോ വിൻഡോയായി കാണിക്കുക"),
+        ("Use all my displays for the remote session", "എല്ലാ ഡിസ്‌പ്ലേകളും ഉപയോഗിക്കുക"),
+        ("selinux_tip", "SELinux പ്രവർത്തനക്ഷമമാണ്."),
+        ("Change view", "കാഴ്ച മാറ്റുക"),
+        ("Big tiles", "വലിയ ടൈലുകൾ"),
+        ("Small tiles", "ചെറിയ ടൈലുകൾ"),
+        ("List", "ലിസ്റ്റ്"),
+        ("Virtual display", "വെർച്വൽ ഡിസ്‌പ്ലേ"),
+        ("Plug out all", "എല്ലാം ഊരുക"),
+        ("True color (4:4:4)", "ട്രൂ കളർ (4:4:4)"),
+        ("Enable blocking user input", "യൂസർ ഇൻപുട്ട് തടയുന്നത് അനുവദിക്കുക"),
+        ("id_input_tip", "നിങ്ങൾക്ക് ഐഡി, ഏലിയാസ് അല്ലെങ്കിൽ ഐപി നൽകാം."),
+        ("privacy_mode_impl_mag_tip", "മാഗ്നിഫയർ സ്വകാര്യ മോഡ്"),
+        ("privacy_mode_impl_virtual_display_tip", "വെർച്വൽ ഡിസ്‌പ്ലേ സ്വകാര്യ മോഡ്"),
+        ("Enter privacy mode", "സ്വകാര്യ മോഡിലേക്ക് കടക്കുക"),
+        ("Exit privacy mode", "സ്വകാര്യ മോഡിൽ നിന്ന് പുറത്തുകടക്കുക"),
+        ("idd_not_support_under_win10_2004_tip", "Windows 10 (2004) എങ്കിലും വേണം."),
+        ("input_source_1_tip", "ഇൻപുട്ട് സോഴ്സ് 1"),
+        ("input_source_2_tip", "ഇൻപുട്ട് സോഴ്സ് 2"),
+        ("Swap control-command key", "Control-Command കീകൾ പരസ്പരം മാറ്റുക"),
+        ("swap-left-right-mouse", "ഇടത്-വലത് മൗസ് ബട്ടണുകൾ മാറ്റുക"),
+        ("2FA code", "2FA കോഡ്"),
+        ("More", "കൂടുതൽ"),
+        ("enable-2fa-title", "2FA ഓൺ ചെയ്യുക"),
+        ("enable-2fa-desc", "അതന്റിക്കേറ്റർ ആപ്പ് സജ്ജമാക്കുക."),
+        ("wrong-2fa-code", "തെറ്റായ 2FA കോഡ്."),
+        ("enter-2fa-title", "2FA കോഡ് നൽകുക"),
+        ("Email verification code must be 6 characters.", "ഇമെയിൽ കോഡ് 6 അക്ഷരങ്ങൾ വേണം."),
+        ("2FA code must be 6 digits.", "2FA കോഡ് 6 അക്കങ്ങൾ വേണം."),
+        ("Multiple Windows sessions found", "ഒന്നിലധികം വിൻഡോസ് സെഷനുകൾ കണ്ടെത്തി"),
+        ("Please select the session you want to connect to", "ബന്ധിപ്പിക്കേണ്ട സെഷൻ തിരഞ്ഞെടുക്കുക"),
+        ("powered_by_me", "ഞാൻ നിർമ്മിച്ചത്"),
+        ("outgoing_only_desk_tip", "ഇതൊരു ഔട്ട്‌ഗോയിംഗ് മോഡ് മാത്രമാണ്"),
+        ("preset_password_warning", "സുരക്ഷയ്ക്കായി പാസ്‌വേഡ് മാറ്റുക."),
+        ("Security Alert", "സുരക്ഷാ മുന്നറിയിപ്പ്"),
+        ("My address book", "എന്റെ അഡ്രസ് ബുക്ക്"),
+        ("Personal", "വ്യക്തിഗതം"),
+        ("Owner", "ഉടമസ്ഥൻ"),
+        ("Set shared password", "പങ്കിട്ട പാസ്‌വേഡ് സജ്ജമാക്കുക"),
+        ("Exist in", "നിലവിലുള്ളത്"),
+        ("Read-only", "വായിക്കാൻ മാത്രം"),
+        ("Read/Write", "വായിക്കാനും എഴുതാനും"),
+        ("Full Control", "പൂർണ്ണ നിയന്ത്രണം"),
+        ("share_warning_tip", "നിങ്ങളുടെ വിവരങ്ങൾ പങ്കിടുകയാണ്."),
+        ("Everyone", "എല്ലാവരും"),
+        ("ab_web_console_tip", "വെബ് കൺസോൾ അഡ്രസ് ബുക്ക്"),
+        ("allow-only-conn-window-open-tip", "RustDesk വിൻഡോ തുറന്നിരിക്കുമ്പോൾ മാത്രം കണക്ഷൻ അനുവദിക്കുക"),
+        ("no_need_privacy_mode_no_physical_displays_tip", "ഡിസ്‌പ്ലേ ഇല്ലാത്തതിനാൽ സ്വകാര്യ മോഡ് ആവശ്യമില്ല."),
+        ("Follow remote cursor", "റിമോട്ട് കർസറിനെ പിന്തുടരുക"),
+        ("Follow remote window focus", "റിമോട്ട് വിൻഡോ ഫോക്കസിനെ പിന്തുടരുക"),
+        ("default_proxy_tip", "ഡിഫോൾട്ട് പ്രോക്സി ക്രമീകരണം"),
+        ("no_audio_input_device_tip", "ഓഡിയോ ഇൻപുട്ട് ഉപകരണം കണ്ടെത്തിയില്ല."),
+        ("Incoming", "വരുന്നവ"),
+        ("Outgoing", "പോകുന്നവ"),
+        ("Clear Wayland screen selection", "Wayland സ്ക്രീൻ സെലക്ഷൻ മാറ്റുക"),
+        ("clear_Wayland_screen_selection_tip", "സ്ക്രീൻ സെലക്ഷൻ റീസെറ്റ് ചെയ്യുക."),
+        ("confirm_clear_Wayland_screen_selection_tip", "സെലക്ഷൻ മാറ്റണമെന്ന് ഉറപ്പാണോ?"),
+        ("android_new_voice_call_tip", "പുതിയ വോയിസ് കോൾ അഭ്യർത്ഥന"),
+        ("texture_render_tip", "ടെക്സ്ചർ റെൻഡറിംഗ് ഉപയോഗിക്കുക"),
+        ("Use texture rendering", "ടെക്സ്ചർ റെൻഡറിംഗ് ഉപയോഗിക്കുക"),
+        ("Floating window", "ഫ്ലോട്ടിംഗ് വിൻഡോ"),
+        ("floating_window_tip", "ബാക്ക്ഗ്രൗണ്ടിലാണെങ്കിലും RustDesk കാണിക്കുക"),
+        ("Keep screen on", "സ്ക്രീൻ ഓഫ് ആകാതെ വെക്കുക"),
+        ("Never", "ഒരിക്കലുമില്ല"),
+        ("During controlled", "നിയന്ത്രിക്കുമ്പോൾ"),
+        ("During service is on", "സർവീസ് ഓൺ ആയിരിക്കുമ്പോൾ"),
+        ("Capture screen using DirectX", "DirectX ഉപയോഗിച്ച് സ്ക്രീൻ ക്യാപ്ചർ ചെയ്യുക"),
+        ("Back", "പുറകോട്ട്"),
+        ("Apps", "ആപ്പുകൾ"),
+        ("Volume up", "ശബ്ദം കൂട്ടുക"),
+        ("Volume down", "ശബ്ദം കുറയ്ക്കുക"),
+        ("Power", "പവർ"),
+        ("Telegram bot", "ടെലഗ്രാം ബോട്ട്"),
+        ("enable-bot-tip", "അറിയിപ്പുകൾക്കായി ബോട്ട് ഓൺ ചെയ്യുക"),
+        ("enable-bot-desc", "ടെലഗ്രാം ബോട്ട് സജ്ജമാക്കുക."),
+        ("cancel-2fa-confirm-tip", "2FA റദ്ദാക്കണമെന്ന് ഉറപ്പാണോ?"),
+        ("cancel-bot-confirm-tip", "ബോട്ട് റദ്ദാക്കണമെന്ന് ഉറപ്പാണോ?"),
+        ("About RustDesk", "RustDesk-നെ കുറിച്ച്"),
+        ("Send clipboard keystrokes", "ക്ലിപ്പ്ബോർഡ് കീസ്ട്രോക്കുകൾ അയക്കുക"),
+        ("network_error_tip", "നെറ്റ്‌വർക്ക് പിശക്, വീണ്ടും ശ്രമിക്കുക."),
+        ("Unlock with PIN", "പിൻ ഉപയോഗിച്ച് അൺലോക്ക് ചെയ്യുക"),
+        ("Requires at least {} characters", "കുറഞ്ഞത് {} അക്ഷരങ്ങൾ വേണം"),
+        ("Wrong PIN", "തെറ്റായ പിൻ"),
+        ("Set PIN", "പിൻ സജ്ജമാക്കുക"),
+        ("Enable trusted devices", "വിശ്വസനീയമായ ഉപകരണങ്ങൾ അനുവദിക്കുക"),
+        ("Manage trusted devices", "വിശ്വസനീയമായ ഉപകരണങ്ങൾ നിയന്ത്രിക്കുക"),
+        ("Platform", "പ്ലാറ്റ്‌ഫോം"),
+        ("Days remaining", "ബാക്കിയുള്ള ദിവസങ്ങൾ"),
+        ("enable-trusted-devices-tip", "വിശ്വസനീയമായവയ്ക്ക് പാസ്‌വേഡ് വേണ്ട"),
+        ("Parent directory", "പ്രധാന ഡയറക്ടറി"),
+        ("Resume", "തുടരുക"),
+        ("Invalid file name", "അസാധുവായ ഫയൽ പേര്"),
+        ("one-way-file-transfer-tip", "ഒരു വശത്തേക്ക് മാത്രമുള്ള ഫയൽ കൈമാറ്റം"),
+        ("Authentication Required", "അംഗീകാരം ആവശ്യമാണ്"),
+        ("Authenticate", "അംഗീകരിക്കുക"),
+        ("web_id_input_tip", "റിമോട്ട് ഐഡി നൽകുക"),
+        ("Download", "ഡൗൺലോഡ്"),
+        ("Upload folder", "ഫോൾഡർ അപ്‌ലോഡ് ചെയ്യുക"),
+        ("Upload files", "ഫയലുകൾ അപ്‌ലോഡ് ചെയ്യുക"),
+        ("Clipboard is synchronized", "ക്ലിപ്പ്ബോർഡ് സങ്കലനം ചെയ്തു"),
+        ("Update client clipboard", "ക്ലയന്റ് ക്ലിപ്പ്ബോർഡ് പുതുക്കുക"),
+        ("Untagged", "ടാഗ് ചെയ്യാത്തവ"),
+        ("new-version-of-{}-tip", "{} പുതിയ പതിപ്പ് ലഭ്യമാണ്"),
+        ("Accessible devices", "ലഭ്യമായ ഉപകരണങ്ങൾ"),
+        ("upgrade_remote_rustdesk_client_to_{}_tip", "റിമോട്ട് പതിപ്പ് {} ലേക്ക് മാറ്റുക"),
+        ("d3d_render_tip", "D3D റെൻഡറിംഗ് ഉപയോഗിക്കുക"),
+        ("Printer", "പ്രിന്റർ"),
+        ("printer-os-requirement-tip", "പ്രിന്റിംഗിന് വിൻഡോസ് വേണം."),
+        ("printer-requires-installed-{}-client-tip", "ഇതിന് {} ക്ലയന്റ് ഇൻസ്റ്റാൾ ചെയ്യണം."),
+        ("printer-{}-not-installed-tip", "പ്രിന്റർ {} ഇൻസ്റ്റാൾ ചെയ്തിട്ടില്ല."),
+        ("printer-{}-ready-tip", "പ്രിന്റർ {} തയ്യാറാണ്."),
+        ("Install {} Printer", "{} പ്രിന്റർ ഇൻസ്റ്റാൾ ചെയ്യുക"),
+        ("Outgoing Print Jobs", "പോകുന്ന പ്രിന്റ് ജോലികൾ"),
+        ("Incoming Print Jobs", "വരുന്ന പ്രിന്റ് ജോലികൾ"),
+        ("Incoming Print Job", "വരുന്ന പ്രിന്റ് ജോലി"),
+        ("use-the-default-printer-tip", "ഡിഫോൾട്ട് പ്രിന്റർ ഉപയോഗിക്കുക"),
+        ("use-the-selected-printer-tip", "തിഞ്ഞെടുത്ത പ്രിന്റർ ഉപയോഗിക്കുക"),
+        ("auto-print-tip", "താനേ പ്രിന്റ് ചെയ്യുക"),
+        ("print-incoming-job-confirm-tip", "പ്രിന്റ് ചെയ്യുന്നതിന് മുൻപ് ചോദിക്കുക"),
+        ("remote-printing-disallowed-tile-tip", "റിമോട്ട് പ്രിന്റിംഗ് അനുവദനീയമല്ല"),
+        ("remote-printing-disallowed-text-tip", "സെറ്റിംഗ്സിൽ റിമോട്ട് പ്രിന്റിംഗ് ഓൺ ചെയ്യുക."),
+        ("save-settings-tip", "സെറ്റിംഗ്സ് സേവ് ചെയ്യുക"),
+        ("dont-show-again-tip", "വീണ്ടും കാണിക്കരുത്"),
+        ("Take screenshot", "സ്ക്രീൻഷോട്ട് എടുക്കുക"),
+        ("Taking screenshot", "സ്ക്രീൻഷോട്ട് എടുക്കുന്നു"),
+        ("screenshot-merged-screen-not-supported-tip", "മെർജ് ചെയ്ത സ്ക്രീൻഷോട്ട് പിന്തുണയ്ക്കുന്നില്ല."),
+        ("screenshot-action-tip", "സ്ക്രീൻഷോട്ടിന് ശേഷമുള്ള നടപടി"),
+        ("Save as", "പേരിൽ സേവ് ചെയ്യുക"),
+        ("Copy to clipboard", "ക്ലിപ്പ്ബോർഡിലേക്ക് കോപ്പി ചെയ്യുക"),
+        ("Enable remote printer", "റിമോട്ട് പ്രിന്റർ അനുവദിക്കുക"),
+        ("Downloading {}", "{} ഡൗൺലോഡ് ചെയ്യുന്നു"),
+        ("{} Update", "{} അപ്‌ഡേറ്റ്"),
+        ("{}-to-update-tip", "അപ്‌ഡേറ്റ് ചെയ്യാൻ {}"),
+        ("download-new-version-failed-tip", "പുതിയ പതിപ്പ് ഡൗൺലോഡ് ചെയ്യുന്നതിൽ പരാജയപ്പെട്ടു."),
+        ("Auto update", "ഓട്ടോ അപ്‌ഡേറ്റ്"),
+        ("update-failed-check-msi-tip", "അപ്‌ഡേറ്റ് പരാജയപ്പെട്ടു, MSI ഫയൽ പരിശോധിക്കുക."),
+        ("websocket_tip", "പോട്ടുകൾ തടഞ്ഞിട്ടുണ്ടെങ്കിൽ WebSocket ഉപയോഗിക്കുക."),
+        ("Use WebSocket", "WebSocket ഉപയോഗിക്കുക"),
+        ("Trackpad speed", "ട്രാക്ക്പാഡ് വേഗത"),
+        ("Default trackpad speed", "സാധാരണ ട്രാക്ക്പാഡ് വേഗത"),
+        ("Numeric one-time password", "അക്കങ്ങൾ മാത്രമുള്ള OTP"),
+        ("Enable IPv6 P2P connection", "IPv6 P2P കണക്ഷൻ അനുവദിക്കുക"),
+        ("Enable UDP hole punching", "UDP ഹോൾ പഞ്ചിംഗ് അനുവദിക്കുക"),
+        ("View camera", "ക്യാമറ കാണുക"),
+        ("Enable camera", "ക്യാമറ ഓൺ ചെയ്യുക"),
+        ("No cameras", "ക്യാമറകൾ കണ്ടെത്തിയില്ല"),
+        ("view_camera_unsupported_tip", "റിമോട്ട് ക്യാമറ പിന്തുണയ്ക്കുന്നില്ല."),
+        ("Terminal", "ടെർമിനൽ"),
+        ("Enable terminal", "ടെർമിനൽ അനുവദിക്കുക"),
+        ("New tab", "പുതിയ ടാബ്"),
+        ("Keep terminal sessions on disconnect", "വിച്ഛേദിക്കുമ്പോൾ ടെർമിനൽ സെഷൻ നിർത്തരുത്"),
+        ("Terminal (Run as administrator)", "ടെർമിനൽ (അഡ്മിനിസ്ട്രേറ്ററായി)"),
+        ("terminal-admin-login-tip", "അഡ്മിൻ ലോഗിൻ ആവശ്യമാണ്."),
+        ("Failed to get user token.", "യൂസർ ടോക്കൺ ലഭിക്കുന്നതിൽ പരാജയപ്പെട്ടു."),
+        ("Incorrect username or password.", "തെറ്റായ യൂസർ നെയിം അല്ലെങ്കിൽ പാസ്‌വേഡ്."),
+        ("The user is not an administrator.", "ഉപയോക്താവ് അഡ്മിനിസ്ട്രേറ്ററല്ല."),
+        ("Failed to check if the user is an administrator.", "അഡ്മിൻ ആണോ എന്ന് പരിശോധിക്കുന്നതിൽ പരാജയപ്പെട്ടു."),
+        ("Supported only in the installed version.", "ഇൻസ്റ്റാൾ ചെയ്ത പതിപ്പിൽ മാത്രം ലഭ്യം."),
+        ("elevation_username_tip", "അഡ്മിനിസ്ട്രേറ്റർ പേര് നൽകുക"),
+        ("Preparing for installation ...", "ഇൻസ്റ്റാളേഷനായി ഒരുങ്ങുന്നു..."),
+        ("Show my cursor", "എന്റെ കർസർ കാണിക്കുക"),
+        ("Scale custom", "കസ്റ്റം സ്കെയിൽ"),
+        ("Custom scale slider", "കസ്റ്റം സ്കെയിൽ സ്ലൈഡർ"),
+        ("Decrease", "കുറയ്ക്കുക"),
+        ("Increase", "കൂട്ടുക"),
+        ("Show virtual mouse", "വെർച്വൽ മൗസ് കാണിക്കുക"),
+        ("Virtual mouse size", "വെർച്വൽ മൗസ് വലിപ്പം"),
+        ("Small", "ചെറുത്"),
+        ("Large", "വലുത്"),
+        ("Show virtual joystick", "വെർച്വൽ ജോയ്സ്റ്റിക് കാണിക്കുക"),
+        ("Edit note", "കുറിപ്പ് മാറ്റുക"),
+        ("Alias", "ഏലിയാസ് (Alias)"),
+        ("ScrollEdge", "സ്ക്രോൾ എഡ്ജ്"),
+        ("Allow insecure TLS fallback", "സുരക്ഷിതമല്ലാത്ത TLS അനുവദിക്കുക"),
+        ("allow-insecure-tls-fallback-tip", "പഴയ സെർവറുകൾക്കായി ഉപയോഗിക്കുക."),
+        ("Disable UDP", "UDP ഒഴിവാക്കുക"),
+        ("disable-udp-tip", "കണക്ഷൻ പ്രശ്നങ്ങൾക്ക് UDP ഒഴിവാക്കുക."),
+        ("server-oss-not-support-tip", "OSS സെർവർ ഇത് പിന്തുണയ്ക്കുന്നില്ല."),
+        ("input note here", "ഇവിടെ കുറിപ്പ് എഴുതുക"),
+        ("note-at-conn-end-tip", "കണക്ഷൻ കഴിയുമ്പോൾ കുറിപ്പ് കാണിക്കുക"),
+        ("Show terminal extra keys", "ടെർമിനൽ കീകൾ കാണിക്കുക"),
+        ("Relative mouse mode", "റിലേറ്റീവ് മൗസ് മോഡ്"),
+        ("rel-mouse-not-supported-peer-tip", "മറുഭാഗം പിന്തുണയ്ക്കുന്നില്ല."),
+        ("rel-mouse-not-ready-tip", "തയ്യാറായിട്ടില്ല."),
+        ("rel-mouse-lock-failed-tip", "മൗസ് ലോക്ക് പരാജയപ്പെട്ടു."),
+        ("rel-mouse-exit-{}-tip", "പുറത്തുകടക്കാൻ {} അമർത്തുക"),
+        ("rel-mouse-permission-lost-tip", "അനുമതി നഷ്ടപ്പെട്ടു."),
+        ("Changelog", "മാറ്റങ്ങൾ (Changelog)"),
+        ("keep-awake-during-outgoing-sessions-label", "സെഷൻ നടക്കുമ്പോൾ ഉറക്കത്തിലാകരുത്"),
+        ("keep-awake-during-incoming-sessions-label", "സെഷൻ വരുമ്പോൾ ഉറക്കത്തിലാകരുത്"),
+        ("Continue with {}", "{} ഉപയോഗിച്ച് തുടരുക"),
+        ("Display Name", "ഡിസ്‌പ്ലേ പേര്"),
+        ("password-hidden-tip", "സുരക്ഷയ്ക്കായി പാസ്‌വേഡ് മറച്ചിരിക്കുന്നു."),
+        ("preset-password-in-use-tip", "പ്രീസെറ്റ് പാസ്‌വേഡ് ഉപയോഗത്തിലാണ്."),
+    ].iter().cloned().collect();
+}

src/lang/nb.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", ""),
         ("Continue with {}", "Fortsett med {}"),
         ("Display Name", ""),
+        ("password-hidden-tip", ""),
+        ("preset-password-in-use-tip", ""),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }

src/lang/nl.rs

@@ -741,5 +741,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
         ("keep-awake-during-incoming-sessions-label", "Houd het scherm open tijdens de inkomende sessies."),
         ("Continue with {}", "Ga verder met {}"),
         ("Display Name", "Naam Weergeven"),
+        ("password-hidden-tip", "Er is een permanent wachtwoord ingesteld (verborgen)."),
+        ("preset-password-in-use-tip", "Het basis wachtwoord is momenteel in gebruik."),
+        ("Enable privacy mode", ""),
     ].iter().cloned().collect();
 }